Skip to content
/ Triplink Public

Listens for incoming port scans and reports the IPs to the ScanBanServer

www.triplink.tech/

License

GPL-3.0 license
3 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

JojiiOfficial/Triplink

BranchesTags

Repository files navigation

Triplink

This is a client which parses the logs from Tripwire and uploads the IPs to a server. The logs from Tripwire are in most cases webscanner who scan your machine(s) to make analytics or want to hack you. If you use this package, you can store scanner automatically in a database and block specific IP addresses. This allows you to sync those evil IPs between multiple devices/servers. In addition you can easily create/restore iptable and ipset backups.

Install

Run

chmod u+x ./update.sh
sudo ./update.sh

Or if you want to compile step by step

go get
go build -o triplink

you can move the binary into /usr/bin if you want:

sudo mv ./triplink /usr/bin/triplink

Usage

Create a config file to store the data. Every report/update will go to the given server.
Note: Don't use the same config file for multiple reporter instances

# triplink config create -t <token> -r <https://a-serv.er>

(Report) Parse the logfile and send the new scanner/spammer/hacker IPs to the server. Afterwards update the changed IPs from the server and block them (-u)
# triplink report -u

Fetch all IPs from the server and create automatically a set of IPs and blocks them. You can use this command once for getting all ips (existing IPs will be overwritten). If you run this command in eg. a cronjob you can remove the -a it will automatically update new IPs without fetiching everything. Afterwards it will backup and save the IPset
# triplink update -a

Backup your IPtables (-t) and IPset (-s) config. Without arguments it will only backup the IPset data. You can turn this off using -s=false
# triplink backup create -t -s

Restore your IPtables (-t) and IPset (-s) config. Without arguments it will only restore the IPset data. You can turn this off using -s=false. Use it for example in a cronjob with @reboot to restore the IPset data after a reboot, because otherwise they will be lost
# triplink backup restore -t -s

Install one or multiple cronjob(s) to automate reports, fetches, backups and restores
# triplink install

Note: In some cron installations the $PATH var is not set to the path where iptables or ipset is installed in. If you get an error or the cronjob doesn't work you can either create a symbolic link in /bin/iptables -> 'your iptables binary' and /bin/ipset -> 'your ipset binary or you can set a custom $PATH in the crontab:

PATH=/usr/sbin:/bin:/sbin:/usr/bin      #Make sure ipset and iptables are in one of those folders

To uninstall those automations use crontab -e and remove the line you don't want to have automated

About

Listens for incoming port scans and reports the IPs to the ScanBanServer

www.triplink.tech/

Topics

security filter iptables cronjob ipset security-automation security-tools triplink

Resources

Readme

License

GPL-3.0 license
Activity

Stars

3 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

1 tags

Packages

No packages published

Languages