Booservers - All about dedicated servers

Easy CURL 7.10.4 w/SSL

Thu, 15 Dec 2005 21:35:04 +0000

We've put together these RPM's for libcurl 7.10.2 with SSL support. They upgrade over the stock RH ones. Installation is via rpm -Uvh

Applicability (RH 7.2 / 7.3 required) :

Webppliance 3.1
Webppliance Pro 3.5
cPanel 6
Plesk 5.0

These are also Modernbill compatible on all above panel types.

Downloadables:

curl-7.10.4-1.i386.rpm
curl-devel-7.10.4-1.i386.rpm

MD5 Checksums

37a04f7db8c34fddbb309d067d16a453 curl-7.10.4-1.i386.rpm
e09253b7c227573f4e5b10d3987f433b curl-devel-7.10.4-1.i386.rpm

Credits: http://www.cheetaweb.com/

Using fail2ban to ban abusive IP's for SSH and Apache

Thu, 15 Dec 2005 21:24:21 +0000

How to automatically ban abusive ip's using fail2ban

Originally from Ensim 4.0; similar steps had to be taken after the upgrade to 4.0.2; I would assume the same follows until python 2.3 is included [it may already be; corrections welcome].

Fail2Ban scans log files like /var/log/pwdfail or /var/log/apache/error_log and bans IP that makes too many password failures. It updates firewall rules to reject the IP address.

http://fail2ban.sourceforge.net/

RPM version can be obtained from here;

http://fail2ban.sourceforge.net/rpm...1jik.noarch.rpm

For those of you / us who do not have python2.3; it is required.
You can snag an rpm for your system here:

http://www.python.org/2.3.5/rpms.html
I used the following version for Red Hat EL3.

python2.3-2.3.5-4pydotorg.i386.rpm

Python will require db4. The following url has satisfactory versions for different systems.

http://rpm.pbone.net/index.php3?sta...h=db4&srodzaj=3
I used the following version for Red Hat EL3.

db4-4.2.52-6.i386.rpm

# The following would then be performed as root

1) cd /root; mkdir fail2ban

2) do you have python 2.3?
'which python' or if you have tab completion enabled type in 'pyth' and hit tab two or three times, it should pop up as 'python2.3'.

3) wget http://fail2ban.sourceforge.net/rpm...1jik.noarch.rpm

4) rpm -i fail2ban-0.6.0-ljik.noarch.rpm

5) nano -w /etc/fail2ban.conf

6) change the following items

----------------------------

[DEFAULT]
# Option: background
# Notes.: start fail2ban as a daemon. Output is redirect to logfile.
# Values: [true | false] Default: false
#
background = true

----------------------------

change :: background = true
# This is so we can start it as a service when the machine comes up

6a) You can also have email sent to you by changing

----------------------------

[MAIL]
# Option: enabled
# Notes.: enable mail notification when banning an IP address.
# Values: [true | false] Default: false
#
enabled = true

----------------------------

change :: enabled = true
And then inputting an email address below. Most of the configuration is dead simple for a machine you haven't change the logging facilities on.

You may also wish to add this to the end of the failregex.

|Did not receive identification

----------------------------

# Option: failregex
# Notes.: regex to match the password failures messages in the logfile.
# Values: TEXT Default: Authentication failure|Failed password|Invalid user
#
failregex = Authentication failure|Failed password|Invalid user|Did not receive identification

----------------------------

7) Start the service

----------------------------

# service fail2ban start

----------------------------

8) Make sure it comes up with the system

----------------------------

# chkconfig --level 2345 fail2ban on

----------------------------

9) Test it from a spare ip (if you have one, if not the ban is lifted after the time set in the conf file [600 seconds standard]).

9a) Use screen to 'tail -f /var/log/fail2ban.log'
9b) Use bad logins from an untrusted ip to test for actual banning, email output.
9c) If this fails, use the debug option in /etc/fail2ban.conf

10) Enjoy not one, but two less headaches as apache / ssh scanners, spammers and crackers are locked out of your box. With out too much work you could append a script that would either dump the logs and make repeat offenders banned permenantly, or roll some other solution for your own needs up. Enjoy, and please post any corrections.

Install/Upgrade ProFTPd

Thu, 15 Dec 2005 21:22:32 +0000

Ensim
I'm not going to handle Ensim again since gpan made a nice Howto on this issue and even created
rpms for your usage all information can be found here.
After installing it you can also do the proftpd.conf tweak but you have todo pico -w /etc/proftpd.conf
note:
1. that i can't give any support on the rpm made by gpan, so that will have to go through him.
2. Mouse is against upgrading your ProFTPd on Ensim when you run a up to date 3.1.x and 3.5.x

Plesk
Nighthawk just said to me that this is actually a bad idea for Plesk.
Nighthawk has years of experience with Plesk so i fully support what he's saying about Plesk whatsoever .
So your officially warned by me and NightHawk so dont do this howto on your system.
You will destroy it otherwise but you can do the proftpd.conf tweak without a problem, so just skip most of this how-to and usage pico -w /etc/proftpd.conf instead just like Ensim.

Plain i didn't test this on cPanel but it needs to be able to run this as well, as far as i know

First we login to the machine through SSH.
We become superuser... we all know su - or sudo su does the trick.

Now we are going todo stuff

wget ftp://ftp.proftpd.org/distrib/sourc...pd-1.2.9.tar.gz

Now after recieving the tarball, we will extract it

tar -zxvf proftpd-1.2.9tar.gz

Now we move to the folder we just extracted

cd proftpd1.2.9

Now we need to configure ProFTPd

./configure --prefix=/usr/local/proftpd

Now we make the configure we just made.

make

Finally were going to install whatever we just made.

make install

-----------------------------------
ProFTPd 1.2.9 is now installed on your system. he four lines below are certain security measures that can be taken to hide the identity of ProFTPd.*These are optional, but recommended*

Now lets edit proftpd.conf

pico -w /usr/local/proftpd/etc/proftpd.conf

We add a line above ServerName

ServerIdent Off

Now we want to input a servername

ServerName "FTP Server" or put something else instead whatever you like
-----------------------------------

Stop your old ProFTPd (remember you have 2 proftpds now both old as new)

service proftpd stop or killall -9 proftpd

Start Your new ProFTPd

/usr/local/proftpd/sbin/proftpd

------------------------------------------------------------------------------------

All done, you should now have a successfully upgraded/installed proftpd configuration.

Small tip: if you want to loose your old proftpd after upgrade rpm remove it.