From: Jamie C. <jca...@we...> - 2009-06-02 17:13:52
|
On 02/Jun/2009 00:34 hahmed <dim...@gm...> wrote .. > Hi, > I've been discovering lately the power of Webmin. It helped a lot > configuring my computer. So I decided to try to use webmin to > administrate all the other computers in the LAN but specially security > tools. > The objective is to centralize the administration of security tools > from one single interface. > Through this interface, I should be able to administrate any snort, > iptables, nessus (...) installed on a PC in the LAN, and centralize > their log to one single DataBase Server > and then be able to correlate their log to identify if there is a > potential attack, a rule is set on the firewall automatically. > (I know that I need to install webmin and the requested modules on the > PCs on the LAN in order to make RPC calls) > For example for administrating netfilter/iptables, first choose the > host recorder in the servers index, second display its iptables-save > file, then modify it's config and last apply the config to this host. > Practically the same thing for snort, nessus and any security tool. > About correlation, my collegue is developping a correlation engine > between snort log and nessus log. Now he is in the phase of making his > correlation engine working in real time. > > I'd like to ask u (Jamie Cameron) if u agree with this project idea. > If so, I'll upload to u my work and my collegue correlation engine by > the end of next week. > I already thought of a name for the project : Secmin (Security tools admin). > regards, > H.Ahmed Sounds like a good idea to me! I would be interested to see (and review) this if it gets implemented .. Some of this is supported in Webmin already, by the way .. for example, the Linux Firewall can push it's configuration out to multiple servers. - Jamie |