[Debian]Debian lennyで１からサーバーを作ってみる – IPTables log analyzerをインストール

# cd /usr/local/src

最新版をここから探す。http://sourceforge.net/project/showfiles.php?group_id=63361

# wget http://jaist.dl.sourceforge.net/sourceforge/iptablelog/iptablelog-v0.9.tar.gz
# tar -zxvf iptablelog-v0.9.tar.gz
# mv iptablelog /var/www/admin
# chown -R root.root /var/www/admin/iptablelog
# cd
# mysql -u root -p
mysql> create database iptablelog;
mysql> grant all on iptablelog.* to iptablelog_user@localhost identified by '******';
mysql> exit
# cat /var/www/admin/iptablelog/conf/iptables.mysql | mysql -u iptablelog_user -p iptablelog

# aptitude install ulogd ulogd-mysql
# vi /etc/ulogd.conf

#
# ulogd_BASE.so - interpreter plugin for basic IPv4 header fields
#                 you will always need this
plugin="/usr/lib/ulogd/ulogd_BASE.so"
plugin="/usr/lib/ulogd/ulogd_LOCAL.so" ← 追加

plugin="/usr/lib/ulogd/ulogd_LOGEMU.so"
↓
#plugin="/usr/lib/ulogd/ulogd_LOGEMU.so"

#plugin="/usr/lib/ulogd/ulogd_MYSQL.so"
↓
plugin="/usr/lib/ulogd/ulogd_MYSQL.so"

[MYSQL]
pass="changeme"
↓
pass="******"

user="laforge"
↓
user="iptablelog_user"

db="ulogd"
↓
db="iptablelog"

# /etc/init.d/ulogd start

# vi /root/iptables.sh

・・・
・・・
# ↓この行の下へ追加する
# 上記のルールにマッチしなかったアクセスはログを記録して破棄
iptables -A INPUT -m limit --limit 1/s -j LOG --log-prefix '[IPTABLES INPUT] : '
iptables -A INPUT -m limit --limit 1/s -j ULOG --ulog-nlgroup 1 --ulog-prefix 'INPUT' ← 追加
・・・
・・・

# cp /var/www/admin/iptablelog/conf/config.php.default /var/www/admin/iptablelog/conf/config.php
# vi /var/www/admin/iptablelog/conf/config.php

$db_password="changeme";
↓
$db_password="******";

$file_base="/path/to/iptablelog";
↓
$file_base="/var/www/admin/iptablelog";

# cp /var/www/admin/iptablelog/conf/iptables_resolve.default /etc/cron.hourly/iptables_resolve
# vi /etc/cron.hourly/iptables_resolve

$iptablelog_path = "/var/www/html/iptablelog";
↓
$iptablelog_path = "/var/www/admin/iptablelog";

db_connect("localhost","dbname","dbuser", "dbpass");
↓
db_connect("localhost","iptablelog","iptablelog_user", "******");