Tuesday, December 16, 2014

Securing ssh server from automated bot hacks

SSH server running on some quite popular hosting is exposed to many automated attacks these days.
There are more and more bots scanning the whole Internet and especially targeting popular hosting/VPS providers.

1. Changing the default sshd port number

In contrast to other well known services (ftp/mail/www) ssh server does not need to listen on the default port. It's being used by a fewer people, sometimes only you and changing the default port is yet another step in increasing your server security.
I have been using fail2ban software for some time. It scans the logs for failed login attempts and bans the attacker's IP if he fails to login too many times.
However, after a few days my firewall was full of banned IPs (good day - 5/10 IPs, bad day - more than 20).
From now on my ssh server is always running on a non-standard IP.
The number of failed login attempts has greatly decreased and the automated attacks are no longer spamming my logs.

 Some useful settings from /etc/ssh/sshd_config file:
[root@server ~]# egrep "^Port|^PermitRootLogin|^MaxAuth"  /etc/ssh/sshd_config
Port 4321
PermitRootLogin no
MaxAuthTries 3

2. Logging incoming connections

Even with ssh daemon running on a different port you may find it useful to log all the connection attempts to it. You can catch it via following iptables rule:
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 4321 -j LOG --log-prefix "iptables: "
Which should be inserted before accepting the connection on ssh port.
Next if you're using rsyslogd you can filter all the messages starting with "iptables :" and put them into a separate file:
[root@server ~]# cat /etc/rsyslog.d/iptables.conf
:msg, startswith, "iptables: " -/var/log/iptables.log
& ~
[root@server ~]# service rsyslog restart

[root@server ~]# cat /var/log/iptables.log
Dec 16 18:39:41 server kernel: iptables: IN=eth0 OUT= MAC=00:1c:14:01:30:de:00:16:83:76:07:29:08:00 SRC=10.23.189.14 DST=20.40.50.101 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=31528 DF PROTO=TCP SPT=44074 DPT=4321 WINDOW=29200 RES=0x00 SYN URGP=0
Posted by at No comments:
Labels: , , , , ,

Friday, August 8, 2014

World of Warcraft on Ubuntu 14.04 and #132 error

While trying to play World of Warcraft on my new Ubuntu 14.04.1 I have encountered #132 error.
As you might already found it, the error can mean anything. 
In my example I had nvidia-prime packages installed (I have Nvidia Optimus in my laptop) but even with WOW driver set to OpenGL it was hanging and throwing #132 error few moments after the characters were loaded.

 Solution in my case was very simple:
1. I have added ppa:ubuntu-wine/ppa repository
2. executed sudo apt-get upgrade
3. And upgraded wine from 1.6 to 1.7: sudo apt-get install wine1.7

Finally just check if your wine is now 1.7 and start the game again:
wine --version
wine Wow-64.exe
 
Posted by at 1 comment:
Labels: ,

Thursday, February 13, 2014

Mint 16 on Lenovo Y510P (nvidia card)

I have just installed Mint 16 Cinnamon which is highy recommended Linux distro for users who have no time to lose and like systems working out-of-box.

Unfortunately, on Lenovo Y510P with Nvidia 755M graphic card it doesn't work at all (I assume other nvidia cards doesn't work as well).
First of all you need to perform the installation using safe boot mode.

After the installation system will not start up properly.
You may notice that the graphic driver is throwing some errors and then the boot process stops.

To fix this issue you need to:
1. Boot from the installation media
2. Mount proc and root filesystem:
mount /dev/mapper/mint--vg-root /mnt
mount none -t proc /mnt/proc
3. Chroot to the system installed on your hard-drive
chroot /mnt /bin/bash
4. Remove the nouveau driver:
apt-get remove xserver-xorg-video-nouveau
5. Install nvidia driver:
apt-get install nvidia-current
6. And reboot the system
reboot

Your system should now boot up properly.
Posted by at No comments:
Labels: , , , ,
Subscribe to: Posts (Atom)