ciplogic.com
Live with grace. Write superb software.

centos

  • Change Your SSH Server Port

    A while back, in November 2014, I was posting an article showing that over the course of a year and a half or so (my blog was rehosted from February 2014), fail2ban blocked 1633 IPs.

    Today I checked again, and to my surprise I got:

    [root@ciplogic ~]# iptables -L -n | grep REJECT | wc -l
    5853

    For the first time segment (273 days period) I averaged 5.98 IP bans a day. From that day to today I got: 5853-1633 = 4220 new bans. The time period from November 2014 to today is 573 days.

    That means in the last year the banning grew to 7.36 bans a day (~20% increase). And we need to remember that this is also with the previous backlist.

    So today, beside applauding fail2ban's relentless work, I changed the port of the SSH server.

    To my surprise from this morning, until now, there is radio silence from the fail2ban new bans. I guess most scanners don't do a port scanning first, and they just try to find default or weirdly configured SSH servers.

    So here's my second tip. Change your SSH server port.

  • Fail2Ban Doing Real Work

    I see that some people try to access my host, even if they are not me.

    Crazy, right?

    Here is a small statistic in less than a year, on how many attackers fail2ban managed to ban, when trying to bruteforce this website via ssh:

    1
    2
    [root@ciplogic ~]# iptables -L -n | grep REJECT | wc -l
    1633

    Awesome!

    So if you don't have it yet, and run some linux, definitelly install it.

    If you use CentOS just do:

    1
    [root@ciplogic ~]# yum install fail2ban

    Happy admining.

  • Linux Automatic Updates on CentOS

    Here's an update for the automatic updates, geared at CentOS/RHEL only.

    Dumitru Ciobârcianu tells us that there is a package for CentOS that already does that, named yum-cron. Thus instead of editing files inside the /etc/cron.daily, you can get away with:

    yum install yum-cron

    This in turn will create two cron jobs, one daily to do the updates, and one weekly, that will also do cleanup such as:

    # cat /etc/yum/yum-weekly.yum 
    clean packages
    clean expire-cache
    ts run
    exit

    Furthermore it allows configuration for checking packages, and what not. So definitely on CentOS go with yum-cron, since it's the better alternative.

    Thank you Dumitru!

    On Debian/Ubuntu there is also a package named cron-apt, but that one by default will do only the update of the package definitions (apt-get update -y) and not the actual upgrade of the system.

  • Migrate your Apache server to nginx on CentOS

    How do you migrate an existing Apache server, to a brand new nginx installation for several websites that use PHP? This is a simple tutorial into changing an Apache installation into a nginx one, without having to change your existing websites.

    nginx is a server that scales far better compared to apache running on the same hardware. The tutorial is not super CentOS specific, but all the commands were run on a CentOS.

    The Apache server that was migrated, namely this blog, has several virtual hosts, that are all running PHP, some of them Joomla websites. The plan is to take them as they are, and have them available externally the same way as before, using the same virtual host names, the same folder locations, with the same users assigned to them.

    The reason is that if we screw up something in the process, we can just revert to our old proven Apache, by just restarting the Apache service and shutting down nginx. Also we can minimize the downtime, since if done right it should be in the end just shutting down apache and starting nginx, but if it doesn't work we can quickly go back to serving the files with Apache until we figure out what is going on.

    While it is simple, it is a pretty long read, so grab your coffee, and hack away:

     1. Install nginx

    This is as simple as running:

    yum install nginx

    Make sure the /etc/nginx/conf.d/default.conf has the paths pointing to /var/www/html, or whatever was the default site for your Apache configuration. (In my case it was /var/www/blog).

    OK, next

Germanium

The one to rule them all. The browsers that is.

SharpKnight

SharpKnight is an Android chess game.

MagicGroup

MagicGroup is an eclipse plugin.