diff options
author | bathym <bathym@localhost> | 2006-12-06 12:58:23 +0000 |
---|---|---|
committer | bathym <bathym@localhost> | 2006-12-06 12:58:23 +0000 |
commit | 8528ad20336967cb5fb1fc31292a6961c4f5c6d0 (patch) | |
tree | 811878c12c3cc9f37342ea4fa35710afa1f6c0e8 /www-apps/iptablesweb/files | |
parent | Masked ebuilds from bathym. (diff) | |
download | webapps-experimental-8528ad20336967cb5fb1fc31292a6961c4f5c6d0.tar.gz webapps-experimental-8528ad20336967cb5fb1fc31292a6961c4f5c6d0.tar.bz2 webapps-experimental-8528ad20336967cb5fb1fc31292a6961c4f5c6d0.zip |
www-apps/iptablesweb: ebuild fixed
svn path=/experimental/; revision=262
Diffstat (limited to 'www-apps/iptablesweb/files')
-rw-r--r-- | www-apps/iptablesweb/files/postinstall-en.txt | 117 |
1 files changed, 106 insertions, 11 deletions
diff --git a/www-apps/iptablesweb/files/postinstall-en.txt b/www-apps/iptablesweb/files/postinstall-en.txt index 66c0b94..3b2e8f4 100644 --- a/www-apps/iptablesweb/files/postinstall-en.txt +++ b/www-apps/iptablesweb/files/postinstall-en.txt @@ -1,17 +1,112 @@ -You are almost done! +STEP 1: +it's recommended to switch "register_globals" to "Off" to increase security - 0. Setup the db - 1. Restart Apache +STEP 2: +First of all, it is necessary to modify the ulogd conf file (in mandrake is in /etc/ulogd.conf) to write +the log on database (MySQL). (For further information go +tohttp://www.netfilter.org/projects/ulogd/downloads.html) - 2.Login on http://${VHOST_HOSTNAME}/${VHOST_APPDIR}/ and finish the installation. - In this session you should set username and password for iptablesweb admin login +//example of ulogd file - 3. You can now launch your browser and point it to your iptablesweb space - - http://${VHOST_HOSTNAME}/${VHOST_APPDIR}/ -> Main Site - http://${VHOST_HOSTNAME}/${VHOST_APPDIR}/admin.php -> Admin +mysqltable ulog +mysqlpass password +mysqluser user +mysqldb iptables +mysqlhost localhost +# load the plugin (remove the ' # ' if you want to enable it) +plugin/usr/lib/ulogd/ulogd_MYSQL.so - You can log into Admin using the username and the password - that was generated or you chose during the web based install. +After this step you must execute ulogd service (in mandrake with "ulogd - d"); if you haven't found any +problem, you can define the new iptables rules. + +//example of iptables rules + +/sbin/iptables -I INPUT -p icmp --icmp-type echo-request -j ULOG --ulog-prefix "ICMP DROP" +/sbin/iptables -I INPUT -m state --state INVALID -j ULOG --ulog-prefix "INVALID" +/sbin/iptables -I INPUT -p tcp ! --syn -m state --state NEW -j ULOG --ulog-prefix "NEW INCORRECT" +/sbin/iptables -I INPUT -p tcp --dport 1:1024 -m state --state NEW -j ULOG --ulog-prefix "TCP DROP" +/sbin/iptables -I INPUT -p udp --dport 1:1024 -m state --state NEW -j ULOG --ulog-prefix "UDP DROP" + +The first rule records "echo-request" with the name "ICMP DROP" +The second rule records invalid packets with the name "INVALID" +The third rule records "new connections" that don't start with SYN packet with the name "NEW INCORRECT" +The fourth rule records the TCP connection, from port number 1 to 1024, with the name "TCP DROP" +The fifth rule records the UDP connection, from port number 1 to 1024, with the name "UDP DROP" + + + +STEP 3: +Browse http://${MY_HTDOCSDIR}/install.php + +During the installation you must: + +* define the General configuration: + Public access: it permits if the web has public access or not + Default language: default language of system + System url: link of IptablesWeb (can be http or https) (e.g. http://my_server/my_iptablesweb/) + System email: system email of IptablesWeb + Absolute path: absolute path of system + Crontab password: password to protect system script (used for statistic update) + Log saved: Log saved for each user + +* define Database configuration: + Database: Type of database used + Host database: Host address where the database is reachable + Database name: Database name + Username: Username + Password: Password + Ulogd table: ulogd table used to save iptables log + +* define Session configuration: + Garbage collector time (in second): Garbace collector time + Session time (in second): Session validity time, in second; if 0, session will last until the +browser is close + +* define Email configuration: + Type of SMTP: if you want use internal smtp, use localhost otherwise an external one + SMTP server: external SMTP server + Authentication: Use this features if you wish to send email with authentication + Username: Username of server SMTP authentication + Password: Password of server SMTP authentication + + +Remember that IptablesWeb tables must be in the same database where ulogd tables exists. + +Finally you must define the first group and the first admin account. REMEMBER TO DELETE install.php. + + + +STEP 4: +Now you must define what type of iptables log must be managed; go to Iptables management. + +//example of iptables rule + +/sbin/iptables -I INPUT -p icmp --icmp-type echo-request -j ULOG --ulog-prefix "ICMP DROP" + +In the name field write the string ICMP DROP; in the color field write a SRGB color (e.g. #FF0000 for the +red); in the name field write a text that will be displayed in the IptablesWeb interfaces. + +Then go to System info area and you will be found the link to copy in your event schedulator, like +crontab. + +In crontab you must paste this link +*/5 * * * * lynx > /dev/null -dump +http://[my_iptablesweb_server]/system.php?key_check=cc03e047a6afgbcbk8be7668acfebae5 + + + +STEP 5: +First of all you must download a plugin and then decompress it. Now copy the folder you just extracted +into the "plugin" folder of your IptablesWeb. +Go to your administrative area, select plugin management and click on the icon to install it. +Go to Block management to duplicate the plugin. + +Remember, a block can be created if: + A plugin is selected + An Iptables rule is selected + A group is selected or/and a block is defined public + All mandatory fields are used + +A block will be displayed when the user activates the block into block management area. |