Mercurial > hg > maltfilter
comparison README @ 66:42889eed0ce8
Lots of cleanups, etc. Documentation updates.
author | Matti Hamalainen <ccr@tnsp.org> |
---|---|
date | Tue, 18 Aug 2009 03:21:30 +0300 |
parents | d2e2b82dd2f2 |
children | b090ddfccdab |
comparison
equal
deleted
inserted
replaced
65:d2e2b82dd2f2 | 66:42889eed0ce8 |
---|---|
1 Malicious Attack Livid Termination Filter daemon (maltfilter) v0.15.0 | 1 Malicious Attack Livid Termination Filter daemon (maltfilter) v0.16.0 |
2 ===================================================================== | 2 ===================================================================== |
3 Programmed by Matti 'ccr' Hämäläinen <ccr@tnsp.org> | 3 Programmed by Matti 'ccr' Hämäläinen <ccr@tnsp.org> |
4 (C) Copyright 2009 Tecnic Software productions (TNSP) | 4 (C) Copyright 2009 Tecnic Software productions (TNSP) |
5 | 5 |
6 Distributed under the modified ("3-clause") BSD license. Please see | 6 Distributed under the modified ("3-clause") BSD license. Please see |
9 About | 9 About |
10 ===== | 10 ===== |
11 Maltfilter daemon script continuously scans various system logfiles | 11 Maltfilter daemon script continuously scans various system logfiles |
12 including auth.log, httpd logs, etc. for signs of malicious connections, | 12 including auth.log, httpd logs, etc. for signs of malicious connections, |
13 break-in and exploitation attempts. The originating IP addresses of | 13 break-in and exploitation attempts. The originating IP addresses of |
14 these connections are then blocked via Netfilter (iptables). | 14 these connections can be then acted upon in following ways, each |
15 being optional: | |
16 | |
17 * Insertion (and eventual deletion or "weeding") of Netfilter rules. | |
18 * Submitting entry to DroneBL DNSBL service. | |
15 | 19 |
16 Additionally Maltfilter can generate status reports (either continuously | 20 Additionally Maltfilter can generate status reports (either continuously |
17 in daemon mode, or as once-run report), in plaintext and HTML formats | 21 in daemon mode, or as once-run report), in plaintext and HTML formats |
18 and submit data to DroneBL DNSBL service. | |
19 | 22 |
20 Since v0.14, there is also option for gathering "evidence" about certain | 23 Since v0.14, there is also option for gathering "evidence" about certain |
21 PHP XSS exploit attempts into specified directory. These evidence files | 24 PHP XSS exploit attempts into specified directory. These evidence files |
22 include the attempted exploit code (if found) and hosts which have tried | 25 include the attempted exploit code (if found) and hosts which have tried |
23 to make your server run it. | 26 to make your server run it. |
63 Also a simple example HTML CSS stylesheet is provided for your convenience. | 66 Also a simple example HTML CSS stylesheet is provided for your convenience. |
64 | 67 |
65 | 68 |
66 Configuration and usage | 69 Configuration and usage |
67 ======================= | 70 ======================= |
68 See example.conf for documentation about settings. | 71 See example.conf for documentation about settings. Start maltfilter |
69 Start maltfilter either via the init script or through commandline: | 72 either via the init script or through commandline: |
70 | 73 |
71 $ maltfilter /var/run/maltfilter.pid /etc/maltfilter.conf | 74 $ maltfilter /var/run/maltfilter.pid /etc/maltfilter.conf |
72 | 75 |
73 If you want to use the init script, you need to edit your init runlevel | 76 If you want to use the init script, you need to edit your init runlevel |
74 settings to enable it, for example in Debian/Ubuntu you can use rcconf(8) | 77 settings to enable it, for example in Debian/Ubuntu you can use rcconf(8) |