Kuratidza iptables matanda mune akapatsanurwa faira neulogd

Haisi nguva yekutanga yatinotaura nezvayo iptables, isu tambotaura kare maitiro ekuita mitemo ye iptables inoitwa otomatiki paunotanga komputa, isu tinotsanangurawo chii basic / medium pamusoro iptables, nezvimwe zvinhu zvakati wandei

Dambudziko kana kutsamwiswa izvo isu vedu vanofarira nezve iptables vanogara vachiwana ndezvekuti, iyo iptables matanda (ndokuti ruzivo rwemapaketi akarambwa) anoratidzwa mu dmesg, kern.log kana syslog mafaera e / var / log /, kana Mune mamwe mazwi, kwete chete iyo iptables ruzivo runoratidzwa mune aya mafaera, asi zvakare rwakawanda rumwe ruzivo, zvichiita kuti zvive zvinonetesa kuona chete iro ruzivo rwakanangana ne iptables.

Nguva pfupi yapfuura takakuratidza kuti sei tora matanda kubva iptables kune imwe fairaNekudaro ... ndinofanira kubvuma kuti ini pachangu ndinoona maitiro aya akaomesesa .. - ..

Saka, Nzira yekuwana sei iptables matanda kune akapatsanurwa faira uye nekuichengeta iri nyore sezvinobvira?

Mhinduro ndeiyi: ulogd

ulogd ipakeji ratakamisa (en Debian kana zvigadzirwa - »sudo apt-tora kuisa ulogd) uye zvichatishandira chaizvo izvi zvandichangobva kukuudza.

Kuti umise iwe unoziva, tsvaga iyo package ulogd mune yavo zororo uye nekuiisa, ipapo daemon ichawedzerwa kwavari (/etc/init.d/ulogd) pakutangisa system, kana iwe ukashandisa chero KISS distro senge ArchLinux inofanira kuwedzera ulogd kune chikamu chemadhemoni anotanga nehurongwa mu /etc/rc.conf

Kana vachinge vaisa iwo, vanofanirwa kuwedzera unotevera mutsara mune yavo iptables mitemo script:

sudo iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j ULOG

Wobva wamhanya yako iptables mitemo script uye voila, zvese zvichange zvichishanda 😉

Tarisa matanda ari mufaira. /var/log/ulog/syslogemu.log

Mune faira iri randinotaura nderekuti nekukanganisa ulogd inowana akarambwa mapakeji matanda, zvisinei kana iwe uchida kuti ive mune imwe faira uye kwete mune izvi unogona kugadzirisa mutsara # 53 mu /etc/ulogd.conf, ivo vanongo chinja nzira yefaira iyo inoratidza iwo mutsara uye vozotangazve daemon:

sudo /etc/init.d/ulogd restart

Ukatarisa padhuze neiyo faira uchaona kuti pane zvingasarudzika zvekutochengetedza matanda mune MySQL, SQLite kana Postgre dhatabhesi, semuenzaniso iwo mafaira ekumisikidza ari mu / usr / share / doc / ulogd /

Ok, isu tatova nemapeti eeptables mune imwe faira, ikozvino maitiro ekuvaratidza?

Kune izvi zvakapusa katsi zvinokwana:

cat /var/log/ulog/syslogemu.log

Rangarira, mapakeji akarambwa chete ndiwo achabatwa, kana iwe uine dura rewebhu (chiteshi 80) uye uine iptables yakagadzirirwa kuitira kuti munhu wese akwanise kuwana sevhisi yewebhu, matanda ane hukama neizvi haazochengetwe mumatanda, pasina zvakadaro, kana ivo vane SSH sevhisi uye kuburikidza ne iptables ivo vakagadzirira kupinda kune chiteshi 22 zvekuti inongobvumidza yakatarwa IP, kana chero IP isiri iyo yakasarudzwa ichiedza kuwana makumi maviri neshanu izvi zvinochengetwa murogi.

Ini ndinokuratidza pano mutsara wemuenzaniso kubva padanda rangu.

Mar 4 22:29:02 exia IN = wlan0 OUT = MAC = 00: 19: d2: 78: eb: 47: 00: 1d: 60: 7b: b7: f6: 08: 00 SRC = 10.10.0.1 DST = 10.10.0.51 .60 LEN = 00 TOS = 0 PREC = 00x64 TTL = 12881 ID = 37844 DF PROTO = TCP SPT = 22 DPT = 895081023 SEQ = 0 ACK = 14600 WINDOW = 0 SYN URGP = XNUMX

Sezvauri kuona, zuva uye nguva yekuyedza kuwana, interface (Wi-Fi mune yangu), MAC kero, sosi IP yekuwana pamwe neiyo yekuenda IP (yangu), uye nedzimwe dzakasiyana data pakati payo protocol (TCP) uye chiteshi chekuenda (22) chinowanikwa. Kupfupisa, na10: 29 munaKurume 4, IP 10.10.0.1 yakaedza kuwana chiteshi 22 (SSH) ye laptop yangu apo (ndokuti laptop yangu) yanga iine IP 10.10.0.51, zvese izvi kuburikidza neWifi (wlan0)

Sezvauri kuona ... ruzivo rwakakosha chaizvo 😉

Zvisinei, ini handifunge kuti kune zvimwe zvakawanda zvekutaura. Ini handisi nyanzvi yekure iptables kana ulogd, zvisinei kana paine munhu ane dambudziko neizvi ndizivisei uye ndichaedza kuvabatsira

Kwaziso 😀