Pour le fun de voir un graphique des packets rejeter par votre firewall.
ATTENTION: c'est Grosso modo une esquisse. a modifier pour votre firewall.
creation de la DB pour RRD
#!/bin/sh
DB=/root/trafficinput.rrd
rrdtool create $DB -s 60 \
DS:packet_1:COUNTER:120:U:U \
DS:packet_2:COUNTER:120:U:U \
DS:packet_3:COUNTER:120:U:U \
DS:packet_4:COUNTER:120:U:U \
DS:packet_5:COUNTER:120:U:U \
DS:packet_6:COUNTER:120:U:U \
DS:packet_7:COUNTER:120:U:U \
DS:packet_8:COUNTER:120:U:U \
DS:packet_9:COUNTER:120:U:U \
DS:packet_10:COUNTER:120:U:U \
DS:packet_11:COUNTER:120:U:U \
DS:packet_12:COUNTER:120:U:U \
DS:packet_13:COUNTER:120:U:U \
RRA:LAST:0.5:1:1440 \
RRA:AVERAGE:0.5:5:2016 \
Le script de récolte des données
#!/bin/sh
DB=/root/trafficinput.rrd
RRDUPDATE=rrdupdate
IPTABLES_SAVE=/sbin/iptables-save
datenow=$( date +%s --date="`date +%R`" )
data=$( $IPTABLES_SAVE -c | grep "INPUT" | grep "j DROP\|j TARPIT\|j REJECT" | \
sed -r 's/\[([0-9]*):([0-9]*).*/:\1/' | \
xargs echo | sed 's/ //g' )
$RRDUPDATE $DB $datenow$data
a mettre dans le cron
* * * * * nice -n 19 /root/trafficinput_update.sh > /dev/null 2>&1
et enfin, le script de génération des graphs
#!/bin/sh
MAX_PACKET=300
DS1="packet_1"
DS_ICMP1="packet_2"
DS_ICMP2="packet_3"
DS2="packet_4"
DS3="packet_5"
DS4="packet_6"
DS_GEOIP_TCP="packet_7"
DS_GEOIP_UDP="packet_8"
DS5="packet_12"
DS6="packet_13"
DB=/root/trafficinput.rrd
RRDTOOL=rrdtool
OUT=/var/www/trafficinput.png
OPTS="-w 900 -h 300"
LIMIT_PACKET=$(($MAX_PACKET-10))
$RRDTOOL graph $OUT $OPTS \
--font DEFAULT:6:/usr/share/rrdtool/fonts/DejaVuSansMono-Roman.ttf \
--title "Packets indesirables" \
-v "Packets/Minute" \
--x-grid HOUR:1:HOUR:6:HOUR:6:0:%X \
--y-grid 50:2 \
--rigid \
--upper-limit $MAX_PACKET \
--lower-limit 0 \
-s -24h \
--color CANVAS#000000 \
--color BACK#101010 \
--color FONT#ffffdf \
--color MGRID#337fbf \
--color GRID#615900 \
--color FRAME#808080 \
--color ARROW#FF0099 \
--color SHADEA#000000 \
--color SHADEB#000000 \
DEF:packet_true1=$DB:$DS1:LAST:step=60 \
DEF:packet_true2=$DB:$DS2:LAST:step=60 \
DEF:packet_true3=$DB:$DS3:LAST:step=60 \
DEF:packet_true4=$DB:$DS4:LAST:step=60 \
DEF:packet_true5=$DB:$DS5:LAST:step=60 \
DEF:packet_true6=$DB:$DS6:LAST:step=60 \
DEF:packet_ICMP1=$DB:$DS_ICMP1:LAST:step=60 \
DEF:packet_ICMP2=$DB:$DS_ICMP2:LAST:step=60 \
DEF:packet_geoip_tcp=$DB:$DS_GEOIP_TCP:LAST:step=60 \
DEF:packet_geoip_udp=$DB:$DS_GEOIP_UDP:LAST:step=60 \
CDEF:realpacket_truetotal=packet_true1,packet_ICMP1,packet_ICMP2,packet_true2,packet_true3,packet_true4,packet_true5,packet_true6,packet_geoip_tcp,packet_g
eoip_udp,+,+,+,+,+,+,+,+,+ \
CDEF:realpacket_total=realpacket_truetotal,60,\* \
CDEF:realpacket_true1=packet_true2,packet_true3,packet_true5,packet_true6,packet_geoip_tcp,packet_geoip_udp,+,+,+,+,+ \
CDEF:realpacket_1=realpacket_true1,60,\* \
CDEF:realpacket_2=packet_true1,60,\* \
CDEF:realpacket_3=packet_true4,60,\* \
CDEF:realpacket_mauvais_1=realpacket_total,$MAX_PACKET,GT,$LIMIT_PACKET,realpacket_1,IF \
CDEF:realpacket_bon_1=realpacket_total,$LIMIT_PACKET,GE,0,realpacket_1,IF \
CDEF:realpacket_bon_2=realpacket_total,$LIMIT_PACKET,GE,0,realpacket_2,IF \
CDEF:realpacket_bon_3=realpacket_total,$LIMIT_PACKET,GE,0,realpacket_3,IF \
AREA:realpacket_mauvais_1#FF0000 \
AREA:realpacket_bon_2#0000CC \
AREA:realpacket_bon_3#4444CC::STACK \
AREA:realpacket_bon_1#8888FF:"$DS":STACK \
HRULE:$LIMIT_PACKET#FF88CC \
GPRINT:realpacket_total:MAX:"\t\tMax\: %.lf Packets/Minute" \
CDEF:realpacket_totalcompense=realpacket_bon_1,realpacket_bon_2,realpacket_bon_3,+,+ \
GPRINT:realpacket_totalcompense:AVERAGE:"\tMoyenne\: %.lf Packets/Minute\l" \
C'est un truc pour moi, parceque j'etais curieux.. Pas forcement le temps de l'améliorer.
Bref, c'est juste un pavé dans la marre, histoire d'attirer les curieux
