Fail2ban unban IP

Since 0.8.8 there is the unbanip option. It can be triggered by the set command.

fail2ban-client set ssh-iptables unbanip m.y.i.p

more generic:

fail2ban-client set :jail unbanip :ip

Syntaxis

Instalar plugin Java no Firefox (CentOS)

Java must be installed on the system first. This procedure only works with the version you download from Oracle; it will not work with the OpenJDK version of Java you’ll have when using the ‘yum install java’ command.

Download Linux x64 RPM from Oracle’s Java Downloads for All Operating Systems page.

Close Firefox.

Change to root user and enter password.

su

Change directory to /usr/java. If it isn’t created, create it.

mkdir /usr/java
cd /usr/java

Execute rpm on the Java RPM you just downloaded…

rpm -ivh /home/basejump/Downloads/jre-7u21-linux-x64.rpm

Validate with:

java -version

Delete the original RPM; you don’t need that anymore.

rm -rf /home/basejump/Downloads/jre-8u60-linux-x64.rpm

From the /usr/java directory, Find the Firefox plugin (which gets installed with java):

find . | grep libnpjp

For me, that returned:

/usr/java/jre1.8.0_60/lib/amd64/libnpjp2.so

Change to directory for Firefox plugins:

cd /usr/lib64/mozilla/plugins

Be careful. There is also a /usr/lib/mozilla/plugins directory. Be sure you’re in lib64!

Create symbolic link to the plugin:

ln -fs /usr/java/jre1.8.0_60/lib/amd64/libnpjp2.so libnpjp2.so

Start Firefox and validate by going to Tools > Addons > Plugins. You should now see Java Plug-in 1.x.x enabled.

MySQL is blocked because of many connection errors

More rarely, it can happen when the client is attempting the initial connection to the server. In this case, if your connect_timeout value is set to only a few seconds, you may be able to resolve the problem by increasing it to ten seconds, perhaps more if you have a very long distance or slow connection. You can determine whether you are experiencing this more uncommon cause by using SHOW STATUS LIKE ‘aborted_connections’. It will increase by one for each initial connection attempt that the server aborts. You may see “reading authorization packet” as part of the error message; if so, that also suggests that this is the solution that you need.

Try increasing connect_timeout in your my.cnf file

Another style:

MySQL: Lost connection to MySQL server at ‘reading initial communication packet’

  1. At some point, it was impossible for remote clients to connect to the MySQL server.
  2. The client (some application on a Windows platform) gave a vague description like Connection unexpectedly terminated.
  3. When remotely logging in with the MySQL client the following error appeared:
    ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial communication packet', system error: 0

On FreeBSD this happens because there was no match found in /etc/hosts.allow. Adding the following line before the line saying ALL:ALL fixes this:

mysqld: ALL: allow

On non-FreeBSD Unix systems, it is worth to check the files /etc/hosts.allow and /etc/hosts.deny. If you are restricting connections, make sure this line is in /etc/hosts.allow:

mysqld: ALL

or check if the host is listed in /etc/hosts.deny.

In Arch Linux, a similar line can be added to /etc/hosts.allow:

mysqld: ALL

Clamscan

Check all files on the computer, but only display infected files:

clamscan -r -i /home/eb23marrazes/public_html/

Check files in the USER home directory and remove infected files (WARNING: Files are gone.):

clamscan -r --remove /home/eb23marrazes/public_html/

Verificar se existe uma tabela tem registos para um determinado tipo

O objetivo é verificar se para um determinado ID existem registos numa tabela devolvendo true/false em vez do número de registos. Aqui ficam 2 formas de fazer isto.

Utilizando IF:

SELECT IF(COUNT(*) > 0, TRUE, FALSE) AS NewResult
FROM itemtypes
WHERE parentid = 1

Utilizando CASE:

SELECT case when COUNT(*) > 0 
            then 1
            else 0
       end AS NewResult
FROM itemtypes
WHERE parentid = 1

Moodle infectado com ad by…

Em algumas categorias e disciplinas do Moodle apareciam DIVs com publicidade no cabeçalho e no rodapé… A publicidade estava na descrição das próprias categorias e disciplinas e foi adicionada involuntariamente por um dos admins/responsáveis porque tinha o browser infectado…

Para verificar quais as tabelas do Moodle que têm scripts, faz-se uma pesquisa na base de dados…

moodle_search_script

Se aparecer algum resultado diferente de 0, pode ser ali que estão os scripts.

VSFTPD: desativar dns reverse lookups

Tenho um servidor de FTP a correr (vsftpd) que está configurado para banir IPs que falhem o login 5 vezes seguidas. Funciona tudo corretamente excepto nas situações em que o reverse de um IP aponta para um endereço inválido. Basicamente o PAM faz o lookup, regista em /var/log/secure e o fail2ban lê o ficheiro para bloquear. Como o fail2ban não consegue resolver esses nomes, então isto permitia que alguns IPs tentasse aceder indefinidamente ao servidor e nunca fossem bloqueados!

Solução… alterar a configuração do vsftpd para não fazer o reverse lookup.

Informação relevante aqui: vsftpd bug fix

 

the DNS reverse lookup feature was implemented without any way to disable
it. This update contains the parameter 'reverse_lookup_enable', which
allows users to enable or disable the DNS reverse lookup functionality.
(BZ#498548)