Category Archives: Linux

Block SSH Brute Force Attacks

I already advised in one of my previous post [1] to disable the root log-in on your Linux host. Neither the less, sometimes – somebody will try to attack you with an SSH Brute Force Attack. For those who are not familiar with brute force attacks, these are attacks, where all possible passwords are tested [2]. Starting from single digit passwords going to an undefined length you can imagine how much possibilities you will have to try. Therefore brute-force – and you can imagine that this will consume network bandwith on one side, but also processor load.

So as suggested in [1], set the root password according to modern standards and definitley turn off your ssh root log-in. Neither the less at a certain point somebody will try to perform a SSH brute force attack.

An indication for a ssh brute force attack is definitley if you find something like that in your /var/log/auth.log:

Feb 17 05:57:26 lvps5-35-244-75 CRON[30441]: pam_unix(cron:session): session closed for user root
Feb 17 05:58:12 lvps5-35-244-75 sshd[17899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.239.228.15 user=root
Feb 17 05:58:14 lvps5-35-244-75 sshd[17899]: Failed password for root from 115.239.228.15 port 39623 ssh2
Feb 17 05:58:19 lvps5-35-244-75 last message repeated 2 times
Feb 17 05:58:21 lvps5-35-244-75 sshd[17899]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.239.228.15 user=root
Feb 17 05:58:33 lvps5-35-244-75 sshd[17901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.239.228.15 user=root
Feb 17 05:58:35 lvps5-35-244-75 sshd[17901]: Failed password for root from 115.239.228.15 port 40071 ssh2
Feb 17 05:58:41 lvps5-35-244-75 last message repeated 2 times
Feb 17 05:58:43 lvps5-35-244-75 sshd[17901]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.239.228.15 user=root
Feb 17 05:58:45 lvps5-35-244-75 sshd[17906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.239.228.15 user=root
Feb 17 05:58:47 lvps5-35-244-75 sshd[17906]: Failed password for root from 115.239.228.15 port 52315 ssh2
Feb 17 05:58:56 lvps5-35-244-75 last message repeated 2 times
Feb 17 05:58:58 lvps5-35-244-75 sshd[17906]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.239.228.15 user=root
Feb 17 05:59:01 lvps5-35-244-75 CRON[17913]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb 17 05:59:01 lvps5-35-244-75 CRON[17913]: pam_unix(cron:session): session closed for user root
Feb 17 05:59:02 lvps5-35-244-75 sshd[17911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.239.228.15 user=root
Feb 17 05:59:04 lvps5-35-244-75 sshd[17911]: Failed password for root from 115.239.228.15 port 42931 ssh2
Feb 17 05:59:09 lvps5-35-244-75 last message repeated 2 times
Feb 17 05:59:11 lvps5-35-244-75 sshd[17911]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.239.228.15 user=root
Feb 17 05:59:21 lvps5-35-244-75 sshd[17916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.239.228.15 user=root
Feb 17 05:59:23 lvps5-35-244-75 sshd[17916]: Failed password for root from 115.239.228.15 port 42738 ssh2 

So, what to do? Panic? No!

The solution is easy-cheesy: use iptables to slow down the flow of request. The idea is to drop any ssh connection coming from a single source which is trying to attempt 4 times in a minute. This can be done via the following command:

iptables -I INPUT -p tcp --dport 22 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP

If you watch your /var/log/auth.log, you will notice that the amount of connection attempts will decrease. So time to relax and having a cup of tee.

Please note that those rules are active until your next reboot. Actually I prefer to check out the rules first, before applying them permanently. If you are sure and you like to apply them permenently, please follow the official Ubuntu Howto [3].

Have a save day!

 

[1] jvr.at, Basic Security for Linux hosts

[2] Wikipedia, Brute Force Attach

[3] Ubuntu.com, iptables Howto

Howto get BOINC running on a Linux Server

I’ve always been a fan of scientific projects, I’d also like to support and help. For a long time I am a supporter of the Seti@home project. Therefore I will set-up my server to do some processing, since it is idling most of the time.

So let us install the boinc client first. Under Ubuntu it is as simple:

root@jvr:~# apt-get install boinc boinc-client

Ok, now we have the client installed, but of course, it doesn’t start operating automatically. Actually technically wrong, the client runs as a server process, but no project is attached.

So to attach a project you can use the command line tool boinccmd [2], with the URL of the project and the account key:

root@jvr:~# boinccmd --project_attach https://setiathome.berkeley.edu/ d33ad5ca2e17af1d08c85268aabb4ae5

For a list of available BOINC projects, please check [3]. Since after a reboot the BOINC client will not remember the atttached projects we should add it permanentley.

Therefore I created in /etc/boinc-client/ a file called account_setiathome.berkeley.edu.xml  with the following content:

<account>
   <master_url>http://setiathome.berkeley.edu/</master_url> 
   <authenticator>232395_2af9483f6a12147ce849776db1a98ad2</authenticator> 
</account>

This setting I basically took from Account Key Settings page from the Seti@Home project, which can be found under [4].

 

[1] Seti@Home

[2] Boinccmd tool wiki

[3] BOINC Project List

[4] Seti@Home Account Keys

Step 1: Setting up the C/C++ enviroment

Ok, so going forward with C or C++, the compiler of my choice is definitely the GNU Compiler Collection – short GCC. It is free and available across several platforms, including Microsoft Windows Operating System. But since developing under Linux (in my case Ubutu) simply makes more fun, this article will cover how to install the GCC, some tools we might use later.

First things first – the compiler and the tools:

root@jvr.at:/home/jvr# apt-get install gcc autotools cvs svn

So, while the gcc package contains mentioned compiler collection the autotools provides an according build system, which will be helpful later on, when we will create dependencies and links between several files, where a little helper is always welcome. CVS as well as SVN we will use for versioning and keeping track of our changes.

The editor – the ultimate question. There are hundreds of editors available – simple ones as well as the fancy ones with hundreds of plugins and extensions blowing up you machine and your mind. My personal favorite is vim [3], as it is easy to use within the console, and therefore also remotely – e.g. via the web-browser [4].

root@jvr.at:/home/jvr# apt-get install vim

But please feel free to choose as I do not want to be involved in any kind of editor war [5].

 

So now we should be equipped to start of developing in C/C++.

 

[1] Wikipedia, The GNU Compiler Collection – GCC

[2] GNU, The GNU Build System – Autotools

[3] Vim, the editor

[4] jvr.at, Ajaxterm – ssh access via the web-browser

[5] Wikipedia, The Editor War

 

Ajaxterm – ssh access via the web-browser

Quite often I am trying to access my Linux box remotely. Unfortunately most of the time for security reasons port 22 (SSH) is closed, leaving you disconnected from your home. Facing this issue, combined with my recent idea to get back to software development, its time to remove those boundary – lets install ajaxterm to get connected again.

Ajaxterm is a Python-based software using AJAX Javascript at the client side to provide an ssh terminal within a web-browser. Combining it with Apache’s Authentication it should be quite safe as well.

So lets start – first of all I think it is quite clear that you need an external accessible IP address as well as a web-server – e.g. Apache.  Using my own domain I then created a sub-domain pointing at the same IP address as my main server. I simply use the sub-domain as a structural way accessing various services. Having a Ubuntu System, the first thing now after updating the environment is getting the ajaxterm installed by the following command:

root@jvr.at:/home/jvr# apt-get install ajaxterm

Now we should enable the Password Authentication in /etc/ssh/ssh_config by simply uncommenting the line:

PasswordAuthentication yes

The next step is to create a login/password on the Apache Authentication level by following commands (please replace “MyName” with the preferred user name and please don’t use any kind of simple passwords):

root@jvr.at:/home/jvr# mkdir /srv/ajaxterm
root@jvr.at:/home/jvr# cd /srv/ajaxterm
root@jvr.at:/srv/ajaxterm# htpasswd -cm /srv/ajaxterm/.htpasswd MyName

Okay – following a structured approach, lets create now a separate Apache configuration file for the ajaxterm: /etc/apache2/sites-available/ajaxterm with the following content:

<VirtualHost ajaxterm.jvr.at:443>
                      ServerName ajaxterm.jvr.at
                       HostnameLookups Double
                       CustomLog /var/log/apache2/access.log combined env=!dontlog
                       SetEnvIf Request_URI "^/u" dontlog
                       ErrorLog /var/log/apache2/error.log
                       Loglevel warn
                       SSLEngine On
                       SSLCertificateFile /etc/apache2/ssl/apache.pem
                     <Proxy *>
                                 AuthUserFile /srv/ajaxterm/.htpasswd
                                 AuthName EnterPassword
                                 AuthType Basic
                                 require user MyUser
                                 Order Deny,allow
                                 Allow from all
                       </Proxy>
                       ProxyPass / http://localhost:8022/
                       ProxyPassReverse / http://localhost:8022/
  </VirtualHost>

So please note that the config is based on the newly created sub-domain. Furthermore we are using SSL but also, following the “require user”  line just enabling a defined user, named MyUser, to access the ajaxterm. Since the ajaxterm is basically a local running service, we have to set up a proxy.

But wait – having said before that we use SSL – I guess we will need to install and create an SSL certificate first. Therefore follow the following commands:

root@jvr.at:/srv/ajaxterm# apt-get install ssl-cert
root@jvr.at:/srv/ajaxterm# mkdir /etc/apache2/ssl
root@jvr.at:/srv/ajaxterm# /usr/sbin/make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem

And finally enable the proxy, ssl and the newly created ajaxterm config file.

root@jvr.at:/srv/ajaxterm# a2enmod proxy_http
Considering dependency proxy for proxy_http:
Enabling module proxy.
Enabling module proxy_http.
Run '/etc/init.d/apache2 restart' to activate new configuration!
root@jvr.at:/srv/ajaxterm# a2enmod ssl
Module ssl already enabled
root@jvr.at:/srv/ajaxterm# a2ensite ajaxterm
Enabling site ajaxterm.
Run '/etc/init.d/apache2 reload' to activate new configuration!

Finally, just to be on the save side – we should restart the ajaxterm and the apache2 service by:

root@jvr.at:/srv/ajaxterm# /etc/init.d/ajaxterm restart
root@jvr.at:/srv/ajaxterm# /etc/init.d/apache2 restart

And now check-out your ajaxterm (hint – use https to access your service)!

2014/06/12: An additional note – some versions of ajaxterm seems to have an issue runng in daemon mode, where you receive an connection loss error. Suprisingly if you start ajaxterm from the console as a simple process it works. So to fix this issue I modified the startupscript in my Ubuntu installation in /etc/init.d/ajaxterm as follows (thats the diff):

42,43c42,43
<                         start-stop-daemon -b --start --group=$AJAXTERM_GID --pidfile $PIDFILE --exec
$DAEMON -- --port=$PORT --serverport=$SERVERPORT \
<                                 --uid=$AJAXTERM_UID >/dev/null &&
---
>                         start-stop-daemon --start --group=$AJAXTERM_GID --pidfile $PIDFILE --exec
$DAEMON -- --daemon --port=$PORT --serverport=$SERVERPORT \


>                                 --uid=$AJAXTERM_UID >/dev/null

 

Personal (Software) Development: Hello World!

A few years ago, when I was kind of independent from earning money and preserving my standard of living, I was very much into C/C++ programming. Ok, being honest – I still had to earn some money, but just to afford my studies. At my best times I initiated and also successfully implemented a few C/C++ projects on sourcefore.net [1].

But not to forget to mention all the other programming languages I learned (and been tortured with): Java, Assembler, in the beginning of my studies I had Turbo Pascal lessons and somewhere in-between I learned Prolog as well, an outsider but quite interesting, especially as this is a logic-oriented programming language.

Time flew by and somehow I departed from my roots – having less and less to do with computer science itself. Nowadays I act as a IT/Operations country relationship manager within an international bank for several international network units, where my main job is to align with them in regards to new projects, ensure a proper service quality on existing IT services and act as an interface between the local CIO/COO and the counterpart within head office. So in a nutshell – more managerial and less operative.

So I decided to get back into development – personal development I would say. So lets see how to manage this in a proper way. I definitely will try to report my progress within my upcoming blog entries.

Based on my historical success, and also remembering the fun-factor, I will focus on C, C++ and Java.

To start off I would suggest to dig into a few tutorials. The search engine of your choice will spill out tons of tutorials – and most of them including the most-famous “Hello World!” example. Starting off with C, I would recommend [2] –  an entertaining but also very comprehensive start into C. Crawling deeper into the rabbits hole, C/C++ and Java including environmental software and the magic of the compiler is described at [3].

Facing the problem of having not any compiler available (sorry to note, but that’s a bad excuse) try to use an online compiler as [4] or [5].

 

[1] Jürgen Repolusk, Sourceforge Projects

[2] Brian “Beej” Hall, Beej’s Guide to C Programming

[3] Chua Hock-Chuan, yet another insignificant programming notes

[4] Mohammad Mohtashim, Compileonline

[5] Steven Hazel, Codepad

 

 

 

Compact C Coding Contest @ 21st Chaos Communication Congress

I’ve been just wallowing in memories and stumbled over the results of the Compact C Coding Contest of the 21st Chaos Communication Congress, where I participated. Unfortunately I forgot to take care about the exit-code, so I wasn’t able to make it to the top (to be honest – to the top 20) [2].

Based on the problem [3] to develop a code for “uuencode -m”, my submission was:

#include<stdio.h>
int main(int a,char**g){int l,i,n,u=1,x=60;printf(“begin-base64 644 %s”,g[2]);while(u){if(x>59&&puts(“”))x=0;unsigned r=0;l=0;for(a=0;a<3;a++){r<<=8;u=0;if((n=getchar())!=EOF){u=l+=8;r|=(unsigned char)n;}}if(l)for(;a>=0;a–){i=r>>(6*a)&63;putchar(l>0?(i<26?i+65:(i<52?i+71:(i<62?i-4:(i==62?43:47)))):61);l-=6;x++;}}return puts(x?”\n====”:”====”);}

[1] Chaos Communication Congress 21c3

[2] Results Compact C Coding Contest @ 21st Chaos Communication Congress

[3] 21C7 Coding Contest Problem & Rules