Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: Ubuntu Package available to submit firewall logs to DShield - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Ubuntu Package available to submit firewall logs to DShield

I put together a simple .deb package to install our DShield iptables client on Ubuntu. The package is our standard perl client to submit iptables logs, but it is pre-configured for Ubuntu 12.04 LTS. It will submit IPv4 as well as IPv6 logs. Please give it a try and let me know if you run into any issues. For details, see

http://isc.sans.edu/clients/ubuntu.html

use our contact form for feedback or send it directly to me at jullrich - at - sans.edu 

The client will install the perl script in /opt/dshield, and all configuration files in /etc/dshield. It will also add an hourly cron job to check /var/log/ufw.log for new logs and mail them to DShield. All parameters can still be further configured via /etc/dshield/dshield.cnf.

To submit logs, we recommend you setup an account. But if you would like to submit anonymous reports, just use "0" as userid.

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

I will be teaching next: Intrusion Detection In-Depth - SANS San Antonio 2019

Johannes

3530 Posts
ISC Handler
Dr J

I have been using PSAD now for a few weeks and absolutely love the granularity of this utility. It comes with DShield log submission capabilities, uses snort signatures, and will check your iptables configuration for errors...and more.

hxxp://cipherdyne.org/psad/

Oh...and of course it is free!

Jeff
HackDefendr

65 Posts
The .deb seems to have gone 404.
jdcard

1 Posts
fixed the missing file. Sorry. And thanks for the reminder about PSAD. Added it to the client page (not sure why it was missing in the first place :( )
Johannes

3530 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!