Build honey-pot environment to trap intruder from internet on CentOS 7 VM or security onion

 1. Download CentOS 7/  security onion( https://securityonionsolutions.com/software) form official ISO image  https://3ctipsmemo.blogspot.com/2021/04/centos-linux-7-and-8-isos-download-urls.html

and install it in Virtual Machine Apps(Virtualbox or VMware)

 



















2. Setting firewall rules for allowing  all link in but denying all link out with firewalld

 

3. Setting a extremely complexity root password to avoid brute-force cracking

4. Opening general service ports to serve outside connection.

5. Monitoring /var/log/message/secure to verify malicious connection behavior such as root fraud is to try many times with ssh connection, dovecot users fraud is to try use smtp service...

6. If they try to hack service over six times, we can coordinate these malicious connections hostnames/source IPs/destination ports to insert firewall blacklist


reference

https://access.redhat.com/discussions/3238521

https://firewalld.org/documentation/man-pages/firewall-cmd.html

https://unix.stackexchange.com/questions/508696/firewalld-block-outgoing-connections-on-specific-port

https://serverfault.com/questions/618164/block-outgoing-connections-on-rhel7-centos7-with-firewalld

https://superuser.com/questions/1391650/how-can-i-configure-firewalld-to-block-all-outgoing-traffic-except-for-specific

位置: 台灣

這個網誌中的熱門文章

Upgrade php and httpd(apache) on CentOS 7

圖片
1. for latest php from https://rpms.remirepo.net/ $ wget https://rpms.remirepo.net/enterprise/remi-release-7.rpm $ sudo  rpm -ivh remi-release-7.rpm $ sudo yum -y --enablerepo='remi-php74' --enablerepo='remi'  install php-7.4.29       2. for latest httpd from https://repo.codeit.guru/ $ wget https://repo.codeit.guru/codeit-repo-release.el7.rpm $ sudo rpm -ivh codeit-repo-release.el7.rpm $ sudo yum -y install httpd-2.4.53 3. If error message occurred on httpd-2.4.53 + php 5.4.X (Invalid command php...) modify /etc/httpd/conf.modules.d/00-mpm.conf disable mpm_event with #(sharp) and enable mpm_prefork with unsharp references https://rpms.remirepo.net/ https://repo.codeit.guru/ https://repo.codeit.guru/packages/centos/7/x86_64/  https://repo.ius.io/ https://tw.arip-photo.org/320126-error-start-apache-php-value-MDGNGZ https://www.datadoghq.com/blog/monitoring-apache-web-server-performance/#prefork-mpm #Cyber Security    
閱讀完整內容

Installing VMware workstation pro on Ubuntu 22.X (Jammy Jellyfish)

圖片
 1. Download workstation pro for vmware website https://www.vmware.com/tw/products/workstation-pro/workstation-pro-evaluation.html e.g.  VMware-Workstation-Full-16.2.3-19376536.x86_64.bundle 2. Download modules patch from github https://github.com/mkubecek/vmware-host-modules/releases/tag/w16.2.3-k5.18 tarball https://github.com/mkubecek/vmware-host-modules/archive/refs/tags/w16.2.3-k5.18.tar.gz 3. Execute by sudo $ chmod 755 VMware-Workstation-Full-16.2.3-19376536.x86_64.bundle $ sudo apt-get -y install build-essential $ sudo VMware-Workstation-Full-16.2.3-19376536.x86_64.bundle 4.Execude by account $ vmware 5. patch vmmon and vmnet $ tar zxvf w16.2.3-k5.18.tar.gz  $ cd  vmware-host-modules-w16.2.3-k5.18 $ tar cvf vmnet.tar  vmnet-only && sudo cp vmnet.tar /usr/lib/vmware/modules/source/ $ tar cvf vmmon.tar vmmon-only && sudo cp vmmon.tar /usr/lib/vmware/modules/source/ $ sudo vmware-modconfig --console --install-all                   6. Execute by account Lauch vmware
閱讀完整內容