Block brute force FTP attacks with iptables

If you leave your FTP server to listen on port 21, you will end up dictionary based brute force attacked. If you don't want to consider changing the port, you should add some rules to iptables to limit the connection per minute / ip, making the life harder for an attacker.

sudo iptables -A INPUT -i eth0 -p tcp --dport 21 -m state --state NEW -m recent --set --name FTPCON
sudo iptables -A INPUT -i eth0 -p tcp --dport 21 -m state --state NEW -m recent --update --seconds 60 --hitcount 8 --rttl --name FTPCON -j DROP

Explanation: the first line identifies and names all the NEW connections ending up on port 21, interface eth0; the second line limits the NEW connections to 8 hits per minute by dropping them. This line should be among your first lines of iptables firewall rules and before the allow FTP rule (if you have one).

If you would like to log all the FTP connections that are dropped:

sudo iptables -A INPUT -i eth0 -p tcp --dport 21 -m state --state NEW -m recent --set --name FTPCON
sudo iptables -A INPUT -i eth0 -p tcp --dport 21 -m state --state NEW -m recent --update --seconds 60 --hitcount 8 --rttl --name FTPCON -j LOG --log-prefix 'FTP REJECT: '
sudo iptables -A INPUT -i eth0 -p tcp --dport 21 -m state --state NEW -m recent --update --seconds 60 --hitcount 8 --rttl --name FTPCON -j DROP

The logging file should be /var/log/syslog.

Note: These rules will not work after the next reboot, you will have to reload them at each start. My choice is a startup script.

Resources: serverfault.com, kevin.vanzonneveld.net

Installing TeamSpeak server on Debian

TeamSpeak is a proprietary Voice over IP software that allows computer users to speak on a chat channel with fellow computer users, much like a telephone conference call. A TeamSpeak user will often wear a headset with an integrated microphone. Users use the TeamSpeak client software to connect to a TeamSpeak server of their choice, from there they can join chat channels and discuss things.

The target audience for TeamSpeak is gamers, who can use the software to communicate with other players on the same team of a multiplayer game. Communicating by voice gives a competitive advantage by allowing players to keep their hands on the controls. (wikipedia)

Installing TeamSpeak server

1. After logging in as root, we create a new user called teamspeak. For security reasons, this user will create an instance of Teamspeak at each system startup.

useradd -d /home/teamspeak teamspeak

/home/teamspeak will be user's home folder.

2. Download the latest version of Teamspeak from http://www.teamspeak.com/?page=downloads (change the filename accordingly).

wget http://teamspeak.gameserver.gamed.de/ts3/releases/3.0.3/teamspeak3-server_linux-x86-3.0.3.tar.gz -O teamspeak3-server_linux-x86-3.0.3.tar.gz

3. unpack the file

tar -zxvf teamspeak3-server_linux-x86-3.0.3.tar.gz

4. change directory

cd teamspeak3-server_linux-x86

5. run the startup script

./ts3server_minimal_runscript.sh

Warning: as this is the first time you will run the Teamspeak, it will provide you with some credentials required to manage your server. Write down the useraname (mine was serveradmin) and password (mine was 1I8QFi4f), and also the token (mine was t765VBfyu75viuytOVukgyAuH1VXRZWjC).

6. stop the Teamspeak server by pressing CTRL+C (as in ^C)

7. change the owner of Teamspeak folder

chown teamspeak:teamspeak teamspeak3-server_linux-x86 -R

8. create a startup script

nano /etc/init.d/ts3

9. paste in

#!/bin/sh

USER="teamspeak"
TS3='/home/username/teamspeak3-server_linux-x86'
STARTSCRIPT="$TS3/ts3server_startscript.sh"

cd $TS3

su $USER -c "$STARTSCRIPT start"

change /home/username/teamspeak3-server_linux-x86 with the path where you have unpacked the archive at step 3

10. add our script to system startup

sudo update-rc.d ts3 defaults

11. usefull commands

to see if Teamspeak is running

top -u teamspeak

to send kill signal

kill -9 4977

where 4977 is the pid shown in top -u teamspeak

Install Webmin to Debian server

Webmin is a web interface for configuring your linux box. Using any modern web browser, you can setup user accounts, Apache, DNS, file sharing and much more, and all can be done remotely.

Install required libraries:

apt-get install perl libnet-ssleay-perl openssl libauthen-pam-perl libpam-runtime libio-pty-perl apt-show-versions python python-minimal libapt-pkg-perl perl-base perl-modules

Now we can download the latest webmin archive (this might change in time). We choose debian package .deb

wget http://www.webmin.com/download/deb/webmin-current.deb

Install webmin by typing:

dpkg -i webmin-current.deb

Stop the server if webmin started:

/etc/webmin/stop

Edit the users file:

nano /etc/webmin/miniserv.users

and add:

username:x:0

replace username with your username that can run commands as root (mine was actually root).

Start server:

/etc/webmin/start

Now you can access webmin by putting this adress into your browser:

https://[your_server_IP_address]:10000

After login if you see only system information in webmin, you need to reinstall webmin:

dpkg --remove webmin
rm -r /usr/share/webmin/
dpkg --install webmin-current.deb

Resources: install webmin, www.linuxquestions.org, sourceforge.net

Install Flash Player in Debian

By default, after installing Firefox you will find that your flash player is Gnash. Although Gnash is a fair plugin, it's not even close to Adobe Flash Player when it comes to performance. So, if you want to watch youtube videos smoothly, you must install Adobe Flash player.

Installing Adobe Flash Player

Download Adobe Flash Player:

Go to adobe.com and download the latest version. Be sure to choose .tar.gz for other Linux.

Untar the files:

tar xvf install_flash_player_11_linux.i386.tar.gz

Copy the plugin to Firefox plugin folder:

cp libflashplayer.so /usr/lib/mozilla/plugins/

Copy the new flash player properties to your system:

cd usr/bin/

cp flash-player-properties /usr/local/bin

Clean up the mess:

rm libflashplayer.so
rm usr -R

Warning! be sure you are in the same directory where you downloaded flash player or else if you are in your directory root /, you will delete your /usr folder and render the system unusable.

Open up about:plugins to see your newly installed plugin.

Note: You may need to restart Firefox after this.

Resources: scottlinux.com

Install Firefox in Debian

Mozilla made Firefox package a very good one, because you don't need to install it anymore. Just untar, copy, place shortcut and that's it.

Steps required to "install" Firefox

Get Firefox:

Go to www.mozilla.org and download the latest version of Firefox.

Uninstall any versions of iseweasel:

apt-get remove iceweasel

usually iceweasel is your main browser under Debian and we want it gone to be able to install Firefox smoothly.

Copy the downloaded file in /opt folder:

cp firefox-11.0.tar.bz2 /opt

change firefox-11.0.tar.bz2 to your downloaded version

Untar the file:

tar -jxvf firefox-11.0.tar.bz2 /opt

Change owner and permissions:

chown -R root:users /opt/firefox

chmod 750 /opt/firefox

usermod -a -G users username

where username its your (current) username.

Create a symbolic link:

ln -s /opt/firefox/firefox /usr/bin/firefox

Delete Firefox archive:

rm firefox-11.0.tar.bz2

Make a shortcut:

touch /usr/share/applications/firefox.desktop

nano /usr/share/applications/firefox.desktop

paste this:

[Desktop Entry]
Encoding=UTF-8
Name=Mozilla Firefox
Comment=Browse the World Wide Web
Type=Application
Terminal=false
Exec=/usr/bin/firefox %U
Icon=/opt/firefox/icons/mozicon128.png
StartupNotify=true
Categories=Network;WebBrowser;

That's it!

Note: if you don't find any Firefox icon under Applications -> Internet or you can't start Firefox, just reboot the system. That did the trick for me!

Resources: superuser.com

How to install VirtualBox Guest Additions on Debian

Follow these steps to install the Guest Additions on your Debian virtual machine:

* Login as root;
* Update your APT database with apt-get update;
* Install the latest security updates with apt-get upgrade;
* Install required packages with apt-get install build-essential module-assistant;
* Configure your system for building kernel modules by running m-a prepare;
* Click on Install Guest Additions... from the Devices menu.
* Run sh /media/cdrom/VBoxLinuxAdditions.run from the terminal (as root), and follow the instructions on screen.

Resources: virtualboxes.org

Multiple screens over SSH in Debian

If you need to run more than one task over ssh, screen is the application you need. By default, screen is not installed in Debian OS.

apt-get install screen

Once screen has been installed, you can start it up by:

screen

This command will get screen started, but you will not realize first. You can also name a screen session like this:

screen -S name

All the screen command starts with the combination keys CTRL+A, release the keys and then press the command. For example, ctrl+a and ? will list the commands available. Also, you should check the manual by running man screen.

List of commands:

- ctrl+a and | will create another vertical screen by splitting the screen;
- ctrl+a and c will create another screen window;
- ctrl+a and p will navigate backward through opened windows. p stands for previous;
- ctrl+a and n will navigate forward through opened windows. n stands for next;
- ctrl+a and " will list all opened windows. Here you can navigate by arrow keys and press enter to the desired one;
- ctrl+a and \ will exit screen with all the opened windows;
- ctrl+a and w or by typing exit at command line, will exit current opened window of screen;
- ctrl+a and d will detach the current window from screen and after exiting screen, your application inside the detached window will still be running;

After exiting screen you can always pick up previously detached window from screen. To list all screen:

screen -ls

If you have any screen windows detached you will geta message like this:

There is a screen on:
        13378.name      (03/19/2012 08:11:30 PM)        (Detached)
1 Socket in /var/run/screen/S-root.

But, if you don't have any screen applications running, you will get a message like this:

No Sockets found in /var/run/screen/S-root.

You can restore your screen session by running:

screen -r 13378.name

where 13378.name is the name listed by screen windows listing command above.

Note: If your screen hangs-up, you've probably pressed CTRL+S. Press CTRL+Q and the screen will unfreeze.

Resources: www.cyberciti.biz