RSS
 

Posts Tagged ‘linux’

fail2ban

29 Apr

Since I’m writing for once, here are a few pointers for using fail2ban.

Installation (on my Ubuntu 12.04):

sudo apt-get install fail2ban

Configuration:

sudo nano /etc/fail2ban/jail.conf

A few lines to add/change:

[DEFAULT]
 maxretry = 3 # change to what you like, I prefer 2
 ignoreip = 127.0.0.1 192.168.0.0/24 # you can add several ignored ranges, use cidr-format
 bantime = 3600 # default 600, change to 86400 for 24h

[ssh]
 enabled = true
 port = ssh
 filter = sshd
 logpath = /var/log/auth.log
 maxretry = 2

Restart the service

sudo service fail2ban restart

Checking in on how fail2ban is doing a few days later:

#!/bin/bash
zgrep -h Ban /var/log/fail2ban.log* | grep ssh | awk '{print $(NF)}' | sort | uniq -c

Save it as a file and give it a name you’ll remember, like analyze-fail2ban.sh,
then run chmod +x analyze-fail2ban.sh.
Finally run it with ./analyze-fail2ban.sh
…this will output a list of IP’s which have been banned by fail2ban (and how many times).

      1 115.249.171.19
      1 119.36.186.44
      1 166.111.230.4
      1 180.168.208.2

Now if we want to take this one step further we can run a whois -lookup on the IP’s to find out which network and which part of the world they’re from.
You can run whois from your terminal or use an online service like http://whois.arin.net/ or http://www.whoisip.se/. A quick search on Google for “whois ip” gives a ton of more or less crappy results on the subject.

For instance, if we check a few of the above:
(this is just the first few lines from the whois record)

inetnum:	115.249.0.0 - 115.249.255.255
netname:	RCOM-Static-DIA
country:	IN

inetnum:        119.36.0.0 - 119.36.255.255
netname:        UNICOM-HB
descr:          China Unicom HuBei Province Network
country:        CN

inetnum:        166.111.0.0 - 166.111.255.255
netname:        TUNET
descr:          imported inetnum object for IIINT
country:        CN

Amazing, isn’t it?

“What next?” you might ask, and well, there’s a few things you could try. For one, you usually find an abuse e-mail address, but who knows how often (if ever) anyone checks that account. Another thing could be to add firewall rules to block them… sure, they’ll probably be using a new IP the next time, but you could also block that whole network since you know the range they’re in.

Oh, The Art of Web has a nice and easy calculator for getting the “1.2.3.4 – 5.6.7.8″ range into the cidr-format which can be used with iptables and a lot of other systems. They also have really good additional information on fail2ban, see here.

 
No Comments

Posted in Linux, Tech

 

How-to: mysqldump

24 Oct

Note to self:

mysqldump -u USER -p PASS -databases DB1 DB2 | gzip -9 > dumpfile.sql.gz
 
No Comments

Posted in Tech

 

Rooting Desire – a lesson learned

20 May

I never thought that rooting a HTC Desire (not HD) would be as complicated as it turned out to be.

A couple points to take into consideration when doing it:

  1. Use Unrevoked3.
    You’ll save youtself a bunch of steps/time by using the linux version. No need to install custom hboot-drivers for Windows, etc. It just works. :)
  2. If it fails (in this case with a “process com.unrevoked.zysploit has stopped unexpectedly”), try doing a factory reset before running Unrevoked.
  3. Don’t forget to put the custom ROM of your choice in the root of your SD-card. I’d recommend CyanogenMod, if you’re having trouble deciding on what to try.
  4. Don’t forget to wipe your phone from the clockworkmod recovery (phone, cache, dalvik-cache) before installing the new ROM.

Oh, also gave the newest CM7 based Elelinux-variant for the Hero a try. Seemed to run nicely (plus it’s Android 2.3.4). :)

 
1 Comment

Posted in Tech

 

Linux on a Soekris net4801

19 May

It’s been a while, but I’m back again. :)

This time around I had the dubious pleasure of trying to figure out how to put Linux on a Soekris net4801 (a little ugly box with 3 ethernet ports, 128Mb RAM, 266 MHz CPU and a 4 Gb Compact Flash-card).

A lot of trial/error and various guides around the net:

I tried at least four different installations of Ubuntu before I gave up, there was always something that went wrong. The Debian Squeeze-variant seemed simple enough, so that’s what I ended up installing and then troubleshooting for a few hours.

A few issues which arose during the installation and configuration:

The passwords for the default users (root & soekris) were missing from the tarball. Supposedly the file was called “Squeeze-On-Soekris-passwords”, but it wasn’t there. However, you can mount the CF-card on another Linux-machine and modify /etc/shadow and remove the passwords. (A really neat trick I didn’t know about.)

Grub (v2) was more or less screwed and kept spitting out Error 15: File not found for the first couple of reboots, I did manage to push the older version, which I’m a lot more comfortable configuring by hand, on to the CF-card. Seems it did not like working with UUIDs at all. Took a few tries entering the kernel parameters by hand to get the box to boot.

With the older version of Grub you easily get just garbage printed out via the serial-cable, the fix for this this turned out to be a line called “terminal serial” (instead of the long “terminal –timeout 5 serial console”).

The box would die on a server panic of sorts complaining about clocksource-something, I got past it by adding “notsc” to the kernel-line.

Now after a few days of searching, troubleshooting and a load of trial/error the box is happily up and running Squeeze. :)

 
1 Comment

Posted in Tech

 

Ladda program från SVTPlay?

16 Mar

Dags för ett inlägg på svenska tycker jag. Ämnet blir (som titeln också säger) att ladda ner intressanta avsnitt från svtplay.se för att se dem utanför webbläsaren. Många avsnitt finns endast tillgängliga en begränsad tid, så då kan det vara trevligt att ha möjligheten att se dem lite senare… förutsatt att du kom ihåg att ladda ner förstås. :)

Förberedelser:
Du behöver en linux-burk som du kan installera rtmpdump på. I Ubuntu gör du det lättast med kommandot sudo apt-get install rtmpdump. Annars finns källkoden på http://rtmpdump.mplayerhq.hu/.

Ett nerladdat avsnitt, steg för steg:

  1. Hitta avsnittet på svtplay.se
  2. Visa källkoden (Ctrl+U i Chrome)
  3. Sök efter “dynamicStreams”
    dynamicStreams svtplay
  4. Markera från rtmp: till .mp4 (se bilden ovan) och kopiera URLen
  5. Öppna upp terminalen, skriv in följande:
    rtmpdump -r KlistraInURLenDuNyssKopierat -o NyttFilnamn
  6. Rulla tummarna ett tag. Varierar en hel del hur snabbt det går att få ner avsnittet, snittar själv från 1½ minut till runt 10 minuter.

Filerna som laddas ner är .mp4 med en resolution på 1280×720, dvs de är ca 500mb/30min.

Om du känner dig utmanad att göra det lättare för dig själv så kan du alltid knåpa ihop ett skript som gör det mesta åt dig per automatik. :)

Snäll som jag är så kan jag ge lite idéer på köpet, t.ex. lite PHP för att underlätta hela processen. ;) 

function curl_download($Url){
  if (!function_exists('curl_init')){
    die('cURL is not installed!');
  }
  $ch = curl_init();
  curl_setopt($ch, CURLOPT_URL, $Url);
  curl_setopt($ch, CURLOPT_REFERER, "http://svtplay.se/");
  curl_setopt($ch, CURLOPT_USERAGENT, 
    "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.25 (KHTML, like Gecko) "
    ."Chrome/12.0.705.0 Safari/534.25");
  curl_setopt($ch, CURLOPT_HEADER, 0);
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  curl_setopt($ch, CURLOPT_TIMEOUT, 10);
  $output = curl_exec($ch);
  curl_close($ch);
  return $output;
}

if(isset($_POST['url'])) {
  $url = $_POST['url'];
  $svtplay_src = curl_download($url);
  $stream_start = strpos($svtplay_src, "dynamicStreams=url:");
  $stream_end = strpos($svtplay_src, ".mp4,", $stream_start);
  $stream_url = substr($svtplay_src, $stream_start+19, $stream_end-$stream_start-15);	
  $name_pos = strrpos($stream_url, "/");
  $stream_name = substr($stream_url, $name_pos+1, strlen($stream_url)-$name_pos+1);
  $shellcmd = "rtmpdump -r ".$stream_url." -o streams/".$stream_name."";
  $time_start = microtime(true);
  system($shellcmd);
  $time_end = microtime(true);
  $exectime = $time_end - $time_start;
  echo "
Downloaded ".$stream_name." in ".round(($exectime/60),1)." minutes.
";
}

Förutsättningen för skriptet är att en form skickar med POST variabeln “url” som innehåller URLen till klippet på svtplay och att det finns en mapp som heter “streams”. $_POST kan döpas om till $_GET, så kan man ange ?url=http://svtplay.se/osv som en query i adressen. Observera att det hela är väldigt beroende på hastigheten av internetuppkopplingen och hur laggigt svtplay är när anropet görs. Sidan kan se ut som att den hängt sig, men den slutar ladda när rtmpdump blivit klar.

Kanske jag borde skriva ihop ett färdigt paket en vacker dag? Där har jag nåt att tänka på…

 
3 Comments

Posted in Tech