mod_evasive on apache2 setup notes ubuntu debian

MOD_EVASIVE provides evasive maneuvers to apache in case of a DoS attack ... tara tara ... read the README if you are looking for this kind of read.

I think that it is a great piece of software for poor webmasters.

Install mod_evasive
$sudo -s
#apt-get install libapache2-mod-evasive


The mailer program is set to /bin/mail in source. This has not changed in the ubuntu sources. You can change the MAILER definition in the source and reinstall.
#grep MAILER mod_evasive20.c |grep define
#define MAILER "/bin/mail %s"

or just make /bin/mail a symbolic link to sendmail.
#ln -s `which sendmail` /bin/mail


Create the tmp locking directory
#mkdir /var/lock/mod_evasive
#chown www-data:www-data /var/lock/mod_evasive


Create my bad ip list directory
#mkdir /var/log/mod_evasive
#chown www-data:www-data /var/log/mod_evasive


Now, let's change the default mod_evasive settings by adding the following at httpd.conf.
#cat /etc/apache2/httpd.conf 
<IfModule mod_evasive20.c>
#g0#
    DOSHashTableSize    3097
#nodes/child --prime and can be only prime (values are tiered to the next prime), next 6151

    DOSPageCount        2
#requests --threshold of requests for the same URI / DOSpageInterval

    DOSSiteCount        50
#requests --threshold of requests for any object by the same client on the same listener / DOSSiteInterval

    DOSPageInterval     1
#second

    DOSSiteInterval     1
#second

    DOSBlockingPeriod   60
#seconds --default is 10, it does not need to be large since in case of DoS is getting reset on every subsequent request.

    DOSEmailNotify      root@localhost
    
    DOSSystemCommand    "echo  '%s' >> /var/log/mod_evasive/ip;"

    DOSLogDir           "/var/lock/mod_evasive"
#lock dir


</IfModule>


restart apache
#/etc/init.d/apache2 restart


Cool, now each villain IP address gets 403s while is DoSing and it is logged once in /var/log/mod_evasive/ip and root gets one email from apache with the title "HTTP BLACKLIST 192.0.2.123"



mod evasive setup on debian or ubuntu

Software Packet Management Tools Debian Ubuntu

The tools

apt-get --The Debian Advanced software Packet handling Tool

dpkg --The Debian Package Manager

apt-cache --The APT cache manipulator

aptitude --A high-level interface to the package manager. It has both an ncurses (2D) and a command line interface.

We 'll use apt-get, dpkg, and apt-cache.

First, let's get a root shell
$sudo -s
#


apt-get basics

apt-get stores the list of software repositories in /etc/apt/sources.list
There you can uncomment to add, and comment to remove repositories.

The following syntax is used to add repositories to /etc/apt/sources.list
$  head -3 /etc/apt/sources.list
#deb     URL DISTRIBUTION main
deb http://de.archive.ubuntu.com/ubuntu/ lucid main restricted
deb http://deb.torproject.org/torproject.org lucid main
$
# are used to comment out lines and the URLs are using HTTP.
To figure out the DISTRIBUTION codename use one of the following commands
n3 ~ # cat /etc/debian_version 
squeeze/sid
n3 ~ #
or
n ~ # lsb_release -c
Codename: lucid
n ~ # 
In Ubuntu you may want to add a repository from the Archive Mirrors.

To resynchronize the package index files.
#apt-get update


To add a new package (let's say ninvaders) using apt-get
#apt-get install ninvaders
OK, done playing. Got a 20150, beat that!

To remove a package but not its configuration file(s).
#apt-get remove ninvaders


To remove a package and its configuration file(s) if any.
#apt-get purge ninvaders


To see a list of what updates are available we could do
#apt-get -s -o Debug::NoLocking=true upgrade | grep ^Inst  


apt-get also has a nice wrapper-extender that can give us a nice summary of what updates are available
#/usr/lib/update-notifier/apt_check.py --human-readable
10 packages can be updated.
10 updates are security updates.


To upgrade an individual packet (let's say bind) and it's dependencies.
#apt-get install bind9
Reading package lists... Done
Building dependency tree       
Reading state information... Done

...

The following packages will be upgraded:
  bind9 bind9-host bind9utils dnsutils libbind9-60 libdns64 libisc60 libisccc60 libisccfg60 liblwres60
10 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.


OK, let's see the summary of what updates are available again.
#/usr/lib/update-notifier/apt_check.py --human-readable
0 packages can be updated.
0 updates are security updates.


To upgrade everything.
#apt-get upgrade


or upgrade everything and "intelligently handle changing dependencies with new versions of packages."
#apt-get dist-upgrade


To get the sources of a software packet we can use apt-get with the source option. We need to have the appropriate deb-src repository in /etc/apt/sources.list. Let's look at the ninvaders sources.
ares:~#mkdir ninvaders;cd ninvaders
ares:~/ninvaders#apt-get source ninvaders
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Need to get 44.0kB of source archives.
Get:1 http://us.archive.ubuntu.com/ubuntu/ lucid/universe ninvaders 0.1.1-2 (dsc) [584B]
Get:2 http://us.archive.ubuntu.com/ubuntu/ lucid/universe ninvaders 0.1.1-2 (tar) [31.3kB]
Get:3 http://us.archive.ubuntu.com/ubuntu/ lucid/universe ninvaders 0.1.1-2 (diff) [12.1kB]
Fetched 44.0kB in 0s (114kB/s)    
gpgv: Signature made Thu 29 Sep 2005 10:39:03 AM UTC using DSA key ID 69351387
gpgv: Can't check signature: public key not found
dpkg-source: warning: failed to verify signature on ./ninvaders_0.1.1-2.dsc
dpkg-source: info: extracting ninvaders in ninvaders-0.1.1
dpkg-source: info: unpacking ninvaders_0.1.1.orig.tar.gz
dpkg-source: info: applying ninvaders_0.1.1-2.diff.gz
dpkg-source: info: upstream files that have been modified: 
 ninvaders-0.1.1/globals.c
 ninvaders-0.1.1/ind.html
ares:~/ninvaders#ls
ninvaders-0.1.1  ninvaders_0.1.1-2.diff.gz  ninvaders_0.1.1-2.dsc  ninvaders_0.1.1.orig.tar.gz


When it comes to updates on production boxes I do not care much about no security updates and I like to test first the list of the security patches one by one in dev boxes before applying them to the production boxes.

We can list all available updates using at least three easy ways.
#apt-get -s -o Debug::NoLocking=true upgrade | grep ^Inst

or
# /usr/lib/update-notifier/apt_check.py --p

or we can tweak the apt_chek.py script ( add two print statements ) to print only the security updates and the cute summary and run it like
ubudevrat#/usr/lib/update-notifier/apt_check.1.py --human-readable
<apt_pkg.Version object: Pkg:'libpam-modules' Ver:'1.1.1-2ubuntu5.4' Section:'admin'  Arch:'amd64' Size:385900 ISize:1236992 Hash:17691 ID:30444 Priority:2>
<apt_pkg.Version object: Pkg:'libplasma3' Ver:'4:4.4.5-0ubuntu1.2' Section:'libs'  Arch:'amd64' Size:818294 ISize:3108864 Hash:53711 ID:30462 Priority:4>
<apt_pkg.Version object: Pkg:'libpam-runtime' Ver:'1.1.1-2ubuntu5.4' Section:'admin'  Arch:'all' Size:115696 ISize:1277952 Hash:49884 ID:30446 Priority:2>
3 packages can be updated.
3 updates are security updates.


The changes of apt_check.py
# diff apt_check.py apt_check.1.py 
134a135
>      print cand_ver #g0#
144a146
>   print ver #g0#



dpkg basics

To list the name, the version, and a description for all the software packages installed on a system
#dpkg -l


To list files installed by package-name (let 's say apache2)
 # dpkg -L apache2


To find which package(s) own(s) a file (let 's say /usr/share/bug)
# dpkg -S /usr/share/bug/


To see the status of a specified package and an extended description (let 's say apache2)
# dpkg -s apache2


To install the foo package
#dpkg -i foo.deb


To list all files in foo.deb
#dpkg -c foo.deb


apt-cache

Let' s search for a regex in the names and descriptions of all available package lists. For example to list all the software packets containing in their names or their descriptions the words security or intrusion or firewall
# apt-cache search "security|intrusion|firewall"


Or if we want to get a longer description for all available "intrusion detection" matches. This will also show version number, size, dependencies, conflicts, priority, and other usual information.
# apt-cache search "intrusion detection" --full


If we know the name of the software packet we can use the show option.
#apt-cache show snort


I think that the above cover the basics.


Further

#man apt-get
#man dpkg
#man apt-cache
http://www.debian.org/doc/manuals/apt-howto/
http://wiki.debian.org/SecureApt
https://help.ubuntu.com/community/Repositories/CommandLine
https://help.ubuntu.com/community/AptGet/Howto






Software Management Tools Debian

Backup & Restore PostgreSQL databases

pg_dump is used to backup a PostgreSQL database ( data + schema )

The following command will backup the database pgdb0 that belongs to the local PostgreSQL server user pguser0 to a compressed file pgdb0.dump.gz


g0:~$pg_dump -o -U pguser0 -h localhost pgdb0 |gzip > pgdb0.dump.gz
Password: 
g0:~$

If you are not using foreign keys you can ommit the -o flag
ref:PostgreSQL 8.4.9 Documentation Dump

And to restore pgdb0
n:~$gunzip pgdb0.dump.gz
n:~$psql -U pguser0 -h localhost < pgdb0.dump




Backup and Restore PostgreSQL DBs