Usage: mypyfw.py [options] Options: -h, --help show this help message and exit -f FILE, --file=FILE write report to FILE, default is /var/log/mypyfw.log -i IPPOSITION, --ippos=IPPOSITION adjust IP position, default is 0 -b FILE, --blacklist=FILE path to blacklist, default values are Hardcoded -w FILE, --whitelist=FILE path to Whitelist, default values are Hardcoded -t, --try-run you want a test run -g, --geoIP add GeoIP data to output -p, --pf use PF as firewall (ex. on openBSD) -n INTERFACE, --net=INTERFACE set iptables/pf network interface
- pf is added
I added support for pf. While changing my developer notebook to openBSD I thought it might be useful to integrate pf as the OS firewall used. Thanks to py-pf and the help of the developer I was able to integrate it. IMPORTANT: When using pf you also should tell the script which interface to use
python mypyfw.py -p -n em0
If you dont set an interface it will default to eth0.
- conf.d now added by default
In the current version the MatchList and the IPWhiteList is added by default.
I used it as a pre step and hope that I will be able to provide updates to this lists, so that you can receive updates for this. In addition to that I have some IP blacklists on the target. we will see what happens here.
Whats next:There are many Ideas on my mind.
- Improve GETanalyzer.
The GETanalyzer is part of the script since the beginning. Currently it is just used to identify sql injection in an very easy way, like counting of words like SELECT , FROM, JOIN. I am creating a list currently on what to add. Like recursion counter. The level will be set within the conf file. So, once the analyzer is extended, the introduction of a confile to set variables will be part of this.
I am currently working torwards a documentation. So a nice pdf which shows how the Apache works and what the layout of the log is and how my script integrates to this. I will use it as a source for a talk I want to give at a OWASP meeting (or so) :-)