secret branch

DMZ.sh

@@ -7,32 +7,39 @@ routerIp=23.214.219.254
 mask25=255.255.255.128
 
 dns=23.214.219.130
-mail=23.214.219.132
-vpn_gw=23.214.219.133
-www=23.214.219.134
-smtp=23.214.219.135
+mail=23.214.219.131
+vpn_gw=23.214.219.132
+www=23.214.219.133
+smtp=23.214.219.134
 
 dnsPort=53
 mailPort=888
 vpn_gwPort=443
 wwwPort=587
 smtpPort=80
+sudo yum install iptables-services -y
+sudo systemctl stop firewalld
+sudo systemctl disable firewalld
+sudo systemctl mask firewalld
+sudo systemctl enable iptables
 
 sudo iptables -F
 sudo ifconfig enp0s8 $ip netmask $mask25
-
+sudo ip route add 192.168.10.0/24 via $routerIp
+sudo add default gw $routerIp
 # alias dos ips
-# sudo ip addr add $dns/25 dev enp0s8
-# sudo ip addr add $mail/25 dev enp0s8
-# sudo ip addr add $vpn_gw/25 dev enp0s8
-# sudo ip addr add $ww/25 dev enp0s8
-# sudo ip addr add $smtp/25 dev enp0s8
+sudo ip addr add $dns dev enp0s8
+sudo ip addr add $mail dev enp0s8
+sudo ip addr add $vpn_gw dev enp0s8
+sudo ip addr add $www dev enp0s8
+sudo ip addr add $smtp dev enp0s8
 
 # netcart
-target=23.214.219.254
-nc -v -s $dns    -p $dnsPort        $target
-nc -v -s $mail   -p $mailPort       $target
-nc -v -s $vpn_gw -p $vpn_gwPort     $target
-nc -v -s $smtp   -p $smtpPort       $target
-nc -v -s $www    -p $wwwPort        $target
-nc -v -s $www    -p $wwwPort        $target
+internalIp=192.168.10.1
+nc -l &
+nc -v -s $dns    -p $dnsPort        $internalIp
+nc -v -s $mail   -p $mailPort       $internalIp
+nc -v -s $vpn_gw -p $vpn_gwPort     $internalIp
+nc -v -s $smtp   -p $smtpPort       $internalIp
+nc -v -s $www    -p $wwwPort        $internalIp
+nc -v -s $www    -p $wwwPort        $internalIp

INTERNAL.sh

@@ -10,23 +10,21 @@ mask24=255.255.255.0
 ftp=192.168.10.2
 datastore=192.168.10.3
 dhcpClient=192.168.10.4
-
+sudo yum install iptables-services -y
+sudo systemctl stop firewalld
+sudo systemctl disable firewalld
+sudo systemctl mask firewalld
+sudo systemctl enable iptables
 sudo iptables -F
 sudo ifconfig enp0s8 $ip netmask $mask24
+sudo ip route add 23.214.219.128/25 via $routerIp
+sudo route add default gw $routerIp
+# aliasing
+sudo ip addr add $ftp dev enp0s8
+sudo ip addr add $datastore dev enp0s8
 
-# Dummy Services
-nc -l -v $ftp        53
-nc -l -v $datastore  888
-
-# Test DMZ
-dns=23.214.219.130
-mail=23.214.219.132
-vpn_nw=23.214.219.133
-www=23.214.219.134
-smtp=23.214.219.135
-nc -N -v $dns    53
-nc -N -v $mail   888
-nc -N -v $vpn_nw 443
-nc -N -v $smtp   587
-nc -N -v $www    80
-nc -N -v $www    443
+# netcar
+dmz=23.214.219.129
+nc -l &
+nc -v -s $ftp       -p 53   $dmz
+nc -v -s $datastore -p 888  $dmz

INTERNET.sh

@@ -0,0 +1,15 @@
+ip=87.248.214.98
+dns2=87.248.214.99
+eden=87.248.214.100
+mask24=255.255.255.0
+routerIp=87.248.214.97
+sudo yum install iptables-services -y
+sudo systemctl stop firewalld
+sudo systemctl disable firewalld
+sudo systemctl mask firewalld
+sudo systemctl enable iptables
+sudo iptables -F
+sudo ifconfig enp0s8 $dn2 netmask $mask24
+sudo route add default gw $routerIp
+sudo ip addr add $dns2 dev enp0s8
+sudo ip addr add $eden dev enp0s8

ROUTER.sh

@@ -1,80 +1,69 @@
-# NETWORKS:
-# DMZ: 23.214.219.128/25
-# Internal: 192.168.10.0/24
-# 
-# MACHINES:
-# DNS2: 192.137.16.75
-# EDEN 193.138.212.1
-dns2="192.137.16.75"
-eden="193.138.212.1"
+IF_DMZ="enp0s8"
+IF_INT="enp0s9"
+IF_EXT="enp0s10"
+NET_DMZ="23.214.219.128/25"   
+NET_INT="192.168.10.0/24"    
+IP_EXT_FW="87.248.214.97"     
+IP_DMZ_FW="23.214.219.254"    
+IP_INT_FW="192.168.10.254"    
+IP_DMZ_DNS="23.214.219.130"
+IP_DMZ_SMTP="23.214.219.131"
+IP_DMZ_WWW="23.214.219.132"
+IP_DMZ_VPN_GW="23.214.219.133"
+IP_DMZ_MAIL="23.214.219.134"
+IP_INT_FTP="192.168.10.2"
+IP_INT_DATASTORE="192.168.10.3"
+IP_DNS2="193.137.16.75"       
+IP_EDEN="193.136.212.1"       
 
-# ==============================
-# Router 1
-# INTERFACES:
-# - Internet: 87.248.214.97
-# - DMZ: 23.214.219.254
-# - Internal: 192.168.10.254
-# ==============================
-
-# ==============================
-# DMZ /25
-# IP:
-# - dns : 23.214.219.129
-# - dns2 : 23.214.219.130
-# - smtp : 23.214.219.131
-# - www : 23.214.219.132
-# - vpn-gw: 23.214.219.133
-# ==============================
-
-# ==============================
-# Internal
-# IP:
-# ftp: 192.168.10.1
-# datastore : 192.168.10.2
-# DHCP Client : 192.168.10.3-5
-# ==============================
-
-sudo ifconfig enp0s8 23.214.219.254 netmask 255.255.255.128
-sudo ifconfig enp0s9 192.168.10.254 netmask 255.255.255.0
-sudo ifconfig enp0s3 87.248.214.97 netmask 255.255.255.0
+sudo yum install epel-release -y
+sudo yum install suricata -y  
+sudo suricata-update
 
+sudo ifconfig $IF_DMZ $IP_DMZ_FW netmask 255.255.255.128
+sudo ifconfig $IF_INT $IP_INT_FW netmask 255.255.255.0
+sudo ifconfig $IF_EXT $IP_EXT_FW netmask 255.255.255.0
 
 sudo iptables -F
 sudo iptables -t nat -F
 sudo iptables -t mangle -F
 sudo sysctl -w net.ipv4.ip_forward=1
-iptables -P INPUT DROP
-iptables -P FORWARD DROP
-iptables -P OUTPUT ACCEPT
+
+sudo iptables -P INPUT DROP      
+sudo iptables -P FORWARD DROP    
+sudo iptables -P OUTPUT ACCEPT
+
+sudo modprobe nf_conntrack_ftp
+sudo modprobe nf_nat_ftp
+
+sudo iptables -A FORWARD -j NFQUEUE --queue-num 0
 sudo iptables -A INPUT -i lo -j ACCEPT
-sudo iptables -A OUTPUT -o lo -j ACCEPT
-sudo iptables -t nat -A POSTROUTING -o enp0s3 -j MASQUERADE
-#DNS name resolution requests sent to outside servers and want a response:TODO:INPUT
-sudo iptables -A FORWARD -i enp0s3 -p udp --sport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT
-#SSH connections to the router system that originate from the inside and want an answer:TODO:INPUT
-sudo iptables -A FORWARD -i enp0s3 -o enp0s9 -p tcp --dport 22 -m state --state ESTABLISHED,RELATED -j ACCEPT
-sudo iptables -A FORWARD -i enp0s3 -d 23.214.219.133 -p tcp --dport 22 -m state --state ESTABLISHED,RELATED -j ACCEPT
-#The dns server should be able to resolve names using the internet (and others???)
-sudo iptables -A FORWARD -i enp0s8 -o enp0s3 -s 23.214.219.129 -p udp --dport 53 -j ACCEPT
-#The internal network should be able to send and recieve dns name resolutions to the dns server (1!)
-sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.129 -p udp --dport 53 -j ACCEPT
-sudo iptables -A FORWARD -i enp0s8 -i enp0s9 -p udp --dport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT
-#The dns and dns2 servers should be able to synchronize the contents of DNS zones. (protocol tcp port 53)
-sudo iptables -A FORWARD -i enp0s8 -o enp0s3 -d 193.137.16.75 -p tcp --dport 53 -j ACCEPT
-sudo iptables -A FORWARD -i enp0s3 -o enp0s8 -d 23.214.219.129 -p tcp --dport 53 -j ACCEPT
-#SMTP connections to the smtp server and returns
-sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.131 -p tcp --dport 587 -j ACCEPT
-sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -p tcp --dport 587 -m state --state ESTABLISHED,RELATED -j ACCEPT
-#POP and IMAP connections to the www server
-sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.132 -p tcp --dport 80 -j ACCEPT
-sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.132 -p tcp --dport 443 -j ACCEPT
-sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -p tcp --dport 80 -m state --state ESTABLISHED,RELATED -j ACCEPT 
-sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -p tcp --dport 443 -m state --state ESTABLISHED,RELATED -j ACCEPT
-#OpenVPN connections to the vpn-gw server
-sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.133 -p udp --dport 1194 -j ACCEPT
-sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -p udp --dport 1194 -j ACCEPT
-#VPN clients connected to the gateway vpn-gw ???? vpn should be able to acess ftp e datastore
-# Apartir daqui foi só para testar se as conecções funcionavam
-sudo iptables -A FORWARD -i enp0s8 -s 23.214.219.129 -p tcp --sport 22 
-# Unsure these will work
-sudo iptables -A FORWARD -i enp0s9 -d 23.214.219.131
+sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+sudo iptables -A INPUT -p udp --dport 53 -j ACCEPT
+sudo iptables -A INPUT -i $IF_INT -p tcp --dport 22 -j ACCEPT
+sudo iptables -A INPUT -i $IF_DMZ -s $IP_DMZ_VPN_GW -p tcp --dport 22 -j ACCEPT
+
+sudo iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
+sudo iptables -A FORWARD -p udp -d $IP_DMZ_DNS --dport 53 -j ACCEPT
+
+sudo iptables -A FORWARD -s $IP_DMZ_DNS -d $IP_DNS2 -p tcp --dport 53 -j ACCEPT
+sudo iptables -A FORWARD -s $IP_DNS2 -d $IP_DMZ_DNS -p tcp --dport 53 -j ACCEPT
+
+sudo iptables -A FORWARD -p tcp -d $IP_DMZ_SMTP --dport 25 -j ACCEPT   
+sudo iptables -A FORWARD -p tcp -d $IP_DMZ_MAIL --dport 110 -j ACCEPT  
+sudo iptables -A FORWARD -p tcp -d $IP_DMZ_MAIL --dport 143 -j ACCEPT  
+sudo iptables -A FORWARD -p tcp -d $IP_DMZ_WWW -m multiport --dports 80,443 -j ACCEPT 
+sudo iptables -A FORWARD -p udp -d $IP_DMZ_VPN_GW --dport 1194 -j ACCEPT 
+
+sudo iptables -A FORWARD -i $IF_DMZ -s $IP_DMZ_VPN_GW -d $NET_INT -j ACCEPT
+
+sudo iptables -t nat -A POSTROUTING -s $NET_INT -o $IF_EXT -j SNAT --to-source $IP_EXT_FW
+sudo iptables -A FORWARD -i $IF_INT -o $IF_EXT -p udp --dport 53 -j ACCEPT
+sudo iptables -A FORWARD -i $IF_INT -o $IF_EXT -p tcp -m multiport --dports 80,443,22,21 -j ACCEPT
+
+sudo iptables -t nat -A PREROUTING -i $IF_EXT -d $IP_EXT_FW -p tcp --dport 21 -j DNAT --to-destination $IP_INT_FTP
+sudo iptables -A FORWARD -i $IF_EXT -d $IP_INT_FTP -p tcp --dport 21 -j ACCEPT
+
+sudo iptables -t nat -A PREROUTING -i $IF_EXT -s $IP_EDEN -d $IP_EXT_FW -p tcp --dport 22 -j DNAT --to-destination $IP_INT_DATASTORE
+sudo iptables -t nat -A PREROUTING -i $IF_EXT -s $IP_DNS2 -d $IP_EXT_FW -p tcp --dport 22 -j DNAT --to-destination $IP_INT_DATASTORE
+sudo iptables -A FORWARD -i $IF_EXT -d $IP_INT_DATASTORE -p tcp --dport 22 -j ACCEPT

relatorio.aux

@@ -0,0 +1,14 @@
+\relax 
+\providecommand \babel@aux [2]{\global \let \babel@toc \@gobbletwo }
+\@nameuse{bbl@beforestart}
+\catcode `"\active 
+\babel@aux{portuguese}{}
+\@writefile{toc}{\contentsline {section}{\numberline {1}Introduction}{2}{}\protected@file@percent }
+\@writefile{toc}{\contentsline {section}{\numberline {2}Firewall}{2}{}\protected@file@percent }
+\@writefile{toc}{\contentsline {subsection}{\numberline {2.1}Packet fileter with NAT}{2}{}\protected@file@percent }
+\@writefile{toc}{\contentsline {subsection}{\numberline {2.2}Packet filtering without NAT}{2}{}\protected@file@percent }
+\@writefile{toc}{\contentsline {subsection}{\numberline {2.3}External Network}{2}{}\protected@file@percent }
+\@writefile{toc}{\contentsline {subsection}{\numberline {2.4}Internal Network}{2}{}\protected@file@percent }
+\@writefile{toc}{\contentsline {section}{\numberline {3}Intrusion Detection}{2}{}\protected@file@percent }
+\@writefile{toc}{\contentsline {section}{\numberline {4}Conclusion}{2}{}\protected@file@percent }
+\gdef \@abspage@last{2}

relatorio.log

@@ -0,0 +1,185 @@
+This is pdfTeX, Version 3.141592653-2.6-1.40.27 (TeX Live 2026/dev/Arch Linux) (preloaded format=pdflatex 2026.1.17)  16 MAR 2026 16:24
+entering extended mode
+ \write18 enabled.
+ %&-line parsing enabled.
+**/home/vasco/EngenhariaInformatica/3ano/sem2/fsi/trabalho/relatorio
+(/home/vasco/EngenhariaInformatica/3ano/sem2/fsi/trabalho/relatorio.tex
+LaTeX2e <2024-11-01> patch level 2
+L3 programming layer <2025-01-18>
+(/usr/share/texmf-dist/tex/latex/base/article.cls
+Document Class: article 2024/06/29 v1.4n Standard LaTeX document class
+(/usr/share/texmf-dist/tex/latex/base/size12.clo
+File: size12.clo 2024/06/29 v1.4n Standard LaTeX file (size option)
+)
+\c@part=\count196
+\c@section=\count197
+\c@subsection=\count198
+\c@subsubsection=\count199
+\c@paragraph=\count266
+\c@subparagraph=\count267
+\c@figure=\count268
+\c@table=\count269
+\abovecaptionskip=\skip49
+\belowcaptionskip=\skip50
+\bibindent=\dimen141
+)
+(/usr/share/texmf-dist/tex/generic/babel/babel.sty
+Package: babel 2025/02/14 v25.4 The multilingual framework for pdfLaTeX, LuaLaT
+eX and XeLaTeX
+\babel@savecnt=\count270
+\U@D=\dimen142
+\l@unhyphenated=\language33
+
+(/usr/share/texmf-dist/tex/generic/babel/txtbabel.def)
+\bbl@readstream=\read2
+\bbl@dirlevel=\count271
+
+(/usr/share/texmf-dist/tex/generic/babel-portuges/portuguese.ldf
+Language: portuges 2021/07/09 v1.2t Portuguese support from the babel system
+Package babel Info: Making " an active character on input line 143.
+))
+(/usr/share/texmf-dist/tex/generic/babel/locale/pt/babel-portuguese.tex
+Package babel Info: Importing font and identification data for portuguese
+(babel)             from babel-pt.ini. Reported on input line 11.
+)
+(/usr/share/texmf-dist/tex/latex/ebgaramond/ebgaramond.sty
+Package: ebgaramond 2024/04/23 (Bob Tennent and autoinst) Style file for EB Gar
+amond fonts.
+
+(/usr/share/texmf-dist/tex/generic/iftex/ifxetex.sty
+Package: ifxetex 2019/10/25 v0.7 ifxetex legacy package. Use iftex instead.
+
+(/usr/share/texmf-dist/tex/generic/iftex/iftex.sty
+Package: iftex 2024/12/12 v1.0g TeX engine tests
+))
+(/usr/share/texmf-dist/tex/generic/iftex/ifluatex.sty
+Package: ifluatex 2019/10/25 v1.5 ifluatex legacy package. Use iftex instead.
+)
+(/usr/share/texmf-dist/tex/latex/xkeyval/xkeyval.sty
+Package: xkeyval 2022/06/16 v2.9 package option processing (HA)
+
+(/usr/share/texmf-dist/tex/generic/xkeyval/xkeyval.tex
+(/usr/share/texmf-dist/tex/generic/xkeyval/xkvutils.tex
+\XKV@toks=\toks17
+\XKV@tempa@toks=\toks18
+
+(/usr/share/texmf-dist/tex/generic/xkeyval/keyval.tex))
+\XKV@depth=\count272
+File: xkeyval.tex 2014/12/03 v2.7a key=value parser (HA)
+))
+(/usr/share/texmf-dist/tex/latex/base/textcomp.sty
+Package: textcomp 2024/04/24 v2.1b Standard LaTeX package
+)
+(/usr/share/texmf-dist/tex/latex/base/fontenc.sty
+Package: fontenc 2021/04/29 v2.0v Standard LaTeX package
+)
+(/usr/share/texmf-dist/tex/latex/fontaxes/fontaxes.sty
+Package: fontaxes 2020/07/21 v1.0e Font selection axes
+LaTeX Info: Redefining \upshape on input line 29.
+LaTeX Info: Redefining \itshape on input line 31.
+LaTeX Info: Redefining \slshape on input line 33.
+LaTeX Info: Redefining \swshape on input line 35.
+LaTeX Info: Redefining \scshape on input line 37.
+LaTeX Info: Redefining \sscshape on input line 39.
+LaTeX Info: Redefining \ulcshape on input line 41.
+LaTeX Info: Redefining \textsw on input line 47.
+LaTeX Info: Redefining \textssc on input line 48.
+LaTeX Info: Redefining \textulc on input line 49.
+)
+LaTeX Info: Redefining \oldstylenums on input line 163.
+LaTeX Info: Redefining \textsw on input line 173.
+)
+LaTeX Font Info:    Trying to load font information for OT1+EBGaramond-LF on in
+put line 11.
+
+(/usr/share/texmf-dist/tex/latex/ebgaramond/OT1EBGaramond-LF.fd
+File: OT1EBGaramond-LF.fd 2023/03/19 (autoinst) Font definitions for OT1/EBGara
+mond-LF.
+)
+LaTeX Font Info:    Font shape `OT1/EBGaramond-LF/m/n' will be
+(Font)              scaled to size 12.0pt on input line 11.
+
+(/usr/share/texmf-dist/tex/latex/l3backend/l3backend-pdftex.def
+File: l3backend-pdftex.def 2024-05-08 L3 backend support: PDF output (pdfTeX)
+\l__color_backend_stack_int=\count273
+\l__pdf_internal_box=\box52
+)
+(/home/vasco/EngenhariaInformatica/3ano/sem2/fsi/trabalho/relatorio.aux)
+\openout1 = `relatorio.aux'.
+
+LaTeX Font Info:    Checking defaults for OML/cmm/m/it on input line 11.
+LaTeX Font Info:    ... okay on input line 11.
+LaTeX Font Info:    Checking defaults for OMS/cmsy/m/n on input line 11.
+LaTeX Font Info:    ... okay on input line 11.
+LaTeX Font Info:    Checking defaults for OT1/cmr/m/n on input line 11.
+LaTeX Font Info:    ... okay on input line 11.
+LaTeX Font Info:    Checking defaults for T1/cmr/m/n on input line 11.
+LaTeX Font Info:    ... okay on input line 11.
+LaTeX Font Info:    Checking defaults for TS1/cmr/m/n on input line 11.
+LaTeX Font Info:    ... okay on input line 11.
+LaTeX Font Info:    Checking defaults for OMX/cmex/m/n on input line 11.
+LaTeX Font Info:    ... okay on input line 11.
+LaTeX Font Info:    Checking defaults for U/cmr/m/n on input line 11.
+LaTeX Font Info:    ... okay on input line 11.
+\c@mv@tabular=\count274
+\c@mv@boldtabular=\count275
+LaTeX Font Info:    Font shape `OT1/EBGaramond-LF/m/n' will be
+(Font)              scaled to size 20.74pt on input line 12.
+LaTeX Font Info:    Font shape `OT1/EBGaramond-LF/m/n' will be
+(Font)              scaled to size 14.4pt on input line 12.
+LaTeX Font Info:    External font `cmex10' loaded for size
+(Font)              <14.4> on input line 12.
+LaTeX Font Info:    External font `cmex10' loaded for size
+(Font)              <7> on input line 12.
+LaTeX Font Info:    Font shape `OT1/EBGaramond-LF/m/n' will be
+(Font)              scaled to size 17.28pt on input line 13.
+LaTeX Font Info:    Font shape `OT1/EBGaramond-LF/b/n' will be
+(Font)              scaled to size 17.28pt on input line 13.
+
+(/home/vasco/EngenhariaInformatica/3ano/sem2/fsi/trabalho/relatorio.toc
+LaTeX Font Info:    Font shape `OT1/EBGaramond-LF/b/n' will be
+(Font)              scaled to size 12.0pt on input line 2.
+LaTeX Font Info:    External font `cmex10' loaded for size
+(Font)              <12> on input line 4.
+LaTeX Font Info:    External font `cmex10' loaded for size
+(Font)              <8> on input line 4.
+LaTeX Font Info:    External font `cmex10' loaded for size
+(Font)              <6> on input line 4.
+)
+\tf@toc=\write3
+\openout3 = `relatorio.toc'.
+
+
+
+[1
+
+{/var/lib/texmf/fonts/map/pdftex/updmap/pdftex.map}{/usr/share/texmf-dist/fonts
+/enc/dvips/ebgaramond/ebg_dacnth.enc}]
+LaTeX Font Info:    Font shape `OT1/EBGaramond-LF/b/n' will be
+(Font)              scaled to size 14.4pt on input line 19.
+
+
+[2] (/home/vasco/EngenhariaInformatica/3ano/sem2/fsi/trabalho/relatorio.aux)
+ ***********
+LaTeX2e <2024-11-01> patch level 2
+L3 programming layer <2025-01-18>
+ ***********
+ ) 
+Here is how much of TeX's memory you used:
+ 2577 strings out of 474546
+ 48289 string characters out of 5749982
+ 436453 words of memory out of 5000000
+ 25628 multiletter control sequences out of 15000+600000
+ 572213 words of font info for 55 fonts, out of 8000000 for 9000
+ 352 hyphenation exceptions out of 8191
+ 57i,7n,65p,220b,231s stack positions out of 10000i,1000n,20000p,200000b,200000s
+</usr/share/texmf-dist/fonts/type1/public/ebgaramond/EBGaramond-Bold.pfb></us
+r/share/texmf-dist/fonts/type1/public/ebgaramond/EBGaramond-Regular.pfb>
+Output written on /home/vasco/EngenhariaInformatica/3ano/sem2/fsi/trabalho/rela
+torio.pdf (2 pages, 42851 bytes).
+PDF statistics:
+ 22 PDF objects out of 1000 (max. 8388607)
+ 13 compressed objects within 1 object stream
+ 0 named destinations out of 1000 (max. 500000)
+ 1 words of extra memory for PDF output out of 10000 (max. 10000000)
+

relatorio.tex

@@ -0,0 +1,29 @@
+\documentclass[12pt,a4paper]{article}
+\usepackage[portuguese]{babel}
+\usepackage[lining]{ebgaramond}
+
+\title{Practical Assignment \#1}
+\author{
+    João Neto -- \\[1em]
+    Vasco Alves -- 2022228207
+}
+
+\begin{document}
+\maketitle
+\tableofcontents
+\newpage
+
+\section{Introduction}
+
+\section{Firewall}
+Sigmasigmaboy123
+\subsection{Packet fileter with NAT}
+\subsection{Packet filtering without NAT}
+\subsection{External Network}
+\subsection{Internal Network}
+
+\section{Intrusion Detection}
+
+\section{Conclusion}
+
+\end{document}

relatorio.toc

@@ -0,0 +1,9 @@
+\babel@toc {portuguese}{}\relax 
+\contentsline {section}{\numberline {1}Introduction}{2}{}%
+\contentsline {section}{\numberline {2}Firewall}{2}{}%
+\contentsline {subsection}{\numberline {2.1}Packet fileter with NAT}{2}{}%
+\contentsline {subsection}{\numberline {2.2}Packet filtering without NAT}{2}{}%
+\contentsline {subsection}{\numberline {2.3}External Network}{2}{}%
+\contentsline {subsection}{\numberline {2.4}Internal Network}{2}{}%
+\contentsline {section}{\numberline {3}Intrusion Detection}{2}{}%
+\contentsline {section}{\numberline {4}Conclusion}{2}{}%

ucstudent/pl-suricata on centos - installation notes.txt

@@ -0,0 +1,83 @@
+
+# Installation of Suricata (CentOS 9) with support for the "nfq" module
+############################################################################
+
+##### Option 1: Install via YUM package manager
+yum install epel-release -y
+yum install suricata  
+
+# Check that suricata has support for NFQ
+suricata --build-info | grep NFQ
+# Update rules
+suricata-update
+# Check configuration 
+suricata -T -c /etc/suricata/suricata.yaml
+
+
+##### Option 2: Install from source 
+##### Download and install required packages
+yum install epel-release -y
+dnf config-manager --set-enabled crb
+yum groupinstall "Development Tools" -y
+##### Download and install required packages
+yum install epel-release -y
+dnf config-manager --set-enabled crb
+yum groupinstall "Development Tools" -y
+
+yum install -y \
+libpcap-devel \
+pcre-devel \
+libyaml-devel \
+file-devel \
+jansson-devel \
+libcap-ng-devel \
+libnetfilter_queue-devel \
+libnfnetlink-devel \
+libnetfilter_queue \
+zlib-devel \
+pcre2-devel \
+rust cargo \
+wget \
+tar
+
+
+# Download the latest stable version of Suricata
+cd /usr/src/
+wget https://www.openinfosecfoundation.org/download/suricata-8.0.3.tar.gz
+tar zxvf suricata-8.0.3.tar.gz
+
+# Compile and install
+cd suricata-8.0.3/
+./configure --enable-nfqueue
+
+make -j$(nproc)
+make install
+make install-conf
+make install-rules
+ldconfig
+
+# Update rules
+/usr/local/bin/suricata-update
+
+
+##### Check configuration
+/usr/local/bin/suricata --build-info | grep NFQ
+suricata -T -c /usr/local/etc/suricata/suricata.yaml
+
+
+##### Example usage
+
+# Send packets to suricata via NFQUEUE
+iptables -A OUTPUT -j NFQUEUE --queue-num 0
+iptables -A INPUT -j NFQUEUE --queue-num 0
+
+# Run suricata in inline mode (queue 0)
+suricata -q 0 -c /usr/local/etc/suricata/suricata.yaml
+
+
+##### Check logs
+# Analisar alertas resumidos no ficheiro "fast.log"
+cat fast.log
+# Analisar informação detalhada dos ataques no formato JSON no ficheiro "eve.json"
+cat eve.json | jq 'select(.event_type=="alert")' | more
+