Ban SSHD attempts with fail2ban

I have servers hosted at Linode.com, have had them for several years now.  While I am working or sleeping I rarely ever have an issue.  But that doesn’t mean something isn’t happening with them.  In fact, beyond the normal traffic I would expect them to get, I often get attacks via port scans, sshd login attempts, etc.

I take what some would consider above average security precautions.  I’ve been called anal in the past by friends because I wouldn’t expose FTP or unnecessary protocols blindly.  Instead I tell them to get an SSH tunnel client and use any service they want to through the secure pipe.  Its easy enough to do even for customers from their desktops.

Besides the public SMTP/POP/IMAP and WEB, the only other major service I may expose to the WWW is SSH.  Which ends up resulting in someone who doesn’t belong on my server, trying to get on it.  Oh yes, I see every attempt as I use logcheck to drop me occasional emails throughout the day informing me of what is going on.  To be honest, I’ve had this email log checker being sent to me for years.  And I often think of the day that I will turn it off…but then the what if scenarios pop into my head, and I don’t do it.

Well I had enough with the failed sshd login attempts.

Security Events
=-=-=-=-=-=-=-=
Aug 27 16:32:00 smallbox sshd[20823]: Failed password for root from 130.206.132.121 port 44533 ssh2
Aug 27 16:32:03 smallbox sshd[20825]: Failed password for root from 130.206.132.121 port 44789 ssh2
Aug 27 16:32:06 smallbox sshd[20827]: Failed password for root from 130.206.132.121 port 44974 ssh2
Aug 27 16:32:10 smallbox sshd[20829]: Failed password for root from 130.206.132.121 port 45191 ssh2
Aug 27 16:32:14 smallbox sshd[20831]: Failed password for root from 130.206.132.121 port 45456 ssh2
Aug 27 16:32:17 smallbox sshd[20833]: Failed password for root from 130.206.132.121 port 45698 ssh2
Aug 27 16:32:20 smallbox sshd[20835]: Failed password for root from 130.206.132.121 port 45919 ssh2
Aug 27 16:32:23 smallbox sshd[20837]: Failed password for root from 130.206.132.121 port 46153 ssh2
Aug 27 16:32:26 smallbox sshd[20839]: Failed password for root from 130.206.132.121 port 46379 ssh2
Aug 27 16:32:30 smallbox sshd[20843]: Failed password for root from 130.206.132.121 port 46619 ssh2

Before you say….but wait you listed their IP here! Do you really think I care?   BTW…it came from Amsterdam.

Adding fail2ban into the mix…

What is fail2ban?

fail2ban will monitor events (in my case log files from auth), mark IP’s as bad for a configurable time (minutes, days) and release the jailed IP after that configurable time. (more…)

Sharper Image Bluetooth Speakers (Kubuntu)

I was able to get the Bluetooth 1.2 Wireless HI-FI Stereo Speakers to work on Linux, Kubuntu 7.10 to be a bit more exact.

I did not update or install any additional libraries.  The Sharper Image Bluetooth dongle works perfectly.  I found and followed the steps for Amarok here.

Side affects? Yup…Sometimes when another song begins to play, the sound begins playing back on my laptop speakers.  I go back into the settings and notice that they defaulted back to the non-bluetooth settings I just saved!

I haven’t found a resolution for it yet!!!

Create simple ANSI based UI with Python-Newt

I stumbled across this simple UI, Python-newt.  Newt which is common to many non-graphic installs on various Linux flavors. Newt is a simplistic UI that lets a programmer specify entry fields, radio buttons, ok/cancel buttons. You name it…

The Python extension is called Snack. Read more on support here. Two examples come with the docs, showing how easy it is to assemble UI entry request pages/forms.

django + screen

I was working on a website, and quite often I open shells (I use Konsole), often leveraging the tabs Konsole has built in. But I sometimes hate having to switch tabs to see something, compare, reference etc.

My best solution was to keep Konsole windows separate. In Django I would run a konsole window on my top LCD display to display the running application (you know the ./manage.py runserver). While in a konsole window on my laptop display I would run yet another Konsole window to write code, etc.

I often use screen, but similar to tabs with Konsole, I get tired switching screens. Well there are the multiple windows in screen you can set up with a few simple keystrokes, something which I even blogged about previously. Yeah, I know its a cheap shot to link to your own blog! But I assure you, I could care less about how many visitors I get.

My latest problem with screen has been … on my laptop I reboot often. In fact, I like the idea of being able to shut down, take my laptop with me and pop it back up in a coffee shop, at my skydiving dropzone or even the library. What happens when I reboot? Screen settings are lost, and I have to reset everything back up once I turn the “machine” back on. (more…)

BasKet Note Pads

I was doing something useful and came across this application: BasKet Note Pads

This application provides as many baskets (drawers) as you wish; Several kinds of objects (texts, URLs, images,…) can be drag-n-drop’d into it.

I visited the website and had to give it a try.  I love to organize things.  And right now I feel like things are a little messy.  I have emails, docs, things are a bit scattered.

I am trying this little KDE app. right now, and I am very happy.

I have a projects “basket” and will soon be adding a Django one.  I have always wanted a quick place to put django snippets I use often enough to save and reuse, but haven’t found that magical place!

Listening to Christmas music via SHOUTcast on Chumby! Yeah for the holidays!

Kubuntu 7.10 Kaffeine Play Encrypted DVD

Taken from here.

1)  sudo /usr/share/doc/libdvdread3/install-css.sh

2)  In Kaffeine
Go to to Settings->xine Engine Parameters
Select “Media” section
Select the “Expert Options” tab
Find an option labelled “CSS decryption method”
Change setting from “key” to “title”.

It just works (after a few steps).

Dual displays

I was at the last Atlanta Python meeting this month, and noticed some presenters are still having issues getting dual displays to work. It is something I haven’t had to do in Linux. But I decided to try it out.

I found this video which explained how to do everything using nvidia-settings. (more…)

A time machine?

I have been once again led down an alternate path while working on something this evening. This time it has to do with how to revert installs on Debian (Ubuntu) based systems when an update breaks something. This can happen on servers, laptops/desktops, etc.I am not the normal (K)Ubuntu user running the Symaptic pkg manager for updates. I tend to always rely on the console aptitude. Some times you preform an upgrade only to find out things just broke and you want to revert.Aptitude records packages it installs in a log file (/var/log/aptitude). So I began to think of writing a quick solution, until I Googled aptitude rollback update. I found Flyback, TimeVault and Dirvish.

Why am I not using my Unison previously mentioned in another post? Unison does a fine job keeping things in-sync. I’m sure Unison could be twisted to act as a daily backup tool as well.  But I use it to keep one or more  filesystems up to date. (more…)

Kubuntu

OK, my last posting was written while I was experiencing a tad of frustration.  I Googled, jumped on an IRC channel and tried just about everything, including reconfiguring every package known to man.  I finally found a bug that resembled my exact trouble:

“Administrator Mode” button in “System Settings” does not work properly.

Simply the fix was:

kdesu kcontrol

I had ran kcontrol several times with sudo, but the problem was never fixed.  Running kcontrol with kdesu cleaned up old dead DCOP server files.  Something more than simply deleting he files.

Happy? No not yet, I still don’t know what provoked this.  It may not have been a package upgrade.

Kubuntu – I figured it out!

Don’t install patches, updates or anything upgrade anything already working on Kubuntu or other Linux distros when its finals, exams at college or just before the holiday break. It is the only reason I can think of that makes sense as to why things that worked are broken.Why can a perfectly good laptop running Kubuntu break after installing updates? No….I’m not happy. I’m dealing with this instead of working!!!

The FIRST active maintainer of Kubuntu to come forward and prove to me that he/she held back an update because it was not fully tested, I will send them $25!