Menu

Archive for Doku

additional postfix filter for fail2ban

June 18, 2017 |  by  |  Computer Stuff, Doku  |  No Comments

My fail2ban-setup was missing a filter for a certain type of attack which has a different “_daemon”-string

 

send an email when a user su’s to root

May 8, 2017 |  by  |  Computer Stuff, Doku  |  No Comments

put this into /root/.bashrc:

 

Barracuda offers a new — and free — alternative to Spamhaus

March 31, 2017 |  by  |  Computer Stuff, Doku  |  No Comments

Now a new, free alternative to Spamhaus has arrived: the Barracuda Reputation Block List (BRBL), provided by well-known, open source-based Barracuda Networks. And Barracuda CEO Dean Drako says the company has no plans to charge for the service in the future. He says that BRBL (pronounced “barbell”) “does cost us a little bit of money to run, but we think that the goodwill, the reputation and the understanding that Barracuda is providing the service will do us well in the long run.”

Source: Barracuda offers a new — and free — alternative to Spamhaus

Synergy, Ubuntu MATE, Raspberry Pi 3… and a Windows workstation

March 22, 2017 |  by  |  Computer Stuff, Doku  |  No Comments

Synergy is available from https://symless.com/synergy.

My Raspberry is running Ubuntu MATE but this should work with Raspbian too. It is working on Kubuntu 16.10.

Sources:

  • https://www.raspberrypi.org/forums/viewtopic.php?t=165146&p=1065116
  • https://wiki.archlinux.org/index.php/synergy#Clients_configuration
  • https://neverendingsecurity.wordpress.com/2015/04/13/how-to-configure-synergy-on-linux/
  • https://wiki.ubuntuusers.de/Synergy/
  • https://ubuntu-mate.community/t/auto-login-to-the-desktop/60

Install newest version of Synergy client on Raspberry Pi 3

Install the necessary tools, get the source code, build, deploy and configure the Synergy client

Create a script to start Synergy client

Create the necessary Synergy client config file for encryption

Configure lightdm for auto login

To configure lightdm to auto login,  add the directive autologin-user, specifying a user name, to /etc/lightdm/lightdm.conf.d/60-lightdm-gtk-greeter.conf.

raspberry pi 3 with ubuntu mate – important information

March 13, 2017 |  by  |  Computer Stuff, Doku  |  No Comments

Weil es hier besser aufgehoben ist…

Upgrades

Please do not attempt to upgrade your raspberry pi to a newer version of the distribution (for instance, from 15.04 to 15.10) as the underlying kernel is not designed to do this. This process will take a very long time to complete while potentially filling up your SD card to a point where there is no more free space.

It is safer to back up all your data you wish to keep and re-flash the card with the new image. Attempting to upgrade may corrupt the SD card, prevent your installation from booting, or cause severe glitches.

You can, however, install regular updates via the Software Updater utility for your installed software.

Kernel Updates

The same kernel provided by the Raspberry Pi foundation is used in this edition of Ubuntu MATE. As this kernel is delivered like a “firmware” blob, updates are not distributed via the Software Updater or apt-get.

Instead, to update the kernel, open a terminal and run:

Hardware Acceleration

Currently, Hardware accelerated applications are not supported unlike Raspbian. Applicationsthat depend on OpenGL ES libraries or require the GPU will fail to start.

For playing videos, the application omxplayer will be able to do this and is pre-installed. If you are looking to play MPEG-2 or VC-1 video files then you will need MPEG-2 and/or VC-1 licenses from the Raspberry Pi Store.

Enable/Disable X11

For users who are looking to create their own headless “server” using Ubuntu MATE, there is a utility for toggling the graphical environment.

To disable X11 and login via the console:

To enable X11 to restore the Ubuntu MATE desktop:

Changes take effect after a reboot.

Migrate ownCloud to Nextcloud and protect it against brute force attacks with fail2ban

July 6, 2016 |  by  |  Computer Stuff, Doku  |  2 Comments

Here is what I have done to migrate my ownCloud installation to Nextcloud. My installation is configured with the data directory outside of the webservers document root. To my surprise, the process was simple and painless.

  • First, I have updated my ownCloud installation to version 9.0.2, which I think is the newest BETA version, via the updater app.
  • Then I have made a full backup of the MySQL database via mysqldump and a full backup of the domains directory structure with tar (because of its size via sshfs to another server with sufficient space). There are howtos which are recommending exporting calendars and contacts prior to the migration, but I did not see what it should be good for after a full backup (and I do have filesystem snapshots on top of that).
  • The next step was to delete everything in the ownCloud installation directory but /config, /data (and the /data direcory outside the document root of course) and /themes.
  • After that I have extracted the Nextcloud 9.0.52 release ZIP just over what was left of my installation and then I have changed owner and group of the extracted files to the run user and group of the domain.
  • Now it’s been time to point my browser to the GUI of the new Nextcloud installation and just walk through the steps.
  • To finalize the migration I had to reactivate the calendar and contacts app.

To tighten the security of my Nextcloud installation a little, I have configured fail2ban to react on failed login attempts.

First you have to tell Nextcloud that you want to write a log file in /path/to/Nextcloud/config/config.php

The next thing to do is to configure a filter definition /etc/fail2ban/filter.d/nextcloud.conf to tell fail2ban how to find IP-Adresses to ban:

Then you have to add a jail definition to /etc/fail2ban/jail.local (yep, I know that I have long bans)

You can test your configuration with these commands:

 

and

 

remote logging with rsyslogd

April 7, 2016 |  by  |  Computer Stuff, Doku  |  No Comments
  • http://www.rsyslog.com/doc/rsconf1_allowedsender.html
  • http://www.rsyslog.com/storing-messages-from-a-remote-system-into-a-specific-file/
  • https://doc.pfsense.org/index.php/Copying_Logs_to_a_Remote_Host_with_Syslog
  • https://devops.profitbricks.com/tutorials/configure-remote-logging-with-rsyslog/

Apache Monitoring

March 24, 2016 |  by  |  Computer Stuff, Doku  |  No Comments
  • watch -n 0.5 lynx –dump http://localhost/server-status
  • apachetop -q -T 100 /var/log/ispconfig/httpd/<DOMAINNAME>/access.log
  • tail -f /var/log/apache2/other_vhosts_access.log