Mercurial > hg > maltfilter
comparison README @ 0:fec14263801d
Initial import of maltfilter development version.
author | Matti Hamalainen <ccr@tnsp.org> |
---|---|
date | Thu, 13 Aug 2009 15:15:18 +0300 |
parents | |
children | 56612ebc16ac |
comparison
equal
deleted
inserted
replaced
-1:000000000000 | 0:fec14263801d |
---|---|
1 Malicious Attack Livid Termination Filter daemon (maltfilter) v0.7 | |
2 ================================================================== | |
3 Programmed by Matti 'ccr' Hämäläinen <ccr@tnsp.org> | |
4 (C) Copyright 2009 Tecnic Software productions (TNSP) | |
5 | |
6 Distributed under the modified ("3-clause") BSD license. Please see | |
7 included file COPYING for more information. | |
8 | |
9 About | |
10 ===== | |
11 Automagic management script for adding and removing Netfilter/iptables | |
12 filtering rules based on continuous logfile parsing for certain break-in | |
13 and exploitation scanning attempts. | |
14 | |
15 Maltfilter daemon script continuously scans various system logfiles | |
16 including auth.log, httpd logs, etc. for signs of malicious connections | |
17 break-in and exploitation attempts. The originating IP addresses of | |
18 these connections are then blocked via Netfilter (iptables). | |
19 | |
20 Requirements: | |
21 | |
22 - Perl 5.8 or later | |
23 - Date::Parse (libtimedate-perl) | |
24 - Net::IP (libnet-ip-perl) | |
25 | |
26 | |
27 Installation | |
28 ============ | |
29 Copy maltfilter script to /usr/sbin and set permissions | |
30 | |
31 $ cp maltfilter /usr/sbin/maltfilter | |
32 $ chmod 755 /usr/sbin/maltfilter | |
33 $ chown root:root /usr/sbin/maltfilter | |
34 | |
35 Copy example configuration under /etc (you may not want to | |
36 to have the configuration readable to regular users, so below | |
37 example sets mode 600 to it.) | |
38 | |
39 $ cp example.conf /etc/maltfilter.conf | |
40 $ chmod 600 /etc/maltfilter.conf | |
41 $ chown root:root /etc/maltfilter.conf | |
42 | |
43 | |
44 Optional | |
45 ======== | |
46 Additionally you can set up the provided Debian style init script: | |
47 | |
48 $ cp example.init /etc/init.d/maltfilter | |
49 $ chmod 755 /etc/init.d/maltfilter | |
50 $ chown root:root /etc/init.d/maltfilter | |
51 | |
52 You need to edit the script, if you didn't install the configuration | |
53 and maltfilter to paths described in installation section. | |
54 | |
55 | |
56 Configuration and usage | |
57 ======================= | |
58 See example.conf or /etc/maltfilter.conf for general settings. | |
59 I HIGHLY recommend that you carefully think which | |
60 | |
61 The script itself contains additional information about what | |
62 certain scan options actually do. | |
63 | |
64 Start maltfilter either via the init script or through commandline: | |
65 | |
66 $ maltfilter /var/run/maltfilter.pid /etc/maltfilter.conf | |
67 | |
68 If you want to use the init script, you need to edit your init runlevel | |
69 settings to enable it, for example in Debian/Ubuntu you can use rcconf(8) | |
70 or chkconfig(8). |