Archive for the ‘Technical’ Category

Yay Lilies

Tuesday, March 9th, 2010
I couldn’t resist. I plan to try my hand at shade planting Asiatic lilies. I shopped online at Brent and Becky’s and picked up 5 each of the following: Navona, Lollypop and Red Alert. I also picked up a 5 pack of the strap-leaf caladium Blushing Bride, which will be added to the front fence bed. I may even reserve one or two bulbs for potting. I could have gone overboard and bought more caladiums, a white strap-leafed variety to be preferred, but I’m not sure where else to put them in the landscape. A new internet source, Classic Caladiums, might persuade me to pick up some White Ruffles.

Opera plying the torrents

Tuesday, December 1st, 2009
Who knew that Opera was a torrent client under the hood? I discovered this while looking for a copy of the Cleopatra expansion to Pharaoh online. It seems Opera integrated the torrent client as early as version 9, and it still exists in version 10. I’ll be adding Opera to my web development rotation and use it more often because of this feature.

Getting Fail2Ban to work

Tuesday, November 24th, 2009

My first clue that Fail2Ban wasn’t working right: it wasn’t showing up in iptables -L.
Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-ssh tcp -- anywhere anywhere tcp dpt:ssh
Chain fail2ban-ssh (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere

My second clue: Fail2Ban wasn’t displaying the configuration I thought it had loaded. For example, my list of “ignoreips” wasn’t showing up when I tried to view it. Or it didn’t return the maxretry settings I had configured.

I tracked it down back to jail.local and determined that the SSH parser wasn’t actually enabled. So I uncommented the line and enabled it to “true”.
[ssh-iptables]
#enabled = false
enabled = true
filter = sshd

I also had to change it to look at the SSH log, which in CentOS is in /var/log/secure
logpath = /var/log/secure

Reloaded the config and checked the status of the daemon.
fail2ban-client reload
fail2ban-client status

Running properly, Fail2Ban creates a jail named ssh-iptables.

The only disappointment is that Fail2Ban does not ban retroactively. It only reviews new entries to determine bannable IPs.

The Fail2Ban command list helped me troubleshoot Fail2Ban. Running in interactive mode helped a great deal.

FTP issues within Wordpress

Monday, November 23rd, 2009

Why was I getting “Failed to connect to FTP Server” messages when trying to upgrade a plugin through the backend FTP interface? Well, apparently it wasn’t liking the ftp.domain.com for hostname. So I used “localhost”, and it worked!

Hardening SSH/FTP

Monday, November 23rd, 2009

Or what I learned after reading the logs of brute force attacks on our server.

The logs issued by the Logwatch daemon on our server weren’t pretty…they told a grim tale of the attacks that besieged our server daily. I resolved to do something about it

Fail2ban proved to be an easy install. I just followed the instructions on the 2nd link given, ensuring that I configured a local jail.conf file to store my settings in. I’m not entirely clear on how to read/parse CIDR addresses, but I think I got it right regardless. One thing to remember that’s not listed here is to turn on iptables, if it isn’t already.

# /etc/init.d/iptables start

Now I have to determine if I can tie Fail2Ban to Logwatch.