Meine Blog-Liste

  • end of life - Good morning, as you may have already found out, the posts on this blog have been getting less and less. This is caused by the fact that my two honeypots h...
    vor 2 Jahren

Montag, 26. Januar 2015

MyPyApacheFW whats new

In the last some months I tried to archieve some improvements on my tiny little firewall. So here whats new:

Usage: [options]

  -h, --help            show this help message and exit
  -f FILE, --file=FILE  write report to FILE, default is /var/log/mypyfw.log
                        adjust IP position, default is 0
  -b FILE, --blacklist=FILE
                        path to blacklist, default values are Hardcoded
  -w FILE, --whitelist=FILE
                        path to Whitelist, default values are Hardcoded
  -t, --try-run          you want a test run
  -g, --geoIP           add GeoIP data to output
  -p, --pf              use PF as firewall (ex. on openBSD)
                         set iptables/pf network interface

  1. pf is added
    I added support for pf. While changing my developer notebook to openBSD I thought it might be useful to integrate pf as the OS firewall used. Thanks to py-pf and the help of the developer I was able to integrate it. IMPORTANT: When using pf you also should tell the script which interface to use
    python -p -n em0
    If you dont set an interface it will default to eth0.
  2. conf.d now added by default
    In the current version the MatchList and the IPWhiteList is added by default.
    I used it as a pre step and hope that I will be able to provide updates to this lists, so that you can receive updates for this. In addition to that I have some IP blacklists on the target. we will see what happens here.

Whats next:

There are many Ideas on my mind.

  1. Improve GETanalyzer.
    The GETanalyzer is part of the script since the beginning. Currently it is just used to identify sql injection in an very easy way, like counting of words like SELECT , FROM, JOIN. I am creating a list currently on what to add. Like recursion counter. The level will be set within the conf file. So, once the analyzer is extended, the introduction of a confile to set variables will be part of this.
  2. Documentation
    I am currently working torwards a documentation. So a nice pdf which shows how the Apache works and what the layout of the log is and how my script integrates to this. I will use it as a source for a talk I want to give at a OWASP meeting (or so) :-)