Strikeback with iplog and nmap
-
All those things should be done automatically.
During the install process pkg_add -r iplog is ran. The username is also changed to root (you can also do this via the GUI).
The only thing that I can think of is that when the pkg_add command is ran the command doesn't install iplog due to the freeBSD repo not being contacted or the connection being interrupted.I will be able to look into this more tomorrow.
-
All those things should be done automatically.
During the install process pkg_add -r iplog is ran. The username is also changed to root (you can also do this via the GUI).
The only thing that I can think of is that when the pkg_add command is ran the command doesn't install iplog due to the freeBSD repo not being contacted or the connection being interrupted.I will be able to look into this more tomorrow.
Also I had to manually add nmap .. it didn't pull it in for whatever reason
-
That means the FreeBSD repo is un-reliable. I'll look into other options.
-
I finished my testing. The package is working correctly.
First thing new users should do it go to the setting page and click save. This will overwrite the config file.
Next go back to the main strikeback page, Check enable, and click save. I tested on the latest version of RC3.I didn't run into any issue while testing.
-
not to hijack this thread, but I remember testing this package a couple of months ago and remember that iplog wouldn't auto-start on a reboot… Was this fix or is it still the case?
-
not to hijack this thread, but I remember testing this package a couple of months ago and remember that iplog wouldn't auto-start on a reboot… Was this fix or is it still the case?
You're not hijacking at all. You are right about the auto start. That item is now on my to-do list.
-
not to hijack this thread, but I remember testing this package a couple of months ago and remember that iplog wouldn't auto-start on a reboot… Was this fix or is it still the case?
You're not hijacking at all. You are right about the auto start. That item is now on my to-do list.
looking at my notes, i used this to auto start it i believe /usr/local/etc/rc.d/iplog.sh
its been awhile so I can't remember it worked correctly work not…#!/bin/sh # This file was automatically generated # by the pfSense service handler on other machine :). rc_start() { /usr/local/sbin/iplog -d -z } rc_stop() { /usr/bin/killall iplog } case $1 in start) rc_start ;; stop) rc_stop ;; restart) rc_stop rc_start ;; esac -
overwriting the current iplog file in /usr/local/etc/rc.d/iplog will break the script. I'm working on an update now to solve this issue.
-
I like this. Thanks for releasing!
Just a small bug report, there is a typo "Stikeback" under the Services tab.
-
Is this package available for amd64 ?
Where can I download/test this package ? -
Hi, i try this package and when i execute strikeback i get this message
Warning: Invalid argument supplied for foreach() in /usr/local/www/packages/strikeback/parse.php on line 252
Nmap scan results (condensed)in the system log i have this
php: /packages/strikeback/strikeback.php: The command 'mkdir /usr/local/www/packages/strikeback/reports' returned exit code '1', the output was 'mkdir: /usr/local/www/packages/strikeback/reports: File exists'
php: /packages/strikeback/strikeback.php: The command 'mkdir /var/run/iplog' returned exit code '1', the output was 'mkdir: /var/run/iplog: File exists'
can you help me?
thanks
Simone -
Hi, i try this package and when i execute strikeback i get this message
Warning: Invalid argument supplied for foreach() in /usr/local/www/packages/strikeback/parse.php on line 252
Nmap scan results (condensed)in the system log i have this
php: /packages/strikeback/strikeback.php: The command 'mkdir /usr/local/www/packages/strikeback/reports' returned exit code '1', the output was 'mkdir: /usr/local/www/packages/strikeback/reports: File exists'
php: /packages/strikeback/strikeback.php: The command 'mkdir /var/run/iplog' returned exit code '1', the output was 'mkdir: /var/run/iplog: File exists'
Confirmed - Pfsense i386, 2.0-RC3
-
just installed this on 2.0 final
not working, I think iplog is missing
Nov 1 13:58:08 php: /packages/strikeback/strikeback.php: The command '/usr/local/etc/rc.d/iplog start' returned exit code '127', the output was '/usr/local/etc/rc.d/iplog: not found'
Nov 1 13:58:08 php: /packages/strikeback/strikeback.php: The command 'rm /usr/local/etc/rc.d/iplog-e' returned exit code '1', the output was 'rm: /usr/local/etc/rc.d/iplog-e: No such file or directory'
Nov 1 13:58:08 php: /packages/strikeback/strikeback.php: The command '/usr/bin/sed -i -e 's/iplog_enable="NO"/iplog_enable="YES"/g' /usr/local/etc/rc.d/iplog' returned exit code '1', the output was 'sed: /usr/local/etc/rc.d/iplog: No such file or directory'also tryed pkg_add -r iplog
Error: Unable to get ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.1-release/Latest/iplog.tbz: File unavailable (e.g., file not found, no access)
< typo forum, it add http:// but for real it doesnt …
packages-8.1-release doesnt exist anymore
-
you can find 8-1 packages here
ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/i386/8.1-RELEASE/packages/All/
-
So if I spoofed my IP address during scanning to say be some military or government IP I can have you port scanning away in "response"? I am sure they would like that. Portscan detections are also notoriously unreliable as they are prone to false positive events.
I think detection is fine and then silently blocking if so desired but no revenge strikes. What would you do after port scanning someone? Go hunting for vulnerabilities to take your revenge on them? I think snort's sfportscan preprocessor may be better for detection. All it does it:
a) leaves you open to manipulation to portscan sensitive places in response
b) reveals yourself to the attacker (unlike a nice silent drop)
c) If it was a hacker (script kiddies get detected would perhaps be caught by this, pros no) and they saw you portscanning them they may be encouraged to seek revenge. -
I'm away on business right now. When I return I will take some time to update the package.
-
Hi There,
I have a kind of similar issue. I'm running the latest PFsense 2.0 official release on an ALIX board. I have succesfully intalled STRIKEBACK package. As recommended, I went to Strikeback SETTINGS tab and clicked on SAVE, resulting in an updated /usr/local/etc/iplog.conf file. Then I go to LOG VIEWER tab and enable StrikeBack then click on SAVE. The System Logs reveal the following:
Nov 15 10:35:13 php: /packages/strikeback/strikeback.php: The command '/usr/bin/sed -i -e 's/iplog_enable="NO"/iplog_enable="YES"/g' /usr/local/etc/rc.d/iplog' returned exit code '1', the output was 'sed: /usr/local/etc/rc.d/iplog: No such file or directory'
Nov 15 10:35:13 php: /packages/strikeback/strikeback.php: The command 'rm /usr/local/etc/rc.d/iplog-e' returned exit code '1', the output was 'rm: /usr/local/etc/rc.d/iplog-e: No such file or directory'
Nov 15 10:35:13 php: /packages/strikeback/strikeback.php: The command '/usr/local/etc/rc.d/iplog start' returned exit code '127', the output was '/usr/local/etc/rc.d/iplog: not found'I'm stuck in figuring out how to even figure out weither or not iplog is indeed installed ???
Any help greatly appreciated. Thanks in advance :)
-
Hi There,
I have a kind of similar issue. I'm running the latest PFsense 2.0 official release on an ALIX board. I have succesfully intalled STRIKEBACK package. As recommended, I went to Strikeback SETTINGS tab and clicked on SAVE, resulting in an updated /usr/local/etc/iplog.conf file. Then I go to LOG VIEWER tab and enable StrikeBack then click on SAVE. The System Logs reveal the following:
Nov 15 10:35:13 php: /packages/strikeback/strikeback.php: The command '/usr/bin/sed -i -e 's/iplog_enable="NO"/iplog_enable="YES"/g' /usr/local/etc/rc.d/iplog' returned exit code '1', the output was 'sed: /usr/local/etc/rc.d/iplog: No such file or directory'
Nov 15 10:35:13 php: /packages/strikeback/strikeback.php: The command 'rm /usr/local/etc/rc.d/iplog-e' returned exit code '1', the output was 'rm: /usr/local/etc/rc.d/iplog-e: No such file or directory'
Nov 15 10:35:13 php: /packages/strikeback/strikeback.php: The command '/usr/local/etc/rc.d/iplog start' returned exit code '127', the output was '/usr/local/etc/rc.d/iplog: not found'I'm stuck in figuring out how to even figure out weither or not iplog is indeed installed ???
Any help greatly appreciated. Thanks in advance :)
It appears if the iplog binary did not get installed. Run pkg_add -r iplog to install it.
-
Tom, many thanks for the very fast reply. Unfortunately, I did try this last trick already, as I had read through the forum. This results in the following error message:
Error: Unable to get ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.1-release/Latest/iplog.tbz: File unavailable (e.g., file not found, no access)
pkg_add: unable to fetch 'ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.1-release/Latest/iplog.tbz' by URL:-(
-
You have to change an environment variable to use pkg_add -r or you can add it directly via URL.
Try```
pkg_add -r ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8-stable/Latest/iplog.tbz
