How To Install Maltrail Malicious Traffic Detection System on Linux

Windows Articles

How to install Sublime Text 3 on Ubuntu 20.04 / Linux Mint 20?

Developing applications requires tools that can facilitate the process. In the web environment, Sublime Text is quite popular for being a very...

How to import or export Local Security Policy in Windows 10/Server 2019

Hello! Microsoft has increased the security of Windows systems with different measures. Indeed, these actions are focused on protecting data and services....

How to install Slack on Ubuntu 20.04?

Hi, folks. In this post you will learn how to install Slack on Ubuntu 20.04. Slack is an application...

How to create a registry backup in Windows Server 2019/2016

Hello! The registry is one of the essential elements within Windows Server. Additionally, the system has an editor to be able to...

How to update apps on Android

Hi folks! In this post, we will show you how to update your Android apps. Updating the apps on your device is...

In this article you will cover the installation of maltrail malicious traffic detection system on Linux. Maltrail uses the Traffic sensors in between the Servers and clients to detect the malicious URL’s or sources and monitor the traffic. So, let’s move towards the installation of Maltrail on Debian 10 Linux.

Step 1: Update Your System

Run the below command to update and upgrade your system.

sudo apt update && sudo apt upgrade

Step 2: Install Maltrail Sensors & Schedtool

As sensor will operate for tracking the traffic and monitor the malicious trails so install it by

sudo apt-get install schedtool

This tool will help you in improving your CPU scheduling.

And hit the following command in your terminal to get the following packages from Maltrail Github page.

sudo apt-get install git python-pcapy -y

Then clone the maltrail

git clone https://github.com/stamparm/maltrail.git

Now, switch to the maltrail directory

cd maltrail

Then run the below command to download the files.

sudo python sensor.py &

Step 3: Get Started with your Server

Server will provide the event happening informations & the back end support. Here I’m going to set up the Server and the sensor on the same machine. You can do this by typing

[[ -d maltrail ]] || git clone https://github.com/stamparm/maltrail.git
cd maltrail
python server.py &

Step 4: Access Maltrail Dashboard

Open your browser and visit http://ip:8338 to access the web dashboard of Maltrail.

By default the Username is admin
And the password is changeme!

So, provide these to login.

How To Install Maltrail Malicious Traffic Detection System on Linux

Step 4: Fine-tune Sensor & Server configuration

If you want to fine tune the Maltrail Server and the sensor settings then you can do so by configuring the maltrail.conf file.

This file can be located where you’ve cloned the package. So, simply go to that folder and search for the maltrail.conf file.

sudo nano /home/tech/maltrail/maltrail.conf

Here you can find the [Server] and [Sensor] categories inside the file so that you can edit them easily. In my case, I’m going to change the IP upon which Server is listening from (Default IP).

[Server]
Listen address of (reporting) HTTP server
HTTP_ADDRESS 104.37.24.109
HTTP_ADDRESS ::
HTTP_ADDRESS fe80::12c3:7bff:fe6d:cf9b%eno1
Listen port of (reporting) HTTP server
HTTP_PORT 8338
Use SSL/TLS
USE_SSL false
SSL/TLS (private/cert) PEM file (e.g. openssl req -new -x509 -keyout server.pem -out server.pem -days 1023 -nodes)
SSL_PEM misc/server.pem
User entries (username:sha256(password):UID:filter_netmask(s))
Note(s): sha256(password) can be generated on Linux with: echo -n 'password' | sha256sum | cut -d " " -f 1
UID >= 1000 have only rights to display results (Note: this moment only functionality implemented at the client side)
filter_netmask(s) is/are used to filter results
USERS
admin:9ab3cd9d67bf49d01f6a2e33d0bd9bc804ddbe6ce1ff5d219c42624851db5dbc:0: # changeme!
#local:9ab3cd9d67bf49d01f6a2e33d0bd9bc804ddbe6ce1ff5d219c42624851db5dbc:1000:192.168.0.0/16 # changeme!

Now if you wish to change the Default credentials, simply search for the “USERS” section and you will see the admin details. Here you can change the pass by running the below command.

Note: Add the (:0) parameters at the end of the password.

echo -n 'StrongPassword' | sha256sum | cut -d " " -f 1
05a181f00c157f70413d33701778a6ee7d2747ac18b9c0fbb8bd71a62dd7a223
The string produced represents StrongPassword as the password

Now, again open the above file & edit it to set up the new credentials you’ve applied.

[Server]
Listen address of (reporting) HTTP server
HTTP_ADDRESS 104.37.24.109
HTTP_ADDRESS ::
HTTP_ADDRESS fe80::12c3:7bff:fe6d:cf9b%eno1
Listen port of (reporting) HTTP server
HTTP_PORT 8338
Use SSL/TLS
USE_SSL false
SSL/TLS (private/cert) PEM file (e.g. openssl req -new -x509 -keyout server.pem -out server.pem -days 1023 -nodes)
SSL_PEM misc/server.pem
User entries (username:sha256(password):UID:filter_netmask(s))
Note(s): sha256(password) can be generated on Linux with: echo -n 'password' | sha256sum | cut -d " " -f 1
UID >= 1000 have only rights to display results (Note: this moment only functionality implemented at the client side)
filter_netmask(s) is/are used to filter results
filter_netmask(s) is/are used to filter results
USERS
admin:9ab3cd9d67bf49d01f6a2e33d0bd9bc804ddbe6ce1ff5d219c42624851db5dbc:0: # changeme!
local:9ab3cd9d67bf49d01f6a2e33d0bd9bc804ddbe6ce1ff5d219c42624851db5dbc:1000:192.168.0.0/16 # changeme!
Admin:05a181f00c157f70413d33701778a6ee7d2747ac18b9c0fbb8bd71a62dd7a223:0: ## New credentials

Then exit and restart the Maltrail.

cd /home/tech/maltrail
pkill -f server.py
python server.py &

Step 5: Testing the Maltrail

Run the below command to verify the testing of Maltrail.

ping -c 1 136.161.101.53
cat /var/log/maltrail/$(date +"%Y-%m-%d").log

For DNS traffic, simply run the below command

nslookup morphed.ru
cat /var/log/maltrail/$(date +"%Y-%m-%d").log

Further, if you want to look up over the requests just refresh the page and you’ll get results like this.

So, this is how you can install Maltrail Traffic Detection System on Linux.

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

How to install Sublime Text 3 on Ubuntu 20.04 / Linux Mint 20?

Developing applications requires tools that can facilitate the process. In the web environment, Sublime Text is quite popular for being a very...

How to import or export Local Security Policy in Windows 10/Server 2019

Hello! Microsoft has increased the security of Windows systems with different measures. Indeed, these actions are focused on protecting data and services....

How to install Slack on Ubuntu 20.04?

Hi, folks. In this post you will learn how to install Slack on Ubuntu 20.04. Slack is an application...

How to create a registry backup in Windows Server 2019/2016

Hello! The registry is one of the essential elements within Windows Server. Additionally, the system has an editor to be able to...

How to update apps on Android

Hi folks! In this post, we will show you how to update your Android apps. Updating the apps on your device is...
x