Hi,
After picking up some unexpected jobs and then loosing my internet connection, I'm now just about ready to submit the patches for status emails (it's difficult to work on something that's meant to download from the internet if you haven't got a working connection). I thought it would probably be a good idea to give some warning before sending the patches.
This will be for the status emails; sending (optionally GPG encrypted) emails giving information about the system on a user defined schedule.
Tim
On 01/12/2018 19:46, Michael Tremer wrote:
Hey,
On 1 Dec 2018, at 18:20, Tim FitzGeorge ipfr@tfitzgeorge.me.uk wrote:
Hi,
On 30/11/2018 11:04, Michael Tremer wrote:
Hey Tim,
thanks for your email!
Those addons look great. Quite neat and tidy code and probably they are scratching an itch for some people.
On Thu, 2018-11-29 at 21:11 +0000, Tim FitzGeorge wrote:
I've written a couple of addons for my installations of IPFire. They're available on github and some other people have tried them; they seem to be fairly well received and it's been suggested that it may be worth making them available through pakfire as official addons.
Where did you publish them before?
I've not published them before - I didn't even announce them on the forums, but someone must have looked around after looking at the IDS rule updater.
Well, I guess great software finds its users on its own...
The first addon provides the ability to send status emails. You can define multiple schedules and the items to be included in each email. By choosing parameters carefully it's possible to get it to send emails on some error conditions. The emails can be encrypted with GPG. The architecture makes it easy to add further items to be reported on.
Could you send an example email what it looks like? I do not see any reason why this should not be part of the distribution and would like to ask you to submit this as a patch that can be merged into mainline.
I've attached a jpeg of the HTML version of a test email. It's had certain information redacted. I don't include quite so much information in my normal reports. It's also capable of some additional information (for example errors) which only show up when necessary.
Wow this is a lot. As in an overwhelming amount of graphs and data.
I am not sure if this is useful when its altogether, but I guess that can be decided by each user…
About the UI: I guess that could be a lot shorter. I find it quite logical that when someone wants a weekly report, the graphs should show the whole week and not only the last day. So that can be a single switch that makes many of the other options further done redundant.
The text emails can contain everything except the graphs. I've got my systems set up to send an HTML email at midnight with a summary of the previous day's information including some graphs, plus a text email of error conditions every hour - this only gets sent if there are errors.
This one just turned up:
Error check report
System
SSH
Logins
User From Count root 192.168.999.999 2
I'll start working on a patch. I think my one question at this point is where should it go in the menus? I put it under 'IPFire' since that seems to be where miscellaneous addons go, but is there a better place for it?
Good questions. I am not very happy with the IPFire sub-menu because there is no point in it. This is a left-over from about 15 years ago when we used IPCop as a base.
I think this could even be part of the email settings CGI; or it should go into logging.
Maybe we can extend this over time and have it send more information if there are any requests.
Yes, it's got a plug-in architecture and in most cases adding more information is quite easy. The main code takes care of formatting, whether for HTML or Text, so a table can be added with one function call which is passed an array of arrays.
Would you be up for maintaining this long-term?
Yes.
Great!
Did you develop this for yourself or for work or has this been sponsored by someone else?
I did it for myself. As well as my home system, I've got another one set up at a small charity, and I wanted a way to see its status without having to go over there. I didn't want to set up a VPN just for logging in and checking status.
Looks like a lot of work as a workaround to not set up a VPN.
The second addon handles the setting up and updating of IP Address Blocklists in the firewall. It includes options to select which lists to use, and some control over how frequently to check for updates.
I guess Peter might be quite excited about this :)
I personally do not have much use for this, but again, why should this not become part of IPFire?
I did not install any of these yet, so could you maybe excuse lazy me and send screenshots? :)
Attached. The WUI for this is fairly simple. There's also a logwatch plug in so that a summary of the update status appears in the log summary.
See my comments above. I also have some other probably minor questions regarding some things on here, but I guess that can wait…
Both include WUI pages for configuration and language files. They're fully functional, but would require some checking and minor updates. The source can be seen at https://github.com/timfprogs .
I have seen a third one which updates Snort rules. I am sure that you have heard about us changing to suricata soon (test images are available). However, the rules are roughly the same and the same update tools can be used. So, again, would you be interested to have this in the distribution and maintain it?
Definitely. I believe that there's already an automatic updater provided, but I think mine has more facilities. I'm planning to install the suricata test image in the next few weeks and have a good look at it.
Yes, we should work on one thing after the other. Great that you join testing.
Potentially we should think about working on this first now, so that suricata can go out as soon as possible with as many features as possible.
Would you be okay with that?
I'm aware that there other people have made addons for both these purposes, which maybe suggests that it's functionality that is worth adding.
Best, -Michael
P.S. Did you get any help building these or do you speak four languages?
Alas, I only really speak English (although I do have some limited knowledge of French and Latin). I used Google translate, so I expect some errors - hopefully amusing ones rather than insulting.
Good question. I have no idea. We can check with a speaker of any of those languages or ship it English-only.
Best, -Michael
Tim
<statusmail_email.jpeg><statusmail_wui.jpeg><blocklist-wui.png>