Build honey-pot environment to trap intruder from internet on CentOS 7 VM or security onion

 1. Download CentOS 7/  security onion( https://securityonionsolutions.com/software) form official ISO image  https://3ctipsmemo.blogspot.com/2021/04/centos-linux-7-and-8-isos-download-urls.html

and install it in Virtual Machine Apps(Virtualbox or VMware)

 



















2. Setting firewall rules for allowing  all link in but denying all link out with firewalld

 

3. Setting a extremely complexity root password to avoid brute-force cracking

4. Opening general service ports to serve outside connection.

5. Monitoring /var/log/message/secure to verify malicious connection behavior such as root fraud is to try many times with ssh connection, dovecot users fraud is to try use smtp service...

6. If they try to hack service over six times, we can coordinate these malicious connections hostnames/source IPs/destination ports to insert firewall blacklist


reference

https://access.redhat.com/discussions/3238521

https://firewalld.org/documentation/man-pages/firewall-cmd.html

https://unix.stackexchange.com/questions/508696/firewalld-block-outgoing-connections-on-specific-port

https://serverfault.com/questions/618164/block-outgoing-connections-on-rhel7-centos7-with-firewalld

https://superuser.com/questions/1391650/how-can-i-configure-firewalld-to-block-all-outgoing-traffic-except-for-specific

位置: 台灣

這個網誌中的熱門文章

取消Excel與word網際網路與網路路徑超連結自動格式

圖片
 常常會遇到在Excel與Word整理惡意網址與ip卻出現Excel與Word自動格式化這些惡意網址與超連結,而變成可以點擊的超連結,卻不小心去點擊到惡意網址或釣魚網址.可以利用以下方式消除自動(如下圖) Excel =>檔案=>選項=>校訂=>自動校正選項=>輸入時自動套用格式=>網際網路與網路路徑超連結 Word=>檔案=>選項=>校訂=>自動校正選項=>自動格式設定=>以超連結取代網際網路和網路路徑 Word=>檔案=>選項=>校訂=>自動校正選項=>輸入時自動套用格式=>以超連結取代網際網路和網路路徑
閱讀完整內容

Upgrade php and httpd(apache) on CentOS 7

圖片
1. for latest php from https://rpms.remirepo.net/ $ wget https://rpms.remirepo.net/enterprise/remi-release-7.rpm $ sudo  rpm -ivh remi-release-7.rpm $ sudo yum -y --enablerepo='remi-php74' --enablerepo='remi'  install php-7.4.29       2. for latest httpd from https://repo.codeit.guru/ $ wget https://repo.codeit.guru/codeit-repo-release.el7.rpm $ sudo rpm -ivh codeit-repo-release.el7.rpm $ sudo yum -y install httpd-2.4.53 3. If error message occurred on httpd-2.4.53 + php 5.4.X (Invalid command php...) modify /etc/httpd/conf.modules.d/00-mpm.conf disable mpm_event with #(sharp) and enable mpm_prefork with unsharp references https://rpms.remirepo.net/ https://repo.codeit.guru/ https://repo.codeit.guru/packages/centos/7/x86_64/  https://repo.ius.io/ https://tw.arip-photo.org/320126-error-start-apache-php-value-MDGNGZ https://www.datadoghq.com/blog/monitoring-apache-web-server-performance/#prefork-mpm #Cyber Security    
閱讀完整內容