FreeBSDShield 0.1

FreeBSDShield is a DShield.org reporting client for FreeBSD and the ipfw firewall.

The project allows you to report attempted security breaches to the DShield cooperative firewall logging effort, which in turn helps the Internet Storm Center (and netizens at large) track trends in network security and catch emerging vulnerabilities.

Here are some key features of "FreeBSDShield":

· Written in PHP5 for fast execution
· Parses ipfw-style /var/log/security logs
· Formats incident reports and submits to DShield.org

Requirements:

· FreeBSD and the ipfw firewall, or some other environment that generates identical logs
· PHP 5.x (the latest stable release of PHP is always suggested).
· DShield.org user ID number - if you don't have one, just register at DShield

Usage:

To use FreeBSDShield, first extract the archive and then edit the freebsdshield.php file. Set the configuration options at the top of the script as desired. To execute the script, run php freebsdshield.php in the working directory. You should see output similar to this:

[root@agaliarept freebsdshield]# php freebsdshield.php
Last run: 1171746161 (Feb 17 15:02:41)
Processing /var/log/security.2.gz...
Processing /var/log/security.1.gz...
Processing /var/log/security.0.gz...
Processing /var/log/security...
12051 incidents noted.
Report sent to reportsATdshield.org.

It is suggested that you create a cron job to run FreeBSDShield automatically. The periodicity of your cron job depends upon the volume of intrusion attempts made against the machine(s) under your control. For most home users, a once-daily execution should be fine; enterprise or high-profile users may wish to run FreeBSDShield more frequently to reduce processing time and report size. DShield.org asks that you do not submit a report more than once per hour; please don't inundate them with reports.

Product's homepage