diff --git a/DMZ.sh b/assignment1/DMZ.sh similarity index 100% rename from DMZ.sh rename to assignment1/DMZ.sh diff --git a/INTERNAL.sh b/assignment1/INTERNAL.sh similarity index 100% rename from INTERNAL.sh rename to assignment1/INTERNAL.sh diff --git a/INTERNET.sh b/assignment1/INTERNET.sh similarity index 100% rename from INTERNET.sh rename to assignment1/INTERNET.sh diff --git a/Practical Assignment 1.pdf b/assignment1/Practical Assignment 1.pdf similarity index 100% rename from Practical Assignment 1.pdf rename to assignment1/Practical Assignment 1.pdf diff --git a/ROUTER.sh b/assignment1/ROUTER.sh similarity index 100% rename from ROUTER.sh rename to assignment1/ROUTER.sh diff --git a/entrega.zip b/assignment1/entrega.zip similarity index 100% rename from entrega.zip rename to assignment1/entrega.zip diff --git a/entrega.zip.asc b/assignment1/entrega.zip.asc similarity index 100% rename from entrega.zip.asc rename to assignment1/entrega.zip.asc diff --git a/assignment1/relatorio.aux b/assignment1/relatorio.aux new file mode 100644 index 0000000..8bb0df4 --- /dev/null +++ b/assignment1/relatorio.aux @@ -0,0 +1,13 @@ +\relax +\providecommand \babel@aux [2]{\global \let \babel@toc \@gobbletwo } +\@nameuse{bbl@beforestart} +\catcode `"\active +\babel@aux{portuguese}{} +\@writefile{toc}{\contentsline {section}{\numberline {1}Introduction}{2}{}\protected@file@percent } +\@writefile{toc}{\contentsline {section}{\numberline {2}Firewall}{2}{}\protected@file@percent } +\@writefile{toc}{\contentsline {subsection}{\numberline {2.1}Packet fileter without NAT}{2}{}\protected@file@percent } +\@writefile{toc}{\contentsline {subsection}{\numberline {2.2}Packet filtering with NAT}{3}{}\protected@file@percent } +\@writefile{toc}{\contentsline {section}{\numberline {3}Intrusion Detection}{4}{}\protected@file@percent } +\@writefile{toc}{\contentsline {section}{\numberline {4}Tests utilizados}{5}{}\protected@file@percent } +\@writefile{toc}{\contentsline {section}{\numberline {5}Conclusion}{5}{}\protected@file@percent } +\gdef \@abspage@last{5} diff --git a/assignment1/relatorio.log b/assignment1/relatorio.log new file mode 100644 index 0000000..25be7ed --- /dev/null +++ b/assignment1/relatorio.log @@ -0,0 +1,244 @@ +This is pdfTeX, Version 3.141592653-2.6-1.40.27 (TeX Live 2026/dev/Arch Linux) (preloaded format=pdflatex 2026.1.17) 22 MAR 2026 22:27 +entering extended mode + \write18 enabled. + %&-line parsing enabled. +**/home/vasco/EngenhariaInformatica/3ano/sem2/fsi/trabalho/relatorio +(/home/vasco/EngenhariaInformatica/3ano/sem2/fsi/trabalho/relatorio.tex +LaTeX2e <2024-11-01> patch level 2 +L3 programming layer <2025-01-18> +(/usr/share/texmf-dist/tex/latex/base/article.cls +Document Class: article 2024/06/29 v1.4n Standard LaTeX document class +(/usr/share/texmf-dist/tex/latex/base/size12.clo +File: size12.clo 2024/06/29 v1.4n Standard LaTeX file (size option) +) +\c@part=\count196 +\c@section=\count197 +\c@subsection=\count198 +\c@subsubsection=\count199 +\c@paragraph=\count266 +\c@subparagraph=\count267 +\c@figure=\count268 +\c@table=\count269 +\abovecaptionskip=\skip49 +\belowcaptionskip=\skip50 +\bibindent=\dimen141 +) +(/usr/share/texmf-dist/tex/generic/babel/babel.sty +Package: babel 2025/02/14 v25.4 The multilingual framework for pdfLaTeX, LuaLaT +eX and XeLaTeX +\babel@savecnt=\count270 +\U@D=\dimen142 +\l@unhyphenated=\language33 + +(/usr/share/texmf-dist/tex/generic/babel/txtbabel.def) +\bbl@readstream=\read2 +\bbl@dirlevel=\count271 + +(/usr/share/texmf-dist/tex/generic/babel-portuges/portuguese.ldf +Language: portuges 2021/07/09 v1.2t Portuguese support from the babel system +Package babel Info: Making " an active character on input line 143. +)) +(/usr/share/texmf-dist/tex/generic/babel/locale/pt/babel-portuguese.tex +Package babel Info: Importing font and identification data for portuguese +(babel) from babel-pt.ini. Reported on input line 11. +) +(/usr/share/texmf-dist/tex/latex/ebgaramond/ebgaramond.sty +Package: ebgaramond 2024/04/23 (Bob Tennent and autoinst) Style file for EB Gar +amond fonts. + +(/usr/share/texmf-dist/tex/generic/iftex/ifxetex.sty +Package: ifxetex 2019/10/25 v0.7 ifxetex legacy package. Use iftex instead. + +(/usr/share/texmf-dist/tex/generic/iftex/iftex.sty +Package: iftex 2024/12/12 v1.0g TeX engine tests +)) +(/usr/share/texmf-dist/tex/generic/iftex/ifluatex.sty +Package: ifluatex 2019/10/25 v1.5 ifluatex legacy package. Use iftex instead. +) +(/usr/share/texmf-dist/tex/latex/xkeyval/xkeyval.sty +Package: xkeyval 2022/06/16 v2.9 package option processing (HA) + +(/usr/share/texmf-dist/tex/generic/xkeyval/xkeyval.tex +(/usr/share/texmf-dist/tex/generic/xkeyval/xkvutils.tex +\XKV@toks=\toks17 +\XKV@tempa@toks=\toks18 + +(/usr/share/texmf-dist/tex/generic/xkeyval/keyval.tex)) +\XKV@depth=\count272 +File: xkeyval.tex 2014/12/03 v2.7a key=value parser (HA) +)) +(/usr/share/texmf-dist/tex/latex/base/textcomp.sty +Package: textcomp 2024/04/24 v2.1b Standard LaTeX package +) +(/usr/share/texmf-dist/tex/latex/base/fontenc.sty +Package: fontenc 2021/04/29 v2.0v Standard LaTeX package +) +(/usr/share/texmf-dist/tex/latex/fontaxes/fontaxes.sty +Package: fontaxes 2020/07/21 v1.0e Font selection axes +LaTeX Info: Redefining \upshape on input line 29. +LaTeX Info: Redefining \itshape on input line 31. +LaTeX Info: Redefining \slshape on input line 33. +LaTeX Info: Redefining \swshape on input line 35. +LaTeX Info: Redefining \scshape on input line 37. +LaTeX Info: Redefining \sscshape on input line 39. +LaTeX Info: Redefining \ulcshape on input line 41. +LaTeX Info: Redefining \textsw on input line 47. +LaTeX Info: Redefining \textssc on input line 48. +LaTeX Info: Redefining \textulc on input line 49. +) +LaTeX Info: Redefining \oldstylenums on input line 163. +LaTeX Info: Redefining \textsw on input line 173. +) +(/usr/share/texmf-dist/tex/latex/listings/listings.sty +\lst@mode=\count273 +\lst@gtempboxa=\box52 +\lst@token=\toks19 +\lst@length=\count274 +\lst@currlwidth=\dimen143 +\lst@column=\count275 +\lst@pos=\count276 +\lst@lostspace=\dimen144 +\lst@width=\dimen145 +\lst@newlines=\count277 +\lst@lineno=\count278 +\lst@maxwidth=\dimen146 + +(/usr/share/texmf-dist/tex/latex/listings/lstpatch.sty +File: lstpatch.sty 2024/09/23 1.10c (Carsten Heinz) +) +(/usr/share/texmf-dist/tex/latex/listings/lstmisc.sty +File: lstmisc.sty 2024/09/23 1.10c (Carsten Heinz) +\c@lstnumber=\count279 +\lst@skipnumbers=\count280 +\lst@framebox=\box53 +) +(/usr/share/texmf-dist/tex/latex/listings/listings.cfg +File: listings.cfg 2024/09/23 1.10c listings configuration +)) +Package: listings 2024/09/23 1.10c (Carsten Heinz) +LaTeX Font Info: Trying to load font information for OT1+EBGaramond-LF on in +put line 28. + +(/usr/share/texmf-dist/tex/latex/ebgaramond/OT1EBGaramond-LF.fd +File: OT1EBGaramond-LF.fd 2023/03/19 (autoinst) Font definitions for OT1/EBGara +mond-LF. +) +LaTeX Font Info: Font shape `OT1/EBGaramond-LF/m/n' will be +(Font) scaled to size 12.0pt on input line 28. + +(/usr/share/texmf-dist/tex/latex/l3backend/l3backend-pdftex.def +File: l3backend-pdftex.def 2024-05-08 L3 backend support: PDF output (pdfTeX) +\l__color_backend_stack_int=\count281 +\l__pdf_internal_box=\box54 +) +(/home/vasco/EngenhariaInformatica/3ano/sem2/fsi/trabalho/relatorio.aux) +\openout1 = `relatorio.aux'. + +LaTeX Font Info: Checking defaults for OML/cmm/m/it on input line 28. +LaTeX Font Info: ... okay on input line 28. +LaTeX Font Info: Checking defaults for OMS/cmsy/m/n on input line 28. +LaTeX Font Info: ... okay on input line 28. +LaTeX Font Info: Checking defaults for OT1/cmr/m/n on input line 28. +LaTeX Font Info: ... okay on input line 28. +LaTeX Font Info: Checking defaults for T1/cmr/m/n on input line 28. +LaTeX Font Info: ... okay on input line 28. +LaTeX Font Info: Checking defaults for TS1/cmr/m/n on input line 28. +LaTeX Font Info: ... okay on input line 28. +LaTeX Font Info: Checking defaults for OMX/cmex/m/n on input line 28. +LaTeX Font Info: ... okay on input line 28. +LaTeX Font Info: Checking defaults for U/cmr/m/n on input line 28. +LaTeX Font Info: ... okay on input line 28. +\c@mv@tabular=\count282 +\c@mv@boldtabular=\count283 +\c@lstlisting=\count284 +LaTeX Font Info: Font shape `OT1/EBGaramond-LF/m/n' will be +(Font) scaled to size 20.74pt on input line 29. +LaTeX Font Info: Font shape `OT1/EBGaramond-LF/m/n' will be +(Font) scaled to size 14.4pt on input line 29. +LaTeX Font Info: External font `cmex10' loaded for size +(Font) <14.4> on input line 29. +LaTeX Font Info: External font `cmex10' loaded for size +(Font) <7> on input line 29. +LaTeX Font Info: Font shape `OT1/EBGaramond-LF/m/n' will be +(Font) scaled to size 17.28pt on input line 30. +LaTeX Font Info: Font shape `OT1/EBGaramond-LF/b/n' will be +(Font) scaled to size 17.28pt on input line 30. + +(/home/vasco/EngenhariaInformatica/3ano/sem2/fsi/trabalho/relatorio.toc +LaTeX Font Info: Font shape `OT1/EBGaramond-LF/b/n' will be +(Font) scaled to size 12.0pt on input line 2. +LaTeX Font Info: External font `cmex10' loaded for size +(Font) <12> on input line 4. +LaTeX Font Info: External font `cmex10' loaded for size +(Font) <8> on input line 4. +LaTeX Font Info: External font `cmex10' loaded for size +(Font) <6> on input line 4. +) +\tf@toc=\write3 +\openout3 = `relatorio.toc'. + + + +[1 + +{/var/lib/texmf/fonts/map/pdftex/updmap/pdftex.map}{/usr/share/texmf-dist/fonts +/enc/dvips/ebgaramond/ebg_dacnth.enc}] +(/usr/share/texmf-dist/tex/latex/listings/lstlang1.sty +File: lstlang1.sty 2024/09/23 1.10c listings language file +) +(/usr/share/texmf-dist/tex/latex/listings/lstlang1.sty +File: lstlang1.sty 2024/09/23 1.10c listings language file +) +LaTeX Font Info: Font shape `OT1/EBGaramond-LF/m/n' will be +(Font) scaled to size 10.0pt on input line 37. + +Overfull \hbox (7.49481pt too wide) in paragraph at lines 42--44 +\OT1/EBGaramond-LF/m/n/12 As tr[]es re-des tem va-rios servi[]os, o DMZ tem dns +(23.214.219.130), mail(23.214.219.134), + [] + +LaTeX Font Info: Font shape `OT1/EBGaramond-LF/b/n' will be +(Font) scaled to size 14.4pt on input line 45. + + +[2] + +[3] +LaTeX Font Info: Font shape `OT1/cmtt/bx/n' in size <10> not available +(Font) Font shape `OT1/cmtt/m/n' tried instead on input line 93. + + +[4{/usr/share/texmf-dist/fonts/enc/dvips/cm-super/cm-super-ts1.enc}] +Overfull \hbox (23.24622pt too wide) in paragraph at lines 125--126 +\OT1/EBGaramond-LF/m/n/12 Ao realizar-mos este pro-jeto apren-de-mos so-bre a c +ria[][]ao de sce-na-rios em VMs, a configura[][]ao + [] + + + +[5] (/home/vasco/EngenhariaInformatica/3ano/sem2/fsi/trabalho/relatorio.aux) + *********** +LaTeX2e <2024-11-01> patch level 2 +L3 programming layer <2025-01-18> + *********** + ) +Here is how much of TeX's memory you used: + 4439 strings out of 474546 + 72779 string characters out of 5749982 + 968296 words of memory out of 5000000 + 27469 multiletter control sequences out of 15000+600000 + 573916 words of font info for 59 fonts, out of 8000000 for 9000 + 352 hyphenation exceptions out of 8191 + 57i,7n,99p,546b,1693s stack positions out of 10000i,1000n,20000p,200000b,200000s + +Output written on /home/vasco/EngenhariaInformatica/3ano/sem2/fsi/trabalho/rela +torio.pdf (5 pages, 78451 bytes). +PDF statistics: + 42 PDF objects out of 1000 (max. 8388607) + 26 compressed objects within 1 object stream + 0 named destinations out of 1000 (max. 500000) + 1 words of extra memory for PDF output out of 10000 (max. 10000000) + diff --git a/assignment1/relatorio.pdf b/assignment1/relatorio.pdf new file mode 100644 index 0000000..dac6d69 Binary files /dev/null and b/assignment1/relatorio.pdf differ diff --git a/assignment1/relatorio.tex b/assignment1/relatorio.tex new file mode 100644 index 0000000..ae7ec7b --- /dev/null +++ b/assignment1/relatorio.tex @@ -0,0 +1,126 @@ +\documentclass[12pt,a4paper]{article} +\usepackage[portuguese]{babel} +\usepackage[lining]{ebgaramond} +\usepackage{listings} + +\lstdefinestyle{mystyle}{ + basicstyle=\ttfamily\footnotesize, + breakatwhitespace=false, + breaklines=true, + captionpos=b, + keepspaces=true, + numbers=left, + numbersep=5pt, + showspaces=false, + showstringspaces=false, + showtabs=false, + tabsize=2 +} + +\lstset{style=mystyle} + +\title{Practical Assignment \#1} +\author{ + João Neto -- 2023234004\\[1em] + Vasco Alves -- 2022228207 +} + +\begin{document} +\maketitle +\tableofcontents +\newpage + +\section{Introduction} +O objetivo principal deste trabalho era aprender IPTables e como configurar um com o Suricata um sistema de filtração e deteção de ataques. Para esse fim, foi simulado um sistema dividido em três redes e um router para conectar-las. As três redes são a DMZ (23.214.219.128/25, enp0s8), Internal network (192.168.10.0/24, enp0s9) e Internet (87.248.214.0/24, enp0s10). + +\begin{lstlisting}[language=bash] +Rede,Interface,Gama IP +DMZ,enp0s8,23.214.219.128/25 +Internal,enp0s9,192.168.10.0/24 +Internet,enp0s10,87.248.214.0/24 +\end{lstlisting} +As três redes tem varios serviços, o DMZ tem dns(23.214.219.130), mail(23.214.219.134), vpn-gw(23.214.219.133), www(23.214.219.132) e smpt(23.214.219.131). A Internal network tem ftp(192.168.10.2), datastore(192.168.10.3) e clientes (nos testes os clientes tem ip 192.168.10.4, mas está configurado para dar para qualquer edereço). Por fim a rede Internet tem dns2 (87.248.214.99) e eden (87.248.214.100), existe também outros serviços (87.248.214.98). +Para facilitar a recriação deste sistema foi criado 4 ficheiros .sh (um para cada rede e o router), e disponibilizamos os ficheiros suricata.rules e suricata.yaml, para o suricata que estiver ligado ao Router. Os ficheiros .sh vão ter comandos para configurar o sistema para este exercicio. +\section{Firewall} +\subsection{Packet fileter without NAT} +O policy que foi escolhido foi: +\begin{lstlisting}[language=bash] +iptables -P INPUT DROP +iptables -P FORWARD DROP +iptables -P OUTPUT ACCEPT +\end{lstlisting} +Foi escolhido porque é mais facil dar DROP a todos os pacotes que não foi criado regras do que criar uma regra de DROP para todos os protocolos e possibilidades, o OUTPUT ficou para ACCEPT porque não existe razão para dar DROP dos pacotes que estamos a enviar neste trabalho. +Para o router conseguir resolver DNS requests e para aceitar coneções SSH da rede interna ou da VPN gateway foi utilizado estes comandos: +\begin{lstlisting}[language=bash] +sudo iptables -A INPUT -i enp0s10 -p udp --dport 53 -j ACCEPT +sudo iptables -A INPUT -i enp0s9 -p tcp --dport 22 -j ACCEPT +sudo iptables -A INPUT -i enp0s8 -s 23.214.219.133 -p tcp --dport 22 -j ACCEPT +\end{lstlisting} +Para conseguirmos a confirguração pedida entre redes foi utilizado estes commandos: +\begin{lstlisting}[language=bash] +sudo iptables -A FORWARD -i enp0s8 -o enp0s10 -s 23.214.219.130 -p udp --dport 53 -j ACCEPT +sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.130 -p udp --dport 53 -j ACCEPT +sudo iptables -A FORWARD -i enp0s8 -o enp0s10 -s 23.214.219.130 -p tcp --dport 53 -j ACCEPT +sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.131 -p tcp --dport 587 -j ACCEPT +sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.134 -p tcp --dport 143 -j ACCEPT +sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.134 -p tcp --dport 110 -j ACCEPT +sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.132 -p tcp --dport 80 -j ACCEPT +sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.132 -p tcp --dport 443 -j ACCEPT +sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.133 -p udp --dport 1194 -j ACCEPT +sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -s 23.214.219.133 -d 192.168.10.2 -j ACCEPT +sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -s 23.214.219.133 -d 192.168.10.3 -j ACCEPT +\end{lstlisting} +Inicialmente as implementações de respostas a forward eram especificas para cada regra isto é por exemplo: +\begin{lstlisting}[language=bash] +sudo iptables -A FORWARD -o enp0s8 -i enp0s10 -p udp --dport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT +\end{lstlisting} +No entanto isso facilmente originava confusão entre nós, então decimos utilizar estas duas regras: +\begin{lstlisting}[language=bash] +sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT +sudo iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT +\end{lstlisting} +Neste cenario o uso destas regras faz sentido, mas pode existir outros cenarios no futuro que não queremos uma resposta, e nesse caso temos de criar as regras necessarias. +\subsection{Packet filtering with NAT} +Para conecções com origem/destino na internet foi utilizado DNAT/SNAT e iptables para "esconder" o ip para a internet que querer aceder a rede interna para não terem acesso ao edereço ip e iproutes para bloquear certos pacotes de entrar, para conseguir a configuração utilizamos estes comandos: +\begin{lstlisting}[language=bash] +sudo iptables -A FORWARD -i enp0s10 -o enp0s9 -d 192.168.10.2 -p tcp --dport 21 -j ACCEPT +sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p tcp --sport 20 -j ACCEPT +sudo iptables -t nat -A PREROUTING -s $dns2 -p tcp --dport 22 -j DNAT --to-destination 192.168.10.3 +sudo iptables -t nat -A PREROUTING -s $eden -p tcp --dport 22 -j DNAT --to-destination 192.168.10.3 +sudo iptables -t nat -A PREROUTING -i enp0s10 -p tcp --dport 21 -j DNAT --to-destination 192.168.10.2 +sudo iptables -A FORWARD -i enp0s10 -o enp0s9 -d 192.168.10.3 -s $dns2 -p tcp --dport 22 -j ACCEPT +sudo iptables -A FORWARD -i enp0s10 -o enp0s9 -d 192.168.10.3 -s $eden -p tcp --dport 22 -j ACCEPT +sudo iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -o enp0s10 -j SNAT --to-source 87.248.214.97 +sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p udp --dport 53 -j ACCEPT +sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p tcp --dport 80 -j ACCEPT +sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p tcp --dport 443 -j ACCEPT +sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p tcp --sport 21 -j ACCEPT +sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p tcp --dport 21 -j ACCEPT +\end{lstlisting} + +\section{Intrusion Detection} +As regras que utilizamos para o suricata foram estas: +\begin{lstlisting}[language=bash] +drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET"; flags:S; threshold:type both, track by_src, count 5, seconds 60; classtype:attempted-recon; sid:1000001; rev:1;) +drop tcp any any -> any 80 (msg:"SQL injection"; content:"union"; nocase; content:"select"; nocase; classtype:web-application-attack; sid:1000002; rev:1;) +drop tcp any any -> any 80 (msg:"SQl injection"; content:"'or 1=1"; nocase; classtype:web-application-attack; sid:1000003; rev:1;) +drop tcp any any -> any 80 (msg:"XSS"; content:"" +\end{lstlisting} + +\section{Conclusion} +Ao realizar-mos este projeto aprendemos sobre a criação de scenarios em VMs, a configuração de uma firewall utilizando IPTables e a configuração de um IDS/IPS system utilizando Suricata +\end{document} diff --git a/assignment1/relatorio.toc b/assignment1/relatorio.toc new file mode 100644 index 0000000..20da808 --- /dev/null +++ b/assignment1/relatorio.toc @@ -0,0 +1,8 @@ +\babel@toc {portuguese}{}\relax +\contentsline {section}{\numberline {1}Introduction}{2}{}% +\contentsline {section}{\numberline {2}Firewall}{2}{}% +\contentsline {subsection}{\numberline {2.1}Packet fileter without NAT}{2}{}% +\contentsline {subsection}{\numberline {2.2}Packet filtering with NAT}{3}{}% +\contentsline {section}{\numberline {3}Intrusion Detection}{4}{}% +\contentsline {section}{\numberline {4}Tests utilizados}{5}{}% +\contentsline {section}{\numberline {5}Conclusion}{5}{}% diff --git a/suricata.rules b/assignment1/suricata.rules similarity index 100% rename from suricata.rules rename to assignment1/suricata.rules diff --git a/suricata.yaml b/assignment1/suricata.yaml similarity index 100% rename from suricata.yaml rename to assignment1/suricata.yaml diff --git a/rogerio.txt b/chave-pgp-do-rogerio.txt similarity index 100% rename from rogerio.txt rename to chave-pgp-do-rogerio.txt diff --git a/practical-assignment-2.pdf b/practical-assignment-2.pdf new file mode 100644 index 0000000..535a80f Binary files /dev/null and b/practical-assignment-2.pdf differ diff --git a/relatorio.aux b/relatorio.aux index 8bb0df4..b659f9f 100644 --- a/relatorio.aux +++ b/relatorio.aux @@ -4,10 +4,5 @@ \catcode `"\active \babel@aux{portuguese}{} \@writefile{toc}{\contentsline {section}{\numberline {1}Introduction}{2}{}\protected@file@percent } -\@writefile{toc}{\contentsline {section}{\numberline {2}Firewall}{2}{}\protected@file@percent } -\@writefile{toc}{\contentsline {subsection}{\numberline {2.1}Packet fileter without NAT}{2}{}\protected@file@percent } -\@writefile{toc}{\contentsline {subsection}{\numberline {2.2}Packet filtering with NAT}{3}{}\protected@file@percent } -\@writefile{toc}{\contentsline {section}{\numberline {3}Intrusion Detection}{4}{}\protected@file@percent } -\@writefile{toc}{\contentsline {section}{\numberline {4}Tests utilizados}{5}{}\protected@file@percent } -\@writefile{toc}{\contentsline {section}{\numberline {5}Conclusion}{5}{}\protected@file@percent } -\gdef \@abspage@last{5} +\@writefile{toc}{\contentsline {section}{\numberline {2}Conclusion}{2}{}\protected@file@percent } +\gdef \@abspage@last{2} diff --git a/relatorio.log b/relatorio.log index 25be7ed..b45e341 100644 --- a/relatorio.log +++ b/relatorio.log @@ -1,47 +1,61 @@ -This is pdfTeX, Version 3.141592653-2.6-1.40.27 (TeX Live 2026/dev/Arch Linux) (preloaded format=pdflatex 2026.1.17) 22 MAR 2026 22:27 +This is pdfTeX, Version 3.141592653-2.6-1.40.29 (TeX Live 2026/Arch Linux) (preloaded format=pdflatex 2026.4.13) 19 APR 2026 21:36 entering extended mode \write18 enabled. %&-line parsing enabled. -**/home/vasco/EngenhariaInformatica/3ano/sem2/fsi/trabalho/relatorio -(/home/vasco/EngenhariaInformatica/3ano/sem2/fsi/trabalho/relatorio.tex -LaTeX2e <2024-11-01> patch level 2 -L3 programming layer <2025-01-18> +**/home/raw/uni/fsi/trabalho/relatorio +(/home/raw/uni/fsi/trabalho/relatorio.tex +LaTeX2e <2025-11-01> +L3 programming layer <2026-01-19> (/usr/share/texmf-dist/tex/latex/base/article.cls -Document Class: article 2024/06/29 v1.4n Standard LaTeX document class +Document Class: article 2025/01/22 v1.4n Standard LaTeX document class (/usr/share/texmf-dist/tex/latex/base/size12.clo -File: size12.clo 2024/06/29 v1.4n Standard LaTeX file (size option) +File: size12.clo 2025/01/22 v1.4n Standard LaTeX file (size option) ) -\c@part=\count196 -\c@section=\count197 -\c@subsection=\count198 -\c@subsubsection=\count199 -\c@paragraph=\count266 -\c@subparagraph=\count267 -\c@figure=\count268 -\c@table=\count269 +\c@part=\count275 +\c@section=\count276 +\c@subsection=\count277 +\c@subsubsection=\count278 +\c@paragraph=\count279 +\c@subparagraph=\count280 +\c@figure=\count281 +\c@table=\count282 \abovecaptionskip=\skip49 \belowcaptionskip=\skip50 -\bibindent=\dimen141 +\bibindent=\dimen148 ) (/usr/share/texmf-dist/tex/generic/babel/babel.sty -Package: babel 2025/02/14 v25.4 The multilingual framework for pdfLaTeX, LuaLaT +Package: babel 2026/02/14 v26.3 The multilingual framework for LuaLaTeX, pdfLaT eX and XeLaTeX -\babel@savecnt=\count270 -\U@D=\dimen142 -\l@unhyphenated=\language33 +\babel@savecnt=\count283 +LaTeX Encoding Info: Redeclaring text command \ij (encoding OT1) on input li +ne 2078. +LaTeX Encoding Info: Redeclaring text command \IJ (encoding OT1) on input li +ne 2080. +LaTeX Encoding Info: Redeclaring text command \ij (encoding T1) on input lin +e 2082. +LaTeX Encoding Info: Redeclaring text command \IJ (encoding T1) on input lin +e 2083. +LaTeX Encoding Info: Ignoring declaration for text command \ij (encoding ?) +on input line 2084. +LaTeX Encoding Info: Ignoring declaration for text command \IJ (encoding ?) +on input line 2086. +LaTeX Encoding Info: Ignoring declaration for text command \SS (encoding ?) +on input line 2111. +\U@D=\dimen149 +\l@unhyphenated=\language4 (/usr/share/texmf-dist/tex/generic/babel/txtbabel.def) \bbl@readstream=\read2 -\bbl@dirlevel=\count271 +\bbl@dirlevel=\count284 + +(/usr/share/texmf-dist/tex/generic/babel/locale/pt/babel-portuguese.tex) +Package babel Info: Importing font and identification data for portuguese +(babel) from babel-pt.ini. Reported on input line 4330. (/usr/share/texmf-dist/tex/generic/babel-portuges/portuguese.ldf -Language: portuges 2021/07/09 v1.2t Portuguese support from the babel system -Package babel Info: Making " an active character on input line 143. +Language: portuges 2026/01/24 v1.2u Portuguese support from the babel system +Package babel Info: Making " an active character on input line 132. )) -(/usr/share/texmf-dist/tex/generic/babel/locale/pt/babel-portuguese.tex -Package babel Info: Importing font and identification data for portuguese -(babel) from babel-pt.ini. Reported on input line 11. -) (/usr/share/texmf-dist/tex/latex/ebgaramond/ebgaramond.sty Package: ebgaramond 2024/04/23 (Bob Tennent and autoinst) Style file for EB Gar amond fonts. @@ -56,69 +70,72 @@ Package: iftex 2024/12/12 v1.0g TeX engine tests Package: ifluatex 2019/10/25 v1.5 ifluatex legacy package. Use iftex instead. ) (/usr/share/texmf-dist/tex/latex/xkeyval/xkeyval.sty -Package: xkeyval 2022/06/16 v2.9 package option processing (HA) +Package: xkeyval 2025/11/04 v2.10 package option processing (HA) (/usr/share/texmf-dist/tex/generic/xkeyval/xkeyval.tex (/usr/share/texmf-dist/tex/generic/xkeyval/xkvutils.tex \XKV@toks=\toks17 \XKV@tempa@toks=\toks18 +\XKV@tempb@toks=\toks19 (/usr/share/texmf-dist/tex/generic/xkeyval/keyval.tex)) -\XKV@depth=\count272 +\XKV@depth=\count285 File: xkeyval.tex 2014/12/03 v2.7a key=value parser (HA) )) (/usr/share/texmf-dist/tex/latex/base/textcomp.sty Package: textcomp 2024/04/24 v2.1b Standard LaTeX package ) (/usr/share/texmf-dist/tex/latex/base/fontenc.sty -Package: fontenc 2021/04/29 v2.0v Standard LaTeX package +Package: fontenc 2025/07/18 v2.1d Standard LaTeX package ) (/usr/share/texmf-dist/tex/latex/fontaxes/fontaxes.sty -Package: fontaxes 2020/07/21 v1.0e Font selection axes -LaTeX Info: Redefining \upshape on input line 29. -LaTeX Info: Redefining \itshape on input line 31. -LaTeX Info: Redefining \slshape on input line 33. -LaTeX Info: Redefining \swshape on input line 35. -LaTeX Info: Redefining \scshape on input line 37. -LaTeX Info: Redefining \sscshape on input line 39. -LaTeX Info: Redefining \ulcshape on input line 41. -LaTeX Info: Redefining \textsw on input line 47. -LaTeX Info: Redefining \textssc on input line 48. -LaTeX Info: Redefining \textulc on input line 49. +Package: fontaxes 2026-01-02 v2.0.2 Font selection axes (deprecated) +Applying: [2024-11-01] Use figureversions if present on input line 74. + +(/usr/share/texmf-dist/tex/latex/figureversions/figureversions.sty +Package: figureversions 2025-04-29 v1.0.1 Figure versions +) +Already applied: [0000-00-00] Fall back to v1 on input line 76. ) LaTeX Info: Redefining \oldstylenums on input line 163. LaTeX Info: Redefining \textsw on input line 173. ) (/usr/share/texmf-dist/tex/latex/listings/listings.sty -\lst@mode=\count273 -\lst@gtempboxa=\box52 -\lst@token=\toks19 -\lst@length=\count274 -\lst@currlwidth=\dimen143 -\lst@column=\count275 -\lst@pos=\count276 -\lst@lostspace=\dimen144 -\lst@width=\dimen145 -\lst@newlines=\count277 -\lst@lineno=\count278 -\lst@maxwidth=\dimen146 +\lst@mode=\count286 +\lst@gtempboxa=\box53 +\lst@token=\toks20 +\lst@length=\count287 +\lst@currlwidth=\dimen150 +\lst@column=\count288 +\lst@pos=\count289 +\lst@lostspace=\dimen151 +\lst@width=\dimen152 +\lst@newlines=\count290 +\lst@lineno=\count291 +\lst@maxwidth=\dimen153 (/usr/share/texmf-dist/tex/latex/listings/lstpatch.sty -File: lstpatch.sty 2024/09/23 1.10c (Carsten Heinz) +File: lstpatch.sty 2025/11/14 1.11b (Carsten Heinz) ) (/usr/share/texmf-dist/tex/latex/listings/lstmisc.sty -File: lstmisc.sty 2024/09/23 1.10c (Carsten Heinz) -\c@lstnumber=\count279 -\lst@skipnumbers=\count280 -\lst@framebox=\box53 +File: lstmisc.sty 2025/11/14 1.11b (Carsten Heinz) +\c@lstnumber=\count292 +\lst@skipnumbers=\count293 +\lst@framebox=\box54 ) (/usr/share/texmf-dist/tex/latex/listings/listings.cfg -File: listings.cfg 2024/09/23 1.10c listings configuration +File: listings.cfg 2025/11/14 1.11b listings configuration )) -Package: listings 2024/09/23 1.10c (Carsten Heinz) +Package: listings 2025/11/14 1.11b (Carsten Heinz) + +==> First Aid for listings.sty no longer applied! + Expected: + 2024/09/23 1.10c (Carsten Heinz) + but found: + 2025/11/14 1.11b (Carsten Heinz) + so I'm assuming it got fixed. LaTeX Font Info: Trying to load font information for OT1+EBGaramond-LF on in put line 28. - (/usr/share/texmf-dist/tex/latex/ebgaramond/OT1EBGaramond-LF.fd File: OT1EBGaramond-LF.fd 2023/03/19 (autoinst) Font definitions for OT1/EBGara mond-LF. @@ -127,11 +144,13 @@ LaTeX Font Info: Font shape `OT1/EBGaramond-LF/m/n' will be (Font) scaled to size 12.0pt on input line 28. (/usr/share/texmf-dist/tex/latex/l3backend/l3backend-pdftex.def -File: l3backend-pdftex.def 2024-05-08 L3 backend support: PDF output (pdfTeX) -\l__color_backend_stack_int=\count281 -\l__pdf_internal_box=\box54 +File: l3backend-pdftex.def 2025-10-09 L3 backend support: PDF output (pdfTeX) +\l__color_backend_stack_int=\count294 +) +(/home/raw/uni/fsi/trabalho/relatorio.aux +Package babel Info: 'portuguese' activates 'portuges' shorthands. +(babel) Reported on input line 5. ) -(/home/vasco/EngenhariaInformatica/3ano/sem2/fsi/trabalho/relatorio.aux) \openout1 = `relatorio.aux'. LaTeX Font Info: Checking defaults for OML/cmm/m/it on input line 28. @@ -148,9 +167,9 @@ LaTeX Font Info: Checking defaults for OMX/cmex/m/n on input line 28. LaTeX Font Info: ... okay on input line 28. LaTeX Font Info: Checking defaults for U/cmr/m/n on input line 28. LaTeX Font Info: ... okay on input line 28. -\c@mv@tabular=\count282 -\c@mv@boldtabular=\count283 -\c@lstlisting=\count284 +\c@mv@tabular=\count295 +\c@mv@boldtabular=\count296 +\c@lstlisting=\count297 LaTeX Font Info: Font shape `OT1/EBGaramond-LF/m/n' will be (Font) scaled to size 20.74pt on input line 29. LaTeX Font Info: Font shape `OT1/EBGaramond-LF/m/n' will be @@ -164,81 +183,48 @@ LaTeX Font Info: Font shape `OT1/EBGaramond-LF/m/n' will be LaTeX Font Info: Font shape `OT1/EBGaramond-LF/b/n' will be (Font) scaled to size 17.28pt on input line 30. -(/home/vasco/EngenhariaInformatica/3ano/sem2/fsi/trabalho/relatorio.toc +(/home/raw/uni/fsi/trabalho/relatorio.toc LaTeX Font Info: Font shape `OT1/EBGaramond-LF/b/n' will be (Font) scaled to size 12.0pt on input line 2. -LaTeX Font Info: External font `cmex10' loaded for size -(Font) <12> on input line 4. -LaTeX Font Info: External font `cmex10' loaded for size -(Font) <8> on input line 4. -LaTeX Font Info: External font `cmex10' loaded for size -(Font) <6> on input line 4. ) \tf@toc=\write3 \openout3 = `relatorio.toc'. - - -[1 + [1 {/var/lib/texmf/fonts/map/pdftex/updmap/pdftex.map}{/usr/share/texmf-dist/fonts -/enc/dvips/ebgaramond/ebg_dacnth.enc}] -(/usr/share/texmf-dist/tex/latex/listings/lstlang1.sty -File: lstlang1.sty 2024/09/23 1.10c listings language file +/enc/dvips/ebgaramond/ebg_dacnth.enc}] (/usr/share/texmf-dist/tex/latex/listing +s/lstlang1.sty +File: lstlang1.sty 2025/11/14 1.11b listings language file ) (/usr/share/texmf-dist/tex/latex/listings/lstlang1.sty -File: lstlang1.sty 2024/09/23 1.10c listings language file +File: lstlang1.sty 2025/11/14 1.11b listings language file ) LaTeX Font Info: Font shape `OT1/EBGaramond-LF/m/n' will be (Font) scaled to size 10.0pt on input line 37. - -Overfull \hbox (7.49481pt too wide) in paragraph at lines 42--44 -\OT1/EBGaramond-LF/m/n/12 As tr[]es re-des tem va-rios servi[]os, o DMZ tem dns -(23.214.219.130), mail(23.214.219.134), - [] - -LaTeX Font Info: Font shape `OT1/EBGaramond-LF/b/n' will be -(Font) scaled to size 14.4pt on input line 45. - - -[2] - -[3] -LaTeX Font Info: Font shape `OT1/cmtt/bx/n' in size <10> not available -(Font) Font shape `OT1/cmtt/m/n' tried instead on input line 93. - - -[4{/usr/share/texmf-dist/fonts/enc/dvips/cm-super/cm-super-ts1.enc}] -Overfull \hbox (23.24622pt too wide) in paragraph at lines 125--126 -\OT1/EBGaramond-LF/m/n/12 Ao realizar-mos este pro-jeto apren-de-mos so-bre a c -ria[][]ao de sce-na-rios em VMs, a configura[][]ao - [] - - - -[5] (/home/vasco/EngenhariaInformatica/3ano/sem2/fsi/trabalho/relatorio.aux) + [2] +(/home/raw/uni/fsi/trabalho/relatorio.aux) *********** -LaTeX2e <2024-11-01> patch level 2 -L3 programming layer <2025-01-18> +LaTeX2e <2025-11-01> +L3 programming layer <2026-01-19> *********** ) Here is how much of TeX's memory you used: - 4439 strings out of 474546 - 72779 string characters out of 5749982 - 968296 words of memory out of 5000000 - 27469 multiletter control sequences out of 15000+600000 - 573916 words of font info for 59 fonts, out of 8000000 for 9000 - 352 hyphenation exceptions out of 8191 - 57i,7n,99p,546b,1693s stack positions out of 10000i,1000n,20000p,200000b,200000s + 4333 strings out of 469495 + 71923 string characters out of 5470098 + 655827 words of memory out of 5000000 + 32986 multiletter control sequences out of 15000+600000 + 638248 words of font info for 53 fonts, out of 8000000 for 9000 + 16 hyphenation exceptions out of 8191 + 62i,7n,99p,213b,1276s stack positions out of 10000i,1000n,20000p,200000b,200000s -Output written on /home/vasco/EngenhariaInformatica/3ano/sem2/fsi/trabalho/rela -torio.pdf (5 pages, 78451 bytes). +hare/texmf-dist/fonts/type1/public/amsfonts/cm/cmtt10.pfb> +Output written on /home/raw/uni/fsi/trabalho/relatorio.pdf (2 pages, 44498 byte +s). PDF statistics: - 42 PDF objects out of 1000 (max. 8388607) - 26 compressed objects within 1 object stream + 27 PDF objects out of 1000 (max. 8388607) + 16 compressed objects within 1 object stream 0 named destinations out of 1000 (max. 500000) 1 words of extra memory for PDF output out of 10000 (max. 10000000) diff --git a/relatorio.pdf b/relatorio.pdf index dac6d69..e2d51ef 100644 Binary files a/relatorio.pdf and b/relatorio.pdf differ diff --git a/relatorio.tex b/relatorio.tex index ae7ec7b..c462e7e 100644 --- a/relatorio.tex +++ b/relatorio.tex @@ -19,7 +19,7 @@ \lstset{style=mystyle} -\title{Practical Assignment \#1} +\title{Practical Assignment \#2} \author{ João Neto -- 2023234004\\[1em] Vasco Alves -- 2022228207 @@ -31,96 +31,13 @@ \newpage \section{Introduction} -O objetivo principal deste trabalho era aprender IPTables e como configurar um com o Suricata um sistema de filtração e deteção de ataques. Para esse fim, foi simulado um sistema dividido em três redes e um router para conectar-las. As três redes são a DMZ (23.214.219.128/25, enp0s8), Internal network (192.168.10.0/24, enp0s9) e Internet (87.248.214.0/24, enp0s10). +Introdução!!!! \begin{lstlisting}[language=bash] -Rede,Interface,Gama IP -DMZ,enp0s8,23.214.219.128/25 -Internal,enp0s9,192.168.10.0/24 -Internet,enp0s10,87.248.214.0/24 -\end{lstlisting} -As três redes tem varios serviços, o DMZ tem dns(23.214.219.130), mail(23.214.219.134), vpn-gw(23.214.219.133), www(23.214.219.132) e smpt(23.214.219.131). A Internal network tem ftp(192.168.10.2), datastore(192.168.10.3) e clientes (nos testes os clientes tem ip 192.168.10.4, mas está configurado para dar para qualquer edereço). Por fim a rede Internet tem dns2 (87.248.214.99) e eden (87.248.214.100), existe também outros serviços (87.248.214.98). -Para facilitar a recriação deste sistema foi criado 4 ficheiros .sh (um para cada rede e o router), e disponibilizamos os ficheiros suricata.rules e suricata.yaml, para o suricata que estiver ligado ao Router. Os ficheiros .sh vão ter comandos para configurar o sistema para este exercicio. -\section{Firewall} -\subsection{Packet fileter without NAT} -O policy que foi escolhido foi: -\begin{lstlisting}[language=bash] -iptables -P INPUT DROP -iptables -P FORWARD DROP -iptables -P OUTPUT ACCEPT -\end{lstlisting} -Foi escolhido porque é mais facil dar DROP a todos os pacotes que não foi criado regras do que criar uma regra de DROP para todos os protocolos e possibilidades, o OUTPUT ficou para ACCEPT porque não existe razão para dar DROP dos pacotes que estamos a enviar neste trabalho. -Para o router conseguir resolver DNS requests e para aceitar coneções SSH da rede interna ou da VPN gateway foi utilizado estes comandos: -\begin{lstlisting}[language=bash] -sudo iptables -A INPUT -i enp0s10 -p udp --dport 53 -j ACCEPT -sudo iptables -A INPUT -i enp0s9 -p tcp --dport 22 -j ACCEPT -sudo iptables -A INPUT -i enp0s8 -s 23.214.219.133 -p tcp --dport 22 -j ACCEPT -\end{lstlisting} -Para conseguirmos a confirguração pedida entre redes foi utilizado estes commandos: -\begin{lstlisting}[language=bash] -sudo iptables -A FORWARD -i enp0s8 -o enp0s10 -s 23.214.219.130 -p udp --dport 53 -j ACCEPT -sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.130 -p udp --dport 53 -j ACCEPT -sudo iptables -A FORWARD -i enp0s8 -o enp0s10 -s 23.214.219.130 -p tcp --dport 53 -j ACCEPT -sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.131 -p tcp --dport 587 -j ACCEPT -sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.134 -p tcp --dport 143 -j ACCEPT -sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.134 -p tcp --dport 110 -j ACCEPT -sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.132 -p tcp --dport 80 -j ACCEPT -sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.132 -p tcp --dport 443 -j ACCEPT -sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.133 -p udp --dport 1194 -j ACCEPT -sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -s 23.214.219.133 -d 192.168.10.2 -j ACCEPT -sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -s 23.214.219.133 -d 192.168.10.3 -j ACCEPT -\end{lstlisting} -Inicialmente as implementações de respostas a forward eram especificas para cada regra isto é por exemplo: -\begin{lstlisting}[language=bash] -sudo iptables -A FORWARD -o enp0s8 -i enp0s10 -p udp --dport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT -\end{lstlisting} -No entanto isso facilmente originava confusão entre nós, então decimos utilizar estas duas regras: -\begin{lstlisting}[language=bash] -sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -sudo iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT -\end{lstlisting} -Neste cenario o uso destas regras faz sentido, mas pode existir outros cenarios no futuro que não queremos uma resposta, e nesse caso temos de criar as regras necessarias. -\subsection{Packet filtering with NAT} -Para conecções com origem/destino na internet foi utilizado DNAT/SNAT e iptables para "esconder" o ip para a internet que querer aceder a rede interna para não terem acesso ao edereço ip e iproutes para bloquear certos pacotes de entrar, para conseguir a configuração utilizamos estes comandos: -\begin{lstlisting}[language=bash] -sudo iptables -A FORWARD -i enp0s10 -o enp0s9 -d 192.168.10.2 -p tcp --dport 21 -j ACCEPT -sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p tcp --sport 20 -j ACCEPT -sudo iptables -t nat -A PREROUTING -s $dns2 -p tcp --dport 22 -j DNAT --to-destination 192.168.10.3 -sudo iptables -t nat -A PREROUTING -s $eden -p tcp --dport 22 -j DNAT --to-destination 192.168.10.3 -sudo iptables -t nat -A PREROUTING -i enp0s10 -p tcp --dport 21 -j DNAT --to-destination 192.168.10.2 -sudo iptables -A FORWARD -i enp0s10 -o enp0s9 -d 192.168.10.3 -s $dns2 -p tcp --dport 22 -j ACCEPT -sudo iptables -A FORWARD -i enp0s10 -o enp0s9 -d 192.168.10.3 -s $eden -p tcp --dport 22 -j ACCEPT -sudo iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -o enp0s10 -j SNAT --to-source 87.248.214.97 -sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p udp --dport 53 -j ACCEPT -sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p tcp --dport 80 -j ACCEPT -sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p tcp --dport 443 -j ACCEPT -sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p tcp --sport 21 -j ACCEPT -sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p tcp --dport 21 -j ACCEPT -\end{lstlisting} - -\section{Intrusion Detection} -As regras que utilizamos para o suricata foram estas: -\begin{lstlisting}[language=bash] -drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET"; flags:S; threshold:type both, track by_src, count 5, seconds 60; classtype:attempted-recon; sid:1000001; rev:1;) -drop tcp any any -> any 80 (msg:"SQL injection"; content:"union"; nocase; content:"select"; nocase; classtype:web-application-attack; sid:1000002; rev:1;) -drop tcp any any -> any 80 (msg:"SQl injection"; content:"'or 1=1"; nocase; classtype:web-application-attack; sid:1000003; rev:1;) -drop tcp any any -> any 80 (msg:"XSS"; content:"" +hmmmm \end{lstlisting} \section{Conclusion} -Ao realizar-mos este projeto aprendemos sobre a criação de scenarios em VMs, a configuração de uma firewall utilizando IPTables e a configuração de um IDS/IPS system utilizando Suricata +Conclusão!!! + \end{document} diff --git a/relatorio.toc b/relatorio.toc index 20da808..da4a377 100644 --- a/relatorio.toc +++ b/relatorio.toc @@ -1,8 +1,3 @@ \babel@toc {portuguese}{}\relax \contentsline {section}{\numberline {1}Introduction}{2}{}% -\contentsline {section}{\numberline {2}Firewall}{2}{}% -\contentsline {subsection}{\numberline {2.1}Packet fileter without NAT}{2}{}% -\contentsline {subsection}{\numberline {2.2}Packet filtering with NAT}{3}{}% -\contentsline {section}{\numberline {3}Intrusion Detection}{4}{}% -\contentsline {section}{\numberline {4}Tests utilizados}{5}{}% -\contentsline {section}{\numberline {5}Conclusion}{5}{}% +\contentsline {section}{\numberline {2}Conclusion}{2}{}%