Creating a Local Yum Repository Using an ISO Image

Sometime , our server internal can not access internet . we able to  create respository local for use yum command .

1. Transfer the removable storage to the system on which you want to create a local yum repository, and copy the DVD image to a directory in a local file system.

2 . Create a suitable mount point, for example /mnt/ISO

3. use the “mount” command to mount an iso
[root@kilo ~]# mount -t iso9660 -o loop V77197-01-OracleLinux-6U7.iso /mnt/ISO/   

4 . In the /etc/yum.repos.d directory, edit the existing repository files

[OL67]
name=Oracle Linux
baseurl=file:///mnt/ISO
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY
gpgcheck=1
enabled=1

5. Clean up the yum cache

 yum clean all

6. Test that you can use yum to access the repository. 

yum repolist 

Chặn người dùng truy cập website với Squid Proxy

Thêm 2 dòng dưới đây vào file squid.conf:

[root@kilo ~]# nano /etc/squid/squid.conf # Thêm 2 dòng dưới đây để chặn truy cập tới vOz acl voz dstdomain .vozforums.com http_access deny voz

Sau khi lưu lại file squid.conf, khởi động lại dịch vụ squid:

[root@thaisnake ~]# /etc/init.d/squid restart

How to start / stop / restart / reload iptables on CentOS 7 / RHEL 7

Step 1 : Install iptables-services

yum install iptables-services

Step 2 : Manage iptables with systemctl

Use the below given syntax
systemctl [stop|start|restart|reload] iptables
Example.
To start iptables

systemctl start iptables

To stop iptables

systemctl stop iptables

Một số lệnh cơ bản kiểm tra server khi bị DDoS

Tấn công từ chối dịch vụ phân tán (DDoS – Distributed Denial Of Service) là kiểu tấn công làm cho hệ thống máy tính hay hệ thống mạng quá tải, không thể cung cấp dịch vụ hoặc phải dừng hoạt động. Trong các cuộc tấn công DDoS, máy chủ dịch vụ sẽ bị “ngập” bởi hàng loạt các lệnh truy cập từ lượng kết nối khổng lồ.
Khi số lệnh truy cập quá lớn, máy chủ sẽ quá tải và không còn khả năng xử lý các yêu cầu. Hậu quả là người dùng không thể truy cập vào các dịch vụ trên các trang web bị tấn công DDoS.
Mình xin chia sẻ lại bài của BKNS, giới thiệu một số lệnh cơ bản để kiểm tra server trong trường hợp này.

Cấu hình Nginx redirect

Redirect non-WWW sang WWW

Sửa file cấu hình của nginx (nginx.conf) thì bạn hãy sửa file cấu hình cho từng domain trong folder /etc/nginx/conf.d/

Single domain

server {
        server_name example.com;
        return 301 $scheme://www.example.com$request_uri;
}

All domains

Bảo vệ thư mục trong Nginx

Khi sử dụng Apache, thông thường để bảo vệ thư mục chúng ta thường sử dụng file .htaccess và .htpasswd. Tuy nhiên, Nginx lại không hỗ trợ .htaccess. Các bạn hãy xem hướng dẫn Basic HTTP Authentication bên dưới để có thể thực hiện bảo vệ thư mục trong Nginx.
Mục tiêu
Bảo vệ thư mục http://example.com/test/ với đường dẫn server là /home/example.com/public_html/test/, file cấu hình Nginx /etc/nginx/conf.d/example.com.conf

1. Tạo file Password

Tuning NGINX Configuration

The following are some NGINX directives that can impact performance. As stated above, we only discuss directives that are safe for you to adjust on your own. We recommend that you not change the settings of other directives without direction from the NGINX team.

Worker Processes

NGINX can run multiple worker processes, each capable of processing a large number of simultaneous connections. You can control the number of worker processes and how they handle connections with the following directives:

Creating NGINX Rewrite Rules

Comparing the return, rewrite, and try_files Directives

The two directives for general‑purpose NGINX rewrite are return and rewrite, and the try_files directive is a handy way to direct requests to application servers. Let’s review what the directives do and how they differ.

The return Directive

The return directive is the simpler of the two general‑purpose directives and for that reason we recommend using it instead of rewrite when possible (more later about the why and when). You enclose the return in a server or location context that specifies the URLs to be rewritten, and it defines the corrected (rewritten) URL for the client to use in future requests for the resource.
Here’s a very simple example that redirects clients to a new domain name:

server {
    listen 80;
    listen 443 ssl;
    server_name www.old-name.com;
    return 301 $scheme://www.new-name.com$request_uri;
}

NGINX Tuning 1

Backup your original configs and you can start reconfigure your configs. You will need to open your nginx.conf at /etc/nginx/nginx.conf with your favorite editor.

# you must set worker processes based on your CPU cores, nginx does not benefit from setting more than that
worker_processes auto; #some last versions calculate it automatically

# number of file descriptors used for nginx
# the limit for the maximum FDs on the server is usually set by the OS.
# if you don't set FD's then OS settings will be used which is by default 2000
worker_rlimit_nofile 100000;

# only log critical errors
error_log /var/log/nginx/error.log crit;

# provides the configuration file context in which the directives that affect connection processing are specified.
events {
    # determines how much clients will be served per worker
    # max clients = worker_connections * worker_processes
    # max clients is also limited by the number of socket connections available on the system (~64k)
    worker_connections 4000;

Auto login root user at system start in Kali linux

And here are the simple steps to do it. Open and edit the file called /etc/gdm3/daemon.conf.

root@kali:~# leafpad /etc/gdm3/daemon.conf

In the daemon section uncomment the 2 lines for automatic login. It should finally look like this

[daemon]
# Enabling automatic login
  AutomaticLoginEnable = true
  AutomaticLogin = root

Done. Now reboot and enjoy.

Linux ss command to monitor network connections

ss - socket statistics

In a previous tutorial we saw how to use the netstat command to get statistics on network/socket connections. However the netstat command has long been deprecated and replaced by the ss command from the iproute suite of tools.

The ss command is capable of showing more information than the netstat and is faster. The netstat command reads various /proc files to gather information. However this approach falls weak when there are lots of connections to display. This makes it slower.
The ss command gets its information directly from kernel space. The options used with the ss commands are very similar to netstat making it an easy replacement.

Linux netstat command

1. List out all connections

The first and most simple command is to list out all the current connections. Simply run the netstat command with the a option.

$ netstat -a

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 enlightened:domain      *:*                     LISTEN     
tcp        0      0 localhost:ipp           *:*                     LISTEN     
tcp        0      0 enlightened.local:54750 li240-5.members.li:http ESTABLISHED
tcp        0      0 enlightened.local:49980 del01s07-in-f14.1:https ESTABLISHED
tcp6       0      0 ip6-localhost:ipp       [::]:*                  LISTEN     
udp        0      0 enlightened:domain      *:*                                
udp        0      0 *:bootpc                *:*                                
udp        0      0 enlightened.local:ntp   *:*                                
udp        0      0 localhost:ntp           *:*     

TOP command examples on Linux to monitor processes

Linux TOP command

One of the most basic command to monitor processes on Linux is the top command. As the name suggests, it shows the top processes based on certain criterias like cpu usage or memory usage.

The processes are listed out in a list with multiple columns for details like process name, pid, user, cpu usage, memory usage.
Apart from the list of processes, the top command also shows brief stats about average system load, cpu usage and ram usage on the top.
This post shows you some very simple examples of how to use the top command to monitor processes on your linux machine or server.

Note your "top" command variant

18 commands to monitor network bandwidth on Linux server

Network monitoring on Linux

This post mentions some linux command line tools that can be used to monitor the network usage. These tools monitor the traffic flowing through network interfaces and measure the speed at which data is currently being transferred. Incoming and outgoing traffic is shown separately.

Some of the commands, show the bandwidth used by individual processes. This makes it easy to detect a process that is overusing network bandwidth.
The tools have different mechanisms of generating the traffic report. Some of the tools like nload read the "/proc/net/dev" file to get traffic stats, whereas some tools use the pcap library to capture all packets and then calculate the total size to estimate the traffic load.
Here is a list of the commands, sorted by their features.

1. Overall bandwidth - nload, bmon, slurm, bwm-ng, cbm, speedometer, netload

2. Overall bandwidth (batch style output) - vnstat, ifstat, dstat, collectl

2. Bandwidth per socket connection - iftop, iptraf, tcptrack, pktstat, netwatch, trafshow

3. Bandwidth per process - nethogs

Lynis - Security auditing tool

Lynis is a security auditing for UNIX derivatives like Linux, macOS, BSD, and others. It performs an in-depth security scan and runs on the system itself. The primary goal is to test security defenses and provide tips for further system hardening. It will also scan for general system information, vulnerable software packages, and possible configuration issues. Lynis was commonly used by people in the "blue team" to assess the security defenses of their systems. Nowadays, penetration testers also have Lynis in their toolkit.


. . . .

https://github.com/CISOfy/lynis

What is Lynis

How to protect from port scanning and smurf attack in Linux Server by iptables

In this post I will share the iptable script in which we will learn How to protect from port scanning and smurf attack in Linux Server.

Features Of Script :
(1) When a attacker try to port scan your server, first because of iptable attacker will not get any information which port is open. Second the Attacking IP address will be blacklisted for 24 Hour (You can change it in script) . Third , after that attacker will not able to open access anything for eg. even attacker will not see any website running on server via web browser, not able to ssh,telnet also. Means completely restricted.
(2) Protects from smurf attack

IPtables DDoS Protection: The Best Rules to Mitigate DDoS Attacks

There are different ways of building your own anti-DDoS rules for iptables. We will be discussing the most effective iptables DDoS protection methods in this comprehensive tutorial.

This guide will teach you how to:

1. Select the best iptables table and chain to stop DDoS attacks
2. Tweak your kernel settings to mitigate the effects of DDoS attacks
3. Use iptables to block most TCP-based DDoS attacks
4. Use iptables SYNPROXY to block SYN floods

IPTables Configuration for DDoS Protection

The following IPTables configuration will assist with traffic that the DDoS filters cannot fully mitigate.

Note: These are a generic ruleset and should be expanded further to suit your specific application.

### IP Tables DDOS Protection Rules ###

### 1: Drop invalid packets ###
/sbin/iptables -t mangle -A PREROUTING -m conntrack --ctstate INVALID -j DROP

### 2: Drop TCP packets that are new and are not SYN ###
/sbin/iptables -t mangle -A PREROUTING -p tcp ! --syn -m conntrack --ctstate NEW -j DROP

Linux Iptables To Block Different Attacks

Iptables is a Linux kernel based packet filter firewall. The iptables modules are present in the kernel itself, there is no separate daemon for it. This makes the firewall very fast and effective. The Iptables rules control the incoming and outgoing traffic on a network device. In this article, we will discuss about some of the common network attacks, and how we can block them using iptables. Some of the common network attacks are SYN flood attack, smurf attack, land attack, attacks by malfunctioning ICMP packet, and some other forms of DOS attack. Before going into the details of these attacks, let’s have an overview of iptables, and how to use this command.

Anti DDoS with iptables and ipt_recent

In these days I’ve been attacked with a syn flood plus a GET flood requests.
There was ~1600 different IP that compose the botnet that was attacking, so I write some lines of iptables in order to keep the attack under control.

Below you can find the entire micro script I’ve made, and after that an explanation line per line about what they do.
Clear all existent rules on the firewall.
iptables -F
iptables -X

Các vấn đề liên quan tới session của Nginx

Nginx một web services khá mạnh cho hiện tượng C10k . Có rất nhiều cấu hình của nó mà mình đã xem qua . Đa phần sysadmin không tìm hiểu kỹ về nó , đưa ra những tham số rất nguy hiểm cho hệ thống . Và vấn đề giải quyết các session như thế nào luôn làm các sysadmin lúng túng ,đôi khi phó mặc cho Dev phía dưới giải quyết vẫn đề này .

 Trước khi đi vào chi tiết cách giải quyết vấn đề này , đảo qua một chút về các thuật toán liên quan tới cân bằng tài của Nginx .

• round-robin —Khi Client gửi kết nối tới server , Nginx sẽ tuần tự gửi gói tin tới những backend phía sau . 
• least-connected — request tiếp theo của client sẽ đc gán tới backend có ít kết nối nhất .
• ip-hash — Đây là một "hash-funcsion" (chức năng băm ) . Được sử dụng để xác định máy chủ phục vụ dựa trên địa chỉ client .

Mặc định của Nginx sử dụng thuật toán round-robin với cấu hình :

http {
    upstream myapp1 {
        server srv1.example.com;
        server srv2.example.com;
        server srv3.example.com;
    }

    server {
        listen 80;

        location / {
            proxy_pass http://myapp1;
        }
    }
}

Khi muốn sử dụng thuật toán least-connected chỉ cần khai báo

upstream myapp1 {
        least_conn;
        server srv1.example.com;
        server srv2.example.com;
        server srv3.example.com;
    }

Với 2 thuật toán này Nginx hoàn toàn koo giữ đc các session giữa client và server backend , điều này phụ thuộc vào phía ứng dụng keep các phiên làm việc tới client có thể dự trên memcache hoặc redit . . .

Thuật toán ip_hash hay còn gọi là " Session persistence " hay "Session Sticky " (duy trì phiên ) sẽ giúp việc giữ các kết nối từ 1 client tới 1 backend trong upstream nhất định . Với ip-hash, địa chỉ IP của client sẽ được sử dụng như một hashing key để xác định máy chủ dịch vụ . Phương pháp này đảm bảo rằng ,những request từ một IP sẽ được 1 máy chủ phục vụ .

upstream myapp1 {
    ip_hash;
    server srv1.example.com;
    server srv2.example.com;
    server srv3.example.com;
}

Nhưng Session persistence có tới 3 phương pháp để lưu trữ các session

1. Session Persistence Method: Cookie Insertion

upstream backend {
    server webserver1;
    server webserver2;

    sticky cookie srv_id expires=1h domain=.example.com path=/;
}

2. Session Persistence Method: Learn

upstream backend {
   server webserver1;
   server webserver2;

   sticky learn create=$upstream_cookie_sessionid
       lookup=$cookie_sessionid
       zone=client_sessions:1m
       timeout=1h;
}

3. Session Persistence Method: Sticky Routes

upstream backend {
   server webserver1 route=a;
   server webserver2 route=b;

   # $var1 and $var2 are run-time variables, calculated for each request
   sticky route $var1 $var2;
}