Fon Modules and Off Site Logs?

[Xakep]

Hello,

I recently finished watching the latest episode of Hak5. It was a pretty interesting episode. Now, I realized that Mubix mentioned that you could possibly save your logs from your Fon to an off site box. If I wanted to could I save my Fon modules and logs to an Apache box off site at my house? If so, how? Then another question came to mind. I also looked into the whole module thing with Jasager. This was a great idea to add modules. My thought was to take one of the scripts Jay Beale created for The Middler, to change the HTTPS login to HTTP when sent, to Jasager. Then save the logs of these passwords to my Apache box off site along with logs from other modules such as nmap and nessus scans. Then have the logs be named by the name of the persons PC [bob Smith.txt]. Also I looked at the module page on the jasager home page but I could not find what language the module had to be written in.

Cheers,

Xakep

[digininja]

The modules can be written in any language as long as they meet the spec given. I'd suggest either ruby or ash script as they are already available on the device but if you wanted to compile some C/C++ code for it or try to get another interpreter installed that would be ok. Just watch out for the amount of storage space.

The middler stuff wouldn't be too hard I don't think, you can use iptables rules to capture traffic and then pass it through a pre-routing script which checks for https and changes it to http. This is the stuff I'd like to do but just don't have the time.

As for logging, at the moment all the log stuff is written to a file in /tmp. A couple of options. You could either have a cron type job to regularly transfer that file across to your other storage or you could mount a network share as /tmp and then you'd have access to it remotely. I say mount it as /tmp because otherwise you'd have to go through and modify a lot of scripts that are looking at /tmp and this way is easier.

Let us know how you get on.