*free* Maltrail system for filtering out bad traffic
*free* Maltrail system for filtering out bad traffic
Hi,
I've been setting myself up with a cool script called Maltrail: https://github.com/stamparm/maltrail
It basically looks at the incoming and outgoing traffic, and picks up any malicious stuff. What I did is write a little installer script that will set it up for you, and with pretty minimal effort blocks wannabe attackers. It's a pretty simple process:
1) Create the /installer directory, and upload the content of the attached ZIP into it
2) Run:
I've made it as intuative as possible (getting your IP , hostname etc from the system rather than having to type it all out). It adds the new port to the firewall (so you can view the GUI interface), and gives you details on the crons to add
Once setup, I would suggest manually running this process for the first time to make sure it works ok:
If it does, then you can add in the cronjobs mentioned in the installer at the end (these will set it up on reboot with iptables rules being pulled back in, particually the maltrail-src set)
You can then access the admin area with:
http://your.admin.domain:8338/
It asks for you to login, so you can get in with:
admin / P3z3CeBS9nKz
Check out /opt/maltrail/maltrail.conf for details on how to change the password (its a simple one liner)
Anyway - hopefully this helps someone. It took a while to get the script right, but its saved me a ton of time setting up on all my other servers. This is just from todays traffic on one server:
abcd 2 online
For some reason we don't seem to be allowed to upload files here? So I've stuck the installer on a Google Drive link.
Enjoy!
Andy
https://drive.google.com/file/d/12hmQBo ... sp=sharing
I've been setting myself up with a cool script called Maltrail: https://github.com/stamparm/maltrail
It basically looks at the incoming and outgoing traffic, and picks up any malicious stuff. What I did is write a little installer script that will set it up for you, and with pretty minimal effort blocks wannabe attackers. It's a pretty simple process:
1) Create the /installer directory, and upload the content of the attached ZIP into it
2) Run:
Code: Select all
bash /installer/install-maltrail.sh Once setup, I would suggest manually running this process for the first time to make sure it works ok:
Code: Select all
python /opt/maltrail/sensor.py -c /opt/maltrail/maltrail.confYou can then access the admin area with:
http://your.admin.domain:8338/
It asks for you to login, so you can get in with:
admin / P3z3CeBS9nKz
Check out /opt/maltrail/maltrail.conf for details on how to change the password (its a simple one liner)
Anyway - hopefully this helps someone. It took a while to get the script right, but its saved me a ton of time setting up on all my other servers. This is just from todays traffic on one server:
abcd 2 online
For some reason we don't seem to be allowed to upload files here? So I've stuck the installer on a Google Drive link.
Enjoy!
Andy
https://drive.google.com/file/d/12hmQBo ... sp=sharing