Browse Source

okkkkok

master
Your Name 5 years ago
parent
commit
fdd66411be
41 changed files with 2452 additions and 4 deletions
  1. +1
    -1
      2019/Fail2Ban_Primer/docs/1.log
  2. BIN
      2019/Fail2Ban_Primer/docs/1.pdf
  3. +2
    -2
      2019/Fail2Ban_Primer/docs/3.log
  4. BIN
      2019/Fail2Ban_Primer/docs/3.pdf
  5. +1
    -1
      2019/Fail2Ban_Primer/docs/3.tex
  6. +6
    -0
      2019/Fail2Ban_Primer/docs/4.aux
  7. +178
    -0
      2019/Fail2Ban_Primer/docs/4.log
  8. BIN
      2019/Fail2Ban_Primer/docs/4.pdf
  9. +182
    -0
      2019/Fail2Ban_Primer/docs/4.tex
  10. +178
    -0
      2019/Fail2Ban_Primer/docs/4.tex~
  11. +6
    -0
      2019/Fail2Ban_Primer/docs/5.aux
  12. +180
    -0
      2019/Fail2Ban_Primer/docs/5.log
  13. BIN
      2019/Fail2Ban_Primer/docs/5.pdf
  14. +184
    -0
      2019/Fail2Ban_Primer/docs/5.tex
  15. +182
    -0
      2019/Fail2Ban_Primer/docs/5.tex~
  16. +5
    -0
      2019/Fail2Ban_Primer/docs/5.toc
  17. +6
    -0
      2019/Fail2Ban_Primer/docs/6.aux
  18. +180
    -0
      2019/Fail2Ban_Primer/docs/6.log
  19. BIN
      2019/Fail2Ban_Primer/docs/6.pdf
  20. +184
    -0
      2019/Fail2Ban_Primer/docs/6.tex
  21. +5
    -0
      2019/Fail2Ban_Primer/docs/6.toc
  22. +5
    -0
      2019/GNULinux_Resizing_Partitions/docs/1.aux
  23. +86
    -0
      2019/GNULinux_Resizing_Partitions/docs/1.log
  24. BIN
      2019/GNULinux_Resizing_Partitions/docs/1.pdf
  25. +61
    -0
      2019/GNULinux_Resizing_Partitions/docs/1.tex
  26. +163
    -0
      2019/GNULinux_Resizing_Partitions/docs/1.tex~
  27. +5
    -0
      2019/GNULinux_Resizing_Partitions/docs/2.aux
  28. +86
    -0
      2019/GNULinux_Resizing_Partitions/docs/2.log
  29. BIN
      2019/GNULinux_Resizing_Partitions/docs/2.pdf
  30. +61
    -0
      2019/GNULinux_Resizing_Partitions/docs/2.tex
  31. +28
    -0
      2019/Router_Fail_Repair/docs/#2.tex#
  32. +4
    -0
      2019/Router_Fail_Repair/docs/1.aux
  33. +190
    -0
      2019/Router_Fail_Repair/docs/1.log
  34. BIN
      2019/Router_Fail_Repair/docs/1.pdf
  35. +28
    -0
      2019/Router_Fail_Repair/docs/1.tex
  36. +33
    -0
      2019/Router_Fail_Repair/docs/1.tex~
  37. +4
    -0
      2019/Router_Fail_Repair/docs/2.aux
  38. +190
    -0
      2019/Router_Fail_Repair/docs/2.log
  39. BIN
      2019/Router_Fail_Repair/docs/2.pdf
  40. +28
    -0
      2019/Router_Fail_Repair/docs/2.tex
  41. BIN
      2019/Router_Fail_Repair/docs/2.tex~

+ 1
- 1
2019/Fail2Ban_Primer/docs/1.log View File

@ -1,4 +1,4 @@
This is pdfTeX, Version 3.14159265-2.6-1.40.15 (TeX Live 2015/dev/Debian) (preloaded format=pdflatex 2018.11.28) 13 MAY 2019 23:49
This is pdfTeX, Version 3.14159265-2.6-1.40.15 (TeX Live 2015/dev/Debian) (preloaded format=pdflatex 2018.11.28) 15 MAY 2019 11:52
entering extended mode
restricted \write18 enabled.
%&-line parsing enabled.

BIN
2019/Fail2Ban_Primer/docs/1.pdf View File


+ 2
- 2
2019/Fail2Ban_Primer/docs/3.log View File

@ -1,4 +1,4 @@
This is pdfTeX, Version 3.14159265-2.6-1.40.15 (TeX Live 2015/dev/Debian) (preloaded format=pdflatex 2018.11.28) 14 MAY 2019 00:03
This is pdfTeX, Version 3.14159265-2.6-1.40.15 (TeX Live 2015/dev/Debian) (preloaded format=pdflatex 2018.11.28) 29 MAY 2019 01:21
entering extended mode
restricted \write18 enabled.
%&-line parsing enabled.
@ -186,7 +186,7 @@ exlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmr8.pfb>
exmf-dist/fonts/type1/public/amsfonts/cm/cmr9.pfb></usr/share/texlive/texmf-dis
t/fonts/type1/public/amsfonts/cm/cmsy10.pfb></usr/share/texlive/texmf-dist/font
s/type1/public/amsfonts/cm/cmtt10.pfb>
Output written on 3.pdf (5 pages, 109158 bytes).
Output written on 3.pdf (5 pages, 109176 bytes).
PDF statistics:
52 PDF objects out of 1000 (max. 8388607)
36 compressed objects within 1 object stream

BIN
2019/Fail2Ban_Primer/docs/3.pdf View File


+ 1
- 1
2019/Fail2Ban_Primer/docs/3.tex View File

@ -8,7 +8,7 @@
\maketitle
\section{Overview}
Fail2Ban is a program, a spiritual successor to denyhosts\footnote{denyhosts was used for ssh, but eventually was abandoned. It was quite a bit simpler to configure than fail2ban, and this was its strength, but it is also more limited, and has vulnerabilities.}, which is used to block ip addresses that try to break into your internet server.
Fail2Ban is a program, a spiritual successor to denyhosts\footnote{denyhosts was used for ssh, but eventually was abandoned. It was quite a bit simpler to configure than fail2ban, and this was its strength, but it is also more limited, and now has vulnerabilities.}, which is used to block ip addresses that try to break into your internet server.
Here are some of the traps, and configurations I've needed to setup fail2ban correctly. It's not a complex program, but unless you sit down and understand it, you might get caught.
\section{Instructions for Setup}

+ 6
- 0
2019/Fail2Ban_Primer/docs/4.aux View File

@ -0,0 +1,6 @@
\relax
\@writefile{toc}{\contentsline {section}{\numberline {1}Overview}{1}}
\@writefile{toc}{\contentsline {section}{\numberline {2}Instructions for Setup}{1}}
\@writefile{toc}{\contentsline {subsection}{\numberline {2.1}Configuration in Gentoo}{3}}
\@writefile{toc}{\contentsline {section}{\numberline {3}Future Advancements}{5}}
\@writefile{toc}{\contentsline {section}{\numberline {4}Further Reading}{6}}

+ 178
- 0
2019/Fail2Ban_Primer/docs/4.log View File

@ -0,0 +1,178 @@
This is pdfTeX, Version 3.14159265-2.6-1.40.15 (TeX Live 2015/dev/Debian) (preloaded format=pdflatex 2018.11.28) 29 MAY 2019 01:27
entering extended mode
restricted \write18 enabled.
%&-line parsing enabled.
**/home/layoutdev/Desktop/code/documentation_general/IT_Articles/2019/Fail2Ban_
Primer/docs/4.tex
(/home/layoutdev/Desktop/code/documentation_general/IT_Articles/2019/Fail2Ban_P
rimer/docs/4.tex
LaTeX2e <2014/05/01>
Babel <3.9l> and hyphenation patterns for 2 languages loaded.
(/usr/share/texlive/texmf-dist/tex/latex/base/article.cls
Document Class: article 2014/09/29 v1.4h Standard LaTeX document class
(/usr/share/texlive/texmf-dist/tex/latex/base/size11.clo
File: size11.clo 2014/09/29 v1.4h Standard LaTeX file (size option)
)
\c@part=\count79
\c@section=\count80
\c@subsection=\count81
\c@subsubsection=\count82
\c@paragraph=\count83
\c@subparagraph=\count84
\c@figure=\count85
\c@table=\count86
\abovecaptionskip=\skip41
\belowcaptionskip=\skip42
\bibindent=\dimen102
) (./4.aux)
\openout1 = `4.aux'.
LaTeX Font Info: Checking defaults for OML/cmm/m/it on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for T1/cmr/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for OT1/cmr/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for OMS/cmsy/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for OMX/cmex/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for U/cmr/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <12> on input line 8.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <8> on input line 8.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <6> on input line 8.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <10.95> on input line 11.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <9> on input line 11.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <5> on input line 11.
LaTeX Font Info: Try loading font information for OMS+cmr on input line 19.
(/usr/share/texlive/texmf-dist/tex/latex/base/omscmr.fd
File: omscmr.fd 2014/09/29 v2.5h Standard LaTeX font definitions
)
LaTeX Font Info: Font shape `OMS/cmr/m/n' in size <10.95> not available
(Font) Font shape `OMS/cmsy/m/n' tried instead on input line 19.
Overfull \hbox (65.4029pt too wide) in paragraph at lines 37--37
[]\OT1/cmtt/m/n/10.95 # this is used in devuan. no other changes are made to ot
her files, except[]
[]
Overfull \hbox (30.91077pt too wide) in paragraph at lines 37--37
[]\OT1/cmtt/m/n/10.95 # that the default ssh filter is disabled in jail.conf if
it enabled[]
[]
[1
{/var/lib/texmf/fonts/map/pdftex/updmap/pdftex.map}]
Overfull \hbox (14.05429pt too wide) in paragraph at lines 56--57
[]\OT1/cmr/bx/n/10.95 To con-fig-ure it, see /etc/fail2ban/actions.d/iptables-c
ommon.conf
[]
[2]
Overfull \hbox (7.91602pt too wide) in paragraph at lines 163--163
[] \OT1/cmtt/m/n/10.95 # The default action of syslog-ng is to log a STA
TS line[]
[]
Overfull \hbox (65.4029pt too wide) in paragraph at lines 163--163
[] \OT1/cmtt/m/n/10.95 # to the file every 10 minutes. That's pretty ug
ly after a while.[]
[]
Overfull \hbox (48.15683pt too wide) in paragraph at lines 163--163
[] \OT1/cmtt/m/n/10.95 # Change it to every 12 hours so you get a nice d
aily update of[]
[]
[3]
Overfull \hbox (13.6647pt too wide) in paragraph at lines 163--163
[]\OT1/cmtt/m/n/10.95 # ...if you intend to use /dev/console for programs like
xconsole[]
[]
Overfull \hbox (71.15158pt too wide) in paragraph at lines 163--163
[]\OT1/cmtt/m/n/10.95 # you can comment out the destination line above that ref
erences /dev/tty12[]
[]
[4]
Overfull \hbox (2.16733pt too wide) in paragraph at lines 163--163
[]\OT1/cmtt/m/n/10.95 log { source(src); filter(f_authpriv); destination(authlo
g); };[]
[]
Overfull \hbox (76.90027pt too wide) in paragraph at lines 163--163
[]\OT1/cmtt/m/n/10.95 log { source(src); filter(f_mail); filter(f_info); destin
ation(mailinfo); };[]
[]
Overfull \hbox (76.90027pt too wide) in paragraph at lines 163--163
[]\OT1/cmtt/m/n/10.95 log { source(src); filter(f_mail); filter(f_warn); destin
ation(mailwarn); };[]
[]
Overfull \hbox (65.4029pt too wide) in paragraph at lines 163--163
[]\OT1/cmtt/m/n/10.95 log { source(src); filter(f_mail); filter(f_err); destina
tion(mailerr); };[]
[]
Overfull \hbox (7.91602pt too wide) in paragraph at lines 163--163
[]\OT1/cmtt/m/n/10.95 log { source(src); filter(f_messages); destination(messag
es); };[]
[]
Overfull \hbox (7.91602pt too wide) in paragraph at lines 163--163
[]\OT1/cmtt/m/n/10.95 log { source(src); filter(f_emergency); destination(conso
le); };[]
[]
[5]
Overfull \hbox (7.91743pt too wide) in paragraph at lines 173--174
[]\OT1/cmr/m/n/10.95 https://www.jwz.org/blog/2019/03/apache-2-4-1-killed-fail2
ban-so-thats-
[]
[6] (./4.aux) )
Here is how much of TeX's memory you used:
265 strings out of 495020
3217 string characters out of 6181323
50970 words of memory out of 5000000
3547 multiletter control sequences out of 15000+600000
10198 words of font info for 36 fonts, out of 8000000 for 9000
14 hyphenation exceptions out of 8191
24i,8n,19p,590b,244s stack positions out of 5000i,500n,10000p,200000b,80000s
</usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cm
bx10.pfb></usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmbx12.p
fb></usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmr10.pfb></us
r/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmr12.pfb></usr/share
/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmr6.pfb></usr/share/texlive
/texmf-dist/fonts/type1/public/amsfonts/cm/cmr8.pfb></usr/share/texlive/texmf-d
ist/fonts/type1/public/amsfonts/cm/cmr9.pfb></usr/share/texlive/texmf-dist/font
s/type1/public/amsfonts/cm/cmsy10.pfb></usr/share/texlive/texmf-dist/fonts/type
1/public/amsfonts/cm/cmtt10.pfb>
Output written on 4.pdf (6 pages, 123335 bytes).
PDF statistics:
59 PDF objects out of 1000 (max. 8388607)
41 compressed objects within 1 object stream
0 named destinations out of 1000 (max. 500000)
1 words of extra memory for PDF output out of 10000 (max. 10000000)

BIN
2019/Fail2Ban_Primer/docs/4.pdf View File


+ 182
- 0
2019/Fail2Ban_Primer/docs/4.tex View File

@ -0,0 +1,182 @@
\documentclass[11pt]{article}
%Gummi|065|=)
\title{\textbf{Fail2ban Primer}}
\author{Steak Electronics}
\date{05/12/19}
\begin{document}
\maketitle
\section{Overview}
Fail2Ban is a program, a spiritual successor to denyhosts\footnote{denyhosts was used for ssh, but eventually was abandoned. It was quite a bit simpler to configure than fail2ban, and this was its strength, but it is also more limited, and now has vulnerabilities.}, which is used to block ip addresses that try to break into your internet server.
Here are some of the traps, and configurations I've needed to setup fail2ban correctly. It's not a complex program, but unless you sit down and understand it, you might get caught.
\section{Instructions for Setup}
Quick setup for Devuan / Debian 9:
First install fail2ban using apt-get. (apt-get install fail2ban).
Fail2ban is a service that will appear in /etc/init.d/ in Devuan.
So it can be managed with service fail2ban \{start,stop,restart\}.
Second, navigate to /etc/fail2ban/jail.d/
Add the following to a sshd.conf file (or name it anything you like)
\begin{verbatim}
# this is used in devuan. no other changes are made to other files, except
# that the default ssh filter is disabled in jail.conf if it enabled
[sshd]
ignoreip = 127.0.0.1/8
#banaction = iptables
action = iptables-allports
maxretry = 6
enabled = true
filter = sshd
logpath = /var/log/auth.log
bantime = 360000
findtime = 3600
\end{verbatim}
Now, a few notes on this file.
\vspace{0.2in}
First, action can be iptables for a single port, or iptables-multiport for more than one, but we are using iptables-allports, as we want to block everything.
\vspace{0.2in}
Second, logpath, should point to your ssh log. In devuan ascii / debian stretch (9) it should be /var/log/auth.log. Other distributions may vary. The format of the ssh log can vary as well. In this guide, it's assumed to be auth.log.
\vspace{0.2in}
Third, be careful of different ssh ports. I routinely change ssh ports to be a non standard port, which although it's somewhat pointless, it still seems to block random ssh port scans for port 22. If you use a different port, you must specify it in iptables-multiport above. A potential trap is to use a nonstandard port, then wonder why fail2ban blocks port 22, but your ssh is on port 123 or something. An agressive adn easier approach is to just block everything.
\vspace{0.2in}
Fourth, the default action in iptables-common \footnote{this file in actions.d applies to all iptables of course, being common} is to REJECT packets. However, I have changed it to DROP (blocktype=DROP). For those not familiar with the difference between REJECT and DROP, from my understanding, it boils down to that REJECT will alert the outside host that the post is unreachable, while drop simply drops the connection, leaving the other host to figure it out on their own.
\textbf{To configure it, see /etc/fail2ban/actions.d/iptables-common.conf and search for blocktype.}
As I consider the offending ip addresses to be attackers, I have set it to DROP. If they try to break into the server, then block all ports from them, and don't tell them anything. The DROP timeout is more work on their end. With REJECT, my server actually responds to them.
On fail2ban issues git tracker, there is some discussion about this, and it is not really definitive. It ends up being that, REJECT is default, and if you want you can change it to DROP. As I have.
\vspace{0.2in}
Fifth, review jail.conf, and fail2ban.conf. Usually nothing needs to be changed, but occasionally jail.conf will enable the default sshd jail (which you can disable, and use instead the new one).
\subsection{Configuration in Gentoo}
This guide will only cover those working with syslog-ng in Gentoo. You can add a config to syslog-ng to get auth.log to appear in Gentoo.
\footnote{Reference: https://wiki.gentoo.org/wiki/Security\_Handbook/Logging\#Syslog-ng} Notice in the below config, that a destination has been defined for authlog. You need not copy all the syslog-ng below, only what you need.
\begin{verbatim}
/etc/syslog-ng/syslog-ng.confSyslog-ng
@version: 3.17 #mandatory since Version 3, specify
the version number of the used syslog-ng
options {
chain_hostnames(no);
# The default action of syslog-ng is to log a STATS line
# to the file every 10 minutes. That's pretty ugly after a while.
# Change it to every 12 hours so you get a nice daily update of
# how many messages syslog-ng missed (0).
stats_freq(43200);
};
source src {
unix-stream("/dev/log" max-connections(256));
internal();
};
source kernsrc { file("/proc/kmsg"); };
# define destinations
destination authlog { file("/var/log/auth.log"); };
destination syslog { file("/var/log/syslog"); };
destination cron { file("/var/log/cron.log"); };
destination daemon { file("/var/log/daemon.log"); };
destination kern { file("/var/log/kern.log"); };
destination lpr { file("/var/log/lpr.log"); };
destination user { file("/var/log/user.log"); };
destination mail { file("/var/log/mail.log"); };
destination mailinfo { file("/var/log/mail.info"); };
destination mailwarn { file("/var/log/mail.warn"); };
destination mailerr { file("/var/log/mail.err"); };
destination newscrit { file("/var/log/news/news.crit"); };
destination newserr { file("/var/log/news/news.err"); };
destination newsnotice { file("/var/log/news/news.notice"); };
destination debug { file("/var/log/debug"); };
destination messages { file("/var/log/messages"); };
destination console { usertty("root"); };
# By default messages are logged to tty12...
destination console_all { file("/dev/tty12"); };
# ...if you intend to use /dev/console for programs like xconsole
# you can comment out the destination line above that references /dev/tty12
# and uncomment the line below.
#destination console_all { file("/dev/console"); };
# create filters
filter f_authpriv { facility(auth, authpriv); };
filter f_syslog { not facility(authpriv, mail); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kern { facility(kern); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_user { facility(user); };
filter f_debug { not facility(auth, authpriv, news, mail); };
filter f_messages { level(info..warn)
and not facility(auth, authpriv, mail, news); };
filter f_emergency { level(emerg); };
filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_crit { level(crit); };
filter f_err { level(err); };
filter f_failed { message("failed"); };
filter f_denied { message("denied"); };
# connect filter and destination
log { source(src); filter(f_authpriv); destination(authlog); };
log { source(src); filter(f_syslog); destination(syslog); };
log { source(src); filter(f_cron); destination(cron); };
log { source(src); filter(f_daemon); destination(daemon); };
log { source(kernsrc); filter(f_kern); destination(kern); };
log { source(src); filter(f_lpr); destination(lpr); };
log { source(src); filter(f_mail); destination(mail); };
log { source(src); filter(f_user); destination(user); };
log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); };
log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); };
log { source(src); filter(f_mail); filter(f_err); destination(mailerr); };
log { source(src); filter(f_debug); destination(debug); };
log { source(src); filter(f_messages); destination(messages); };
log { source(src); filter(f_emergency); destination(console); };
# default log
log { source(src); destination(console_all); };
\end{verbatim}
\section{Future Advancements}
What is next for fail2ban after the above? You will want to watch apache logs, and ban any hosts from your IP that search for things they should not be looking for (wordpress logins, phpmyadmin, etc). You can simply add them to a 6-12 month blacklist, if they search for anything they shouldn't be searching for.
Gentoo has a use flag to use a DB to do persistent blocking over time. This way you can block offending IPs through restarts.
\section{Further Reading}
https://github.com/fail2ban/fail2ban/issues/2217
https://www.jwz.org/blog/2019/03/apache-2-4-1-killed-fail2ban-so-thats-awesome/
https://www.fail2ban.org/wiki/index.php/Apache
https://www.fail2ban.org/wiki/index.php/
\end{document}

+ 178
- 0
2019/Fail2Ban_Primer/docs/4.tex~ View File

@ -0,0 +1,178 @@
\documentclass[11pt]{article}
%Gummi|065|=)
\title{\textbf{Fail2ban Primer}}
\author{Steak Electronics}
\date{05/12/19}
\begin{document}
\maketitle
\section{Overview}
Fail2Ban is a program, a spiritual successor to denyhosts\footnote{denyhosts was used for ssh, but eventually was abandoned. It was quite a bit simpler to configure than fail2ban, and this was its strength, but it is also more limited, and now has vulnerabilities.}, which is used to block ip addresses that try to break into your internet server.
Here are some of the traps, and configurations I've needed to setup fail2ban correctly. It's not a complex program, but unless you sit down and understand it, you might get caught.
\section{Instructions for Setup}
Quick setup for Devuan / Debian 9:
First install fail2ban using apt-get. (apt-get install fail2ban).
Fail2ban is a service that will appear in /etc/init.d/ in Devuan.
So it can be managed with service fail2ban \{start,stop,restart\}.
Second, navigate to /etc/fail2ban/jail.d/
Add the following to a sshd.conf file (or name it anything you like)
\begin{verbatim}
# this is used in devuan. no other changes are made to other files, except
# that the default ssh filter is disabled in jail.conf if it enabled
[sshd]
ignoreip = 127.0.0.1/8
#banaction = iptables
action = iptables-allports
maxretry = 6
enabled = true
filter = sshd
logpath = /var/log/auth.log
bantime = 360000
findtime = 3600
# note that here, the action and its ports are set on INPUT
# so its a rule to block INPUT on ssh, http, https, and 22222
# make sure ports are right.
# you could also use the single iptables too, just need to specify the right port.
#the blocktype=DROP here, goes to actions.d/iptables-multiport.conf, and changes blocktype to drop.
\end{verbatim}
Now, a few notes on this file.
\vspace{0.2in}
First, action can be iptables, but we are using iptables-multiport, as we want to block multiple ports.
\vspace{0.2in}
Second, logpath, should point to your ssh log. In devuan ascii / debian stretch (9) it should be /var/log/auth.log. Other distributions may vary.
\vspace{0.2in}
Third, be careful of different ssh ports. I routinely change ssh ports to be a non standard port, which although it's somewhat pointless, it still seems to block random ssh port scans for port 22. If you use a different port, you must specify it in iptables-multiport above. A potential trap is to use a nonstandard port, then wonder why fail2ban blocks port 22, but your ssh is on port 123 or something.
\vspace{0.2in}
Fourth, the default action in iptables-multiport is to REJECT packets. However, I have changed it to DROP (blocktype=DROP). For those not familiar with the difference between REJECT and DROP, from my understanding, it boils down to that REJECT will alert the outside host that the post is unreachable, while drop simply drops the connection, leaving the other host to figure it out on their own.
As I consider the offending ip addresses to be attackers, I have set it to DROP. If they try to break into the server, then block all ports from them, and don't tell them anything. The DROP timeout is more work on their end. With REJECT, my server actually responds to them.
On fail2ban issues git tracker, there is some discussion about this, and it is not really definitive. It ends up being that, REJECT is default, and if you want you can change it to DROP. As I have.
\vspace{0.2in}
Fifth, review jail.conf, and fail2ban.conf. Usually nothing needs to be changed, but occasionally jail.conf will enable the default sshd jail (which you can disable, and use instead the new one).
\subsection{Configuration in Gentoo}
This guide will only cover those working with syslog-ng in Gentoo. You can add a config to syslog-ng to get auth.log to appear in Gentoo.
\footnote{Reference: https://wiki.gentoo.org/wiki/Security\_Handbook/Logging\#Syslog-ng} Notice in the below config, that a destination has been defined for authlog. You need not copy all the syslog-ng below, only what you need.
\begin{verbatim}
/etc/syslog-ng/syslog-ng.confSyslog-ng
@version: 3.17 #mandatory since Version 3, specify the version number of the used syslog-ng
options {
chain_hostnames(no);
# The default action of syslog-ng is to log a STATS line
# to the file every 10 minutes. That's pretty ugly after a while.
# Change it to every 12 hours so you get a nice daily update of
# how many messages syslog-ng missed (0).
stats_freq(43200);
};
source src {
unix-stream("/dev/log" max-connections(256));
internal();
};
source kernsrc { file("/proc/kmsg"); };
# define destinations
destination authlog { file("/var/log/auth.log"); };
destination syslog { file("/var/log/syslog"); };
destination cron { file("/var/log/cron.log"); };
destination daemon { file("/var/log/daemon.log"); };
destination kern { file("/var/log/kern.log"); };
destination lpr { file("/var/log/lpr.log"); };
destination user { file("/var/log/user.log"); };
destination mail { file("/var/log/mail.log"); };
destination mailinfo { file("/var/log/mail.info"); };
destination mailwarn { file("/var/log/mail.warn"); };
destination mailerr { file("/var/log/mail.err"); };
destination newscrit { file("/var/log/news/news.crit"); };
destination newserr { file("/var/log/news/news.err"); };
destination newsnotice { file("/var/log/news/news.notice"); };
destination debug { file("/var/log/debug"); };
destination messages { file("/var/log/messages"); };
destination console { usertty("root"); };
# By default messages are logged to tty12...
destination console_all { file("/dev/tty12"); };
# ...if you intend to use /dev/console for programs like xconsole
# you can comment out the destination line above that references /dev/tty12
# and uncomment the line below.
#destination console_all { file("/dev/console"); };
# create filters
filter f_authpriv { facility(auth, authpriv); };
filter f_syslog { not facility(authpriv, mail); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kern { facility(kern); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_user { facility(user); };
filter f_debug { not facility(auth, authpriv, news, mail); };
filter f_messages { level(info..warn)
and not facility(auth, authpriv, mail, news); };
filter f_emergency { level(emerg); };
filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_crit { level(crit); };
filter f_err { level(err); };
filter f_failed { message("failed"); };
filter f_denied { message("denied"); };
# connect filter and destination
log { source(src); filter(f_authpriv); destination(authlog); };
log { source(src); filter(f_syslog); destination(syslog); };
log { source(src); filter(f_cron); destination(cron); };
log { source(src); filter(f_daemon); destination(daemon); };
log { source(kernsrc); filter(f_kern); destination(kern); };
log { source(src); filter(f_lpr); destination(lpr); };
log { source(src); filter(f_mail); destination(mail); };
log { source(src); filter(f_user); destination(user); };
log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); };
log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); };
log { source(src); filter(f_mail); filter(f_err); destination(mailerr); };
log { source(src); filter(f_debug); destination(debug); };
log { source(src); filter(f_messages); destination(messages); };
log { source(src); filter(f_emergency); destination(console); };
# default log
log { source(src); destination(console_all); };
\end{verbatim}
\section{Future Advancements}
What is next for fail2ban after the above? You will want to watch apache logs, and ban any hosts from your IP that search for things they should not be looking for (wordpress logins, phpmyadmin, etc). You can simply add them to a 6-12 month blacklist, if they search for anything they shouldn't be searching for.
\section{Further Reading}
https://www.jwz.org/blog/2019/03/apache-2-4-1-killed-fail2ban-so-thats-awesome/
\end{document}

+ 6
- 0
2019/Fail2Ban_Primer/docs/5.aux View File

@ -0,0 +1,6 @@
\relax
\@writefile{toc}{\contentsline {section}{\numberline {1}Overview}{1}}
\@writefile{toc}{\contentsline {section}{\numberline {2}Instructions for Setup}{1}}
\@writefile{toc}{\contentsline {subsection}{\numberline {2.1}Getting auth.log to appear in Gentoo}{3}}
\@writefile{toc}{\contentsline {section}{\numberline {3}Future Advancements}{5}}
\@writefile{toc}{\contentsline {section}{\numberline {4}Further Reading}{6}}

+ 180
- 0
2019/Fail2Ban_Primer/docs/5.log View File

@ -0,0 +1,180 @@
This is pdfTeX, Version 3.14159265-2.6-1.40.15 (TeX Live 2015/dev/Debian) (preloaded format=pdflatex 2018.11.28) 29 MAY 2019 01:37
entering extended mode
restricted \write18 enabled.
%&-line parsing enabled.
**/home/layoutdev/Desktop/code/documentation_general/IT_Articles/2019/Fail2Ban_
Primer/docs/5.tex
(/home/layoutdev/Desktop/code/documentation_general/IT_Articles/2019/Fail2Ban_P
rimer/docs/5.tex
LaTeX2e <2014/05/01>
Babel <3.9l> and hyphenation patterns for 2 languages loaded.
(/usr/share/texlive/texmf-dist/tex/latex/base/article.cls
Document Class: article 2014/09/29 v1.4h Standard LaTeX document class
(/usr/share/texlive/texmf-dist/tex/latex/base/size11.clo
File: size11.clo 2014/09/29 v1.4h Standard LaTeX file (size option)
)
\c@part=\count79
\c@section=\count80
\c@subsection=\count81
\c@subsubsection=\count82
\c@paragraph=\count83
\c@subparagraph=\count84
\c@figure=\count85
\c@table=\count86
\abovecaptionskip=\skip41
\belowcaptionskip=\skip42
\bibindent=\dimen102
) (./5.aux)
\openout1 = `5.aux'.
LaTeX Font Info: Checking defaults for OML/cmm/m/it on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for T1/cmr/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for OT1/cmr/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for OMS/cmsy/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for OMX/cmex/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for U/cmr/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
(./5.toc
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <10.95> on input line 3.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <8> on input line 3.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <6> on input line 3.
)
\tf@toc=\write3
\openout3 = `5.toc'.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <9> on input line 14.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <5> on input line 14.
LaTeX Font Info: Try loading font information for OMS+cmr on input line 22.
(/usr/share/texlive/texmf-dist/tex/latex/base/omscmr.fd
File: omscmr.fd 2014/09/29 v2.5h Standard LaTeX font definitions
)
LaTeX Font Info: Font shape `OMS/cmr/m/n' in size <10.95> not available
(Font) Font shape `OMS/cmsy/m/n' tried instead on input line 22.
Overfull \hbox (65.4029pt too wide) in paragraph at lines 39--39
[]\OT1/cmtt/m/n/10.95 # this is used in devuan. no other changes are made to ot
her files, except[]
[]
Overfull \hbox (30.91077pt too wide) in paragraph at lines 39--39
[]\OT1/cmtt/m/n/10.95 # that the default ssh filter is disabled in jail.conf if
it enabled[]
[]
[1
{/var/lib/texmf/fonts/map/pdftex/updmap/pdftex.map}]
Overfull \hbox (14.05429pt too wide) in paragraph at lines 58--59
[]\OT1/cmr/bx/n/10.95 To con-fig-ure it, see /etc/fail2ban/actions.d/iptables-c
ommon.conf
[]
[2]
Overfull \hbox (7.91602pt too wide) in paragraph at lines 165--165
[] \OT1/cmtt/m/n/10.95 # The default action of syslog-ng is to log a STA
TS line[]
[]
Overfull \hbox (65.4029pt too wide) in paragraph at lines 165--165
[] \OT1/cmtt/m/n/10.95 # to the file every 10 minutes. That's pretty ug
ly after a while.[]
[]
Overfull \hbox (48.15683pt too wide) in paragraph at lines 165--165
[] \OT1/cmtt/m/n/10.95 # Change it to every 12 hours so you get a nice d
aily update of[]
[]
[3]
Overfull \hbox (13.6647pt too wide) in paragraph at lines 165--165
[]\OT1/cmtt/m/n/10.95 # ...if you intend to use /dev/console for programs like
xconsole[]
[]
Overfull \hbox (71.15158pt too wide) in paragraph at lines 165--165
[]\OT1/cmtt/m/n/10.95 # you can comment out the destination line above that ref
erences /dev/tty12[]
[]
[4]
Overfull \hbox (2.16733pt too wide) in paragraph at lines 165--165
[]\OT1/cmtt/m/n/10.95 log { source(src); filter(f_authpriv); destination(authlo
g); };[]
[]
Overfull \hbox (76.90027pt too wide) in paragraph at lines 165--165
[]\OT1/cmtt/m/n/10.95 log { source(src); filter(f_mail); filter(f_info); destin
ation(mailinfo); };[]
[]
Overfull \hbox (76.90027pt too wide) in paragraph at lines 165--165
[]\OT1/cmtt/m/n/10.95 log { source(src); filter(f_mail); filter(f_warn); destin
ation(mailwarn); };[]
[]
Overfull \hbox (65.4029pt too wide) in paragraph at lines 165--165
[]\OT1/cmtt/m/n/10.95 log { source(src); filter(f_mail); filter(f_err); destina
tion(mailerr); };[]
[]
Overfull \hbox (7.91602pt too wide) in paragraph at lines 165--165
[]\OT1/cmtt/m/n/10.95 log { source(src); filter(f_messages); destination(messag
es); };[]
[]
Overfull \hbox (7.91602pt too wide) in paragraph at lines 165--165
[]\OT1/cmtt/m/n/10.95 log { source(src); filter(f_emergency); destination(conso
le); };[]
[]
[5]
Overfull \hbox (7.91743pt too wide) in paragraph at lines 175--176
[]\OT1/cmr/m/n/10.95 https://www.jwz.org/blog/2019/03/apache-2-4-1-killed-fail2
ban-so-thats-
[]
[6] (./5.aux) )
Here is how much of TeX's memory you used:
261 strings out of 495020
3142 string characters out of 6181323
50970 words of memory out of 5000000
3542 multiletter control sequences out of 15000+600000
8977 words of font info for 32 fonts, out of 8000000 for 9000
14 hyphenation exceptions out of 8191
23i,8n,19p,591b,241s stack positions out of 5000i,500n,10000p,200000b,80000s
</usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cm
bx10.pfb></usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmbx12.p
fb></usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmr10.pfb></us
r/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmr6.pfb></usr/share/
texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmr8.pfb></usr/share/texlive/
texmf-dist/fonts/type1/public/amsfonts/cm/cmr9.pfb></usr/share/texlive/texmf-di
st/fonts/type1/public/amsfonts/cm/cmsy10.pfb></usr/share/texlive/texmf-dist/fon
ts/type1/public/amsfonts/cm/cmtt10.pfb>
Output written on 5.pdf (6 pages, 115833 bytes).
PDF statistics:
55 PDF objects out of 1000 (max. 8388607)
38 compressed objects within 1 object stream
0 named destinations out of 1000 (max. 500000)
1 words of extra memory for PDF output out of 10000 (max. 10000000)

BIN
2019/Fail2Ban_Primer/docs/5.pdf View File


+ 184
- 0
2019/Fail2Ban_Primer/docs/5.tex View File

@ -0,0 +1,184 @@
\documentclass[11pt]{article}
%Gummi|065|=)
\title{\textbf{Fail2ban Primer}}
\author{Steak Electronics}
\date{05/29/19}
\begin{document}
\textbf{Fail2ban Primer}
%maketitle
\tableofcontents
\section{Overview}
Fail2Ban is a firewall adjunct, a spiritual successor to denyhosts\footnote{denyhosts was used for ssh, but eventually was abandoned. It was quite a bit simpler to configure than fail2ban, and this was its strength, but it is also more limited, and now has vulnerabilities.}, which is used to block ip addresses that try to break into your internet server.
Here are some of the traps, and configurations I've needed to setup fail2ban correctly. It's not a complex program, but unless you sit down and understand it, you might get caught. To be honest, it took me some time to figure out fail2ban, as I initially didn't have the patience to sit down and configure it.
\section{Instructions for Setup}
Quick setup for Devuan / Debian 9:
First install fail2ban using apt-get. (apt-get install fail2ban).
Fail2ban is a service that will appear in /etc/init.d/ in Devuan.
So it can be managed with service fail2ban \{start,stop,restart\}.
Second, navigate to /etc/fail2ban/jail.d/
Add the following to a sshd.conf file (or name it anything you like)
\begin{verbatim}
# this is used in devuan. no other changes are made to other files, except
# that the default ssh filter is disabled in jail.conf if it enabled
[sshd]
ignoreip = 127.0.0.1/8
action = iptables-allports
maxretry = 6
enabled = true
filter = sshd
logpath = /var/log/auth.log
bantime = 360000
findtime = 3600
\end{verbatim}
Now, a few notes on this file.
\vspace{0.2in}
First, action can be iptables for a single port, or iptables-multiport for more than one, but we are using iptables-allports, as we want to block everything. These actions are listed in /etc/fail2ban/actions.d/
\vspace{0.2in}
Second, logpath, should point to your ssh log. In devuan ascii / debian stretch (9) it should be /var/log/auth.log. Other distributions may vary. The format of the ssh log can vary as well. In this guide, it's assumed to be auth.log. Gentoo users see below to enable auth.log in syslog-ng.
\vspace{0.2in}
Third, be careful of different ssh ports. I routinely change ssh ports to be a non standard port, which although it's somewhat pointless, it still seems to block random ssh port scans for port 22. If you use a different port, you must specify it in iptables-multiport above. A potential trap is to use a nonstandard port, then wonder why fail2ban blocks port 22, but your ssh is on port 123 or something. An agressive and easier approach is to just block everything.
\vspace{0.2in}
Fourth, the default action in iptables-common \footnote{this parent file in actions.d applies to all child iptables of course, being named ``common''} is to REJECT packets. However, I have changed it to DROP (blocktype=DROP). For those unfamiliar with the difference between REJECT and DROP, from my understanding, it is that REJECT will alert the outside host that the post is unreachable, while DROP simply goes silent, leaving the other host to figure it out on their own.
\textbf{To configure it, see /etc/fail2ban/actions.d/iptables-common.conf and search for blocktype.}
As I consider the offending ip addresses to be attackers, I have set it to DROP. If they try to break into the server, then block all ports from them, and don't tell them anything. The DROP timeout is more work on their end. With REJECT, my server responds. No need to play nice, with people/robots that have no morals.
On fail2ban issues git tracker, there is some discussion about this, and it is not really definitive. It ends up being that, REJECT is default, and if you want you can change it to DROP. As I have. As long as the option is there, I think that is acceptable.
\vspace{0.2in}
Fifth, review jail.conf, and fail2ban.conf. Usually nothing needs to be changed, but occasionally jail.conf will enable the default sshd jail (which you can disable, and use instead the new one). This will be distribution dependent.
\subsection{Getting auth.log to appear in Gentoo}
This guide will only cover those working with syslog-ng in Gentoo. You can add a config to syslog-ng to get auth.log to appear in Gentoo.
\footnote{Reference: https://wiki.gentoo.org/wiki/Security\_Handbook/Logging\#Syslog-ng} Notice in the below config, that a destination has been defined for authlog. You need not copy all the syslog-ng below, only what you need.
\begin{verbatim}
/etc/syslog-ng/syslog-ng.confSyslog-ng
@version: 3.17 #mandatory since Version 3, specify
the version number of the used syslog-ng
options {
chain_hostnames(no);
# The default action of syslog-ng is to log a STATS line
# to the file every 10 minutes. That's pretty ugly after a while.
# Change it to every 12 hours so you get a nice daily update of
# how many messages syslog-ng missed (0).
stats_freq(43200);
};
source src {
unix-stream("/dev/log" max-connections(256));
internal();
};
source kernsrc { file("/proc/kmsg"); };
# define destinations
destination authlog { file("/var/log/auth.log"); };
destination syslog { file("/var/log/syslog"); };
destination cron { file("/var/log/cron.log"); };
destination daemon { file("/var/log/daemon.log"); };
destination kern { file("/var/log/kern.log"); };
destination lpr { file("/var/log/lpr.log"); };
destination user { file("/var/log/user.log"); };
destination mail { file("/var/log/mail.log"); };
destination mailinfo { file("/var/log/mail.info"); };
destination mailwarn { file("/var/log/mail.warn"); };
destination mailerr { file("/var/log/mail.err"); };
destination newscrit { file("/var/log/news/news.crit"); };
destination newserr { file("/var/log/news/news.err"); };
destination newsnotice { file("/var/log/news/news.notice"); };
destination debug { file("/var/log/debug"); };
destination messages { file("/var/log/messages"); };
destination console { usertty("root"); };
# By default messages are logged to tty12...
destination console_all { file("/dev/tty12"); };
# ...if you intend to use /dev/console for programs like xconsole
# you can comment out the destination line above that references /dev/tty12
# and uncomment the line below.
#destination console_all { file("/dev/console"); };
# create filters
filter f_authpriv { facility(auth, authpriv); };
filter f_syslog { not facility(authpriv, mail); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kern { facility(kern); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_user { facility(user); };
filter f_debug { not facility(auth, authpriv, news, mail); };
filter f_messages { level(info..warn)
and not facility(auth, authpriv, mail, news); };
filter f_emergency { level(emerg); };
filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_crit { level(crit); };
filter f_err { level(err); };
filter f_failed { message("failed"); };
filter f_denied { message("denied"); };
# connect filter and destination
log { source(src); filter(f_authpriv); destination(authlog); };
log { source(src); filter(f_syslog); destination(syslog); };
log { source(src); filter(f_cron); destination(cron); };
log { source(src); filter(f_daemon); destination(daemon); };
log { source(kernsrc); filter(f_kern); destination(kern); };
log { source(src); filter(f_lpr); destination(lpr); };
log { source(src); filter(f_mail); destination(mail); };
log { source(src); filter(f_user); destination(user); };
log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); };
log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); };
log { source(src); filter(f_mail); filter(f_err); destination(mailerr); };
log { source(src); filter(f_debug); destination(debug); };
log { source(src); filter(f_messages); destination(messages); };
log { source(src); filter(f_emergency); destination(console); };
# default log
log { source(src); destination(console_all); };
\end{verbatim}
\section{Future Advancements}
What is next for fail2ban after the above? You will want to watch apache logs, and ban any hosts from your IP that search for things they should not be looking for (wordpress logins, phpmyadmin, etc).
Gentoo has a use flag to use a DB to do persistent blocking over time. This way you can block offending IPs through restarts.
\section{Further Reading}
https://github.com/fail2ban/fail2ban/issues/2217
https://www.jwz.org/blog/2019/03/apache-2-4-1-killed-fail2ban-so-thats-awesome/
https://www.fail2ban.org/wiki/index.php/Apache
https://www.fail2ban.org/wiki/index.php/
\end{document}

+ 182
- 0
2019/Fail2Ban_Primer/docs/5.tex~ View File

@ -0,0 +1,182 @@
\documentclass[11pt]{article}
%Gummi|065|=)
\title{\textbf{Fail2ban Primer}}
\author{Steak Electronics}
\date{05/12/19}
\begin{document}
\maketitle
\section{Overview}
Fail2Ban is a program, a spiritual successor to denyhosts\footnote{denyhosts was used for ssh, but eventually was abandoned. It was quite a bit simpler to configure than fail2ban, and this was its strength, but it is also more limited, and now has vulnerabilities.}, which is used to block ip addresses that try to break into your internet server.
Here are some of the traps, and configurations I've needed to setup fail2ban correctly. It's not a complex program, but unless you sit down and understand it, you might get caught.
\section{Instructions for Setup}
Quick setup for Devuan / Debian 9:
First install fail2ban using apt-get. (apt-get install fail2ban).
Fail2ban is a service that will appear in /etc/init.d/ in Devuan.
So it can be managed with service fail2ban \{start,stop,restart\}.
Second, navigate to /etc/fail2ban/jail.d/
Add the following to a sshd.conf file (or name it anything you like)
\begin{verbatim}
# this is used in devuan. no other changes are made to other files, except
# that the default ssh filter is disabled in jail.conf if it enabled
[sshd]
ignoreip = 127.0.0.1/8
#banaction = iptables
action = iptables-allports
maxretry = 6
enabled = true
filter = sshd
logpath = /var/log/auth.log
bantime = 360000
findtime = 3600
\end{verbatim}
Now, a few notes on this file.
\vspace{0.2in}
First, action can be iptables for a single port, or iptables-multiport for more than one, but we are using iptables-allports, as we want to block everything.
\vspace{0.2in}
Second, logpath, should point to your ssh log. In devuan ascii / debian stretch (9) it should be /var/log/auth.log. Other distributions may vary. The format of the ssh log can vary as well. In this guide, it's assumed to be auth.log.
\vspace{0.2in}
Third, be careful of different ssh ports. I routinely change ssh ports to be a non standard port, which although it's somewhat pointless, it still seems to block random ssh port scans for port 22. If you use a different port, you must specify it in iptables-multiport above. A potential trap is to use a nonstandard port, then wonder why fail2ban blocks port 22, but your ssh is on port 123 or something. An agressive adn easier approach is to just block everything.
\vspace{0.2in}
Fourth, the default action in iptables-common \footnote{this file in actions.d applies to all iptables of course, being common} is to REJECT packets. However, I have changed it to DROP (blocktype=DROP). For those not familiar with the difference between REJECT and DROP, from my understanding, it boils down to that REJECT will alert the outside host that the post is unreachable, while drop simply drops the connection, leaving the other host to figure it out on their own.
\textbf{To configure it, see /etc/fail2ban/actions.d/iptables-common.conf and search for blocktype.}
As I consider the offending ip addresses to be attackers, I have set it to DROP. If they try to break into the server, then block all ports from them, and don't tell them anything. The DROP timeout is more work on their end. With REJECT, my server actually responds to them.
On fail2ban issues git tracker, there is some discussion about this, and it is not really definitive. It ends up being that, REJECT is default, and if you want you can change it to DROP. As I have.
\vspace{0.2in}
Fifth, review jail.conf, and fail2ban.conf. Usually nothing needs to be changed, but occasionally jail.conf will enable the default sshd jail (which you can disable, and use instead the new one).
\subsection{Configuration in Gentoo}
This guide will only cover those working with syslog-ng in Gentoo. You can add a config to syslog-ng to get auth.log to appear in Gentoo.
\footnote{Reference: https://wiki.gentoo.org/wiki/Security\_Handbook/Logging\#Syslog-ng} Notice in the below config, that a destination has been defined for authlog. You need not copy all the syslog-ng below, only what you need.
\begin{verbatim}
/etc/syslog-ng/syslog-ng.confSyslog-ng
@version: 3.17 #mandatory since Version 3, specify
the version number of the used syslog-ng
options {
chain_hostnames(no);
# The default action of syslog-ng is to log a STATS line
# to the file every 10 minutes. That's pretty ugly after a while.
# Change it to every 12 hours so you get a nice daily update of
# how many messages syslog-ng missed (0).
stats_freq(43200);
};
source src {
unix-stream("/dev/log" max-connections(256));
internal();
};
source kernsrc { file("/proc/kmsg"); };
# define destinations
destination authlog { file("/var/log/auth.log"); };
destination syslog { file("/var/log/syslog"); };
destination cron { file("/var/log/cron.log"); };
destination daemon { file("/var/log/daemon.log"); };
destination kern { file("/var/log/kern.log"); };
destination lpr { file("/var/log/lpr.log"); };
destination user { file("/var/log/user.log"); };
destination mail { file("/var/log/mail.log"); };
destination mailinfo { file("/var/log/mail.info"); };
destination mailwarn { file("/var/log/mail.warn"); };
destination mailerr { file("/var/log/mail.err"); };
destination newscrit { file("/var/log/news/news.crit"); };
destination newserr { file("/var/log/news/news.err"); };
destination newsnotice { file("/var/log/news/news.notice"); };
destination debug { file("/var/log/debug"); };
destination messages { file("/var/log/messages"); };
destination console { usertty("root"); };
# By default messages are logged to tty12...
destination console_all { file("/dev/tty12"); };
# ...if you intend to use /dev/console for programs like xconsole
# you can comment out the destination line above that references /dev/tty12
# and uncomment the line below.
#destination console_all { file("/dev/console"); };
# create filters
filter f_authpriv { facility(auth, authpriv); };
filter f_syslog { not facility(authpriv, mail); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kern { facility(kern); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_user { facility(user); };
filter f_debug { not facility(auth, authpriv, news, mail); };
filter f_messages { level(info..warn)
and not facility(auth, authpriv, mail, news); };
filter f_emergency { level(emerg); };
filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_crit { level(crit); };
filter f_err { level(err); };
filter f_failed { message("failed"); };
filter f_denied { message("denied"); };
# connect filter and destination
log { source(src); filter(f_authpriv); destination(authlog); };
log { source(src); filter(f_syslog); destination(syslog); };
log { source(src); filter(f_cron); destination(cron); };
log { source(src); filter(f_daemon); destination(daemon); };
log { source(kernsrc); filter(f_kern); destination(kern); };
log { source(src); filter(f_lpr); destination(lpr); };
log { source(src); filter(f_mail); destination(mail); };
log { source(src); filter(f_user); destination(user); };
log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); };
log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); };
log { source(src); filter(f_mail); filter(f_err); destination(mailerr); };
log { source(src); filter(f_debug); destination(debug); };
log { source(src); filter(f_messages); destination(messages); };
log { source(src); filter(f_emergency); destination(console); };
# default log
log { source(src); destination(console_all); };
\end{verbatim}
\section{Future Advancements}
What is next for fail2ban after the above? You will want to watch apache logs, and ban any hosts from your IP that search for things they should not be looking for (wordpress logins, phpmyadmin, etc). You can simply add them to a 6-12 month blacklist, if they search for anything they shouldn't be searching for.
Gentoo has a use flag to use a DB to do persistent blocking over time. This way you can block offending IPs through restarts.
\section{Further Reading}
https://github.com/fail2ban/fail2ban/issues/2217
https://www.jwz.org/blog/2019/03/apache-2-4-1-killed-fail2ban-so-thats-awesome/
https://www.fail2ban.org/wiki/index.php/Apache
https://www.fail2ban.org/wiki/index.php/
\end{document}

+ 5
- 0
2019/Fail2Ban_Primer/docs/5.toc View File

@ -0,0 +1,5 @@
\contentsline {section}{\numberline {1}Overview}{1}
\contentsline {section}{\numberline {2}Instructions for Setup}{1}
\contentsline {subsection}{\numberline {2.1}Getting auth.log to appear in Gentoo}{3}
\contentsline {section}{\numberline {3}Future Advancements}{5}
\contentsline {section}{\numberline {4}Further Reading}{6}

+ 6
- 0
2019/Fail2Ban_Primer/docs/6.aux View File

@ -0,0 +1,6 @@
\relax
\@writefile{toc}{\contentsline {section}{\numberline {1}Overview}{1}}
\@writefile{toc}{\contentsline {section}{\numberline {2}Instructions for Setup}{1}}
\@writefile{toc}{\contentsline {subsection}{\numberline {2.1}Getting auth.log to appear in Gentoo}{3}}
\@writefile{toc}{\contentsline {section}{\numberline {3}Future Advancements}{5}}
\@writefile{toc}{\contentsline {section}{\numberline {4}Further Reading}{6}}

+ 180
- 0
2019/Fail2Ban_Primer/docs/6.log View File

@ -0,0 +1,180 @@
This is pdfTeX, Version 3.14159265-2.6-1.40.15 (TeX Live 2015/dev/Debian) (preloaded format=pdflatex 2018.11.28) 29 MAY 2019 01:37
entering extended mode
restricted \write18 enabled.
%&-line parsing enabled.
**/home/layoutdev/Desktop/code/documentation_general/IT_Articles/2019/Fail2Ban_
Primer/docs/6.tex
(/home/layoutdev/Desktop/code/documentation_general/IT_Articles/2019/Fail2Ban_P
rimer/docs/6.tex
LaTeX2e <2014/05/01>
Babel <3.9l> and hyphenation patterns for 2 languages loaded.
(/usr/share/texlive/texmf-dist/tex/latex/base/article.cls
Document Class: article 2014/09/29 v1.4h Standard LaTeX document class
(/usr/share/texlive/texmf-dist/tex/latex/base/size11.clo
File: size11.clo 2014/09/29 v1.4h Standard LaTeX file (size option)
)
\c@part=\count79
\c@section=\count80
\c@subsection=\count81
\c@subsubsection=\count82
\c@paragraph=\count83
\c@subparagraph=\count84
\c@figure=\count85
\c@table=\count86
\abovecaptionskip=\skip41
\belowcaptionskip=\skip42
\bibindent=\dimen102
) (./6.aux)
\openout1 = `6.aux'.
LaTeX Font Info: Checking defaults for OML/cmm/m/it on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for T1/cmr/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for OT1/cmr/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for OMS/cmsy/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for OMX/cmex/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for U/cmr/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
(./6.toc
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <10.95> on input line 3.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <8> on input line 3.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <6> on input line 3.
)
\tf@toc=\write3
\openout3 = `6.toc'.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <9> on input line 14.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <5> on input line 14.
LaTeX Font Info: Try loading font information for OMS+cmr on input line 22.
(/usr/share/texlive/texmf-dist/tex/latex/base/omscmr.fd
File: omscmr.fd 2014/09/29 v2.5h Standard LaTeX font definitions
)
LaTeX Font Info: Font shape `OMS/cmr/m/n' in size <10.95> not available
(Font) Font shape `OMS/cmsy/m/n' tried instead on input line 22.
Overfull \hbox (65.4029pt too wide) in paragraph at lines 39--39
[]\OT1/cmtt/m/n/10.95 # this is used in devuan. no other changes are made to ot
her files, except[]
[]
Overfull \hbox (30.91077pt too wide) in paragraph at lines 39--39
[]\OT1/cmtt/m/n/10.95 # that the default ssh filter is disabled in jail.conf if
it enabled[]
[]
[1
{/var/lib/texmf/fonts/map/pdftex/updmap/pdftex.map}]
Overfull \hbox (14.05429pt too wide) in paragraph at lines 58--59
[]\OT1/cmr/bx/n/10.95 To con-fig-ure it, see /etc/fail2ban/actions.d/iptables-c
ommon.conf
[]
[2]
Overfull \hbox (7.91602pt too wide) in paragraph at lines 165--165
[] \OT1/cmtt/m/n/10.95 # The default action of syslog-ng is to log a STA
TS line[]
[]
Overfull \hbox (65.4029pt too wide) in paragraph at lines 165--165
[] \OT1/cmtt/m/n/10.95 # to the file every 10 minutes. That's pretty ug
ly after a while.[]
[]
Overfull \hbox (48.15683pt too wide) in paragraph at lines 165--165
[] \OT1/cmtt/m/n/10.95 # Change it to every 12 hours so you get a nice d
aily update of[]
[]
[3]
Overfull \hbox (13.6647pt too wide) in paragraph at lines 165--165
[]\OT1/cmtt/m/n/10.95 # ...if you intend to use /dev/console for programs like
xconsole[]
[]
Overfull \hbox (71.15158pt too wide) in paragraph at lines 165--165
[]\OT1/cmtt/m/n/10.95 # you can comment out the destination line above that ref
erences /dev/tty12[]
[]
[4]
Overfull \hbox (2.16733pt too wide) in paragraph at lines 165--165
[]\OT1/cmtt/m/n/10.95 log { source(src); filter(f_authpriv); destination(authlo
g); };[]
[]
Overfull \hbox (76.90027pt too wide) in paragraph at lines 165--165
[]\OT1/cmtt/m/n/10.95 log { source(src); filter(f_mail); filter(f_info); destin
ation(mailinfo); };[]
[]
Overfull \hbox (76.90027pt too wide) in paragraph at lines 165--165
[]\OT1/cmtt/m/n/10.95 log { source(src); filter(f_mail); filter(f_warn); destin
ation(mailwarn); };[]
[]
Overfull \hbox (65.4029pt too wide) in paragraph at lines 165--165
[]\OT1/cmtt/m/n/10.95 log { source(src); filter(f_mail); filter(f_err); destina
tion(mailerr); };[]
[]
Overfull \hbox (7.91602pt too wide) in paragraph at lines 165--165
[]\OT1/cmtt/m/n/10.95 log { source(src); filter(f_messages); destination(messag
es); };[]
[]
Overfull \hbox (7.91602pt too wide) in paragraph at lines 165--165
[]\OT1/cmtt/m/n/10.95 log { source(src); filter(f_emergency); destination(conso
le); };[]
[]
[5]
Overfull \hbox (7.91743pt too wide) in paragraph at lines 175--176
[]\OT1/cmr/m/n/10.95 https://www.jwz.org/blog/2019/03/apache-2-4-1-killed-fail2
ban-so-thats-
[]
[6] (./6.aux) )
Here is how much of TeX's memory you used:
261 strings out of 495020
3142 string characters out of 6181323
50970 words of memory out of 5000000
3542 multiletter control sequences out of 15000+600000
8977 words of font info for 32 fonts, out of 8000000 for 9000
14 hyphenation exceptions out of 8191
23i,8n,19p,591b,241s stack positions out of 5000i,500n,10000p,200000b,80000s
</usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cm
bx10.pfb></usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmbx12.p
fb></usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmr10.pfb></us
r/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmr6.pfb></usr/share/
texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmr8.pfb></usr/share/texlive/
texmf-dist/fonts/type1/public/amsfonts/cm/cmr9.pfb></usr/share/texlive/texmf-di
st/fonts/type1/public/amsfonts/cm/cmsy10.pfb></usr/share/texlive/texmf-dist/fon
ts/type1/public/amsfonts/cm/cmtt10.pfb>
Output written on 6.pdf (6 pages, 115833 bytes).
PDF statistics:
55 PDF objects out of 1000 (max. 8388607)
38 compressed objects within 1 object stream
0 named destinations out of 1000 (max. 500000)
1 words of extra memory for PDF output out of 10000 (max. 10000000)

BIN
2019/Fail2Ban_Primer/docs/6.pdf View File


+ 184
- 0
2019/Fail2Ban_Primer/docs/6.tex View File

@ -0,0 +1,184 @@
\documentclass[11pt]{article}
%Gummi|065|=)
\title{\textbf{Fail2ban Primer}}
\author{Steak Electronics}
\date{05/29/19}
\begin{document}
\textbf{Fail2ban Primer}
%maketitle
\tableofcontents
\section{Overview}
Fail2Ban is a firewall adjunct, a spiritual successor to denyhosts\footnote{denyhosts was used for ssh, but eventually was abandoned. It was quite a bit simpler to configure than fail2ban, and this was its strength, but it is also more limited, and now has vulnerabilities.}, which is used to block ip addresses that try to break into your internet server.
Here are some of the traps, and configurations I've needed to setup fail2ban correctly. It's not a complex program, but unless you sit down and understand it, you might get caught. To be honest, it took me some time to figure out fail2ban, as I initially didn't have the patience to sit down and configure it.
\section{Instructions for Setup}
Quick setup for Devuan / Debian 9:
First install fail2ban using apt-get. (apt-get install fail2ban).
Fail2ban is a service that will appear in /etc/init.d/ in Devuan.
So it can be managed with service fail2ban \{start,stop,restart\}.
Second, navigate to /etc/fail2ban/jail.d/
Add the following to a sshd.conf file (or name it anything you like)
\begin{verbatim}
# this is used in devuan. no other changes are made to other files, except
# that the default ssh filter is disabled in jail.conf if it enabled
[sshd]
ignoreip = 127.0.0.1/8
action = iptables-allports
maxretry = 6
enabled = true
filter = sshd
logpath = /var/log/auth.log
bantime = 360000
findtime = 3600
\end{verbatim}
Now, a few notes on this file.
\vspace{0.2in}
First, action can be iptables for a single port, or iptables-multiport for more than one, but we are using iptables-allports, as we want to block everything. These actions are listed in /etc/fail2ban/actions.d/
\vspace{0.2in}
Second, logpath, should point to your ssh log. In devuan ascii / debian stretch (9) it should be /var/log/auth.log. Other distributions may vary. The format of the ssh log can vary as well. In this guide, it's assumed to be auth.log. Gentoo users see below to enable auth.log in syslog-ng.
\vspace{0.2in}
Third, be careful of different ssh ports. I routinely change ssh ports to be a non standard port, which although it's somewhat pointless, it still seems to block random ssh port scans for port 22. If you use a different port, you must specify it in iptables-multiport above. A potential trap is to use a nonstandard port, then wonder why fail2ban blocks port 22, but your ssh is on port 123 or something. An agressive and easier approach is to just block everything.
\vspace{0.2in}
Fourth, the default action in iptables-common \footnote{this parent file in actions.d applies to all child iptables of course, being named ``common''} is to REJECT packets. However, I have changed it to DROP (blocktype=DROP). For those unfamiliar with the difference between REJECT and DROP, from my understanding, it is that REJECT will alert the outside host that the post is unreachable, while DROP simply goes silent, leaving the other host to figure it out on their own.
\textbf{To configure it, see /etc/fail2ban/actions.d/iptables-common.conf and search for blocktype.}
As I consider the offending ip addresses to be attackers, I have set it to DROP. If they try to break into the server, then block all ports from them, and don't tell them anything. The DROP timeout is more work on their end. With REJECT, my server responds. No need to play nice, with people/robots that have no morals.
On fail2ban issues git tracker, there is some discussion about this, and it is not really definitive. It ends up being that, REJECT is default, and if you want you can change it to DROP. As I have. As long as the option is there, I think that is acceptable.
\vspace{0.2in}
Fifth, review jail.conf, and fail2ban.conf. Usually nothing needs to be changed, but occasionally jail.conf will enable the default sshd jail (which you can disable, and use instead the new one). This will be distribution dependent.
\subsection{Getting auth.log to appear in Gentoo}
This guide will only cover those working with syslog-ng in Gentoo. You can add a config to syslog-ng to get auth.log to appear in Gentoo.
\footnote{Reference: https://wiki.gentoo.org/wiki/Security\_Handbook/Logging\#Syslog-ng} Notice in the below config, that a destination has been defined for authlog. You need not copy all the syslog-ng below, only what you need.
\begin{verbatim}
/etc/syslog-ng/syslog-ng.confSyslog-ng
@version: 3.17 #mandatory since Version 3, specify
the version number of the used syslog-ng
options {
chain_hostnames(no);
# The default action of syslog-ng is to log a STATS line
# to the file every 10 minutes. That's pretty ugly after a while.
# Change it to every 12 hours so you get a nice daily update of
# how many messages syslog-ng missed (0).
stats_freq(43200);
};
source src {
unix-stream("/dev/log" max-connections(256));
internal();
};
source kernsrc { file("/proc/kmsg"); };
# define destinations
destination authlog { file("/var/log/auth.log"); };
destination syslog { file("/var/log/syslog"); };
destination cron { file("/var/log/cron.log"); };
destination daemon { file("/var/log/daemon.log"); };
destination kern { file("/var/log/kern.log"); };
destination lpr { file("/var/log/lpr.log"); };
destination user { file("/var/log/user.log"); };
destination mail { file("/var/log/mail.log"); };
destination mailinfo { file("/var/log/mail.info"); };
destination mailwarn { file("/var/log/mail.warn"); };
destination mailerr { file("/var/log/mail.err"); };
destination newscrit { file("/var/log/news/news.crit"); };
destination newserr { file("/var/log/news/news.err"); };
destination newsnotice { file("/var/log/news/news.notice"); };
destination debug { file("/var/log/debug"); };
destination messages { file("/var/log/messages"); };
destination console { usertty("root"); };
# By default messages are logged to tty12...
destination console_all { file("/dev/tty12"); };
# ...if you intend to use /dev/console for programs like xconsole
# you can comment out the destination line above that references /dev/tty12
# and uncomment the line below.
#destination console_all { file("/dev/console"); };
# create filters
filter f_authpriv { facility(auth, authpriv); };
filter f_syslog { not facility(authpriv, mail); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kern { facility(kern); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_user { facility(user); };
filter f_debug { not facility(auth, authpriv, news, mail); };
filter f_messages { level(info..warn)
and not facility(auth, authpriv, mail, news); };
filter f_emergency { level(emerg); };
filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_crit { level(crit); };
filter f_err { level(err); };
filter f_failed { message("failed"); };
filter f_denied { message("denied"); };
# connect filter and destination
log { source(src); filter(f_authpriv); destination(authlog); };
log { source(src); filter(f_syslog); destination(syslog); };
log { source(src); filter(f_cron); destination(cron); };
log { source(src); filter(f_daemon); destination(daemon); };
log { source(kernsrc); filter(f_kern); destination(kern); };
log { source(src); filter(f_lpr); destination(lpr); };
log { source(src); filter(f_mail); destination(mail); };
log { source(src); filter(f_user); destination(user); };
log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); };
log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); };
log { source(src); filter(f_mail); filter(f_err); destination(mailerr); };
log { source(src); filter(f_debug); destination(debug); };
log { source(src); filter(f_messages); destination(messages); };
log { source(src); filter(f_emergency); destination(console); };
# default log
log { source(src); destination(console_all); };
\end{verbatim}
\section{Future Advancements}
What is next for fail2ban after the above? You will want to watch apache logs, and ban any hosts from your IP that search for things they should not be looking for (wordpress logins, phpmyadmin, etc).
Gentoo has a use flag to use a DB to do persistent blocking over time. This way you can block offending IPs through restarts.
\section{Further Reading}
https://github.com/fail2ban/fail2ban/issues/2217
https://www.jwz.org/blog/2019/03/apache-2-4-1-killed-fail2ban-so-thats-awesome/
https://www.fail2ban.org/wiki/index.php/Apache
https://www.fail2ban.org/wiki/index.php/
\end{document}

+ 5
- 0
2019/Fail2Ban_Primer/docs/6.toc View File

@ -0,0 +1,5 @@
\contentsline {section}{\numberline {1}Overview}{1}
\contentsline {section}{\numberline {2}Instructions for Setup}{1}
\contentsline {subsection}{\numberline {2.1}Getting auth.log to appear in Gentoo}{3}
\contentsline {section}{\numberline {3}Future Advancements}{5}
\contentsline {section}{\numberline {4}Further Reading}{6}

+ 5
- 0
2019/GNULinux_Resizing_Partitions/docs/1.aux View File

@ -0,0 +1,5 @@
\relax
\@writefile{toc}{\contentsline {section}{\numberline {1}Overview}{1}}
\@writefile{toc}{\contentsline {section}{\numberline {2}Notes}{1}}
\@writefile{toc}{\contentsline {subsection}{\numberline {2.1}resize partitions}{1}}
\@writefile{toc}{\contentsline {subsection}{\numberline {2.2}Things to edit:}{2}}

+ 86
- 0
2019/GNULinux_Resizing_Partitions/docs/1.log View File

@ -0,0 +1,86 @@
This is pdfTeX, Version 3.14159265-2.6-1.40.15 (TeX Live 2015/dev/Debian) (preloaded format=pdflatex 2018.11.28) 31 MAY 2019 01:28
entering extended mode
restricted \write18 enabled.
%&-line parsing enabled.
**/home/layoutdev/Desktop/code/documentation_general/IT_Articles/2019/GNULinux_
Resizing_Partitions/docs/1.tex
(/home/layoutdev/Desktop/code/documentation_general/IT_Articles/2019/GNULinux_R
esizing_Partitions/docs/1.tex
LaTeX2e <2014/05/01>
Babel <3.9l> and hyphenation patterns for 2 languages loaded.
(/usr/share/texlive/texmf-dist/tex/latex/base/article.cls
Document Class: article 2014/09/29 v1.4h Standard LaTeX document class
(/usr/share/texlive/texmf-dist/tex/latex/base/size11.clo
File: size11.clo 2014/09/29 v1.4h Standard LaTeX file (size option)
)
\c@part=\count79
\c@section=\count80
\c@subsection=\count81
\c@subsubsection=\count82
\c@paragraph=\count83
\c@subparagraph=\count84
\c@figure=\count85
\c@table=\count86
\abovecaptionskip=\skip41
\belowcaptionskip=\skip42
\bibindent=\dimen102
) (./1.aux)
\openout1 = `1.aux'.
LaTeX Font Info: Checking defaults for OML/cmm/m/it on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for T1/cmr/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for OT1/cmr/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for OMS/cmsy/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for OMX/cmex/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for U/cmr/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <10.95> on input line 26.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <8> on input line 26.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <6> on input line 26.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <9> on input line 26.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <5> on input line 26.
LaTeX Font Info: Try loading font information for OMS+cmr on input line 42.
(/usr/share/texlive/texmf-dist/tex/latex/base/omscmr.fd
File: omscmr.fd 2014/09/29 v2.5h Standard LaTeX font definitions
)
LaTeX Font Info: Font shape `OMS/cmr/m/n' in size <10.95> not available
(Font) Font shape `OMS/cmsy/m/n' tried instead on input line 42.
[1
{/var/lib/texmf/fonts/map/pdftex/updmap/pdftex.map}] [2] (./1.aux) )
Here is how much of TeX's memory you used:
256 strings out of 495020
3126 string characters out of 6181323
50970 words of memory out of 5000000
3540 multiletter control sequences out of 15000+600000
9155 words of font info for 32 fonts, out of 8000000 for 9000
14 hyphenation exceptions out of 8191
24i,8n,19p,535b,173s stack positions out of 5000i,500n,10000p,200000b,80000s
</usr/share
/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmbx10.pfb></usr/share/texli
ve/texmf-dist/fonts/type1/public/amsfonts/cm/cmbx12.pfb></usr/share/texlive/tex
mf-dist/fonts/type1/public/amsfonts/cm/cmr10.pfb></usr/share/texlive/texmf-dist
/fonts/type1/public/amsfonts/cm/cmr6.pfb></usr/share/texlive/texmf-dist/fonts/t
ype1/public/amsfonts/cm/cmr8.pfb></usr/share/texlive/texmf-dist/fonts/type1/pub
lic/amsfonts/cm/cmr9.pfb></usr/share/texlive/texmf-dist/fonts/type1/public/amsf
onts/cm/cmsy10.pfb></usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/c
m/cmti10.pfb>
Output written on 1.pdf (2 pages, 94227 bytes).
PDF statistics:
43 PDF objects out of 1000 (max. 8388607)
30 compressed objects within 1 object stream
0 named destinations out of 1000 (max. 500000)
1 words of extra memory for PDF output out of 10000 (max. 10000000)

BIN
2019/GNULinux_Resizing_Partitions/docs/1.pdf View File


+ 61
- 0
2019/GNULinux_Resizing_Partitions/docs/1.tex View File

@ -0,0 +1,61 @@
\documentclass[11pt]{article}
%Gummi|065|=)
\title{\textbf{Expanding HDDs}}
\author{Steak Electronics}
\date{05/30/19}
\begin{document}
\textbf{Expanding HDDs}
%\maketitle
\section{Overview}
I occasionally expand hdds. When this is done, sometimes I have to move partitions around, for example, changing a 1,2,5 (2 and 5 being extended partitions) to a 1,2, which I did for my main documentation machine. When this occured, there were a few gotcha's which I will try to note here.
\section{Notes}
Here's a rough outline of what happened.
I had a 1,2,5 (the 2nd partition being an empty transition partition from primary to extended type) partition table. 1 was root, 5 was swap.
It was a 40GB HDD. I decided to expand it to an 80GB HDD.
First, I used clonezilla, and did a standard disk to disk. Everything went without a hitch.
Then I needed to resize the partitions
\subsection{resize partitions}
I've always done this with fsck. Apparently parted once\footnote{They removed this, and replaced it with something different. removing backwards compatibility is a sin in software. They have sinned.} had a command named resize and some guides online still talk of it, as if it will work. It doesn't. It was removed. Don't waste time with parted.
Fsck, essentially, you delete all the partitions, then add them as you want, IF you have a root partition that is 1, with everything. \footnote{If you split up the partitions, you will need to image the partitions and copy them differently.} I always use a single root partition. Simple. No need to complicate a desktop os. So for 1,2,5, I delete all partitions, then add 1, with an additional 40G in fsck.
+80G in this case is what I did.\footnote{Perhaps I should've done +70G to stay under the 80G of an actual 80GB hdd.}
Then add the swap after.
mkswap the swap. resize2fs the root partition (it may ask you to e2fsck -f first, so do that if necessary). That's easy.
However, here's the trap. You aren't done. You need to edit not only fstab, but also a few other places.
\subsection{Things to edit:}
\begin{itemize}
\item fstab
\item /etc/initramfs/conf.d/resume (may be optional if you don't suspend)
\item update-grub
\item update-initramfs -u -all
\item grub-install /dev/sda
\item grub-install /dev/sda1
\end{itemize}
You add the new blkid of the new swap (if it's new) to the conf.d resume. My grub-install /dev/sda1 errored out, but I think it was the /dev/sda one I needed to redo. Do both just in case. Also make sure to do an update-initramfs -u -all. And you probably already remembered about update-grub but that should probably be done as well.
It's easy to miss one of these, and if you do, you will be loaded into grub. If you load manually in grub with:
\emph{linux = /boot/vmlinuz...}
\emph{initrd = /boot/initrd...}
\emph{boot}
Then in my case, you will end up in an initramfs that can't find the fstab. So then chroot into the hdd, and run the steps above.
\end{document}

+ 163
- 0
2019/GNULinux_Resizing_Partitions/docs/1.tex~ View File

@ -0,0 +1,163 @@
\documentclass[11pt]{article}
%Gummi|065|=)
\title{\textbf{Fail2ban Primer}}
\author{Steak Electronics}
\date{05/12/19}
\begin{document}
\maketitle
\section{Overview}
Fail2Ban is a program, a spiritual successor to denyhosts\footnote{denyhosts was used for ssh, but eventually was abandoned. It was quite a bit simpler to configure than fail2ban, and this was its strength, but it is also more limited, and has vulnerabilities.}, which is used to block ip addresses that try to break into your internet server.
\section{Instructions for Setup}
Quick setup for Devuan / Debian 9:
First install fail2ban using apt-get.
Second, navigate to /etc/fail2ban/jail.d/
Add the following to a sshd.conf file (or name it anything you like)
\begin{verbatim}
# this is used in devuan. no other changes are made to other files, except
# that the default ssh filter is disabled in jail.conf if it enabled
[sshd]
ignoreip = 127.0.0.1/8
#banaction = iptables
action = iptables-multiport[port="ssh,http,https,22222",blocktype=DROP]
maxretry = 6
enabled = true
filter = sshd
logpath = /var/log/auth.log
bantime = 360000
findtime = 3600
# note that here, the action and its ports are set on INPUT
# so its a rule to block INPUT on ssh, http, https, and 22222
# make sure ports are right.
# you could also use the single iptables too, just need to specify the right port.
#the blocktype=DROP here, goes to actions.d/iptables-multiport.conf, and changes blocktype to drop.
\end{verbatim}
Now, a few notes on this file.
\vspace{0.2in}
First, action can be iptables, but we are using iptables-multiport, as we want to block multiple ports.
\vspace{0.2in}
Second, logpath, should point to your ssh log. In devuan ascii / debian stretch (9) it should be /var/log/auth.log. Other distributions may vary.
\vspace{0.2in}
Third, be careful of different ssh ports. I routinely change ssh ports to be a non standard port, which although it's somewhat pointless, it still seems to block random ssh port scans for port 22. If you use a different port, you must specify it in iptables-multiport above. A potential trap is to use a nonstandard port, then wonder why fail2ban blocks port 22, but your ssh is on port 123 or something.
\vspace{0.2in}
Fourth, the default action in iptables-multiport is to REJECT packets. However, I have changed it to DROP (blocktype=DROP). For those not familiar with the difference between REJECT and DROP, from my understanding, it boils down to that REJECT will alert the outside host that the post is unreachable, while drop simply drops the connection, leaving the other host to figure it out on their own.
As I consider the offending ip addresses to be attackers, I have set it to DROP. If they try to break into the server, then block all ports from them, and don't tell them anything. The DROP timeout is more work on their end. With REJECT, my server actually responds to them.
On fail2ban issues git tracker, there is some discussion about this, and it is not really definitive. It ends up being that, REJECT is default, and if you want you can change it to DROP. As I have.
\subsection{Configuration in Gentoo}
This guide will only cover those working with syslog-ng in Gentoo. You can add a config to syslog-ng to get auth.log to appear in Gentoo.
\footnote{https://wiki.gentoo.org/wiki/Security\_Handbook/Logging\#Syslog-ng}
\begin{verbatim}
/etc/syslog-ng/syslog-ng.confSyslog-ng
@version: 3.17 #mandatory since Version 3, specify the version number of the used syslog-ng
options {
chain_hostnames(no);
# The default action of syslog-ng is to log a STATS line
# to the file every 10 minutes. That's pretty ugly after a while.
# Change it to every 12 hours so you get a nice daily update of
# how many messages syslog-ng missed (0).
stats_freq(43200);
};
source src {
unix-stream("/dev/log" max-connections(256));
internal();
};
source kernsrc { file("/proc/kmsg"); };
# define destinations
destination authlog { file("/var/log/auth.log"); };
destination syslog { file("/var/log/syslog"); };
destination cron { file("/var/log/cron.log"); };
destination daemon { file("/var/log/daemon.log"); };
destination kern { file("/var/log/kern.log"); };
destination lpr { file("/var/log/lpr.log"); };
destination user { file("/var/log/user.log"); };
destination mail { file("/var/log/mail.log"); };
destination mailinfo { file("/var/log/mail.info"); };
destination mailwarn { file("/var/log/mail.warn"); };
destination mailerr { file("/var/log/mail.err"); };
destination newscrit { file("/var/log/news/news.crit"); };
destination newserr { file("/var/log/news/news.err"); };
destination newsnotice { file("/var/log/news/news.notice"); };
destination debug { file("/var/log/debug"); };
destination messages { file("/var/log/messages"); };
destination console { usertty("root"); };
# By default messages are logged to tty12...
destination console_all { file("/dev/tty12"); };
# ...if you intend to use /dev/console for programs like xconsole
# you can comment out the destination line above that references /dev/tty12
# and uncomment the line below.
#destination console_all { file("/dev/console"); };
# create filters
filter f_authpriv { facility(auth, authpriv); };
filter f_syslog { not facility(authpriv, mail); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kern { facility(kern); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_user { facility(user); };
filter f_debug { not facility(auth, authpriv, news, mail); };
filter f_messages { level(info..warn)
and not facility(auth, authpriv, mail, news); };
filter f_emergency { level(emerg); };
filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_crit { level(crit); };
filter f_err { level(err); };
filter f_failed { message("failed"); };
filter f_denied { message("denied"); };
# connect filter and destination
log { source(src); filter(f_authpriv); destination(authlog); };
log { source(src); filter(f_syslog); destination(syslog); };
log { source(src); filter(f_cron); destination(cron); };
log { source(src); filter(f_daemon); destination(daemon); };
log { source(kernsrc); filter(f_kern); destination(kern); };
log { source(src); filter(f_lpr); destination(lpr); };
log { source(src); filter(f_mail); destination(mail); };
log { source(src); filter(f_user); destination(user); };
log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); };
log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); };
log { source(src); filter(f_mail); filter(f_err); destination(mailerr); };
log { source(src); filter(f_debug); destination(debug); };
log { source(src); filter(f_messages); destination(messages); };
log { source(src); filter(f_emergency); destination(console); };
# default log
log { source(src); destination(console_all); };
\end{verbatim}
\end{document}

+ 5
- 0
2019/GNULinux_Resizing_Partitions/docs/2.aux View File

@ -0,0 +1,5 @@
\relax
\@writefile{toc}{\contentsline {section}{\numberline {1}Overview}{1}}
\@writefile{toc}{\contentsline {section}{\numberline {2}Notes}{1}}
\@writefile{toc}{\contentsline {subsection}{\numberline {2.1}resize partitions}{1}}
\@writefile{toc}{\contentsline {subsection}{\numberline {2.2}Things to edit:}{2}}

+ 86
- 0
2019/GNULinux_Resizing_Partitions/docs/2.log View File

@ -0,0 +1,86 @@
This is pdfTeX, Version 3.14159265-2.6-1.40.15 (TeX Live 2015/dev/Debian) (preloaded format=pdflatex 2018.11.28) 31 MAY 2019 01:29
entering extended mode
restricted \write18 enabled.
%&-line parsing enabled.
**/home/layoutdev/Desktop/code/documentation_general/IT_Articles/2019/GNULinux_
Resizing_Partitions/docs/2.tex
(/home/layoutdev/Desktop/code/documentation_general/IT_Articles/2019/GNULinux_R
esizing_Partitions/docs/2.tex
LaTeX2e <2014/05/01>
Babel <3.9l> and hyphenation patterns for 2 languages loaded.
(/usr/share/texlive/texmf-dist/tex/latex/base/article.cls
Document Class: article 2014/09/29 v1.4h Standard LaTeX document class
(/usr/share/texlive/texmf-dist/tex/latex/base/size11.clo
File: size11.clo 2014/09/29 v1.4h Standard LaTeX file (size option)
)
\c@part=\count79
\c@section=\count80
\c@subsection=\count81
\c@subsubsection=\count82
\c@paragraph=\count83
\c@subparagraph=\count84
\c@figure=\count85
\c@table=\count86
\abovecaptionskip=\skip41
\belowcaptionskip=\skip42
\bibindent=\dimen102
) (./2.aux)
\openout1 = `2.aux'.
LaTeX Font Info: Checking defaults for OML/cmm/m/it on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for T1/cmr/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for OT1/cmr/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for OMS/cmsy/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for OMX/cmex/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: Checking defaults for U/cmr/m/n on input line 6.
LaTeX Font Info: ... okay on input line 6.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <10.95> on input line 26.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <8> on input line 26.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <6> on input line 26.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <9> on input line 26.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <5> on input line 26.
LaTeX Font Info: Try loading font information for OMS+cmr on input line 42.
(/usr/share/texlive/texmf-dist/tex/latex/base/omscmr.fd
File: omscmr.fd 2014/09/29 v2.5h Standard LaTeX font definitions
)
LaTeX Font Info: Font shape `OMS/cmr/m/n' in size <10.95> not available
(Font) Font shape `OMS/cmsy/m/n' tried instead on input line 42.
[1
{/var/lib/texmf/fonts/map/pdftex/updmap/pdftex.map}] [2] (./2.aux) )
Here is how much of TeX's memory you used:
256 strings out of 495020
3126 string characters out of 6181323
50970 words of memory out of 5000000
3540 multiletter control sequences out of 15000+600000
9155 words of font info for 32 fonts, out of 8000000 for 9000
14 hyphenation exceptions out of 8191
24i,8n,19p,535b,173s stack positions out of 5000i,500n,10000p,200000b,80000s
</usr/share
/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmbx10.pfb></usr/share/texli
ve/texmf-dist/fonts/type1/public/amsfonts/cm/cmbx12.pfb></usr/share/texlive/tex
mf-dist/fonts/type1/public/amsfonts/cm/cmr10.pfb></usr/share/texlive/texmf-dist
/fonts/type1/public/amsfonts/cm/cmr6.pfb></usr/share/texlive/texmf-dist/fonts/t
ype1/public/amsfonts/cm/cmr8.pfb></usr/share/texlive/texmf-dist/fonts/type1/pub
lic/amsfonts/cm/cmr9.pfb></usr/share/texlive/texmf-dist/fonts/type1/public/amsf
onts/cm/cmsy10.pfb></usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/c
m/cmti10.pfb>
Output written on 2.pdf (2 pages, 94227 bytes).
PDF statistics:
43 PDF objects out of 1000 (max. 8388607)
30 compressed objects within 1 object stream
0 named destinations out of 1000 (max. 500000)
1 words of extra memory for PDF output out of 10000 (max. 10000000)

BIN
2019/GNULinux_Resizing_Partitions/docs/2.pdf View File


+ 61
- 0
2019/GNULinux_Resizing_Partitions/docs/2.tex View File

@ -0,0 +1,61 @@
\documentclass[11pt]{article}
%Gummi|065|=)
\title{\textbf{Expanding HDDs}}
\author{Steak Electronics}
\date{05/30/19}
\begin{document}
\textbf{Expanding HDDs}
%\maketitle
\section{Overview}
I occasionally expand hdds. When this is done, sometimes I have to move partitions around, for example, changing a 1,2,5 (2 and 5 being extended partitions) to a 1,2, which I did for my main documentation machine. When this occured, there were a few gotcha's which I will try to note here.
\section{Notes}
Here's a rough outline of what happened.
I had a 1,2,5 (the 2nd partition being an empty transition partition from primary to extended type) partition table. 1 was root, 5 was swap.
It was a 40GB HDD. I decided to expand it to an 80GB HDD.
First, I used clonezilla, and did a standard disk to disk. Everything went without a hitch.
Then I needed to resize the partitions
\subsection{resize partitions}
I've always done this with fsck. Apparently parted once\footnote{They removed this, and replaced it with something different. removing backwards compatibility is a sin in software. They have sinned.} had a command named resize and some guides online still talk of it, as if it will work. It doesn't. It was removed. Don't waste time with parted.
Fsck, essentially, you delete all the partitions, then add them as you want, IF you have a root partition that is 1, with everything. \footnote{If you split up the partitions, you will need to image the partitions and copy them differently.} I always use a single root partition. Simple. No need to complicate a desktop os. So for 1,2,5, I delete all partitions, then add 1, with an additional 40G in fsck.
+80G in this case is what I did.\footnote{Perhaps I should've done +70G to stay under the 80G of an actual 80GB hdd.}
Then add the swap after.
mkswap the swap. resize2fs the root partition (it may ask you to e2fsck -f first, so do that if necessary). That's easy.
However, here's the trap. You aren't done. You need to edit not only fstab, but also a few other places.
\subsection{Things to edit:}
\begin{itemize}
\item fstab
\item /etc/initramfs/conf.d/resume (may be optional if you don't suspend)
\item update-grub
\item update-initramfs -u -all
\item grub-install /dev/sda
\item grub-install /dev/sda1
\end{itemize}
You add the new blkid of the new swap (if it's new) to the conf.d resume. My grub-install /dev/sda1 errored out, but I think it was the /dev/sda one I needed to redo. Do both just in case. Also make sure to do an update-initramfs -u -all. And you probably already remembered about update-grub but that should probably be done as well.
It's easy to miss one of these, and if you do, you will be loaded into grub. If you load manually in grub with:
\emph{linux = /boot/vmlinuz...}
\emph{initrd = /boot/initrd...}
\emph{boot}
Then in my case, you will end up in an initramfs that can't find the fstab. So then chroot into the hdd, and run the steps above.
\end{document}

+ 28
- 0
2019/Router_Fail_Repair/docs/#2.tex# View File

@ -0,0 +1,28 @@
\documentclass[11pt]{article}
%Gummi|065|=)
\title{\textbf{Router Fail - Network Down!}}
\usepackage{graphicx}
\usepackage{caption }
\author{Steak Electronics}
\date{06/4/19}
\begin{document}
%\maketitle
\textbf{Router Fail - Network Down}
%\textbf{Todo}
\section{Overview}
A company had the internet go down. The way their system was built, they had a 2nd firewall behind a cable company router. I was able to access the network before the firewall, which meant that their firewall might've failed.
\section{Diagnosis}
The internal firewall had no LED power light or activity. So, no internet.
First, their network was a 192.168.0.0/24 subnet. I first put them behind a second wireless router which was upstream of the cable modem and not offline. However the network of that internet router was 192.168.1.0/24. This means a few things. 1) All computers (Windows unfortunately), must be set to DHCP (in this case they were all static), and leases must be renewed. So, at least you need a reboot of computers in this situation. 2) They had server software in the LAN that depended upon the 192.168.0.0/24 subnet to work. I didn't find this out until later.
Originally, I started with the default wireless network of 192.168.1.0/24 but I found that the server software wasn't working. In this case, the most efficient way to rebuild the network, with all the statics intact, was to set the new (temporary) replacement router to be the same subnet. I didn't have the password for the wireless router, so a simple factory reset enabled me access (although lucky for me, the default subnet was in fact 192.168.0.0/24).
es
\section{Conclusion}
When replacing a failed router in a situation like this, the new router should ideally have the same subnet. You might be able to get away without this in smaller offices, but if there is any server software, or if the computers have static IPs \footnote{Or if any other device hsa a static ip, e.g. CCTV camera} you will run into a few more minutes of work.
There are no rules; this is not set in stone, however, it's the easiest path. As this was only a temporary router replacement, it was not important to have the network 1:1 with the original. In my setups, (this network was not mine) I prefer to have redundant hardware, so you can replace a broken firewall, with a similarly configured duplicate.
\end{document}

+ 4
- 0
2019/Router_Fail_Repair/docs/1.aux View File

@ -0,0 +1,4 @@
\relax
\@writefile{toc}{\contentsline {section}{\numberline {1}Overview}{1}}
\@writefile{toc}{\contentsline {section}{\numberline {2}Diagnosis}{1}}
\@writefile{toc}{\contentsline {section}{\numberline {3}Conclusion}{1}}

+ 190
- 0
2019/Router_Fail_Repair/docs/1.log View File

@ -0,0 +1,190 @@
This is pdfTeX, Version 3.14159265-2.6-1.40.15 (TeX Live 2015/dev/Debian) (preloaded format=pdflatex 2018.11.28) 4 JUN 2019 23:52
entering extended mode
restricted \write18 enabled.
%&-line parsing enabled.
**/home/layoutdev/Desktop/code/documentation_general/IT_Articles/2019/Router_Fa
il_Repair/docs/1.tex
(/home/layoutdev/Desktop/code/documentation_general/IT_Articles/2019/Router_Fai
l_Repair/docs/1.tex
LaTeX2e <2014/05/01>
Babel <3.9l> and hyphenation patterns for 2 languages loaded.
(/usr/share/texlive/texmf-dist/tex/latex/base/article.cls
Document Class: article 2014/09/29 v1.4h Standard LaTeX document class
(/usr/share/texlive/texmf-dist/tex/latex/base/size11.clo
File: size11.clo 2014/09/29 v1.4h Standard LaTeX file (size option)
)
\c@part=\count79
\c@section=\count80
\c@subsection=\count81
\c@subsubsection=\count82
\c@paragraph=\count83
\c@subparagraph=\count84
\c@figure=\count85
\c@table=\count86
\abovecaptionskip=\skip41
\belowcaptionskip=\skip42
\bibindent=\dimen102
)
(/usr/share/texlive/texmf-dist/tex/latex/graphics/graphicx.sty
Package: graphicx 2014/04/25 v1.0g Enhanced LaTeX Graphics (DPC,SPQR)
(/usr/share/texlive/texmf-dist/tex/latex/graphics/keyval.sty
Package: keyval 2014/05/08 v1.15 key=value parser (DPC)
\KV@toks@=\toks14
)
(/usr/share/texlive/texmf-dist/tex/latex/graphics/graphics.sty
Package: graphics 2009/02/05 v1.0o Standard LaTeX Graphics (DPC,SPQR)
(/usr/share/texlive/texmf-dist/tex/latex/graphics/trig.sty
Package: trig 1999/03/16 v1.09 sin cos tan (DPC)
)
(/usr/share/texlive/texmf-dist/tex/latex/latexconfig/graphics.cfg
File: graphics.cfg 2010/04/23 v1.9 graphics configuration of TeX Live
)
Package graphics Info: Driver file: pdftex.def on input line 91.
(/usr/share/texlive/texmf-dist/tex/latex/pdftex-def/pdftex.def
File: pdftex.def 2011/05/27 v0.06d Graphics/color for pdfTeX
(/usr/share/texlive/texmf-dist/tex/generic/oberdiek/infwarerr.sty
Package: infwarerr 2010/04/08 v1.3 Providing info/warning/error messages (HO)
)
(/usr/share/texlive/texmf-dist/tex/generic/oberdiek/ltxcmds.sty
Package: ltxcmds 2011/11/09 v1.22 LaTeX kernel commands for general use (HO)
)
\Gread@gobject=\count87
))
\Gin@req@height=\dimen103
\Gin@req@width=\dimen104
)
(/usr/share/texlive/texmf-dist/tex/latex/caption/caption.sty
Package: caption 2013/05/02 v3.3-89 Customizing captions (AR)
(/usr/share/texlive/texmf-dist/tex/latex/caption/caption3.sty
Package: caption3 2013/05/02 v1.6-88 caption3 kernel (AR)
Package caption3 Info: TeX engine: e-TeX on input line 57.
\captionmargin=\dimen105
\captionmargin@=\dimen106
\captionwidth=\dimen107
\caption@tempdima=\dimen108
\caption@indent=\dimen109
\caption@parindent=\dimen110
\caption@hangindent=\dimen111
)
\c@ContinuedFloat=\count88
) (./1.aux)
\openout1 = `1.aux'.
LaTeX Font Info: Checking defaults for OML/cmm/m/it on input line 8.
LaTeX Font Info: ... okay on input line 8.
LaTeX Font Info: Checking defaults for T1/cmr/m/n on input line 8.
LaTeX Font Info: ... okay on input line 8.
LaTeX Font Info: Checking defaults for OT1/cmr/m/n on input line 8.
LaTeX Font Info: ... okay on input line 8.
LaTeX Font Info: Checking defaults for OMS/cmsy/m/n on input line 8.
LaTeX Font Info: ... okay on input line 8.
LaTeX Font Info: Checking defaults for OMX/cmex/m/n on input line 8.
LaTeX Font Info: ... okay on input line 8.
LaTeX Font Info: Checking defaults for U/cmr/m/n on input line 8.
LaTeX Font Info: ... okay on input line 8.
(/usr/share/texlive/texmf-dist/tex/context/base/supp-pdf.mkii
[Loading MPS to PDF converter (version 2006.09.02).]
\scratchcounter=\count89
\scratchdimen=\dimen112
\scratchbox=\box26
\nofMPsegments=\count90
\nofMParguments=\count91
\everyMPshowfont=\toks15
\MPscratchCnt=\count92
\MPscratchDim=\dimen113
\MPnumerator=\count93
\makeMPintoPDFobject=\count94
\everyMPtoPDFconversion=\toks16
) (/usr/share/texlive/texmf-dist/tex/generic/oberdiek/pdftexcmds.sty
Package: pdftexcmds 2011/11/29 v0.20 Utility functions of pdfTeX for LuaTeX (HO
)
(/usr/share/texlive/texmf-dist/tex/generic/oberdiek/ifluatex.sty
Package: ifluatex 2010/03/01 v1.3 Provides the ifluatex switch (HO)
Package ifluatex Info: LuaTeX not detected.
)
(/usr/share/texlive/texmf-dist/tex/generic/oberdiek/ifpdf.sty
Package: ifpdf 2011/01/30 v2.3 Provides the ifpdf switch (HO)
Package ifpdf Info: pdfTeX in PDF mode is detected.
)
Package pdftexcmds Info: LuaTeX not detected.
Package pdftexcmds Info: \pdf@primitive is available.
Package pdftexcmds Info: \pdf@ifprimitive is available.
Package pdftexcmds Info: \pdfdraftmode found.
)
(/usr/share/texlive/texmf-dist/tex/latex/oberdiek/epstopdf-base.sty
Package: epstopdf-base 2010/02/09 v2.5 Base part for package epstopdf
(/usr/share/texlive/texmf-dist/tex/latex/oberdiek/grfext.sty
Package: grfext 2010/08/19 v1.1 Manage graphics extensions (HO)
(/usr/share/texlive/texmf-dist/tex/generic/oberdiek/kvdefinekeys.sty
Package: kvdefinekeys 2011/04/07 v1.3 Define keys (HO)
))
(/usr/share/texlive/texmf-dist/tex/latex/oberdiek/kvoptions.sty
Package: kvoptions 2011/06/30 v3.11 Key value format for package options (HO)
(/usr/share/texlive/texmf-dist/tex/generic/oberdiek/kvsetkeys.sty
Package: kvsetkeys 2012/04/25 v1.16 Key value parser (HO)
(/usr/share/texlive/texmf-dist/tex/generic/oberdiek/etexcmds.sty
Package: etexcmds 2011/02/16 v1.5 Avoid name clashes with e-TeX commands (HO)
Package etexcmds Info: Could not find \expanded.
(etexcmds) That can mean that you are not using pdfTeX 1.50 or
(etexcmds) that some package has redefined \expanded.
(etexcmds) In the latter case, load this package earlier.
)))
Package grfext Info: Graphics extension search list:
(grfext) [.png,.pdf,.jpg,.mps,.jpeg,.jbig2,.jb2,.PNG,.PDF,.JPG,.JPE
G,.JBIG2,.JB2,.eps]
(grfext) \AppendGraphicsExtensions on input line 452.
(/usr/share/texlive/texmf-dist/tex/latex/latexconfig/epstopdf-sys.cfg
File: epstopdf-sys.cfg 2010/07/13 v1.3 Configuration of (r)epstopdf for TeX Liv
e
))
Package caption Info: Begin \AtBeginDocument code.
Package caption Info: End \AtBeginDocument code.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <10.95> on input line 23.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <8> on input line 23.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <6> on input line 23.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <9> on input line 23.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <5> on input line 23.
[1
{/var/lib/texmf/fonts/map/pdftex/updmap/pdftex.map}] (./1.aux) )
Here is how much of TeX's memory you used:
2534 strings out of 495020
40330 string characters out of 6181323
94810 words of memory out of 5000000
5752 multiletter control sequences out of 15000+600000
8204 words of font info for 29 fonts, out of 8000000 for 9000
14 hyphenation exceptions out of 8191
38i,8n,38p,661b,147s stack positions out of 5000i,500n,10000p,200000b,80000s
</usr/share/tex
live/texmf-dist/fonts/type1/public/amsfonts/cm/cmbx10.pfb></usr/share/texlive/t
exmf-dist/fonts/type1/public/amsfonts/cm/cmbx12.pfb></usr/share/texlive/texmf-d
ist/fonts/type1/public/amsfonts/cm/cmr10.pfb></usr/share/texlive/texmf-dist/fon
ts/type1/public/amsfonts/cm/cmr6.pfb></usr/share/texlive/texmf-dist/fonts/type1
/public/amsfonts/cm/cmr8.pfb></usr/share/texlive/texmf-dist/fonts/type1/public/
amsfonts/cm/cmr9.pfb>
Output written on 1.pdf (1 page, 72150 bytes).
PDF statistics:
32 PDF objects out of 1000 (max. 8388607)
22 compressed objects within 1 object stream
0 named destinations out of 1000 (max. 500000)
1 words of extra memory for PDF output out of 10000 (max. 10000000)

BIN
2019/Router_Fail_Repair/docs/1.pdf View File


+ 28
- 0
2019/Router_Fail_Repair/docs/1.tex View File

@ -0,0 +1,28 @@
\documentclass[11pt]{article}
%Gummi|065|=)
\title{\textbf{Router Fail - Network Down!}}
\usepackage{graphicx}
\usepackage{caption }
\author{Steak Electronics}
\date{06/4/19}
\begin{document}
%\maketitle
\textbf{Router Fail - Network Down}
%\textbf{Todo}
\section{Overview}
A company had the internet go down. The way their system was built, they had a 2nd firewall behind a cable company router. I was able to access the network before the firewall, which meant that their firewall might've failed.
\section{Diagnosis}
The internal firewall had no LED power light or activity. So, no internet.
First, their network was a 192.168.0.0/24 subnet. I first put them behind a second wireless router which was upstream of the cable modem and not offline. However the network of that internet router was 192.168.1.0/24. This means a few things. 1) All computers (Windows unfortunately), must be set to DHCP (in this case they were all static), and leases must be renewed. So, at least you need a reboot of computers in this situation. 2) They had server software in the LAN that depended upon the 192.168.0.0/24 subnet to work. I didn't find this out until later.
Originally, I started with the default wireless network of 192.168.1.0/24 but I found that the server software wasn't working. In this case, the most efficient way to rebuild the network, with all the statics intact, was to set the new (temporary) replacement router to be the same subnet. I didn't have the password for the wireless router, so a simple factory reset enabled me access (although lucky for me, the default subnet was in fact 192.168.0.0/24).
\section{Conclusion}
When replacing a failed router in a situation like this, the new router should ideally have the same subnet. You might be able to get away without this in smaller offices, but if there is any server software, or if the computers have static IPs \footnote{Or if any other device hsa a static ip, e.g. CCTV camera} you will run into a few more minutes of work.
There are no rules; this is not set in stone, however, it's the easiest path. As this was only a temporary router replacement, it was not important to have the network 1:1 with the original. In my setups, (this network was not mine) I prefer to have redundant hardware, so you can replace a broken firewall, with a similarly configured duplicate.
\end{document}

+ 33
- 0
2019/Router_Fail_Repair/docs/1.tex~ View File

@ -0,0 +1,33 @@
\documentclass[11pt]{article}
%Gummi|065|=)
\title{\textbf{Finding Printers on the Network In Windows}}
\usepackage{graphicx}
\usepackage{caption }
\author{Steak Electronics}
\date{02/22/19}
\begin{document}
\maketitle
\textbf{Todo}
\section{Overview}
Finding Printers in Windows, can be difficult, and it changes from OS to OS release. OS Coder job security.
There is usually a faster way to find printers, if you know what you are looking for.
\section{Steps}
Follow these graphical steps.
\includegraphics[scale=0.8]{../pics/1.png}
\includegraphics[scale=0.8]{../pics/2.png}
\includegraphics[scale=0.8]{../pics/3.png}
There is something similar in Windows 7, and I imagine in Windows 11 they will change it again. Job security.
\end{document}

+ 4
- 0
2019/Router_Fail_Repair/docs/2.aux View File

@ -0,0 +1,4 @@
\relax
\@writefile{toc}{\contentsline {section}{\numberline {1}Overview}{1}}
\@writefile{toc}{\contentsline {section}{\numberline {2}Diagnosis}{1}}
\@writefile{toc}{\contentsline {section}{\numberline {3}Conclusion}{1}}

+ 190
- 0
2019/Router_Fail_Repair/docs/2.log View File

@ -0,0 +1,190 @@
This is pdfTeX, Version 3.14159265-2.6-1.40.15 (TeX Live 2015/dev/Debian) (preloaded format=pdflatex 2018.11.28) 4 JUN 2019 23:52
entering extended mode
restricted \write18 enabled.
%&-line parsing enabled.
**/home/layoutdev/Desktop/code/documentation_general/IT_Articles/2019/Router_Fa
il_Repair/docs/2.tex
(/home/layoutdev/Desktop/code/documentation_general/IT_Articles/2019/Router_Fai
l_Repair/docs/2.tex
LaTeX2e <2014/05/01>
Babel <3.9l> and hyphenation patterns for 2 languages loaded.
(/usr/share/texlive/texmf-dist/tex/latex/base/article.cls
Document Class: article 2014/09/29 v1.4h Standard LaTeX document class
(/usr/share/texlive/texmf-dist/tex/latex/base/size11.clo
File: size11.clo 2014/09/29 v1.4h Standard LaTeX file (size option)
)
\c@part=\count79
\c@section=\count80
\c@subsection=\count81
\c@subsubsection=\count82
\c@paragraph=\count83
\c@subparagraph=\count84
\c@figure=\count85
\c@table=\count86
\abovecaptionskip=\skip41
\belowcaptionskip=\skip42
\bibindent=\dimen102
)
(/usr/share/texlive/texmf-dist/tex/latex/graphics/graphicx.sty
Package: graphicx 2014/04/25 v1.0g Enhanced LaTeX Graphics (DPC,SPQR)
(/usr/share/texlive/texmf-dist/tex/latex/graphics/keyval.sty
Package: keyval 2014/05/08 v1.15 key=value parser (DPC)
\KV@toks@=\toks14
)
(/usr/share/texlive/texmf-dist/tex/latex/graphics/graphics.sty
Package: graphics 2009/02/05 v1.0o Standard LaTeX Graphics (DPC,SPQR)
(/usr/share/texlive/texmf-dist/tex/latex/graphics/trig.sty
Package: trig 1999/03/16 v1.09 sin cos tan (DPC)
)
(/usr/share/texlive/texmf-dist/tex/latex/latexconfig/graphics.cfg
File: graphics.cfg 2010/04/23 v1.9 graphics configuration of TeX Live
)
Package graphics Info: Driver file: pdftex.def on input line 91.
(/usr/share/texlive/texmf-dist/tex/latex/pdftex-def/pdftex.def
File: pdftex.def 2011/05/27 v0.06d Graphics/color for pdfTeX
(/usr/share/texlive/texmf-dist/tex/generic/oberdiek/infwarerr.sty
Package: infwarerr 2010/04/08 v1.3 Providing info/warning/error messages (HO)
)
(/usr/share/texlive/texmf-dist/tex/generic/oberdiek/ltxcmds.sty
Package: ltxcmds 2011/11/09 v1.22 LaTeX kernel commands for general use (HO)
)
\Gread@gobject=\count87
))
\Gin@req@height=\dimen103
\Gin@req@width=\dimen104
)
(/usr/share/texlive/texmf-dist/tex/latex/caption/caption.sty
Package: caption 2013/05/02 v3.3-89 Customizing captions (AR)
(/usr/share/texlive/texmf-dist/tex/latex/caption/caption3.sty
Package: caption3 2013/05/02 v1.6-88 caption3 kernel (AR)
Package caption3 Info: TeX engine: e-TeX on input line 57.
\captionmargin=\dimen105
\captionmargin@=\dimen106
\captionwidth=\dimen107
\caption@tempdima=\dimen108
\caption@indent=\dimen109
\caption@parindent=\dimen110
\caption@hangindent=\dimen111
)
\c@ContinuedFloat=\count88
) (./2.aux)
\openout1 = `2.aux'.
LaTeX Font Info: Checking defaults for OML/cmm/m/it on input line 8.
LaTeX Font Info: ... okay on input line 8.
LaTeX Font Info: Checking defaults for T1/cmr/m/n on input line 8.
LaTeX Font Info: ... okay on input line 8.
LaTeX Font Info: Checking defaults for OT1/cmr/m/n on input line 8.
LaTeX Font Info: ... okay on input line 8.
LaTeX Font Info: Checking defaults for OMS/cmsy/m/n on input line 8.
LaTeX Font Info: ... okay on input line 8.
LaTeX Font Info: Checking defaults for OMX/cmex/m/n on input line 8.
LaTeX Font Info: ... okay on input line 8.
LaTeX Font Info: Checking defaults for U/cmr/m/n on input line 8.
LaTeX Font Info: ... okay on input line 8.
(/usr/share/texlive/texmf-dist/tex/context/base/supp-pdf.mkii
[Loading MPS to PDF converter (version 2006.09.02).]
\scratchcounter=\count89
\scratchdimen=\dimen112
\scratchbox=\box26
\nofMPsegments=\count90
\nofMParguments=\count91
\everyMPshowfont=\toks15
\MPscratchCnt=\count92
\MPscratchDim=\dimen113
\MPnumerator=\count93
\makeMPintoPDFobject=\count94
\everyMPtoPDFconversion=\toks16
) (/usr/share/texlive/texmf-dist/tex/generic/oberdiek/pdftexcmds.sty
Package: pdftexcmds 2011/11/29 v0.20 Utility functions of pdfTeX for LuaTeX (HO
)
(/usr/share/texlive/texmf-dist/tex/generic/oberdiek/ifluatex.sty
Package: ifluatex 2010/03/01 v1.3 Provides the ifluatex switch (HO)
Package ifluatex Info: LuaTeX not detected.
)
(/usr/share/texlive/texmf-dist/tex/generic/oberdiek/ifpdf.sty
Package: ifpdf 2011/01/30 v2.3 Provides the ifpdf switch (HO)
Package ifpdf Info: pdfTeX in PDF mode is detected.
)
Package pdftexcmds Info: LuaTeX not detected.
Package pdftexcmds Info: \pdf@primitive is available.
Package pdftexcmds Info: \pdf@ifprimitive is available.
Package pdftexcmds Info: \pdfdraftmode found.
)
(/usr/share/texlive/texmf-dist/tex/latex/oberdiek/epstopdf-base.sty
Package: epstopdf-base 2010/02/09 v2.5 Base part for package epstopdf
(/usr/share/texlive/texmf-dist/tex/latex/oberdiek/grfext.sty
Package: grfext 2010/08/19 v1.1 Manage graphics extensions (HO)
(/usr/share/texlive/texmf-dist/tex/generic/oberdiek/kvdefinekeys.sty
Package: kvdefinekeys 2011/04/07 v1.3 Define keys (HO)
))
(/usr/share/texlive/texmf-dist/tex/latex/oberdiek/kvoptions.sty
Package: kvoptions 2011/06/30 v3.11 Key value format for package options (HO)
(/usr/share/texlive/texmf-dist/tex/generic/oberdiek/kvsetkeys.sty
Package: kvsetkeys 2012/04/25 v1.16 Key value parser (HO)
(/usr/share/texlive/texmf-dist/tex/generic/oberdiek/etexcmds.sty
Package: etexcmds 2011/02/16 v1.5 Avoid name clashes with e-TeX commands (HO)
Package etexcmds Info: Could not find \expanded.
(etexcmds) That can mean that you are not using pdfTeX 1.50 or
(etexcmds) that some package has redefined \expanded.
(etexcmds) In the latter case, load this package earlier.
)))
Package grfext Info: Graphics extension search list:
(grfext) [.png,.pdf,.jpg,.mps,.jpeg,.jbig2,.jb2,.PNG,.PDF,.JPG,.JPE
G,.JBIG2,.JB2,.eps]
(grfext) \AppendGraphicsExtensions on input line 452.
(/usr/share/texlive/texmf-dist/tex/latex/latexconfig/epstopdf-sys.cfg
File: epstopdf-sys.cfg 2010/07/13 v1.3 Configuration of (r)epstopdf for TeX Liv
e
))
Package caption Info: Begin \AtBeginDocument code.
Package caption Info: End \AtBeginDocument code.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <10.95> on input line 23.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <8> on input line 23.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <6> on input line 23.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <9> on input line 23.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <5> on input line 23.
[1
{/var/lib/texmf/fonts/map/pdftex/updmap/pdftex.map}] (./2.aux) )
Here is how much of TeX's memory you used:
2534 strings out of 495020
40330 string characters out of 6181323
94810 words of memory out of 5000000
5752 multiletter control sequences out of 15000+600000
8204 words of font info for 29 fonts, out of 8000000 for 9000
14 hyphenation exceptions out of 8191
38i,8n,38p,661b,147s stack positions out of 5000i,500n,10000p,200000b,80000s
</usr/share/tex
live/texmf-dist/fonts/type1/public/amsfonts/cm/cmbx10.pfb></usr/share/texlive/t
exmf-dist/fonts/type1/public/amsfonts/cm/cmbx12.pfb></usr/share/texlive/texmf-d
ist/fonts/type1/public/amsfonts/cm/cmr10.pfb></usr/share/texlive/texmf-dist/fon
ts/type1/public/amsfonts/cm/cmr6.pfb></usr/share/texlive/texmf-dist/fonts/type1
/public/amsfonts/cm/cmr8.pfb></usr/share/texlive/texmf-dist/fonts/type1/public/
amsfonts/cm/cmr9.pfb>
Output written on 2.pdf (1 page, 72150 bytes).
PDF statistics:
32 PDF objects out of 1000 (max. 8388607)
22 compressed objects within 1 object stream
0 named destinations out of 1000 (max. 500000)
1 words of extra memory for PDF output out of 10000 (max. 10000000)

BIN
2019/Router_Fail_Repair/docs/2.pdf View File


+ 28
- 0
2019/Router_Fail_Repair/docs/2.tex View File

@ -0,0 +1,28 @@
\documentclass[11pt]{article}
%Gummi|065|=)
\title{\textbf{Router Fail - Network Down!}}
\usepackage{graphicx}
\usepackage{caption }
\author{Steak Electronics}
\date{06/4/19}
\begin{document}
%\maketitle
\textbf{Router Fail - Network Down}
%\textbf{Todo}
\section{Overview}
A company had the internet go down. The way their system was built, they had a 2nd firewall behind a cable company router. I was able to access the network before the firewall, which meant that their firewall might've failed.
\section{Diagnosis}
The internal firewall had no LED power light or activity. So, no internet.
First, their network was a 192.168.0.0/24 subnet. I first put them behind a second wireless router which was upstream of the cable modem and not offline. However the network of that internet router was 192.168.1.0/24. This means a few things. 1) All computers (Windows unfortunately), must be set to DHCP (in this case they were all static), and leases must be renewed. So, at least you need a reboot of computers in this situation. 2) They had server software in the LAN that depended upon the 192.168.0.0/24 subnet to work. I didn't find this out until later.
Originally, I started with the default wireless network of 192.168.1.0/24 but I found that the server software wasn't working. In this case, the most efficient way to rebuild the network, with all the statics intact, was to set the new (temporary) replacement router to be the same subnet. I didn't have the password for the wireless router, so a simple factory reset enabled me access (although lucky for me, the default subnet was in fact 192.168.0.0/24).
\section{Conclusion}
When replacing a failed router in a situation like this, the new router should ideally have the same subnet. You might be able to get away without this in smaller offices, but if there is any server software, or if the computers have static IPs \footnote{Or if any other device hsa a static ip, e.g. CCTV camera} you will run into a few more minutes of work.
There are no rules; this is not set in stone, however, it's the easiest path. As this was only a temporary router replacement, it was not important to have the network 1:1 with the original. In my setups, (this network was not mine) I prefer to have redundant hardware, so you can replace a broken firewall, with a similarly configured duplicate.
\end{document}

BIN
2019/Router_Fail_Repair/docs/2.tex~ View File


Loading…
Cancel
Save