Showing posts with label Security. Show all posts
Showing posts with label Security. Show all posts
Monday, April 4, 2016
Viewing login attempts
Open an ssh port to the internet and in a short time you will see all kinds of login attempts. There will be repeated attempts to access your system using usernames such as "admin" and "root" and others that are presumably left unguarded on systems somewhere. There are all kinds of simple steps to take to ensure that these attempts are not successful and that they don't overwhelm your system (such as using fail2ban). The log files auth.log and syslog (found in /var/log) will be full of attempts, but how do you look to see if anyone has successfully logged in?
Saturday, February 18, 2012
Connect to wifi at boot
Like all good nerds, I have needs for computers in several places around the house, but I have little desire to run cat5 cables all over the place to provide internet connectivity. That's what wifi is for. In most Linux distributions, though, the wifi connection is dependent on the user login and storing the keys in the users keyring. Consequently, there is no internet access via wifi until after the user logs in. With some simple configuration, though, it is possible to connect to wifi on startup and have that connection available even if the user has not yet logged in.
Friday, January 27, 2012
Deleting an item from bash history
I was pecking away commands on the bash command line and, without paying attention, I typed in my password when I thought it was needed for a command. But looking up I saw that I was not getting a password request, but was on the command line. Aside from being thankful that I do not use a valid command for a password, I was concerned that I was leaving my password in plain text in my bash history. My home directory is encrypted, so there is little chance that someone will get access to it, but I wanted to delete it nonetheless.
Wednesday, November 2, 2011
Adding a public key to a remote site for SSH
Adding my public key to a server is something I have to do often enough that I want it to be easier, but rarely enough that I can never remember how to do it.
The simple way to do it is to issue this command from your local terminal (note—this is all one line even though it may be broken up into multiple lines in this blog entry)
This assumes you already have a working public/private key pair that you are using, and the id_rsa.pub is the public key you are sharing.
You will be asked for the password on the remote server (and your passphrase for your private key, if you are smart enough to use one of those), and if everything is in order you will be able to ssh into the remote server using your public/private key pair instead of supplying a password.
The simple way to do it is to issue this command from your local terminal (note—this is all one line even though it may be broken up into multiple lines in this blog entry)
ssh-copy-id -i ~/.ssh/id_rsa.pub username@remote.server.comThis assumes you already have a working public/private key pair that you are using, and the id_rsa.pub is the public key you are sharing.
You will be asked for the password on the remote server (and your passphrase for your private key, if you are smart enough to use one of those), and if everything is in order you will be able to ssh into the remote server using your public/private key pair instead of supplying a password.
Thursday, May 26, 2011
Ubuntu without password requests
When I bought a computer for my son a few years ago, it came with XP preloaded. It was a refurbished computer from a local store, and they do a good job of putting together a cheap, basic system. At the time, I contemplated wiping the disk and putting Linux on it instead, but since it was already working and ready to use I decided to leave it as-is. The guys at the store had put Firefox and OpenOffice on it, so why mess with it?
Monday, February 1, 2010
Drupal security
Big thumbs up to Drupal on security. There were a few meager attempts to hack into this site. The IP addresses track back to the ministry of education in Thailand...usually this kind of stuff hits my sites from China (though, given the world population distribution, that might just be the law of averages working). In any case, the standard security of Drupal was enough to keep these casual hackers at bay.
And here I thought nobody was visiting this site...
Wednesday, December 16, 2009
Use fail2ban
If you have Linux with ssh exposed to the internet, fail2ban is a must. I have a Linux VM which allows SSH connections via the internet. It doesn't have a static ip address, but I am using dyndns to make it easier for me to access from outside.
Within a few days of opening the port on the firewall, the logs started filling with attempts to break in. There are repeated attempts to login with an alphabetical list of usernames, all from an IP address which is located in China. Fail2Ban lets you set limits on how many times a single IP address can fail login before that IP address is banned for some specific amount of time.
It is found in most of the repositories, and is easy to set up. Check out the website for configuration details (http://www.fail2ban.org/)
Subscribe to:
Posts (Atom)