Linux Certif

Toute la documentation sur la certification Linux LPI

hlbr

NAME

HLBR - Hogwash Light BR, an layer 2 network IPS

SYNOPSIS

hlbr -c config-file -r rules-file [-l logs-directory ] [-tndv]

DESCRIPTION

HLBR is an IPS (Intrusion Prevention System) that can filter packets directly in the layer 2 of the OSI model (so the machine doesn't need even an IP address). Detection of malicious/anomalous traffic is done by rules based in signatures, and the user can add more rules. It is an efficient and versatile IPS, and it can even be used as bridge to honeypots and honeynets. Since it doesn't make use of the operating system's TCP/IP stack, it can be "invisible" to network access and attackers.

HLBR is based in Jason Larsen's Hogwash, available at http://hogwash.sf.net

OPTIONS

The options described here must be specified at the command line:

-t

Parse rules and exit.

-n

Process n packets and exit.

-d

Enter Daemon Mode (Background Execution).

-v

Print version and exit.

FILES

/etc/hlbr/hlbr.conf

default configuration file.

/etc/hlbr/hlbr.rules

default rules file.

/etc/hlbr/empty.rules

empty rules file (for testing purposes).

AVAILABILITY

The latest version of this program can be found at:

http://sourceforge.net/projects/hlbr

LICENSE

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

HLBR RULES

To make or adjust HLBR rules, please see the README file (in Debian it can be found into /usr/share/doc/hlbr/ ). You can use HLBRW to help you to make new rules.

SEE ALSO

hlbrw(1), tcpdump(8)

AUTHORS

Andre Bertelli Araujo (arkanoid) <bertelli.andre@gmail.com> (project leader)
Joao Eriberto Mota Filho (eriberto) <eriberto@eriberto.pro.br> (project leader)
Pedro Arthur P. R. Duarte (pedroarthur) <pedroarthur.jedi@gmail.com>

TEAM

Please see: http://hlbr.sourceforge.net/corner.html