Skip to content

Real-time threat detection for any Linux system running firewalld, based on data from the Turris Sentinel project

License

Notifications You must be signed in to change notification settings

MatejLach/dynafire

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

dynafire - real-time threat detection for any Linux system

Turris Sentinel is a real-time threat detection & attack prevention system from the creators of the Turris series of open-source routers, however this service is normally only available via the router interface. This makes it impractical to use the real-time data provided by Turris Sentinel on a VPS for example, which you cannot easily put behind a Turris router hardware.

dynafire is a lightweight Linux daemon that lets any Linux system running the industry standard firewalld firewall update its firewall rules in real-time based on Sentinel data.

Turris Sentinel data by TurrisTech is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Installation via package managers

Arch Linux (AUR): dynafire-bin

Manual installation

Because dynafire ships as a single binary, it is easy to install it manually on practically any systemd-based distro.

Before proceeding please ensure that ZeroMQ (tested with 4.3.5), NetworkManager and firewalld are installed and running:

$ sudo systemctl check NetworkManager                                   
active

$ sudo systemctl check firewalld                                   
active

Download the binary:

$ wget https://github.com/MatejLach/dynafire/releases/download/v0.3/dynafire

Ensure the binary is executable:

$ chmod +x dynafire

Copy the binary to your $PATH:

$ sudo cp dynafire /usr/bin/

Next, download the systemd service definition file:

$ wget https://raw.githubusercontent.com/MatejLach/dynafire/main/dist/systemd/dynafire.service

Copy it under where systemd would be able to see it i.e. /lib/systemd/system or /etc/systemd/system:

$ sudo cp dynafire.service /lib/systemd/system/

Register the new service with systemd:

$ sudo systemctl daemon-reload

Then, assuming firewalld is already running, enable it at boot and start with:

$ sudo systemctl enable dynafire --now

Building from source

Clone the source:

$ git clone https://github.com/MatejLach/dynafire.git && cd dynafire/cmd/dynafire

Then, assuming a properly set up Go toolchain, simply run:

$ go build

Copy the resulting dynafire binary under /usr/bin and use the systemd service to manage its lifecycle, see Manual Installation for details.

Configuration

The dynafire configuration file is created upon first launch under /etc/dynafire/config.json. By default, it has the following values:

{
  "log_level": "INFO",
  "zone_target_policy": "ACCEPT"
}

The log_level can be set to DEBUG (most verbose), INFO and ERROR (least verbose).

By default, the dynafire firewalld zone is set to ACCEPT every packet that is NOT on the Turris Sentinel blacklist, so as not to accidentally block legitimate traffic. However, you can make this stricter by changing the zone_target_policy to i.e. REJECT or DROP, see firewalld zone options for details.

Contributing

Bug reports and pull requests are welcome. Do not hesitate to open a PR / file an issue or a feature request.

About

Real-time threat detection for any Linux system running firewalld, based on data from the Turris Sentinel project

Topics

Resources

License

Stars

Watchers

Forks

Languages