Category Archives: Server

New theme for a new server!

Posted on by
Reply

Howdy Folks,

I have been working hard here in the background getting rid of all of my hosting accounts and consolidating everything into one (relatively) easy to manage VPS or Virtual Private Server which I got for cheap from the guys (and presumably girls) at ThrustVPS who seem to be running  tight ship, I don’t have any stats on uptime or that so far; but everything has gone smoothly. And when they say instant setup, they mean it.

Thats enough of plugging someone else’s company for now… not that I have my own to run… yet. I have managed so far to implement a custom firewall that suits my needs quite nicely, my own email system, the general webserver / mySQL server etc… and all seems to be running very smoothly for such a cheap box, I do intend however to document all of the install processes I have gone through to get this far, and if your really nice, I might even share my custom backup script with y’all.

Anyways, I just said I would pop on and give a quick update before I get to bed for work.

Linux Firewalls – Attack detection and response with iptables, PSAD, and FWSNORT.

Posted on by
Reply

I seem to work best at night, it’s dark out, and generally quite dark inside too; there is more bandwidth because it is off peek, and in general there is nobody coming over or phoning and interrupting me. Incidentally, its also when I do the majority of my reading, at home; in bed, at night. Much more pleasant that way…
PSAD
Anyway, the latest book I have been reading is called “Linux Firewalls – Attack detection and response with iptables, PSAD and FWSNORT” by Michael Rash who, incidentally runs CipherDyne.org – the site where PSAD, FWSNORT and a fair few other Linux and security tools are developed. Now, you may think that with a title like that your going to have to know a lot about Linux and Firewalls before you begin but that is simply not true, Linux Firewalls takes you right from the very start of how iptables works to manually porting Snort rules over to iptables for detection, and in my humble opinion, it does a damn good job of it. In fact, it done such a good job of it, I have used the reference firewall scripts and PSAD configurations to install and configure iptables and PSAD on my new VPS, which I will hopefully be moving some of my sites to.

Some of the things you should probably have already if you want to get the best out of Linux Firewalls is…

  • A comfortable familiarity with the distribution of Linux you wish to use.
  • Basic understanding of how networks communicate.
  • Reasonable understanding of how TCP works (ie. the three way handshake)
  • Reasonable understanding of how UDP works
  • A system to test this stuff on, if you don’t have a system to test this stuff out on, you could always set up a few virtual machines using VirtualBox or VMWare.
  • A will to learn about this kind of stuff

Missing any one of these things (except the will to learn, thats pretty important) probably isn’t going to be a huge deal, but if your missing a lot of them, you might struggle a bit with some of the concepts.

Here is a sample of one of the basic Linux Firewall scripts that I have adapted from the book…

#!/bin/sh
 
#Port and IP addresses changed to protect the innocent.
 
IPTABLES=/sbin/iptables
MODPROBE=/sbin/modprobe
 
### Flush existing rules and settings. Set to default drop.
echo "[+] Flushing existing iptables rules..."
$IPTABLES -F
$IPTABLES -X
#$IPTABLES -t nat -F
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT DROP
#$IPTABLES -P FORWARD DROP
 
### Load the connection tracking modules. Not going to bother with NAT
echo "[+] Loading conntrack support..."
$MODPROBE ip_conntrack
$MODPROBE ip_conntrack_ftp
 
### Input Chain
echo "[+] Setting up INPUT chain..."
$IPTABLES -A INPUT -m state --state INVALID -j LOG --log-prefix "DROP INVALID " --log-ip-options --log-tcp-options
$IPTABLES -A INPUT -m state --state INVALID -j DROP
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
 
### Allowing Broadcasts
$IPTABLES -A INPUT -d 255.255.255.255 -j ACCEPT
$IPTABLES -A INPUT -d x.x.x.x -j ACCEPT #Replace the x's with your network's broadcast address
 
### Anti-spoofing measures
#$IPTABLES -A INPUT -i eth0 -j LOG --log-prefix "SPOOFED PKT "
#$IPTABLES -A INPUT -i eth0 -j DROP
 
### Accept rules...
$IPTABLES -A INPUT -i lo -j ACCEPT #All local connections
$IPTABLES -A INPUT -i eth0 -p tcp --dport 80 --syn -m state --state NEW -j ACCEPT #Webserver
$IPTABLES -A INPUT -i eth0 -p tcp --dport 22 --syn -m state --state NEW -j ACCEPT #SSHd
$IPTABLES -A INPUT -i eth0 -p tcp --dport 1000 --syn -m state --state NEW -j ACCEPT #Webmin
$IPTABLES -A INPUT -p icmp --icmp-type echo-request -j ACCEPT #Accept Ping's
 
### Output Chain
echo "[+] Setting up OUTPUT chain - Allowing all!"
$IPTABLES -A OUTPUT -j ACCEPT
 
### Forward Chain
echo "[+] Setting up FORWARD chain - Nothing to do."
$IPTABLES -A FORWARD -j LOG --log-prefix "DROP FORWARD " --log-ip-options --log-tcp-options
$IPTABLES -A FORWARD -j DROP

I hope that this impromptu book review is of at least some help to you.

Side Note: The bold bits in the posting are for a little test that I  am doing on keyword density… I’ll let you all know how it goes.

Teamspeak 3 server on Ubuntu

Posted on by
1

Well, Teamspeak have finally released their new server platform for a public BETA test, although supposedly in this state the code is not meant to be stable, it appears to be working quite well on my Ubuntu server here at home. This is what I done to get it up and running – as a service from init.d no less. Before doing any of the following steps, please be aware that this IS BETA code and WILL contain bugs that may introduce security issues. The first step is to create a user that the Teamspeak executable can run as, this user should have a complex password for security reasons. This user will also not require a shell account.

sudo adduser teamspeak

Fill in the questions presented by the adduser application.

sudo usermod -s /bin/false teamspeak

The above command will change the users shell to be /bin/false ie. no shell. Now it is time to go and get Teamspeak… visit http://www.goteamspeak.com and find the correct package for the architecture you wish to use ie. Teamspeak_3.0.0-Beta5-32bit…

wget http://ftp.4players.de/pub/hosted/ts3/releases/beta-5/teamspeak3-server_linux-x86-3.0.0-beta5.tar.gz tar -zxvf teamspeak3-server_linux-x86-3.0.0-beta5.tar.gz

Now its time to move the new TS3 directory to its new home…

sudo mv ./teamspeak3-server_linux-x86-3.0.0-beta5 /opt/TS3 sudo chown -R teamspeak /opt/TS3

The above will place TS3 in /opt/TS3 and give ownership of the contents to the user teamspeak. It is now possible to run Teamspeak, however as veteran Teamspeak users will know, the first time you run the Teamspeak server you are presented with a username/password combo that cannot be recovered without resetting the server. In TS3 you will also be presented with a `token` (all of this is described in the Teamspeak documentation). So for the first run, the following command will allow you to gather these details, they should be noted carefully for future reference.

sudo start-stop-daemon –chuid teamspeak –chdir /opt/TS3 –start –exec /opt/TS3/ts3server_linux_x86

From this, you should see the serveradmin user and password. You can now ^C that and be returned to the normal shell, if you cat /opt/TS3/logs/* you will be presented with the token you require to obtain server-admin status on the new server. The last part is to create a script for /etc/init.d/ to launch Teamspeak each time the system is booted to the correct runlevel. /etc/init.d/skeleton provides a suitable framework for this, here is the script I am using, just about… NOTE: WordPress does not want to format this correctly for me, as such, here is a link to the file in a tar archive. If you follow these instructions and are running a 32bit server, the following file will work out of the box. /etc/init.d/teamspeak This file must then be made executable with

sudo chmod +x /etc/init.d/teamspeak

And finally, the init file must be symlinked to each of the runlevel start dirs using the following…

sudo ln -s ../init.d/teamspeak /etc/rc0.d/K21teamspeak sudo ln -s ../init.d/teamspeak /etc/rc1.d/K21teamspeak sudo ln -s ../init.d/teamspeak /etc/rc2.d/S21teamspeak sudo ln -s ../init.d/teamspeak /etc/rc3.d/S21teamspeak sudo ln -s ../init.d/teamspeak /etc/rc4.d/S21teamspeak sudo ln -s ../init.d/teamspeak /etc/rc5.d/S21teamspeak sudo ln -s ../init.d/teamspeak /etc/rc6.d/K21teamspeak

Viola, you should now have a working Teamspeak 3 server.

BOOTNOTE:

For my initial install, and for the basis of the majority of this, I used this as a reference. Items listed in bold with ** are most likely not the correct file names for the command, I am not close to my server or an available shell to pull the correct parameters at present, but I will update ASAP. As an additional side note, my first impressions of TS3 are very good… It has tons of new features, looks good and the voice quality is very good indeed. My only concern is however the permissions system is very bulky, difficult to understand, and unless you are reasonably familiar with administering a Teamspeak server already, the documentation is not as straight forward as people believe. Still, however, a great job. Well done Teamspeak 3 development team!

UPDATE: Fixed formatting issue, kinda… provided link to pastebin.

UPDATE: Fixed information regarding server executable. Added /etc/init.d/teamspeak file, available for download here, removed pastebin link.

#! /bin/sh
### BEGIN INIT INFO
# Provides:          teamspeak
# Required-Start:    networking
# Required-Stop:
# Default-Start:     2 3 4 5
# Default-Stop:      S 0 1 6
# Short-Description: TeamSpeak Server Daemon
# Description:       Starts/Stops/Restarts the TeamSpeak Server Daemon
### END INIT INFO

set -e

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DESC="TeamSpeak Server"
NAME=teamspeak
USER=teamspeak
DIR=/opt/tss2_rc2
DAEMON=$DIR/server_linux
#PIDFILE=/var/run/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME

# Gracefully exit if the package has been removed.
test -x $DAEMON || exit 0

d_start() {
        start-stop-daemon --start --quiet \
                --chuid $USER \
                --chdir $DIR \
                --exec $DAEMON \
                > /dev/null \
                || echo -n " already running"
}

d_stop() {
        start-stop-daemon --stop --quiet \
                --chuid $USER \
                --chdir $DIR \
                --exec $DAEMON \
                || echo -n " not running"
}

case "$1" in
  start)
        echo -n "Starting $DESC: $NAME"
        d_start
        echo "."
        ;;
  stop)
        echo -n "Stopping $DESC: $NAME"
        d_stop
        echo "."
        ;;
  restart|force-reload)
        echo -n "Restarting $DESC: $NAME"
        d_stop
        sleep 15
        d_start
        echo "."
        ;;
  *)
        echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
        exit 3
        ;;
esac

exit 0