mod_evasive on apache2 setup notes ubuntu debian

MOD_EVASIVE provides evasive maneuvers to apache in case of a DoS attack ... tara tara ... read the README if you are looking for this kind of read.

I think that it is a great piece of software for poor webmasters.

Install mod_evasive
$sudo -s
#apt-get install libapache2-mod-evasive

The mailer program is set to /bin/mail in source. This has not changed in the ubuntu sources. You can change the MAILER definition in the source and reinstall.
#grep MAILER mod_evasive20.c |grep define
#define MAILER "/bin/mail %s"

or just make /bin/mail a symbolic link to sendmail.
#ln -s `which sendmail` /bin/mail

Create the tmp locking directory
#mkdir /var/lock/mod_evasive
#chown www-data:www-data /var/lock/mod_evasive

Create my bad ip list directory
#mkdir /var/log/mod_evasive
#chown www-data:www-data /var/log/mod_evasive

Now, let's change the default mod_evasive settings by adding the following at httpd.conf.
#cat /etc/apache2/httpd.conf 
<IfModule mod_evasive20.c>
    DOSHashTableSize    3097
#nodes/child --prime and can be only prime (values are tiered to the next prime), next 6151

    DOSPageCount        2
#requests --threshold of requests for the same URI / DOSpageInterval

    DOSSiteCount        50
#requests --threshold of requests for any object by the same client on the same listener / DOSSiteInterval

    DOSPageInterval     1

    DOSSiteInterval     1

    DOSBlockingPeriod   60
#seconds --default is 10, it does not need to be large since in case of DoS is getting reset on every subsequent request.

    DOSEmailNotify      root@localhost
    DOSSystemCommand    "echo  '%s' >> /var/log/mod_evasive/ip;"

    DOSLogDir           "/var/lock/mod_evasive"
#lock dir


restart apache
#/etc/init.d/apache2 restart

Cool, now each villain IP address gets 403s while is DoSing and it is logged once in /var/log/mod_evasive/ip and root gets one email from apache with the title "HTTP BLACKLIST"

mod evasive setup on debian or ubuntu

Software Packet Management Tools Debian Ubuntu

The tools

apt-get --The Debian Advanced software Packet handling Tool

dpkg --The Debian Package Manager

apt-cache --The APT cache manipulator

aptitude --A high-level interface to the package manager. It has both an ncurses (2D) and a command line interface.

We 'll use apt-get, dpkg, and apt-cache.

First, let's get a root shell
$sudo -s

apt-get basics

apt-get stores the list of software repositories in /etc/apt/sources.list
There you can uncomment to add, and comment to remove repositories.

The following syntax is used to add repositories to /etc/apt/sources.list
$  head -3 /etc/apt/sources.list
#deb     URL DISTRIBUTION main
deb lucid main restricted
deb lucid main
# are used to comment out lines and the URLs are using HTTP.
To figure out the DISTRIBUTION codename use one of the following commands
n3 ~ # cat /etc/debian_version 
n3 ~ #
n ~ # lsb_release -c
Codename: lucid
n ~ # 
In Ubuntu you may want to add a repository from the Archive Mirrors.

To resynchronize the package index files.
#apt-get update

To add a new package (let's say ninvaders) using apt-get
#apt-get install ninvaders
OK, done playing. Got a 20150, beat that!

To remove a package but not its configuration file(s).
#apt-get remove ninvaders

To remove a package and its configuration file(s) if any.
#apt-get purge ninvaders

To see a list of what updates are available we could do
#apt-get -s -o Debug::NoLocking=true upgrade | grep ^Inst  

apt-get also has a nice wrapper-extender that can give us a nice summary of what updates are available
#/usr/lib/update-notifier/ --human-readable
10 packages can be updated.
10 updates are security updates.

To upgrade an individual packet (let's say bind) and it's dependencies.
#apt-get install bind9
Reading package lists... Done
Building dependency tree       
Reading state information... Done


The following packages will be upgraded:
  bind9 bind9-host bind9utils dnsutils libbind9-60 libdns64 libisc60 libisccc60 libisccfg60 liblwres60
10 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

OK, let's see the summary of what updates are available again.
#/usr/lib/update-notifier/ --human-readable
0 packages can be updated.
0 updates are security updates.

To upgrade everything.
#apt-get upgrade

or upgrade everything and "intelligently handle changing dependencies with new versions of packages."
#apt-get dist-upgrade

To get the sources of a software packet we can use apt-get with the source option. We need to have the appropriate deb-src repository in /etc/apt/sources.list. Let's look at the ninvaders sources.
ares:~#mkdir ninvaders;cd ninvaders
ares:~/ninvaders#apt-get source ninvaders
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Need to get 44.0kB of source archives.
Get:1 lucid/universe ninvaders 0.1.1-2 (dsc) [584B]
Get:2 lucid/universe ninvaders 0.1.1-2 (tar) [31.3kB]
Get:3 lucid/universe ninvaders 0.1.1-2 (diff) [12.1kB]
Fetched 44.0kB in 0s (114kB/s)    
gpgv: Signature made Thu 29 Sep 2005 10:39:03 AM UTC using DSA key ID 69351387
gpgv: Can't check signature: public key not found
dpkg-source: warning: failed to verify signature on ./ninvaders_0.1.1-2.dsc
dpkg-source: info: extracting ninvaders in ninvaders-0.1.1
dpkg-source: info: unpacking ninvaders_0.1.1.orig.tar.gz
dpkg-source: info: applying ninvaders_0.1.1-2.diff.gz
dpkg-source: info: upstream files that have been modified: 
ninvaders-0.1.1  ninvaders_0.1.1-2.diff.gz  ninvaders_0.1.1-2.dsc  ninvaders_0.1.1.orig.tar.gz

When it comes to updates on production boxes I do not care much about no security updates and I like to test first the list of the security patches one by one in dev boxes before applying them to the production boxes.

We can list all available updates using at least three easy ways.
#apt-get -s -o Debug::NoLocking=true upgrade | grep ^Inst

# /usr/lib/update-notifier/ --p

or we can tweak the script ( add two print statements ) to print only the security updates and the cute summary and run it like
ubudevrat#/usr/lib/update-notifier/ --human-readable
<apt_pkg.Version object: Pkg:'libpam-modules' Ver:'1.1.1-2ubuntu5.4' Section:'admin'  Arch:'amd64' Size:385900 ISize:1236992 Hash:17691 ID:30444 Priority:2>
<apt_pkg.Version object: Pkg:'libplasma3' Ver:'4:4.4.5-0ubuntu1.2' Section:'libs'  Arch:'amd64' Size:818294 ISize:3108864 Hash:53711 ID:30462 Priority:4>
<apt_pkg.Version object: Pkg:'libpam-runtime' Ver:'1.1.1-2ubuntu5.4' Section:'admin'  Arch:'all' Size:115696 ISize:1277952 Hash:49884 ID:30446 Priority:2>
3 packages can be updated.
3 updates are security updates.

The changes of
# diff 
>      print cand_ver #g0#
>   print ver #g0#

dpkg basics

To list the name, the version, and a description for all the software packages installed on a system
#dpkg -l

To list files installed by package-name (let 's say apache2)
 # dpkg -L apache2

To find which package(s) own(s) a file (let 's say /usr/share/bug)
# dpkg -S /usr/share/bug/

To see the status of a specified package and an extended description (let 's say apache2)
# dpkg -s apache2

To install the foo package
#dpkg -i foo.deb

To list all files in foo.deb
#dpkg -c foo.deb


Let' s search for a regex in the names and descriptions of all available package lists. For example to list all the software packets containing in their names or their descriptions the words security or intrusion or firewall
# apt-cache search "security|intrusion|firewall"

Or if we want to get a longer description for all available "intrusion detection" matches. This will also show version number, size, dependencies, conflicts, priority, and other usual information.
# apt-cache search "intrusion detection" --full

If we know the name of the software packet we can use the show option.
#apt-cache show snort

I think that the above cover the basics.


#man apt-get
#man dpkg
#man apt-cache

Software Management Tools Debian

Backup & Restore PostgreSQL databases

pg_dump is used to backup a PostgreSQL database ( data + schema )

The following command will backup the database pgdb0 that belongs to the local PostgreSQL server user pguser0 to a compressed file pgdb0.dump.gz

g0:~$pg_dump -o -U pguser0 -h localhost pgdb0 |gzip > pgdb0.dump.gz

If you are not using foreign keys you can ommit the -o flag
ref:PostgreSQL 8.4.9 Documentation Dump

And to restore pgdb0
n:~$gunzip pgdb0.dump.gz
n:~$psql -U pguser0 -h localhost < pgdb0.dump

Backup and Restore PostgreSQL DBs