| Contributions by: |
Heavily based on Howto from Cyrus Bharda <cbharda@myrealbox.com> for SME 5.5 |
| Created/Updated: | 12-07-2004 |
| Versions supported: | 5.5, 5.6 and 6.0 |
You must register with dshield.org to be able to
submit reports, so go to http://www.dshield.org/
and become a member, it is totally free and you will get no spam from
registering.
When you do register, there will be an option to
enable FightBack, you should enable this for obvious reasons, but before you
decide to please read what FightBack is and what it does here: http://www.dshield.org/fightback.php
.
Once you are registered you will receive an
email with your userid in it, remember this number as you will need it later.
I have created an install script that does most of the hard work which you can choose or you can do a manual installation
Automatic DShield Installation
[root@e-smith ]# wget http://sme.swerts-knudsen.dk/downloads/Dshield/dshield_install.sh
[root@e-smith ]# sh dshield_install.sh
Now you need to configure
the dshield client
First fine the line
from=nobody@nowhere.com
and change to the email address you registered with at DShield
Then
find
the line
userid=0
and
change to
userid=<your
userid from email>
Now hit Ctrl+O to save and then Ctrl+X to exit pico.
Now you are Done! Expect one to two emails a day, depending on what options you selected when registering.
Here is an example from one day:
There are a few differences dependant of whether you are running SME 5.5 or SME 5.6/6.0. SME 5.5 uses ipchains and 5.6/6.0 iptables. In this Howto you need to change the XXXX to either ipchains for SME 5.5 users or iptables for SME 5.6/6.0 users.
Now logon to your SME box as root to get a command
prompt and download the ipchains client for dshield from my download area. I
have downloaded them from DShield
Client Area:
SME 5.5
[root@e-smith
]# wget http://sme.swerts-knudsen.dk/downloads/Dshield/ipchains.tar.gz
SME 5.6/6.0
[root@e-smith
]# wget http://sme.swerts-knudsen.dk/downloads/Dshield/iptables.tar.gz
Make a
directory for dshield
[root@e-smith
]# mkdir /home/dshield/
Move
client to new directory
[root@e-smith
]# mv XXXX.tar.gz /home/dshield
[root@e-smith
]# mv XXXX.tar.gz /home/dshield
Move to the new directory and untar client
[root@e-smith ]# cd /home/dshield
[root@e-smith
]# tar
–xzf XXXX.tar.gz
Copy
config file to /etc
[root@e-smith ]# cd /home/dshield/XXXX
[root@e-smith
]# cp
dshield.cnf /etc/
Copy
list files to /etc
[root@e-smith
]# cp
dshield-source*.lst /etc/
[root@e-smith
]# cp dshield-target*.lst /etc/
Now you need to configure
the dshield client
[root@e-smith
]# pico /etc/dshield.cnf
First fine the line
from=nobody@nowhere.com
and change to the email address you registered with at DShield
Then
find
the line
userid=0
and
change to
userid=<your
userid from email>
If
you are using SME 5.5 then find
the line
# line_filter=input DENY
and
change to
line_filter=denylog
DENY
Find
the line
# tmpfile=/tmp/dshield.tmp
and
change to
tmpfile=/tmp/dshield.tmp
Now hit
Ctrl+O to save and then Ctrl+X to exit pico.
Now create
a cron job to run script every day
[root@e-smith ]# mkdir -p /etc/e-smith/templates-custom/etc/crontab
[root@e-smith
]# cd /etc/e-smith/templates-custom/etc/crontab
[root@e-smith ]# echo "0 0 * * * root cd /home/dshield/XXXX; /home/dshield/XXXX/XXXX.pl" > dshield
Expand
the new template
[root@e-smith
]# /sbin/e-smith/expand-template /etc/crontab
Turn deny packet logging on:
[root@e-smith
]# /sbin/e-smith/db configuration setprop masq
Logging <option>
Options:
all
– Every blocked packet logged
most
– Every blocked packed except SMB and RIP
none
– No blocked packets logged
I suggest using
the "all" option.
Update remote access options
[root@e-smith
]# /sbin/e-smith/signal-event remoteaccess-update