Digital Mages

Digital Mages - autofwd(8)


NAME

autofwd - Auto-firewalling daemon


VERSION

$Id: autofwd.in,v 0.6 2011/05/03 05:00:00 acorliss Exp $


USAGE

    autofwd [-c {config file}] [-d {n}] [-hvD] [-r {ip} [{ip} ...]]


DESCRIPTION

autofwd is a program which provides automatic firewalling of hosts performing login attacks against various services. It can monitor multiple files at a time looking for multiple patterns. If the pattern matches on a file including an IP address it can extract that IP and use that for tracking and firewalling.

Once an IP is banned it is automatically unbanned after the ban period passes beyond the last logged event.

This script also supports syslogging and e-mail notifications of firewalling events.


REQUIRED ARGUMENTS

None.


OPTIONS

    -c  --config    Use this config file
    -d  --debug     Debug at this level
    -D  --dump      Dump contents of database
    -h  --help      Show this help text
    -r  --remove    Remove the IP from the database
    -v  --version   Show program version


DIAGNOSTICS

This program can be run in debug mode with foreground printing of internal traces.


EXIT STATUS

In command mode (dumping or modifying the IP database) it will return a non-zero value if any errors are encountered. In daemon mode it will return a non-zero value if there are any problems accessing files and forking into the background.


CONFIGURATION

Configuration of this program is controlled by /etc/autofw.conf unless an alternate file is specified via the --config option. Please see autofw.conf(5) for the appropriate options and syntax.


BUGS AND LIMITATIONS

No attempt made to set individual thresholds per-file, per-service, regex, etc. Syslogging is enabled automatically if the Perl module Unix::Syslog is available. E-mail support requires the presence of Net::SMTP.

Only IPv4/IPv6 addresses are looked for and extracted. No attempt was made to extract resolvable hostnames.

autofwd keeps state in a database under /var/lib/autofwd. If the effective user lacks privileges to open that path or database it will default to keeping a database in memory. That database will be reset every time the process is restarted.

When the database is dumped it displays IPv4 addresses first, sorted numerically by address. IPv6 addresses are displayed next, but are sorted lexically.


SEE ALSO

autofw.conf(5)


AUTHOR

Arthur Corliss (corliss@digitalmages.com)


LICENSE AND COPYRIGHT

This software is licensed under the same terms as Perl, itself. Please see http://dev.perl.org/licenses/ for more information.

(c) 2009, Arthur Corliss (corliss@digitalmages.com)