From: Benjamin Schweikert Date: Sat, 6 Feb 2010 18:35:41 +0000 (+0100) Subject: New naoki file: syslog-ng. X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0814e32f9b66978953f63ae1bf329a34db4cd8c7;p=ipfire-3.x.git New naoki file: syslog-ng. --- diff --git a/pkgs/core/syslog-ng/ids-block b/pkgs/core/syslog-ng/ids-block new file mode 100644 index 000000000..e00ea749e --- /dev/null +++ b/pkgs/core/syslog-ng/ids-block @@ -0,0 +1,62 @@ +#!/usr/bin/python +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007, 2008, 2009 Michael Tremer & Christian Schmidt # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +import os +import sys +import re + +from IPy import IP + +#os.system('modprobe ipt_recent ip_list_tot=1000') + +def main(): + while 1: + data = sys.stdin.readline() + # need to extract the ip adress from the whole log line to get + # this working as expected,IPy just only returns a valid address + if not data: break + try: + ip = IP(data) + except AttributeError: + #f = open("/tmp/testfile","w") + #f.write("Wrong value given") + #f.close() + sys.stderr.write("Wrong attribute given.\n") + break + except KeyError: + sys.stderr.write("Not enough parameters given.\n") + break + except ValueError: + sys.stderr.write("Given value is not a valid ip address.\n") + #f = open("/tmp/testfile","w") + #f.write("This does not match - %s\n" % data ) + #f.close() + break + try: + #f = open("/tmp/testfile", "w") + f = open("/proc/net/ipt_recent/BLOCK", "w") + f.write("%s\n" % ip) + f.close() + except: + sys.stderr.write("Cannot write ip \"%s\" to file.\n" % ip) + break +main() +sys.exit(0) diff --git a/pkgs/core/syslog-ng/syslog-ng.conf b/pkgs/core/syslog-ng/syslog-ng.conf new file mode 100644 index 000000000..e3c14787c --- /dev/null +++ b/pkgs/core/syslog-ng/syslog-ng.conf @@ -0,0 +1,60 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007, 2008, 2009 Michael Tremer & Christian Schmidt # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +#@version:3.0 + +options { + flush_lines(0); + stats_freq(3600); + time_reopen (10); + time_sleep(200); + log_fifo_size (1000); + long_hostnames (off); + use_dns (no); + use_fqdn (no); + create_dirs (no); + keep_hostname (yes); + }; + +source sys {file ("/proc/kmsg" log_prefix("kernel: "));unix-stream ("/dev/log");internal();}; + +destination messages {file("/var/log/messages");}; +destination boot {file("/var/log/boot.log");}; +destination kernel {file("/var/log/kernel.log");}; +destination console {usertty("root");}; +destination console_all {file("/dev/tty12");}; +destination ids {program("/usr/sbin/ids-block");}; +#destination loghost {#tcp("10.0.0.1" port(514));}; + +filter f_boot {facility(local7);}; +filter f_cron {facility(cron);}; +filter f_daemon {facility(daemon);}; +filter f_kern {facility(kern);}; +filter f_messages {not facility(mail, news, cron);}; +filter f_emergency {level(emerg);}; +filter f_snort {match("snort") and match("Priority: 1");}; +filter f_ssh {program("sshd.*") and match("Failed password for root from");}; + +log {source(sys);filter(f_messages);destination(messages);}; +log {source(sys);filter(f_emergency);destination(console);}; +log {source(sys);filter(f_boot);destination(boot);}; +log {source(sys);destination(console_all);}; +log {source(sys);filter(f_snort);destination(ids);}; +log {source(sys);filter(f_kern);destination(kernel);}; diff --git a/pkgs/core/syslog-ng/syslog-ng.nm b/pkgs/core/syslog-ng/syslog-ng.nm new file mode 100644 index 000000000..f50eb682f --- /dev/null +++ b/pkgs/core/syslog-ng/syslog-ng.nm @@ -0,0 +1,68 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007, 2008 Michael Tremer & Christian Schmidt # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include $(PKGROOT)/Include + +PKG_NAME = syslog-ng +PKG_VER = 2.1.3 +PKG_REL = 0 + +PKG_MAINTAINER = +PKG_GROUP = System/Tools +PKG_URL = http://www.balabit.com/network-security/syslog-ng/ +PKG_LICENSE = GPLv2+ +PKG_SUMMARY = Syslog-ng is a daemon that handles the logging stuff. + +PKG_BUILD_DEPS+= eventlog glib2 pkg-config which +PKG_DEPS += eventlog + +define PKG_DESCRIPTION + The syslog-ng application can operate in server or agent mode, and - \ + apart from UDP - supports the reliable TCP and the encrypted TLS protocols. \ + That way syslog-ng can be used to create flexible and reliable logging \ + infrastructure even in heterogeneous environments. +endef + +PKG_TARBALL = $(THISAPP).tar.gz + +############################################################################### +# Installation Details +############################################################################### +CONFIGURE_OPTIONS += \ + --sbindir=/sbin \ + --libexecdir=/usr/lib \ + --sysconfdir=/etc/syslog-ng \ + --enable-dynamic-linking \ + --disable-sql \ + --disable-pcre \ + --with-pidfile-dir=/var/run \ + --disable-ssl \ + --mandir=/usr/share/man + +define STAGE_INSTALL_CMDS + -mkdir -pv $(BUILDROOT)/etc/syslog-ng + cp -vf $(DIR_SOURCE)/$(PKG_NAME).conf $(BUILDROOT)/etc/$(PKG_NAME)/$(PKG_NAME).conf + -mkdir -pv $(BUILDROOT)/usr/sbin + install -v -m 755 $(DIR_SOURCE)/ids-block $(BUILDROOT)/usr/sbin/ids-block +endef