From 3924e48061a7600d30fc005e0ed6f05261c20e8a Mon Sep 17 00:00:00 2001 From: Automatic Build System Date: Fri, 5 Jan 2024 22:35:49 +0100 Subject: [PATCH] update to 1.3 [release 1.3-1mamba;Wed Oct 10 2012] --- README.md | 50 +++++++++++++++++++++++++ fwlogwatch.spec | 97 +++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 147 insertions(+) create mode 100644 fwlogwatch.spec diff --git a/README.md b/README.md index 919a9fb..40a4ef7 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,52 @@ # fwlogwatch +fwlogwatch is a packet filter/firewall/IDS log analyzer written by Boris Wesslowski with the following features: + +General features: +Can detect and process log entries in the following formats: +Linux ipchains, Linux netfilter/iptables, Solaris/BSD/Irix/HP-UX ipfilter, Cisco IOS, Cisco PIX, NetScreen Windows XP firewall, Elsa Lancom router and Snort IDS. + +Entries can be parsed in combined log files, the parsers to be used can be selected. + +Gzip-compressed logs are supported. + +Can separate recent from old entries and detects timewarps in log files. + +Can recognize 'last message repeated' entries concerning the firewall. + +Integrated resolver for protocols, services and host names. + +Can do lookups in the whois database. + +Own DNS and whois information cache for faster lookups. + +Hosts, ports, chains and branches (targets) can be selected or excluded as needed. + +Support for internationalization (available in English, German, Portuguese, simplified and traditional Chinese and Swedish). + +Log summary mode: +A lot of options to find and display relevant patterns in connection attempts. + +Intelligent selection of certain fields (e.g. the host name column is omitted and the host mentioned in the header of the summary if the log is from a single host, the same happens with the chains, targets and interfaces). +Plain text and HTML (with CSS) output with many sort options. + +Can send summaries by email. + +Interactive report mode: +The integrated report generator fills in and presents a report that can be sent to abuse contacts of attacking sites or computer emergency response teams (CERTs). + +Supports templates and incident number generation. + +All fields can be adjusted as needed interactively. + +Realtime response mode: +The program detaches and stays in the background as a daemon. +Detection of the necessary ipchains rules with logging turned on can be configured. + +Response can be a notification (in form of a log file entry, an email, a remote winpopup message or whatever you can put into a shell script), or a customizable firewall modification. +The included response script adds a new chain for fwlogwatch to ipchains or netfilter setups and attackers are blocked with new firewall rules. + +Supports trusted hosts (anti-spoofing). + +The current status of the program can be followed through a web interface (supports IPv6). + diff --git a/fwlogwatch.spec b/fwlogwatch.spec new file mode 100644 index 0000000..4ad7ffa --- /dev/null +++ b/fwlogwatch.spec @@ -0,0 +1,97 @@ +Name: fwlogwatch +Version: 1.3 +Release: 1mamba +Summary: A packet filter/firewall/IDS log analyzer +Group: System/Tools +Vendor: openmamba +Distribution: openmamba +Packager: Tiziana Ferro +URL: http://fwlogwatch.inside-security.de/ +Source: http://fwlogwatch.inside-security.de/sw/fwlogwatch-%{version}.tar.bz2 +License: GPL +BuildRoot: %{_tmppath}/%{name}-%{version}-root +BuildRequires: flex + +%description +fwlogwatch is a packet filter/firewall/IDS log analyzer written by Boris Wesslowski with the following features: + +General features: +Can detect and process log entries in the following formats: +Linux ipchains, Linux netfilter/iptables, Solaris/BSD/Irix/HP-UX ipfilter, Cisco IOS, Cisco PIX, NetScreen Windows XP firewall, Elsa Lancom router and Snort IDS. + +Entries can be parsed in combined log files, the parsers to be used can be selected. + +Gzip-compressed logs are supported. + +Can separate recent from old entries and detects timewarps in log files. + +Can recognize 'last message repeated' entries concerning the firewall. + +Integrated resolver for protocols, services and host names. + +Can do lookups in the whois database. + +Own DNS and whois information cache for faster lookups. + +Hosts, ports, chains and branches (targets) can be selected or excluded as needed. + +Support for internationalization (available in English, German, Portuguese, simplified and traditional Chinese and Swedish). + +Log summary mode: +A lot of options to find and display relevant patterns in connection attempts. + +Intelligent selection of certain fields (e.g. the host name column is omitted and the host mentioned in the header of the summary if the log is from a single host, the same happens with the chains, targets and interfaces). +Plain text and HTML (with CSS) output with many sort options. + +Can send summaries by email. + +Interactive report mode: +The integrated report generator fills in and presents a report that can be sent to abuse contacts of attacking sites or computer emergency response teams (CERTs). + +Supports templates and incident number generation. + +All fields can be adjusted as needed interactively. + +Realtime response mode: +The program detaches and stays in the background as a daemon. +Detection of the necessary ipchains rules with logging turned on can be configured. + +Response can be a notification (in form of a log file entry, an email, a remote winpopup message or whatever you can put into a shell script), or a customizable firewall modification. +The included response script adds a new chain for fwlogwatch to ipchains or netfilter setups and attackers are blocked with new firewall rules. + +Supports trusted hosts (anti-spoofing). + +The current status of the program can be followed through a web interface (supports IPv6). + +%prep +[ "%{buildroot}" != / ] && rm -rf "%{buildroot}" + +%setup -q + +%build +make + +%install +mkdir -p %{buildroot}/%{_prefix}/sbin +mkdir -p %{buildroot}%{_mandir}/man8 +make install INSTALL_DIR=%{buildroot}/%{_prefix} + +%clean + +%files +%defattr(-,root,root) +%{_sbindir}/* +%{_mandir}/man8/* + +%changelog +* Wed Oct 10 2012 Automatic Build System 1.3-1mamba +- update to 1.3 + +* Fri Jan 04 2008 Tiziana Ferro 1.1-1mamba +- update to 1.1 + +* Tue Oct 12 2004 Silvan Calarco 1.0-1qilnx +- update to version 1.0 by autospec + +* Wed Jan 28 2004 Silvan Calarco 0.9.3-1qilnx +- first build