Archive

Articles taggués ‘Ubuntu’

Protect DDOS attacks

20/03/2019 Comments off

Protect DDOS attacks

Using ModEvasive agains DDoS attacksprotect ddos attacks

The first think to do is to install ModEvasive. All details are provided in http://hardenubuntu.com/hardening/apache/modsecurity/.

Configuring UFW

The following instructions can be added to the UFW rules. Edit the /etc/ufw/before.rules:

sudo vi /etc/ufw/before.rules

Add those lines after *filter near the beginning of the file:

:ufw-http - [0:0]
:ufw-http-logdrop - [0:0]

Add those lines near the end of the file, before the COMMIT:

### Start HTTP ###

# Enter rule
-A ufw-before-input -p tcp --dport 80 -j ufw-http
-A ufw-before-input -p tcp --dport 443 -j ufw-http

# Limit connections per Class C
-A ufw-http -p tcp --syn -m connlimit --connlimit-above 50 --connlimit-mask 24 -j ufw-http-logdrop

# Limit connections per IP
-A ufw-http -m state --state NEW -m recent --name conn_per_ip --set
-A ufw-http -m state --state NEW -m recent --name conn_per_ip --update --seconds 10 --hitcount 20 -j ufw-http-logdrop

# Limit packets per IP
-A ufw-http -m recent --name pack_per_ip --set
-A ufw-http -m recent --name pack_per_ip --update --seconds 1 --hitcount 20 -j ufw-http-logdrop

# Finally accept
-A ufw-http -j ACCEPT

# Log
-A ufw-http-logdrop -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW HTTP DROP] "
-A ufw-http-logdrop -j DROP

### End HTTP ###

Lire la suite…

Securing your server with iptables

12/03/2019 Comments off

Securing your server with iptables

securing your server linuxIn the Getting Started guide, you learned how to deploy a Linux distribution, boot your Linode and perform some basic administrative tasks. Now it’s time to harden your Linode to protect it from unauthorized access.

Update Your System–Frequently

Keeping your software up to date is the single biggest security precaution you can take for any operating system–be it desktop, mobile or server. Software updates frequently contain patches ranging from critical vulnerabilities to minor bug fixes, and many software vulnerabilities are actually patched by the time they become public.

Automatic Security Updates

There are opposing arguments for and against automatic updates on servers. Nonetheless, CentOS, Debian, Fedora and Ubuntu can be automatically updated to various extents. Fedora’s Wiki has a good breakdown of the pros and cons, but if you limit updates to those for security issues, the risk of using automatic updates will be minimal.

The practicality of automatic updates must be something which you judge for yourself because it comes down to what you do with your Linode. Bear in mind that automatic updates apply only to packages sourced from repositories, not self-compiled applications. You may find it worthwhile to have a test environment which replicates your production server. Updates can be applied there and reviewed for issues before being applied to the live environment.

Add a Limited User Account

Up to this point, you have accessing your Linode as the root user. The concern here is that roothas unlimited privileges and can execute any command–even one that could accidentally break your server. For this reason and others, we recommend creating a limited user account and using that at all times. Administrative tasks will be done using sudo to temporarily elevate your limited user’s privileges so you can administer your server without logging in as root.

To add a new user, log in to your Linode via SSH.

CentOS / Fedora

  1. Create the user, replacing example_user with your desired username, and assign a password:
    useradd example_user && passwd example_user
  2. Add the user to the wheel group for sudo privileges:
    usermod -aG wheel example_user

Debian / Ubuntu

  1. Create the user, replacing example_user with your desired username. You’ll then be asked to assign the user a password.
    adduser example_user
  2. Add the user to the sudo group so you’ll have administrative privileges:
    adduser example_user sudo

With your new user assigned, disconnect from your Linode as root:

exit

Log back in to your Linode as your new user. Replace example_user with your username, and the example IP address with your Linode’s IP address:

ssh example_user@203.0.113.0

Now you can administer your Linode from your new user account instead of root. Superuser commands can now be prefaced with sudo; for example, sudo iptables -L. Nearly all superuser commands can be executed with sudo, and those commands will be logged to /var/log/auth.log.

Lire la suite…

How to upgrade Plex Media Server on Ubuntu Server

11/03/2019 Comments off

upgrade plex media serverPlex Media Server is amazing and fantastic in so many ways! It’s got a better interface, better streaming capabilities, and better library scraping. It’s completely replaced XBMC for my media needs. The biggest drawback is there isn’t quite as much documentation out there for it. I noticed that my Plex Server was out of date, and a quick search didn’t give any exact results for upgrading on Ubuntu.

With enough research, I found how easy an upgrade actually is. For those trying to do the same, I’ll share the exact commands with you.

Grab the latest version

Go to Plex’s site and look for the latest version. You ned the link for the ‘.deb’ file. For me, I was upgrading to 0.9.8.10.215.

So, on your Ubuntu server, run the following:

Categories: Logiciel Tags:

tmux & screen cheat-sheet

08/03/2019 Comments off

screen and tmux

A comparison of the features (or more-so just a table of notes for accessing some of those features) for GNU screen and BSD-licensed tmux.

The formatting here is simple enough to understand (I would hope). ^ means ctrl+, so ^x is ctrl+x. M- means meta (generally left-alt or escape)+, so M-x is left-alt+x

It should be noted that this is no where near a full feature-set of either group. This – being a cheat-sheet – is just to point out the most very basic features to get you on the road.

Trust the developers and manpage writers more than me. This document is originally from 2009 when tmux was still new – since then both of these programs have had many updates and features added (not all of which have been dutifully noted here).

Actiontmuxscreen
start a new sessiontmux OR
tmux new OR
tmux new-session
screen
re-attach a detached sessiontmux attach OR
tmux attach-session
screen -r
re-attach an attached session (detaching it from elsewhere)tmux attach -d OR
tmux attach-session -d
screen -dr
re-attach an attached session (keeping it attached elsewhere)tmux attach OR
tmux attach-session
screen -x
detach from currently attached session^b d OR
^b :detach
^a ^d OR
^a :detach
rename-window to newname^b , <newname> OR
^b :rename-window <newn>
^a A <newname>
list windows^b w^a w
list windows in chooseable menu ^a « 
go to window #^b #^a #
go to last-active window^b l^a ^a
go to next window^b n^a n
go to previous window^b p^a p
see keybindings^b ?^a ?
list sessions^b s OR
tmux ls OR
tmux list-sessions
screen -ls
toggle visual bell ^a ^g
create another window^b c^a c
exit current shell/window^d^d
split window/pane horizontally^b « ^a S
split window/pane vertically^b %^a |
switch to other pane^b o^a <tab>
kill the current pane^b x OR (logout/^D) 
collapse the current pane/split (but leave processes running) ^a X
close other panes except the current one^b ! 
cycle location of panes^b ^o 
swap current pane with previous^b { 
swap current pane with next^b } 
show time^b t 
show numeric values of panes^b q 
toggle zoom-state of current pane (maximize/return current pane^b z 
break the current pane out of its window (to form new window)^b ! 

Source: dayid.org

Tmux (terminal multiplexer)

07/03/2019 Comments off

TmuxTmux, à l’instar de Screen, est un multiplexeur de terminaux, outil permettant d’exploiter plusieurs terminaux au sein d’un seul et même affichage.

Installation

Tmux n’est pas installé par défaut. Pour l’installer à l’aide d’un utilitaire graphique il suffit d’Installer le paquets tmux.
Par l’installer avec apt-get depuis un terminal, il suffit de saisir la commande suivante :

sudo apt-get install tmux

Utilisation de tmux

Depuis le tableau de bord (dash), un terminal ou encore une console saisissez la commande suivante :

tmux

Les principaux raccourcis

Tmux fait appel à l’ensemble de touches <Ctrl> <b> là ou screen fait appel à <Ctrl> <a>.

Les raccourcis et fonctions étant proches voire identiques à ceux de Screen, pour mieux les comprendre, reportez-vous à la page Screen.
 

Raccourcis de base

  • <Ctrl> <b> suivi de <c> : Créer un nouveau terminal dans la session tmux active
  • <Ctrl> <b> suivi de <n> : Switcher entre les différents terminaux de la session
  • <Ctrl> <b> suivi de <X> : Choisir un terminal spécifique (ou X est le numéro du terminal)
  • <Ctrl> <b> suivi de <d> : Se détacher de la session tmux (lancer ‘tmux a’ pour s’y rattacher)
  • <Ctrl> <b> suivi de <,> : Permet de renommer un terminal
  • <Ctrl> <b> suivi de <w> : Affiche la liste des terminaux disponibles
  • <Ctrl> <b> suivi de <t> : Afficher l’heure dans un terminal

Commandes dans un Split

  • <Ctrl> <b> suivi de <« > : Split vertical du terminal courant en deux ouverture d’un terminal dans le nouveau panel
  • <Ctrl> <b> suivi de <%> : Split horizontal du terminal courant en deux ouverture d’un terminal dans le nouveau panel
  • <Ctrl> <b> suivi de <o> : Switcher entre les terminaux splittés
  • <Ctrl> <b> suivi de <espace> : Changer l’organisation visuelle des terminaux splittés
  • <Ctrl> <b> suivi de <Alt> (flèches directionnelles) : Reduire, agrandir fenêtre du split
  • <Ctrl> <b> suivi de <!> : Convertir un split en terminal seul
  • <Ctrl> <b> suivi de <q> : Afficher les numéros des terminaux splittés
  • <Ctrl> <b> puis saisissez :join : permet de joindre un terminal seul dans un split

Par exemple, après avoir tapé le combo <Ctrl> <b> si vous saisissez

:join -v -s 3.0 -p 50

Où :

  • -h ou -v : pour horizontalement ou verticalement
  • -s 3.0 : terminal 3 et volet 0 (volet si écran splitté)
  • -p 50 : occupation à 50% de la fenêtre

Ici donc vous ajouterez verticalement, un terminal numéroté 3 et qui prendra 50% de l’espace total.

Lire la suite…