Choose Server

Posted by root on Tuesday Mar 14, 2017 Under Bash, Debian, Linux, Server

Dedicated Server parameters and requirements to consider on choosing a server:

-Price
-Location of the Server
-Hosting Company Reputation
-Managed / Unmanaged Server
-Debian / Centos / Freebsd
-Operating system encrypted?
-connection ssl?
-Certificate ssl ?
-Internet T1 line / bandwidth / unmetered connection
-Memory Ram / ecc amount and type / encrypted ram?
-Type Disk (ssd preferably) / self encrypted drives? / SAS hard drives?
-uptime company
-backups
-brand hardware used (samsung / asus / intel / western digital)
-Datacenter Infrastructure (power, fire detection etc)
-Firewall Iptables / router / ddos protection
-Control Panel- plesk / cpanel / webmin / ajentis / zpanel / ispconfig
-connection ipv4 or ipv6
-type of Raid or lvm chosen
-server hardware dust filters
-cooling type
-remote reboot / wake on wan / remote access
-bios type & brand
-Power / energy consumption
-Software used on server server
-automation-scripts
-technical support response time
-contact company before purchasing services package
-test panel demos

Access to the server using:
-sftp
-ssh v3
-vpn
-file permissions
-sstp

Security
-used protocols
-disable root
-close ports + services
-IDS snort (intrusion detecting system)
-mail filters / spamassassin + failban
-Logs / Backlog
-Password Policy
-Types of Encryption and ciphers used (sha1, md5, des, diffie hellman etc)
-backups
-Access control list
-All passwords different and complex

Plataformas teste Vulnerabilidades:
https://pentesterlab.com
http://vulnhub.com/
https://www.lunarpages.com/uptime/securing-your-linux-dedicated-server

 

Documentação extra ler:
https://en.wikipedia.org/wiki/Server_(computing)
http://uptime.netcraft.com/


http://wikibon.org/wiki/v/Server_Options:_When_to_Lease_vs._When_to_Buy
http://www.cyberciti.biz/faq/data-center-standard-overview/
http://www.cyberciti.biz/tips/linux-security.html

Lista Datacenter internacionais:
http://wiredre.com/international-data-center-list/
http://uptimeinstitute.com/TierCertification/

Empresas Hosting :
https://www.ovh.pt/servidores_dedicados/
https://www.hetzner.de/
http://www.server4you.com/
http://www.online.net/

Observação- sempre comprar no país que oferece  preço mais baixo!

Hosting Companies Extra:
http://english.keyweb.de/products/server/dedicated-server/
https://www.hosteurope.de/en/Server/Root-Server/
http://www.df.eu/

Products


https://www.1and1.co.uk/server-dedicated-l?linkOrigin=dedicated-server&linkId=ct.btn.server-dedicated-l
http://www.webtropia.com/en/root-server/root-server-details.html?pid=RootS
http://www.serversfree.com/server-features/
https://www.copahost.com/en/managed-dedicated-servers

VPS
https://www.linode.com/
https://www.digitalocean.com/
http://contabo.com
https://www.time4vps.eu/cart.php?a=view
http://www.server4you.com/vps/
https://ramnode.com/vps.php

Servidores Dedicados

Análises Seg:
http://www.inguardians.com/
http://www.modzero.ch/en/contact.html
http://www.offensive-security.com/

SOFTWARE
foreman
openstack
puppet
squid
ferm
fail2ban
snort
spam assassin
dnswall
setup dns

Tags : | add comments

#tcpdump examples

Posted by root on Tuesday Mar 7, 2017 Under Bash, Network

In most cases you will need root permission to be able to capture packets on an interface. Using tcpdump (with root) to capture the packets and saving them to a file to analyze with Wireshark (using a regular account) is recommended over using Wireshark with a root account to capture packets on an “untrusted” interface. See the Wireshark security advisories for reasons why.

See the list of interfaces on which tcpdump can listen:

tcpdump -D

Listen on interface eth0:

tcpdump -i eth0

Listen on any available interface (cannot be done in promiscuous mode. Requires Linux kernel 2.2 or greater):

tcpdump -i any

Be verbose while capturing packets:

tcpdump -v

Be more verbose while capturing packets:

tcpdump -vv

Be very verbose while capturing packets:

tcpdump -vvv

Be verbose and print the data of each packet in both hex and ASCII, excluding the link level header:


tcpdump -v -X

Be verbose and print the data of each packet in both hex and ASCII, also including the link level header:

tcpdump -v -XX

Be less verbose (than the default) while capturing packets:

tcpdump -q

Limit the capture to 100 packets:

tcpdump -c 100

Record the packet capture to a file called capture.cap:

tcpdump -w capture.cap

Record the packet capture to a file called capture.cap but display on-screen how many packets have been captured in real-time:

tcpdump -v -w capture.cap

Display the packets of a file called capture.cap:

tcpdump -r capture.cap

Display the packets using maximum detail of a file called capture.cap:

tcpdump -vvv -r capture.cap

Display IP addresses and port numbers instead of domain and service names when capturing packets (note: on some systems you need to specify -nn to display port numbers):

tcpdump -n

Capture any packets where the destination host is 192.168.1.1. Display IP addresses and port numbers:

tcpdump -n dst host 192.168.1.1

Capture any packets where the source host is 192.168.1.1. Display IP addresses and port numbers:

tcpdump -n src host 192.168.1.1

Capture any packets where the source or destination host is 192.168.1.1. Display IP addresses and port numbers:


tcpdump -n host 192.168.1.1

Capture any packets where the destination network is 192.168.1.0/24. Display IP addresses and port numbers:

tcpdump -n dst net 192.168.1.0/24

Capture any packets where the source network is 192.168.1.0/24. Display IP addresses and port numbers:

tcpdump -n src net 192.168.1.0/24

Capture any packets where the source or destination network is 192.168.1.0/24. Display IP addresses and port numbers:

tcpdump -n net 192.168.1.0/24

Capture any packets where the destination port is 23. Display IP addresses and port numbers:

tcpdump -n dst port 23

Capture any packets where the destination port is is between 1 and 1023 inclusive. Display IP addresses and port numbers:

tcpdump -n dst portrange 1-1023

Capture only TCP packets where the destination port is is between 1 and 1023 inclusive. Display IP addresses and port numbers:

tcpdump -n tcp dst portrange 1-1023

Capture only UDP packets where the destination port is is between 1 and 1023 inclusive. Display IP addresses and port numbers:

tcpdump -n udp dst portrange 1-1023

Capture any packets with destination IP 192.168.1.1 and destination port 23. Display IP addresses and port numbers:

tcpdump -n "dst host 192.168.1.1 and dst port 23"

Capture any packets with destination IP 192.168.1.1 and destination port 80 or 443. Display IP addresses and port numbers:

tcpdump -n "dst host 192.168.1.1 and (dst port 80 or dst port 443)"

Capture any ICMP packets:

tcpdump -v icmp

Capture any ARP packets:

tcpdump -v arp

Capture either ICMP or ARP packets:


tcpdump -v "icmp or arp"

Capture any packets that are broadcast or multicast:

tcpdump -n "broadcast or multicast"

Capture 500 bytes of data for each packet rather than the default of 68 bytes:

tcpdump -s 500

Capture all bytes of data within the packet:

tcpdump -s 0

Based on Article first published March 13, 2010. Last updated October 1, 2014 by RationallyPARANOID.com

Tags : , , | add comments

#iptables Block Incoming Port

Posted by root on Sunday Apr 17, 2016 Under Bash, Debian, Network

The syntax is as follows to block incoming port using IPtables:

/sbin/iptables -A INPUT -p tcp --destination-port {PORT-NUMBER-HERE} -j DROP
 
### interface section use eth1 ###
/sbin/iptables -A INPUT -i eth1 -p tcp --destination-port {PORT-NUMBER-HERE} -j DROP
 
### only drop port for given IP or Subnet ##
/sbin/iptables -A INPUT -i eth0 -p tcp --destination-port {PORT-NUMBER-HERE} -s {IP-ADDRESS-HERE} -j DROP
/sbin/iptables -A INPUT -i eth0 -p tcp --destination-port {PORT-NUMBER-HERE} -s {IP/SUBNET-HERE} -j DROP
Tags : , , , | add comments

Webmin SSL certificate

Posted by root on Monday Nov 11, 2013 Under Bash, Centos, Debian, Linux, SSH

This happens because the default SSL certificate that is generated by webmin is not issued by a recognized certificate authority. From a security point of view, this makes the certificate less secure because an attacker could theoretically redirect traffic from your server to another machine without you knowing, which is normally impossible if using a proper SSL certificate. Network traffic is still encrypted though, so you are safe against attackers who are just listening in on your network connection.

If you want to be really sure that the Webmin server you are connecting to is really your own, the only solution is to order a certificate from an authority like Verisign that is associated with your server’s hostname and will be recognized web browsers. This certificate should be placed in the file /etc/webmin/miniserv.pem and be in the same certifcate+key format as the existing miniserv.pem file.

To request a certificate, follow these steps :


Run the command

openssl genrsa -out key.pem 2048

This will create the file key.pem which is your private key

Run the command

openssl req -new -key key.pem -out req.pem

When it asks for the common name, be sure to enter the full hostname of your server as used in the URL, like www.yourserver.com. This will create the file req.pem, which is the certificate signing request (CSR)
Send the CSR to your certificate authority by whatever method they use. They should send you back a file that starts with —–BEGIN CERTIFICATE—– which can be put in the file cert.pem.

Combine the private key and certificate with the command cat key.pem cert.pem

/etc/webmin/miniserv.pem

Re-start webmin (making sure it is in SSL mode) to use the new key.

Tags : , , | add comments

Install KVM QEMU Virtual Machines in Debian

Posted by root on Sunday Oct 20, 2013 Under Bash, Linux, SSH, Ubuntu, VM

Introduction

KVM is a full virtualization solution for Linux on x86 (64-bit included) hardware containing virtualization extensions (Intel VT or AMD-V). It consists of a loadable kernel module, kvm.ko, that provides the core virtualization infrastructure and a processor specific module, kvm-intel.ko or kvm-amd.ko.

In Debian, Xen and VirtualBox are alternatives to KVM.

 

Installation

Install the qemu-kvm package with apt-get or aptitude, e.g. using this command:

 

aptitude install qemu-kvm libvirt-bin

The daemon libvirt-bin daemon will start automatically at boot time and load the appropriate kvm modules, kvm-amd or kvm-intel, which are shipped with the Linux kernel Debian package. If you intend create VMs from the command-line, install virtinst.

In order to be able to manage virtual machines as regular user you should put this user into the libvirt group:

 

adduser youruser libvirt

 

Setting up bridge networking

It can be useful to set up a bridge for the KVM VMs as described here at QEMU page.

 

Managing VMs from the command-line

You can then use the virsh(1) command to start and stop virtual machines. VMs can be generated using virtinst. For more details see the libvirt page. Virtual machines can also be controlled using the kvm command in a similar fashion to QEMU.

 

Managing VMs with a GUI

On the other hand, if you want to use a graphical UI to manage the VMs, you can use the Virtual Machine Manager virt-manager.

apt-get install virt-manager

 

Migrating guests to a Debian host

 

Migrating guests from RHEL/CentOS 5.x

There are a few minor things in guest XML configuration files (/etc/libvirt/qemu/*.xml you need to modify:

  • Machine variable in <os> section should say pc, not rhel5.4.0 or similar
  • Emulator entry should point to /usr/bin/kvm, not /usr/libexec/qemu-kvm

In other words, the relevant sections should look something like this:

 

  &lt;os&gt;
    &lt;type arch='x86_64' machine='pc'&gt;hvm&lt;/type&gt;

  --- snip ---

  &lt;devices&gt;
    &lt;emulator&gt;/usr/bin/kvm&lt;/emulator&gt;

If you had configured a bridge network on the CentOS host, please refer to this wiki article on how to make it work on Debian.

 

Troubleshooting

No network bridge available

virt-manager uses a virtual network for its guests, by default this is routed to 192.168.122.0/24 and you should see this by typing ip route as root.

If this route is not present in the kernel routing table then the guests will fail to connect and you will not be able to complete a guest creation.

Fixing this is simple, open up virt-manager and go to “Edit” -> “Host details” -> “Virtual networks” tab. From there you may create a virtual network of your own or attempt to fix the default one. Usually the problem exists where the default network is not started.

cannot create bridge ‘virbr0’: File exists:

To solve this probelm you may remove the virbr0 by running:

brctl delbr virbr0

Open virt-manager and go to “Edit” -> “Host details” -> “Virtual networks” start the default network.

You can check the netstatus

virsh net-list --all

 

Optionally, you can use bridge network BridgeNetworkConnections

 

See also

 

External links


 

CategorySystemAdministration

Tags : | add comments

How to control audio in debian?

Posted by root on Tuesday Aug 20, 2013 Under Bash, Debian, Linux

PulseAudio Volume Control (pavucontrol) is a simple GTK based volume control tool (“mixer”) for the PulseAudio sound server. In contrast to classic mixer tools this one allows you to control both the volume of hardware devices and of each playback stream separately.

 

apt-get install pavucontrol

 

Tags : | add comments

sshfs – failed to open /dev/fuse: Permission denied

Posted by root on Saturday Jul 27, 2013 Under Bash, Debian, Linux, Ubuntu

 

Problem:

fusermount: failed to open /dev/fuse: Permission denied

Solution:

usermod -G fuse &lt;your-username&gt;
reboot

Depending on your setup you may need to prefix the solution commands with sudo although this isn’t specific to any platform and many user su. You may not need to reboot but it could save you some hassle in the long run if the problem still persists.  It’s common sense but just in case you didn’t get it, replace <your-username> with the username you use.

Tags : | add comments

Stop / Restart / Start Open SSH Server

Posted by root on Monday Jun 17, 2013 Under Bash, Remote Access, SSH

Ubuntu Linux: Start OpenSSH Server

Type the following command:
$ sudo /etc/init.d/ssh start
OR
$ sudo service ssh start

Ubuntu Linux: Stop OpenSSH server

Type the following command:
$ sudo /etc/init.d/ssh stop
OR
$ sudo service ssh stop

Ubuntu Linux: Restart OpenSSH server

Type the following command:
$ sudo /etc/init.d/ssh restart
OR
$ sudo service ssh restart

Ubuntu Linux: See status of OpenSSH server

Type the following command:
$ sudo /etc/init.d/ssh status
OR
$ sudo service ssh status

Controlling sshd using upstart based commands

Since the script /etc/init.d/ssh has been converted to an Upstart based job, try the following commands to start / stop / restart the OpenSSH server:

Stop/Start/Restart the OpenSSH using the following commands

The syntax is:

 
sudo stop ssh
sudo start ssh
sudo restart ssh
sudo status ssh

Source: http://www.cyberciti.biz/faq/howto-start-stop-ssh-server/
Tags : | add comments

VNC Server on KDE and Lubuntu

Posted by root on Wednesday May 22, 2013 Under Bash, Debian, Linux, Remote Access, Ubuntu

To run a fast desktop manager over slow internet connection use LXDE Desktop Manager or Lubuntu.

The file “~//.vnc/xstartup” must be changed such way:

#!/bin/sh
xrdb $HOME/.Xresources
xsetroot -solid black
lxterminal &amp;
/usr/bin/lxsession -s LXDE &amp;

For Lubuntu:

#!/bin/sh
[ -r HOME/.Xresources ] &amp;&amp; xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &amp;
x-terminal-emulator -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &amp;

/usr/bin/lxsession -s Lubuntu -e LXDE &amp;
Tags : | add comments

Mounting a Linux Raid Partition

Posted by root on Wednesday May 22, 2013 Under Bash

Error:

mount: unknown filesystem type 'linux_raid_member'
# fdisk -l /dev/sdb 

WARNING: GPT (GUID Partition Table) detected on '/dev/sdb'! The util fdisk doesn't support GPT. Use GNU Parted.

Solution:

You should not mount it directly using mount. You need first to run mdadm to assemble the raid array. A command like this should do it:

$ mdadm --assemble --run /dev/md0 /dev/sdc1

If it refuses to run the array because it will be degraded, then you can use –force option. This is assuming you don’t have /dev/md0 device. Otherwise, you need to change this name.

When this command is executed successfully, you can mount the created device normally using:

$ mount /dev/md0 /mnt/test
Tags : | add comments