On Sun, Feb 06, 2005 at 04:37:17PM +0100, Albert Sellar�s wrote:
>
> > Mira, s�n l�nies com aquestes:
> >
> > Jan 30 16:53:25 apta kernel: RPC:IN=eth0 OUT=
> > MAC=00:0b:6a:95:5f:63:00:a0:c5:8f:58:65:08:00 SRC=80.15.248.24
> > DST=192.168.1.31 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=15100 DF PROTO=TCP
> > SPT=53976 DPT=111 WINDOW=5840 RES=0x00 SYN URGP=0
> >
> > Jan 30 16:53:28 apta kernel: RPC:IN=eth0 OUT=
> > MAC=00:0b:6a:95:5f:63:00:a0:c5:8f:58:65:08:00 SRC=80.15.248.24
> > DST=192.168.1.31 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=15101 DF PROTO=TCP
> > SPT=53976 DPT=111 WINDOW=5840 RES=0x00 SYN URGP=0
> >
> > (S�n dues l�nies, tallades per a que resulten m�s legibles)
> >
> > Faig servir syslog, simplement.
>
> Perdona haver tardat tant, resulta q el teu correu m'havia quedat
> abandonat per aki... :_
>
> La soluci� q et dono, �s instal�lar el paquet syslog-ng, i aplicar-hi un
> filtre, �s a dir:
>
> apt-get install syslog-ng
>
> i afegir unes linies com les seg�ents a
> l'arxiu /etc/syslog-ng/syslog-ng.log:
>
>
> destination iptables-log { file("/var/log/iptables.log" owner("root")
> group("adm") perm(0640)); };
> filter iptables { match ("RPC"); };
> log { source(src); filter(iptables); destination(iptables-log); };
>
> Ja diras si et va b�.
>
> Sort!
>
Hmmm... Gr�cies :)
Tinc a�� en /etc/syslog-ng/syslog-ng.conf:
destination iptables-log { file("/var/log/iptables.log" owner("root")
group("adm") perm(0640)); };
filter iptables { match ("RPC"); };
filter iptables { match ("statd"); };
filter iptables { match ("nfsd"); };
filter iptables { match ("nlockmgr"); };
filter iptables { match ("mountd"); };
filter iptables { match ("apta FIREWALL"); };
log { source(src); filter(iptables); destination(iptables-log); };
Com que feia dies que no rebia intents d'acc�s per NFS, he afegit com a
�ltima regla d'INPUT en el meu firewall a��:
$IPTABLES -A INPUT -m state --state NEW -s! $LAN $LOG_LIMIT -j LOG \
--log-prefix "apta FIREWALL:" --log-level warning
* Info. adicional:
IPTABLES=/sbin/iptables
LOG_LIMIT="-m limit --limit 6/hour --limit-burst 5"
�s curi�s. Si faig un telner (port 23), que no est� perm�s, no ix a
/var/log/iptables.log. Ho he d'estudiar, perqu� ho acabe d'afegir i ara
no puc dedicar-m'hi massa.
>
> --
> Albert Sellar�s GPG id: 0xB88C621A
> http://www.wekk.net [EMAIL PROTECTED]
> Membre de Catux.org http://catux.org
> Linux User: 324456 Catalunya
>
Gr�cies per tot,
--
--------------------------------------------------------------
EuropeSwPatentFree - http://EuropeSwPatentFree.hispalinux.es
--------------------------------------------------------------
http://www.polinux.upv.es / http://www.valux.org / http://www.hispalinux.es
GnuPG key = 0x6FDE933B [D5C4 12CE D6B4 E4D6 7E8E F128 405A BFAD 6FDE 933B]
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
