Ukubonisa ii-iptable logs kwifayile eyahlukileyo ene-ulogd

Ayiloxesha lokuqala sithetha ngalo iptables, sele sikhankanye ngaphambili indlela yokuqinisekisa ukuba imithetho ye iiptables zisetyenziswa ngokuzenzekelayo xa uqala ikhompyuter, siphinde sichaze ukuba yintoni isiseko / phakathi kwii-iptables, kunye nezinye izinto ezininzi 🙂

Ingxaki okanye ukucatshukiswa ukuba abo bethu abathanda iptables bahlala bedibana nabo kukuba iptables logs (oko kukuthi, ulwazi malunga neepakethi ezikhatywayo) ziboniswa kwi-dmesg, kern.log okanye iifayile ze-syslog kwi /var/log/, okanye Oku kuthetha ukuba kwezi fayile kungekhona kuphela ulwazi lwe-iptables oluboniswayo, kodwa kunye nolunye ulwazi oluninzi, okwenza kube nzima ukubona kuphela ulwazi olunxulumene ne-iptables.

Kwixesha elidlulileyo sikubonise ukuba njani khupha iiptables logs kwenye ifayileNangona kunjalo ... Ndimele ndivume ukuba mna ngokobuqu ndiyifumana le nkqubo intsonkothile. ..

Ke Indlela yokukhupha iiptables logs kwifayile eyahlukileyo kwaye wenze kube lula njengoko kunokwenzeka?

Isisombululo yile: ulogd

ulogd Yimpahla esiyifakelayo (en Debian okanye izinto eziphuma kuyo -» sudo apt-fumana ukufaka ulogd) kwaye iya kusinceda kanye ngale nto ndikuxelele yona.

Ukuyifaka sele uyazi, khangela ipakethe ulogd kwiindawo zabo zokuhlala kwaye uyifake, emva koko i-daemon iya kongezwa kubo (/etc/init.d/ulogd) kuqaliso lwenkqubo, ukuba usebenzisa i-KISS distro like Archlinux kufuneka yongeze ulogd ukuya kwicandelo leedemon eziqalwe ngenkqubo ngaphakathi /etc/rc.conf

Nje ukuba uyifakile, kuya kufuneka wongeze lo mgca ulandelayo kwiskripthi sakho semithetho ye-iptables:

sudo iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j ULOG

Emva koko uqhube iskripthi sakho semithetho ye-iptables kwakhona kwaye voila, yonke into iya kusebenza 😉

Jonga iilog kwifayile ngoku: /var/log/ulog/syslogemu.log

Kule fayile endiyikhankanyayo kulapho ngokungagqibekanga ulogd ibeka iilog zeepakethe ezikhatywayo, nangona kunjalo ukuba ufuna ibe kwenye ifayile hayi kule ungawuguqula kancinane umgca #53 kwi. /etc/ulogd.conf, batshintsha ngokulula umendo wefayile oboniswe ngala mgca kwaye emva koko baqale kwakhona i-daemon:

sudo /etc/init.d/ulogd restart

Ukuba ujonga ngononophelo loo fayile uya kubona ukuba kukho iinketho zokugcina iinkuni kwi-MySQL, SQLite okanye i-Postgre database, enyanisweni iifayile zoqwalaselo zifumaneka kwi/usr/share/doc/ulogd/

Kulungile, sele sinayo iptables logs kwenye ifayile, ngoku ungayibonisa njani?

Kuba oku kulula cat kuya kwanela:

cat /var/log/ulog/syslogemu.log

Khumbula, iipakethi ezikhatywayo kuphela ziya kugcinwa kwilog Ukuba unomncedisi wewebhu (i-port 80) kwaye uqwalasele iptables ukuze wonke umntu akwazi ukufikelela kule nkonzo yewebhu, iilogi ezinxulumene nale aziyi kugcinwa kwiilog, nangona kunjalo. Nangona kunjalo, ukuba banenkonzo ye-SSH kwaye ngee-iptables baqwalasele ukufikelela kwi-port 22 ukwenzela ukuba ivumele kuphela i-IP ethile, kwimeko ye-IP ngaphandle kokhethiweyo ezama ukufikelela kwi-22 ngoko oku kuya kugcinwa kwilogi.

Ndikubonisa apha umgca womzekelo kwilog yam:

Tue 4 22:29:02 exia IN=wlan0 OUT= MAC=00:19:d2:78:eb:47:00:1d:60:7b:b7:f6:08:00 SRC=10.10.0.1 DST=10.10.0.51 .60 LEN=00 TOS=0 PREC=00x64 TTL=12881 ID=37844 DF PROTO=TCP SPT=22 DPT=895081023 SEQ=0 ACK=14600 WINDOW=0 SYN URGP=XNUMX

Njengoko ubona, umhla kunye nexesha lokuzama ukufikelela, ujongano (i-wifi kwimeko yam), idilesi ye-MAC, umthombo we-IP wofikelelo kunye nendawo yokusingwa ye-IP (yam), kunye nezinye iinkcukacha ezininzi zibonisiwe, kubandakanya Iprothokholi. (TCP) kunye nechweba lokuya (22) lifunyenwe. Isishwankathelo, ngo-10:29 nge-4 kaMatshi, i-IP 10.10.0.1 yazama ukufikelela kwi-port 22 (SSH) yelaptop yam xa (oko kukuthi, ilaptop yam) ine-IP 10.10.0.51, konke oku nge-Wi-Fi (wlan0 )

Njengoko ubona... ulwazi oluluncedo ngokwenene 😉

Ngapha koko, andiqondi ukuba kusekuninzi endinokukuthetha. Andiyiyo ingcaphephe kwi-iptables okanye ulogd, nangona kunjalo ukuba kukho umntu onengxaki ngale nto makazise kwaye ndiza kuzama ukubanceda.

Ukubulisa 😀