Guardian for IPCop 1.4.16 v2.4.9.8
** 02.09.2007
** Version for IPCop 1.4.16
** Adaption to 1.4.16
** ONLY USE WITH THIS VERSION OR HIGHER!!
** Localization ( using language tools of IPCop )
**
**
** 18.07.2007
** Corrected version of 2.4.9.6 ( don’t use 2.4.9.6)
** Synchronisation of config with WebGUI and guardian.conf
** “country code” for RED
**
**
** ??.??.2007
** added flags for privat ip-adresses
**
** 26.04.2007
** adapted to Ipcop 1.4.15
** bebima
**
**
** 29.09.2006
** fixed bug with geo-ip and libpng on Ipcop 1.4.11
**
This mod reads the snort-alert-logfile and blocks e.g. portsscan automaticlly.
Another function of this mod is, that you could enter an ip in the webinterface and this ip will be blocked.
There is also a function in the connection-page of the webinterface to block ip’s.
Just click the ip to show the who-is and at the end of the who-is-page there is a link to block the ip.
The manuall ip-blocking is working also if guardian is disabled.
Installation:
Copy the file to your ipcop, extract it with
tar xfz guardian_ipcop_1.4.16.tgz -C /tmp
Go into the guardian-directory and run
./install
After this, you have to go into the webinterface under services ==> guardian and set your red interface and the time, guardian should block ip’s.
All other settings could be left in default state.
Now go to services ==> intrusion detection and enable guardian.
Under Logs ==> guardianlog you could see which ip is blocked/unblocked.
Uninstall:
Just run
/var/ipocp/guardian/bin/uninstall
To adapt to other languages than english and german ( included ),
just edit
/var/ipcop/addon-lang/guardian.en.pl
and save it to
/var/ipcop/addon-lang/guardian..pl ( do NOT alter …en.pl )
then run
perl -e “require ‘/var/ipcop/lang.pl’; &Lang::BuildCacheLang”
more detail info u may click here
[tags]Guardian, IPcop, Snort[/tags]
