Login or Register to Ask a Question and Join Our Community


UNIX for Advanced & Expert Users

Automated security checks on Sidewinder7 firewall

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users Automated security checks on Sidewinder7 firewall
# 1  
Old 12-15-2011
Automated security checks on Sidewinder7 firewall
I have recently been tasked to create a script that will daily check our firewalls for any security issues that might have happened. I am not very strong with Unix so I need a lot of help and dont know where to start.

Some things I have thought of so far is I want to search the audit.raw files for any occurrence of an admin account being changed. Also want to look for DNS lookups or port 80 GetRequests that are over 64k in size.

I was thinking i could run the script in a cronjob. Is that the best way?

My bosses would also like some kind of output that they can look at and understand.

I am sure there are a lot more things I should be looking for. Has anyone done something like this already or know a good place for me to start researching commands for this kind of task? Thank you in advance for any help you can offer.
Last edited by soccerfan; 12-15-2011 at 05:52 AM..
Login or Register to Ask a Question

Previous Thread | Next Thread

5 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Daily Checks

Hey Guys, I'm seeking some assistance in getting this script to run as a cron job for the user oracle.. the script is basically to perform 2 ADRCI checks... see the script below... i'm getting the following error: /export/home/oracle/Daily_Checks/ADRCI_Daily_Checks.sh: syntax error at line 16:... (7 Replies)
Discussion started by: Racegod
7 Replies

2. Cybersecurity

Firewall bypass or stepping stone security question

Hi, I really do not know how to describe this problem; but, I think it's a firewall issue. My Distro is Slackware 12.0 (somewhat updated). My company firewall uses Netfilter and the e-mail server uses Sendmail. Let's say the firewall's Ext IP = A and Internal DMZ IP = B. The firewall's... (0 Replies)
Discussion started by: cc_ew
0 Replies

3. AIX

Pre-checks

AIX Guys!!! What pre-checks would you do on a 5.3 server before TL/SP/APAR installation? Bala (2 Replies)
Discussion started by: balaji_prk
2 Replies

4. UNIX for Advanced & Expert Users

Doing Checks on a file

I have a process that I am trying to provide a solution for and have hit a brick wall and would like some pointers in the right direction. Basically on a daily basis a report is automatically generated in a CSV format (FIRST.CSV) which includes codes and amounts in the following format: ... (6 Replies)
Discussion started by: SAMZ
6 Replies

5. UNIX for Dummies Questions & Answers

Security checks needed and at what frequency

hi, what are the Security checks need to be performed and at what frequency ? thanks (1 Reply)
Discussion started by: Far
1 Replies
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

arno-iptables-firewall

ARNO-IPTABLES-FIREWALL(8)												 ARNO-IPTABLES-FIREWALL(8)

NAME

       arno-iptables-firewall - Single- & multi-homed firewall script with DSL/ADSL support.

SYNOPSIS

       /etc/init.d/arno-iptables-firewall [start|stop|status|force-reload|restart]

DESCRIPTION

       arno-iptables-firewall  is  an  iptables configuration script with support for both IPv4 & IPv6.  While it is extremely easy to use one can
       nevertheless use it in quite complicated environments.

       All available options are explained in the extensively documented configuration file.

       The external interface of the system needs to be set up properly in the firewalls configuration file (EXT_IF).  The default behavior of the
       firewall is to deny all incoming connections.

       For  additional	requirements not covered by the configuration file custom iptables rules can be placed in /etc/arno-iptables-firewall/cus-
       tom-rules.  This file is automatically parsed by the service script.

       See the README file (eg. in /usr/(local/)share/doc/arno-iptables-firewall) for an example how to manage logging of firewall events  through
       syslogd.

       The arno-fwfilter script can be used to make the firewall logs more readable for humans (see manpage).

       Several plugins for the firewall script are available online. Plugins can be downloaded from http://rocky.eld.leidenuniv.nl/ Please see the
       README file for more information.

FILES

       /etc/init.d/arno-iptables-firewall	       system service script
       /etc/arno-iptables-firewall/firewall.conf       firewall configuration
       /etc/arno-iptables-firewall/conf.d/	       firewall configuration directory
       /etc/arno-iptables-firewall/custom-rules        custom iptables rules
       /etc/arno-iptables-firewall/blocked-hosts       host blacklist
       /etc/arno-iptables-firewall/mac-addresses       mac filter list

       Please note, that the last two files do exist in the initial configuration and their use is disabled  in  /etc/arno-iptables-firewall/fire-
       wall.conf

SEE ALSO

       iptables(8), arno-fwfilter(1), syslog.conf(5)

       The http://rocky.eld.leidenuniv.nl/ web site.

AUTHOR

       arno-iptables-firewall was written by Arno van Amersfoort <arnova@rocky.eld.leidenuniv.nl>.

       This manual page was written by Michael Hanke <michael.hanke@gmail.com>, for the Debian project (but may be used by others).

Michael Hanke							  March 14, 2012					 ARNO-IPTABLES-FIREWALL(8)