98 lines
3.4 KiB
RPMSpec
98 lines
3.4 KiB
RPMSpec
|
Name: fwlogwatch
|
||
|
Version: 1.3
|
||
|
Release: 1mamba
|
||
|
Summary: A packet filter/firewall/IDS log analyzer
|
||
|
Group: System/Tools
|
||
|
Vendor: openmamba
|
||
|
Distribution: openmamba
|
||
|
Packager: Tiziana Ferro <tiziana.ferro@email.it>
|
||
|
URL: http://fwlogwatch.inside-security.de/
|
||
|
Source: http://fwlogwatch.inside-security.de/sw/fwlogwatch-%{version}.tar.bz2
|
||
|
License: GPL
|
||
|
BuildRoot: %{_tmppath}/%{name}-%{version}-root
|
||
|
BuildRequires: flex
|
||
|
|
||
|
%description
|
||
|
fwlogwatch is a packet filter/firewall/IDS log analyzer written by Boris Wesslowski with the following features:
|
||
|
|
||
|
General features:
|
||
|
Can detect and process log entries in the following formats:
|
||
|
Linux ipchains, Linux netfilter/iptables, Solaris/BSD/Irix/HP-UX ipfilter, Cisco IOS, Cisco PIX, NetScreen Windows XP firewall, Elsa Lancom router and Snort IDS.
|
||
|
|
||
|
Entries can be parsed in combined log files, the parsers to be used can be selected.
|
||
|
|
||
|
Gzip-compressed logs are supported.
|
||
|
|
||
|
Can separate recent from old entries and detects timewarps in log files.
|
||
|
|
||
|
Can recognize 'last message repeated' entries concerning the firewall.
|
||
|
|
||
|
Integrated resolver for protocols, services and host names.
|
||
|
|
||
|
Can do lookups in the whois database.
|
||
|
|
||
|
Own DNS and whois information cache for faster lookups.
|
||
|
|
||
|
Hosts, ports, chains and branches (targets) can be selected or excluded as needed.
|
||
|
|
||
|
Support for internationalization (available in English, German, Portuguese, simplified and traditional Chinese and Swedish).
|
||
|
|
||
|
Log summary mode:
|
||
|
A lot of options to find and display relevant patterns in connection attempts.
|
||
|
|
||
|
Intelligent selection of certain fields (e.g. the host name column is omitted and the host mentioned in the header of the summary if the log is from a single host, the same happens with the chains, targets and interfaces).
|
||
|
Plain text and HTML (with CSS) output with many sort options.
|
||
|
|
||
|
Can send summaries by email.
|
||
|
|
||
|
Interactive report mode:
|
||
|
The integrated report generator fills in and presents a report that can be sent to abuse contacts of attacking sites or computer emergency response teams (CERTs).
|
||
|
|
||
|
Supports templates and incident number generation.
|
||
|
|
||
|
All fields can be adjusted as needed interactively.
|
||
|
|
||
|
Realtime response mode:
|
||
|
The program detaches and stays in the background as a daemon.
|
||
|
Detection of the necessary ipchains rules with logging turned on can be configured.
|
||
|
|
||
|
Response can be a notification (in form of a log file entry, an email, a remote winpopup message or whatever you can put into a shell script), or a customizable firewall modification.
|
||
|
The included response script adds a new chain for fwlogwatch to ipchains or netfilter setups and attackers are blocked with new firewall rules.
|
||
|
|
||
|
Supports trusted hosts (anti-spoofing).
|
||
|
|
||
|
The current status of the program can be followed through a web interface (supports IPv6).
|
||
|
|
||
|
%prep
|
||
|
[ "%{buildroot}" != / ] && rm -rf "%{buildroot}"
|
||
|
|
||
|
%setup -q
|
||
|
|
||
|
%build
|
||
|
make
|
||
|
|
||
|
%install
|
||
|
mkdir -p %{buildroot}/%{_prefix}/sbin
|
||
|
mkdir -p %{buildroot}%{_mandir}/man8
|
||
|
make install INSTALL_DIR=%{buildroot}/%{_prefix}
|
||
|
|
||
|
%clean
|
||
|
|
||
|
%files
|
||
|
%defattr(-,root,root)
|
||
|
%{_sbindir}/*
|
||
|
%{_mandir}/man8/*
|
||
|
|
||
|
%changelog
|
||
|
* Wed Oct 10 2012 Automatic Build System <autodist@mambasoft.it> 1.3-1mamba
|
||
|
- update to 1.3
|
||
|
|
||
|
* Fri Jan 04 2008 Tiziana Ferro <tiziana.ferro@email.it> 1.1-1mamba
|
||
|
- update to 1.1
|
||
|
|
||
|
* Tue Oct 12 2004 Silvan Calarco <silvan.calarco@mambasoft.it> 1.0-1qilnx
|
||
|
- update to version 1.0 by autospec
|
||
|
|
||
|
* Wed Jan 28 2004 Silvan Calarco <silvan.calarco@mambasoft.it> 0.9.3-1qilnx
|
||
|
- first build
|