[Dshield] Is it true that Linux users do not fear Viruses and Trojans (+ some vital questions)
pacu at sympatico.ca
Sun Oct 13 16:34:53 GMT 2002
> Ed Truitt wrote:
> >3a) Linux actually has 2 "firewalls" built in to the OS. IPCHAINS, and
> >IPTABLES. While I am not aware of a GUI front end to these similar to ZA,
> >there are some tools available to help facilitate the process. Yes, they
> > do produce "pages" of cryptic logs - so does ZA. Again, I suspect you
> > should be able to locate some utilities that make it easier to read them.
> > I use IPTABLES along with an Intrusion Detection System called SNORT,
> > and each day I automatically run a script which takes the (cryptic) logs
> > from SNORT and turns them into an email report I can scan to see who is
> > bugging me. The IPTABLES logs I simply forward to DShield (though there
> > are some scripts that pretty them up into a nice report, too.) SNORT
> > also has other add-ins, including some GUI and web-based front-ends for
> > real-time monitoring.
I have written a simple shell script which parse the logs generated by IPTABLES.
You give it a port number and it will find all IPs who were logged as trying to
access it. It will then resolve the hostname and output the results in a HTML file.
I use it myself to see who's infected by different worms and probing me.
There are many, many other tools for generating nice and clean reports of those
IPTABLES "cryptic logs". And even more for Snort.
More information about the list