A pf statistics web tool!

Contributed by jose on 2003-12-12 from the info-gathering dept.

panda writes: "As seen on the tech@ mailing-list, the people at www.securityoffice.net just released a pf statistic tool, using a web interface.
It looks very promising if you want to have a better view of what goes in and out of your network, it might also help administrators find out where bottlenecks and wrongly behaving users can be found at.
On a side note, it does feature a clean web interface with nice graphics, check it out at:

http://www.securityoffice.net/products/metacortex "

(Comments are closed)

Comments

By Sacha () on 2003-12-12 09:31

IMHO: it would be nice to kill active connections with it.

But sure looks nice for further use :D
By Anonymous Coward () on 2003-12-12 10:45

Wow, this is sweet!
By Anonymous Coward () on 2003-12-12 11:20

Holy crap, this is excellent.

This tool just sent my PF usage to the next level of usefulness! :)
By Anonymous Coward () on 2003-12-12 14:20

Can this generate any non-web-based reporting? Most firewall boxes won't be running Apache/PHP.
Comments
1. By Anonymous Coward () on 2003-12-13 05:47
  
  You mean logfiles ? Don't really see the point in that.
By Teedo () on 2003-12-12 14:40

This appears to be bogus. I downloaded this yesterday after having it announced on the mailing list. The index.php file has hardcoded statistics and several *.php files are missing that are linked from the menu bar. The only functional aspect to this appeared to be the rule generator, which didn't seem to do anything but print rules to the screen (it did not actually maintain your configuration file). Also, why are the RFC reference docs *.php files if they don't have any PHP code to execute? The ethernet Mac hardware manufacturer database was okay, but one of the php scripts looks like it loads the whole fucker into memory and parses it using some simple string comparisons.

It also had some pages that would do a "tail -200" on some of your log files and display that.

I forgot... What is this app actually supposed to do other than make an ass out of whomever installs it?
Comments
1. By Anonymous Coward () on 2003-12-12 15:24
  
  Glad you volenteered to help fix and improve this product. Without people like you, we'd only get criticism and no one to help.
  
  When are you going to release 1.1 or 2.0 from the way you're describing things. Or could you send me the patches in the meanwhile?
  
  email me: root@localhost
  
  Thanks!
2. By Anonymous Coward () on 2003-12-12 15:29
  
  Forgot to say... Before you go making an ass out of yourself again, why not read from his page:
  
  Contact
  
  Please send any suggestions, comments, flames to metacortex(at)securityoffice.net
  
  Maybe you can turn your pointless criticism into something of constructive value?
  
  Or maybe help fix things rather than just nag like an old lady.
3. By Someone with more of a clue than Teedo () on 2003-12-12 16:17
  
  If you had bothered to look at the shell scripts for more than the two seconds that were simply an interruption of your 5 star beat off session, you would have realized that you should have kept your hands in your pants instead of using your keyboard.
4. By Howard Owen () hbo@egbok.com on 2003-12-15 11:24 http://egbok.com
  
  Unpack it in /var/www, NOT /var/www/htdocs. The run the build.sh script in /var/www/metacortex. The script will create /var/www/htdocs/metacortex and pupulate it with files containing a snapshot of your pflog.
By StatiK76 () on 2003-12-12 15:53

lame. Err - What does it do other than display standard pfctl -s information?

meh - its faster to type.

StatiK76
Comments
1. By JFS () on 2003-12-14 13:59
  
  This thing is completly broken and even in simple deny or pass rules give syntax errors... please guys work a little more before post this project out!
  
  PS: and when I try to email the "metacortex" the 3 addresses on the site return delivery errors!!!
  Comments
  1. By Howard Owen () hbo@egbok.com on 2003-12-14 22:47 http://egbok.com
    
    Try metacortex@secureoffice. net
  2. By Howard Owen () hbo@egbok.com on 2003-12-14 22:48 http://egbok.com
    
    Whoops! metacortex@securityoffice.net
By Tamer Sahin () ts@securityoffice.net on 2003-12-14 14:27 http://www.securityoffice.net

In fact, I can't tell that Metacortex is a software that has been programmed with supreme
programming skills. It has been written for users, such as me, who have great need on
PF monitoring to overcome such requirements. If the software is exracted to the default
(/var/www/metacortex) directory and there if the build script is run, then, including
all php scripts and links, there will be no problem at all. For sure, there are mistakes
and miscodings that i couldn't see. If these kind of bugs are reported to me, they will, for
surely, be fixed in the sortest terms.

If there is an intention of you to help the project step further, we can contribute to
the project together. Not decreasing the value of the help, I believe that with the
power of programmers such as you, we can make major changes on the structure of the
project and make it function better.

There has been some fixes on the initial release of Metacortex, I will apply them to
the software and will release it under the version; Metacortex v1.0.1. the changes
are ranged below:

- Misspelled words fixed 'Rule Generator' and 'README'.
- Local status page outputs now more formatted.
- Useless full paths removed from build scripts.
- Fixed 'Local Status' Cross site scripting bug.
- Files permissions now more restrictive.
- Build scripts completely revised. (Thanks contribution & suggestions for Dom De Vitto)

Please, do not hesitate to send your recommendations and warnings about Metacortex. They will be welcomed > metacortex@securityoffice.net
Comments
1. By Howard Owen () hbo@egbok.com on 2003-12-14 20:58 http://egbok.com
  
  This I do not like, in build.sh:
  
  /bin/chmod 644 /var/log/daemon
  
  /bin/chmod 644 /var/log/authlog
By Howard Owen () hbo@egbok.com on 2003-12-14 21:03 http://egbok.com

Specifically, /var/log/daemon and /var/log/authlog (!)
since apache runs as www, I can see the rationale, but doing that without big, red warning signs is very bad!
The code is in build.sh. Do a grep for'chmod'.
By Tamer Sahin () on 2003-12-15 15:35 http://www.securityoffice.net

* Metacortex v1.0.1 * 15 December 2003 *

+ What is Metacortex?

Metacortex consists of a PF graphical user interface. Built on the proactively secure OpenBSD operating system, and
featuring an HTML based graphic interface for easy monitoring.

+ Features

* PF Statistics; active connections, current ruleset.
* TCP, UDP, ICMP based PF log analysis.
* Local System Status; process, uptime, vm stats.
* Web based PF rule generator.
* Reference Library; Many important RFC's, MAC ID query, port query, ip & domain whois.
* System Log View.

+ Changelog v1.0 to v1.0.1

- Misspelled words fixed 'Rule Generator' and 'README'.
- Local status page outputs now more formatted.
- Useless full paths removed from build scripts.
- Fixed 'Local Status' Cross site scripting bug.
- Files permissions now more restrictive.
- Build scripts completely revised.
- Fixed 'Rule Generator' port ranges bug.
- Fixed 'Rule Generator' blocking bugs.
- Fixed 'Rule Generator' redirect bugs.
- Fixed 'Rule Generator' keep/modulate state bugs.
- Fixed many 'Rule Generator' javascript bugs.
- Logs are arranged in order newer through old in TCP, UDP, ICMP and Other logs.

+ Contact

Please send any suggestions, comments, flames to metacortex(at)securityoffice.net

+ Download

http://www.securityoffice.net/products/metacortex/
Comments
1. By morpheus () on 2003-12-30 07:11
  
  Seems the web site is down/blank for the past day or so. Any ideas where I might find out more info about this?
By Chris Owen () chris.owen@consault.com on 2003-12-19 06:27 http://www.consault.com

Firstly, thanks for writing this software and offering to share it with us all.

I have some suggestions that would make the product more useful to me and possibly others.

1) More statistics to help isolate where rules need to be tweaked would be of more help.
a) percentages of tcp, udp and icmp packages dropped compared to the whole.
b) percentages of icmp types compared to all icmp
c) percentages of tcp type dropped (RST, SYN, ACK, etc.) compared to all tcp
d) percentages of fragments compared to all or number of fragments dropped
e) tcp packets dropped broken down by port
f) udp packets dropped broken down by port
2) on each of these statistics pages, the ability to click on a link so that those packets which triggered the statistics.
3) breakdown by source or destination ports
4) statistics for what times the most packets are being dropped (mrtg)
5) statistics for when traffic is occuring (mrtg)

An emphasis on tweaking the current ruleset would be most useful.

I can help you with some of this if you'd like. Send me an email if you're interested.

Cheers

Latest Articles

Thu, Apr 18
- 05:05 Coming soon to a -current system near you: parallel raw IP input (0)
Wed, Apr 17
- 05:33 In -current, default write format for tar(1) changed to "pax" (10)
Wed, Apr 10
- 18:50 OpenSMTPD 7.5.0p0 Released (2)
Tue, Apr 09
- 04:49 20 years since "and we're just starting": undeadly.org turns 20 (2024-04-09) (13)
Fri, Apr 05
- 06:16 OpenBSD 7.5 released (3)
Thu, Mar 28
- 18:18 LibreSSL 3.8.4 and 3.9.1 released (0)
Tue, Mar 12
- 06:53 OpenSSH 9.7/9.7p1 released! (0)
Mon, Mar 11
- 11:28 Game of Trees 0.97 released (0)
Sun, Mar 10
- 09:06 LibreSSL versions 3.8.3 and 3.9.0 released (0)

Credits

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]