Max Lyth

I implemented fail2ban because of dumb Botnets that constantly try to relay through my server, 100k’s of failed attempts a day. The PenaltyBoxExtreme went some way to quench the bombardment but still consumed connections and flooded the logs with detritus.

To get fail2ban to work you first have to change the default date format in the ASSP log as it is not one of the formats supported by fail2ban. I changed LogDateFormat to ‘DD-MMM-YYYY hh:mm:ss’
Read the rest of this entry »

I recently wanted to temporarily move our Mac OS 10.5 Server from our G5 XServe to an Intel MacMini during an office move. I had an extra disk that would hold the live data during the transition.

I used Carbon Copy Cloner to migrate the data to the external drive in two passes. The first pass was while the server was running and got 95% of the data to the external drive. When I was ready to transition I shut down all the services in Server Admin and then re-ran Carbon Copy Cloner in update mode.

Ten minutes later we were ready to go so I figured that it would be a simple task just to boot the MacMini from my new cloned external drive and we would be off. That mostly worked until I noticed a stream of errors in Console relating to OpenLDAP:

May 31 20:42:24 fs slapd[803]: @(#) $OpenLDAP: slapd 2.3.27 (Sep 29 2009 20:28:12) $
May 31 20:42:24 fs slapd[803]: overlay_config(): warning, overlay "dynid" already in list
May 31 20:42:24: --- last message repeated 4 times ---
May 31 20:42:24 fs slapd[803]: bdb_db_open: unclean shutdown detected; attempting recovery.
May 31 20:42:24 fs slapd[803]: bdb(dc= maxlyth,dc=com): Ignoring log file: /var/db/openldap/openldap-data/log.0000000015: magic number 88090400, not 40988
May 31 20:42:24 fs slapd[803]: bdb(dc=maxlyth,dc=com): Invalid log file: log.0000000015: Invalid argument
May 31 20:42:24 fs slapd[803]: bdb(dc= maxlyth,dc=com): PANIC: Invalid argument
May 31 20:42:24 fs slapd[803]: bdb(dc= maxlyth,dc=com): PANIC: DB_RUNRECOVERY: Fatal error, run database recovery
May 31 20:42:27 fs slapd[803]: bdb_db_open: Database cannot be recovered, err -30978. Restore from backup!
May 31 20:42:27 fs slapd[803]: bdb(dc= maxlyth,dc=com): DB_ENV->lock_id_free interface requires an environment configured for the locking subsystem
May 31 20:42:27 fs slapd[803]: bdb(dc= maxlyth,dc=com): txn_checkpoint interface requires an environment configured for the transaction subsystem
May 31 20:42:27 fs slapd[803]: bdb_db_close: txn_checkpoint failed: Invalid argument (22)
May 31 20:42:27 fs slapd[803]: backend_startup_one: bi_db_open failed! (-30978)
May 31 20:42:27 fs slapd[803]: bdb_db_close: alock_close failed
May 31 20:42:27 fs slapd[803]: slapd stopped.

This looked bad so I figured I’d roll-back and power back up the original server.
Read the rest of this entry »

I finally got around to writing up the instructions one of my most complex How-Tos which covers setting up IPAcco on Mac OS X.

IPAcco is a free software package that helps a network admin to collect, visualize and analyze IP accounting data from the Cisco routers. Cisco routers themselves are capable of collecting IP accounting information.

Because IPAcco is based on TCL, MySQL, PHP and GD; this how-to covers configuration of all these elements and in particular, building and installing a GD capable version of PHP.

While all our servers are firewalled we leave the SSH port open as it is a connection of last resort for administrators when the server cannot be contacted by any other means. While we have strict password policies this does no stop an incessant bombardment of dictionary attacks on those SSH ports.

I was also noticing my logs filling up with endless futile attempts from China to log in as root (the root account is disabled; duh!) to my unix box. While I was confident that my security wuld not be breached I wanted to be able to abruptly cut off these hackers so they would know they had been hacked in return.

I used the BSD built in host.deny feature as a simple way to cut-off hacking hosts and married it with a perl script from pettingers.org running as a daemon to manage and purge the hosts in the blacklist. I’ve written up instructions on how to implement the auto-blacklist in one of my HowTos.

Introduction

I’ve been using Stalker’s SIMS for almost 8 years now because it’s free and has a great web interface however since I moved my mailserver to MacOS X it has been failing to run reliably in Classic environment and I have been receiving an increasing number of demands from my end users to replace it.

This is not the first time I have tried to replace SIMS. I have looked closely at the competition such as Exim, Postfix and Sendmail and while they are all standard based and have flattering statistics on industry acceptance, none had the feature set I was looking for. The problem with all these MTAs is that they were written around the UNIX paradigm of storing the mail in home folders of the users, this means that the delivery agent must run as root to have access to the user folders which leads to much of the unnecessary complications and security issues.

Read the rest of this entry »