#####################################################
# This Readme figures out how you can simply extend
# your block script for ipchains or checkpoint to
# use guardian on a separate host.
#####################################################

- Install openssh on local server
  (the one with snort/guardian running on it)
- Install openssh on firewall
- On local server as user root enter:
# ssh-keygen
- accept default values but leave passphrase empty !!
# cd .ssh 
# mv identity.pub 'root@hostname'.pub
- transfer 'root@hostname'.pub to firewall ~.ssh
- On the firewall as user root enter
# cd .ssh
# cat 'root@hostname'.pub >> authorized_keys

- when completed you should be able to logon from local server
  to the firewall without entering a password (passphrase).
- Now you need to edit your block/unblock scripts to look
  something like this:
------- script for generating and transfering pub-key ----
#!/bin/sh
firewall_ip="192.168.1.1"
# Generate ssh keys
ssh-keygen
# copy public keys to the firewall
scp ~/.ssh/identity.pub root@$firewall_ip:/tmp
# move the public key to the ~/.ssh/authorized_keys file
ssh root@$firewall_ip "cat /tmp/identity.pub >> ~/.ssh/authorized_keys"
# remove the public key from /tmp
ssh root@$firewall_ip "rm /tmp/identity.pub "
------- end script for generating and transfering pub-key ----
------ sample block script for ipchains --------
#!/bin/sh

# this is a sample block script for guardian. This should work with ipchains.
# This command gets called by guardian as such:
#  guardian_block.sh <source_ip> <interface>
# and the script will issue a command to block all traffic from that source ip
# address. The logic of weither or not it is safe to block that address is
# done inside guardian itself.
source=$1
interface=$2
firewall_ip="192.168.1.1" #this should be the adress of you firewall

ssh root@$firewall_ip "/sbin/ipchains -I input -s $source -i $interface -j DENY"
------ end sample block script for ipchains --------