Package: fiaif Version: 1.19.2-10 Severity: normal Tags: patch There are two changes: 1. /etc/cron.daily/fiaif-scan - Mare it working with ulog and newer logtail (-f and -o) 2. /usr/sbin/fiaif-scan - Allow a space bevore 'IN'
-- System Information: Debian Release: 3.1 APT prefers testing APT policy: (800, 'testing'), (70, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.4.29 Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-1) (ignored: LC_ALL set to de_DE) Versions of packages fiaif depends on: ii bash 2.05b-24 The GNU Bourne Again SHell ii coreutils 5.2.1-2 The GNU core utilities ii cron 3.0pl1-86 management of regular background p ii debconf 1.4.30.11 Debian configuration management sy ii debianutils 2.8.4 Miscellaneous utilities specific t ii dnsutils 1:9.2.4-1 Clients provided with BIND ii grep 2.5.1.ds1-4 GNU grep, egrep and fgrep ii iptables 1.2.11-8 Linux kernel 2.4+ iptables adminis ii logtail 1.2.34 Print log file lines that have not ii net-tools 1.60-10 The NET-3 networking toolkit ii sed 4.1.2-8 The GNU sed stream editor ii wget 1.9.1-8 retrieves files from the web -- debconf information: * fiaif/cron_logfile: * fiaif/warning: * fiaif/enable_cron: true * fiaif/enable_initd: true -- Klaus Ethgen http://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <[EMAIL PROTECTED]> Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B
#!/bin/sh # put this file in /etc/cron.daily to receive daily firewall logs /usr/sbin/logtail -f/var/log/ulog/syslogemu.log -o/var/log/ulog/syslogemu.log.fiaif.offset | \ /usr/sbin/fiaif-scan -n
#!/bin/bash
#
# FIAIF is an Intelligent firewall, version: $Revision: 1.21 $
#
# description: Convert syslog entries logged by FIAIF to human readable form.
#
# Script Author: Anders Fugmann <afu at fugmann dot net>
#
# FIAIF is an Intelligent firewall
# Copyright (C) 2002-2003 Anders Peter Fugmann
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
shopt -s extglob
source /usr/share/fiaif/constants.sh
source /etc/fiaif/fiaif.conf
source /usr/share/fiaif/iptables.sh
source /usr/share/fiaif/functions.sh
source /usr/share/fiaif/zones.sh
function scan ()
{
local LINE="$@"
local REASON DATE DEV_IN DEV_OUT MAC SRC DST PROTO SPT DPT TYPE TCP_FLAGS
declare -a TMP_ARRAY=( $@ )
DATE="${TMP_ARRAY[0]} ${TMP_ARRAY[1]} ${TMP_ARRAY[2]}"
REASON=${TMP_ARRAY[5]%:*}
DEV_IN=${TMP_ARRAY[5]#*=}
DEV_OUT=${TMP_ARRAY[6]#*=}
local I
TCP_FLAGS=""
for (( I=8;I<${#TMP_ARRAY[*]};I++ )); do
# Dont process ICMP packets
if [[ -z "${TMP_ARRAY[I]%[*}" ]]; then
break
fi
if [[ "${TMP_ARRAY[I]%=*}" != "${TMP_ARRAY[I]#*=}" ]]; then
declare "${TMP_ARRAY[I]%=*}"="${TMP_ARRAY[I]#*=}"
else
if [[ "${TMP_ARRAY[I]}" != "DF" ]]; then
TCP_FLAGS="${TCP_FLAGS}${TMP_ARRAY[I]} "
fi
fi
done
echo -ne "$DATE: ${REASON} queue="
#Convert device to zones.
get_zone_name ${DEV_IN} ${SRC}
ZONE_IN=${RESULT}
get_zone_name ${DEV_OUT} ${DST}
ZONE_OUT=${RESULT}
local CHAIN
if [[ -n "${DEV_IN}" ]]; then
if [[ -n "${DEV_OUT}" ]]; then
CHAIN="FORWARD"
echo -n "FORWARD(${ZONE_IN}->${ZONE_OUT})"
else
echo -n "INPUT(${ZONE_IN})"
CHAIN="INPUT"
fi
elif [[ -n "${DEV_OUT}" ]]; then
CHAIN="OUTPUT"
echo -n "OUTPUT(${ZONE_OUT})"
fi
if [[ -n "${PROTO}" ]]; then
echo -n " protocol=${PROTO}"
fi
if (( RESOLVE == 1 )); then
get_host_name ${SRC}
SRC=${RESULT}
get_host_name ${DST}
DST=${RESULT}
fi
if (( SERVICE == 1 )) && [[ "${PROTO}" == "TCP" || "${PROTO}" == "UDP" ]];
then
get_service_name ${PROTO} ${SPT}
SPT=${RESULT}
get_service_name ${PROTO} ${DPT}
DPT=${RESULT}
fi
if [[ -n "${SRC}" ]]; then
echo -n " source=${SRC}"
if [[ -n "${SPT}" ]]; then
echo -n ":${SPT}"
fi
fi
if [[ -n "${DST}" ]]; then
echo -n " destination=${DST}"
if [[ -n "${DPT}" ]]; then
echo -n ":${DPT}"
fi
fi
if [[ "${PROTO}" == "TCP" ]]; then
echo -n " flags='${TCP_FLAGS}'"
fi
if [[ "${PROTO}" == "ICMP" ]]; then
echo -n " type=${TYPE}"
fi
if (( PRINT_MAC == 1 )); then
echo -n " mac: ${MAC}"
fi
echo
}
# Damn bash. We really needed this to be in a function, but declare
# only declares locally to functions.
for ZONE in ${ZONES}; do
read_zone ${ZONE}
if (( $? != 0 )); then
continue
fi
declare ${ZONE}_DEV="${DEV}"
declare ${ZONE}_IP="${IP}"
declare ${ZONE}_DYNAMIC="${DYNAMIC}"
declare ${ZONE}_BCAST="${BCAST}"
declare ${ZONE}_NETS="${NET} ${NET_EXTRA}"
done
RESOLVE=1
SERVICE=0
PRINT_MAC=0
for OPTION in $@; do
case ${OPTION} in
-n)
RESOLVE=0
SERVICE=0
;;
-m)
PRINT_MAC=1
;;
-s)
SERVICE=1
RESOLVE=0
;;
esac
done
# Main loop.
grep -e "[A-Z_]*: *IN=" | while read line; do
scan $line
done
signature.asc
Description: Digital signature
