Category Archives: technology

Linksys NSLU2

Posted on by
Reply

I’ve been having a box standing in a corner for years, which have been running my webserver (yes, this), my mail server, and my file server. It’s a hungry beast, ie. it’s a Intel P4, with lots of RAM, and more harddrives than I can think of (or wish to think of).

As I was not able to find my christmas present (Nikon D200 or Apple 15″ Powerbook (int. english keyboard was the problem)), I decided to spend a bit of money on a few other things;; like a new harddrive, and a Linksys NSLU2 which in the first place might look a bit borring, but it’s quite cool, and an external USB harddrive.

It have a few good things about it;
- runs linux
- runs linux
- runs linux

Which means that there are some very nice people out there who have figured out how to do very interesting things with it, like hack the firmware so that it is possible to install more programs on it. The coolest thing around is mt-daapd which is an opensource iTunes server running on almost any platform.

So after a bit of searching, I found home page of the deciated geeks; www.nslu2-linux.org, got the latest version UnSlug, got it installed an bingo it worked. Then I followed the readme to ‘unsling’ (boot of a USB harddrive instead of the internal flash disk). Then I used ‘ipkg update’, ‘ipkg install mt-daapd’, modified the configuration file, and bingo I had my iTunes server running.

And it still works, I haven’t broken anything (yet).

Now, earlier this month I switched ISP, which ment going from a routed connection to a bridged connection, which ment that I had to setup another PC to work as a router… The NSLU2 works with some USB Network Cards, what if……..

sshd – Invalid user ….

Posted on by
Reply

I’ve written a couple of entries about my anoyance and solving the issue with "Invalid user", after I started running my script it seams that there are 40 ipaddress which actually is causing this.

If you want to get ridge of this, then either run my script block_idiots_ssh.pl, or start by blocking the following ipaddresses:

136.201.107.1
137.99.10.239
165.138.251.222
195.167.202.196
198.104.137.241
200.62.142.213
202.222.18.60
202.64.210.245
203.86.84.113
210.230.64.24
210.73.128.152
211.189.26.30
211.21.128.186
211.45.120.112
211.75.4.188
213.146.166.240
213.80.105.8
213.93.189.51
216.20.244.22
217.160.170.220
218.37.89.50
218.41.93.138
219.140.167.51
220.130.245.91
220.95.232.114
220.95.232.216
222.208.171.133
24.202.99.204
24.4.255.24
59.120.171.146
61.195.159.211
61.246.1.251
62.108.199.156
62.141.35.40
69.211.157.105
69.50.225.230
80.23.97.194
80.28.216.105
82.224.162.170
83.220.130.10

By using iptables: # iptables -A INPUT -i <interface> -s IPADDRESS -p tcp –dport 22 -j DROP

Then you should hopefully see that you number of "Invalid user" entries in /var/log/secure will go down. If not start doing something active.

Howto block scripts kiddie’s

Posted on by
Reply

So you probably have the same issue as I do – you see ‘[sshd] … Invalid user … ‘, a couple of hundred times a day. And would like to stop that, well you could write a script which scannes the /var/log/secure every couple of seconds, or you could do as I did.

First I figured out how to read from syslog in realtime. Next came the big one, how to make the whole thing work. Well I knew that my pipe was working, and the daemon thing – well it was running, but howto make it work. After some hours the result is actually working, and I only see one entry in my secure syslog per attempt to break in, and also only one entry in iptables (timing is the issue here).

If you’re interested in the code download it block_idiots_ssh.pl

It should be self explaining, otherwise use www.google.com to find out what it does (there are some pretty good perl sites out there) – not the most pretty perl code ever produced, but hey it is working.

Daemonize Perl – or howto create a daemon in Perl

Posted on by
4

Perl have never been something I’ve looked in to as it is not as easy (I think as) as what I’m used to, which is C/C++, PHP, Shell scripts, etc. But I’ve found out that there are a few things where nothing beats Perl, and one of them is to create small deamons (and also programs) which only exist because I got an "excelent" idea.

Having my own server, one of the most anoying things I see everyday is people who is trying to login to my server with SSH, so I get my log filled up with stuff like "Aug 17 01:54:22 blabla sshd[9821]: Invalid user blabla from ::ffff:123.456.789.123", and in some cases hundreds of them every day. So looking into how syslog works, it turned out that one can actually have multible log facilities pointing to diffrent targets. But more about that later, read another blog entry

The problem is that a daemon is require in an enviroment where one wants to monitor events which happens now. Writing deamon’s is possible in almost every programming language, but Perl *) is good at one thing, it have everything, and then a bit. Especially the way one can use regular expressions directly in the language helps.

*) Yes I could do it in C or C++ (which probably would make more sense), but I could not be bothered, and this was a good excercise in learning Perl.

So I set up trying to figure out how to do this, and found that it is not too difficult (I’m a great believer in cut ‘n paste), and a skeleton would look like this:

#!/bin/perl
#
use strict;
use POSIX qw(setsid);
use LWP::Simple;

# flush the buffer
$| = 1;

# daemonize the program
&daemonize;

while(1) {
#
# Do interesting stuff here…….
#
}

# here is where we make ourself a daemon
sub daemonize {
chdir ‘/’ or die “Can’t chdir to /: $!”;
open STDIN, ‘/dev/null’ or die “Can’t read /dev/null: $!”;
open STDOUT, ‘>>/dev/null’ or die “Can’t write to /dev/null: $!”;
open STDERR, ‘>>/dev/null’ or die “Can’t write to /dev/null: $!”;
defined(my $pid = fork) or die “Can’t fork: $!”;
exit if $pid;
setsid or die “Can’t start a new session: $!”;
umask 0;
}

See that is not to difficult, I will continue my saga about how to stop idiots trying to access my box.