I-CrowdSec: iphrojekthi yokusebenzisana yokuphepha komthombo ovulekile weLinux

Darkcrizt

Imizuzu ye-4

I-CrowdSec kungumsebenzi omusha wokuphepha yakhelwe ukuvikela amaseva, izinsizakalo, iziqukathi noma imishini ebonakalayo kuvezwe ku-Intanethi nge-ejenti eseceleni kweseva. Kukhuthazwe ngu I-Fail2Ban futhi kuhloswe ukuthi kube yisihumusho sokubambisana nesesimanje salolo hlaka lokuvikela ukungena.

Ngandlela-thile, uyinzalo yeFail2Ban, iphrojekthi eyazalwa eminyakeni eyishumi nesithupha eyedlule. Noma kunjalo, inikeza indlela yokubambisana yesimanje nezisekelo zayo zobuchwepheshe ukuphendula ezimeni zanamuhla.

I-CrowdSec, ebhalwe eGolang, iyinjini ezenzakalelayo yokuphepha, okuncike kukho kokubili ukuziphatha kanye nedumela lamakheli e-IP.

Isoftware ithola ukusebenza endaweni yangakini, ilawula izinsongo, futhi ibuye isebenzisane nomhlaba wonke nenethiwekhi yakho yabasebenzisi ngokwabelana ngamakheli we-IP atholiwe.

Lokhu kuvumela wonke umuntu ukuthi abavimbele ngokuvimbayo. Umgomo ukwakha i-database enkulu yedumela le-IP nokuqinisekisa ukusetshenziswa kwayo mahhala yilabo ababamba iqhaza ekucebiseni kwayo.

Isebenza kanjani iCrowdSec?

ICrowdsec luhlaka oluhlelekile futhi oluxhumekayo, lubandakanya izinhlobonhlobo eziningi zezimo ezaziwayo ezaziwayo, abasebenzisi bangakhetha ukuthi yiziphi izimo abafuna ukuzivikela kuzo, futhi bengeze kalula amasiko amasha ukuze ahambisane kangcono nemvelo yabo.

Umgomo ukusebenzisa isoftware ezindaweni eziningi ngangokunokwenzeka.  Ukwenza kwayo okusheshayo, ukuhambisana kwayo neziqukathi, ukusetshenziswa kwayo kalula ezindaweni ezinamafu kanye nokukwazi kwayo ukusebenza ku-UNIX, macOS noma i-Windows ecosystems: konke lokhu kusivumela ukuthi sibhekane nayo yonke imakethe.

Injini yokuhlaziya indlela yokuziphatha

Ungqimba lokuqala lokuvikelwa. Sebenzisa isimo esichazwe yi-YAML ukuhlanganisa imicimbi Bafaka echibini elivuzayo bese bedweba isignali uma ichibi ligcwala. Ngemuva kwalokho ungafaka impendulo oyikhethayo nabakhansela.

Injini enegama

Injini yedumela yisimiso esilula kakhulu, kepha kunzima ukumisa. Ngokuyinhloko ngakunye kokufakwa kweCrowdSec kungazuza ohlwini olumnyama lwe-IP ihlelwe, yasatshalaliswa yi-API yethu emaphakathi. Uma usebenzisa i-LAMP, awudingi amakheli e-IP ahlasela ezinye izitaki zobuchwepheshe njengeWindows, ngokwesibonelo.

Le database ifakwa yizo zonke izehlakalo zeCrowdSec, amasiginali ayo ahlungwa futhi acutshungulwe maphakathi yi-API yethu. Izinzuzo ezingezona zamanga nemizamo yokweba yabaduni yinkinga yangempela, yingakho kunesidingo sokucubungula amasiginali avela ezikhungweni zeCrowdSec.

Sicabanga ukuthi sinresiphi eqinile yokwenza lokhu, esikubiza ngokuvumelana. Lokhu kufaka amasu ahlukahlukene, njengokuhlola amasiginali avela kwamanye amalungu athenjiwe, inethiwekhi yethu yezingibe (ama-honeypots), uhlu lwe-Canary (uhlu olumhlophe lwamakheli we-IP), njll.

Umgomo wethu ukusabalalisa kuphela uhlu oluthembekile olungu-100%. Futhi, ukukhomba ukuthi ubani onobungozi nokuthi kuncike nini kakhulu kumongo nesikhathi esithile. Isibonelo, ikheli le-IP ebelithathwa njengelihlanzekile izolo lingafakwa engozini namuhla futhi abaphathi bangalihlanza ngakusasa. Ikheli le-IP elibhekwa yi-SSH aliyona ingozi ku-TSE yakho, njll.

Bonisa

Isoftware kufaka phakathi uhlelo olungasindi, lokubonisa lendawo olususelwa ku-Metabase. CrowdSec futhi ifakwe i-Prometheus, ukuhlinzeka ngamakhono okubona nawokuqwashisa.

Injini edumile njengamanje inamakheli e-IP angaphezu kuka-103.000 "okuvumelana" (esidlulise ukuhlolwa okunobuthi kanye nokuphikisana namanga).

Kuze kube manje, amalungu omphakathi aqhamuka emazweni angaphezu kwamashumi amahlanu asakazeke emazwenikazi ayisithupha.

Ngenkathi isoftware njengamanje ibukeka njengeFail2Ban ehleliwe, inhloso ukusebenzisa amandla esixuku ukudala i-database yedumela le-IP enembile kakhulu. Lapho i-CrowdSec ibhampa i-IP ethile, isimo esibangelwe nesitembu sesikhathi sithunyelwa ku-API yethu ukuze iqinisekiswe futhi ihlanganiswe ekuvumelaneni komhlaba wonke kwama-IP amabi.

ICrowdSec ingumthombo wamahhala futhi ovulekile (ngaphansi kwelayisense ye-MIT), nekhodi yomthombo iyatholakala kwi-GitHub. Okwamanje iyatholakala ngeLinux, enezimbobo eziya kumaMacOS nakuWindows kumephu yomgwaqo

Umthombo: https://doc.crowdsec.net/


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Ubhekele imininingwane: Miguel Ángel Gatón
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.

  1.   I-CrowdSec kusho
    kwenza iminyaka 3

    Ngiyabonga kakhulu ngale ndatshana! Singakusebenzisa uma udinga usizo usebenzisa i-CrowdSec. Ujabulele usuku lwakho.

    Ithimba leCrowdSec
    info@crowdsec.net
    https://github.com/crowdsecurity/crowdsec

    Phendula ku-CrowdSec