Fail2Ban (with iptables) And Asterisk Fail2Ban is a limited intrusion detection/prevention system. It works by scanning log files and then taking action based on the entries in those logs.We are implementing Fail2Ban with a configuration to be able to prevent SIP brute force attacks against our Asterisk PBXs.You can get Fail2Ban, as well as more documentation, at www.fail2ban.org. At the time this is being written, the current release is 0.8.4.The following describes how to setup Fail2Ban to protect an Asterisk PBX from SIP brute force attempts and scans utilizing the iptables firewall. SECURITY NOTE: fail2ban is rather limited in its ability to detect attacks against asterisk. Easy Install Script for Fail2ban version 0.8.4 / Red Hat This script was written by Cédric Brohée in order to simplify and accelerate the integration of the solution in a basic Asterisk configuration on Red Hat.Do not hesitate to read the bash script and make changes to match your own configuration. Before running it, you will have to do chmod 755.
Securing your ssh server One of the most common questions that I see in my favorite IRC channel is: “How can I secure sshd on my server?” There’s no single right answer, but most systems administrators combine multiple techniques to provide as much security as possible with the least inconvenience to the end user. Here are my favorite techniques listed from most effective to least effective: SSH key pairs By disabling password-based authentication and requiring ssh key pairs, you reduce the chances of compromise via a brute force attack. This can also help you protect against weak account passwords since a valid private key is required to gain access to the server. However, a weak account password is still a big problem if you allow your users to use sudo. If you’re new to using ssh keys, there are many great guides that can walk you through the process. Firewall Limiting the source IP addresses that can access your server on port 22 is simple and effective. The iptables rules would look something like this:
Fail2ban Fail2Ban is an intrusion prevention framework written in the Python programming language. It works by reading SSH, ProFTP, Apache logs etc.. and uses iptables profiles to block brute-force attempts. To install fail2ban, type the following in the terminal: sudo apt-get install fail2ban Configuration To configure fail2ban, make a 'local' copy the jail.conf file in /etc/fail2ban cd /etc/fail2ban sudo cp jail.conf jail.local Now edit the file: sudo nano jail.local Set the IPs you want fail2ban to ignore, the ban time (in seconds) and maximum number of user attempts to your liking: [DEFAULT] # "ignoreip" can be an IP address, a CIDR mask or a DNS host ignoreip = 127.0.0.1 bantime = 3600 maxretry = 3 Email Notification Note: You will need sendmail or any other MTA to do this. If you wish to be notified of bans by email, modify this line with your email address: destemail = your_email@domain.com Then find the line: action = %(action_)s and change it to action = %(action_mw)s Jail Configuration enabled = true
CoreOS Logcheck -- Logfile Scanner UNIX / Linux: Send E-mail When sudo Runs I'm not told to use the root user to perform activities that do not require it. I've configured sudo for myself and for other web developers so that they can restart MySQL or Apache web server. How do I send email when sudo run by one of my user? How do I keep track of user login done via sudo command? Configure sudo To Send E-mail Sudo can be configured to to send e-mail when the sudo command is used. mailto "admin@staff.example.com" mail_always on Where, mailto "admin@staff.example.com" : Your email id.mail_always : Send mail to the mailto user every time a users runs sudo. Additional options: Sudo Logfile By default, sudo logs vis syslog. Defaults ! Save and close the file. Jul 1 12:30:13 : vivek : TTY=pts/3 ; PWD=/home/vivek ; USER=root ; COMMAND=/bin/bash Jul 1 12:34:02 : vivek : TTY=pts/0 ; PWD=/home/vivek ; USER=root ; COMMAND=sudoedit /etc/sudoers
20 Linux System Monitoring Tools Every SysAdmin Should Know Need to monitor Linux server performance? Try these built-in commands and a few add-on tools. Most Linux distributions are equipped with tons of monitoring. These tools provide metrics which can be used to get information about system activities. You can use these tools to find the possible causes of a performance problem. Finding out bottlenecks.Disk (storage) bottlenecks.CPU and memory bottlenecks.Network bottlenecks. #1: top - Process Activity Command The top program provides a dynamic real-time view of a running system i.e. actual process activity. Fig.01: Linux top command Commonly Used Hot Keys The top command provides several useful hot keys: => Related: How do I Find Out Linux CPU Utilization? #2: vmstat - System Activity, Hardware and System Information The command vmstat reports information about processes, memory, paging, block IO, traps, and cpu activity. # vmstat 3 Sample Outputs: Display Memory Utilization Slabinfo # vmstat -m Get Information About Active / Inactive Memory Pages
DenyHosts