My life with BigData: juli 2017

fredag den 21. juli 2017

How To Install and Configure Fail2Ban on Ubuntu 16.04LTS

Please Note Before !!: (you need to be root!!)
When the Apache server is running and is enabled, you can go ahead and install fail2ban
sudo apt-get update ; sudo apt-get install fail2ban
Please note! By default, fail2ban is configured to only ban failed SSH login attempts.
We need to enable some rules that will configure it to check our Apache
logs for patterns that indicate malicious activity.

To enable and protect your Apache:
#cd /etc/fail2ban/jail.d/ ; nano defaults-debian.conf
[php-url-fopen]
enabled = true
[apache-modsecurity]
enabled = true
[apache-fakegooglebot]
enabled = true
[apache-botsearch]
enabled = true
[apache-nohome]
enabled = true
[apache-overflows]
enabled = true
[apache-noscript]
enabled = true
[apache-auth]
enabled = true

Please note :
To make modifications, we need to copy this file to /etc/fail2ban/jail.local.
please do, so you are not overwriteing the conf file.:
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Open the newly copied file so that we can set up what ever log monitoring you want:
cd /etc/fail2ban/ ; sudo nano jail.local
Changes (so you don't ban your self when testing)....
ignoreip = 127.0.0.1/8 YOU_IP Your_ISP_Net NAT_IP
When you are done :
sudo service fail2ban restart
sudo fail2ban-client status
sudo iptables -S

update-rc.d fail2ban defaults

You may also Install mod_security
Modsecurity is available in the Debian/Ubuntu repository:
apt-get install libapache2-modsecurity
Verify if the mod_security module was loaded.
apachectl -M | grep --color security

mandag den 17. juli 2017

How To Install and Configure Varnish with Apache on Ubuntu 16.04LTS

About Varnish

Varnish is an HTTP accelerator and a useful tool for speeding up a server, especially during a times when there is high traffic to a site. It works by redirecting visitors to another port or IP on a Webserver. In This case it's Apache running on port 8080 (default is port 80) on the same server!!.
Info : https://varnish-cache.org/faq/index.html

The Setup : (on Ubuntu 16.04 LTS )
sudo apt install varnish or sudo apt-get install varnish
nano /etc/apache2/ports.conf
Change : Listen 127.0.0.1:80 < to > Listen 127.0.0.1:8080
# Save with X -> Next step....
sudo nano /etc/varnish/default.vcl
# Default backend definition. Set this to point to your content server.
backend default {
## #The V4 IP on the Web-server
.host = "10.0.0.4";
###The port where the Webserver listen.
.port = "8080";
}
# Save with X -> Next step....
nano /etc/systemd/system/multi-user.target.wants/varnish.service
## Find the 6081 and change it to 80 (near "user=vcache -F -a")
###Like this :
[Unit]
Description=Varnish HTTP accelerator
Documentation=https://www.varnish-cache.org/docs/4.1/ man:varnishd
[Service]
Type=simple
LimitNOFILE=131072
LimitMEMLOCK=82000
ExecStart=/usr/sbin/varnishd -j unix,user=vcache -F -a :80 -T localhost:6082 -f$
ExecReload=/usr/share/varnish/reload-vcl
ProtectSystem=full
ProtectHome=true
PrivateTmp=true
PrivateDevices=true
[Install]
WantedBy=multi-user.target
# Save with X -> Next step.... # Restart httpd service and Varnish...
sudo service varnish restart
systemctl daemon-reload
####TEST######## Note : port 80 and the webserver : 8080
root@WindarPh-China01:/# netstat -tupln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:29130 0.0.0.0:* LISTEN 1820/mdsd
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1098/varnishd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1092/sshd
tcp 0 0 127.0.0.1:6082 0.0.0.0:* LISTEN 1098/varnishd
tcp6 0 0 :::80 :::* LISTEN 1098/varnishd
tcp6 0 0 :::8080 :::* LISTEN 1497/apache2
udp 0 0 0.0.0.0:68 0.0.0.0:* 966/dhclient

####TEST########

curl 127.0.0.1

####TEST########

varnishtop

### Open a browser and try the webserver's IP ;-)

-Errors.... Is the UFW on? Is the ports open? (The firewall)

-Errors.... What do the log in /var/log/varnish say ??