Protect the server from Flood attacks , Using the property Port Flood Protection In firewall CSF . After doing the necessary settings will be able to determine the number of allowed connections Same time for each IP tries to connect to the server.

So How to Make a flood attack ?
Logically flood attacks are two ways :
first through a specific communication
the second through multiple connections each connection of these connections connect with the provider
Requirements

1. Installing firewall CSF last version
2. Enabled IPT and works well
3. Model IPT_Recent special for IPT

Application

Through edited the configuration file special for CSF it is located in the following path:

root@server:$ nano /etc/csf/csf.conf

We pressing CTRL + W and look for PORTFLOOD we will find the line as follows default :

PORTFLOOD = " "

put inside ” ” Settings that we want ,as in the following example:

PORTFLOOD = "80;tcp;20;10"

80 is the port , TCP is the protocol , 20 is the number of connections allowed at the same time , 10 is time of pause temporarily after the 10 seconds is allowed IP make new contacts

Important note: ipt_recent can count 20 Packets for each Title , So you can change the number of connections from 1 to 20 only

Is there a possibility of adding more than one port ?yes be as follows (Just an example) :

PORTFLOOD = "22;tcp;10;200,21;tcp;15;100,80;tcp;20;5"

Note that when we add a new port we put a comma (,)

In the previous example you choose more than one port are 22, 21 and 80 And you can add more and you can change the number of connections and also change the protocol type, for example, from TCP to UDP after the completion of the edited we save the file : CTRL + X, Y, and then Enter button.

Finally, do not forget to restart CSF with the following command:

root@server:$ csf -r

Thank You ,,

The post Repel port flood by CSF and IPT_Recent appeared first on lifeLinux: Linux Tips, Hacks, Tutorials, Ebooks.

I run CentOS on my server, and I often find that my server is being attacked by other computers. Brute force SSH attacks, port scanning, viruses scanning for the ability to spread, things like that. In this article, I’ll show you how to block an IP address on Linux server using IPTables.

The First, I’ll assume you are already using iptables. If you need help setting that up, read this article.

How do I block an IP address ?

Example I want to block incoming request from IP 1.2.3.4, login as root and type the following command

# iptables -I INPUT -s 1.2.3.4 -j DROP

Where,
– I: Inserts the chain at the top of the rules.
– s: Match source IP address.
– j: Jump to the specified target chain when the packet matches the current rule.

To drop packets coming in on interface eth0 from 1.2.3.4, type the following command

# iptables -I INPUT -i eth0 -s 1.2.3.4 -j DROP

How do I block a subnet ?

Use the following syntax to block 10.0.0.0/8

# iptables -I INPUT -s 10.0.0.0/8 -j DROP

How do I save blocked IP address ?

To save blocked IP address to iptables config file, type the following command

# service iptables save

Or

# /etc/init.d/iptables save

How Do I Unblock An IP Address?

First, you need to display blocked IP address along with line number and other information, type the following command

# iptables -L INPUT -n --line-numbers
# iptables -L INPUT -n --line-numbers | grep 1.2.3.4

Sample outputs:

Chain INPUT (policy DROP)
num  target     prot opt source               destination
1    DROP       all  --  1.2.3.4              0.0.0.0/0
2    LOCALINPUT  all  --  0.0.0.0/0            0.0.0.0/0
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
4    ACCEPT     udp  --  203.162.4.1          0.0.0.0/0           udp spts:1024:65535 dpt:53

To unblock 1.2.3.4 you must delete line number 1, enter:

# iptables -D INPUT 1

The post How Do I Block An IP Address On Linux Server ? appeared first on lifeLinux: Linux Tips, Hacks, Tutorials, Ebooks.

shutdown command brings the system down in a secure way. All logged-in users are notified that the system is going down, and login is blocked. It is possible to shut the system down immediately or after a specified delay. All processes are first notified that the system is going down by the signal SIGTERM. This gives programs like vi the time to save the file being edited, mail and news processing programs a chance to exit cleanly, etc. shutdown does its job by signalling the init process, asking it to change the runlevel. Runlevel 0 is used to halt the system, runlevel 6 is used to reboot the system, and runlevel 1 is used to put to system into a state where administrative tasks can be performed; this is the default if neither the -h or -r flag is given to shutdown. To see which actions are taken on halt or reboot see the appropriate entries for these runlevels in the file /etc/inittab.(http://linux.about.com/od/commands/l/blcmdl8_shutdow.htm)

Shutdown the machine immediately

Type the following command as root

# shutdown -h now

Shutdown the machine with user defined message

# shutdown -h now 'Server is going down for replace old hardware'

Scheduling the shutdown

Example, schedule shutdown for 3 AM.

# shutdown -h 03:00

Schedule shutdown the system in 5 minutes

# shutdown -h +5

Reboot the machine immediately

# shutdowm -r now

Cancel a running shutdown

# shutdown -c

The post Linux Shutdown Command appeared first on lifeLinux: Linux Tips, Hacks, Tutorials, Ebooks.

The lsof command or “list open files” command in Linux is a powerful tool. In Linux and Unix everything behind the scenes are just files. This includes IP sockets, pipes, unix sockets, directories, devices, even inodes are just files. This means that lsof can actually tell you a lot of information of what is going on on your system.

Synopsis

lsof [ -?abChlnNOPRstUvVX ] [ -A A ] [ -c c ] [ +|-d d ] [ +|-D D ] [ +|-f [cfgGn] ] [ -F [f] ] [ -g [s] ] [ -i [i] ] [ -k k ] [ +|-L [l] ] [ -m m ] [ +|-M ] [ -o [o] ] [ -p s ] [ +|-r [t] ] [ -S [t] ] [ -T [t] ] [ -u s ] [ +|-w ] [ -- ] [names] 

Example 1: Show all opened files

Type the following command

lsof | more

Sample outputs

COMMAND     PID      USER   FD      TYPE     DEVICE      SIZE       NODE NAME
init          1      root  cwd       DIR      253,4      4096          2 /
init          1      root  rtd       DIR      253,4      4096          2 /
init          1      root  txt       REG      253,4     38652   41746599 /sbin/init
init          1      root  mem       REG      253,4    129900   16252964 /lib/ld-2.5.so
init          1      root  mem       REG      253,4   1693812   16252965 /lib/libc-2.5.so
init          1      root  mem       REG      253,4     20668   16253168 /lib/libdl-2.5.so
init          1      root  mem       REG      253,4    245376   16253222 /lib/libsepol.so.1
init          1      root  mem       REG      253,4     93508   16253815 /lib/libselinux.so.1
init          1      root   10u     FIFO       0,17                 1277 /dev/initctl
...

Example 2: Show all opened internet sockets

Using the -i flag lsof will list the internet sockets currently opened

lsof -i

Sample outputs

COMMAND     PID   USER   FD   TYPE   DEVICE SIZE NODE NAME
sshd       2537   root    3u  IPv6     5348       TCP *:rockwell-csp2 (LISTEN)
mysqld     2625  mysql   11u  IPv4     5463       TCP *:mysql (LISTEN)
httpd      2731 apache    3u  IPv6 30048993       TCP *:http (LISTEN)
...

Example 3: Shows all networking related to a given port 80

lsof -i :80

Sample outputs

COMMAND   PID   USER   FD   TYPE   DEVICE SIZE NODE NAME
httpd    2731 apache    3u  IPv6 30048993       TCP *:http (LISTEN)
httpd    2731 apache   58u  IPv6 39448263       TCP server.com:http->adsl-dynamic-pool-xxx.hcm.fpt.vn:23527 (ESTABLISHED)
httpd    2731 apache   60u  IPv6 39448302       TCP server.com:http->crawl-66-249-69-83.googlebot.com:35190 (ESTABLISHED)
httpd    2731 apache   61u  IPv6 39448336       TCP server.com:http->v16-13.opera-mini.net:37548 (ESTABLISHED)
httpd    2731 apache   62u  IPv6 39448388       TCP server.com:http->v16-13.opera-mini.net:37561 (ESTABLISHED)
httpd    2731 apache   64u  IPv6 39447543       TCP server.com:http->adsl.viettel.vn:13636 (FIN_WAIT2)

Example 4: Show all TCP/UDP connections

lsof -i TCP

Sample outputs

sshd       2537   root    3u  IPv6     5348       TCP *:rockwell-csp2 (LISTEN)
mysqld     2625  mysql   11u  IPv4     5463       TCP *:mysql (LISTEN)
httpd      2731 apache    3u  IPv6 30048993       TCP *:http (LISTEN)
...

Example 5: List open files associated with process ID

The flag +p will display all open files associated with specific process ID, example with process ID is 2625

lsof +p 2625

Sample outputs

COMMAND  PID  USER   FD   TYPE     DEVICE      SIZE     NODE NAME
mysqld  2625 mysql  cwd    DIR      253,4      4096 21495811 /var/lib/mysql
mysqld  2625 mysql  rtd    DIR      253,4      4096        2 /
mysqld  2625 mysql  txt    REG      253,4   7020300 50999198 /usr/libexec/mysqld
mysqld  2625 mysql  DEL    REG      253,4           16253135 /lib/libcrypto.so.0.9.8e.#prelink#.64u8kX
mysqld  2625 mysql  mem    REG      253,4           16252984 /lib/libm-2.5.so (path inode=16253122)
mysqld  2625 mysql  DEL    REG      253,4           50996047 /usr/lib/libgssapi_krb5.so.2.2.#prelink#.YYIHuy
mysqld  2625 mysql  mem    REG      253,4           16252990 /lib/libselinux.so.1 (path inode=16253815)
mysqld  2625 mysql  mem    REG      253,4           16256252 /lib/libsepol.so.1 (path inode=16253222)
mysqld  2625 mysql  mem    REG      253,4     50848 16253138 /lib/libnss_files-2.5.so
mysqld  2625 mysql  mem    REG      253,4           16253825 /lib/librt-2.5.so (path inode=16253220)
mysqld  2625 mysql  mem    REG      253,4           16252942 /lib/ld-2.5.so (path inode=16252964)
mysqld  2625 mysql  mem    REG      253,4           50996107 /usr/lib/libstdc++.so.6.0.8 (path inode=50989584)
mysqld  2625 mysql  mem    REG      253,4           50996061 /usr/lib/libkrb5.so.3.3 (path inode=50999803)
mysqld  2625 mysql  mem    REG      253,4           16252980 /lib/libdl-2.5.so (path inode=16253168)
...

Example 6: Show what a given user has open

The flag -u will show what a given user has open

lsof -u apache

Sample outputs

COMMAND   PID   USER   FD   TYPE     DEVICE      SIZE     NODE NAME
httpd    2731 apache  cwd    DIR      253,4      4096        2 /
httpd    2731 apache  rtd    DIR      253,4      4096        2 /
httpd    2731 apache  txt    REG      253,4   3120954 51157630 /usr/local/apache/bin/httpd
httpd    2731 apache  mem    REG      253,4    375710 51157607 /usr/local/apache/lib/libaprutil-1.so.0.3.10
httpd    2731 apache  mem    REG      253,4     45432 16253184 /lib/libcrypt-2.5.so
httpd    2731 apache  mem    REG      253,4      7748 16253849 /lib/libcom_err.so.2.1
httpd    2731 apache  mem    REG      253,4      7880 16253845 /lib/libkeyutils-1.2.so
httpd    2731 apache  mem    REG      253,4    937178 51157689 /usr/local/apache/modules/mod_security2.so
httpd    2731 apache  mem    REG      253,4    129208 16253851 /lib/libpcre.so.0.0.1
...

The post 10 lsof Command Examples appeared first on lifeLinux: Linux Tips, Hacks, Tutorials, Ebooks.

You can apply kernel updates using “yum” command or “apt-get” command line options. After each upgrade you need to reboot the server. How to skip reboot step and apply hotfixes to kernel without rebooting the server ?

What is Ksplice Uptrack?

Ksplice Uptrack is a subscription service that lets you apply 100% of the important kernel security updates released by your Linux vendor without rebooting.

Install Ksplice

First, you’ll need an access key. If you don’t have one, request a free trial.
Download the Ksplice Uptrack repository installation RPM package

[root@lifelinux ~]# wget https://www.ksplice.com/yum/uptrack/centos/ksplice-uptrack-release.noarch.rpm

To install, type the following command as root

[root@lifelinux ~]# rpm -ivh ksplice-uptrack-release.noarch.rpm
[root@lifelinux ~]# yum -y install uptrack

Edit /etc/uptrack/uptrack.conf, enter

[root@lifelinux ~]# vi /etc/uptrack/uptrack.conf

Sample outputs

[Auth]
accesskey = [ACCESS KEY HERE]

[Network]
# Proxy to use when accessing the Uptrack server, of the form
# [protocol://][:port]

# The proxy must support making HTTPS connections. If this is unset,
# Uptrack will look for the https_proxy, HTTPS_PROXY, and http_proxy
# environment variables in that order, and then finally look for a
# proxy setting in the system-wide GConf database, if available.
https_proxy =

[Settings]
# Automatically install updates at boot time. If this is set, on
# reboot into the same kernel, Uptrack will re-install the same set of
# updates that were present before the reboot.
install_on_reboot = yes

# Options configuring the Uptrack cron job.
#
# GUI users will get all notices via the GUI and likely want to set
# the following cron options to "no".

# Cron job will install updates automatically
autoinstall = no

# Cron job will print a message when new updates are installed.
# This option is only relevant if autoinstall = yes
cron_output_install = no

# Cron job will print a message when new updates are available
cron_output_available = no

# Cron job will print a message when it encounters errors
cron_output_error = no

Insert your access key. Please use the same access key for all of your systems. If you would like Uptrack to automatically install rebootless kernel updates as they become available, set autoinstall = yes.

When you are done with your Uptrack configuration, please run the following command as root to bring your kernel up to date:

uptrack-upgrade -y

The post How To Install Ksplice on CentOS / RedHat appeared first on lifeLinux: Linux Tips, Hacks, Tutorials, Ebooks.

What is Ksplice Uptrack?

Ksplice Uptrack is a subscription service that lets you apply 100% of the important kernel security updates released by your Linux vendor without rebooting.

Update Linux Kernel With Ksplice Uptrack

Ksplice updates are the same security and bugfix updates you would get from your Linux vendor, packaged in a special rebootless form. Type the following to apply updates (note it may take a few hours to get ksplice update as they upgrade their system after RHN releases kernel upgrades):

[root@lifelinux ~]# uptrack-upgrade

The post How To Update Linux Kernel With Ksplice Uptrack appeared first on lifeLinux: Linux Tips, Hacks, Tutorials, Ebooks.