Archive for the 'Linux Support' Category

SBDavid
Oct 31st, 2010

Check the most IP connect to server

Check the most IP connect to server

netstat -an | grep :80 | awk ‘{print $5}’ | sed -e s/’:.*’/”/g | sort | uniq -c

or

netstat -anp |grep ‘tcp\|udp’ | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n

or

netstat -ntu | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n
SBDavid
Oct 31st, 2010

Block an IP from access to your server with IPtable

Block an IP from access to your server with IPtable

Use the command netstat -n command to see the IP addresses connected to your server. Once you have found the IP address you want to block you can use the following below command to block them from accessing your server using iptables.

-I INPUT 1 means to insert the rule at the top of the INPUT table (which means it will get looked at first)

-s IP-ADDRESSS is the source address of the packets we want to deal with

-j DROP means dump the packets into the void, and forget they ever happened.

iptables -I INPUT 1 -s IP-ADDRESSS -j DROP
SBDavid
Oct 30th, 2010

Add user to sudoers list

Add user to sudoers list

sudoers - list of which users may execute what.

Login as root and then run the command visudo, add a line. Replace username to the actual user name.

username ALL=(ALL) ALL

/etc/sudoers - This file MUST be edited with the ‘visudo’ command as root.

To add all user in wheel group to sudoers list, login as root and then run the command visudo to uncomment the line below, or add this line is it not exist.

%wheel ALL=(ALL) ALL
SBDavid
Oct 29th, 2010

Start of Authority (SOA) record

Start of Authority (SOA) record

The SOA record is the first record in a properly configured zone. It contains information about the zone in a string of fields. An SOA record tells the server to be authoritative for the zone. The SOA record takes the format.

Example:

domain.name. IN SOA hostname.domain.name. mailbox.domain.name
serial-number
refresh
retry
expire
minimum-ttl

domain.name - The name of the domain to which the SOA belongs. Instead of writing out the full domain, you can also use ‘@’ in the file to let the nameserver fill this out automatically.

IN - The class of the DNS record. ‘IN’ is an abbreviated form of ‘Internet’.
SOA - The type of DNS record, which in this case is ‘Start of Authority’.

hostname.domain.name - Also known as the ‘hostmaster’ field. It contains the e-mail address of the person responsible for maintaining the zone.

minimum-ttl - The default TTL (Time To Live) for every record in the zone. The default is only used when a particular resource record does not have its own specified TTL value. When changes are being made to a zone, the default is often set at ten minutes or less.

SBDavid
Oct 25th, 2010

Limit SSH access By IP Address

Limit SSH access By IP Address

Secure your server more, and prevent brute force attacks, you can limit SSHd to certain IP addresses by manipulating the /etc/hosts.allow file and the /etc/hosts.deny file.

Open /etc/hosts.allow

Use the following command to open the hosts.allow file:

vi /etc/hosts.allow

Once this file is open, add the following line:

SSHD : ipaddress : ALLOW

Open /etc/hosts.deny

Use the following command to open the hosts.deny file:

vi /etc/hosts.deny

Once it opens, add the following line to the file:

SSHD : ALL : DENY

Save and exit, and you have successfully limited SSH access by IP address.

« Prev - Next »