You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Ralph Rönnquist 1c53c4e38e corrections 7 months ago
README.adoc initial 7 months ago
didaff initial 7 months ago
didaff-server added init script for didaff 7 months ago
didaff.conf initial 7 months ago
didaff.psk initial 7 months ago
firewall-cron corrections 7 months ago corrections 7 months ago


DIDAFF for Devuan

This project holds the implementation of a Distributed Intrusion Detection And Firewalling Framework (DIDAFF) on the Devaun infrastructure. This infrastructure comprises a small group of bare-metal nodes that host a range of virtual machine based services, using the "ganeti" VPS platform.

The DIDAFF includes coordinated firewall setup for the nodes based on a replicated Baddies Database that is feed from the distributed detection sources using a combination of tools such as fail2ban, sshguard and bespoke scripting. All detection sources link up with and provide entries for the Baddies Database in their own ways, and this is replicated onto the nodes for them to use their replica as basis for managing the firewall.

Each node runs a DIDAFF server as well as the firewall cron bot. Various virtual machines have detection logic and tells the nodes about "baddies" through the DIDAFF API, which uses broadcast on the local net.