I recently requested an upgrade on one of our dedicated server’s uplink speed, we only had a 10Mbps Uplink, we requested an upgrade to 100Mbps to serve a lot more.
How do you verify the upgrade has been done correctly?
As root, issue the following comand:
# mii-tool eth0: negotiated 10baseT-FD, link ok
If it doesn’t work (for debian or ubuntu), make sure you have installed the net-tools package (The NET-3 networking toolkit)
We’ve noticed that most of our servers have been under heavy attack from random IP addresses to break via SSH.
With the help of the last post on how to ban an IP, and the following python script, you’ll be able to have a cronjob that runs once or twice a day and automagically bans all the offending ips from ever trying to brute force their way in ever again.
touch and make executable a file called “detect_ssh_hostiles”
touch detect_ssh_hostiles chmod +x detect_ssh_hostiles
Then copy the following code inside:
# Usage:
# python detect_ssh_hostiles [auth.log file path]
#
# Requirement: There should be “ban_ip” and “unban_ip” command availability on the path
#
# Note: you gotta have read permissions on the auth.log file and sudo
# permissions for the script to ban the ips.
#If an IP meets this number of failed login attemmpts it will be banned
BAN_THRESHOLD = 7
SUSPECTS = {}
#Put here IP addresses you trust, could be making genuine login errors
SAFE_IPS = ['81.73.111.49','101.73.111.160','72.31.171.235','72.36.23.234','82.36.180.210','202.132.82.16']
import os
import sys
import re
BANNED = {}
def loadBanned():
”’
This function will load all the banned IPS into the BANNED Dict.
It will also count how many times (by mistake) the same IP has
been banned, and it will unban it, so that it will appear only once.
”’
global BANNED
command = ’sudo iptables –list –numeric’
try:
p = os.popen(command,’rb’)
except Exception,e:
print e
sys.exit(1)
line = ‘-’
while line != ”:
line = p.readline().strip()
if line.startswith(”DROP”):
parts = line.split()
ip = parts[3]
#add hit or register banned ip
if BANNED.has_key(ip):
BANNED[ip]+=1
else:
BANNED[ip]=1
#Make sure banned IPs are banned only once
for ip in BANNED:
if BANNED[ip] > 1:
print “IP %s has been banned %d times” % (ip, BANNED[ip])
n=BANNED[ip]-1
while n > 0:
os.system(”unban_ip %s” % ip)
print (”unban_ip %s” % ip)
n=n-1
p.close()
# —- here we go —-
loadBanned()
#read auth log
logfile = ‘/var/log/auth.log’
if len(sys.argv)==2:
logfile = sys.argv[1]
command = ‘grep “Failed password for ” %s’ % logfile
#print command
try:
p = os.popen(command,’rb’)
except Exception,e:
print e
sys.exit(1)
line = “123″
while line != ”:
line = p.readline()
#Sample line:
# May 25 03:29:49 main sshd[6933]: Failed password for root from 202.118.236.132 port 54863 ssh2
pattern = “(.*)(from\s)(\d+\.\d+\.\d+\.\d+)(.*)”
matchObject = re.match(pattern, line)
suspect = None
if matchObject is not None:
suspect = matchObject.groups()[2]
#skip safe IPs
if suspect in SAFE_IPS:
continue
if SUSPECTS.has_key(suspect):
#add a hit
SUSPECTS[suspect] += 1
else:
#add first hit
SUSPECTS[suspect] = 1
p.close() #close the pipe
print “==”*30
import time
t = time.localtime()
#(2008, 6, 6, 9, 35, 21, 4, 158, 1)
timestr = “%d-%d-%d@%d:%d:%d” % (t[0],t[1],t[2],t[3],t[4],t[5])
print timestr
print “–”*30
if len(SUSPECTS) > 0:
for suspect in SUSPECTS:
if SUSPECTS[suspect] >= BAN_THRESHOLD and not BANNED.has_key(suspect):
print “Banning %s with %d attempts” % (suspect,SUSPECTS[suspect])
BANNED[suspect]=1
os.system(”ban_ip %s” % suspect)
elif BANNED.has_key(suspect):
print “Ip %s has already been banned” % (suspect)
else:
print “Suspect candidate? %s with %d attempts” % (suspect,SUSPECTS[suspect])
else:
print “Found no suspects to ban”
print “==”*30
Then add this as a cronjob of your root user, and it will automatically ban all those IPs that have tried to break in. See the script for configuration. You can always make some IPs immune to banning by adding them on the SAFE_IPS list.
In case you’re not an iptables guru, you might want to create a couple scripts and put em somewhere on your $PATH. I’ve created two scripts called ban_ip and unban_ip.
Create a file called ban_ip
touch ban_ip chmod +x ban_ip
Edit it and copy the following code inside:
#!/bin/bash sudo iptables -A INPUT -s $1 -j DROP echo IP Address $1 has been banned echo
To ban an IP, you must invoke
ban_ip <someIpAddressHere>
e.g.
ban_ip 211.32.44.111
And the IP will be banned.
Do the same now for the unban_ip script
touch unban_ip chmod +x unban_ip
Open your fav. text editor and copy the following code inside:
#!/bin/bash iptables -D INPUT -s $1 -j DROP echo Unbanned ip $1 echo
Save it, and use it.
To unban an IP, you must invoke
unban_ip <someIpAddressHere>
e.g.
unban_ip 211.32.44.111
Requirements
Have sudo access, have iptables installed.
We want to give thanks to William L. Thomson Jr from Gentoo for making FrostWire available to people running Gentoo ~arch or unstable ~x86 or ~amd64.
If you are a Gentoo Linux user you can now just do:
emerge frostwire
And as William says:
it will bring in all deps, compile, install, make desktop menu entries, launcher, etc :)
If you’re interested here’s the package
About Gentoo
The Gentoo Linux operating system (pronounced /ˈdÊ’É›ntuË/) is a Linux distribution based on the Portage package management system. The development project and its products are named after the Gentoo penguin. Gentoo package management is designed to be modular, portable, easy to maintain, flexible, and optimized for the user’s machine. Packages are normally built from source code, continuing the tradition of the ports collection, although for convenience, some large software packages are also available as precompiled binaries for various architectures.
Source: Wikipedia
FOR IMMEDIATE RELEASE:
FrostWire 4.13.5 is now available for MS Windows, Mac OSX and Linux. Major updates improve network bootstraping and peer discovery. 4.13.5 includes improvements on the Chatroom tab, Audio Previews and more.
Other improvements have taken place for the FrostWire build process (for developers this means true One-Step builds for all versions). Updates on translations have been made thanks to the feedback from users in Poland and throughout Latin America. .
In more detail users can expect the following:
Users can see the available smileys by entering the command
/smileys
Now its possible to see and use Smileys from the Community Chat tab, Smiley display can be enabled or disabled from the view menu:
Users can also toggle Smiley display directly from the chat window by typing the command
/tsmileys
Bug Fixes and other improvements for this release also include:
Users can find now by details without the auto-focusing problem.
FrostWire 4.13.5 is expected to be the last of the 4.13.x series.
About FrostWire
FrostWire, a Gnutella Peer-to-Peer client, is a collaborative effort from many Open Source and freelance developers located from all around the world. In late 2005, concerned developers of LimeWire’s open source community announced the start of a new project fork “FrostWire” that would protect the developmental source code of the LimeWire client and any improvements to the Gnutella protocol design. The developers of FrostWire give high regard and respect to the GNU General Public License and consider it to be the ideal foundation of a creative and free enterprise market.
Aqui hay un Google talk por el mismisimo Linus, quien habla sobre su nuevo sistema de control de versiones distribuido. El cual promete se mas rapido, distribuido, y ocupar menos espacio. Algunos claman que pudiera utilizarse como un sistema de archivos distribuidos que nos permitira crear sistemas que antes eran inconcebibles.
You are currently browsing the archives for the Linux category.
