Home
- Gegevens
- Geschreven door: gbonny
- Hits: 4896
Some people, including myself, experience that ProFTP is stopped regularly. It seems that this happens when log rotation is active.
In the system log you'll see errors like:
... ProFTPD killed (signal 15)... ProFTPD 1.3.5rc3 standalone mode SHUTDOWN
The problem seems to be that ProFTPD doesn't stop in time to be restarted. It's simple to fix this error in "/etc/init.d/proftpd".
Search for start-stop-daemon --stop --signal $SIGNAL --quiet --pidfile "$PIDFILE"
And replace it with start-stop-daemon --stop --signal $SIGNAL --retry 1 --quiet --pidfile "$PIDFILE"
- Gegevens
- Geschreven door: gbonny
- Hits: 5440
Fail2Ban is a comprehensive tool for blocking possible unwanted traffic from bots/hackers to your server (or network). It's quiet easy to install and setup so here's a quick how to, assuming you've already set up sendmail for mail-relay, and are using locally ssh, ftp and openvpn for instance.
1. sudo apt-get install fail2ban
2. Set up a local configuration file for fail2ban by running "cp -ivra /etc/fail2ban/jail.conf /etc/fail2ban/jail.local" and open /etc/fail2ban/jail.local:
# Append / Modify
bantime = 3600
# forever:
# bantime = -1
ignoreip = 127.0.0.1/8 192.168.1.0/24
destemail =
# Email address of the sender
# This is not by default in place, by default fail2ban@<hostname>.<domain> is used which could lead into smtp unknown sender errors (550). Also note the sender="%(sender)s in action_mw.
sender =
action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
%(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s", sendername="%(sendername)s", sender="%(sender)s"]
action = %(action_mw)s
# Append / Modify
[openvpn]enabled = trueport = 1194protocol = udpfilter = openvpn#logpath = /var/log/syslog/etc/openvpn/openvpn.logmaxretry = 3
[proftpd]enabled = true
[ssh]
enabled = true
3. Create a file openvpn.conf in /etc/fail2ban/filter.d/ with the following contents:
# Fail2Ban Filter for OpenVPN#[INCLUDES]before = common.conf[Definition]_daemon = openvpnfailregex = <HOST>:[0-9]{4,5} TLS Auth Error: Auth Username/Password verification failed for peerignoreregex =
4. Restart services: sudo service fail2ban restart
5. Eventually add "/var/log/fail2ban.log" to the logrotate in: /etc/logrotate.d/rsyslog
6. I've also added an email alias in sendmail for fail2ban@<hostname>.<domain>
Now you'll receive emails when someone gets banned. You can test this, when you want to remove the block use something like: "sudo fail2ban-client set openvpn unbanip 1.2.3.4"
- Gegevens
- Geschreven door: gbonny
- Hits: 4344
When you have a network switch which is capable of 802.1Q, also known as VLAN tagging or trunking, and you want to transport a certain VLAN directly into a VM in VMWare Player or Workstation or VirtualBox you have to do some additional configuration. Standard desktop versions of Windows strip off VLAN tags. You've probably already tried to enable Packet Priority and VLAN. People who are using Wireshark encounter the missing VLAN tags possibly as well and could follow the solution as wel below.
All you have to do is this (it took me a while I found this one out for my Intel(R) Gigabit CT desktop adapter):
1. Backup your Windows registry;
2. Navigate to: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet0001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318};
3. Open the tree and you'll see folders like 00xx;
4. Look for the folder containing your network card/NIC, displayed as DriverDesc
5. Modify/add a REG_DWORD 32bit named MonitorMode with value 1 (alternatively Realtek or other cards use REG_DWORD MonitorModeEnabled);
6. Reboot and you should be done (or enable/disable NIC).
Happy tagging!
- Gegevens
- Geschreven door: gbonny
- Hits: 3490
By default Ubuntu comes with IPv6 enabled. When you don't have an IPv6 Internet connection or you want to disable IPv6 from a security perspective, it's easy to disable:
1. sudo su
2. echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.conf
3. option 1: reboot
3. option 2: sysctl -p