Saturday, January 23, 2010

Nice Code

Just wanted to point out a couple of very nice pieces of source code I came across recently.

ipin.py

Firstly check out this Python code ipin.py, by Axel E. Brzostowski, which converts png files from an iphone application into a format that you can read on any computer.

The python code is clean, easy to read, almost like literate programming. Very useful if you want to write a similar application that processes every file in a directory.

transmission

Another really nice program, is really a website. When you run transmission-daemon (linux bittorrent program), you can connect to it with a command line app called transmission-remote. In addition you can connect via a built in web server, which is a really excellently designed application. The html and javascript is so well documented and tidy it's as beautiful as the actual web page. Check it out here.








Friday, January 1, 2010

Securing an ssh server with fail2ban

There are all kinds of ways to secure an ssh server, with varying degrees of increasing security and decreasing flexibility. For example by limiting your server to only accept connections from certain known IP's, you are secure from random hackers on the internet, but you lose the ability to connect to your machine from anywhere you want to. Perhaps while travelling, for example.

Port knocking and listening on a high numbered non-standard port. make it harder for an attacker to even start trying to hack your connection. But this also requires you connect with a machine that you have the knock program installed on. Again, less convenient, more secure.

However, once an attacker does find your port there's nothing to stop brute force password hacking. If you look in your log file, you should see people connecting to your ssh port quite frequently and trying password attacks.

cat /var/log/auth.log

If you have a secure password then it would require days of brute force hacking to gain access to your ssh account, but even so, if you don't watch your logs then it's perfectly possible somebody will gain access eventually.

Brute force attacks can be limited using fail2ban. There's a great article on setting it up here. This program will scan your auth.log for you, using a regular expression to find failed password attempts. On a specified number of failures from a given IP, it will then modify the iptables on your machine (the firewall), to lock that IP out for a specified time.

Now instead of watching your auth.log fill up with reams of failed passwords, you'll see a greatly reduced amount of brute force attacks, and you can watch your fail2ban log file fill up with the IP addresses of hackers.








Using screen

When running a linux app, perhaps on a remote box, you don't want it to terminate when you close the terminal window. You can run some applications as daemons, or run them with the nohup command (no hang up).

For example:

nohup ./myapp > output.txt

will run the program myapp and send the output to output.txt.

You can then follow the output.txt with a command

tail -f output.txt

but if you hit Ctrl-C or close the terminal (or have a power cut), the application will still be running on the remote machine.

A more powerful solution is the Gnu screen application. This lets you run multiple shell sessions and switch between them. Using screen you can be logged into a server in your office, then detach from the screen session, go home and reattach to it there (assuming you have network access to the computer).

Here's a cheat sheet for using screen.

Running it:

screen

Learning to use it:

Ctrl-a help

Important commands:

Ctrl-a c (open a new window)

Ctrl-a p (prev window)
Ctrl-a n (next window)

exit or C-a q to exit

How to reattach to the screen session:

screen -ls

That shows screen sessions on the machine your logged on to, and then you reattach using:

screen -r name

That's all folks!