Mercurial > hg > maltfilter
diff README @ 66:42889eed0ce8
Lots of cleanups, etc. Documentation updates.
author | Matti Hamalainen <ccr@tnsp.org> |
---|---|
date | Tue, 18 Aug 2009 03:21:30 +0300 |
parents | d2e2b82dd2f2 |
children | b090ddfccdab |
line wrap: on
line diff
--- a/README Tue Aug 18 00:43:10 2009 +0300 +++ b/README Tue Aug 18 03:21:30 2009 +0300 @@ -1,4 +1,4 @@ -Malicious Attack Livid Termination Filter daemon (maltfilter) v0.15.0 +Malicious Attack Livid Termination Filter daemon (maltfilter) v0.16.0 ===================================================================== Programmed by Matti 'ccr' Hämäläinen <ccr@tnsp.org> (C) Copyright 2009 Tecnic Software productions (TNSP) @@ -11,11 +11,14 @@ Maltfilter daemon script continuously scans various system logfiles including auth.log, httpd logs, etc. for signs of malicious connections, break-in and exploitation attempts. The originating IP addresses of -these connections are then blocked via Netfilter (iptables). +these connections can be then acted upon in following ways, each +being optional: + + * Insertion (and eventual deletion or "weeding") of Netfilter rules. + * Submitting entry to DroneBL DNSBL service. Additionally Maltfilter can generate status reports (either continuously in daemon mode, or as once-run report), in plaintext and HTML formats -and submit data to DroneBL DNSBL service. Since v0.14, there is also option for gathering "evidence" about certain PHP XSS exploit attempts into specified directory. These evidence files @@ -65,8 +68,8 @@ Configuration and usage ======================= -See example.conf for documentation about settings. -Start maltfilter either via the init script or through commandline: +See example.conf for documentation about settings. Start maltfilter +either via the init script or through commandline: $ maltfilter /var/run/maltfilter.pid /etc/maltfilter.conf