Ukubonisa ii-iptable logs kwifayile eyahlukileyo ene-ulogd

Ayiloxesha lokuqala sithetha ngalo iptablesSele sitshilo ngaphambili indlela yokwenza imithetho ye iptables zenziwa ngokuzenzekelayo xa uqala ikhompyuterSikwacacisa nokuba yintoni basic / medium over iptables, kunye nezinye izinto ezininzi 🙂

Ingxaki okanye ukucaphukisa abo kuthi bathanda ii-iptables bahlala befumanisa ukuba, ii-iptables logs (Oko kukuthi, ulwazi lweepakethi ezaliwe) zibonisiwe kwi-dmesg, kern.log okanye iifayile ze syslog ze / var / log /, okanye Ngamanye amagama, ayisiyiyo kuphela ulwazi lwe-iptables oluboniswe kwezi fayile, kodwa kunye nolunye ulwazi oluninzi, olwenza ukuba lube yinto enzima ukubona kuphela ulwazi olunxulumene ne-iptables.

Kwixesha elidlulileyo sikubonise indlela fumana iinkuni ukusuka kwiiptable ukuya kwenye ifayile, nangona kunjalo ... kufuneka ndivume ukuba ngokwam ndiyifumana le nkqubo inzima ..

Ke Ufumana njani ii-iptable logs kwifayile eyahlukileyo kwaye uzenze zibe lula ngangokunokwenzeka?

Isisombululo yile: ulogd

ulogd yiphakheji esiyifakileyo (en Debian okanye ezinye izinto ezivela kuwo - »Sudo apt-get install ulogd) kwaye iyakusisebenzela ngokuchanekileyo ngale nto ndikuxelele yona.

Ukuyifaka uyazi, jonga iphakheji ulogd kwii-repos zabo kwaye bayifake, emva koko kuya kongezwa i-daemon kubo (/etc/init.d/ulogd) kwinkqubo yokuqalisa, ukuba usebenzisa nayiphi na i-KISS distro Archlinux kufuneka wongeze ulogd ukuya kwicandelo leedemoni eziqala ngenkqubo kwi /etc/rc.conf

Nje ukuba bayifakele, kufuneka bongeze lo mgca ulandelayo kwimigaqo yabo ye-iptables:

sudo iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j ULOG

Emva koko sebenzisa imibhalo yakho ye-iptables kwakhona kunye ne-voila, yonke into iya kusebenza 😉

Khangela iigodo kwifayile: /var/log/ulog/syslogemu.log

Kule fayile ndiyikhankanyileyo kulapho ngokungagqibekanga ulogd efumana khona iipakethi ezilahliweyo, nangona kunjalo ukuba ufuna ukuba kwenye ifayile kwaye hayi kule unokuguqula umgca # 53 kwi /etc/ulogd.conf, Batshintsha nje indlela yefayile ebonisa loo mgca kwaye baqale i-daemon:

sudo /etc/init.d/ulogd restart

Ukuba ujonga le fayile uyakubona ukuba kukho iindlela zokonga iigodo kwindawo yedatha ye-MySQL, SQLite okanye Postgre, enyanisweni iifayile zoqwalaselo umzekelo zikwi / usr / share / doc / ulogd /

Kulungile, sele sinazo ii-iptable logs kwenye ifayile, ngoku indlela yokubonisa?

Kule ilula cat kunganela:

cat /var/log/ulog/syslogemu.log

Khumbula, ziipakethi ezilahliweyo kuphela eziza kungenwa, ukuba uneseva yewebhu (port 80) kwaye unee-iptables ezilungiselelwe ukuze wonke umntu akwazi ukufikelela kule nkonzo yewebhu, iinkuni ezinxulumene noku aziyi kugcinwa kwiilog, ngaphandle Nangona kunjalo, ukuba banenkonzo ye-SSH kwaye nge-iptables balungiselele ukufikelela kwizibuko le-22 ukuze ivumele kuphela i-IP ethile, kwimeko apho i-IP ingeyiyo ekhethiweyo izama ukufikelela kuma-22 iya kugcinwa kwilog.

Ndikubonisa apha umgca womzekelo kwilog yam:

Mar 4 22: 29: 02 exia IN = wlan0 OUT = MAC = 00: 19: d2: 78: eb: 47: 00: 1d: 60: 7b: b7: f6: 08: 00 SRC = 10.10.0.1 DST = 10.10.0.51 .60 LEN = 00 TOS = 0 PREC = 00x64 TTL = 12881 ID = 37844 DF PROTO = TCP SPT = 22 DPT = 895081023 SEQ = 0 ACK = 14600 WINDOW = 0 SYN URGP = XNUMX

Njengoko ubona, umhla kunye nexesha lokuzama ukufikelela, ujongano (i-wifi kwimeko yam), idilesi ye-MAC, umthombo we-IP wokufikelela kunye ne-IP yokuya kuyo (eyam), kunye nolunye ulwazi oluphakathi umthetho olandelwayo (TCP) kunye nezibuko lesiphelo (22) zifunyenwe. Ukushwankathela, ngo-10: 29 nge-4 kaMatshi, i-IP 10.10.0.1 izamile ukufikelela kwizibuko le-22 (SSH) yelaptop yam xa (Oko kukuthi, ilaptop yam) yayine-IP 10.10.0.51, konke oku ngeWifi (wlan0)

Njengoko ubona ... ulwazi oluluncedo ngokwenene 😉

Ngapha koko, andicingi ukuba kuninzi ekunokuthethwa. Andililo ingcali kude lee kwi-iptables okanye kwi-ulogd, nangona kunjalo ukuba nabani na unengxaki koku undazise kwaye ndiza kuzama ukubanceda

Ukubulisa 😀