Menu

Archive for Computer Stuff

Migrate ownCloud to Nextcloud and protect it against brute force attacks with fail2ban

July 6, 2016 |  by  |  Computer Stuff, Doku  |  2 Comments

Here is what I have done to migrate my ownCloud installation to Nextcloud. My installation is configured with the data directory outside of the webservers document root. To my surprise, the process was simple and painless.

  • First, I have updated my ownCloud installation to version 9.0.2, which I think is the newest BETA version, via the updater app.
  • Then I have made a full backup of the MySQL database via mysqldump and a full backup of the domains directory structure with tar (because of its size via sshfs to another server with sufficient space). There are howtos which are recommending exporting calendars and contacts prior to the migration, but I did not see what it should be good for after a full backup (and I do have filesystem snapshots on top of that).
  • The next step was to delete everything in the ownCloud installation directory but /config, /data (and the /data direcory outside the document root of course) and /themes.
  • After that I have extracted the Nextcloud 9.0.52 release ZIP just over what was left of my installation and then I have changed owner and group of the extracted files to the run user and group of the domain.
  • Now it’s been time to point my browser to the GUI of the new Nextcloud installation and just walk through the steps.
  • To finalize the migration I had to reactivate the calendar and contacts app.

To tighten the security of my Nextcloud installation a little, I have configured fail2ban to react on failed login attempts.

First you have to tell Nextcloud that you want to write a log file in /path/to/Nextcloud/config/config.php

The next thing to do is to configure a filter definition /etc/fail2ban/filter.d/nextcloud.conf to tell fail2ban how to find IP-Adresses to ban:

Then you have to add a jail definition to /etc/fail2ban/jail.local (yep, I know that I have long bans)

You can test your configuration with these commands:

 

and

 

remote logging with rsyslogd

April 7, 2016 |  by  |  Computer Stuff, Doku  |  No Comments
  • http://www.rsyslog.com/doc/rsconf1_allowedsender.html
  • http://www.rsyslog.com/storing-messages-from-a-remote-system-into-a-specific-file/
  • https://doc.pfsense.org/index.php/Copying_Logs_to_a_Remote_Host_with_Syslog
  • https://devops.profitbricks.com/tutorials/configure-remote-logging-with-rsyslog/

Apache Monitoring

March 24, 2016 |  by  |  Computer Stuff, Doku  |  No Comments
  • watch -n 0.5 lynx –dump http://localhost/server-status
  • apachetop -q -T 100 /var/log/ispconfig/httpd/<DOMAINNAME>/access.log
  • tail -f /var/log/apache2/other_vhosts_access.log

Force HTTP To HTTPS

March 14, 2016 |  by  |  Computer Stuff, Doku  |  No Comments

Raspberry Pi – Raspian – Static Network Configuration

November 18, 2015 |  by  |  Computer Stuff, Doku  |  No Comments

Static network configuration for Raspian Jessie Lite on a Raspberry Pi 2 B.

Edit /etc/network/interfaces:

And then disable dhcpd:

Block brute force with fail2ban

September 27, 2015 |  by  |  Computer Stuff, Doku  |  No Comments

source: http://crycode.de/wiki/Fail2Ban, Peter Tuch
license: http://creativecommons.org/licenses/by/4.0/
Updated for Debian 8 (2017/02/15)

jail.local

/etc/fail2ban/filter.d/fail2ban.conf

List and delete IP-adresses in IPtables

September 27, 2015 |  by  |  Computer Stuff, Doku  |  No Comments

List existing chains

To list IPs in tables:

List existing chains with line number

To display line numbers:

Example:


Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 fail2ban-fail2ban all -- 0.0.0.0/0 0.0.0.0/0
2 fail2ban-courierimaps tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 993
3 fail2ban-courierimap tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 143
4 fail2ban-courierpop3s tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 995
5 fail2ban-courierpop3 tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 110
6 fail2ban-pureftpd tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 21
7 fail2ban-sasl tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 25,465,143,220,993,110,995
8 fail2ban-ssh tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 22

Chain FORWARD (policy ACCEPT)
num target prot opt source destination

Chain OUTPUT (policy ACCEPT)
num target prot opt source destination

Chain fail2ban-courierimap (1 references)
num target prot opt source destination
1 RETURN all -- 0.0.0.0/0 0.0.0.0/0

Chain fail2ban-courierimaps (1 references)
num target prot opt source destination
1 RETURN all -- 0.0.0.0/0 0.0.0.0/0

Chain fail2ban-courierpop3 (1 references)
num target prot opt source destination
1 RETURN all -- 0.0.0.0/0 0.0.0.0/0

Chain fail2ban-courierpop3s (1 references)
num target prot opt source destination
1 RETURN all -- 0.0.0.0/0 0.0.0.0/0

Chain fail2ban-fail2ban (1 references)
num target prot opt source destination
1 DROP all -- 143.233.185.115 0.0.0.0/0
2 DROP all -- 43.229.53.56 0.0.0.0/0
3 DROP all -- 94.102.49.235 0.0.0.0/0
4 DROP all -- 69.39.193.51 0.0.0.0/0
5 DROP all -- 66.199.0.114 0.0.0.0/0
6 DROP all -- 218.65.30.107 0.0.0.0/0
7 DROP all -- 218.65.30.61 0.0.0.0/0
8 DROP all -- 94.102.63.139 0.0.0.0/0
9 DROP all -- 193.104.41.53 0.0.0.0/0
10 DROP all -- 79.58.55.44 0.0.0.0/0
11 DROP all -- 103.16.228.97 0.0.0.0/0
12 DROP all -- 89.248.168.40 0.0.0.0/0
13 DROP all -- 155.133.19.233 0.0.0.0/0
14 DROP all -- 93.174.95.81 0.0.0.0/0
15 DROP all -- 66.23.231.10 0.0.0.0/0
16 DROP all -- 14.29.80.42 0.0.0.0/0
17 DROP all -- 113.208.115.229 0.0.0.0/0
18 DROP all -- 203.177.147.211 0.0.0.0/0
19 DROP all -- 185.40.4.33 0.0.0.0/0
20 DROP all -- 59.63.188.45 0.0.0.0/0
21 DROP all -- 176.0.36.81 0.0.0.0/0
22 DROP all -- 185.63.252.128 0.0.0.0/0
23 DROP all -- 176.0.44.124 0.0.0.0/0
24 DROP all -- 221.194.57.246 0.0.0.0/0
25 DROP all -- 212.91.171.178 0.0.0.0/0
26 DROP all -- 176.4.58.196 0.0.0.0/0
27 DROP all -- 218.87.111.110 0.0.0.0/0
28 DROP all -- 185.63.252.222 0.0.0.0/0
29 DROP all -- 116.204.96.150 0.0.0.0/0
30 DROP all -- 93.174.93.177 0.0.0.0/0
31 DROP all -- 119.57.151.34 0.0.0.0/0
32 DROP all -- 62.210.151.54 0.0.0.0/0
33 DROP all -- 115.214.234.135 0.0.0.0/0
34 DROP all -- 176.4.14.45 0.0.0.0/0
35 DROP all -- 92.47.201.183 0.0.0.0/0
36 DROP all -- 222.42.146.175 0.0.0.0/0
37 DROP all -- 1.255.86.241 0.0.0.0/0
38 DROP all -- 109.109.38.139 0.0.0.0/0
39 DROP all -- 140.90.114.114 0.0.0.0/0
40 DROP all -- 46.114.78.216 0.0.0.0/0
41 DROP all -- 88.67.212.104 0.0.0.0/0
42 DROP all -- 112.101.135.160 0.0.0.0/0
43 DROP all -- 113.160.248.120 0.0.0.0/0
44 DROP all -- 66.135.38.7 0.0.0.0/0
45 DROP all -- 182.100.67.113 0.0.0.0/0
46 DROP all -- 218.87.111.107 0.0.0.0/0
47 DROP all -- 183.38.146.183 0.0.0.0/0
48 DROP all -- 85.154.11.21 0.0.0.0/0
49 DROP all -- 218.87.111.109 0.0.0.0/0
50 DROP all -- 218.87.111.108 0.0.0.0/0
51 DROP all -- 218.4.117.26 0.0.0.0/0
52 DROP all -- 204.151.15.181 0.0.0.0/0
53 DROP all -- 193.201.224.133 0.0.0.0/0
54 DROP all -- 24.179.227.180 0.0.0.0/0
55 DROP all -- 93.174.93.28 0.0.0.0/0
56 DROP all -- 43.229.53.62 0.0.0.0/0
57 DROP all -- 193.104.41.206 0.0.0.0/0
58 DROP all -- 27.109.17.42 0.0.0.0/0
59 DROP all -- 80.82.65.64 0.0.0.0/0
60 DROP all -- 113.195.145.12 0.0.0.0/0
61 DROP all -- 98.25.77.42 0.0.0.0/0
62 DROP all -- 212.83.176.26 0.0.0.0/0
63 DROP all -- 2.185.148.73 0.0.0.0/0
64 DROP all -- 58.218.211.166 0.0.0.0/0
65 DROP all -- 72.167.140.72 0.0.0.0/0
66 DROP all -- 85.214.19.249 0.0.0.0/0
67 DROP all -- 78.158.161.158 0.0.0.0/0
68 DROP all -- 173.201.187.229 0.0.0.0/0
69 DROP all -- 210.14.157.171 0.0.0.0/0
70 DROP all -- 46.219.50.112 0.0.0.0/0
71 DROP all -- 176.0.37.130 0.0.0.0/0
72 DROP all -- 43.229.53.53 0.0.0.0/0
73 DROP all -- 182.100.67.4 0.0.0.0/0
74 DROP all -- 185.40.4.45 0.0.0.0/0
75 DROP all -- 222.73.99.51 0.0.0.0/0
76 DROP all -- 146.0.72.166 0.0.0.0/0
77 DROP all -- 176.6.106.27 0.0.0.0/0
78 DROP all -- 65.181.127.72 0.0.0.0/0
79 DROP all -- 176.2.120.146 0.0.0.0/0
80 DROP all -- 218.87.111.71 0.0.0.0/0
81 DROP all -- 176.31.128.45 0.0.0.0/0
82 DROP all -- 31.180.129.125 0.0.0.0/0
83 DROP all -- 80.82.64.127 0.0.0.0/0
84 DROP all -- 82.165.35.88 0.0.0.0/0
85 DROP all -- 115.210.75.58 0.0.0.0/0
86 DROP all -- 62.210.187.221 0.0.0.0/0
87 DROP all -- 193.107.17.72 0.0.0.0/0
88 DROP all -- 121.41.14.128 0.0.0.0/0
89 DROP all -- 176.4.111.1 0.0.0.0/0
90 DROP all -- 218.65.30.217 0.0.0.0/0
91 DROP all -- 97.74.198.140 0.0.0.0/0
92 DROP all -- 104.155.36.117 0.0.0.0/0
93 DROP all -- 119.163.120.202 0.0.0.0/0
94 DROP all -- 212.83.175.192 0.0.0.0/0
95 DROP all -- 176.4.13.226 0.0.0.0/0
96 DROP all -- 94.102.52.147 0.0.0.0/0
97 DROP all -- 162.213.153.89 0.0.0.0/0
98 DROP all -- 104.217.216.174 0.0.0.0/0
99 DROP all -- 184.107.214.130 0.0.0.0/0
100 DROP all -- 202.198.129.78 0.0.0.0/0
101 DROP all -- 80.82.64.134 0.0.0.0/0
102 DROP all -- 58.187.84.243 0.0.0.0/0
103 DROP all -- 5.63.119.34 0.0.0.0/0
104 DROP all -- 62.210.190.69 0.0.0.0/0
105 DROP all -- 62.210.187.244 0.0.0.0/0
106 DROP all -- 82.165.37.87 0.0.0.0/0
107 DROP all -- 201.71.174.31 0.0.0.0/0
108 DROP all -- 192.227.219.18 0.0.0.0/0
109 DROP all -- 46.114.5.157 0.0.0.0/0
110 DROP all -- 210.143.144.87 0.0.0.0/0
111 DROP all -- 212.83.147.83 0.0.0.0/0
112 DROP all -- 212.129.15.231 0.0.0.0/0
113 DROP all -- 58.67.199.9 0.0.0.0/0
114 DROP all -- 89.248.164.63 0.0.0.0/0
115 DROP all -- 103.27.27.36 0.0.0.0/0
116 DROP all -- 176.0.110.18 0.0.0.0/0
117 DROP all -- 218.65.30.92 0.0.0.0/0
118 DROP all -- 119.252.171.158 0.0.0.0/0
119 DROP all -- 43.229.53.28 0.0.0.0/0
120 DROP all -- 221.203.142.69 0.0.0.0/0
121 DROP all -- 180.166.152.146 0.0.0.0/0
122 DROP all -- 74.208.72.135 0.0.0.0/0
123 DROP all -- 118.139.160.95 0.0.0.0/0
124 DROP all -- 95.215.0.203 0.0.0.0/0
125 DROP all -- 74.208.199.13 0.0.0.0/0
126 DROP all -- 212.83.175.238 0.0.0.0/0
127 DROP all -- 212.129.14.252 0.0.0.0/0
128 DROP all -- 62.210.188.139 0.0.0.0/0
129 DROP all -- 65.181.123.242 0.0.0.0/0
130 DROP all -- 94.79.33.21 0.0.0.0/0
131 DROP all -- 106.248.211.195 0.0.0.0/0
132 DROP all -- 218.4.90.246 0.0.0.0/0
133 DROP all -- 176.120.40.86 0.0.0.0/0
134 DROP all -- 188.42.216.107 0.0.0.0/0
135 DROP all -- 46.114.38.13 0.0.0.0/0
136 DROP all -- 43.229.53.15 0.0.0.0/0
137 DROP all -- 62.210.167.104 0.0.0.0/0
138 DROP all -- 221.203.142.72 0.0.0.0/0
139 DROP all -- 213.165.70.245 0.0.0.0/0
140 DROP all -- 212.83.175.205 0.0.0.0/0
141 DROP all -- 222.171.202.10 0.0.0.0/0
142 RETURN all -- 0.0.0.0/0 0.0.0.0/0

Chain fail2ban-pureftpd (1 references)
num target prot opt source destination
1 RETURN all -- 0.0.0.0/0 0.0.0.0/0

Chain fail2ban-sasl (1 references)
num target prot opt source destination
1 DROP all -- 81.45.76.209 0.0.0.0/0
2 RETURN all -- 0.0.0.0/0 0.0.0.0/0

Chain fail2ban-ssh (1 references)
num target prot opt source destination
1 DROP all -- 218.87.111.116 0.0.0.0/0
2 DROP all -- 193.201.227.128 0.0.0.0/0
3 RETURN all -- 0.0.0.0/0 0.0.0.0/0

Delete an entry from IPtables

To delete an entry from IPtables:

How to delete an IP-address from IPtables the fail2ban-way

https://www.howtoforge.com/community/threads/how-to-manually-unban-ip-blocked-by-fail2ban.51366/
http://serverfault.com/questions/285256/how-to-unban-an-ip-properly-with-fail2ban
With a pre 0.8.8 version of fail2ban it is:

From version 0.8.8 it is:

How to make the rules persistent

Install the package ‘iptables-persistent’:


Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
iptables-persistent
0 upgraded, 1 newly installed, 0 to remove and 2 not upgraded.
Need to get 10.3 kB of archives.
After this operation, 61.4 kB of additional disk space will be used.
Get:1 http://ftp.de.debian.org/debian/ wheezy/main iptables-persistent all 0.5.7 [10.3 kB]
Fetched 10.3 kB in 0s (247 kB/s)
Preconfiguring packages ...
Selecting previously unselected package iptables-persistent.
(Reading database ... 53276 files and directories currently installed.)
Unpacking iptables-persistent (from .../iptables-persistent_0.5.7_all.deb) ...
update-rc.d: using dependency based boot sequencing
Setting up iptables-persistent (0.5.7) ...
[ ok ] Loading iptables rules... IPv4... IPv6...done.

Usage:


Usage: /etc/init.d/iptables-persistent {start|restart|reload|force-reload|save|flush}