pavement

Talk:Firewall, Monitoring

From FreeBSDwiki
Jump to: navigation, search

Hi i was wondering how i make the file work.

i have managed to get it to run but am getting these errors with it:


[Wed Mar 16 22:30:17 2005] [error] [client 192.168.0.2] syntax error at /usr/local/www/cgi-bin/firewall.pl line 186, near "eq

[Wed Mar 16 22:30:17 2005] [error] [client 192.168.0.2] syntax error at /usr/local/www/cgi-bin/firewall.pl line 193, near "eq

[Wed Mar 16 22:30:17 2005] [error] [client 192.168.0.2] syntax error at /usr/local/www/cgi-bin/firewall.pl line 200, near "}"

[Wed Mar 16 22:30:17 2005] [error] [client 192.168.0.2] Execution of /usr/local/www/cgi-bin/firewall.pl aborted due to compil

[Wed Mar 16 22:30:17 2005] [error] [client 192.168.0.2] Premature end of script headers: firewall.pl


just wondering if you have an updated version of this file

thanks


gaZooGA

you're getting these errors how?

you know that that's a cgi script, not intended to be run from a command line, right? are you getting those errors from a browser when you try to browse into it, or...? --Jimbo 11:21, 16 Mar 2005 (EST)

Hi Sorry i should have given more information.

I am getting the errors from the browser. The error logs are from apache2 httpd. If I put a numerical value like 1 after the eq's: 

               unless ($log[$loop][6] eq 1 ) { <-----This line
                       print "<tr>\n";

                       for ($element=0; $element<12; $element++) {
                               unless ($element eq 2) {print $bodycellbegin . $log[$loop][$element] . $bodycellend;}
                               if ($host_lookups * ($element eq 6)) {
                                       my $hostname = `$dig_cmd $log[$loop][6] $dig_opts`;
                                       if (($hostname =~ m/\<\<\>\>/) + ($hostname eq 1 )) {$hostname = ' ';} <-----And this line

the script compliles and runs but only prints the tops of the tables.

here is the link http://rarm.gazooga.net/cgi-bin/firewall.pl

so i am just wondering what to put afte the two eq statements.

unless ($log[$loop][6] eq ) & if (($hostname =~ m/\<\<\>\>/) + ($hostname eq 1 )) {$hostname = ' ';}

Thanks for getting back to me.

gaZooGA

formatting errors

The wiki was automatically converting '' to an attempt to italicize code, where I was using it in the script for the usual purpose - to represent a null string. I added <nowiki> tags to nerf the problem - grab a copy again and replace yours with it, and all should be well.

Hope you like the setup! --Jimbo 00:02, 17 Mar 2005 (EST)

Thanks for that. The script now compiles fine. i set a chmod of the /var/log/security to 644 to allow the scipt to read it. I assume this is the correct command.

Thanks once again.

gaZooGA

/var/log/security ownership/permissions

That's correct - you need to either chmod /var/log/security 644 (and don't forget to update the permissions settings for it in /etc/newsyslog.conf or your change will get reset the next time the logs rotate!) or else change the ownership / group ownership of it to allow reading by the www user.

Of course, considering that www is the most commonly compromised system account (scripting vulnerabilities in hosted forums allowing write/execute is a VERY common form of webserver compromise), you might as well just mod it 644, 'cause really, if ANY uid is going to get sloppy it'll be www's. =)

--Jimbo 11:26, 17 Mar 2005 (EST)


Thanks Heaps,was wondering why the monitor didn't load cause i didn't add it to newsyslog.conf. Your site has been heaps of help. Without it I wouldn't have got this far with FreeBSD.

Keep up the good work

gaZooGA

Retrieved from "http://freebsdwiki.net/index.php?title=Talk:Firewall,_Monitoring&oldid=4910"
Personal tools