hlbrw
assistant to help make new rules to HLBR
Install
- All systems
-
curl cmd.cat/hlbrw.sh
- Raspbian
-
apt-get install hlbrw - Dockerfile
- dockerfile.run/hlbrw
hlbrw
assistant to help make new rules to HLBR
HLBRW is an acronym to Hogwash Light BR Watch. The intent is provide a tool to help make rules to HLBR (http://hlbr.sf.net). In others words, HLBRW was made to be used by HLBR users needing make new rules (it will require some expertise about HLBR, TCP/IP protocol suite and regular expressions). HLBRW is a script started by iwatch (a system events watch program available at http://iwatch.sourceforge.net) when the HLBR events log is modified. The concept is very single: if the HLBR log was modified, then a knew attack was blocked. But the attacker can make others subsequent actions unknown by HLBR. Then the iwatch running as daemon will start HLBRW and it will co-ordinate a tcpdump session to record the posterior traffic generated by attacker IP for some minutes. If the recorded traffic isn't relevant (without a push in TCP or another relevant protocol), the created file will be deleted. Based in the recorded traffic, the network security manager will can make new rules. HLBRW is part of the HLBR project, an Intrusion Prevention System (IPS) used in firewall systems.