Add configure to /etc/fail2ban/jail.local
========================
[http-get-dos]
enabled = true
port = http,https
filter = http-get-dos
logpath = /var/log/apache2/access.log
# maxretry is how many GETs we can have in the findtime period before getting narky
maxretry = 300
# findtime is the time period in seconds in which we're counting "retries" (300 seconds = 5 mins)
findtime = 300
# bantime is how long we should drop incoming GET requests for a given IP for, in this case it's 5 minutes
bantime = 300
action = iptables[name=HTTP, port=http, protocol=tcp]
Create Filter file /etc/fail2ban/filter.d/http-get-dos.conf
=======================================
[Definition]
# Option: failregex
# Note: This regex will match any GET entry in your logs, so basically all valid and not valid entries are a match.
# You should set up in the jail.conf file, the maxretry and findtime carefully in order to avoid false positives.
failregex = ^<HOST> -.*"(GET|POST).*
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
@start service
/etc/init.d/fail2ban start
/etc/init.d/fail2ban stop
Connect Load test from client (192.168.1.14)
================================
[root@Client-01 ~]# ab -n 100 -c 10 http://192.168.1.191/
This is ApacheBench, Version 2.0.40-dev <$Revision: 1.146 $> apache-2.0
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Copyright 2006 The Apache Software Foundation, http://www.apache.org/
Benchmarking 192.168.1.191 (be patient)
Completed 100 requests
Completed 200 requests
Finished 300 requests
Server Software: Apache/2.4.10
Server Hostname: 192.168.1.191
Server Port: 80
Document Path: /
Document Length: 11321 bytes
Concurrency Level: 10
Time taken for tests: 0.80254 seconds
Complete requests: 300
Failed requests: 0
Write errors: 0
Total transferred: 3495887 bytes
HTML transferred: 3413139 bytes
Requests per second: 3738.13 [#/sec] (mean)
Time per request: 2.675 [ms] (mean)
Time per request: 0.268 [ms] (mean, across all concurrent requests)
Transfer rate: 42527.47 [Kbytes/sec] received
Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 0 0.3 0 1
Processing: 1 1 1.1 2 4
Waiting: 0 0 0.8 1 2
Total: 1 2 0.6 2 4
WARNING: The median and mean for the waiting time are not within a normal deviation
These results are probably not that reliable.
Percentage of the requests served within a certain time (ms)
50% 2
66% 2
75% 2
80% 2
90% 3
95% 3
98% 3
99% 4
100% 4 (longest request)
BAN!!!
=====
[root@Client-01 ~]# ab -n 300 -c 10 http://192.168.1.191/
This is ApacheBench, Version 2.0.40-dev <$Revision: 1.146 $> apache-2.0
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Copyright 2006 The Apache Software Foundation, http://www.apache.org/
Benchmarking 192.168.1.191 (be patient)
apr_socket_recv: Connection refused (111)
@SERVER site check iptables
======================
root@IDP-Server:~# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
f2b-HTTP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
f2b-sshd tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 2 2
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain f2b-HTTP (1 references) <--------------------AUTO Add from Fail2BAN
target prot opt source destination
REJECT all -- 192.168.1.14 0.0.0.0/0 reject-with icmp-p ort-unreachable
RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain f2b-sshd (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
root@IDP-Server:~# tail -f fail2ban.log
2016-02-25 12:56:06,749 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,749 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,749 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,750 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,750 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,751 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,751 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,752 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,752 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,752 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,753 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,753 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,754 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,754 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,755 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,755 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,755 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,756 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,756 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,757 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,757 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,758 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,758 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,758 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,759 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,759 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,760 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,760 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,761 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,761 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,762 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,762 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,762 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,763 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,763 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,764 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,764 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:07,443 fail2ban.actions [3504]: NOTICE [http-get-dos] Ban 192.168.1.14
UNBAN
======
@Server site :
iptables -L -n
Chain f2b-HTTP (1 references)
target prot opt source destination
REJECT all -- 192.168.1.14 0.0.0.0/0 reject-with icmp-port-unreachable
RETURN all -- 0.0.0.0/0 0.0.0.0/0
@check rules name :
root@IDP-Server:~# fail2ban-client status
Status
|- Number of jail: 2
`- Jail list: http-get-dos, sshd
@set UNBAN
root@IDP-Server:~# fail2ban-client set http-get-dos unbanip 192.168.1.14
192.168.1.14
@LOG :
root@IDP-Server:~# tail -f fail2ban.log
2016-02-25 12:56:07,443 fail2ban.actions [3504]: NOTICE [http-get-dos] Ban 192.168.1.14
2016-02-25 13:00:56,160 fail2ban.actions [3504]: NOTICE [http-get-dos] Unban 192.168.1.14
Friday, February 26, 2016
Wednesday, February 10, 2016
ORA-39700: database must be opened with UPGRADE option
set ORACLE_SID=<SID>
sqlplus "/as sysdba"
startup upgrade;
@$ORACLE_HOME\rdbms\admin\catalog.sql;
@$ORACLE_HOME\rdbms\admin\catproc.sql;Thursday, January 28, 2016
Install Oracle database 11g on Windows server 2008 r2 x64
Add privilege administrator to ' ORACLE user '
Fix IP address
set c:\windows\system32\drivers\etc\host
127.0.0.1 localhost
192.168.1.10 hostname ;ex
set all Everonment Variable in 'System variables'
ORACLE_BASE
ORACLE_HOME
ORACLE_UNQNAME
set region in control panel (system locale)
Administrative-> Langauge for non-Unicode Program -> English
Fix IP address
set c:\windows\system32\drivers\etc\host
127.0.0.1 localhost
192.168.1.10 hostname ;ex
set all Everonment Variable in 'System variables'
ORACLE_BASE
ORACLE_HOME
ORACLE_UNQNAME
set region in control panel (system locale)
Administrative-> Langauge for non-Unicode Program -> English
Wednesday, January 27, 2016
OracleMTS Recovery Service error
OracleMTS Recovery Service error
"Windows could not start the OracleMTSRecoverService service on Local Computer. Error 1: Incorrect function.
HKEY_LOCAL_MACHINE\SOFTWARE\ORACLE\OracleMTSRecoveryService\Protid_0
set key host to--> localhost
"Windows could not start the OracleMTSRecoverService service on Local Computer. Error 1: Incorrect function.
HKEY_LOCAL_MACHINE\SOFTWARE\ORACLE\OracleMTSRecoveryService\Protid_0
set key host to--> localhost
Saturday, December 19, 2015
DUPLICATE Oracle database and set new SID from RMAN Full backup
@target
- full backup rman (controlfile,datafile,archivelog)
- create pfile='initNEW_SID.ora' from spfile;
- change current_instance_name to new_instance_name in pfile
- add *.LOG_FILE_NAME_CONVERT and *.DB_FILE_NAME_CONVERT to last line in pfile
exp:
*.LOG_FILE_NAME_CONVERT='/u01/old_log_file_path','/u02/new_log_file_path'
*.DB_FILE_NAME_CONVERT='/u01/old_data_file_path','/u02/new_data_file_path'
**** for Multiple path Oracle datafile
*.LOG_FILE_NAME_CONVERT='/data1/oradata/ORCLG','/data1/oradata/DUPDB',
'/data2/oradata/ORCL','/data2/oradata/DUPDB',
'/data3/oradata/ORCL','/data3/oradata/DUPDB'
*.DB_FILE_NAME_CONVERT='/data1/oradata/ORCL','/data1/oradata/DUPDB',
'/data2/oradata/ORCL','/data2/oradata/DUPDB',
'/data3/oradata/ORCL','/data3/oradata/DUPDB',
'/data4/oradata/ORCL','/data4/oradata/DUPDB',
'/data5/oradata/ORCL','/data5/oradata/DUPDB',
'/data6/oradata/ORCL','/data6/oradata/DUPDB'
- create folder datafile and logfile for new_instance_name
@auxiliary
- startup pfile='initNEW_SID.ora' nomount;
- connect to RMAN by command 'rman auxiliary /'
duplicate database to "newSID" backup location '/backup_rman/oldSID';
trick-2:
create auxiliary by dbca and set new datafile + log file path for newSID
- connect rman as auxiliary using command
duplicate database to "newSID" nofilenamecheck backup location '/backup_rman/oldSID';
- full backup rman (controlfile,datafile,archivelog)
- create pfile='initNEW_SID.ora' from spfile;
- change current_instance_name to new_instance_name in pfile
- add *.LOG_FILE_NAME_CONVERT and *.DB_FILE_NAME_CONVERT to last line in pfile
exp:
*.LOG_FILE_NAME_CONVERT='/u01/old_log_file_path','/u02/new_log_file_path'
*.DB_FILE_NAME_CONVERT='/u01/old_data_file_path','/u02/new_data_file_path'
**** for Multiple path Oracle datafile
*.LOG_FILE_NAME_CONVERT='/data1/oradata/ORCLG','/data1/oradata/DUPDB',
'/data2/oradata/ORCL','/data2/oradata/DUPDB',
'/data3/oradata/ORCL','/data3/oradata/DUPDB'
*.DB_FILE_NAME_CONVERT='/data1/oradata/ORCL','/data1/oradata/DUPDB',
'/data2/oradata/ORCL','/data2/oradata/DUPDB',
'/data3/oradata/ORCL','/data3/oradata/DUPDB',
'/data4/oradata/ORCL','/data4/oradata/DUPDB',
'/data5/oradata/ORCL','/data5/oradata/DUPDB',
'/data6/oradata/ORCL','/data6/oradata/DUPDB'
- create folder datafile and logfile for new_instance_name
@auxiliary
- startup pfile='initNEW_SID.ora' nomount;
- connect to RMAN by command 'rman auxiliary /'
duplicate database to "newSID" backup location '/backup_rman/oldSID';
trick-2:
create auxiliary by dbca and set new datafile + log file path for newSID
- connect rman as auxiliary using command
duplicate database to "newSID" nofilenamecheck backup location '/backup_rman/oldSID';
Wednesday, December 16, 2015
Enabling Oracle HTTP Server to Run as Root for Ports Set to Less Than 1024 (UNIX Only)
Go to $ORACLE_HOME/ohs/bin
chown root .apachectl
chmod 6750 .apachectl
check $ORACLE_INSTANCE/config/OHS/ohs1/httpd.conf
section:
User oracle
Group group_to_start_apache
set port
section:
Listen < 1024
Wednesday, November 25, 2015
SSH Login without Password : Solaris 10, Linux
:ON Solaris 10
ssh-keygen -t rsa
- id_rsa
- id_rsa.pub
@ ~/.ssh
copy id_rsa.pub to remoteHost
scp /export/home/test/.ssh/id_rsa.pub testuser@remotehost:/home/testuser/.ssh
login to remotehost
cat ~/.ssh/id_rsa.pub >> authorized_keys
@server
ssh testuser@remotehost
scp xxx.file testuser@remotehost
:ON LINUX Server
ssh-keygen
ssh-copy-id user@remotehost
ssh user@remotehost
ssh-keygen -t rsa
- id_rsa
- id_rsa.pub
@ ~/.ssh
copy id_rsa.pub to remoteHost
scp /export/home/test/.ssh/id_rsa.pub testuser@remotehost:/home/testuser/.ssh
login to remotehost
cat ~/.ssh/id_rsa.pub >> authorized_keys
@server
ssh testuser@remotehost
scp xxx.file testuser@remotehost
:ON LINUX Server
ssh-keygen
ssh-copy-id user@remotehost
ssh user@remotehost
Subscribe to:
Posts (Atom)