Compare commits
41 Commits
956e79e4f9
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
|
ce074907d0 | ||
|
|
a032cdea75 | ||
|
|
992a2b90d1 | ||
|
|
2c9dfe11f9 | ||
|
|
cec9177566 | ||
|
|
51c5d2acc1 | ||
|
|
1db4072c19 | ||
|
|
21d519289d | ||
|
|
597f95e078 | ||
|
|
3124e6977a | ||
|
|
330a08f01d | ||
|
|
9852a3f21b | ||
|
|
e407142f66 | ||
|
|
16c7cc4e00 | ||
|
|
cd05757575 | ||
|
|
79be50b220 | ||
|
|
1f99e5d28a | ||
|
|
4e873db749 | ||
|
|
19c3bec0c7 | ||
|
|
b6da81c07c | ||
|
|
6cd82815e4 | ||
|
|
5d2a2e414f | ||
|
|
ecb833a122 | ||
|
|
612eeec3b2 | ||
|
|
2bdecf3cb1 | ||
|
|
3681888b5a | ||
|
|
e570e813d8 | ||
|
|
a980081af5 | ||
|
|
73408146b3 | ||
|
|
ad8af6170f | ||
|
|
d7c581263a | ||
|
|
1993201768 | ||
|
|
b90ab25ceb | ||
|
|
23db651721 | ||
|
|
b2e4ab0e22 | ||
|
|
52c398d0eb | ||
|
|
73d95440e5 | ||
|
|
d67e3d034c | ||
|
|
a6ad9873b7 | ||
|
|
0ea54c3c2a | ||
|
|
52f8aa59a2 |
60
DMZ.sh
60
DMZ.sh
@@ -1,15 +1,45 @@
|
||||
# ==============================
|
||||
# DMZ
|
||||
# NETWORK: 23.214.219.128/25
|
||||
# ==============================
|
||||
ip=23.214.219.129
|
||||
routerIp=23.214.219.254
|
||||
dns=23.214.219.129
|
||||
dns2=23.214.219.130
|
||||
smtp=23.214.219.131
|
||||
www=23.214.219.132
|
||||
mask25=255.255.255.128
|
||||
|
||||
sudo iptables -F
|
||||
sudo ifconfig enp0s9 $ip netmask $mask25
|
||||
sudo ip route add default via $routerIp
|
||||
# ==============================
|
||||
# DMZ
|
||||
# NETWORK: 23.214.219.128/25
|
||||
# ==============================
|
||||
ip=23.214.219.129
|
||||
routerIp=23.214.219.254
|
||||
mask25=255.255.255.128
|
||||
|
||||
dns=23.214.219.130
|
||||
mail=23.214.219.134
|
||||
vpn_gw=23.214.219.133
|
||||
www=23.214.219.132
|
||||
smtp=23.214.219.131
|
||||
|
||||
dnsPort=53
|
||||
mailPort=888
|
||||
vpn_gwPort=443
|
||||
wwwPort=587
|
||||
smtpPort=80
|
||||
sudo yum install iptables-services -y
|
||||
sudo systemctl stop firewalld
|
||||
sudo systemctl disable firewalld
|
||||
sudo systemctl mask firewalld
|
||||
sudo systemctl enable iptables
|
||||
|
||||
sudo iptables -F
|
||||
sudo ifconfig enp0s8 $ip netmask $mask25
|
||||
sudo ip route add 192.168.10.0/24 via $routerIp
|
||||
sudo route add default gw $routerIp
|
||||
# alias dos ips
|
||||
sudo ip addr add $dns dev enp0s8
|
||||
sudo ip addr add $mail dev enp0s8
|
||||
sudo ip addr add $vpn_gw dev enp0s8
|
||||
sudo ip addr add $www dev enp0s8
|
||||
sudo ip addr add $smtp dev enp0s8
|
||||
|
||||
# netcart
|
||||
internalIp=192.168.10.1
|
||||
nc -l &
|
||||
nc -v -s $dns -p $dnsPort $internalIp
|
||||
nc -v -s $mail -p $mailPort $internalIp
|
||||
nc -v -s $vpn_gw -p $vpn_gwPort $internalIp
|
||||
nc -v -s $smtp -p $smtpPort $internalIp
|
||||
nc -v -s $www -p $wwwPort $internalIp
|
||||
nc -v -s $www -p $wwwPort $internalIp
|
||||
|
||||
88
INTERNAL.sh
88
INTERNAL.sh
@@ -1,58 +1,30 @@
|
||||
# NETWORKS:
|
||||
# DMZ: 23.214.219.128/25
|
||||
# Internal: 192.168.10.0/24
|
||||
#
|
||||
# MACHINES:
|
||||
# DNS2: 192.137.16.75
|
||||
# EDEN 193.138.212.1
|
||||
dns2="192.137.16.75"
|
||||
eden="193.138.212.1"
|
||||
|
||||
# ==============================
|
||||
# Router 1
|
||||
# INTERFACES:
|
||||
# - Internet: 87.248.214.97
|
||||
# - DMZ: 23.214.219.254
|
||||
# - Internal: 192.168.10.254
|
||||
# ==============================
|
||||
|
||||
# ==============================
|
||||
# DMZ
|
||||
# IP:
|
||||
# - dns : 23.214.219.129
|
||||
# - dns2 : 23.214.219.130
|
||||
# - smtp : 23.214.219.131
|
||||
# - www : 23.214.219.132
|
||||
# -
|
||||
sudo ifconfig enp0s8 23.214.219.254 netmask 255.255.255.128
|
||||
sudo ifconfig enp0s9 192.168.10.254 netmask 255.255.255.128
|
||||
sudo ifconfig enp0s3 87.248.214.97 netmask 255.255.255.0
|
||||
|
||||
|
||||
sudo iptables -F
|
||||
sudo iptables -t nat -F
|
||||
sudo iptables -t mangle -F
|
||||
sudo sysctl -w net.ipv4.ip_forward=1
|
||||
iptables -P INPUT DROP
|
||||
iptables -P FORWARD DROP
|
||||
iptables -P OUTPUT ACCEPT
|
||||
sudo iptables -A INPUT -i lo -j ACCEPT
|
||||
sudo iptables -A OUTPUT -o lo -j ACCEPT
|
||||
sudo iptables -t nat -A POSTROUTING -o enp0s3 -j MASQUERADE
|
||||
#DNS name resolution requests sent to outside servers and want a response: //O ip ainda tem de mudar
|
||||
sudo iptables -A FORWARD -i enp0s8 -o enp0s3 -s 23.214.219.129 -p udp --sport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||
#SSH connections to the router system that originate from the inside and want an answer:É preciso outra regra uma para a port enp0s9 e o ip do vpn
|
||||
sudo iptables -A FORWARD -p tcp -dport 22 -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||
#The dns server should be able to resolve names using the internet (and others???)
|
||||
sudo iptables -A FORWARD -i enp0s8 -o enp0s3 -s 23.214.219.129 -p udp --dport 53 -j ACCEPT
|
||||
sudo iptables -A FORWARD -i enp0s8 -o enp0s3 -s 23.214.219.130 -p udp --dport 53 -j ACCEPT
|
||||
# Apartir daqui foi só para testar se as conecções funcionavam
|
||||
sudo iptables -A FORWARD -i enp0s8 -s 23.214.219.129 -p tcp --sport 22
|
||||
# Unsure these will work
|
||||
sudo iptables -A FORWARD -i enp0s9 -s 23.214.219.131
|
||||
|
||||
|
||||
#There might be a need to foward and input to, because of the nat?
|
||||
#Dont use static ip address for internet related rules
|
||||
sudo ifconfig enp0s8 23.214.219.129 netmask 255.255.255.128
|
||||
sudo ip route add default via 23.214.219.254
|
||||
# ==============================
|
||||
# INTERNAL
|
||||
# NETWORK: 192.168.10.0/24
|
||||
# ==============================
|
||||
|
||||
ip=192.168.10.1
|
||||
routerIp=192.168.10.254
|
||||
mask24=255.255.255.0
|
||||
|
||||
ftp=192.168.10.2
|
||||
datastore=192.168.10.3
|
||||
dhcpClient=192.168.10.4
|
||||
sudo yum install iptables-services -y
|
||||
sudo systemctl stop firewalld
|
||||
sudo systemctl disable firewalld
|
||||
sudo systemctl mask firewalld
|
||||
sudo systemctl enable iptables
|
||||
sudo iptables -F
|
||||
sudo ifconfig enp0s8 $ip netmask $mask24
|
||||
sudo ip route add 23.214.219.128/25 via $routerIp
|
||||
sudo route add default gw $routerIp
|
||||
# aliasing
|
||||
sudo ip addr add $ftp dev enp0s8
|
||||
sudo ip addr add $datastore dev enp0s8
|
||||
|
||||
# netcar
|
||||
dmz=23.214.219.129
|
||||
nc -l &
|
||||
nc -v -s $ftp -p 53 $dmz
|
||||
nc -v -s $datastore -p 888 $dmz
|
||||
|
||||
15
INTERNET.sh
Normal file
15
INTERNET.sh
Normal file
@@ -0,0 +1,15 @@
|
||||
ip=87.248.214.98
|
||||
dns2=87.248.214.99
|
||||
eden=87.248.214.100
|
||||
mask24=255.255.255.0
|
||||
routerIp=87.248.214.97
|
||||
sudo yum install iptables-services -y
|
||||
sudo systemctl stop firewalld
|
||||
sudo systemctl disable firewalld
|
||||
sudo systemctl mask firewalld
|
||||
sudo systemctl enable iptables
|
||||
sudo iptables -F
|
||||
sudo ifconfig enp0s8 $dns2 netmask $mask24
|
||||
sudo route add default gw $routerIp
|
||||
#sudo ip addr add $dns2 dev enp0s8
|
||||
sudo ip addr add $eden dev enp0s8
|
||||
164
ROUTER.sh
164
ROUTER.sh
@@ -1,58 +1,106 @@
|
||||
# NETWORKS:
|
||||
# DMZ: 23.214.219.128/25
|
||||
# Internal: 192.168.10.0/24
|
||||
#
|
||||
# MACHINES:
|
||||
# DNS2: 192.137.16.75
|
||||
# EDEN 193.138.212.1
|
||||
dns2="192.137.16.75"
|
||||
eden="193.138.212.1"
|
||||
|
||||
# ==============================
|
||||
# Router 1
|
||||
# INTERFACES:
|
||||
# - Internet: 87.248.214.97
|
||||
# - DMZ: 23.214.219.254
|
||||
# - Internal: 192.168.10.254
|
||||
# ==============================
|
||||
|
||||
# ==============================
|
||||
# DMZ
|
||||
# IP:
|
||||
# - dns : 23.214.219.129
|
||||
# - dns2 : 23.214.219.130
|
||||
# - smtp : 23.214.219.131
|
||||
# - www : 23.214.219.132
|
||||
# -
|
||||
sudo ifconfig enp0s8 23.214.219.254 netmask 255.255.255.128
|
||||
sudo ifconfig enp0s9 192.168.10.254 netmask 255.255.255.128
|
||||
sudo ifconfig enp0s3 87.248.214.97 netmask 255.255.255.0
|
||||
|
||||
|
||||
sudo iptables -F
|
||||
sudo iptables -t nat -F
|
||||
sudo iptables -t mangle -F
|
||||
sudo sysctl -w net.ipv4.ip_forward=1
|
||||
iptables -P INPUT DROP
|
||||
iptables -P FORWARD DROP
|
||||
iptables -P OUTPUT ACCEPT
|
||||
sudo iptables -A INPUT -i lo -j ACCEPT
|
||||
sudo iptables -A OUTPUT -o lo -j ACCEPT
|
||||
sudo iptables -t nat -A POSTROUTING -o enp0s3 -j MASQUERADE
|
||||
#DNS name resolution requests sent to outside servers and want a response: //O ip ainda tem de mudar
|
||||
sudo iptables -A FORWARD -i enp0s8 -o enp0s3 -s 23.214.219.129 -p udp --sport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||
#SSH connections to the router system that originate from the inside and want an answer:É preciso outra regra uma para a port enp0s9 e o ip do vpn
|
||||
sudo iptables -A FORWARD -p tcp -dport 22 -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||
#The dns server should be able to resolve names using the internet (and others???)
|
||||
sudo iptables -A FORWARD -i enp0s8 -o enp0s3 -s 23.214.219.129 -p udp --dport 53 -j ACCEPT
|
||||
sudo iptables -A FORWARD -i enp0s8 -o enp0s3 -s 23.214.219.130 -p udp --dport 53 -j ACCEPT
|
||||
# Apartir daqui foi só para testar se as conecções funcionavam
|
||||
sudo iptables -A FORWARD -i enp0s8 -s 23.214.219.129 -p tcp --sport 22
|
||||
# Unsure these will work
|
||||
sudo iptables -A FORWARD -i enp0s9 -s 23.214.219.131
|
||||
|
||||
|
||||
#There might be a need to foward and input to, because of the nat?
|
||||
#Dont use static ip address for internet related rules
|
||||
sudo ifconfig enp0s8 23.214.219.129 netmask 255.255.255.128
|
||||
sudo ip route add default via 23.214.219.254
|
||||
#!/bin/bash
|
||||
|
||||
dns2="87.248.214.99"
|
||||
eden="87.248.214.100"
|
||||
|
||||
# Router 1
|
||||
dmzIP="23.214.219.254"
|
||||
internalIP="192.168.10.254"
|
||||
externalIP="87.248.214.97"
|
||||
|
||||
# DMZ /25
|
||||
dns="23.214.219.130"
|
||||
smtp="23.214.219.131"
|
||||
www="23.214.219.132"
|
||||
vpn_gw="23.214.219.133"
|
||||
mail="23.214.219.134"
|
||||
|
||||
# Internal
|
||||
ftp="192.168.10.2"
|
||||
datastore="192.168.10.3"
|
||||
dhcpClient="192.168.10.4"
|
||||
|
||||
# Interfaces
|
||||
dmzIF="enp0s8"
|
||||
internalIF="enp0s9"
|
||||
externalIF="enp0s10"
|
||||
|
||||
sudo ifconfig $dmzIF $dmzIP netmask 255.255.255.128
|
||||
sudo ifconfig $internalIF $internalIP netmask 255.255.255.0
|
||||
sudo ifconfig $externalIF $externalIP netmask 255.255.255.0
|
||||
|
||||
sudo yum install iptables-services -y
|
||||
sudo systemctl stop firewalld
|
||||
sudo systemctl disable firewalld
|
||||
sudo systemctl mask firewalld
|
||||
sudo systemctl enable iptables
|
||||
sudo iptables -F
|
||||
sudo iptables -t nat -F
|
||||
sudo iptables -t mangle -F
|
||||
sudo sysctl -w net.ipv4.ip_forward=1
|
||||
iptables -P INPUT DROP
|
||||
iptables -P FORWARD DROP
|
||||
iptables -P OUTPUT ACCEPT
|
||||
sudo iptables -A INPUT -i lo -j ACCEPT
|
||||
sudo iptables -A OUTPUT -o lo -j ACCEPT
|
||||
|
||||
#sudo iptables -t nat -A POSTROUTING -i $internalIF -o enp0s3 -j MASQUERADE #SUS
|
||||
sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT #CAREFULL
|
||||
|
||||
#DNS name resolution requests sent to outside servers and want a response:
|
||||
sudo iptables -A INPUT -i $externalIF -p udp --dport 53 -j ACCEPT
|
||||
|
||||
#SSH connections to the router system that originate from the inside and want an answer:
|
||||
sudo iptables -A INPUT -i $internalIF -p tcp --dport 22 -j ACCEPT
|
||||
sudo iptables -A INPUT -i $dmzIF -s $vpn_gw -p tcp --dport 22 -j ACCEPT
|
||||
|
||||
#The dns server should be able to resolve names using the internet (and others???)
|
||||
sudo iptables -I FORWARD -j NFQUEUE --queue-bypass
|
||||
sudo iptables -I INPUT -j NFQUEUE --queue-bypass
|
||||
sudo iptables -A FORWARD -i $dmzIF -o $externalIF -s $dns -p udp --dport 53 -j ACCEPT
|
||||
|
||||
#The internal network should be able to send and recieve dns name resolutions to the dns server (1!)
|
||||
sudo iptables -A FORWARD -i $internalIF -o $dmzIF -d $dns -p udp --dport 53 -j ACCEPT
|
||||
sudo iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT #THIS IS IMPORTANT AND MIGHT FUCK US
|
||||
|
||||
#The dns and dns2 servers should be able to synchronize the contents of DNS zones. (protocol tcp port 53)
|
||||
sudo iptables -A FORWARD -i $dmzIF -o $externalIF -s $dns -p tcp --dport 53 -j ACCEPT
|
||||
|
||||
#SMTP connections to the smtp server and returns
|
||||
sudo iptables -A FORWARD -i $internalIF -o $dmzIF -d $smtp -p tcp --dport 587 -j ACCEPT
|
||||
#sudo iptables -A FORWARD -i $dmzIF -o $internalIF -p tcp --dport 587 -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||
|
||||
#POP and IMAP connections to the www server
|
||||
sudo iptables -A FORWARD -i $internalIF -o $dmzIF -d $mail -p tcp --dport 143 -j ACCEPT
|
||||
sudo iptables -A FORWARD -i $internalIF -o $dmzIF -d $mail -p tcp --dport 110 -j ACCEPT
|
||||
|
||||
#HTTP and HTTPS connectins
|
||||
sudo iptables -A FORWARD -i $internalIF -o $dmzIF -d $www -p tcp --dport 80 -j ACCEPT
|
||||
sudo iptables -A FORWARD -i $internalIF -o $dmzIF -d $www -p tcp --dport 443 -j ACCEPT
|
||||
|
||||
#OpenVPN connections to the vpn-gw server
|
||||
sudo iptables -A FORWARD -i $internalIF -o $dmzIF -d $vpn_gw -p udp --dport 1194 -j ACCEPT
|
||||
#sudo iptables -A FORWARD -i $dmzIF -o $internalIF -p udp --dport 1194 -j ACCEPT
|
||||
|
||||
#VPN clients connected to the gateway vpn-gw ???? vpn should be able to acess ftp e datastore
|
||||
sudo iptables -A FORWARD -i $dmzIF -o $internalIF -s $vpn_gw -d $ftp -j ACCEPT
|
||||
sudo iptables -A FORWARD -i $dmzIF -o $internalIF -s $vpn_gw -d $datastore -j ACCEPT
|
||||
|
||||
#FTP da internet WORRIED ???
|
||||
sudo iptables -A FORWARD -i $externalIF -o $internalIF -d $ftp -p tcp --dport 21 -j ACCEPT
|
||||
sudo iptables -A FORWARD -i $internalIF -o $externalIF -p tcp --sport 20 -j ACCEPT #MIGHT BE NEEDED
|
||||
|
||||
#SSH CONNECTIONS datastore server but only from eden or dn2 DNAT -s servers, and port and -d interface
|
||||
sudo iptables -t nat -A PREROUTING -s $dns2 -p tcp --dport 22 -j DNAT --to-destination $datastore
|
||||
sudo iptables -t nat -A PREROUTING -s $eden -p tcp --dport 22 -j DNAT --to-destination $datastore
|
||||
sudo iptables -t nat -A PREROUTING -i $externalIF -p tcp --dport 21 -j DNAT --to-destination $ftp
|
||||
sudo iptables -A FORWARD -i $externalIF -o $internalIF -d $datastore -s $dns2 -p tcp --dport 22 -j ACCEPT #Need to check and make diferent ip addresses
|
||||
sudo iptables -A FORWARD -i $externalIF -o $internalIF -d $datastore -s $eden -p tcp --dport 22 -j ACCEPT
|
||||
|
||||
#$internalIF to internet DNS, http, https, ssh, FTP(SERVERS??????(WHO INVITED THIS GUY)) SNAT
|
||||
sudo iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -o $externalIF -j SNAT --to-source $externalIP
|
||||
sudo iptables -A FORWARD -i $internalIF -o $externalIF -p udp --dport 53 -j ACCEPT
|
||||
sudo iptables -A FORWARD -i $internalIF -o $externalIF -p tcp --dport 80 -j ACCEPT
|
||||
sudo iptables -A FORWARD -i $internalIF -o $externalIF -p tcp --dport 443 -j ACCEPT
|
||||
sudo iptables -A FORWARD -i $internalIF -o $externalIF -p tcp --sport 21 -j ACCEPT #MIGHT NOT BE ENOUGH
|
||||
sudo iptables -A FORWARD -i $internalIF -o $externalIF -p tcp --dport 21 -j ACCEPT
|
||||
|
||||
BIN
entrega.zip
Normal file
BIN
entrega.zip
Normal file
Binary file not shown.
2281
entrega.zip.asc
Normal file
2281
entrega.zip.asc
Normal file
File diff suppressed because it is too large
Load Diff
13
relatorio.aux
Normal file
13
relatorio.aux
Normal file
@@ -0,0 +1,13 @@
|
||||
\relax
|
||||
\providecommand \babel@aux [2]{\global \let \babel@toc \@gobbletwo }
|
||||
\@nameuse{bbl@beforestart}
|
||||
\catcode `"\active
|
||||
\babel@aux{portuguese}{}
|
||||
\@writefile{toc}{\contentsline {section}{\numberline {1}Introduction}{2}{}\protected@file@percent }
|
||||
\@writefile{toc}{\contentsline {section}{\numberline {2}Firewall}{2}{}\protected@file@percent }
|
||||
\@writefile{toc}{\contentsline {subsection}{\numberline {2.1}Packet fileter without NAT}{2}{}\protected@file@percent }
|
||||
\@writefile{toc}{\contentsline {subsection}{\numberline {2.2}Packet filtering with NAT}{3}{}\protected@file@percent }
|
||||
\@writefile{toc}{\contentsline {section}{\numberline {3}Intrusion Detection}{4}{}\protected@file@percent }
|
||||
\@writefile{toc}{\contentsline {section}{\numberline {4}Tests utilizados}{5}{}\protected@file@percent }
|
||||
\@writefile{toc}{\contentsline {section}{\numberline {5}Conclusion}{5}{}\protected@file@percent }
|
||||
\gdef \@abspage@last{5}
|
||||
244
relatorio.log
Normal file
244
relatorio.log
Normal file
@@ -0,0 +1,244 @@
|
||||
This is pdfTeX, Version 3.141592653-2.6-1.40.27 (TeX Live 2026/dev/Arch Linux) (preloaded format=pdflatex 2026.1.17) 22 MAR 2026 22:27
|
||||
entering extended mode
|
||||
\write18 enabled.
|
||||
%&-line parsing enabled.
|
||||
**/home/vasco/EngenhariaInformatica/3ano/sem2/fsi/trabalho/relatorio
|
||||
(/home/vasco/EngenhariaInformatica/3ano/sem2/fsi/trabalho/relatorio.tex
|
||||
LaTeX2e <2024-11-01> patch level 2
|
||||
L3 programming layer <2025-01-18>
|
||||
(/usr/share/texmf-dist/tex/latex/base/article.cls
|
||||
Document Class: article 2024/06/29 v1.4n Standard LaTeX document class
|
||||
(/usr/share/texmf-dist/tex/latex/base/size12.clo
|
||||
File: size12.clo 2024/06/29 v1.4n Standard LaTeX file (size option)
|
||||
)
|
||||
\c@part=\count196
|
||||
\c@section=\count197
|
||||
\c@subsection=\count198
|
||||
\c@subsubsection=\count199
|
||||
\c@paragraph=\count266
|
||||
\c@subparagraph=\count267
|
||||
\c@figure=\count268
|
||||
\c@table=\count269
|
||||
\abovecaptionskip=\skip49
|
||||
\belowcaptionskip=\skip50
|
||||
\bibindent=\dimen141
|
||||
)
|
||||
(/usr/share/texmf-dist/tex/generic/babel/babel.sty
|
||||
Package: babel 2025/02/14 v25.4 The multilingual framework for pdfLaTeX, LuaLaT
|
||||
eX and XeLaTeX
|
||||
\babel@savecnt=\count270
|
||||
\U@D=\dimen142
|
||||
\l@unhyphenated=\language33
|
||||
|
||||
(/usr/share/texmf-dist/tex/generic/babel/txtbabel.def)
|
||||
\bbl@readstream=\read2
|
||||
\bbl@dirlevel=\count271
|
||||
|
||||
(/usr/share/texmf-dist/tex/generic/babel-portuges/portuguese.ldf
|
||||
Language: portuges 2021/07/09 v1.2t Portuguese support from the babel system
|
||||
Package babel Info: Making " an active character on input line 143.
|
||||
))
|
||||
(/usr/share/texmf-dist/tex/generic/babel/locale/pt/babel-portuguese.tex
|
||||
Package babel Info: Importing font and identification data for portuguese
|
||||
(babel) from babel-pt.ini. Reported on input line 11.
|
||||
)
|
||||
(/usr/share/texmf-dist/tex/latex/ebgaramond/ebgaramond.sty
|
||||
Package: ebgaramond 2024/04/23 (Bob Tennent and autoinst) Style file for EB Gar
|
||||
amond fonts.
|
||||
|
||||
(/usr/share/texmf-dist/tex/generic/iftex/ifxetex.sty
|
||||
Package: ifxetex 2019/10/25 v0.7 ifxetex legacy package. Use iftex instead.
|
||||
|
||||
(/usr/share/texmf-dist/tex/generic/iftex/iftex.sty
|
||||
Package: iftex 2024/12/12 v1.0g TeX engine tests
|
||||
))
|
||||
(/usr/share/texmf-dist/tex/generic/iftex/ifluatex.sty
|
||||
Package: ifluatex 2019/10/25 v1.5 ifluatex legacy package. Use iftex instead.
|
||||
)
|
||||
(/usr/share/texmf-dist/tex/latex/xkeyval/xkeyval.sty
|
||||
Package: xkeyval 2022/06/16 v2.9 package option processing (HA)
|
||||
|
||||
(/usr/share/texmf-dist/tex/generic/xkeyval/xkeyval.tex
|
||||
(/usr/share/texmf-dist/tex/generic/xkeyval/xkvutils.tex
|
||||
\XKV@toks=\toks17
|
||||
\XKV@tempa@toks=\toks18
|
||||
|
||||
(/usr/share/texmf-dist/tex/generic/xkeyval/keyval.tex))
|
||||
\XKV@depth=\count272
|
||||
File: xkeyval.tex 2014/12/03 v2.7a key=value parser (HA)
|
||||
))
|
||||
(/usr/share/texmf-dist/tex/latex/base/textcomp.sty
|
||||
Package: textcomp 2024/04/24 v2.1b Standard LaTeX package
|
||||
)
|
||||
(/usr/share/texmf-dist/tex/latex/base/fontenc.sty
|
||||
Package: fontenc 2021/04/29 v2.0v Standard LaTeX package
|
||||
)
|
||||
(/usr/share/texmf-dist/tex/latex/fontaxes/fontaxes.sty
|
||||
Package: fontaxes 2020/07/21 v1.0e Font selection axes
|
||||
LaTeX Info: Redefining \upshape on input line 29.
|
||||
LaTeX Info: Redefining \itshape on input line 31.
|
||||
LaTeX Info: Redefining \slshape on input line 33.
|
||||
LaTeX Info: Redefining \swshape on input line 35.
|
||||
LaTeX Info: Redefining \scshape on input line 37.
|
||||
LaTeX Info: Redefining \sscshape on input line 39.
|
||||
LaTeX Info: Redefining \ulcshape on input line 41.
|
||||
LaTeX Info: Redefining \textsw on input line 47.
|
||||
LaTeX Info: Redefining \textssc on input line 48.
|
||||
LaTeX Info: Redefining \textulc on input line 49.
|
||||
)
|
||||
LaTeX Info: Redefining \oldstylenums on input line 163.
|
||||
LaTeX Info: Redefining \textsw on input line 173.
|
||||
)
|
||||
(/usr/share/texmf-dist/tex/latex/listings/listings.sty
|
||||
\lst@mode=\count273
|
||||
\lst@gtempboxa=\box52
|
||||
\lst@token=\toks19
|
||||
\lst@length=\count274
|
||||
\lst@currlwidth=\dimen143
|
||||
\lst@column=\count275
|
||||
\lst@pos=\count276
|
||||
\lst@lostspace=\dimen144
|
||||
\lst@width=\dimen145
|
||||
\lst@newlines=\count277
|
||||
\lst@lineno=\count278
|
||||
\lst@maxwidth=\dimen146
|
||||
|
||||
(/usr/share/texmf-dist/tex/latex/listings/lstpatch.sty
|
||||
File: lstpatch.sty 2024/09/23 1.10c (Carsten Heinz)
|
||||
)
|
||||
(/usr/share/texmf-dist/tex/latex/listings/lstmisc.sty
|
||||
File: lstmisc.sty 2024/09/23 1.10c (Carsten Heinz)
|
||||
\c@lstnumber=\count279
|
||||
\lst@skipnumbers=\count280
|
||||
\lst@framebox=\box53
|
||||
)
|
||||
(/usr/share/texmf-dist/tex/latex/listings/listings.cfg
|
||||
File: listings.cfg 2024/09/23 1.10c listings configuration
|
||||
))
|
||||
Package: listings 2024/09/23 1.10c (Carsten Heinz)
|
||||
LaTeX Font Info: Trying to load font information for OT1+EBGaramond-LF on in
|
||||
put line 28.
|
||||
|
||||
(/usr/share/texmf-dist/tex/latex/ebgaramond/OT1EBGaramond-LF.fd
|
||||
File: OT1EBGaramond-LF.fd 2023/03/19 (autoinst) Font definitions for OT1/EBGara
|
||||
mond-LF.
|
||||
)
|
||||
LaTeX Font Info: Font shape `OT1/EBGaramond-LF/m/n' will be
|
||||
(Font) scaled to size 12.0pt on input line 28.
|
||||
|
||||
(/usr/share/texmf-dist/tex/latex/l3backend/l3backend-pdftex.def
|
||||
File: l3backend-pdftex.def 2024-05-08 L3 backend support: PDF output (pdfTeX)
|
||||
\l__color_backend_stack_int=\count281
|
||||
\l__pdf_internal_box=\box54
|
||||
)
|
||||
(/home/vasco/EngenhariaInformatica/3ano/sem2/fsi/trabalho/relatorio.aux)
|
||||
\openout1 = `relatorio.aux'.
|
||||
|
||||
LaTeX Font Info: Checking defaults for OML/cmm/m/it on input line 28.
|
||||
LaTeX Font Info: ... okay on input line 28.
|
||||
LaTeX Font Info: Checking defaults for OMS/cmsy/m/n on input line 28.
|
||||
LaTeX Font Info: ... okay on input line 28.
|
||||
LaTeX Font Info: Checking defaults for OT1/cmr/m/n on input line 28.
|
||||
LaTeX Font Info: ... okay on input line 28.
|
||||
LaTeX Font Info: Checking defaults for T1/cmr/m/n on input line 28.
|
||||
LaTeX Font Info: ... okay on input line 28.
|
||||
LaTeX Font Info: Checking defaults for TS1/cmr/m/n on input line 28.
|
||||
LaTeX Font Info: ... okay on input line 28.
|
||||
LaTeX Font Info: Checking defaults for OMX/cmex/m/n on input line 28.
|
||||
LaTeX Font Info: ... okay on input line 28.
|
||||
LaTeX Font Info: Checking defaults for U/cmr/m/n on input line 28.
|
||||
LaTeX Font Info: ... okay on input line 28.
|
||||
\c@mv@tabular=\count282
|
||||
\c@mv@boldtabular=\count283
|
||||
\c@lstlisting=\count284
|
||||
LaTeX Font Info: Font shape `OT1/EBGaramond-LF/m/n' will be
|
||||
(Font) scaled to size 20.74pt on input line 29.
|
||||
LaTeX Font Info: Font shape `OT1/EBGaramond-LF/m/n' will be
|
||||
(Font) scaled to size 14.4pt on input line 29.
|
||||
LaTeX Font Info: External font `cmex10' loaded for size
|
||||
(Font) <14.4> on input line 29.
|
||||
LaTeX Font Info: External font `cmex10' loaded for size
|
||||
(Font) <7> on input line 29.
|
||||
LaTeX Font Info: Font shape `OT1/EBGaramond-LF/m/n' will be
|
||||
(Font) scaled to size 17.28pt on input line 30.
|
||||
LaTeX Font Info: Font shape `OT1/EBGaramond-LF/b/n' will be
|
||||
(Font) scaled to size 17.28pt on input line 30.
|
||||
|
||||
(/home/vasco/EngenhariaInformatica/3ano/sem2/fsi/trabalho/relatorio.toc
|
||||
LaTeX Font Info: Font shape `OT1/EBGaramond-LF/b/n' will be
|
||||
(Font) scaled to size 12.0pt on input line 2.
|
||||
LaTeX Font Info: External font `cmex10' loaded for size
|
||||
(Font) <12> on input line 4.
|
||||
LaTeX Font Info: External font `cmex10' loaded for size
|
||||
(Font) <8> on input line 4.
|
||||
LaTeX Font Info: External font `cmex10' loaded for size
|
||||
(Font) <6> on input line 4.
|
||||
)
|
||||
\tf@toc=\write3
|
||||
\openout3 = `relatorio.toc'.
|
||||
|
||||
|
||||
|
||||
[1
|
||||
|
||||
{/var/lib/texmf/fonts/map/pdftex/updmap/pdftex.map}{/usr/share/texmf-dist/fonts
|
||||
/enc/dvips/ebgaramond/ebg_dacnth.enc}]
|
||||
(/usr/share/texmf-dist/tex/latex/listings/lstlang1.sty
|
||||
File: lstlang1.sty 2024/09/23 1.10c listings language file
|
||||
)
|
||||
(/usr/share/texmf-dist/tex/latex/listings/lstlang1.sty
|
||||
File: lstlang1.sty 2024/09/23 1.10c listings language file
|
||||
)
|
||||
LaTeX Font Info: Font shape `OT1/EBGaramond-LF/m/n' will be
|
||||
(Font) scaled to size 10.0pt on input line 37.
|
||||
|
||||
Overfull \hbox (7.49481pt too wide) in paragraph at lines 42--44
|
||||
\OT1/EBGaramond-LF/m/n/12 As tr[]es re-des tem va-rios servi[]os, o DMZ tem dns
|
||||
(23.214.219.130), mail(23.214.219.134),
|
||||
[]
|
||||
|
||||
LaTeX Font Info: Font shape `OT1/EBGaramond-LF/b/n' will be
|
||||
(Font) scaled to size 14.4pt on input line 45.
|
||||
|
||||
|
||||
[2]
|
||||
|
||||
[3]
|
||||
LaTeX Font Info: Font shape `OT1/cmtt/bx/n' in size <10> not available
|
||||
(Font) Font shape `OT1/cmtt/m/n' tried instead on input line 93.
|
||||
|
||||
|
||||
[4{/usr/share/texmf-dist/fonts/enc/dvips/cm-super/cm-super-ts1.enc}]
|
||||
Overfull \hbox (23.24622pt too wide) in paragraph at lines 125--126
|
||||
\OT1/EBGaramond-LF/m/n/12 Ao realizar-mos este pro-jeto apren-de-mos so-bre a c
|
||||
ria[][]ao de sce-na-rios em VMs, a configura[][]ao
|
||||
[]
|
||||
|
||||
|
||||
|
||||
[5] (/home/vasco/EngenhariaInformatica/3ano/sem2/fsi/trabalho/relatorio.aux)
|
||||
***********
|
||||
LaTeX2e <2024-11-01> patch level 2
|
||||
L3 programming layer <2025-01-18>
|
||||
***********
|
||||
)
|
||||
Here is how much of TeX's memory you used:
|
||||
4439 strings out of 474546
|
||||
72779 string characters out of 5749982
|
||||
968296 words of memory out of 5000000
|
||||
27469 multiletter control sequences out of 15000+600000
|
||||
573916 words of font info for 59 fonts, out of 8000000 for 9000
|
||||
352 hyphenation exceptions out of 8191
|
||||
57i,7n,99p,546b,1693s stack positions out of 10000i,1000n,20000p,200000b,200000s
|
||||
</usr/share/texmf-dist/fonts/type1/public/ebgaramond/EBGaramond-Bold.pfb></us
|
||||
r/share/texmf-dist/fonts/type1/public/ebgaramond/EBGaramond-Regular.pfb></usr/s
|
||||
hare/texmf-dist/fonts/type1/public/amsfonts/cm/cmtt10.pfb></usr/share/texmf-dis
|
||||
t/fonts/type1/public/cm-super/sftt1000.pfb>
|
||||
Output written on /home/vasco/EngenhariaInformatica/3ano/sem2/fsi/trabalho/rela
|
||||
torio.pdf (5 pages, 78451 bytes).
|
||||
PDF statistics:
|
||||
42 PDF objects out of 1000 (max. 8388607)
|
||||
26 compressed objects within 1 object stream
|
||||
0 named destinations out of 1000 (max. 500000)
|
||||
1 words of extra memory for PDF output out of 10000 (max. 10000000)
|
||||
|
||||
BIN
relatorio.pdf
Normal file
BIN
relatorio.pdf
Normal file
Binary file not shown.
126
relatorio.tex
Normal file
126
relatorio.tex
Normal file
@@ -0,0 +1,126 @@
|
||||
\documentclass[12pt,a4paper]{article}
|
||||
\usepackage[portuguese]{babel}
|
||||
\usepackage[lining]{ebgaramond}
|
||||
\usepackage{listings}
|
||||
|
||||
\lstdefinestyle{mystyle}{
|
||||
basicstyle=\ttfamily\footnotesize,
|
||||
breakatwhitespace=false,
|
||||
breaklines=true,
|
||||
captionpos=b,
|
||||
keepspaces=true,
|
||||
numbers=left,
|
||||
numbersep=5pt,
|
||||
showspaces=false,
|
||||
showstringspaces=false,
|
||||
showtabs=false,
|
||||
tabsize=2
|
||||
}
|
||||
|
||||
\lstset{style=mystyle}
|
||||
|
||||
\title{Practical Assignment \#1}
|
||||
\author{
|
||||
João Neto -- 2023234004\\[1em]
|
||||
Vasco Alves -- 2022228207
|
||||
}
|
||||
|
||||
\begin{document}
|
||||
\maketitle
|
||||
\tableofcontents
|
||||
\newpage
|
||||
|
||||
\section{Introduction}
|
||||
O objetivo principal deste trabalho era aprender IPTables e como configurar um com o Suricata um sistema de filtração e deteção de ataques. Para esse fim, foi simulado um sistema dividido em três redes e um router para conectar-las. As três redes são a DMZ (23.214.219.128/25, enp0s8), Internal network (192.168.10.0/24, enp0s9) e Internet (87.248.214.0/24, enp0s10).
|
||||
|
||||
\begin{lstlisting}[language=bash]
|
||||
Rede,Interface,Gama IP
|
||||
DMZ,enp0s8,23.214.219.128/25
|
||||
Internal,enp0s9,192.168.10.0/24
|
||||
Internet,enp0s10,87.248.214.0/24
|
||||
\end{lstlisting}
|
||||
As três redes tem varios serviços, o DMZ tem dns(23.214.219.130), mail(23.214.219.134), vpn-gw(23.214.219.133), www(23.214.219.132) e smpt(23.214.219.131). A Internal network tem ftp(192.168.10.2), datastore(192.168.10.3) e clientes (nos testes os clientes tem ip 192.168.10.4, mas está configurado para dar para qualquer edereço). Por fim a rede Internet tem dns2 (87.248.214.99) e eden (87.248.214.100), existe também outros serviços (87.248.214.98).
|
||||
Para facilitar a recriação deste sistema foi criado 4 ficheiros .sh (um para cada rede e o router), e disponibilizamos os ficheiros suricata.rules e suricata.yaml, para o suricata que estiver ligado ao Router. Os ficheiros .sh vão ter comandos para configurar o sistema para este exercicio.
|
||||
\section{Firewall}
|
||||
\subsection{Packet fileter without NAT}
|
||||
O policy que foi escolhido foi:
|
||||
\begin{lstlisting}[language=bash]
|
||||
iptables -P INPUT DROP
|
||||
iptables -P FORWARD DROP
|
||||
iptables -P OUTPUT ACCEPT
|
||||
\end{lstlisting}
|
||||
Foi escolhido porque é mais facil dar DROP a todos os pacotes que não foi criado regras do que criar uma regra de DROP para todos os protocolos e possibilidades, o OUTPUT ficou para ACCEPT porque não existe razão para dar DROP dos pacotes que estamos a enviar neste trabalho.
|
||||
Para o router conseguir resolver DNS requests e para aceitar coneções SSH da rede interna ou da VPN gateway foi utilizado estes comandos:
|
||||
\begin{lstlisting}[language=bash]
|
||||
sudo iptables -A INPUT -i enp0s10 -p udp --dport 53 -j ACCEPT
|
||||
sudo iptables -A INPUT -i enp0s9 -p tcp --dport 22 -j ACCEPT
|
||||
sudo iptables -A INPUT -i enp0s8 -s 23.214.219.133 -p tcp --dport 22 -j ACCEPT
|
||||
\end{lstlisting}
|
||||
Para conseguirmos a confirguração pedida entre redes foi utilizado estes commandos:
|
||||
\begin{lstlisting}[language=bash]
|
||||
sudo iptables -A FORWARD -i enp0s8 -o enp0s10 -s 23.214.219.130 -p udp --dport 53 -j ACCEPT
|
||||
sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.130 -p udp --dport 53 -j ACCEPT
|
||||
sudo iptables -A FORWARD -i enp0s8 -o enp0s10 -s 23.214.219.130 -p tcp --dport 53 -j ACCEPT
|
||||
sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.131 -p tcp --dport 587 -j ACCEPT
|
||||
sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.134 -p tcp --dport 143 -j ACCEPT
|
||||
sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.134 -p tcp --dport 110 -j ACCEPT
|
||||
sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.132 -p tcp --dport 80 -j ACCEPT
|
||||
sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.132 -p tcp --dport 443 -j ACCEPT
|
||||
sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.133 -p udp --dport 1194 -j ACCEPT
|
||||
sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -s 23.214.219.133 -d 192.168.10.2 -j ACCEPT
|
||||
sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -s 23.214.219.133 -d 192.168.10.3 -j ACCEPT
|
||||
\end{lstlisting}
|
||||
Inicialmente as implementações de respostas a forward eram especificas para cada regra isto é por exemplo:
|
||||
\begin{lstlisting}[language=bash]
|
||||
sudo iptables -A FORWARD -o enp0s8 -i enp0s10 -p udp --dport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||
\end{lstlisting}
|
||||
No entanto isso facilmente originava confusão entre nós, então decimos utilizar estas duas regras:
|
||||
\begin{lstlisting}[language=bash]
|
||||
sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||
sudo iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||
\end{lstlisting}
|
||||
Neste cenario o uso destas regras faz sentido, mas pode existir outros cenarios no futuro que não queremos uma resposta, e nesse caso temos de criar as regras necessarias.
|
||||
\subsection{Packet filtering with NAT}
|
||||
Para conecções com origem/destino na internet foi utilizado DNAT/SNAT e iptables para "esconder" o ip para a internet que querer aceder a rede interna para não terem acesso ao edereço ip e iproutes para bloquear certos pacotes de entrar, para conseguir a configuração utilizamos estes comandos:
|
||||
\begin{lstlisting}[language=bash]
|
||||
sudo iptables -A FORWARD -i enp0s10 -o enp0s9 -d 192.168.10.2 -p tcp --dport 21 -j ACCEPT
|
||||
sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p tcp --sport 20 -j ACCEPT
|
||||
sudo iptables -t nat -A PREROUTING -s $dns2 -p tcp --dport 22 -j DNAT --to-destination 192.168.10.3
|
||||
sudo iptables -t nat -A PREROUTING -s $eden -p tcp --dport 22 -j DNAT --to-destination 192.168.10.3
|
||||
sudo iptables -t nat -A PREROUTING -i enp0s10 -p tcp --dport 21 -j DNAT --to-destination 192.168.10.2
|
||||
sudo iptables -A FORWARD -i enp0s10 -o enp0s9 -d 192.168.10.3 -s $dns2 -p tcp --dport 22 -j ACCEPT
|
||||
sudo iptables -A FORWARD -i enp0s10 -o enp0s9 -d 192.168.10.3 -s $eden -p tcp --dport 22 -j ACCEPT
|
||||
sudo iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -o enp0s10 -j SNAT --to-source 87.248.214.97
|
||||
sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p udp --dport 53 -j ACCEPT
|
||||
sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p tcp --dport 80 -j ACCEPT
|
||||
sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p tcp --dport 443 -j ACCEPT
|
||||
sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p tcp --sport 21 -j ACCEPT
|
||||
sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p tcp --dport 21 -j ACCEPT
|
||||
\end{lstlisting}
|
||||
|
||||
\section{Intrusion Detection}
|
||||
As regras que utilizamos para o suricata foram estas:
|
||||
\begin{lstlisting}[language=bash]
|
||||
drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET"; flags:S; threshold:type both, track by_src, count 5, seconds 60; classtype:attempted-recon; sid:1000001; rev:1;)
|
||||
drop tcp any any -> any 80 (msg:"SQL injection"; content:"union"; nocase; content:"select"; nocase; classtype:web-application-attack; sid:1000002; rev:1;)
|
||||
drop tcp any any -> any 80 (msg:"SQl injection"; content:"'or 1=1"; nocase; classtype:web-application-attack; sid:1000003; rev:1;)
|
||||
drop tcp any any -> any 80 (msg:"XSS"; content:"<script"; nocase; classtype:web-application-attack; sid:1000004; rev:1;)
|
||||
\end{lstlisting}
|
||||
A primeira é para port scaning, a segunda e a terceira é para o caso de SQL injection, e a ultima é para XSS atacks.
|
||||
Também atualizamos o iptables para passar para o suricata os pacotes para analizar e bloquear com:
|
||||
\begin{lstlisting}[language=bash]
|
||||
sudo iptables -I FORWARD -j NFQUEUE --queue-bypass
|
||||
sudo iptables -I INPUT -j NFQUEUE --queue-bypass
|
||||
\end{lstlisting}
|
||||
|
||||
\section{Tests utilizados}
|
||||
Netcat foi utilizado para maior parte dos testes excepto para FTP, em que devido ás suas caracteristicas especificas, utilizamos os serviços para ter a certeza que funcionava com a nossa configuração. Utilizamos estes comandos curl para testar se eram bloqueados:
|
||||
\begin{lstlisting}[language=bash]
|
||||
curl -i "http://23.214.219.132/index.php?id=1%20union%20select%201,2,3"
|
||||
curl -i "http://23.214.219.132/login.php?user='or%201=1"
|
||||
curl -i "http://23.214.219.132/search.php?q=<script>alert('XSS')</script>"
|
||||
\end{lstlisting}
|
||||
|
||||
\section{Conclusion}
|
||||
Ao realizar-mos este projeto aprendemos sobre a criação de scenarios em VMs, a configuração de uma firewall utilizando IPTables e a configuração de um IDS/IPS system utilizando Suricata
|
||||
\end{document}
|
||||
8
relatorio.toc
Normal file
8
relatorio.toc
Normal file
@@ -0,0 +1,8 @@
|
||||
\babel@toc {portuguese}{}\relax
|
||||
\contentsline {section}{\numberline {1}Introduction}{2}{}%
|
||||
\contentsline {section}{\numberline {2}Firewall}{2}{}%
|
||||
\contentsline {subsection}{\numberline {2.1}Packet fileter without NAT}{2}{}%
|
||||
\contentsline {subsection}{\numberline {2.2}Packet filtering with NAT}{3}{}%
|
||||
\contentsline {section}{\numberline {3}Intrusion Detection}{4}{}%
|
||||
\contentsline {section}{\numberline {4}Tests utilizados}{5}{}%
|
||||
\contentsline {section}{\numberline {5}Conclusion}{5}{}%
|
||||
65
rogerio.txt
Normal file
65
rogerio.txt
Normal file
@@ -0,0 +1,65 @@
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
Version: SKS 1.1.1
|
||||
|
||||
mQGNBGmLZjwBDACvUK1m3UikneSbyYrP0vbHMz3Dt5u0+1+/UoFHKrcIF0TeLMmeOL6s3iRW
|
||||
JoSuB0YEmiO01BMEtUHC3Bt6/fu1TjMTLGEwo4dltw/hakvjELfpKPecIo7NAX1XCmiw7f+M
|
||||
2kTfRXGlu0F0kKc+AD+xPC0tunfpacPX/xGtquPz0xp2XbKktNkj8NoUBO7BRtwrfjBXL7ZV
|
||||
irlVofs6j7w8Ka9SRtP8GLqsW+LFDQrbsDM2exvp7u61mKvTpuafOUqkqIIrXw4aDOIxjwON
|
||||
gjunZ4k38kZADxR+uzzwNFnn15qtLNECUMpOJDPplBDg0uVRQjn1BJ44AkcdwLM3unMp9BvO
|
||||
8DKg2Q6kmd5+qu3OH+BVaqDAD+5sED/LC+QGeTIEHGNbTP3hs6dGyeCcNQnORvn5JoMImUk0
|
||||
mmV/KV+qpGhi9PSxN44Kau4fWsaWIO33w1vMSnPf/s77dBT0uLT45G/1/b1N3WbD6eKTt+iC
|
||||
/+Ovp+MmWv6Fd2fPXEvwedUAEQEAAbQeUm9nZXJpbyBDIDxyb2djb3N0YUBkZWkudWMucHQ+
|
||||
iHUEEBYKAB0WIQTzZrv2P/XfDSKZTqn605rfvJqhwQUCaZMIVAAKCRD605rfvJqhwW/8AQDq
|
||||
k4kNVJOuOjHiq+F9K7X/QFJp3+z109x/ZpVGtP6aGgD6AlzWjGubsavImEMVN9QKr7tYEOWy
|
||||
NHldePm87lnDuQSJAbMEEAEIAB0WIQSORfJtzGpnilRlTysk/REF2WdojAUCaZL1XwAKCRAk
|
||||
/REF2WdojPPkC/40CesTUAcCnvKe/UHTbn483zcW8RSsXRzQZDE4iaOZQ2jCS9uzT+SaVNy5
|
||||
J8n3PNfghq19yZeyfWZrBHQBCqFwEvYqXZ/z1Qmz8wFvtDX+B5o15kuGO28/epXR7iqx/v53
|
||||
+le7VmuBR6ri2kq6uT1xzotd6NYcmZpRprnzaGvCUWtuPWhG7SHjZ1TZIJuJ5cmGG8bq/wu/
|
||||
n+fcSwa3evCUR0ErkqpcC+Z9Ll8wGuSioov5A3B9UW+QWoC68VyC53RSyanNAYI3czJu5Ltq
|
||||
qXNxOv1xC1gew8FvBuxCF/3z++h2W+E5HO02zRwtqglr5ZBr4UmI0E4s8xWq0DWBU+iLwwXq
|
||||
GVNZFiJ+fNVHW6cu4deMOMVNrGJlVmlki+GkIFanlrVOwWq2+vsJFYYvHa5zBwjRRqhK5tRk
|
||||
OOa0qD3KLsCzKpiCSNb+g7TEjHqmpB/h3/MFf5mVlIiOnGYTDWBlMwZLllpLMc/3/mFm5nfX
|
||||
ofuPGl2BHUv0kdSKSa6QiEOJAbMEEAEIAB0WIQSTCl6/mmEFADoHYKEIKzRkXO0zjQUCaZMV
|
||||
9QAKCRAIKzRkXO0zjZoDC/9fcB7uDf3QSrIGm+zO//sALNCe0FSOQ5Rn8ZzMOTn3HBI5i7ct
|
||||
dZntTZuYFLa0HHWUxHBoCSwMnP5oNG91xpRTxsYpucFkKMljSiSKPgoOGxEaJDW2rK39CbzY
|
||||
xDSa9bhnbXzLWn4laTI8n6iip95IWXuqfIqYc6jfVC3YOBg+8rJ8nAJr6CWIX/6k4bavKVQQ
|
||||
4bWeuICqUlbNRhZF1BZtCPrFbrChcB+n7CqK0EGkOoySekMr/6VzwgNmuCa2m8Gi9YqzrLLd
|
||||
AzPl0mfruNHhHLBrnM0rNMMOaR39/+0xSl6c3JcsQWmgBUM1lt0th1n/yKHJMM802IyQefhR
|
||||
aJhg++xjP61vOLuJa7pb5UWiyupstKemX+8f6X970bvYPj0OaSwy4ewgxU2D5Paqd7qonnct
|
||||
eYosMnB87ZfS67LcK6YRdqjJeThaQmFujta2hUM6ZczlqGaTsOmZ/GBxIvXGYBrcrnv4d6cj
|
||||
nSGwXKKSHD2EWSNsxfIBILkQDEotD5uJAbMEEAEIAB0WIQS/yqosJXwrVXFgqQa1WXCyNLIK
|
||||
ZQUCaZMSBAAKCRC1WXCyNLIKZeU7C/4t2QA7MGNJC+uDk4p/VMfqLFz4yoJOQmAyqI+jbJwn
|
||||
T+cu2airiE74Nt77kEHjDzyD47LSGjsFe/ynK+Ey/9SeRrzA/NBngP919LW2nSwonfAIiDZ4
|
||||
dHD/aeRVCdX6Ni6PY/dc5b5ztMEgu0XBlUtWMkrrPaTmiCQ1wX5IuxrSLwldbgA8ME2TZYh7
|
||||
XQ1LUt1n15FipmdBaXxTK5FrqqWeLLxfPdntZVMQnh2nyaqAF6aEZBRj47UrcbJEIM399G8P
|
||||
nVExdvOqcCi/CDY15BVBmx/EkWTnudta7fOQgiJiOJ3WLDXvMTEEG06I/dw+eZgGLwl7Ep/x
|
||||
zrTP65tF032dxbNy1RONOijlj+l/NuOM7pFofx6yCzmRprbydyb9uM1ysRSV0GI1YW2krFzj
|
||||
ZZosZvPB470svviF8adgIQBV5TZQCzWBY+Bc5gimpZwcWCI+ByQfRAimerOgPqz/r2jQglgP
|
||||
u4PwnChSTrfNMKyAfpHIKgXAj2ar6X3IvHCkv/OJAdgEEwEIAEIWIQQ3eZDCVL86W7QFeUkd
|
||||
N5xZDJkDjwUCaYtmPAIbAwUJA8JnAAULCQgHAgMiAgEGFQoJCAsCBBYCAwECHgcCF4AACgkQ
|
||||
HTecWQyZA49onAv9GbcIpT9a52ZfSLfoXUWAVsYrCwfPb6OG+7NwJXwUPf69gK2ZSWZLrcPl
|
||||
7gLYKkWsQ2LS9Pb+kirfENk9Xvw+DMBk0KKlvsC3dOFl4srkdvuAoWvR4x5lCKBBusjM2ByR
|
||||
kRtN68a3xhLrNIHF7uxFefMIyetCJhGl1Z4rgRzslFjsjeZqv5hs7lYBtodrKXvWOfyEvZRw
|
||||
Zpibyu3v+6YgpZKdq/YQd/DNMBgCWJZOUvKbj/XiCVQ+zKBDEZpjM56TqSyqaTs7OyTXlZGX
|
||||
WRYXbtOeEf5NFlUT57FetrSszStJKow7AlLBfPlcwFgDEEKNiLf0asfdnfHepR3MT5ULNdut
|
||||
hLniGbN8HItqY94dipc0D2l3q/REY7VrsZa3vBmWdMecCLMDLO37CzIqjUO+tIGWOFhXpH86
|
||||
ARRb3C4mi39aTk8XlAQ6nUctrQSHd+oRFKRqXznAGIHHo83L7z5XvRwZ/ehZww+h0QL4JEgm
|
||||
Jaja3SZFkqf1/yGwT1EyqfVzuQGNBGmLZjwBDAC7UT7SgI/lKTAP5fyrDXDaIsVKCPZ0K+ui
|
||||
BqR+Po765zZyuZnCd8IMaeGJZipa4Jc2HRBfb2t/4drDWChhjiMtSk2jA+Ke+z/Gg8yCskg2
|
||||
aSjhiKb4dZkCWwg0+Avca3ad8F3G+pbP/aubTH2FydrJP0dQW7sPChKPEhDH83g4ek7w3CXs
|
||||
tSLQ8f3orxxqNvDr3BuVK4Lej1zgXMhSUWcTNqFje1jUwG+V03FoHfvM67HTGmnOngu9fCX0
|
||||
QbIc0x++zJg3MvPZ+hsSnJ3EemVMc5SMH/GCwIUTufEdpkCLmjETvCFT9JaVwBtgFvsF6adq
|
||||
7JMD7wcogGMVXDqrWMONZJPhiLPK9AI57zi7a31AFJEfyMMaBT3io5KdzfM0LCkpI/VT/tsO
|
||||
tM/adnID1cFt47WjeQQ0Ed0kH4fk91/wZaMAlgYeN2TSaYjb0v4RkSIWlYz2KyZ2XPaUtYyS
|
||||
Md6CmOHchTUTJ9x/qvXD53FYjnkX309c1a9Z++76R+QU6IkAEQEAAYkBvAQYAQgAJhYhBDd5
|
||||
kMJUvzpbtAV5SR03nFkMmQOPBQJpi2Y8AhsMBQkDwmcAAAoJEB03nFkMmQOPy/EL/2NTDXEI
|
||||
6ZshBZgK1UOxIWLaKuK4LwMimz3IpfWH6E1acSV4oEn5S+kGCzCeWwbOqhjFP5YYlcN3IMJX
|
||||
KddpFVn+LiN178qJZM+WxbJdRlc3n9+F2693zGMxmNtgjJ9TDCjar8nyoxWcpKXOtjxf204T
|
||||
HZAq/r2l/NHvrqZ4KJ5RU5I1Gb43UcarxZHBHy6N1Z323Zt5UMgA3WWMeXB+r374IBg4g5/l
|
||||
WCfhytvZtwVIDDERFMqpyikhlrOzLJQgVoPHUt7PCslvAaVlz1Mkj7JkF+gwizJ+zsCIkJ2Z
|
||||
YYk5nfVtDf2xEasrZgs3XF6yhXKHIS1DyIELaLzr6UkLz0H/pwgjHGG9G6pcuMeuS4vR7MEE
|
||||
7OssNRo43LjtGT9WglRhMqjqiqAIZUM6NFZ2AQQci5tOj3nNQQHovVaPm0PcC1fv99eMsDBX
|
||||
o7LiabG3y38e2q2TzbNl7v3zTXimQKtYzoff6kGr9JnKr1pD/63qZlrTrVEq/SyMrKmWN3Aq
|
||||
Rw==
|
||||
=as3M
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
5
suricata.rules
Normal file
5
suricata.rules
Normal file
@@ -0,0 +1,5 @@
|
||||
drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET"; flags:S; threshold:type both, track by_src, count 5, seconds 60; classtype:attempted-recon; sid:1000001; rev:1;)
|
||||
drop tcp any any -> any 80 (msg:"SQL injection"; content:"union"; nocase; content:"select"; nocase; classtype:web-application-attack; sid:1000002; rev:1;)
|
||||
drop tcp any any -> any 80 (msg:"SQl injection"; content:"'or 1=1"; nocase; classtype:web-application-attack; sid:1000003; rev:1;)
|
||||
drop tcp any any -> any 80 (msg:"XSS"; content:"<script"; nocase; classtype:web-application-attack; sid:1000004; rev:1;)
|
||||
|
||||
2242
suricata.yaml
Normal file
2242
suricata.yaml
Normal file
File diff suppressed because it is too large
Load Diff
BIN
ucstudent/pl-apresentacao-1.pdf
Normal file
BIN
ucstudent/pl-apresentacao-1.pdf
Normal file
Binary file not shown.
BIN
ucstudent/pl-apresentacao-2.pdf
Normal file
BIN
ucstudent/pl-apresentacao-2.pdf
Normal file
Binary file not shown.
BIN
ucstudent/pl-apresentacao-3.pdf
Normal file
BIN
ucstudent/pl-apresentacao-3.pdf
Normal file
Binary file not shown.
BIN
ucstudent/pl-apresentacao-4.pdf
Normal file
BIN
ucstudent/pl-apresentacao-4.pdf
Normal file
Binary file not shown.
BIN
ucstudent/pl-exercicios-2-resolucao.pdf
Normal file
BIN
ucstudent/pl-exercicios-2-resolucao.pdf
Normal file
Binary file not shown.
BIN
ucstudent/pl-exercicios-2.pdf
Normal file
BIN
ucstudent/pl-exercicios-2.pdf
Normal file
Binary file not shown.
BIN
ucstudent/pl-exercicios-3-resolucao.pdf
Normal file
BIN
ucstudent/pl-exercicios-3-resolucao.pdf
Normal file
Binary file not shown.
BIN
ucstudent/pl-exercicios-3.pdf
Normal file
BIN
ucstudent/pl-exercicios-3.pdf
Normal file
Binary file not shown.
BIN
ucstudent/pl-exercicios-4-resolucao.pdf
Normal file
BIN
ucstudent/pl-exercicios-4-resolucao.pdf
Normal file
Binary file not shown.
BIN
ucstudent/pl-exercicios-4.pdf
Normal file
BIN
ucstudent/pl-exercicios-4.pdf
Normal file
Binary file not shown.
BIN
ucstudent/pl-exercícios-0.pdf
Normal file
BIN
ucstudent/pl-exercícios-0.pdf
Normal file
Binary file not shown.
BIN
ucstudent/pl-exercícios-1.pdf
Normal file
BIN
ucstudent/pl-exercícios-1.pdf
Normal file
Binary file not shown.
83
ucstudent/pl-suricata-on-centos-installation-notes.txt
Normal file
83
ucstudent/pl-suricata-on-centos-installation-notes.txt
Normal file
@@ -0,0 +1,83 @@
|
||||
|
||||
# Installation of Suricata (CentOS 9) with support for the "nfq" module
|
||||
############################################################################
|
||||
|
||||
##### Option 1: Install via YUM package manager
|
||||
yum install epel-release -y
|
||||
yum install suricata
|
||||
|
||||
# Check that suricata has support for NFQ
|
||||
suricata --build-info | grep NFQ
|
||||
# Update rules
|
||||
suricata-update
|
||||
# Check configuration
|
||||
suricata -T -c /etc/suricata/suricata.yaml
|
||||
|
||||
|
||||
##### Option 2: Install from source
|
||||
##### Download and install required packages
|
||||
yum install epel-release -y
|
||||
dnf config-manager --set-enabled crb
|
||||
yum groupinstall "Development Tools" -y
|
||||
##### Download and install required packages
|
||||
yum install epel-release -y
|
||||
dnf config-manager --set-enabled crb
|
||||
yum groupinstall "Development Tools" -y
|
||||
|
||||
yum install -y \
|
||||
libpcap-devel \
|
||||
pcre-devel \
|
||||
libyaml-devel \
|
||||
file-devel \
|
||||
jansson-devel \
|
||||
libcap-ng-devel \
|
||||
libnetfilter_queue-devel \
|
||||
libnfnetlink-devel \
|
||||
libnetfilter_queue \
|
||||
zlib-devel \
|
||||
pcre2-devel \
|
||||
rust cargo \
|
||||
wget \
|
||||
tar
|
||||
|
||||
|
||||
# Download the latest stable version of Suricata
|
||||
cd /usr/src/
|
||||
wget https://www.openinfosecfoundation.org/download/suricata-8.0.3.tar.gz
|
||||
tar zxvf suricata-8.0.3.tar.gz
|
||||
|
||||
# Compile and install
|
||||
cd suricata-8.0.3/
|
||||
./configure --enable-nfqueue
|
||||
|
||||
make -j$(nproc)
|
||||
make install
|
||||
make install-conf
|
||||
make install-rules
|
||||
ldconfig
|
||||
|
||||
# Update rules
|
||||
/usr/local/bin/suricata-update
|
||||
|
||||
|
||||
##### Check configuration
|
||||
/usr/local/bin/suricata --build-info | grep NFQ
|
||||
suricata -T -c /usr/local/etc/suricata/suricata.yaml
|
||||
|
||||
|
||||
##### Example usage
|
||||
|
||||
# Send packets to suricata via NFQUEUE
|
||||
iptables -A OUTPUT -j NFQUEUE --queue-num 0
|
||||
iptables -A INPUT -j NFQUEUE --queue-num 0
|
||||
|
||||
# Run suricata in inline mode (queue 0)
|
||||
suricata -q 0 -c /usr/local/etc/suricata/suricata.yaml
|
||||
|
||||
|
||||
##### Check logs
|
||||
# Analisar alertas resumidos no ficheiro "fast.log"
|
||||
cat fast.log
|
||||
# Analisar informação detalhada dos ataques no formato JSON no ficheiro "eve.json"
|
||||
cat eve.json | jq 'select(.event_type=="alert")' | more
|
||||
|
||||
BIN
ucstudent/t0-apresentação.pdf
Normal file
BIN
ucstudent/t0-apresentação.pdf
Normal file
Binary file not shown.
BIN
ucstudent/t1-conceitos_seguranca.pdf
Normal file
BIN
ucstudent/t1-conceitos_seguranca.pdf
Normal file
Binary file not shown.
BIN
ucstudent/t2-firewalls-and-intrusion-detection.pdf
Normal file
BIN
ucstudent/t2-firewalls-and-intrusion-detection.pdf
Normal file
Binary file not shown.
BIN
ucstudent/t3-data-integrity.pdf
Normal file
BIN
ucstudent/t3-data-integrity.pdf
Normal file
Binary file not shown.
BIN
ucstudent/t4-symmetric-encryption.pdf
Normal file
BIN
ucstudent/t4-symmetric-encryption.pdf
Normal file
Binary file not shown.
Reference in New Issue
Block a user