Specifications
3
Firewall Administration System (FAS)
Documenting Configuration, Tests, and Re-
sults
It is very important to document the configuration, the tests conducted, and
their results. Keep a record of what is allowed or denied by the configura-
tion and how this is guaranteed. Using such documentation helps find and
remedy possible configuration errors. The documentation is also required for
auditing the firewall.
Monitoring the Firewall
A firewall without continual monitoring is only effective to a limited extent.
A number of tools are available on the Adminhost for monitoring the fire-
wall. The most important source for information is the log files, which, de-
pending on the configuration, are written by the firewall to the hard disk or
to the log host.
The following programs are available as tools for analyzing the log files:
FAS Log Analysis module
xlogmaster
logsurfer
You can use the following network or packet sniffers to monitor your fire-
wall:
ntop
tcpdump
ethereal
With the following port scanners, it is possible to check the firewall for open
ports and to check the packet filter configuration:
nmap
nessus
In addition to this, you can also use your own shell or perl scripts.
111SuSE Linux – Firewall on CD2