mergeee!!

DMZ.sh

@@ -4,12 +4,42 @@
 # ==============================
 ip=23.214.219.129
 routerIp=23.214.219.254
-dns=23.214.219.129
-dns2=23.214.219.130
-smtp=23.214.219.131
-www=23.214.219.132
 mask25=255.255.255.128
 
+dns=23.214.219.130
+mail=23.214.219.134
+vpn_gw=23.214.219.133
+www=23.214.219.132
+smtp=23.214.219.131
+
+dnsPort=53
+mailPort=888
+vpn_gwPort=443
+wwwPort=587
+smtpPort=80
+sudo yum install iptables-services -y
+sudo systemctl stop firewalld
+sudo systemctl disable firewalld
+sudo systemctl mask firewalld
+sudo systemctl enable iptables
+
 sudo iptables -F
-sudo ifconfig enp0s9 $ip netmask $mask25
+sudo ifconfig enp0s8 $ip netmask $mask25
-sudo ip route add default via $routerIp
+sudo ip route add 192.168.10.0/24 via $routerIp
+sudo route add default gw $routerIp
+# alias dos ips
+sudo ip addr add $dns dev enp0s8
+sudo ip addr add $mail dev enp0s8
+sudo ip addr add $vpn_gw dev enp0s8
+sudo ip addr add $www dev enp0s8
+sudo ip addr add $smtp dev enp0s8
+
+# netcart
+internalIp=192.168.10.1
+nc -l &
+nc -v -s $dns    -p $dnsPort        $internalIp
+nc -v -s $mail   -p $mailPort       $internalIp
+nc -v -s $vpn_gw -p $vpn_gwPort     $internalIp
+nc -v -s $smtp   -p $smtpPort       $internalIp
+nc -v -s $www    -p $wwwPort        $internalIp
+nc -v -s $www    -p $wwwPort        $internalIp

INTERNAL.sh

@@ -1,58 +1,30 @@
-# NETWORKS:
-# DMZ: 23.214.219.128/25
-# Internal: 192.168.10.0/24
-# 
-# MACHINES:
-# DNS2: 192.137.16.75
-# EDEN 193.138.212.1
-dns2="192.137.16.75"
-eden="193.138.212.1"
-
 # ==============================
-# Router 1
+# INTERNAL
-# INTERFACES:
+# NETWORK: 192.168.10.0/24
-# - Internet: 87.248.214.97
-# - DMZ: 23.214.219.254
-# - Internal: 192.168.10.254
 # ==============================
 
-# ==============================
+ip=192.168.10.1
-# DMZ 
+routerIp=192.168.10.254
-# IP:
+mask24=255.255.255.0
-# - dns : 23.214.219.129
-# - dns2 : 23.214.219.130
-# - smtp : 23.214.219.131
-# - www : 23.214.219.132
-# -
-sudo ifconfig enp0s8 23.214.219.254 netmask 255.255.255.128
-sudo ifconfig enp0s9 192.168.10.254 netmask 255.255.255.128
-sudo ifconfig enp0s3 87.248.214.97 netmask 255.255.255.0
-
 
+ftp=192.168.10.2
+datastore=192.168.10.3
+dhcpClient=192.168.10.4
+sudo yum install iptables-services -y
+sudo systemctl stop firewalld
+sudo systemctl disable firewalld
+sudo systemctl mask firewalld
+sudo systemctl enable iptables
 sudo iptables -F
-sudo iptables -t nat -F
+sudo ifconfig enp0s8 $ip netmask $mask24
-sudo iptables -t mangle -F
+sudo ip route add 23.214.219.128/25 via $routerIp
-sudo sysctl -w net.ipv4.ip_forward=1
+sudo route add default gw $routerIp
-iptables -P INPUT DROP
+# aliasing
-iptables -P FORWARD DROP
+sudo ip addr add $ftp dev enp0s8
-iptables -P OUTPUT ACCEPT
+sudo ip addr add $datastore dev enp0s8
-sudo iptables -A INPUT -i lo -j ACCEPT
-sudo iptables -A OUTPUT -o lo -j ACCEPT
-sudo iptables -t nat -A POSTROUTING -o enp0s3 -j MASQUERADE
-#DNS name resolution requests sent to outside servers and want a response: //O ip ainda tem de mudar
-sudo iptables -A FORWARD -i enp0s8 -o enp0s3 -s 23.214.219.129 -p udp --sport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT
-#SSH connections to the router system that originate from the inside and want an answer:É preciso outra regra uma para a port enp0s9 e o ip do vpn
-sudo iptables -A FORWARD -p tcp -dport 22 -m state --state ESTABLISHED,RELATED -j ACCEPT
-#The dns server should be able to resolve names using the internet (and others???)
-sudo iptables -A FORWARD -i enp0s8 -o enp0s3 -s 23.214.219.129 -p udp --dport 53 -j ACCEPT
-sudo iptables -A FORWARD -i enp0s8 -o enp0s3 -s 23.214.219.130 -p udp --dport 53 -j ACCEPT
-# Apartir daqui foi só para testar se as conecções funcionavam
-sudo iptables -A FORWARD -i enp0s8 -s 23.214.219.129 -p tcp --sport 22 
-# Unsure these will work
-sudo iptables -A FORWARD -i enp0s9 -s 23.214.219.131
 
-
+# netcar
-#There might be a need to foward and input to, because of the nat?
+dmz=23.214.219.129
-#Dont use static ip address for internet related rules 
+nc -l &
-sudo ifconfig enp0s8 23.214.219.129 netmask 255.255.255.128
+nc -v -s $ftp       -p 53   $dmz
-sudo ip route add default via 23.214.219.254
+nc -v -s $datastore -p 888  $dmz

INTERNET.sh

@@ -0,0 +1,15 @@
+ip=87.248.214.98
+dns2=87.248.214.99
+eden=87.248.214.100
+mask24=255.255.255.0
+routerIp=87.248.214.97
+sudo yum install iptables-services -y
+sudo systemctl stop firewalld
+sudo systemctl disable firewalld
+sudo systemctl mask firewalld
+sudo systemctl enable iptables
+sudo iptables -F
+sudo ifconfig enp0s8 $dns2 netmask $mask24
+sudo route add default gw $routerIp
+#sudo ip addr add $dns2 dev enp0s8
+sudo ip addr add $eden dev enp0s8

ROUTER.sh

@@ -1,44 +1,39 @@
-# NETWORKS:
+#!/bin/bash
-# DMZ: 23.214.219.128/25
+
-# Internal: 192.168.10.0/24
+dns2="87.248.214.99"
-# 
+eden="87.248.214.100"
-# MACHINES:
-# DNS2: 192.137.16.75
-# EDEN 193.138.212.1
-dns2="192.137.16.75"
-eden="193.138.212.1"
 
-# ============================== 
 # Router 1
-# INTERFACES:
+dmzIP="23.214.219.254"
-# - Internet: 87.248.214.97
+internalIP="192.168.10.254"
-# - DMZ: 23.214.219.254
+externalIP="87.248.214.97"
-# - Internal: 192.168.10.254
-# ============================== 
 
-# ==============================
 # DMZ /25
-# IP:
+dns="23.214.219.130"
-# - dns : 23.214.219.129
+smtp="23.214.219.131"
-# - dns2 : 23.214.219.130
+www="23.214.219.132"
-# - smtp : 23.214.219.131
+vpn_gw="23.214.219.133"
-# - www : 23.214.219.132
+mail="23.214.219.134"
-# - vpn-gw: 23.214.219.133
-# ==============================
 
-# ==============================
 # Internal
-# IP:
+ftp="192.168.10.2"
-# ftp: 192.168.10.1
+datastore="192.168.10.3"
-# datastore : 192.168.10.2
+dhcpClient="192.168.10.4"
-# DHCP Client : 192.168.10.3-5
-# ==============================
 
-sudo ifconfig enp0s8 23.214.219.254 netmask 255.255.255.128
+# Interfaces
-sudo ifconfig enp0s9 192.168.10.254 netmask 255.255.255.128
+dmzIF="enp0s8"
-sudo ifconfig enp0s3 87.248.214.97 netmask 255.255.255.0
+internalIF="enp0s9"
+externalIF="enp0s10"
 
+sudo ifconfig $dmzIF $dmzIP netmask 255.255.255.128
+sudo ifconfig $internalIF $internalIP netmask 255.255.255.0
+sudo ifconfig $externalIF $externalIP netmask 255.255.255.0
 
+sudo yum install iptables-services -y
+sudo systemctl stop firewalld
+sudo systemctl disable firewalld
+sudo systemctl mask firewalld
+sudo systemctl enable iptables
 sudo iptables -F
 sudo iptables -t nat -F
 sudo iptables -t mangle -F
@@ -48,16 +43,64 @@ iptables -P FORWARD DROP
 iptables -P OUTPUT ACCEPT
 sudo iptables -A INPUT -i lo -j ACCEPT
 sudo iptables -A OUTPUT -o lo -j ACCEPT
-sudo iptables -t nat -A POSTROUTING -o enp0s3 -j MASQUERADE
+
+#sudo iptables -t nat -A POSTROUTING -i $internalIF -o enp0s3 -j MASQUERADE #SUS
+sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT #CAREFULL
+
 #DNS name resolution requests sent to outside servers and want a response:
-sudo iptables -A FORWARD -i enp0s3 -p udp --sport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT
+sudo iptables -A INPUT -i $externalIF -p udp --dport 53 -j ACCEPT
-#SSH connections to the router system that originate from the inside and want an answer:É preciso outra regra uma para a port enp0s9 e o ip do vpn
+
-sudo iptables -A FORWARD -i enp0s9 -o enp0s3 -p tcp --dport 22 -m state --state ESTABLISHED,RELATED -j ACCEPT
+#SSH connections to the router system that originate from the inside and want an answer:
-sudo iptables -A FORWARD -o enp0s3 -d 23.214.219.133 -p tcp --dport 22 -m state --state ESTABLISHED,RELATED -j ACCEPT
+sudo iptables -A INPUT -i $internalIF -p tcp --dport 22 -j ACCEPT
+sudo iptables -A INPUT -i $dmzIF -s $vpn_gw -p tcp --dport 22 -j ACCEPT
+
 #The dns server should be able to resolve names using the internet (and others???)
-sudo iptables -A FORWARD -i enp0s8 -o enp0s3 -s 23.214.219.129 -p udp --dport 53 -j ACCEPT
+sudo iptables -I FORWARD -j NFQUEUE --queue-bypass
-sudo iptables -A FORWARD -i enp0s8 -o enp0s3 -s 23.214.219.130 -p udp --dport 53 -j ACCEPT
+sudo iptables -I INPUT -j NFQUEUE --queue-bypass
-# Apartir daqui foi só para testar se as conecções funcionavam
+sudo iptables -A FORWARD -i $dmzIF -o $externalIF -s $dns -p udp --dport 53 -j ACCEPT
-sudo iptables -A FORWARD -i enp0s8 -s 23.214.219.129 -p tcp --sport 22 
+
-# Unsure these will work
+#The internal network should be able to send and recieve dns name resolutions to the dns server (1!)
-sudo iptables -A FORWARD -i enp0s9 -s 23.214.219.131
+sudo iptables -A FORWARD -i $internalIF -o $dmzIF -d $dns -p udp --dport 53 -j ACCEPT
+sudo iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT #THIS IS IMPORTANT AND MIGHT FUCK US
+
+#The dns and dns2 servers should be able to synchronize the contents of DNS zones. (protocol tcp port 53)
+sudo iptables -A FORWARD -i $dmzIF -o $externalIF -s $dns -p tcp --dport 53 -j ACCEPT
+
+#SMTP connections to the smtp server and returns
+sudo iptables -A FORWARD -i $internalIF -o $dmzIF -d $smtp -p tcp --dport 587 -j ACCEPT 
+#sudo iptables -A FORWARD -i $dmzIF -o $internalIF -p tcp --dport 587 -m state --state ESTABLISHED,RELATED -j ACCEPT
+
+#POP and IMAP connections to the www server
+sudo iptables -A FORWARD -i $internalIF -o $dmzIF -d $mail -p tcp --dport 143 -j ACCEPT 
+sudo iptables -A FORWARD -i $internalIF -o $dmzIF -d $mail -p tcp --dport 110 -j ACCEPT
+
+#HTTP and HTTPS connectins
+sudo iptables -A FORWARD -i $internalIF -o $dmzIF -d $www -p tcp --dport 80 -j ACCEPT 
+sudo iptables -A FORWARD -i $internalIF -o $dmzIF -d $www -p tcp --dport 443 -j ACCEPT
+
+#OpenVPN connections to the vpn-gw server
+sudo iptables -A FORWARD -i $internalIF -o $dmzIF -d $vpn_gw -p udp --dport 1194 -j ACCEPT 
+#sudo iptables -A FORWARD -i $dmzIF -o $internalIF -p udp --dport 1194 -j ACCEPT
+
+#VPN clients connected to the gateway vpn-gw ???? vpn should be able to acess ftp e datastore
+sudo iptables -A FORWARD -i $dmzIF -o $internalIF -s $vpn_gw -d $ftp -j ACCEPT 
+sudo iptables -A FORWARD -i $dmzIF -o $internalIF -s $vpn_gw -d $datastore -j ACCEPT 
+
+#FTP da internet WORRIED ???
+sudo iptables -A FORWARD -i $externalIF -o $internalIF -d $ftp -p tcp --dport 21 -j ACCEPT
+sudo iptables -A FORWARD -i $internalIF -o $externalIF -p tcp --sport 20 -j ACCEPT #MIGHT BE NEEDED
+
+#SSH CONNECTIONS datastore server but only from eden or dn2 DNAT -s servers, and port and -d interface
+sudo iptables -t nat -A PREROUTING -s $dns2 -p tcp --dport 22 -j DNAT --to-destination $datastore
+sudo iptables -t nat -A PREROUTING -s $eden -p tcp --dport 22 -j DNAT --to-destination $datastore
+sudo iptables -t nat -A PREROUTING -i $externalIF -p tcp --dport 21 -j DNAT --to-destination $ftp
+sudo iptables -A FORWARD -i $externalIF -o $internalIF -d $datastore -s $dns2 -p tcp --dport 22 -j ACCEPT #Need to check and make diferent ip addresses
+sudo iptables -A FORWARD -i $externalIF -o $internalIF -d $datastore -s $eden -p tcp --dport 22 -j ACCEPT
+
+#$internalIF to internet DNS, http, https, ssh, FTP(SERVERS??????(WHO INVITED THIS GUY)) SNAT
+sudo iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -o $externalIF -j SNAT --to-source $externalIP
+sudo iptables -A FORWARD -i $internalIF -o $externalIF -p udp --dport 53 -j ACCEPT 
+sudo iptables -A FORWARD -i $internalIF -o $externalIF -p tcp --dport 80 -j ACCEPT 
+sudo iptables -A FORWARD -i $internalIF -o $externalIF -p tcp --dport 443 -j ACCEPT
+sudo iptables -A FORWARD -i $internalIF -o $externalIF -p tcp --sport 21 -j ACCEPT #MIGHT NOT BE ENOUGH
+sudo iptables -A FORWARD -i $internalIF -o $externalIF -p tcp --dport 21 -j ACCEPT

relatorio.aux

@@ -0,0 +1,13 @@
+\relax 
+\providecommand \babel@aux [2]{\global \let \babel@toc \@gobbletwo }
+\@nameuse{bbl@beforestart}
+\catcode `"\active 
+\babel@aux{portuguese}{}
+\@writefile{toc}{\contentsline {section}{\numberline {1}Introduction}{2}{}\protected@file@percent }
+\@writefile{toc}{\contentsline {section}{\numberline {2}Firewall}{2}{}\protected@file@percent }
+\@writefile{toc}{\contentsline {subsection}{\numberline {2.1}Packet fileter without NAT}{2}{}\protected@file@percent }
+\@writefile{toc}{\contentsline {subsection}{\numberline {2.2}Packet filtering with NAT}{3}{}\protected@file@percent }
+\@writefile{toc}{\contentsline {section}{\numberline {3}Intrusion Detection}{4}{}\protected@file@percent }
+\@writefile{toc}{\contentsline {section}{\numberline {4}Tests utilizados}{5}{}\protected@file@percent }
+\@writefile{toc}{\contentsline {section}{\numberline {5}Conclusion}{5}{}\protected@file@percent }
+\gdef \@abspage@last{5}

relatorio.log

@@ -0,0 +1,244 @@
+This is pdfTeX, Version 3.141592653-2.6-1.40.27 (TeX Live 2026/dev/Arch Linux) (preloaded format=pdflatex 2026.1.17)  22 MAR 2026 22:27
+entering extended mode
+ \write18 enabled.
+ %&-line parsing enabled.
+**/home/vasco/EngenhariaInformatica/3ano/sem2/fsi/trabalho/relatorio
+(/home/vasco/EngenhariaInformatica/3ano/sem2/fsi/trabalho/relatorio.tex
+LaTeX2e <2024-11-01> patch level 2
+L3 programming layer <2025-01-18>
+(/usr/share/texmf-dist/tex/latex/base/article.cls
+Document Class: article 2024/06/29 v1.4n Standard LaTeX document class
+(/usr/share/texmf-dist/tex/latex/base/size12.clo
+File: size12.clo 2024/06/29 v1.4n Standard LaTeX file (size option)
+)
+\c@part=\count196
+\c@section=\count197
+\c@subsection=\count198
+\c@subsubsection=\count199
+\c@paragraph=\count266
+\c@subparagraph=\count267
+\c@figure=\count268
+\c@table=\count269
+\abovecaptionskip=\skip49
+\belowcaptionskip=\skip50
+\bibindent=\dimen141
+)
+(/usr/share/texmf-dist/tex/generic/babel/babel.sty
+Package: babel 2025/02/14 v25.4 The multilingual framework for pdfLaTeX, LuaLaT
+eX and XeLaTeX
+\babel@savecnt=\count270
+\U@D=\dimen142
+\l@unhyphenated=\language33
+
+(/usr/share/texmf-dist/tex/generic/babel/txtbabel.def)
+\bbl@readstream=\read2
+\bbl@dirlevel=\count271
+
+(/usr/share/texmf-dist/tex/generic/babel-portuges/portuguese.ldf
+Language: portuges 2021/07/09 v1.2t Portuguese support from the babel system
+Package babel Info: Making " an active character on input line 143.
+))
+(/usr/share/texmf-dist/tex/generic/babel/locale/pt/babel-portuguese.tex
+Package babel Info: Importing font and identification data for portuguese
+(babel)             from babel-pt.ini. Reported on input line 11.
+)
+(/usr/share/texmf-dist/tex/latex/ebgaramond/ebgaramond.sty
+Package: ebgaramond 2024/04/23 (Bob Tennent and autoinst) Style file for EB Gar
+amond fonts.
+
+(/usr/share/texmf-dist/tex/generic/iftex/ifxetex.sty
+Package: ifxetex 2019/10/25 v0.7 ifxetex legacy package. Use iftex instead.
+
+(/usr/share/texmf-dist/tex/generic/iftex/iftex.sty
+Package: iftex 2024/12/12 v1.0g TeX engine tests
+))
+(/usr/share/texmf-dist/tex/generic/iftex/ifluatex.sty
+Package: ifluatex 2019/10/25 v1.5 ifluatex legacy package. Use iftex instead.
+)
+(/usr/share/texmf-dist/tex/latex/xkeyval/xkeyval.sty
+Package: xkeyval 2022/06/16 v2.9 package option processing (HA)
+
+(/usr/share/texmf-dist/tex/generic/xkeyval/xkeyval.tex
+(/usr/share/texmf-dist/tex/generic/xkeyval/xkvutils.tex
+\XKV@toks=\toks17
+\XKV@tempa@toks=\toks18
+
+(/usr/share/texmf-dist/tex/generic/xkeyval/keyval.tex))
+\XKV@depth=\count272
+File: xkeyval.tex 2014/12/03 v2.7a key=value parser (HA)
+))
+(/usr/share/texmf-dist/tex/latex/base/textcomp.sty
+Package: textcomp 2024/04/24 v2.1b Standard LaTeX package
+)
+(/usr/share/texmf-dist/tex/latex/base/fontenc.sty
+Package: fontenc 2021/04/29 v2.0v Standard LaTeX package
+)
+(/usr/share/texmf-dist/tex/latex/fontaxes/fontaxes.sty
+Package: fontaxes 2020/07/21 v1.0e Font selection axes
+LaTeX Info: Redefining \upshape on input line 29.
+LaTeX Info: Redefining \itshape on input line 31.
+LaTeX Info: Redefining \slshape on input line 33.
+LaTeX Info: Redefining \swshape on input line 35.
+LaTeX Info: Redefining \scshape on input line 37.
+LaTeX Info: Redefining \sscshape on input line 39.
+LaTeX Info: Redefining \ulcshape on input line 41.
+LaTeX Info: Redefining \textsw on input line 47.
+LaTeX Info: Redefining \textssc on input line 48.
+LaTeX Info: Redefining \textulc on input line 49.
+)
+LaTeX Info: Redefining \oldstylenums on input line 163.
+LaTeX Info: Redefining \textsw on input line 173.
+)
+(/usr/share/texmf-dist/tex/latex/listings/listings.sty
+\lst@mode=\count273
+\lst@gtempboxa=\box52
+\lst@token=\toks19
+\lst@length=\count274
+\lst@currlwidth=\dimen143
+\lst@column=\count275
+\lst@pos=\count276
+\lst@lostspace=\dimen144
+\lst@width=\dimen145
+\lst@newlines=\count277
+\lst@lineno=\count278
+\lst@maxwidth=\dimen146
+
+(/usr/share/texmf-dist/tex/latex/listings/lstpatch.sty
+File: lstpatch.sty 2024/09/23 1.10c (Carsten Heinz)
+)
+(/usr/share/texmf-dist/tex/latex/listings/lstmisc.sty
+File: lstmisc.sty 2024/09/23 1.10c (Carsten Heinz)
+\c@lstnumber=\count279
+\lst@skipnumbers=\count280
+\lst@framebox=\box53
+)
+(/usr/share/texmf-dist/tex/latex/listings/listings.cfg
+File: listings.cfg 2024/09/23 1.10c listings configuration
+))
+Package: listings 2024/09/23 1.10c (Carsten Heinz)
+LaTeX Font Info:    Trying to load font information for OT1+EBGaramond-LF on in
+put line 28.
+
+(/usr/share/texmf-dist/tex/latex/ebgaramond/OT1EBGaramond-LF.fd
+File: OT1EBGaramond-LF.fd 2023/03/19 (autoinst) Font definitions for OT1/EBGara
+mond-LF.
+)
+LaTeX Font Info:    Font shape `OT1/EBGaramond-LF/m/n' will be
+(Font)              scaled to size 12.0pt on input line 28.
+
+(/usr/share/texmf-dist/tex/latex/l3backend/l3backend-pdftex.def
+File: l3backend-pdftex.def 2024-05-08 L3 backend support: PDF output (pdfTeX)
+\l__color_backend_stack_int=\count281
+\l__pdf_internal_box=\box54
+)
+(/home/vasco/EngenhariaInformatica/3ano/sem2/fsi/trabalho/relatorio.aux)
+\openout1 = `relatorio.aux'.
+
+LaTeX Font Info:    Checking defaults for OML/cmm/m/it on input line 28.
+LaTeX Font Info:    ... okay on input line 28.
+LaTeX Font Info:    Checking defaults for OMS/cmsy/m/n on input line 28.
+LaTeX Font Info:    ... okay on input line 28.
+LaTeX Font Info:    Checking defaults for OT1/cmr/m/n on input line 28.
+LaTeX Font Info:    ... okay on input line 28.
+LaTeX Font Info:    Checking defaults for T1/cmr/m/n on input line 28.
+LaTeX Font Info:    ... okay on input line 28.
+LaTeX Font Info:    Checking defaults for TS1/cmr/m/n on input line 28.
+LaTeX Font Info:    ... okay on input line 28.
+LaTeX Font Info:    Checking defaults for OMX/cmex/m/n on input line 28.
+LaTeX Font Info:    ... okay on input line 28.
+LaTeX Font Info:    Checking defaults for U/cmr/m/n on input line 28.
+LaTeX Font Info:    ... okay on input line 28.
+\c@mv@tabular=\count282
+\c@mv@boldtabular=\count283
+\c@lstlisting=\count284
+LaTeX Font Info:    Font shape `OT1/EBGaramond-LF/m/n' will be
+(Font)              scaled to size 20.74pt on input line 29.
+LaTeX Font Info:    Font shape `OT1/EBGaramond-LF/m/n' will be
+(Font)              scaled to size 14.4pt on input line 29.
+LaTeX Font Info:    External font `cmex10' loaded for size
+(Font)              <14.4> on input line 29.
+LaTeX Font Info:    External font `cmex10' loaded for size
+(Font)              <7> on input line 29.
+LaTeX Font Info:    Font shape `OT1/EBGaramond-LF/m/n' will be
+(Font)              scaled to size 17.28pt on input line 30.
+LaTeX Font Info:    Font shape `OT1/EBGaramond-LF/b/n' will be
+(Font)              scaled to size 17.28pt on input line 30.
+
+(/home/vasco/EngenhariaInformatica/3ano/sem2/fsi/trabalho/relatorio.toc
+LaTeX Font Info:    Font shape `OT1/EBGaramond-LF/b/n' will be
+(Font)              scaled to size 12.0pt on input line 2.
+LaTeX Font Info:    External font `cmex10' loaded for size
+(Font)              <12> on input line 4.
+LaTeX Font Info:    External font `cmex10' loaded for size
+(Font)              <8> on input line 4.
+LaTeX Font Info:    External font `cmex10' loaded for size
+(Font)              <6> on input line 4.
+)
+\tf@toc=\write3
+\openout3 = `relatorio.toc'.
+
+
+
+[1
+
+{/var/lib/texmf/fonts/map/pdftex/updmap/pdftex.map}{/usr/share/texmf-dist/fonts
+/enc/dvips/ebgaramond/ebg_dacnth.enc}]
+(/usr/share/texmf-dist/tex/latex/listings/lstlang1.sty
+File: lstlang1.sty 2024/09/23 1.10c listings language file
+)
+(/usr/share/texmf-dist/tex/latex/listings/lstlang1.sty
+File: lstlang1.sty 2024/09/23 1.10c listings language file
+)
+LaTeX Font Info:    Font shape `OT1/EBGaramond-LF/m/n' will be
+(Font)              scaled to size 10.0pt on input line 37.
+
+Overfull \hbox (7.49481pt too wide) in paragraph at lines 42--44
+\OT1/EBGaramond-LF/m/n/12 As tr[]es re-des tem va-rios servi[]os, o DMZ tem dns
+(23.214.219.130), mail(23.214.219.134),
+ []
+
+LaTeX Font Info:    Font shape `OT1/EBGaramond-LF/b/n' will be
+(Font)              scaled to size 14.4pt on input line 45.
+
+
+[2]
+
+[3]
+LaTeX Font Info:    Font shape `OT1/cmtt/bx/n' in size <10> not available
+(Font)              Font shape `OT1/cmtt/m/n' tried instead on input line 93.
+
+
+[4{/usr/share/texmf-dist/fonts/enc/dvips/cm-super/cm-super-ts1.enc}]
+Overfull \hbox (23.24622pt too wide) in paragraph at lines 125--126
+\OT1/EBGaramond-LF/m/n/12 Ao realizar-mos este pro-jeto apren-de-mos so-bre a c
+ria[][]ao de sce-na-rios em VMs, a configura[][]ao
+ []
+
+
+
+[5] (/home/vasco/EngenhariaInformatica/3ano/sem2/fsi/trabalho/relatorio.aux)
+ ***********
+LaTeX2e <2024-11-01> patch level 2
+L3 programming layer <2025-01-18>
+ ***********
+ ) 
+Here is how much of TeX's memory you used:
+ 4439 strings out of 474546
+ 72779 string characters out of 5749982
+ 968296 words of memory out of 5000000
+ 27469 multiletter control sequences out of 15000+600000
+ 573916 words of font info for 59 fonts, out of 8000000 for 9000
+ 352 hyphenation exceptions out of 8191
+ 57i,7n,99p,546b,1693s stack positions out of 10000i,1000n,20000p,200000b,200000s
+</usr/share/texmf-dist/fonts/type1/public/ebgaramond/EBGaramond-Bold.pfb></us
+r/share/texmf-dist/fonts/type1/public/ebgaramond/EBGaramond-Regular.pfb></usr/s
+hare/texmf-dist/fonts/type1/public/amsfonts/cm/cmtt10.pfb></usr/share/texmf-dis
+t/fonts/type1/public/cm-super/sftt1000.pfb>
+Output written on /home/vasco/EngenhariaInformatica/3ano/sem2/fsi/trabalho/rela
+torio.pdf (5 pages, 78451 bytes).
+PDF statistics:
+ 42 PDF objects out of 1000 (max. 8388607)
+ 26 compressed objects within 1 object stream
+ 0 named destinations out of 1000 (max. 500000)
+ 1 words of extra memory for PDF output out of 10000 (max. 10000000)
+

relatorio.tex

@@ -0,0 +1,126 @@
+\documentclass[12pt,a4paper]{article}
+\usepackage[portuguese]{babel}
+\usepackage[lining]{ebgaramond}
+\usepackage{listings}
+
+\lstdefinestyle{mystyle}{
+    basicstyle=\ttfamily\footnotesize,
+    breakatwhitespace=false,         
+    breaklines=true,                 
+    captionpos=b,                    
+    keepspaces=true,                 
+    numbers=left,                    
+    numbersep=5pt,                  
+    showspaces=false,                
+    showstringspaces=false,
+    showtabs=false,                  
+    tabsize=2
+}
+
+\lstset{style=mystyle}
+
+\title{Practical Assignment \#1}
+\author{
+    João Neto -- 2023234004\\[1em]
+    Vasco Alves -- 2022228207
+}
+
+\begin{document}
+\maketitle
+\tableofcontents
+\newpage
+
+\section{Introduction}
+O objetivo principal deste trabalho era aprender IPTables e como configurar um com o Suricata um sistema de filtração e deteção de ataques. Para esse fim, foi simulado um sistema dividido em três redes e um router para conectar-las. As três redes são a DMZ (23.214.219.128/25, enp0s8), Internal network (192.168.10.0/24, enp0s9) e Internet (87.248.214.0/24, enp0s10).
+
+\begin{lstlisting}[language=bash]
+Rede,Interface,Gama IP
+DMZ,enp0s8,23.214.219.128/25
+Internal,enp0s9,192.168.10.0/24
+Internet,enp0s10,87.248.214.0/24
+\end{lstlisting}
+As três redes tem varios serviços, o DMZ tem dns(23.214.219.130), mail(23.214.219.134), vpn-gw(23.214.219.133), www(23.214.219.132) e smpt(23.214.219.131). A Internal network tem ftp(192.168.10.2), datastore(192.168.10.3) e clientes (nos testes os clientes tem ip 192.168.10.4, mas está configurado para dar para qualquer edereço). Por fim a rede Internet tem dns2 (87.248.214.99) e eden (87.248.214.100), existe também outros serviços (87.248.214.98).
+Para facilitar a recriação deste sistema foi criado 4 ficheiros .sh (um para cada rede e o router), e disponibilizamos os ficheiros suricata.rules e suricata.yaml, para o suricata que estiver ligado ao Router.  Os ficheiros .sh vão ter comandos para configurar o sistema para este exercicio.
+\section{Firewall}
+\subsection{Packet fileter without NAT}
+O policy que foi escolhido foi:
+\begin{lstlisting}[language=bash]
+iptables -P INPUT DROP
+iptables -P FORWARD DROP
+iptables -P OUTPUT ACCEPT
+\end{lstlisting}
+Foi escolhido porque é mais facil dar DROP a todos os pacotes que não foi criado regras do que criar uma regra de DROP para todos os protocolos e possibilidades, o OUTPUT ficou para ACCEPT porque não existe razão para dar DROP dos pacotes que estamos a enviar neste trabalho.
+Para o router conseguir resolver DNS requests e para aceitar coneções SSH da rede interna ou da VPN gateway foi utilizado estes comandos:
+\begin{lstlisting}[language=bash]
+sudo iptables -A INPUT -i enp0s10 -p udp --dport 53 -j ACCEPT
+sudo iptables -A INPUT -i enp0s9 -p tcp --dport 22 -j ACCEPT
+sudo iptables -A INPUT -i enp0s8 -s 23.214.219.133 -p tcp --dport 22 -j ACCEPT
+\end{lstlisting}
+Para conseguirmos a confirguração pedida entre redes foi utilizado estes commandos:
+\begin{lstlisting}[language=bash]
+sudo iptables -A FORWARD -i enp0s8 -o enp0s10 -s 23.214.219.130 -p udp --dport 53 -j ACCEPT
+sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.130 -p udp --dport 53 -j ACCEPT
+sudo iptables -A FORWARD -i enp0s8 -o enp0s10 -s 23.214.219.130 -p tcp --dport 53 -j ACCEPT
+sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.131 -p tcp --dport 587 -j ACCEPT 
+sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.134 -p tcp --dport 143 -j ACCEPT 
+sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.134 -p tcp --dport 110 -j ACCEPT
+sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.132 -p tcp --dport 80 -j ACCEPT 
+sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.132 -p tcp --dport 443 -j ACCEPT
+sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.133 -p udp --dport 1194 -j ACCEPT 
+sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -s 23.214.219.133 -d 192.168.10.2 -j ACCEPT 
+sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -s 23.214.219.133 -d 192.168.10.3 -j ACCEPT
+\end{lstlisting}
+Inicialmente as implementações de respostas a forward eram especificas para cada regra isto é por exemplo:
+\begin{lstlisting}[language=bash]
+sudo iptables -A FORWARD -o enp0s8 -i enp0s10 -p udp --dport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT
+\end{lstlisting}
+No entanto isso facilmente originava confusão entre nós, então decimos utilizar estas duas regras:
+\begin{lstlisting}[language=bash]
+sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+sudo iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
+\end{lstlisting}
+Neste cenario o uso destas regras faz sentido, mas pode existir outros cenarios no futuro que não queremos uma resposta, e nesse caso temos de criar as regras necessarias.
+\subsection{Packet filtering with NAT}
+Para conecções com origem/destino na internet foi utilizado DNAT/SNAT e iptables para "esconder" o ip para a internet que querer aceder a rede interna para não terem acesso ao edereço ip e iproutes para bloquear certos pacotes de entrar, para conseguir a configuração utilizamos estes comandos:
+\begin{lstlisting}[language=bash]
+sudo iptables -A FORWARD -i enp0s10 -o enp0s9 -d 192.168.10.2 -p tcp --dport 21 -j ACCEPT
+sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p tcp --sport 20 -j ACCEPT
+sudo iptables -t nat -A PREROUTING -s $dns2 -p tcp --dport 22 -j DNAT --to-destination 192.168.10.3
+sudo iptables -t nat -A PREROUTING -s $eden -p tcp --dport 22 -j DNAT --to-destination 192.168.10.3
+sudo iptables -t nat -A PREROUTING -i enp0s10 -p tcp --dport 21 -j DNAT --to-destination 192.168.10.2
+sudo iptables -A FORWARD -i enp0s10 -o enp0s9 -d 192.168.10.3 -s $dns2 -p tcp --dport 22 -j ACCEPT
+sudo iptables -A FORWARD -i enp0s10 -o enp0s9 -d 192.168.10.3 -s $eden -p tcp --dport 22 -j ACCEPT
+sudo iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -o enp0s10 -j SNAT --to-source 87.248.214.97
+sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p udp --dport 53 -j ACCEPT 
+sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p tcp --dport 80 -j ACCEPT 
+sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p tcp --dport 443 -j ACCEPT
+sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p tcp --sport 21 -j ACCEPT
+sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p tcp --dport 21 -j ACCEPT
+\end{lstlisting}
+
+\section{Intrusion Detection}
+As regras que utilizamos para o suricata foram estas:
+\begin{lstlisting}[language=bash]
+drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET"; flags:S; threshold:type both, track by_src, count 5, seconds 60; classtype:attempted-recon; sid:1000001; rev:1;)
+drop tcp any any -> any 80 (msg:"SQL injection"; content:"union"; nocase; content:"select"; nocase; classtype:web-application-attack; sid:1000002; rev:1;)
+drop tcp any any -> any 80 (msg:"SQl injection"; content:"'or 1=1"; nocase; classtype:web-application-attack; sid:1000003; rev:1;)
+drop tcp any any -> any 80 (msg:"XSS"; content:"<script"; nocase; classtype:web-application-attack; sid:1000004; rev:1;)
+\end{lstlisting}
+A primeira é para port scaning, a segunda e a terceira é para o caso de SQL injection, e a ultima é para XSS atacks.
+Também atualizamos o iptables para passar para o suricata os pacotes para analizar e bloquear com:
+\begin{lstlisting}[language=bash]
+sudo iptables -I FORWARD -j NFQUEUE --queue-bypass
+sudo iptables -I INPUT -j NFQUEUE --queue-bypass
+\end{lstlisting}
+
+\section{Tests utilizados}
+Netcat foi utilizado para maior parte dos testes excepto para FTP, em que devido ás suas caracteristicas especificas, utilizamos os serviços para ter a certeza que funcionava com a nossa configuração. Utilizamos estes comandos curl para testar se eram bloqueados:
+\begin{lstlisting}[language=bash]
+curl -i "http://23.214.219.132/index.php?id=1%20union%20select%201,2,3"
+curl -i "http://23.214.219.132/login.php?user='or%201=1"
+curl -i "http://23.214.219.132/search.php?q=<script>alert('XSS')</script>"
+\end{lstlisting}
+
+\section{Conclusion}
+Ao realizar-mos este projeto aprendemos sobre a criação de scenarios em VMs, a configuração de uma firewall utilizando IPTables e a configuração de um IDS/IPS system utilizando Suricata
+\end{document}

relatorio.toc

@@ -0,0 +1,8 @@
+\babel@toc {portuguese}{}\relax 
+\contentsline {section}{\numberline {1}Introduction}{2}{}%
+\contentsline {section}{\numberline {2}Firewall}{2}{}%
+\contentsline {subsection}{\numberline {2.1}Packet fileter without NAT}{2}{}%
+\contentsline {subsection}{\numberline {2.2}Packet filtering with NAT}{3}{}%
+\contentsline {section}{\numberline {3}Intrusion Detection}{4}{}%
+\contentsline {section}{\numberline {4}Tests utilizados}{5}{}%
+\contentsline {section}{\numberline {5}Conclusion}{5}{}%

rogerio.txt

@@ -0,0 +1,65 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: SKS 1.1.1
+
+mQGNBGmLZjwBDACvUK1m3UikneSbyYrP0vbHMz3Dt5u0+1+/UoFHKrcIF0TeLMmeOL6s3iRW
+JoSuB0YEmiO01BMEtUHC3Bt6/fu1TjMTLGEwo4dltw/hakvjELfpKPecIo7NAX1XCmiw7f+M
+2kTfRXGlu0F0kKc+AD+xPC0tunfpacPX/xGtquPz0xp2XbKktNkj8NoUBO7BRtwrfjBXL7ZV
+irlVofs6j7w8Ka9SRtP8GLqsW+LFDQrbsDM2exvp7u61mKvTpuafOUqkqIIrXw4aDOIxjwON
+gjunZ4k38kZADxR+uzzwNFnn15qtLNECUMpOJDPplBDg0uVRQjn1BJ44AkcdwLM3unMp9BvO
+8DKg2Q6kmd5+qu3OH+BVaqDAD+5sED/LC+QGeTIEHGNbTP3hs6dGyeCcNQnORvn5JoMImUk0
+mmV/KV+qpGhi9PSxN44Kau4fWsaWIO33w1vMSnPf/s77dBT0uLT45G/1/b1N3WbD6eKTt+iC
+/+Ovp+MmWv6Fd2fPXEvwedUAEQEAAbQeUm9nZXJpbyBDIDxyb2djb3N0YUBkZWkudWMucHQ+
+iHUEEBYKAB0WIQTzZrv2P/XfDSKZTqn605rfvJqhwQUCaZMIVAAKCRD605rfvJqhwW/8AQDq
+k4kNVJOuOjHiq+F9K7X/QFJp3+z109x/ZpVGtP6aGgD6AlzWjGubsavImEMVN9QKr7tYEOWy
+NHldePm87lnDuQSJAbMEEAEIAB0WIQSORfJtzGpnilRlTysk/REF2WdojAUCaZL1XwAKCRAk
+/REF2WdojPPkC/40CesTUAcCnvKe/UHTbn483zcW8RSsXRzQZDE4iaOZQ2jCS9uzT+SaVNy5
+J8n3PNfghq19yZeyfWZrBHQBCqFwEvYqXZ/z1Qmz8wFvtDX+B5o15kuGO28/epXR7iqx/v53
++le7VmuBR6ri2kq6uT1xzotd6NYcmZpRprnzaGvCUWtuPWhG7SHjZ1TZIJuJ5cmGG8bq/wu/
+n+fcSwa3evCUR0ErkqpcC+Z9Ll8wGuSioov5A3B9UW+QWoC68VyC53RSyanNAYI3czJu5Ltq
+qXNxOv1xC1gew8FvBuxCF/3z++h2W+E5HO02zRwtqglr5ZBr4UmI0E4s8xWq0DWBU+iLwwXq
+GVNZFiJ+fNVHW6cu4deMOMVNrGJlVmlki+GkIFanlrVOwWq2+vsJFYYvHa5zBwjRRqhK5tRk
+OOa0qD3KLsCzKpiCSNb+g7TEjHqmpB/h3/MFf5mVlIiOnGYTDWBlMwZLllpLMc/3/mFm5nfX
+ofuPGl2BHUv0kdSKSa6QiEOJAbMEEAEIAB0WIQSTCl6/mmEFADoHYKEIKzRkXO0zjQUCaZMV
+9QAKCRAIKzRkXO0zjZoDC/9fcB7uDf3QSrIGm+zO//sALNCe0FSOQ5Rn8ZzMOTn3HBI5i7ct
+dZntTZuYFLa0HHWUxHBoCSwMnP5oNG91xpRTxsYpucFkKMljSiSKPgoOGxEaJDW2rK39CbzY
+xDSa9bhnbXzLWn4laTI8n6iip95IWXuqfIqYc6jfVC3YOBg+8rJ8nAJr6CWIX/6k4bavKVQQ
+4bWeuICqUlbNRhZF1BZtCPrFbrChcB+n7CqK0EGkOoySekMr/6VzwgNmuCa2m8Gi9YqzrLLd
+AzPl0mfruNHhHLBrnM0rNMMOaR39/+0xSl6c3JcsQWmgBUM1lt0th1n/yKHJMM802IyQefhR
+aJhg++xjP61vOLuJa7pb5UWiyupstKemX+8f6X970bvYPj0OaSwy4ewgxU2D5Paqd7qonnct
+eYosMnB87ZfS67LcK6YRdqjJeThaQmFujta2hUM6ZczlqGaTsOmZ/GBxIvXGYBrcrnv4d6cj
+nSGwXKKSHD2EWSNsxfIBILkQDEotD5uJAbMEEAEIAB0WIQS/yqosJXwrVXFgqQa1WXCyNLIK
+ZQUCaZMSBAAKCRC1WXCyNLIKZeU7C/4t2QA7MGNJC+uDk4p/VMfqLFz4yoJOQmAyqI+jbJwn
+T+cu2airiE74Nt77kEHjDzyD47LSGjsFe/ynK+Ey/9SeRrzA/NBngP919LW2nSwonfAIiDZ4
+dHD/aeRVCdX6Ni6PY/dc5b5ztMEgu0XBlUtWMkrrPaTmiCQ1wX5IuxrSLwldbgA8ME2TZYh7
+XQ1LUt1n15FipmdBaXxTK5FrqqWeLLxfPdntZVMQnh2nyaqAF6aEZBRj47UrcbJEIM399G8P
+nVExdvOqcCi/CDY15BVBmx/EkWTnudta7fOQgiJiOJ3WLDXvMTEEG06I/dw+eZgGLwl7Ep/x
+zrTP65tF032dxbNy1RONOijlj+l/NuOM7pFofx6yCzmRprbydyb9uM1ysRSV0GI1YW2krFzj
+ZZosZvPB470svviF8adgIQBV5TZQCzWBY+Bc5gimpZwcWCI+ByQfRAimerOgPqz/r2jQglgP
+u4PwnChSTrfNMKyAfpHIKgXAj2ar6X3IvHCkv/OJAdgEEwEIAEIWIQQ3eZDCVL86W7QFeUkd
+N5xZDJkDjwUCaYtmPAIbAwUJA8JnAAULCQgHAgMiAgEGFQoJCAsCBBYCAwECHgcCF4AACgkQ
+HTecWQyZA49onAv9GbcIpT9a52ZfSLfoXUWAVsYrCwfPb6OG+7NwJXwUPf69gK2ZSWZLrcPl
+7gLYKkWsQ2LS9Pb+kirfENk9Xvw+DMBk0KKlvsC3dOFl4srkdvuAoWvR4x5lCKBBusjM2ByR
+kRtN68a3xhLrNIHF7uxFefMIyetCJhGl1Z4rgRzslFjsjeZqv5hs7lYBtodrKXvWOfyEvZRw
+Zpibyu3v+6YgpZKdq/YQd/DNMBgCWJZOUvKbj/XiCVQ+zKBDEZpjM56TqSyqaTs7OyTXlZGX
+WRYXbtOeEf5NFlUT57FetrSszStJKow7AlLBfPlcwFgDEEKNiLf0asfdnfHepR3MT5ULNdut
+hLniGbN8HItqY94dipc0D2l3q/REY7VrsZa3vBmWdMecCLMDLO37CzIqjUO+tIGWOFhXpH86
+ARRb3C4mi39aTk8XlAQ6nUctrQSHd+oRFKRqXznAGIHHo83L7z5XvRwZ/ehZww+h0QL4JEgm
+Jaja3SZFkqf1/yGwT1EyqfVzuQGNBGmLZjwBDAC7UT7SgI/lKTAP5fyrDXDaIsVKCPZ0K+ui
+BqR+Po765zZyuZnCd8IMaeGJZipa4Jc2HRBfb2t/4drDWChhjiMtSk2jA+Ke+z/Gg8yCskg2
+aSjhiKb4dZkCWwg0+Avca3ad8F3G+pbP/aubTH2FydrJP0dQW7sPChKPEhDH83g4ek7w3CXs
+tSLQ8f3orxxqNvDr3BuVK4Lej1zgXMhSUWcTNqFje1jUwG+V03FoHfvM67HTGmnOngu9fCX0
+QbIc0x++zJg3MvPZ+hsSnJ3EemVMc5SMH/GCwIUTufEdpkCLmjETvCFT9JaVwBtgFvsF6adq
+7JMD7wcogGMVXDqrWMONZJPhiLPK9AI57zi7a31AFJEfyMMaBT3io5KdzfM0LCkpI/VT/tsO
+tM/adnID1cFt47WjeQQ0Ed0kH4fk91/wZaMAlgYeN2TSaYjb0v4RkSIWlYz2KyZ2XPaUtYyS
+Md6CmOHchTUTJ9x/qvXD53FYjnkX309c1a9Z++76R+QU6IkAEQEAAYkBvAQYAQgAJhYhBDd5
+kMJUvzpbtAV5SR03nFkMmQOPBQJpi2Y8AhsMBQkDwmcAAAoJEB03nFkMmQOPy/EL/2NTDXEI
+6ZshBZgK1UOxIWLaKuK4LwMimz3IpfWH6E1acSV4oEn5S+kGCzCeWwbOqhjFP5YYlcN3IMJX
+KddpFVn+LiN178qJZM+WxbJdRlc3n9+F2693zGMxmNtgjJ9TDCjar8nyoxWcpKXOtjxf204T
+HZAq/r2l/NHvrqZ4KJ5RU5I1Gb43UcarxZHBHy6N1Z323Zt5UMgA3WWMeXB+r374IBg4g5/l
+WCfhytvZtwVIDDERFMqpyikhlrOzLJQgVoPHUt7PCslvAaVlz1Mkj7JkF+gwizJ+zsCIkJ2Z
+YYk5nfVtDf2xEasrZgs3XF6yhXKHIS1DyIELaLzr6UkLz0H/pwgjHGG9G6pcuMeuS4vR7MEE
+7OssNRo43LjtGT9WglRhMqjqiqAIZUM6NFZ2AQQci5tOj3nNQQHovVaPm0PcC1fv99eMsDBX
+o7LiabG3y38e2q2TzbNl7v3zTXimQKtYzoff6kGr9JnKr1pD/63qZlrTrVEq/SyMrKmWN3Aq
+Rw==
+=as3M
+-----END PGP PUBLIC KEY BLOCK-----

suricata.rules

@@ -0,0 +1,5 @@
+drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET"; flags:S; threshold:type both, track by_src, count 5, seconds 60; classtype:attempted-recon; sid:1000001; rev:1;)
+drop tcp any any -> any 80 (msg:"SQL injection"; content:"union"; nocase; content:"select"; nocase; classtype:web-application-attack; sid:1000002; rev:1;)
+drop tcp any any -> any 80 (msg:"SQl injection"; content:"'or 1=1"; nocase; classtype:web-application-attack; sid:1000003; rev:1;)
+drop tcp any any -> any 80 (msg:"XSS"; content:"<script"; nocase; classtype:web-application-attack; sid:1000004; rev:1;)
+

ucstudent/pl-suricata-on-centos-installation-notes.txt

@@ -0,0 +1,83 @@
+
+# Installation of Suricata (CentOS 9) with support for the "nfq" module
+############################################################################
+
+##### Option 1: Install via YUM package manager
+yum install epel-release -y
+yum install suricata  
+
+# Check that suricata has support for NFQ
+suricata --build-info | grep NFQ
+# Update rules
+suricata-update
+# Check configuration 
+suricata -T -c /etc/suricata/suricata.yaml
+
+
+##### Option 2: Install from source 
+##### Download and install required packages
+yum install epel-release -y
+dnf config-manager --set-enabled crb
+yum groupinstall "Development Tools" -y
+##### Download and install required packages
+yum install epel-release -y
+dnf config-manager --set-enabled crb
+yum groupinstall "Development Tools" -y
+
+yum install -y \
+libpcap-devel \
+pcre-devel \
+libyaml-devel \
+file-devel \
+jansson-devel \
+libcap-ng-devel \
+libnetfilter_queue-devel \
+libnfnetlink-devel \
+libnetfilter_queue \
+zlib-devel \
+pcre2-devel \
+rust cargo \
+wget \
+tar
+
+
+# Download the latest stable version of Suricata
+cd /usr/src/
+wget https://www.openinfosecfoundation.org/download/suricata-8.0.3.tar.gz
+tar zxvf suricata-8.0.3.tar.gz
+
+# Compile and install
+cd suricata-8.0.3/
+./configure --enable-nfqueue
+
+make -j$(nproc)
+make install
+make install-conf
+make install-rules
+ldconfig
+
+# Update rules
+/usr/local/bin/suricata-update
+
+
+##### Check configuration
+/usr/local/bin/suricata --build-info | grep NFQ
+suricata -T -c /usr/local/etc/suricata/suricata.yaml
+
+
+##### Example usage
+
+# Send packets to suricata via NFQUEUE
+iptables -A OUTPUT -j NFQUEUE --queue-num 0
+iptables -A INPUT -j NFQUEUE --queue-num 0
+
+# Run suricata in inline mode (queue 0)
+suricata -q 0 -c /usr/local/etc/suricata/suricata.yaml
+
+
+##### Check logs
+# Analisar alertas resumidos no ficheiro "fast.log"
+cat fast.log
+# Analisar informação detalhada dos ataques no formato JSON no ficheiro "eve.json"
+cat eve.json | jq 'select(.event_type=="alert")' | more
+