There may be situations where you may feel like you need to raise your firewall policies, take a look at which ports are open, how the processes are doing and even get Bleachbit ready to wipe out your RAM entirely.
And you need to do that quickly, instantly I would say. So you can buy time to raise a stronger defence.
That is what agua
does. Is a very simple script with only a built-in option.
#Normal use
agua
#Set IPTABLES back to normal
agua -x
Let's enumerate the commands that form the script:
IPTABLES
IPTABLES
are a powerful firewall management tool for Linux systems. The "drop policy" instructs the firewall to discard any incoming or outgoing packets, denying unwanted connections and potential threats.
#Remove previous rules
sudo iptables -F
#IPTABLES TO DROP
sudo iptables -P INPUT DROP
sudo iptables -P FORWARD DROP
sudo iptables -P OUTPUT DROP
When you use agua
, your system will remove any previous rules and apply a DROP
policy to every packet. This way you can stop all the traffic allowing you to have a better look.
You can use the -x
flag to set the policies back to ACCEPT
package to resume the normal network traffic when you feel it.
Socket Statistics
Or ss
allows you to monitor TCP, UDP, and UNIX sockets.
sudo ss -tuln
# -t --> Display TCP sockets
# -u --> Display UDP sockets
# -l --> Display only listening sockets
# -n --> Display numerical addreses (Don't resolve the hostnames or port names)
These are the options agua
is running. Being able to check your listening sockets after setting your IPTABLE
policies to drop should give you a good awareness of what is going on and which should be your next steps.
There may be times when there are still some ports listening, this may be due to some services or applications that need to receive incoming connections.
There is also the possibility that malicious software or an attacker has gained control of your system and is running services on open ports.
In those cases being able to identify those ports and check the processes associated with them will help you determine if they are legitimate or suspicious.
Bleachbit
Bleachbit has a really powerful feature that allows you to wipe the entire RAM from your computer, this can be extremely valuable when you are suffering an attack and want to disrupt whatever they are doing plus deleting sensible data that the attackers may retrieve from your RAM.
BleachBit can also remove temporary files, browser cache, cookies, and other sensitive data that might be used to track your online activities.
In addition to regular file deletion, BleachBit includes secure file deletion options that overwrite files with random data, making it more challenging for someone to recover deleted files.
This is why agua
will ask you to run it.
read -p "Crash? (yes/no): " choice
if [[ $choice == "yes" ]]; then
sudo bleachbit
Processes
After checking your network activity you may also want to have a look at the processes running on your computer to see if there is something that shouldn't be there
#real-time system monitoring
htop
#List all processes in tree format
ps -auxwf
htop
will help you to have a look at what is going on in your computer. Familiarizing with its multiple options will help you to be more effective in monitoring your system.
Also having all the processes listed in tree format will help you to spot unusual activity way easily.