Just spotted this video online and found it quite funny…
It made me LOL
Reply
Monthly Archives: December 2009
Teamspeak 3 server on Ubuntu
Well, Teamspeak have finally released their new server platform for a public BETA test, although supposedly in this state the code is not meant to be stable, it appears to be working quite well on my Ubuntu server here at home. This is what I done to get it up and running – as a service from init.d no less. Before doing any of the following steps, please be aware that this IS BETA code and WILL contain bugs that may introduce security issues. The first step is to create a user that the Teamspeak executable can run as, this user should have a complex password for security reasons. This user will also not require a shell account.
sudo adduser teamspeak
Fill in the questions presented by the adduser application.
sudo usermod -s /bin/false teamspeak
The above command will change the users shell to be /bin/false ie. no shell. Now it is time to go and get Teamspeak… visit http://www.goteamspeak.com and find the correct package for the architecture you wish to use ie. Teamspeak_3.0.0-Beta5-32bit…
wget http://ftp.4players.de/pub/hosted/ts3/releases/beta-5/teamspeak3-server_linux-x86-3.0.0-beta5.tar.gz tar -zxvf teamspeak3-server_linux-x86-3.0.0-beta5.tar.gz
Now its time to move the new TS3 directory to its new home…
sudo mv ./teamspeak3-server_linux-x86-3.0.0-beta5 /opt/TS3 sudo chown -R teamspeak /opt/TS3
The above will place TS3 in /opt/TS3 and give ownership of the contents to the user teamspeak. It is now possible to run Teamspeak, however as veteran Teamspeak users will know, the first time you run the Teamspeak server you are presented with a username/password combo that cannot be recovered without resetting the server. In TS3 you will also be presented with a `token` (all of this is described in the Teamspeak documentation). So for the first run, the following command will allow you to gather these details, they should be noted carefully for future reference.
sudo start-stop-daemon –chuid teamspeak –chdir /opt/TS3 –start –exec /opt/TS3/ts3server_linux_x86
From this, you should see the serveradmin user and password. You can now ^C that and be returned to the normal shell, if you cat /opt/TS3/logs/* you will be presented with the token you require to obtain server-admin status on the new server. The last part is to create a script for /etc/init.d/ to launch Teamspeak each time the system is booted to the correct runlevel. /etc/init.d/skeleton provides a suitable framework for this, here is the script I am using, just about… NOTE: WordPress does not want to format this correctly for me, as such, here is a link to the file in a tar archive. If you follow these instructions and are running a 32bit server, the following file will work out of the box. /etc/init.d/teamspeak This file must then be made executable with
sudo chmod +x /etc/init.d/teamspeak
And finally, the init file must be symlinked to each of the runlevel start dirs using the following…
sudo ln -s ../init.d/teamspeak /etc/rc0.d/K21teamspeak sudo ln -s ../init.d/teamspeak /etc/rc1.d/K21teamspeak sudo ln -s ../init.d/teamspeak /etc/rc2.d/S21teamspeak sudo ln -s ../init.d/teamspeak /etc/rc3.d/S21teamspeak sudo ln -s ../init.d/teamspeak /etc/rc4.d/S21teamspeak sudo ln -s ../init.d/teamspeak /etc/rc5.d/S21teamspeak sudo ln -s ../init.d/teamspeak /etc/rc6.d/K21teamspeak
Viola, you should now have a working Teamspeak 3 server.
BOOTNOTE:
For my initial install, and for the basis of the majority of this, I used this as a reference. Items listed in bold with ** are most likely not the correct file names for the command, I am not close to my server or an available shell to pull the correct parameters at present, but I will update ASAP. As an additional side note, my first impressions of TS3 are very good… It has tons of new features, looks good and the voice quality is very good indeed. My only concern is however the permissions system is very bulky, difficult to understand, and unless you are reasonably familiar with administering a Teamspeak server already, the documentation is not as straight forward as people believe. Still, however, a great job. Well done Teamspeak 3 development team!
UPDATE: Fixed formatting issue, kinda… provided link to pastebin.
UPDATE: Fixed information regarding server executable. Added /etc/init.d/teamspeak file, available for download here, removed pastebin link.
#! /bin/sh ### BEGIN INIT INFO # Provides: teamspeak # Required-Start: networking # Required-Stop: # Default-Start: 2 3 4 5 # Default-Stop: S 0 1 6 # Short-Description: TeamSpeak Server Daemon # Description: Starts/Stops/Restarts the TeamSpeak Server Daemon ### END INIT INFO set -e PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin DESC="TeamSpeak Server" NAME=teamspeak USER=teamspeak DIR=/opt/tss2_rc2 DAEMON=$DIR/server_linux #PIDFILE=/var/run/$NAME.pid SCRIPTNAME=/etc/init.d/$NAME # Gracefully exit if the package has been removed. test -x $DAEMON || exit 0 d_start() { start-stop-daemon --start --quiet \ --chuid $USER \ --chdir $DIR \ --exec $DAEMON \ > /dev/null \ || echo -n " already running" } d_stop() { start-stop-daemon --stop --quiet \ --chuid $USER \ --chdir $DIR \ --exec $DAEMON \ || echo -n " not running" } case "$1" in start) echo -n "Starting $DESC: $NAME" d_start echo "." ;; stop) echo -n "Stopping $DESC: $NAME" d_stop echo "." ;; restart|force-reload) echo -n "Restarting $DESC: $NAME" d_stop sleep 15 d_start echo "." ;; *) echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2 exit 3 ;; esac exit 0
Brute force SSH attacks.
I have spoken to a good few people and on the matter and one thing they consistantly ask is “How do I know my server is under attack?”, its simple really… if you keep a close eye (in Ubuntu at least) on /var/log/auth.log, you can see all login attempts on the system. Here is an example log of a brute force attack on my very own server…
Dec 7 01:30:02 phonebox sshd[14378]: Invalid user aleph from 60.19.28.27
Dec 7 01:30:02 phonebox sshd[14378]: pam_unix(sshd:auth): check pass; user unknown
Dec 7 01:30:02 phonebox sshd[14378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.19.28.27
Dec 7 01:30:04 phonebox sshd[14378]: Failed password for invalid user aleph from 60.19.28.27 port 16699 ssh2
Dec 7 01:30:08 phonebox sshd[14461]: Invalid user pechantal from 60.19.28.27
Dec 7 01:30:08 phonebox sshd[14461]: pam_unix(sshd:auth): check pass; user unknown
Dec 7 01:30:08 phonebox sshd[14461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.19.28.27
Dec 7 01:30:10 phonebox sshd[14461]: Failed password for invalid user pechantal from 60.19.28.27 port 17732 ssh2
Dec 7 01:30:14 phonebox sshd[14464]: Invalid user komtemp from 60.19.28.27
Dec 7 01:30:14 phonebox sshd[14464]: pam_unix(sshd:auth): check pass; user unknown
Dec 7 01:30:14 phonebox sshd[14464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.19.28.27
Dec 7 01:30:16 phonebox sshd[14464]: Failed password for invalid user komtemp from 60.19.28.27 port 18807 ssh2
Dec 7 01:30:20 phonebox sshd[14466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.19.28.27 user=root
Dec 7 01:30:22 phonebox sshd[14466]: Failed password for root from 60.19.28.27 port 19764 ssh2
Dec 7 01:30:54 phonebox sshd[14470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.19.28.27 user=root
Dec 7 01:30:56 phonebox sshd[14470]: Failed password for root from 60.19.28.27 port 26354 ssh2
Dec 7 01:30:59 phonebox sshd[14473]: Invalid user test from 60.19.28.27
Dec 7 01:31:00 phonebox sshd[14473]: pam_unix(sshd:auth): check pass; user unknown
Dec 7 01:31:00 phonebox sshd[14473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.19.28.27
Dec 7 01:31:01 phonebox sshd[14473]: Failed password for invalid user test from 60.19.28.27 port 27410 ssh2
Dec 7 01:31:05 phonebox sshd[14475]: Invalid user teste from 60.19.28.27
Dec 7 01:31:05 phonebox sshd[14475]: pam_unix(sshd:auth): check pass; user unknown
Dec 7 01:31:05 phonebox sshd[14475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.19.28.27
Dec 7 01:31:07 phonebox sshd[14475]: Failed password for invalid user teste from 60.19.28.27 port 28724 ssh2
Dec 7 01:31:10 phonebox sshd[14477]: Invalid user teste from 60.19.28.27
Dec 7 01:31:10 phonebox sshd[14477]: pam_unix(sshd:auth): check pass; user unknown
Dec 7 01:31:10 phonebox sshd[14477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.19.28.27
Dec 7 01:31:12 phonebox sshd[14477]: Failed password for invalid user teste from 60.19.28.27 port 29661 ssh2
Dec 7 01:31:15 phonebox sshd[14479]: Invalid user teste from 60.19.28.27
Dec 7 01:31:16 phonebox sshd[14479]: pam_unix(sshd:auth): check pass; user unknown
Dec 7 01:31:16 phonebox sshd[14479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.19.28.27
Dec 7 01:31:18 phonebox sshd[14479]: Failed password for invalid user teste from 60.19.28.27 port 30627 ssh2
Dec 7 01:31:21 phonebox sshd[14482]: Invalid user pa$$w0rd from 60.19.28.27
Dec 7 01:31:22 phonebox sshd[14482]: pam_unix(sshd:auth): check pass; user unknown
Dec 7 01:31:22 phonebox sshd[14482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.19.28.27
Dec 7 01:31:23 phonebox sshd[14482]: Failed password for invalid user pa$$w0rd from 60.19.28.27 port 31753 ssh2
Dec 7 01:31:26 phonebox sshd[14484]: Invalid user testing from 60.19.28.27
Dec 7 01:31:27 phonebox sshd[14484]: pam_unix(sshd:auth): check pass; user unknown
Dec 7 01:31:27 phonebox sshd[14484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.19.28.27
Dec 7 01:31:28 phonebox sshd[14484]: Failed password for invalid user testing from 60.19.28.27 port 32702 ssh2
Dec 7 01:31:32 phonebox sshd[14486]: Invalid user tst from 60.19.28.27
Dec 7 01:31:32 phonebox sshd[14486]: pam_unix(sshd:auth): check pass; user unknown
Dec 7 01:31:32 phonebox sshd[14486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.19.28.27
Dec 7 01:31:35 phonebox sshd[14486]: Failed password for invalid user tst from 60.19.28.27 port 33652 ssh2
Dec 7 01:31:38 phonebox sshd[14489]: Invalid user spam from 60.19.28.27
Dec 7 01:31:38 phonebox sshd[14489]: pam_unix(sshd:auth): check pass; user unknown
Dec 7 01:31:38 phonebox sshd[14489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.19.28.27
Dec 7 01:31:40 phonebox sshd[14489]: Failed password for invalid user spam from 60.19.28.27 port 34704 ssh2
Now, there is a lot more activity in the log than this, however this should give the general idea of what to look out for… If you happen to be lucky enough to have a MikroTik router, you can help slow or prevent this with some creative firewall rules, here are the rules I am using for this, as provided in the MikroTik WiKi.
/ip firewall filter add chain=input protocol=tcp dst-port=22 src-address-list=ssh_blacklist action=drop comment=”drop ssh brute forcers” disabled=no
/ip firewall filter add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage3 action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=10d comment=”" disabled=no
/ip firewall filter add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage2 action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m comment=”" disabled=no
/ip firewall filter add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage1 action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m comment=”" disabled=no
/ip firewall filter add chain=input protocol=tcp dst-port=22 connection-state=new action=adadd chain=forward protocol=tcp dst-port=22 src-address-list=ssh_blacklist action=drop comment=”drop ssh brute downstream” disabled=nod-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m comment=”" disabled=no