Thursday, October 24, 2019

How to check if NTP client works on windows 7/10

How to check if NTP client works on windows 7/10

run this command from command line:

w32tm /stripchart /computer:jp.pool.ntp.org /dataonly /samples:5

Response will be :

C:\Windows\System32>w32tm /stripchart /computer:jp.pool.ntp.org /dataonly /samples:5
Tracking jp.pool.ntp.org [162.159.200.1:123].
Collecting 5 samples.
The current time is 24.10.2019 08:58:22.
08:58:22, -00.3017199s
08:58:24, -00.3021865s
08:58:26, -00.3018570s
08:58:28, -00.3018344s
08:58:30, -00.3017718s

Tuesday, February 26, 2019

Securing the Pi-hole with fail2ban to prevent DNS Amplification attacks

Securing the Pi-hole with fail2ban to prevent DNS Amplification attacks

 

1. Install fail2ban 

sudo apt-get update ; sudo apt-get install fail2ban

2. create jail file


vi /etc/fail2ban/jail.d/pihole-dns.conf

[pihole-dns]
enabled = true
port     = 53
action   = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp]
           %(banaction)s[name=%(__name__)s-udp, port="%(port)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp]
logpath = /var/log/pihole.log
findtime = 60
maxretry = 5
bantime = 3600

 

3. create filter file


vi /etc/fail2ban/filter.d/pihole-dns.conf

# Fail2Ban configuration file
#
# script from www.marek.tokyo
#

[INCLUDES]

# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf


[Definition]

_daemon = dnsmasq

# log example from /var/log/pihole.log
#Feb 26 04:41:28 dnsmasq[1887]: query[A] 21cl93vlx5n9p.aikoaiko.net from 67.21.36.3
#(?:DAY )?MON Day 24hour:Minute:Second(?:\.Microseconds)?(?: Year)?



failregex =  .*query\[A\].*from <HOST>
                   .*query\[ANY\].*from <HOST>

ignoreregex =

4. test if regex works


fail2ban-regex /var/log/pihole.log /etc/fail2ban/filter.d/pihole-dns.conf


you should have results like this:








Running tests
=============

Use   failregex filter file : pihole-dns, basedir: /etc/fail2ban
Use   log file : /var/log/pihole.log
Use   encoding : UTF-8


Results
=======

Failregex: 4127 total
|-  #) [# of hits] regular expression
|   1) [4125] .*query\[A\].*from <HOST>
|   2) [2] .*query\[ANY\].*from <HOST>

`-


Ignoreregex: 0 total

Date template hits:
|- [# of hits] date format
|  [15674] (?:DAY )?MON Day 24hour:Minute:Second(?:\.Microseconds)?(?: Year)?
`-

Lines: 15674 lines, 0 ignored, 4127 matched, 11547 missed
[processed in 1.25 sec]

Missed line(s): too many to print.  Use --print-all-missed to print all 11547 lines




Got hits (in red) so regex works !

5. add your`s IP to ignore list to prevent being blocked

use your local IP or global if Pi-hole is open access/relay installed on cloud VPS etc.

 vi /etc/fail2ban/jail.conf

[DEFAULT]

#
# MISCELLANEOUS OPTIONS
#

# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space (and/or comma) separator.
ignoreip = 127.0.0.1/8, 192.168.0.1/24

 

6. restart fail2ban service

 

7. to check if fail2ban works 

fail2ban-client status pihole-dns

Status for the jail: pihole-dns
|- Filter
|  |- Currently failed: 1
|  |- Total failed:     75
|  `- File list:        /var/log/pihole.log
`- Actions
   |- Currently banned: 2
   |- Total banned:     2
   `- Banned IP list:   172.93.106.230 67.21.36.3

 8. (optional for Centos 7)

You can check ipset list directly

ipset list fail2ban-pihole-dns-udp



Name: fail2ban-pihole-dns-udp
Type: hash:ip
Revision: 4
Header: family inet hashsize 1024 maxelem 65536 timeout 600
Size in memory: 312
References: 1
Number of entries: 2
Members:
67.21.36.3 timeout 558
172.93.106.230 timeout 558


 

based on this

Monday, August 27, 2018

Apache 2.4 + mod_wsgi + Python 3.7 + Django installation on Centos 7.10

How to Apache 2.4 + mod_wsgi + Python 3.7 + Django installation

 

Httpd 2.4

1. Install  httpd
yum install httpd
 
2. Install  httpd-devel
yum install httpd-devel 

Python 3.7 on Centos 7.10


1. Download the newest python

cd /opt/
wget -dvS --no-check-certificate https://www.python.org/ftp/python/3.7.0/Python-3.7.0.tgz

2. Unpack and install


tar xzf Python-3.7.0.tgz

cd /opt/Python-3.7.0/

./configure --prefix=/usr/local --enable-shared --with-threads --enable-optimizations

make altinstall

 
to test if works: 
python3.7 -V

mod_wsgi

0. (optional) uninstall current mod_wsgi

yum erase mod_wsgi



1. Download the newest mod_wsgi and install

cd /opt/

wget https://files.pythonhosted.org/packages/9e/37/dd336068ece37c43957aa337f25c59a9a6afa98086e5507908a2d21ab807/mod_wsgi-4.6.4.tar.gz


tar xzf mod_wsgi-4.6.4.tar.gz


cd mod_wsgi-4.6.4.tar.gz


 ./configure --with-python=/usr/local/bin/python3.7


LD_RUN_PATH=/usr/local/lib make


make install



2. Add path to  /etc/ld.so.conf
include ld.so.conf.d/*.conf

/usr/local/lib

3. Run


ldconfig 



4. check if mod_wsgi is linked correctly

ldd /usr/lib64/httpd/modules/mod_wsgi.so
        linux-vdso.so.1 =>  (0x00007ffc465bb000)
        libpython3.7m.so.1.0 => /usr/local/lib/libpython3.7m.so.1.0 (0x00007f2d23842000)
        libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f2d23626000)
        libdl.so.2 => /lib64/libdl.so.2 (0x00007f2d23422000)
        libutil.so.1 => /lib64/libutil.so.1 (0x00007f2d2321f000)
        libm.so.6 => /lib64/libm.so.6 (0x00007f2d22f1d000)
        libc.so.6 => /lib64/libc.so.6 (0x00007f2d22b50000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f2d23fe3000)

Install Django

pip3.7 install --upgrade pip

pip3.7 install Django

Configure apache to use wsgi

Add new config at /etc/httpd/conf.d/project1.conf

<IfModule mod_ssl.c>
Listen 8443 https
<VirtualHost *:8443>

        ServerAdmin [email protected]
        ServerName tester.com
        ServerAlias tester.com
        DocumentRoot /var/www/html/project1

        ErrorLog /var/log/httpd/project1-error.log
        CustomLog /var/log/httpd/project1-access.log combined
        CustomLog logs/project1-ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

        # Django project
        Alias /django_1 /opt/py/django_1
        <Directory /opt/py/django_1>
                Require all granted
        </Directory>

        Alias /static /opt/py/django_1/static
        <Directory /opt/py/django_1/static>
                Require all granted
        </Directory>

        <Directory /opt/py/django_1>
                <Files wsgi.py>
                    Require all granted
                </Files>
        </Directory>

        WSGIDaemonProcess django_1 python-path=/opt/py/django_1 python-home=/opt/py/django_1/venv
        WSGIProcessGroup django_1
        WSGIScriptAlias / /opt/py/django_1/django_1/wsgi.py
        WSGIPassAuthorization On


        SSLCertificateFile /etc/letsencrypt/live/tester.com/cert.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/tester.com/privkey.pem
        Include /etc/letsencrypt/options-ssl-apache.conf
        SSLCertificateChainFile /etc/letsencrypt/live/tester.com/chain.pem

</VirtualHost>
</IfModule>



Test if everything works:

https://tester.com:8443/admin/login/?next=/admin/


Don`t forget to add ALLOWED_HOSTS in your  settings.py

Also add
STATIC_URL = '/static/'
STATIC_ROOT = '/opt/py/django_1/static/'







Wednesday, August 1, 2018

Oxidized init.d script for Centos 6

Oxidized init.d script for Centos 6

 

To run oxidized as service


1. copy init script from oxidized/extra

 cp /usr/local/rvm/gems/ruby-2.3.0/gems/oxidized-0.24.0/extra/oxidized.init.d /etc/init.d/<br />

2. if you installed oxidized using manual (added system user oxidized) and rvm you need to modify script

#cmd=oxidized
cmd="sudo -u oxidized /usr/local/rvm/gems/ruby-2.3.0/wrappers/oxidized"
args="--daemonize"

#pidfile=/etc/oxidized/pid
pidfile=/home/oxidized/.config/oxidized/pid


#export OXIDIZED_HOME=/etc/oxidized
export OXIDIZED_HOME=/home/oxidized/

3. after that start as normal service

# /etc/rc.d/init.d/oxidized start

# /etc/rc.d/init.d/oxidized status
sudo (pid  9987) is running...


# ps aux | grep oxi
oxidized  9987  1.2  0.6 861488 97496 ?        Sl   08:52   0:25 puma 3.12.0 (tcp://127.0.0.1:8888) [/]

#netstat -tulpn   | grep 88
tcp        0      0 127.0.0.1:8888              0.0.0.0:*                   LISTEN      9987/puma 3.12.0 (t

Thursday, March 15, 2018

Enable IPv6 on Raspberry Pi

Enable IPv6 on Raspberry Pi


Just add one line

 iface eth0 inet6 dhcp 

to /etc/network/interfaces

and load ipv6 module

modprobe ipv6

to make it permanent add

ipv6

to /etc/modules


Wednesday, September 27, 2017

How to Increase the size of a Linux LVM by adding a new disk

How to Increase the size of a Linux LVM by adding a new disk

This post will cover how to increase the disk space for a VMware virtual machine running Linux that is using logical volume manager (LVM). Firstly we will add a new disk to the virtual machine and then extend the original LVM over this additional space. Basically we will have two physical disks but just one volume group and one logical group that is using the space on both disks together. With this method there is no down time for the virtual machine.

As there are a number of different ways to increase disk space I have also posted some different methods here:
Important Notes: Be very careful when working with the commands in this article as they have the potential to cause a lot of damage to your data. If you are working with virtual machines make sure you take a snapshot of your virtual machine beforehand, or otherwise have some other form of up to date backup before proceeding. It could also be worth cloning the virtual machine first and testing out this method on the clone.
Throughout my examples I will be working with a VMware virtual machine running Debian 6, this was set up with a 20gb disk and we will be adding a new 20gb disk for a total LVM size of 40gb.
Although my examples make use of virtual machines, this method would work with a physical server as well if you have added a new physical disk in and want to use that to expand the LVM.

Identifying the partition type

As this method focuses on working with LVM, we will first confirm that our partition type is actually Linux LVM by running the below command.
fdisk -l
fdisk of newly added disk
As you can see in the above image /dev/sda5 is listed as “Linux LVM” and it has the ID of 8e. The 8e hex code shows that it is a Linux LVM, while 83 shows a Linux native partition. Now that we have confirmed we are working with an LVM we can continue. For increasing the size of a Linux native partition (hex code 83) see this article.
Below is the disk information showing that our initial setup only has the one 20gb disk currently, which is under the logical volume named /dev/mapper/Mega-root – this is what we will be expanding with the new disk.
Disk free newly added disk
Note that /dev/mapper/Mega-root is the volume made up from /dev/sda5 currently – this is what we will be expanding.

Adding a new virtual hard disk

First off we add a new disk to the virtual machine. This is done by right clicking the virtual machine in vSphere, selecting edit settings and then clicking the “Add…” button which is used to add hardware to the virtual machine.
Select hard disk and click next.
VMware add virtual disk
Select create a new virtual disk and click next.
VMware add virtual disk
Select the disk size you want to add, I will be using 20gb as previously mentioned. I have also selected to store the disk with the virtual machine, it will store on the same datastore as the virtual machines files, this will be fine for my test purposes. Click next once complete.
VMware add virtual disk
Select next on the advanced options page.
VMware add virtual disk
Review everything and click finish once you have confirmed the settings.
VMware add virtual disk
You will then see the new disk under the hardware devices tab and it will be labelled with (adding) which means it will not apply until you click OK, so click OK to complete the process.
VMware add virtual disk

Detect the new disk space

In my test for this example, as soon as I added the additional disk in through VMware it displayed through “fdisk -l” for me, you can see the second disk labelled /dev/sdb (I have cropped out the information on /dev/sda1 to make it less cluttered here). It is also worth noting that it shows as not containing a valid partition table, we are about to set this up.
fdisk of newly added disk
This may not however be the case for you, to avoid reboot you may need to rescan your devices, you can try this with the below command. Note that you may need to change host0 depending on your setup.
echo "- - -" > /sys/class/scsi_host/host0/scan
If you have issues detecting the new disk, just perform a reboot and it should then display correctly.

Partition the new disk

We now need to partition the new /dev/sdb disk so that it can be used, this is done by using fdisk.
fdisk /dev/sdb
This should provide us with the below prompt, the inputs I have entered in are shown in bold.
‘n’ was selected for adding a new partition.
[email protected]:~# fdisk /dev/sdb
Command (m for help): n
‘p’ is then selected as we are making a primary partition.
Command action
   e   extended
   p   primary partition (1-4)
p
As this is a new disk, we do not yet have any partitions on it so we will use partition 1 here.
Partition number (1-4): 1
Next we press the enter key twice, as by default the first and last cylinders of the unallocated space should be correct.
First cylinder (1-2610, default 1): "enter"
Using default value 1
Last cylinder, +cylinders or +size{K,M,G} (1-2610, default 2610): "enter"
Using default value 2610
‘t’ is selected to change to a partitions system ID, in this case we change to ’1′ automatically as this is currently our only partition.
Command (m for help): t
Selected partition 1
The hex code ’8e’ was entered as this is the code for a Linux LVM which is what we want this partition to be, as we will be joining it with the original Linux LVM which is currently using /dev/sda5.
Hex code (type L to list codes): 8e
Changed system type of partition 1 to 8e (Linux LVM)
‘w’ is used to write the table to disk and exit, all changes that have been done will be saved and then you will be exited from fdisk.
Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.
Syncing disks.
By using “fdisk -l” now you will be able to see that /dev/sdb1 is listed, this is the new partition created on our newly added /dev/sdb disk and it is currently using all 20gb of space.
fdisk after partition created

Increasing the logical volume

Next we will use the pvcreate command to create a physical volume for later use by the LVM. In this case the physical volume will be our new /dev/sdb1 partition.
[email protected]:~# pvcreate /dev/sdb1
  Physical volume "/dev/sdb1" successfully created
Now we need to confirm the name of the current volume group using the vgdisplay command. The name will vary depending on your setup, for me it is the name of my test server. vgdisplay provides plenty of information on the volume group, I have only shown the name and the current size of it for this example.
[email protected]:~# vgdisplay
  --- Volume group ---
  VG Name               Mega
  VG Size               19.76 GiB
Now using the vgextend command, we extend the ‘Mega’ volume group by adding in the physical volume of /dev/sdb1 which we created using the pvcreate command just before.
[email protected]:~# vgextend Mega /dev/sdb1
  Volume group "Mega" successfully extended
Using the pvscan command we scan all disks for physical volumes, this should confirm the original /dev/sda5 partition and the newly created physical volume /dev/sdb1
[email protected]:~# pvscan
  PV /dev/sda5   VG Mega   lvm2 [19.76 GiB / 0    free]
  PV /dev/sdb1   VG Mega   lvm2 [19.99 GiB / 19.99 GiB free]
  Total: 2 [39.75 GiB] / in use: 2 [39.75 GiB] / in no VG: 0 [0   ]
Next we need to increase the logical volume with the lvextend command (rather than the physical volume which we have already done). This means we will be taking our original logical volume and extending it over our new disk/partition/physical volume of /dev/sdb1.
Firstly confirm the name of the logical volume using lvdisplay. The name will vary depending on your setup.
[email protected]:~# lvdisplay
  --- Logical volume ---
  LV Name                /dev/Mega/root
  LV Size                18.91 GiB
The logical volume is then extended using the lvextend command. We are extending the original logical volume of /dev/Mega/root over the newer /dev/sdb1
[email protected]:~# lvextend /dev/Mega/root /dev/sdb1
  Extending logical volume root to 38.90 GiB
  Logical volume root successfully resized
If you like you can then run vgdisplay and lvdisplay again to confirm the size of the volume group and logical volume respectively, I have done this and I now have the following.
  LV Size                38.90 GiB
  VG Size                39.75 GiB
However if you run a “df” command to see available disk space it will not have changed yet as there is one final step, we need to resize the file system using the resize2fs command in order to make use of this space.
[email protected]:~# resize2fs /dev/Mega/root
resize2fs 1.41.12 (17-May-2010)
Filesystem at /dev/Mega/root is mounted on /; on-line resizing required
old desc_blocks = 2, new_desc_blocks = 3
Performing an on-line resize of /dev/Mega/root to 10196992 (4k) blocks.
The filesystem on /dev/Mega/root is now 10196992 blocks long.
Alternatively if you’re running the XFS file system (default as of RedHat/CentOS 7) you can grow the file system with “xfs_growfs /dev/Mega/root”.
Rather than resizing the file system manually, you could instead use the -r option of the lvextend command which will automatically resize the file system to make use of the additional disk space.
The resize took a minute or so to complete (it will depend on the disk speed and size), running the “df” command now shows the correct disk space for /dev/mapper/Mega-root
Disk free on expanded LVM

Summary

We have now increased the total disk space on the virtual machine by first adding a new virtual disk through VMware, created a new partition out of this newly unallocated space within the guest OS, turned it into a physical volume, extended the volume group, then finally extended the original logical volume over the newer physical volume resulting in overall disk space being increased successfully. This method allows for disk space upgrade with no down time, my virtual machine was not shut down or rebooted at all during this process. This is a very useful technique for upgrading disk space on production servers that can not go down.


found at:
https://www.rootusers.com/how-to-increase-the-size-of-a-linux-lvm-by-adding-a-new-disk/

Friday, July 14, 2017

Fail2ban block 404 scan and invalid method in request on Apache server

Fail2ban block 404 scan and invalid method in request on Apache server

1. Create filter
/etc/fail2ban/filter.d/apache-404.conf

[Definition]

failregex = [[]client <HOST>[]] File does not exist: *
                   [[]client <HOST>[]] Invalid method in request *
 
ignoreregex =

2. Add new jail

/etc/fail2ban/jail.conf

[apache-404]
enabled = true
port = http,https
filter = apache-404
action  = iptables-multiport[name=apache-404,port="80,443"]
logpath = /var/log/httpd/error_log
#you can add email notification as well
action  = iptables-multiport[name=apache-404, port="http,https", protocol=tcp]
          sendmail-whois[name=apache-404, [email protected], [email protected], sendername="Server-Fail2Ban"]

bantime = 172800
maxretry = 2
findtime = 86400   ; 1 day


3. If everything is ok, you can test it

with command:
 fail2ban-regex /var/log/httpd/error_log /etc/fail2ban/filter.d/apache-404.conf

outcome should be like this:

Running tests
=============

Use   failregex filter file : apache-404, basedir: /etc/fail2ban
Use         log file : /var/log/httpd/error_log
Use         encoding : UTF-8


Results
=======

Failregex: 138 total
|-  #) [# of hits] regular expression
|   1) [132] [[]client <HOST>[]] File does not exist: *
|   2) [6] [[]client <HOST>[]] Invalid method in request *
`-

Ignoreregex: 0 total

Date template hits:
|- [# of hits] date format
|  [146] (?:DAY )?MON Day 24hour:Minute:Second(?:\.Microseconds)?(?: Year)?
`-

Lines: 146 lines, 0 ignored, 138 matched, 8 missed
[processed in 0.03 sec]

|- Missed line(s):
|  [Mon Jul 10 05:07:58 2017] [error] [client 141.212.122.48] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /x
|  [Tue Jul 11 12:27:28 2017] [error] [client 187.20.208.103] script '/var/www/html/command.php' not found or unable to stat
|  [Wed Jul 12 04:00:18 2017] [error] [client 117.43.152.107] request failed: error reading the headers
|  [Thu Jul 13 07:12:54 2017] [error] [client 138.185.16.2] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
|  [Thu Jul 13 18:05:54 2017] [error] [client 223.105.4.250] script '/var/www/html/index.php' not found or unable to stat


Cybermap

Internet Storm Center Infocon Status

Internet Storm Center Infocon Status
Internet Storm Center Infocon Status