tenshi.420

THIS POST IS NO LONGER VALID, BUT CAN BE USED AS A REFERENCE FOR OTHER THINGS:

Found out on Webmin » Webmin Configuration , all the way to the bottom says: ” Start on Boot “

(Change this option to control whether Webmin is started at boot time or not. If it is not currently started at boot and Yes is chosen, a new init script will be created.)

- so this post is no longer needed (valid but used as a future reference for other things)

Original Post Below if you care to read:

Use Webmin to start webmin (read)

What is Webmin?

Webmin is a web-based interface for system administration for Unix. Using any modern web browser, you can setup user accounts, Apache, DNS, file sharing and much more. Webmin removes the need to manually edit Unix configuration files like /etc/passwd, and lets you manage a system from the console or remotely. See the standard modules page for a list of all the functions built into Webmin, or check out the screenshots.

I recently got a temporary VPS Linux Server to play around with. (practice and such things- until i can find a used desktop or laptop to run a virtualbox or a home-server for practice)

Start: Well installed webmin to try it out and didn’t really love it 100% but did have some useful things and its a free control panel.

Issue: Did a server reboot and noticed webmin did NOT start (it did on my other dedicated server and worked, but not on a VPS). What a shame! But no worries. There is a little working trick I’ve done and works nicely. We’re going to use Webmin to start webmin on boot, confused? dont be, lets begin. 

Read More

Part One: Located Here

Someone random contacted me via-IRC network (irc.foco.com) when i had issues with Apache Dos issue ( someone was dos’ing my server, with approval of course) and noticed it went down ( so i cried a little bit- ok not really but still )

He mentioned something called ” CSF FireWall “

Image from above: http://localhostr.com/files/AK6FmF0/capture.png

and i was a little worried that this would conflict with my Directadmin pannel, but it wasn’t! i installed it thinking it would work as a stand alone project instead it automatically integrated it self to my panel ( i should really read first [the entire thing] before installing things)

either way, its all good. Was able to not only have a firewall help me out but also use its control panel ( CSF ) to ban the ips brute forcing my SSH for like a month (some up to 3 years) but this does affect the IP server wide, so i made sure it was temporary, unless its a repeated brute login. Anyways, for who ever is reading, make sure to check them out, and ITS FREE!

• http://configserver.com/cp/csf.html

Also tips tips tips:

on firewall Configurations- on ” # SECTION:Port Settings ” make sure you pay attention to Allow incoming TCP ports and outgoing, usually 80 port would be like your web stuff, i run a server (game) and a bouncer so i made sure i added them to the list, including the port it connects to via-irc (which i found odd, since the bouncer irc is connecting to the other server port, not mines)

Hope this helps!

(this method has not been verified yet, will update when possible!)

Well, noticed after ‘directadmin’ logs kept spamming me (in a respective way) about brute force towards ” admin and root ” type of login, i did some research, and this is what i am able to come up with.

Method: Using iptables;

Easy setup - just 2 rules

Because iptables comes standard with every Linux distribution we’ll skip right to setting up the specific firewall rules we need. In depth configuring of iptables takes a bit of understanding and is not within the scope of this article, but let’s take a look at these two statements:

[ http://pastebin.com/raw.php?i=TCT3yYPT ]

The -i eth0 is the network interface to which ssh connections are made. Typically this is eth0, but maybe you need to change it.

That’s it! Together they will rate-limit all incoming SSH connections to 8 in a one minute window. Normal users will have no trouble logging in, but the brute force attacks will be dropped, limiting the number of possible account combinations from unlimited, to 8. That’s awesome!

Failsafe!

While you’re still testing, you might want to add the following line to your crontab

*/10 * * * * /sbin/iptables -F

This will flush all the rules every 10 minutes, just in case you lock yourself out. When you’re happy with the results of your work, remove the line from your crontab, and you’re in business.

Advanced Setup - want more?

> Restore on boot >

You will find that on your next reboot, the rules are lost. Damn! You probably want these 2 brute force protection rules automatically restored, right? The most elegant way would probably be to restore the iptables rules when your network interface comes back online. Here how I would this on Ubuntu. Let’s get the following content in a file: /etc/network/if-up.d/bfa_protection

[ http://pastebin.com/raw.php?i=0Sc9JFwG ]

Savee the file and make it executable:

chmod u+x /etc/network/if-up.d/bfa_protection

Now every time your interface comes up, the rules are added to iptables. Sweet.

Remove on shutdown

But to do this really clean, we need to have a script that removes the rules as well for when the interface goes down. Just to make sure the rules are never added twice. So let’s also create a file: /etc/network/if-down.d/bfa_protection 

[ http://pastebin.com/raw.php?i=51dK5Bru ]

-D removes a rule whereas -A adds one. Anyway. Let’s save this file and make it executable:

chmod u+x /etc/network/if-down.d/bfa_protection

That’s it! We’re in business!

The Issue: bin/sh^M: bad interpreter: No such file or directory, when trying to activate a .sh script.

Things I used: Linux, O/S Debian 5 i think, 32 bit, since I feel it has a user-friendly-feel to it on SSH; This was changed out of Centos, SSH + FTP because i’m paranoid when it comes to folders, and Teamviewer (because the dude lived in Brazil)

While helping someone set up their sa-mp game server, I was trying to install a .sh bash script, so the server would auto restart if server would crash, noted on; wiki.sa-mp website, and getting a ” cannot locate or no such file ” error, so i did: ./restart.sh & and gave me the error: bin/sh^M: bad interpreter: No such file or directory, in SSH.

Did some research and nothing, until Dugi showed me a site, which was for ‘Ubuntu’ not Debian, BUT with a little more research was able to find for debian.

on SSH:

apt-get install tofrodos

then fix the problem; This will convert the file to unix format. 

dos2unix setup.sh

and the offending DOS characters are gone.

The list of files included in the tofrodos package:

dpkg -L tofrodos

dpkg -L tofrodos
/.
/usr
/usr/bin
/usr/bin/fromdos
/usr/share
/usr/share/man
/usr/share/man/man1
/usr/share/man/man1/fromdos.1.gz
/usr/share/doc
/usr/share/doc/tofrodos
/usr/share/doc/tofrodos/tofrodos.html
/usr/share/doc/tofrodos/copyright
/usr/share/doc/tofrodos/changelog.Debian.gz
/usr/share/doc/tofrodos/NEWS.Debian.gz
/usr/share/doc/tofrodos/readme.txt.gz
/usr/bin/todos
/usr/share/man/man1/todos.1.gz

The issue with this, the script was saved in windows, then uploaded to FTP, so this caused some unix-characater-line-some-shit-issues, it was best to open nano and paste it inside there, instead of making it in windows in .txt then changing the format. This issue was because i was on teamviewer half a globe to the south so i was some what limited to the things i can do fast. But any who, got it working and another satisfied customer ( even though it was free of charge )