Secure your Linux box with MoBlock
MoBlock is a cutting-edge open source security tool for the Linux platform designed help fine-tune the network security of your Linux desktop or server. Sukrit Dhandhania expMoblock02lains how to use it to secure your Linux box…
06 There are a few ‘blockcontrol’ commands that you should be familiar with when you are tinkering with the MoBlock configuration files. When you are making configuration changes, you might want to run a test to see if the changes you made wouldn’t break the system. When you make changes to the list of blocked hosts, you will need to rebuild MoBlock’s database.
Start MoBlock: # sudo blockcontrol start
Stop: # sudo blockcontrol stop
Restart: # sudo blockcontrol restart
Rebuild block list: # sudo blockcontrol rebuild
Update block list: # sudo blockcontrol update
07 After you are done making your changes, you need to restart or reload MoBlock so that your new settings are activated. After that, you should check MoBlock’s status to see if things are working okay.
Check MoBlock status: # sudo blockcontrol status
Test configuration: # sudo blockcontrol test
08 You can tweak the configuration file of MoBlock more if you like. You can adjust the level of verbosity of its logs by adding an entry like ‘VERBOSITY=”1”’. By default, logging is at Level “0”. Level “1” of verbosity is the other option you have, which increases the verbosity of the logs by a great deal. Another configuration change you can make is adding ‘MOBLOCK_CRON=”0”’ to your config. MoBlock has a ‘cron job’ that runs at a fixed interval and updates the list of hosts to be blocked automatically from the lists you have added from ipblocklist.com. Setting this parameter to “0” makes sure that the blocklists are not updated automatically. We suggest using this until you get familiar with allowing and disallowing hosts.
09 MoBlock has a pretty good logging setup. The log file for the tool is at ‘/var/log/blockcontrol.log’. This file stores all the information on all the activities of MoBlock. So every time you stop, start or rebuild the database of MoBlock, an entry goes into the log file. To access the log you can either open the file in a text editor, or you can get a live read on it using the following command:
# tail -F /var/log/blockcontrol.log
10 Another great feature in MoBlock is the statistics that it maintains. It gathers information on hosts that contacted your computer and builds a database of how many hits each host made to your computer. This information is stored in the file ‘/var/log/MoBlock.stats’. This information can be very useful when you want to analyse potential security threats to your computer. If you see that an unwanted source has contacted you several times, you can add it to the list of blocked hosts. To access the file, use the following command:
# less /var/log/MoBlock.stats
to find out about all the latest Linux news, reviews, previews, interviews, features and a whole more.
The great thing about moblock is it allows outgoing http so you can browse with it running(unlike pg2).
Also go to iblocklist.com for all the lists you’ll ever need.
thanks, helpful
Doesn’t iplist do the same thing?
http://iplist.sourceforge.net/
May I suggest iplist? It is easy to install (just download and start the GUI) and use and it is not out of development.
http://iplist.sourceforge.net/
I’ve been using it for over a year. It’s definitely something I’d consider an absolute must-have for any Linux set-up. When you first start using it there are a couple things to keep in-mind.
First, if you have trouble connecting to ANYthing, check the logs to see if Moblock is the culprit (95% of the time, it is). The first thing most users will notice is that their Pidgin/Empathy/IMclientOfChoice stops working. The log will list the IP’s and info about the IP’s, so just whitelist them if need be. It’s really a very strong utility and will block pretty much everything until you tell it to do otherwise.
Second, I love using an xterm for just about everything I do, however… Mobloquer is so amazingly good that I rarely touch MoBlock in a terminal. I’m willing to bet most users will feel the same. So, I suggest the first thing you do after installing Mobloquer is: THROW IT IN YOUR STARTUP MENU. Obviously this isn’t necessary given MoBlock starts on its own… but MOBLOQUER is a very handy thing to have hanging out in your system tray. Especially if you are trying to connect to something and failing… the startup icon serves as a geat reminder (slap to the forehead | d’oh) that, indeed, MoBlock is probably the cause.
Again, definitely in my top-10 installs. Couldn’t be more highly recommended.
Good writeup, Sukrit.
Oh geez…don’t bother going through all of the key adding etc when using a PPA on Launchpad.
You are using Ubuntu 9.10, right?
Simply use:
sudo add-apt-repository ppa:jre-phoenix/ppa && sudo apt-get update && sudo apt-get install moblock blockcontrol mobloquer
and you are done!
This can all be done perfectly using iptables and the hosts.deny and hosts.allow files. MoBlock is the lazy artless way of going about it.
Really the lazy way. I would say the smart way. It’s like saying using a pre-built OS (ubunto or many other versions of linux) is lazy. No it is not re-inventing the wheel. It is using what has been made and then making it for you. I don’t see what is wrong with that.
Ok Daniel, Let me point out to you where your going wrong with your logic.
1. To create the ip tables and access control lists your way takes tons of time and wastes company money when there are many other jobs that have to be gotten done in the day. Your looking at the good ol days as the better days. Thats far from the truth. It was the costly and time consuming days. Thats why tools like this were created,to make the job easier and less costly.
2. Your way is prone to error. Forget one thing, one careless key stroke, and your firewall configuration can become useless or error-ed. Thats not going to happen with mobloquer unless you unblock the wrong
address in the log window or manually add a hazardous exception.
3. Are you really going to scan the net looking for specific places to implicitly deny? Mobloquer updates dangerous site lists daily from TONS of sources. Other people do that work for you for free.
4. Don’t you think it a bit passe’ to be an elitist Linux snob who calls people names because they have a different way of doing thing in this day in age? I have been using Linux since Red Hat 5 and I love helping people learn, use, and support Linux and never once did I ever close my mind to a better faster easier way of doing things, and would never be insulting to those that got the same exact job done better and faster. Those who get it done better and faster are the kind of people I hire in my IT department.