The security of your network — and the traffic flowing back and forth — is crucial to keeping your data and the data of your customers and clients out of the hands of bad actors. To that end, there are several tools you can use. One such tool is the open-source Maltrail traffic detection system.
Maltrail offers a web-based interface and works with publicly-available blacklists, reports, and user-defined lists to help security admins discover unknown threats on your network. Maltrail is run from the command line but offers a user-friendly web-based interface.
I want to walk you through the installation of Maltrail on Ubuntu Server 22.04, so you can start monitoring for malicious traffic right away.
SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)
What you’ll need
To successfully install Maltrail, you’ll need an instance of Ubuntu Server 22.04 and a user with sudo privileges. That’s it, let’s get to work.
How to install Maltrail
1. Install dependencies
The first thing you must do is install the necessary dependencies. Log in to your Ubuntu Server instance and install the dependencies with the command:
sudo apt-get install python3 python-setuptools python3-pcapy git -y
2. Clone and change the Maltrail repository
Once the installation completes, you’ll then need to clone the required Maltrail repository with:
git clone https://github.com/stamparm/maltrail.git
After the repository has been cloned, change into the newly-created directory with:
cd maltrail
3. Start Maltrail
Start the Maltrail service with:
sudo python3 sensor.py
The above command downloads all of the necessary files for Maltrail, but it doesn’t actually start the server for the web-based interface. For that, SSH into the hosting server again (leaving the above command still running), change into the maltrail directory, and start the server with:
sudo python3 server.py
How to access the Maltrail web-based interface
1. Sign in to Maltrail
Open a web browser and point it to http://SERVER:8338 (where SERVER is the IP address of the server hosting Maltrail). You will be greeted by the Maltrail sign-in page, where the default credentials are admin/changeme!
.
2. Change the admin password
You’ll want to change the admin password. To do that, log into the hosting server yet again and issue the command:
echo -n 'PASSWORD' | sha256sum | cut -d " " -f 1
Where PASSWORD is a strong/unique password. Copy the output of that command and then open the configuration file with:
nano ~/mailtrail/maltrail.conf
3. Make a new user
In that configuration file, you’ll see the lines:
USERS
admin:RANDOM_STRING_OF_CHARACTERS #changeme!
Add a new entry under the USERS section that looks like this:
USERNAME:RANDOM:1000:0:0.0.0.0/0
Where USERNAME is the user used to create the random password and RANDOM is the random string of output when you created the random string above.
4. Save, close, restart Maltrail
Save and close the file and restart the Maltrail service and server by stopping them with the [Ctrl]+[c] keyboard combination and restarting both with the commands:
python3 sensor.py
python3 server.py
5. Log into Maltrail
You can now log into Maltrail with the new credentials you created. Once you’re on the Maltrail interface (Figure A), the service will take some time to locate and register any events.
Figure A
Congratulations, you now have a malicious traffic detection system running on your network. Once you start seeing malicious traffic appear, you can act on it before anything bad happens.
Subscribe to TechRepublic’s How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen.