Showing posts from March, 2015

Selinux blocked access via SSH authorized_keys

Selinux blocked access via SSH authorized_keys How to fix selinux context ?   To fix login for users with home in /home: semanage fcontext -at home_root_t /home semanage fcontext -at user_home_dir_t /home/user semanage fcontext -at ssh_home_t /home/user/.ssh semanage fcontext -at ssh_home_t /home/user/.ssh/authorized_keys restorecon -Rv /home For users in other directory than home for example  /data/home first line because /data is separate file system (without it still did not work) semanage fcontext -at root_t /data semanage fcontext -at home_root_t /data/home semanage fcontext -at home_user_t /data/home/rarus/ semanage fcontext -at ssh_home_t  /data/home/rarus/.ssh/ semanage fcontext -at ssh_home_t  /data/home/rarus/.ssh/authorized_keys restorecon -Rv /data/home

Unexpected DDOS: Blocking China with ipset and iptables

Blocking China As Craig discusses, there's really no option but to block everyone from China. Unfortunately for me, I wasn't using ipfw as a firewall so I couldn't follow his advice. Having finally figured out how to do this I thought I'd write a step-by-step guide assuming you've not got a firewall already set up. Note ; this all assumes you run Debian. Set up iptables iptables is a firewall application for Linux and it's already installed on Debian systems. If you already have iptables set up and in use, skip this section and go straight to the ipset section. Create a file where we can declare some rules to use: sudo nano /etc/iptables.firewall.rules Inside there you'll want to paste the following: *filter # Allow all loopback (lo0) traffic and drop all traffic to