MintRusion

Suggestions and feedback for Linux Mint and the forums
Forum rules
Do not post support questions here. Before you post read: Where to post ideas & feature requests
Post Reply
Guest

MintRusion

Post by Guest »

Hi, there are scripts out there like FAIL2BAN or AvanceIT's SSH Script to prevent BruteForce Attacks...

i would really like to see Mint Dev or similar (i cannot) code an app called MintRusion (Mint Intrusion Detection System), using http://www.snort.org, to show intrusions and autoban intruding ip with ufw or open some gtk alart with some like ...


Snort log:

Code: Select all

[**] [1:1256:2] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
03/30-19:35:54.306411 68.153.97.216:4464 -> 192.168.1.1:80
TCP TTL:122 TOS:0x0 ID:2271 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x949963A3 Ack: 0xA3F9CDE1 Win: 0x4510 TcpLen: 20 

Code: Select all

Alert!
Mintrusion detected %Classification% with Priority %PriorLevel% from %intruder_IP% on %Attacked_IP% !

Options:  
[1] Add BAN %
[2] WhoIS %
[3] Ignore %
what you think of that in general and do you think you can write something like that?
exploder
Level 15
Level 15
Posts: 5623
Joined: Tue Feb 13, 2007 10:50 am
Location: HartfordCity, Indiana USA

Re: MintRusion

Post by exploder »

This is an interesting idea.
User avatar
grimdestripador
Level 6
Level 6
Posts: 1051
Joined: Fri Feb 16, 2007 2:26 am

Re: MintRusion

Post by grimdestripador »

Considering there is already a mint nanny with a packet manager, it should'nt be too different to incorporate MintRusion. I also like the name better.
User avatar
Zwopper
Level 10
Level 10
Posts: 3054
Joined: Fri Nov 30, 2007 12:20 pm
Location: Deep in the Swedish woods
Contact:

Re: MintRusion

Post by Zwopper »

...or maybe call it: mintRusion to go with the naming policy of the other tools.
Image
My artwork at deviantART | My Band - Electric Alchemea
CREA DIEM!

Lenovo U330P | i5 | 16GB | 128GB - SSD | Elemantary OS 0.4
miket

Re: MintRusion

Post by miket »

Hi All !


I'm really not sure there is a need really as all the necessary "bits" exist and I do hate having applications that really do nothing more than
replicate what is already out there :)

The script I knocked up just grabs info from one source and passes it to another, very simple .... adds very little functionality really,
just brings the functionality of two apps together really, nothing more.

As for having alerts, well what's wrong with having a terminal open on one of your desktops that is just grepping the auth.log file
for particular things ... infact you could even knock up a script that does the same thing and then sends SOS in morse code !!
(Not that I've done anything like that before ... honestly ... )

I think the problem with apps like snort is that they try to do everything, just like so many windows apps, and gradually their overhead increases and
before you know it your network is running slow, disk activity is high, the system becomes unreliable etc etc ... look at Norton on windows today,
it is a system killer ... it can bring any system to it's knees no matter how much memory and processor power you have onboard ...
Lets not be fooled into that way of thinking, lets step back and look at the great UNIX based system we have and all the facilities it already
offers rather than developing yet another GUI app just to do the same thing but look pretty ;)

Just my 2p comment !

Mike.
Post Reply

Return to “Suggestions & Feedback”