Update presentation
This commit is contained in:
parent
34bc047046
commit
98f7f15ae0
16
README.md
16
README.md
@ -1,13 +1,13 @@
|
|||||||
# reaction
|
# reaction
|
||||||
|
|
||||||
🚧 this program has not been tested in production yet 🚧
|
|
||||||
|
|
||||||
a program that scans program outputs, such as logs,
|
a program that scans program outputs, such as logs,
|
||||||
for repeated patterns, such as failed login attempts,
|
for repeated patterns, such as failed login attempts,
|
||||||
and takes action, such as banning ips.
|
and takes action, such as banning ips.
|
||||||
|
|
||||||
(adapted from [fail2ban](http://fail2ban.org)'s presentation 😄)
|
(adapted from [fail2ban](http://fail2ban.org)'s presentation 😄)
|
||||||
|
|
||||||
|
🚧 this program hasn't received external audit. however, it already works well on my servers 🚧
|
||||||
|
|
||||||
## rationale
|
## rationale
|
||||||
|
|
||||||
i was using fail2ban since quite a long time, but i was a bit frustrated by it's cpu consumption
|
i was using fail2ban since quite a long time, but i was a bit frustrated by it's cpu consumption
|
||||||
@ -57,7 +57,6 @@ ExecStart=/path/to/reaction -c /etc/reaction.yml
|
|||||||
ExecStartPre=/path/to/iptables -w -N reaction
|
ExecStartPre=/path/to/iptables -w -N reaction
|
||||||
ExecStartPre=/path/to/iptables -w -A reaction -j ACCEPT
|
ExecStartPre=/path/to/iptables -w -A reaction -j ACCEPT
|
||||||
ExecStartPre=/path/to/iptables -w -I reaction 1 -s 127.0.0.1 -j ACCEPT
|
ExecStartPre=/path/to/iptables -w -I reaction 1 -s 127.0.0.1 -j ACCEPT
|
||||||
ExecStartPre=/path/to/iptables -w -I reaction 1 -s ::1 -j ACCEPT
|
|
||||||
ExecStartPre=/path/to/iptables -w -I INPUT -p all -j reaction
|
ExecStartPre=/path/to/iptables -w -I INPUT -p all -j reaction
|
||||||
|
|
||||||
ExecStopPost=/path/to/iptables -w -D INPUT -p all -j reaction
|
ExecStopPost=/path/to/iptables -w -D INPUT -p all -j reaction
|
||||||
@ -92,3 +91,14 @@ the socket allowing communication between the cli and server will be created at
|
|||||||
```shell
|
```shell
|
||||||
$ go build .
|
$ go build .
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### nixos
|
||||||
|
|
||||||
|
in addition to the [package](https://framagit.org/ppom/nixos/-/blob/cf5448b21ae3386265485308a6cd077e8068ad77/pkgs/reaction/default.nix)
|
||||||
|
and [module](https://framagit.org/ppom/nixos/-/blob/cf5448b21ae3386265485308a6cd077e8068ad77/modules/common/reaction.nix)
|
||||||
|
that i didn't tried to upstream to nixpkgs yet (although they are ready), i use extensively reaction on my servers. if you're using nixos,
|
||||||
|
consider reading and building upon [my own building blocks](https://framagit.org/ppom/nixos/-/blob/cf5448b21ae3386265485308a6cd077e8068ad77/modules/common/reaction-variables.nix),
|
||||||
|
[my own non-root reaction conf, including conf for SSH, port scanning & Nginx common attack URLS](https://framagit.org/ppom/nixos/-/blob/cf5448b21ae3386265485308a6cd077e8068ad77/modules/common/reaction-custom.nix),
|
||||||
|
and the configuration for [nextcloud](https://framagit.org/ppom/nixos/-/blob/cf5448b21ae3386265485308a6cd077e8068ad77/modules/musi/file.ppom.me.nix#L53),
|
||||||
|
[vaultwarden](https://framagit.org/ppom/nixos/-/blob/cf5448b21ae3386265485308a6cd077e8068ad77/modules/musi/vaultwarden.nix#L45),
|
||||||
|
and [maddy](https://framagit.org/ppom/nixos/-/blob/cf5448b21ae3386265485308a6cd077e8068ad77/modules/musi/mail.nix#L74). see also an [example](https://framagit.org/ppom/nixos/-/blob/cf5448b21ae3386265485308a6cd077e8068ad77/modules/musi/mail.nix#L85) where it does something else than banning IPs.
|
||||||
|
@ -10,9 +10,8 @@ ExecStart=/path/to/reaction -c /etc/reaction.yml
|
|||||||
ExecStartPre=/path/to/iptables -w -N reaction
|
ExecStartPre=/path/to/iptables -w -N reaction
|
||||||
# Set its default to ACCEPT
|
# Set its default to ACCEPT
|
||||||
ExecStartPre=/path/to/iptables -w -A reaction -j ACCEPT
|
ExecStartPre=/path/to/iptables -w -A reaction -j ACCEPT
|
||||||
# Always accept 127.0.0.1 && ::1
|
# Always accept 127.0.0.1
|
||||||
ExecStartPre=/path/to/iptables -w -I reaction 1 -s 127.0.0.1 -j ACCEPT
|
ExecStartPre=/path/to/iptables -w -I reaction 1 -s 127.0.0.1 -j ACCEPT
|
||||||
ExecStartPre=/path/to/iptables -w -I reaction 1 -s ::1 -j ACCEPT
|
|
||||||
# Insert this chain as the first item of the INPUT chain (for incoming connections)
|
# Insert this chain as the first item of the INPUT chain (for incoming connections)
|
||||||
ExecStartPre=/path/to/iptables -w -I INPUT -p all -j reaction
|
ExecStartPre=/path/to/iptables -w -I INPUT -p all -j reaction
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user