Posts Tagged ‘debian’

GNU Binutils – strings

By Mark Davidson on May 28th, 2010

A really quick post this time to just take note of the strings tool which is part of the Binutils collection of binary tools

The strings tool allows you to print all printable characters in a given file or files. This can be very useful for a number of different tasks from extracting metadata from a file to retrieving a certain level of information from unknown executables such as what URLs it has contained within it.

Read & Comment ›››

Installing & Configuring fail2ban Ubuntu 9.04

By Mark Davidson on February 7th, 2010

Fail2Ban’s primary function is to block selected IP addresses that may belong to hosts that are trying to breach the system’s security. It determines the hosts to be blocked by monitoring log files (usually /var/log/auth.log) and bans any host IP that makes too many login attempts or performs any other unwanted action within a time frame defined by the administrator. In most cases people use it to limit the number of login attempts that are allowed against SSH within a period of time, this can make it very difficult for an attacker to brute for a login.

The process for installing fail2ban under Ubuntu is to

sudo apt-get install fail2ban
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/fail.local
sudo /etc/init.d/fail2ban restart

after these initial steps have been completed if your running not running Ubuntu 9.04 you can skip the next section, unless your seeing Unexpected communication errors in the /var/log/fail2ban.log file.

These errors occur due to Ubuntu 9.04 running  Python 2.6 by default so some modifications are neeed

sudo apt-get update
sudo apt-get upgrade
sudo apt-get install python2.5
sudo vim /usr/bin/fail2ban-server

Change the first line from

#!/usr/bin/python

to

#!/usr/bin/python2.5

Once completed restart fail2ban and the communication errors should no longer occur

sudo /etc/init.d/fail2ban restart

Now that fail2ban is installed and working the next step is to configure it for your needs the following is an example /etc/fail2ban/jail.local file which has been configured for protecting SSH. Settings in jail.local will override the ones in jail.conf this is an example where all of the jails have been removed except the one for SSH.

# Fail2Ban local configuration file.

[DEFAULT]

ignoreip = 127.0.0.1 111.111.111.111 # Here you want to ignore IP's such as the IP of the Server its self, your IP and any other IPs that its important are not locked out.
bantime  = 600 # Default ban time for all jails of 10 minutes
maxretry = 3 

destemail = [email protected] # Email of where alerts should be sent to

banaction = iptables-multiport # Ban action

mta = ssmtp # MTA to be used im using ssmtp in the case but you could be using sendmail

[ssh] # This rule monitors ssh login attempts recorded in the /var/log/auth.log file and blocks the user after 3 attempts with the default bantime of 10 minutes

enabled = true
port    = ssh
filter  = sshd
action   = iptables[name=SSH, port=ssh, protocol=tcp]
 sendmail-whois[name=SSH, [email protected], [email protected]]
logpath  = /var/log/auth.log
maxretry = 3

Screen – Like Ubuntu on any Linux distro

By Mark Davidson on February 6th, 2010

Just a real quick post about screen if you’ve ever used Ubuntu screen you might find its a bit nicer than the standard screen you find on other Linux distros. There is a brief intro here Ubuntu brings advanced Screen features to the masses, now if you’ve ever wondered how to get the same sort of setup on distros such as Debian and Gentoo here is the very simple process.

  1. Login to your server and change into you home directory.
  2. wget http://people.ubuntu.com/~kirkland/byobu/byobu.tar.gz
  3. tar -xzvf byobu.tar.gz (be warned this will overwrite your current .screenrc)
  4. Thats it fire up screen and you should be up and running.

Its worth noting that you can tweak what different status updates appear at the bottom of the screen session by modifiying ~/.byobu/status its just a case of uncommenting or commenting out the ones you want to use, then restarting the screen session for the changes to take affect. Gentoo in particular seemed to work well and supported almost all the options.