Security Reporter in Perl
I Have been working on this program for quite awhile. I run many firewalls using ipchains
or iptables. When a packet is rejected you can have it logged. (I do this to ferrit out
hackers and hacking attempts.) However when you have a public server you end up with an
aweful lot of packets logged. This program reads in the /var/log/message files and tries
to correlate all the rejected packets. It then outputs a report that you can look at.
Script File : analyzemessageslog.pl
All you really have to do is download the script and run it (if you have logged
a lot of packets it takes quite awhile.) You'll want to edit the variables that
are right at the beginning of the script though.
0.005 Saves Date for correlation and display.(does not yet display)
0.002 Checks For Port Scans.
0.001 Parses messages log, Prints packets