Posts Tagged ‘ubuntu’

Installing & Configuring fail2ban Ubuntu 9.04

By Mark Davidson on February 7th, 2010

Fail2Ban’s primary function is to block selected IP addresses that may belong to hosts that are trying to breach the system’s security. It determines the hosts to be blocked by monitoring log files (usually /var/log/auth.log) and bans any host IP that makes too many login attempts or performs any other unwanted action within a time frame defined by the administrator. In most cases people use it to limit the number of login attempts that are allowed against SSH within a period of time, this can make it very difficult for an attacker to brute for a login.

The process for installing fail2ban under Ubuntu is to

sudo apt-get install fail2ban
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/fail.local
sudo /etc/init.d/fail2ban restart

after these initial steps have been completed if your running not running Ubuntu 9.04 you can skip the next section, unless your seeing Unexpected communication errors in the /var/log/fail2ban.log file.

These errors occur due to Ubuntu 9.04 running  Python 2.6 by default so some modifications are neeed

sudo apt-get update
sudo apt-get upgrade
sudo apt-get install python2.5
sudo vim /usr/bin/fail2ban-server

Change the first line from

#!/usr/bin/python

to

#!/usr/bin/python2.5

Once completed restart fail2ban and the communication errors should no longer occur

sudo /etc/init.d/fail2ban restart

Now that fail2ban is installed and working the next step is to configure it for your needs the following is an example /etc/fail2ban/jail.local file which has been configured for protecting SSH. Settings in jail.local will override the ones in jail.conf this is an example where all of the jails have been removed except the one for SSH.

# Fail2Ban local configuration file.

[DEFAULT]

ignoreip = 127.0.0.1 111.111.111.111 # Here you want to ignore IP's such as the IP of the Server its self, your IP and any other IPs that its important are not locked out.
bantime  = 600 # Default ban time for all jails of 10 minutes
maxretry = 3 

destemail = [email protected] # Email of where alerts should be sent to

banaction = iptables-multiport # Ban action

mta = ssmtp # MTA to be used im using ssmtp in the case but you could be using sendmail

[ssh] # This rule monitors ssh login attempts recorded in the /var/log/auth.log file and blocks the user after 3 attempts with the default bantime of 10 minutes

enabled = true
port    = ssh
filter  = sshd
action   = iptables[name=SSH, port=ssh, protocol=tcp]
 sendmail-whois[name=SSH, [email protected], [email protected]]
logpath  = /var/log/auth.log
maxretry = 3
Posted in
Tags

Screen – Like Ubuntu on any Linux distro

By Mark Davidson on February 6th, 2010

Just a real quick post about screen if you’ve ever used Ubuntu screen you might find its a bit nicer than the standard screen you find on other Linux distros. There is a brief intro here Ubuntu brings advanced Screen features to the masses, now if you’ve ever wondered how to get the same sort of setup on distros such as Debian and Gentoo here is the very simple process.

  1. Login to your server and change into you home directory.
  2. wget http://people.ubuntu.com/~kirkland/byobu/byobu.tar.gz
  3. tar -xzvf byobu.tar.gz (be warned this will overwrite your current .screenrc)
  4. Thats it fire up screen and you should be up and running.

Its worth noting that you can tweak what different status updates appear at the bottom of the screen session by modifiying ~/.byobu/status its just a case of uncommenting or commenting out the ones you want to use, then restarting the screen session for the changes to take affect. Gentoo in particular seemed to work well and supported almost all the options.

Posted in
Tags

Linux Find and Modification Time

By Mark Davidson on February 5th, 2010

Recently I needed to do some cleaning up of some temporary files on one of my web servers so I came up with this find command

find . -mtime +1 -type f -printf '%p %Ax\n'

this command will list files in the current directory that where last modified more than 24 hours ago, when printing out the file names it will also print out the date the file was last modified.

find . -mtime +1 -type f -printf '%AY-%Am-%Ad %AT %p\n' | sort

makes use of some more conditions within the printf and the sort command. By putting the date on the front of each entry which is printed out and using the sort command the files are printed in chronological order.

find . -mtime +0 -type f -print0 | xargs -0 du -csh

is the final example I will give this time which combines using find with xargs and du in order to find the disk usage of all the files that match the find condition.

Posted in
Tags
Older Entries Newer Entries