Category Archive: Ubuntu

EDIT: Prune backups made with Relax and Recover #rear #linux

People keep asking me how I make incremental backups with rear, so I edited my posting about pruning backups with rear and inserted my config.

Prune backups …

If you don’t want to look that up you find my /etc/rear/local.conf below.

BACKUP=NETFS
OUTPUT=ISO
CDROM_SIZE=20
BACKUP_URL=nfs://xxx.xxx.xxx.xxx/volume2/LinuxDR/rear
ISO_DIR=/mnt/ISO
ISO_PREFIX=”rear-$HOSTNAME”
BACKUP_PROG_EXCLUDE=( ‘/tmp/*’ ‘/dev/shm/*’ ‘/mnt/*’ ‘/media/*’ $VAR_DIR/output/\* )
BACKUP_SELINUX_DISABLE=1
BACKUP_TYPE=incremental
FULLBACKUPDAY=Fri

I also rsync my backups to an external (Raspberry Pi 1B) server, will post about that later on.

Have fun backing up!

HOWTO: Prune backups made with Relax and Recover #rear #linux

I am backing up my Linux machines bare-metal with ReaR, in the form of weekly full backups and incrementals. ReaR does a great job but doesn’t cleanup old backups by itself, so if you do nothing you’re filing up your backup server sooner or later.

As I am lazy Linux sysadmin I don’t want to cleanup leftovers manualy, so I automated it 🙂 Here is how:

First: my /etc/rear/local.conf

BACKUP=NETFS
OUTPUT=ISO
CDROM_SIZE=20
BACKUP_URL=nfs://xxx.xxx.xxx.xxx/volume2/LinuxDR/rear
ISO_DIR=/mnt/ISO
ISO_PREFIX=”rear-$HOSTNAME”
BACKUP_PROG_EXCLUDE=( ‘/tmp/*’ ‘/dev/shm/*’ ‘/mnt/*’ ‘/media/*’ $VAR_DIR/output/\* )
BACKUP_SELINUX_DISABLE=1
BACKUP_TYPE=incremental
FULLBACKUPDAY=Fri
NETFS_PREFIX=”$HOSTNAME”root@lamp02:~#

This will create a full backup every friday, and incrementals on all other days.

In the picture below you see what happens if you let things run it’s course:

files_lamp02

I have got 11 backup archives of which I only need 4 (today) to recover when needed. The archives with an “F” in their name are full backups, the other ones (with “I”) are incrementals. There are also two important files here, basebackup.txt and timestamp.txt. Those two files actually do sort of the same: tell the system when the last full backup was made. ReaR needs this for restoring the system, using the correct files. I only need timestamp.txt for my cleanup job, but I could also use basebackup.txt for them. What’s in those files is not important to me, I use the time and date they where created or modified. Today is march 17, so every archive created before the last full backup (march 13 in this case) may be deleted.

To find out what files can be deleted you can issue the following command in the terminal:

find /media/nfs/lamp02/*tar.gz -type f ! -newer /media/nfs/lamp02/timestamp.txt

(make sure to adjust the path to your own situation!)

Output:

term_lamp02

To delete them issue the following command:

find /media/nfs/lamp02/*tar.gz -type f ! -newer /media/nfs/lamp02/timestamp.txt | xargs rm -f

(Again, adjust your paths!)

All files created before the last full backup will be gone, keeping your backup server clean 🙂
The only thing you have to do now is create a proper cronjob to automate this. Be sure the command runs AFTER the backups are complete!

For the best results you can do this daily. If you feel you want to keep your files longer, maybe a month, you can tweak around to accomplish that. Maybe I will update this posting with my own solution for that, although in my case I do not need it.

Happy Linux’ing!

(Edit: this posting is now in the official rear user documentation, which is kinda cool)
(Edit 2: people keep asking me how to make incremental backups with ReaR, so I inserted my /etc/rear/local.conf above)

Wait for it! SSL 3.0 patch coming up!

On oct 6, 2014 I wrote something about Heartbleed.
Today the Register.co.uk comes with some scary stuff

Admins, prepare!

Cleaning your windows never was this easy!

It’s free, and easy to use. Try it, and never revert ..

IMG_1224.JPG

Let’s have some fun with Windows!

Oeoeoeoeoeoeoeoehhhhhhhh!!!!

HOWTO: Remove old kernels from your Ubuntu system

This is gonna be a short one 🙂

Open a terminal (crtl-alt-t)
Enter: sudo apt-get autoremove

Have fun!

Howto: protect your server with fail2ban (debian / ubuntu)

As I went through my logs today, looking for the cause of trouble with my ftp (slow transfer rates), I noticed that somebody was trying to brute force my server over ssh. Of course, this failed (I have some other tricks in place that I don’t want to share), but I want these attacks to be as brief as possible. So, I installed fail2ban (actually forgot to set it up when I installed my server earlier this year).

Here we go:
apt-get install fail2ban (you might use sudo on ubuntu, must be root anyway)

Now go to /etc/fail2ban/ and edit jail.conf (make a copy first)

– Make some changes (action and port, although the defaults are fine in much cases).
– Restart fail2ban: service fail2ban restart
– Check if it works: iptables -L

Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-ssh tcp -- anywhere anywhere multiport dports 22
IMSCP_INPUT all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
IMSCP_OUTPUT all -- anywhere anywhere

Chain IMSCP_INPUT (1 references)
target prot opt source destination
tcp -- anywhere anywhere tcp spt:submission
tcp -- anywhere anywhere tcp spt:ssmtp
tcp -- anywhere anywhere tcp spt:smtp
tcp -- anywhere anywhere tcp dpt:imaps
tcp -- anywhere anywhere tcp dpt:pop3s
tcp -- anywhere anywhere tcp dpt:submission
tcp -- anywhere anywhere tcp dpt:ssmtp
tcp -- anywhere anywhere tcp dpt:smtp
tcp -- anywhere anywhere tcp dpt:imap2
tcp -- anywhere anywhere tcp dpt:pop3
tcp -- anywhere anywhere tcp dpt:https
tcp -- anywhere anywhere tcp dpt:www
RETURN all -- anywhere anywhere

Chain IMSCP_OUTPUT (1 references)
target prot opt source destination
tcp -- anywhere anywhere tcp dpt:submission
tcp -- anywhere anywhere tcp dpt:ssmtp
tcp -- anywhere anywhere tcp dpt:smtp
tcp -- anywhere anywhere tcp spt:imaps
tcp -- anywhere anywhere tcp spt:pop3s
tcp -- anywhere anywhere tcp spt:submission
tcp -- anywhere anywhere tcp spt:ssmtp
tcp -- anywhere anywhere tcp spt:smtp
tcp -- anywhere anywhere tcp spt:imap2
tcp -- anywhere anywhere tcp spt:pop3
tcp -- anywhere anywhere tcp spt:https
tcp -- anywhere anywhere tcp spt:www
RETURN all -- anywhere anywhere

Chain fail2ban-ssh (1 references)
target prot opt source destination

RETURN all -- anywhere anywhere

Done!

I changed the action part to “action = %(action_mwl)s” because I want to know what goes on. If you do this then don’t forget to change the “destemail” to your email address.

Update!

Hi,

The IP 188.40.41.131 has just been banned by Fail2Ban after
6 attempts against ssh.

Here are more information about 188.40.41.131:

% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered.
% To receive output for a database update, use the “-B” flag.

% Information related to ‘188.40.41.128 – 188.40.41.191’

% Abuse contact for ‘188.40.41.128 – 188.40.41.191’ is ‘abuse@hetzner.de’

Hello! New server!

Testing 78.46.35.134 and migrating my IMAP mailboxes ..

78.46.35.134 - PuTTY_002

herman.harperink@server: ~_003

20130827-074154.jpg

It just seems to work!

Edit 28-08-13: Now hosting a blog, an own cloud, encrypted email, support desk and much more, on this fine server. The next step will be a youtube or vimeo like instance 🙂

05-10-2013: as of today also hosting CalDav (my calendar and tasks)

Lol @VroepVroep.

20130811-171635.jpg

Lekker droog …

HOWTO: Scan IP range with nmap

Under Ubuntu, that is.

Simple!

Today I ran into an WAP (Wireless Access Point) with unknown values (username/pass/IP). Although none of those should be a problem, I wanted to try to brute force it rather then reset it.
After connecting to the network (I knew the key) I scanned the network to find the ip, using nmap.

Do this:
Open a terminal
Install nmap (sudo apt-get install nmap)
run nmap as follows: sudo nmap 192.168.0.0/24

This will scan the whole range from 192.168.0.0 – 192.168.0.255 and give you all responding hosts.

Have fun!

P.s. If you have a iPad or iPhone, like me, you are better of using “fing”, if you only want to find connected devices on your network ..