ciplogic.com
Live with grace. Write superb software.

administration

  • Change Your SSH Server Port

    A while back, in November 2014, I was posting an article showing that over the course of a year and a half or so (my blog was rehosted from February 2014), fail2ban blocked 1633 IPs.

    Today I checked again, and to my surprise I got:

    [root@ciplogic ~]# iptables -L -n | grep REJECT | wc -l
    5853

    For the first time segment (273 days period) I averaged 5.98 IP bans a day. From that day to today I got: 5853-1633 = 4220 new bans. The time period from November 2014 to today is 573 days.

    That means in the last year the banning grew to 7.36 bans a day (~20% increase). And we need to remember that this is also with the previous backlist.

    So today, beside applauding fail2ban's relentless work, I changed the port of the SSH server.

    To my surprise from this morning, until now, there is radio silence from the fail2ban new bans. I guess most scanners don't do a port scanning first, and they just try to find default or weirdly configured SSH servers.

    So here's my second tip. Change your SSH server port.

  • Docker With OverlayFS on Ubuntu 14.04

    So if you follow up with Docker, you might have found out that the default storage that is provided with a normal Docker installation, is backed by the mighty aufs, created by the awesome Junjiro Okajima.

    But out there there is another file system that is faster, with smaller footprint, etc. It's named OverlayFS, and was merged in the main kernel. Sounds to good to be true? Well read about it.

    TL;DR Docker With OverlayFS on Ubuntu 14.04:

    apt-get install linux-generic-lts-vivid linux-headers-generic-lts-vivid

    Reboot

    wget get.docker.com -O - | sh
    service docker stop
    echo 'DOCKER_OPTS="-s overlay"' >> /etc/default/docker
    service docker start

    Details

    Now, this file system is available only from kernel version 3.18 and up. If you just installed Ubuntu 14.04, as of this date (10th of November, 2015), you should have 3.19 already installed. If you have an older existing Ubuntu 14.04 you need to update your kernel manually.

  • Docker With OverlayFS on Ubuntu 16.04 LTS

    Since I already wrote an article on having Docker running with OverlayFS on Ubuntu 14.04, I won't go over all of it again. Here is a not so quick link on why it's cool to have it. Basically it's faster, harder, better, stronger, and scales better.

    The only note is that since Ubuntu comes with v4 Kernels, there is no need to install any more packages except docker itself. The commands below must be ran as root.

    TL;DR Docker With OverlayFS on Ubuntu 16.04:

    wget https://get.docker.com -O - | sh
     
    systemctl stop docker
     
    CONFIGURATION_FILE=$(systemctl show --property=FragmentPath docker | cut -f2 -d=)
    cp $CONFIGURATION_FILE /etc/systemd/system/docker.service
     
    perl -pi -e 's/^(ExecStart=.+)$/$1 -s overlay/' /etc/systemd/system/docker.service
     
    systemctl daemon-reload
    systemctl start docker

    Details

    The first step just installs docker, straight from docker.com.

    wget https://get.docker.com -O - | sh

    Awesome. The problem now is that it runs with the aufs driver, so we need to stop docker.

    systemctl stop docker

    The next step is to create a copy of the current configuration file from the system itself. We will override the configuration from the system by copying it as /etc/systemd/system/docker.service .

    CONFIGURATION_FILE=$(systemctl show --property=FragmentPath docker | cut -f2 -d=)
    cp $CONFIGURATION_FILE /etc/systemd/system/docker.service

    Now, we change the ExecStart line by appending the OverlayFS setting:

    perl -pi -e 's/^(ExecStart=.+)$/$1 -s overlay/' /etc/systemd/system/docker.service

    We now tell systemd that the configuration files have updated, and start docker again:

    systemctl daemon-reload
    systemctl start docker

    Done. Enjoy.

     

  • Fail2Ban Doing Real Work

    I see that some people try to access my host, even if they are not me.

    Crazy, right?

    Here is a small statistic in less than a year, on how many attackers fail2ban managed to ban, when trying to bruteforce this website via ssh:

    1
    2
    [root@ciplogic ~]# iptables -L -n | grep REJECT | wc -l
    1633

    Awesome!

    So if you don't have it yet, and run some linux, definitelly install it.

    If you use CentOS just do:

    1
    [root@ciplogic ~]# yum install fail2ban

    Happy admining.

  • GermaniumHQ.com is Up!

    Finally the site is now online.

    If you want to jump into web based integration testing, then all you need installed is python regardless of verson 2 or 3, and get Germanium:

    pip install germanium

    Writing a test becomes then as easy as:

    from germanium.static import *
    from time import sleep
     
    open_browser("ff")
    go_to("http://www.google.com")
    type_keys("germanium pypy<enter>", Input("q"))
    wait(Link("Python Package Index"))
    click(Link("Python Package Index"))
    sleep(5)
    close_browser()

    The full documentation is available under the API Documentation link.

  • How to Downgrade Debian From Stretch to Wheezy

    In case you upgraded by mistake your system from Wheezy, to the latest unstable version Stretch, you have several options:

    1. Reinstall (recommended)

    This is actually the recommended option, since the init scripts have changed across versions. Also it's pretty hard to guarantee that the same packages will be there.

    2. Downgrade Your System

    This option is a bit trickier, fortunately Jules from inspire.me wrote a pretty good article about it.  Note that the tutorial he wrote was to downgrade from Jessie to Wheezy. Since we want to skip Jessie as well, we need to use the oldstable (aka "wheezy" at the time of writing) instead stable. See https://www.debian.org/releases/ for the current Debian releases.

    So since you want now to skip two versions, you need to have the file in /etc/apt/preferences with:

    Package: *
    Pin: release a=oldstable
    Pin-Priority: 1001
  • Migrate your Apache server to nginx on CentOS

    How do you migrate an existing Apache server, to a brand new nginx installation for several websites that use PHP? This is a simple tutorial into changing an Apache installation into a nginx one, without having to change your existing websites.

    nginx is a server that scales far better compared to apache running on the same hardware. The tutorial is not super CentOS specific, but all the commands were run on a CentOS.

    The Apache server that was migrated, namely this blog, has several virtual hosts, that are all running PHP, some of them Joomla websites. The plan is to take them as they are, and have them available externally the same way as before, using the same virtual host names, the same folder locations, with the same users assigned to them.

    The reason is that if we screw up something in the process, we can just revert to our old proven Apache, by just restarting the Apache service and shutting down nginx. Also we can minimize the downtime, since if done right it should be in the end just shutting down apache and starting nginx, but if it doesn't work we can quickly go back to serving the files with Apache until we figure out what is going on.

    While it is simple, it is a pretty long read, so grab your coffee, and hack away:

     1. Install nginx

    This is as simple as running:

    yum install nginx

    Make sure the /etc/nginx/conf.d/default.conf has the paths pointing to /var/www/html, or whatever was the default site for your Apache configuration. (In my case it was /var/www/blog).

    OK, next

  • SSHD Cygwin HowTo

    Start Cygwin as an Administrator, and then run:

    # ssh-host-config -y

    Follow the instructions on the screen.

    Finished.

Germanium

The one to rule them all. The browsers that is.

SharpKnight

SharpKnight is an Android chess game.

MagicGroup

MagicGroup is an eclipse plugin.