Archlinux.fr [Forums]

Code : Tout sélectionner

# Generated by iptables-save v1.8.10 on Thu Jul 25 08:38:30 2024
*security
:INPUT ACCEPT [83388:80286434]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [55639:8524163]
COMMIT
# Completed on Thu Jul 25 08:38:30 2024
# Generated by iptables-save v1.8.10 on Thu Jul 25 08:38:30 2024
*raw
:PREROUTING ACCEPT [83388:80286434]
:OUTPUT ACCEPT [55639:8524163]
COMMIT
# Completed on Thu Jul 25 08:38:30 2024
# Generated by iptables-save v1.8.10 on Thu Jul 25 08:38:30 2024
*mangle
:PREROUTING ACCEPT [83388:80286434]
:INPUT ACCEPT [83388:80286434]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [55639:8524163]
:POSTROUTING ACCEPT [55639:8524163]
COMMIT
# Completed on Thu Jul 25 08:38:30 2024
# Generated by iptables-save v1.8.10 on Thu Jul 25 08:38:30 2024
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [1383:154762]
:POSTROUTING ACCEPT [1383:154762]
COMMIT
# Completed on Thu Jul 25 08:38:30 2024
# Generated by iptables-save v1.8.10 on Thu Jul 25 08:38:30 2024
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
-A INPUT -d 127.0.0.1/32 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -m conntrack --ctstate INVALID -m recent --update --seconds 300 --hitcount 3 --name DEFAULT --mask 255.255.255.255 --rsource -j NFLOG --nflog-prefix "[INVALID_IN] : " --nflog-group 1
-A INPUT -m conntrack --ctstate NEW -m recent --update --seconds 300 --hitcount 3 --name DEFAULT --mask 255.255.255.255 --rsource -j NFLOG --nflog-prefix "[NEW] : " --nflog-group 1
-A OUTPUT -m conntrack ! --ctstate INVALID -j ACCEPT
COMMIT
# Completed on Thu Jul 25 08:38:30 2024

Code : Tout sélectionner

[global]
logfile="/var/log/ulogd.log"
loglevel=5
rmem=131071
bufsize=150000

plugin="/usr/lib/ulogd/ulogd_inppkt_NFLOG.so"
plugin="/usr/lib/ulogd/ulogd_raw2packet_BASE.so"
plugin="/usr/lib/ulogd/ulogd_filter_IP2STR.so"
plugin="/usr/lib/ulogd/ulogd_filter_PRINTPKT.so"
plugin="/usr/lib/ulogd/ulogd_output_LOGEMU.so"
plugin="/usr/lib/ulogd/ulogd_filter_IFINDEX.so"

stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU

[log1]
group=1

[emu1]
file=/var/log/ulogd.syslogemu

Code : Tout sélectionner

Thu Jul 25 10:24:20 2024 <5> ulogd.c:1378 Terminal signal received, exiting
Thu Jul 25 10:24:20 2024 <5> ulogd.c:408 registering plugin `NFLOG'
Thu Jul 25 10:24:20 2024 <5> ulogd.c:408 registering plugin `BASE'
Thu Jul 25 10:24:20 2024 <5> ulogd.c:408 registering plugin `IP2STR'
Thu Jul 25 10:24:20 2024 <5> ulogd.c:408 registering plugin `PRINTPKT'
Thu Jul 25 10:24:20 2024 <5> ulogd.c:408 registering plugin `LOGEMU'
Thu Jul 25 10:24:20 2024 <5> ulogd.c:408 registering plugin `IFINDEX'
Thu Jul 25 10:24:20 2024 <5> ulogd.c:978 building new pluginstance stack: 'log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU'

Code : Tout sélectionner

● ulogd.service - Netfilter Ulogd daemon
     Loaded: loaded (/usr/lib/systemd/system/ulogd.service; enabled; preset: disabled)
     Active: active (running) since Thu 2024-07-25 10:24:20 CEST; 1h 14min ago
 Invocation: 75532488065d4cfdb82920a32dd5be26
   Main PID: 242912 (ulogd)
      Tasks: 1 (limit: 18800)
     Memory: 344K (peak: 1.7M)
        CPU: 7ms
     CGroup: /system.slice/ulogd.service
             └─242912 /usr/bin/ulogd

juil. 25 10:24:20 laptop systemd[1]: Started Netfilter Ulogd daemon.

Code : Tout sélectionner

## Touches_magiques
kernel.sysrq=1

## Kernel_panic
kernel.panic=5

## Mode_laptop
vm.laptop_mode=5

## Sécurité_du_noyau
fs.suid_dumpable=0
fs.protected_symlinks=1
fs.protected_hardlinks=1
kernel.randomize_va_space=2
kernel.dmesg_restrict=1
kernel.kptr_restrict=2
#kernel.yama.ptrace_scope=3
kernel.kexec_load_disabled=1
kernel.perf_event_max_sample_rate=1
kernel.perf_cpu_time_max_percent=1
kernel.perf_event_paranoid=2
#kernel.unprivileged_userns_clone=0

## Améliorations_réseau
net.core.netdev_max_backlog=75536
net.core.optmem_max=26777216
net.core.somaxconn=75536
net.core.rmem_default=26777216
net.core.rmem_max=48214400
net.core.wmem_default=26777216
net.core.wmem_max=48214400
net.ipv4.tcp_fin_timeout=15
net.ipv4.tcp_synack_retries=2
net.ipv4.tcp_rfc1337=1
net.ipv4.tcp_tw_reuse=1
net.ipv4.tcp_fastopen=3
net.ipv4.tcp_syncookies=1
net.ipv4.tcp_max_tw_buckets=2000000
net.ipv4.tcp_rmem=75536 1648576 16997152
net.ipv4.tcp_wmem=75536 1648576 16997152
net.ipv4.tcp_mem=75536 1648576 16997152
net.ipv4.udp_mem=75536 1648576 16997152
net.ipv4.udp_rmem_min=5316384
net.ipv4.udp_wmem_min=5316384
net.ipv4.conf.all.send_redirects=0
net.ipv4.conf.all.accept_redirects=0
net.ipv4.conf.all.secure_redirects=0
net.ipv4.conf.default.send_redirects=0
net.ipv4.conf.default.accept_redirects=0
net.ipv4.conf.default.secure_redirects=0
net.ipv4.conf.all.accept_source_route=0
net.ipv4.conf.default.accept_source_route=0
net.ipv6.conf.all.accept_source_route=0
net.ipv6.conf.default.accept_source_route=0
net.ipv4.conf.all.log_martians=1
net.ipv4.conf.default.log_martians=1
net.ipv4.conf.default.rp_filter=1
net.ipv4.conf.all.rp_filter=1
net.ipv4.ip_forward=0
net.ipv4.ip_local_port_range=30000 65535
net.ipv4.icmp_echo_ignore_all=1
net.ipv4.icmp_echo_ignore_broadcasts=1

## Performances_système
vm.vfs_cache_pressure=50
#kernel.sched_migration_cost_ns=5000000
fs.file-max=524288
dev.i915.perf_stream_paranoid=0
vm.swappiness=5
vm.drop_caches=3%

Code : Tout sélectionner

[global]
logfile="/var/log/ulogd.log"
loglevel=5
rmem=131071
bufsize=150000

plugin="/usr/lib/ulogd/ulogd_inppkt_NFLOG.so"
plugin="/usr/lib/ulogd/ulogd_raw2packet_BASE.so"
plugin="/usr/lib/ulogd/ulogd_filter_IP2STR.so"
plugin="/usr/lib/ulogd/ulogd_filter_PRINTPKT.so"
plugin="/usr/lib/ulogd/ulogd_output_LOGEMU.so"
plugin="/usr/lib/ulogd/ulogd_filter_IFINDEX.so"

stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU

# IPv4
[log1]
group=1

# IPv6
[log2]
group=2

[emu1]
file=/var/log/ulogd.syslogemu

Code : Tout sélectionner

# Generated by ip6tables-save v1.8.10 on Fri Jul 26 01:07:58 2024
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
-A INPUT -p ipv6-icmp -j ACCEPT
-A INPUT -d ::1/128 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -m conntrack --ctstate INVALID -m recent --update --seconds 300 --hitcount 3 --name DEFAULT --mask ff02::1 --rsource -j NFLOG --nflog-prefix "[INVALID/v6] : " --nflog-group 2
-A INPUT -m conntrack --ctstate NEW -m recent --update --seconds 300 --hitcount 3 --name DEFAULT --mask ff02::1 --rsource -j NFLOG --nflog-prefix "[NEW/v6] : " --nflog-group 2
-A OUTPUT -m conntrack ! --ctstate INVALID -j ACCEPT
COMMIT
# Completed on Fri Jul 26 01:07:58 2024
# Generated by ip6tables-save v1.8.10 on Fri Jul 26 01:07:58 2024
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [2:160]
:POSTROUTING ACCEPT [2:160]
COMMIT
# Completed on Fri Jul 26 01:07:58 2024
# Generated by ip6tables-save v1.8.10 on Fri Jul 26 01:07:58 2024
*mangle
:PREROUTING ACCEPT [4:280]
:INPUT ACCEPT [4:280]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [4:280]
:POSTROUTING ACCEPT [4:280]
COMMIT
# Completed on Fri Jul 26 01:07:58 2024
# Generated by ip6tables-save v1.8.10 on Fri Jul 26 01:07:58 2024
*raw
:PREROUTING ACCEPT [4:280]
:OUTPUT ACCEPT [4:280]
COMMIT
# Completed on Fri Jul 26 01:07:58 2024
# Generated by ip6tables-save v1.8.10 on Fri Jul 26 01:07:58 2024
*security
:INPUT ACCEPT [4:280]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [4:280]
COMMIT
# Completed on Fri Jul 26 01:07:58 2024

Code : Tout sélectionner

# Generated by iptables-save v1.8.10 on Fri Jul 26 05:13:05 2024
*security
:INPUT ACCEPT [64256:61090340]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [43052:7361043]
COMMIT
# Completed on Fri Jul 26 05:13:05 2024
# Generated by iptables-save v1.8.10 on Fri Jul 26 05:13:05 2024
*raw
:PREROUTING ACCEPT [64302:61095090]
:OUTPUT ACCEPT [43053:7361172]
COMMIT
# Completed on Fri Jul 26 05:13:05 2024
# Generated by iptables-save v1.8.10 on Fri Jul 26 05:13:05 2024
*mangle
:PREROUTING ACCEPT [64302:61095090]
:INPUT ACCEPT [64302:61095090]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [43053:7361172]
:POSTROUTING ACCEPT [43052:7361043]
COMMIT
# Completed on Fri Jul 26 05:13:05 2024
# Generated by iptables-save v1.8.10 on Fri Jul 26 05:13:05 2024
*nat
:PREROUTING ACCEPT [16:1882]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [839:96385]
:POSTROUTING ACCEPT [839:96385]
COMMIT
# Completed on Fri Jul 26 05:13:05 2024
# Generated by iptables-save v1.8.10 on Fri Jul 26 05:13:05 2024
*filter
:INPUT DROP [46:4750]
:FORWARD DROP [0:0]
:OUTPUT DROP [1:129]
-A INPUT ! -s 127.0.0.1/32 ! -d 127.0.0.1/32 -m conntrack --ctstate NEW -j NFLOG --nflog-prefix "[NEW/IN] : " --nflog-group 1 --nflog-threshold 30
-A INPUT -m conntrack --ctstate INVALID -j NFLOG --nflog-prefix "[INVALID/IN] : " --nflog-group 1 --nflog-threshold 30
-A INPUT -d 127.0.0.1/32 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A OUTPUT -m conntrack --ctstate INVALID -j NFLOG --nflog-prefix "[INVALID/OUT] : " --nflog-group 1 --nflog-threshold 30
-A OUTPUT -m conntrack ! --ctstate INVALID -j ACCEPT
COMMIT
# Completed on Fri Jul 26 05:13:05 2024

Code : Tout sélectionner

# Generated by ip6tables-save v1.8.10 on Fri Jul 26 06:06:10 2024
*security
:INPUT ACCEPT [4:280]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [4:280]
COMMIT
# Completed on Fri Jul 26 06:06:10 2024
# Generated by ip6tables-save v1.8.10 on Fri Jul 26 06:06:10 2024
*raw
:PREROUTING ACCEPT [4:280]
:OUTPUT ACCEPT [4:280]
COMMIT
# Completed on Fri Jul 26 06:06:10 2024
# Generated by ip6tables-save v1.8.10 on Fri Jul 26 06:06:10 2024
*mangle
:PREROUTING ACCEPT [4:280]
:INPUT ACCEPT [4:280]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [4:280]
:POSTROUTING ACCEPT [4:280]
COMMIT
# Completed on Fri Jul 26 06:06:10 2024
# Generated by ip6tables-save v1.8.10 on Fri Jul 26 06:06:10 2024
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [2:160]
:POSTROUTING ACCEPT [2:160]
COMMIT
# Completed on Fri Jul 26 06:06:10 2024
# Generated by ip6tables-save v1.8.10 on Fri Jul 26 06:06:10 2024
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
-A INPUT ! -s ::1/128 ! -d ::1/128 -m conntrack --ctstate NEW -j NFLOG --nflog-prefix "[NEW/IN_v6] : " --nflog-group 2 --nflog-threshold 30
-A INPUT -m conntrack --ctstate INVALID -j NFLOG --nflog-prefix "[INVALID/IN_v6] : " --nflog-group 2 --nflog-threshold 30
-A INPUT -p ipv6-icmp -j ACCEPT
-A INPUT -d ::1/128 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A OUTPUT -m conntrack --ctstate INVALID -j NFLOG --nflog-prefix "[INVALID/OUT_v6] : " --nflog-group 2 --nflog-threshold 30
-A OUTPUT -m conntrack ! --ctstate INVALID -j ACCEPT
COMMIT
# Completed on Fri Jul 26 06:06:10 2024

Code : Tout sélectionner

#!/usr/bin/env zsh

del="            ==================================================================================================================\n"
log="/var/log/ulogd.syslogemu"
dif="/tmp/log_dif"
tmp="/tmp/log"

while :; do
    sleep 600

wcl=0

if [[ ! -f ${tmp} || ! -f ${dif} ]]; then
    touch "$tmp"
    touch "$dif"
fi

rep=$(diff -u "$tmp" "$log"|grep '^+'|tail -n+2)
wcl=$(echo "$rep"|wc -l)

if [[ ${wcl} -gt 1 ]]; then

    echo "$rep"|tee "$dif"
    cat  "$dif"|tr -d '+'|tee -a "$tmp"
    echo "$del"|tee -a "$tmp"
    notify-send -u critical "ALERTE DE SÉCURITÉ"\
    $((${wcl} - 1))" entrées ont été répertoriées dans le fichier ${tmp}"

else
    continue

fi
    done

Code : Tout sélectionner

[Unit]
Description=Service de Surveillance du Réseau
After=ulogd.service

[Service]
Type=simple
ExecStart=/usr/local/sbin/ulog
Restart=on-failure

[Install]
WantedBy=default.target

Code : Tout sélectionner

[Unit]
Description=Suppression du Log Iptables à l'Extinction du Système
Before=shutdown.target halt.target reboot.target

[Service]
Type=oneshot
ExecStart=/usr/bin/sh -c 'echo|tee /var/log/ulogd.syslogemu'

[Install]
WantedBy=default.target

Code : Tout sélectionner

*filter
:INPUT DROP [31:6002]
:FORWARD DROP [0:0]
:OUTPUT DROP [1:129]
-A INPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT ! -s 127.0.0.1/32 ! -d 127.0.0.1/32 -m conntrack ! --ctstate ESTABLISHED -j NFLOG --nflog-prefix "[ACCÈS_NON_AUTORISÉ/IN] : " --nflog-group 1 --nflog-threshold 20
-A OUTPUT -m conntrack ! --ctstate INVALID -j ACCEPT

Code : Tout sélectionner

*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
-A INPUT -s ::1/128 -d ::1/128 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT ! -s ::1/128 ! -d ::1/128 -m conntrack ! --ctstate ESTABLISHED -j NFLOG --nflog-prefix "[ACCÈS_NON_AUTORISÉ/IN_v6] : " --nflog-group 2 --nflog-threshold 20
-A OUTPUT -m conntrack ! --ctstate INVALID -j ACCEPT

Code : Tout sélectionner

*filter
:INPUT DROP [12:902]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
:LOGGING - [0:0]
-A INPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -j LOGGING
-A INPUT ! -s 127.0.0.1/32 ! -d 127.0.0.1/32 -m limit --limit 2/min -j NFLOG --nflog-prefix "[ACCÈS_NON_AUTORISÉ/IN] : " --nflog-group 1
-A OUTPUT -m conntrack ! --ctstate INVALID -j ACCEPT
-A LOGGING -j DROP

Code : Tout sélectionner

*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
:LOGGING - [0:0]
-A INPUT -p ipv6-icmp -j ACCEPT
-A INPUT -s ::1/128 -d ::1/128 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -j LOGGING
-A INPUT ! -s ::1/128 ! -d ::1/128 -m limit --limit 2/min -j NFLOG --nflog-prefix "[ACCÈS_NON_AUTORISÉ/IN_v6] : " --nflog-group 2
-A OUTPUT -m conntrack ! --ctstate INVALID -j ACCEPT
-A LOGGING -j DROP

Code : Tout sélectionner

*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [674:49736]
:LOGGING - [0:0]
-A INPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
-A INPUT ! -s 127.0.0.1/32 ! -d 127.0.0.1/32 -m recent --update --seconds 60 --hitcount 30 --name DEFAULT --mask 255.255.255.255 --rsource -j NFLOG --nflog-prefix "[NON_AUTORISÉ/IN] : " --nflog-group 1
-A INPUT -m conntrack ! --ctstate ESTABLISHED -j LOGGING
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A OUTPUT -m conntrack ! --ctstate INVALID -j ACCEPT
-A LOGGING -j DROP

Code : Tout sélectionner

*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
:LOGIN - [0:0]
:LOGOUT - [0:0]
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
-A INPUT ! -s 127.0.0.1/32 ! -d 127.0.0.1/32 -j LOGIN
-A OUTPUT -m conntrack ! --ctstate INVALID -j ACCEPT
-A OUTPUT -m conntrack --ctstate INVALID -j LOGOUT
-A LOGIN -j NFLOG --nflog-prefix "[NON_AUTORISÉ/IN] : " --nflog-group 1
-A LOGIN -j DROP
-A LOGOUT -j NFLOG --nflog-prefix "[INVALID/OUT] : " --nflog-group 1
-A LOGOUT -j DROP

Code : Tout sélectionner

[global]
logfile="/var/log/ulogd.log"
loglevel=5
rmem=131071
bufsize=150000

plugin="/usr/lib/ulogd/ulogd_inppkt_NFLOG.so"
plugin="/usr/lib/ulogd/ulogd_raw2packet_BASE.so"
plugin="/usr/lib/ulogd/ulogd_filter_IP2STR.so"
plugin="/usr/lib/ulogd/ulogd_filter_PRINTPKT.so"
plugin="/usr/lib/ulogd/ulogd_output_LOGEMU.so"
plugin="/usr/lib/ulogd/ulogd_filter_IFINDEX.so"

stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU

# IPv4
[log1]
group=1

# IPv6
[log2]
group=2

[emu1]
file=/var/log/ulogd.syslogemu

Code : Tout sélectionner

[global]
logfile="/var/log/ulogd.log"
loglevel=5
rmem=131071
bufsize=150000

plugin="/usr/lib/ulogd/ulogd_inppkt_NFLOG.so"
plugin="/usr/lib/ulogd/ulogd_raw2packet_BASE.so"
plugin="/usr/lib/ulogd/ulogd_filter_IP2STR.so"
plugin="/usr/lib/ulogd/ulogd_filter_PRINTPKT.so"
plugin="/usr/lib/ulogd/ulogd_output_LOGEMU.so"
plugin="/usr/lib/ulogd/ulogd_filter_IFINDEX.so"

stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU

# IPv4
[log1]
group=1

# IPv6
[log1]
group=2

[emu1]
file=/var/log/ulogd.syslogemu

Code : Tout sélectionner

#!/usr/bin/env zsh

sep="            ==================================================================================================================\n"
log="/var/log/ulogd.syslogemu"
dif="/tmp/log_dif"
tmp="/tmp/log"

    touch "$tmp"

while :; do

    sleep 600

if [[ ! -f ${tmp} || ! -f ${dif} ]]; then

    touch "$tmp"
    touch "$dif"
fi

rep=$(diff -u "$tmp" "$log"|grep '^+'|tail -n+2)
wcl=$(echo "$rep"|wc -l)

if [[ ${wcl} -gt 25 ]]; then

    echo "$rep"|tee "$dif"
    cat  "$dif"|tr -d '+'|tee -a "$tmp"
    echo "$sep"|tee -a "$tmp"
    notify-send -u critical "ALERTE DE SÉCURITÉ" "Vérifier le fichier ${tmp}"
else

    continue
fi
    done
a

Code : Tout sélectionner

# IPv4
[log1]
group=1

# IPv6
[log1]
group=2

Code : Tout sélectionner

# IPv6
[log1]
group=2

Code : Tout sélectionner

Chain INPUT (policy DROP 2 packets, 190 bytes)
 pkts bytes target     prot opt in     out     source               destination         
3759K 5842M ACCEPT     all  --  any    any     anywhere             anywhere             ctstate ESTABLISHED
 1894  121K ACCEPT     all  --  any    any     localhost            localhost            ctstate NEW,ESTABLISHED
   19  4252 LOGIN      all  --  any    any    !localhost           !localhost           

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
1547K  150M ACCEPT     all  --  any    any     anywhere             anywhere             ! ctstate INVALID
    0     0 LOGOUT     all  --  any    any     anywhere             anywhere             ctstate INVALID

Chain LOGIN (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   19  4252 NFLOG      all  --  any    any     anywhere             anywhere             nflog-prefix "[NON_AUTORISÉ/IN] : " nflog-group 1
   19  4252 DROP       all  --  any    any     anywhere             anywhere            

Chain LOGOUT (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 NFLOG      all  --  any    any     anywhere             anywhere             nflog-prefix "[INVALID/OUT] : " nflog-group 1
    0     0 DROP       all  --  any    any     anywhere             anywhere            

Code : Tout sélectionner

…
Aug  1 05:43:27 laptop [INVALID/OUT] :  IN= OUT=nordlynx MAC= SRC=10.5.0.2 DST=185.67.36.169 LEN=52 TOS=00 PREC=0x00 TTL=64 ID=63058 DF PROTO=TCP SPT=46466 DPT=8843 SEQ=1284363987 ACK=599157827 WINDOW=1602 ACK PSH FIN URGP=0 MARK=0x0 
Aug  1 05:43:27 laptop [INVALID/OUT] :  IN= OUT=nordlynx MAC= SRC=10.5.0.2 DST=185.67.36.168 LEN=52 TOS=00 PREC=0x00 TTL=64 ID=8002 DF PROTO=TCP SPT=60408 DPT=8843 SEQ=415868155 ACK=3259855536 WINDOW=1603 ACK PSH FIN URGP=0 MARK=0x0 
Aug  1 05:43:27 laptop [INVALID/OUT] :  IN= OUT=nordlynx MAC= SRC=10.5.0.2 DST=185.67.36.168 LEN=52 TOS=00 PREC=0x00 TTL=64 ID=41357 DF PROTO=TCP SPT=60424 DPT=8843 SEQ=2579950872 ACK=2308701251 WINDOW=1602 ACK PSH FIN URGP=0 MARK=0x0 
            ==================================================================================================================