Provvedimento del garante e log dei Firewall Checkpoint
Come sapete il provvedimento del garante richiede di monitorare gli accessi ai sistemi informatici, tra questi uno dei piu’ critici e’ sicuramente il vostro firewall, come fare a monitorare gli accessi in presenza di un firewall Checkpoint ? Vediamolo insieme:
In questo caso abbiamo un cluster di firewall Checkpoint basati su Sistema operativo IPSO che e’ un derivato da FreeBSD. Essendo un OS Unix like, abbiamo il processo syslogd che opportunamente configurato puo’ redirigere i messaggi di autenticazione verso NetEye.
Prima cosa da fare e’ modificare /etc/syslog.conf , che di norma si presenta in questo modo
#This file was AUTOMATICALLY GENERATED
#Generated by /bin/syslog_xlate on Mon Jan 12 19:11:49 2004
#
#DO NOT EDIT – EDITED TO SEND MESSAGES BASED ON FACILITY
#
*.err;auth.debugadmin
*.notice;cron.*;auth.info;kern.debug/var/log/messages
*.emerg*
*.err;auth.notice;kern.debug/dev/console
aggiungiamo in fondo la riga
auth.* @10.10.1.120
dove 10.10.1.120 e’ l’ indirizzo del NetEye, ricordatevi che tra auth.* e @10.10.1.120 devono essere separati da almeno un TAB.
A questo punto e’ sufficiente riavviare il syslogd e tutto dovrebbe funzionare.
Per essere sicuri che la modifica sia valida anche al prossimo riavvio del Firewall ( IPSO tende a sovrascrivere i file modificati manualmente), e’ necessario salvarsi il file modificato e ricopiarlo ad ogni avvio del firewall.
Un sistema puo’ essere il seguente; copiate il file originale in un posto sicuro
cp /etc/syslog.conf /var/admin/syslog.bak
modificate il file /var/etc/rc.local (che viene eseguito durante la procedura di reboot) ed inserite le seguenti righe:
questa procedura si occupa di ricopiare il file che avete salvato nella sua posizione originale e riavviare il demone del syslog.
Se avete fatto tutto correttamente il firewall inviera’ le informazioni relative agli accessi al NetEye; ricordatevi che se avete un cluster dovete ripetere l’ operazione su ogni nodo.
Andrea di Lernia
Profit Center Manager at Würth Phoenix
Hi everybody, I’m Andrea and my contribution to this blog is to give hints of the monitoring issue from an IT manager point of view. I was born in Bolzano in 1965 and my professional path started 25 years ago operating on the technical field as programmer, system/database administrator, network engineer, consultancy and so on. I’ve been living in Milan for 10 years working for multinational IT companies and I decided to return to Bolzano after my marriage and the birth of my daughter.
I love sailing and diving in the summer, skiing in the winter and travelling off-road with my Landcruiser anytime
Author
Andrea di Lernia
Hi everybody, I’m Andrea and my contribution to this blog is to give hints of the monitoring issue from an IT manager point of view. I was born in Bolzano in 1965 and my professional path started 25 years ago operating on the technical field as programmer, system/database administrator, network engineer, consultancy and so on. I’ve been living in Milan for 10 years working for multinational IT companies and I decided to return to Bolzano after my marriage and the birth of my daughter.
I love sailing and diving in the summer, skiing in the winter and travelling off-road with my Landcruiser anytime
Office 365 is a suite of online subscription services offered by Microsoft as part of the Microsoft 365 ecosystem. It includes capabilities for document creation and management, email, video conferencing, collaboration, and many other productivity services. The upcoming NetEye Extension Read More
The code is the structure, the LLM is the glue at the joints. There's a widespread misconception about automations “powered by artificial intelligence”: People picture a model you give an order to, which then carries out a complex operation from Read More
Practical lessons learned from real-world alert routing, automation, and integrations Introduction As mentioned at the end of Part 1, let's continue exploring practical use cases and real‑world solutions for Jira Operations alert handling and enrichment. NetEye, Icinga, and Jira Ops Read More
During our consulting activities we frequently find ourselves having to collect data from SNMP devices that do not support SNMPv3 for data encryption. This type of traffic is readable on the network and can create security problems and noncompliance with Read More
With Elastic Observability we can create alerts on all data we collect, such as logs, metrics, application services and synthetic monitoring. However, NetEye represents the main operational console from which to monitor the entire infrastructure. By sending alarms from Elastic Read More