Databases, Systems & Networks

TCP SYN flood DOS attack with hping3

26/03/2024 Comments off

Hping

Wikipedia defines hping as :

hping is a free packet generator and analyzer for the TCP/IP protocol distributed by Salvatore Sanfilippo (also known as Antirez). Hping is one of the de facto tools for security auditing and testing of firewalls and networks, and was used to exploit the idle scan scanning technique (also invented by the hping author), and now implemented in the Nmap Security Scanner. The new version of hping, hping3, is scriptable using the Tcl language and implements an engine for string based, human readable description of TCP/IP packets, so that the programmer can write scripts related to low level TCP/IP packet manipulation and analysis in very short time.

On ubuntu hping can be installed from synaptic manager.

$ sudo apt-get install hping3

Syn flood

To send syn packets use the following command at terminal

$ sudo hping3 -i u1 -S -p 80 192.168.1.1

The above command would send TCP SYN packets to 192.168.1.1
sudo is necessary since the hping3 create raw packets for the task , for raw sockets/packets root privilege is necessary on Linux.

S – indicates SYN flag
p 80 – Target port 80
i u1 – Wait for 1 micro second between each packet

More options

Categories: Réseau, Sécurité Tags: attacks, DDoS, firewall, flood, iptables, TCP

Monitor your MySql replication database

26/03/2024 Comments off

how-to-monitor-mysql-replication You have configured your MySql replication, next step is to perform maintenance and monitor your replication. Percona Toolkit for MySQL is a collection of advanced command-line tools to perform a variety of MySQL server and system tasks.

The Percona Toolkit allows you to amongst many tasks to verify MySQL replication integrity, efficiently archive rows, find duplicate indexes, summarize MySQL servers, analyze queries from logs and tcpdump, collect vital system information when problems occur.

To get started you need to install Percona Toolkit, I’m using Ubuntu as an OS on my servers, installing the percona toolkit was straight forward

apt-get install percona-toolkit

To get a summary of your databases use the command – pt-mysql-summary

pt-mysql-summary --u=username --p=password

Next you would want to setup a heartbeat table in your database so you can Monitor MySQL replication delay – for that you will use the pt-heartbeat command.

pt-heartbeat -D wpslavedb --create-table --ask-pass --check --master-server-id 1

You can find the manual for the options here.

pt-heartbeat measures replication lag on a MySQL or PostgreSQL server. You can use it to update a master or monitor a replica. mk-heartbeat depends only on the heartbeat record being replicated to the slave, so it works regardless of the replication mechanism. It works at any depth in the replication hierarchy; for example, it will reliably report how far a slave lags its master’s master’s master.

Start daemonized process to update test.heartbeat table on master:

  pt-heartbeat -D wpslavedb --update -h master-server --daemonize --ask-pass

Monitor replication lag on slave:

  pt-heartbeat -D wpslavedb --monitor -h slave-server --ask-pass
  pt-heartbeat -D wpslavedb --monitor -h slave-server --dbi-driver Pg --ask-pass

Check slave lag once and exit (using optional DSN to specify slave host):

  pt-heartbeat -D wpslavedb --check h=slave-server --ask-pass

If the replication hierarchy is “master -> slave1 -> slave2” with corresponding server IDs 1, 2 and 3, you can:

  pt-heartbeat --daemonize -D wpslavedb --update -h master --ask-pass
  pt-heartbeat --daemonize -D wpslavedb --update -h slave1 --ask-pass

Then check (or monitor) the replication delay from master to slave2:

  pt-heartbeat -D wpslavedb --master-server-id 1 --check slave2 --ask-pass

Or check the replication delay from slave1 to slave2:

  pt-heartbeat -D wpslavedb --master-server-id 2 --check slave2 --ask-pass

if you developing and writing SQL statements, this command is very useful pt-query-digest – Analyze MySQL queries from logs, processlist, and tcpdump

  pt-query-digest slow.log    // requires you to have slow query logged enabled

There are other tools Percona Toolkit, these that I shown is what I find useful for my monitoring and maintenance.

If you want to find out the best MySQL configuration for your application, you can head over to Percona’s website they have a MySql wizards.

Source: torbjornzetterlund.com

Categories: Bases de données, Logiciel Tags: database, monitoring, MySQL, replication, securite

Un cluster DRBD / MySQL avec Heartbeat sur Debian 7

25/03/2024 Comments off

Source: denisrosenkranz.com

Nous avons vu précédement comment mettre un place un Cluster Apache actif/passif avec DRBD et HeartBeat. Dans ce tutoriel nous allons voir comment faire la même chose mais avec MySQL.

La configuration de DRBD et de Heartbeat est la même que pour le tutoriel précédent.

Voilà ce que nous allons mettre en place

Donc pour faire ce tutoriel suivez le tutoriel suivant jusqu’a « Installation d’apache« :

Un cluster DRBD/Apache avec Heartbeat sur Debian 7

Categories: Bases de données, Système Tags: cluster, database, MySQL, replication, securite

How to Change Location of IPTables Logs

25/03/2024 Comments off

Logs are a very important aspect of any firewall. In IPTables, linux provides such functionality as logging, but by default the logs go to a file /var/log/syslog or /var/log/messages . Sometimes it can be hard to find the information you need, as logs from the entire system are also found there.

If you want to change the file where IPTables logs into, you must configure IPTables rules to display the log prefix, next thing is configure RsysLog to get this prefix and send this to a custom log file that contains only iptables log information.

Check if you have RsysLog installed and running

root@dbsysnet:/home/olivier# dpkg -l | grep rsyslog
ii  rsyslog                               8.32.0-1ubuntu4                                 amd64        reliable system and kernel logging daemon

root@dbsysnet:/home/olivier# systemctl status rsyslog
● rsyslog.service - System Logging Service
   Loaded: loaded (/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled)
   Active: active (running) since Mon 2020-07-20 17:59:56 UTC; 16min ago
     Docs: man:rsyslogd(8)
           http://www.rsyslog.com/doc/
 Main PID: 813 (rsyslogd)
    Tasks: 4 (limit: 1111)
   CGroup: /system.slice/rsyslog.service
           └─813 /usr/sbin/rsyslogd -nJul 20 17:59:56 dbsysnet systemd[1]: Starting System Logging Service...
Jul 20 17:59:56 dbsysnet systemd[1]: Started System Logging Service.
Jul 20 17:59:56 dbsysnet rsyslogd[813]: warning: ~ action is deprecated, consider using the 'stop' statement instead [v8.32.0 try http://www.
Jul 20 17:59:56 dbsysnet rsyslogd[813]: imuxsock: Acquired UNIX socket '/run/systemd/journal/syslog' (fd 3) from systemd.  [v8.32.0]
Jul 20 17:59:56 dbsysnet rsyslogd[813]: rsyslogd's groupid changed to 106
Jul 20 17:59:56 dbsysnet rsyslogd[813]: rsyslogd's userid changed to 102
Jul 20 17:59:56 dbsysnet rsyslogd[813]:  [origin software="rsyslogd" swVersion="8.32.0" x-pid="813" x-info="http://www.rsyslog.com"] start

Configure your IPTABLES rules with --log-prefix

root@dbsysnet:/home/olivier# iptables -A INPUT -p tcp --dport 22 --syn -j LOG --log-prefix "[IPTABLES]: "

Create configuration file for RsysLog

root@dbsysnet:/home/olivier# touch /etc/rsyslog.d/10-iptables.conf

Open this file and paste below configuration and tne save file

:msg, contains, "[IPTABLES]: " -/var/log/firewall.log
& ~

Explanation:

First line check data log for word [IPTABLES] : and if the word is found it will be sent to the file /var/log/firewall.log

Second line is responsible for stopping the log processing and sending it to the standard location in this case /var/log/syslog or /var/log/messages

Restart RsysLog service

root@dbsysnet:/home/olivier# systemctl restart rsyslog

Categories: Réseau, Système Tags: firewall, iptables, logs, rsyslog

Un cluster DRBD / Apache avec Heartbeat sur Debian 7

24/03/2024 Comments off

C’est quoi Heartbeat?

Heartbeat est un logiciel de surveillance de la disponibilité des programmes, pour les systèmes d’exploitation Linux, FreeBSD, OpenBSD, Solaris et MacOS X. Il est distribué sous licence GPL.

Heartbeat écoute les battements de cœur – des signaux émis par les services d’une grappe de serveurs lorsqu’ils sont opérationnels. Lorsque qu’un serveur devient défaillant, Heartbeat le detecte (puisqu’il n’entend plus ses battements de coeurs) et bascule les services surveillés sur un autre serveur. Pour que cela soit transparent pour les utilisateurs, Heartbeat met en place une IP virtuelle unique qui est balancée entre les deux serveurs.

Voici ce que nous allons mettre en place

Mise en place de la solution

Pour ce tuto, nous allons partir du Cluster DRBD que nous avons mis en place dans le tutoriel précédent:

DRDB sur Debian 6

Categories: Logiciel, Système Tags: Apache, cluster, securite

Entrées récentes Anciennes entrées

Archive

TCP SYN flood DOS attack with hping3

Hping

Syn flood

Monitor your MySql replication database

Un cluster DRBD / MySQL avec Heartbeat sur Debian 7

How to Change Location of IPTables Logs

Un cluster DRBD / Apache avec Heartbeat sur Debian 7

C’est quoi Heartbeat?

Mise en place de la solution

Tags

Archives

Articles récents

Catégories

Categories

Blogroll

Archives

Meta