Re: firewall

Top Page
This message is part of the following thread:
M-\the complete thread tree sorted by date
M\MMichael Havens at <-
MMM 
Attachments:
Message as email
+ (text/plain)
+ (text/html)
+ (text/plain)
Delete this message
Reply to this message
Author: Paul Mooring
Date:  
To: Main PLUG discussion list
Subject: Re: firewall
It depends on what you're using, I generally catch that stuff on the edge.
Currently we're using Cisco gear and we use syslog to send that to an IDS.
You could do the same with linux iptables has a built in chain called LOG,
so you would add firewall rules of "interesting traffic" by adding a jump
to log (`... -j LOG ...`). This will make the log events go to syslog,
probably /var/log/message, but you could send it to a dedicated file via
syslog config if you want.


On Mon, Sep 1, 2014 at 4:44 PM, Michael Havens <> wrote:

> What logs would record that stuff? I want to see!
>
> :-)~MIKE~(-:
>
>
> On Wed, Aug 27, 2014 at 7:32 AM, Bob Elzer <> wrote:
>
>> My question would be, how many times a day does someone try to break into
>> your system ?
>>
>> If you don't know the answer then maybe you should be running a firewall.
>>
>> It really depends on whether your network is secure or not, usually what
>> secures your network is a firewall. If that's the one on your router then
>> that should be enough.
>>
>> Looking in your log files for strange IP's and failed password attempts
>> will let you know if people are trying to get in, if you're running a web
>> server look in the error logs for attempts to access non existing files,
>> usually a bunch from the same IP.
>>
>> Windows may have more vulnerabilities, but they will still try to break
>> into Linux systems.
>>
>> Search and read about fail2ban, that's one tool to use when you need to
>> have a service open to the internet.
>>
>> Hope this helps
>> On Aug 26, 2014 8:15 PM, "Michael Havens" <> wrote:
>>
>>> I hear people say, "Even Linux users need a firewall."
>>> My question is..... why? I've runlinux since '98 w/o a firewall (aside
>>> from the one sent with my modem/router). Isn't that good enough?
>>> :-)~MIKE~(-:
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list -
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list -
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>



--
Paul Mooring
Operations Engineer
Chef
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss
This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-shutdown textRe: shutdown text->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)