CrowdSec: buɗaɗɗen tushen aikin haɗin cybersecurity don Linux

Darkcrizt

4 minti

Rariya sabon aiki ne na tsaro tsara don kare sabobin, sabis, kwantena ko injunan kamala fallasa su a Intanet tare da wakilin uwar garke. An yi wahayi zuwa gare ta Fail2Ban kuma an tsara shi ne don kasancewa mai haɗin gwiwa da ingantaccen sigar wancan tsarin rigakafin kutse.

Ta wata hanyar, shi zuriyar Fail2Ban ne, aikin da aka haifa shekaru goma sha shida da suka gabata. Duk da haka, yana ba da tsarin haɗin gwiwar zamani da kuma tushen fasaha don amsawa ga abubuwan da muke ciki na zamani.

ShiriyaSec, an rubuta shi a cikin Golang, injin injin aiki ne na tsaro, wanda ya dogara da duka halaye da ƙimar adiresoshin IP.

Kayan aikin yana gano halayya a cikin gida, yana sarrafa barazanar, sannan kuma yana aiki tare a duk duniya tare da cibiyar sadarwar masu amfani ta raba adiresoshin IP da aka gano.

Wannan yana bawa kowa damar toshe su ta hanyar kariya. Burin shine a gina babbar matattarar bayanan IP kuma a tabbatar da amfani da ita kyauta ga waɗanda suka halarci wadatar da shi.

Ta yaya CrowdSec ke aiki?

Crowdsec tsari ne mai daidaito da tsari, yana hada da sanannun sanannun al'amuran yau da kullun, masu amfani zasu iya zaɓar waɗanne al'amuran da suke son kare kansu daga gare su, tare da sauƙaƙe sabbin al'adu don dacewa da yanayin su.

Manufar ita ce aiwatar da software a cikin yawancin yanayi kamar yadda zai yiwu.  Yadda ake aiwatar dashi cikin sauri, dacewarsa da kwantena, saukinsa na amfani dashi a cikin yanayin girgije gami da ikon iya gudana a UNIX, macOS ko Windows ecosystems: duk wannan yana bamu damar magance kasuwar gaba daya.

Injinin bincike na halaye

Ita ce farkon kariya. Yi amfani da yanayin YAML da aka bayyana don daidaita abubuwan da suka faru Suna shiga wata maɓuɓɓuga mai malala kuma suna zana sigina idan tafkin ya cika. Hakanan zaku iya amfani da amsar da kuka zaɓa tare da bouncers.

Injin mutunci

Injin suna sananniyar ƙa'ida ce, amma da wuya a daidaita shi. Asali kowane ɗayan shigarwar CrowdSec zai iya amfanuwa daga jerin sunayen IP ɗin shirya, rarraba ta cibiyarmu ta API. Idan kuna amfani da LAMP, baku buƙatar adiresoshin IP waɗanda ke kai hari kan wasu kayan fasaha kamar Windows, misali.

Duk bayanan CrowdSec ne suke ciyar da wannan rumbun adana bayanan, wanda alamunmu suke tace kuma suke aiki ta hanyar API. Positivearya mara kyau da yunƙurin sata ta hanyar masu fashin baki matsala ce ta gaske, saboda haka buƙatar aiwatar da alamun da ke fitowa daga kayan aikin CrowdSec.

Muna tunanin muna da kyakkyawan girke-girke don yin wannan, wanda muke kira yarjejeniya. Wannan ya haɗa da fasahohi daban-daban, kamar bincika sigina daga wasu membobin da muka amince da su, cibiyar sadarwarmu ta lures (ɗakunan zuma), Lissafin Canary (jerin fararen adiresoshin IP), da dai sauransu.

Manufarmu ita ce rarraba jerin amintattu 100% kawai. Hakanan, gano wanene mai haɗari da lokacin da ya dogara sosai da takamaiman mahallin da lokaci. Misali, adireshin IP ɗin da aka ɗauka yana da tsabta a jiya ana iya yin sulhu a yau kuma masu gudanarwa na iya tsabtace shi washegari. Adireshin IP ɗin da SSH ke nema ba shi da haɗari ga TSE, da dai sauransu.

Nuna

Manhajar ya haɗa da mara nauyi, tsarin nunin gida bisa Metabase. CrowdSec ma sanye take da Prometheus, don samar da faɗakarwa da damar lura.

Injin mai suna a halin yanzu yana da adiresoshin IP sama da 103.000 "yarjejeniya" (wanda ya wuce gubar da kuma kyakkyawan gwajin ƙarya).

Zuwa yau, membobin al'umma sun fito daga ƙasashe fiye da hamsin sun bazu a nahiyoyi shida.

Yayinda software a halin yanzu tayi kama da tsayayyen Fail2Ban, makasudin shine amfani da ƙarfin taron don ƙirƙirar ingantaccen bayanan martabar IP. Lokacin da CrowdSec yayi alfahari da takamaiman IP, abin da ya haifar da timestamp ana aika shi zuwa API ɗinmu don tabbatarwa da haɗa shi cikin yarjejeniya ta duniya don mummunan IPs.

CrowdSec kyauta ne kuma buɗaɗɗen tushe (ƙarƙashin lasisin MIT), tare da lambar tushe da ke kan GitHub. A halin yanzu akwai shi don Linux, tare da tashar jiragen ruwa zuwa macOS da Windows akan taswirar hanya

Source: https://doc.crowdsec.net/


Bar tsokaci

Your email address ba za a buga. Bukata filayen suna alama da *

*

*

  1. Wanda ke da alhakin bayanan: Miguel Ángel Gatón
  2. Manufar bayanan: Sarrafa SPAM, sarrafa sharhi.
  3. Halacci: Yarda da yarda
  4. Sadarwar bayanan: Ba za a sanar da wasu bayanan ga wasu kamfanoni ba sai ta hanyar wajibcin doka.
  5. Ajiye bayanai: Bayanin yanar gizo wanda Occentus Networks (EU) suka dauki nauyi
  6. Hakkoki: A kowane lokaci zaka iyakance, dawo da share bayanan ka.

  1.   Rariya m
    sa 3 shekaru

    Na gode sosai da wannan labarin! Mun kasance a hannunku idan kuna buƙatar taimako ta amfani da CrowdSec. Yi kyau rana.

    Cungiyar CrowdSec
    info@crowdsec.net
    https://github.com/crowdsecurity/crowdsec

    Amsa wa CrowdSec