Category: Operating Systems

Adding “File Does Not Exist” Filter To Fail2Ban: Ubuntu 12.04 LTS

Ok so here is a quick post to a common question… adding a filter to fail2ban for bot/scanners searching for files, folders or simply doing recon which can result in exploit discovery, this filter will automatically block a visitor/bot after 4 attempts to scan for a file that does not exist on your domain/server.

like always… BASH IN! (lol…)

sudo bash

First Lets create a new entry in our jail.local file…

vim /etc/fail2ban/jail.local

 

copy the following text after the last apache entry…

[apache-nofile]
enabled = true
port = http,https
filter = apache-nofile
logpath = /var/log/apache*/*error.log
maxretry = 4

 

Now that we have added the entry into our jail.local we proceed, change to the filter.d directory, in this folder you will see lots of other pre-configured filters

cd /etc/fail2ban/filter.d

 

instead of creating a new filter file simply copy another, this will make the next step easier…

cp /etc/fail2ban/filter.d/apache-auth.conf /etc/fail2ban/filter.d/apache-nofile.conf

 

find the line identical to the one below (Line 23)

failregex = ^%(_apache_error_client)s user .* (authentication failure|not found|password mismatch)\s*$

 

replace it with the following one.

failregex = [[]client <HOST>[]] File does not exist:

 

At this point your pretty much done, close the file and restart fail2ban

service fail2ban restart

 

Comment if you have questions, like my post if you find it helpful :)

 

 

 

 

Installing OwnCloud On Ubuntu Server 12.04 With SSL Support

Tired of paying for dropbox services? Why not use owncloud to setup your own personal and secure dropbox for free :)

 

Follow the steps below as root:

 

  1. Bash in to get root access… ( sudo bash ).
  2. Install server dependances ( apt-get install apache2 php5 php5-gd php-xml-parser php5-intl vim-nox ).
  3. Install more server dependances ( apt-get install php5-sqlite php5-mysql php5-pgsql smbclient curl libcurl3 php5-curl ).
  4. Download owncloud source files from http://owncloud.org/sync-clients/#linux
  5. Upload extracted files to your apache root ( default is located at /var/www ), you can install vsftpd server( apt-get install vsftpd )or any other type of ftp server service.
  6. Inside your owncloud root directory create a new folder called “data” ( mkdir data )
  7. For owncloud to configure & work correctly apache needs to be given ownership of certain folders so their is no problem for apache to read and write data inside your website.Run the following commands.
    ( chown -R www-data:www-data /var/www/apps )
    chown -R www-data:www-data /var/www/config )
    chown -R www-data:www-data /var/www/data )Note: Keep in mind that /var/www is just the default root folder of apache yours might be different, just make sure you make the appropriate changes so they point to your apache/web install.

     

  8. Your going to want to enable mod_rewrite ( a2enmod rewrite ).
  9. Restart your apache service ( service apache2 restart )
  10. Create a new database in mysql and call it owncloud, create a new user and password with specific access to the owncloud database. These credentials will be used later in the process.

 

Now lets install our SSL and get it configured correctly:

 

  1. Enable SSL Module ( a2enmod ssl )
  2. Now your going to want to create a directory to store your SSL certs ( mkdir /etc/apache2/ssl )
  3. now lets generate a general cert with the following command ( openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt )

    Note: Your going to be asked a couple of questions after you run this command, answer them as accurate as possible as this will be displayed on your cert when people try to access your site.
  4. Edit default-ssl in sites-available folder in your apache install ( vim /etc/apache2/sites-available/default-ssl ) and comment out lines add the following lines 51 & 52 (use a #).
    Then add the following lines right under
    (

    SSLCertificateFile /etc/apache2/ssl/apache.crt

    SSLCertificateKeyFile /etc/apache2/ssl/apache.key 

    )

     

  5. Finally run ( a2ensite default-ssl )
  6. Restart your apache service ( service apache2 restart )

 

At this point your should be able to visit your box’s url ( https://localhost or https://127.0.0.1 or https://www.yourdomain.com ) and finish installing owncloud with the native install wizard.
Once your install is complete you will be able to download ownclouds own filesync client or you can use a WebDAV client to navigate through your files. You can do the same for your mobile device or tablet.

Securing Apache In Ubuntu Server 12.04

Securing Apache can be different if you have custom modules running,  for this quick note/tutorial I am going to assume that it is a fresh install of Apache or a lamp stack (sudo apt-get install lamp-server^)…

 

bash in… (sudo bash)

as root:

  • Change default apache web root, vim /etc/apache2/sites-available
  • Change default ServerSignature Settings to “Off”, vim /etc/apache2/conf.d/security
  • Change default ServerTokens Settings to “Prod”, vim /etc/apache2/conf.d/security

 

I am sure you can do a lot more to “secure” your apache installation, but this is a good start, it will hide your server information from port scanners and scripts trying to detect what your server version is. This makes it much harder to exploit your box, it’s hard to exploit something you have no idea what its running.
You can also make your default directory your home directory if you wish to encrypt your files. If you want more security I would consider tools to encrypt the entire partition/drive, you can find out more about full disk encryption for uOS Server 12.04 here.

Installing And Securing phpmyadmin In Ubuntu Server 12.04/12.04.2

This post is important because phpmyadmin no longer just works after apt-get install, it requires additional steps to get working.
Aside from these changes, due to recent reports on phpmyadmin being exploited it’s important to secure it, you can do this in a couple of ways but I am going to assume you want access to it via web.

2 Parts

  1. Installation of phpmyadmin
  2. Securing the installation via htaccess
  3. Discussing more secure methods of accessing phpmyadmin

 

Lets begin the install muahahaha…

 

Enter root mode:

sudo bash

 

Install:

apt-get install phpmyadmin

 

Open Apache Config File

vim /etc/apache2/apache2.conf

 

Insert the following line at the very bottom of apache2.conf

Include /etc/phpmyadmin/apache.conf

 

Restart Apache server:

service apache2 restart

 

Securing phpmyadmin from public access to web panel…

 

Edit phpmyadmin’s apache configuration file:

vim /etc/phpmyadmin/apache.conf

 

Under the directory section (<Directory /usr/share/phpmyadmin>), add the line “AllowOverride All” under “Directory Index”:

        <Directory /usr/share/phpmyadmin>
        Options FollowSymLinks
        DirectoryIndex index.php
        AllowOverride All

 

create .htaccess file in phpmyadmin’s root directory:

vim /usr/share/phpmyadmin/.htaccess

Copy the following into the newly created .htaccess file:

AuthType Basic
AuthName "Restricted Files"
AuthUserFile /var/.htpasswd (make sure you set this path to a secure place outside your web root)
Require valid-user

 

Generate the password file where passwords will be stored for authentication/access to phpmyadmin root

htpasswd -c  /var/.htpasswd username (username should be your username, you will be asked for your password once you execute the command)

 

Restart Apache so updates can take effect:

service apache2 restart

 

If you want this to be more secure then I would suggest rethinking your server/network architecture…

  1. seperate your apache and mysql services into their own box
  2. only have apache server open on port 80 (public) and have it talk to your mysql server locally.
  3. if you need to change something in your database or need to access phpmyadmin I would vpn into your local network and access the mysql/phpmyadmin box.

If you have any questions or comments use the section below :)

NIC Bonding In Ubuntu 12.04/12.04.2 WORKING!

 

 

A REAL setup guide for NIC bonding in Ubuntu Server 12.04/12.04.2 because everyone online sucks at actually posting the correct information, probably due to the current explosion of online “experts” plagiarizing other “experts” online…

This was tested on a HP DL380 with Dual Broadcom NICS.

enter root mode:

sudo bash

 

then install the bonding drivers:

apt-get install ifenslave-2.6

 

edit /etc/network/interfaces

vim /etc/network/interfaces

 

You can pretty much copy the following into interfaces after line 5 # The loopback network interface

################################################

 

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet dhcp
 bond-master bond0

auto eth1
iface eth1 inet dhcp
 bond-master bond0

auto bond0
iface bond0 inet static
 address 192.168.1.xxx  <----------( Enter Your Actual Server IP )
 netmask 255.255.255.0  <----------( Enter Your Actual Subnet )
 gateway 192.168.1.1     <----------( Enter Your Actual router/gateway IP )
 bond-slaves none
 bond-miimon 100
 bond-mode balance-rr ( Driver Mode )

 

################################################

edit /etc/modules

vim /etc/modules

 

and add bonding under rtc value

loop
lp
rtc
bonding

 

reboot your box or restart network services, Thats pretty much it… questions or comments? Use the comment functionality :)

Setting up a FUNCTIONING LAMP Stack on Ubuntu Server 10.4

This is a quick tutorial *notes* for me as I constantly have to look for these simple things every time I have to install a lamp server on a nix box.
If you do this kind of stuff to this list might come in handy

  1. install Ubuntu 10.4 LTS
  2. install ssh server [ sudo apt-get install openssh-server ]
  3. install text editor [ sudo apt-get install vim ]
  4. install lamp stack [ sudo apt-get install lamp-server^ ]
  5. install ftp server [ sudo apt-get install vsftpd ]
  6. install phpmyadmin [ sudo apt-get install phpmyadmin ]
  7. install mail server [ sudo aptitude install postfix ]

This should pretty much set you up with a complete/working dev nix box.
You might also need this in some cases…

  1. cURL PHP module [ sudo apt-get install php5-curl ]
  2. IMAP PHP module [ sudo apt-get install php5-imap ]

If you experience any problems hit me up.

Bonding Network Cards & Load Balancing in Ubuntu Server 10.4 LTS

Afters a couple of hours wasted looking online for the answers I ended up coming up with my own. I use vim as my text editor sooooo… if you use nano or whatever just use that.

The Following configuration is ideal for Load Balancing scenarios, you can find our more about different bond modes at the bottom of the post.

 

Lets install the correct software to support the bonding…
sudo apt-get install ifenslave 

 

open up a shell/terminal window and edit…
sudo vim /etc/network/interfaces

 

Copy this info, replacing the ip’s provided with your own…

#The Loopback Network Interface

auto lo
iface lo inet loopback

#The Primary Network Interface

iface eth0 inet manual
iface eth1 inet manual
auto bond0

iface bond0 inet static
bond_miimon 100
bond_mode balance-rr
address 192.168.1.x <——————- USE YOUR OWN LOCAL IP (ASSIGN IT ONE)
netmask 255.255.255.0 <—————- USE YOUR OWN LOCAL SUBNET
gateway 192.168.1.1 <——————- USE YOUR OWN LOCAL GATEWAY IP
up ifenslave bond0 eth0 eth1
down ifenslave -d bond0 eth0 eth1


Save and exit

 

now open aliases.conf…
sudo vim /etc/modprobe.d/aliases.conf

 

copy this…

alias bond0 bonding
options bonding mode=0 miimon=100 downdelay=200 updelay=200

 

Save, Exit and Reboot your computer…
sudo reboot

 

This is tested and working in a live environment with dual GB nics, if you have any problems or would like to bond more then 2 nics leave a comment as the topic is beyond this quick post.

 

MODE INDEX

mode=0 (balance-rr) Round-robin policy: Transmit packets in sequential order from the first available slave through the last. This mode provides load balancing and fault tolerance.

mode=1 (active-backup) Active-backup policy: Only one slave in the bond is active. A different slave becomes active if, and only if, the active slave fails. The bond’s MAC address is externally visible on only one port (network adapter) to avoid confusing the switch. This mode provides fault tolerance. The primary option affects the behavior of this mode.

mode=2 (balance-xor) XOR policy: Transmit based on [(source MAC address XOR’d with destination MAC address) modulo slave count]. This selects the same slave for each destination MAC address. This mode provides load balancing and fault tolerance.

mode=3 (broadcast) Broadcast policy: transmits everything on all slave interfaces. This mode provides fault tolerance.

mode=4 (802.3ad) IEEE 802.3ad Dynamic link aggregation. Creates aggregation groups that share the same speed and duplex settings. Utilizes all slaves in the active aggregator according to the 802.3ad specification.

  • Pre-requisites:
  • Ethtool support in the base drivers for retrieving the speed and duplex of each slave.
  • A switch that supports IEEE 802.3ad Dynamic link aggregation. Most switches will require some type of configuration to enable 802.3ad mode.

mode=5 (balance-tlb) Adaptive transmit load balancing: channel bonding that does not require any special switch support. The outgoing traffic is distributed according to the current load (computed relative to the speed) on each slave. Incoming traffic is received by the current slave. If the receiving slave fails, another slave takes over the MAC address of the failed receiving slave.

* Prerequisite: Ethtool support in the base drivers for retrieving the speed of each slave.

mode=6 (balance-alb) Adaptive load balancing: includes balance-tlb plus receive load balancing (rlb) for IPV4 traffic, and does not require any special switch support. The receive load balancing is achieved by ARP negotiation. The bonding driver intercepts the ARP Replies sent by the local system on their way out and overwrites the source hardware address with the unique hardware address of one of the slaves in the bond such that different peers use different hardware addresses for the server.


HP Proliant DL380 on Windows Server 2008, Driver Install… Epic FAIL!

I recently was hired as Manager of Information Technology for one of California’s largest importers and exporters of exotic rock; granite, marble and what not. After looking at our current infrastructure I knew I was going to have to bring some of my personal equipment. After the first week I decided we would begin the process of changing server operating systems over to windows 2008 server as rebuilding the entire network was going to be necessary. As I began the process I decided I would install windows 2008 server on my HP Proliant DL380 which was perfect for the new application server role. Windows 2008 installed perfectly with no problem until of course it came to installing the network utility drivers. I spent a good 2 hours looking for help on HP forums, Google and anything else we normally use as information specialists but ended up with nothing. I decided to continue looking for help and found nothing so I decided that I would simply try to run the driver installation in compatibility mode. After a bit of playing I was able to determine that Windows 2008 Server and 2008 Server R2 are somewhat considered different versions, after all the drivers would not install on regular R2 mode but had to dumb down the compatibility to Regular windows 2008 server. After this everything installed with no problem so I suggest if you’re installing Server 2008 R2 as an operating system make sure you install drivers as regular 2008 server through compatibility mode or else you will get the “this install could not complete because the correct operating system was not found” prompt.

Can’t Map Windows Server 2003 Network Drive on Windows 7, Enter Network Password Error :(

OK so I kept having this issue with a clients Windows 7 Ultimate PC, every time I would try to map a network drive it would ask me for 2 pairs of credentials. The Regular credentials and then the dreaded “enter network password” credential. Keep in mind that this is a business network so no clients have home groups setup.

Troubleshooting Steps: – Went to Control Panel\Network and Internet\Network and Sharing Center\Advanced sharing settings and made sure “Password Protected Sharing” was OFF.

– Still didn’t work. – This time I had to check our credentials manager and remove all old credentials it may have stored ( Control Panel\All Control Panel Items\Credential Manager )

– Still Didn’t work WTF! right? At this point I was kinda annoyed and I decided to check the Network Policies on the local computer, TADAAAAAAAA :P

THE SOLUTION:

Start Menu Type run or cmd in search box

Type: secpol.msc

Go to Local Policies | Security Options and choose the “Network Security: LAN Manager Authentican Level” item Set it to “Send LM & NTLM use NTLMv2 session security if negotiated”

Reboot, Remap and everything should be good, enjoy :)