Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Ubuntu Package available to submit firewall logs to DShield InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Ubuntu Package available to submit firewall logs to DShield

Published: 2013-05-20
Last Updated: 2013-05-20 20:16:53 UTC
by Johannes Ullrich (Version: 1)
3 comment(s)

I put together a simple .deb package to install our DShield iptables client on Ubuntu. The package is our standard perl client to submit iptables logs, but it is pre-configured for Ubuntu 12.04 LTS. It will submit IPv4 as well as IPv6 logs. Please give it a try and let me know if you run into any issues. For details, see

http://isc.sans.edu/clients/ubuntu.html

use our contact form for feedback or send it directly to me at jullrich - at - sans.edu 

The client will install the perl script in /opt/dshield, and all configuration files in /etc/dshield. It will also add an hourly cron job to check /var/log/ufw.log for new logs and mail them to DShield. All parameters can still be further configured via /etc/dshield/dshield.cnf.

To submit logs, we recommend you setup an account. But if you would like to submit anonymous reports, just use "0" as userid.

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Keywords: dshield ipv6 ubuntu
3 comment(s)
Diary Archives