Secure your Linux box with MoBlock
MoBlock is a cutting-edge open source security tool for the Linux platform designed help fine-tune the network security of your Linux desktop or server. Sukrit Dhandhania expMoblock02lains how to use it to secure your Linux box…
11 MoBlock is a pretty smart tool. It allows you to not only block IP addresses and host names, but also domains based on phrases. You can set a particular search phrase to be blocked. For example, if you want to block out the phrase ‘Hotmail’ or ‘Yahoo’, add an entry like the following in the MoBlock configuration file, ‘/etc/blockcontrol/blockcontrol.conf’:
IP_REMOVE=”hotmail;yahoo”
Note that you need to separate search phrases with a semicolon. You then need to reload MoBlock by running the following command:
# sudo blockcontrol reload
You can also search your list of blocked hosts using search phrases. If you want to check if the term ‘google’ is blocked, run the following command:
# sudo blockcontrol search google
# less /var/log/MoBlock.stats
12 We saw earlier how to block hosts using lists. Whitelisting individual IP addresses or a range of IP addresses is quite simple as well. To whitelist a single IP, you need to make an entry in the MoBlock configuration file ‘/etc/blockcontrol/blockcontrol.conf’. To whitelist the IP address 192.168.10.45 and allow it to send and receive packets from your computer, add the following lines:
WHITE_IP_IN=”192.168.10.45”
WHITE_IP_OUT=”192.168.10.45”
You can also whitelist a whole subdomain if you like:
WHITE_IP_IN=”192.168.X.X”
WHITE_IP_OUT=”192.168.X.XX”
13 Like you can whitelist an IP or a subdomain, you can also whitelist a range of IP addresses. This is pretty usual if you are part of a large network like a university campus. To do so, add a line like the following in the file ‘/etc/blockcontrol/allow.p2p’.
192.168.10.15-192.168.10.45
Replace the IP addresses in the example above with the range you want to allow through. Remember to rebuild the MoBlock database and restart it.
14 MoBlock has some great command-line functionality. We, however, live in a world which has more of a penchant for graphical applications. That’s why MoBlock has a graphical front end called ‘Mobloquer’. Mobloquer is a third-party project that has a very cool user interface that makes configuring, managing and using MoBlock a breeze The project is hosted here. It has just about every feature that the command-line version has to offer. You can start, stop, restart and tweak MoBlock using Mobloquer. It also has a settings and logs monitoring tab to make things even easier.
MoBlock is quite simple to set up and has tools to help you manage it. It also allows great flexibility which requires a good understanding of how the tool works. Once you get a hang of it, though, it can greatly enhance the security of your computers. In today’s age where just about everything can be done from a computer, it is very important that your data remains secure from malicious elements. MoBlock does just that for you.
This article originally appeared in issue 83 of Linux User & Developer. Click here for more tutorials from the magazine.
to find out about all the latest Linux news, reviews, previews, interviews, features and a whole more.
The great thing about moblock is it allows outgoing http so you can browse with it running(unlike pg2).
Also go to iblocklist.com for all the lists you’ll ever need.
thanks, helpful
Doesn’t iplist do the same thing?
http://iplist.sourceforge.net/
May I suggest iplist? It is easy to install (just download and start the GUI) and use and it is not out of development.
http://iplist.sourceforge.net/
I’ve been using it for over a year. It’s definitely something I’d consider an absolute must-have for any Linux set-up. When you first start using it there are a couple things to keep in-mind.
First, if you have trouble connecting to ANYthing, check the logs to see if Moblock is the culprit (95% of the time, it is). The first thing most users will notice is that their Pidgin/Empathy/IMclientOfChoice stops working. The log will list the IP’s and info about the IP’s, so just whitelist them if need be. It’s really a very strong utility and will block pretty much everything until you tell it to do otherwise.
Second, I love using an xterm for just about everything I do, however… Mobloquer is so amazingly good that I rarely touch MoBlock in a terminal. I’m willing to bet most users will feel the same. So, I suggest the first thing you do after installing Mobloquer is: THROW IT IN YOUR STARTUP MENU. Obviously this isn’t necessary given MoBlock starts on its own… but MOBLOQUER is a very handy thing to have hanging out in your system tray. Especially if you are trying to connect to something and failing… the startup icon serves as a geat reminder (slap to the forehead | d’oh) that, indeed, MoBlock is probably the cause.
Again, definitely in my top-10 installs. Couldn’t be more highly recommended.
Good writeup, Sukrit.
Oh geez…don’t bother going through all of the key adding etc when using a PPA on Launchpad.
You are using Ubuntu 9.10, right?
Simply use:
sudo add-apt-repository ppa:jre-phoenix/ppa && sudo apt-get update && sudo apt-get install moblock blockcontrol mobloquer
and you are done!
This can all be done perfectly using iptables and the hosts.deny and hosts.allow files. MoBlock is the lazy artless way of going about it.
Really the lazy way. I would say the smart way. It’s like saying using a pre-built OS (ubunto or many other versions of linux) is lazy. No it is not re-inventing the wheel. It is using what has been made and then making it for you. I don’t see what is wrong with that.
Ok Daniel, Let me point out to you where your going wrong with your logic.
1. To create the ip tables and access control lists your way takes tons of time and wastes company money when there are many other jobs that have to be gotten done in the day. Your looking at the good ol days as the better days. Thats far from the truth. It was the costly and time consuming days. Thats why tools like this were created,to make the job easier and less costly.
2. Your way is prone to error. Forget one thing, one careless key stroke, and your firewall configuration can become useless or error-ed. Thats not going to happen with mobloquer unless you unblock the wrong
address in the log window or manually add a hazardous exception.
3. Are you really going to scan the net looking for specific places to implicitly deny? Mobloquer updates dangerous site lists daily from TONS of sources. Other people do that work for you for free.
4. Don’t you think it a bit passe’ to be an elitist Linux snob who calls people names because they have a different way of doing thing in this day in age? I have been using Linux since Red Hat 5 and I love helping people learn, use, and support Linux and never once did I ever close my mind to a better faster easier way of doing things, and would never be insulting to those that got the same exact job done better and faster. Those who get it done better and faster are the kind of people I hire in my IT department.