Friday, December 05, 2014

How To Install DenyHosts on Ubuntu

What is DenyHosts?

This is a python-script for the protection of  ssh server, like fail2ban, but consumes 

far less memory. The script parses the log file and finds failed login attempts and 

prohibits login from these IP addresses.

Installation steps.


Installation process is simple and contains some steps:

1. Retrieve new lists of packages

sudo apt-get update

2. Installation DenyHosts:

sudo apt-get install denyhosts

If the process is successfully completed, you will see the information of the screen:




After installation you can add your IP address in whitelist:

sudo nano /etc/hosts.allow

and insert following string:

sshd: 12.34.45.678

Where “12.34.45.678” – your IP address

And restart denyhost:

sudo service denyhosts restart

Configuration denyhosts.


After the installation process, the DenyHosts is ready to work, but some 

configuration options are noteworthy. All configuration values are in the file 

/etc/denyhosts.conf

1. PURGE_DENY: removed HOSTS_DENY entries that are older than this 

time.

Default value is empty and all listed ip-addresses remain in the file 

/etc/hosts.deny forever.

2. BLOCK_SERVICE: the service name that should be blocked in 

HOSTS_DENY

Default value = sshd, By default, the service protects only ssh server, but it 

can be customized to other services.

3. ADMIN_EMAIL: if you would like to receive report from denyhosts.

Default value = root@localhost, but you can change this value to your email.

After changing the settings, you should restart the DenyHosts again:

sudo service denyhosts restart

The result of  DenyHosts you can see in the file:  /etc/hosts.deny





Monday, September 01, 2014

Backup to AWS S3 with duply on Ubuntu


1. Install duply and dependences (as root).
sudo apt-get install duplicity duply python-boto

2. Create backup profile (as root).  
sudo duply bck_profile create

3. Edit profile /root/.duply/bck_profile/conf like as:
GPG_PW='___YOUR GENERATED PASSWORD____'
TARGET='s3://s3-endpoint-name.amazonaws.com/bucket-name/directory/for/backup/'
TARGET_USER='AWS_KEY_ID'
TARGET_PASS='AWS_SECRET_KEY'
SOURCE='/'
MAX_AGE=6M
#MAX_FULL_BACKUPS=1
#VERBOSITY=5
TEMP_DIR=/content
#DUPL_PARAMS="$DUPL_PARAMS --time-separator _ "
#DUPL_PARAMS="$DUPL_PARAMS --short-filenames "
MAX_FULLBKP_AGE=1W
DUPL_PARAMS="$DUPL_PARAMS --full-if-older-than $MAX_FULLBKP_AGE "
VOLSIZE=200
DUPL_PARAMS="$DUPL_PARAMS --volsize $VOLSIZE "

4. Edit /root/.duply/bck_profile/excludes to include the list of non wanted directories such as:
- /dev
- /home/*/.cache
- /home/*/.ccache
- /lost+found
- /media
- /mnt
- /proc
- /root/.cache
- /root/.ccache
- /run
- /selinux
- /sys
- /tmp
- /var/cache/*/*
- /var/log
- /var/run
- /var/tmp

5. Tun a full backup test:
sudo duply bck_profile backup

6. Configure crone for daily backup:
sudo crontab -e 
and  add:
0 2 * * * duply bck_profile backup

7. Some useful commands to operate your backup:
To get current list of present backups.
sudo duply status
To restore all files from last backup to /target_dir
sudo duply restore /target_dir
To restore directory etc from last backup to /target_dir
sudo duply fetch etc /target_dir

Note:
 All backups early than MAX_FULLBKP_AGE=1W will be incremental, every MAX_FULLBKP_AGE=1W will create full backup.


Provided by:Forthscale systems, cloud experts

Tuesday, August 12, 2014

Creating a RAID device on Amazon AWS Elastic

Following procedure is for creating a software (OS managed) RAID disk devices.
EBS (Amazon web services elastic block storage) does not provide any RAID abilities by itself.
But you can use Linux SW raid option to increase either speed or device redundancy.
This tutorial will show you how.

First install RAID management tool on target EC2 instances


For Debian based (Debian, Ubuntu) execute: 
apt-get install mdadm
For Red Hat based (RHEL, Oracle linux, CentOS) execute:
yum install mdadm
For Gentoo execute:
emerge mdadm

Now prepare the EBS devices.

Create desired EBS volume
Attach new EBS volumes to EC2 instance and write down the device name (for example xvdf and xvdg)

Now you can create the RAID device from them.


Set up RAID 0 on this EBS instance with the following command:
  mdadm --create --verbose --auto=yes /dev/md0 --chunk=256 --level=0 --raid-devices=2 /dev/xvdf /dev/xvdg
   blockdev --setra 65536 /dev/md0

Now verify that the raid device /dev/md0 exists
cat /proc/mdstat

Next step is to add devices to the mdadm.conf file (main sw raid configuration file)
   echo DEVICE /dev/xvdf /dev/xvdg | sudo tee /etc/mdadm/mdadm.conf
 
Add the other device info about /dev/md0 to the mdadm.conf file so that it comes back on reboot
   mdadm --detail --scan | sudo tee -a /etc/mdadm/mdadm.conf

Filesystem

One RAID is set up , you can create a file-system on it, we usually propose XFS, but you can use any file system (ext3/4, zfs or reiserfs)
  
To create XFS file system, you will need to install support for it first.
For Debian based (Debian, Ubuntu) execute: 
apt-get install xfsprogs
For Red Hat based (RHEL, CentOS) execute:
yum install xfsprogs
For Oracle Linux:
Log in to ULN, and subscribe your system to the ol6_x86_64_latest channel.
Then run:
yum install xfsprogs xfsdump 
For Gentoo execute:
emerge xfsprogs 

Once installed, execute
mkfs.xfs -f /dev/md0
to create an actual filesystem on your new RAID device.
  
Now you can mount the file system
   mkdir /MOUNTPOINT (for example /raid)
   mount /dev/md0 /MOUNTPOINT (for example /raid)
 
Verify the volume exists and the size you expected
df -h 
 
Edit /etc/fstab to make sure mount point comes back on reboot
/dev/md0 /raid xfs noatime,noexec,nodiratime 0 0

You have the new RAID based partition in your system.
Same procedure will work on both public EC2 cloud and VPC.

Provided by:Forthscale systems, cloud experts

Thursday, July 31, 2014

Started telling our story in a comics way


We at #teamforthscale know how to work and know how to have fun. this is our story and we stick to it. Part one :




Sunday, March 02, 2014

Fixing Fujitsu LIFEBOOK UH572 Touchpad on OpenSuSE 13.1


1. open a terminal or change to /etc/default/ in a file manager
2. run # edit as a superuser file /etc/default/grub
3. go to the line containing: GRUB_CMDLINE_LINUX
4. add "i8042.notimeout i8042.nomux" to the string in quotes
5. save and exit
6. run # sudo grub2-mkconfig -o /boot/grub2/grub.cfg
7. init 6 (reboot)

Provided by:Forthscale systems, cloud experts

Monday, February 24, 2014

Fixing Can't locate object method "new" via package "Gnome2::Vte::Terminal" in pac-manager on opensuse


Perl updates in OpenSuSE can interfere with libraries provided in Pac-manager itself.
As a symptom you will not be able to connect to sessions and can see error message in console similar to:
"Can't locate object method "new" via package "Gnome2::Vte::Terminal""
you need to clean those using:
find /usr/share/pac-manager/ -name "Vte.so*" -exec rm {} +
and it start pac manager normally.

Provided by:Forthscale systems, cloud experts

solving error: Your current user or role does not have access to Kubernetes objects on this EKS cluster.

Trying to access EKS cluster with kubectl you might get an error similar to: Your current user or role does not have access to Kubernetes ob...