Outils personnels
Vous êtes ici : Accueil GNU / Linux Debian Installer la protection Peer 2 Peer MoBlock sur Debian
Actions sur le document
  • Send this page to somebody
  • Print this page
  • Add Bookmarklet

Installer la protection Peer 2 Peer MoBlock sur Debian

Par Pierre-Yves Landuré - Dernière modification 02/01/2011 19:43

MoBlock est un parefeu pour logiciel Peer 2 Peer bloquant les mauvais partageurs. C'est un outil très utile que je vous recommande fortement.

Installation

Installez l'outil permettant de détection de distribution ainsi que GnuPG pour récupérer la clef de chiffrement des dépôts :

command apt-get install lsb-release gnupg

Récupérez le nom de votre distribution :

DEBIAN_VERSION=$(command lsb_release --codename | command cut --characters='11-')

Ajoutez les dépôts MoBlock à la configuration apt :

echo "# Moblock for ${DEBIAN_VERSION}
deb http://moblock-deb.sourceforge.net/debian ${DEBIAN_VERSION} main
deb-src http://moblock-deb.sourceforge.net/debian ${DEBIAN_VERSION} main" \
    > '/etc/apt/sources.list.d/moblock.list'

Ajoutez les clefs de chiffrement des dépôts :

command gpg --keyserver wwwkeys.pgp.net --recv-keys 58712F29
command gpg --export --armor 58712F29 | command apt-key add -

Mettez à jour la liste des paquets disponibles :

command apt-get update

Installez le logiciel :

DEBIAN_FRONTEND='noninteractive' command apt-get install pgld pglcmd

Mettez en place les réglages de blockcontrol :

echo '# blocklists.list - lists the blocklists that are handled automatically by pglcmd

# Place one URL per line for every blocklist.
# Any line which starts with a # (hash) is a comment and is ignored.

# Have a look at /usr/share/doc/pglcmd/README.blocklists.gz for detailed
# information about some available blocklists.

# Instead or additionally to the blocklists that are specified in this file,
# you can manually put lists in MASTER_BLOCKLIST_DIR (/var/lib/pgl).
# All blocklists in that directory (except those which end in "~" or have a "."
# prefix) are used by pgld. They may be in any supported format and have to be
# either unpacked or gzipped. Note that these manually installed blocklists are
# neither updated automatically, nore does IP_REMOVE work for them.

# Do a "pglcmd reload" (or "restart" or "update") when you have edited
# this file.

# list.iblocklist.com/lists/atma/atma
list.iblocklist.com/lists/bluetack/ads-trackers-and-bad-pr0n
list.iblocklist.com/lists/bluetack/bad-peers
list.iblocklist.com/lists/bluetack/bogon
list.iblocklist.com/lists/bluetack/dshield
list.iblocklist.com/lists/bluetack/edu
# list.iblocklist.com/lists/bluetack/for-non-lan-computers
# list.iblocklist.com/lists/bluetack/forum-spam
list.iblocklist.com/lists/bluetack/hijacked
# list.iblocklist.com/lists/bluetack/iana-multicast
# list.iblocklist.com/lists/bluetack/iana-private
# list.iblocklist.com/lists/bluetack/iana-reserved
list.iblocklist.com/lists/bluetack/level-1
list.iblocklist.com/lists/bluetack/level-2
# list.iblocklist.com/lists/bluetack/level-3
list.iblocklist.com/lists/bluetack/microsoft
list.iblocklist.com/lists/bluetack/proxy
list.iblocklist.com/lists/bluetack/range-test
list.iblocklist.com/lists/bluetack/spider
list.iblocklist.com/lists/bluetack/spyware
list.iblocklist.com/lists/bluetack/web-exploit
list.iblocklist.com/lists/bluetack/webexploit-forumspam
# list.iblocklist.com/lists/cidr-report/bogon
list.iblocklist.com/lists/dchubad/faker
list.iblocklist.com/lists/dchubad/hacker
list.iblocklist.com/lists/dchubad/pedophiles
list.iblocklist.com/lists/dchubad/spammer
# list.iblocklist.com/lists/nexus23/ipfilterx
list.iblocklist.com/lists/peerblock/rapidshare
# list.iblocklist.com/lists/spamhaus/drop
list.iblocklist.com/lists/tbg/bogon
list.iblocklist.com/lists/tbg/business-isps
# list.iblocklist.com/lists/tbg/educational-institutions
list.iblocklist.com/lists/tbg/general-corporate-ranges
list.iblocklist.com/lists/tbg/hijacked
list.iblocklist.com/lists/tbg/primary-threats
list.iblocklist.com/lists/tbg/search-engines' \
     > '/etc/pgl/blocklists.list'

Désactivez blockcontrol pour les ports HTTP, HTTPS et SSH :

command sed -i \
    -e 's/^WHITE_TCP_OUT=.*/WHITE_TCP_OUT="http https ssh"/' \
  '/etc/pgl/pglcmd.conf'

Ajoutez les trackers torrent que vous utilisez à la liste blanche. Par exemple, pour openbittorrent :

HOSTNAME="tracker.openbittorrent.com"

Récupérez l'adresse IP et ajoutez-la au fichier allow.p2p :

HOST_IPV4="$(command ping -c 1 "${HOSTNAME}" \
        | command head -n 1 \
        | command sed -e 's/[^(]*(\([^)]*\).*/\1/')"
echo "${HOSTNAME}:${HOST_IPV4}-255.255.255.255" \
    >> '/etc/pgl/allow.p2p'

Redémarrez pgl pour prendre en compte les  modifications :

/etc/init.d/pgl restart

Remerciements

  • Merci aux développeurs de MoBlock.
BlogBang
Navigation
 

Réalisé avec Plone

Ce site respecte les normes suivantes :

Wikio