Hello, my installation of the ispconfig work fine, and my welcome messages works now also, thank's on falko. I have another question of iptables the firewall of the ipconfig works fine (think so) but i got no log information in any log files in /var/log/. I have no ideas how i change this problem. How can i start the firewall of the ispconfig tool that the message from the firewall logs to /var/log/firewall.log? my iptables -L on the consol list this: Chain INPUT (policy DROP) target prot opt source destination DROP tcp -- anywhere 127.0.0.0/8 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere PUB_IN all -- anywhere anywhere PUB_IN all -- anywhere anywhere PUB_IN all -- anywhere anywhere DROP all -- anywhere anywhere LOG all -- anywhere anywhere LOG level info DROP all -- anywhere anywhere LOG all -- anywhere anywhere LOG level notice LOG all -- anywhere anywhere LOG level debug LOG all -- anywhere anywhere limit: avg 5/min burst 3 LOG level debug Chain FORWARD (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED DROP all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination PUB_OUT all -- anywhere anywhere PUB_OUT all -- anywhere anywhere PUB_OUT all -- anywhere anywhere Chain INT_IN (0 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere DROP all -- anywhere anywhere Chain INT_OUT (0 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain PAROLE (16 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain PUB_IN (3 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere icmp destination-unreachable ACCEPT icmp -- anywhere anywhere icmp echo-reply ACCEPT icmp -- anywhere anywhere icmp time-exceeded ACCEPT icmp -- anywhere anywhere icmp echo-request PAROLE tcp -- anywhere anywhere tcp dpt:ftp PAROLE tcp -- anywhere anywhere tcp dpt:ssh PAROLE tcp -- anywhere anywhere tcp dpt:smtp PAROLE tcp -- anywhere anywhere tcp dpt:domain PAROLE tcp -- anywhere anywhere tcp dpt:www PAROLE tcp -- anywhere anywhere tcp dpt:81 PAROLE tcp -- anywhere anywhere tcp dptop3 PAROLE tcp -- anywhere anywhere tcp dpt:https PAROLE tcp -- anywhere anywhere tcp dpt:10000 PAROLE tcp -- anywhere anywhere tcp dpt:imap2 PAROLE tcp -- anywhere anywhere tcp dpt:imaps PAROLE tcp -- anywhere anywhere tcp dpt:ssmtp PAROLE tcp -- anywhere anywhere tcp dpt:socks PAROLE tcp -- anywhere anywhere tcp dpt:14534 PAROLE tcp -- anywhere anywhere tcp dpt:8767 PAROLE tcp -- anywhere anywhere tcp dpt:1452 ACCEPT udp -- anywhere anywhere udp dpt:domain DROP icmp -- anywhere anywhere DROP all -- anywhere anywhere Chain PUB_OUT (3 references) target prot opt source destination ACCEPT all -- anywhere anywhere my /etc/syslog.conf # /etc/syslog.conf Configuration file for syslogd. # # For more information see syslog.conf(5) # manpage. # # First some standard logfiles. Log by facility. # auth,authpriv.* /var/log/auth.log *.*;auth,authpriv.none -/var/log/syslog #cron.* /var/log/cron.log daemon.* -/var/log/daemon.log #kern.* -/var/log/kern.log lpr.* -/var/log/lpr.log mail.* -/var/log/mail.log user.* -/var/log/user.log uucp.* /var/log/uucp.log kern.notice;kern.!warn /var/log/firewall.log kern.warn -/var/log/kern.log # # Logging for the mail system. Split it up so that # it is easy to write scripts to parse these files. # mail.info -/var/log/mail.info mail.warn -/var/log/mail.warn mail.err /var/log/mail.err # Logging for INN news system # news.crit /var/log/news/news.crit news.err /var/log/news/news.err news.notice -/var/log/news/news.notice I anyone a idea what can i do to log the firewall message in /var/log/firewall.log i wish anyone a happy new year. STEFAN
You can enable logging in the bastille firewall configuration. You must chnage the file in: /etc/Bastille/bastille-firewall.cfg and the master template: /root/ispconfig/isp/conf/bastille-firewall.cfg.master Then restart the firewall: /etc/init.d/bastille-firewall restart
Thanks vor your fast replay.. my file /etc/Bastille/bastille-firewall.cfg schnip # 2) services for which we want to log access attempts to syslog (all systems) # Note this only audits connection attempts from public interfaces # # Also see item 12, LOG_FAILURES # #TCP_AUDIT_SERVICES="telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh" # anyone probing for BackOrifice? #UDP_AUDIT_SERVICES="31337" # how about ICMP? #ICMP_AUDIT_TYPES="" #ICMP_AUDIT_TYPES="echo-request" # ping/MS tracert # # To enable auditing, you must have syslog configured to log "kern" # messages of "info" level; typically you'd do this with a line in # syslog.conf like # kern.info /var/log/messages # though the Bastille port monitor will normally want these messages # logged to a named pipe instead, and the Bastille script normally # configures syslog for "kern.*" which catches these messages # # Please make sure variable assignments are on single lines; do NOT # use the "\" continuation character (so Bastille can change the # values if it is run more than once) #TCP_AUDIT_SERVICES="telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh" #UDP_AUDIT_SERVICES="31337" #ICMP_AUDIT_TYPES="" and this entry IP_LOG_LEVEL=6 # iptables/netfilter default schnap i understood this as the files ok and the logging must go, but no entry will come in anyfiles aof /var/log/ my file /etc/sysconfig i have also changed in # /etc/syslog.conf Configuration file for syslogd. # # For more information see syslog.conf(5) # manpage. # # First some standard logfiles. Log by facility. # auth,authpriv.* /var/log/auth.log *.*;auth,authpriv.none -/var/log/syslog #cron.* /var/log/cron.log daemon.* -/var/log/daemon.log #kern.* -/var/log/kern.log lpr.* -/var/log/lpr.log mail.* -/var/log/mail.log user.* -/var/log/user.log uucp.* /var/log/uucp.log kern.notice;kern.!warn;kern.info /var/log/firewall.log kern.warn -/var/log/kern.log what can also goes wrong? after all i changes i restart /etc/init.d/sysklogd restart, and the firewall what can goes wrong? STEFAN
I guess you have to uncomment e.g. this line in the bastille configuration: TCP_AUDIT_SERVICES="telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh" to log connection attempts to the listed services. Or you set the line: LOG_FAILURES="N" to: LOG_FAILURES="Y" if you want to log connection failures.
Hey till very kind of you, but i have change the things that you say and i can't find any logs :-( what do i wrong? I've open iptables -A INPUT -j LOG --log-level notice, can this the problem i think before that the firewall is only a iptables commant..
Uhh... well I did all this. Now... where is the log file? I can't find anything in /var/log There is not iptables or bastille log file? Can somebody help me out?
Answer to an old question I know this is an old thread but I recently enabled logging in Bastille and finally found where it logs. The log entries appear in /var/log/messages I made some iptables rule changes and wanted to verify they were working so I edited /etc/Bastille/bastille-firewall.cfg and changed LOG_FAILURES to "Y" and then restarted Bastille with /etc/init.d/bastille-firewall restart Since I only plan to allow logging temporarily, I did not edit /root/ispconfig/isp/conf/bastille-firewall.cfg.master. As till mentioned, you have to edit this file, too if you don't want your changes to be overwritten when you reboot. A word of warning... Turning this on can generate LOTS of log entries in a very short period of time. I would not advise setting LOG_FAILURES="Y" and forgetting about it!