firewall

Paul Mooring paul at getchef.com
Mon Sep 1 19:03:57 MST 2014 

It depends on what you're using, I generally catch that stuff on the edge.
Currently we're using Cisco gear and we use syslog to send that to an IDS.
You could do the same with linux iptables has a built in chain called LOG,
so you would add firewall rules of "interesting traffic" by adding a jump
to log (`... -j LOG ...`).  This will make the log events go to syslog,
probably /var/log/message, but you could send it to a dedicated file via
syslog config if you want.


On Mon, Sep 1, 2014 at 4:44 PM, Michael Havens <bmike1 at gmail.com> wrote:

> What logs would record that stuff? I want to see!
>
> :-)~MIKE~(-:
>
>
> On Wed, Aug 27, 2014 at 7:32 AM, Bob Elzer <bob.elzer at gmail.com> wrote:
>
>> My question would be, how many times a day does someone try to break into
>> your system ?
>>
>> If you don't know the answer then maybe you should be running a firewall.
>>
>> It really depends on whether your network is secure or not, usually what
>> secures your network is a firewall. If that's the one on your router then
>> that should be enough.
>>
>> Looking in your log files for strange IP's and failed password attempts
>> will let you know if people are trying to get in, if you're running a web
>> server look in the error logs for attempts to access non existing files,
>> usually a bunch from the same IP.
>>
>> Windows may have more vulnerabilities, but they will still try to break
>> into Linux systems.
>>
>> Search and read about fail2ban, that's one tool to use when you need to
>> have a service open to the internet.
>>
>> Hope this helps
>>  On Aug 26, 2014 8:15 PM, "Michael Havens" <bmike1 at gmail.com> wrote:
>>
>>>  I hear people say, "Even Linux users need a firewall."
>>> My question is..... why? I've runlinux since '98 w/o a firewall (aside
>>> from the one sent with my modem/router). Isn't that good enough?
>>> :-)~MIKE~(-:
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>



-- 
Paul Mooring
Operations Engineer
Chef
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20140901/db110a71/attachment.html>

More information about the PLUG-discuss mailing list