m completely new in this community, and I will like to ask for some help. Im trying some sort a automatic response system to integrate into my firewall settings.
In other words, I try to build a script, or a set of them, witch will be trigger by firewall when ceretin rules are broken.
For an exemple if a rule was trigger, or broken, then the system to run a script that enable VPN+SNORT or just to change the internal iptable with a backup configuration.. Just as an example.
Any guide line on how can i do that?
Can I trigger ceretin reaction from the system via scripting? If yes, how?
you might look into "port knocking", and e.g. the package "fwknop"
That might be something you are looking for.
Yep, that help me a bit.
So, it will be much easy to make the firewall to make a log comment when a rule is broken. Create a script that monitors (tail -f) that logfile and executes whatever I want. So, I can start or stop certain processes with that script.
Now, any idea how i write that script? Is a different operating system.
What OS are you talking about?