Maltrail addon as a possible new feature

Hi All,

I simply love Nethserver and think that the extra applications are a god send

I was looking through an install at a friend’s place and he runs Opnsense
One service he showed me in great depth was Maltrail
https://github.com/stamparm/maltrail

I found it to be a fantastic tool to help me find hostnames and IP addresses to block that were malicious but not necessarily a part of any lists

I thoroughly recommend having a look at this

Maybe there is a reason it isn’t implemented but thought I would post it here and see what people think

Unfortunately I have no programming experience so I won’t be very helpful if integration takes a lot of work but I would love to try and test something

Kind regards,
Ben

Hi @benaus. Good to see you have found a promising addition for NethServer.
Even when you claim you can’t help because you have no coding skills, I think otherwise.
We have a quite straightforward way of adding new features.

• do a feature request (you just did YAY!!) In this feature request you describe what the new feature does (you already did, YAY!!) and we discuss if there is a need for the feature and if there are any alternatives. We will continue with that in this discussion.
• do an install on NethServer and document this. You can start a new discussion for this so others can track and help with installing the new feature
• create a full howto. This is more or less the documentation you do of every step during install and configuring the feature. When the howot is 100% reproducable, create a howto inb our wiki.
• Final step is creating the module/rpm Even without coding skills you could try. I am sure our @dev_team is more than willing to help here.

So next step: are there any alternatives that do the same or similar?

Some pointers: I see most sources to install maltrail on BSD based systems (Opnsense is BSD too) There is a install howto for Ubuntu 1804 I didn’t find any info on installing on CentOS7, so it might become a challenge…

Sounds good

I will try and install it on a Centos 7 VM and see how it goes
I will document that and then work on a Nethserver VM

While doing this I will also check out any alternatives out there which may provide similar functionaility but have documentation for Centos installs

I will update in this thread @robb if thats alright

Kind regards,
Ben

Excellent, thank you!

Hello! Generally, there’s should be no problem on MT installation for CentOS. The single dependence for MT work is to install python-pcapy package: from CentOS repo or by pip install pcapy command.

For example, here is an algo by installing python-pcapy from pip:

1.1) To install packages: epel-release, gcc, gcc-c++, python-pip, python-devel, libpcap-devel, git

• Command: yum install -y epel-release gcc gcc-c++ python-pip python-devel libpcap-devel git

1.2) To upgrade python-pip

• Command: pip install --upgrade pip

1.3) To install python-pcapy package

• Command: pip install pcapy

1.4) To install maltrail from git-repo

• Command: git clone GitHub - stamparm/maltrail: Malicious traffic detection system

1.5) cd /maltrail

1.6) Do python server.py + python sensor.py commands.

2 @benaus Hello! If you have a little bit of time, please do tests\checks for pip2 and pip3 varations. If everything (or one of variants) is\are OK, I will bring description of algo above to official doc of Maltrail. Thank you!

Hello, everyone!

Now Maltrail is also avaliable as the RPM package for wide set of RPM-based Linux distros, including CentOS 7, CentOS 8 and CentOS Stream: Show home:k_mikhail / maltrail - openSUSE Build Service

• Built for archs: i586/x86_64/armv7l/aarch64/ppc64(-le)/s390x/riscv64

• Maltrail RPM spec file on Github: GitHub - MikhailKasimov/maltrail-rpm-spec: Maltrail RPM-package spec-file

Feel free to use, modify, propose changes/updates.

Thank you!

P.S. From post above: “pip install pcapy” ← now “pip install pcapy-ng” is in game.