From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: Status emails and IP Blocklists Date: Mon, 01 Apr 2019 12:07:27 +0100 Message-ID: <49C74B32-5947-4208-8A7A-4467DEB007D4@ipfire.org> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============6870148112495023825==" List-Id: --===============6870148112495023825== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi Tim, > On 31 Mar 2019, at 23:57, Tim FitzGeorge wrote: >=20 > Hi, >=20 > After picking up some unexpected jobs and then loosing my internet connecti= on, I'm now just about ready to submit the patches for status emails (it's di= fficult to work on something that's meant to download from the internet if yo= u haven't got a working connection). I thought it would probably be a good i= dea to give some warning before sending the patches. I cannot really tell if this is an overall good or bad thing, but happy to ha= ve you back! > This will be for the status emails; sending (optionally GPG encrypted) emai= ls giving information about the system on a user defined schedule. Thanks for the heads up. Feel free to send an RFC or so if you are unsure and= so on. Best, -Michael >=20 > Tim >=20 > On 01/12/2018 19:46, Michael Tremer wrote: >> Hey, >>=20 >>=20 >>> On 1 Dec 2018, at 18:20, Tim FitzGeorge >>> wrote: >>>=20 >>> Hi, >>>=20 >>> On 30/11/2018 11:04, Michael Tremer wrote: >>>=20 >>>> Hey Tim, >>>>=20 >>>> thanks for your email! >>>>=20 >>>> Those addons look great. Quite neat and tidy code and probably they are >>>> scratching an itch for some people. >>>>=20 >>>> On Thu, 2018-11-29 at 21:11 +0000, Tim FitzGeorge wrote: >>>>=20 >>>>> I've written a couple of addons for my installations of IPFire. They're >>>>> available on github and some other people have tried them; they seem to >>>>> be fairly well received and it's been suggested that it may be worth >>>>> making them available through pakfire as official addons. >>>>>=20 >>>> Where did you publish them before? >>>>=20 >>> I've not published them before - I didn't even announce them on the >>> forums, but someone must have looked around after looking at the IDS >>> rule updater. >>>=20 >> Well, I guess great software finds its users on its own... >>=20 >>=20 >>>>> The first addon provides the ability to send status emails. You can >>>>> define multiple schedules and the items to be included in each email.=20 >>>>> By choosing parameters carefully it's possible to get it to send emails >>>>> on some error conditions. The emails can be encrypted with GPG. The >>>>> architecture makes it easy to add further items to be reported on. >>>>>=20 >>>> Could you send an example email what it looks like? I do not see any rea= son why >>>> this should not be part of the distribution and would like to ask you to= submit >>>> this as a patch that can be merged into mainline. >>>>=20 >>> I've attached a jpeg of the HTML version of a test email. It's had >>> certain information redacted. I don't include quite so much information >>> in my normal reports. It's also capable of some additional information >>> (for example errors) which only show up when necessary. >>>=20 >> Wow this is a lot. As in an overwhelming amount of graphs and data. >>=20 >> I am not sure if this is useful when its altogether, but I guess that can = be >> decided by each user=E2=80=A6 >>=20 >> About the UI: I guess that could be a lot shorter. I find it quite logical >> that when someone wants a weekly report, the graphs should show the whole >> week and not only the last day. So that can be a single switch that makes >> many of the other options further done redundant. >>=20 >>=20 >>> The text emails can contain everything except the graphs. I've got my >>> systems set up to send an HTML email at midnight with a summary of the >>> previous day's information including some graphs, plus a text email of >>> error conditions every hour - this only gets sent if there are errors. >>>=20 >>>=20 >>> This one just turned up: >>>=20 >>> Error check report >>>=20 >>>=20 >>> System >>> ------ >>>=20 >>> SSH >>>=20 >>> Logins >>>=20 >>> User From Count >>> root 192.168.999.999 2 >>>=20 >>>=20 >>> I'll start working on a patch. I think my one question at this point is >>> where should it go in the menus? I put it under 'IPFire' since that >>> seems to be where miscellaneous addons go, but is there a better place >>> for it? >>>=20 >> Good questions. I am not very happy with the IPFire sub-menu because there >> is no point in it. This is a left-over from about 15 years ago when we used >> IPCop as a base. >>=20 >> I think this could even be part of the email settings CGI; or it should >> go into logging. >>=20 >>=20 >>>> Maybe we can extend this over time and have it send more information if = there >>>> are any requests. >>>>=20 >>> Yes, it's got a plug-in architecture and in most cases adding more >>> information is quite easy. The main code takes care of formatting, >>> whether for HTML or Text, so a table can be added with one function call >>> which is passed an array of arrays. >>>=20 >>>> Would you be up for maintaining this long-term? >>>>=20 >>> Yes. >>>=20 >> Great! >>=20 >>=20 >>>> Did you develop this for yourself or for work or has this been sponsored= by >>>> someone else? >>>>=20 >>> I did it for myself. As well as my home system, I've got another one >>> set up at a small charity, and I wanted a way to see its status without >>> having to go over there. I didn't want to set up a VPN just for logging >>> in and checking status. >>>=20 >> Looks like a lot of work as a workaround to not set up a VPN. >>=20 >>=20 >>>>> The second addon handles the setting up and updating of IP Address >>>>> Blocklists in the firewall. It includes options to select which lists >>>>> to use, and some control over how frequently to check for updates. >>>>>=20 >>>> I guess Peter might be quite excited about this :) >>>>=20 >>>> I personally do not have much use for this, but again, why should this n= ot >>>> become part of IPFire? >>>>=20 >>>> I did not install any of these yet, so could you maybe excuse lazy me an= d send >>>> screenshots? :) >>>>=20 >>> Attached. The WUI for this is fairly simple. There's also a logwatch >>> plug in so that a summary of the update status appears in the log summary. >>>=20 >> See my comments above. I also have some other probably minor questions reg= arding >> some things on here, but I guess that can wait=E2=80=A6 >>=20 >>=20 >>>>> Both include WUI pages for configuration and language files. They're >>>>> fully functional, but would require some checking and minor updates.=20 >>>>> The source can be seen at=20 >>>>> https://github.com/timfprogs >>>>> . >>>>>=20 >>>> I have seen a third one which updates Snort rules. I am sure that you ha= ve heard >>>> about us changing to suricata soon (test images are available). However,= the >>>> rules are roughly the same and the same update tools can be used. So, ag= ain, >>>> would you be interested to have this in the distribution and maintain it? >>>>=20 >>> Definitely. I believe that there's already an automatic updater >>> provided, but I think mine has more facilities. I'm planning to install >>> the suricata test image in the next few weeks and have a good look at it. >>>=20 >> Yes, we should work on one thing after the other. Great that you join test= ing. >>=20 >> Potentially we should think about working on this first now, so that suric= ata >> can go out as soon as possible with as many features as possible. >>=20 >> Would you be okay with that? >>=20 >>=20 >>>>> I'm aware that there other people have made addons for both these >>>>> purposes, which maybe suggests that it's functionality that is worth ad= ding. >>>>>=20 >>>> Best, >>>> -Michael >>>>=20 >>>> P.S. Did you get any help building these or do you speak four languages? >>>>=20 >>> Alas, I only really speak English (although I do have some limited >>> knowledge of French and Latin). I used Google translate, so I expect >>> some errors - hopefully amusing ones rather than insulting. >>>=20 >> Good question. I have no idea. We can check with a speaker of any of those >> languages or ship it English-only. >>=20 >> Best, >> -Michael >>=20 >>=20 >>>=20 >>> Tim >>>=20 >>>=20 >>>=20 >>> >>>=20 >>=20 >=20 >=20 --===============6870148112495023825==--