Different Linux questions

  • Hello , I am newbie to this subject even though i had a lot of ts3 servers but never builded myself on linux and i hat a lot of attempts to connect through the sshd (54k failed attempts) and i have 2 questions , first how to configure different port than 22 in fail2ban and other is how to give root permissions to another user and disable root logging. Thanks for all answers!

  • One more question , please help me configure the ipconfig to do not allow any other ddos because idk where to paste these settings to be started automaticly since every vps restart : #!/bin/bash


    if [ "$1" = "start" ]; then
    echo '::: Uruchamianie blokadu'


    ##################################################################
    ##################################################################
    # ping_bloc
    echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
    # Ochrona przed atakiem typu Smurf
    echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
    # Nie aktceptujemy pakietow "source route"
    echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route
    # Nie przyjmujemy pakietow ICMP rediect, ktore moga zmienic tablice routingu
    echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
    # Wlaczamy ochrone przed blednymi komunikatami ICMP error
    echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
    # Wlaczenie mechanizmu wykrywania oczywistych falszerstw
    # (pakiety znajdujace sie tylko tablicy routingu)
    echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
    echo 1 > /proc/sys/net/ipv4/tcp_timestamps
    echo 1 > /proc/sys/net/ipv4/conf/all/log_martians
    echo 10 > /proc/sys/net/ipv4/ipfrag_time
    echo 36024 > /proc/sys/net/ipv4/tcp_max_syn_backlog
    # zwiekszenie rozmaru tablicy ARP
    echo 1024 > /proc/sys/net/ipv4/neigh/default/gc_thresh1
    echo 4096 > /proc/sys/net/ipv4/neigh/default/gc_thresh2
    echo 8192 > /proc/sys/net/ipv4/neigh/default/gc_thresh3
    echo 1 > /proc/sys/net/ipv4/tcp_rfc1337
    echo 1 > /proc/sys/net/ipv4/ip_no_pmtu_disc
    echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
    echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
    echo 2400 > /proc/sys/net/ipv4/tcp_keepalive_time
    echo 0 > /proc/sys/net/ipv4/tcp_window_scaling
    echo 0 > /proc/sys/net/ipv4/tcp_sack
    echo 20 > /proc/sys/net/ipv4/ipfrag_time
    echo 1280 > /proc/sys/net/ipv4/tcp_max_syn_backlog
    # Blokada przed atakami typu SYN FLOODING
    echo 1 > /proc/sys/net/ipv4/tcp_syncookies
    # Właczenie proxy arp - dzieki temu serwer nie zdycha po kilku
    #echo 1 > /proc/sys/net/ipv4/conf/all/arp_filter
    # Zwiekszenie rozmiarutablic routingu
    echo "18192" > /proc/sys/net/ipv4/route/max_size
    ##################################################################
    ##################################################################
    # czyszczenie starych regul
    iptables -F
    iptables -X
    iptables -t nat -X
    iptables -t nat -F
    iptables -t mangle -F
    iptables -t mangle -X


    # ustawienie domyslnej polityki
    iptables -P INPUT ACCEPT
    iptables -P FORWARD ACCEPT
    iptables -P OUTPUT ACCEPT


    iptables -A INPUT -m conntrack --ctstate NEW -p tcp --tcp-flags SYN,RST,ACK,FIN,URG,PSH ACK -j DROP
    iptables -A INPUT -m conntrack --ctstate NEW -p tcp --tcp-flags SYN,RST,ACK,FIN,URG,PSH FIN -j DROP
    iptables -A INPUT -m conntrack --ctstate NEW -p tcp --tcp-flags SYN,RST,ACK,FIN,URG,PSH FIN,URG,PSH -j DROP


    # wykrywanie skanowania NULL
    iptables -A INPUT -p tcp --tcp-flags ALL NONE -m limit --limit 10/s --limit-burst 4 #-j LOG --log-level debug --log-prefix "SKAN_NULL: "
    iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP


    # wszystkie pakiety uznane za NEW bez flagi SYN sa podejrzane
    iptables -N skany
    iptables -A INPUT -p tcp ! --syn -m state --state NEW -j skany
    iptables -A skany -p tcp --tcp-flags ALL RST -m limit --limit 10/s --limit-burst 4 #-j LOG --log-level debug --log-prefix "SKAN_INVERSE: "
    iptables -A skany -p tcp --tcp-flags ALL RST -j DROP
    iptables -A skany -p tcp --tcp-flags ALL ACK -m limit --limit 10/s --limit-burst 4 #-j LOG --log-level debug --log-prefix "SKAN_TCP_PING: "
    iptables -A skany -p tcp --tcp-flags ALL ACK -j DROP
    iptables -A skany -p tcp --tcp-flags ALL FIN -m limit --limit 10/s --limit-burst 4 #-j LOG --log-level debug --log-prefix "SKAN_FIN: "
    iptables -A skany -p tcp --tcp-flags ALL FIN -j DROP
    iptables -A skany -p tcp --tcp-flags ALL FIN,PSH,URG -m limit --limit 10/s --limit-burst 4 #-j LOG --log-level debug --log-prefix "SKAN_XMAS-NMAP: "
    iptables -A skany -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP
    iptables -A skany -p tcp -m limit --limit 10/s --limit-burst 4 #-j LOG --log-level debug --log-prefix "SKAN_INNE: "
    iptables -A skany -j DROP


    # Lancuch syn-flood (obrona przed DoS)
    iptables -N syn-flood
    iptables -A INPUT -p tcp --syn -j syn-flood
    iptables -A syn-flood -m limit --limit 1/s --limit-burst 4 -j RETURN
    iptables -A syn-flood -m limit --limit 1/s --limit-burst 4 #-j LOG --log-level debug --log-prefix "SYN-FLOOD: "
    iptables -A syn-flood -j DROP
    iptables -A INPUT -p icmp -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A OUTPUT -p icmp -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT


    # ping
    iptables -A INPUT -p icmp -s 0/0 -m limit --limit 1/s --limit-burst 4 -j ACCEPT


    # utrzymanie polaczen nawiazanych
    iptables -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED
    iptables -A FORWARD -j ACCEPT -m state --state ESTABLISHED,RELATED
    iptables -A OUTPUT -j ACCEPT -m state --state ESTABLISHED,RELATED


    elif [ "$1" = "stop" ]; then
    echo "::: Zatrzymanie blokady"
    iptables -F
    iptables -X
    iptables -t nat -X
    iptables -t nat -F
    iptables -t mangle -F
    iptables -t mangle -X


    fi

    • Offizieller Beitrag

    Hi,
    first of all: Please read some articles, books, FAQs or anything else to get more knowledge about TeamSpeak and especially Linux or you may will get some trouble in the future, because your server is doing things, about you don't know anything.


    YOU have to take care about your server and nobody else. Due of that, that you seems like to be interested in hardening your server, I'll help you.


    how to configure different port than 22 in fail2ban


    All setting files on Linux are located under /etc/<software>/.


    In your case, you have to take a look at /etc/fail2ban/ and there you'll find a file called "jail.conf". Just search for "ssh" in this file and change the port to your different one:

    Code
    [ssh]enabled  = trueport     = ssh # ssh is default 22; change it to your different port like 2223filter   = sshdlogpath  = /var/log/auth.logmaxretry = 3


    how to give root permissions to another user


    I recommend you to add the user to the sudo group:

    Code
    usermod -g sudo anotherUser


    The user "anotherUser" is now able to login or execute everything with root permissions using the command "sudo":

    Code
    sudo -i


    Code
    sudo service sshd status


    disable root logging.


    Just tell your SSH settings, that the root user is not allowed to login via SSH (/etc/ssh/sshd_config):

    Code
    PermitRootLogin no


    One more question , please help me configure the ipconfig to do not allow any other ddos because idk where to paste these settings to be started automaticly since every vps restart


    I'm not sure, but just do a Google research on your "echo" commands. I believe, that you can save the most of them in the "/etc/sysctl.conf" with a little bit different syntax. Do you know more about it, @master_d?


    For these iptables firewall rules, I recommend you to install the software "iptables-persistent". By running the command...

    Code
    /etc/init.d/iptables-persistent save


    ...or...

    Code
    /etc/init.d/netfilter-persistent save


    ...depending on your operating system, it will save the current configured / set firewall rules to make them reboot persistent.


    One more thing i've got some type of ddos i don't know if it's the software ddos or what


    I believe, if it's a DDoS attack, your server won't respond anymore. Please note, that webinterfaces are sometimes buggy or only show a current snapshot instead of a live graph. You rather should check your CPU loads using the "uptime" command:

    Code
    $ uptime
     19:43:34 up 6 days, 13:10,  1 user,  load average: 0,00, 0,02, 0,00

  • Everything within here can be configured within sysctl.conf


    You have to change the syntax to something like this:

    Code
    net.ipv4.route.max_size = 18192


    Also i have to mention something, that most administrators does not really understand.

    Code
    # Block ICMP-Requests is only a way to frustrate yourself, because you can not check easily, if your server is alive. Persons, who want to check or invade your server will only check the services, but no ICMP. So:
    net.ipv4.icmp_echo_ignore_all = 0
    # Ignore Broadcasts is not a problem, but as mentioned above, it is not really a security-feature.
    net.ipv4.icmp_echo_ignore_broadcasts = 0


    If you want to restrict the ICMP-Messages, use iptables to restrict it to the parts you really need, but not block them globally.
    This is only my own point of view, other persons may think other ways round.

  • Dieses Thema enthält 3 weitere Beiträge, die nur für registrierte Benutzer sichtbar sind, bitte registrieren Sie sich oder melden Sie sich an um diese lesen zu können.