Category: Uncategorized

You probably have protected your dovecot, postfix, exim, dbmail, or any other port opening application that needs to be protected from bruit force and dictionary attacks.

But what about roundcube, the problem with roundcube is that you have to whitelist it (whether it is on the same server or a different server) so that it does not get blocked, so now you have another security issue, this way a hacker can bruit force your server even when fail2ban is monitoring all SMTP and IMAP and POP ports.

The solution to this is to actually protect RoundCube itself against bruit force.

Forget the apache logs, we don’t need to use those as roundcube will log failed attempts in it’s /logs/errors file, this file has something similar to the following line

IMAP Error: Login failed for aaa@bbb.com from xxx.xxx.xxx.xxx. AUTHENTICATE PLAIN: Authentication failed

You should also note that there is a certain roundcube config file in fail2ban, which i am not using because i like to make things as simple as possible but not too simple, the file that comes with fail2ban roundcube-auth.conf seems to account for older installations of roundcube, something i don’t really need.

Now, here is a step by step manual to protect roundcube (Or phpmyadmin or ispconfig or what have you) from bruit force attacks and dictionary attacks.

1- Make sure fail2ban is installed
apt-get install fail2ban

2- add the following two configuration file to fail2ban programs directory (/etc/fail2ban/filter.d/)

1- roundcube.conf

# Fail2Ban configuration file for roundcube webmail
#
# Author: Fabian Wenk 
#
# $Revision$
#
# To have logging information available, it is necessary to adjusting
# the following option in config/main.inc.php from Roundcube:
#
# $rcmail_config['debug_level'] = 1;	// not sure, probably not needed
# $rcmail_config['log_session'] = true;
#
# and point in the fail2ban jail config to the correct logfile,
# or change also the following config to log to syslog:
#
# $rcmail_config['log_driver'] = 'syslog';
#

[Definition]

# Option: failregex
# Notes.: regex to match the password failures messages in the logfile.
#	first line is for Cyrus IMAP (2.4.x)
#	second line is for Dovecot (2.1.x)
# Values: TEXT
#
#failregex = roundcube: IMAP Error: Login failed for .* from . AUTHENTICATE PLAIN: authentication failure in .*$
failregex = roundcube: IMAP Error: Login failed for .* from . AUTHENTICATE PLAIN: Authentication failed. in .*$

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =  

2- roundcube-repeat.conf, this rule inspects the fail2ban log file itself, and if there are repeated bans (repeated violations), imposes a bigger penalty

# roundcube configuration file
#


[Definition]

# Option:  failregex
# Notes.:  regex to match the password failures messages in the logfile. The
#          host must be matched by a group named "host". The tag "" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P\S+)
# Values:  TEXT
#
failregex = \[roundcube\] Ban 

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =

The above is how fail2ban will identify failed logins, now in the /etc/fail2ban/jail.local we need to tell fail2ban 1- Where to look for this rule, 2- what file to look for the logs in !

So, to activate the above, we need to add some rules in /etc/fail2ban/jail.conf

[roundcube]
enabled  = true
port     = http,https
filter   = roundcube
logpath  = /var/sys_ssl/rcmail/logs/errors
maxretry = 5
findtime = 600
bantime = 3600

[roundcube-repeat]
enabled = true
port = http,https
filter = roundcube-repeat
logpath = /var/log/fail2ban.log
maxretry = 3
findtime = 21600
bantime = 86400

Now, to the testing, mind you, if you test, you will be blocked, depending on how you test, you might get blocked for a whole day, so keep that in mind

For those of you on a recent cpanel installation, you should probably know that iptables are disabled by default in favor of firewalld, fail2ban will update the rules, but the rules will not work 😉

Here is the lowdown, fdisk does not assume you have advanced format probably if your disk has a logical of 512 and a physical of 4K.

So it will likely print

Partition x does not start on physical sector boundary

fdisk is wrong, your partition may or may not be aligned

In reality, just by running fdisk with the new alignment should tell you if it is really miss aligned, or fdisk is miscalculating

 

fdisk -b 4096 -u /dev/sda

Now try and print, if you still see that message, then it is miss aligned, otherwise you are fine

The application that will probably be available on every system would be fdisk, so i will start with that

fdisk -l

But that is not my favorite, the one i use (Because i have disks of same size so i need more information) is

lshw -class disk

But i still need to know the partitions so fdisk -l will be necessary with that too

There is a third option,

hwinfo --disk

And, because sometimes i want to see parititons too

lsblk

Will do the trick

My kindle was displaying a message saying

Battery Empty

Connect your kindle to a power source and charge it until this screen disappears. This may take up to 30 Minutes

If you continue to see this screen after charging, you will need to reset your Kindle. Unplug it from the power source, then slide and hold the power switch for 15 seconds.

In short, both did not work, Once plugged into a charger, The orange light will come up for a few seconds, then it will disappear, my charger LED will also turn off meaning no power is being drawn, resetting did not resolve it either as it seems there is absolutely no power in the battery, considering that i have left it for months without use or charging.

So, the solution seemed to be heating it up a bit against an electric fan heater (Few seconds, don’t make the kindle hot), then plugging it into a charger kept the orange light on, the orange light flickered for a few seconds after plugging it in (Obviously not a “by deign” kind of flickering).

Also worth mentioning that one of the chargers works better than the other, after the heating, one of the chargers (Larger capacity) seems to hold the orange charging light steady, while the smaller one seems to fail within a few seconds of plugging it in (orange light goes out)

Now, it seems to be charging, the battery empty page refreshed, but still gave a battery empty page, then a few seconds later, what do you know, that battery empty screen disappeared and the kindle initiated a boot sequence (The normal screen that appears when you start the kindle with a progress bar) (If this does not happen after 30 minutes of orange light lit up, You might want to consider resetting it like the kindle says).

This is one of the very old kindles, It dates back to many years ago. In the footer of the menu, it says kindle 3.3, on the back it says (Kindle model number D00901), But i am not really planning to invest time finding out what this kindle is called, it is the one with the keyboard

Source of the problem, a theory, Lithium batteries have a cutoff charge, meaning, devices leave some power in a battery (And consider it empty, switching themselves off before a complete drain) because if the voltage goes below that threshold, it can be dangerous to recharge.

Heating probably registered some voltage on the battery convincing the kindle to charge it.

The 3-4 seconds of mild flickering is still a mystery though.

Final note: Once the kindle booted, both chargers seemed to work just fine.

First thing first, using the manual, your commands will go in dry run mode, no hints are given on why needed changes are counted but not executed, this is because you have to rn the command with the y switch to do the changes, here are a few ones you will use often

dbmail-util -dy – set delete status on deleted mail (deleted by IMAP or POP)
dbmail-util -py – delete messages with delete status

dbmail-util -by – rebuild the caches

Without the Y, no changes will be made to the database

My always on Linux machine is a dell FX 160, very low power consumption, should work as my VPN, asterisk server, and wake up other computers when i need them, the device itself is multi homed, So i basically need it to wake up other devices on one of the networks

The commands you need for this to work are as follows

etherwake -i eth1 xx:xx:D2:B2:30:C9 (My laptop)

eth1 is the network connected to my mini linux server that is connected to the target network.

Thats all there is to it, in addition to enabeling wake on lan in your BIOS

Although the copy program cp in Linux overwrites without prompting, in practice, it does not, the reason behind that is that the command is aliased with the (cp -i), you can check that by using the alias command

So there are 2 solutions to this to make cp overwrite

The first would be to unalias, while the second would be to execute the command directly with

\cp

Or you can use the full path to the alias command like

/usr/bin/cp

I personally use

\cp this that

The best computer-tv setup for your living room

Here, i am posting this to remind myself of how to setup my media center at home, so it can be a bit messy

Kodi (XBMC) seems to be the only real competitor to Windows Media center, in my case, i feel it is much better than Windows Media Center.

Hardware

The raspberry PI 2 (With 1 GB ram) can function as the hardware with it’s HDMI output

Or

An old PC, with cooling switched to passive watter cooling (Cost me around $40 on ebay for the parts) to get rid of the noisy fan, and with the hard drive replaced by a bootable linux flash stick (Also to reduce noise)

Please note that the analogue (D-SUB / VGA) cable is just as good as HDMI, analogue signal over such a short distance is not a problem, so you can connect the D-SUB to your TV or the HDMI cable, you will not notice the difference. But you will need to connect audio to external speakers or something.

The disadvantage of the old PC method are

The cooling system costs half as much as a raspberri PI ! alot of money i would say.
The PC is bulky compared to the PI
Draws much more power than the PI

The advantages

You already have that old PC
You can use Kodi on Windows, then use your IPAD as a keyboard and mouse (No such app exists for linux yet)
You can use it for more general purpose purposes later on
It’s eithernet port is not provided through USB like the PI
You can have much more RAM on it
You can add an input card to it and connect your home receiver to it
You can install hard drives inside (Remember to make them spin down when not in use) and then use it as NAS
You can install an IR receiver on the com port and use LIRC to program any remote you have
It can play DVDs (If it has a DVD player)

———————————————-

Plugins that i like for Kodi

I have been using DD for a long time, specify the block size etc, then pipe it into PV if you like, and there you have it

But you can use PV directly

So let us assume we want to put sda on sdb (See how direction arrows are pointing out of sda in the command)

pv < /dev/sda > /dev/sdb

and you are done, no need for DD, PV is faster because it checks the speed on both disks first, and there you have it

At first it will be much faster than you anticipated, that is because it is buffering in RAM, once you run out of ram, the speed will drop back, even if you dont run out of ram, there will be time for the sync operation

For example, while cloning my 40GB SSD onto an 80GB western digital, at first the speed was 180MB/s, once i ran out of ram, it dropped to 50MB/s

There are 2 popular packages to deal with duplicate files on linux

The first would be fslint (apt-get install fslint), the down side is that it is not sorting by file size, because when i have 10,000 duplicate files on my disks, i really don’t want to deal with them all and make choices, so what comes to mind is this, the second is fdupes, i have never used it before so i would not know, so we will be using fslint with a small script.

first, find the duplicate files, in my case, i only want the ones over 2MBs

/usr/share/fslint/fslint/findup /hds -size +2048k > /root/dups.txt

Now, this little simple script should read the data into a mysql table (Command line PHP script, you will need to edit the mysql username, password and database), you also need to tell it what the path you used in the command above is (I used
“/hds”), also included is the database sql file, you can put that in with PHPMyAdmin

Now, you can run the above script and it will go and investigate file sizes on the file system.

Then, you can either walk through the database after sorting by size, or write your own display script (Fetch and print, nothing too fancy), so you will know where your greatest gains are, and this way you will not lose a day filtering those duplicate files.

Have fun, and please let me know what you think