gbonny's blog

Home

Fixing ProFTPD killed (signal 15) on Ubuntu 14.04 LTS

Gegevens
Geschreven door: gbonny
Gepubliceerd: 15 januari 2016
Laatst bijgewerkt: 10 oktober 2019
Hits: 5552
  • Debian
  • Ubuntu
  • Trusty Tahr
  • How-to
  • ProFTP

Some people, including myself, experience that ProFTP is stopped regularly. It seems that this happens when log rotation is active.

In the system log you'll see errors like:

... ProFTPD killed (signal 15)
... ProFTPD 1.3.5rc3 standalone mode SHUTDOWN

The problem seems to be that ProFTPD doesn't stop in time to be restarted. It's simple to fix this error in "/etc/init.d/proftpd".
Search for start-stop-daemon --stop --signal $SIGNAL --quiet --pidfile "$PIDFILE"

And replace it with start-stop-daemon --stop --signal $SIGNAL --retry 1 --quiet --pidfile "$PIDFILE"

Installing Fail2Ban on Ubuntu 14.04 LTS

Gegevens
Geschreven door: gbonny
Gepubliceerd: 20 maart 2015
Laatst bijgewerkt: 10 oktober 2019
Hits: 5868
  • Debian
  • Ubuntu
  • Trusty Tahr
  • How-to
  • Fail2Ban

Fail2Ban is a comprehensive tool for blocking possible unwanted traffic from bots/hackers to your server (or network). It's quiet easy to install and setup so here's a quick how to, assuming you've already set up sendmail for mail-relay, and are using locally ssh, ftp and openvpn for instance.

1. sudo apt-get install fail2ban

2. Set up a local configuration file for fail2ban by running "cp -ivra /etc/fail2ban/jail.conf /etc/fail2ban/jail.local" and open /etc/fail2ban/jail.local:

# Append / Modify

bantime = 3600
# forever:
# bantime = -1
ignoreip = 127.0.0.1/8 192.168.1.0/24
destemail = Dit e-mailadres wordt beveiligd tegen spambots. JavaScript dient ingeschakeld te zijn om het te bekijken.

# Email address of the sender
# This is not by default in place, by default fail2ban@<hostname>.<domain> is used which could lead into smtp unknown sender errors (550). Also note the sender="%(sender)s in action_mw.
sender = Dit e-mailadres wordt beveiligd tegen spambots. JavaScript dient ingeschakeld te zijn om het te bekijken.

action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
%(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s", sendername="%(sendername)s", sender="%(sender)s"]

action = %(action_mw)s

 

# Append / Modify

[openvpn]
enabled = true
port = 1194
protocol = udp
filter = openvpn
#logpath = /var/log/syslog
/etc/openvpn/openvpn.log
maxretry = 3

[proftpd]
enabled = true

[ssh]
enabled = true

3. Create a file openvpn.conf in /etc/fail2ban/filter.d/ with the following contents:

# Fail2Ban Filter for OpenVPN
#

[INCLUDES]

before = common.conf

[Definition]
_daemon = openvpn

failregex = <HOST>:[0-9]{4,5} TLS Auth Error: Auth Username/Password verification failed for peer

ignoreregex =

4. Restart services: sudo service fail2ban restart

5. Eventually add "/var/log/fail2ban.log" to the logrotate in: /etc/logrotate.d/rsyslog

6. I've also added an email alias in sendmail for fail2ban@<hostname>.<domain>

Now you'll receive emails when someone gets banned. You can test this, when you want to remove the block use something like: "sudo fail2ban-client set openvpn unbanip 1.2.3.4"

Enable VLAN tags to VMWare Player/Workstation

Gegevens
Geschreven door: gbonny
Gepubliceerd: 24 februari 2015
Laatst bijgewerkt: 10 oktober 2019
Hits: 5189
  • Fix
  • Windows
  • VLAN
  • TAG
  • VMWare
  • Player
  • Workstation
  • Wireshark
  • stripped
  • missing
  • Monitor
  • Mode
  • 802.1q
  • trunk
  • NIC
  • Interface
  • Card
  • VirtualBox

When you have a network switch which is capable of 802.1Q, also known as VLAN tagging or trunking, and you want to transport a certain VLAN directly into a VM in VMWare Player or Workstation or VirtualBox you have to do some additional configuration. Standard desktop versions of Windows strip off VLAN tags. You've probably already tried to enable Packet Priority and VLAN. People who are using Wireshark encounter the missing VLAN tags possibly as well and could follow the solution as wel below.

All you have to do is this (it took me a while I found this one out for my Intel(R) Gigabit CT desktop adapter):

1. Backup your Windows registry;

2. Navigate to: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet0001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318};

3. Open the tree and you'll see folders like 00xx;

4. Look for the folder containing your network card/NIC, displayed as DriverDesc

5. Modify/add a REG_DWORD 32bit named MonitorMode with value 1 (alternatively Realtek or other cards use REG_DWORD MonitorModeEnabled);

6. Reboot and you should be done (or enable/disable NIC).

Happy tagging!

 

Disable IPv6 on Ubuntu

Gegevens
Geschreven door: gbonny
Gepubliceerd: 22 februari 2015
Laatst bijgewerkt: 10 oktober 2019
Hits: 3798
  • Debian
  • Ubuntu
  • How-to
  • IPv6

By default Ubuntu comes with IPv6 enabled. When you don't have an IPv6 Internet connection or you want to disable IPv6 from a security perspective, it's easy to disable:

1. sudo su

2. echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.conf

3. option 1: reboot

3. option 2: sysctl -p

Pagina 2 van 3

  • 1
  • 2
  • 3