13 Search results

For the term "iptables".

fail2ban.actions.action: ERROR iptables -D

fail2ban.actions.action: ERROR iptables -D INPUT -p tcp -m multiport –dports http,https -j fail2ban-apache-xxxxxxxxxxxxxxxxxxx iptables -F fail2ban-apache-xxxxxxxxxxxxxxxxxxx iptables -X fail2ban-apache-xxxxxxxxxxxxxxxxxxx returned 200 iptables only allows rules of up to 30 characters Shorten the name of the conf file solves the error

Block All Traffic to Your New Remote Server

I block all traffic to a new server while I setup users and environment using Netfilter AKA iptables. Nothing else gets in or out of the box but me. This requires 2 scripts actually. One to close the machine to all other IPs but mine, and one to “unblock”. You need to unblock while installing other software, re. LAMP, when...

Netfilter (iptables) Tips & Tricks

Netfilter (aka iptables) is how you stop any intrusions. As an example, PSAD can recognize attack patterns, but it is Netfilter that is then used to stop any communcations from getting a response. In otherwords, Netfilter can be told to ignore incoming requests; essentially making the server unreachable.

Harden Debian 7 Server with PSAD

Install Port Scan Attack Detector on Debian 7 Server sudo apt-get install psad sudo vi /etc/psad/psad.conf change these lines EMAIL_ADDRESSES me@seleads.com; HOSTNAME my.seleads.com; HOME_NET NOT_USED; ALERTING_METHODS noemail; IPT_SYSLOG_FILE /var/log/syslog; EMAIL_LIMIT_STATUS_MSG N; ENABLE_AUTO_IDS Y; AUTO_IDS_DANGER_LEVEL 2; AUTO_BLOCK_TIMEOUT 2592000; ENABLE_AUTO_IDS_EMAILS N; Restart psad psad -R psad –sig-update psad -H sudo vi /etc/cron.hourly/save-bad-ips #!/bin/sh PATH=/usr/share:/usr/sbin:/usr/bin:/sbin:/bin /sbin/iptables-save -c > /tmp/iptables-save.txt #echo “SELECT lockdown_IP FROM...

How To Block Traffic by Country using IPtables

http://www.linuxstall.com/block-country-iptables/ http://www.ipdeny.com/ipblocks/ http://www.ipdeny.com/ipblocks/data/countries/ #!/bin/bash # country codes ISO="cn it kr br ru tw af sa iq sy tr ua in jp id at ro pl bg vn hk ve th mx co ar ir cz ph eg pk" # set path IPT=/sbin/iptables WGET=/usr/bin/wget EGREP=/bin/egrep $IPT-save -c > /home/iptables/iptables_bak_$(/bin/date +\%Y\%m\%d\%H\%M\%S).txt SPAMLIST="countrydrop" ZONEROOT="/root/iptables" DLROOT="http://www.ipdeny.com/ipblocks/data/countries" cleanOldRules(){ $IPT -F $IPT -X $IPT -t nat...

Tunnel MySQL Over SSH

Assuming On a “remote.com” server that we will connect to from our LocalMachine 1) MySQL database named “database” 2) MySQL database is running on remote server “remote.com” 3) MySQL is running and listening on (standard) localhost:port “127.0.0.1:3306” 4) MySQL username “mysql_user_name” 5) MySQL password “mysql_password” 6) SSH must be listening on port 9999 7) SSH AllowUsers “ssh_user_name” 8) SSH password...

How To Harden Debian Server

Its not enough to harden just Debain. Its necessary to harden the rest of Apache-MySQL-PHP as well. Harden MYSQL sudo mysql_secure_installation answer Yes to all questions (but no need to change password) Disabling SSH root login and settings sudo vi /etc/ssh/sshd_config change PermitRootLogin yes to PermitRootLogin no LoginGraceTime 120 to LoginGraceTime 30 add line AllowUsers username username username Consider disabling...

Fail2ban Mysql Database to Manage Persistent Bans

Step 1 Create Database and Tables in MySQL Add a “source” field for the server name if you want to use a remote database setup (and add it to the UNIQUE KEY). The UNIQUE KEY prevents duplicates of course. But this means you can refresh the perl script without handling duplicates there which would complicate things considerably. CREATE TABLE iptable...

[Webmaster Tools] http://www.example.com/: Googlebot can’t access your site

I am posting this unsolved mystery – as an ongoing problem – instead of posting to a forum. Comment if you like. I’l update when I find the solution. I get the typical message from Google [Webmaster Tools] http://www.example.com/: Googlebot can’t access your site. I run LAMP servers with Netfilter (iptables) with PSAD and Fail2ban. I check iptables for any...

Harden Ubuntu Server 12.04 LTS

Its not enough to harden just Ubuntu. Its necessary to harden the rest of LAMP as well. So here is how I do it. Harden MYSQL sudo mysql_secure_installation answer Yes to all questions (but no need to change password) Harden PHP – and tune performance sudo apt-get install php5-suhosin sudo vi /etc/php5/apache2/php.ini uncomment this code or update setting max_execution_time =...

Fail2ban Apache2 Access Log Regex Fails

Changing banaction to ROUTE worked, while IPTABLES-ALLPORTS failed with error No Host Found 2014-09-26 10:55:24,662 fail2ban.filter : ERROR No ‘host’ found in ‘113.71.191.49 – – [ +0000] “GET /phpMyAdmin/scripts/setup.php HTTP/1.1” 500 833 “-” “-” ‘ using ‘‘ [apache-phpmyadmin-access] enabled = true #banaction = iptables-allports banaction = route port = http,https filter = apache-phpmyadmin-access logpath = /var/log/apache2/access.log maxretry = 0 #...

Setup Fail2ban for Debian and Ubuntu

My Notes Only taken from various sources. There are other much more complete guides for Fail2ban available. Install Fail2ban sudo apt-get install fail2ban filter definitions located in /etc/fail2ban/filter.d action definitions located in /etc/fail2ban/action.d The following is a minimal setup. Configure Fail2ban sudo vi /etc/fail2ban/jail.conf Configuration for jail.conf destemail = you@example.com # Email of where alerts should be sent to ignoreip...

Netfilter iptables Log Message Codes

IN = Input interface OUT = Output interface MAC = Ethernet hardware address (aka MAC address) SRC = Source IP address DST = Destination IP address LEN = Packet length TOS = Type of Service (for packet prioritization) PREC = Precedent bits TTL = Time to Live ID = Packet identifier PROTO = Protocol (eg. TCP, UDP) SPT = Source...