17 Search results

For the term "iptables".

Fail2ban Mysql Database to Manage Persistent Bans

Step 1 Create Database and Tables in MySQL Add a “source” field for the server name if you want to use a remote database setup (and add it to the UNIQUE KEY).The UNIQUE KEY prevents duplicates of course. But this means you can refresh the perl script without handling duplicates there which would complicate things considerably. CREATE TABLE iptable (...

[Webmaster Tools] http://www.example.com/: Googlebot can’t access your site

I am posting this unsolved mystery – as an ongoing problem – instead of posting to a forum. Comment if you like. I’l update when I find the solution. I get the typical message from Google [Webmaster Tools] http://www.example.com/: Googlebot can’t access your site. I run LAMP servers with Netfilter (iptables) with PSAD and Fail2ban. I check iptables for any...

Harden Ubuntu Server 12.04 LTS

Its not enough to harden just Ubuntu. Its necessary to harden the rest of LAMP as well. So here is how I do it. Harden MYSQL sudo mysql_secure_installation answer Yes to all questions (but no need to change password) Harden PHP – and tune performance sudo apt-get install php5-suhosin sudo vi /etc/php5/apache2/php.ini uncomment this code or update setting max_execution_time =...

Fail2ban Apache2 Access Log Regex Fails

Changing banaction to ROUTE worked, while IPTABLES-ALLPORTS failed with error No Host Found 2014-09-26 10:55:24,662 fail2ban.filter : ERROR No ‘host’ found in ‘113.71.191.49 – – [ +0000] “GET /phpMyAdmin/scripts/setup.php HTTP/1.1” 500 833 “-” “-” ‘ using ‘‘ [apache-phpmyadmin-access] enabled = true #banaction = iptables-allports banaction = route port = http,https filter = apache-phpmyadmin-access logpath = /var/log/apache2/access.log maxretry = 0 #...

Setup Fail2ban for Debian and Ubuntu

My Notes Only taken from various sources. There are other much more complete guides for Fail2ban available. Install Fail2ban sudo apt-get install fail2ban filter definitions located in /etc/fail2ban/filter.d action definitions located in /etc/fail2ban/action.d The following is a minimal setup. Configure Fail2ban sudo vi /etc/fail2ban/jail.conf Configuration for jail.conf destemail = you@example.com # Email of where alerts should be sent to ignoreip...

How To Manage Fail2ban Using Perl Script On Remote Servers and A Control Mysql Database

Earlier I posted how to use a text file created by a script to similarly manage the rogue IPs that Fail2ban bans. The problem with using scripts and crontab is that it is not reporting in real-time. The method here works in real-time because Fail2ban reports directly to the MySQL on the control server. On each remote you’ll want to...

Netfilter iptables Log Message Codes

IN = Input interface OUT = Output interface MAC = Ethernet hardware address (aka MAC address) SRC = Source IP address DST = Destination IP address LEN = Packet length TOS = Type of Service (for packet prioritization) PREC = Precedent bits TTL = Time to Live ID = Packet identifier PROTO = Protocol (eg. TCP, UDP) SPT = Source...