Source: Reasons Unbeknownst
The old saying “Need is the father of innovation” (or something like that) held true this weekend. I was looking for an easy way to benchmark MySQL for some RAM drive InnoDB experimentation but couldn’t find anything cross platform, user friendly, and created after 2005. So I built an early version of what I was looking for.
This is a very synthetic benchmark for now. In some instances InnoDB is much faster than MyISAM (simultaneous reads/writes) but that doesn’t come across in these results. I’m planning on beefing up the benchmark options in later versions. This tool is currently useful in benchmarking hard drive / RAID performance when using InnoDB. It’s also good for basic my.cnf tweaking. Lire la suite…
source: deribin.com
Very simple solution:
1) add rule to /etc/fail2ban/jail.conf:
[spam]
enabled = true
filter = spam
action = iptables[name=SPAM, port=smtp, protocol=tcp]
sendmail-whois[name=SPAM, dest=email@your.doamin.com, sender=fail2ban@your.domain.com]
logpath = /var/log/mail.log
bantime = 3600
ignoreip = 127.0.0.1 xxx.xxx.xxx.xxx/xx
maxretry = 2
Lire la suite...
Both netfilter and pf provides rate-limit option to perform simple throttling on incoming connections on port # 22.
Iptables Example
The following example will drop incoming connections which make more than 5 connection attempts upon port 22 within 60 seconds:
#!/bin/bash
inet_if=eth1
ssh_port=22
$IPT -I INPUT -p tcp --dport ${ssh_port} -i ${inet_if} -m state --state NEW -m recent --set
$IPT -I INPUT -p tcp --dport ${ssh_port} -i ${inet_if} -m state --state NEW -m recent --update --seconds 60 --hitcount 5 -j DROP
Call above script from your iptables scripts. Another config option:
$IPT -A INPUT -i ${inet_if} -p tcp --dport ${ssh_port} -m state --state NEW -m limit --limit 3/min --limit-burst 3 -j ACCEPT
$IPT -A INPUT -i ${inet_if} -p tcp --dport ${ssh_port} -m state --state ESTABLISHED -j ACCEPT
$IPT -A OUTPUT -o ${inet_if} -p tcp --sport ${ssh_port} -m state --state ESTABLISHED -j ACCEPT
# another one line example
# $IPT -A INPUT -i ${inet_if} -m state --state NEW,ESTABLISHED,RELATED -p tcp --dport 22 -m limit --limit 5/minute --limit-burst 5-j ACCEPT
See iptables man page for more details.
*BSD PF Example
The following will limits the maximum number of connections per source to 20 and rate limit the number of connections to 15 in a 5 second span. If anyone breaks our rules add them to our abusive_ips table and block them for making any further connections. Finally, flush keyword kills all states created by the matching rule which originate from the host which exceeds these limits.
sshd_server_ip="202.54.1.5"
table <abusive_ips> persist
block in quick from <abusive_ips>
pass in on $ext_if proto tcp to $sshd_server_ip port ssh flags S/SA keep state (max-src-conn 20, max-src-conn-rate 15/5, overload <abusive_ips> flush)
Que ce soit lors de la première installation ou après la perte du mot de passe principal de MySQL, il est nécessaire de pouvoir modifier le mot de passe administrateur (root) de MySQL.
Pour pouvoir modifier le mot de passe root de MySQL, il faut pouvoir s’y connecter, Or, si vous n’avez pas le mot de passe root actuel, vous vous retrouvez alors dans une situation kafkaïenne. Si vous connaissez le mot de passe actuel de MySQL et que vous souhaitez juste changer le mot de passe root, vous pouvez sauter cette étape ! Lire la suite…