Ipset from source¶
BitNinja has one major system component dependency for efficient operation: the ipset Linux module. This module is shipped with all the latest versions of major Linux distributions (like CentOs 6+, Debian 6+, Ubuntu 10+), but some older distros may be missing it. In the next section you can find detailed information on how to install ipset onto your Linux server in case your Linux distro does not ship it.
IPsets are a framework inside the Linux kernel which can be administered by the ipset utility. Depending on the type, an IPset may store IP addresses, networks, (TCP/UDP) port numbers, MAC addresses, interface names, or combinations of them in a way which ensures lightning speed when matching an entry against a set.
In most cases, your Linux distribution will provide you the version of ipset needed for BitNinja. In the case of older Linuxes (like some CentOs 5 and CloudLinux 5 boxes) or in case of a custom kernel you need to compile an ipset for your kernel and the ipset binary to allow BitNinja good performance and avoid using the simulated ipset mode.
Here are the instructions needed to compile ipset:
- Install the kernel source
yum install kernel-devel
- Download ipset source
- Uncompress it
tar jxf ipset-4.5.tar.bz2 # (You can find the rest in the README file too)
make KERNEL_DIR=/usr/src/kernels/2.6.18-502.el5.lve0.8.85-x86_64/ install
5. If the kernel source is not exactly the same (this is the case with CloudLinux) you can copy the kernel module from /lib/modules/[original_kernel_version]/kernel/extra to the the same directory of the actual kernel. The module is called ip_set.ko
- Build kernel module dependencies
- Load ipset module
And for the ipset binary
1., Compile the binary
make KERNEL_DIR=/usr/src/kernels/2.6.18-502.el5.lve0.8.85-x86_64/ binaries
2., Install it
make KERNEL_DIR=/usr/src/kernels/2.6.18-502.el5.lve0.8.85-x86_64/ binaries_install
That’s it. Ipset should work now.
To test ipset functionality, these commands must run without any error:
ipset --version ipset -N test ipset -N test iphash ipset -A test 220.127.116.11 ipset -L test ipset -X test