 |
| The
iptablesrocks.org iptables firewall setup guide
|
Installing Iptables Log Analyzer: Iptables Log Analyzer is a package that analyzes the log output from your iptables firewall, stores the info in a database and then produces a nice user friendly web interface from where you can monitor your firewall log output at any time. The interface even lets you sort throught the logs and group logs by category. The official site for Iptables Log Analyzer can be found at http://www.gege.org/iptables/. So let's install it... The first thing you will need to do is to download the Iptables Log Analyzer package. You can download the latest copy of the package right here: http://www.iptablesrocks.org/downloads/iptables_logger_v0.4.tar.gz Now unpack it... tar zxvf iptables_logger_v0.4.tar.gz And now let's start the installation... cd iptables Log into mysql and do the database work... mysql -u root -p create a database called "iptables"... mysql> create database iptables; Now create an admin user for the database... mysql> grant all privileges on iptables.* to iptables_admin@localhost identified by 'xxxxx'; And a database user for the php interface... mysql> grant all privileges on iptables.* to iptables_user@localhost identified by 'xxxxx'; All done. Let's exit out. mysql> quit Now import the "iptables" database information into the database... cat sql/db.sql | mysql -u iptables_admin -p iptables OK, the database should be ready now. Next we'll Install the web interface. cp -R web /path/to/webdocs/directory/firewall (Example: cp -R web /var/www/html/firewall) Now you will need to configure the web interface. This is done via the "config.php" file within the interface files. vi /path/to/webdocs/directory/firewall/config.php (Example: vi /var/www/html/firewall/config.php) Make sure your configuration data is as follows: #
Host of the MySQL database #
User of the MySQL database #
Password of the MySQL database #
Name of the database #
URL Path to your installation #debug
mode #The
default number of record displayed #The
default chain displayed #The
default date for packets (10000 means any) #The
default ignored ports Save and exit the file. Now we will configure and install the database feeder script. vi scripts/feed_db.pl Make sure the following configuration section is set properly. Make sure you enter the "iptables_user" mysql password where the x's are. my $dsn
= 'DBI:mysql:iptables:localhost'; Save and exit the file. Now we will copy the database feeder script to a location from which it can be easily called: cp feed_db.pl /usr/local/bin/ Next, copy the init.d script called "iptablelog" to your server's init.d directory.. cp scripts/iptablelog /etc/rc.d/init.d/ Note: I've already pre-configured the "iptableslog" init.d script, but you may want to customize it further depending on your needs. So, let's start it up!/etc/init.d/iptablelog start Alright! That should be it. Iptables Log Analyzer should now be running! So, let's take a look at the web interface. Open a browser and go to: http://www.yourdomain.com/firewall You should get the Iptables Log Analyzer screen. It's pretty self explanatory, so just play around with it for a while and you'll figure it out. If you don't see any logs yet, you can trigger a test by logging out of your server and then logging in again via SSH. The SSH connection will be recorded in the iptables logs and this will appear on the Iptables Log Analyzer screen. If you need more help with Iptables Log Analyzer, check out the homepage at http://www.gege.org/iptables/. In the next step, we'll cover firewall maintenence as well as step to modify your firewall when needed. We'll also go over how to ensure that your firewall starts up on boot.
|
 |
Site
last modified:
October 25, 2005 09:20:01
|
 |