apt get life

Life around technology

  • Technology
    • Guides
    • Linux
    • Development
      • Laravel
    • Misc
    • Raspberry Pi
  • Writing
  • Crafts
    • Crochet
    • Model Making
    • Painting
  • Privacy Policy
You are here: Home / Archives for Linux

Setup Fail2ban for NextCloud

2018/10/05 by sudo 2 Comments

Running NextCloud or OwnCloud online comes with some risk, as with any online service. It’s important that your installation remains secure against hackers (or at least as secure as it can be). I’ve opted to implement fail2ban in order to help secure it using some custom rules. It’s worth noting that NextCloud does block unwanted login attempts itself through the application, but you’re having to trust application level security. I feel far safer having fail2ban implement firewall rules to prevent access to anyone probing the server.

First thing to do is create the NextCloud filter configuration file. This file will contain the regex that’s used to scan the logs for anything we don’t like the look of in order to block attacking hosts. My understanding is that this file can remain the same for OwnCloud, although I do not currently have a running instance of it to check.

1
sudo nano /etc/fail2ban/filter.d/nextcloud.conf

Add the following to the file:

1
2
3
4
[Definition]
failregex=^{"reqId":".<em>","remoteAddr":".</em>","app":"core","message":"Login failed: '.<em>' &#40;Remote IP: '<HOST>'&#41;","level":2,"time":".</em>"}$
        ^{"reqId":".<em>","level":2,"time":".</em>","remoteAddr":".<em>","app":"core".</em>","message":"Login failed: '.<em>' &#40;Remote IP: '<HOST>'&#41;".</em>}$
        ^.<em>\"remoteAddr\":\"<HOST>\".</em>Trusted domain error.*$

There are three regular expressions included here. The first and second checks for login failures, and flags the source IP. The third checks for trusted domain errors – which are usually a result of bots accessing your installation via it’s IP, not via it’s domain (thus, suspicious and I wanted to block them).

Once the file is saved, you can test what the filter would report by running the following command. This is entirely optional (although would help identify issues) and isn’t required for the rest of the steps to work.

1
sudo fail2ban-regex /var/nextcloud/data/nextcloud.log /etc/fail2ban/filter.d/nextcloud.conf -v

Next, the configuration file needs setup to activate the configurations we’ve just created. Never edit the Fail2ban jail.conf file, it’s likely to be overridden on upgrades. Always create a “.local” file, ideally a separate one for each application or rule you’re setting up (why? because it makes things more organised and easier to manage one rule over another!) inside the jail.d directory. With this in mind, create a nextcloud (or owncloud) file:

1
sudo nano /etc/fail2ban/jail.d/nextcloud.local

And add the following to it:

1
2
3
4
5
6
7
8
9
10
11
[nextcloud]
ignoreip = 192.168.1.0/24
backend = auto
enabled = true
port = 80,443
protocol = tcp
filter = nextcloud
maxretry = 3
bantime = 36000
findtime = 36000
logpath = /var/nextcloud/data/nextcloud.log

Make sure your ignoreip is your local subnet or IP address. I opted to allow my whole LAN to access it without being auto-blocked. I’ve enabled the rule, set the ports to 80 (HTTP) and 443 (HTTPS) and configured ban times, etc. The most important things are the filter which should match the name of the file that was created inside the filter.d directory (excluding extension), and the log path, which may vary by installation. This path is the default for Ubuntu.

Once done, run the following command to restart nextcloud:

1
sudo service fail2ban restart

You can check the status of the jail by running:

1
sudo fail2ban-client status nextcloud

You’ll see something similar to this:

1
2
3
4
5
6
7
8
9
Status for the jail: nextcloud
|- Filter
|  |- Currently failed: 13
|  |- Total failed: 82
|  `- File list:    /var/nextcloud/data/nextcloud.log
`- Actions
   |- Currently banned: 0
   |- Total banned: 5
   `- Banned IP list:

Share this:

  • Twitter
  • Facebook
  • Reddit
  • Tumblr
  • Pinterest

Filed Under: Linux Tagged With: fail2ban, Linux, nextcloud, owncloud, security, ubuntu 18.04, ubuntu server

Setting up a Bond and Bridge in Netplan on Ubuntu 18.04

2018/09/12 by sudo 1 Comment

For some of my Ubuntu 18.04 servers, I need to run KVM virtual machines which require a bridge to the network so the machines get public LAN IP addresses and aren’t hidden behind NAT. With the server configuration for both my co-location and servers at work the network interfaces are all bonded for fail-over. This means I need a bond to have a bridge ontop of it for the virtual machines to get public IP addresses, while still allowing for failover of the network connection in the event of a network failure.

Research

There are some good examples of setting up netplan here: https://netplan.io/examples

They have a bridge example:

Netplan bridge example
1
2
3
4
5
6
7
8
network:
  version: 2
  renderer: networkd
  bridges:
    br0:
      dhcp4: yes
      interfaces:
        - enp3s0

And a bond example:

Netplan bond example
1
2
3
4
5
6
7
8
9
10
11
12
network:
  version: 2
  renderer: networkd
  bonds:
    bond0:
      dhcp4: yes
      interfaces:
        - enp3s0
        - enp4s0
      parameters:
        mode: active-backup
        primary: enp3s0

But there’s not a clear indication of how to amalgamate the two.

A bond and a bridge

Here’s what I’ve ended up with in ‘/etc/netplan/50-cloud-init.yaml’:

Netplan bridge and bond
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
network:
    bridges:
        br0:
            addresses:
            - 192.168.10.30
            dhcp4: false
            gateway4: 192.168.10.1
            nameservers:
                addresses:
                - 192.168.10.1
                - 192.168.10.2
                search: []
            interfaces:
                - bond0
    bonds:
        bond0:
            interfaces:
            - eno1
            - eno2
            parameters:
                mode: active-backup
    ethernets:
        eno1:
            addresses: []
            dhcp4: false
            dhcp6: false
        eno2:
            addresses: []
            dhcp4: false
            dhcp6: false

Note that I’ve obviously defined static IP addresses, but this isn’t a requirement. Just set ‘dhcp4: true’ and remove the ‘address’, ‘gateway’ and ‘nameserver’ sections if you’re using DHCP.

Once the file’s got that setup in it, it’s possible to run:

1
sudo netplan apply

and you should be able to run ‘networkctl list’ to check the bridge and bond are setup.

Share this:

  • Twitter
  • Facebook
  • Reddit
  • Tumblr
  • Pinterest

Filed Under: Linux Tagged With: KVM, Linux, networking, ubuntu 18.04, ubuntu server

Linux servers – using ClamAV to find malware

2016/04/11 by sudo

ClamAV is an open source anti-virus program that can be run from the command line, making it incredibly useful for locating any viruses and malware on Linux based servers. Recently someone I’ve previously worked with reported that they’d had reports of abuse originating form one of their servers. Given the quantity of sites, it was difficult to locate any potential vulnerabilities.

1
grep -RPl --include=*.{php,txt} "(passthru|shell_exec|system|phpinfo|base64_decode|chmod|mkdir|fopen|fclose|readfile) *\(" /var/www/

 

Blindly grepping for potentially malicious strings such as “base64_decode” and “exec” was getting tired fast, as these can be legitimately used for some applications. I stumbled across reports that ClamAV works well for locating potential threats

Shell
1
nice -n 19 clamscan ./ -r -i | grep " FOUND" >> possible_exploits.txt

You can then review these files as you see fit, editing the file to remove ones that are false positives. I then run a command to delete the infected files:

1
while read f; do rm $f ; done<$possible_exploits.txt

 

Share this:

  • Twitter
  • Facebook
  • Reddit
  • Tumblr
  • Pinterest

Filed Under: Misc, Technology Tagged With: clamav, Linux, malware, php

AWSTATS on Debian generating lots of emails

2015/03/10 by sudo

On Debian, when you install AWSTATS, it automatically adds a crontab to update the data every 10 minutes. If you’ve not configured your awstats config files correctly, every time the cronjob runs it will generate an error in /var/mail

In order to solve this, or have AWSTATS update on your own schedule simply edit the crontab file it installs to /etc/cron.d/awstats

You should find this line in the file:

1
*/10 * * * * www-data [ -x /usr/share/awstats/tools/update.sh ] && /usr/share/awstats/tools/update.sh

I commented it out with a “#”, incase I wanted to use it later. Alternatively you can delete the file or change the crontab to update whenever you want it to operate.

Share this:

  • Twitter
  • Facebook
  • Reddit
  • Tumblr
  • Pinterest

Filed Under: Guides Tagged With: awstats, Linux

Fixing Slow SquirrelMail

2015/03/10 by sudo

Fixing slow SquirrelMail version 1.4.15.

If you’ve got a large inbox and you’re using SquirrelMail to view it, you may notice page loading times are poor using the default configuration. There is a simple fix that will allow SquirrelMail to load emails using multiple threads and server sorting which means that the performance will improve significantly when accessing your email via a web browser.

Edit your config/config.php file:

1
nano /etc/squirrelmail/config.php

find the lines:

1
2
$allow_thread_sort = false;
$allow_server_sort = false;

and change them to:

1
2
$allow_thread_sort = true;
$allow_server_sort = true;

You need to restart your web server (assuming apache):

1
/etc/init.d/apache2 restart

And then login to your web mail page. With any luck you’ll have noticed a significant performance boost. For further performance tuning information see the SquirrelMail website guide at: http://www.squirrelmail.org/docs/admin/admin-6.html

Share this:

  • Twitter
  • Facebook
  • Reddit
  • Tumblr
  • Pinterest

Filed Under: Guides Tagged With: Linux, mailserver, squirrelmail

  • 1
  • 2
  • 3
  • Next Page »

Recent Posts

  • Fixing Error Opening Spice Console SpiceClientGtk missing
  • Resetting a UniFi controller password
  • Optimising Nginx for PHP & WordPress (Time To First Byte)
  • Backing up email using offlineimap
  • Setup Fail2ban for NextCloud

Tags

7z 7zip API auditing BBC Courier MTA crochet data recovery debian debudding development Dingo API email Getting started with Laravel 5 & Dingo API hard drive health internet radio KVM Laravel larvel 5 lenovo Linux Mail Quota Minion mint netgear nas networking network shares php Postfix proxy server samba security SMART smartctl smartmontools smb smbfs testing ubuntu ubuntu 18.04 ubuntu server vagrant Virtual machines xdebug xubuntu

© Copyright 2015 apt get life