Tips - A Wary SysAdmin Blog

February 5, 2017September 24, 2017

Protect public Linux servers with fail2ban

Do you have public facing Linux servers?

Of course you do. Who doesn’t!?!? Or why would you be here if you wouldn’t?

I’m not a big fan of security through obscurity, so I need, or we all need, a way to protect our known public ports.

I know, iptables or any of it’s derivatives are always there, but, what about that one port that must stay opened and accessible? After all, if you didn’t need a public facing service, you wouldn’t need to to make it public, would you?

fail2ban to the rescue

fail2ban is a very useful utility that creates rules on your firewall to block failed authentication attempts. It can be used with any service that generates log files. As an example I will use SSH.

How To

Installation

Installation of fail2ban is as easy as it gets. Just make sure you have your repositories up to date and to a yum install fail2ban or apt-get install fail2ban.

Configuration

First step to configure fail2ban is to copy it’s config file to a .local file.
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

fail2ban configuration should be done only on the new .local file

In the jail.local file, let’s search for the area [ssh] or [ssh-iptables] depending if you use a Debian base or red hat base distro.

Make sure that it is enabled and the log file is pointing to the right location.

We can also set the ban duration and the number of tries before banning. I like to ban for 1 hour (value in seconds) and after 5 retries.

[ssh]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
banaction = iptables-allports ; ban retrys on any port
bantime = 3600 ; ip address is banned for 10 minutes
maxretry = 5 ; allow the ip address retry a max of 10 times

After the configuration done, let’s start the service and see it in action.

Seeing it all come together

If you have anyone testing your defences you should see fail2ban in action very fast. Just to a word count of the number of lines in auth.log with failed attempts like so:
less /var/log/auth.log | grep ‘sshd.*Failed’ | wc -l
The follow up with a listing of your iptables rules with iptables -L.

Wrap up

Very useful tool this fail2ban. There are many more configuration possible, for other services, for e-mail notifications, for different actions, etc.

This is just a very basic starting point.
Now go explore and stay safe.

December 14, 2014

Move hidden Window

Dear reader,

Recent events made me get this tip way from my old days. When I was young and Windows 3.1 was the most amazing thing i had ever seen.

Ahh the good old days!

Anyway, have you ever struggled with a window that opens outside the visible screen? Or even the ones that stays just ever so slightly off that your mouse pointer just can’t move them?

Mostly the cause is simple different screen resolutions, removing an additional screen, going from a remote session in Full HD to a lame laptop screen… who cares.

It just happens.

Well at least now you’ll know what to do, with a few simple steps, and a working keyboard:

1. Alt-tab to the misbehaving window;

2. Press Alt+Space;

3. Press M;

4. Press any Arrow keys to bring the window back to full visibility or just once and then move the mouse. The window position should now follow the mouse cursor.

There you go.

No more plugging screens and rebooting or any other time wasting trickery.

Enjoy.

Bonus tip: Since Windows 7, you can do it even faster, by using the snap window function. Just select the window with Alt + tab and use Windows Key + Arrow key to snap to one of the sides.

November 14, 2014

Duplicate folder tree in Linux

Quick tip.

This can be very handy when you need to frequently create a folder structure without files (Ex. Project folders or multiple versions of a development area)

Just run:

find <directory> -type d -maxdepth n -exec mkdir /where/you/want/{} ;

This is a quick way of doing it and can even be automated.