Ba wannan bane karo na farko da muke magana akai iptables, Mun riga mun ambata a gaban yadda ake yin dokoki na Ana aiwatar da iptables kai tsaye lokacin da ka fara kwamfutar, mun kuma bayyana menene na asali / matsakaici akan kayan kwalliya, da sauran abubuwa da yawa 🙂
Matsala ko bacin rai da wadanda muke so game da kayan kwalliya suke samu koyaushe ita ce, ana iya yin rajistar bayanan (wato bayanan fakitin da aka ki) a cikin dmesg, kern.log ko fayilolin syslog na / var / log /, ko A takaice dai, waɗannan fayilolin ba kawai suna nuna bayanan abubuwan buɗe ido ba ne, amma da yawa wasu bayanai, yana mai da ɗan gajiyar ganin bayanan da suka shafi iptables kawai.
A ɗan lokacin da suka gabata mun nuna muku yadda sami rajistan ayyukan daga m zuwa wani fayil, duk da haka ... Dole ne in yarda cewa da kaina na ga wannan aikin yana da rikitarwa ^ - ^
Don haka, Yadda ake samun bayanan sirri zuwa wani fayil daban kuma kiyaye shi da sauƙi kamar yadda ya yiwu?
Mafitar ita ce: cika
cika kunshin da muka girka (en Debian ko abubuwan da suka samo asali - »sudo apt-get install ulogd) kuma zai yi mana amfani daidai wannan da na faɗa muku.
Don girka shi kun sani, nemi kunshin cika a cikin ma'ajin su kuma shigar da shi, to za'a ƙara musu daemon (/etc/init.d/ulogd) a tsarin farawa, idan kuna amfani da duk wani nau'in KISS distro kamar ArchLinux ya kamata ƙara cika zuwa ɓangaren daemons waɗanda suka fara tare da tsarin a /etc/rc.conf
Da zarar sun girka shi, dole ne su ƙara layi mai zuwa a cikin rubutun ƙa'idodin ƙa'idodin su:
sudo iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j ULOG
Sa'annan ku sake gudanar da rubutun ka'idojin rubutunku da kuma voila, komai zaiyi aiki 😉
Nemi rajistan ayyukan a cikin fayil ɗin: /var/log/ulog/syslogemu.log
A cikin wannan fayil ɗin da na ambata shine inda tsoho ulogd ya gano bayanan fakiti da aka ƙi, duk da haka idan kuna son shi ya kasance cikin wani fayil kuma ba a cikin wannan ba zaku iya canza layi # 53 a ciki /etc/ulogd.conf, kawai suna canza hanyar fayil ɗin da ke nuna layin sannan kuma sake farawa daemon:
sudo /etc/init.d/ulogd restart
Idan ka duba da kyau akan wannan fayil din zaka ga cewa akwai wasu zaɓuɓɓuka don ko da adana rajistan ayyukan a cikin MySQL, SQLite ko Postgre database, a zahiri misalin fayilolin daidaitawa suna cikin / usr / share / doc / ulogd /
Yayi, tuni muna da abubuwan buɗe ido a cikin wani fayil, yanzu yaya za a nuna su?
Don wannan mai sauki cat zai isa:
cat /var/log/ulog/syslogemu.log
Ka tuna, kawai fakiti da aka ƙi za a shiga, idan kana da sabar yanar gizo (tashar jiragen ruwa 80) kuma an saita iptables ta yadda kowa zai iya samun damar wannan sabis ɗin yanar gizon, rajistar da ke da alaƙa da wannan ba za a adana su ba. Koyaya, idan suna da sabis na SSH kuma ta hanyar abubuwan buɗe ido sun saita damar shiga tashar jiragen ruwa ta 22 don kawai ya ba da takamaiman IP, idan kowane IP banda wanda aka zaɓa yayi ƙoƙarin samun damar 22 to wannan zai sami ceto a cikin log.
Ina nuna muku a nan wani misali layi daga log na:
Mar 4 22:29:02 exia IN = wlan0 OUT = MAC = 00: 19: d2: 78: eb: 47: 00: 1d: 60: 7b: b7: f6: 08: 00 SRC = 10.10.0.1 DST = 10.10.0.51 .60 LEN = 00 TOS = 0 PREC = 00x64 TTL = 12881 ID = 37844 DF PROTO = TCP SPT = 22 DPT = 895081023 SEQ = 0 ACK = 14600 WINDOW = 0 SYN URGP = XNUMX
Kamar yadda kake gani, kwanan wata da lokacin ƙoƙari na samun dama, dubawa (wifi a cikin akwati na), adireshin MAC, tushen IP na samun dama da kuma makamar IP (mine), da sauran bayanai da yawa akwai yarjejeniya (TCP) da tashar jirgin ruwa (22). A taƙaice, a 10:29 a ranar 4 ga Maris, IP 10.10.0.1 yayi ƙoƙari don samun damar tashar jiragen ruwa 22 (SSH) na kwamfutar tafi-da-gidanka lokacin da (wato kwamfutar tafi-da-gidanka) ke da IP 10.10.0.51, duk wannan ta hanyar Wifi (wlan0)
Kamar yadda kake gani ... bayani mai amfani sosai 😉
Duk da haka dai, ban tsammanin akwai sauran abubuwa da yawa da zan faɗi. Ba ni da masaniya a fagen magana ko ulogd, duk da haka idan kowa yana da matsala game da wannan bari in sani kuma zan yi ƙoƙarin taimaka musu
Gaisuwa 😀
https://blog.desdelinux.net/iptables-para-novatos-curiosos-interesados/
Na tuna cewa da wannan labarin na fara bin su .. hehe ..
Na gode, girmamawa da kuke yi 😀
ulogd shine kawai don kayan kwalliya ko kuwa gabaɗaya? damar saita tashoshi? shiga ta hanyar sadarwa?
Yi imani cewa kawai don ɓoyayyun abubuwa ne, duk da haka, ba shi 'ulogd man' don kawar da shubuhohi.
Kuna daidai: "ulogd - The Netfilter Userspace Logging Daemon"
+1, babba mai magana!
Godiya, zuwa daga gare ku waɗanda ba sa ɗaya daga cikin waɗanda suka fi yin fadanci yana da ma'ana 🙂
Wannan baya nuna cewa nafi kowa sani amma ni mai raina ne xD
Godiya sake ga post, yana magana game da sauran labarin game da rikicin a cikin Hispanic linux blogosphere, wannan post naku - magana na posts posts - shi ne kawai irin post da ake bukata a cikin Spanish / Castilian harshe.
Ingantattun bayanan fasaha irin wannan daga sysadmins ana maraba dasu koyaushe kuma suna tafiya kai tsaye zuwa waɗanda akafi so 8)
Haka ne, gaskiyar ita ce labarin fasaha shine abin da ake buƙata ... Ban gajiya da faɗinsa, a zahiri na riga na yi magana game da shi a nan - » https://blog.desdelinux.net/que-aporta-realmente-desdelinux-a-la-comunidad-global/
Koyaya, sake godiya ... Zanyi ƙoƙarin tsayawa ta wannan hanyar tare da bayanan fasaha 😀
gaisuwa