fwlogwatch/fwlogwatch.spec

Name:          fwlogwatch
Version:       1.4
Release:       1mamba
Summary:       A packet filter/firewall/IDS log analyzer
Group:         System/Tools
Vendor:        openmamba
Distribution:  openmamba
Packager:      Tiziana Ferro <tiziana.ferro@email.it>
URL:           http://fwlogwatch.inside-security.de/
Source:        http://fwlogwatch.inside-security.de/sw/fwlogwatch-%{version}.tar.bz2
License:       GPL
BuildRoot:     %{_tmppath}/%{name}-%{version}-root
BuildRequires: flex

%description
fwlogwatch is a packet filter/firewall/IDS log analyzer written by Boris Wesslowski with the following features:

General features:
Can detect and process log entries in the following formats:
Linux ipchains, Linux netfilter/iptables, Solaris/BSD/Irix/HP-UX ipfilter, Cisco IOS, Cisco PIX, NetScreen Windows XP firewall, Elsa Lancom router and Snort IDS.
 
Entries can be parsed in combined log files, the parsers to be used can be selected.
 
Gzip-compressed logs are supported.
 
Can separate recent from old entries and detects timewarps in log files.
 
Can recognize 'last message repeated' entries concerning the firewall.
 
Integrated resolver for protocols, services and host names.
 
Can do lookups in the whois database.
 
Own DNS and whois information cache for faster lookups.
 
Hosts, ports, chains and branches (targets) can be selected or excluded as needed.
 
Support for internationalization (available in English, German, Portuguese, simplified and traditional Chinese and Swedish).
 
Log summary mode: 
A lot of options to find and display relevant patterns in connection attempts.
 
Intelligent selection of certain fields (e.g. the host name column is omitted and the host mentioned in the header of the summary if the log is from a single host, the same happens with the chains, targets and interfaces). 
Plain text and HTML (with CSS) output with many sort options.
 
Can send summaries by email.
 
Interactive report mode: 
The integrated report generator fills in and presents a report that can be sent to abuse contacts of attacking sites or computer emergency response teams (CERTs).
 
Supports templates and incident number generation.
 
All fields can be adjusted as needed interactively.
 
Realtime response mode: 
The program detaches and stays in the background as a daemon.
Detection of the necessary ipchains rules with logging turned on can be configured.
 
Response can be a notification (in form of a log file entry, an email, a remote winpopup message or whatever you can put into a shell script), or a customizable firewall modification.
The included response script adds a new chain for fwlogwatch to ipchains or netfilter setups and attackers are blocked with new firewall rules.
 
Supports trusted hosts (anti-spoofing).
 
The current status of the program can be followed through a web interface (supports IPv6).

%prep
[ "%{buildroot}" != / ] && rm -rf "%{buildroot}"

%setup -q

%build
make

%install
mkdir -p %{buildroot}/%{_prefix}/sbin
mkdir -p %{buildroot}%{_mandir}/man8
make install INSTALL_DIR=%{buildroot}/%{_prefix}

%clean

%files
%defattr(-,root,root)
%{_sbindir}/*
%{_mandir}/man8/*

%changelog
* Tue Sep 30 2014 Automatic Build System <autodist@mambasoft.it> 1.4-1mamba
- automatic update by autodist

* Wed Oct 10 2012 Automatic Build System <autodist@mambasoft.it> 1.3-1mamba
- update to 1.3

* Fri Jan 04 2008 Tiziana Ferro <tiziana.ferro@email.it> 1.1-1mamba
- update to 1.1

* Tue Oct 12 2004 Silvan Calarco <silvan.calarco@mambasoft.it> 1.0-1qilnx
- update to version 1.0 by autospec

* Wed Jan 28 2004 Silvan Calarco <silvan.calarco@mambasoft.it> 0.9.3-1qilnx
- first build
update to 1.3 [release 1.3-1mamba;Wed Oct 10 2012] 2024-01-05 22:35:49 +01:00			`Name: fwlogwatch`
automatic update by autodist [release 1.4-1mamba;Tue Sep 30 2014] 2024-01-05 22:35:49 +01:00			`Version: 1.4`
update to 1.3 [release 1.3-1mamba;Wed Oct 10 2012] 2024-01-05 22:35:49 +01:00			`Release: 1mamba`
			`Summary: A packet filter/firewall/IDS log analyzer`
			`Group: System/Tools`
			`Vendor: openmamba`
			`Distribution: openmamba`
			`Packager: Tiziana Ferro <tiziana.ferro@email.it>`
			`URL: http://fwlogwatch.inside-security.de/`
			`Source: http://fwlogwatch.inside-security.de/sw/fwlogwatch-%{version}.tar.bz2`
			`License: GPL`
			`BuildRoot: %{_tmppath}/%{name}-%{version}-root`
			`BuildRequires: flex`

			`%description`
			`fwlogwatch is a packet filter/firewall/IDS log analyzer written by Boris Wesslowski with the following features:`

			`General features:`
			`Can detect and process log entries in the following formats:`
			`Linux ipchains, Linux netfilter/iptables, Solaris/BSD/Irix/HP-UX ipfilter, Cisco IOS, Cisco PIX, NetScreen Windows XP firewall, Elsa Lancom router and Snort IDS.`

			`Entries can be parsed in combined log files, the parsers to be used can be selected.`

			`Gzip-compressed logs are supported.`

			`Can separate recent from old entries and detects timewarps in log files.`

			`Can recognize 'last message repeated' entries concerning the firewall.`

			`Integrated resolver for protocols, services and host names.`

			`Can do lookups in the whois database.`

			`Own DNS and whois information cache for faster lookups.`

			`Hosts, ports, chains and branches (targets) can be selected or excluded as needed.`

			`Support for internationalization (available in English, German, Portuguese, simplified and traditional Chinese and Swedish).`

			`Log summary mode:`
			`A lot of options to find and display relevant patterns in connection attempts.`

			`Intelligent selection of certain fields (e.g. the host name column is omitted and the host mentioned in the header of the summary if the log is from a single host, the same happens with the chains, targets and interfaces).`
			`Plain text and HTML (with CSS) output with many sort options.`

			`Can send summaries by email.`

			`Interactive report mode:`
			`The integrated report generator fills in and presents a report that can be sent to abuse contacts of attacking sites or computer emergency response teams (CERTs).`

			`Supports templates and incident number generation.`

			`All fields can be adjusted as needed interactively.`

			`Realtime response mode:`
			`The program detaches and stays in the background as a daemon.`
			`Detection of the necessary ipchains rules with logging turned on can be configured.`

			`Response can be a notification (in form of a log file entry, an email, a remote winpopup message or whatever you can put into a shell script), or a customizable firewall modification.`
			`The included response script adds a new chain for fwlogwatch to ipchains or netfilter setups and attackers are blocked with new firewall rules.`

			`Supports trusted hosts (anti-spoofing).`

			`The current status of the program can be followed through a web interface (supports IPv6).`

			`%prep`
			`[ "%{buildroot}" != / ] && rm -rf "%{buildroot}"`

			`%setup -q`

			`%build`
			`make`

			`%install`
			`mkdir -p %{buildroot}/%{_prefix}/sbin`
			`mkdir -p %{buildroot}%{_mandir}/man8`
			`make install INSTALL_DIR=%{buildroot}/%{_prefix}`

			`%clean`

			`%files`
			`%defattr(-,root,root)`
			`%{_sbindir}/*`
			`%{_mandir}/man8/*`

			`%changelog`
automatic update by autodist [release 1.4-1mamba;Tue Sep 30 2014] 2024-01-05 22:35:49 +01:00			`* Tue Sep 30 2014 Automatic Build System <autodist@mambasoft.it> 1.4-1mamba`
			`- automatic update by autodist`

update to 1.3 [release 1.3-1mamba;Wed Oct 10 2012] 2024-01-05 22:35:49 +01:00			`* Wed Oct 10 2012 Automatic Build System <autodist@mambasoft.it> 1.3-1mamba`
			`- update to 1.3`

			`* Fri Jan 04 2008 Tiziana Ferro <tiziana.ferro@email.it> 1.1-1mamba`
			`- update to 1.1`

			`* Tue Oct 12 2004 Silvan Calarco <silvan.calarco@mambasoft.it> 1.0-1qilnx`
			`- update to version 1.0 by autospec`

			`* Wed Jan 28 2004 Silvan Calarco <silvan.calarco@mambasoft.it> 0.9.3-1qilnx`
			`- first build`