I recently wrote a nice little program to setup and maintain your firewall on Ubuntu GNU/Linux 14.04. This will install a cron job to run daily and pull lists from multiple sites to block malicious IP addresses. Adding around ~40,000 or more individual IP addresses as well as the top 20 malicious IP blocks per day, all voluntarily and freely contributed. All of the malicious individual addresses are managed with ipset, while the IP blocks are managed with IPTables. This leads to a very efficient way of managing the tables easily and automatically. This optionally allows you to enable or disable Tor Exit node connections. I have also created an optional weekly cron job that will block whatever countries you may wish. I hand typed all 233 countries codes into a dialog menu. I added a new iptables-persistent from another Github repository which also works with ipsets to keep it persistent upon reboot for both iptables.
It’s simple enough to install. Simply run the script as root and select if you want to block Tor exit nodes or if you want to block any countries. If there are any issues or suggestions please let me know on GitHub. I want to eventually make this also capable of running on CentOS for my PhonePBX.
When making my other servers I was double checking fail2ban configurations and noticed there is no fail2ban settings for nginx seeing as the webmail runs on it. Not sure if it’s an issue, or anything but I was hoping some other could tell me if I am on the right track, or if it’s not even necessary.
I did this for my email server which runs nginx as the web server.
So I have been building servers for quite sometime, and if you have been operating servers for a while, you know of attempted intrusions into your server. I have been using Fail2Ban and UFW for quite some time on my Ubuntu servers and they work rather well. I would have them automate the job of managing IPTables, which can be rather cumbersome. Especially with IT people whose specialty may not be firewalls. So I have been looking around for a way to automate my job. My favorite tools thus far include
Fail2Ban – scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs — too many password failures, seeking for exploits, etc. Generally Fail2Ban is then used to update firewall rules to reject the IP addresses for a specified amount of time, although any arbitrary other action(e.g. sending an email) could also be configured. Out of the box Fail2Ban comes with filters for various services (apache, courier, ssh, etc).
UFW – Uncomplicated Firewall, The default firewall configuration tool for Ubuntu is ufw. Developed to ease iptables firewall configuration, ufw provides a user friendly way to create an IPv4 or IPv6 host-based firewall. By default UFW is disabled. Gufw is a GUI that is available as a frontend.
Blocklist.de – www.blocklist.de is a free and voluntary service provided by a Fraud/Abuse-specialist, whose servers are often attacked on SSH-, Mail-Login-, FTP-, Webserver- and other services.
The mission is to report all attacks to the abuse deparments of the infected PCs/servers to ensure that the responsible provider can inform the customer about the infection and disable them.
It’s rather easy to set up these update the IPTables with a simple crontab daily, which will sync with blocklist.de
First become root
Then download the script to cron.daily and make it executable
curl -s https://gist.githubusercontent.com/klepsydra/ecf975984b32b1c8291a/raw > /etc/cron.daily/sync-fail2ban
chmod a+x /etc/cron.daily/sync-fail2ban
Optional but Recommended, Initial run manually:
Tomorrow, check your /tmp/iptables.fail2ban.log file to see who’s been blocked.
The lists you get are stored locally for now at /etc/fail2ban/blacklist.*
Your server should now be a little bit more secure with a few thousand new IP addresses added to your IPTables
So I ran into an issue with my Mozilla Thunderbird today when I was finished setting up my new email, contact, and calendar server with Mail-in-a-box. So I go to add the lightning extension for calendars, and low and behold I find out my Thunderbird (the one that came in the the default Xubuntu repos for 14.04LTS) was out of date and not supported by lightning. The Ubuntu repos had version 38.8, but what version was Mozilla at themselves? 45.1 as of this post. So I quickly installed the latest binary but I tend to be forgetful about updates, so I wanted to tie it into the apt package manager so I found a PPA that works.
First if thunderbird is installed remove it, and maybe backup your .thunderbird folder just in case. But you shouldn’t have to worry about losing any data.
sudo apt-get remove -y thunderbird
Next we need to add a new repository called Ubuntuzilla so edit your sources.list. I used nano for this, but feel free to use whatever you like.
sudo nano /etc/apt/sources.list
add to the end deb http://downloads.sourceforge.net/project/ubuntuzilla/mozilla/apt all main
or you can do that all with one command echo -e "\ndeb http://downloads.sourceforge.net/project/ubuntuzilla/mozilla/apt all main" | sudo tee -a /etc/apt/sources.list > /dev/null
Then grab the keys and update sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com C1289A29
sudo apt-get update
Install your desired package, with one of the following commands: sudo apt-get install firefox-mozilla-build
sudo apt-get install thunderbird-mozilla-build
sudo apt-get install seamonkey-mozilla-build
So I have been building a lot of servers and generally I like to segment them to different domains but whois by default only will work with *.com, *.info, *.net you know the usual TLD’s you think of. But now there are so many new ones I like to scoop up I still want to test my server settings with whois. Well have no fear on my Xubuntu 14.04LTS I use everyday simply create the file “whois.conf” in the /etc/ folder. So use your favorite text editor and paste this file in to get any new TLD resolved.
Open Nano (or whatever text editor you prefer) sudo nano /etc/whois.conf
Once inside your text editor paste this list (list is very long so I added a read more section you will need to open to see the entire list)
# WHOIS servers for new TLDs (http://www.iana.org/domains/root/db)
# Current as of 2015-09-12
While setting up an OwnCloud server for my company, I couldn’t really find any good way to cache, and with the Ubuntu repos having an old version of Redis, meant of course it couldn’t be used for best performance and stability. I tried installing it manually from some guides I found, and trying to see OwnCloud’s documentation and was last using an Apcu and Redis (older version) combined so I stumbled upon a guide from TechandMe.se which actually resolved my issues of an old Redis, and dramatically sped up my server.
This guide is also scripted for an automated install, you can download the script here.
I was building my OwnCloud file storage on Ubuntu 14.04LTS (upgrading to 16.04.1 LTS this summer), which if you haven’t heard of definitely check out it is the most amazing cloud storage program and you control it yourself. It even offers server side encryption, and tons of options to make it how you want it for you or your company. See it at www.owncloud.org
But I was coming across an .htaccess issue that kept popping up so I modified Apache so much and it still appeared. So I finally stumbled across my fix. Move the OwnCloud data directory out of the default location. So here are the steps I took