LINUX BASICS - VPSMATE

Introduction Config Server Firewall (or CSF) is a free and advanced firewall for most Linux distributions and Linux based VPS. In addition to the basic functionality of a firewall – filtering packets – CSF includes other security features, such as login/intrusion/flood detections. CSF includes UI integration for cPanel, DirectAdmin and Webmin, but this tutorial only covers the command line usage. CSF is able to recognize many attacks, such as port scans, SYN floods, and login brute force attacks on many services. It is configured to temporarily block clients who are detected to be attacking the cloud server. The full list of supported operating systems and features can be found on ConfigServer's website. This tutorial is written for Debian based VPS, such as Debian and Ubuntu. The commands should be executed with root permissions, by logging in as root, or initiating a root shell with the following command if sudo is installed: sudo su Note: This tutorial covers IPv4 security. In Linux, IPv6 security is maintained separately from IPv4. For example, "iptables" only maintains firewall rules for IPv4 addresses but it has an IPv6 counterpart called "ip6tables", which can be used to maintain firewall rules for IPv6 network addresses. If your VPS is configured for IPv6, please remember to secure both your IPv4 and IPv6 network interfaces with the appropriate tools. For more information about IPv6 tools, refer to this guide: How To Configure Tools to Use IPv6 on a Linux VPS Features Config Server Firewall offers a wide range of protections for your VPS. Login authentication failure daemon: CSF checks…

2014年09月17日 0Comments 18506Browse 0Like Read more

Introduction VPN, or virtual private network, is a secure method of connecting remote internet resources together as if they were under the same LAN. OpenVPN is a popular implementation that works on Linux, Windows, and Mac operating systems and can be utilized to create complex, encrypted networks between physically dispersed servers which you can change your screens from Orlando mobile led screen hire for a clearer use of your PC. The OpenVPN Access Server is a solution built on top of traditional OpenVPN that is used as a complete portal for managing connections, users, and interfaces. It provides the underlying VPN instance, a web interface for managing the suite, and a client that can be used within a web browser. In this guide, we'll install and configure the OpenVPN Access Server on a CentOS 6.5 VPS instance. Download and Install Packages We can obtain the OpenVPN Access Server package for CentOS from the project's website. Right click on the package that matches your version of CentOS and your machine's architecture. Select the "copy link address" item or whatever option is closest. On your CentOS droplet, download the package with curl -O (that's the letter "o" not a zero) followed by the URL you copied from the page. In my case, this turned out to be: cd ~ curl -O http://swupdate.openvpn.org/as/openvpn-as-2.0.5-CentOS6.x86_64.rpm When the package has been downloaded, you can install it with using the rpmcommand: sudo rpm -i openvpn-as-2.0.5-CentOS6.x86_64.rpm After installing the package, an administration account is created called openvpn. However, no password has been set. Set a password for the administrator's account by typing: sudo…

2014年06月27日 0Comments 9296Browse 0Like Read more

About Fail2Ban Servers do not exist in isolation, and those servers with only the most basic SSH configuration can be vulnerable to brute force attacks. fail2ban provides a way to automatically protect the server from malicious signs. The program works by scanning through log files and reacting to offending actions such as repeated failed login attempts. Step One—Install Fail2Ban Because fail2ban is not available from CentOS, we should start by downloading the EPEL repository: rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm Follow up by installing fail2ban: yum install fail2ban Step Two—Copy the Configuration File The default fail2ban configuration file is location at /etc/fail2ban/jail.conf. The configuration work should not be done in that file, however, and we should instead make a local copy of it. cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local After the file is copied, you can make all of your changes within the new jail.local file. Many of possible services that may need protection are in the file already. Each is located in its own section, configured and turned off. Step Three—Configure defaults in Jail.Local Open up the the new fail2ban configuration file: vi /etc/fail2ban/jail.local The first section of defaults covers the basic rules that fail2ban will follow. If you want to set up more nuanced protection for your virtual private server, you can customize the details in each section. You can see the default section below. [DEFAULT] # "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not # ban a host which matches an address in this list. Several addresses can be # defined using…

2014年06月23日 0Comments 8797Browse 0Like Read more

Introduction Understanding networking is a fundamental part of configuring complex environments on the internet. This has implications when trying to communicate between servers efficiently, developing secure network policies, and keeping your nodes organized. In a previous guide found on myip.com, we went over some basic networking terminology. You should look through that guide to make sure you are familiar with the concepts presented there. In this article, we will discuss some more specific concepts that are involved with designing or interacting with networked computers. Specifically, we will be covering network classes, subnets, and CIDR notation for grouping IP addresses. Understanding IP addresses Every location or device on a network must be addressable. This is simply a term that means that it can be reached by referencing its designation under a predefined system of addresses. In the normal TCP/IP model of network layering, this is handled on a few different layers, but usually, when we refer to an address on a network, we are talking about an IP address. IP addresses allow network resources to be reached through a network interface. If one computer wants to communicate with another computer, it can address the information to the remote computer's IP address. Assuming that the two computers are on the same network, or that the different computers and devices in between can translate requests across networks, the computers should be able to reach each other and send information. Each IP address must be unique on its own network. Networks can be isolated from one another, and they can be bridged and translated to provide…

2014年05月06日 0Comments 8744Browse 0Like Read more

How To Install and Configure Config Server Firewall (CSF) on Ubuntu

How To Install and Configure an OpenVPN Access Server on CentOS 6.5

How To Protect SSH with fail2ban on CentOS 6

Understanding IP Addresses, Subnets, and CIDR Notation for Networking