Category: ubuntu

Fail2Ban Custom filters and Testing Regex’s against existing Logs

stephen GNU/Linux, Security, Server, ubuntu

Fail2ban is a tool that can automatically ban malicious bots trying to get into your server. Provided you set up filters and the ip address (or fqhn) is logged you can use fail2ban with any application.

Create a filter, using a regular expression (fail2ban is built with python):

In /etc/fail2ban/filter.d/my-custom-filter.conf:


[Definition]

failregex = ^www.example.com  -.* "POST \/user\/register HTTP\/1.0" 200

ignoreregex =

Now you want to test this for matches against a log file. Ensure that the log file has existing matches.

Make use of the command line tool fail2ban-regex:

fail2ban-regex /var/log/apache2/example-access.log /etc/fail2ban/filter.d/my-custom-filter.conf

You will get summary data like this:


Running tests
=============

Use   failregex file : /etc/fail2ban/filter.d/my-custom-filter.conf
Use         log file : /var/log/apache2/example-access.log


Results
=======

Failregex: 1 total
|-  #) [# of hits] regular expression
|   1) [1] ^www.example.com  -.* "POST \/user\/register HTTP\/1.0" 200
`-

Ignoreregex: 0 total

Date template hits:
|- [# of hits] date format
|  [23636] Day/MONTH/Year:Hour:Minute:Second
`-

Lines: 23636 lines, 0 ignored, 1 matched, 23635 missed
Missed line(s): too many to print.  Use --print-all-missed to print all 23635 lines

Which lets you debug your filter regular expression to ensure it is matching the malicious log entries.

 

Finally, add the new filter to your jail.local by appending the following:


[my-custom-filter]
enabled  = true
filter   = my-custom-filter
action   = iptables-multiport[name=NoAuthFailures, port="http,https"]
logpath  = /var/log/apache2/example-access.log
banTime  = 864000
findtime = 1800
maxRetry = 3

You can read more about the configuration of jails in the manual

Installing Ubuntu 18.04 for Dual Boot alongside Windows on seperate drives

stephen ubuntu

Alright you’ve had it with Windows and their horrible, data thieving, privacy breaching ways. But you still want to be able to use it because of other reasons. Well you can dual boot – boot into the platform of your choosing with sperate drives, I will be showing you how to do this,

This is going to be a quick guide to installing Ubuntu 18.04 Desktop for Dual Boot on seperate drives

Quick Steps for your Dual Boot Ubuntu 18.04 and Windows Desktop on Seperate Drives

  1. Go to Download Ubuntu and click download Ubuntu desktop
  2. Go through this tutorial to create a bootable USB with windows, it was a bit tricky as some options were different from the screenshots. I went with MSDOS, master boot record.
  3. Make sure you have an empty drive at least 128gb for your ubuntu install.
  4. Plug in the usb and restart your computer. Press F2 or del to get into the bios and ensure you are booting with your usb. Sometimes this will happen automatically.
  5. Install it and make sure to allow third party software, I’ve had issues with not allowing it before.
  6. When it comes to that scary screen about your isntallation options the best thing to do is click manual.
  7. On your empty drive you want to put Ubuntu 18 on, it’ll be called sda or sdb, clear out existing partitions with-. Then add a parition for 300mb and change the type to Boot EFI this is the important part for the dual boot setup. Add another partition with + for the remaining amount of space you have and change the file system to ext4 and the mount point to /
  8. Now continue, set the timezone and everything should be swell.