Apologies for being away so long

I had some pressing matters with my team at Being Libertarian LLC, I have since published some new articles there which you can read through this link, https://beinglibertarian.com/author/ganon/. This weekend I plan to be creating a brand new WordPress stack as this server is on the older Ubuntu 14.04 LTS with a GNU/Linux, Apache, MySQL, and PHP (5.7) LAMP stack. The new wordpress stack I will be building will utilize Ubuntu 16.04 GNU/Linux, Nginx (Easy Engine), MariaDB, and PHP (7) (making it a LEMP stack). I have over the past few months grown to love Nginx more than Apache. So I am ditching LAMP stacks for LEMP. It will incorporate SQL Injection filters, Cloudflare DNS Proxy and DDoS mitigation, Nginx caching, amongst many other things. Yes I will be putting forth a tutorial on how to do what I will be making. I also hate PHPMyAdmin and prefer working directly in shell, so no there will not be tutorial including PHPMyAdmin. This is in part due to my perception of one more way for a website to be compromised.

I am not sure whether or not I will cover the SQL database migration as those tutorials are widely found across the website. So hopefully I should have the entirety documented by late next week.

Beef up mail-in-a-box Fail2Ban jails and filters

In the past few posts of my blog/journal I detailed blocklist, nginx, and such. However I now have 12 jails in my MiaB server:

Munin, roundcube, owncloud, postfix, ssh-ddos, miab-management, sasl, ssh, dovecot, nginx-badbots, nginx-http-auth, and recidive.

Some of these jails had to be added manually to jails.local, I like to send my reports to two of my emails (work and personal) plus blocklist.de. So the sendmail-whois-lines is not required, and may be removed if wanted to do so.

[miab-munin]
enabled = true
port = http,https
filter = miab-munin
action = sendmail-whois-lines[name=miab-munin, dest=”[email protected],[email protected],[email protected]”, [email protected], sendername=”Fail2Ban”]
logpath = /var/log/nginx/access.log
maxretry = 20
findtime = 30

[miab-owncloud]
enabled = true
port = http,https
filter = miab-owncloud
action = sendmail-whois-lines[name=miab-owncloud, dest=”[email protected],[email protected],[email protected]”, [email protected], sendername=”Fail2Ban”]
logpath = /home/user-data/owncloud/owncloud.log
maxretry = 20
findtime = 30

[miab-postfix587]
enabled = true
port = 587
filter = miab-postfix-submission
action = sendmail-whois-lines[name=miab-postfix-submission, dest=”[email protected],[email protected],[email protected]”, [email protected], sendername=”Fail2Ban”]
logpath = /var/log/mail.log
maxretry = 20
findtime = 30

[miab-roundcube]
enabled = true
port = http,https
filter = miab-roundcube
action = sendmail-whois-lines[name=miab-roundcube, dest=”[email protected],[email protected],[email protected]”, [email protected], sendername=”Fail2Ban”]
logpath = /var/log/roundcubemail/errors
maxretry = 20
findtime = 30

In your filter.d folder create the following files with the content below

miab-munin.conf:

[INCLUDES]

before = common.conf

[Definition]
failregex=<HOST> – .*GET /admin/munin/.* HTTP/1.1\” 401.*
ignoreregex =

miab-owncloud:

[INCLUDES]

before = common.conf

[Definition]
failregex=Login failed: .*Remote IP: ‘<HOST>[\)’]
ignoreregex =

miab-postfix-submission.conf

[INCLUDES]

before = common.conf

[Definition]
failregex=postfix/submission/smtpd.*warning.*\[<HOST>\]: .* authentication (failed|aborted)
ignoreregex =

miab-roundcube.conf

[INCLUDES]

before = common.conf

[Definition]

failregex = IMAP Error: Login failed for .*? from <HOST>\. AUTHENTICATE.*

ignoreregex =

Ideas pulled from Github with my additional touches for nginx prior

Send Fail2Ban logs to multiple addresses

So I was running into an issue where I wanted to send the logs to blocklist.de as well as my own personal email, and my business email. However I found myself running into issues of sending to more than one. So I figured out the proper syntax for the jail.conf and jail.local

sendmail-whois-lines[name=FILTERNAME, dest=”[email protected],[email protected],[email protected]”, [email protected], sendername=”Fail2Ban”]

Just replace the parts in all caps with the appropriate settings for you. I always add blocklist.de to report to a whole community of abusers

Fixed Nvidia GPU settings for GNU/Linux Home Theater PC

Hello everyone, so I have a home theater PC I built myself that is running completely on GNU/Linux. So I ran into an issue at my Grandmothers house when I brought it with me, and xorg.conf would be deleted on each reboot. Plus the GPU would have significant tearing on video at 720p and 1080p. I had previously fixed the video tearing.

If you do not already have the nvidia drivers installed install them with the code below
NOTE: THIS IS FOR NVIDIA-361 THE LATEST CURRENT STABLE DRIVER, OLDER GPU’S (such as my prior Nvidia 240GT I upgraded this HTPC from) MAY NEED AN OLDER DRIVER

sudo apt-get update
sudo apt-get remove nvidia-*
sudo apt-get install nvidia-361 nvidia-settings

It appears there was a bug in the Xubuntu 14.04.3 LTS I use (also applies to Ubuntu, Kubuntu, Lubuntu, and Linux Mint I believe as well) that it kept deleting it. I am pretty sure this is due to the fact I had it installed prior, so the nvidia-xconfig needed to be called again. This is easily remedied in machines with an Nvidia GPU, and the proprietary Nvidia driver by running

sudo nvidia-xconfig

This will create a barebones xorg.conf that will get it to do basic functions. Now the additions to the xorg.conf to fix video tearing for my Nvidia 720GT (1GB DDR3 by Gigabyte if wondering)

Now here is where we need to start editing xorg.conf. So bring up your favorite editor as root. In my case I like nano in terminal, notepadqq and emacs for GUI, and open xorg.conf

sudo nano /etc/X11/xorg.conf

This should now bring up your xorg.conf. So there is one section that needs two options added and two sections at the bottom that need to be added

Look for the “Device” section, and it should look similar to this with your GPU model instead of my Nvidia 720GT 1GB DDR3. Each of the “Option” additions, are one line each.

Section “Device”
Identifier “Device0”
Driver “nvidia”
VendorName “NVIDIA Corporation”
BoardName “GeForce GT 720”
Option “RegistryDwords” “PowerMizerEnable=0x1; PerfLevelSrc=0x3322; PowerMizerDefaultAC=0x1”
Option “TripleBuffer” “True”
EndSection

Add these two sections at the bottom

Section “DRI”
Mode 0666
EndSection

Section “Extensions”
Option “Composite” “Enable”
EndSection

After this your video should be tear free. Tested on Xubuntu GNU/Linux 14.04.3 LTS w/ custom 4.1.13 amd64 kernel, Nvidia-361 drivers, to a TV with HDMI