IimpawuNgokungagqibekanga inomgaqo wokucoca ulwelo ku "Yamkela yonke" imo, oko kukuthi, iyangena kwaye iphume kulo lonke uqhagamshelo olusuka kwiPC yethu, kodwa kuthekani ukuba sifuna ukungena kulo lonke ulwazi malunga nonxibelelwano olwenziwe kwiiseva zethu okanye iiPC?
Qaphela: Inkqubo endiza kuyenza ngoku isebenza i-100% kulwabiwo Debian/Isiseko seDebian, ke ukuba usebenzisa Slackware, Fedora, CentOS, I-OpenSuSe, Inkqubo isenokungafani, sicebisa ukuba sifunde kwaye siqonde inkqubo yokungena yakho yokuhambisa ngaphambi kokufaka isicelo sokuchazwe ngezantsi. Kukho ukubakho kokufaka i-rsyslog kulwabiwo lwakho, ukuba iyafumaneka koovimba, nangona kwesi sifundo, syslog ikwacacisiwe ekugqibeleni.
Konke kulungile ukuza kuthi ga ngoku, kodwa yintoniSiza kungena phi? Kulula, kwifayile «/var/log/firewall/iptables.log", Intoni ayikho, de sikholwe sithi ...
1- Kuya kufuneka senze ifayile «iptable.log»Ngaphakathi kwifolda«/ var / log / firewall»Ukuba kufuneka siyile, kuba nayo ayikho.
mkdir -p / var / log / firewall /
chukumisa /var/log/firewall/iptables.log
2- Iimvume, kubaluleke kakhulu ...
chmod 600 /var/log/firewall/iptables.log
Iingcambu ezikhethiweyo: adm /var/log/firewall/iptables.log
3- rsyslog, i-daemon yokungena kwi-Debian, ifunda ubumbeko «/etc/rsyslog.d«, Ke kufuneka senze ifayile endiza kuyibiza«firewall.conf»Ukusuka apho i-rsyslog inokuchaza into esifuna ukuyenza.
chukumisa /etc/rsyslog.d/firewall.conf
Kwaye ngaphakathi siyamshiya ikhola ngobumnene umxholo olandelayo:
: msg, iqulethe, "iptables:" - / var / log / firewall / iptables.log
& ~
Andinalwazi lincinci,Zenza ntoni ezi zibini zemigca?
Umgca wokuqala ujonga idatha engenisiweyo yomtya «iiptables: »Kwaye uyongeza kwi«/var/log/firewall/iptables.log«
Okwesibini, kuyeka ukwenziwa kolwazi olungeniswe ngephethini yangaphambili ukuze ingaqhubeki ithunyelwa ku «/ var / log / imiyalezo«.
4- Ukujikeleza ifayile yelog, nge kufezekisiwe.
Kuya kufuneka senze ngaphakathi kwe «/etc/logrotate.d/"ifayili"firewall»Okuya kuba nemixholo elandelayo:
/var/log/firewall/iptables.log
{
jikelezisa 7
mihla le
ubukhulu be-10M
Umhla womhla
nditsho
Yenza i-adm
i-notifempty
cindezela
ukulibazisa
mva
invoke-rc.d rsyslog phinda ulayishe> / dev / null
isiphelo
}
Ukuze ujikeleze iinkuni amaxesha ama-7 ngaphambi kokuba uzicime, 1 ixesha ngemini, ubuninzi be-log eyi-10MB, icinezelwe, yomhla, ngaphandle kokunika impazamo ukuba ilog ayikho, yenziwa njengengcambu.
5- Qala kabusha, njengalo lonke uvuyo lwe-xD, i-rsyslog daemon:
/etc/init.d/rsyslog qala kwakhona
Ungangqina njani ukuba konke oku kuyasebenza?
Masizame i-SSH.
Faka OpenSSH (ukuba ayifakwanga ...):
ukufumana ngokufanelekileyo ukufaka i-open-server
Ngaphambi kokuqhubeka, kufuneka sibale njengengcambu kwikhonsoli:
iptables -A INPUT -p tcp --dport 22 --syn -j LOG --log-prefix "iptables: " --log-level 4
Ukuqhuba le ngxelo iptables kuyakufaka ulwazi olwaneleyo ukubonisa ukuba into esiyenzileyo ayilolize. Kulesi sivakalisi sixelela iptables ukuloga lonke ulwazi olufikelela kwizibuko 22. Ukuvavanya nezinye iinkonzo, tshintsha nje inombolo yezibuko, njenge-3306 ye-MySQL, ukwenza nje umzekelo, ukuba ufuna ulwazi ngakumbi, funda esi sifundo sibhalwe kakuhle kwaye isekwe kwimizekelo yoqwalaselo lolona hlobo lusetyenzisiweyo.
I-SSH isebenzisa i-port 22 ngokungagqibekanga, ke siya kuvavanya ngayo. Ukufakela ukuvulwa, siyaqhagamshela kuyo.
ssh pepe @ uvavanyo-server
Ukubona iinkuni, ngomsila usombulula le ngxaki:
umsila -f /var/log/firewall/iptables.log
Iptable, kulo mzekelo, log yonke into, imini, ixesha, ip, mac, njl, eyenza ukuba ibe nkulu ekujongeni iiserver zethu. Uncedo oluncinci olungaze lubuhlungu.
Ngoku, siqaphela ukuba sisebenzisa enye i-distro, njengoko benditshilo ekuqaleni, isetyenziswa ngokubanzi I-rsyslog, okanye into efanayo. Ukuba i-distro yakho isebenzisa syslog, ukwenza umthambo ofanayo kufuneka siwuhlengahlengise / uguqulule kancinci syslog.conf
nano /etc/syslog.conf
Yongeza kwaye ugcine lo mgca ulandelayo:
kern.warnning /var/log/firewall/iptables.log
Kwaye emva koko, uyazi, isiphelo esonwabisayo:
/etc/init.d/sysklogd qala kwakhona
Isiphumo: ngokufanayo.
Yiyo le ngoku, kwizithuba ezizayo, siya kuhlala sidlala nge-iptables.
Izalathiso:
Nyanzela iptables ukuba ungene kwifayile eyahlukileyo
Ngena iptables kwifayile eyahlukileyo ene-rsyslog
Iptable isifundo soqwalaselo kwiinkqubo zeFedora / RHEL
Inkulu le «mini-yesikhokelo» ye-BOFH oyenzayo kancinci kancinci
Enkosi, kancinci kancinci ndiza kunika iinkcukacha kunye nedatha ye-iptables, ekufuneka ndiyazi emsebenzini wam, ngamanye amaxesha esiyifunayo kwaye ichazwa kakubi kwi-Intanethi, konke oko kungumsebenzisi ... xD
Ndithatha eli thuba ukwamkela ilungu 😀
Unelota yokufaka igalelo, unolwazi oluphambili ngenethiwekhi, iinkqubo, ii-firewall njl njl, ke ndiza kuba (sendisele) ndingomnye wabafundi abaninzi oya kuba nabo hahaha.
Ukubulisa kwaye kakuhle ... uyazi, nokuba kwenzeka ntoni na
Ndijonge phambili kwezo zinto ^ ^
Yiza eKoratsuki, bendingazi ukuba uhlala usiya kule bhlog.
Ngendlela, enye into eyahlukileyo yokungena kwimisebenzi ye-firewall isebenzisa iphakheji ulogd, Eyenziwa ngabantu be projekthi ye netfilter ukuququzelela ukwahlulwa kolu hlobo lomkhondo (ivumela ukubasindisa ngeendlela ezahlukeneyo). Yindlela endihlala ndiyisebenzisa. Ukuyisebenzisa kulula, umzekelo:
iptables -A INPUT -p udp -m multiport ! --ports 53,67:68 -m state --state NEW -j ULOG --ulog-prefix "Solicitud UDP dudosa"Kuya kufuneka ndinike iposti i-F5, indlela Ulogd esebenza ngayo iyandilingana, nditsho ne-MySQL logs yolu hlobo: D.
Iposi elungileyo, qhubeka njalo.
Molo mphathi, kuhamba njani?
Ungandinika isandla?
Kuba andilufumani uqeqesho, kwaye icacile kunamanzi, andazi ukuba ndiphazama phi