--- /dev/null
+#!/usr/bin/python
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007, 2008, 2009 Michael Tremer & Christian Schmidt #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+import os
+import sys
+import re
+
+from IPy import IP
+
+#os.system('modprobe ipt_recent ip_list_tot=1000')
+
+def main():
+ while 1:
+ data = sys.stdin.readline()
+ # need to extract the ip adress from the whole log line to get
+ # this working as expected,IPy just only returns a valid address
+ if not data: break
+ try:
+ ip = IP(data)
+ except AttributeError:
+ #f = open("/tmp/testfile","w")
+ #f.write("Wrong value given")
+ #f.close()
+ sys.stderr.write("Wrong attribute given.\n")
+ break
+ except KeyError:
+ sys.stderr.write("Not enough parameters given.\n")
+ break
+ except ValueError:
+ sys.stderr.write("Given value is not a valid ip address.\n")
+ #f = open("/tmp/testfile","w")
+ #f.write("This does not match - %s\n" % data )
+ #f.close()
+ break
+ try:
+ #f = open("/tmp/testfile", "w")
+ f = open("/proc/net/ipt_recent/BLOCK", "w")
+ f.write("%s\n" % ip)
+ f.close()
+ except:
+ sys.stderr.write("Cannot write ip \"%s\" to file.\n" % ip)
+ break
+main()
+sys.exit(0)
--- /dev/null
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007, 2008, 2009 Michael Tremer & Christian Schmidt #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+#@version:3.0
+
+options {
+ flush_lines(0);
+ stats_freq(3600);
+ time_reopen (10);
+ time_sleep(200);
+ log_fifo_size (1000);
+ long_hostnames (off);
+ use_dns (no);
+ use_fqdn (no);
+ create_dirs (no);
+ keep_hostname (yes);
+ };
+
+source sys {file ("/proc/kmsg" log_prefix("kernel: "));unix-stream ("/dev/log");internal();};
+
+destination messages {file("/var/log/messages");};
+destination boot {file("/var/log/boot.log");};
+destination kernel {file("/var/log/kernel.log");};
+destination console {usertty("root");};
+destination console_all {file("/dev/tty12");};
+destination ids {program("/usr/sbin/ids-block");};
+#destination loghost {#tcp("10.0.0.1" port(514));};
+
+filter f_boot {facility(local7);};
+filter f_cron {facility(cron);};
+filter f_daemon {facility(daemon);};
+filter f_kern {facility(kern);};
+filter f_messages {not facility(mail, news, cron);};
+filter f_emergency {level(emerg);};
+filter f_snort {match("snort") and match("Priority: 1");};
+filter f_ssh {program("sshd.*") and match("Failed password for root from");};
+
+log {source(sys);filter(f_messages);destination(messages);};
+log {source(sys);filter(f_emergency);destination(console);};
+log {source(sys);filter(f_boot);destination(boot);};
+log {source(sys);destination(console_all);};
+log {source(sys);filter(f_snort);destination(ids);};
+log {source(sys);filter(f_kern);destination(kernel);};
--- /dev/null
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007, 2008 Michael Tremer & Christian Schmidt #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include $(PKGROOT)/Include
+
+PKG_NAME = syslog-ng
+PKG_VER = 2.1.3
+PKG_REL = 0
+
+PKG_MAINTAINER =
+PKG_GROUP = System/Tools
+PKG_URL = http://www.balabit.com/network-security/syslog-ng/
+PKG_LICENSE = GPLv2+
+PKG_SUMMARY = Syslog-ng is a daemon that handles the logging stuff.
+
+PKG_BUILD_DEPS+= eventlog glib2 pkg-config which
+PKG_DEPS += eventlog
+
+define PKG_DESCRIPTION
+ The syslog-ng application can operate in server or agent mode, and - \
+ apart from UDP - supports the reliable TCP and the encrypted TLS protocols. \
+ That way syslog-ng can be used to create flexible and reliable logging \
+ infrastructure even in heterogeneous environments.
+endef
+
+PKG_TARBALL = $(THISAPP).tar.gz
+
+###############################################################################
+# Installation Details
+###############################################################################
+CONFIGURE_OPTIONS += \
+ --sbindir=/sbin \
+ --libexecdir=/usr/lib \
+ --sysconfdir=/etc/syslog-ng \
+ --enable-dynamic-linking \
+ --disable-sql \
+ --disable-pcre \
+ --with-pidfile-dir=/var/run \
+ --disable-ssl \
+ --mandir=/usr/share/man
+
+define STAGE_INSTALL_CMDS
+ -mkdir -pv $(BUILDROOT)/etc/syslog-ng
+ cp -vf $(DIR_SOURCE)/$(PKG_NAME).conf $(BUILDROOT)/etc/$(PKG_NAME)/$(PKG_NAME).conf
+ -mkdir -pv $(BUILDROOT)/usr/sbin
+ install -v -m 755 $(DIR_SOURCE)/ids-block $(BUILDROOT)/usr/sbin/ids-block
+endef
projects / ipfire-3.x.git / commitdiff
