본문 바로가기

Tech/Linux

Dshield, Grafana - DDos Defender

네이버 공유하기
728x90

http://www.ywjt.org/index.php/archives/947

https://github.com/ywjt/Dshield


vi /etc/yum.repos.d/grafana.repo 

and add the content below.

[grafana]
name=grafana
baseurl=https://packagecloud.io/grafana/stable/el/6/$basearch
repo_gpgcheck=1
enabled=1
gpgcheck=1
gpgkey=https://packagecloud.io/gpg.key https://grafanarel.s3.amazonaws.com/RPM-GPG-KEY-grafana
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt


yum install grafana
service grafana-server start

Dshield-master.zip

wget https://github.com/ywjt/Dshield/archive/master.zip

unzip master.zip cd Dshield-master/ sh install.sh


service grafana-server restart
/usr/local/Dshield/sbin/dshield all start


http://{your_ip}:3000

username: admin password: admin


modified configure file

Open File: /usr/local/Dshield/conf/default.ini

white list

support CIRD format

whitelisted_ips = "10.10.10.0/24,172.16.0.0/16"

whitel_ttl_ips = "10.10.10.0/24,172.16.0.0/16"

monitor interface

mont_interface = "eth0"

monitor port

mont_port = "80,22"

listen mode false means active defense, true means only record IP and ttl but not block

mont_listen = false

monitor interval specified in seconds

rexec_time = 5

block connections this parameter can assign the sensitivity of monitoring, 100 is recommanded

no_of_connections = 100

ip block time support 1d/1h/1m format

block_period_ip = "1m"

monitor protocol it is available for TTL monitor module, tcp-tcp only, udp-udp only, ‘’-all protocols are monitored

mont_protocol = "tcp"

block connections this parameter can assign the sensitivity of monitoring, 20000~100000 is recommanded

no_ttl_connections = 20000

ttl unblock time surpport 1d/1h/1m format

block_period_ttl = "1m"


썬샤인 쿠 라는 분은 중국분인듯 ~ 

잘 만든거 같다.

반응형
네이버 공유하기


* 쿠팡 파트너스 활동을 통해 일정액의 수수료를 제공받을 수 있습니다.