diff --git a/main.py b/main.py index 5a204cd..fa25d04 100755 --- a/main.py +++ b/main.py @@ -146,11 +146,11 @@ class iptables: print("Filter : filtage ports v6") self.filtrage_ports(ip_type='6') if self.verbose: - print("Filter : limit connexions forward") - self.limit_ssh_connexion_forward() + print("Filter : limit connections forward") + self.limit_ssh_connection_forward() if self.verbose: - print("Filter : Limit connexion src") - self.limit_connexion_srcip() + print("Filter : Limit connection src") + self.limit_connection_srcip() elif table == "mangle": if self.verbose: print("Mangle : Mise en place des logs") @@ -169,11 +169,11 @@ class iptables: print("Filter : filtrage ports 4") self.filtrage_ports(ip_type='4') if self.verbose: - print("Filter : limit ssh connexion forward") - self.limit_ssh_connexion_forward() + print("Filter : limit ssh connection forward") + self.limit_ssh_connection_forward() if self.verbose: - print("Filter : limit connexion src ip") - self.limit_connexion_srcip() + print("Filter : limit connection src ip") + self.limit_connection_srcip() elif table == "mangle": if self.verbose: print("Mangle : Mise en place des logs") @@ -198,11 +198,11 @@ class iptables: print("Filter : filtage ports v6") self.filtrage_ports(ip_type='6') if self.verbose: - print("Filter : limit ssh connexion forward") - self.limit_ssh_connexion_forward() + print("Filter : limit ssh connection forward") + self.limit_ssh_connection_forward() if self.verbose: - print("Filter : limit connexion src ip") - self.limit_connexion_srcip() + print("Filter : limit connection src ip") + self.limit_connection_srcip() elif table == "mangle": if self.verbose: print("Mangle : Mise en place des logs") @@ -221,12 +221,12 @@ class iptables: self.base_filter() if self.verbose: print("Filter : autorisation des ip en sortie") - self.captif_autorized_ip() + self.captive_authorized_ip() if table == "nat": if self.verbose: print("Nat : nat et captures les connexions du portail masquerade") - self.nat_connexion_portail() - self.capture_connexion_portail() + self.nat_connection_portail() + self.capture_connection_portail() def users(self, table): """Securisation d'un serveur avec comptes d'utilisateurs""" @@ -251,11 +251,11 @@ class iptables: print("Filter : reseaux non routables") self.reseaux_non_routables() if self.verbose: - print("Filter : connexion input") + print("Filter : connection input") if self.verbose: print("Limitation des connexions") - self.limit_ssh_connexion_input() - self.limit_connexion_dstip() + self.limit_ssh_connection_input() + self.limit_connection_dstip() def gen_filter(self, empty=False): self.init_filter("INPUT") @@ -357,39 +357,39 @@ class iptables: self.jump_traficto("filter", interface, "FORWARD", subtable) self.add_in_subtable("filter", subtable, """-j REJECT""") - def captif_autorized_ip(self, subtable='FILTRE-IP-PORTAIL'): - """Autorise les ip whitelistées sur le portail captif accueil""" + def captive_authorized_ip(self, subtable='FILTRE-IP-PORTAIL'): + """Autorise les ip whitelistées sur le portail captive accueil""" self.init_filter(subtable, decision="-") self.jump_all_trafic("filter", "FORWARD", subtable, mode='4') - for protocol in self.portail_settings['autorized_hosts']: - for ip, ports in self.portail_settings['autorized_hosts'][protocol].items(): + for protocol in self.portail_settings['authorized_hosts']: + for ip, ports in self.portail_settings['authorized_hosts'][protocol].items(): self.add_in_subtable("filter4", subtable, """-p %s -d %s -m multiport --dports %s -j ACCEPT""" % (protocol, ip, ','.join(ports))) self.add_in_subtable("filter4", subtable, """-j REJECT""") - def capture_connexion_portail(self, subtable="PORTAIL-CAPTIF-REDIRECT"): - """Redirige les connexion 80 et 443 vers l'ip cible""" + def capture_connection_portail(self, subtable="PORTAIL-CAPTIF-REDIRECT"): + """Redirige les connexions 80 et 443 vers l'ip cible""" self.init_nat(subtable, decision="-") for interface in self.interfaces_settings['routable']: self.jump_traficfrom("nat", interface, "PREROUTING", subtable, mode='4') - for protocol in self.portail_settings['autorized_hosts']: - for ip, ports in self.portail_settings['autorized_hosts'][protocol].items(): + for protocol in self.portail_settings['authorized_hosts']: + for ip, ports in self.portail_settings['authorized_hosts'][protocol].items(): self.add_in_subtable("nat4", subtable, """-p %s -d %s -m multiport --dports %s -j RETURN""" % (protocol, ip, ','.join(ports))) for ip_range, destination in self.portail_settings['ip_redirect'].items(): for protocol, ip in destination.items(): for ip_dest, ports in ip.items(): self.add_in_subtable("nat4", subtable, """-p %s -s %s -m multiport --dports %s -j DNAT --to %s""" % (protocol, ip_range, ','.join(ports), ip_dest)) - def nat_connexion_portail(self, subtable="PORTAIL-CAPTIF-NAT"): + def nat_connection_portail(self, subtable="PORTAIL-CAPTIF-NAT"): """Nat les connexions derrière l'ip de la machine du portail""" self.init_nat(subtable, decision="-") for interface in self.interfaces_settings['sortie']: self.jump_traficto("nat", interface, "POSTROUTING", subtable, mode='4') - for protocol in self.portail_settings['autorized_hosts']: - for ip, ports in self.portail_settings['autorized_hosts'][protocol].items(): + for protocol in self.portail_settings['authorized_hosts']: + for ip, ports in self.portail_settings['authorized_hosts'][protocol].items(): self.add_in_subtable("nat4", subtable, """-p %s -d %s -m multiport --dports %s -j MASQUERADE""" % (protocol, ip, ','.join(ports))) def accept_established(self, subtable='ESTABLISHED-CONN'): @@ -418,7 +418,7 @@ class iptables: self.jump_all_trafic("filter", "INPUT", subtable, mode='4') self.add_in_subtable("filter4", subtable, """-p icmp -j ACCEPT""") - def limit_ssh_connexion_input(self, subtable='LIMIT-SSH-INPUT'): + def limit_ssh_connection_input(self, subtable='LIMIT-SSH-INPUT'): self.init_filter(subtable, decision="-") for interface in self.interfaces_settings['routable']: self.jump_traficfrom("filter", interface, "INPUT", subtable) @@ -426,7 +426,7 @@ class iptables: self.add_in_subtable("filter", subtable, """-p tcp --dport ssh -m state --state NEW -m recent --name SSH-INPUT --set""") self.add_in_subtable("filter", subtable, """-p tcp --dport ssh -m state --state NEW -m recent --name SSH-INPUT --update --seconds 120 --hitcount 10 --rttl -j DROP""") - def limit_ssh_connexion_forward(self, subtable='LIMIT-SSH-FORWARD'): + def limit_ssh_connection_forward(self, subtable='LIMIT-SSH-FORWARD'): self.init_filter(subtable, decision="-") for interface in self.interfaces_settings['sortie']: self.jump_traficfrom("filter", interface, "FORWARD", subtable) @@ -434,7 +434,7 @@ class iptables: self.add_in_subtable("filter", subtable, """-p tcp --dport ssh -m state --state NEW -m recent --name SSH-FORWARD --set""") self.add_in_subtable("filter", subtable, """-p tcp --dport ssh -m state --state NEW -m recent --name SSH-FORWARD --update --seconds 30 --hitcount 10 --rttl -j DROP""") - def limit_connexion_srcip(self, subtable='LIMIT-CONNEXION-SRCIP'): + def limit_connection_srcip(self, subtable='LIMIT-CONNEXION-SRCIP'): self.init_filter(subtable, decision="-") for interface in self.interfaces_settings['sortie']: self.jump_traficto("filter", interface, "FORWARD", subtable) @@ -449,7 +449,7 @@ class iptables: self.add_in_subtable("filter", subtable, """-m hashlimit --hashlimit-upto 5/hour --hashlimit-burst 5 --hashlimit-mode srcip --hashlimit-name LIMIT_OTHER_SRCIP_CONNEXION_LOG -j LOG --log-prefix "CONNEXION_LIMIT " """) self.add_in_subtable("filter", subtable, """-j REJECT""") - def limit_connexion_dstip(self, subtable='LIMIT-CONNEXION-DSTIP', cible='INPUT'): + def limit_connection_dstip(self, subtable='LIMIT-CONNEXION-DSTIP', cible='INPUT'): self.init_filter(subtable, decision="-") for interface in self.interfaces_settings['sortie']: self.jump_traficfrom("filter", interface, "FORWARD", subtable)