Re: iptables from cgi script

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 3 Jun 2003 07:28:15 -0000, 
"Allan Kissack" <lists@xxxxxxxxxxxxxxxxxxxxxxx> wrote in message 
<001a01c329a1$b28d8b40$2c00a8c0@xxxxxxxxx>:

> >----- Original Message -----
> >From: "George Vieira" <georgev@xxxxxxxxxxxxxxxxxxxxxx>
> >To: "Allan Kissack" <lists@xxxxxxxxxxxxxxxxxxxxxxx>;
> <netfilter@xxxxxxxxxxxxxxxxxxx>
> >Sent: Monday, June 02, 2003 10:33 PM
> >Subject: RE: iptables from cgi script
> >
> 
> > No your not missing anything.. But I like this idea for the fact
> > that
> someone who wants to maliciously attack your site and also open your
> firewall if the commands can be run by other than root..
> >
> > Your only (more secure) option is to authenticate the users and
> > allow them
> to write the rules required to a file or a database and get root to
> read these and apply them in a seperate process..
> >
> >
> > or just use webmin ;) www.webmin.com
> >
> > Thanks,
> > ____________________________________________
> > George Vieira
> 
> 
> Thanks George,
> I already use webmin for admin, and write the rules via a command
> line. What I am looking for is a cgi script that displays the results
> of/sbin/iptables -L -n -v and allows no other iptables commands.  This
> web server is protected from the outside by the iptables and is for
> convenient monitoring internally (ie dont need to go to a command
> line).  Do you knwo of a way I can allow this?  The script works
> except for the "can't initialize iptables table `filter': Permission
> denied (you must be root) Perhaps iptables or your kernel needs to be
> upgraded."  security issue

..set up a cron job to a script to echo header > $web-page,
then run your iptables command output >> $web-page, finally
echo footer >> $web-page.  Oh, you want it somewhere remotely?  
Wget it.

-- 
..med vennlig hilsen = with Kind Regards from Arnt... ;-)
...with a number of polar bear hunters in his ancestry...
  Scenarios always come in sets of three: 
  best case, worst case, and just in case.




[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux