Install and configure fail2ban

Servers do not exist in isolation, and those servers with only the most basic SSH configuration can be vulnerable to brute force attacks. fail2ban provides a way to automatically protect the server from malicious signs. The program works by scanning through log files and reacting to offending actions such as repeated failed login attempts.

Step One—Install Fail2Ban

Because fail2ban is not available from CentOS, we should start by downloading the EPEL repository:

rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

Follow up by installing fail2ban:

yum install fail2ban

Step Two—Copy the Configuration File

The default fail2ban configuration file is location at /etc/fail2ban/jail.conf. The configuration work should not be done in that file, however, and we should instead make a local copy of it.

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

After the file is copied, you can make all of your changes within the new jail.local file. Many of possible services that may need protection are in the file already. Each is located in its own section, configured and turned off. Continue reading “Install and configure fail2ban” »

Share

rkhunter perfect configuration

Introduction

Exposing any computer to the internet is in some ways risky. There are many ways that your server can be compromised or attacked by remote systems and malicious software, and it is an ongoing and proactive process to defend yourself against potential threats.

One potential concern is rootkits. Rootkits are software secretly installed by a malicious intruder to allow that user continued access to the server once security is breached. This is an extremely dangerous problem, because even after the entry vector that the user originally used to gain access is fixed, they can continue to enter the server using the rootkit they installed.

One tool that can help you protect your system from these kinds of problems is rkhunter. This software checks your system against a database of known rootkits. Additionally, it can check other system files to make sure they are in line with expected properties and values.

In this guide, we will install and configure rkhunter to protect our Ubuntu 12.04 VPS. Continue reading “rkhunter perfect configuration” »

Share

Add EPEL Repo to CentOS or SL 6

For 64 Bit

rpm –import http://fedoraproject.org/static/0608B895.txt
wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm -ivh epel-release-6-8.noarch.rpm

For 32 Bit

rpm –import http://fedoraproject.org/static/0608B895.txt
wget http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
rpm -ivh epel-release-6-8.noarch.rpm

Additional Add Remi Repo

rpm –import http://rpms.famillecollet.com/RPM-GPG-KEY-remi
rpm -ivh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm

yum install yum-priorities

Edit /etc/yum.repos.d/epel.repo

vi /etc/yum.repos.d/epel.repo

Share

Open Sourced Load Balancer

Linux Virtual Server
The Linux Virtual Server Project is a project to cluster many real servers together into a highly available, high-performance virtual server. The LVS load balancer handles connections from clients and passes them on the the real servers (so-called Layer 4 switching) and can virtualize almost any TCP or UDP service, like HTTP, HTTPS, NNTP, FTP, DNS, ssh, POP3, IMAP4, SMTP, etc. It is fully transparent to the client accessing the virtual service.
Homepage: http://www.LinuxVirtualServer.org/

BalanceNG
BalanceNG is a modern software IP load balancing solution. It is small, fast, and easy to use and setup. It offers session persistence, different distribution methods (Round Robin, Random, Weighted Random, Least Session, Least Bandwidth, Hash, Agent, and Randomized Agent) and a customizable UDP health check agent in source code. It supports VRRP to set up high availability configurations on multiple nodes. It supports SNMP, integrating the BALANCENG-MIB with Net-SNMPD. It implements a very fast in-memory IP-to-location database, allowing powerful location-based server load-balancing.
Homepage:http://www.inlab.de/balanceng/

HAproxy 
HAproxy is a high-performance and highly-robust TCP and HTTP load balancer which provides cookie-based persistence, content-based switching, advanced traffic regulation with surge protection, automatic failover, run-time regex-based header control, Web-based reporting, advanced logging to help trouble-shooting buggy applications and/or networks, and a few other features. Its own event-driven state machine achieves 20,000 hits per second and surpasses GigaEthernet on modern hardware, even with tens of thousands of simultaneous connections.
Homepage:http://haproxy.1wt.eu/ Continue reading “Open Sourced Load Balancer” »

Share

MySQL Master-Master Replication

This article is about setting up MySQL Master-Master database replication between two Cloud Servers. Master-Master data replication allows for replicated data, stored on multiple computers, to be updated by any authorized contributing member of the group. This allows for more open collaboration than Master-Slave replication where any needed changes identified by a group member must to be submitted to the designated “master” of the node.

The operating system we will use is Debian 5 (Lenny).

Setup Outline

  • We will have two Cloud Servers, named debian501 and debian502 for the purpose of this exercise. Both servers have two IP addresses (one public, one private). We will configure the replication to be done over the private IP interface so that we don’t incur any bandwidth charges.

Installing MySQL

  • First we need to install MySQL on both the Debian Cloud Servers. As always, prior to installing any packages, we need to make sure that our package list is up to date and our locale/language settings are configured properly.
  • Update the package database:
 #aptitude update
  • Install locales (optional):
 #aptitude install locales #dpkg-reconfigure locales
  • The dpkg-reconfigure locales command will bring up a locales setting window where you can choose the locales for your system depending on your country and region. In this case we have chosen en_GB.UTF-8.
  • Now, you can run the following commands to install MySQL:
 #aptitude install mysql-server mysql-client libmysqlclient15-dev

Continue reading “MySQL Master-Master Replication” »

Share

Install Perfect Mail Server with ISPConfig and Horde 5.0 on Debian Wheezy- Part-2

Install necessary packages

apt-get install php5-sasl php5-intl libssh2-php php5-curl php-http php5-xmlrpc php5-geoip php5-ldap php5-memcache php5-memcached php5-tidy

Register the Horde Pear channel

pear channel-discover pear.horde.org

Set the Horde installation directory

pear install horde/horde_role
pear run-scripts horde/horde_role

You'll be asked the following question:

Filesystem installation for base Horde application: /var/www/horde

You can also chose another folder for the web-accessible horde files. However you'll need to adjust the path in the following steps then. Continue reading “Install Perfect Mail Server with ISPConfig and Horde 5.0 on Debian Wheezy- Part-2” »

Share

Install Perfect Mail Server with ISPConfig and Horde 5.0 on Debian Wheezy- Part-1

First, Install Basic Debian Wheezy. Make sure your network configurations are ok.

Once installed start doing following-

Fixing hostname-

edit /etc/hosts. Make it look like this:

vi /etc/hosts

127.0.0.1 localhost.localdomain localhost
192.168.0.100 server1.example.com server1

# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

Continue reading “Install Perfect Mail Server with ISPConfig and Horde 5.0 on Debian Wheezy- Part-1” »

Share

Fixing Bind for Webmin

First get rid of bind-chroot (if it is installed!)

yum -y remove bind-chroot

edit /etc/sysconfig/named and remove/comment out any lines that look like ROOTDIR="/var/named/chroot"

Fix the owner of /etc/named.conf with

chown named:named /etc/named.conf

In Webmin go to Servers > Bind DNS Server > Module Config and check the following configs Continue reading “Fixing Bind for Webmin” »

Share