@ -0,0 +1,6 @@ | |||||
\relax | |||||
\@writefile{toc}{\contentsline {section}{\numberline {1}Overview}{1}} | |||||
\@writefile{toc}{\contentsline {section}{\numberline {2}Instructions for Setup}{1}} | |||||
\@writefile{toc}{\contentsline {subsection}{\numberline {2.1}Configuration in Gentoo}{3}} | |||||
\@writefile{toc}{\contentsline {section}{\numberline {3}Future Advancements}{5}} | |||||
\@writefile{toc}{\contentsline {section}{\numberline {4}Further Reading}{6}} |
@ -0,0 +1,178 @@ | |||||
This is pdfTeX, Version 3.14159265-2.6-1.40.15 (TeX Live 2015/dev/Debian) (preloaded format=pdflatex 2018.11.28) 29 MAY 2019 01:27 | |||||
entering extended mode | |||||
restricted \write18 enabled. | |||||
%&-line parsing enabled. | |||||
**/home/layoutdev/Desktop/code/documentation_general/IT_Articles/2019/Fail2Ban_ | |||||
Primer/docs/4.tex | |||||
(/home/layoutdev/Desktop/code/documentation_general/IT_Articles/2019/Fail2Ban_P | |||||
rimer/docs/4.tex | |||||
LaTeX2e <2014/05/01> | |||||
Babel <3.9l> and hyphenation patterns for 2 languages loaded. | |||||
(/usr/share/texlive/texmf-dist/tex/latex/base/article.cls | |||||
Document Class: article 2014/09/29 v1.4h Standard LaTeX document class | |||||
(/usr/share/texlive/texmf-dist/tex/latex/base/size11.clo | |||||
File: size11.clo 2014/09/29 v1.4h Standard LaTeX file (size option) | |||||
) | |||||
\c@part=\count79 | |||||
\c@section=\count80 | |||||
\c@subsection=\count81 | |||||
\c@subsubsection=\count82 | |||||
\c@paragraph=\count83 | |||||
\c@subparagraph=\count84 | |||||
\c@figure=\count85 | |||||
\c@table=\count86 | |||||
\abovecaptionskip=\skip41 | |||||
\belowcaptionskip=\skip42 | |||||
\bibindent=\dimen102 | |||||
) (./4.aux) | |||||
\openout1 = `4.aux'. | |||||
LaTeX Font Info: Checking defaults for OML/cmm/m/it on input line 6. | |||||
LaTeX Font Info: ... okay on input line 6. | |||||
LaTeX Font Info: Checking defaults for T1/cmr/m/n on input line 6. | |||||
LaTeX Font Info: ... okay on input line 6. | |||||
LaTeX Font Info: Checking defaults for OT1/cmr/m/n on input line 6. | |||||
LaTeX Font Info: ... okay on input line 6. | |||||
LaTeX Font Info: Checking defaults for OMS/cmsy/m/n on input line 6. | |||||
LaTeX Font Info: ... okay on input line 6. | |||||
LaTeX Font Info: Checking defaults for OMX/cmex/m/n on input line 6. | |||||
LaTeX Font Info: ... okay on input line 6. | |||||
LaTeX Font Info: Checking defaults for U/cmr/m/n on input line 6. | |||||
LaTeX Font Info: ... okay on input line 6. | |||||
LaTeX Font Info: External font `cmex10' loaded for size | |||||
(Font) <12> on input line 8. | |||||
LaTeX Font Info: External font `cmex10' loaded for size | |||||
(Font) <8> on input line 8. | |||||
LaTeX Font Info: External font `cmex10' loaded for size | |||||
(Font) <6> on input line 8. | |||||
LaTeX Font Info: External font `cmex10' loaded for size | |||||
(Font) <10.95> on input line 11. | |||||
LaTeX Font Info: External font `cmex10' loaded for size | |||||
(Font) <9> on input line 11. | |||||
LaTeX Font Info: External font `cmex10' loaded for size | |||||
(Font) <5> on input line 11. | |||||
LaTeX Font Info: Try loading font information for OMS+cmr on input line 19. | |||||
(/usr/share/texlive/texmf-dist/tex/latex/base/omscmr.fd | |||||
File: omscmr.fd 2014/09/29 v2.5h Standard LaTeX font definitions | |||||
) | |||||
LaTeX Font Info: Font shape `OMS/cmr/m/n' in size <10.95> not available | |||||
(Font) Font shape `OMS/cmsy/m/n' tried instead on input line 19. | |||||
Overfull \hbox (65.4029pt too wide) in paragraph at lines 37--37 | |||||
[]\OT1/cmtt/m/n/10.95 # this is used in devuan. no other changes are made to ot | |||||
her files, except[] | |||||
[] | |||||
Overfull \hbox (30.91077pt too wide) in paragraph at lines 37--37 | |||||
[]\OT1/cmtt/m/n/10.95 # that the default ssh filter is disabled in jail.conf if | |||||
it enabled[] | |||||
[] | |||||
[1 | |||||
{/var/lib/texmf/fonts/map/pdftex/updmap/pdftex.map}] | |||||
Overfull \hbox (14.05429pt too wide) in paragraph at lines 56--57 | |||||
[]\OT1/cmr/bx/n/10.95 To con-fig-ure it, see /etc/fail2ban/actions.d/iptables-c | |||||
ommon.conf | |||||
[] | |||||
[2] | |||||
Overfull \hbox (7.91602pt too wide) in paragraph at lines 163--163 | |||||
[] \OT1/cmtt/m/n/10.95 # The default action of syslog-ng is to log a STA | |||||
TS line[] | |||||
[] | |||||
Overfull \hbox (65.4029pt too wide) in paragraph at lines 163--163 | |||||
[] \OT1/cmtt/m/n/10.95 # to the file every 10 minutes. That's pretty ug | |||||
ly after a while.[] | |||||
[] | |||||
Overfull \hbox (48.15683pt too wide) in paragraph at lines 163--163 | |||||
[] \OT1/cmtt/m/n/10.95 # Change it to every 12 hours so you get a nice d | |||||
aily update of[] | |||||
[] | |||||
[3] | |||||
Overfull \hbox (13.6647pt too wide) in paragraph at lines 163--163 | |||||
[]\OT1/cmtt/m/n/10.95 # ...if you intend to use /dev/console for programs like | |||||
xconsole[] | |||||
[] | |||||
Overfull \hbox (71.15158pt too wide) in paragraph at lines 163--163 | |||||
[]\OT1/cmtt/m/n/10.95 # you can comment out the destination line above that ref | |||||
erences /dev/tty12[] | |||||
[] | |||||
[4] | |||||
Overfull \hbox (2.16733pt too wide) in paragraph at lines 163--163 | |||||
[]\OT1/cmtt/m/n/10.95 log { source(src); filter(f_authpriv); destination(authlo | |||||
g); };[] | |||||
[] | |||||
Overfull \hbox (76.90027pt too wide) in paragraph at lines 163--163 | |||||
[]\OT1/cmtt/m/n/10.95 log { source(src); filter(f_mail); filter(f_info); destin | |||||
ation(mailinfo); };[] | |||||
[] | |||||
Overfull \hbox (76.90027pt too wide) in paragraph at lines 163--163 | |||||
[]\OT1/cmtt/m/n/10.95 log { source(src); filter(f_mail); filter(f_warn); destin | |||||
ation(mailwarn); };[] | |||||
[] | |||||
Overfull \hbox (65.4029pt too wide) in paragraph at lines 163--163 | |||||
[]\OT1/cmtt/m/n/10.95 log { source(src); filter(f_mail); filter(f_err); destina | |||||
tion(mailerr); };[] | |||||
[] | |||||
Overfull \hbox (7.91602pt too wide) in paragraph at lines 163--163 | |||||
[]\OT1/cmtt/m/n/10.95 log { source(src); filter(f_messages); destination(messag | |||||
es); };[] | |||||
[] | |||||
Overfull \hbox (7.91602pt too wide) in paragraph at lines 163--163 | |||||
[]\OT1/cmtt/m/n/10.95 log { source(src); filter(f_emergency); destination(conso | |||||
le); };[] | |||||
[] | |||||
[5] | |||||
Overfull \hbox (7.91743pt too wide) in paragraph at lines 173--174 | |||||
[]\OT1/cmr/m/n/10.95 https://www.jwz.org/blog/2019/03/apache-2-4-1-killed-fail2 | |||||
ban-so-thats- | |||||
[] | |||||
[6] (./4.aux) ) | |||||
Here is how much of TeX's memory you used: | |||||
265 strings out of 495020 | |||||
3217 string characters out of 6181323 | |||||
50970 words of memory out of 5000000 | |||||
3547 multiletter control sequences out of 15000+600000 | |||||
10198 words of font info for 36 fonts, out of 8000000 for 9000 | |||||
14 hyphenation exceptions out of 8191 | |||||
24i,8n,19p,590b,244s stack positions out of 5000i,500n,10000p,200000b,80000s | |||||
</usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cm | |||||
bx10.pfb></usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmbx12.p | |||||
fb></usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmr10.pfb></us | |||||
r/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmr12.pfb></usr/share | |||||
/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmr6.pfb></usr/share/texlive | |||||
/texmf-dist/fonts/type1/public/amsfonts/cm/cmr8.pfb></usr/share/texlive/texmf-d | |||||
ist/fonts/type1/public/amsfonts/cm/cmr9.pfb></usr/share/texlive/texmf-dist/font | |||||
s/type1/public/amsfonts/cm/cmsy10.pfb></usr/share/texlive/texmf-dist/fonts/type | |||||
1/public/amsfonts/cm/cmtt10.pfb> | |||||
Output written on 4.pdf (6 pages, 123335 bytes). | |||||
PDF statistics: | |||||
59 PDF objects out of 1000 (max. 8388607) | |||||
41 compressed objects within 1 object stream | |||||
0 named destinations out of 1000 (max. 500000) | |||||
1 words of extra memory for PDF output out of 10000 (max. 10000000) | |||||
@ -0,0 +1,182 @@ | |||||
\documentclass[11pt]{article} | |||||
%Gummi|065|=) | |||||
\title{\textbf{Fail2ban Primer}} | |||||
\author{Steak Electronics} | |||||
\date{05/12/19} | |||||
\begin{document} | |||||
\maketitle | |||||
\section{Overview} | |||||
Fail2Ban is a program, a spiritual successor to denyhosts\footnote{denyhosts was used for ssh, but eventually was abandoned. It was quite a bit simpler to configure than fail2ban, and this was its strength, but it is also more limited, and now has vulnerabilities.}, which is used to block ip addresses that try to break into your internet server. | |||||
Here are some of the traps, and configurations I've needed to setup fail2ban correctly. It's not a complex program, but unless you sit down and understand it, you might get caught. | |||||
\section{Instructions for Setup} | |||||
Quick setup for Devuan / Debian 9: | |||||
First install fail2ban using apt-get. (apt-get install fail2ban). | |||||
Fail2ban is a service that will appear in /etc/init.d/ in Devuan. | |||||
So it can be managed with service fail2ban \{start,stop,restart\}. | |||||
Second, navigate to /etc/fail2ban/jail.d/ | |||||
Add the following to a sshd.conf file (or name it anything you like) | |||||
\begin{verbatim} | |||||
# this is used in devuan. no other changes are made to other files, except | |||||
# that the default ssh filter is disabled in jail.conf if it enabled | |||||
[sshd] | |||||
ignoreip = 127.0.0.1/8 | |||||
#banaction = iptables | |||||
action = iptables-allports | |||||
maxretry = 6 | |||||
enabled = true | |||||
filter = sshd | |||||
logpath = /var/log/auth.log | |||||
bantime = 360000 | |||||
findtime = 3600 | |||||
\end{verbatim} | |||||
Now, a few notes on this file. | |||||
\vspace{0.2in} | |||||
First, action can be iptables for a single port, or iptables-multiport for more than one, but we are using iptables-allports, as we want to block everything. | |||||
\vspace{0.2in} | |||||
Second, logpath, should point to your ssh log. In devuan ascii / debian stretch (9) it should be /var/log/auth.log. Other distributions may vary. The format of the ssh log can vary as well. In this guide, it's assumed to be auth.log. | |||||
\vspace{0.2in} | |||||
Third, be careful of different ssh ports. I routinely change ssh ports to be a non standard port, which although it's somewhat pointless, it still seems to block random ssh port scans for port 22. If you use a different port, you must specify it in iptables-multiport above. A potential trap is to use a nonstandard port, then wonder why fail2ban blocks port 22, but your ssh is on port 123 or something. An agressive adn easier approach is to just block everything. | |||||
\vspace{0.2in} | |||||
Fourth, the default action in iptables-common \footnote{this file in actions.d applies to all iptables of course, being common} is to REJECT packets. However, I have changed it to DROP (blocktype=DROP). For those not familiar with the difference between REJECT and DROP, from my understanding, it boils down to that REJECT will alert the outside host that the post is unreachable, while drop simply drops the connection, leaving the other host to figure it out on their own. | |||||
\textbf{To configure it, see /etc/fail2ban/actions.d/iptables-common.conf and search for blocktype.} | |||||
As I consider the offending ip addresses to be attackers, I have set it to DROP. If they try to break into the server, then block all ports from them, and don't tell them anything. The DROP timeout is more work on their end. With REJECT, my server actually responds to them. | |||||
On fail2ban issues git tracker, there is some discussion about this, and it is not really definitive. It ends up being that, REJECT is default, and if you want you can change it to DROP. As I have. | |||||
\vspace{0.2in} | |||||
Fifth, review jail.conf, and fail2ban.conf. Usually nothing needs to be changed, but occasionally jail.conf will enable the default sshd jail (which you can disable, and use instead the new one). | |||||
\subsection{Configuration in Gentoo} | |||||
This guide will only cover those working with syslog-ng in Gentoo. You can add a config to syslog-ng to get auth.log to appear in Gentoo. | |||||
\footnote{Reference: https://wiki.gentoo.org/wiki/Security\_Handbook/Logging\#Syslog-ng} Notice in the below config, that a destination has been defined for authlog. You need not copy all the syslog-ng below, only what you need. | |||||
\begin{verbatim} | |||||
/etc/syslog-ng/syslog-ng.confSyslog-ng | |||||
@version: 3.17 #mandatory since Version 3, specify | |||||
the version number of the used syslog-ng | |||||
options { | |||||
chain_hostnames(no); | |||||
# The default action of syslog-ng is to log a STATS line | |||||
# to the file every 10 minutes. That's pretty ugly after a while. | |||||
# Change it to every 12 hours so you get a nice daily update of | |||||
# how many messages syslog-ng missed (0). | |||||
stats_freq(43200); | |||||
}; | |||||
source src { | |||||
unix-stream("/dev/log" max-connections(256)); | |||||
internal(); | |||||
}; | |||||
source kernsrc { file("/proc/kmsg"); }; | |||||
# define destinations | |||||
destination authlog { file("/var/log/auth.log"); }; | |||||
destination syslog { file("/var/log/syslog"); }; | |||||
destination cron { file("/var/log/cron.log"); }; | |||||
destination daemon { file("/var/log/daemon.log"); }; | |||||
destination kern { file("/var/log/kern.log"); }; | |||||
destination lpr { file("/var/log/lpr.log"); }; | |||||
destination user { file("/var/log/user.log"); }; | |||||
destination mail { file("/var/log/mail.log"); }; | |||||
destination mailinfo { file("/var/log/mail.info"); }; | |||||
destination mailwarn { file("/var/log/mail.warn"); }; | |||||
destination mailerr { file("/var/log/mail.err"); }; | |||||
destination newscrit { file("/var/log/news/news.crit"); }; | |||||
destination newserr { file("/var/log/news/news.err"); }; | |||||
destination newsnotice { file("/var/log/news/news.notice"); }; | |||||
destination debug { file("/var/log/debug"); }; | |||||
destination messages { file("/var/log/messages"); }; | |||||
destination console { usertty("root"); }; | |||||
# By default messages are logged to tty12... | |||||
destination console_all { file("/dev/tty12"); }; | |||||
# ...if you intend to use /dev/console for programs like xconsole | |||||
# you can comment out the destination line above that references /dev/tty12 | |||||
# and uncomment the line below. | |||||
#destination console_all { file("/dev/console"); }; | |||||
# create filters | |||||
filter f_authpriv { facility(auth, authpriv); }; | |||||
filter f_syslog { not facility(authpriv, mail); }; | |||||
filter f_cron { facility(cron); }; | |||||
filter f_daemon { facility(daemon); }; | |||||
filter f_kern { facility(kern); }; | |||||
filter f_lpr { facility(lpr); }; | |||||
filter f_mail { facility(mail); }; | |||||
filter f_user { facility(user); }; | |||||
filter f_debug { not facility(auth, authpriv, news, mail); }; | |||||
filter f_messages { level(info..warn) | |||||
and not facility(auth, authpriv, mail, news); }; | |||||
filter f_emergency { level(emerg); }; | |||||
filter f_info { level(info); }; | |||||
filter f_notice { level(notice); }; | |||||
filter f_warn { level(warn); }; | |||||
filter f_crit { level(crit); }; | |||||
filter f_err { level(err); }; | |||||
filter f_failed { message("failed"); }; | |||||
filter f_denied { message("denied"); }; | |||||
# connect filter and destination | |||||
log { source(src); filter(f_authpriv); destination(authlog); }; | |||||
log { source(src); filter(f_syslog); destination(syslog); }; | |||||
log { source(src); filter(f_cron); destination(cron); }; | |||||
log { source(src); filter(f_daemon); destination(daemon); }; | |||||
log { source(kernsrc); filter(f_kern); destination(kern); }; | |||||
log { source(src); filter(f_lpr); destination(lpr); }; | |||||
log { source(src); filter(f_mail); destination(mail); }; | |||||
log { source(src); filter(f_user); destination(user); }; | |||||
log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); }; | |||||
log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); }; | |||||
log { source(src); filter(f_mail); filter(f_err); destination(mailerr); }; | |||||
log { source(src); filter(f_debug); destination(debug); }; | |||||
log { source(src); filter(f_messages); destination(messages); }; | |||||
log { source(src); filter(f_emergency); destination(console); }; | |||||
# default log | |||||
log { source(src); destination(console_all); }; | |||||
\end{verbatim} | |||||
\section{Future Advancements} | |||||
What is next for fail2ban after the above? You will want to watch apache logs, and ban any hosts from your IP that search for things they should not be looking for (wordpress logins, phpmyadmin, etc). You can simply add them to a 6-12 month blacklist, if they search for anything they shouldn't be searching for. | |||||
Gentoo has a use flag to use a DB to do persistent blocking over time. This way you can block offending IPs through restarts. | |||||
\section{Further Reading} | |||||
https://github.com/fail2ban/fail2ban/issues/2217 | |||||
https://www.jwz.org/blog/2019/03/apache-2-4-1-killed-fail2ban-so-thats-awesome/ | |||||
https://www.fail2ban.org/wiki/index.php/Apache | |||||
https://www.fail2ban.org/wiki/index.php/ | |||||
\end{document} |
@ -0,0 +1,178 @@ | |||||
\documentclass[11pt]{article} | |||||
%Gummi|065|=) | |||||
\title{\textbf{Fail2ban Primer}} | |||||
\author{Steak Electronics} | |||||
\date{05/12/19} | |||||
\begin{document} | |||||
\maketitle | |||||
\section{Overview} | |||||
Fail2Ban is a program, a spiritual successor to denyhosts\footnote{denyhosts was used for ssh, but eventually was abandoned. It was quite a bit simpler to configure than fail2ban, and this was its strength, but it is also more limited, and now has vulnerabilities.}, which is used to block ip addresses that try to break into your internet server. | |||||
Here are some of the traps, and configurations I've needed to setup fail2ban correctly. It's not a complex program, but unless you sit down and understand it, you might get caught. | |||||
\section{Instructions for Setup} | |||||
Quick setup for Devuan / Debian 9: | |||||
First install fail2ban using apt-get. (apt-get install fail2ban). | |||||
Fail2ban is a service that will appear in /etc/init.d/ in Devuan. | |||||
So it can be managed with service fail2ban \{start,stop,restart\}. | |||||
Second, navigate to /etc/fail2ban/jail.d/ | |||||
Add the following to a sshd.conf file (or name it anything you like) | |||||
\begin{verbatim} | |||||
# this is used in devuan. no other changes are made to other files, except | |||||
# that the default ssh filter is disabled in jail.conf if it enabled | |||||
[sshd] | |||||
ignoreip = 127.0.0.1/8 | |||||
#banaction = iptables | |||||
action = iptables-allports | |||||
maxretry = 6 | |||||
enabled = true | |||||
filter = sshd | |||||
logpath = /var/log/auth.log | |||||
bantime = 360000 | |||||
findtime = 3600 | |||||
# note that here, the action and its ports are set on INPUT | |||||
# so its a rule to block INPUT on ssh, http, https, and 22222 | |||||
# make sure ports are right. | |||||
# you could also use the single iptables too, just need to specify the right port. | |||||
#the blocktype=DROP here, goes to actions.d/iptables-multiport.conf, and changes blocktype to drop. | |||||
\end{verbatim} | |||||
Now, a few notes on this file. | |||||
\vspace{0.2in} | |||||
First, action can be iptables, but we are using iptables-multiport, as we want to block multiple ports. | |||||
\vspace{0.2in} | |||||
Second, logpath, should point to your ssh log. In devuan ascii / debian stretch (9) it should be /var/log/auth.log. Other distributions may vary. | |||||
\vspace{0.2in} | |||||
Third, be careful of different ssh ports. I routinely change ssh ports to be a non standard port, which although it's somewhat pointless, it still seems to block random ssh port scans for port 22. If you use a different port, you must specify it in iptables-multiport above. A potential trap is to use a nonstandard port, then wonder why fail2ban blocks port 22, but your ssh is on port 123 or something. | |||||
\vspace{0.2in} | |||||
Fourth, the default action in iptables-multiport is to REJECT packets. However, I have changed it to DROP (blocktype=DROP). For those not familiar with the difference between REJECT and DROP, from my understanding, it boils down to that REJECT will alert the outside host that the post is unreachable, while drop simply drops the connection, leaving the other host to figure it out on their own. | |||||
As I consider the offending ip addresses to be attackers, I have set it to DROP. If they try to break into the server, then block all ports from them, and don't tell them anything. The DROP timeout is more work on their end. With REJECT, my server actually responds to them. | |||||
On fail2ban issues git tracker, there is some discussion about this, and it is not really definitive. It ends up being that, REJECT is default, and if you want you can change it to DROP. As I have. | |||||
\vspace{0.2in} | |||||
Fifth, review jail.conf, and fail2ban.conf. Usually nothing needs to be changed, but occasionally jail.conf will enable the default sshd jail (which you can disable, and use instead the new one). | |||||
\subsection{Configuration in Gentoo} | |||||
This guide will only cover those working with syslog-ng in Gentoo. You can add a config to syslog-ng to get auth.log to appear in Gentoo. | |||||
\footnote{Reference: https://wiki.gentoo.org/wiki/Security\_Handbook/Logging\#Syslog-ng} Notice in the below config, that a destination has been defined for authlog. You need not copy all the syslog-ng below, only what you need. | |||||
\begin{verbatim} | |||||
/etc/syslog-ng/syslog-ng.confSyslog-ng | |||||
@version: 3.17 #mandatory since Version 3, specify the version number of the used syslog-ng | |||||
options { | |||||
chain_hostnames(no); | |||||
# The default action of syslog-ng is to log a STATS line | |||||
# to the file every 10 minutes. That's pretty ugly after a while. | |||||
# Change it to every 12 hours so you get a nice daily update of | |||||
# how many messages syslog-ng missed (0). | |||||
stats_freq(43200); | |||||
}; | |||||
source src { | |||||
unix-stream("/dev/log" max-connections(256)); | |||||
internal(); | |||||
}; | |||||
source kernsrc { file("/proc/kmsg"); }; | |||||
# define destinations | |||||
destination authlog { file("/var/log/auth.log"); }; | |||||
destination syslog { file("/var/log/syslog"); }; | |||||
destination cron { file("/var/log/cron.log"); }; | |||||
destination daemon { file("/var/log/daemon.log"); }; | |||||
destination kern { file("/var/log/kern.log"); }; | |||||
destination lpr { file("/var/log/lpr.log"); }; | |||||
destination user { file("/var/log/user.log"); }; | |||||
destination mail { file("/var/log/mail.log"); }; | |||||
destination mailinfo { file("/var/log/mail.info"); }; | |||||
destination mailwarn { file("/var/log/mail.warn"); }; | |||||
destination mailerr { file("/var/log/mail.err"); }; | |||||
destination newscrit { file("/var/log/news/news.crit"); }; | |||||
destination newserr { file("/var/log/news/news.err"); }; | |||||
destination newsnotice { file("/var/log/news/news.notice"); }; | |||||
destination debug { file("/var/log/debug"); }; | |||||
destination messages { file("/var/log/messages"); }; | |||||
destination console { usertty("root"); }; | |||||
# By default messages are logged to tty12... | |||||
destination console_all { file("/dev/tty12"); }; | |||||
# ...if you intend to use /dev/console for programs like xconsole | |||||
# you can comment out the destination line above that references /dev/tty12 | |||||
# and uncomment the line below. | |||||
#destination console_all { file("/dev/console"); }; | |||||
# create filters | |||||
filter f_authpriv { facility(auth, authpriv); }; | |||||
filter f_syslog { not facility(authpriv, mail); }; | |||||
filter f_cron { facility(cron); }; | |||||
filter f_daemon { facility(daemon); }; | |||||
filter f_kern { facility(kern); }; | |||||
filter f_lpr { facility(lpr); }; | |||||
filter f_mail { facility(mail); }; | |||||
filter f_user { facility(user); }; | |||||
filter f_debug { not facility(auth, authpriv, news, mail); }; | |||||
filter f_messages { level(info..warn) | |||||
and not facility(auth, authpriv, mail, news); }; | |||||
filter f_emergency { level(emerg); }; | |||||
filter f_info { level(info); }; | |||||
filter f_notice { level(notice); }; | |||||
filter f_warn { level(warn); }; | |||||
filter f_crit { level(crit); }; | |||||
filter f_err { level(err); }; | |||||
filter f_failed { message("failed"); }; | |||||
filter f_denied { message("denied"); }; | |||||
# connect filter and destination | |||||
log { source(src); filter(f_authpriv); destination(authlog); }; | |||||
log { source(src); filter(f_syslog); destination(syslog); }; | |||||
log { source(src); filter(f_cron); destination(cron); }; | |||||
log { source(src); filter(f_daemon); destination(daemon); }; | |||||
log { source(kernsrc); filter(f_kern); destination(kern); }; | |||||
log { source(src); filter(f_lpr); destination(lpr); }; | |||||
log { source(src); filter(f_mail); destination(mail); }; | |||||
log { source(src); filter(f_user); destination(user); }; | |||||
log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); }; | |||||
log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); }; | |||||
log { source(src); filter(f_mail); filter(f_err); destination(mailerr); }; | |||||
log { source(src); filter(f_debug); destination(debug); }; | |||||
log { source(src); filter(f_messages); destination(messages); }; | |||||
log { source(src); filter(f_emergency); destination(console); }; | |||||
# default log | |||||
log { source(src); destination(console_all); }; | |||||
\end{verbatim} | |||||
\section{Future Advancements} | |||||
What is next for fail2ban after the above? You will want to watch apache logs, and ban any hosts from your IP that search for things they should not be looking for (wordpress logins, phpmyadmin, etc). You can simply add them to a 6-12 month blacklist, if they search for anything they shouldn't be searching for. | |||||
\section{Further Reading} | |||||
https://www.jwz.org/blog/2019/03/apache-2-4-1-killed-fail2ban-so-thats-awesome/ | |||||
\end{document} |
@ -0,0 +1,6 @@ | |||||
\relax | |||||
\@writefile{toc}{\contentsline {section}{\numberline {1}Overview}{1}} | |||||
\@writefile{toc}{\contentsline {section}{\numberline {2}Instructions for Setup}{1}} | |||||
\@writefile{toc}{\contentsline {subsection}{\numberline {2.1}Getting auth.log to appear in Gentoo}{3}} | |||||
\@writefile{toc}{\contentsline {section}{\numberline {3}Future Advancements}{5}} | |||||
\@writefile{toc}{\contentsline {section}{\numberline {4}Further Reading}{6}} |
@ -0,0 +1,180 @@ | |||||
This is pdfTeX, Version 3.14159265-2.6-1.40.15 (TeX Live 2015/dev/Debian) (preloaded format=pdflatex 2018.11.28) 29 MAY 2019 01:37 | |||||
entering extended mode | |||||
restricted \write18 enabled. | |||||
%&-line parsing enabled. | |||||
**/home/layoutdev/Desktop/code/documentation_general/IT_Articles/2019/Fail2Ban_ | |||||
Primer/docs/5.tex | |||||
(/home/layoutdev/Desktop/code/documentation_general/IT_Articles/2019/Fail2Ban_P | |||||
rimer/docs/5.tex | |||||
LaTeX2e <2014/05/01> | |||||
Babel <3.9l> and hyphenation patterns for 2 languages loaded. | |||||
(/usr/share/texlive/texmf-dist/tex/latex/base/article.cls | |||||
Document Class: article 2014/09/29 v1.4h Standard LaTeX document class | |||||
(/usr/share/texlive/texmf-dist/tex/latex/base/size11.clo | |||||
File: size11.clo 2014/09/29 v1.4h Standard LaTeX file (size option) | |||||
) | |||||
\c@part=\count79 | |||||
\c@section=\count80 | |||||
\c@subsection=\count81 | |||||
\c@subsubsection=\count82 | |||||
\c@paragraph=\count83 | |||||
\c@subparagraph=\count84 | |||||
\c@figure=\count85 | |||||
\c@table=\count86 | |||||
\abovecaptionskip=\skip41 | |||||
\belowcaptionskip=\skip42 | |||||
\bibindent=\dimen102 | |||||
) (./5.aux) | |||||
\openout1 = `5.aux'. | |||||
LaTeX Font Info: Checking defaults for OML/cmm/m/it on input line 6. | |||||
LaTeX Font Info: ... okay on input line 6. | |||||
LaTeX Font Info: Checking defaults for T1/cmr/m/n on input line 6. | |||||
LaTeX Font Info: ... okay on input line 6. | |||||
LaTeX Font Info: Checking defaults for OT1/cmr/m/n on input line 6. | |||||
LaTeX Font Info: ... okay on input line 6. | |||||
LaTeX Font Info: Checking defaults for OMS/cmsy/m/n on input line 6. | |||||
LaTeX Font Info: ... okay on input line 6. | |||||
LaTeX Font Info: Checking defaults for OMX/cmex/m/n on input line 6. | |||||
LaTeX Font Info: ... okay on input line 6. | |||||
LaTeX Font Info: Checking defaults for U/cmr/m/n on input line 6. | |||||
LaTeX Font Info: ... okay on input line 6. | |||||
(./5.toc | |||||
LaTeX Font Info: External font `cmex10' loaded for size | |||||
(Font) <10.95> on input line 3. | |||||
LaTeX Font Info: External font `cmex10' loaded for size | |||||
(Font) <8> on input line 3. | |||||
LaTeX Font Info: External font `cmex10' loaded for size | |||||
(Font) <6> on input line 3. | |||||
) | |||||
\tf@toc=\write3 | |||||
\openout3 = `5.toc'. | |||||
LaTeX Font Info: External font `cmex10' loaded for size | |||||
(Font) <9> on input line 14. | |||||
LaTeX Font Info: External font `cmex10' loaded for size | |||||
(Font) <5> on input line 14. | |||||
LaTeX Font Info: Try loading font information for OMS+cmr on input line 22. | |||||
(/usr/share/texlive/texmf-dist/tex/latex/base/omscmr.fd | |||||
File: omscmr.fd 2014/09/29 v2.5h Standard LaTeX font definitions | |||||
) | |||||
LaTeX Font Info: Font shape `OMS/cmr/m/n' in size <10.95> not available | |||||
(Font) Font shape `OMS/cmsy/m/n' tried instead on input line 22. | |||||
Overfull \hbox (65.4029pt too wide) in paragraph at lines 39--39 | |||||
[]\OT1/cmtt/m/n/10.95 # this is used in devuan. no other changes are made to ot | |||||
her files, except[] | |||||
[] | |||||
Overfull \hbox (30.91077pt too wide) in paragraph at lines 39--39 | |||||
[]\OT1/cmtt/m/n/10.95 # that the default ssh filter is disabled in jail.conf if | |||||
it enabled[] | |||||
[] | |||||
[1 | |||||
{/var/lib/texmf/fonts/map/pdftex/updmap/pdftex.map}] | |||||
Overfull \hbox (14.05429pt too wide) in paragraph at lines 58--59 | |||||
[]\OT1/cmr/bx/n/10.95 To con-fig-ure it, see /etc/fail2ban/actions.d/iptables-c | |||||
ommon.conf | |||||
[] | |||||
[2] | |||||
Overfull \hbox (7.91602pt too wide) in paragraph at lines 165--165 | |||||
[] \OT1/cmtt/m/n/10.95 # The default action of syslog-ng is to log a STA | |||||
TS line[] | |||||
[] | |||||
Overfull \hbox (65.4029pt too wide) in paragraph at lines 165--165 | |||||
[] \OT1/cmtt/m/n/10.95 # to the file every 10 minutes. That's pretty ug | |||||
ly after a while.[] | |||||
[] | |||||
Overfull \hbox (48.15683pt too wide) in paragraph at lines 165--165 | |||||
[] \OT1/cmtt/m/n/10.95 # Change it to every 12 hours so you get a nice d | |||||
aily update of[] | |||||
[] | |||||
[3] | |||||
Overfull \hbox (13.6647pt too wide) in paragraph at lines 165--165 | |||||
[]\OT1/cmtt/m/n/10.95 # ...if you intend to use /dev/console for programs like | |||||
xconsole[] | |||||
[] | |||||
Overfull \hbox (71.15158pt too wide) in paragraph at lines 165--165 | |||||
[]\OT1/cmtt/m/n/10.95 # you can comment out the destination line above that ref | |||||
erences /dev/tty12[] | |||||
[] | |||||
[4] | |||||
Overfull \hbox (2.16733pt too wide) in paragraph at lines 165--165 | |||||
[]\OT1/cmtt/m/n/10.95 log { source(src); filter(f_authpriv); destination(authlo | |||||
g); };[] | |||||
[] | |||||
Overfull \hbox (76.90027pt too wide) in paragraph at lines 165--165 | |||||
[]\OT1/cmtt/m/n/10.95 log { source(src); filter(f_mail); filter(f_info); destin | |||||
ation(mailinfo); };[] | |||||
[] | |||||
Overfull \hbox (76.90027pt too wide) in paragraph at lines 165--165 | |||||
[]\OT1/cmtt/m/n/10.95 log { source(src); filter(f_mail); filter(f_warn); destin | |||||
ation(mailwarn); };[] | |||||
[] | |||||
Overfull \hbox (65.4029pt too wide) in paragraph at lines 165--165 | |||||
[]\OT1/cmtt/m/n/10.95 log { source(src); filter(f_mail); filter(f_err); destina | |||||
tion(mailerr); };[] | |||||
[] | |||||
Overfull \hbox (7.91602pt too wide) in paragraph at lines 165--165 | |||||
[]\OT1/cmtt/m/n/10.95 log { source(src); filter(f_messages); destination(messag | |||||
es); };[] | |||||
[] | |||||
Overfull \hbox (7.91602pt too wide) in paragraph at lines 165--165 | |||||
[]\OT1/cmtt/m/n/10.95 log { source(src); filter(f_emergency); destination(conso | |||||
le); };[] | |||||
[] | |||||
[5] | |||||
Overfull \hbox (7.91743pt too wide) in paragraph at lines 175--176 | |||||
[]\OT1/cmr/m/n/10.95 https://www.jwz.org/blog/2019/03/apache-2-4-1-killed-fail2 | |||||
ban-so-thats- | |||||
[] | |||||
[6] (./5.aux) ) | |||||
Here is how much of TeX's memory you used: | |||||
261 strings out of 495020 | |||||
3142 string characters out of 6181323 | |||||
50970 words of memory out of 5000000 | |||||
3542 multiletter control sequences out of 15000+600000 | |||||
8977 words of font info for 32 fonts, out of 8000000 for 9000 | |||||
14 hyphenation exceptions out of 8191 | |||||
23i,8n,19p,591b,241s stack positions out of 5000i,500n,10000p,200000b,80000s | |||||
</usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cm | |||||
bx10.pfb></usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmbx12.p | |||||
fb></usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmr10.pfb></us | |||||
r/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmr6.pfb></usr/share/ | |||||
texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmr8.pfb></usr/share/texlive/ | |||||
texmf-dist/fonts/type1/public/amsfonts/cm/cmr9.pfb></usr/share/texlive/texmf-di | |||||
st/fonts/type1/public/amsfonts/cm/cmsy10.pfb></usr/share/texlive/texmf-dist/fon | |||||
ts/type1/public/amsfonts/cm/cmtt10.pfb> | |||||
Output written on 5.pdf (6 pages, 115833 bytes). | |||||
PDF statistics: | |||||
55 PDF objects out of 1000 (max. 8388607) | |||||
38 compressed objects within 1 object stream | |||||
0 named destinations out of 1000 (max. 500000) | |||||
1 words of extra memory for PDF output out of 10000 (max. 10000000) | |||||
@ -0,0 +1,184 @@ | |||||
\documentclass[11pt]{article} | |||||
%Gummi|065|=) | |||||
\title{\textbf{Fail2ban Primer}} | |||||
\author{Steak Electronics} | |||||
\date{05/29/19} | |||||
\begin{document} | |||||
\textbf{Fail2ban Primer} | |||||
%maketitle | |||||
\tableofcontents | |||||
\section{Overview} | |||||
Fail2Ban is a firewall adjunct, a spiritual successor to denyhosts\footnote{denyhosts was used for ssh, but eventually was abandoned. It was quite a bit simpler to configure than fail2ban, and this was its strength, but it is also more limited, and now has vulnerabilities.}, which is used to block ip addresses that try to break into your internet server. | |||||
Here are some of the traps, and configurations I've needed to setup fail2ban correctly. It's not a complex program, but unless you sit down and understand it, you might get caught. To be honest, it took me some time to figure out fail2ban, as I initially didn't have the patience to sit down and configure it. | |||||
\section{Instructions for Setup} | |||||
Quick setup for Devuan / Debian 9: | |||||
First install fail2ban using apt-get. (apt-get install fail2ban). | |||||
Fail2ban is a service that will appear in /etc/init.d/ in Devuan. | |||||
So it can be managed with service fail2ban \{start,stop,restart\}. | |||||
Second, navigate to /etc/fail2ban/jail.d/ | |||||
Add the following to a sshd.conf file (or name it anything you like) | |||||
\begin{verbatim} | |||||
# this is used in devuan. no other changes are made to other files, except | |||||
# that the default ssh filter is disabled in jail.conf if it enabled | |||||
[sshd] | |||||
ignoreip = 127.0.0.1/8 | |||||
action = iptables-allports | |||||
maxretry = 6 | |||||
enabled = true | |||||
filter = sshd | |||||
logpath = /var/log/auth.log | |||||
bantime = 360000 | |||||
findtime = 3600 | |||||
\end{verbatim} | |||||
Now, a few notes on this file. | |||||
\vspace{0.2in} | |||||
First, action can be iptables for a single port, or iptables-multiport for more than one, but we are using iptables-allports, as we want to block everything. These actions are listed in /etc/fail2ban/actions.d/ | |||||
\vspace{0.2in} | |||||
Second, logpath, should point to your ssh log. In devuan ascii / debian stretch (9) it should be /var/log/auth.log. Other distributions may vary. The format of the ssh log can vary as well. In this guide, it's assumed to be auth.log. Gentoo users see below to enable auth.log in syslog-ng. | |||||
\vspace{0.2in} | |||||
Third, be careful of different ssh ports. I routinely change ssh ports to be a non standard port, which although it's somewhat pointless, it still seems to block random ssh port scans for port 22. If you use a different port, you must specify it in iptables-multiport above. A potential trap is to use a nonstandard port, then wonder why fail2ban blocks port 22, but your ssh is on port 123 or something. An agressive and easier approach is to just block everything. | |||||
\vspace{0.2in} | |||||
Fourth, the default action in iptables-common \footnote{this parent file in actions.d applies to all child iptables of course, being named ``common''} is to REJECT packets. However, I have changed it to DROP (blocktype=DROP). For those unfamiliar with the difference between REJECT and DROP, from my understanding, it is that REJECT will alert the outside host that the post is unreachable, while DROP simply goes silent, leaving the other host to figure it out on their own. | |||||
\textbf{To configure it, see /etc/fail2ban/actions.d/iptables-common.conf and search for blocktype.} | |||||
As I consider the offending ip addresses to be attackers, I have set it to DROP. If they try to break into the server, then block all ports from them, and don't tell them anything. The DROP timeout is more work on their end. With REJECT, my server responds. No need to play nice, with people/robots that have no morals. | |||||
On fail2ban issues git tracker, there is some discussion about this, and it is not really definitive. It ends up being that, REJECT is default, and if you want you can change it to DROP. As I have. As long as the option is there, I think that is acceptable. | |||||
\vspace{0.2in} | |||||
Fifth, review jail.conf, and fail2ban.conf. Usually nothing needs to be changed, but occasionally jail.conf will enable the default sshd jail (which you can disable, and use instead the new one). This will be distribution dependent. | |||||
\subsection{Getting auth.log to appear in Gentoo} | |||||
This guide will only cover those working with syslog-ng in Gentoo. You can add a config to syslog-ng to get auth.log to appear in Gentoo. | |||||
\footnote{Reference: https://wiki.gentoo.org/wiki/Security\_Handbook/Logging\#Syslog-ng} Notice in the below config, that a destination has been defined for authlog. You need not copy all the syslog-ng below, only what you need. | |||||
\begin{verbatim} | |||||
/etc/syslog-ng/syslog-ng.confSyslog-ng | |||||
@version: 3.17 #mandatory since Version 3, specify | |||||
the version number of the used syslog-ng | |||||
options { | |||||
chain_hostnames(no); | |||||
# The default action of syslog-ng is to log a STATS line | |||||
# to the file every 10 minutes. That's pretty ugly after a while. | |||||
# Change it to every 12 hours so you get a nice daily update of | |||||
# how many messages syslog-ng missed (0). | |||||
stats_freq(43200); | |||||
}; | |||||
source src { | |||||
unix-stream("/dev/log" max-connections(256)); | |||||
internal(); | |||||
}; | |||||
source kernsrc { file("/proc/kmsg"); }; | |||||
# define destinations | |||||
destination authlog { file("/var/log/auth.log"); }; | |||||
destination syslog { file("/var/log/syslog"); }; | |||||
destination cron { file("/var/log/cron.log"); }; | |||||
destination daemon { file("/var/log/daemon.log"); }; | |||||
destination kern { file("/var/log/kern.log"); }; | |||||
destination lpr { file("/var/log/lpr.log"); }; | |||||
destination user { file("/var/log/user.log"); }; | |||||
destination mail { file("/var/log/mail.log"); }; | |||||
destination mailinfo { file("/var/log/mail.info"); }; | |||||
destination mailwarn { file("/var/log/mail.warn"); }; | |||||
destination mailerr { file("/var/log/mail.err"); }; | |||||
destination newscrit { file("/var/log/news/news.crit"); }; | |||||
destination newserr { file("/var/log/news/news.err"); }; | |||||
destination newsnotice { file("/var/log/news/news.notice"); }; | |||||
destination debug { file("/var/log/debug"); }; | |||||
destination messages { file("/var/log/messages"); }; | |||||
destination console { usertty("root"); }; | |||||
# By default messages are logged to tty12... | |||||
destination console_all { file("/dev/tty12"); }; | |||||
# ...if you intend to use /dev/console for programs like xconsole | |||||
# you can comment out the destination line above that references /dev/tty12 | |||||
# and uncomment the line below. | |||||
#destination console_all { file("/dev/console"); }; | |||||
# create filters | |||||
filter f_authpriv { facility(auth, authpriv); }; | |||||
filter f_syslog { not facility(authpriv, mail); }; | |||||
filter f_cron { facility(cron); }; | |||||
filter f_daemon { facility(daemon); }; | |||||
filter f_kern { facility(kern); }; | |||||
filter f_lpr { facility(lpr); }; | |||||
filter f_mail { facility(mail); }; | |||||
filter f_user { facility(user); }; | |||||
filter f_debug { not facility(auth, authpriv, news, mail); }; | |||||
filter f_messages { level(info..warn) | |||||
and not facility(auth, authpriv, mail, news); }; | |||||
filter f_emergency { level(emerg); }; | |||||
filter f_info { level(info); }; | |||||
filter f_notice { level(notice); }; | |||||
filter f_warn { level(warn); }; | |||||
filter f_crit { level(crit); }; | |||||
filter f_err { level(err); }; | |||||
filter f_failed { message("failed"); }; | |||||
filter f_denied { message("denied"); }; | |||||
# connect filter and destination | |||||
log { source(src); filter(f_authpriv); destination(authlog); }; | |||||
log { source(src); filter(f_syslog); destination(syslog); }; | |||||
log { source(src); filter(f_cron); destination(cron); }; | |||||
log { source(src); filter(f_daemon); destination(daemon); }; | |||||
log { source(kernsrc); filter(f_kern); destination(kern); }; | |||||
log { source(src); filter(f_lpr); destination(lpr); }; | |||||
log { source(src); filter(f_mail); destination(mail); }; | |||||
log { source(src); filter(f_user); destination(user); }; | |||||
log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); }; | |||||
log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); }; | |||||
log { source(src); filter(f_mail); filter(f_err); destination(mailerr); }; | |||||
log { source(src); filter(f_debug); destination(debug); }; | |||||
log { source(src); filter(f_messages); destination(messages); }; | |||||
log { source(src); filter(f_emergency); destination(console); }; | |||||
# default log | |||||
log { source(src); destination(console_all); }; | |||||
\end{verbatim} | |||||
\section{Future Advancements} | |||||
What is next for fail2ban after the above? You will want to watch apache logs, and ban any hosts from your IP that search for things they should not be looking for (wordpress logins, phpmyadmin, etc). | |||||
Gentoo has a use flag to use a DB to do persistent blocking over time. This way you can block offending IPs through restarts. | |||||
\section{Further Reading} | |||||
https://github.com/fail2ban/fail2ban/issues/2217 | |||||
https://www.jwz.org/blog/2019/03/apache-2-4-1-killed-fail2ban-so-thats-awesome/ | |||||
https://www.fail2ban.org/wiki/index.php/Apache | |||||
https://www.fail2ban.org/wiki/index.php/ | |||||
\end{document} |
@ -0,0 +1,182 @@ | |||||
\documentclass[11pt]{article} | |||||
%Gummi|065|=) | |||||
\title{\textbf{Fail2ban Primer}} | |||||
\author{Steak Electronics} | |||||
\date{05/12/19} | |||||
\begin{document} | |||||
\maketitle | |||||
\section{Overview} | |||||
Fail2Ban is a program, a spiritual successor to denyhosts\footnote{denyhosts was used for ssh, but eventually was abandoned. It was quite a bit simpler to configure than fail2ban, and this was its strength, but it is also more limited, and now has vulnerabilities.}, which is used to block ip addresses that try to break into your internet server. | |||||
Here are some of the traps, and configurations I've needed to setup fail2ban correctly. It's not a complex program, but unless you sit down and understand it, you might get caught. | |||||
\section{Instructions for Setup} | |||||
Quick setup for Devuan / Debian 9: | |||||
First install fail2ban using apt-get. (apt-get install fail2ban). | |||||
Fail2ban is a service that will appear in /etc/init.d/ in Devuan. | |||||
So it can be managed with service fail2ban \{start,stop,restart\}. | |||||
Second, navigate to /etc/fail2ban/jail.d/ | |||||
Add the following to a sshd.conf file (or name it anything you like) | |||||
\begin{verbatim} | |||||
# this is used in devuan. no other changes are made to other files, except | |||||
# that the default ssh filter is disabled in jail.conf if it enabled | |||||
[sshd] | |||||
ignoreip = 127.0.0.1/8 | |||||
#banaction = iptables | |||||
action = iptables-allports | |||||
maxretry = 6 | |||||
enabled = true | |||||
filter = sshd | |||||
logpath = /var/log/auth.log | |||||
bantime = 360000 | |||||
findtime = 3600 | |||||
\end{verbatim} | |||||
Now, a few notes on this file. | |||||
\vspace{0.2in} | |||||
First, action can be iptables for a single port, or iptables-multiport for more than one, but we are using iptables-allports, as we want to block everything. | |||||
\vspace{0.2in} | |||||
Second, logpath, should point to your ssh log. In devuan ascii / debian stretch (9) it should be /var/log/auth.log. Other distributions may vary. The format of the ssh log can vary as well. In this guide, it's assumed to be auth.log. | |||||
\vspace{0.2in} | |||||
Third, be careful of different ssh ports. I routinely change ssh ports to be a non standard port, which although it's somewhat pointless, it still seems to block random ssh port scans for port 22. If you use a different port, you must specify it in iptables-multiport above. A potential trap is to use a nonstandard port, then wonder why fail2ban blocks port 22, but your ssh is on port 123 or something. An agressive adn easier approach is to just block everything. | |||||
\vspace{0.2in} | |||||
Fourth, the default action in iptables-common \footnote{this file in actions.d applies to all iptables of course, being common} is to REJECT packets. However, I have changed it to DROP (blocktype=DROP). For those not familiar with the difference between REJECT and DROP, from my understanding, it boils down to that REJECT will alert the outside host that the post is unreachable, while drop simply drops the connection, leaving the other host to figure it out on their own. | |||||
\textbf{To configure it, see /etc/fail2ban/actions.d/iptables-common.conf and search for blocktype.} | |||||
As I consider the offending ip addresses to be attackers, I have set it to DROP. If they try to break into the server, then block all ports from them, and don't tell them anything. The DROP timeout is more work on their end. With REJECT, my server actually responds to them. | |||||
On fail2ban issues git tracker, there is some discussion about this, and it is not really definitive. It ends up being that, REJECT is default, and if you want you can change it to DROP. As I have. | |||||
\vspace{0.2in} | |||||
Fifth, review jail.conf, and fail2ban.conf. Usually nothing needs to be changed, but occasionally jail.conf will enable the default sshd jail (which you can disable, and use instead the new one). | |||||
\subsection{Configuration in Gentoo} | |||||
This guide will only cover those working with syslog-ng in Gentoo. You can add a config to syslog-ng to get auth.log to appear in Gentoo. | |||||
\footnote{Reference: https://wiki.gentoo.org/wiki/Security\_Handbook/Logging\#Syslog-ng} Notice in the below config, that a destination has been defined for authlog. You need not copy all the syslog-ng below, only what you need. | |||||
\begin{verbatim} | |||||
/etc/syslog-ng/syslog-ng.confSyslog-ng | |||||
@version: 3.17 #mandatory since Version 3, specify | |||||
the version number of the used syslog-ng | |||||
options { | |||||
chain_hostnames(no); | |||||
# The default action of syslog-ng is to log a STATS line | |||||
# to the file every 10 minutes. That's pretty ugly after a while. | |||||
# Change it to every 12 hours so you get a nice daily update of | |||||
# how many messages syslog-ng missed (0). | |||||
stats_freq(43200); | |||||
}; | |||||
source src { | |||||
unix-stream("/dev/log" max-connections(256)); | |||||
internal(); | |||||
}; | |||||
source kernsrc { file("/proc/kmsg"); }; | |||||
# define destinations | |||||
destination authlog { file("/var/log/auth.log"); }; | |||||
destination syslog { file("/var/log/syslog"); }; | |||||
destination cron { file("/var/log/cron.log"); }; | |||||
destination daemon { file("/var/log/daemon.log"); }; | |||||
destination kern { file("/var/log/kern.log"); }; | |||||
destination lpr { file("/var/log/lpr.log"); }; | |||||
destination user { file("/var/log/user.log"); }; | |||||
destination mail { file("/var/log/mail.log"); }; | |||||
destination mailinfo { file("/var/log/mail.info"); }; | |||||
destination mailwarn { file("/var/log/mail.warn"); }; | |||||
destination mailerr { file("/var/log/mail.err"); }; | |||||
destination newscrit { file("/var/log/news/news.crit"); }; | |||||
destination newserr { file("/var/log/news/news.err"); }; | |||||
destination newsnotice { file("/var/log/news/news.notice"); }; | |||||
destination debug { file("/var/log/debug"); }; | |||||
destination messages { file("/var/log/messages"); }; | |||||
destination console { usertty("root"); }; | |||||
# By default messages are logged to tty12... | |||||
destination console_all { file("/dev/tty12"); }; | |||||
# ...if you intend to use /dev/console for programs like xconsole | |||||
# you can comment out the destination line above that references /dev/tty12 | |||||
# and uncomment the line below. | |||||
#destination console_all { file("/dev/console"); }; | |||||
# create filters | |||||
filter f_authpriv { facility(auth, authpriv); }; | |||||
filter f_syslog { not facility(authpriv, mail); }; | |||||
filter f_cron { facility(cron); }; | |||||
filter f_daemon { facility(daemon); }; | |||||
filter f_kern { facility(kern); }; | |||||
filter f_lpr { facility(lpr); }; | |||||
filter f_mail { facility(mail); }; | |||||
filter f_user { facility(user); }; | |||||
filter f_debug { not facility(auth, authpriv, news, mail); }; | |||||
filter f_messages { level(info..warn) | |||||
and not facility(auth, authpriv, mail, news); }; | |||||
filter f_emergency { level(emerg); }; | |||||
filter f_info { level(info); }; | |||||
filter f_notice { level(notice); }; | |||||
filter f_warn { level(warn); }; | |||||
filter f_crit { level(crit); }; | |||||
filter f_err { level(err); }; | |||||
filter f_failed { message("failed"); }; | |||||
filter f_denied { message("denied"); }; | |||||
# connect filter and destination | |||||
log { source(src); filter(f_authpriv); destination(authlog); }; | |||||
log { source(src); filter(f_syslog); destination(syslog); }; | |||||
log { source(src); filter(f_cron); destination(cron); }; | |||||
log { source(src); filter(f_daemon); destination(daemon); }; | |||||
log { source(kernsrc); filter(f_kern); destination(kern); }; | |||||
log { source(src); filter(f_lpr); destination(lpr); }; | |||||
log { source(src); filter(f_mail); destination(mail); }; | |||||
log { source(src); filter(f_user); destination(user); }; | |||||
log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); }; | |||||
log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); }; | |||||
log { source(src); filter(f_mail); filter(f_err); destination(mailerr); }; | |||||
log { source(src); filter(f_debug); destination(debug); }; | |||||
log { source(src); filter(f_messages); destination(messages); }; | |||||
log { source(src); filter(f_emergency); destination(console); }; | |||||
# default log | |||||
log { source(src); destination(console_all); }; | |||||
\end{verbatim} | |||||
\section{Future Advancements} | |||||
What is next for fail2ban after the above? You will want to watch apache logs, and ban any hosts from your IP that search for things they should not be looking for (wordpress logins, phpmyadmin, etc). You can simply add them to a 6-12 month blacklist, if they search for anything they shouldn't be searching for. | |||||
Gentoo has a use flag to use a DB to do persistent blocking over time. This way you can block offending IPs through restarts. | |||||
\section{Further Reading} | |||||
https://github.com/fail2ban/fail2ban/issues/2217 | |||||
https://www.jwz.org/blog/2019/03/apache-2-4-1-killed-fail2ban-so-thats-awesome/ | |||||
https://www.fail2ban.org/wiki/index.php/Apache | |||||
https://www.fail2ban.org/wiki/index.php/ | |||||
\end{document} |
@ -0,0 +1,5 @@ | |||||
\contentsline {section}{\numberline {1}Overview}{1} | |||||
\contentsline {section}{\numberline {2}Instructions for Setup}{1} | |||||
\contentsline {subsection}{\numberline {2.1}Getting auth.log to appear in Gentoo}{3} | |||||
\contentsline {section}{\numberline {3}Future Advancements}{5} | |||||
\contentsline {section}{\numberline {4}Further Reading}{6} |
@ -0,0 +1,6 @@ | |||||
\relax | |||||
\@writefile{toc}{\contentsline {section}{\numberline {1}Overview}{1}} | |||||
\@writefile{toc}{\contentsline {section}{\numberline {2}Instructions for Setup}{1}} | |||||
\@writefile{toc}{\contentsline {subsection}{\numberline {2.1}Getting auth.log to appear in Gentoo}{3}} | |||||
\@writefile{toc}{\contentsline {section}{\numberline {3}Future Advancements}{5}} | |||||
\@writefile{toc}{\contentsline {section}{\numberline {4}Further Reading}{6}} |
@ -0,0 +1,180 @@ | |||||
This is pdfTeX, Version 3.14159265-2.6-1.40.15 (TeX Live 2015/dev/Debian) (preloaded format=pdflatex 2018.11.28) 29 MAY 2019 01:37 | |||||
entering extended mode | |||||
restricted \write18 enabled. | |||||
%&-line parsing enabled. | |||||
**/home/layoutdev/Desktop/code/documentation_general/IT_Articles/2019/Fail2Ban_ | |||||
Primer/docs/6.tex | |||||
(/home/layoutdev/Desktop/code/documentation_general/IT_Articles/2019/Fail2Ban_P | |||||
rimer/docs/6.tex | |||||
LaTeX2e <2014/05/01> | |||||
Babel <3.9l> and hyphenation patterns for 2 languages loaded. | |||||
(/usr/share/texlive/texmf-dist/tex/latex/base/article.cls | |||||
Document Class: article 2014/09/29 v1.4h Standard LaTeX document class | |||||
(/usr/share/texlive/texmf-dist/tex/latex/base/size11.clo | |||||
File: size11.clo 2014/09/29 v1.4h Standard LaTeX file (size option) | |||||
) | |||||
\c@part=\count79 | |||||
\c@section=\count80 | |||||
\c@subsection=\count81 | |||||
\c@subsubsection=\count82 | |||||
\c@paragraph=\count83 | |||||
\c@subparagraph=\count84 | |||||
\c@figure=\count85 | |||||
\c@table=\count86 | |||||
\abovecaptionskip=\skip41 | |||||
\belowcaptionskip=\skip42 | |||||
\bibindent=\dimen102 | |||||
) (./6.aux) | |||||
\openout1 = `6.aux'. | |||||
LaTeX Font Info: Checking defaults for OML/cmm/m/it on input line 6. | |||||
LaTeX Font Info: ... okay on input line 6. | |||||
LaTeX Font Info: Checking defaults for T1/cmr/m/n on input line 6. | |||||
LaTeX Font Info: ... okay on input line 6. | |||||
LaTeX Font Info: Checking defaults for OT1/cmr/m/n on input line 6. | |||||
LaTeX Font Info: ... okay on input line 6. | |||||
LaTeX Font Info: Checking defaults for OMS/cmsy/m/n on input line 6. | |||||
LaTeX Font Info: ... okay on input line 6. | |||||
LaTeX Font Info: Checking defaults for OMX/cmex/m/n on input line 6. | |||||
LaTeX Font Info: ... okay on input line 6. | |||||
LaTeX Font Info: Checking defaults for U/cmr/m/n on input line 6. | |||||
LaTeX Font Info: ... okay on input line 6. | |||||
(./6.toc | |||||
LaTeX Font Info: External font `cmex10' loaded for size | |||||
(Font) <10.95> on input line 3. | |||||
LaTeX Font Info: External font `cmex10' loaded for size | |||||
(Font) <8> on input line 3. | |||||
LaTeX Font Info: External font `cmex10' loaded for size | |||||
(Font) <6> on input line 3. | |||||
) | |||||
\tf@toc=\write3 | |||||
\openout3 = `6.toc'. | |||||
LaTeX Font Info: External font `cmex10' loaded for size | |||||
(Font) <9> on input line 14. | |||||
LaTeX Font Info: External font `cmex10' loaded for size | |||||
(Font) <5> on input line 14. | |||||
LaTeX Font Info: Try loading font information for OMS+cmr on input line 22. | |||||
(/usr/share/texlive/texmf-dist/tex/latex/base/omscmr.fd | |||||
File: omscmr.fd 2014/09/29 v2.5h Standard LaTeX font definitions | |||||
) | |||||
LaTeX Font Info: Font shape `OMS/cmr/m/n' in size <10.95> not available | |||||
(Font) Font shape `OMS/cmsy/m/n' tried instead on input line 22. | |||||
Overfull \hbox (65.4029pt too wide) in paragraph at lines 39--39 | |||||
[]\OT1/cmtt/m/n/10.95 # this is used in devuan. no other changes are made to ot | |||||
her files, except[] | |||||
[] | |||||
Overfull \hbox (30.91077pt too wide) in paragraph at lines 39--39 | |||||
[]\OT1/cmtt/m/n/10.95 # that the default ssh filter is disabled in jail.conf if | |||||
it enabled[] | |||||
[] | |||||
[1 | |||||
{/var/lib/texmf/fonts/map/pdftex/updmap/pdftex.map}] | |||||
Overfull \hbox (14.05429pt too wide) in paragraph at lines 58--59 | |||||
[]\OT1/cmr/bx/n/10.95 To con-fig-ure it, see /etc/fail2ban/actions.d/iptables-c | |||||
ommon.conf | |||||
[] | |||||
[2] | |||||
Overfull \hbox (7.91602pt too wide) in paragraph at lines 165--165 | |||||
[] \OT1/cmtt/m/n/10.95 # The default action of syslog-ng is to log a STA | |||||
TS line[] | |||||
[] | |||||
Overfull \hbox (65.4029pt too wide) in paragraph at lines 165--165 | |||||
[] \OT1/cmtt/m/n/10.95 # to the file every 10 minutes. That's pretty ug | |||||
ly after a while.[] | |||||
[] | |||||
Overfull \hbox (48.15683pt too wide) in paragraph at lines 165--165 | |||||
[] \OT1/cmtt/m/n/10.95 # Change it to every 12 hours so you get a nice d | |||||
aily update of[] | |||||
[] | |||||
[3] | |||||
Overfull \hbox (13.6647pt too wide) in paragraph at lines 165--165 | |||||
[]\OT1/cmtt/m/n/10.95 # ...if you intend to use /dev/console for programs like | |||||
xconsole[] | |||||
[] | |||||
Overfull \hbox (71.15158pt too wide) in paragraph at lines 165--165 | |||||
[]\OT1/cmtt/m/n/10.95 # you can comment out the destination line above that ref | |||||
erences /dev/tty12[] | |||||
[] | |||||
[4] | |||||
Overfull \hbox (2.16733pt too wide) in paragraph at lines 165--165 | |||||
[]\OT1/cmtt/m/n/10.95 log { source(src); filter(f_authpriv); destination(authlo | |||||
g); };[] | |||||
[] | |||||
Overfull \hbox (76.90027pt too wide) in paragraph at lines 165--165 | |||||
[]\OT1/cmtt/m/n/10.95 log { source(src); filter(f_mail); filter(f_info); destin | |||||
ation(mailinfo); };[] | |||||
[] | |||||
Overfull \hbox (76.90027pt too wide) in paragraph at lines 165--165 | |||||
[]\OT1/cmtt/m/n/10.95 log { source(src); filter(f_mail); filter(f_warn); destin | |||||
ation(mailwarn); };[] | |||||
[] | |||||
Overfull \hbox (65.4029pt too wide) in paragraph at lines 165--165 | |||||
[]\OT1/cmtt/m/n/10.95 log { source(src); filter(f_mail); filter(f_err); destina | |||||
tion(mailerr); };[] | |||||
[] | |||||
Overfull \hbox (7.91602pt too wide) in paragraph at lines 165--165 | |||||
[]\OT1/cmtt/m/n/10.95 log { source(src); filter(f_messages); destination(messag | |||||
es); };[] | |||||
[] | |||||
Overfull \hbox (7.91602pt too wide) in paragraph at lines 165--165 | |||||
[]\OT1/cmtt/m/n/10.95 log { source(src); filter(f_emergency); destination(conso | |||||
le); };[] | |||||
[] | |||||
[5] | |||||
Overfull \hbox (7.91743pt too wide) in paragraph at lines 175--176 | |||||
[]\OT1/cmr/m/n/10.95 https://www.jwz.org/blog/2019/03/apache-2-4-1-killed-fail2 | |||||
ban-so-thats- | |||||
[] | |||||
[6] (./6.aux) ) | |||||
Here is how much of TeX's memory you used: | |||||
261 strings out of 495020 | |||||
3142 string characters out of 6181323 | |||||
50970 words of memory out of 5000000 | |||||
3542 multiletter control sequences out of 15000+600000 | |||||
8977 words of font info for 32 fonts, out of 8000000 for 9000 | |||||
14 hyphenation exceptions out of 8191 | |||||
23i,8n,19p,591b,241s stack positions out of 5000i,500n,10000p,200000b,80000s | |||||
</usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cm | |||||
bx10.pfb></usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmbx12.p | |||||
fb></usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmr10.pfb></us | |||||
r/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmr6.pfb></usr/share/ | |||||
texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmr8.pfb></usr/share/texlive/ | |||||
texmf-dist/fonts/type1/public/amsfonts/cm/cmr9.pfb></usr/share/texlive/texmf-di | |||||
st/fonts/type1/public/amsfonts/cm/cmsy10.pfb></usr/share/texlive/texmf-dist/fon | |||||
ts/type1/public/amsfonts/cm/cmtt10.pfb> | |||||
Output written on 6.pdf (6 pages, 115833 bytes). | |||||
PDF statistics: | |||||
55 PDF objects out of 1000 (max. 8388607) | |||||
38 compressed objects within 1 object stream | |||||
0 named destinations out of 1000 (max. 500000) | |||||
1 words of extra memory for PDF output out of 10000 (max. 10000000) | |||||
@ -0,0 +1,184 @@ | |||||
\documentclass[11pt]{article} | |||||
%Gummi|065|=) | |||||
\title{\textbf{Fail2ban Primer}} | |||||
\author{Steak Electronics} | |||||
\date{05/29/19} | |||||
\begin{document} | |||||
\textbf{Fail2ban Primer} | |||||
%maketitle | |||||
\tableofcontents | |||||
\section{Overview} | |||||
Fail2Ban is a firewall adjunct, a spiritual successor to denyhosts\footnote{denyhosts was used for ssh, but eventually was abandoned. It was quite a bit simpler to configure than fail2ban, and this was its strength, but it is also more limited, and now has vulnerabilities.}, which is used to block ip addresses that try to break into your internet server. | |||||
Here are some of the traps, and configurations I've needed to setup fail2ban correctly. It's not a complex program, but unless you sit down and understand it, you might get caught. To be honest, it took me some time to figure out fail2ban, as I initially didn't have the patience to sit down and configure it. | |||||
\section{Instructions for Setup} | |||||
Quick setup for Devuan / Debian 9: | |||||
First install fail2ban using apt-get. (apt-get install fail2ban). | |||||
Fail2ban is a service that will appear in /etc/init.d/ in Devuan. | |||||
So it can be managed with service fail2ban \{start,stop,restart\}. | |||||
Second, navigate to /etc/fail2ban/jail.d/ | |||||
Add the following to a sshd.conf file (or name it anything you like) | |||||
\begin{verbatim} | |||||
# this is used in devuan. no other changes are made to other files, except | |||||
# that the default ssh filter is disabled in jail.conf if it enabled | |||||
[sshd] | |||||
ignoreip = 127.0.0.1/8 | |||||
action = iptables-allports | |||||
maxretry = 6 | |||||
enabled = true | |||||
filter = sshd | |||||
logpath = /var/log/auth.log | |||||
bantime = 360000 | |||||
findtime = 3600 | |||||
\end{verbatim} | |||||
Now, a few notes on this file. | |||||
\vspace{0.2in} | |||||
First, action can be iptables for a single port, or iptables-multiport for more than one, but we are using iptables-allports, as we want to block everything. These actions are listed in /etc/fail2ban/actions.d/ | |||||
\vspace{0.2in} | |||||
Second, logpath, should point to your ssh log. In devuan ascii / debian stretch (9) it should be /var/log/auth.log. Other distributions may vary. The format of the ssh log can vary as well. In this guide, it's assumed to be auth.log. Gentoo users see below to enable auth.log in syslog-ng. | |||||
\vspace{0.2in} | |||||
Third, be careful of different ssh ports. I routinely change ssh ports to be a non standard port, which although it's somewhat pointless, it still seems to block random ssh port scans for port 22. If you use a different port, you must specify it in iptables-multiport above. A potential trap is to use a nonstandard port, then wonder why fail2ban blocks port 22, but your ssh is on port 123 or something. An agressive and easier approach is to just block everything. | |||||
\vspace{0.2in} | |||||
Fourth, the default action in iptables-common \footnote{this parent file in actions.d applies to all child iptables of course, being named ``common''} is to REJECT packets. However, I have changed it to DROP (blocktype=DROP). For those unfamiliar with the difference between REJECT and DROP, from my understanding, it is that REJECT will alert the outside host that the post is unreachable, while DROP simply goes silent, leaving the other host to figure it out on their own. | |||||
\textbf{To configure it, see /etc/fail2ban/actions.d/iptables-common.conf and search for blocktype.} | |||||
As I consider the offending ip addresses to be attackers, I have set it to DROP. If they try to break into the server, then block all ports from them, and don't tell them anything. The DROP timeout is more work on their end. With REJECT, my server responds. No need to play nice, with people/robots that have no morals. | |||||
On fail2ban issues git tracker, there is some discussion about this, and it is not really definitive. It ends up being that, REJECT is default, and if you want you can change it to DROP. As I have. As long as the option is there, I think that is acceptable. | |||||
\vspace{0.2in} | |||||
Fifth, review jail.conf, and fail2ban.conf. Usually nothing needs to be changed, but occasionally jail.conf will enable the default sshd jail (which you can disable, and use instead the new one). This will be distribution dependent. | |||||
\subsection{Getting auth.log to appear in Gentoo} | |||||
This guide will only cover those working with syslog-ng in Gentoo. You can add a config to syslog-ng to get auth.log to appear in Gentoo. | |||||
\footnote{Reference: https://wiki.gentoo.org/wiki/Security\_Handbook/Logging\#Syslog-ng} Notice in the below config, that a destination has been defined for authlog. You need not copy all the syslog-ng below, only what you need. | |||||
\begin{verbatim} | |||||
/etc/syslog-ng/syslog-ng.confSyslog-ng | |||||
@version: 3.17 #mandatory since Version 3, specify | |||||
the version number of the used syslog-ng | |||||
options { | |||||
chain_hostnames(no); | |||||
# The default action of syslog-ng is to log a STATS line | |||||
# to the file every 10 minutes. That's pretty ugly after a while. | |||||
# Change it to every 12 hours so you get a nice daily update of | |||||
# how many messages syslog-ng missed (0). | |||||
stats_freq(43200); | |||||
}; | |||||
source src { | |||||
unix-stream("/dev/log" max-connections(256)); | |||||
internal(); | |||||
}; | |||||
source kernsrc { file("/proc/kmsg"); }; | |||||
# define destinations | |||||
destination authlog { file("/var/log/auth.log"); }; | |||||
destination syslog { file("/var/log/syslog"); }; | |||||
destination cron { file("/var/log/cron.log"); }; | |||||
destination daemon { file("/var/log/daemon.log"); }; | |||||
destination kern { file("/var/log/kern.log"); }; | |||||
destination lpr { file("/var/log/lpr.log"); }; | |||||
destination user { file("/var/log/user.log"); }; | |||||
destination mail { file("/var/log/mail.log"); }; | |||||
destination mailinfo { file("/var/log/mail.info"); }; | |||||
destination mailwarn { file("/var/log/mail.warn"); }; | |||||
destination mailerr { file("/var/log/mail.err"); }; | |||||
destination newscrit { file("/var/log/news/news.crit"); }; | |||||
destination newserr { file("/var/log/news/news.err"); }; | |||||
destination newsnotice { file("/var/log/news/news.notice"); }; | |||||
destination debug { file("/var/log/debug"); }; | |||||
destination messages { file("/var/log/messages"); }; | |||||
destination console { usertty("root"); }; | |||||
# By default messages are logged to tty12... | |||||
destination console_all { file("/dev/tty12"); }; | |||||
# ...if you intend to use /dev/console for programs like xconsole | |||||
# you can comment out the destination line above that references /dev/tty12 | |||||
# and uncomment the line below. | |||||
#destination console_all { file("/dev/console"); }; | |||||
# create filters | |||||
filter f_authpriv { facility(auth, authpriv); }; | |||||
filter f_syslog { not facility(authpriv, mail); }; | |||||
filter f_cron { facility(cron); }; | |||||
filter f_daemon { facility(daemon); }; | |||||
filter f_kern { facility(kern); }; | |||||
filter f_lpr { facility(lpr); }; | |||||
filter f_mail { facility(mail); }; | |||||
filter f_user { facility(user); }; | |||||
filter f_debug { not facility(auth, authpriv, news, mail); }; | |||||
filter f_messages { level(info..warn) | |||||
and not facility(auth, authpriv, mail, news); }; | |||||
filter f_emergency { level(emerg); }; | |||||
filter f_info { level(info); }; | |||||
filter f_notice { level(notice); }; | |||||
filter f_warn { level(warn); }; | |||||
filter f_crit { level(crit); }; | |||||
filter f_err { level(err); }; | |||||
filter f_failed { message("failed"); }; | |||||
filter f_denied { message("denied"); }; | |||||
# connect filter and destination | |||||
log { source(src); filter(f_authpriv); destination(authlog); }; | |||||
log { source(src); filter(f_syslog); destination(syslog); }; | |||||
log { source(src); filter(f_cron); destination(cron); }; | |||||
log { source(src); filter(f_daemon); destination(daemon); }; | |||||
log { source(kernsrc); filter(f_kern); destination(kern); }; | |||||
log { source(src); filter(f_lpr); destination(lpr); }; | |||||
log { source(src); filter(f_mail); destination(mail); }; | |||||
log { source(src); filter(f_user); destination(user); }; | |||||
log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); }; | |||||
log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); }; | |||||
log { source(src); filter(f_mail); filter(f_err); destination(mailerr); }; | |||||
log { source(src); filter(f_debug); destination(debug); }; | |||||
log { source(src); filter(f_messages); destination(messages); }; | |||||
log { source(src); filter(f_emergency); destination(console); }; | |||||
# default log | |||||
log { source(src); destination(console_all); }; | |||||
\end{verbatim} | |||||
\section{Future Advancements} | |||||
What is next for fail2ban after the above? You will want to watch apache logs, and ban any hosts from your IP that search for things they should not be looking for (wordpress logins, phpmyadmin, etc). | |||||
Gentoo has a use flag to use a DB to do persistent blocking over time. This way you can block offending IPs through restarts. | |||||
\section{Further Reading} | |||||
https://github.com/fail2ban/fail2ban/issues/2217 | |||||
https://www.jwz.org/blog/2019/03/apache-2-4-1-killed-fail2ban-so-thats-awesome/ | |||||
https://www.fail2ban.org/wiki/index.php/Apache | |||||
https://www.fail2ban.org/wiki/index.php/ | |||||
\end{document} |
@ -0,0 +1,5 @@ | |||||
\contentsline {section}{\numberline {1}Overview}{1} | |||||
\contentsline {section}{\numberline {2}Instructions for Setup}{1} | |||||
\contentsline {subsection}{\numberline {2.1}Getting auth.log to appear in Gentoo}{3} | |||||
\contentsline {section}{\numberline {3}Future Advancements}{5} | |||||
\contentsline {section}{\numberline {4}Further Reading}{6} |
@ -0,0 +1,5 @@ | |||||
\relax | |||||
\@writefile{toc}{\contentsline {section}{\numberline {1}Overview}{1}} | |||||
\@writefile{toc}{\contentsline {section}{\numberline {2}Notes}{1}} | |||||
\@writefile{toc}{\contentsline {subsection}{\numberline {2.1}resize partitions}{1}} | |||||
\@writefile{toc}{\contentsline {subsection}{\numberline {2.2}Things to edit:}{2}} |
@ -0,0 +1,86 @@ | |||||
This is pdfTeX, Version 3.14159265-2.6-1.40.15 (TeX Live 2015/dev/Debian) (preloaded format=pdflatex 2018.11.28) 31 MAY 2019 01:28 | |||||
entering extended mode | |||||
restricted \write18 enabled. | |||||
%&-line parsing enabled. | |||||
**/home/layoutdev/Desktop/code/documentation_general/IT_Articles/2019/GNULinux_ | |||||
Resizing_Partitions/docs/1.tex | |||||
(/home/layoutdev/Desktop/code/documentation_general/IT_Articles/2019/GNULinux_R | |||||
esizing_Partitions/docs/1.tex | |||||
LaTeX2e <2014/05/01> | |||||
Babel <3.9l> and hyphenation patterns for 2 languages loaded. | |||||
(/usr/share/texlive/texmf-dist/tex/latex/base/article.cls | |||||
Document Class: article 2014/09/29 v1.4h Standard LaTeX document class | |||||
(/usr/share/texlive/texmf-dist/tex/latex/base/size11.clo | |||||
File: size11.clo 2014/09/29 v1.4h Standard LaTeX file (size option) | |||||
) | |||||
\c@part=\count79 | |||||
\c@section=\count80 | |||||
\c@subsection=\count81 | |||||
\c@subsubsection=\count82 | |||||
\c@paragraph=\count83 | |||||
\c@subparagraph=\count84 | |||||
\c@figure=\count85 | |||||
\c@table=\count86 | |||||
\abovecaptionskip=\skip41 | |||||
\belowcaptionskip=\skip42 | |||||
\bibindent=\dimen102 | |||||
) (./1.aux) | |||||
\openout1 = `1.aux'. | |||||
LaTeX Font Info: Checking defaults for OML/cmm/m/it on input line 6. | |||||
LaTeX Font Info: ... okay on input line 6. | |||||
LaTeX Font Info: Checking defaults for T1/cmr/m/n on input line 6. | |||||
LaTeX Font Info: ... okay on input line 6. | |||||
LaTeX Font Info: Checking defaults for OT1/cmr/m/n on input line 6. | |||||
LaTeX Font Info: ... okay on input line 6. | |||||
LaTeX Font Info: Checking defaults for OMS/cmsy/m/n on input line 6. | |||||
LaTeX Font Info: ... okay on input line 6. | |||||
LaTeX Font Info: Checking defaults for OMX/cmex/m/n on input line 6. | |||||
LaTeX Font Info: ... okay on input line 6. | |||||
LaTeX Font Info: Checking defaults for U/cmr/m/n on input line 6. | |||||
LaTeX Font Info: ... okay on input line 6. | |||||
LaTeX Font Info: External font `cmex10' loaded for size | |||||
(Font) <10.95> on input line 26. | |||||
LaTeX Font Info: External font `cmex10' loaded for size | |||||
(Font) <8> on input line 26. | |||||
LaTeX Font Info: External font `cmex10' loaded for size | |||||
(Font) <6> on input line 26. | |||||
LaTeX Font Info: External font `cmex10' loaded for size | |||||
(Font) <9> on input line 26. | |||||
LaTeX Font Info: External font `cmex10' loaded for size | |||||
(Font) <5> on input line 26. | |||||
LaTeX Font Info: Try loading font information for OMS+cmr on input line 42. | |||||
(/usr/share/texlive/texmf-dist/tex/latex/base/omscmr.fd | |||||
File: omscmr.fd 2014/09/29 v2.5h Standard LaTeX font definitions | |||||
) | |||||
LaTeX Font Info: Font shape `OMS/cmr/m/n' in size <10.95> not available | |||||
(Font) Font shape `OMS/cmsy/m/n' tried instead on input line 42. | |||||
[1 | |||||
{/var/lib/texmf/fonts/map/pdftex/updmap/pdftex.map}] [2] (./1.aux) ) | |||||
Here is how much of TeX's memory you used: | |||||
256 strings out of 495020 | |||||
3126 string characters out of 6181323 | |||||
50970 words of memory out of 5000000 | |||||
3540 multiletter control sequences out of 15000+600000 | |||||
9155 words of font info for 32 fonts, out of 8000000 for 9000 | |||||
14 hyphenation exceptions out of 8191 | |||||
24i,8n,19p,535b,173s stack positions out of 5000i,500n,10000p,200000b,80000s | |||||
</usr/share | |||||
/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmbx10.pfb></usr/share/texli | |||||
ve/texmf-dist/fonts/type1/public/amsfonts/cm/cmbx12.pfb></usr/share/texlive/tex | |||||
mf-dist/fonts/type1/public/amsfonts/cm/cmr10.pfb></usr/share/texlive/texmf-dist | |||||
/fonts/type1/public/amsfonts/cm/cmr6.pfb></usr/share/texlive/texmf-dist/fonts/t | |||||
ype1/public/amsfonts/cm/cmr8.pfb></usr/share/texlive/texmf-dist/fonts/type1/pub | |||||
lic/amsfonts/cm/cmr9.pfb></usr/share/texlive/texmf-dist/fonts/type1/public/amsf | |||||
onts/cm/cmsy10.pfb></usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/c | |||||
m/cmti10.pfb> | |||||
Output written on 1.pdf (2 pages, 94227 bytes). | |||||
PDF statistics: | |||||
43 PDF objects out of 1000 (max. 8388607) | |||||
30 compressed objects within 1 object stream | |||||
0 named destinations out of 1000 (max. 500000) | |||||
1 words of extra memory for PDF output out of 10000 (max. 10000000) | |||||
@ -0,0 +1,61 @@ | |||||
\documentclass[11pt]{article} | |||||
%Gummi|065|=) | |||||
\title{\textbf{Expanding HDDs}} | |||||
\author{Steak Electronics} | |||||
\date{05/30/19} | |||||
\begin{document} | |||||
\textbf{Expanding HDDs} | |||||
%\maketitle | |||||
\section{Overview} | |||||
I occasionally expand hdds. When this is done, sometimes I have to move partitions around, for example, changing a 1,2,5 (2 and 5 being extended partitions) to a 1,2, which I did for my main documentation machine. When this occured, there were a few gotcha's which I will try to note here. | |||||
\section{Notes} | |||||
Here's a rough outline of what happened. | |||||
I had a 1,2,5 (the 2nd partition being an empty transition partition from primary to extended type) partition table. 1 was root, 5 was swap. | |||||
It was a 40GB HDD. I decided to expand it to an 80GB HDD. | |||||
First, I used clonezilla, and did a standard disk to disk. Everything went without a hitch. | |||||
Then I needed to resize the partitions | |||||
\subsection{resize partitions} | |||||
I've always done this with fsck. Apparently parted once\footnote{They removed this, and replaced it with something different. removing backwards compatibility is a sin in software. They have sinned.} had a command named resize and some guides online still talk of it, as if it will work. It doesn't. It was removed. Don't waste time with parted. | |||||
Fsck, essentially, you delete all the partitions, then add them as you want, IF you have a root partition that is 1, with everything. \footnote{If you split up the partitions, you will need to image the partitions and copy them differently.} I always use a single root partition. Simple. No need to complicate a desktop os. So for 1,2,5, I delete all partitions, then add 1, with an additional 40G in fsck. | |||||
+80G in this case is what I did.\footnote{Perhaps I should've done +70G to stay under the 80G of an actual 80GB hdd.} | |||||
Then add the swap after. | |||||
mkswap the swap. resize2fs the root partition (it may ask you to e2fsck -f first, so do that if necessary). That's easy. | |||||
However, here's the trap. You aren't done. You need to edit not only fstab, but also a few other places. | |||||
\subsection{Things to edit:} | |||||
\begin{itemize} | |||||
\item fstab | |||||
\item /etc/initramfs/conf.d/resume (may be optional if you don't suspend) | |||||
\item update-grub | |||||
\item update-initramfs -u -all | |||||
\item grub-install /dev/sda | |||||
\item grub-install /dev/sda1 | |||||
\end{itemize} | |||||
You add the new blkid of the new swap (if it's new) to the conf.d resume. My grub-install /dev/sda1 errored out, but I think it was the /dev/sda one I needed to redo. Do both just in case. Also make sure to do an update-initramfs -u -all. And you probably already remembered about update-grub but that should probably be done as well. | |||||
It's easy to miss one of these, and if you do, you will be loaded into grub. If you load manually in grub with: | |||||
\emph{linux = /boot/vmlinuz...} | |||||
\emph{initrd = /boot/initrd...} | |||||
\emph{boot} | |||||
Then in my case, you will end up in an initramfs that can't find the fstab. So then chroot into the hdd, and run the steps above. | |||||
\end{document} |
@ -0,0 +1,163 @@ | |||||
\documentclass[11pt]{article} | |||||
%Gummi|065|=) | |||||
\title{\textbf{Fail2ban Primer}} | |||||
\author{Steak Electronics} | |||||
\date{05/12/19} | |||||
\begin{document} | |||||
\maketitle | |||||
\section{Overview} | |||||
Fail2Ban is a program, a spiritual successor to denyhosts\footnote{denyhosts was used for ssh, but eventually was abandoned. It was quite a bit simpler to configure than fail2ban, and this was its strength, but it is also more limited, and has vulnerabilities.}, which is used to block ip addresses that try to break into your internet server. | |||||
\section{Instructions for Setup} | |||||
Quick setup for Devuan / Debian 9: | |||||
First install fail2ban using apt-get. | |||||
Second, navigate to /etc/fail2ban/jail.d/ | |||||
Add the following to a sshd.conf file (or name it anything you like) | |||||
\begin{verbatim} | |||||
# this is used in devuan. no other changes are made to other files, except | |||||
# that the default ssh filter is disabled in jail.conf if it enabled | |||||
[sshd] | |||||
ignoreip = 127.0.0.1/8 | |||||
#banaction = iptables | |||||
action = iptables-multiport[port="ssh,http,https,22222",blocktype=DROP] | |||||
maxretry = 6 | |||||
enabled = true | |||||
filter = sshd | |||||
logpath = /var/log/auth.log | |||||
bantime = 360000 | |||||
findtime = 3600 | |||||
# note that here, the action and its ports are set on INPUT | |||||
# so its a rule to block INPUT on ssh, http, https, and 22222 | |||||
# make sure ports are right. | |||||
# you could also use the single iptables too, just need to specify the right port. | |||||
#the blocktype=DROP here, goes to actions.d/iptables-multiport.conf, and changes blocktype to drop. | |||||
\end{verbatim} | |||||
Now, a few notes on this file. | |||||
\vspace{0.2in} | |||||
First, action can be iptables, but we are using iptables-multiport, as we want to block multiple ports. | |||||
\vspace{0.2in} | |||||
Second, logpath, should point to your ssh log. In devuan ascii / debian stretch (9) it should be /var/log/auth.log. Other distributions may vary. | |||||
\vspace{0.2in} | |||||
Third, be careful of different ssh ports. I routinely change ssh ports to be a non standard port, which although it's somewhat pointless, it still seems to block random ssh port scans for port 22. If you use a different port, you must specify it in iptables-multiport above. A potential trap is to use a nonstandard port, then wonder why fail2ban blocks port 22, but your ssh is on port 123 or something. | |||||
\vspace{0.2in} | |||||
Fourth, the default action in iptables-multiport is to REJECT packets. However, I have changed it to DROP (blocktype=DROP). For those not familiar with the difference between REJECT and DROP, from my understanding, it boils down to that REJECT will alert the outside host that the post is unreachable, while drop simply drops the connection, leaving the other host to figure it out on their own. | |||||
As I consider the offending ip addresses to be attackers, I have set it to DROP. If they try to break into the server, then block all ports from them, and don't tell them anything. The DROP timeout is more work on their end. With REJECT, my server actually responds to them. | |||||
On fail2ban issues git tracker, there is some discussion about this, and it is not really definitive. It ends up being that, REJECT is default, and if you want you can change it to DROP. As I have. | |||||
\subsection{Configuration in Gentoo} | |||||
This guide will only cover those working with syslog-ng in Gentoo. You can add a config to syslog-ng to get auth.log to appear in Gentoo. | |||||
\footnote{https://wiki.gentoo.org/wiki/Security\_Handbook/Logging\#Syslog-ng} | |||||
\begin{verbatim} | |||||
/etc/syslog-ng/syslog-ng.confSyslog-ng | |||||
@version: 3.17 #mandatory since Version 3, specify the version number of the used syslog-ng | |||||
options { | |||||
chain_hostnames(no); | |||||
# The default action of syslog-ng is to log a STATS line | |||||
# to the file every 10 minutes. That's pretty ugly after a while. | |||||
# Change it to every 12 hours so you get a nice daily update of | |||||
# how many messages syslog-ng missed (0). | |||||
stats_freq(43200); | |||||
}; | |||||
source src { | |||||
unix-stream("/dev/log" max-connections(256)); | |||||
internal(); | |||||
}; | |||||
source kernsrc { file("/proc/kmsg"); }; | |||||
# define destinations | |||||
destination authlog { file("/var/log/auth.log"); }; | |||||
destination syslog { file("/var/log/syslog"); }; | |||||
destination cron { file("/var/log/cron.log"); }; | |||||
destination daemon { file("/var/log/daemon.log"); }; | |||||
destination kern { file("/var/log/kern.log"); }; | |||||
destination lpr { file("/var/log/lpr.log"); }; | |||||
destination user { file("/var/log/user.log"); }; | |||||
destination mail { file("/var/log/mail.log"); }; | |||||
destination mailinfo { file("/var/log/mail.info"); }; | |||||
destination mailwarn { file("/var/log/mail.warn"); }; | |||||
destination mailerr { file("/var/log/mail.err"); }; | |||||
destination newscrit { file("/var/log/news/news.crit"); }; | |||||
destination newserr { file("/var/log/news/news.err"); }; | |||||
destination newsnotice { file("/var/log/news/news.notice"); }; | |||||
destination debug { file("/var/log/debug"); }; | |||||
destination messages { file("/var/log/messages"); }; | |||||
destination console { usertty("root"); }; | |||||
# By default messages are logged to tty12... | |||||
destination console_all { file("/dev/tty12"); }; | |||||
# ...if you intend to use /dev/console for programs like xconsole | |||||
# you can comment out the destination line above that references /dev/tty12 | |||||
# and uncomment the line below. | |||||
#destination console_all { file("/dev/console"); }; | |||||
# create filters | |||||
filter f_authpriv { facility(auth, authpriv); }; | |||||
filter f_syslog { not facility(authpriv, mail); }; | |||||
filter f_cron { facility(cron); }; | |||||
filter f_daemon { facility(daemon); }; | |||||
filter f_kern { facility(kern); }; | |||||
filter f_lpr { facility(lpr); }; | |||||
filter f_mail { facility(mail); }; | |||||
filter f_user { facility(user); }; | |||||
filter f_debug { not facility(auth, authpriv, news, mail); }; | |||||
filter f_messages { level(info..warn) | |||||
and not facility(auth, authpriv, mail, news); }; | |||||
filter f_emergency { level(emerg); }; | |||||
filter f_info { level(info); }; | |||||
filter f_notice { level(notice); }; | |||||
filter f_warn { level(warn); }; | |||||
filter f_crit { level(crit); }; | |||||
filter f_err { level(err); }; | |||||
filter f_failed { message("failed"); }; | |||||
filter f_denied { message("denied"); }; | |||||
# connect filter and destination | |||||
log { source(src); filter(f_authpriv); destination(authlog); }; | |||||
log { source(src); filter(f_syslog); destination(syslog); }; | |||||
log { source(src); filter(f_cron); destination(cron); }; | |||||
log { source(src); filter(f_daemon); destination(daemon); }; | |||||
log { source(kernsrc); filter(f_kern); destination(kern); }; | |||||
log { source(src); filter(f_lpr); destination(lpr); }; | |||||
log { source(src); filter(f_mail); destination(mail); }; | |||||
log { source(src); filter(f_user); destination(user); }; | |||||
log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); }; | |||||
log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); }; | |||||
log { source(src); filter(f_mail); filter(f_err); destination(mailerr); }; | |||||
log { source(src); filter(f_debug); destination(debug); }; | |||||
log { source(src); filter(f_messages); destination(messages); }; | |||||
log { source(src); filter(f_emergency); destination(console); }; | |||||
# default log | |||||
log { source(src); destination(console_all); }; | |||||
\end{verbatim} | |||||
\end{document} |
@ -0,0 +1,5 @@ | |||||
\relax | |||||
\@writefile{toc}{\contentsline {section}{\numberline {1}Overview}{1}} | |||||
\@writefile{toc}{\contentsline {section}{\numberline {2}Notes}{1}} | |||||
\@writefile{toc}{\contentsline {subsection}{\numberline {2.1}resize partitions}{1}} | |||||
\@writefile{toc}{\contentsline {subsection}{\numberline {2.2}Things to edit:}{2}} |
@ -0,0 +1,86 @@ | |||||
This is pdfTeX, Version 3.14159265-2.6-1.40.15 (TeX Live 2015/dev/Debian) (preloaded format=pdflatex 2018.11.28) 31 MAY 2019 01:29 | |||||
entering extended mode | |||||
restricted \write18 enabled. | |||||
%&-line parsing enabled. | |||||
**/home/layoutdev/Desktop/code/documentation_general/IT_Articles/2019/GNULinux_ | |||||
Resizing_Partitions/docs/2.tex | |||||
(/home/layoutdev/Desktop/code/documentation_general/IT_Articles/2019/GNULinux_R | |||||
esizing_Partitions/docs/2.tex | |||||
LaTeX2e <2014/05/01> | |||||
Babel <3.9l> and hyphenation patterns for 2 languages loaded. | |||||
(/usr/share/texlive/texmf-dist/tex/latex/base/article.cls | |||||
Document Class: article 2014/09/29 v1.4h Standard LaTeX document class | |||||
(/usr/share/texlive/texmf-dist/tex/latex/base/size11.clo | |||||
File: size11.clo 2014/09/29 v1.4h Standard LaTeX file (size option) | |||||
) | |||||
\c@part=\count79 | |||||
\c@section=\count80 | |||||
\c@subsection=\count81 | |||||
\c@subsubsection=\count82 | |||||
\c@paragraph=\count83 | |||||
\c@subparagraph=\count84 | |||||
\c@figure=\count85 | |||||
\c@table=\count86 | |||||
\abovecaptionskip=\skip41 | |||||
\belowcaptionskip=\skip42 | |||||
\bibindent=\dimen102 | |||||
) (./2.aux) | |||||
\openout1 = `2.aux'. | |||||
LaTeX Font Info: Checking defaults for OML/cmm/m/it on input line 6. | |||||
LaTeX Font Info: ... okay on input line 6. | |||||
LaTeX Font Info: Checking defaults for T1/cmr/m/n on input line 6. | |||||
LaTeX Font Info: ... okay on input line 6. | |||||
LaTeX Font Info: Checking defaults for OT1/cmr/m/n on input line 6. | |||||
LaTeX Font Info: ... okay on input line 6. | |||||
LaTeX Font Info: Checking defaults for OMS/cmsy/m/n on input line 6. | |||||
LaTeX Font Info: ... okay on input line 6. | |||||
LaTeX Font Info: Checking defaults for OMX/cmex/m/n on input line 6. | |||||
LaTeX Font Info: ... okay on input line 6. | |||||
LaTeX Font Info: Checking defaults for U/cmr/m/n on input line 6. | |||||
LaTeX Font Info: ... okay on input line 6. | |||||
LaTeX Font Info: External font `cmex10' loaded for size | |||||
(Font) <10.95> on input line 26. | |||||
LaTeX Font Info: External font `cmex10' loaded for size | |||||
(Font) <8> on input line 26. | |||||
LaTeX Font Info: External font `cmex10' loaded for size | |||||
(Font) <6> on input line 26. | |||||
LaTeX Font Info: External font `cmex10' loaded for size | |||||
(Font) <9> on input line 26. | |||||
LaTeX Font Info: External font `cmex10' loaded for size | |||||
(Font) <5> on input line 26. | |||||
LaTeX Font Info: Try loading font information for OMS+cmr on input line 42. | |||||
(/usr/share/texlive/texmf-dist/tex/latex/base/omscmr.fd | |||||
File: omscmr.fd 2014/09/29 v2.5h Standard LaTeX font definitions | |||||
) | |||||
LaTeX Font Info: Font shape `OMS/cmr/m/n' in size <10.95> not available | |||||
(Font) Font shape `OMS/cmsy/m/n' tried instead on input line 42. | |||||
[1 | |||||
{/var/lib/texmf/fonts/map/pdftex/updmap/pdftex.map}] [2] (./2.aux) ) | |||||
Here is how much of TeX's memory you used: | |||||
256 strings out of 495020 | |||||
3126 string characters out of 6181323 | |||||
50970 words of memory out of 5000000 | |||||
3540 multiletter control sequences out of 15000+600000 | |||||
9155 words of font info for 32 fonts, out of 8000000 for 9000 | |||||
14 hyphenation exceptions out of 8191 | |||||
24i,8n,19p,535b,173s stack positions out of 5000i,500n,10000p,200000b,80000s | |||||
</usr/share | |||||
/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmbx10.pfb></usr/share/texli | |||||
ve/texmf-dist/fonts/type1/public/amsfonts/cm/cmbx12.pfb></usr/share/texlive/tex | |||||
mf-dist/fonts/type1/public/amsfonts/cm/cmr10.pfb></usr/share/texlive/texmf-dist | |||||
/fonts/type1/public/amsfonts/cm/cmr6.pfb></usr/share/texlive/texmf-dist/fonts/t | |||||
ype1/public/amsfonts/cm/cmr8.pfb></usr/share/texlive/texmf-dist/fonts/type1/pub | |||||
lic/amsfonts/cm/cmr9.pfb></usr/share/texlive/texmf-dist/fonts/type1/public/amsf | |||||
onts/cm/cmsy10.pfb></usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/c | |||||
m/cmti10.pfb> | |||||
Output written on 2.pdf (2 pages, 94227 bytes). | |||||
PDF statistics: | |||||
43 PDF objects out of 1000 (max. 8388607) | |||||
30 compressed objects within 1 object stream | |||||
0 named destinations out of 1000 (max. 500000) | |||||
1 words of extra memory for PDF output out of 10000 (max. 10000000) | |||||
@ -0,0 +1,61 @@ | |||||
\documentclass[11pt]{article} | |||||
%Gummi|065|=) | |||||
\title{\textbf{Expanding HDDs}} | |||||
\author{Steak Electronics} | |||||
\date{05/30/19} | |||||
\begin{document} | |||||
\textbf{Expanding HDDs} | |||||
%\maketitle | |||||
\section{Overview} | |||||
I occasionally expand hdds. When this is done, sometimes I have to move partitions around, for example, changing a 1,2,5 (2 and 5 being extended partitions) to a 1,2, which I did for my main documentation machine. When this occured, there were a few gotcha's which I will try to note here. | |||||
\section{Notes} | |||||
Here's a rough outline of what happened. | |||||
I had a 1,2,5 (the 2nd partition being an empty transition partition from primary to extended type) partition table. 1 was root, 5 was swap. | |||||
It was a 40GB HDD. I decided to expand it to an 80GB HDD. | |||||
First, I used clonezilla, and did a standard disk to disk. Everything went without a hitch. | |||||
Then I needed to resize the partitions | |||||
\subsection{resize partitions} | |||||
I've always done this with fsck. Apparently parted once\footnote{They removed this, and replaced it with something different. removing backwards compatibility is a sin in software. They have sinned.} had a command named resize and some guides online still talk of it, as if it will work. It doesn't. It was removed. Don't waste time with parted. | |||||
Fsck, essentially, you delete all the partitions, then add them as you want, IF you have a root partition that is 1, with everything. \footnote{If you split up the partitions, you will need to image the partitions and copy them differently.} I always use a single root partition. Simple. No need to complicate a desktop os. So for 1,2,5, I delete all partitions, then add 1, with an additional 40G in fsck. | |||||
+80G in this case is what I did.\footnote{Perhaps I should've done +70G to stay under the 80G of an actual 80GB hdd.} | |||||
Then add the swap after. | |||||
mkswap the swap. resize2fs the root partition (it may ask you to e2fsck -f first, so do that if necessary). That's easy. | |||||
However, here's the trap. You aren't done. You need to edit not only fstab, but also a few other places. | |||||
\subsection{Things to edit:} | |||||
\begin{itemize} | |||||
\item fstab | |||||
\item /etc/initramfs/conf.d/resume (may be optional if you don't suspend) | |||||
\item update-grub | |||||
\item update-initramfs -u -all | |||||
\item grub-install /dev/sda | |||||
\item grub-install /dev/sda1 | |||||
\end{itemize} | |||||
You add the new blkid of the new swap (if it's new) to the conf.d resume. My grub-install /dev/sda1 errored out, but I think it was the /dev/sda one I needed to redo. Do both just in case. Also make sure to do an update-initramfs -u -all. And you probably already remembered about update-grub but that should probably be done as well. | |||||
It's easy to miss one of these, and if you do, you will be loaded into grub. If you load manually in grub with: | |||||
\emph{linux = /boot/vmlinuz...} | |||||
\emph{initrd = /boot/initrd...} | |||||
\emph{boot} | |||||
Then in my case, you will end up in an initramfs that can't find the fstab. So then chroot into the hdd, and run the steps above. | |||||
\end{document} |
@ -0,0 +1,28 @@ | |||||
\documentclass[11pt]{article} | |||||
%Gummi|065|=) | |||||
\title{\textbf{Router Fail - Network Down!}} | |||||
\usepackage{graphicx} | |||||
\usepackage{caption } | |||||
\author{Steak Electronics} | |||||
\date{06/4/19} | |||||
\begin{document} | |||||
%\maketitle | |||||
\textbf{Router Fail - Network Down} | |||||
%\textbf{Todo} | |||||
\section{Overview} | |||||
A company had the internet go down. The way their system was built, they had a 2nd firewall behind a cable company router. I was able to access the network before the firewall, which meant that their firewall might've failed. | |||||
\section{Diagnosis} | |||||
The internal firewall had no LED power light or activity. So, no internet. | |||||
First, their network was a 192.168.0.0/24 subnet. I first put them behind a second wireless router which was upstream of the cable modem and not offline. However the network of that internet router was 192.168.1.0/24. This means a few things. 1) All computers (Windows unfortunately), must be set to DHCP (in this case they were all static), and leases must be renewed. So, at least you need a reboot of computers in this situation. 2) They had server software in the LAN that depended upon the 192.168.0.0/24 subnet to work. I didn't find this out until later. | |||||
Originally, I started with the default wireless network of 192.168.1.0/24 but I found that the server software wasn't working. In this case, the most efficient way to rebuild the network, with all the statics intact, was to set the new (temporary) replacement router to be the same subnet. I didn't have the password for the wireless router, so a simple factory reset enabled me access (although lucky for me, the default subnet was in fact 192.168.0.0/24). | |||||
es | |||||
\section{Conclusion} | |||||
When replacing a failed router in a situation like this, the new router should ideally have the same subnet. You might be able to get away without this in smaller offices, but if there is any server software, or if the computers have static IPs \footnote{Or if any other device hsa a static ip, e.g. CCTV camera} you will run into a few more minutes of work. | |||||
There are no rules; this is not set in stone, however, it's the easiest path. As this was only a temporary router replacement, it was not important to have the network 1:1 with the original. In my setups, (this network was not mine) I prefer to have redundant hardware, so you can replace a broken firewall, with a similarly configured duplicate. | |||||
\end{document} |
@ -0,0 +1,4 @@ | |||||
\relax | |||||
\@writefile{toc}{\contentsline {section}{\numberline {1}Overview}{1}} | |||||
\@writefile{toc}{\contentsline {section}{\numberline {2}Diagnosis}{1}} | |||||
\@writefile{toc}{\contentsline {section}{\numberline {3}Conclusion}{1}} |
@ -0,0 +1,190 @@ | |||||
This is pdfTeX, Version 3.14159265-2.6-1.40.15 (TeX Live 2015/dev/Debian) (preloaded format=pdflatex 2018.11.28) 4 JUN 2019 23:52 | |||||
entering extended mode | |||||
restricted \write18 enabled. | |||||
%&-line parsing enabled. | |||||
**/home/layoutdev/Desktop/code/documentation_general/IT_Articles/2019/Router_Fa | |||||
il_Repair/docs/1.tex | |||||
(/home/layoutdev/Desktop/code/documentation_general/IT_Articles/2019/Router_Fai | |||||
l_Repair/docs/1.tex | |||||
LaTeX2e <2014/05/01> | |||||
Babel <3.9l> and hyphenation patterns for 2 languages loaded. | |||||
(/usr/share/texlive/texmf-dist/tex/latex/base/article.cls | |||||
Document Class: article 2014/09/29 v1.4h Standard LaTeX document class | |||||
(/usr/share/texlive/texmf-dist/tex/latex/base/size11.clo | |||||
File: size11.clo 2014/09/29 v1.4h Standard LaTeX file (size option) | |||||
) | |||||
\c@part=\count79 | |||||
\c@section=\count80 | |||||
\c@subsection=\count81 | |||||
\c@subsubsection=\count82 | |||||
\c@paragraph=\count83 | |||||
\c@subparagraph=\count84 | |||||
\c@figure=\count85 | |||||
\c@table=\count86 | |||||
\abovecaptionskip=\skip41 | |||||
\belowcaptionskip=\skip42 | |||||
\bibindent=\dimen102 | |||||
) | |||||
(/usr/share/texlive/texmf-dist/tex/latex/graphics/graphicx.sty | |||||
Package: graphicx 2014/04/25 v1.0g Enhanced LaTeX Graphics (DPC,SPQR) | |||||
(/usr/share/texlive/texmf-dist/tex/latex/graphics/keyval.sty | |||||
Package: keyval 2014/05/08 v1.15 key=value parser (DPC) | |||||
\KV@toks@=\toks14 | |||||
) | |||||
(/usr/share/texlive/texmf-dist/tex/latex/graphics/graphics.sty | |||||
Package: graphics 2009/02/05 v1.0o Standard LaTeX Graphics (DPC,SPQR) | |||||
(/usr/share/texlive/texmf-dist/tex/latex/graphics/trig.sty | |||||
Package: trig 1999/03/16 v1.09 sin cos tan (DPC) | |||||
) | |||||
(/usr/share/texlive/texmf-dist/tex/latex/latexconfig/graphics.cfg | |||||
File: graphics.cfg 2010/04/23 v1.9 graphics configuration of TeX Live | |||||
) | |||||
Package graphics Info: Driver file: pdftex.def on input line 91. | |||||
(/usr/share/texlive/texmf-dist/tex/latex/pdftex-def/pdftex.def | |||||
File: pdftex.def 2011/05/27 v0.06d Graphics/color for pdfTeX | |||||
(/usr/share/texlive/texmf-dist/tex/generic/oberdiek/infwarerr.sty | |||||
Package: infwarerr 2010/04/08 v1.3 Providing info/warning/error messages (HO) | |||||
) | |||||
(/usr/share/texlive/texmf-dist/tex/generic/oberdiek/ltxcmds.sty | |||||
Package: ltxcmds 2011/11/09 v1.22 LaTeX kernel commands for general use (HO) | |||||
) | |||||
\Gread@gobject=\count87 | |||||
)) | |||||
\Gin@req@height=\dimen103 | |||||
\Gin@req@width=\dimen104 | |||||
) | |||||
(/usr/share/texlive/texmf-dist/tex/latex/caption/caption.sty | |||||
Package: caption 2013/05/02 v3.3-89 Customizing captions (AR) | |||||
(/usr/share/texlive/texmf-dist/tex/latex/caption/caption3.sty | |||||
Package: caption3 2013/05/02 v1.6-88 caption3 kernel (AR) | |||||
Package caption3 Info: TeX engine: e-TeX on input line 57. | |||||
\captionmargin=\dimen105 | |||||
\captionmargin@=\dimen106 | |||||
\captionwidth=\dimen107 | |||||
\caption@tempdima=\dimen108 | |||||
\caption@indent=\dimen109 | |||||
\caption@parindent=\dimen110 | |||||
\caption@hangindent=\dimen111 | |||||
) | |||||
\c@ContinuedFloat=\count88 | |||||
) (./1.aux) | |||||
\openout1 = `1.aux'. | |||||
LaTeX Font Info: Checking defaults for OML/cmm/m/it on input line 8. | |||||
LaTeX Font Info: ... okay on input line 8. | |||||
LaTeX Font Info: Checking defaults for T1/cmr/m/n on input line 8. | |||||
LaTeX Font Info: ... okay on input line 8. | |||||
LaTeX Font Info: Checking defaults for OT1/cmr/m/n on input line 8. | |||||
LaTeX Font Info: ... okay on input line 8. | |||||
LaTeX Font Info: Checking defaults for OMS/cmsy/m/n on input line 8. | |||||
LaTeX Font Info: ... okay on input line 8. | |||||
LaTeX Font Info: Checking defaults for OMX/cmex/m/n on input line 8. | |||||
LaTeX Font Info: ... okay on input line 8. | |||||
LaTeX Font Info: Checking defaults for U/cmr/m/n on input line 8. | |||||
LaTeX Font Info: ... okay on input line 8. | |||||
(/usr/share/texlive/texmf-dist/tex/context/base/supp-pdf.mkii | |||||
[Loading MPS to PDF converter (version 2006.09.02).] | |||||
\scratchcounter=\count89 | |||||
\scratchdimen=\dimen112 | |||||
\scratchbox=\box26 | |||||
\nofMPsegments=\count90 | |||||
\nofMParguments=\count91 | |||||
\everyMPshowfont=\toks15 | |||||
\MPscratchCnt=\count92 | |||||
\MPscratchDim=\dimen113 | |||||
\MPnumerator=\count93 | |||||
\makeMPintoPDFobject=\count94 | |||||
\everyMPtoPDFconversion=\toks16 | |||||
) (/usr/share/texlive/texmf-dist/tex/generic/oberdiek/pdftexcmds.sty | |||||
Package: pdftexcmds 2011/11/29 v0.20 Utility functions of pdfTeX for LuaTeX (HO | |||||
) | |||||
(/usr/share/texlive/texmf-dist/tex/generic/oberdiek/ifluatex.sty | |||||
Package: ifluatex 2010/03/01 v1.3 Provides the ifluatex switch (HO) | |||||
Package ifluatex Info: LuaTeX not detected. | |||||
) | |||||
(/usr/share/texlive/texmf-dist/tex/generic/oberdiek/ifpdf.sty | |||||
Package: ifpdf 2011/01/30 v2.3 Provides the ifpdf switch (HO) | |||||
Package ifpdf Info: pdfTeX in PDF mode is detected. | |||||
) | |||||
Package pdftexcmds Info: LuaTeX not detected. | |||||
Package pdftexcmds Info: \pdf@primitive is available. | |||||
Package pdftexcmds Info: \pdf@ifprimitive is available. | |||||
Package pdftexcmds Info: \pdfdraftmode found. | |||||
) | |||||
(/usr/share/texlive/texmf-dist/tex/latex/oberdiek/epstopdf-base.sty | |||||
Package: epstopdf-base 2010/02/09 v2.5 Base part for package epstopdf | |||||
(/usr/share/texlive/texmf-dist/tex/latex/oberdiek/grfext.sty | |||||
Package: grfext 2010/08/19 v1.1 Manage graphics extensions (HO) | |||||
(/usr/share/texlive/texmf-dist/tex/generic/oberdiek/kvdefinekeys.sty | |||||
Package: kvdefinekeys 2011/04/07 v1.3 Define keys (HO) | |||||
)) | |||||
(/usr/share/texlive/texmf-dist/tex/latex/oberdiek/kvoptions.sty | |||||
Package: kvoptions 2011/06/30 v3.11 Key value format for package options (HO) | |||||
(/usr/share/texlive/texmf-dist/tex/generic/oberdiek/kvsetkeys.sty | |||||
Package: kvsetkeys 2012/04/25 v1.16 Key value parser (HO) | |||||
(/usr/share/texlive/texmf-dist/tex/generic/oberdiek/etexcmds.sty | |||||
Package: etexcmds 2011/02/16 v1.5 Avoid name clashes with e-TeX commands (HO) | |||||
Package etexcmds Info: Could not find \expanded. | |||||
(etexcmds) That can mean that you are not using pdfTeX 1.50 or | |||||
(etexcmds) that some package has redefined \expanded. | |||||
(etexcmds) In the latter case, load this package earlier. | |||||
))) | |||||
Package grfext Info: Graphics extension search list: | |||||
(grfext) [.png,.pdf,.jpg,.mps,.jpeg,.jbig2,.jb2,.PNG,.PDF,.JPG,.JPE | |||||
G,.JBIG2,.JB2,.eps] | |||||
(grfext) \AppendGraphicsExtensions on input line 452. | |||||
(/usr/share/texlive/texmf-dist/tex/latex/latexconfig/epstopdf-sys.cfg | |||||
File: epstopdf-sys.cfg 2010/07/13 v1.3 Configuration of (r)epstopdf for TeX Liv | |||||
e | |||||
)) | |||||
Package caption Info: Begin \AtBeginDocument code. | |||||
Package caption Info: End \AtBeginDocument code. | |||||
LaTeX Font Info: External font `cmex10' loaded for size | |||||
(Font) <10.95> on input line 23. | |||||
LaTeX Font Info: External font `cmex10' loaded for size | |||||
(Font) <8> on input line 23. | |||||
LaTeX Font Info: External font `cmex10' loaded for size | |||||
(Font) <6> on input line 23. | |||||
LaTeX Font Info: External font `cmex10' loaded for size | |||||
(Font) <9> on input line 23. | |||||
LaTeX Font Info: External font `cmex10' loaded for size | |||||
(Font) <5> on input line 23. | |||||
[1 | |||||
{/var/lib/texmf/fonts/map/pdftex/updmap/pdftex.map}] (./1.aux) ) | |||||
Here is how much of TeX's memory you used: | |||||
2534 strings out of 495020 | |||||
40330 string characters out of 6181323 | |||||
94810 words of memory out of 5000000 | |||||
5752 multiletter control sequences out of 15000+600000 | |||||
8204 words of font info for 29 fonts, out of 8000000 for 9000 | |||||
14 hyphenation exceptions out of 8191 | |||||
38i,8n,38p,661b,147s stack positions out of 5000i,500n,10000p,200000b,80000s | |||||
</usr/share/tex | |||||
live/texmf-dist/fonts/type1/public/amsfonts/cm/cmbx10.pfb></usr/share/texlive/t | |||||
exmf-dist/fonts/type1/public/amsfonts/cm/cmbx12.pfb></usr/share/texlive/texmf-d | |||||
ist/fonts/type1/public/amsfonts/cm/cmr10.pfb></usr/share/texlive/texmf-dist/fon | |||||
ts/type1/public/amsfonts/cm/cmr6.pfb></usr/share/texlive/texmf-dist/fonts/type1 | |||||
/public/amsfonts/cm/cmr8.pfb></usr/share/texlive/texmf-dist/fonts/type1/public/ | |||||
amsfonts/cm/cmr9.pfb> | |||||
Output written on 1.pdf (1 page, 72150 bytes). | |||||
PDF statistics: | |||||
32 PDF objects out of 1000 (max. 8388607) | |||||
22 compressed objects within 1 object stream | |||||
0 named destinations out of 1000 (max. 500000) | |||||
1 words of extra memory for PDF output out of 10000 (max. 10000000) | |||||
@ -0,0 +1,28 @@ | |||||
\documentclass[11pt]{article} | |||||
%Gummi|065|=) | |||||
\title{\textbf{Router Fail - Network Down!}} | |||||
\usepackage{graphicx} | |||||
\usepackage{caption } | |||||
\author{Steak Electronics} | |||||
\date{06/4/19} | |||||
\begin{document} | |||||
%\maketitle | |||||
\textbf{Router Fail - Network Down} | |||||
%\textbf{Todo} | |||||
\section{Overview} | |||||
A company had the internet go down. The way their system was built, they had a 2nd firewall behind a cable company router. I was able to access the network before the firewall, which meant that their firewall might've failed. | |||||
\section{Diagnosis} | |||||
The internal firewall had no LED power light or activity. So, no internet. | |||||
First, their network was a 192.168.0.0/24 subnet. I first put them behind a second wireless router which was upstream of the cable modem and not offline. However the network of that internet router was 192.168.1.0/24. This means a few things. 1) All computers (Windows unfortunately), must be set to DHCP (in this case they were all static), and leases must be renewed. So, at least you need a reboot of computers in this situation. 2) They had server software in the LAN that depended upon the 192.168.0.0/24 subnet to work. I didn't find this out until later. | |||||
Originally, I started with the default wireless network of 192.168.1.0/24 but I found that the server software wasn't working. In this case, the most efficient way to rebuild the network, with all the statics intact, was to set the new (temporary) replacement router to be the same subnet. I didn't have the password for the wireless router, so a simple factory reset enabled me access (although lucky for me, the default subnet was in fact 192.168.0.0/24). | |||||
\section{Conclusion} | |||||
When replacing a failed router in a situation like this, the new router should ideally have the same subnet. You might be able to get away without this in smaller offices, but if there is any server software, or if the computers have static IPs \footnote{Or if any other device hsa a static ip, e.g. CCTV camera} you will run into a few more minutes of work. | |||||
There are no rules; this is not set in stone, however, it's the easiest path. As this was only a temporary router replacement, it was not important to have the network 1:1 with the original. In my setups, (this network was not mine) I prefer to have redundant hardware, so you can replace a broken firewall, with a similarly configured duplicate. | |||||
\end{document} |
@ -0,0 +1,33 @@ | |||||
\documentclass[11pt]{article} | |||||
%Gummi|065|=) | |||||
\title{\textbf{Finding Printers on the Network In Windows}} | |||||
\usepackage{graphicx} | |||||
\usepackage{caption } | |||||
\author{Steak Electronics} | |||||
\date{02/22/19} | |||||
\begin{document} | |||||
\maketitle | |||||
\textbf{Todo} | |||||
\section{Overview} | |||||
Finding Printers in Windows, can be difficult, and it changes from OS to OS release. OS Coder job security. | |||||
There is usually a faster way to find printers, if you know what you are looking for. | |||||
\section{Steps} | |||||
Follow these graphical steps. | |||||
\includegraphics[scale=0.8]{../pics/1.png} | |||||
\includegraphics[scale=0.8]{../pics/2.png} | |||||
\includegraphics[scale=0.8]{../pics/3.png} | |||||
There is something similar in Windows 7, and I imagine in Windows 11 they will change it again. Job security. | |||||
\end{document} |
@ -0,0 +1,4 @@ | |||||
\relax | |||||
\@writefile{toc}{\contentsline {section}{\numberline {1}Overview}{1}} | |||||
\@writefile{toc}{\contentsline {section}{\numberline {2}Diagnosis}{1}} | |||||
\@writefile{toc}{\contentsline {section}{\numberline {3}Conclusion}{1}} |
@ -0,0 +1,190 @@ | |||||
This is pdfTeX, Version 3.14159265-2.6-1.40.15 (TeX Live 2015/dev/Debian) (preloaded format=pdflatex 2018.11.28) 4 JUN 2019 23:52 | |||||
entering extended mode | |||||
restricted \write18 enabled. | |||||
%&-line parsing enabled. | |||||
**/home/layoutdev/Desktop/code/documentation_general/IT_Articles/2019/Router_Fa | |||||
il_Repair/docs/2.tex | |||||
(/home/layoutdev/Desktop/code/documentation_general/IT_Articles/2019/Router_Fai | |||||
l_Repair/docs/2.tex | |||||
LaTeX2e <2014/05/01> | |||||
Babel <3.9l> and hyphenation patterns for 2 languages loaded. | |||||
(/usr/share/texlive/texmf-dist/tex/latex/base/article.cls | |||||
Document Class: article 2014/09/29 v1.4h Standard LaTeX document class | |||||
(/usr/share/texlive/texmf-dist/tex/latex/base/size11.clo | |||||
File: size11.clo 2014/09/29 v1.4h Standard LaTeX file (size option) | |||||
) | |||||
\c@part=\count79 | |||||
\c@section=\count80 | |||||
\c@subsection=\count81 | |||||
\c@subsubsection=\count82 | |||||
\c@paragraph=\count83 | |||||
\c@subparagraph=\count84 | |||||
\c@figure=\count85 | |||||
\c@table=\count86 | |||||
\abovecaptionskip=\skip41 | |||||
\belowcaptionskip=\skip42 | |||||
\bibindent=\dimen102 | |||||
) | |||||
(/usr/share/texlive/texmf-dist/tex/latex/graphics/graphicx.sty | |||||
Package: graphicx 2014/04/25 v1.0g Enhanced LaTeX Graphics (DPC,SPQR) | |||||
(/usr/share/texlive/texmf-dist/tex/latex/graphics/keyval.sty | |||||
Package: keyval 2014/05/08 v1.15 key=value parser (DPC) | |||||
\KV@toks@=\toks14 | |||||
) | |||||
(/usr/share/texlive/texmf-dist/tex/latex/graphics/graphics.sty | |||||
Package: graphics 2009/02/05 v1.0o Standard LaTeX Graphics (DPC,SPQR) | |||||
(/usr/share/texlive/texmf-dist/tex/latex/graphics/trig.sty | |||||
Package: trig 1999/03/16 v1.09 sin cos tan (DPC) | |||||
) | |||||
(/usr/share/texlive/texmf-dist/tex/latex/latexconfig/graphics.cfg | |||||
File: graphics.cfg 2010/04/23 v1.9 graphics configuration of TeX Live | |||||
) | |||||
Package graphics Info: Driver file: pdftex.def on input line 91. | |||||
(/usr/share/texlive/texmf-dist/tex/latex/pdftex-def/pdftex.def | |||||
File: pdftex.def 2011/05/27 v0.06d Graphics/color for pdfTeX | |||||
(/usr/share/texlive/texmf-dist/tex/generic/oberdiek/infwarerr.sty | |||||
Package: infwarerr 2010/04/08 v1.3 Providing info/warning/error messages (HO) | |||||
) | |||||
(/usr/share/texlive/texmf-dist/tex/generic/oberdiek/ltxcmds.sty | |||||
Package: ltxcmds 2011/11/09 v1.22 LaTeX kernel commands for general use (HO) | |||||
) | |||||
\Gread@gobject=\count87 | |||||
)) | |||||
\Gin@req@height=\dimen103 | |||||
\Gin@req@width=\dimen104 | |||||
) | |||||
(/usr/share/texlive/texmf-dist/tex/latex/caption/caption.sty | |||||
Package: caption 2013/05/02 v3.3-89 Customizing captions (AR) | |||||
(/usr/share/texlive/texmf-dist/tex/latex/caption/caption3.sty | |||||
Package: caption3 2013/05/02 v1.6-88 caption3 kernel (AR) | |||||
Package caption3 Info: TeX engine: e-TeX on input line 57. | |||||
\captionmargin=\dimen105 | |||||
\captionmargin@=\dimen106 | |||||
\captionwidth=\dimen107 | |||||
\caption@tempdima=\dimen108 | |||||
\caption@indent=\dimen109 | |||||
\caption@parindent=\dimen110 | |||||
\caption@hangindent=\dimen111 | |||||
) | |||||
\c@ContinuedFloat=\count88 | |||||
) (./2.aux) | |||||
\openout1 = `2.aux'. | |||||
LaTeX Font Info: Checking defaults for OML/cmm/m/it on input line 8. | |||||
LaTeX Font Info: ... okay on input line 8. | |||||
LaTeX Font Info: Checking defaults for T1/cmr/m/n on input line 8. | |||||
LaTeX Font Info: ... okay on input line 8. | |||||
LaTeX Font Info: Checking defaults for OT1/cmr/m/n on input line 8. | |||||
LaTeX Font Info: ... okay on input line 8. | |||||
LaTeX Font Info: Checking defaults for OMS/cmsy/m/n on input line 8. | |||||
LaTeX Font Info: ... okay on input line 8. | |||||
LaTeX Font Info: Checking defaults for OMX/cmex/m/n on input line 8. | |||||
LaTeX Font Info: ... okay on input line 8. | |||||
LaTeX Font Info: Checking defaults for U/cmr/m/n on input line 8. | |||||
LaTeX Font Info: ... okay on input line 8. | |||||
(/usr/share/texlive/texmf-dist/tex/context/base/supp-pdf.mkii | |||||
[Loading MPS to PDF converter (version 2006.09.02).] | |||||
\scratchcounter=\count89 | |||||
\scratchdimen=\dimen112 | |||||
\scratchbox=\box26 | |||||
\nofMPsegments=\count90 | |||||
\nofMParguments=\count91 | |||||
\everyMPshowfont=\toks15 | |||||
\MPscratchCnt=\count92 | |||||
\MPscratchDim=\dimen113 | |||||
\MPnumerator=\count93 | |||||
\makeMPintoPDFobject=\count94 | |||||
\everyMPtoPDFconversion=\toks16 | |||||
) (/usr/share/texlive/texmf-dist/tex/generic/oberdiek/pdftexcmds.sty | |||||
Package: pdftexcmds 2011/11/29 v0.20 Utility functions of pdfTeX for LuaTeX (HO | |||||
) | |||||
(/usr/share/texlive/texmf-dist/tex/generic/oberdiek/ifluatex.sty | |||||
Package: ifluatex 2010/03/01 v1.3 Provides the ifluatex switch (HO) | |||||
Package ifluatex Info: LuaTeX not detected. | |||||
) | |||||
(/usr/share/texlive/texmf-dist/tex/generic/oberdiek/ifpdf.sty | |||||
Package: ifpdf 2011/01/30 v2.3 Provides the ifpdf switch (HO) | |||||
Package ifpdf Info: pdfTeX in PDF mode is detected. | |||||
) | |||||
Package pdftexcmds Info: LuaTeX not detected. | |||||
Package pdftexcmds Info: \pdf@primitive is available. | |||||
Package pdftexcmds Info: \pdf@ifprimitive is available. | |||||
Package pdftexcmds Info: \pdfdraftmode found. | |||||
) | |||||
(/usr/share/texlive/texmf-dist/tex/latex/oberdiek/epstopdf-base.sty | |||||
Package: epstopdf-base 2010/02/09 v2.5 Base part for package epstopdf | |||||
(/usr/share/texlive/texmf-dist/tex/latex/oberdiek/grfext.sty | |||||
Package: grfext 2010/08/19 v1.1 Manage graphics extensions (HO) | |||||
(/usr/share/texlive/texmf-dist/tex/generic/oberdiek/kvdefinekeys.sty | |||||
Package: kvdefinekeys 2011/04/07 v1.3 Define keys (HO) | |||||
)) | |||||
(/usr/share/texlive/texmf-dist/tex/latex/oberdiek/kvoptions.sty | |||||
Package: kvoptions 2011/06/30 v3.11 Key value format for package options (HO) | |||||
(/usr/share/texlive/texmf-dist/tex/generic/oberdiek/kvsetkeys.sty | |||||
Package: kvsetkeys 2012/04/25 v1.16 Key value parser (HO) | |||||
(/usr/share/texlive/texmf-dist/tex/generic/oberdiek/etexcmds.sty | |||||
Package: etexcmds 2011/02/16 v1.5 Avoid name clashes with e-TeX commands (HO) | |||||
Package etexcmds Info: Could not find \expanded. | |||||
(etexcmds) That can mean that you are not using pdfTeX 1.50 or | |||||
(etexcmds) that some package has redefined \expanded. | |||||
(etexcmds) In the latter case, load this package earlier. | |||||
))) | |||||
Package grfext Info: Graphics extension search list: | |||||
(grfext) [.png,.pdf,.jpg,.mps,.jpeg,.jbig2,.jb2,.PNG,.PDF,.JPG,.JPE | |||||
G,.JBIG2,.JB2,.eps] | |||||
(grfext) \AppendGraphicsExtensions on input line 452. | |||||
(/usr/share/texlive/texmf-dist/tex/latex/latexconfig/epstopdf-sys.cfg | |||||
File: epstopdf-sys.cfg 2010/07/13 v1.3 Configuration of (r)epstopdf for TeX Liv | |||||
e | |||||
)) | |||||
Package caption Info: Begin \AtBeginDocument code. | |||||
Package caption Info: End \AtBeginDocument code. | |||||
LaTeX Font Info: External font `cmex10' loaded for size | |||||
(Font) <10.95> on input line 23. | |||||
LaTeX Font Info: External font `cmex10' loaded for size | |||||
(Font) <8> on input line 23. | |||||
LaTeX Font Info: External font `cmex10' loaded for size | |||||
(Font) <6> on input line 23. | |||||
LaTeX Font Info: External font `cmex10' loaded for size | |||||
(Font) <9> on input line 23. | |||||
LaTeX Font Info: External font `cmex10' loaded for size | |||||
(Font) <5> on input line 23. | |||||
[1 | |||||
{/var/lib/texmf/fonts/map/pdftex/updmap/pdftex.map}] (./2.aux) ) | |||||
Here is how much of TeX's memory you used: | |||||
2534 strings out of 495020 | |||||
40330 string characters out of 6181323 | |||||
94810 words of memory out of 5000000 | |||||
5752 multiletter control sequences out of 15000+600000 | |||||
8204 words of font info for 29 fonts, out of 8000000 for 9000 | |||||
14 hyphenation exceptions out of 8191 | |||||
38i,8n,38p,661b,147s stack positions out of 5000i,500n,10000p,200000b,80000s | |||||
</usr/share/tex | |||||
live/texmf-dist/fonts/type1/public/amsfonts/cm/cmbx10.pfb></usr/share/texlive/t | |||||
exmf-dist/fonts/type1/public/amsfonts/cm/cmbx12.pfb></usr/share/texlive/texmf-d | |||||
ist/fonts/type1/public/amsfonts/cm/cmr10.pfb></usr/share/texlive/texmf-dist/fon | |||||
ts/type1/public/amsfonts/cm/cmr6.pfb></usr/share/texlive/texmf-dist/fonts/type1 | |||||
/public/amsfonts/cm/cmr8.pfb></usr/share/texlive/texmf-dist/fonts/type1/public/ | |||||
amsfonts/cm/cmr9.pfb> | |||||
Output written on 2.pdf (1 page, 72150 bytes). | |||||
PDF statistics: | |||||
32 PDF objects out of 1000 (max. 8388607) | |||||
22 compressed objects within 1 object stream | |||||
0 named destinations out of 1000 (max. 500000) | |||||
1 words of extra memory for PDF output out of 10000 (max. 10000000) | |||||
@ -0,0 +1,28 @@ | |||||
\documentclass[11pt]{article} | |||||
%Gummi|065|=) | |||||
\title{\textbf{Router Fail - Network Down!}} | |||||
\usepackage{graphicx} | |||||
\usepackage{caption } | |||||
\author{Steak Electronics} | |||||
\date{06/4/19} | |||||
\begin{document} | |||||
%\maketitle | |||||
\textbf{Router Fail - Network Down} | |||||
%\textbf{Todo} | |||||
\section{Overview} | |||||
A company had the internet go down. The way their system was built, they had a 2nd firewall behind a cable company router. I was able to access the network before the firewall, which meant that their firewall might've failed. | |||||
\section{Diagnosis} | |||||
The internal firewall had no LED power light or activity. So, no internet. | |||||
First, their network was a 192.168.0.0/24 subnet. I first put them behind a second wireless router which was upstream of the cable modem and not offline. However the network of that internet router was 192.168.1.0/24. This means a few things. 1) All computers (Windows unfortunately), must be set to DHCP (in this case they were all static), and leases must be renewed. So, at least you need a reboot of computers in this situation. 2) They had server software in the LAN that depended upon the 192.168.0.0/24 subnet to work. I didn't find this out until later. | |||||
Originally, I started with the default wireless network of 192.168.1.0/24 but I found that the server software wasn't working. In this case, the most efficient way to rebuild the network, with all the statics intact, was to set the new (temporary) replacement router to be the same subnet. I didn't have the password for the wireless router, so a simple factory reset enabled me access (although lucky for me, the default subnet was in fact 192.168.0.0/24). | |||||
\section{Conclusion} | |||||
When replacing a failed router in a situation like this, the new router should ideally have the same subnet. You might be able to get away without this in smaller offices, but if there is any server software, or if the computers have static IPs \footnote{Or if any other device hsa a static ip, e.g. CCTV camera} you will run into a few more minutes of work. | |||||
There are no rules; this is not set in stone, however, it's the easiest path. As this was only a temporary router replacement, it was not important to have the network 1:1 with the original. In my setups, (this network was not mine) I prefer to have redundant hardware, so you can replace a broken firewall, with a similarly configured duplicate. | |||||
\end{document} |