Munin PortSentry

portsentry_tcp :

#!/usr/bin/perl -w
#
# Copyright (C) 2006 Rodolphe Quiedeville <rodolphe@quiedeville.org>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; version 2 dated June,
# 1991.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place – Suite 330, Boston, MA 02111-1307, USA.
#
# If you improve this script please send your version to my email address
# with the copyright notice upgrade with your name.
#
# Plugin to monitor number of tcp ports attack detected by portsentry
#
# $Log$
# Revision 1.1 2006/03/28 21:04:01 rodo
# Created by Rodolphe Quiedeville
#
# Add following lines to etc/munin/plugin-conf.d/munin-node file
#
# [portsentry*]
# user root
#
#%# family=network
#%# capabilities=autoconf

use strict;

my ($port,$number,$name);
my (%ports, %names);
my $a = « </var/lib/portsentry/portsentry.blocked.tcp »;
my $line = undef;

if ($ARGV[0] and $ARGV[0] eq « config »)
{
print « graph_title Portsentry TCP Attacks Detected\n »;
print « graph_args –base 1000 -l 0\n »;
print « graph_category network\n »;
print « graph_vlabel attacks blocked\n »;
print « graph_total total\n »;

open(PTCP,$a) || die « cannot open $a: $! »;
while ($line = <PTCP>)
{
$ports{$1}++ if $line =~ /.*Port: ([0-9]+) TCP Blocked$/;
}
close(PTCP);

my @np = (keys(%ports));
foreach my $x (@np) {
$names{$x} = « inconnu »;
open(PETC, »grep $x/tcp /etc/services| ») || die « cannot open /etc/services : $! »;
while ($line = <PETC>){
$names{$x} = $1 if $line =~ /^(\w*)\s*$x\/tcp.*/;
}
close(PETC);
}

while (($port,$number) = each(%ports))
{
print « port_$port.label Port $port\n »;
print « port_$port.info $names{$port}\n »;
}

exit 0;
}

open(PTCP,$a) || die « cannot open $a: $! »;
while ($line = <PTCP>)
{
$ports{$1}++ if $line =~ /.*Port: ([0-9]+) TCP Blocked$/;
}
close(PTCP);

while (($port,$number) = each(%ports))
{
print « port_$port.value $number\n »;
}

# vim:syntax=perl

portsentry_udp :

use strict;

my ($port,$number);
my %ports;
my $a = « /var/lib/portsentry/portsentry.blocked.udp »;
my $line = undef;

if ($ARGV[0] and $ARGV[0] eq « config »)
{
print « graph_title Portsentry UDP Attacks Detected\n »;
print « graph_args –base 1000 -l 0\n »;
print « graph_category network\n »;
print « graph_vlabel attacks blocked\n »;

open(PUDP,$a) || die « cannot open $a: $! »;
while ($line = <PUDP>)
{
$ports{$1}++ if $line =~ /.*Port: ([0-9]+) UDP Blocked$/;
}
close(PUDP);

while (($port,$number) = each(%ports))
{
print « port_$port.label Port $port\n »;
print « port_$port.info Port UDP $port\n »;
}

exit 0;
}

open(PUDP,$a) || die « cannot open $a: $! »;
while ($line = <PUDP>)
{
$ports{$1}++ if $line =~ /.*Port: ([0-9]+) UDP Blocked$/;
}
close(PUDP);

while (($port,$number) = each(%ports))
{
print « port_$port.value $number\n »;
}

# vim:syntax=perl

PTR IPV6 – Postfix

Lors d’envois vers mail gmail ….., si le serveur mail écoute sur l’ipv6 il y a de forte change pour avoir ce message d’erreur :

550-5.7.1 not meet IPv6 sending guidelines regarding PTR records and 550-5.7.1 authentication.

Il suffit de désactiver l’écoute ipv6 en éditant le fichier : /etc/postfix/main.cf

Modifier la ligne : inet_protocols = all

par

inet_protocols = ipv4

Relancer postfix : /etc/inid.d/postfix reload et les mails passent sans souci.

Memo

Posts categoriezed as Administration

Autoriser le Ping / Windows 7Pro

Autoriser le Ping / Windows 7Pro

Maintenance RKhunter

Maintenance RKhunter