Sentinel-host is an EDR style, local, open-source security agent for linux systems. we are only at our first commit. its pretty solid.
this will only log the malicious traffic but not stop it. we need to test unsafe mode further and develop it further as not safe mode can destroy networking. I do not take accountability for your incompetence with this tool. You are responsable for any damages done. USE SAFE MODE.
sudo apt update
sudo apt install -y golang iptables libnetfilter-queue-dev
git clone https://github.com/wet-cat/Sentinel-host.git
cd Sentinel-host
go mod tidy
go build -o sentinel ./cmd/sentinel
// set rules
sudo ./scripts/setup_iptables.sh
// if you want to remove these rules. do this
sudo iptables -D INPUT -j NFQUEUE --queue-num 0
sudo iptables -D OUTPUT -j NFQUEUE --queue-num 0
sudo ./sentinel -safe=true
to close it do this:
press ctrl + c then run:
sudo iptables -D INPUT -j NFQUEUE --queue-num 0
sudo iptables -D OUTPUT -j NFQUEUE --queue-num 0
- early detection of commodity malware and abuse
- behavioural detection
This logs malicious traffic from skids and hackers. its not going to stop full government survailence but it works for logging some black hats.
This project is licensed under the MIT License.
See the LICENSE file for details.
wet-cat(me) Open for more!
- make unsafe mode work without potential damages.
- block malicious ip's successfully without networking damages.