Secure your Linux box with MoBlock
MoBlock is a cutting-edge open source security tool for the Linux platform designed help fine-tune the network security of your Linux desktop or server. Sukrit Dhandhania expMoblock02lains how to use it to secure your Linux box…
03 Now we come to the part where we run the installation. First you need to update the repository data for ‘apt-get’.
So run the command:
# sudo apt-get update
And then tell ‘apt-get’ to download and install the three components of MoBlock that we require:
# sudo apt-get install moblock blockcontrol mobloquer
As you can see, the installation of MoBlock on Ubuntu is quite simple. For other distributions, you might have to compile the software form scratch. Refer to the documentation on the project’s website at http://moblock.berlios.de/ for more information on it. At this point we’ll proceed, assuming that you managed to install MoBlock and its supporting tools. We can now move to the configuration of MoBlock.
Configuration
04 The configuration of MoBlock is handled by files located in the directory ‘/etc/blockcontrol’. This location contains the main configuration file, ‘blockcontrol.conf’; the list of blocked hosts, ‘blocklists.list’; and the list of hosts that are allowed through, ‘allow.p2p’. There are some basic configuration changes that you might want to do. For example, you might want to set MoBlock to start at boot. To do so, open the file ‘/etc/blockcontrol/blockcontrol.conf’ with root user privileges, using your favourite text editor, and add the line ‘MOBLOCK_INIT=”1”’.
After making any changes to the configuration, you will need to re-launch blockcontrol, the MoBlock daemon. To do so, run the command ‘# sudo blockcontrol restart’.
05 To add hosts for MoBlock to block from connecting to your computer, open the file ‘/etc/blockcontrol/blocklists.list’ in a text editor. You can use a command like ‘# sudo vim /etc/blockcontrol/blocklists.list’ to do so. Here you can either add individual hosts or ranges of IPs. However, the most commonly used approach is to add lists of blocked IPs from third-party sources. The website provides lists of malicious IPs that they keep pretty up to date. If you add one or more of these lists to your custom blocklist configuration and update it frequently, it can be a great way to deal with issues.
So you can enter something like the following in your ‘/etc/blockcontrol/blocklists.list’:
# Level1 (P2P)
http://list.iblocklist.com/?list=bt_level1
# Level2
http://list.iblocklist.com/?list=bt_level2
# Bogon
http://list.iblocklist.com/?list=bt_bogon
Check out the website for more such lists. Note that you should not use too many lists at one time.
to find out about all the latest Linux news, reviews, previews, interviews, features and a whole more.
The great thing about moblock is it allows outgoing http so you can browse with it running(unlike pg2).
Also go to iblocklist.com for all the lists you’ll ever need.
thanks, helpful
Doesn’t iplist do the same thing?
http://iplist.sourceforge.net/
May I suggest iplist? It is easy to install (just download and start the GUI) and use and it is not out of development.
http://iplist.sourceforge.net/
I’ve been using it for over a year. It’s definitely something I’d consider an absolute must-have for any Linux set-up. When you first start using it there are a couple things to keep in-mind.
First, if you have trouble connecting to ANYthing, check the logs to see if Moblock is the culprit (95% of the time, it is). The first thing most users will notice is that their Pidgin/Empathy/IMclientOfChoice stops working. The log will list the IP’s and info about the IP’s, so just whitelist them if need be. It’s really a very strong utility and will block pretty much everything until you tell it to do otherwise.
Second, I love using an xterm for just about everything I do, however… Mobloquer is so amazingly good that I rarely touch MoBlock in a terminal. I’m willing to bet most users will feel the same. So, I suggest the first thing you do after installing Mobloquer is: THROW IT IN YOUR STARTUP MENU. Obviously this isn’t necessary given MoBlock starts on its own… but MOBLOQUER is a very handy thing to have hanging out in your system tray. Especially if you are trying to connect to something and failing… the startup icon serves as a geat reminder (slap to the forehead | d’oh) that, indeed, MoBlock is probably the cause.
Again, definitely in my top-10 installs. Couldn’t be more highly recommended.
Good writeup, Sukrit.
Oh geez…don’t bother going through all of the key adding etc when using a PPA on Launchpad.
You are using Ubuntu 9.10, right?
Simply use:
sudo add-apt-repository ppa:jre-phoenix/ppa && sudo apt-get update && sudo apt-get install moblock blockcontrol mobloquer
and you are done!
This can all be done perfectly using iptables and the hosts.deny and hosts.allow files. MoBlock is the lazy artless way of going about it.
Really the lazy way. I would say the smart way. It’s like saying using a pre-built OS (ubunto or many other versions of linux) is lazy. No it is not re-inventing the wheel. It is using what has been made and then making it for you. I don’t see what is wrong with that.
Ok Daniel, Let me point out to you where your going wrong with your logic.
1. To create the ip tables and access control lists your way takes tons of time and wastes company money when there are many other jobs that have to be gotten done in the day. Your looking at the good ol days as the better days. Thats far from the truth. It was the costly and time consuming days. Thats why tools like this were created,to make the job easier and less costly.
2. Your way is prone to error. Forget one thing, one careless key stroke, and your firewall configuration can become useless or error-ed. Thats not going to happen with mobloquer unless you unblock the wrong
address in the log window or manually add a hazardous exception.
3. Are you really going to scan the net looking for specific places to implicitly deny? Mobloquer updates dangerous site lists daily from TONS of sources. Other people do that work for you for free.
4. Don’t you think it a bit passe’ to be an elitist Linux snob who calls people names because they have a different way of doing thing in this day in age? I have been using Linux since Red Hat 5 and I love helping people learn, use, and support Linux and never once did I ever close my mind to a better faster easier way of doing things, and would never be insulting to those that got the same exact job done better and faster. Those who get it done better and faster are the kind of people I hire in my IT department.