[ale] automating IP blocking on the firewall

[Keith Hopkins]

James P. Kinney III wrote:
> Run it from the firewall box.
> At the top, setup a scp connection and grap the remote logs and dump
> them into /tmp. The change the $log def to point the /tmp instead. If
> you setup key authentication for ssh, you can run scp -B
> user at remote:/var/log/httpd/error* /tmp/httpd/
> 
> Or an rsync process could be called to keep a copy of the remote logs
> synched with the firewall box.
> 

I'm thinking something along those lines, but I want to push from the web server.  I want the firewall as isolated as possible, incase it gets hacked, it has no open doorway to any other machine.  Having the firewall open to the web server is OK.  I thinking about keeping a master list on the web server, pushing it down whenever it is updated (or 5 min, whichever is longer).  Don't want to much overhead on the firewall, as it is a slim to bare metal machine.

rsync is a maybe.

-- 
Lost in Tokyo,
   Keith



---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.