bayshorenetworks / gargoyle Goto Github PK
View Code? Open in Web Editor NEWGargoyle - Active Protection for Linux
License: BSD 3-Clause "New" or "Revised" License
Gargoyle - Active Protection for Linux
License: BSD 3-Clause "New" or "Revised" License
Certain scan types aren't blocked immediately and are only caught by the analysis process. See attached pcaps for a couple examples. Perhaps make it user configurable (after X ports scanned by the same host, block immediately).
The Gargoyle init script should report it's version during startup
Currently, lscand outputs the following into syslog:
gargoyle_lscand_bruteforce: action="block" violator="192.168.101.101" detection_type="51" timestamp="1516829885"
As you can see there is no way for one to tell which config triggered the block. Maybe lscand can insert the filename of the config in the log as config="configfile", or make a new property in the config file to use it as an identifier.
It looks like gargoyle misses ipv6 ports when auto-checking for valid ports to ignore. Adding 80 and 443 to .gargoyle_config works fine, but those two ports get missed by default. Note that for recent versions of Apache, the default behavior is to bind using ipv6.
root@ip-172-26-12-206:/opt/gargoyle_pscand# netstat -tulpn |grep LIST
tcp 0 0 127.0.0.1:9050 0.0.0.0:* LISTEN 1241/tor
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 5171/mysqld
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 5355/sshd
tcp6 0 0 :::443 :::* LISTEN 1272/apache2
tcp6 0 0 :::80 :::* LISTEN 1272/apache2
tcp6 0 0 :::22 :::* LISTEN 5355/sshd
root@ip-172-26-12-206:/opt/gargoyle_pscand# grep ignoring /var/log/syslog
Jan 23 01:27:12 ip-172-26-12-206 gargoyle_pscand: ignoring ephemeral port range: 32768 - 60999
Jan 23 01:27:12 ip-172-26-12-206 gargoyle_pscand: Gargoyle_pscand - ignoring ports: 9050,3306,22
Jan 23 01:27:12 ip-172-26-12-206 gargoyle_pscand: Gargoyle_pscand - ignoring IP addr's: 0.0.0.0,172.26.0.1,127.0.0.1,172.26.12.206
Jan 23 01:41:04 ip-172-26-12-206 gargoyle_pscand: ignoring ephemeral port range: 32768 - 60999
Jan 23 01:41:04 ip-172-26-12-206 gargoyle_pscand: Gargoyle_pscand - ignoring ports: 9050,3306,22
Jan 23 01:41:04 ip-172-26-12-206 gargoyle_pscand: Gargoyle_pscand - ignoring IP addr's: 0.0.0.0,172.26.0.1,127.0.0.1,172.26.12.206
Jan 23 01:46:27 ip-172-26-12-206 gargoyle_pscand: ignoring ephemeral port range: 32768 - 60999
Jan 23 01:46:27 ip-172-26-12-206 gargoyle_pscand: Gargoyle_pscand - ignoring ports: 9050,3306,22
Jan 23 01:46:27 ip-172-26-12-206 gargoyle_pscand: Gargoyle_pscand - ignoring IP addr's: 0.0.0.0,172.26.0.1,127.0.0.1,172.26.12.206
Create functionality for option to report offensive ips to AbuseIPDB and/or similar reporting sites.
gargoyle daemon was running on the client (192.168.1.161). Client mounted NFS (192.168.1.20). A little while after the mount, communication between the two was blocked. Comm resumed once gargoyle was stopped. Not sure how this can be remedied, aside from the end user excluding nfs ports.
./syslog:Jan 5 13:55:01 Bayshore01 gargoyle_pscand: action="block" violator="192.168.1.20" detection_type="7" timestamp="1515178501"
./auth.log:Jan 5 13:54:24 Bayshore01 sudo: btaub : TTY=pts/20 ; PWD=/home/btaub/ ; USER=root ; COMMAND=/bin/mount 192.168.1.20:/media/btaub/70844b5d-2868-4e50-8994-fcf869ee8c1a /mnt/
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.