Skip to content
This repository has been archived by the owner on May 23, 2019. It is now read-only.

PlatformUbuntu12

Jump to bottom
Wes edited this page May 20, 2014 · 36 revisions

Overview

This contrib script will work instead of a traditional PPA, it sets up:

  • apt-get repo's
  • elasticsearch
  • zeromq
  • most of the bind configuration
  • user/group: cif and it's corresponding ~/.profile

Setting up the Environment

  1. configure the environment

    $ ./configure --sysconfdir=/etc/cif --localstatedir=/var/cif --prefix=/opt/cif
$ ( cd contrib/platforms/debian && sudo ./debian.sh )
$ make && sudo make deps
$ make test
$ sudo make install
$ sudo make fixperms

Bind Interface

Bind Forwarding

  1. modify /etc/bind/named.conf.options to point at public-dns

    options {
    ...
    forward only;  
    forwarders {  
        8.8.8.8;  
        8.8.4.4;
    };
    ...
};

Forwarder Whitelisting

  1. verify /etc/bind/named.conf.local

    // bypass any forwarders

zone "cymru.com" {
    forward only;
    type forward;
    forwarders { };
};

zone "zen.spamhaus.org" {
    forward only;
    type forward;
    forwarders { };
};

zone "dbl.spamhaus.org" {
    forward only;
    type forward;
    forwarders { };
};

Bind Testing

  1. reload bind

  2. verify bind is working properly

    $ dig ns1.google.com

Apache PSGI Interface

Apache is the default configured gateway to cif-router, other solutions such as Nginx can also be used with a little different configuration.

  1. configure the default-ssl site

    <IfModule mod_ssl.c>
<VirtualHost _default_:443>
    ServerAdmin webmaster@localhost
+   Include /etc/apache2/cif.conf

    DocumentRoot /var/www
    ...

  2. configure the api configuration

    <Location "/api">
    SetHandler perl-script
    PerlResponseHandler Plack::Handler::Apache2
    PerlSetVar psgi_app /opt/cif/bin/cif.psgi
</Location>

  3. restart apache

service apache2 restart

Testing

Router

  1. start cif-router
$ sudo service cif-router start
  1. test connectivity to the router
$ curl -w "\n" -X GET 'http://localhost/api/_ping?token=1234'
{"timestamp":[1400585768,265584]}

Smrt

  1. perform an initial cif-smrt test run
$ sudo -u cif cif-smrt --randomstart 0 --consolemode -d -r /opt/cif/etc/rules/default
[2014-04-19T16:00:51,868Z][INFO]: cleaning up tmp...
[2014-04-19T16:00:52,012Z][INFO]: generating ping request...
[2014-04-19T16:00:52,077Z][INFO]: sending ping...
[2014-04-19T16:00:52,089Z][INFO]: ping returned
[2014-04-19T16:00:52,106Z][INFO]: processing: bin/cif-smrt -d -r /opt/cif/etc/rules/default/bruteforceblocker.cfg -f ssh
[2014-04-19T16:00:52,427Z][INFO]: starting at: 2014-04-19T00:00:00Z
[2014-04-19T16:00:52,431Z][INFO]: processing...
[2014-04-19T16:00:54,532Z][INFO]: building events: 1273
[2014-04-19T16:00:55,335Z][INFO]: sending: 78
[2014-04-19T16:00:55,955Z][INFO]: took: ~0.921849
[2014-04-19T16:00:55,956Z][INFO]: rate: ~84.6125558524227 o/s
[2014-04-19T16:00:55,956Z][INFO]: processing: bin/cif-smrt -d -r /opt/cif/etc/rules/default/drg.cfg -f ssh
...

  1. start cif-smrt

    $ sudo service cif-smrt start

References

Creative Commons License

Clone this wiki locally