Tag: security

  • Show IP address in history

    On the Linux Server, the history command shows previously executed commands. If you have many people working on a server, it is better log IP address of the user who run the command along with time for security reason.

    To log, IP and date, create a file

    vi /usr/local/bin/sok_detailed_history

    In the file, add

    #!/bin/bash
# Author: ServerOK.in
# Email: [email protected]
# Web; https://serverok.in

SET_IP=`echo -n $SSH_CLIENT|cut -d' ' -f1`
if [[ `tail -n1 ~/.bash_history|rev|cut -c -4|rev` != `date +%Y` ]]
then
    sed -i "\$s/$/ #entered by `echo -n $SET_IP` on `date`/g" ~/.bash_history
fi

    Make it executable

    chmod 755 /usr/local/bin/sok_detailed_history

    Create file

    vi  /etc/profile.d/sok_detailed_history.sh

    Add the following to the file

    export PROMPT_COMMAND="history -a; /bin/bash /usr/local/bin/sok_detailed_history"

    Log out and log in to the server. Now your history will also record IP address that is used to login to server. PROMPT_COMMAND environment variable allows you to execute a command every time command promt is shown. To see how PROMPT_COMMAND works, just run

    PROMPT_COMMAND="echo I am here"

    Example

    boby@sok-01:~$ PROMPT_COMMAND="echo I am here"
I am here
boby@sok-01:~$ 
I am here
boby@sok-01:~$ 
I am here
boby@sok-01:~$

    Every time I press enter, the command specified in the PROMPT_COMMAND variable gets executed. Just close the current terminal to undo the change.

    See history

  • Stop SSH bruteforce with endlessh

    Endlessh is an open source SSH trapit. It send slow random banner string to attacker, wasting their time.

    Before you install endlessh, you need to change your SSH port to a higher non default port. To do this edit 

    vi /etc/ssh/sshd_config

    Find 

    Port 22

    Replace with

    Port YOUR_NEW_PORT_HERE

    If the line is commented with #, uncomment it.

    Now you can install endlessh with

    cd /usr/local/src
git clone https://github.com/skeeto/endlessh
cd /usr/local/src/endlessh
make
cp endlessh /usr/local/bin
cp /usr/local/src/endlessh/util/endlessh.service /etc/systemd/system/

    By default endlessh run on port 2222. To change it to port 22, edit file

    vi /etc/systemd/system/endlessh.service

    Find

    #AmbientCapabilities=CAP_NET_BIND_SERVICE

    Replace with

    AmbientCapabilities=CAP_NET_BIND_SERVICE

    Find

    PrivateUsers=true

    Replace with

    #PrivateUsers=true

    Run

    setcap 'cap_net_bind_service=+ep' /usr/local/bin/endlessh

    Create endlessh configuration file

    vi /etc/endlessh/config

    Add following content

    Port 22
Delay 10000
MaxLineLength 32
MaxClients 4096
LogLevel 0
BindFamily 0

    If you need to enable log, set LogLevel to 1.

    Enable and restart endlessh

    systemctl enable endlessh
systemctl start endlessh
  • Enable ModSecurity in Cpanel Server

    Enable ModSecurity in Cpanel Server

    Login to WHM. Go to ModSecurity™ Vendors.

    cpanel modsecurity vendors

    By default cpanel come with “OWASP ModSecurity Core Rule Set V3.0” rule. To enable it click on “+ install” link right side.

    To add a third party rule set, click on “Add Vendor” button.

    To install comodo WAF rules, enter

    https://waf.comodo.com/doc/meta_comodo_apache.yaml

    Click “Load”, you will see some info auto filled, scroll down and clikc “Save” button.

    cpanel modesecurity add vendor

    Now you have Comodo WAF rules enabled on your server.

    cpanel modesecurity comodo WAF

    See ModSecurity

  • Install clamav on Ubuntu

    clamav is a free open source antivirus. To install clamav on Ubuntu/Debian, run

    apt install clamav -y

    To update ClamAV virus definitions, run

    freshclam

    To scan a folder for virus/malware, see Scan a folder with clamscan