Databases, Systems & Networks

Source: how-to.ovh

Marre des pays exotiques qui essaient de s’introduire sur le serveur et pourrissent vos logs et font bosser fail2ban ?

Une solution pour bloquer les pays avec lesquels vous n’avez pas de relations. Pour Debian mais sûrement adaptable à d’autres distributions.

# Install GeoIP pour iptables

apt-get install dkms xtables-addons-dkms xtables-addons-common xtables-addons-dkms geoip-database libgeoip1 libtext-csv-xs-perl unzip

# On vérifie que c’est ok

dkms status xtables-addons

# on crée le repertoire

mkdir /usr/share/xt_geoip

# on se déplace dedans

cd /usr/share/xt_geoip/

# on télécharge le fichier

wget http://man.sethuper.com/wp-content/uploads/2013/06/geoip-dl-build.tar.gz

# on le décompresse

tar xvf geoip-dl-build.tar.gz

# on l’exécute

./xt_geoip_dl

# si cela donne un message d’erreur, on fait ceci

/usr/bin/perl -MCPAN -e'install Text::CSV_XS'

# on exécute l’autre fichier

./xt_geoip_build -D . *.csv

# on efface les fichiers inutiles

rm -rf geoip-dl-build.tar.gz

# on teste iptables en bloquant la Chine et la Russie

iptables -A INPUT -m geoip --src-cc CN,RU -j DROP

# on vérifie

iptables -L -v

# ce qui donnera cette ligne indiquant que les pays seront bloqués

DROP all -- anywhere anywhere -m geoip --source-country CN,RU

pour interdire le port 22 à ces pays

iptables -A INPUT -p tcp --dport 22 -m geoip --src-cc CN,RU -j DROP

Source: jeshurun.ca

Anyone who has administered even a moderately high traffic server will have noticed that certain unwelcome traffic such as port scans and probes tend to come from IP addresses belonging to a certain group of countries. If your application or service does not cater to users in these countries, it might be a safe bet to block these countries off entirely.

This is especially true for email servers. The average email server, based on anecdotal evidence of servers for around 20 domains, rejects about 30% of incoming email every day as spam. Some servers on some days reject up to as much as 97% of incoming email as spam. Most of these originate in a certain subset of countries. That is a lot of wasted CPU cycles being expended on scanning these undesired emails for spam and viruses. Although tools such as amavisd and spamassasin do a good job of keeping the vast majority of spam out of users’ inboxes, when the rare well crafted and targeted phishing email does get through, it wrecks havoc in the enterprise.

Lire la suite…

Shell is used for various purposes under Linux. Linux user environment is made of the following components:

• Kernel – The core of Linux operating system.
• Shell – Provides an interface between the user and the kernel.
• Terminal emulator – The xterm program is a terminal emulator for the X Window System. It allows user to enter commands and display back their results on screen. 
• Linux Desktop and Windows Manager – Linux desktop is collection of various software apps. It includes the file manger, the windows manager, the Terminal emulator and much more. KDE and Gnome are two examples of the complete desktop environment in Linux.

Login

User can login locally into the console when in runlevel # 3 or graphically when in runlevel # 5 (the level numbers may differ depending on the distribution). In both cases you need to provide username and password. Bash uses the following initialization and start-up files:

1. /etc/profile – The systemwide initialization file, executed for login shells.
2. /etc/bash.bashrc – The systemwide per-interactive-shell startup file. This is a non-standard file which may not exist on your distribution. Even if it exists, it will not be sourced unless it is done explicitly in another start-up file.
3. /etc/bash.logout – The systemwide login shell cleanup file, executed when a login shell exits.
4. $HOME/.bash_profile – The personal initialization file, executed for login shells.
5. $HOME/.bashrc – The individual per-interactive-shell startup file.
6. $HOME/.bash_logout – The individual login shell cleanup file, executed when a login shell exits.
7. $HOME/.inputrc – Individual readline initialization file.

Bash Startup Scripts

Script of commands executed at login to set up environment. For example, setup JAVA_HOME path.

Login Shell

Login shells are first shell started when you log in to the system. Login shells set environment which is exported to non-login shells. Login shell calls the following when a user logs in:

• /etc/profile runs first when a user logs in runlevel # 3 (the level numbers may differ depending on the distribution).
  • /etc/profile.d
• $HOME/.bash_profile, $HOME/.bash_login, and $HOME/.profile, runs second when a user logs in in that order. $HOME/.bash_profile calls $HOME/.bashrc, which calls /etc/bashrc (/etc/bash.bashrc).

Non-Login Shell

• When an  interactive shell that is not a login shell is started, bash reads and executes commands from /etc/bash.bashrc or /etc/bashrc and $HOME/.bashrc, if these files exist. First, it calls $HOME/.bashrc. This calls /etc/bash.bashrc, which calls /etc/profile.d.

Bash Logout Scripts

• When a login shell exits, bash reads and executes commands from the file $HOME/.bash_logout, if it exists.

Source: Cybercitiz

Source: osxdaily.com

Though Mac users don’t usually have to worry excessively about “camfecting” malware and spyware, some security conscious users may find it nice to know if a process or application is attempting to access their computers web camera or microphone. 

With the help of a free third party security utility called Oversight, you can have your Mac alert you anytime an application or process tries to activate either recording device on the computer. 

The developer of Oversight explains why a tool like Oversight could be valuable to some users:

“One of the most insidious actions of malware, is abusing the audio and video capabilities of an infected host to record an unknowing user. Macs, of course, are not immune; malware such as OSX/Eleanor, OSX/Crisis, OSX/Mokes, and others, all attempt to spy on OS X users. OverSight constantly monitors a system, alerting a user whenever the internal microphone is activated, or the built-in webcam is accessed. And yes, while the webcam’s LED will turn on whenever a session is initially started, new research has shown that malware can surreptitious piggyback into such existing sessions (FaceTime, Sykpe, Google Hangouts, etc.) and record both audio and video – without fear of detection.” 

Sound good? If so, it’s a free download that is easy to install on a Mac with either macOS or Mac OS X:

• Grab Oversight from developer Objective-See here

If you’re interested in this app, simply download Oversight and run the installer (it can be just as easily uninstalled later if you decide you do not need it).

Once installed, Oversight is small and lightweight running quietly in the background, and it will alert you anytime the Mac microphone or webcam FaceTime camera are attempting to be activated. You can then directly intervene and either allow the webcam or microphone access (for legitimate use), or deny it (for theoretical illegitimate use).

Keep in mind that Oversight does not differentiate between legitimate and illegitimate use of the webcam and microphone on your Mac, that is up to you. For example, you will get a notification alert that the microphone and FaceTime camera are trying to be accessed when you open an app like Skype, Photo Booth, FaceTime, or are recording a video on your Mac with the webcam, but since those applications legitimately use the computers microphone and camera they are probably nothing to be concerned about (assuming you have launched them yourself anyway). On the other hand, if out of the blue and with no provocation if you see a process has attempted to access your microphone, that could potentially be an unauthorized attempt to use the microphone and you could choose to reject it and block the device access with Oversight. Whenever possible, Oversight will attempt to notify you of the process name and PID, but sometimes you will see blank notifications of access anyway – again just think about what apps you are using and if they have any reason to use your camera or microphone, similar to how you can control this type of access in iOS for Photos, camera, and microphone. 

This is a software solution which is quite a bit more fancy than the low-tech solution of putting tape on your web camera like the FBI Director does and many security professionals do. You could always use Oversight along with some tape too if you’re extra concerned about your Mac webcam or microphone access and want to be sure nothing fishy is going on from camfecting or otherwise. 

While apps like Oversight could be considered overboard and unnecessary for many Mac users, others who are privacy conscious or in fields where higher security matters may find them to be helpful. I’ve personally noticed a particular web browser will occasionally attempt to access the microphone on my Mac from time to time without an obvious reason which I find to be… curious… and Oversight notified me each time. It’s not for everyone, but if you want to be notified when something is trying to use your Mac camera or microphone, check out the app yourself. 

Well folks its time that my old home hosted server is retired. Which means I have to migrate all of my 5 websites to a new server. Thanks to the way apache, MySQL WordPress and Drupal work, its easy.

1. Copy Apache Config Files

# ssh username@oldserver
# scp /etc/apache2/sites-available/ user@newserver:/etc/apache2/sites-available/

This will copy all the apache config files over to the new server. Now enable all the sites you copied by creating a symbolic link for each .config file you copied in sites-enabled.

# ln -s /etc/apache2/sites-available/yourwebsite.com.conf /etc/apache2/sites-enabled/yourwebsite.com.conf

or use the command a2ensite which does the same thing for you

# a2ensite yourwebsite.com

Restart apache for the changes to take effect.

# /etc/init.d/apache2 restart

2. Copy Your Websites

# scp -r /var/www/ username@newserver:/var/www

Default WordPress and Drupal installs are just files and we have now copied them across. However all the content, comments etc are stored within MySQL so lets migrate that now.

3. Migrate MySQL

Start by being logged into the old server.

# mysqldump --all-databases -u root -p > backup.sql
# scp backup.sql username@newserver:/home/username/
# ssh username@newserver
# mysql -u root -p < backup.sql

What we did here was use mysqldump to script every database and its contents into several sql commands. Then we copied them to the new server and piped them into the new sql server. All our databases, users and table contents have been imported. Magic.

4. DNS Migration

Now all you need to do is reconfigure your DNS servers to point to the new IP address. Chances are your not hosting your own DNS server so you will have to update them using your provider’s web interface. A word of advice though, create a new entry like test.yourdomain.com and point it to the new server first to make sure everything works.