Protect public Linux servers with fail2ban

Do you have public facing Linux servers?

Of course you do. Who doesn’t!?!? Or why would you be here if you wouldn’t?

I’m not a big fan of security through obscurity, so I need, or we all need, a way to protect our known public ports.

I know, iptables or any of it’s derivatives are always there, but, what about that one port that must stay opened and accessible? After all, if you didn’t need a public facing service, you wouldn’t need to to make it public, would you?

fail2ban to the rescue

fail2ban is a very useful utility that creates rules on your firewall to block failed authentication attempts. It can be used with any service that generates log files. As an example I will use SSH.

How To


Installation of fail2ban is as easy as it gets. Just make sure you have your repositories up to date and to a yum install fail2ban or apt-get install fail2ban.


First step to configure fail2ban is to copy it’s config file to a .local file.
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

fail2ban configuration should be done only on the new .local file

In the jail.local file, let’s search for the area [ssh] or [ssh-iptables] depending if you use a Debian base or red hat base distro.

Make sure that it is enabled and the log file is pointing to the right location.

We can also set the ban duration and the number of tries before banning. I like to ban for 1 hour (value in seconds) and after 5 retries.

enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
banaction = iptables-allports ; ban retrys on any port
bantime = 3600 ; ip address is banned for 10 minutes
maxretry = 5 ; allow the ip address retry a max of 10 times

After the configuration done, let’s start the service and see it in action.

Seeing it all come together

If you have anyone testing your defences you should see fail2ban in action very fast. Just to a word count of the number of lines in auth.log with failed attempts like so:
less /var/log/auth.log | grep ‘sshd.*Failed’ | wc -l
The follow up with a listing of your iptables rules with iptables -L.

Wrap up

Very useful tool this fail2ban. There are many more configuration possible, for other services, for e-mail notifications, for different actions, etc.

This is just a very basic starting point.
Now go explore and stay safe.

Duplicate folder tree in Linux

Quick tip.

This can be very handy when you need to frequently create a folder structure without files (Ex. Project folders or multiple versions of a development area)

Just run:

find <directory> -type d -maxdepth n -exec mkdir /where/you/want/{} ;

This is a quick way of doing it and can even be automated.

Linux Performance – Swap partition vs Swap files (The Swap Files How To)

And I’m back, paging myself in, so we wrap up this topic.

So with the process pages all in in their frames, let’s add some more swap. File format this time.

1- Creating a Swap file

So Linux being Linux, you can be anything, as long as you’re a file!

So let’s get started and create a file using dd. After that, the process is very similar to what we’ve already seen. Have a look below:


The only difference is the use of the -f parameter to state that swap will be in a file and not in a partition.

In this example I created a 128MB file, but we can have multiple of these or even different sizes like the example below.


2- Making swap file available on boot

After the swap files created, they can be added to fstab to be available on boot, just like a partition, and all the same rules apply.


And there you have it. Swap files instead of swap partitions. These can be a quick(er) way of adding some swap space and have the same functionality.

Se let’s swap out and make space for a new process!


Note: As seen in my screenshots, the swap files should be made available only to the root user. I didn’t, since this was done in a lab environment, but don’t forget to do chmod 0600 on each file.

Linux Performance – Swap partition vs Swap files (The Swap Partition How To)

As promised, during the previous post, let’s get nerdy and show how to make changes to your swap settings.

Let’s start from the beginning.

1- How much swap do I have and how much am I using?

First one is really simple and I bet most of you know this already.

Use the free command to identify your memory usage and in there you will have the swap.

Ex. free -m will show you the used and free memory in Megabytes.


If you don’t have the free command, you can use /proc/meminfo to gather that information.

Ex. cat /proc/meminfo | grep Swap*



2- Am I using a Swap disk or Swap files?

Couldn’t be easier.

Ex. cat /proc/swaps


Does it need an explanation?

3- I need a bigger swap space!

Great, let’s increase it.

Is it a virtual machine? Even better.

Let’s start by turnoff the swap disk.

In the case above would be just running swapoff /dev/sdc1.

Next, increase the space in your virtual disk, delete the old partition and make a new one.

After just format the new partition as swap. Ex. mkswap /dev/sdc1 and swapon /dev/sdc1

Don’t forget to update fstab.


4- How about having multiple swap disks?

Well, almost the same as before, but instead of resize, just add a new disk and create new swap partition.

After that the fun starts.

Create the swap file system like mkswap /dev/sdf1 and swapon /dev/sdf1.


Now you have 2 swap areas. When the first one is full, the second will be used.

Don’t forget to add to fstab for mounting on boot.

5- How to make multiple swap partitions be used simultaneously?

Swap partitions can be used simultaneously, acting like a “RAID” group. This will improve performance significantly, especially when using separate disks.

For that, the disks should be mounted using the same priority, as seen below:


In this case I defined the priority as 3, but it could be any value. If you have more, keep in mind that the higher the number, the higher the priority up to 32767.

So, after beating up swap files in this post. I’ll let it sink in, before I do another post on Swap files.

For now i’ll page out myself!

Linux Performance – Swap partition vs Swap files

Yup. This is a tough one.
When you start getting questions about server virtual memory, you know it’s not good.

But let’s start by the basics. Swapping vs. Paging.


Swapping is a technique where the whole memory allocated to a process gets moved from main memory (RAM) to a secondary memory type (usually hard disk).


Paging is a different memory management technique where physical memory is divided into frames and logical memory of each process is divided into pages. Pages and Frames are usually 4KB, but can be otherwise defined, although always the same size. Pages then are moved in and out of main memory depending on current needs and frame availability, rather than moving the whole address space of a process.

With the fundamental concepts out of the way, let’s get to the more juicy stuff.

Swap partition

Linux is a modern operating system and used paging for it’s memory management. This confuses people since Linux still uses the Swap partition and you’ve probably been told that you need to get it just right. No second changes. Bullsh… Well get to that soon.

I just said Linux is a MODERN operating system and there are many ways around it.
Regardless, as a rule of thumb, you should always assign double the physical memory to a swap partition. This will allow processes to use the extra “memory” if needed. You should also evaluate how your application will use memory to understand if it is worth while having a bigger or smaller swap size.
In a virtualization world, like today’s, I actually prefer to create a separate disk altogether. This will allow me to place that disk in a fast SSD LUN if I need the extra performance for the server virtual memory. That said, this is, and should be, a corner case.

Especially in virtual environments you can change the size of this partition and even add multiple partitions. This is also true for physical environments, although more laborious. (Who wants to replace physical disks these days!)

Swap files

Now, how about those swap files?
Swap files are, just like swap partitions, with the advantage of not having to create a separate partition. In fact, you can not have a swap partition altogether. Their functionality is the same as a swap partition, but they will be files in your file system. Like a swap partition, you can keep them in a separate disk for the same purpose.

And by the way, could you possibly use swap files and a swap partition simultaneously?
Of course you can, it’s Linux, you can do whatever you want … or close enough!
You could possibly use swap files to replace your swap partition entirely while you re-dimension it.
Did I mention you can have multiple swap partitions?


When creating a new Linux machine, although not necessary, it’s always preferable to reserve some space for Swap/Virtual memory, Regardless of being in the form of a partition or swap file.
Reserve at least the same amount as physical memory.
If you are running software that allocates large chunks of memory, swap is a must
If your applications are using swap and you can’t add physical memory, try adding more partitions and setting them with the same priority, this will make swap act “like a RAID 0”, as long as they are running on similar performance disks.

This is a long post, but one I think necessary.
I will be adding another blog post with the howto’s to use all techniques mentioned here.

Let’s get swapping!

Get ID from user and group in Linux

Hi everyone,

Sometimes it handy to deal with id’s instead of actual names. It makes your commands shorter.
So if you ever need to get the id’s of one user or a group in Linux, here’s the commands to run:

– id -u USERNAME – will give you the USERNAME ID;
– id -a USERNAME – will give, not only the ID of the user, but also all the groups the user is part of;
– id -g USERNAME – will give the ID of the user’s primary group;
– id -G USERNAME – will give you the ID of all groups the user is a member of;

If you just want to know the id of a group, the just run:

cat /etc/group | grep GROUPNAME

The third item of the colon(:) separated string is the group ID.

And there you have it.
Now you can find out every user and group ID’s.


Mounting CIFS Share with specific user and group in Linux

Working with Linux in a Microsoft environment is not always easy.
Even a simple share can be tricky. Luckily, there’s always a solution with Linux.

In the scenario where a Windows Share is needed, running “mount” with CIFS is no surprise, however, if the Linux mount point has to be made available for a specific user, then, it’s necessary to pass the option for the local user and group of the mount point being created.

Ex.: (as root or sudo) mount -t cifs -v //IP_or_DNS_name/Share_Name /mnt/Local_Folder -o user=ShareAuthUser,pass=ShareAuthUserPW,domain=ShareAuthUserDomainOrLocalMaShareMachine,uid=LinuxUID,gid=LinuxGID

Using the above command will mount under /mnt/Local_Folder the CIFS share, but will do it making the Linux user an group owner of that mount point.

This is very usefull when you need to backup Linux files or databases (that only a service user can access) but the backup server is Windows based. So one makes a backup to a folder, that happens to be a CIFS share and the Windows machine can backup that folder.

Hope it helps.

Linux quick tip: List of recent commands

Hello everyone,


Here’s a quick tip for the newcomers on the wonders of the Linux shell.

Weather you know you’ve typed a command and forgot what or o simple need a list of all that was executed (very useful to back trace your steps!!), there’s a command that helps you.

The command is “history” and it shows a list of recent commands.

You can also combine it with grep or awk to search for a specific command.


For example:

history | grep fdis* where it will search for all commands started with fdis.



Linux – What distro am I using?

Let’s say you’ve been given access to a Linux machine (SSH or any other plain terminal), but you have no idea of version or distro you are using.

Even though Linux is mostly the same, there are some diferences. So, to find out, here’s a couple of commands that can be usefull.

head -n1 /etc/issue 
uname -a
Note that the first command can be deceiving. /etc/issue is a text file that can be altered.

Find out your Linux box CPU and RAM specs

If you use Linux, and, for whatever reason, you don’t “remember” the CPU model or clock speed, or you need to buy more RAM but you don’t know what type. Here’s a couple of commands you can use to find that info.

CPU: less /proc/cpuinfo
RAM: sudo dmidecode –type memory | less