Date: Fri, 23 Dec 2005 00:53:55 +1030 From: Robert Archer <freebsd@deathbeforedecaf.net> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/90811: New port: security/ipfcount Summarise ipf logs by counting and sorting the fields Message-ID: <20051222145856.4995B43D5C@mx1.FreeBSD.org> Resent-Message-ID: <200512221500.jBMF0K0J093584@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 90811 >Category: ports >Synopsis: New port: security/ipfcount Summarise ipf logs by counting and sorting the fields >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Thu Dec 22 15:00:20 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Robert Archer <freebsd@deathbeforedecaf.net> >Release: FreeBSD 4.11-RELEASE i386 >Organization: >Environment: System: FreeBSD gir.0x7e.net 4.11-RELEASE FreeBSD 4.11-RELEASE #0: Wed Sep 14 12:55:17 CST 2005 rob@goo.0x7e.net:/tmp/GIR i386 >Description: ipfcount reads ipf(8) logs and extracts the following fields: iface group rule action shost sport dhost dport proto flags type dir You can then print lists like 'top <n> blocked ports', 'top <n> blocked hosts', or 'incoming connections sorted by interface and protocol'. For more sophisticated lists, you can filter the entries using Perl expressions. WWW: http://deathbeforedecaf.net/misc/ports >How-To-Repeat: >Fix: # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # ipfcount # ipfcount/Makefile # ipfcount/distinfo # ipfcount/files # ipfcount/files/pkg-message.in # ipfcount/pkg-descr # echo c - ipfcount mkdir -p ipfcount > /dev/null 2>&1 echo x - ipfcount/Makefile sed 's/^X//' >ipfcount/Makefile << 'END-of-ipfcount/Makefile' X# New ports collection makefile for: ipfcount X# Date created: 22 December 2005 X# Whom: Robert Archer <freebsd@deathbeforedecaf.net> X# X# $FreeBSD$ X# X XPORTNAME= ipfcount XPORTVERSION= 0.1 XCATEGORIES= security XMASTER_SITES= http://deathbeforedecaf.net/misc/ports/ \ X http://users.netleader.com.au/~rob/ X XMAINTAINER= freebsd@deathbeforedecaf.net XCOMMENT= Summarise ipf logs by counting and sorting the fields X XPLIST_FILES= bin/ipfcount \ X %%EXAMPLESDIR%%/100.ipfcount XPLIST_DIRS= %%EXAMPLESDIR%% X XMAN1= ipfcount.1 X XSUB_FILES= pkg-message X XUSE_PERL5= yes XUSE_REINPLACE= yes X X.include <bsd.port.pre.mk> X X.if ${PERL_LEVEL} < 5006 XIGNORE= requires perl 5.6 or higher - see the lang/perl5.8 port X.endif X Xpost-patch: X ${REINPLACE_CMD} -e '1s,^#![^ ]*,#!${PERL},' ${WRKSRC}/ipfcount X Xdo-build: X cd ${WRKSRC} && pod2man ipfcount > ipfcount.1 X Xdo-install: X ${INSTALL_SCRIPT} ${WRKSRC}/ipfcount ${PREFIX}/bin X ${INSTALL_MAN} ${WRKSRC}/ipfcount.1 ${PREFIX}/man/man1/ipfcount.1 X ${MKDIR} ${EXAMPLESDIR} X ${INSTALL_SCRIPT} ${WRKSRC}/100.ipfcount ${EXAMPLESDIR} X Xpost-install: X @${CAT} ${PKGMESSAGE} X X.include <bsd.port.post.mk> END-of-ipfcount/Makefile echo x - ipfcount/distinfo sed 's/^X//' >ipfcount/distinfo << 'END-of-ipfcount/distinfo' XMD5 (ipfcount-0.1.tar.gz) = 097519ce1972268dda2db0c219aeafa7 XSIZE (ipfcount-0.1.tar.gz) = 3757 END-of-ipfcount/distinfo echo c - ipfcount/files mkdir -p ipfcount/files > /dev/null 2>&1 echo x - ipfcount/files/pkg-message.in sed 's/^X//' >ipfcount/files/pkg-message.in << 'END-of-ipfcount/files/pkg-message.in' X X To summarise ipf(8) logs in your daily security check: X X * Copy %%EXAMPLESDIR%%/100.ipfcount to X %%PREFIX%%/etc/periodic/security X X * Add the line X X daily_status_security_ipfcount_enable="YES" X X to /etc/periodic.conf X END-of-ipfcount/files/pkg-message.in echo x - ipfcount/pkg-descr sed 's/^X//' >ipfcount/pkg-descr << 'END-of-ipfcount/pkg-descr' Xipfcount reads ipf(8) logs and extracts the following fields: X X iface group rule action shost sport dhost dport proto flags type dir X XYou can then print lists like 'top <n> blocked ports', 'top <n> blocked hosts', Xor 'incoming connections sorted by interface and protocol'. X XFor more sophisticated lists, you can filter the entries using Perl expressions. X XWWW: http://deathbeforedecaf.net/misc/ports END-of-ipfcount/pkg-descr exit >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051222145856.4995B43D5C>