An open API service indexing awesome lists of open source software.

https://github.com/jojiiofficial/triplink

Listens for incoming port scans and reports the IPs to the ScanBanServer
https://github.com/jojiiofficial/triplink

cronjob filter ipset iptables security security-automation security-tools triplink

Last synced: about 2 months ago
JSON representation

Listens for incoming port scans and reports the IPs to the ScanBanServer

Awesome Lists containing this project

README

          

# Triplink
This is a client which parses the logs from [Tripwire](https://github.com/JojiiOfficial/Tripwire) and uploads the IPs to a [server](https://github.com/JojiiOfficial/ScanBanServer). The logs from [Tripwire](https://github.com/JojiiOfficial/Tripwire) are in most cases webscanner who scan your machine(s) to make analytics or want to hack you. If you use this package, you can store scanner automatically in a database and block specific IP addresses. This allows you to sync those evil IPs between multiple devices/servers. In addition you can easily create/restore iptable and ipset backups.

# Install
### Run

```
chmod u+x ./update.sh
sudo ./update.sh
```

### Or if you want to compile step by step
```
go get
go build -o triplink
```
you can move the binary into /usr/bin if you want:
```
sudo mv ./triplink /usr/bin/triplink
```

# Usage

Create a config file to store the data. Every report/update will go to the given server.

Note: Don't use the same config file for multiple reporter instances
```
# triplink config create -t -r
```


(Report) Parse the logfile and send the new scanner/spammer/hacker IPs to the server. Afterwards update the changed IPs from the server and block them (-u)

```
# triplink report -u
```



Fetch all IPs from the server and create automatically a set of IPs and blocks them. You can use this command once for getting all ips (existing IPs will be overwritten). If you run this command in eg. a cronjob you can remove the -a it will automatically update new IPs without fetiching everything. Afterwards it will backup and save the IPset

```
# triplink update -a
```



Backup your IPtables (-t) and IPset (-s) config. Without arguments it will only backup the IPset data. You can turn this off using -s=false

```
# triplink backup create -t -s
```



Restore your IPtables (-t) and IPset (-s) config. Without arguments it will only restore the IPset data. You can turn this off using -s=false. Use it for example in a cronjob with @reboot to restore the IPset data after a reboot, because otherwise they will be lost

```
# triplink backup restore -t -s
```



Install one or multiple cronjob(s) to automate reports, fetches, backups and restores

```
# triplink install
```
Note: In some cron installations the $PATH var is not set to the path where iptables or ipset is installed in. If you get an error or the cronjob doesn't work you can either create a symbolic link in `/bin/iptables -> 'your iptables binary'` and `/bin/ipset -> 'your ipset binary` or you can set a custom $PATH in the crontab:
```
PATH=/usr/sbin:/bin:/sbin:/usr/bin #Make sure ipset and iptables are in one of those folders
```
To uninstall those automations use `crontab -e` and remove the line you don't want to have automated