Ama-IptableNgokuzenzakalelayo kunomthetho wokuhlunga kumodi ethi "Yamukela konke", okusho ukuthi, kungena futhi kuphume konke ukuxhumana kusuka noma kuya kwi-PC yethu, kepha kuthiwani uma sifuna ukungena kulo lonke ulwazi mayelana nokuxhumeka okwenziwe kumaseva ethu noma ama-PC?
Qaphela: Inqubo engizoyenza manje isebenza ngokuyi-100% ekusatshalalisweni Debian/Kususelwa ku-Debian, ngakho-ke uma usebenzisa Slackware, Fedora, CentOS, I-OpenSuSe, inqubo kungenzeka ingafani, sincoma ukuthi ufunde futhi uqonde uhlelo lwakho lokungena ngemvume lokusabalalisa ngaphambi kokusebenzisa okuchazwe ngezansi. Kukhona futhi kungenzeka ukufaka i-rsyslog ekusatshalalisweni kwakho, uma kutholakala kumakhosombe, yize kulesi sifundo, i-syslog nayo ichazwa ekugcineni.
Konke kuhle kuze kube manje, kodwa yiniSizongena kuphi? Kulula, kufayela «/var/log/firewall/iptables.log", ini alukho, size sikholwe yithi uqobo ...
1- Kufanele sakhe ifayili «iptables.log»Ngaphakathi kufolda«/ var / log / firewall»Ukuthi kufanele siyidale, ngoba nayo ayikho.
mkdir -p / var / log / firewall /
thinta /var/log/firewall/iptables.log
2- Izimvume, zibaluleke kakhulu ...
chmod 600 /var/log/firewall/iptables.log
Impande ekhethiwe: adm /var/log/firewall/iptables.log
3- I-Rsyslog, i-daemon yokungena ngemvume ye-Debian, ifunda ukumiswa kusuka ku- «/etc/rsyslog.d«, Ngakho-ke kufanele sakhe ifayela engizolibiza«i-firewall.conf»Ukusuka lapho i-rsyslog ingahumusha lokho esifuna ukukwenza.
thinta /etc/rsyslog.d/firewall.conf
Futhi ngaphakathi siyamshiya uphonsa ngobumnene okuqukethwe okulandelayo:
: msg, iqukethe, "iptables:" - / var / log / firewall / iptables.log
& ~
Anginawo nomqondo omncane,yenzani lemigqa embalwa?
Ulayini wokuqala uhlola imininingwane engene ngemvume ngentambo «iptables: »Futhi uyingeza kufayela«/var/log/firewall/iptables.log«
Okwesibili, kumisa ukucutshungulwa kolwazi olungene ngephethini yangaphambilini ukuze ingaqhubeki ithunyelwe ku- «/ var / log / imilayezo".
4- Izungezisa ifayela lokungena, nge qobisa.
Kumele sakhe ngaphakathi kwe- «/etc/logrotate.d/"ifayela"firewall»Okuzoqukatha okuqukethwe okulandelayo:
/var/log/firewall/iptables.log
{
jikelezisa 7
nsuku zonke
usayizi 10M
usuku lwosuku
ulahlekile
dala izimpande ezingama-600
i-notifempty
cindezela
ukubambezela
ukuthunyelwa
invoke-rc.d rsyslog kabusha> / dev / null
isiphetho
}
Ukuze ujikeleze izingodo izikhathi eziyi-7 ngaphambi kokuzisusa, 1 isikhathi ngosuku, usayizi omkhulu we-log 10MB, ucindezelwe, unedethi, ngaphandle kokunikeza iphutha uma i-log ingekho, yenziwe njengempande.
5- Qala kabusha, njengakho konke ukuphela okuhle kwe-xD, i-rsyslog daemon:
/etc/init.d/rsyslog qala kabusha
Ungakufakazela kanjani ukuthi konke lokho kuyasebenza?
Ake sizame i-SSH.
Faka I-OpenSSH (uma kungenjalo ayifakiwe ...):
thola ukufaka i-openssh-server
Ngaphambi kokuqhubeka, kufanele sisebenze njengezimpande kukhonsoli:
iptables -A INPUT -p tcp --dport 22 --syn -j LOG --log-prefix "iptables: " --log-level 4
Ukwenza lesi sitatimende se-iptables kuzongena imininingwane eyanele ukukhombisa ukuthi esikwenzile akulona ize. Kulo musho sitshela ama-iptables ukuthi abhale yonke imininingwane eza kuwo nge-port 22. Ukuhlola ngezinye izinsiza, vele ushintshe inombolo ye-port, njenge-3306 ye-MySQL, ukwenza isibonelo nje, uma ufuna eminye imininingwane, funda lesi sifundo esibhalwe kahle kakhulu futhi ngokuya ngezibonelo ezijwayelekile zokucushwa okusetshenziswe kakhulu.
I-SSH isebenzisa i-port 22 ngokuzenzakalela, ngakho-ke sizohlola ngayo. Ngemuva kokufaka ukuvula, sixhuma kuyo.
ssh pepe @ test-server
Ukubona izingodo, ngomsila uxazulula le nkinga:
umsila -f /var/log/firewall/iptables.log
Ama-Iptable, kulesi sibonelo, ungene konke, usuku, isikhathi, ip, mac, njll, okwenza kube kuhle ukuqapha amaseva ethu. Usizo oluncane olungaze lubuhlungu.
Manje, siqaphela ukuthi sisebenzisa enye i-distro, njengoba ngishilo ekuqaleni, isetshenziswa kakhulu rsyslog, noma into efanayo. Uma i-distro yakho isebenzisa syslog, ukwenza umsebenzi ofanayo kufanele sihlele / siguqule kancane syslog.conf
nano /etc/syslog.conf
Faka bese ugcine umugqa olandelayo:
kern.warning /var/log/firewall/iptables.log
Futhi-ke, uyazi, isiphetho esijabulisayo:
/etc/init.d/sysklogd qala kabusha
Umphumela: kuyafana.
Yilokho okwamanje, kokuthunyelwe okuzayo, sizoqhubeka nokudlala ngama-iptables.
Izinkomba:
Phoqelela ama-iptables ukungena kufayela elihlukile
Ngena ama-iptables kufayela elihlukile eline-rsyslog
Isifundo sokucushwa kwe-Iptables ezinhlelweni zeFedora / RHEL
Kuhle le «mini-manual» ye-BOFH oyenzayo kancane kancane
Ngiyabonga, kancane kancane ngizonikeza imininingwane nedatha yama-iptables, obekufanele ngikwazi emsebenzini wami, kwesinye isikhathi esiwadingayo futhi achazwe kabi kwi-Intanethi, konke ngumsebenzisi ... xD
Ngithatha leli thuba ukwamukela wena lungu 😀
Une-LOT ongayifaka ngempela, unolwazi oluthuthukile impela lwamanethiwekhi, amasistimu, ama-firewall njll, ngakho-ke ngizoba (sengivele) ngingomunye wabafundi abaningi ozoba nabo hahaha.
Ukubingelela futhi kahle ... uyazi, noma yini edingekayo 😀
Ngibheke phambili kulezo zinto ^ ^
Woza kuKoratsuki, bengingazi ukuthi uyivakashele le bhulogi.
Ngendlela, okunye okuhlukile kokungena ngemvume kwe-firewall usebenzisa iphakheji Ulogd, elenziwa ngabantu bephrojekthi ye-netfilter ukwenza lula ukuhlukaniswa kwalolu hlobo lwemikhondo (ivumela ukubasindisa ngezindlela ezahlukahlukene). Yindlela engivame ukuyisebenzisa. Ukuyisebenzisa kulula, ngokwesibonelo:
iptables -A INPUT -p udp -m multiport ! --ports 53,67:68 -m state --state NEW -j ULOG --ulog-prefix "Solicitud UDP dudosa"
Kuzofanele nginikeze okuthunyelwe i-F5, indlela i-Ulogd esebenza ngayo ingilingana, ngisho ne-MySQL izingodo zohlobo: D.
Okuthunyelwe okuhle, qhubeka njalo.
Sawubona mphathi, kuhamba kanjani?
Ungangisiza?
Njengoba ngingasitholi isifundo, futhi sicacile kunamanzi, angazi ukuthi ngiphutha kuphi