Hi Andreas, hello [EMAIL PROTECTED], > I'm at a company and would like to set up a Debian router/firewall.
yeah, that's what I'am also planning at the moment. A firewall issue won't be my problem but I didn't install debian for seven years as I updated the distribution from the net. Hope the netinstaller works in the company in the case I get a job. > Debian is minimally installed and I've chosed Shorewall as the firewall. Did you read the tutorial from oscar andreason ? > I would additionally like to send the logs over Syslog-ng to a log > server. I stronly recommend not to do this. We had a ccc (chaos computer club) meeting while someone brought the logfile from his mailserver to meetings. By seeing the logfile without error messages it was quite easy to have a look at the employees and and their key qualification. By seeing logfiles unencrypted it's possible to have a look what's running on your server so I strongly recommend not to do this. Use logcheck local on your server and login over ssh which is quite secure. (There was just one vulnerability in the past years). I use a simple perl script fwlog to check the logfiles. > My problem is what tool do I use to evaluate the logs for attacks and > to for mail notifications? Don't forget to install aide, prelude and snort or nagios in the case it's a productive server system. (Nagios - There was a bug in nagios but you can update yes monitory tools which are not the best decisision but there's no workaround for this available). As a workaround you should use an crypted logfile transfer to your client. (Maybe something like netcat). You have to code a little bit around don't know if you have time in your company. AFAIK there no crypting tools available to handle logfile reading from server to the client. Found an Open Source Project to overcome this. Hope it helps I wouldn't do what your tryhing to do for security reasons. -- Best Regards, Mark -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
