LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 01-07-2006, 06:42 AM   #1
Bugger
LQ Newbie
 
Registered: Dec 2005
Location: Hyderabad, India
Distribution: Red Hat, Fedora Core
Posts: 16

Rep: Reputation: 0
Paket Filtering (string)


Hi All,
I have to implement a content filtering system (string's basically) on a Linux gateway... Basically I don't want some packets (mached by string's) to pass the gateway... Could any one suggest me some open source for that... It should be light weight...

Any help in this regard will be appreciated...

thanks,
ANU
 
Old 01-07-2006, 12:20 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,492
Blog Entries: 54

Rep: Reputation: 2908Reputation: 2908Reputation: 2908Reputation: 2908Reputation: 2908Reputation: 2908Reputation: 2908Reputation: 2908Reputation: 2908Reputation: 2908Reputation: 2908
If it's protocol layer stuff like HTTP or P2P you're after you could search the web for "iptables L7 filter". Like mentioned in the other thread, iptables has string match support but I guess it will be slower and more CPU intensive compared to Snort, so maybe you could tell us the reasons why you want this and add a few examples?
 
Old 01-08-2006, 11:18 PM   #3
Bugger
LQ Newbie
 
Registered: Dec 2005
Location: Hyderabad, India
Distribution: Red Hat, Fedora Core
Posts: 16

Original Poster
Rep: Reputation: 0
Hi,
See like on the gateway I have a user interface which asks a user to block certain type of content (sex, porn, .ocx, .java etc.)... So I need to accomplish it... I am using kernel 2.6.9... I looked for patch-o-matic from netfilter but it doesn't work with kernel 2.6.x... I know kernel 2.6.14 has some string matching cababilities, but I have to stic to the kernel 2.6.9 only... And you were also refering to snort, but at a first look I came to know that it requires some MySQL, Webserver, ACID, webmin... Actully I need to avoid overhead of DB server, webserver... If Snort can work without these then please let me know... There is another one modsecurity but that also requires an APACHAE engine...

thanks and regards,
ANU
 
Old 01-09-2006, 02:50 AM   #4
fotoguy
Senior Member
 
Registered: Mar 2003
Location: Brisbane Queensland Australia
Distribution: KirraMail Live Email Server
Posts: 1,280

Rep: Reputation: 61
What about a squid proxy server?
 
Old 01-09-2006, 03:11 AM   #5
Bugger
LQ Newbie
 
Registered: Dec 2005
Location: Hyderabad, India
Distribution: Red Hat, Fedora Core
Posts: 16

Original Poster
Rep: Reputation: 0
Hey,
I thought SQUID is basically used for chaching... Can I use SQUID just for filtering the content ? ... and I feel SQUID filters the content, when requested by the browsers... I need filtering as it passes from the gateway...

thanks
 
Old 01-09-2006, 04:52 AM   #6
fotoguy
Senior Member
 
Registered: Mar 2003
Location: Brisbane Queensland Australia
Distribution: KirraMail Live Email Server
Posts: 1,280

Rep: Reputation: 61
Yeah it only filters the web browser, sorry I didn't realise you need for everything going through the gateway.
 
Old 01-11-2006, 07:15 AM   #7
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,492
Blog Entries: 54

Rep: Reputation: 2908Reputation: 2908Reputation: 2908Reputation: 2908Reputation: 2908Reputation: 2908Reputation: 2908Reputation: 2908Reputation: 2908Reputation: 2908Reputation: 2908
I know kernel 2.6.14 has some string matching cababilities, but I have to stic to the kernel 2.6.9 only...
I would like you to seriously consider upgrading the kernel before you do anything else. 2.6.9 is way old and contains more vulnerabilities than a sieve. If you really have compelling reasons not to upgrade you will have to spend time researching if mitigating risks is possible at all. This means researching (CVE, http://nvd.nist.gov/nvd.cfm) which vulnerabilities are remotely exploitable, then find any fixes, then lessening risks by compiling a custom 2.6.9 kernel that does include fixes and then test if it's still vulnerable. If the box allows for public access then you will have to do the same for locally exploitable vulns if you can't migrate public access services to another box. I estimate this will cost you considerable time which you should see as a compelling argument to override reasons not to upgrade the kernel (if possible).


And you were also refering to snort, but at a first look I came to know that it requires some MySQL, Webserver, ACID, webmin... Actully I need to avoid overhead of DB server, webserver... If Snort can work without these then please let me know
Management tools can be run from another box. Snort will run OK w/o any.
 
Old 01-11-2006, 08:08 AM   #8
Bugger
LQ Newbie
 
Registered: Dec 2005
Location: Hyderabad, India
Distribution: Red Hat, Fedora Core
Posts: 16

Original Poster
Rep: Reputation: 0
Thanks boss...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
String based filtering jacobm Linux - Security 2 01-07-2006 06:48 AM
Bash way to tell if String is in String tongar Programming 3 06-16-2005 06:59 AM
"udftools paket writing drama" behmjose Linux - Software 0 06-02-2004 07:40 PM
java test if string in string array is null. exodist Programming 3 02-21-2004 01:39 PM
Sendmail Spam filtering and Virus filtering MrJoshua Linux - General 2 04-03-2003 10:12 AM


All times are GMT -5. The time now is 11:30 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration