Fail2ban – Prevent Postfix Brute Force

Installation

# apt-get install fail2ban

To limit memory usage, add to /etc/default/fail2ban:

+ulimit -s 256

Configuration
Local config file
Create a local config file /etc/fail2ban/jail.local to override settings in jail.conf:

SSH
To ban authentication via SSH after 3 failed attempts add the following to /etc/fail2ban/jail.local:

[ssh]
enabled   = true
port      = ssh
filter    = sshd
logpath   = /var/log/auth.log
maxretry  = 3

Restart:

# /etc/init.d/fail2ban restart

Postfix and Dovecot
To ban authentication to Postfix and Dovecot after 3 failed attempts add the following to /etc/fail2ban/jail.local:

[dovecot]
enabled = true
port = pop3,pop3s,imap,imaps
filter = dovecot
logpath = /var/log/mail.log
maxretry  = 3

[postfix]
enabled  = true
port     = smtp,ssmtp
filter   = postfix
logpath  = /var/log/mail.log
maxretry  = 3

[sasl]
enabled   = true
port      = smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s
filter    = sasl
logpath   = /var/log/mail.log
maxretry  = 3

Fail2ban (Debian Squeeze) isn’t shipped with a configuration for Dovecot, so create /etc/fail2ban/filter.d/dovecot.conf:

[Definition]
failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed).*rip=(?P\S*),.*
ignoreregex =

Restart fail2ban:

# /etc/init.d/fail2ban restart

Apache
To ban IPs after 3 failed login attempts add the following to /etc/fail2ban/jail.local:

[apache]
enabled = true
port    = http,https
filter  = apache-auth
logpath = /var/log/apache*/*error.log
maxretry = 3

Copy Large amount of data using rsync

Copying large amount of data,like 300 or 400GB’s from one hdd to another using nautilus or any file manager may fail on some occasions. Using the command rsync will be a better idea to copy large piles of data. This will show the progress percentage and the amount of data copied.

rsync -ah --info=progress2 SOURCE_PATH DESTINATION_PATH

change SOURCE and DESTINATION path according to your needs.

Syncing Heroku and GitHub repos

First add them:

git remote add origin 
git remote add herkou git@heroku.com:.git

In case if you want to clone and add

git clone https://github.com//.git
git remote add origin  https://github.com//.git

Push and Pull in Github

git remote -v
git pull origin master -- pull from Github Master branch
git push origin master -- push to Github Master branch

Pushing to Heroku

git remote add origin 
git remote add herkou git@heroku.com:.git
git push heroku master -- push to Heroku

Authentication token manipulation error

One of my friend forgot his ubuntu password and i tried to fix it by going to recovery mode dropping into root shell and resetting the password for the user

root@username-PC:~# passwd username
Enter new UNIX password:
Retype new UNIX password:
passwd: Authentication token manipulation error
passwd: password unchanged

But this time it didn’t work as usual. It showed an error “Authentication token manipulation error”.
I tried googling an found that the file system is not mounted with read/write permission.
From root shell remount file system with read/write permission.

mount -rw -o remount /

Then try changing the password using

passwd username

Some times it may may throw the same error again, then delete the password for the user from /etc/shadow file using the fllowing command

sudo passwd -d username

Replace username with your’s. Then again change the password using

passwd username

Happy Hacking 🙂

How to fix a “Problem with MergeList” or “status file could not be parsed” error

I recently got this error, usually may happen after a Heroku toolbelt setup

E: Encountered a section with no Package: header
E: Problem with MergeList /var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_natty_main_binary-i386_Packages
E: The package lists or status file could not be parsed or opened.

you wont be able to update through terminal too

Open Terminal and issue this command

sudo rm -vf /var/lib/apt/lists/*

Generate a new list by doing a update

sudo apt-get update

Happy Hacking 🙂

Ubuntu 14.04 installer doesn’t show existing partitions

I encountered a strange problem while trying to install Ubuntu 14.04 on a box where a fresh Windows 7 is installed.It’s 1 TB hard disk partitioned into 6 drives. The Ubuntu installer doesn’t show any partition it just showed the whole 1TB as blank one partition. The installer also didn’t detect the Windows 7 installed on the system usually the installer used to detect windows and suggests to install alongside with windows.

 

 

So i quit form the installer and continued on the live session.After some googling i found this solution

The system may report that the disk contains a GUID Partition Table (GPT), which is left behind on a disk that was once used as a GPT disk but then incompletely converted to the more common Master Boot Record (MBR) form. In such situation, the system cannot recognize the partition of Windows. All that the system can see is the whole volumn. If you want to dual boot you can acheive that by removing the GPT data.

Use FixParts to remove GPT data

FixParts is intended to fix is a disk that shows no partitions in GParted or similar tools, although you know the disk to contain partitions because they’re visible to the Linux kernel or to other partitioning software.

Open up a terminal in live session.

Install Fixparts

sudo apt-get install gdisk

Backup
First backup your current partition table

sudo sfdisk -d /dev/sda > partition.txt

Where dev/sda is the partition you want to modified (backup). Next time when you want to restore the partition table, you will be able to recover your partition table by reversing the program.

sudo sfdisk -f /dev/sda < partition.txt

To see the drive’s

Delete the GPT data

sudo fixparts /dev/sda

The first check that the program preforms is for stray GPT data. If it finds lefeover GPT data, it warns you of this fact and ask you what to do:

NOTICE: GPT signatures detected on the disk, but no 0xEE protective 
partition! The GPT signatures are probably left over from a previous 
partition table.Do you want to delete them (if you answer 'Y', this 
will happen immediately)? (Y/N):

Now you can delete the GPT data by simply type Y.

That’s done. Back to your installation and see if the system can find the previously installed Windows partitions.

Now we can see windows 7 partitions on Ubuntu.

Happy Hacking 🙂

How to reset Webmin root password or default password?

After logging in to the server you can use the below command to reset Webmin’s default password or root user password.

For RHEL/CentOS:

/usr/libexec/webmin/changepass.pl /etc/webmin root NEWPASSWORD 

For Debian/Ubuntu

/usr/share/webmin/changepass.pl /etc/webmin root NEWPASSWORD

Happy Hacking 🙂

Configuring Canon MF3010 printer in Ubuntu 14.04

Canon has an officially-released driver for its proprietary UFR II protocol.Download the latest version 2.90

http://www.usa.canon.com/nw3s/CanonUSA/DownloadContents/English/0100344001EN.htm

For 32 bit Machines

$ sudo dpkg -i 32-bit_Driver/Debian/cndrvcups-common_2.90-1_i386.deb
$ sudo dpkg -i 32-bit_Driver/Debian/cndrvcups-ufr2-us_2.90-1_i386.deb

For 64 bit Machines

$ sudo dpkg -i 64-bit_Driver/Debian/cndrvcups-common_2.90-1_amd64.deb
$ sudo dpkg -i 64-bit_Driver/Debian/cndrvcups-ufr2-us_2.90-1_amd64.deb
$ sudo apt-get install libxml2:i386
$ sudo apt-get install libjpeg62:i386
$ sudo apt-get install lib32z1
$ sudo apt-get install libstdc++5:i386 libstdc++6:i386
$ sudo restart cups

In ubuntu select Printers and add the new printer

Now open your browser and paste this in url

http://localhost:631

you will be able to see CUPS wen interface

🙂

How to fix “System program problem detected” error on Ubuntu

You may have encountered this error several times in ubuntu.Ubuntu has a program called Apport that is responsible for detecting such crashes and upon user consent, report these crashes to developers. But its  always annoying for us. To disable the popup first remove the crash files.The apport system creates crash report files in the /var/crash directory. These crash report files cause the error message to appear everytime Ubuntu boots.

sudo rm /var/crash/*

To get rid of the popup permanently disable the Apport system

sudo vim /etc/default/apport

you can see something like this

# set this to 0 to disable apport, or to 1 to enable it
# you can temporarily override this with
# sudo service apport start force_start=1
enabled=1

Set the value of enabled to 0, and this will disable Apport.

enabled=0

Save the file and close it, then restart Apport

 sudo restart apport

How to Protect your BASH Against the Shellshock Bash Vulnerability

On September 24, 2014, a GNU Bash vulnerability, referred to as Shellshock or the “Bash Bug”, was disclosed. In short, the vulnerability allows remote attackers to execute arbitrary code given certain conditions, by passing strings of code following environment variable assignments. Because of Bash’s ubiquitous status amongst Linux, BSD, and Mac OS X distributions, many computers are vulnerable to Shellshock; all unpatched Bash versions between 1.14 through 4.3 (i.e. all releases until now) are at risk.

On each of your systems that run Bash, you may check for Shellshock vulnerability by running the following command at the bash prompt:

env 'VAR=() { :;}; echo Bash is vulnerable!' 'FUNCTION()=() { :;}; echo Bash is vulnerable!' bash -c "echo Bash Test"

Copy and paste this command in your terminal.If you are getting this output

 Bash is vulnerable!

Then your Bash is vulnerable
If the only thing that is output from the test command is the following, your Bash is safe from Shellshock:

Bash Test

Fix Vulnerability: Update Bash

sudo apt-get update 
sudo apt-get install --only-upgrade bash