Tareas #113
Instalar y probar rotación de logs
| Status: | Resuelta | Start date: | 01/02/2010 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | 01/02/2010 | |
| Assignee: |  Guillermo Gómez |
% Done: | 100% |
|
| Category: | Prueba | |||
| Target version: | 1.0.6 |
Description
Correr el programa y verificar que la rotación de registros funciona adecuadamente.
History
Updated by Guillermo Gómez about 2 years ago
- % Done changed from 0 to 50
Instalado y corrido sin modificaciones:
# fwsnort
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Snort Rules File Success Fail Ipt_apply Total
[+] attack-responses.rules 16 1 16 17
[+] backdoor.rules 65 11 61 76
[+] bad-traffic.rules 9 3 0 12
[+] chat.rules 29 1 29 30
[+] ddos.rules 18 14 17 32
[+] deleted.rules 257 14 249 271
[+] dns.rules 19 2 19 21
[+] dos.rules 9 7 7 16
[+] emerging-all.rules 5832 1159 5819 6991
[+] experimental.rules 0 0 0 0
[+] exploit.rules 36 46 35 82
[+] finger.rules 13 1 13 14
[+] ftp.rules 21 49 20 70
[+] icmp-info.rules 65 28 14 93
[+] icmp.rules 18 4 10 22
[+] imap.rules 1 37 1 38
[+] info.rules 8 2 8 10
[+] local.rules 0 0 0 0
[+] misc.rules 42 18 40 60
[+] multimedia.rules 4 6 4 10
[+] mysql.rules 3 0 3 3
[+] netbios.rules 11 419 11 430
[+] nntp.rules 0 13 0 13
[+] oracle.rules 3 295 3 298
[+] other-ids.rules 3 0 3 3
[+] p2p.rules 18 0 18 18
[+] policy.rules 20 1 19 21
[+] pop2.rules 2 2 2 4
[+] pop3.rules 6 21 6 27
[+] porn.rules 21 0 21 21
[+] rpc.rules 37 91 37 128
[+] rservices.rules 13 0 13 13
[+] scan.rules 14 4 9 18
[+] shellcode.rules 21 0 21 21
[+] smtp.rules 14 45 14 59
[+] snmp.rules 17 0 10 17
[+] sql.rules 42 4 42 46
[+] telnet.rules 13 2 13 15
[+] tftp.rules 9 2 9 11
[+] virus.rules 0 1 0 1
[+] web-attacks.rules 46 0 46 46
[+] web-cgi.rules 348 2 348 350
[+] web-client.rules 9 16 9 25
[+] web-coldfusion.rules 35 0 35 35
[+] web-frontpage.rules 35 0 35 35
[+] web-iis.rules 112 7 112 119
[+] web-misc.rules 300 28 300 328
[+] web-php.rules 115 11 115 126
[+] x11.rules 2 0 2 2
=======================================
7731 2367 7618 10098
[+] Generated iptables rules for 7731 out of 10098 signatures: 76.56%
[+] Found 7618 applicable snort rules to your current iptables
policy.
[+] Logfile: /var/log/fwsnort.log
[+] iptables script: /etc/fwsnort/fwsnort.sh
Tiene correo en /var/spool/mail/gomix
#
Updated by Guillermo Gómez about 2 years ago
Se forzó rotación:
# logrotate --force /etc/logrotate.d/fwsnort # ls /var/log/ anaconda.log cron kernel messages-20091220 rpmpkgs-20091101 spooler-20091227 Xorg.13.log Xorg.6.log anaconda.syslog cron-20091206 kernel-20091206 messages-20091227 rpmpkgs-20091108 squid Xorg.13.log.old Xorg.6.log.old anaconda.xlog cron-20091213 kernel-20091213 mysqld.log rpmpkgs-20091115 storage.log Xorg.14.log Xorg.7.log audit cron-20091220 kernel-20091220 ntpstats rpmpkgs-20091122 tallylog Xorg.15.log Xorg.7.log.old BackupPC cron-20091227 kernel-20091227 PackageKit samba vtund Xorg.16.log Xorg.8.log bittorrent cups lastlog pm-powersave.log secure wpa_supplicant.log Xorg.17.log Xorg.8.log.old boot.log dirmngr libvirt pm-suspend.log secure-20091206 wtmp Xorg.1.log Xorg.9.log boot.log-20091206 dmesg mail ppp secure-20091213 wtmp-20090706 Xorg.1.log.old Xorg.9.log.old boot.log-20091213 dmesg.old maillog prelink secure-20091220 Xorg.0.log Xorg.2.log yum.log boot.log-20091220 fwknop maillog-20091206 preload.log secure-20091227 Xorg.0.log.old Xorg.2.log.old yum.log-20090101 boot.log-20091227 fwsnort maillog-20091213 preload.log-20080809.gz setroubleshoot Xorg.10.log Xorg.3.log yum.log-20100101 btmp fwsnort.log.1 maillog-20091220 preload.log-20080923.gz snort Xorg.10.log.old Xorg.3.log.old btmp-20100101 gdm maillog-20091227 preload.log-20081031.gz spooler Xorg.11.log Xorg.4.log conntrackd.log glusterfs messages program.log spooler-20091206 Xorg.11.log.old Xorg.4.log.old conntrackd-stats.log httpd messages-20091206 psad spooler-20091213 Xorg.12.log Xorg.5.log ConsoleKit iptraf messages-20091213 rpmpkgs spooler-20091220 Xorg.12.log.old Xorg.5.log.old
Updated by Guillermo Gómez about 2 years ago
- % Done changed from 50 to 60
Archivo de rotación en lugar equivocado, los quiero bajo /var/log/fwsnort.
Updated by Guillermo Gómez about 2 years ago
- % Done changed from 60 to 100
Guillermo Gómez escribió:
Archivo de rotación en lugar equivocado, los quiero bajo /var/log/fwsnort.
Mejor no me complico por ahora, no se supone que se genera muchos logs con esta aplicación ya que, se corre muy esporádicamente, lo dejo en /var/log/ y además el fuente por omisión hace el registro allí, el no hacerlo allí implica un cambio en el programa que yo tendría que mantener. Ya rota forzando asi que esta configuración base funciona:
/var/log/fwsnort.log {
missingok
rotate 5
weekly
}
Updated by Guillermo Gómez about 2 years ago
- Status changed from En Progreso to Resuelta