Guardian 配置文档

楚修为

2023-12-01

###############
## Guardian ##
###############

#rpm pakcet download
http://www.chaotic.org/guardian/

tar -xzvf guardian-***
cd guardian-***

# installing ....
cp guardian.pl /usr/sbin/
cp scripts/iptables_block.sh /usr/local/bin/guardian_block.sh
cp scripts/iptables_unblock.sh /usr/local/bin/guardian_unblock.sh
cp guardian.conf /etc/snort/

touch /etc/snort/guardian.ignore
touch /etc/snort/guardian.target
touch /var/log/snort/guardian.log

# setting guardian configure file (PATH /etc/snort/guardian.conf)

Interface eth0
LogFile /var/log/snort/guardian.log
AlerFile /var/log/snort/alert
IgnoreFile /etc/snort/guardian.ignore
TargetFile /etc/snort/grardian.target
TimeLimit 86400 #units: second

# /usr/local/bin/guardian_block.sh

source=$1
interface=$2
/sbin/iptables -I INPUT -s $source -i $interface -j DROP

# /usr/local/bin/guardian_block.sh

source=$1
interface=$2
/sbin/iptables -D INPUT -s $source -i $interface -j DROP

#---------------------------------------------------------------------------------------------

# server start , restart and stop

guardian.sh [ start | restart | stop | status ]

######################################### WORKS ###############################################

     command
                    | -----------------> iptables------------------>DROP
                    |if alter               |        |
                    |                         |          |TimeLimit Timeout
                   |       Listen        |      default           |
                 alert<-----------------Guradin=================> ACCEPT
                  |
                  |--guardian.ignore
                    |--guardian.target

# If the connection presents IP alias ,Must make the IP alias to become effective in guardian, \
# Ip alias ip address must Increase in guardian.target

Guardian 配置文档

相关阅读

相关文章

相关问答

相关文档