I am a big fan of Prelude IDS to correlate reports from my honeypot/nepenthes/snort setup at my house. One of the things that was quite repetitive was finding the locations of IPs. So, I sat down and coded up a patch that grafted GeoIP onto Prelude’s Prewikka web interface. After a bit of effort figuring out Python and the template engine, I ended up with this:
Of course, my patch doesn’t blur out the names like the screenshot, but it does add the spiffy little flags to show you what countries are attacking you.
You will need:
- A working GeoIP installation
- The GeoIP Python module
- A set of flag icons in PNG format. I recommend FamFamFam’s icons
- My patch
- Prewikka 0.9.14 source tree.
The GeoIP libraries are available from the link above. Installing them is pretty straightforward. Once that is done, untar the Prewikka tarball and apply the patch for Prewikka in the source directory. Then install as normal.
Unzip the flags archive somewhere on your system. Move the contents “png” directory to your web root under the folder “/images/flags”. You may need to make an adjustment to your Apache installation if Prewikka is running in the root web directory like I had to. I made an alias in my Apache configuration pointing /images/ back over to /var/www/images.
Alias /images/ /var/www/images/
With any luck, it should work. As always, your mileage may vary.
Share and enjoy!
Twitter
LinkedIn
Facebook
Flickr
FriendFeed
I modified your patch from:
<img src=”/images/flags/$(address_code).png”
To:
<img src=”prewikka/images/flags/$(address_code).png”
Just create the flags directory under /usr/share/prewikka/htdocs/images/flags and you don’t need to alias the images directory in apache.
Posted by Miguel on January 27th, 2009.