nfsinkhole is a Python library and scripts for setting up a Unix server as a sinkhole (monitor, log/capture, and drop all traffic to a secondary interface).
Project description
nfsinkhole is a Python library and scripts for setting up a Unix server as a sinkhole (monitor, log/capture, and drop all traffic to a secondary interface).
The default setup arguments monitor/capture all traffic. Setup arguments are provided to configure protocols, ports, rate limiting, logging, source IP/CIDR exclusions from logging, and optional packet capture.
All sinkhole events are written to /var/log/nfsinkhole-events.log. Optionally, you can enable tcpdump to output packet capture text to /var/log/nfsinkhole-pcap.log if your version of tcpdump supports packet printing; otherwise reverts to /var/log/nfsinkhole.pcap.
Features
Simple install script
Installs as a init.d/systemctl service
Service modifies iptables on start/stop, no need to persist iptables
rsyslog and syslog-ng (pending) supported
RedHat/CentOS 6/7 tested
Python 2.6+ and 3.0+ supported
Built-in support for dealing with SELinux/AppArmor
Packet capture of sinkhole traffic (printed output to log for tcpdump v4.5+)
Useful set of utilities
Detailed logging to /var/log/nfsinkhole-*
Syslog forwarding configuration (pending)
BSD license
Planned Improvements
API/class documentation
syslog-ng support (currently partially built; unused)
Tests via travis-ci/docker
Coverage via coverage.io
Exception handling overhaul
Set logging level (currently debug)
BIND/Microsoft/etc DNS server configuration documentation/examples
Monitoring use case examples
Automatic configuration for syslog forwarding
SIEM parsers/apps/plugins
Official support/testing for more OS environments
Support handling exceptions for HIPS and other endpoint security products
Intelligent handling/handshakes (inspired by iptrap - https://github.com/jedisct1/iptrap)
Links
Documentation
Release v0.1.0
GitHub master
GitHub dev
Examples
Pending
Github
Pypi
Changes
Dependencies
OS:
iptables (likely already included in base OS) tcpdump (optional - likely already included in base OS)
Python 2.6:
argparse
Python 2.7, 3.0+:
None!
Installing
Base OS (pip) – RECOMMENDED
If pip is not installed, you will first need to add the EPEL repo and install:
sudo yum install epel-release sudo yum install python-pip
RHEL/CentOS 6/7
Basic:
pip install --user --upgrade nfsinkhole python ~/.local/bin/nfsinkhole-setup.py --interface <INTERFACE> --install --pcap
virtualenv:
pip install virtualenv virtualenv nfsinkhole source nfsinkhole/bin/activate nfsinkhole/bin/pip install nfsinkhole nfsinkhole/bin/python nfsinkhole/bin/nfsinkhole-setup.py --interface <INTERFACE> --install --pcap
Base OS (no pip)
RHEL/CentOS 6
GitHub - Stable:
wget -O argparse.tar.gz https://github.com/ThomasWaldmann/argparse/tarball/master tar -C argparse -zxvf argparse.tar.gz cd argparse python setup.py install --user prefix= cd .. rm -Rf argparse wget -O nfsinkhole.tar.gz https://github.com/secynic/nfsinkhole/tarball/master tar -C nfsinkhole -zxvf nfsinkhole.tar.gz cd nfsinkhole python setup.py install --user prefix= cd .. rm -Rf nfsinkhole python ~/.local/bin/nfsinkhole-setup.py --interface <INTERFACE> --install --pcap
RHEL/CentOS 7
GitHub - Stable:
wget -O nfsinkhole.tar.gz https://github.com/secynic/nfsinkhole/tarball/master tar -C nfsinkhole -zxvf nfsinkhole.tar.gz cd nfsinkhole python setup.py install --user prefix= cd .. rm -Rf nfsinkhole python ~/.local/bin/nfsinkhole-setup.py --interface <INTERFACE> --install --pcap
Service
Once installed you need to start the nfsinkhole service.
RHEL/CentOS 6
sudo service nfsinkhole start
RHEL/CentOS 7
sudo systemctl start nfsinkhole.service
API
AppArmor
AppArmor documentation:
iptables
iptables documentation:
rsyslog
rsyslog documentation:
SELinux
SELinux documentation:
Service
Service (systemd/init.d) documentation:
syslog-ng
syslog-ng documentation:
tcpdump
tcpdump documentation:
Utilities
Utilities documentation:
Contributing
https://nfsinkhole.readthedocs.io/en/latest/CONTRIBUTING.html
Special Thanks
Thank you JetBrains for the PyCharm open source support!
Changelog
0.1.0 (2016-08-29)
Initial release
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
File details
Details for the file nfsinkhole-0.1.0.zip.
File metadata
- Download URL: nfsinkhole-0.1.0.zip
- Upload date:
- Size: 37.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 8bfafe6874fc28755e9af047c5a71b1d6ea709ba0c731e7c7322f1c847e77099 |
|
| MD5 | f6b9b9e7a216649cc4ccb494c4ffa262 |
|
| BLAKE2b-256 | d394a11f4777a2c16fac39964d855c103b34432a9b47d1ce1398507c5279dff8 |
