6 Search results

For the term "psad".

Harden Debian 7 Server with PSAD

Install Port Scan Attack Detector on Debian 7 Server sudo apt-get install psad sudo vi /etc/psad/psad.conf change these lines EMAIL_ADDRESSES me@seleads.com; HOSTNAME my.seleads.com; HOME_NET NOT_USED; ALERTING_METHODS noemail; IPT_SYSLOG_FILE /var/log/syslog; EMAIL_LIMIT_STATUS_MSG N; ENABLE_AUTO_IDS Y; AUTO_IDS_DANGER_LEVEL 2; AUTO_BLOCK_TIMEOUT 2592000; ENABLE_AUTO_IDS_EMAILS N; Restart psad psad -R psad –sig-update psad -H sudo vi /etc/cron.hourly/save-bad-ips #!/bin/sh PATH=/usr/share:/usr/sbin:/usr/bin:/sbin:/bin /sbin/iptables-save -c > /tmp/iptables-save.txt #echo “SELECT lockdown_IP FROM...

Debian 9 Stretch Apache 2.4 MariaDB 10.1.26 PHP 7.0

Installation notes for Debian 9 Apache 2.4 MariaDB 10.1.26 PHP 7.0 differ somewhat from prior LAMP installations. Also included here are notes on PSAD and Fail2ban. PSAD requires netstat which is no longer included in Debian 9 apt-get install net-tools apt-get install apache2 apt-get install software-properties-common apt-get install mariadb-server sudo /usr/bin/mysql_secure_installation sudo mysql -v

Netfilter (iptables) Tips & Tricks

Netfilter (aka iptables) is how you stop any intrusions. As an example, PSAD can recognize attack patterns, but it is Netfilter that is then used to stop any communcations from getting a response. In otherwords, Netfilter can be told to ignore incoming requests; essentially making the server unreachable.

How To Harden Debian Server

Its not enough to harden just Debain. Its necessary to harden the rest of Apache-MySQL-PHP as well. Harden MYSQL sudo mysql_secure_installation answer Yes to all questions (but no need to change password) Disabling SSH root login and settings sudo vi /etc/ssh/sshd_config change PermitRootLogin yes to PermitRootLogin no LoginGraceTime 120 to LoginGraceTime 30 add line AllowUsers username username username Consider disabling...

Fail2ban Mysql Database to Manage Persistent Bans

Step 1 Create Database and Tables in MySQL Add a “source” field for the server name if you want to use a remote database setup (and add it to the UNIQUE KEY). The UNIQUE KEY prevents duplicates of course. But this means you can refresh the perl script without handling duplicates there which would complicate things considerably. CREATE TABLE iptable...

[Webmaster Tools] http://www.example.com/: Googlebot can’t access your site

I am posting this unsolved mystery – as an ongoing problem – instead of posting to a forum. Comment if you like. I’l update when I find the solution. I get the typical message from Google [Webmaster Tools] http://www.example.com/: Googlebot can’t access your site. I run LAMP servers with Netfilter (iptables) with PSAD and Fail2ban. I check iptables for any...