Njengoba kuthenjisiwe kuyisikweletu, lapha ngiza ukukukhombisa ukufakwa okuthile okuyisisekelo kwe- I-OSSEC y Ihlulekile2ban. Ngalezi zinhlelo ezimbili ngihlose ukuvikela kancane, iseva ye-Apache ne-SSH.
Wikipedia:
I-OSSEC is a khulula, umthombo ovulekile uhlelo lokusingathwa olususelwa ekusingatheni (i-IDS). Iyasebenza ukuhlaziywa kwelogi, ukuhlola ubuqotho, Ukubhaliswa kweWindows ukuqapha, rootkit ukutholwa, ukuxwayisa okusekelwe ngesikhathi nempendulo esebenzayo. Inikeza ukutholwa kokungena kwezinhlelo eziningi zokusebenza, kufaka phakathi Linux, I-OpenBSD, I-FreeBSD, I-Mac OS X, Solaris futhi Windows. Inokwakhiwa okuphakathi nendawo, okwenziwa amapulatifomu okuvumela ukuthi amasistimu amaningi abhekwe futhi aphathwe kalula. Kwabhalwa ngu UDaniel B. Cid futhi yenziwa obala ngo-2004.
Ngokufigqiwe. I-OSSEC ingumtshina wokungena ngaphakathi ohlola ubuqotho besiphakeli sethu ngokusebenzisa izingodo nama-alamu. Ngakho-ke ithumela isignali njalo lapho ifayela lohlelo liguqulwa njll.
Ihlulekile2ban isicelo esibhalwe ku- Python ukuvimbela ukungena ngaphakathi ohlelweni, olususelwa enhlawulweni yokuxhuma (block block) emithonjeni yokuzama ukufinyelela ngamandla. Isatshalaliswa ngaphansi kwelayisense I-GNU futhi isebenza kuzo zonke izinhlelo I-POSIX lokho kusebenzisana nesistimu yokulawula iphakethe noma firewall indawo
Ngokufingqa, Fail2ban "bannea" noma uvimba ukuxhumana okuzama ngokungaphumeleli inombolo ethile yezikhathi ukufaka insizakalo kuseva yethu.
I-OSSEC.
Siya ekhasini elisemthethweni le- I-OSSEC Futhi silanda inguqulo ye-LINUX.
Bese silanda i-GUI njengemvelo yokuqhafaza.
Manje sesizofaka konke.
# tar -xvf ossec-hids-2.7.tar.gz
# aptitude install build-essential
Manje sifaka
# cd ossec-hids-2.7 && sudo ./install
Okulandelayo, uzothola uchungechunge lwemibuzo. Funda kahle kakhulu bese ulandela zonke izinyathelo.
Uma ngiqeda ukuhlanganisa siyahlola.
# /var/ossec/bin/ossec-control start
Uma konke kuhambe kahle, uzothola okufana nakho.
Uma uthola umlayezo wephutha njengo: »I-OSSEC ihlaziyiwe: Imithetho yokuhlola yehlulekile. Iphutha lokulungiselela. Iyaphuma. » Sisebenzisa okulandelayo ukukulungisa.
# ln -s /var/ossec/bin/ossec-logtest /var/ossec/ossec-logtest
Isikhombimsebenzisi sokuqhafaza.
Isibonisi sokuqhafaza se-OSSEC sidlula kuwebhu. Uma ungenayo i-Apache efakiwe. siyifaka. nokusekelwa kwe-PHP futhi.
# apt-get install apache2 apache2-doc apache2-utils
# apt-get install libapache2-mod-php5 php5 php-pear php5-xcache
# apt-get install php5-suhosin
Manje
# tar -xvf ossec-wui-0.3.tar.gz
Manje njenge-ROOT sihambisa ifolda.
# mv ossec-wui-0.3 /var/www/ossec
Manje sifaka.
# cd /var/www/ossec/ && ./setup.sh
Izosicela igama lomsebenzisi nephasiwedi (umsebenzisi akudingeki abe kwikhompyutha yakho. Kungenxa yokungena ngemvume kuphela) Manje sizokwenza okulandelayo.
Editamos el archivo "/etc/group
»
futhi ithi kuphi "ossec:x:1001:"
Sikushiya kanjena: "ossec:x:1001:www-data"
Manje senza okulandelayo (ngaphakathi kwefolda »/ var / www / ossec»
# chmod 770 tmp/
# chgrp www-data tmp/
# /etc/init.d/apache2 restart
Manje sifaka i-OSSEC yethu. Esipheqululini sethu sibhala. "I-Localhost / ossec"
Manje sesiyabona ukuthi kwenzekani kuseva yethu ngokusebenzisa izingodo.
Sifaka i-FAIL2BAN
I-Fail2ban isezinqolobaneni. Ngakho-ke kulula ukufaka.
#apt-get install fail2ban
siyahlela
#nano /etc/fail2ban/jail.conf
Sicindezela i-CTRL-W bese sibhala i-ssh.
Kuzovela into efana nale:
Lokhu kuzokwenza i-failt2ban ye-SSH. (Uma beshintshe imbobo ye-ssh. Bayifaka esikhundleni sayo) Ngendlela efanayo singayivumela i-ftp. i-apache nenqwaba yezinsizakalo. Manje sizomenzela ukuthi asithumelele i-imeyili lapho ebona ukuthi kukhona umuntu ozama ukungena. Ku /etc/fail2ban/jail.conf sifaka.
[ssh-iptables] enabled = true filter = sshd action = iptables [name = SSH, port = ssh, protocol = tcp] sendmail-whois [name = SSH, dest =wena@mail.com, umthumeli = fail2ban @ mail.com] logpath = /var/log/sshd.log maxretry = 5
Manje siqala kabusha iseva.
# service fail2ban restart
Njengoba sibona kuma-LOGS amabili edlule kungikhombisa ukuthi bazamile ukufinyelela nge-sshd ngamaphasiwedi ahlulekile.
Ingitshela umthombo ip bese ngiyivimba. 🙂
Phendula ngokucaphuna
Tuto omuhle, njengomnikelo singahlela ifayela le / /etc/fail2ban/jail.conf
ukwenza ngezifiso izinketho eziningi, kufaka phakathi isikhathi esikhulu sokuvinjelwa, inani lokuphinda uzame.
Siyabonga ngokufaka.
Okokuqala okuthunyelwe okuhle kakhulu (kanye nebhulogi nakho)! hehehe. Bengifuna ukubona ukuthi ungathumela yini noma okuthile okunikezelwe kusibuyekezo esisha esisanda kukhishwa yi-Oracle kwaJava, ngimusha kakhulu kuLinux (ngine-linux mint 14) futhi angazi ukuthi ngingayivuselela kanjani, futhi lokhu kunamaphutha kuphuthuma ukukuvuselela. Okokuqala, Ngiyabonga! 😀
Njengoba ngangifunda lapho. Bathumele isibuyekezo salolo suku olungu-0 kepha abaningi bathi isinambuzane siyaqhubeka. Kungcono ushiye ungakhishwanga.
ikakhulukazi ngincamela ukufaka okuthile okufana ne-CSF konke lokhu kuhlanganisiwe.
Ngiyabonga. Ngizothola ne-OSSEC.
Ngisebenzisa futhi iseva ye-denihosts kanye ne-fail2ban. Yenza umsebenzi ofanayo (engxenyeni ye-sshd) futhi ibuye ivuselele uhlu 'lwezingane ezimbi' kusuka kuseva emaphakathi lapho singalahla khona uhlu lwethu olumnyama futhi ngaleyo ndlela sisebenzisane ekwakheni uhlu olunamandla amakhulu.