FW Monitor
Navigate: Status | TCP | UDP | ICMP | Other |
fw-mon README version: 0.0a 16 july 2002 fw-mon is a collection of scripts i use to monitor my OpenBSD PF based firewall. i am releasing it here as such because a few people have asked for the whole set of pieces in one package. i run it every five minutes from cron as root (so pfctl can view stats). the entry i use is below: 0,25,30,35,40,45,50,55 * * * * cd /var/www/htdocs/run/ && /bin/sh /var/www/htdocs/run /build-info.sh note that you will want to redirect stderr to stdout and then to /dev/null. otherwise you may wind up with an email every five minutes with stderr in it. annoying. requirements: gnuplot used in graphing png library for manipulating PNG images arpwatch monitor arp & rarp requests all of these are available in OpenBSD ports. i have made no real attempt to make this portable, that's for you to do. it suits my needs, i can view my firewall stats and info with a simple website. the directory structure i use for fw-mon is the following: /var/www/htdocs/run where *.p and build-info.sh live /home/jose/fw-mon where the scripts log-process.awk and genarp.awk live you will want to modify these scripts for your paths and system variables. i have three interfaces on my firewall: dc0 (external), sis0 and sis1 (internal). you will want to modify the script for your needs. perhaps stick them in /usr/local/bin, or even ~/bin. for security concerns, you will want to ensure that your firewall's web server is up to date with the latest patches, maybe enable SSL, and i run it on a high port so it can run unprivilidged. i highly reccomend you check out -current's approach to the chroot() Apache system. also, note that arpwatch is another security risk for you. you should seriously consider systrace for your firewall. this software is entirely unsupported and comes with no warranty. don't ask me for updates, don't ask me for much of anything about it. i'm treading into an area in which i work for pay, and i am bound by my contract to not compete with them. its a stretch, but i'm not going to risk it. please don't ask me for advice or any of the ideas i have had about this project. all of this software is under a BSD style license: # Copyright 2002 Jose Nazario# All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR # IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES # OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. # IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, # INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT # NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF # THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. in closing, i wish you well with it and i hope its inspiring and useful. i encourage you to share your work with the other folks on the Internet. MD5 sums: MD5 (build-info.sh) = 2018503fa5e51617d98700a8ed2234b3 MD5 (genall.sh) = da3b1ec4f64f74b7d02b6ee5b110d56e MD5 (genarp.awk) = 2cf15ef1208ec4559cc145569a6512ea MD5 (plotme-routes.p) = 9ecddf63d100b6cb1dd6265022ce961c MD5 (plotme-sis0.p) = 1ef59bc2104395975ae6c570151a9c19 MD5 (plotme-sis1.p) = f490ac17768f5f8643b1d7e9425d3e4e MD5 (plotme.p) = 1b3457594c985a480d6c971148b703d6 MD5 (process.awk) = fab2d9915f2ba1195b930d8d5342c433