This is an implementation of a basic password guessing ips. Call the ips.php file from a cron or automated service to check the log files for password attempts.
The ips comes with additional features to also read, write, update, and delete records stored in the state information the ips keeps. This allows manual alterations of rules and records through the ips
For the ips to work you will need to have php installed on your system and available from
the console. Also your system will need to have iptables running as its firewall editor
and using the standard linux /var/log directories for storing system logs. jounral will
not work on this ips system (an issue with some versions of Fedora)
To setup the ips simply register the the ips4cron.sh shell script with cron to be checked
at your desired frequency. You will need to add your sudo password to the SUDOPASS variable
in the ips4cron.sh script
On first run, ips has been set by default to check the var/log/secure file for intrusions,
it will allow up to 3 attempts before blocking a user, and it does not unblock users. In order
to change these settings you will need to run ips.php in settings mode so as to generate
a settings.ipsconf file with your preferences. Everytime ips.php starts up in check mode
it will then read this file and adjust accordingly.
The following flags will allow you to change the desired settings:
| Flag | Description |
|---|---|
| -tl | Set the time limit that a blocked user will be blocked for. -1 means no time limit |
| -al | Set the maximum number of attempts that can occur before a user is blocked |
| -ld | Set the log directory to be reasing from. Current support is for the /var/log/messages and /var/log/secure files |
An example of using the command is like this:
php ips.php -m settings -tl <timelimit> -al <attemptlimit> -ld <logdir>
Note that by not including the parameter, the setting will not be changed from whatever it was previously set to
The next step is then to setup the ips4cron.sh with crontab.
First open the ips4cron.sh file and edit the SUDOPASS variable to the sudo password of the machine ips.php will be executing on. This
is needed so that ips.php can execute iptables commands and read the system log files.
Then just configure cron to run the file at a frequency of your preference. The ideal setup is usually every couple of minutes.
If you run into issues ips.php can be reset back to defaults simply by deleting either the records.ipsconf file or the settings.ipsconf file.
Deleting the records.ipsconf file will remove all history and knowledge ips.php has gained by accessing and monitoring your log files and is generaly
not recommended unless wanting to do a complete restore. If you would like to reset ips.php's settings back to default you can do this by deleting the
settings.ipsconf. The next time ips.php runs in either check or settings mode a new file will be regenerated.
You can always run the ips.php check manually if you would like to test it out. Note that this will only execute it once and it will terminate
after scanning logs and recording records of login attempts. To continue scanning manualy would require rerunning the program and thus using crontab
is the recommended approach.
You can run ips.php manualy with the following command:
php ips.php -m check -p <sudopassword>
File structure of this project may appear initialy confusing. So below is to help calrify it. The docs folder contains all tests images and all
documentation on design documentation and test documentation. Within the lib folder is all library components of the ips.php file which is located
at the project root. Additionally there is a tests folder at the root. This contains the phpunit library and phpunit test code. Note that to find
documentation and images of these unit tests or general tests, that is located in the docs/tests, not this tests folder.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent