I use a combination of Fail2Ban and Denyhosts on my servers(Please look at the Denyhosts post if you want to know why).
It's pretty straight forward with:
apt-get install fail2ban
Edit the jail.conf with:
nano /etc/fail2ban/jail.conf
I like to receive emails and snippets of the logfile. So I use:
action = %(action_mwl)s
and in the /etc/fail2ban/action.d/sendmail.conf just alter the dest = root line to whatever mail you want. Just make sure that the sender = address actually exists or they might get dumped to the spam folder.
The Debian Linux Experience - Howtos, guides and tweaks
My experience as I used Debian Linux to provide and expand services for my clients.
Wednesday, March 22, 2017
Guide for installing proxmox on Debian Jessie
Here is a great guide on installing Proxmox on a Debian Server.
https://pve.proxmox.com/wiki/Install_Proxmox_VE_on_Debian_Jessie
https://pve.proxmox.com/wiki/Install_Proxmox_VE_on_Debian_Jessie
Sunday, March 20, 2016
Beginner Guide to LVM
LVM allows you to resize and combine partitions, etc. This is especially great when you environment is virtualized and you don't have physical access to the machine. You can't exactly easily boot your favorite linux disto on a VM to resize your existing partitions.
Great guide to LVM
https://www.howtoforge.com/linux_lvm
Great guide to LVM
https://www.howtoforge.com/linux_lvm
Fix Locale Errors
Running this will fix locale errors:
export LANG=en_US.UTF-8
export LANGUAGE=en_US.UTF-8
export LC_CTYPE="en_US.UTF-8"
export LC_NUMERIC="en_US.UTF-8"
export LC_TIME="en_US.UTF-8"
export LC_COLLATE="en_US.UTF-8"
export LC_MONETARY="en_US.UTF-8"
export LC_MESSAGES="en_US.UTF-8"
export LC_PAPER="en_US.UTF-8"
export LC_NAME="en_US.UTF-8"
export LC_ADDRESS="en_US.UTF-8"
export LC_TELEPHONE="en_US.UTF-8"
export LC_MEASUREMENT="en_US.UTF-8"
export LC_IDENTIFICATION="en_US.UTF-8"
export LC_ALL=en_US.UTF-8
dpkg-reconfigure locales
To make the change permanent, I ran
update-locale LC_CTYPE=en_US.UTF-8
which writes to /etc/default/locale.
If you use bash as your shell, you can put these lines in your~/.bashrc
and~/.profile
Friday, June 19, 2015
mod_bw vs mod_bwshare vs mod_cband
I know there is a lot of confusion over what to use and how to use it. This is what I've been able to gather from lightly looking over the documentation:
mod_bw: Will limit every user to a specific amount of bandwidth or limit the amount fo bandwidth per file type or file size.
Once you've "apt-get install libapache2-mod-bw" and restarted apache2, you can enter one of the configurations below in the custom directives for each subdomain:
Limit every user to a max of 10Kb/s on a vhost:
<IfModule mod_bw.c>
BandwidthModule On
ForceBandWidthModule On
Bandwidth all 10240
MinBandwidth all -1
</IfModule>
Limit al internal users to 1000 kb/s with a minimum of 50kb/s , and
files greater than 500kb to 50kb/s.
<IfModule mod_bw.c>
BandwidthModule On
ForceBandWidthModule On
Bandwidth all 1024000
MinBandwidth all 50000
LargeFileLimit * 500 50000
</IfModule>
Limit avi and mpg extensions to 20kb/s.
<IfModule mod_bw.c>
BandwidthModule On
ForceBandWidthModule On
LargeFileLimit .avi 1 20000
LargeFileLimit .mpg 1 20000
</IfModule>
mod_bwshare: Will limit how much bandwidth can be consumed with in a specified amount of time per IP from a specific directory or the whole site.
Once you've "apt-get install libapache2-mod-bwshare" and restarted apache2, you can enter one of the configuration below in the custom directives for each subdomain:
<IfModule mod_bwshare.c>
BW_tx1debt_max 25
BW_tx1cred_rate 0.095
BW_tx2debt_max 3000000
BW_tx2cred_rate 2500
</IfModule>
* I won't attempt to explain these parameters here, but you can find explanations here: http://www.topology.org/src/bwshare/README.html#config
mod_cband: Will limit users’ and virtualhosts’ bandwidth usage. The current versions can set virtualhosts’ and users’ bandwidth quotas, maximal download speed (like in mod_bandwidth), requests-per-second speed and the maximal number of simultaneous IP connections (like in mod_limitipconn)limit how much bandwidth can be consumed with in a specified amount of time from a specific directory or the whole site.
Once you've "apt-get install libapache2-mod-cband", and restarted apache2, you can enter one of the configurations below in the custom directives for each subdomain:
limit to 256k per user, 3 requests per second, 3 open connections and if they exceed they go down to 128k until they stop clicking on links for a few seconds:
<IfModule mod_cband.c>
CBandRemoteSpeed 256Kbps 3 3
CBandExceededSpeed 128kbps 2 3
</IfModule>
More examples here: http://dembol.org/blog/mod_cband/faq/
mod_bw: Will limit every user to a specific amount of bandwidth or limit the amount fo bandwidth per file type or file size.
Once you've "apt-get install libapache2-mod-bw" and restarted apache2, you can enter one of the configurations below in the custom directives for each subdomain:
Limit every user to a max of 10Kb/s on a vhost:
<IfModule mod_bw.c>
BandwidthModule On
ForceBandWidthModule On
Bandwidth all 10240
MinBandwidth all -1
</IfModule>
Limit al internal users to 1000 kb/s with a minimum of 50kb/s , and
files greater than 500kb to 50kb/s.
<IfModule mod_bw.c>
BandwidthModule On
ForceBandWidthModule On
Bandwidth all 1024000
MinBandwidth all 50000
LargeFileLimit * 500 50000
</IfModule>
Limit avi and mpg extensions to 20kb/s.
<IfModule mod_bw.c>
BandwidthModule On
ForceBandWidthModule On
LargeFileLimit .avi 1 20000
LargeFileLimit .mpg 1 20000
</IfModule>
mod_bwshare: Will limit how much bandwidth can be consumed with in a specified amount of time per IP from a specific directory or the whole site.
Once you've "apt-get install libapache2-mod-bwshare" and restarted apache2, you can enter one of the configuration below in the custom directives for each subdomain:
<IfModule mod_bwshare.c>
BW_tx1debt_max 25
BW_tx1cred_rate 0.095
BW_tx2debt_max 3000000
BW_tx2cred_rate 2500
</IfModule>
* I won't attempt to explain these parameters here, but you can find explanations here: http://www.topology.org/src/bwshare/README.html#config
mod_cband: Will limit users’ and virtualhosts’ bandwidth usage. The current versions can set virtualhosts’ and users’ bandwidth quotas, maximal download speed (like in mod_bandwidth), requests-per-second speed and the maximal number of simultaneous IP connections (like in mod_limitipconn)limit how much bandwidth can be consumed with in a specified amount of time from a specific directory or the whole site.
Once you've "apt-get install libapache2-mod-cband", and restarted apache2, you can enter one of the configurations below in the custom directives for each subdomain:
limit to 256k per user, 3 requests per second, 3 open connections and if they exceed they go down to 128k until they stop clicking on links for a few seconds:
<IfModule mod_cband.c>
CBandRemoteSpeed 256Kbps 3 3
CBandExceededSpeed 128kbps 2 3
</IfModule>
More examples here: http://dembol.org/blog/mod_cband/faq/
Wednesday, May 27, 2015
How to get all your mail going out of one IP address with POSTFIX
If you have multiple IPs (ETH0,ETH0:0, etc) running on a server with Postfix, chances are you are going to run into the problem of Postfix not using the mail IP that has the matching MX record to send mail.
When this happens most of the mail servers will label your mail as SPAM and/or reject it.
You can force Postfix to use the main servers IP address by adding the following lines to your /etc/postfix/main.cf:
smtp_bind_address = 1.1.1.1
*You would replace 1.1.1.1 with the main IP of your own server.
Restart Postfix with /etc/init.d/postfix restart
This might cause your mail to backup on the server if your have other services that might need a configuration tweak to continue working correctly, check your mail queue with this:
postqueue -p
If you see mail backing up in that queue for failed connections to 127.0.0.1, then you might have to start making some tweaks. If not, then you should be OK.
If you have AMAVIS running on the server then you might need to make this tweak for AMAVIS to properly work. Create the file /etc/amavis/conf.d/60-custom. Add the following line:
@inet_acl = qw( 127.0.0.1 [::1] 1.1.1.1 );
Restart AMAVIS with /etc/init.d/amavis restart
Now check the Postfix queue with postqueue -p again. If there is any mail still there try flushing it out with postqueue -f. The recheck it after a couple of seconds with postqueue -p again. It should be all gone now.
When this happens most of the mail servers will label your mail as SPAM and/or reject it.
You can force Postfix to use the main servers IP address by adding the following lines to your /etc/postfix/main.cf:
smtp_bind_address = 1.1.1.1
*You would replace 1.1.1.1 with the main IP of your own server.
Restart Postfix with /etc/init.d/postfix restart
This might cause your mail to backup on the server if your have other services that might need a configuration tweak to continue working correctly, check your mail queue with this:
postqueue -p
If you see mail backing up in that queue for failed connections to 127.0.0.1, then you might have to start making some tweaks. If not, then you should be OK.
If you have AMAVIS running on the server then you might need to make this tweak for AMAVIS to properly work. Create the file /etc/amavis/conf.d/60-custom. Add the following line:
@inet_acl = qw( 127.0.0.1 [::1] 1.1.1.1 );
Restart AMAVIS with /etc/init.d/amavis restart
Now check the Postfix queue with postqueue -p again. If there is any mail still there try flushing it out with postqueue -f. The recheck it after a couple of seconds with postqueue -p again. It should be all gone now.
Thursday, May 14, 2015
Keeping the Botters, China and miscreants away.
On a daily basis I troll my FAIL2BAN mail folder to see who is "ding-dong diving", "n*gger knocking" or what-ever the term of the day is.
My Fail2Ban is setup to send me mail every-time it bans an IP. Repeat offenders get the firewall treatment. I run a filter to move the to a separate folder of the same name.
I end up using IP tables to block the repeat offenders. They are just wasting your precious resources.
This is what I use so far:
iptables -I INPUT -m iprange --src-range 107.160.0.0-107.160.255.255 -j DROP
iptables -I INPUT -m iprange --src-range 111.72.0.0-111.79.255.255 -j DROP
iptables -I INPUT -m iprange --src-range 114.96.0.0-114.103.255.255 -j DROP
iptables -I INPUT -m iprange --src-range 120.192.0.0-120.255.255.255 -j DROP
iptables -I INPUT -m iprange --src-range 121.254.128.0-121.254.255.255 -j DROP
iptables -I INPUT -m iprange --src-range 163.177.0.0-163.177.255.255 -j DROP
iptables -I INPUT -m iprange --src-range 183.0.0.0-183.63.255.255 -j DROP
iptables -I INPUT -m iprange --src-range 185.60.229.0-185.60.229.255 -j DROP
iptables -I INPUT -m iprange --src-range 187.1.16.0-187.1.31.255 -j DROP
iptables -I INPUT -m iprange --src-range 189.213.72.1-189.213.79.254 -j DROP
iptables -I INPUT -m iprange --src-range 194.63.142.0-194.63.142.255 -j DROP
iptables -I INPUT -m iprange --src-range 219.234.174.0-219.234.174.191 -j DROP
iptables -I INPUT -m iprange --src-range 222.184.0.0-222.191.255.255 -j DROP
iptables -I INPUT -m iprange --src-range 27.255.64.0-27.255.95.255 -j DROP
iptables -I INPUT -m iprange --src-range 59.99.0.0-59.99.255.255 -j DROP
iptables -I INPUT -m iprange --src-range 60.166.0.0-60.175.255.255 -j DROP
iptables -I INPUT -m iprange --src-range 61.176.0.0-61.176.255.255 -j DROP
iptables -I INPUT -m iprange --src-range 80.82.64.0-80.82.79.255 -j DROP
iptables -I INPUT -m iprange --src-range 81.17.88.0-81.17.95.255 -j DROP
iptables -I INPUT -m iprange --src-range 89.248.174.0-89.248.174.127 -j DROP
iptables -I INPUT -m iprange --src-range 93.174.88.0-93.174.95.255 -j DROP
iptables -I INPUT -m iprange --src-range 192.99.0.0-192.99.255.255 -j DROP
iptables -I INPUT -m iprange --src-range 122.228.228.0-122.228.228.15 -j DROP
This has reduced my Fail2Ban folder from 45+ emails a day to 10 at most.
I still get the occasional flurry, but you firewall the IP range and your done.
I can handle sending out 10 abuse mail forwards a day.
My Fail2Ban is setup to send me mail every-time it bans an IP. Repeat offenders get the firewall treatment. I run a filter to move the to a separate folder of the same name.
I end up using IP tables to block the repeat offenders. They are just wasting your precious resources.
This is what I use so far:
iptables -I INPUT -m iprange --src-range 107.160.0.0-107.160.255.255 -j DROP
iptables -I INPUT -m iprange --src-range 111.72.0.0-111.79.255.255 -j DROP
iptables -I INPUT -m iprange --src-range 114.96.0.0-114.103.255.255 -j DROP
iptables -I INPUT -m iprange --src-range 120.192.0.0-120.255.255.255 -j DROP
iptables -I INPUT -m iprange --src-range 121.254.128.0-121.254.255.255 -j DROP
iptables -I INPUT -m iprange --src-range 163.177.0.0-163.177.255.255 -j DROP
iptables -I INPUT -m iprange --src-range 183.0.0.0-183.63.255.255 -j DROP
iptables -I INPUT -m iprange --src-range 185.60.229.0-185.60.229.255 -j DROP
iptables -I INPUT -m iprange --src-range 187.1.16.0-187.1.31.255 -j DROP
iptables -I INPUT -m iprange --src-range 189.213.72.1-189.213.79.254 -j DROP
iptables -I INPUT -m iprange --src-range 194.63.142.0-194.63.142.255 -j DROP
iptables -I INPUT -m iprange --src-range 219.234.174.0-219.234.174.191 -j DROP
iptables -I INPUT -m iprange --src-range 222.184.0.0-222.191.255.255 -j DROP
iptables -I INPUT -m iprange --src-range 27.255.64.0-27.255.95.255 -j DROP
iptables -I INPUT -m iprange --src-range 59.99.0.0-59.99.255.255 -j DROP
iptables -I INPUT -m iprange --src-range 60.166.0.0-60.175.255.255 -j DROP
iptables -I INPUT -m iprange --src-range 61.176.0.0-61.176.255.255 -j DROP
iptables -I INPUT -m iprange --src-range 80.82.64.0-80.82.79.255 -j DROP
iptables -I INPUT -m iprange --src-range 81.17.88.0-81.17.95.255 -j DROP
iptables -I INPUT -m iprange --src-range 89.248.174.0-89.248.174.127 -j DROP
iptables -I INPUT -m iprange --src-range 93.174.88.0-93.174.95.255 -j DROP
iptables -I INPUT -m iprange --src-range 192.99.0.0-192.99.255.255 -j DROP
iptables -I INPUT -m iprange --src-range 122.228.228.0-122.228.228.15 -j DROP
This has reduced my Fail2Ban folder from 45+ emails a day to 10 at most.
I still get the occasional flurry, but you firewall the IP range and your done.
I can handle sending out 10 abuse mail forwards a day.
Subscribe to:
Posts (Atom)