Powered by Blogger.

APF firewall. Daily automated email showing firewall status


This is how to get your server to send you a daily email showing the status of your APF firewall. In other words, letting you know if it's running or not!

This is done by setting up a cron job.

A cron job is simply an automated task carried out by the server at regular specified intervals, usually hourly, daily, weekly etc.

We are going to get the server to check your APF firewall log on a daily basis, and output the result to an email address of your choosing. To do this, we are going to create a new file containing the instructions in the relevant cron directory.

Lets do it:

This assumes you are using SSH and are logged on as root.

1. Change to the cron.daily directory. Type:

cd /etc/cron.daily

2. Create a new file. Type:

pico apfstatus.sh

3. You are now in the pico text editor. Type:

#!/bin/bash
tail -100 /var/log/apf_log | mail -s "APF Firewall Status" you@yourdomain.com


In this case, this should be two lines only. Pico adds a carriage return to the end of the last line, so you do not need to do this.

4. Exit as follows:

Press "Ctrl" and "x"

5. You will be prompted to save the file thus:

"Save modified buffer..." Type:

y

For yes.

6. It will then say:

"File Name to Write: apfstatus.sh":

Hit enter to save

You have now created and saved your new file (apfstatus.sh) in the /etc/cron.daily directory.

7. Next you will need to change the permissions of your file so that it can run. Type:

chmod 755 apfstatus.sh

Finished!!

You will now get a daily email showing the status of your firewall.

Lets test it (this assumes you are still in the /etc/cron.daily directory). Type:

./apfstatus.sh

You will not see anything happening on the screen as the output is being sent to email.

Check your mail!

Notes:

1. If you want to make it run hourly, put (or create) the file (apfstatus.sh) in the /etc/cron.hourly directory. This will send you an email every hour.

2. You don't have to name the file "apfstatus.sh", you can call it anything_you_like.sh

3. "tail -100" asks the server to output the last 100 lines of the APF log file (apf_log). You can change this to any number. If you make it much bigger, you will get a large email!

The most important line in the log is the last one, this shows the current status of your firewall, so you don't really need hundreds of lines unless you just like to see it's doing its stuff!

If your firewall is up and running, the last line should read (not literally):

(date) (server name) apf(number): firewall initalized

4. "APF Firewall Status" is the subject of the email that is sent. You can change this to anything you like, between the quotes.

5. Replace you@yourdomain.com with your own email address!!

When I first tried this on a new server, my mail provider rejected the email because the server name (hostname) myserver.mydomain.com was "unroutable". This was because my server name was not in the DNS. You must add it to whatever DNS you are using, pointing it to the IP address of your server, so that you can be sure of getting the mails from your server.

6. You can experiment with different cron jobs, making a new file for each job for simplicity's sake.

The important thing is to include the "shebang" line first:

#!/bin/bash

What follows this is just regular Linux commands. Put each command on a new line.

So you can get the file to do practically anything you can do at the command prompt, then email it to you if desired.

Think of it as the file entering the Linux commands for you!

This is the command that outputs to email:

mail -s "APF Firewall Status" you@yourdomain.com

Make sure that you have " | " (space pipe space) after your Linux command like:

ls -l /var/log | mail -s "Email Subject" you@yourdomain.com

To make a pipe symbol press shift backslash.

Enjoy.

    Blogger Comment
    Facebook Comment