squidefender 1.3 review

Download
by rbytes.net on

Squidefender is a perl script which parses a squid log file in native format for attacks

License: GPL (GNU General Public License)
File size: 24K
Developer: Jeroen van Nieuwenhuizen
0 stars award from rbytes.net

Squidefender is a perl script which parses a squid log file in native format for attacks. If it finds an attack is sends a complaint email to the ISP of the attacker. It also has the option to execute an external command to take other actions.

This can for example be used to automatically adapt your firewall when an attack has occured. The complaint function of squidefender is largely based on the code of Wormwarner. The power of squidefender lays in it configuration options which let you easily add new attacks to scan for. Another interesting option of squidefender is that it gives you the ability to use different message templates based on the attack found.

Squidefender needs its own directory because of its extensive configuration options. It allows you to keep the message templates at one place. Another important reason is that it makes it much easier to install upgrades to squidefender. If for example the whois lookup function is improved you can easily put the new whois2address.pm module in this directory.

To install follow the steps:

Download the squidefender.tar.gz archive here.
Make sure the Mail::Sender and Net::DNS modules are installed from CPAN. If not sure Try perl -MCPAN -e 'install Net::DNS'
Decide where you want to have the squidefender directory.
Change to that directory and extract squidefender.tar.gz. This will create the initial setup in a squidefender directory.
Edit the squidefender.conf file to suit your needs. See the manual. If you want a basic squidefender.conf file and you have m4 installed you can first type make squidefender.conf After that do NOT forget to check the configuration file.
Run make timestamp to create a reasonable timestamp file to start from.
Now you can add squidefender.pl to your crontab file and you are done (Do NOT forget the path).

What's New in This Release:
Added a lockfile to avoid 2 running versions at once.
Added expire code to make it possible to auto unblock hosts after a specified time.
the default is 365 days.
BugFix: Newer versions of Mail::Sender were not handled correctly.
A rate control system is introduced which limits the amount of complaints send to an ISP about the same IP address.

squidefender 1.3 keywords