Archive

Articles taggués ‘debian’

How to configure a syslog server with rsyslog on Linux

25/06/2022 Aucun commentaire

rsyslog linuxA syslog server represents a central log monitoring point on a network, to which all kinds of devices including Linux or Windows servers, routers, switches or any other hosts can send their logs over network. By setting up a syslog server, you can filter and consolidate logs from different hosts and devices into a single location, so that you can view and archive important log messages more easily.

On most Linux distributions, rsyslog is the standard syslog daemon that comes pre-installed. Configured in a client/server architecture, rsyslog can play both roles; as a syslog server rsyslog can gather logs from other devices, and as a syslog client, rsyslog can transmit its internal logs to a remote syslog server.

In this tutorial, we cover how to configure a centralized syslog server using rsyslog on Linux. Before we go into the details, it is instructive to go over syslog standard first.

Basic of Syslog Standard

When logs are collected with syslog mechanism, three important things must be taken into consideration:

  • Facility level: what type of processes to monitor
  • Severity (priority) level: what type of log messages to collect
  • Destination: where to send or record log messages

Let’s take a look at how the configuration is defined in more detail.

The facility levels define a way to categorize internal system processes. Some of the common standard facilities in Linux are:

  • auth: messages related to authentication (login)
  • cron: messages related to scheduled processes or applications
  • daemon: messages related to daemons (internal servers)
  • kernel: messages related to the kernel
  • mail: messages related to internal mail servers
  • syslog: messages related to the syslog daemon itself
  • lpr: messages related to print servers
  • local0 – local7: messages defined by user (local7 is usually used by Cisco and Windows servers)

The severity (priority) levels are standardized, and defined by using standard abbreviation and an assigned number with number 7 being the highest level of all. These levels are:

  • emerg: Emergency – 0
  • alert: Alerts – 1
  • crit: Critical – 2
  • err: Errors – 3
  • warn: Warnings – 4
  • notice: Notification – 5
  • info: Information – 6
  • debug: Debugging – 7

Finally, the destination statement enforces a syslog client to perform one of three following tasks: (1) save log messages on a local file, (2) route them to a remote syslog server over TCP/UDP, or (3) send them to stdout such as a console.

In rsyslog, syslog configuration is structured based on the following schema.

[facility-level].[severity-level]  [destination]

Lire la suite…

Categories: Système Tags: , ,

Debian / Ubuntu / CentOs – Block DDOS attacks with No More DDOS (formerly : DDoS Deflate)

12/06/2022 Comments off

If you arrive on this page, is that you have already received a DDoS attack on your server or you want to protect it before this attack happens on your server.
In this tutorial, we will install “No More DDoS” (replacing DDoS Deflate that is no longer maintained by its author) that lets you easily protect you against small DDoS attacks.

This script is available in 2 versions :

  1. the Debian version, compatible with : Debian 6/7/8, Ubuntu Server 13.10, Ubuntu Server 14.04, Linux Mint 17 and distributions based on Debian.
  2. the CentOs version, compatible with : CentOs 6/7, RHEL 6/7 (à venir dans la version 2.0), Fedora 20 (coming in version 2.0), and distributions based on CentOs.
  1. Install No More DDoS
  2. Configure No More DDoS
  3. No More DDoS GUI
  4. Update No More DDoS
  5. Uninstall No More DDoS

1. Install No More DDoS

To install “No More DDoS for Debian“, use the following command :

wget -O- https://raw.githubusercontent.com/stylersnico/nmd/master/debian/install.sh | sh

To install”No More DDoS for CentOS 7” use the following command :

wget -O- https://raw.githubusercontent.com/stylersnico/nmd/master/centos/install.sh | sh

2. Configurer No More DDoS

To configure No More DDoS, edit the “/usr/local/nmd/conf.d/agent.conf” file :

vim  /usr/local/nmd/conf.d/agent.conf

In this file, you can edit the following information :

  • FREQ : Interval time between 2 launches of the script. By default, this script is run once per minute.
  • NO_OF_CONNECTIONS : Corresponds to the maximum number of established connections to an IP address. If an IP address has more than 500 connections established on your server, this IP will be banned.
  • APF_BAN : By default, the script blocks IP addresses in the firewall with iptables (APF_BAN=0). To use “APF”, specify 1 (APF_BAN=1).
  • EMAIL_TO : If you wish to be notified when blocking a DDoS attack, enter your email address at this line. If you leave this empty, then, no e-mail will be sent.
  • BAN_PERIOD : Period during an IP address is blocked. Default : 3600 seconds = 1 hour.

Lire la suite…

Categories: Réseau, Sécurité Tags: , , ,

Debian / Ubuntu: apt-get Force Reinstall Package

13/04/2022 Comments off

Source: nixCraft

I am a new Debian Linux v.7.x / Ubuntu Linux LTS user. How do I reinstall a package using apt-get command line?

The Advanced Packaging Tool (APT) works on both Debian / Ubuntu and it can handle the installation and removal of software. You need use apt-get command as follows to forcefully reinstall package. The syntax is:

apt-get --reinstall install PackageNameHere

OR

apt-get --reinstall install Package1 Package2

The --reinstall option re-install packages that are already installed and at the newest version.

Pro tip: Backup configuration files before you reinstall packages. For example, if you are reinstalling nginx web server package, backup /etc/nginx/ with cp command i.e. mkdir /root/nginx.mmddyyyy/; cp -avr /etc/nginx/* /root/nginx.mmddyyy/

Examples

The following command will reinstall rsync package. Open a terminal and then type:
$ sudo apt-get --reinstall install rsync
OR
# apt-get --reinstall install rsync
Sample outputs:

apt-get-reinstall-command

Fig.01: Debian / Ubuntu Linux reinstall a package using apt-get command

If above method failed for you, try the following syntax. Make sure you backup config file before typing the following commands. Please note that the --purge option is identical to remove except that packages are removed and purged including any configuration files are deleted too.

 
sudo apt-get --purge remove package1
sudo apt-get install package1
Categories: Système Tags: , , ,

Debian Linux apt-get package management cheat sheet

11/04/2022 Comments off

Source: nixCraft

Both Debian and Ubuntu Linux provides a number of package management tools. This article summaries package management command along with it usage and examples for you.

  • apt-get : APT is acronym for Advanced Package Tool. It supports installing packages over internet using ftp or http protocols. You can also upgrade all packages in a single operations, which makes it even more attractive.
  • dpkg : Debian packaging tool which can be use to install, query, uninstall packages.

Gui tools: You can also try GUI based or high level interface to the Debian GNU/Linux package system. Following list summaries them:

  • aptitude: It is a text-based interface to the Debian GNU/Linux package system.
  • synaptic: GUI front end for APT

Red hat Linux package names generally end in .rpm, similarly Debian package names end in .deb, for example:

apache_1.3.31-6_i386.deb

Where,

  1. apache : Package name
  2. 1.3.31-6 : Version number
  3. i386 : Hardware Platform on which this package will run (i386 == intel x86 based system)
  4. .deb : Extension that suggest it is a Debian package

Remember, whenever I refer .deb file it signifies complete file name, and whenever I refer package name it must be first part of .deb file. For example, when I refer to a package sudo it means sudo only and not the .deb file i.e. sudo_1.6.7p5-2_i386.deb. You can find out debian package name with the following command:

apt-cache search {package-name}
apt-cache search apache

Finally, most of the actions listed in this post are written with the assumption that they will be executed by the root user running the bash or any other modern shell. Lire la suite…

Categories: Système Tags: , , , , ,

Debian/Ubuntu Linux: Restrict an SSH user session to a specific directory by setting chrooted jail

10/04/2022 Comments off

Source: nixCraft

I setup a web-server. I need to grant a user ssh access but I do not trust users. How can I limit user session to a specific directory such as /home/httpd/$USERNAME? How do I set up a ssh chroort jail on a Linux operating systems?

You can interactive shell with special root directory on a Linux or Unix-like systems. You can set the pathname (such as /home/httpd/foo) of a directory to chroot to after authentication. All components of the pathname must be root owned directories that are not writable by any other user or group. After the chroot, sshd changes the working directory to the user’s home directory.

Say hello to ChrootDirectory directive

From the sshd_config man page:

The ChrootDirectory must contain the necessary files and directo ries to support the user’s session. For an interactive session this requires at least a shell, typically sh(1), and basic /dev nodes such as null(4), zero(4), stdin(4), stdout(4), stderr(4), arandom(4) and tty(4) devices. For file transfer sessions using “sftp”, no additional configuration of the environment is necessary if the in-process sftp server is used, though sessions which use logging do require /dev/log inside the chroot directory.

Lire la suite…

Categories: Système Tags: , , , ,