Browse Source

OKOK.

master
Your Name 5 years ago
parent
commit
276427fe6a
28 changed files with 1968 additions and 0 deletions
  1. BIN
      2018/Running_Conduit/Conduit_Tips.pdf
  2. +3
    -0
      2018/Running_Conduit/docs/2.aux
  3. +71
    -0
      2018/Running_Conduit/docs/2.log
  4. BIN
      2018/Running_Conduit/docs/2.pdf
  5. +5
    -0
      2018/Running_Conduit/docs/2.tex
  6. +3
    -0
      2018/Running_Conduit/docs/3.aux
  7. +71
    -0
      2018/Running_Conduit/docs/3.log
  8. BIN
      2018/Running_Conduit/docs/3.pdf
  9. +77
    -0
      2018/Running_Conduit/docs/3.tex
  10. +76
    -0
      2018/Running_Conduit/docs/3.tex~
  11. BIN
      2018/Running_Conduit/pics/DSCN1682.JPG
  12. BIN
      2018/Winmail_Dat_Error_Exchange/Winmaildat_Email_Error_Resolution2.pdf
  13. +203
    -0
      2019/Devuan_Preseed_Automated_install/docs/preseed.cfg
  14. +4
    -0
      2019/Fail2Ban_Primer/docs/1.aux
  15. +181
    -0
      2019/Fail2Ban_Primer/docs/1.log
  16. BIN
      2019/Fail2Ban_Primer/docs/1.pdf
  17. +163
    -0
      2019/Fail2Ban_Primer/docs/1.tex
  18. +38
    -0
      2019/Fail2Ban_Primer/docs/1.tex~
  19. +4
    -0
      2019/Fail2Ban_Primer/docs/2.aux
  20. +189
    -0
      2019/Fail2Ban_Primer/docs/2.log
  21. BIN
      2019/Fail2Ban_Primer/docs/2.pdf
  22. +169
    -0
      2019/Fail2Ban_Primer/docs/2.tex
  23. +163
    -0
      2019/Fail2Ban_Primer/docs/2.tex~
  24. +6
    -0
      2019/Fail2Ban_Primer/docs/3.aux
  25. +195
    -0
      2019/Fail2Ban_Primer/docs/3.log
  26. BIN
      2019/Fail2Ban_Primer/docs/3.pdf
  27. +178
    -0
      2019/Fail2Ban_Primer/docs/3.tex
  28. +169
    -0
      2019/Fail2Ban_Primer/docs/3.tex~

BIN
2018/Running_Conduit/Conduit_Tips.pdf View File


+ 3
- 0
2018/Running_Conduit/docs/2.aux View File

@ -0,0 +1,3 @@
\relax
\@writefile{toc}{\contentsline {section}{\numberline {1}Overview}{1}}
\@writefile{toc}{\contentsline {section}{\numberline {2}Conduit}{1}}

+ 71
- 0
2018/Running_Conduit/docs/2.log View File

@ -0,0 +1,71 @@
This is pdfTeX, Version 3.14159265-2.6-1.40.15 (TeX Live 2015/dev/Debian) (preloaded format=pdflatex 2018.11.28) 9 MAY 2019 22:05
entering extended mode
restricted \write18 enabled.
%&-line parsing enabled.
**/home/layoutdev/Desktop/code/documentation_general/IT_Articles/2018/Running_C
onduit/docs/2.tex
(/home/layoutdev/Desktop/code/documentation_general/IT_Articles/2018/Running_Co
nduit/docs/2.tex
LaTeX2e <2014/05/01>
Babel <3.9l> and hyphenation patterns for 2 languages loaded.
(/usr/share/texlive/texmf-dist/tex/latex/base/article.cls
Document Class: article 2014/09/29 v1.4h Standard LaTeX document class
(/usr/share/texlive/texmf-dist/tex/latex/base/size11.clo
File: size11.clo 2014/09/29 v1.4h Standard LaTeX file (size option)
)
\c@part=\count79
\c@section=\count80
\c@subsection=\count81
\c@subsubsection=\count82
\c@paragraph=\count83
\c@subparagraph=\count84
\c@figure=\count85
\c@table=\count86
\abovecaptionskip=\skip41
\belowcaptionskip=\skip42
\bibindent=\dimen102
) (./2.aux)
\openout1 = `2.aux'.
LaTeX Font Info: Checking defaults for OML/cmm/m/it on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for T1/cmr/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for OT1/cmr/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for OMS/cmsy/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for OMX/cmex/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for U/cmr/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <12> on input line 8.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <8> on input line 8.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <6> on input line 8.
[1
{/var/lib/texmf/fonts/map/pdftex/updmap/pdftex.map}] [2] [3] (./2.aux) )
Here is how much of TeX's memory you used:
232 strings out of 495020
2707 string characters out of 6181323
49970 words of memory out of 5000000
3521 multiletter control sequences out of 15000+600000
8195 words of font info for 29 fonts, out of 8000000 for 9000
14 hyphenation exceptions out of 8191
21i,6n,19p,751b,187s stack positions out of 5000i,500n,10000p,200000b,80000s
</usr/s
hare/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmbx10.pfb></usr/share/t
exlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmbx12.pfb></usr/share/texlive
/texmf-dist/fonts/type1/public/amsfonts/cm/cmr10.pfb></usr/share/texlive/texmf-
dist/fonts/type1/public/amsfonts/cm/cmr12.pfb>
Output written on 2.pdf (3 pages, 62866 bytes).
PDF statistics:
30 PDF objects out of 1000 (max. 8388607)
20 compressed objects within 1 object stream
0 named destinations out of 1000 (max. 500000)
1 words of extra memory for PDF output out of 10000 (max. 10000000)

BIN
2018/Running_Conduit/docs/2.pdf View File


+ 5
- 0
2018/Running_Conduit/docs/2.tex View File

@ -68,4 +68,9 @@ Bendable or Bendy conduit is sized one size bigger than it's listed. So if you b
They sell grease, but its a mess, and I wouldn't use it. Not only will it get all inside the pipe, but all over your hands as you pull the wire through. You shouldn't run new wires through existing conduit. One of the problems is that you might wrap the ethernet cable in electrical tape, but tape is rubber, and sticks to the metal. What you want is some kind of slidy, metal surface that doesn't stick to metal on the front of the ethernet cable. They sell grease, but its a mess, and I wouldn't use it. Not only will it get all inside the pipe, but all over your hands as you pull the wire through. You shouldn't run new wires through existing conduit. One of the problems is that you might wrap the ethernet cable in electrical tape, but tape is rubber, and sticks to the metal. What you want is some kind of slidy, metal surface that doesn't stick to metal on the front of the ethernet cable.
\vspace{0.2in}
\LARGE \textbf{Fish Tape and Small Conduit} \normalsize
\vspace{0.2in}
There is a little piece of plastic on my fish tape at the end. When running through existing small conduit, that tape is a problem, as it hits wires, and couplers, catching. Solution: Remove the plastic piece. However, there are times when you want something plastic at the end of the fish tape. I.e. when you are running fish tape through the bendable conduit. In that case, put some electrical tape at the end of the conduit. This little trick can be the difference between barely fishing, and not getting through the pipe.
\end{document} \end{document}

+ 3
- 0
2018/Running_Conduit/docs/3.aux View File

@ -0,0 +1,3 @@
\relax
\@writefile{toc}{\contentsline {section}{\numberline {1}Overview}{1}}
\@writefile{toc}{\contentsline {section}{\numberline {2}Conduit}{1}}

+ 71
- 0
2018/Running_Conduit/docs/3.log View File

@ -0,0 +1,71 @@
This is pdfTeX, Version 3.14159265-2.6-1.40.15 (TeX Live 2015/dev/Debian) (preloaded format=pdflatex 2018.11.28) 9 MAY 2019 22:06
entering extended mode
restricted \write18 enabled.
%&-line parsing enabled.
**/home/layoutdev/Desktop/code/documentation_general/IT_Articles/2018/Running_C
onduit/docs/3.tex
(/home/layoutdev/Desktop/code/documentation_general/IT_Articles/2018/Running_Co
nduit/docs/3.tex
LaTeX2e <2014/05/01>
Babel <3.9l> and hyphenation patterns for 2 languages loaded.
(/usr/share/texlive/texmf-dist/tex/latex/base/article.cls
Document Class: article 2014/09/29 v1.4h Standard LaTeX document class
(/usr/share/texlive/texmf-dist/tex/latex/base/size11.clo
File: size11.clo 2014/09/29 v1.4h Standard LaTeX file (size option)
)
\c@part=\count79
\c@section=\count80
\c@subsection=\count81
\c@subsubsection=\count82
\c@paragraph=\count83
\c@subparagraph=\count84
\c@figure=\count85
\c@table=\count86
\abovecaptionskip=\skip41
\belowcaptionskip=\skip42
\bibindent=\dimen102
) (./3.aux)
\openout1 = `3.aux'.
LaTeX Font Info: Checking defaults for OML/cmm/m/it on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for T1/cmr/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for OT1/cmr/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for OMS/cmsy/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for OMX/cmex/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for U/cmr/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <12> on input line 8.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <8> on input line 8.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <6> on input line 8.
[1
{/var/lib/texmf/fonts/map/pdftex/updmap/pdftex.map}] [2] [3] (./3.aux) )
Here is how much of TeX's memory you used:
232 strings out of 495020
2707 string characters out of 6181323
49970 words of memory out of 5000000
3521 multiletter control sequences out of 15000+600000
8195 words of font info for 29 fonts, out of 8000000 for 9000
14 hyphenation exceptions out of 8191
21i,6n,19p,923b,187s stack positions out of 5000i,500n,10000p,200000b,80000s
</usr/s
hare/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmbx10.pfb></usr/share/t
exlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmbx12.pfb></usr/share/texlive
/texmf-dist/fonts/type1/public/amsfonts/cm/cmr10.pfb></usr/share/texlive/texmf-
dist/fonts/type1/public/amsfonts/cm/cmr12.pfb>
Output written on 3.pdf (3 pages, 62863 bytes).
PDF statistics:
30 PDF objects out of 1000 (max. 8388607)
20 compressed objects within 1 object stream
0 named destinations out of 1000 (max. 500000)
1 words of extra memory for PDF output out of 10000 (max. 10000000)

BIN
2018/Running_Conduit/docs/3.pdf View File


+ 77
- 0
2018/Running_Conduit/docs/3.tex View File

@ -0,0 +1,77 @@
\documentclass[11pt]{article}
%Gummi|065|=)
\title{\textbf{Running Conduit - Tips}}
\author{Steak Electronics}
\date{}
\begin{document}
\maketitle
\section{Overview}
I recently took up running conduit for cable runs at the office. This is used for ethernet runs: CCTV, IoT, or general LANs. Here's what I learned early on.
\section{Conduit}
Here's general tips on Conduit:
\textbf{Where conduit is hard:} Adding cabling to existing conduit, doing unusual bends, using thicker pipes (harder to bend)
\textbf{Where conduit is easy:} The opposite: Cabling as you put up the conduit, doing only straight runs, 90 degree bends, and offset bends, and using 1/2" conduit.
\vspace{0.2in}
\LARGE \textbf{Types of Pipe} \normalsize
\vspace{0.2in}
There are different kinds of conduit, based on the size of the pipe. The price increases with size.
\vspace{0.2in}
1/2" pipe is good for one or two ethernet runs.
3/4" pipe is good for 3 ethernet cables.
1" pipe can run say, 6 ethernet cables.
\vspace{0.2in}
Now, you can get away with more, but it's best to underspec, so you have room in case of future expansion. However, it's recommended to not add additional cables to the conduit afterwards, and instead use ethernet switches.
\vspace{0.2in}
\LARGE \textbf{How to Fish Conduit} \normalsize
\vspace{0.2in}
Ethernet cable should be led through conduit with steel fish tape. You can't use nylon string on existing conduit, unless you are going through small sections of straight conduit - fishing the string as you put up the conduit (new installs). For existing installs, or if you already put up some conduit and just need to get the wire through, use steel fish tape. The steel, allows you to pull AND push the ethernet cable, should it get stuck. However, let me say this: \textbf{fish the cable through each piece of conduit you put up as you go}. It's faster, and easier. This also means that future expansion is not nearly as practical.
\vspace{0.2in}
\LARGE \textbf{Couplers} \normalsize
\vspace{0.2in}
The ideal coupler has the pipes inside sitting flush against each other, but some couplers have a notch in the middle between them. Those aren't as good, as the notch is a gap where ethernet cable will catch when pulling through. Not an issue if you cable as you go, but a problem for running cable through existing conduit.
\vspace{0.2in}
\LARGE \textbf{Boxes} \normalsize
\vspace{0.2in}
Use the deeper, larger electrical boxes. They usually come in a few sizes. The additional space, makes everything easier. Use frequent boxes if you plan to expand more cables later, so you can access everything inside. Use boxes where you will have an ethernet switch or outlet, or need to branch out...
\vspace{0.2in}
\LARGE \textbf{Bendy Conduit} \normalsize
\vspace{0.2in}
Bendable or Bendy conduit is sized one size bigger than it's listed. So if you buy 3/4" conduit, you get a 1" size bendable pipe, with 1/4" the bendy part. This means you must size boxes accordingly. Supposedly, you must buy the specific bendy conduit connectors, but you can fit a 3/4" bendy conduit, in a 1" hole in an electrical box in a pinch. You can also use a coupler (for standard pipe) sized one size bigger, in a pinch. Not as professional looking, but it works.
\vspace{0.2in}
\LARGE \textbf{Grease} \normalsize
\vspace{0.2in}
They sell grease, but its a mess, and I wouldn't use it. Not only will it get all inside the pipe, but all over your hands as you pull the wire through. You shouldn't run new wires through existing conduit. One of the problems is that you might wrap the ethernet cable in electrical tape, but tape is rubber, and sticks to the metal. What you want is some kind of slidy, metal surface that doesn't stick to metal on the front of the ethernet cable.
\vspace{0.2in}
\LARGE \textbf{Fish Tape and Plastic Ends} \normalsize
\vspace{0.2in}
There is a little piece of plastic on my fish tape at the end. When running through existing small conduit, that plastic is a problem, as it hits wires, and couplers, catching. Solution: Remove the plastic piece. However, there are times when you want something plastic at the end of the metal fish tape. I.e. when you are running fish tape through the bendable conduit. In that case, put some electrical tape at the end of the conduit. This little trick can be the difference between barely fishing, and not getting through the pipe. The idea is, it's removable depending on your need. This is primarily for fishing through existing conduit. Again, you can't use nylon string to pull wire through conduit, you need metal fish tape. That is because metal fish tape can be pushed back and forth, but nylon string can only pull.
\end{document}

+ 76
- 0
2018/Running_Conduit/docs/3.tex~ View File

@ -0,0 +1,76 @@
\documentclass[11pt]{article}
%Gummi|065|=)
\title{\textbf{Running Conduit - Tips}}
\author{Steak Electronics}
\date{}
\begin{document}
\maketitle
\section{Overview}
I recently took up running conduit for cable runs at the office. This is used for ethernet runs: CCTV, IoT, or general LANs. Here's what I learned early on.
\section{Conduit}
Here's general tips on Conduit:
\textbf{Where conduit is hard:} Adding cabling to existing conduit, doing unusual bends, using thicker pipes (harder to bend)
\textbf{Where conduit is easy:} The opposite: Cabling as you put up the conduit, doing only straight runs, 90 degree bends, and offset bends, and using 1/2" conduit.
\vspace{0.2in}
\LARGE \textbf{Types of Pipe} \normalsize
\vspace{0.2in}
There are different kinds of conduit, based on the size of the pipe. The price increases with size.
\vspace{0.2in}
1/2" pipe is good for one or two ethernet runs.
3/4" pipe is good for 3 ethernet cables.
1" pipe can run say, 6 ethernet cables.
\vspace{0.2in}
Now, you can get away with more, but it's best to underspec, so you have room in case of future expansion. However, it's recommended to not add additional cables to the conduit afterwards, and instead use ethernet switches.
\vspace{0.2in}
\LARGE \textbf{How to Fish Conduit} \normalsize
\vspace{0.2in}
Ethernet cable should be led through conduit with steel fish tape. You can't use nylon string on existing conduit, unless you are going through small sections of straight conduit - fishing the string as you put up the conduit (new installs). For existing installs, or if you already put up some conduit and just need to get the wire through, use steel fish tape. The steel, allows you to pull AND push the ethernet cable, should it get stuck. However, let me say this: \textbf{fish the cable through each piece of conduit you put up as you go}. It's faster, and easier. This also means that future expansion is not nearly as practical.
\vspace{0.2in}
\LARGE \textbf{Couplers} \normalsize
\vspace{0.2in}
The ideal coupler has the pipes inside sitting flush against each other, but some couplers have a notch in the middle between them. Those aren't as good, as the notch is a gap where ethernet cable will catch when pulling through. Not an issue if you cable as you go, but a problem for running cable through existing conduit.
\vspace{0.2in}
\LARGE \textbf{Boxes} \normalsize
\vspace{0.2in}
Use the deeper, larger electrical boxes. They usually come in a few sizes. The additional space, makes everything easier. Use frequent boxes if you plan to expand more cables later, so you can access everything inside. Use boxes where you will have an ethernet switch or outlet, or need to branch out...
\vspace{0.2in}
\LARGE \textbf{Bendy Conduit} \normalsize
\vspace{0.2in}
Bendable or Bendy conduit is sized one size bigger than it's listed. So if you buy 3/4" conduit, you get a 1" size bendable pipe, with 1/4" the bendy part. This means you must size boxes accordingly. Supposedly, you must buy the specific bendy conduit connectors, but you can fit a 3/4" bendy conduit, in a 1" hole in an electrical box in a pinch. You can also use a coupler (for standard pipe) sized one size bigger, in a pinch. Not as professional looking, but it works.
\vspace{0.2in}
\LARGE \textbf{Grease} \normalsize
\vspace{0.2in}
They sell grease, but its a mess, and I wouldn't use it. Not only will it get all inside the pipe, but all over your hands as you pull the wire through. You shouldn't run new wires through existing conduit. One of the problems is that you might wrap the ethernet cable in electrical tape, but tape is rubber, and sticks to the metal. What you want is some kind of slidy, metal surface that doesn't stick to metal on the front of the ethernet cable.
\vspace{0.2in}
\LARGE \textbf{Fish Tape and Small Conduit} \normalsize
\vspace{0.2in}
There is a little piece of plastic on my fish tape at the end. When running through existing small conduit, that tape is a problem, as it hits wires, and couplers, catching. Solution: Remove the plastic piece. However, there are times when you want something plastic at the end of the fish tape. I.e. when you are running fish tape through the bendable conduit. In that case, put some electrical tape at the end of the conduit. This little trick can be the difference between barely fishing, and not getting through the pipe.
\end{document}

BIN
2018/Running_Conduit/pics/DSCN1682.JPG View File

Before After
Width: 800  |  Height: 600  |  Size: 107 KiB

BIN
2018/Winmail_Dat_Error_Exchange/Winmaildat_Email_Error_Resolution2.pdf View File


+ 203
- 0
2019/Devuan_Preseed_Automated_install/docs/preseed.cfg View File

@ -0,0 +1,203 @@
#_preseed_V0.5
# NOTE: this has a pause at the partitioning stage for safety (don't want to erase hdds)
# This is for i386 kernel
# to use, upload to a paste text site somewhere, and point automated install here.
# 1. Choose language
# ==================
d-i debian-installer/language string en
d-i debian-installer/country string US
d-i localechooser/supported-locales multiselect en_US.UTF-8, en_DK.UTF-8
d-i debian-installer/locale select en_US.UTF-8
# 2. Configure the keyboard
# =========================
d-i keyboard-configuration/xkb-keymap select us
# 3. Detect and mount CD-ROM
# ==========================
d-i cdrom-detect/load_media boolean true
# 4. Load installer components from CD
# 5. Detect network hardware
#
d-i hw-detect/load_media boolean false
d-i hw-detect/load_firmware boolean false
# 6. Configure the network
# ========================
# Auto-configure networking?
d-i netcfg/use_autoconfig boolean true
# Waiting time (in seconds) for link detection:
d-i netcfg/link_wait_timeout string 10
d-i netcfg/dhcp_timeout string 60
d-i netcfg/dhcpv6_timeout string 60
d-i netcfg/choose_interface select auto
# Hostname:
d-i netcfg/get_hostname string devuan_host
d-i netcfg/hostname devuan_host
# Domain name:
d-i netcfg/get_domain string local
#
d-i netcfg/wireless_wep string
# 7. Setup users and passwords
# ============================
# Enable shadow passwords?
d-i passwd/shadow boolean true
# Allow login as root?
d-i passwd/root-login boolean true
# Root password:
d-i passwd/root-password password defpass123
# Create a normal account now?
d-i passwd/make-user boolean false
# 8. Configure the clock
# ======================
# Set the clock using NTP?
d-i clock-setup/ntp boolean true
# NTP server to use:
d-i clock-setup/ntp-server string pool.ntp.org
# Select your timezone:
d-i time/zone string America/New_York
# 9. Detect disks
# 10. Partition disks
# ===================
d-i partman-auto/disk string /dev/sda
d-i partman-auto/method string regular
# You can choose one of the three predefined partitioning recipes:
# - atomic: all files in one partition
# - home: separate /home partition
# - multi: separate /home, /usr, /var, and /tmp partitions
d-i partman-auto/choose_recipe select atomic
#NOTE: it may warn you before partitioning. This is a safety check and can be omitted if desired.
# 11. Install the base system
# ===========================
#NOTE: i386 here##################################################
# Kernel to install:
d-i base-installer/kernel/image string linux-image-i386
# Drivers to include in the initrd:
#
d-i base-installer/install-recommends boolean true
# 12. Configure the package manager
# =================================
# Use a network mirror?
d-i apt-setup/use_mirror boolean true
# Protocol for file downloads:
d-i mirror/protocol string http
# Devuan archive mirror country:
d-i mirror/country string manual
# Devuan archive mirror:
d-i mirror/http/hostname string deb.devuan.org
# HTTP proxy information (blank for none):
d-i mirror/http/proxy string
#
d-i mirror/http/directory string /merged/
d-i mirror/suite string ascii
# Use non-free software?
d-i apt-setup/non-free boolean false
# Enable source repositories in APT?
d-i apt-setup/enable-source-repositories boolean false
# Services to use:
d-i apt-setup/services-select multiselect security updates, release updates, backported software
#
d-i apt-setup/contrib boolean false
d-i apt-setup/disable-cdrom-entries boolean true
# 13. Select and install software
# ===============================
# Participate in the package usage survey?
popularity-contest popularity-contest/participate boolean false
# Choose software to install:
tasksel tasksel/first multiselect standard, ssh-server
#
d-i pkgsel/include string openssh-server build-essential sudo screen
d-i pkgsel/upgrade select none
# 14. Install the GRUB boot loader on a hard disk
# ===============================================
# Install the GRUB boot loader to the master boot record?
d-i grub-installer/with_other_os boolean true
#
d-i grub-installer/only_debian boolean true
d-i grub-installer/grub2_instead_of_grub_legacy boolean true
# Device for boot loader installation:
d-i grub-installer/bootdev string /dev/sda
d-i grub-installer/choose_bootdev select /dev/sda
# Force GRUB installation to the EFI removable media path?
grub-installer grub-installer/force-efi-extra-removable boolean false
# 15. Finish the installation
# ===========================
# Is the system clock set to UTC?
d-i clock-setup/utc boolean true
#
d-i finish-install/reboot_in_progress note
d-i cdrom-detect/eject boolean true

+ 4
- 0
2019/Fail2Ban_Primer/docs/1.aux View File

@ -0,0 +1,4 @@
\relax
\@writefile{toc}{\contentsline {section}{\numberline {1}Overview}{1}}
\@writefile{toc}{\contentsline {section}{\numberline {2}Instructions for Setup}{1}}
\@writefile{toc}{\contentsline {subsection}{\numberline {2.1}Configuration in Gentoo}{2}}

+ 181
- 0
2019/Fail2Ban_Primer/docs/1.log View File

@ -0,0 +1,181 @@
This is pdfTeX, Version 3.14159265-2.6-1.40.15 (TeX Live 2015/dev/Debian) (preloaded format=pdflatex 2018.11.28) 13 MAY 2019 23:49
entering extended mode
restricted \write18 enabled.
%&-line parsing enabled.
**/home/layoutdev/Desktop/code/documentation_general/IT_Articles/2019/Fail2Ban_
Primer/docs/1.tex
(/home/layoutdev/Desktop/code/documentation_general/IT_Articles/2019/Fail2Ban_P
rimer/docs/1.tex
LaTeX2e <2014/05/01>
Babel <3.9l> and hyphenation patterns for 2 languages loaded.
(/usr/share/texlive/texmf-dist/tex/latex/base/article.cls
Document Class: article 2014/09/29 v1.4h Standard LaTeX document class
(/usr/share/texlive/texmf-dist/tex/latex/base/size11.clo
File: size11.clo 2014/09/29 v1.4h Standard LaTeX file (size option)
)
\c@part=\count79
\c@section=\count80
\c@subsection=\count81
\c@subsubsection=\count82
\c@paragraph=\count83
\c@subparagraph=\count84
\c@figure=\count85
\c@table=\count86
\abovecaptionskip=\skip41
\belowcaptionskip=\skip42
\bibindent=\dimen102
) (./1.aux)
\openout1 = `1.aux'.
LaTeX Font Info: Checking defaults for OML/cmm/m/it on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for T1/cmr/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for OT1/cmr/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for OMS/cmsy/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for OMX/cmex/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for U/cmr/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <12> on input line 8.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <8> on input line 8.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <6> on input line 8.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <10.95> on input line 11.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <9> on input line 11.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <5> on input line 11.
Overfull \hbox (65.4029pt too wide) in paragraph at lines 39--39
[]\OT1/cmtt/m/n/10.95 # this is used in devuan. no other changes are made to ot
her files, except[]
[]
Overfull \hbox (30.91077pt too wide) in paragraph at lines 39--39
[]\OT1/cmtt/m/n/10.95 # that the default ssh filter is disabled in jail.conf if
it enabled[]
[]
Overfull \hbox (59.6542pt too wide) in paragraph at lines 39--39
[]\OT1/cmtt/m/n/10.95 action = iptables-multiport[port="ssh,http,https,22222"
,blocktype=DROP][]
[]
[1
{/var/lib/texmf/fonts/map/pdftex/updmap/pdftex.map}]
Overfull \hbox (111.3924pt too wide) in paragraph at lines 39--39
[]\OT1/cmtt/m/n/10.95 # you could also use the single iptables too, just need t
o specify the right port.[]
[]
Overfull \hbox (209.12009pt too wide) in paragraph at lines 39--39
[]\OT1/cmtt/m/n/10.95 #the blocktype=DROP here, goes to actions.d/iptables-mult
iport.conf, and changes blocktype to drop.[]
[]
[2]
Overfull \hbox (203.3714pt too wide) in paragraph at lines 159--159
[]\OT1/cmtt/m/n/10.95 @version: 3.17 #mandatory since Version 3, specify
the version number of the used syslog-ng[]
[]
Overfull \hbox (7.91602pt too wide) in paragraph at lines 159--159
[] \OT1/cmtt/m/n/10.95 # The default action of syslog-ng is to log a STA
TS line[]
[]
Overfull \hbox (65.4029pt too wide) in paragraph at lines 159--159
[] \OT1/cmtt/m/n/10.95 # to the file every 10 minutes. That's pretty ug
ly after a while.[]
[]
Overfull \hbox (48.15683pt too wide) in paragraph at lines 159--159
[] \OT1/cmtt/m/n/10.95 # Change it to every 12 hours so you get a nice d
aily update of[]
[]
[3]
Overfull \hbox (13.6647pt too wide) in paragraph at lines 159--159
[]\OT1/cmtt/m/n/10.95 # ...if you intend to use /dev/console for programs like
xconsole[]
[]
Overfull \hbox (71.15158pt too wide) in paragraph at lines 159--159
[]\OT1/cmtt/m/n/10.95 # you can comment out the destination line above that ref
erences /dev/tty12[]
[]
Overfull \hbox (2.16733pt too wide) in paragraph at lines 159--159
[]\OT1/cmtt/m/n/10.95 log { source(src); filter(f_authpriv); destination(authlo
g); };[]
[]
[4]
Overfull \hbox (76.90027pt too wide) in paragraph at lines 159--159
[]\OT1/cmtt/m/n/10.95 log { source(src); filter(f_mail); filter(f_info); destin
ation(mailinfo); };[]
[]
Overfull \hbox (76.90027pt too wide) in paragraph at lines 159--159
[]\OT1/cmtt/m/n/10.95 log { source(src); filter(f_mail); filter(f_warn); destin
ation(mailwarn); };[]
[]
Overfull \hbox (65.4029pt too wide) in paragraph at lines 159--159
[]\OT1/cmtt/m/n/10.95 log { source(src); filter(f_mail); filter(f_err); destina
tion(mailerr); };[]
[]
Overfull \hbox (7.91602pt too wide) in paragraph at lines 159--159
[]\OT1/cmtt/m/n/10.95 log { source(src); filter(f_messages); destination(messag
es); };[]
[]
Overfull \hbox (7.91602pt too wide) in paragraph at lines 159--159
[]\OT1/cmtt/m/n/10.95 log { source(src); filter(f_emergency); destination(conso
le); };[]
[]
[5] (./1.aux) )
Here is how much of TeX's memory you used:
245 strings out of 495020
2877 string characters out of 6181323
50970 words of memory out of 5000000
3531 multiletter control sequences out of 15000+600000
9890 words of font info for 35 fonts, out of 8000000 for 9000
14 hyphenation exceptions out of 8191
24i,8n,19p,501b,246s stack positions out of 5000i,500n,10000p,200000b,80000s
</usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cm
bx12.pfb></usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmr10.pf
b></usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmr12.pfb></usr
/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmr6.pfb></usr/share/t
exlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmr8.pfb></usr/share/texlive/t
exmf-dist/fonts/type1/public/amsfonts/cm/cmr9.pfb></usr/share/texlive/texmf-dis
t/fonts/type1/public/amsfonts/cm/cmtt10.pfb>
Output written on 1.pdf (5 pages, 97806 bytes).
PDF statistics:
48 PDF objects out of 1000 (max. 8388607)
33 compressed objects within 1 object stream
0 named destinations out of 1000 (max. 500000)
1 words of extra memory for PDF output out of 10000 (max. 10000000)

BIN
2019/Fail2Ban_Primer/docs/1.pdf View File


+ 163
- 0
2019/Fail2Ban_Primer/docs/1.tex View File

@ -0,0 +1,163 @@
\documentclass[11pt]{article}
%Gummi|065|=)
\title{\textbf{Fail2ban Primer}}
\author{Steak Electronics}
\date{05/12/19}
\begin{document}
\maketitle
\section{Overview}
Fail2Ban is a program, a spiritual successor to denyhosts\footnote{denyhosts was used for ssh, but eventually was abandoned. It was quite a bit simpler to configure than fail2ban, and this was its strength, but it is also more limited, and has vulnerabilities.}, which is used to block ip addresses that try to break into your internet server.
\section{Instructions for Setup}
Quick setup for Devuan / Debian 9:
First install fail2ban using apt-get.
Second, navigate to /etc/fail2ban/jail.d/
Add the following to a sshd.conf file (or name it anything you like)
\begin{verbatim}
# this is used in devuan. no other changes are made to other files, except
# that the default ssh filter is disabled in jail.conf if it enabled
[sshd]
ignoreip = 127.0.0.1/8
#banaction = iptables
action = iptables-multiport[port="ssh,http,https,22222",blocktype=DROP]
maxretry = 6
enabled = true
filter = sshd
logpath = /var/log/auth.log
bantime = 360000
findtime = 3600
# note that here, the action and its ports are set on INPUT
# so its a rule to block INPUT on ssh, http, https, and 22222
# make sure ports are right.
# you could also use the single iptables too, just need to specify the right port.
#the blocktype=DROP here, goes to actions.d/iptables-multiport.conf, and changes blocktype to drop.
\end{verbatim}
Now, a few notes on this file.
\vspace{0.2in}
First, action can be iptables, but we are using iptables-multiport, as we want to block multiple ports.
\vspace{0.2in}
Second, logpath, should point to your ssh log. In devuan ascii / debian stretch (9) it should be /var/log/auth.log. Other distributions may vary.
\vspace{0.2in}
Third, be careful of different ssh ports. I routinely change ssh ports to be a non standard port, which although it's somewhat pointless, it still seems to block random ssh port scans for port 22. If you use a different port, you must specify it in iptables-multiport above. A potential trap is to use a nonstandard port, then wonder why fail2ban blocks port 22, but your ssh is on port 123 or something.
\vspace{0.2in}
Fourth, the default action in iptables-multiport is to REJECT packets. However, I have changed it to DROP (blocktype=DROP). For those not familiar with the difference between REJECT and DROP, from my understanding, it boils down to that REJECT will alert the outside host that the post is unreachable, while drop simply drops the connection, leaving the other host to figure it out on their own.
As I consider the offending ip addresses to be attackers, I have set it to DROP. If they try to break into the server, then block all ports from them, and don't tell them anything. The DROP timeout is more work on their end. With REJECT, my server actually responds to them.
On fail2ban issues git tracker, there is some discussion about this, and it is not really definitive. It ends up being that, REJECT is default, and if you want you can change it to DROP. As I have.
\subsection{Configuration in Gentoo}
This guide will only cover those working with syslog-ng in Gentoo. You can add a config to syslog-ng to get auth.log to appear in Gentoo.
\footnote{https://wiki.gentoo.org/wiki/Security\_Handbook/Logging\#Syslog-ng}
\begin{verbatim}
/etc/syslog-ng/syslog-ng.confSyslog-ng
@version: 3.17 #mandatory since Version 3, specify the version number of the used syslog-ng
options {
chain_hostnames(no);
# The default action of syslog-ng is to log a STATS line
# to the file every 10 minutes. That's pretty ugly after a while.
# Change it to every 12 hours so you get a nice daily update of
# how many messages syslog-ng missed (0).
stats_freq(43200);
};
source src {
unix-stream("/dev/log" max-connections(256));
internal();
};
source kernsrc { file("/proc/kmsg"); };
# define destinations
destination authlog { file("/var/log/auth.log"); };
destination syslog { file("/var/log/syslog"); };
destination cron { file("/var/log/cron.log"); };
destination daemon { file("/var/log/daemon.log"); };
destination kern { file("/var/log/kern.log"); };
destination lpr { file("/var/log/lpr.log"); };
destination user { file("/var/log/user.log"); };
destination mail { file("/var/log/mail.log"); };
destination mailinfo { file("/var/log/mail.info"); };
destination mailwarn { file("/var/log/mail.warn"); };
destination mailerr { file("/var/log/mail.err"); };
destination newscrit { file("/var/log/news/news.crit"); };
destination newserr { file("/var/log/news/news.err"); };
destination newsnotice { file("/var/log/news/news.notice"); };
destination debug { file("/var/log/debug"); };
destination messages { file("/var/log/messages"); };
destination console { usertty("root"); };
# By default messages are logged to tty12...
destination console_all { file("/dev/tty12"); };
# ...if you intend to use /dev/console for programs like xconsole
# you can comment out the destination line above that references /dev/tty12
# and uncomment the line below.
#destination console_all { file("/dev/console"); };
# create filters
filter f_authpriv { facility(auth, authpriv); };
filter f_syslog { not facility(authpriv, mail); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kern { facility(kern); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_user { facility(user); };
filter f_debug { not facility(auth, authpriv, news, mail); };
filter f_messages { level(info..warn)
and not facility(auth, authpriv, mail, news); };
filter f_emergency { level(emerg); };
filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_crit { level(crit); };
filter f_err { level(err); };
filter f_failed { message("failed"); };
filter f_denied { message("denied"); };
# connect filter and destination
log { source(src); filter(f_authpriv); destination(authlog); };
log { source(src); filter(f_syslog); destination(syslog); };
log { source(src); filter(f_cron); destination(cron); };
log { source(src); filter(f_daemon); destination(daemon); };
log { source(kernsrc); filter(f_kern); destination(kern); };
log { source(src); filter(f_lpr); destination(lpr); };
log { source(src); filter(f_mail); destination(mail); };
log { source(src); filter(f_user); destination(user); };
log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); };
log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); };
log { source(src); filter(f_mail); filter(f_err); destination(mailerr); };
log { source(src); filter(f_debug); destination(debug); };
log { source(src); filter(f_messages); destination(messages); };
log { source(src); filter(f_emergency); destination(console); };
# default log
log { source(src); destination(console_all); };
\end{verbatim}
\end{document}

+ 38
- 0
2019/Fail2Ban_Primer/docs/1.tex~ View File

@ -0,0 +1,38 @@
\documentclass[11pt]{article}
%Gummi|065|=)
\title{\textbf{Computer Switch Board}}
\author{Steak Electronics}
\date{03/17/19}
\begin{document}
\maketitle
\section{Requirements}
\begin{itemize}
\item large pcb board
\item fused power input - EDIT: instead I will have a case around the nano, 3d printed, and have the case connect into the pcb, i.e. cutouts for the case in the pcb, and clips on case. the rest of the pcb will be fused somewhere, after the nano. but nano powers it.
\item arduino nano
\item switch to activate things
\item rotary to change number
\item 7 digit display to list number, and shift register, resistors
\item explanation of what numbers do on board
\item 3d printed cover over nano
\end{itemize}
\section{build notes}
The 7 segment symbols are abstracted in kicad. Job security for engineers.
The example gave a common Vcc, with all pins being connected to GND, and sinked when on.
The data sheet of the 7seg, omits the schematic. but does show that it is common anode, or common vcc. Pin 3 is left out, but that is VCC.
\end{document}

+ 4
- 0
2019/Fail2Ban_Primer/docs/2.aux View File

@ -0,0 +1,4 @@
\relax
\@writefile{toc}{\contentsline {section}{\numberline {1}Overview}{1}}
\@writefile{toc}{\contentsline {section}{\numberline {2}Instructions for Setup}{1}}
\@writefile{toc}{\contentsline {subsection}{\numberline {2.1}Configuration in Gentoo}{3}}

+ 189
- 0
2019/Fail2Ban_Primer/docs/2.log View File

@ -0,0 +1,189 @@
This is pdfTeX, Version 3.14159265-2.6-1.40.15 (TeX Live 2015/dev/Debian) (preloaded format=pdflatex 2018.11.28) 13 MAY 2019 23:54
entering extended mode
restricted \write18 enabled.
%&-line parsing enabled.
**/home/layoutdev/Desktop/code/documentation_general/IT_Articles/2019/Fail2Ban_
Primer/docs/2.tex
(/home/layoutdev/Desktop/code/documentation_general/IT_Articles/2019/Fail2Ban_P
rimer/docs/2.tex
LaTeX2e <2014/05/01>
Babel <3.9l> and hyphenation patterns for 2 languages loaded.
(/usr/share/texlive/texmf-dist/tex/latex/base/article.cls
Document Class: article 2014/09/29 v1.4h Standard LaTeX document class
(/usr/share/texlive/texmf-dist/tex/latex/base/size11.clo
File: size11.clo 2014/09/29 v1.4h Standard LaTeX file (size option)
)
\c@part=\count79
\c@section=\count80
\c@subsection=\count81
\c@subsubsection=\count82
\c@paragraph=\count83
\c@subparagraph=\count84
\c@figure=\count85
\c@table=\count86
\abovecaptionskip=\skip41
\belowcaptionskip=\skip42
\bibindent=\dimen102
) (./2.aux)
\openout1 = `2.aux'.
LaTeX Font Info: Checking defaults for OML/cmm/m/it on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for T1/cmr/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for OT1/cmr/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for OMS/cmsy/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for OMX/cmex/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for U/cmr/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <12> on input line 8.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <8> on input line 8.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <6> on input line 8.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <10.95> on input line 11.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <9> on input line 11.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <5> on input line 11.
LaTeX Font Info: Try loading font information for OMS+cmr on input line 17.
(/usr/share/texlive/texmf-dist/tex/latex/base/omscmr.fd
File: omscmr.fd 2014/09/29 v2.5h Standard LaTeX font definitions
)
LaTeX Font Info: Font shape `OMS/cmr/m/n' in size <10.95> not available
(Font) Font shape `OMS/cmsy/m/n' tried instead on input line 17.
Overfull \hbox (65.4029pt too wide) in paragraph at lines 42--42
[]\OT1/cmtt/m/n/10.95 # this is used in devuan. no other changes are made to ot
her files, except[]
[]
Overfull \hbox (30.91077pt too wide) in paragraph at lines 42--42
[]\OT1/cmtt/m/n/10.95 # that the default ssh filter is disabled in jail.conf if
it enabled[]
[]
Overfull \hbox (59.6542pt too wide) in paragraph at lines 42--42
[]\OT1/cmtt/m/n/10.95 action = iptables-multiport[port="ssh,http,https,22222"
,blocktype=DROP][]
[]
[1
{/var/lib/texmf/fonts/map/pdftex/updmap/pdftex.map}]
Overfull \hbox (111.3924pt too wide) in paragraph at lines 42--42
[]\OT1/cmtt/m/n/10.95 # you could also use the single iptables too, just need t
o specify the right port.[]
[]
Overfull \hbox (209.12009pt too wide) in paragraph at lines 42--42
[]\OT1/cmtt/m/n/10.95 #the blocktype=DROP here, goes to actions.d/iptables-mult
iport.conf, and changes blocktype to drop.[]
[]
[2]
Overfull \hbox (203.3714pt too wide) in paragraph at lines 165--165
[]\OT1/cmtt/m/n/10.95 @version: 3.17 #mandatory since Version 3, specify
the version number of the used syslog-ng[]
[]
Overfull \hbox (7.91602pt too wide) in paragraph at lines 165--165
[] \OT1/cmtt/m/n/10.95 # The default action of syslog-ng is to log a STA
TS line[]
[]
Overfull \hbox (65.4029pt too wide) in paragraph at lines 165--165
[] \OT1/cmtt/m/n/10.95 # to the file every 10 minutes. That's pretty ug
ly after a while.[]
[]
Overfull \hbox (48.15683pt too wide) in paragraph at lines 165--165
[] \OT1/cmtt/m/n/10.95 # Change it to every 12 hours so you get a nice d
aily update of[]
[]
[3]
Overfull \hbox (13.6647pt too wide) in paragraph at lines 165--165
[]\OT1/cmtt/m/n/10.95 # ...if you intend to use /dev/console for programs like
xconsole[]
[]
Overfull \hbox (71.15158pt too wide) in paragraph at lines 165--165
[]\OT1/cmtt/m/n/10.95 # you can comment out the destination line above that ref
erences /dev/tty12[]
[]
[4]
Overfull \hbox (2.16733pt too wide) in paragraph at lines 165--165
[]\OT1/cmtt/m/n/10.95 log { source(src); filter(f_authpriv); destination(authlo
g); };[]
[]
Overfull \hbox (76.90027pt too wide) in paragraph at lines 165--165
[]\OT1/cmtt/m/n/10.95 log { source(src); filter(f_mail); filter(f_info); destin
ation(mailinfo); };[]
[]
Overfull \hbox (76.90027pt too wide) in paragraph at lines 165--165
[]\OT1/cmtt/m/n/10.95 log { source(src); filter(f_mail); filter(f_warn); destin
ation(mailwarn); };[]
[]
Overfull \hbox (65.4029pt too wide) in paragraph at lines 165--165
[]\OT1/cmtt/m/n/10.95 log { source(src); filter(f_mail); filter(f_err); destina
tion(mailerr); };[]
[]
Overfull \hbox (7.91602pt too wide) in paragraph at lines 165--165
[]\OT1/cmtt/m/n/10.95 log { source(src); filter(f_messages); destination(messag
es); };[]
[]
Overfull \hbox (7.91602pt too wide) in paragraph at lines 165--165
[]\OT1/cmtt/m/n/10.95 log { source(src); filter(f_emergency); destination(conso
le); };[]
[]
[5] (./2.aux) )
Here is how much of TeX's memory you used:
263 strings out of 495020
3193 string characters out of 6181323
50970 words of memory out of 5000000
3546 multiletter control sequences out of 15000+600000
9890 words of font info for 35 fonts, out of 8000000 for 9000
14 hyphenation exceptions out of 8191
24i,8n,19p,501b,244s stack positions out of 5000i,500n,10000p,200000b,80000s
</usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cm
bx12.pfb></usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmr10.pf
b></usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmr12.pfb></usr
/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmr6.pfb></usr/share/t
exlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmr8.pfb></usr/share/texlive/t
exmf-dist/fonts/type1/public/amsfonts/cm/cmr9.pfb></usr/share/texlive/texmf-dis
t/fonts/type1/public/amsfonts/cm/cmsy10.pfb></usr/share/texlive/texmf-dist/font
s/type1/public/amsfonts/cm/cmtt10.pfb>
Output written on 2.pdf (5 pages, 106232 bytes).
PDF statistics:
52 PDF objects out of 1000 (max. 8388607)
36 compressed objects within 1 object stream
0 named destinations out of 1000 (max. 500000)
1 words of extra memory for PDF output out of 10000 (max. 10000000)

BIN
2019/Fail2Ban_Primer/docs/2.pdf View File


+ 169
- 0
2019/Fail2Ban_Primer/docs/2.tex View File

@ -0,0 +1,169 @@
\documentclass[11pt]{article}
%Gummi|065|=)
\title{\textbf{Fail2ban Primer}}
\author{Steak Electronics}
\date{05/12/19}
\begin{document}
\maketitle
\section{Overview}
Fail2Ban is a program, a spiritual successor to denyhosts\footnote{denyhosts was used for ssh, but eventually was abandoned. It was quite a bit simpler to configure than fail2ban, and this was its strength, but it is also more limited, and has vulnerabilities.}, which is used to block ip addresses that try to break into your internet server.
\section{Instructions for Setup}
Quick setup for Devuan / Debian 9:
First install fail2ban using apt-get. (apt-get install fail2ban).
Fail2ban is a service that will appear in /etc/init.d/ in Devuan.
So it can be managed with service fail2ban \{start,stop,restart\}.
Second, navigate to /etc/fail2ban/jail.d/
Add the following to a sshd.conf file (or name it anything you like)
\begin{verbatim}
# this is used in devuan. no other changes are made to other files, except
# that the default ssh filter is disabled in jail.conf if it enabled
[sshd]
ignoreip = 127.0.0.1/8
#banaction = iptables
action = iptables-multiport[port="ssh,http,https,22222",blocktype=DROP]
maxretry = 6
enabled = true
filter = sshd
logpath = /var/log/auth.log
bantime = 360000
findtime = 3600
# note that here, the action and its ports are set on INPUT
# so its a rule to block INPUT on ssh, http, https, and 22222
# make sure ports are right.
# you could also use the single iptables too, just need to specify the right port.
#the blocktype=DROP here, goes to actions.d/iptables-multiport.conf, and changes blocktype to drop.
\end{verbatim}
Now, a few notes on this file.
\vspace{0.2in}
First, action can be iptables, but we are using iptables-multiport, as we want to block multiple ports.
\vspace{0.2in}
Second, logpath, should point to your ssh log. In devuan ascii / debian stretch (9) it should be /var/log/auth.log. Other distributions may vary.
\vspace{0.2in}
Third, be careful of different ssh ports. I routinely change ssh ports to be a non standard port, which although it's somewhat pointless, it still seems to block random ssh port scans for port 22. If you use a different port, you must specify it in iptables-multiport above. A potential trap is to use a nonstandard port, then wonder why fail2ban blocks port 22, but your ssh is on port 123 or something.
\vspace{0.2in}
Fourth, the default action in iptables-multiport is to REJECT packets. However, I have changed it to DROP (blocktype=DROP). For those not familiar with the difference between REJECT and DROP, from my understanding, it boils down to that REJECT will alert the outside host that the post is unreachable, while drop simply drops the connection, leaving the other host to figure it out on their own.
As I consider the offending ip addresses to be attackers, I have set it to DROP. If they try to break into the server, then block all ports from them, and don't tell them anything. The DROP timeout is more work on their end. With REJECT, my server actually responds to them.
On fail2ban issues git tracker, there is some discussion about this, and it is not really definitive. It ends up being that, REJECT is default, and if you want you can change it to DROP. As I have.
\vspace{0.2in}
Fifth, review jail.conf, and fail2ban.conf. Usually nothing needs to be changed, but occasionally jail.conf will enable the default sshd jail (which you can disable, and use instead the new one).
\subsection{Configuration in Gentoo}
This guide will only cover those working with syslog-ng in Gentoo. You can add a config to syslog-ng to get auth.log to appear in Gentoo.
\footnote{Reference: https://wiki.gentoo.org/wiki/Security\_Handbook/Logging\#Syslog-ng} Notice in the below config, that a destination has been defined for authlog. You need not copy all the syslog-ng below, only what you need.
\begin{verbatim}
/etc/syslog-ng/syslog-ng.confSyslog-ng
@version: 3.17 #mandatory since Version 3, specify the version number of the used syslog-ng
options {
chain_hostnames(no);
# The default action of syslog-ng is to log a STATS line
# to the file every 10 minutes. That's pretty ugly after a while.
# Change it to every 12 hours so you get a nice daily update of
# how many messages syslog-ng missed (0).
stats_freq(43200);
};
source src {
unix-stream("/dev/log" max-connections(256));
internal();
};
source kernsrc { file("/proc/kmsg"); };
# define destinations
destination authlog { file("/var/log/auth.log"); };
destination syslog { file("/var/log/syslog"); };
destination cron { file("/var/log/cron.log"); };
destination daemon { file("/var/log/daemon.log"); };
destination kern { file("/var/log/kern.log"); };
destination lpr { file("/var/log/lpr.log"); };
destination user { file("/var/log/user.log"); };
destination mail { file("/var/log/mail.log"); };
destination mailinfo { file("/var/log/mail.info"); };
destination mailwarn { file("/var/log/mail.warn"); };
destination mailerr { file("/var/log/mail.err"); };
destination newscrit { file("/var/log/news/news.crit"); };
destination newserr { file("/var/log/news/news.err"); };
destination newsnotice { file("/var/log/news/news.notice"); };
destination debug { file("/var/log/debug"); };
destination messages { file("/var/log/messages"); };
destination console { usertty("root"); };
# By default messages are logged to tty12...
destination console_all { file("/dev/tty12"); };
# ...if you intend to use /dev/console for programs like xconsole
# you can comment out the destination line above that references /dev/tty12
# and uncomment the line below.
#destination console_all { file("/dev/console"); };
# create filters
filter f_authpriv { facility(auth, authpriv); };
filter f_syslog { not facility(authpriv, mail); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kern { facility(kern); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_user { facility(user); };
filter f_debug { not facility(auth, authpriv, news, mail); };
filter f_messages { level(info..warn)
and not facility(auth, authpriv, mail, news); };
filter f_emergency { level(emerg); };
filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_crit { level(crit); };
filter f_err { level(err); };
filter f_failed { message("failed"); };
filter f_denied { message("denied"); };
# connect filter and destination
log { source(src); filter(f_authpriv); destination(authlog); };
log { source(src); filter(f_syslog); destination(syslog); };
log { source(src); filter(f_cron); destination(cron); };
log { source(src); filter(f_daemon); destination(daemon); };
log { source(kernsrc); filter(f_kern); destination(kern); };
log { source(src); filter(f_lpr); destination(lpr); };
log { source(src); filter(f_mail); destination(mail); };
log { source(src); filter(f_user); destination(user); };
log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); };
log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); };
log { source(src); filter(f_mail); filter(f_err); destination(mailerr); };
log { source(src); filter(f_debug); destination(debug); };
log { source(src); filter(f_messages); destination(messages); };
log { source(src); filter(f_emergency); destination(console); };
# default log
log { source(src); destination(console_all); };
\end{verbatim}
\end{document}

+ 163
- 0
2019/Fail2Ban_Primer/docs/2.tex~ View File

@ -0,0 +1,163 @@
\documentclass[11pt]{article}
%Gummi|065|=)
\title{\textbf{Fail2ban Primer}}
\author{Steak Electronics}
\date{05/12/19}
\begin{document}
\maketitle
\section{Overview}
Fail2Ban is a program, a spiritual successor to denyhosts\footnote{denyhosts was used for ssh, but eventually was abandoned. It was quite a bit simpler to configure than fail2ban, and this was its strength, but it is also more limited, and has vulnerabilities.}, which is used to block ip addresses that try to break into your internet server.
\section{Instructions for Setup}
Quick setup for Devuan / Debian 9:
First install fail2ban using apt-get.
Second, navigate to /etc/fail2ban/jail.d/
Add the following to a sshd.conf file (or name it anything you like)
\begin{verbatim}
# this is used in devuan. no other changes are made to other files, except
# that the default ssh filter is disabled in jail.conf if it enabled
[sshd]
ignoreip = 127.0.0.1/8
#banaction = iptables
action = iptables-multiport[port="ssh,http,https,22222",blocktype=DROP]
maxretry = 6
enabled = true
filter = sshd
logpath = /var/log/auth.log
bantime = 360000
findtime = 3600
# note that here, the action and its ports are set on INPUT
# so its a rule to block INPUT on ssh, http, https, and 22222
# make sure ports are right.
# you could also use the single iptables too, just need to specify the right port.
#the blocktype=DROP here, goes to actions.d/iptables-multiport.conf, and changes blocktype to drop.
\end{verbatim}
Now, a few notes on this file.
\vspace{0.2in}
First, action can be iptables, but we are using iptables-multiport, as we want to block multiple ports.
\vspace{0.2in}
Second, logpath, should point to your ssh log. In devuan ascii / debian stretch (9) it should be /var/log/auth.log. Other distributions may vary.
\vspace{0.2in}
Third, be careful of different ssh ports. I routinely change ssh ports to be a non standard port, which although it's somewhat pointless, it still seems to block random ssh port scans for port 22. If you use a different port, you must specify it in iptables-multiport above. A potential trap is to use a nonstandard port, then wonder why fail2ban blocks port 22, but your ssh is on port 123 or something.
\vspace{0.2in}
Fourth, the default action in iptables-multiport is to REJECT packets. However, I have changed it to DROP (blocktype=DROP). For those not familiar with the difference between REJECT and DROP, from my understanding, it boils down to that REJECT will alert the outside host that the post is unreachable, while drop simply drops the connection, leaving the other host to figure it out on their own.
As I consider the offending ip addresses to be attackers, I have set it to DROP. If they try to break into the server, then block all ports from them, and don't tell them anything. The DROP timeout is more work on their end. With REJECT, my server actually responds to them.
On fail2ban issues git tracker, there is some discussion about this, and it is not really definitive. It ends up being that, REJECT is default, and if you want you can change it to DROP. As I have.
\subsection{Configuration in Gentoo}
This guide will only cover those working with syslog-ng in Gentoo. You can add a config to syslog-ng to get auth.log to appear in Gentoo.
\footnote{https://wiki.gentoo.org/wiki/Security\_Handbook/Logging\#Syslog-ng}
\begin{verbatim}
/etc/syslog-ng/syslog-ng.confSyslog-ng
@version: 3.17 #mandatory since Version 3, specify the version number of the used syslog-ng
options {
chain_hostnames(no);
# The default action of syslog-ng is to log a STATS line
# to the file every 10 minutes. That's pretty ugly after a while.
# Change it to every 12 hours so you get a nice daily update of
# how many messages syslog-ng missed (0).
stats_freq(43200);
};
source src {
unix-stream("/dev/log" max-connections(256));
internal();
};
source kernsrc { file("/proc/kmsg"); };
# define destinations
destination authlog { file("/var/log/auth.log"); };
destination syslog { file("/var/log/syslog"); };
destination cron { file("/var/log/cron.log"); };
destination daemon { file("/var/log/daemon.log"); };
destination kern { file("/var/log/kern.log"); };
destination lpr { file("/var/log/lpr.log"); };
destination user { file("/var/log/user.log"); };
destination mail { file("/var/log/mail.log"); };
destination mailinfo { file("/var/log/mail.info"); };
destination mailwarn { file("/var/log/mail.warn"); };
destination mailerr { file("/var/log/mail.err"); };
destination newscrit { file("/var/log/news/news.crit"); };
destination newserr { file("/var/log/news/news.err"); };
destination newsnotice { file("/var/log/news/news.notice"); };
destination debug { file("/var/log/debug"); };
destination messages { file("/var/log/messages"); };
destination console { usertty("root"); };
# By default messages are logged to tty12...
destination console_all { file("/dev/tty12"); };
# ...if you intend to use /dev/console for programs like xconsole
# you can comment out the destination line above that references /dev/tty12
# and uncomment the line below.
#destination console_all { file("/dev/console"); };
# create filters
filter f_authpriv { facility(auth, authpriv); };
filter f_syslog { not facility(authpriv, mail); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kern { facility(kern); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_user { facility(user); };
filter f_debug { not facility(auth, authpriv, news, mail); };
filter f_messages { level(info..warn)
and not facility(auth, authpriv, mail, news); };
filter f_emergency { level(emerg); };
filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_crit { level(crit); };
filter f_err { level(err); };
filter f_failed { message("failed"); };
filter f_denied { message("denied"); };
# connect filter and destination
log { source(src); filter(f_authpriv); destination(authlog); };
log { source(src); filter(f_syslog); destination(syslog); };
log { source(src); filter(f_cron); destination(cron); };
log { source(src); filter(f_daemon); destination(daemon); };
log { source(kernsrc); filter(f_kern); destination(kern); };
log { source(src); filter(f_lpr); destination(lpr); };
log { source(src); filter(f_mail); destination(mail); };
log { source(src); filter(f_user); destination(user); };
log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); };
log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); };
log { source(src); filter(f_mail); filter(f_err); destination(mailerr); };
log { source(src); filter(f_debug); destination(debug); };
log { source(src); filter(f_messages); destination(messages); };
log { source(src); filter(f_emergency); destination(console); };
# default log
log { source(src); destination(console_all); };
\end{verbatim}
\end{document}

+ 6
- 0
2019/Fail2Ban_Primer/docs/3.aux View File

@ -0,0 +1,6 @@
\relax
\@writefile{toc}{\contentsline {section}{\numberline {1}Overview}{1}}
\@writefile{toc}{\contentsline {section}{\numberline {2}Instructions for Setup}{1}}
\@writefile{toc}{\contentsline {subsection}{\numberline {2.1}Configuration in Gentoo}{3}}
\@writefile{toc}{\contentsline {section}{\numberline {3}Future Advancements}{5}}
\@writefile{toc}{\contentsline {section}{\numberline {4}Further Reading}{5}}

+ 195
- 0
2019/Fail2Ban_Primer/docs/3.log View File

@ -0,0 +1,195 @@
This is pdfTeX, Version 3.14159265-2.6-1.40.15 (TeX Live 2015/dev/Debian) (preloaded format=pdflatex 2018.11.28) 14 MAY 2019 00:03
entering extended mode
restricted \write18 enabled.
%&-line parsing enabled.
**/home/layoutdev/Desktop/code/documentation_general/IT_Articles/2019/Fail2Ban_
Primer/docs/3.tex
(/home/layoutdev/Desktop/code/documentation_general/IT_Articles/2019/Fail2Ban_P
rimer/docs/3.tex
LaTeX2e <2014/05/01>
Babel <3.9l> and hyphenation patterns for 2 languages loaded.
(/usr/share/texlive/texmf-dist/tex/latex/base/article.cls
Document Class: article 2014/09/29 v1.4h Standard LaTeX document class
(/usr/share/texlive/texmf-dist/tex/latex/base/size11.clo
File: size11.clo 2014/09/29 v1.4h Standard LaTeX file (size option)
)
\c@part=\count79
\c@section=\count80
\c@subsection=\count81
\c@subsubsection=\count82
\c@paragraph=\count83
\c@subparagraph=\count84
\c@figure=\count85
\c@table=\count86
\abovecaptionskip=\skip41
\belowcaptionskip=\skip42
\bibindent=\dimen102
) (./3.aux)
\openout1 = `3.aux'.
LaTeX Font Info: Checking defaults for OML/cmm/m/it on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for T1/cmr/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for OT1/cmr/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for OMS/cmsy/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for OMX/cmex/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for U/cmr/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <12> on input line 8.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <8> on input line 8.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <6> on input line 8.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <10.95> on input line 11.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <9> on input line 11.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <5> on input line 11.
LaTeX Font Info: Try loading font information for OMS+cmr on input line 19.
(/usr/share/texlive/texmf-dist/tex/latex/base/omscmr.fd
File: omscmr.fd 2014/09/29 v2.5h Standard LaTeX font definitions
)
LaTeX Font Info: Font shape `OMS/cmr/m/n' in size <10.95> not available
(Font) Font shape `OMS/cmsy/m/n' tried instead on input line 19.
Overfull \hbox (65.4029pt too wide) in paragraph at lines 44--44
[]\OT1/cmtt/m/n/10.95 # this is used in devuan. no other changes are made to ot
her files, except[]
[]
Overfull \hbox (30.91077pt too wide) in paragraph at lines 44--44
[]\OT1/cmtt/m/n/10.95 # that the default ssh filter is disabled in jail.conf if
it enabled[]
[]
Overfull \hbox (59.6542pt too wide) in paragraph at lines 44--44
[]\OT1/cmtt/m/n/10.95 action = iptables-multiport[port="ssh,http,https,22222"
,blocktype=DROP][]
[]
[1
{/var/lib/texmf/fonts/map/pdftex/updmap/pdftex.map}]
Overfull \hbox (111.3924pt too wide) in paragraph at lines 44--44
[]\OT1/cmtt/m/n/10.95 # you could also use the single iptables too, just need t
o specify the right port.[]
[]
Overfull \hbox (209.12009pt too wide) in paragraph at lines 44--44
[]\OT1/cmtt/m/n/10.95 #the blocktype=DROP here, goes to actions.d/iptables-mult
iport.conf, and changes blocktype to drop.[]
[]
[2]
Overfull \hbox (203.3714pt too wide) in paragraph at lines 167--167
[]\OT1/cmtt/m/n/10.95 @version: 3.17 #mandatory since Version 3, specify
the version number of the used syslog-ng[]
[]
Overfull \hbox (7.91602pt too wide) in paragraph at lines 167--167
[] \OT1/cmtt/m/n/10.95 # The default action of syslog-ng is to log a STA
TS line[]
[]
Overfull \hbox (65.4029pt too wide) in paragraph at lines 167--167
[] \OT1/cmtt/m/n/10.95 # to the file every 10 minutes. That's pretty ug
ly after a while.[]
[]
Overfull \hbox (48.15683pt too wide) in paragraph at lines 167--167
[] \OT1/cmtt/m/n/10.95 # Change it to every 12 hours so you get a nice d
aily update of[]
[]
[3]
Overfull \hbox (13.6647pt too wide) in paragraph at lines 167--167
[]\OT1/cmtt/m/n/10.95 # ...if you intend to use /dev/console for programs like
xconsole[]
[]
Overfull \hbox (71.15158pt too wide) in paragraph at lines 167--167
[]\OT1/cmtt/m/n/10.95 # you can comment out the destination line above that ref
erences /dev/tty12[]
[]
[4]
Overfull \hbox (2.16733pt too wide) in paragraph at lines 167--167
[]\OT1/cmtt/m/n/10.95 log { source(src); filter(f_authpriv); destination(authlo
g); };[]
[]
Overfull \hbox (76.90027pt too wide) in paragraph at lines 167--167
[]\OT1/cmtt/m/n/10.95 log { source(src); filter(f_mail); filter(f_info); destin
ation(mailinfo); };[]
[]
Overfull \hbox (76.90027pt too wide) in paragraph at lines 167--167
[]\OT1/cmtt/m/n/10.95 log { source(src); filter(f_mail); filter(f_warn); destin
ation(mailwarn); };[]
[]
Overfull \hbox (65.4029pt too wide) in paragraph at lines 167--167
[]\OT1/cmtt/m/n/10.95 log { source(src); filter(f_mail); filter(f_err); destina
tion(mailerr); };[]
[]
Overfull \hbox (7.91602pt too wide) in paragraph at lines 167--167
[]\OT1/cmtt/m/n/10.95 log { source(src); filter(f_messages); destination(messag
es); };[]
[]
Overfull \hbox (7.91602pt too wide) in paragraph at lines 167--167
[]\OT1/cmtt/m/n/10.95 log { source(src); filter(f_emergency); destination(conso
le); };[]
[]
Overfull \hbox (37.81995pt too wide) in paragraph at lines 173--174
\OT1/cmr/m/n/10.95 https://www.jwz.org/blog/2019/03/apache-2-4-1-killed-fail2ba
n-so-thats-awesome/
[]
[5] (./3.aux) )
Here is how much of TeX's memory you used:
263 strings out of 495020
3193 string characters out of 6181323
50970 words of memory out of 5000000
3546 multiletter control sequences out of 15000+600000
9890 words of font info for 35 fonts, out of 8000000 for 9000
14 hyphenation exceptions out of 8191
24i,8n,19p,501b,244s stack positions out of 5000i,500n,10000p,200000b,80000s
</usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cm
bx12.pfb></usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmr10.pf
b></usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmr12.pfb></usr
/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmr6.pfb></usr/share/t
exlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmr8.pfb></usr/share/texlive/t
exmf-dist/fonts/type1/public/amsfonts/cm/cmr9.pfb></usr/share/texlive/texmf-dis
t/fonts/type1/public/amsfonts/cm/cmsy10.pfb></usr/share/texlive/texmf-dist/font
s/type1/public/amsfonts/cm/cmtt10.pfb>
Output written on 3.pdf (5 pages, 109158 bytes).
PDF statistics:
52 PDF objects out of 1000 (max. 8388607)
36 compressed objects within 1 object stream
0 named destinations out of 1000 (max. 500000)
1 words of extra memory for PDF output out of 10000 (max. 10000000)

BIN
2019/Fail2Ban_Primer/docs/3.pdf View File


+ 178
- 0
2019/Fail2Ban_Primer/docs/3.tex View File

@ -0,0 +1,178 @@
\documentclass[11pt]{article}
%Gummi|065|=)
\title{\textbf{Fail2ban Primer}}
\author{Steak Electronics}
\date{05/12/19}
\begin{document}
\maketitle
\section{Overview}
Fail2Ban is a program, a spiritual successor to denyhosts\footnote{denyhosts was used for ssh, but eventually was abandoned. It was quite a bit simpler to configure than fail2ban, and this was its strength, but it is also more limited, and has vulnerabilities.}, which is used to block ip addresses that try to break into your internet server.
Here are some of the traps, and configurations I've needed to setup fail2ban correctly. It's not a complex program, but unless you sit down and understand it, you might get caught.
\section{Instructions for Setup}
Quick setup for Devuan / Debian 9:
First install fail2ban using apt-get. (apt-get install fail2ban).
Fail2ban is a service that will appear in /etc/init.d/ in Devuan.
So it can be managed with service fail2ban \{start,stop,restart\}.
Second, navigate to /etc/fail2ban/jail.d/
Add the following to a sshd.conf file (or name it anything you like)
\begin{verbatim}
# this is used in devuan. no other changes are made to other files, except
# that the default ssh filter is disabled in jail.conf if it enabled
[sshd]
ignoreip = 127.0.0.1/8
#banaction = iptables
action = iptables-multiport[port="ssh,http,https,22222",blocktype=DROP]
maxretry = 6
enabled = true
filter = sshd
logpath = /var/log/auth.log
bantime = 360000
findtime = 3600
# note that here, the action and its ports are set on INPUT
# so its a rule to block INPUT on ssh, http, https, and 22222
# make sure ports are right.
# you could also use the single iptables too, just need to specify the right port.
#the blocktype=DROP here, goes to actions.d/iptables-multiport.conf, and changes blocktype to drop.
\end{verbatim}
Now, a few notes on this file.
\vspace{0.2in}
First, action can be iptables, but we are using iptables-multiport, as we want to block multiple ports.
\vspace{0.2in}
Second, logpath, should point to your ssh log. In devuan ascii / debian stretch (9) it should be /var/log/auth.log. Other distributions may vary.
\vspace{0.2in}
Third, be careful of different ssh ports. I routinely change ssh ports to be a non standard port, which although it's somewhat pointless, it still seems to block random ssh port scans for port 22. If you use a different port, you must specify it in iptables-multiport above. A potential trap is to use a nonstandard port, then wonder why fail2ban blocks port 22, but your ssh is on port 123 or something.
\vspace{0.2in}
Fourth, the default action in iptables-multiport is to REJECT packets. However, I have changed it to DROP (blocktype=DROP). For those not familiar with the difference between REJECT and DROP, from my understanding, it boils down to that REJECT will alert the outside host that the post is unreachable, while drop simply drops the connection, leaving the other host to figure it out on their own.
As I consider the offending ip addresses to be attackers, I have set it to DROP. If they try to break into the server, then block all ports from them, and don't tell them anything. The DROP timeout is more work on their end. With REJECT, my server actually responds to them.
On fail2ban issues git tracker, there is some discussion about this, and it is not really definitive. It ends up being that, REJECT is default, and if you want you can change it to DROP. As I have.
\vspace{0.2in}
Fifth, review jail.conf, and fail2ban.conf. Usually nothing needs to be changed, but occasionally jail.conf will enable the default sshd jail (which you can disable, and use instead the new one).
\subsection{Configuration in Gentoo}
This guide will only cover those working with syslog-ng in Gentoo. You can add a config to syslog-ng to get auth.log to appear in Gentoo.
\footnote{Reference: https://wiki.gentoo.org/wiki/Security\_Handbook/Logging\#Syslog-ng} Notice in the below config, that a destination has been defined for authlog. You need not copy all the syslog-ng below, only what you need.
\begin{verbatim}
/etc/syslog-ng/syslog-ng.confSyslog-ng
@version: 3.17 #mandatory since Version 3, specify the version number of the used syslog-ng
options {
chain_hostnames(no);
# The default action of syslog-ng is to log a STATS line
# to the file every 10 minutes. That's pretty ugly after a while.
# Change it to every 12 hours so you get a nice daily update of
# how many messages syslog-ng missed (0).
stats_freq(43200);
};
source src {
unix-stream("/dev/log" max-connections(256));
internal();
};
source kernsrc { file("/proc/kmsg"); };
# define destinations
destination authlog { file("/var/log/auth.log"); };
destination syslog { file("/var/log/syslog"); };
destination cron { file("/var/log/cron.log"); };
destination daemon { file("/var/log/daemon.log"); };
destination kern { file("/var/log/kern.log"); };
destination lpr { file("/var/log/lpr.log"); };
destination user { file("/var/log/user.log"); };
destination mail { file("/var/log/mail.log"); };
destination mailinfo { file("/var/log/mail.info"); };
destination mailwarn { file("/var/log/mail.warn"); };
destination mailerr { file("/var/log/mail.err"); };
destination newscrit { file("/var/log/news/news.crit"); };
destination newserr { file("/var/log/news/news.err"); };
destination newsnotice { file("/var/log/news/news.notice"); };
destination debug { file("/var/log/debug"); };
destination messages { file("/var/log/messages"); };
destination console { usertty("root"); };
# By default messages are logged to tty12...
destination console_all { file("/dev/tty12"); };
# ...if you intend to use /dev/console for programs like xconsole
# you can comment out the destination line above that references /dev/tty12
# and uncomment the line below.
#destination console_all { file("/dev/console"); };
# create filters
filter f_authpriv { facility(auth, authpriv); };
filter f_syslog { not facility(authpriv, mail); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kern { facility(kern); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_user { facility(user); };
filter f_debug { not facility(auth, authpriv, news, mail); };
filter f_messages { level(info..warn)
and not facility(auth, authpriv, mail, news); };
filter f_emergency { level(emerg); };
filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_crit { level(crit); };
filter f_err { level(err); };
filter f_failed { message("failed"); };
filter f_denied { message("denied"); };
# connect filter and destination
log { source(src); filter(f_authpriv); destination(authlog); };
log { source(src); filter(f_syslog); destination(syslog); };
log { source(src); filter(f_cron); destination(cron); };
log { source(src); filter(f_daemon); destination(daemon); };
log { source(kernsrc); filter(f_kern); destination(kern); };
log { source(src); filter(f_lpr); destination(lpr); };
log { source(src); filter(f_mail); destination(mail); };
log { source(src); filter(f_user); destination(user); };
log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); };
log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); };
log { source(src); filter(f_mail); filter(f_err); destination(mailerr); };
log { source(src); filter(f_debug); destination(debug); };
log { source(src); filter(f_messages); destination(messages); };
log { source(src); filter(f_emergency); destination(console); };
# default log
log { source(src); destination(console_all); };
\end{verbatim}
\section{Future Advancements}
What is next for fail2ban after the above? You will want to watch apache logs, and ban any hosts from your IP that search for things they should not be looking for (wordpress logins, phpmyadmin, etc). You can simply add them to a 6-12 month blacklist, if they search for anything they shouldn't be searching for.
\section{Further Reading}
https://www.jwz.org/blog/2019/03/apache-2-4-1-killed-fail2ban-so-thats-awesome/
\end{document}

+ 169
- 0
2019/Fail2Ban_Primer/docs/3.tex~ View File

@ -0,0 +1,169 @@
\documentclass[11pt]{article}
%Gummi|065|=)
\title{\textbf{Fail2ban Primer}}
\author{Steak Electronics}
\date{05/12/19}
\begin{document}
\maketitle
\section{Overview}
Fail2Ban is a program, a spiritual successor to denyhosts\footnote{denyhosts was used for ssh, but eventually was abandoned. It was quite a bit simpler to configure than fail2ban, and this was its strength, but it is also more limited, and has vulnerabilities.}, which is used to block ip addresses that try to break into your internet server.
\section{Instructions for Setup}
Quick setup for Devuan / Debian 9:
First install fail2ban using apt-get. (apt-get install fail2ban).
Fail2ban is a service that will appear in /etc/init.d/ in Devuan.
So it can be managed with service fail2ban \{start,stop,restart\}.
Second, navigate to /etc/fail2ban/jail.d/
Add the following to a sshd.conf file (or name it anything you like)
\begin{verbatim}
# this is used in devuan. no other changes are made to other files, except
# that the default ssh filter is disabled in jail.conf if it enabled
[sshd]
ignoreip = 127.0.0.1/8
#banaction = iptables
action = iptables-multiport[port="ssh,http,https,22222",blocktype=DROP]
maxretry = 6
enabled = true
filter = sshd
logpath = /var/log/auth.log
bantime = 360000
findtime = 3600
# note that here, the action and its ports are set on INPUT
# so its a rule to block INPUT on ssh, http, https, and 22222
# make sure ports are right.
# you could also use the single iptables too, just need to specify the right port.
#the blocktype=DROP here, goes to actions.d/iptables-multiport.conf, and changes blocktype to drop.
\end{verbatim}
Now, a few notes on this file.
\vspace{0.2in}
First, action can be iptables, but we are using iptables-multiport, as we want to block multiple ports.
\vspace{0.2in}
Second, logpath, should point to your ssh log. In devuan ascii / debian stretch (9) it should be /var/log/auth.log. Other distributions may vary.
\vspace{0.2in}
Third, be careful of different ssh ports. I routinely change ssh ports to be a non standard port, which although it's somewhat pointless, it still seems to block random ssh port scans for port 22. If you use a different port, you must specify it in iptables-multiport above. A potential trap is to use a nonstandard port, then wonder why fail2ban blocks port 22, but your ssh is on port 123 or something.
\vspace{0.2in}
Fourth, the default action in iptables-multiport is to REJECT packets. However, I have changed it to DROP (blocktype=DROP). For those not familiar with the difference between REJECT and DROP, from my understanding, it boils down to that REJECT will alert the outside host that the post is unreachable, while drop simply drops the connection, leaving the other host to figure it out on their own.
As I consider the offending ip addresses to be attackers, I have set it to DROP. If they try to break into the server, then block all ports from them, and don't tell them anything. The DROP timeout is more work on their end. With REJECT, my server actually responds to them.
On fail2ban issues git tracker, there is some discussion about this, and it is not really definitive. It ends up being that, REJECT is default, and if you want you can change it to DROP. As I have.
\vspace{0.2in}
Fifth, review jail.conf, and fail2ban.conf. Usually nothing needs to be changed, but occasionally jail.conf will enable the default sshd jail (which you can disable, and use instead the new one).
\subsection{Configuration in Gentoo}
This guide will only cover those working with syslog-ng in Gentoo. You can add a config to syslog-ng to get auth.log to appear in Gentoo.
\footnote{Reference: https://wiki.gentoo.org/wiki/Security\_Handbook/Logging\#Syslog-ng} Notice in the below config, that a destination has been defined for authlog. You need not copy all the syslog-ng below, only what you need.
\begin{verbatim}
/etc/syslog-ng/syslog-ng.confSyslog-ng
@version: 3.17 #mandatory since Version 3, specify the version number of the used syslog-ng
options {
chain_hostnames(no);
# The default action of syslog-ng is to log a STATS line
# to the file every 10 minutes. That's pretty ugly after a while.
# Change it to every 12 hours so you get a nice daily update of
# how many messages syslog-ng missed (0).
stats_freq(43200);
};
source src {
unix-stream("/dev/log" max-connections(256));
internal();
};
source kernsrc { file("/proc/kmsg"); };
# define destinations
destination authlog { file("/var/log/auth.log"); };
destination syslog { file("/var/log/syslog"); };
destination cron { file("/var/log/cron.log"); };
destination daemon { file("/var/log/daemon.log"); };
destination kern { file("/var/log/kern.log"); };
destination lpr { file("/var/log/lpr.log"); };
destination user { file("/var/log/user.log"); };
destination mail { file("/var/log/mail.log"); };
destination mailinfo { file("/var/log/mail.info"); };
destination mailwarn { file("/var/log/mail.warn"); };
destination mailerr { file("/var/log/mail.err"); };
destination newscrit { file("/var/log/news/news.crit"); };
destination newserr { file("/var/log/news/news.err"); };
destination newsnotice { file("/var/log/news/news.notice"); };
destination debug { file("/var/log/debug"); };
destination messages { file("/var/log/messages"); };
destination console { usertty("root"); };
# By default messages are logged to tty12...
destination console_all { file("/dev/tty12"); };
# ...if you intend to use /dev/console for programs like xconsole
# you can comment out the destination line above that references /dev/tty12
# and uncomment the line below.
#destination console_all { file("/dev/console"); };
# create filters
filter f_authpriv { facility(auth, authpriv); };
filter f_syslog { not facility(authpriv, mail); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kern { facility(kern); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_user { facility(user); };
filter f_debug { not facility(auth, authpriv, news, mail); };
filter f_messages { level(info..warn)
and not facility(auth, authpriv, mail, news); };
filter f_emergency { level(emerg); };
filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_crit { level(crit); };
filter f_err { level(err); };
filter f_failed { message("failed"); };
filter f_denied { message("denied"); };
# connect filter and destination
log { source(src); filter(f_authpriv); destination(authlog); };
log { source(src); filter(f_syslog); destination(syslog); };
log { source(src); filter(f_cron); destination(cron); };
log { source(src); filter(f_daemon); destination(daemon); };
log { source(kernsrc); filter(f_kern); destination(kern); };
log { source(src); filter(f_lpr); destination(lpr); };
log { source(src); filter(f_mail); destination(mail); };
log { source(src); filter(f_user); destination(user); };
log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); };
log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); };
log { source(src); filter(f_mail); filter(f_err); destination(mailerr); };
log { source(src); filter(f_debug); destination(debug); };
log { source(src); filter(f_messages); destination(messages); };
log { source(src); filter(f_emergency); destination(console); };
# default log
log { source(src); destination(console_all); };
\end{verbatim}
\end{document}

Loading…
Cancel
Save