Date: Sat, 28 Jan 2006 23:39:12 +1030 From: Robert Archer <freebsd@deathbeforedecaf.net> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/92454: New port: security/ipfwcount Summarise ipfw logs by counting and sorting the fields Message-ID: <20060128130913.4AC1243D46@mx1.FreeBSD.org> Resent-Message-ID: <200601281310.k0SDA3sL002655@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 92454 >Category: ports >Synopsis: New port: security/ipfwcount Summarise ipfw logs by counting and sorting the fields >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sat Jan 28 13:10:03 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Robert Archer <freebsd@deathbeforedecaf.net> >Release: FreeBSD 4.11-RELEASE i386 >Organization: >Environment: System: FreeBSD gir.0x7e.net 4.11-RELEASE FreeBSD 4.11-RELEASE #0: Wed Sep 14 12:55:17 CST 2005 rob@goo.0x7e.net:/tmp/GIR i386 >Description: ipfwcount reads ipfw(8) logs and extracts the following fields: rule action proto type shost sport dhost dport dir iface You can then print lists like 'top <n> blocked ports', 'top <n> blocked hosts', or 'incoming connections sorted by interface and protocol'. For more sophisticated lists, you can filter the entries using Perl expressions. WWW: http://deathbeforedecaf.net/misc/ports >How-To-Repeat: >Fix: Archive is at http://deathbeforedecaf.net/misc/patches/ipfwcount.2006-01-28 # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # ipfwcount # ipfwcount/Makefile # ipfwcount/distinfo # ipfwcount/files # ipfwcount/files/pkg-message.in # ipfwcount/pkg-descr # echo c - ipfwcount mkdir -p ipfwcount > /dev/null 2>&1 echo x - ipfwcount/Makefile sed 's/^X//' >ipfwcount/Makefile << 'END-of-ipfwcount/Makefile' X# New ports collection makefile for: ipfwcount X# Date created: 28 January 2006 X# Whom: Robert Archer <freebsd@deathbeforedecaf.net> X# X# $FreeBSD$ X# X XPORTNAME= ipfwcount XPORTVERSION= 0.2.1 XCATEGORIES= security XMASTER_SITES= http://deathbeforedecaf.net/misc/ports/ \ X http://users.netleader.com.au/~rob/ X XMAINTAINER= freebsd@deathbeforedecaf.net XCOMMENT= Summarise ipfw logs by counting and sorting the fields X XPLIST_FILES= bin/ipfwcount \ X %%EXAMPLESDIR%%/100.ipfwcount XPLIST_DIRS= %%EXAMPLESDIR%% X XMAN1= ipfwcount.1 X XSUB_FILES= pkg-message X XUSE_PERL5= yes XUSE_REINPLACE= yes X X.include <bsd.port.pre.mk> X X.if ${PERL_LEVEL} < 500600 XIGNORE= requires perl 5.6 or higher - see the lang/perl5.8 port X.endif X Xpost-patch: X ${REINPLACE_CMD} -e '1s,^#![^ ]*,#!${PERL},' ${WRKSRC}/ipfwcount X Xdo-build: X cd ${WRKSRC} && pod2man ipfwcount > ipfwcount.1 X Xdo-install: X ${INSTALL_SCRIPT} ${WRKSRC}/ipfwcount ${PREFIX}/bin X ${INSTALL_MAN} ${WRKSRC}/ipfwcount.1 ${PREFIX}/man/man1/ipfwcount.1 X ${MKDIR} ${EXAMPLESDIR} X ${INSTALL_SCRIPT} ${WRKSRC}/100.ipfwcount ${EXAMPLESDIR} X Xpost-install: X @${CAT} ${PKGMESSAGE} X X.include <bsd.port.post.mk> END-of-ipfwcount/Makefile echo x - ipfwcount/distinfo sed 's/^X//' >ipfwcount/distinfo << 'END-of-ipfwcount/distinfo' XMD5 (ipfwcount-0.2.1.tar.gz) = 57107133453a8defd628bfa9295de5c0 XSIZE (ipfwcount-0.2.1.tar.gz) = 3863 END-of-ipfwcount/distinfo echo c - ipfwcount/files mkdir -p ipfwcount/files > /dev/null 2>&1 echo x - ipfwcount/files/pkg-message.in sed 's/^X//' >ipfwcount/files/pkg-message.in << 'END-of-ipfwcount/files/pkg-message.in' X X To summarise ipfw(8) logs in your daily security check: X X * Copy %%EXAMPLESDIR%%/100.ipfwcount to X %%PREFIX%%/etc/periodic/security X X * Add the line X X daily_status_security_ipfwcount_enable="YES" X X to /etc/periodic.conf X END-of-ipfwcount/files/pkg-message.in echo x - ipfwcount/pkg-descr sed 's/^X//' >ipfwcount/pkg-descr << 'END-of-ipfwcount/pkg-descr' Xipfwcount reads ipfw(8) logs and extracts the following fields: X X rule action proto type shost sport dhost dport dir iface X XYou can then print lists like 'top <n> blocked ports', 'top <n> blocked hosts', Xor 'incoming connections sorted by interface and protocol'. X XFor more sophisticated lists, you can filter the entries using Perl expressions. X XWWW: http://deathbeforedecaf.net/misc/ports END-of-ipfwcount/pkg-descr exit >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060128130913.4AC1243D46>