Friday, March 18, 2016

How to remove fglrx and replacing with AMD/ATI in Debian Jessie

"The fglrx driver is incompatible with the GNOME desktop released as part of Debian 8 "Jessie", as it does not support the EGL interface (release notes). It is recommended to use the free radeon driver instead."

After installing fglrx, I can not enter Gnome. I share how to remove fglrx driver and resintall AMD/ATI in Debian Jessie.
  1. Remove all fglrx driver
    # apt-get remove fglrx-driver fglrx-atieventsd libfglrx
  2. Add this repository into /etc/apt/sources.list
    deb http://httpredir.debian.org/debian/ jessie main contrib non-free
  3. Install or reinstall firmware
    # apt-get install firmware-linux-free firmware-linux-nonfree
    # apt-get install --reinstall firmware-linux-free firmware-linux-nonfree 
  4. Install or reinstall radeon driver (see https://wiki.debian.org/AtiHowTo for your system)
    # apt-get install xserver-xorg-video-radeon libdrm-radeon1 radeontool
    # apt-get install --reinstall xserver-xorg-video-radeon libdrm-radeon1 radeontool
  5. Replace /etc/X11/xorg.conf with your working configuration. In my case /etc/X11/xorg.conf.original-0.
  6. You can start your Gnome
    # startx
Woking at Asus K45DR
  • A8-4500M 
  • AMD Radeon® Mobility™ HD7640G + HD 7470M Dual Graphics with 1GB DDR3 VRAM
Reference:
  • https://wiki.debian.org/AtiHowTo
  • https://wiki.debian.org/ATIProprietary
Posted by at No comments:
Labels:

Thursday, March 10, 2016

Blocking IP address that repeatedly blocked by fail2ban

Find IP address that repeatedly blocked by fail2ban:
# awk '($(NF-1) = /Ban/){print $NF}' /var/log/fail2ban.log | sort | uniq -c | sort -n
...
3 212.83.190.184
3 221.203.142.71
3 74.208.10.191
5 183.3.202.105
Note: the variable NF equals the number of fields in each row of the logfile. So $NF is the value of the last field. Add iptables rules to drop incoming packages from particular IP address
# iptables -I INPUT -s 183.3.202.105 -j DROP
or you just want to drop access to your sshd
# iptables -I INPUT -p tcp -s  221.203.142.71 --dport ssh -j DROP
You can write a bash script to find IP address
# vi awkfindipfail2ban.sh
#!/bin/bash
awk '($(NF-1) = /Ban/) { print $NF}' /var/log/fail2ban.log | sort | uniq -c | sort -n
Make it executable
# chmod 744 awkfindipfail2ban.sh
Run it
# ./awkfindipfail2ban.sh
Other way to search brute force attempt is search in authentication log file
# awk '/Failed password/ { print "Date: "$1" "$2" "$3"\tUsername: "$9"\t\tClient IP: "$11 }' /var/log/auth.log
You can also use grep
grep "$(date|awk '{print $2" "$3}')" /var/log/auth.log|grep -E '(BREAK-IN|Invalid user|Failed|refused|su|Illegal)'
For this case:
      1 104.255.67.202
      1 109.161.202.72
      1 115.79.56.178
      1 125.212.232.119
      1 193.201.227.10
      1 193.201.227.18
      1 193.201.227.200
      1 193.201.227.68
      1 195.154.51.132
      1 202.99.172.155
      1 222.186.21.74
      1 27.255.81.142
      1 42.112.249.111
      1 45.32.61.182
      1 5.79.205.171
      1 59.47.5.239
      1 74.208.46.187
      1 82.165.151.8
      2 222.186.21.143
You may see the brute force using 4 different IP (193.201.227./24). For this case you can block them all with this command
# iptables -I INPUT -p tcp -s  193.201.227.0/24 --dport ssh -j DROP
No worries, your users still able to use your other service such as www in case those IP above used by legitimate user.
As your iptables rules increasing, your server performance may degrade. You can move your blocking rules into ipset. 
  1. create your ipset rules for example mynetrules.
    # ipset create mynetrules hash:net
  2. populate your ipset rules
    # ipset add mynetrules 212.83.190.184     
    # ipset add mynetrules 183.3.202.114     
    # ipset add mynetrules 221.203.142.71     
    # ipset add mynetrules 183.3.202.105
    # ipset add mynetrules 183.3.202.112
    # ipset add mynetrules [u18576666.onlinehome-server.com]
    # ipset add mynetrules 212.129.15.239
    # ipset add mynetrules 212.129.56.65 
    # ipset add mynetrules 222.186.21.143     
    # ipset add mynetrules 193.201.227.0/24
    # ipset add mynetrules 125.88.177.111
    # ipset add mynetrules [u19026996.onlinehome-server.com] 
    # ipset add mynetrules 183.3.202.88
  3. add your ipset rules into first line in iptables rules
    # iptables -I INPUT -m set --match-set mynetrules src -j DROP
    or just to block access to your ssh
    # iptables -I INPUT -p tcp --dport 22 -m set --match-set mynetrules src -j DROP
    or you want to block multiple port
    # iptables -I INPUT -p tcp --match multiport --dports 80,443 -m set --match-set mynetrules src -j DROP
Now you may see your iptables more simple:
# iptables -L 
Chain INPUT (policy ACCEPT) target     prot opt source               destination DROP       all  --  anywhere             anywhere             match-set mynetrules src...
To list your ipset rules i.e. mynetrules
# ipset list mynetrules 
Name: mynetrules Type: hash:net Revision: 5 Header: family inet hashsize 1024 maxelem 65536 Size in memory: 17176 References: 1 Members: 183.3.202.88 183.3.202.114 193.201.227.0/24 ... 
Additional script to search IP banned at least twice: 
#!/bin/bash
echo "These IP banned at least twice"
awk '($(NF-1) = /Ban/) { print $NF}' /var/log/fail2ban.log | sort | uniq -c | {
  while read -r line1 line2
  do
    if [ "$line1" -ge 2 ]; then
      echo "$line1 $line2"
    fi
  done
}
echo "These IP range banned at least twice"
awk '($(NF-1) = /Ban/) { print $NF}' /var/log/fail2ban.log | awk 'BEGIN{FS="."} ; { printf("%s.%s.%s.0/24\n",$1,$2,$3)}' | sort | uniq -c | {
  while read -r line1 line2
  do
    if [ "$line1" -ge 2 ]; then
      echo "$line1 $line2"
    fi
  done
}
Interesting Command:
  • # awk '/authentication failure/ { print $NF }' /var/log/auth.log | sort | uniq -c
  • # awk '/root/ && /sshd/ { print $0 }' /var/log/auth.log 
References:
  • http://www.the-art-of-web.com/system/fail2ban-log/
  • http://stackoverflow.com/questions/22298623/echo-results-from-a-grep-search-in-shell-script 
  • http://unix.stackexchange.com/questions/3176/what-strings-should-i-look-for-in-var-log-auth-log 
Posted by at No comments:
Labels:

Monday, March 7, 2016

Add Root CACert on Debian Jessie


# mkdir /usr/local/share/ca-certificates/cacert.org
# cd /usr/local/share/ca-certificates/cacert.org/
# wget http://www.cacert.org/certs/root.crt http://www.cacert.org/certs/class3.crt
# update-ca-certificates
Updating certificates in /etc/ssl/certs... 2 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d....done.

References:
  • https://www.brightbox.com/blog/2014/03/04/add-cacert-ubuntu-debian/
  • http://wiki.cacert.org/FAQ/ImportRootCert#Debian
Posted by at No comments:
Labels:

Friday, March 4, 2016

Installing AMD Radeon driver on Debian Jessie

  1. Edit /etc/apt/sources.list
    deb http://httpredir.debian.org/debian/ jessie main contrib non-free
  2. Install these software
    # aptitude update
# aptitude -r install linux-headers-$(uname -r|sed 's,[^-]*-[^-]*-,,') fglrx-driver
  3. Run initial configuration
    # aticonfig --initial
https://wiki.debian.org/ATIProprietary#AMD_Catalyst_14.9
Posted by at No comments:
Labels:

Thursday, February 25, 2016

Virtualmin DNS Server Template for multi domain

Virtualmin provides default server template that can be used to configure dns during creating of a new Virtual Server. We can change this default to implement our 'style' in dns record. Go to Virtualmin tab, System Settings, and Server Templates. Choose Default Settings, select Bind DNS domain and click Change. This is my custom configuration for dns record:

  1. BIND DNS records for new domains:
    $ttl 38400
    @ IN SOA ns1.${DOM}. hostmaster.${DOM}. (
    1456307163
    10800
    3600
    604800
    38400 )
    ${DOM}. IN A ${IP}
    www.${DOM}. IN A ${IP}
    ftp.${DOM}. IN A ${IP}
    m.${DOM}. IN A ${IP}
    localhost.${DOM}. IN A 127.0.0.1
    webmail.${DOM}. IN A ${IP}
    admin.${DOM}. IN A ${IP}
    mail.${DOM}. IN A ${IP}
    ${DOM}. IN MX 5 mail.${DOM}.
    ${DOM}. IN TXT "v=spf1 a mx a:${DOM} ip4:${IP} ?all"
    ${DOM}. IN NS ns1.${DOM}.
    ${DOM}. IN NS ns2.${DOM}.
    ns1.${DOM}. IN A ${IP}
    ns2.${DOM}. IN A [change-ip-to-your-slave-dns-server]
  2. Use only the records above: checked
  3. Address records for new domains: unchecked all 
  4. Default TTL for DNS records: Use BIND module setting
  5. Add nameserver record for this server -> unchecked
  6. Add sub-domain DNS records to parent domain? No
  7. Master DNS server hostname: Automatic (from system's hostname)
  8. Add SPF DNS record? No
  9. Does SPF record cover all senders? No
  10. Add DMARC DNS record? No 
  11. Additional named.conf directives for new zones: None
  12. Automatically add named.conf directives: also-notify allow-transfer
  13. Create DNSSEC key and sign new domains? No

                          You can check your dns entry using from this site https://ednscomp.isc.org/ednscomp/ 
                          Posted by at No comments:
                          Labels:
                          Subscribe to: Posts (Atom)