Archive for May, 2009
SSH Security with Fail2Ban on Gentoo
Posted by Eion Robb in Uncategorized on 2009-05-27
I accidentally looked at my syslog messages on my home (Gentoo) Linux server and found that there were thousands of SSH connection attempts from all over the world: people trying to brute-force my root password. The worst bit was that it was filling up my logs and causing lots of things to die when the computer ran out of disk-space. It needed a bit of playing around to get this to stop, but in case you run across the same situation, I’ve documented what I did:
- Make sure you have the tcpd USE-flag on net-misc/openssh. If you don’t, the easiest way to add it is with the command
echo "net-misc/openssh tcpd" >> /etc/portage/package.use
- Emerge fail2ban
- If you’re using syslog-ng, you need to configure it to log sshd logs to a different place (reduces load on the server) by adding the following lines to /etc/syslog-ng/syslog-ng.conf
filter f_sshd {match('^sshd\[[0-9]+\]:'); };
destination sshd { file("/var/log/sshd.log"); };
log { source(src); filter(f_sshd); destination(sshd); flags(final); } - Enable the ssh-tcpwrapper setting in /etc/fail2ban/jail.conf, checking that the logpath is pointing to your log file. It should end up looking something like
[ssh-tcpwrapper]
enabled = true
filter = sshd
action = hostsdeny
logpath = /var/log/sshd.log
- Set up the hosts allow/deny files (if you don’t have them) by pumping out the following commands to bash
touch /etc/hosts.allow
touch /etc/hosts.deny
chmod 644 /etc/hosts.allow
chmod 644 /etc/hosts.deny
- Reload syslog-ng
/etc/init.d/syslog-ng reload
, restart openssh/etc/init.d/sshd restart
, and start fail2ban/etc/init.d/fail2ban start && rc-update add fail2ban default
That should do it. I also recommend disabling the root account and disabling password authentication in your /etc/ssh/sshd_config file.
Voice chat in Facebook Chat???
So was looking through the debug logs for Facebook chat and stumbled upon this:
"enableVC":false
in all the users properties. Does VC stand for voice chat? Lets wait and see 🙂
Edit: It gets even better. There’s lots of “POPOUT_TYPE_VIDEOCHAT” and “if (this.inVideoChat)” messages in the source code in the Facebook Javascript.
Gzip Encoding
On PHP pages that I get control over, one of the first things I do is add Gzip encoding. This compresses the text on the page for browsers that can handle it, and really reduces network traffic, speeding up page load/download times on dial-up (well, and broadband) connections significantly.
On PHP this is really easy, its just one line of code at the top of the page:
ob_start('ob_gzhandler');
But until now, I had trouble finding out how to do this for .NET sites. All I could find was that you can enable it server-wide on IIS but now I found this handy bit of code that can go at the top of your .NET pages.
string AcceptEncoding = HttpContext.Current.Request.Headers["Accept-Encoding"]; if (!string.IsNullOrEmpty(AcceptEncoding) && AcceptEncoding.Contains("gzip")) { HttpContext.Current.Response.AppendHeader("Content-Encoding", "gzip"); HttpContext.Current.Response.AppendHeader("Vary", "Content-Encoding"); HttpContext.Current.Response.Filter = new System.IO.Compression.GZipStream(HttpContext.Current.Response.Filter, System.IO.Compression.CompressionMode.Compress); }
And that’s it. Tasty Gzip encoding for all. The next step is testing it, which I use the mod_gzip_test site for. You can see an example of the changes we made to gameplayer.co.nz (a .net site) here