Document Actions
Installer la protection Peer 2 Peer MoBlock sur Debian
MoBlock est un parefeu pour logiciel Peer 2 Peer bloquant les mauvais partageurs. C'est un outil très utile que je vous recommande fortement.
Installation
Installez l'outil permettant de détection de distribution ainsi que GnuPG pour récupérer la clef de chiffrement des dépôts :
command apt-get install lsb-release gnupg
Récupérez le nom de votre distribution :
DEBIAN_VERSION=$(command lsb_release --codename | command cut --characters='11-')
Ajoutez les dépôts MoBlock à la configuration apt :
echo "# Moblock for ${DEBIAN_VERSION}
deb http://moblock-deb.sourceforge.net/debian ${DEBIAN_VERSION} main
deb-src http://moblock-deb.sourceforge.net/debian ${DEBIAN_VERSION} main" \
> '/etc/apt/sources.list.d/moblock.list'
Ajoutez les clefs de chiffrement des dépôts :
command gpg --keyserver wwwkeys.pgp.net --recv-keys 58712F29 command gpg --export --armor 58712F29 | command apt-key add -
Mettez à jour la liste des paquets disponibles :
command apt-get update
Installez le logiciel :
DEBIAN_FRONTEND='noninteractive' command apt-get install pgld pglcmd
Mettez en place les réglages de blockcontrol :
echo '# blocklists.list - lists the blocklists that are handled automatically by pglcmd
# Place one URL per line for every blocklist.
# Any line which starts with a # (hash) is a comment and is ignored.
# Have a look at /usr/share/doc/pglcmd/README.blocklists.gz for detailed
# information about some available blocklists.
# Instead or additionally to the blocklists that are specified in this file,
# you can manually put lists in MASTER_BLOCKLIST_DIR (/var/lib/pgl).
# All blocklists in that directory (except those which end in "~" or have a "."
# prefix) are used by pgld. They may be in any supported format and have to be
# either unpacked or gzipped. Note that these manually installed blocklists are
# neither updated automatically, nore does IP_REMOVE work for them.
# Do a "pglcmd reload" (or "restart" or "update") when you have edited
# this file.
# list.iblocklist.com/lists/atma/atma
list.iblocklist.com/lists/bluetack/ads-trackers-and-bad-pr0n
list.iblocklist.com/lists/bluetack/bad-peers
list.iblocklist.com/lists/bluetack/bogon
list.iblocklist.com/lists/bluetack/dshield
list.iblocklist.com/lists/bluetack/edu
# list.iblocklist.com/lists/bluetack/for-non-lan-computers
# list.iblocklist.com/lists/bluetack/forum-spam
list.iblocklist.com/lists/bluetack/hijacked
# list.iblocklist.com/lists/bluetack/iana-multicast
# list.iblocklist.com/lists/bluetack/iana-private
# list.iblocklist.com/lists/bluetack/iana-reserved
list.iblocklist.com/lists/bluetack/level-1
list.iblocklist.com/lists/bluetack/level-2
# list.iblocklist.com/lists/bluetack/level-3
list.iblocklist.com/lists/bluetack/microsoft
list.iblocklist.com/lists/bluetack/proxy
list.iblocklist.com/lists/bluetack/range-test
list.iblocklist.com/lists/bluetack/spider
list.iblocklist.com/lists/bluetack/spyware
list.iblocklist.com/lists/bluetack/web-exploit
list.iblocklist.com/lists/bluetack/webexploit-forumspam
# list.iblocklist.com/lists/cidr-report/bogon
list.iblocklist.com/lists/dchubad/faker
list.iblocklist.com/lists/dchubad/hacker
list.iblocklist.com/lists/dchubad/pedophiles
list.iblocklist.com/lists/dchubad/spammer
# list.iblocklist.com/lists/nexus23/ipfilterx
list.iblocklist.com/lists/peerblock/rapidshare
# list.iblocklist.com/lists/spamhaus/drop
list.iblocklist.com/lists/tbg/bogon
list.iblocklist.com/lists/tbg/business-isps
# list.iblocklist.com/lists/tbg/educational-institutions
list.iblocklist.com/lists/tbg/general-corporate-ranges
list.iblocklist.com/lists/tbg/hijacked
list.iblocklist.com/lists/tbg/primary-threats
list.iblocklist.com/lists/tbg/search-engines' \
> '/etc/pgl/blocklists.list'
Désactivez blockcontrol pour les ports HTTP, HTTPS et SSH :
command sed -i \
-e 's/^WHITE_TCP_OUT=.*/WHITE_TCP_OUT="http https ssh"/' \
'/etc/pgl/pglcmd.conf'
Ajoutez les trackers torrent que vous utilisez à la liste blanche. Par exemple, pour openbittorrent :
HOSTNAME="tracker.openbittorrent.com"
Récupérez l'adresse IP et ajoutez-la au fichier allow.p2p :
HOST_IPV4="$(command ping -c 1 "${HOSTNAME}" \
| command head -n 1 \
| command sed -e 's/[^(]*(\([^)]*\).*/\1/')"
echo "${HOSTNAME}:${HOST_IPV4}-255.255.255.255" \
>> '/etc/pgl/allow.p2p'
Redémarrez pgl pour prendre en compte les modifications :
/etc/init.d/pgl restart
Remerciements
- Merci aux développeurs de MoBlock.