Guardian rc1 for Ipcop 1.4.6
http://mh-lantech.css-hamburg.de/ipcop/ ... hp?view.69
EDIT
Apres m'etre battu avec un cookie et m'etre enregistre sur snort pour recuperer mon code oink
j'ai installe cet addon sans probleme.
il y a quelques mots d'allemands dans l'interface web mais mis à part ca tout semble aller bien si ce n'est que je n'ai pas encore completement compris cette interface. Si je me refere aux explications ci dessous ca ne devrait pas etre trop complique.
...voila qui est fait, un addon interessant à mon sens,. il ajoute la fonciton block ip depuis un whois dans le tabelau connection.
This mod reads the snort-alert-logfile and blocks e.g. portsscan automaticlly.
Another function of this mod is, that you could enter an ip in the webinterface and this ip will be blocked.
There is also a function in the connection-page of the webinterface to block ip's.
Just click the ip to show the who-is and at the end of the who-is-page there is a link to block the ip.
The manuall ip-blocking is working also if guardian is disabled.
Installation:
Copy the file to your ipcop, extract it with
tar xfz guardian_ipcop_1.4.6.tar.gz
Go into the guardian-directory and run
./install
After this, you have to go into the webinterface under services ==> guardian and set your red interface and the time, guardian should block ip's.
All other settings could be left in default state.
Now go to services ==> intrusion detection and enable guardian.
Under Logs ==> guardianlog you could see which ip is blocked/unblocked.
Uninstall:
Just run
/var/log/home/guardian/bin/uninstall