Skip to content
Snippets Groups Projects
Commit cc407f7d authored by Michal Kostenec's avatar Michal Kostenec
Browse files

Obnova interaktivni verze IPset 

Uprava README
parent 628829a2
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
src/contrib/warden-app/Modules/IPset.pm
+ 4
4
View file @ cc407f7d
...@@ -9,7 +9,7 @@ my %CONSTANTS = ( ...@@ -9,7 +9,7 @@ my %CONSTANTS = (
threshold => 250, threshold => 250,
excludedip => [], excludedip => [],
eventtype => [], eventtype => [],
setname => "BLOCK", setname => "BLOCK",
maxage => "1D", maxage => "1D",
); );
...@@ -30,9 +30,9 @@ sub run { ...@@ -30,9 +30,9 @@ sub run {
my @rows = Utils::fetchall_array_hashref($dbh, $query); my @rows = Utils::fetchall_array_hashref($dbh, $query);
sub header { my $v = shift; return "/usr/sbin/ipset --create $v->{'setname'}_tmp iphash\n"; }; sub header { my $v = shift; return "create $v->{'setname'}_tmp hash:ip\n"; };
sub record { my ($r, $v) = @_; return "/usr/sbin/ipset --add $v->{'setname'}_tmp $r->{'source'}\n" if ($r->{'source'}=~ /\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/); }; sub record { my ($r, $v) = @_; return "add $v->{'setname'}_tmp $r->{'source'}\n" if ($r->{'source'}=~/\d+\.\d+\.\d+\.\d+/); };
sub footer { my ($v) = @_; return "/usr/sbin/ipset --swap $v->{'setname'}_tmp $v->{'setname'}\n/usr/sbin/ipset --destroy $v->{'setname'}_tmp\n"; }; sub footer { my ($v) = @_; return "swap $v->{'setname'}_tmp $v->{'setname'}\ndestroy $v->{'setname'}_tmp\nquit\n"; };
my $ret = Utils::generateOutput($v->{'outputfile'}, \@rows, \&header, \&record, \&footer, $v); my $ret = Utils::generateOutput($v->{'outputfile'}, \@rows, \&header, \&record, \&footer, $v);
return $ret; return $ret;
......
src/contrib/warden-app/doc/WApp.README
+ 7
2
View file @ cc407f7d
...@@ -195,12 +195,17 @@ H. The requirements of modules ...@@ -195,12 +195,17 @@ H. The requirements of modules
2. IPset 2. IPset
Initialize the new set and create a blocking rule in iptables. Initialize the new set and create a blocking rule in iptables.
If the 'setname="BLOCK"' option is used and and you are interested in SSH attackers (tcp/22) If the 'setname="BLOCK"' and 'outputfile="rules.txt"' options are used and and you are
it's necessary use these commands: interested in SSH attackers (tcp/22) it's necessary use these commands:
ipset --create BLOCK iphash ipset --create BLOCK iphash
iptables -I INPUT 1 --protocol tcp --dport 22 -m set --match-set BLOCK src --jump DROP iptables -I INPUT 1 --protocol tcp --dport 22 -m set --match-set BLOCK src --jump DROP
Change of the rules using script consume a lot of CPU resources, so it is necessary
to use a pipe:
ipset - < rules.txt
-------------------------------------------------------------------------------- --------------------------------------------------------------------------------
X. Tutorial: Running of the WApp along with the database backend X. Tutorial: Running of the WApp along with the database backend
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment