Mercurial > hg > maltfilter
view README @ 3:368182409eac
More variable cleanups.
author | Matti Hamalainen <ccr@tnsp.org> |
---|---|
date | Thu, 13 Aug 2009 17:44:25 +0300 |
parents | fec14263801d |
children | 56612ebc16ac |
line wrap: on
line source
Malicious Attack Livid Termination Filter daemon (maltfilter) v0.7 ================================================================== Programmed by Matti 'ccr' Hämäläinen <ccr@tnsp.org> (C) Copyright 2009 Tecnic Software productions (TNSP) Distributed under the modified ("3-clause") BSD license. Please see included file COPYING for more information. About ===== Automagic management script for adding and removing Netfilter/iptables filtering rules based on continuous logfile parsing for certain break-in and exploitation scanning attempts. Maltfilter daemon script continuously scans various system logfiles including auth.log, httpd logs, etc. for signs of malicious connections break-in and exploitation attempts. The originating IP addresses of these connections are then blocked via Netfilter (iptables). Requirements: - Perl 5.8 or later - Date::Parse (libtimedate-perl) - Net::IP (libnet-ip-perl) Installation ============ Copy maltfilter script to /usr/sbin and set permissions $ cp maltfilter /usr/sbin/maltfilter $ chmod 755 /usr/sbin/maltfilter $ chown root:root /usr/sbin/maltfilter Copy example configuration under /etc (you may not want to to have the configuration readable to regular users, so below example sets mode 600 to it.) $ cp example.conf /etc/maltfilter.conf $ chmod 600 /etc/maltfilter.conf $ chown root:root /etc/maltfilter.conf Optional ======== Additionally you can set up the provided Debian style init script: $ cp example.init /etc/init.d/maltfilter $ chmod 755 /etc/init.d/maltfilter $ chown root:root /etc/init.d/maltfilter You need to edit the script, if you didn't install the configuration and maltfilter to paths described in installation section. Configuration and usage ======================= See example.conf or /etc/maltfilter.conf for general settings. I HIGHLY recommend that you carefully think which The script itself contains additional information about what certain scan options actually do. Start maltfilter either via the init script or through commandline: $ maltfilter /var/run/maltfilter.pid /etc/maltfilter.conf If you want to use the init script, you need to edit your init runlevel settings to enable it, for example in Debian/Ubuntu you can use rcconf(8) or chkconfig(8).