Bloquear redes P2P com kernel 3.X

Buckminster
(usa Debian)

Enviado em 22/09/2013 - 16:42h

Você executou esse comando?

# module-assistant --verbose auto-install xtables-addons

aioriaman
(usa BackTrack)

Enviado em 23/09/2013 - 19:10h

Sim e ele me retorna uma tela com 3 opções:

VIEW
CONTINUE
STOP

quando escolho VIEW ele me mostra um cod
se opto por CONTINUE ele simplesmente sai o module-assistant (retorna para o konsole)
se uso a opção STOP ele diz que o pacote xtables-addons-source não foi construido com sucesso.

A coisa muda de figura quando uso o comando #module-assistant --verbose auto install xtables-addons

neste caso ele abre o programa me dando opção de OVERVIEW, UPDARE, PREPARE, SELECT e EXIT

não opção SELECT existem vários pacotes para eu escolher, porém, não tem o ipp2p nem o layer7.

aioriaman
(usa BackTrack)

Enviado em 24/09/2013 - 20:47h

Agora ferrou tudo, de uma hora pra outra o server está bloqueando tudo, até o samba... Só está liberando internet pelo proxy, mas as portas que peço pra ele deixar abertas ele não deixa...

O script que montei para o firewall é o seguinte, se houver erros ou melhorias por favor me indiquem...

#!/bin/sh

iptables -X
iptables -F
iptables -t nat -X
iptables -t nat -F
iptables -t mangle -X
iptables -t mangle -F

##### ATIVANDO MODULOS #####
modprobe iptable_nat
modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp
modprobe ipt_LOG
modprobe ipt_REJECT
modprobe ipt_MASQUERADE
############################


iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

echo 1 > /proc/sys/net/ipv4/ip_forward

##### lo area
iptables -A INPUT -i lo -j ACCEPT
iptables -A FORWARD -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT


##### Liberando acesso ao samba
iptables -A INPUT -p tcp --dport 445 -j ACCEPT
iptables -A FORWARD -p tcp --dport 445 -j ACCEPT

##### LIBERANDO WEBMIN #####
iptables -A INPUT -p tcp --dport 10000 -j ACCEPT
iptables -A FORWARD -p tcp --dport 10000 -j ACCEPT
iptables -I OUTPUT -p tcp --dport 10000 -j ACCEPT

##### Liberando Squid #####
iptables -A INPUT -p tcp --dport 3128 -j ACCEPT
iptables -A FORWARD -p tcp --dport 3128 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 3128 -j ACCEPT


##### Liberando Interativo #####
iptables -A INPUT -p tcp --dport 1433 -j ACCEPT
iptables -A FORWARD -p tcp --dport 1433 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 1433 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 1433 -j ACCEPT

##### Liberando SSL
iptables -A FORWARD -p tcp --dport 443 -j ACCEPT


##### Roteamento #####

#iptables -t nat -A PREROUTING -p tcp -s 192.168.7.177 -j ACCEPT
iptables -t nat -A PREROUTING -s 192.168.7.162 -j ACCEPT
iptables -t nat -A PREROUTING -d 186.202.66.50 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -s 192.168.0.3 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 3128
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE


##### Bloqueio de sites fora do proxy #####
iptables -A FORWARD -m string --algo bm --string "facebook.com" -j DROP
iptables -A FORWARD -m string --algo bm --string "twitter.com" -j DROP
iptables -A FORWARD -m string --algo bm --string "youtube.com" -j DROP
iptables -A FORWARD -m string --algo bm --string "widicom.com" -j DROP
iptables -A FORWARD -m string --algo bm --string "mega.co" -j DROP
iptables -A FORWARD -m string --algo bm --string "google.com" -j DROP
iptables -A FORWARD -m string --algo bm --string "hotmail.com" -j DROP


##### Bloqueio de FTP #####

iptables -A FORWARD -m multiport -p tcp --dport 20,21 -j DROP

echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter

iptables -A INPUT -i !eth0 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT

iptables -A INPUT -p tcp --dport 80 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -i eth1 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -i eth1 -j ACCEPT

phoemur
(usa Debian)

Enviado em 24/09/2013 - 21:16h

Eu mencionei o snort porque aqui eu implantei baseado neste tutorial:

http://blog.bibliotecaunix.org/?p=103

Sinceramente é um pouco mais complicado, porém como já tenho e gosto do snort, foi um bom ponto de partida...

aioriaman
(usa BackTrack)

Enviado em 24/09/2013 - 22:07h

Não custa tentar... hehehe vlew pela dica, vou tentar e posto o resultado.

aioriaman
(usa BackTrack)

Enviado em 03/10/2013 - 21:51h

Não consegui instalar o snort, parece que ele tenta instalar o samba 4 e não reconhece uma porção de comandos, no final da falha:

apt-get -y --force-yes -f install snort ..


Setting up samba4 (4.0.0~alpha18.dfsg1-4ubuntu2) ...
Unknown parameter encountered: "delete veto files"
Ignoring unknown parameter "delete veto files"
Unknown parameter encountered: "deadtime"
Ignoring unknown parameter "deadtime"
Unknown parameter encountered: "map to guest"
Ignoring unknown parameter "map to guest"
Unknown parameter encountered: "winbind trusted domains only"
Ignoring unknown parameter "winbind trusted domains only"
Unknown parameter encountered: "veto files"
Ignoring unknown parameter "veto files"
Unknown parameter encountered: "winbind use default domain"
Ignoring unknown parameter "winbind use default domain"
Unknown parameter encountered: "keepalive"
Ignoring unknown parameter "keepalive"
Unknown parameter encountered: "writeable"
Ignoring unknown parameter "writeable"
Unknown parameter encountered: "delete readonly"
Ignoring unknown parameter "delete readonly"
Unknown parameter encountered: "os level"
Ignoring unknown parameter "os level"
Unknown parameter encountered: "create mode"
Ignoring unknown parameter "create mode"
Unknown parameter encountered: "syslog"
Ignoring unknown parameter "syslog"
Unknown parameter encountered: "usershare allow guests"
Ignoring unknown parameter "usershare allow guests"
Unknown parameter encountered: "max log size"
Ignoring unknown parameter "max log size"
Unknown parameter encountered: "directory mode"
Ignoring unknown parameter "directory mode"
Unknown parameter encountered: "pam password change"
Ignoring unknown parameter "pam password change"
Unknown parameter encountered: "writeable"
Ignoring unknown parameter "writeable"
Unknown parameter encountered: "veto files"
Ignoring unknown parameter "veto files"
Unknown parameter encountered: "veto files"
Ignoring unknown parameter "veto files"
Unknown parameter encountered: "writeable"
Ignoring unknown parameter "writeable"
Unknown parameter encountered: "public"
Ignoring unknown parameter "public"
Unknown parameter encountered: "create mode"
Ignoring unknown parameter "create mode"
Unknown parameter encountered: "directory mode"
Ignoring unknown parameter "directory mode"
Unknown parameter encountered: "writeable"
Ignoring unknown parameter "writeable"
Unknown parameter encountered: "delete readonly"
Ignoring unknown parameter "delete readonly"
Unknown parameter encountered: "public"
Ignoring unknown parameter "public"
Unknown parameter encountered: "create mode"
Ignoring unknown parameter "create mode"
Unknown parameter encountered: "directory mode"
Ignoring unknown parameter "directory mode"
Unknown parameter encountered: "veto files"
Ignoring unknown parameter "veto files"
Unknown parameter encountered: "delete readonly"
Ignoring unknown parameter "delete readonly"
Unknown parameter encountered: "public"
Ignoring unknown parameter "public"
Unknown parameter encountered: "create mode"
Ignoring unknown parameter "create mode"
Unknown parameter encountered: "directory mode"
Ignoring unknown parameter "directory mode"
Unknown parameter encountered: "delete veto files"
Ignoring unknown parameter "delete veto files"
Unknown parameter encountered: "deadtime"
Ignoring unknown parameter "deadtime"
Unknown parameter encountered: "map to guest"
Ignoring unknown parameter "map to guest"
Unknown parameter encountered: "winbind trusted domains only"
Ignoring unknown parameter "winbind trusted domains only"
Unknown parameter encountered: "veto files"
Ignoring unknown parameter "veto files"
Unknown parameter encountered: "winbind use default domain"
Ignoring unknown parameter "winbind use default domain"
Unknown parameter encountered: "keepalive"
Ignoring unknown parameter "keepalive"
Unknown parameter encountered: "writeable"
Ignoring unknown parameter "writeable"
Unknown parameter encountered: "delete readonly"
Ignoring unknown parameter "delete readonly"
Unknown parameter encountered: "os level"
Ignoring unknown parameter "os level"
Unknown parameter encountered: "create mode"
Ignoring unknown parameter "create mode"
Unknown parameter encountered: "syslog"
Ignoring unknown parameter "syslog"
Unknown parameter encountered: "usershare allow guests"
Ignoring unknown parameter "usershare allow guests"
Unknown parameter encountered: "max log size"
Ignoring unknown parameter "max log size"
Unknown parameter encountered: "directory mode"
Ignoring unknown parameter "directory mode"
Unknown parameter encountered: "pam password change"
Ignoring unknown parameter "pam password change"
Unknown parameter encountered: "writeable"
Ignoring unknown parameter "writeable"
Unknown parameter encountered: "veto files"
Ignoring unknown parameter "veto files"
Unknown parameter encountered: "veto files"
Ignoring unknown parameter "veto files"
Unknown parameter encountered: "writeable"
Ignoring unknown parameter "writeable"
Unknown parameter encountered: "public"
Ignoring unknown parameter "public"
Unknown parameter encountered: "create mode"
Ignoring unknown parameter "create mode"
Unknown parameter encountered: "directory mode"
Ignoring unknown parameter "directory mode"
Unknown parameter encountered: "writeable"
Ignoring unknown parameter "writeable"
Unknown parameter encountered: "delete readonly"
Ignoring unknown parameter "delete readonly"
Unknown parameter encountered: "public"
Ignoring unknown parameter "public"
Unknown parameter encountered: "create mode"
Ignoring unknown parameter "create mode"
Unknown parameter encountered: "directory mode"
Ignoring unknown parameter "directory mode"
Unknown parameter encountered: "veto files"
Ignoring unknown parameter "veto files"
Unknown parameter encountered: "delete readonly"
Ignoring unknown parameter "delete readonly"
Unknown parameter encountered: "public"
Ignoring unknown parameter "public"
Unknown parameter encountered: "create mode"
Ignoring unknown parameter "create mode"
Unknown parameter encountered: "directory mode"
Ignoring unknown parameter "directory mode"
/var/lib/dpkg/info/samba4.postinst: 14: /var/lib/dpkg/info/samba4.postinst: /usr/share/samba/setoption.pl: Permission denied
dpkg: error processing samba4 (--configure):
subprocess installed post-installation script returned error exit status 126
Setting up snort (2.9.2-3ubuntu1) ...
* Stopping Network Intrusion Detection System snort
* - No running snort instance found
* Starting Network Intrusion Detection System snort
...fail!
invoke-rc.d: initscript snort, action "start" failed.
dpkg: error processing snort (--configure):
subprocess installed post-installation script returned error exit status 1
Errors were encountered while processing:
samba4
snort
Reading package lists...
Building dependency tree...
Reading state information...
snort is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 176 not upgraded.
2 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Setting up snort (2.9.2-3ubuntu1) ...
* Stopping Network Intrusion Detection System snort
* - No running snort instance found
* Starting Network Intrusion Detection System snort
...fail!
invoke-rc.d: initscript snort, action "start" failed.
dpkg: error processing snort (--configure):
subprocess installed post-installation script returned error exit status 1
Setting up samba4 (4.0.0~alpha18.dfsg1-4ubuntu2) ...
Unknown parameter encountered: "delete veto files"
Ignoring unknown parameter "delete veto files"
Unknown parameter encountered: "deadtime"
Ignoring unknown parameter "deadtime"
Unknown parameter encountered: "map to guest"
Ignoring unknown parameter "map to guest"
Unknown parameter encountered: "winbind trusted domains only"
Ignoring unknown parameter "winbind trusted domains only"
Unknown parameter encountered: "veto files"
Ignoring unknown parameter "veto files"
Unknown parameter encountered: "winbind use default domain"
Ignoring unknown parameter "winbind use default domain"
Unknown parameter encountered: "keepalive"
Ignoring unknown parameter "keepalive"
Unknown parameter encountered: "writeable"
Ignoring unknown parameter "writeable"
Unknown parameter encountered: "delete readonly"
Ignoring unknown parameter "delete readonly"
Unknown parameter encountered: "os level"
Ignoring unknown parameter "os level"
Unknown parameter encountered: "create mode"
Ignoring unknown parameter "create mode"
Unknown parameter encountered: "syslog"
Ignoring unknown parameter "syslog"
Unknown parameter encountered: "usershare allow guests"
Ignoring unknown parameter "usershare allow guests"
Unknown parameter encountered: "max log size"
Ignoring unknown parameter "max log size"
Unknown parameter encountered: "directory mode"
Ignoring unknown parameter "directory mode"
Unknown parameter encountered: "pam password change"
Ignoring unknown parameter "pam password change"
Unknown parameter encountered: "writeable"
Ignoring unknown parameter "writeable"
Unknown parameter encountered: "veto files"
Ignoring unknown parameter "veto files"
Unknown parameter encountered: "veto files"
Ignoring unknown parameter "veto files"
Unknown parameter encountered: "writeable"
Ignoring unknown parameter "writeable"
Unknown parameter encountered: "public"
Ignoring unknown parameter "public"
Unknown parameter encountered: "create mode"
Ignoring unknown parameter "create mode"
Unknown parameter encountered: "directory mode"
Ignoring unknown parameter "directory mode"
Unknown parameter encountered: "writeable"
Ignoring unknown parameter "writeable"
Unknown parameter encountered: "delete readonly"
Ignoring unknown parameter "delete readonly"
Unknown parameter encountered: "public"
Ignoring unknown parameter "public"
Unknown parameter encountered: "create mode"
Ignoring unknown parameter "create mode"
Unknown parameter encountered: "directory mode"
Ignoring unknown parameter "directory mode"
Unknown parameter encountered: "veto files"
Ignoring unknown parameter "veto files"
Unknown parameter encountered: "delete readonly"
Ignoring unknown parameter "delete readonly"
Unknown parameter encountered: "public"
Ignoring unknown parameter "public"
Unknown parameter encountered: "create mode"
Ignoring unknown parameter "create mode"
Unknown parameter encountered: "directory mode"
Ignoring unknown parameter "directory mode"
Unknown parameter encountered: "delete veto files"
Ignoring unknown parameter "delete veto files"
Unknown parameter encountered: "deadtime"
Ignoring unknown parameter "deadtime"
Unknown parameter encountered: "map to guest"
Ignoring unknown parameter "map to guest"
Unknown parameter encountered: "winbind trusted domains only"
Ignoring unknown parameter "winbind trusted domains only"
Unknown parameter encountered: "veto files"
Ignoring unknown parameter "veto files"
Unknown parameter encountered: "winbind use default domain"
Ignoring unknown parameter "winbind use default domain"
Unknown parameter encountered: "keepalive"
Ignoring unknown parameter "keepalive"
Unknown parameter encountered: "writeable"
Ignoring unknown parameter "writeable"
Unknown parameter encountered: "delete readonly"
Ignoring unknown parameter "delete readonly"
Unknown parameter encountered: "os level"
Ignoring unknown parameter "os level"
Unknown parameter encountered: "create mode"
Ignoring unknown parameter "create mode"
Unknown parameter encountered: "syslog"
Ignoring unknown parameter "syslog"
Unknown parameter encountered: "usershare allow guests"
Ignoring unknown parameter "usershare allow guests"
Unknown parameter encountered: "max log size"
Ignoring unknown parameter "max log size"
Unknown parameter encountered: "directory mode"
Ignoring unknown parameter "directory mode"
Unknown parameter encountered: "pam password change"
Ignoring unknown parameter "pam password change"
Unknown parameter encountered: "writeable"
Ignoring unknown parameter "writeable"
Unknown parameter encountered: "veto files"
Ignoring unknown parameter "veto files"
Unknown parameter encountered: "veto files"
Ignoring unknown parameter "veto files"
Unknown parameter encountered: "writeable"
Ignoring unknown parameter "writeable"
Unknown parameter encountered: "public"
Ignoring unknown parameter "public"
Unknown parameter encountered: "create mode"
Ignoring unknown parameter "create mode"
Unknown parameter encountered: "directory mode"
Ignoring unknown parameter "directory mode"
Unknown parameter encountered: "writeable"
Ignoring unknown parameter "writeable"
Unknown parameter encountered: "delete readonly"
Ignoring unknown parameter "delete readonly"
Unknown parameter encountered: "public"
Ignoring unknown parameter "public"
Unknown parameter encountered: "create mode"
Ignoring unknown parameter "create mode"
Unknown parameter encountered: "directory mode"
Ignoring unknown parameter "directory mode"
Unknown parameter encountered: "veto files"
Ignoring unknown parameter "veto files"
Unknown parameter encountered: "delete readonly"
Ignoring unknown parameter "delete readonly"
Unknown parameter encountered: "public"
Ignoring unknown parameter "public"
Unknown parameter encountered: "create mode"
Ignoring unknown parameter "create mode"
Unknown parameter encountered: "directory mode"
Ignoring unknown parameter "directory mode"
/var/lib/dpkg/info/samba4.postinst: 14: /var/lib/dpkg/info/samba4.postinst: /usr/share/samba/setoption.pl: Permission denied
dpkg: error processing samba4 (--configure):
subprocess installed post-installation script returned error exit status 126
Errors were encountered while processing:
snort
samba4
E: Sub-process /usr/bin/dpkg returned an error code (1)

.. install failed!

aioriaman
(usa BackTrack)

Enviado em 05/10/2013 - 16:30h

up