https://github.com/jojiiofficial/triplink
Listens for incoming port scans and reports the IPs to the ScanBanServer
https://github.com/jojiiofficial/triplink
cronjob filter ipset iptables security security-automation security-tools triplink
Last synced: about 2 months ago
JSON representation
Listens for incoming port scans and reports the IPs to the ScanBanServer
- Host: GitHub
- URL: https://github.com/jojiiofficial/triplink
- Owner: JojiiOfficial
- License: gpl-3.0
- Created: 2019-10-24T13:55:34.000Z (over 6 years ago)
- Default Branch: master
- Last Pushed: 2020-01-28T16:16:08.000Z (over 6 years ago)
- Last Synced: 2026-01-14T20:41:58.382Z (6 months ago)
- Topics: cronjob, filter, ipset, iptables, security, security-automation, security-tools, triplink
- Language: Go
- Homepage: https://www.triplink.tech/
- Size: 160 KB
- Stars: 4
- Watchers: 1
- Forks: 1
- Open Issues: 6
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Triplink
This is a client which parses the logs from [Tripwire](https://github.com/JojiiOfficial/Tripwire) and uploads the IPs to a [server](https://github.com/JojiiOfficial/ScanBanServer). The logs from [Tripwire](https://github.com/JojiiOfficial/Tripwire) are in most cases webscanner who scan your machine(s) to make analytics or want to hack you. If you use this package, you can store scanner automatically in a database and block specific IP addresses. This allows you to sync those evil IPs between multiple devices/servers. In addition you can easily create/restore iptable and ipset backups.
# Install
### Run
```
chmod u+x ./update.sh
sudo ./update.sh
```
### Or if you want to compile step by step
```
go get
go build -o triplink
```
you can move the binary into /usr/bin if you want:
```
sudo mv ./triplink /usr/bin/triplink
```
# Usage
Create a config file to store the data. Every report/update will go to the given server.
Note: Don't use the same config file for multiple reporter instances
```
# triplink config create -t -r
```
(Report) Parse the logfile and send the new scanner/spammer/hacker IPs to the server. Afterwards update the changed IPs from the server and block them (-u)
```
# triplink report -u
```
Fetch all IPs from the server and create automatically a set of IPs and blocks them. You can use this command once for getting all ips (existing IPs will be overwritten). If you run this command in eg. a cronjob you can remove the -a it will automatically update new IPs without fetiching everything. Afterwards it will backup and save the IPset
```
# triplink update -a
```
Backup your IPtables (-t) and IPset (-s) config. Without arguments it will only backup the IPset data. You can turn this off using -s=false
```
# triplink backup create -t -s
```
Restore your IPtables (-t) and IPset (-s) config. Without arguments it will only restore the IPset data. You can turn this off using -s=false. Use it for example in a cronjob with @reboot to restore the IPset data after a reboot, because otherwise they will be lost
```
# triplink backup restore -t -s
```
Install one or multiple cronjob(s) to automate reports, fetches, backups and restores
```
# triplink install
```
Note: In some cron installations the $PATH var is not set to the path where iptables or ipset is installed in. If you get an error or the cronjob doesn't work you can either create a symbolic link in `/bin/iptables -> 'your iptables binary'` and `/bin/ipset -> 'your ipset binary` or you can set a custom $PATH in the crontab:
```
PATH=/usr/sbin:/bin:/sbin:/usr/bin #Make sure ipset and iptables are in one of those folders
```
To uninstall those automations use `crontab -e` and remove the line you don't want to have automated