Why would one use #fail2ban ..

This is why 🙂

Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-postfix-sasl tcp — anywhere anywhere multiport dports smtp
fail2ban-dovecot-pop3imap tcp — anywhere anywhere multiport dports pop3,pop3s,imap2,imaps
fail2ban-pureftpd tcp — anywhere anywhere multiport dports ftp
fail2ban-ssh tcp — anywhere anywhere multiport dports ssh

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain fail2ban-dovecot-pop3imap (1 references)
target prot opt source destination
RETURN all — anywhere anywhere

Chain fail2ban-postfix-sasl (1 references)
target prot opt source destination
REJECT all — 157.122.148.247 anywhere reject-with icmp-port-unreachable
REJECT all — 193.189.117.162 anywhere reject-with icmp-port-unreachable
REJECT all — 193.189.117.151 anywhere reject-with icmp-port-unreachable
REJECT all — aus1345893.lnk.telstra.net anywhere reject-with icmp-port-unreachable
REJECT all — 187-54-83-70.gnace704.e.brasiltelecom.net.br anywhere reject-with icmp-port-unreachable
REJECT all — 41.65.158.124 anywhere reject-with icmp-port-unreachable
REJECT all — 185.125.4.196 anywhere reject-with icmp-port-unreachable
RETURN all — anywhere anywhere

Chain fail2ban-pureftpd (1 references)
target prot opt source destination
REJECT all — localhost anywhere reject-with icmp-port-unreachable
REJECT all — 46.105.49.146 anywhere reject-with icmp-port-unreachable
REJECT all — 221.5.49.36 anywhere reject-with icmp-port-unreachable
RETURN all — anywhere anywhere

Chain fail2ban-ssh (1 references)
target prot opt source destination
REJECT all — 119.164.254.50 anywhere reject-with icmp-port-unreachable
REJECT all — 113.12.184.238 anywhere reject-with icmp-port-unreachable
REJECT all — customer-187-157-170-18-sta.uninet-ide.com.mx anywhere reject-with icmp-port-unreachable
REJECT all — 171.234.8.73 anywhere reject-with icmp-port-unreachable
REJECT all — 121.15.13.237 anywhere reject-with icmp-port-unreachable
REJECT all — 117.3.103.61 anywhere reject-with icmp-port-unreachable
REJECT all — 103.4.231.200 anywhere reject-with icmp-port-unreachable
REJECT all — 91.224.160.10 anywhere reject-with icmp-port-unreachable
REJECT all — host-156.196.1.35-static.tedata.net anywhere reject-with icmp-port-unreachable
REJECT all — 222.76.215.239 anywhere reject-with icmp-port-unreachable
REJECT all — 27.72.65.228 anywhere reject-with icmp-port-unreachable
REJECT all — 116.31.116.10 anywhere reject-with icmp-port-unreachable
REJECT all — 123.238.175.59.broad.wh.hb.dynamic.163data.com.cn anywhere reject-with icmp-port-unreachable
REJECT all — 104.148.116.66 anywhere reject-with icmp-port-unreachable
REJECT all — 124.158.5.115 anywhere reject-with icmp-port-unreachable
REJECT all — ip-198.12-150-220.ip.secureserver.net anywhere reject-with icmp-port-unreachable
REJECT all — ubuntu-dev.sofia-connect.net anywhere reject-with icmp-port-unreachable
REJECT all — 13.84.218.172 anywhere reject-with icmp-port-unreachable
REJECT all — 45.119.154.176 anywhere reject-with icmp-port-unreachable
REJECT all — static.vnpt.vn anywhere reject-with icmp-port-unreachable
REJECT all — ec2-52-37-48-252.us-west-2.compute.amazonaws.com anywhere reject-with icmp-port-unreachable
REJECT all — 103.207.39.18 anywhere reject-with icmp-port-unreachable
REJECT all — 185.110.132.201 anywhere reject-with icmp-port-unreachable
REJECT all — oisin.gainpromotion.net anywhere reject-with icmp-port-unreachable
REJECT all — 222.186.56.14 anywhere reject-with icmp-port-unreachable
REJECT all — vps07.snthostings.com anywhere reject-with icmp-port-unreachable
REJECT all — 79.96.151.203.sta.inet.co.th anywhere reject-with icmp-port-unreachable
REJECT all — 222.186.21.224 anywhere reject-with icmp-port-unreachable
REJECT all — static-49-107-226-77.ipcom.comunitel.net anywhere reject-with icmp-port-unreachable
REJECT all — dynamic.vdc.vn anywhere reject-with icmp-port-unreachable
REJECT all — ruslango94.zomro.com anywhere reject-with icmp-port-unreachable
REJECT all — host149-173-static.9-188-b.business.telecomitalia.it anywhere reject-with icmp-port-unreachable
REJECT all — wim-luche9.fastnet.it anywhere reject-with icmp-port-unreachable
REJECT all — ec2-52-26-61-71.us-west-2.compute.amazonaws.com anywhere reject-with icmp-port-unreachable
REJECT all — static.vdc.vn anywhere reject-with icmp-port-unreachable
RETURN all — anywhere anywhere

Monitoring cafeïne levels with @zabbix

Can somebody bring me some coffee? Please?

image

🙂

Driving to work, at 5472 km/h …

Have fun watching ….

HOWTO: Prune backups made with Relax and Recover #rear #linux

I am backing up my Linux machines bare-metal with ReaR, in the form of weekly full backups and incrementals. ReaR does a great job but doesn’t cleanup old backups by itself, so if you do nothing you’re filing up your backup server sooner or later.

As I am lazy Linux sysadmin I don’t want to cleanup leftovers manualy, so I automated it 🙂 Here is how:

First: my /etc/rear/local.conf

BACKUP=NETFS
OUTPUT=ISO
CDROM_SIZE=20
BACKUP_URL=nfs://xxx.xxx.xxx.xxx/volume2/LinuxDR/rear
ISO_DIR=/mnt/ISO
ISO_PREFIX=”rear-$HOSTNAME”
BACKUP_PROG_EXCLUDE=( ‘/tmp/*’ ‘/dev/shm/*’ ‘/mnt/*’ ‘/media/*’ $VAR_DIR/output/\* )
BACKUP_SELINUX_DISABLE=1
BACKUP_TYPE=incremental
FULLBACKUPDAY=Fri
NETFS_PREFIX=”$HOSTNAME”root@lamp02:~#

This will create a full backup every friday, and incrementals on all other days.

In the picture below you see what happens if you let things run it’s course:

files_lamp02

I have got 11 backup archives of which I only need 4 (today) to recover when needed. The archives with an “F” in their name are full backups, the other ones (with “I”) are incrementals. There are also two important files here, basebackup.txt and timestamp.txt. Those two files actually do sort of the same: tell the system when the last full backup was made. ReaR needs this for restoring the system, using the correct files. I only need timestamp.txt for my cleanup job, but I could also use basebackup.txt for them. What’s in those files is not important to me, I use the time and date they where created or modified. Today is march 17, so every archive created before the last full backup (march 13 in this case) may be deleted.

To find out what files can be deleted you can issue the following command in the terminal:

find /media/nfs/lamp02/*tar.gz -type f ! -newer /media/nfs/lamp02/timestamp.txt

(make sure to adjust the path to your own situation!)

Output:

term_lamp02

To delete them issue the following command:

find /media/nfs/lamp02/*tar.gz -type f ! -newer /media/nfs/lamp02/timestamp.txt | xargs rm -f

(Again, adjust your paths!)

All files created before the last full backup will be gone, keeping your backup server clean 🙂
The only thing you have to do now is create a proper cronjob to automate this. Be sure the command runs AFTER the backups are complete!

For the best results you can do this daily. If you feel you want to keep your files longer, maybe a month, you can tweak around to accomplish that. Maybe I will update this posting with my own solution for that, although in my case I do not need it.

Happy Linux’ing!

(Edit: this posting is now in the official rear user documentation, which is kinda cool)
(Edit 2: people keep asking me how to make incremental backups with ReaR, so I inserted my /etc/rear/local.conf above)

Stel, je bent uit ’68 @geenstijl

Je hebt een normale baan, en je vervoermiddel is toevallig een Mercedes … (/me)
Dan ben je volgens GeenStijl / reaguurder:

image

image

🙂

Intel outside :-) (drone video)

My icy Trachycarpus Fortunei :-)

After being ill for over a week I was out of the house last afternoon to inspect my Trachycarpus Fortunei palm tree, which had to endure snow, ice, and freezing rain lately.

The result of all that harsh weather is somewhat awkward ..

image

image

image

image

image

image

image

Pretty cool, and it will survive 🙂

Half of #debian died.

Hey Ian,

You shouldn’t have done this. Barriers are never too high.
But since this happened, there is no way back. I will never know your reasons.
The only thing left for me to do is to keep using Debian, and think about you every time I login.

Thanks for everything you brought to the world. Debian, open source, and you, in my memories for ever.

Your name will always be there, in deb-ian.

RIP.
You ruled man, we will miss you very bad.

image

HOWTO: Fix LOCALE errors in Debian

I am installing Debian a lot, and with every fresh install comes this:

perl: warning: Falling back to the standard locale ("C").
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory

Someone should fix that 🙂

Anyway:

sudo nano /etc/environment

and add the following:

LC_ALL="en_US.utf8"

Or any locale you wan to use. Reboot, and all is fine again.

HOWTO: #Ispconfig3 #Postfix #Greylisting

No-to-Spam
Just a little manual 🙂
Assuming that you have Ispconfig3 with postfix installed, it’s very easy to get rid of spam that passes your filters, despite the fact that Ispconfig has a anti-spam engine onboard.

I am on Debian 8 (Jessie) b.t.w.

– Login as root and

apt-get update && apt-get install postgrey

***
#Optional:
Postgrey add’s a delay on your maildelivery, but only for hosts that are new to your server. The default is 300 seconds, but you can safely shorten that to 60 or less because the spamming server might never retry because it won’t get a the greylist command 🙂
Please note that the number “10023” is the port on which postrey runs, it may differ on your installation. Keep that number in mind because you need it in a minute.

nano /etc/default/postgrey

add –delay=60 to this line: POSTGREY_OPTS=”–inet=127.0.0.1:10023″ It will look like this: POSTGREY_OPTS=”–inet=127.0.0.1:10023 –delay=60″

service postgrey start

***

nano /etc/postfix/main.cf

and add check_policy_service inet:127.0.0.1:10023 to the smtpd_recipient_restrictions.
Mine looks like this:
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf,check_policy_service inet:127.0.0.1:10023

postfix reload

Done

You might want to see it working, you can do so by issuing the following command:

tail -f /var/log/mail.log | grep greylist

Output looks like this:

root@server /var/log # tail -f mail.log | grep greylist
Dec 21 12:30:31 server postgrey[27672]: action=greylist, reason=new, client_name=unknown, client_address=122.191.145.8, recipient=[redacted]

Enjoy, spam is something from the past.