Fail2ban – Prevent Postfix Brute Force

Installation

# apt-get install fail2ban

To limit memory usage, add to /etc/default/fail2ban:

+ulimit -s 256

Configuration
Local config file
Create a local config file /etc/fail2ban/jail.local to override settings in jail.conf:

SSH
To ban authentication via SSH after 3 failed attempts add the following to /etc/fail2ban/jail.local:

[ssh]
enabled   = true
port      = ssh
filter    = sshd
logpath   = /var/log/auth.log
maxretry  = 3

Restart:

# /etc/init.d/fail2ban restart

Postfix and Dovecot
To ban authentication to Postfix and Dovecot after 3 failed attempts add the following to /etc/fail2ban/jail.local:

[dovecot]
enabled = true
port = pop3,pop3s,imap,imaps
filter = dovecot
logpath = /var/log/mail.log
maxretry  = 3

[postfix]
enabled  = true
port     = smtp,ssmtp
filter   = postfix
logpath  = /var/log/mail.log
maxretry  = 3

[sasl]
enabled   = true
port      = smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s
filter    = sasl
logpath   = /var/log/mail.log
maxretry  = 3

Fail2ban (Debian Squeeze) isn’t shipped with a configuration for Dovecot, so create /etc/fail2ban/filter.d/dovecot.conf:

[Definition]
failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed).*rip=(?P\S*),.*
ignoreregex =

Restart fail2ban:

# /etc/init.d/fail2ban restart

Apache
To ban IPs after 3 failed login attempts add the following to /etc/fail2ban/jail.local:

[apache]
enabled = true
port    = http,https
filter  = apache-auth
logpath = /var/log/apache*/*error.log
maxretry = 3
Advertisements

Copy Large amount of data using rsync

Copying large amount of data,like 300 or 400GB’s from one hdd to another using nautilus or any file manager may fail on some occasions. Using the command rsync will be a better idea to copy large piles of data. This will show the progress percentage and the amount of data copied.

rsync -ah --info=progress2 SOURCE_PATH DESTINATION_PATH

change SOURCE and DESTINATION path according to your needs.

Syncing Heroku and GitHub repos

First add them:

git remote add origin 
git remote add herkou git@heroku.com:.git

In case if you want to clone and add

git clone https://github.com//.git
git remote add origin  https://github.com//.git

Push and Pull in Github

git remote -v
git pull origin master -- pull from Github Master branch
git push origin master -- push to Github Master branch

Pushing to Heroku

git remote add origin 
git remote add herkou git@heroku.com:.git
git push heroku master -- push to Heroku

Authentication token manipulation error

One of my friend forgot his ubuntu password and i tried to fix it by going to recovery mode dropping into root shell and resetting the password for the user

root@username-PC:~# passwd username
Enter new UNIX password:
Retype new UNIX password:
passwd: Authentication token manipulation error
passwd: password unchanged

But this time it didn’t work as usual. It showed an error “Authentication token manipulation error”.
I tried googling an found that the file system is not mounted with read/write permission.
From root shell remount file system with read/write permission.

mount -rw -o remount /

Then try changing the password using

passwd username

Some times it may may throw the same error again, then delete the password for the user from /etc/shadow file using the fllowing command

sudo passwd -d username

Replace username with your’s. Then again change the password using

passwd username

Happy Hacking 🙂

How to fix a “Problem with MergeList” or “status file could not be parsed” error

I recently got this error, usually may happen after a Heroku toolbelt setup

E: Encountered a section with no Package: header
E: Problem with MergeList /var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_natty_main_binary-i386_Packages
E: The package lists or status file could not be parsed or opened.

you wont be able to update through terminal too

Screenshot from 2016-04-30 14:56:09

Open Terminal and issue this command

sudo rm -vf /var/lib/apt/lists/*

Generate a new list by doing a update

sudo apt-get update

Happy Hacking 🙂

Ubuntu 14.04 installer doesn’t show existing partitions

I encountered a strange problem while trying to install Ubuntu 14.04 on a box where a fresh Windows 7 is installed.It’s 1 TB hard disk partitioned into 6 drives. The Ubuntu installer doesn’t show any partition it just showed the whole 1TB as blank one partition. The installer also didn’t detect the Windows 7 installed on the system usually the installer used to detect windows and suggests to install alongside with windows.

Screenshot from 2016-01-13 16_26_02

 

Screenshot from 2016-01-13 16_26_30

 

Screenshot from 2016-01-13 16_26_40

So i quit form the installer and continued on the live session.After some googling i found this solution

The system may report that the disk contains a GUID Partition Table (GPT), which is left behind on a disk that was once used as a GPT disk but then incompletely converted to the more common Master Boot Record (MBR) form. In such situation, the system cannot recognize the partition of Windows. All that the system can see is the whole volumn. If you want to dual boot you can acheive that by removing the GPT data.

Use FixParts to remove GPT data

FixParts is intended to fix is a disk that shows no partitions in GParted or similar tools, although you know the disk to contain partitions because they’re visible to the Linux kernel or to other partitioning software.

Open up a terminal in live session.

Install Fixparts

sudo apt-get install gdisk

Backup
First backup your current partition table

sudo sfdisk -d /dev/sda > partition.txt

Where dev/sda is the partition you want to modified (backup). Next time when you want to restore the partition table, you will be able to recover your partition table by reversing the program.

sudo sfdisk -f /dev/sda < partition.txt

To see the drive’s

Screenshot from 2016-01-13 16_30_59

Delete the GPT data

sudo fixparts /dev/sda

The first check that the program preforms is for stray GPT data. If it finds lefeover GPT data, it warns you of this fact and ask you what to do:

NOTICE: GPT signatures detected on the disk, but no 0xEE protective 
partition! The GPT signatures are probably left over from a previous 
partition table.Do you want to delete them (if you answer 'Y', this 
will happen immediately)? (Y/N):

Now you can delete the GPT data by simply type Y.

That’s done. Back to your installation and see if the system can find the previously installed Windows partitions.

Screenshot from 2016-01-13 16_32_56

Screenshot from 2016-01-13 16_34_02

Screenshot from 2016-01-13 16_35_39

Screenshot from 2016-01-13 16_35_53

Now we can see windows 7 partitions on Ubuntu.

Happy Hacking 🙂