Maltrail is a malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious trails, along with static trails compiled from various AV reports and custom user defined lists.
 |
| <Maltrail> |
You can easily install it on the OPNsense.
Go to System -> Firmware -> Packages.
There are two packages called maltrail, os-maltrail.
 |
| <OPNsense> |
For more information about Maltrail you can visit GitHub:
https://github.com/stamparm/maltrail
To start the Maltrail server, open a new terminal and execute the following (login as root):
python server.py
or
python3 /usr/local/share/maltrail/server.py
To start the Maltrail sensor, execute the following:
python sensor.py
or
python3 /usr/local/share/maltrail/sensor.py
To stop Sensor and Server instances (if running in background) execute the following:
pkill -f sensor.py
pkill -f server.py
You should be able to see the processes by ps command:
root@firewall:~ # ps auxww | grep maltrail
root 32069 10.2 14.5 1238636 1205452 1 S 22:07 11:39.74 python3 /usr/local/share/maltrail/sensor.py (python3.7)
root 30925 6.3 14.5 1239484 1203464 1 S 22:15 3:17.25 python3 /usr/local/share/maltrail/sensor.py (python3.7)
root 34082 6.3 14.5 1239540 1203524 1 R 22:15 3:17.53 python3 /usr/local/share/maltrail/sensor.py (python3.7)
root 82287 6.3 14.5 1239492 1199456 1 S 22:15 3:17.45 python3 /usr/local/share/maltrail/sensor.py (python3.7)
root 88000 0.0 0.4 59340 35128 - S 20:51 0:03.39 python3 /usr/local/share/maltrail/server.py (python3.7)
root 56363 0.0 0.0 1060976 3432 1 R+ 23:08 0:00.00 grep maltrail
No comments:
Post a Comment