Category Archive: Computers

HOWTO: Raspberry Pi with 3.5 inch TFT Waveshare clone.

This has been tested on Raspbian Jessie.

I recently build a kind of Raspberry Pi Rig, with the Pi 1B, 2B and 3B. To finish things I wanted to add some displays to it so I am not looking at a blind panel.

Luckily you can find all sorts of displays at E-bay so I bought one cheap-ass touch TFT display for around 11 Euro’s.

After playing around with the display I found out it’s a cheap waveshare clone. As expected, there came no documentation with the display, so basically you’re on your own.

I’ve searched the internet and found the things I needed to get things running. So after making a backup of my Pi3 SD card I installed the display and got to work.
After powering up th Pi the screen is white, with nothing else to see (backlight only).

Since I am running Raspbian lite, without X I won’t be doing anything with the touch features of the screen, I am on CLI only mode.e
Logon to your pi and enter the following commands (you don’t need sudo for the display installation)

sudo apt-get update && sudo apt-get upgrade -y
wget http://www.waveshare.com/w/upload/7/74/LCD-show-170309.tar.gz
tar xvf LCD-show-*.tar.gz
cd LCD-show/
chmod +x LCD35-show
./LCD35-show

Some packages must be installed, answer with yes (y)

The pi will reboot and the display comes to life!

It is very well possible that your screen is up side down. If that is the case you need to find a solution yourself since I didn’t find any, and I don’t care about it since I just rotated the whole rig 🙂

After installing the display it would be nice if it shows something more then just a login prompt. Htop would be nice, for a start.

This is how to do it:

sudo apt-get install htop
sudo raspi-config (boot options > console autologin)

Don’t reboot yet, do:

nano .bashrc

At the end of the file add:

if [ $(tty) == /dev/tty1 ]; then
/usr/bin/htop
fi

crtl-x to save the file.

To keep the screen on, do:

sudo nano /etc/kbd/config

Set the folowing:
BLANK_TIME=0

Save the file

sudo nano /boot/cmdline.txt
add set consoleblank=0 to the single line

Save the file.
Reboot:

sudo shutdown -r now

Sit back and enjoy your Raspberry Pi display showing HTOP 🙂

A great example of a “slow” brute force attack #ossec

The last couple of days a lot of malicious servers got caught by my Ossec HIDS/IPS and have been send to my iptables jail. However, I’ve been seeing one host (185.93.185.239) evading my traps for days. It has been nocking on my door in a slow pace, slow enough not to trigger a brute force detection (causing six events in a small period of time).

So I changed the brute force detection window to 86400 seconds, to see if that helps.

The result:

image

He got caught and went to jail 🙂

iptables -L

image

@sucurisecurity killed my wordpress site (twice)

w00t w00t! mod_fcgid: stderr: PHP Fatal error: Cannot redeclare class SucuriScanSiteCheck

Yesterday Sucuri for WordPress was updated to 1.7.18, my website immediatly went offline. I got notified about it by Jetpack.
Problem: I cannot deactivate the Sucuri plugin via the WordPress dash since the site is down and I can’t login 🙂
Solution: Logon via FTP and rename the Sucuri plugin directory to .old. My site went back up immediatly.

I tried to revert to my latest backup, which worked, and Sucuri got automaticly updated to version 1.7.19. My website went down again .. and I could start all over again, disabling the plugin over FTP

For now I leave the plugin as is. Hopefully Sucuri comes with a solution soon. I’ll wait ..

Update: after posting this to Twitter Sucuri immediately contacted me and offered to provide a solution. As we speak we are working together to get this solved. Thumbs up for a company like that.

Update2: it’s working again, but the source of the troubles is yet to be determined.

EDIT: Prune backups made with Relax and Recover #rear #linux

People keep asking me how I make incremental backups with rear, so I edited my posting about pruning backups with rear and inserted my config.

Prune backups …

If you don’t want to look that up you find my /etc/rear/local.conf below.

BACKUP=NETFS
OUTPUT=ISO
CDROM_SIZE=20
BACKUP_URL=nfs://xxx.xxx.xxx.xxx/volume2/LinuxDR/rear
ISO_DIR=/mnt/ISO
ISO_PREFIX=”rear-$HOSTNAME”
BACKUP_PROG_EXCLUDE=( ‘/tmp/*’ ‘/dev/shm/*’ ‘/mnt/*’ ‘/media/*’ $VAR_DIR/output/\* )
BACKUP_SELINUX_DISABLE=1
BACKUP_TYPE=incremental
FULLBACKUPDAY=Fri

I also rsync my backups to an external (Raspberry Pi 1B) server, will post about that later on.

Have fun backing up!

Why would one use #fail2ban ..

This is why 🙂

Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-postfix-sasl tcp — anywhere anywhere multiport dports smtp
fail2ban-dovecot-pop3imap tcp — anywhere anywhere multiport dports pop3,pop3s,imap2,imaps
fail2ban-pureftpd tcp — anywhere anywhere multiport dports ftp
fail2ban-ssh tcp — anywhere anywhere multiport dports ssh

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain fail2ban-dovecot-pop3imap (1 references)
target prot opt source destination
RETURN all — anywhere anywhere

Chain fail2ban-postfix-sasl (1 references)
target prot opt source destination
REJECT all — 157.122.148.247 anywhere reject-with icmp-port-unreachable
REJECT all — 193.189.117.162 anywhere reject-with icmp-port-unreachable
REJECT all — 193.189.117.151 anywhere reject-with icmp-port-unreachable
REJECT all — aus1345893.lnk.telstra.net anywhere reject-with icmp-port-unreachable
REJECT all — 187-54-83-70.gnace704.e.brasiltelecom.net.br anywhere reject-with icmp-port-unreachable
REJECT all — 41.65.158.124 anywhere reject-with icmp-port-unreachable
REJECT all — 185.125.4.196 anywhere reject-with icmp-port-unreachable
RETURN all — anywhere anywhere

Chain fail2ban-pureftpd (1 references)
target prot opt source destination
REJECT all — localhost anywhere reject-with icmp-port-unreachable
REJECT all — 46.105.49.146 anywhere reject-with icmp-port-unreachable
REJECT all — 221.5.49.36 anywhere reject-with icmp-port-unreachable
RETURN all — anywhere anywhere

Chain fail2ban-ssh (1 references)
target prot opt source destination
REJECT all — 119.164.254.50 anywhere reject-with icmp-port-unreachable
REJECT all — 113.12.184.238 anywhere reject-with icmp-port-unreachable
REJECT all — customer-187-157-170-18-sta.uninet-ide.com.mx anywhere reject-with icmp-port-unreachable
REJECT all — 171.234.8.73 anywhere reject-with icmp-port-unreachable
REJECT all — 121.15.13.237 anywhere reject-with icmp-port-unreachable
REJECT all — 117.3.103.61 anywhere reject-with icmp-port-unreachable
REJECT all — 103.4.231.200 anywhere reject-with icmp-port-unreachable
REJECT all — 91.224.160.10 anywhere reject-with icmp-port-unreachable
REJECT all — host-156.196.1.35-static.tedata.net anywhere reject-with icmp-port-unreachable
REJECT all — 222.76.215.239 anywhere reject-with icmp-port-unreachable
REJECT all — 27.72.65.228 anywhere reject-with icmp-port-unreachable
REJECT all — 116.31.116.10 anywhere reject-with icmp-port-unreachable
REJECT all — 123.238.175.59.broad.wh.hb.dynamic.163data.com.cn anywhere reject-with icmp-port-unreachable
REJECT all — 104.148.116.66 anywhere reject-with icmp-port-unreachable
REJECT all — 124.158.5.115 anywhere reject-with icmp-port-unreachable
REJECT all — ip-198.12-150-220.ip.secureserver.net anywhere reject-with icmp-port-unreachable
REJECT all — ubuntu-dev.sofia-connect.net anywhere reject-with icmp-port-unreachable
REJECT all — 13.84.218.172 anywhere reject-with icmp-port-unreachable
REJECT all — 45.119.154.176 anywhere reject-with icmp-port-unreachable
REJECT all — static.vnpt.vn anywhere reject-with icmp-port-unreachable
REJECT all — ec2-52-37-48-252.us-west-2.compute.amazonaws.com anywhere reject-with icmp-port-unreachable
REJECT all — 103.207.39.18 anywhere reject-with icmp-port-unreachable
REJECT all — 185.110.132.201 anywhere reject-with icmp-port-unreachable
REJECT all — oisin.gainpromotion.net anywhere reject-with icmp-port-unreachable
REJECT all — 222.186.56.14 anywhere reject-with icmp-port-unreachable
REJECT all — vps07.snthostings.com anywhere reject-with icmp-port-unreachable
REJECT all — 79.96.151.203.sta.inet.co.th anywhere reject-with icmp-port-unreachable
REJECT all — 222.186.21.224 anywhere reject-with icmp-port-unreachable
REJECT all — static-49-107-226-77.ipcom.comunitel.net anywhere reject-with icmp-port-unreachable
REJECT all — dynamic.vdc.vn anywhere reject-with icmp-port-unreachable
REJECT all — ruslango94.zomro.com anywhere reject-with icmp-port-unreachable
REJECT all — host149-173-static.9-188-b.business.telecomitalia.it anywhere reject-with icmp-port-unreachable
REJECT all — wim-luche9.fastnet.it anywhere reject-with icmp-port-unreachable
REJECT all — ec2-52-26-61-71.us-west-2.compute.amazonaws.com anywhere reject-with icmp-port-unreachable
REJECT all — static.vdc.vn anywhere reject-with icmp-port-unreachable
RETURN all — anywhere anywhere

Monitoring cafeïne levels with @zabbix

Can somebody bring me some coffee? Please?

image

🙂

HOWTO: #Ispconfig3 #Postfix #Greylisting

No-to-Spam
Just a little manual 🙂
Assuming that you have Ispconfig3 with postfix installed, it’s very easy to get rid of spam that passes your filters, despite the fact that Ispconfig has a anti-spam engine onboard.

I am on Debian 8 (Jessie) b.t.w.

– Login as root and

apt-get update && apt-get install postgrey

***
#Optional:
Postgrey add’s a delay on your maildelivery, but only for hosts that are new to your server. The default is 300 seconds, but you can safely shorten that to 60 or less because the spamming server might never retry because it won’t get a the greylist command 🙂
Please note that the number “10023” is the port on which postrey runs, it may differ on your installation. Keep that number in mind because you need it in a minute.

nano /etc/default/postgrey

add –delay=60 to this line: POSTGREY_OPTS=”–inet=127.0.0.1:10023″ It will look like this: POSTGREY_OPTS=”–inet=127.0.0.1:10023 –delay=60″

service postgrey start

***

nano /etc/postfix/main.cf

and add check_policy_service inet:127.0.0.1:10023 to the smtpd_recipient_restrictions.
Mine looks like this:
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf,check_policy_service inet:127.0.0.1:10023

postfix reload

Done

You might want to see it working, you can do so by issuing the following command:

tail -f /var/log/mail.log | grep greylist

Output looks like this:

root@server /var/log # tail -f mail.log | grep greylist
Dec 21 12:30:31 server postgrey[27672]: action=greylist, reason=new, client_name=unknown, client_address=122.191.145.8, recipient=[redacted]

Enjoy, spam is something from the past.

Spam analysis in the works

This is a small workrelated project you may ignore. So please move on 🙂

sendmespam@em-tux.eu unfiltered account
filtertest@em-tux.eu filtered account

www.therebelnetworker.com

www.therebelnetworker.com

Gimme some more Pi!

Ok, here it is, my brand new Raspberry Pi 2 Model B.
Specs:

A 900MHz quad-core ARM Cortex-A7 CPU
1GB RAM
Like the (Pi 1) Model B+, it also has:

4 USB ports
40 GPIO pins
Full HDMI port
Ethernet port
Combined 3.5mm audio jack and composite video
Camera interface (CSI)
Display interface (DSI)
Micro SD card slot
VideoCore IV 3D graphics core

When I start my project I’ll report. Probably I will test my download station on this one, and check out it’s performance. After that I will try some backup functions with plane rsync, or lftpd, and Bacula DR.

image

About the Asus Transformer T200 …

It can only run a 32 Bit OS, so do not try to install Windows 8 AMD64 software!!!
It can only run a 32 Bit OS, so do not try to install Windows 8 AMD64 software!!!
It can only run a 32 Bit OS, so do not try to install Windows 8 AMD64 software!!!
It can only run a 32 Bit OS, so do not try to install Windows 8 AMD64 software!!!
It can only run a 32 Bit OS, so do not try to install Windows 8 AMD64 software!!!
It can only run a 32 Bit OS, so do not try to install Windows 8 AMD64 software!!!
It can only run a 32 Bit OS, so do not try to install Windows 8 AMD64 software!!!
It can only run a 32 Bit OS, so do not try to install Windows 8 AMD64 software!!!
It can only run a 32 Bit OS, so do not try to install Windows 8 AMD64 software!!!
It can only run a 32 Bit OS, so do not try to install Windows 8 AMD64 software!!!
It can only run a 32 Bit OS, so do not try to install Windows 8 AMD64 software!!!
It can only run a 32 Bit OS, so do not try to install Windows 8 AMD64 software!!!

It won’t work, and it can waste your day 🙂

Greetings to PVA. Next time, buy something decent …