Archive

Archives pour la catégorie ‘Système’

Basic munin plugins for Snort

31/05/2023 Aucun commentaire

munin pluginsHere are some basic munin plugins for snort using perfmon (Enable preprocessor perfmonitor in snort.conf)
The snort.conf entry should look something like:

preprocessor perfmonitor: time 300 file /your/path/to/snort.stats pktcnt 5000

(Read the snort docs for more info on performance issues etc.)

Drop Rate:
http://download.gamelinux.org/snort/snort_drop_rate

Pattern Matching:
http://download.gamelinux.org/snort/snort_pattern_match

Traffic speed:
http://download.gamelinux.org/snort/snort_traffic

Alerts:
http://download.gamelinux.org/snort/snort_alerts

Avg KBytes/pkt:
http://download.gamelinux.org/snort/snort_bytes_pkt

Avg Pkts/sec:
http://download.gamelinux.org/snort/snort_pkts

Edit any one of them, to graph what you want from perfmon output. It should be easy!

And now I will test them myself!

Update:
Here is a picture to give you an idea on how the graphs looks:
http://download.gamelinux.org/snort/Snort-Munin-Plugins.pngsource: http://www.gamelinux.org/?p=32

source: GAMELINUX

Linux Command: Show Linux Version

31/05/2023 Aucun commentaire

Source: nixCraft

What command I need to type to display Linux kernel version and other information such as Linux distribution name? How do I check Linux kernel version number?

You need to use the following two commands:

[a] uname - Print kernel and system information.
[b] lsb_release - Print distribution-specific information.
[c] /proc/version file - Print running kernel information.

How to check linux kernel version number?

Open a shell prompt (or a terminal) and type the following command to see your current Linux kernel version:

$ uname -r

Sample outputs:

2.6.32-23-generic-pae

Or type the following command:

$ uname -mrs

Sample outputs:

Linux 2.6.32-23-generic-pae i686

To print all information, enter:

$ uname -a

Sample outputs:

Linux vivek-laptop 2.6.32-23-generic-pae #37-Ubuntu SMP Fri Jun 11 09:26:55 UTC 2010 i686 GNU/Linux

Where,

  • 2.6.32-23 – Linux kernel version number
  • pae – pae kernel type indicate that I’m accssing more than 4GB ram using 32 bit kernel.
  • SMP – Kernel that supports multi core and multiple cpus.

Lire la suite…

Categories: Système Tags: , , ,

Protéger ses images contre le Hotlinking

28/05/2023 Aucun commentaire
fonctionnement-hotlinkLe hotlinking est une pratique courante qui consiste, le plus souvent, à afficher une image en utilisant l’adresse URL en provenance d’un autre site où elle est publiée. En fait, au lieu de stocker l’image sur son serveur, le hotlinkeur crée un lien direct vers le serveur d’origine.Principe du Hotlinking en schéma.Cette méthode est totalement illégale puisqu’il s’agit d’un vol de bande passante. En effet, à chaque fois que l’image est visionnée par un internaute, une requête HTTP est envoyée vers le serveur qui l’héberge. Cela ralentit le serveur qui doit fournir les images hotlinkées en plus des images du site d’origine. De plus, cela peut engendrer un coût financier supplémentaire puisque certains hébergeurs prennent en compte le trafic mensuel de données afin d’éviter les abus et de préserver la bande passante.

Pour lutter contre le hotlinking, il suffit de copier le code suivant dans le fichier .htaccess présent à la racine de votre projet. Il permet de remplacer l’image volée par une autre destinée à dissuader le hotlinkeur (par ex: http://p7.storage.canalblog.com/78/13/603253/75105879.jpg).

RewriteEngine On
# Remplacer mywebsite\.com/ par l'adresse de votre site
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mywebsite\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
# Remplacer /images/nohotlink.jpg par le chemin de l'image affichée chez les voleurs
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]

Using Rsync and SSH

27/05/2023 Aucun commentaire

Source: troy.jdmz.net

Keys, Validating, and Automation

This document covers using cron, ssh, and rsync to backup files over a local network or the Internet. Part of my goal is to ensure no user intervention is required when the computer is restarted (for passwords, keys, or key managers).
I like to backup some logging, mail, and configuration information sometimes on hosts across the network and Internet, and here is a way I have found to do it. You’ll need these packages installed:
  • rsync
  • openssh
  • cron (or vixie-cron)

Please note these instructions may be specific to Red Hat Linux versions 7.3, 9, and Fedora Core 3, but I hope they won’t be too hard to adapt to almost any *NIX type OS. The man pages for ‘ssh’ and ‘rsync’ should be helpful to you if you need to change some things (use the “man ssh” and “man rsync” commands). Lire la suite…

Categories: Système Tags: , , ,

mod_geoip2 Apache module

25/05/2023 Aucun commentaire

The mod_geoip2 module embeds GeoIP database lookups into the Apache web server. It is only capable of looking up the IP of a client that connects to the web server, as opposed to looking up arbitrary addresses.

This module works with Apache 2. Please use mod_geoip with Apache 1.

Installation

You may download the latest release of mod_geoip2 or get the latest development version from GitHub. See the included INSTALL file in the tarball for installation details.

Overview

The mod_geoip2 module uses the libGeoIP library to look up geolocation information for a client as part of the http request process. This module is free software, and is licensed under the Apache license.

To compile and install this module, you must first install libGeoIP 1.4.3 or newer.

The mod_geoip2 module takes effect either during request header parsing phase or the post read request phase, depending on whether it is configured for server-wide use or for a specific location/directory.

When enabled, the module looks at the incoming IP address and sets some variables which provide geolocation information for that IP. The variables it set depend on the specific GeoIP database being used (Country, City, ISP, etc.). These variables can be set in either the request notes table, the environment or both depending on the server configuration.

Lire la suite…