Czarism.com

Brute-force break-in attempts are quite frequent against an SSH server and other password protected internet-services (such as ftp,pop,...). Automated scripts try multiple combinations of username/password (brute-force, dictionary attack) and sometimes changing the port to something other than the default can't be done. Furthermore, scouring your log files yourself is not only time consuming, but can be difficult too.*

Fail2ban attempts to alleviate these issues by providing an automated way of not only identifying possible break-in attempts, but acting upon them quickly and easily in a user-definable manner.

Log files contain interesting information, especially about failed logins. This information can be used to ban an offensive host. This is exactly what Fail2ban does. It scans log files and detect patterns which correspond to possible breakin attempts and then performs actions. Most of the time, it consists of adding a new rule in a firewall chain and sending an e-mail notification to the system administrator.

Here is a list of the most important features available in Fail2ban:

• client/server
• multithreaded
• Gamin support
• autodetection of the date/time format
• wildcard support in logpath option
• support for a lot of services (sshd, apache, qmail, proftpd, sasl, etc)
• support for several actions (iptables, tcp-wrapper, shorewall, mail notifications, etc)

The code has been completely rewritten since 0.6.x. Fail2ban is entirely written in Python and thus should work on most of the *nix systems.

 

Fail2ban is composed of 2 parts: a client and a server. The server is multi-threaded and listens on a Unix socket for commands. The server itself knows nothing about the configuration files. Thus, at start-up, the server is in a "default" state in which no jails are defined. The following options are available for fail2ban-server:

-b                   start in background
-f                   start in foreground
-s <FILE>            socket path
-x                   force execution of the server
-h, --help           display this help message
-V, --version        print the version

fail2ban-server should not be used directly except in case of debugging. The option -s <FILE> is probably the most important one and is used to set the socket path. Thus, it is possible to run several instances of Fail2ban on different sockets. However, this should be not required because Fail2ban can run several jails concurrently.

If fail2ban-server crashes (does it?), it is possible that the socket file has not been removed correctly. The -x option tells the server to delete the socket file before start-up. If the socket file of a running server is removed, it is not possible to communicate with this server anymore.

The server handles the signals SIGTERM and SIGINT. When receiving one of these signals, fail2ban-server will quit nicely.

Client

fail2ban-client is the frontend of Fail2ban. It connects to the server socket file and sends commands in order to configure and operate the server. The client can read the configuration files or can simply be used to send a single command to the server using either the command line or the interactive mode (which is activated with the -i option). fail2ban-client can also start the server. The following options are available for fail2ban-client:

-c <DIR>                configuration directory
-s <FILE>               socket path
-d                      dump configuration. For debugging
-i                      interactive mode
-v                      increase verbosity
-q                      decrease verbosity
-x                      force execution of the server
-h, --help              display this help message
-V, --version           print the version

As for fail2ban-server, the option -s <FILE> can be used to set the socket path. Notice that this command line option overrides the socket option set in fail2ban.conf. The default configuration directory is /etc/fail2ban but can be override with the -c <DIR> option. The -x option is simply forwarded to fail2ban-server when starting the server.

A useful option for debugging is -d. This prints the configuration parsed by fail2ban-client. The output corresponds to the stream sent to the server. If the output of -d shows:

['set', 'loglevel', 1]
['set', 'logtarget', 'STDERR']

It is possible to achieve the same with:

$ fail2ban-client set loglevel 1
$ fail2ban-client set logtarget STDERR

Everything set in the configuration files can be configured manually. The configuration is just a simple and efficient way to configure the server. fail2ban-client only translates the configuration into a suite of commands. However, fail2ban-client has 2 more commands for its internal use. The first one is start. When typing:

$ fail2ban-client start

the client will first try to fork a server instance. The client then waits for the server to start-up by sending ping requests to it. Once the server responds to these requests, fail2ban-client parses the configuration and sends the corresponding commands to the server. The second one is reload. When typing:

$ fail2ban-client reload

the client will tell the server to stop all jails, parses the configuration files again and send the commands to the server. This is useful when a new configuration must be loaded without shutting down the server. This is also very useful when debugging the server. It is possible to start the server with fail2ban-server -f in one terminal and to load the configuration by typing fail2ban-client reload in an other one. Thus, client and server output will not be mixed up.

Any other commands are simply sent to the server without any specific treatment. However, most of the time, only the 2 above commands and stop will be used.

There is probably one last useful command: status [jail]. Without a jail name, the global status of the server is returned. If jail corresponds to an existing jail, the status of this jail is displayed.

A list with all commands is available here.

Chrome Command Line Switches

by Chrome Blog on September 15, 2008

Google Chrome has a number of command line switches which change the behavior of Chrome, some of these switches can be turned on/off in the regular settings menu such as “dns-prefetch-disable” however others cannot.

To launch and use the switches, you append the switch name when calling Chrome on launch like:

“…..\Application\chrome.exe” –crash-test

Which would obviously execute the crash test function.

allow-all-activex
always-enable-dev-tools
app
assert-test
automation-channel
channel
crash-test
debug-children
debug-print
disable-dev-tools
disable-hang-monitor
disable-images
disable-java
disable-javascript
disable-logging
disable-metrics
disable-metrics-reporting
disable-plugins
disable-popup-blocking
disable-prompt-on-repost
dns-log-details
dns-prefetch-disable
dom-automation
dump-histograms-on-exit
enable-file-cookies
enable-logging
enable-p13n
enable-watchdog
first-run
gears-in-renderer
gears-plugin-path
geoid
hide-icons
homepage
import
in-process-plugins
javascript-debugger-path
js-flags
lang
log-filter-prefix
log-level
make-default-browser
memory-model
memory-profile
message-loop-histogrammer
message-loop-strategy
new-http
no-events
no-sandbox
omnibox-popup-count
playback-mode
plugin
plugin-launcher
plugin-path
plugin-startup-dialog
process-per-site
process-per-tab
proxy-server
record-mode
remote-shell-port
renderer
renderer-assert-test
renderer-crash-test
renderer-path
renderer-startup-dialog
restore-last-session
safe-plugins
show-icons
silent-dump-on-dcheck
single-process
start-maximized
start-renderers-manually
tab-count-to-load-on-session-restore
test-sandbox
testing-channel
testshell-startup-dialog
trusted-plugins
uninstall
upload-file
use-lf-heap
user-data-dir
wait-for-debugger-children

Feel free to Bookmark this Story:

The images are in /var/luna/data/browser/icons . For the "built-in" bookmarks, there are 3 files each:

• bookmark-icon-{name}.png - 32x32 px icon you see in the bookmark list

• {name}-bookmark-icon.png - 64x64 px icon that doesn't seem to appear anywhere

• {name}-bookmark-thumbnail.png - 90x120 px thumbnail that appears when you start the browser

I'm not happy with the way the Pre tries to make images for you, so I created some of my own. (I also use a better naming convention for the files).

To add your own images:

1. Copy the default bookmark images from /var/luna/data/browser/images to you PC (use WinSCP or copy them to /media/internal and then use the USB cable). They make good templates for creating new images.

2. Create some new images. Here are mine for m.cnn.com:

(cnn-icon32.png)

(cnn-icon64.png)

(cnn-thumbnail.png)

3. Copy the images to your Pre under /var/luna/data/browser/images .

4. Become root and make your filesystem read-write:

Code:

$ sudo -i

# rootfs_open -w

5. Open the bookmark database with the sqlite utility:

Code:

# /usr/bin/sqlite3 /var/palm/data/file_.usr.palm.applications.com.palm.app.browser_0/0000000000000004.db

6. Add a bookmark, save, and exit sqlite:

Code:

sqlite> begin transaction;

sqlite> insert into bookmarks (url,title,defaultEntry,iconFile32,iconFile64,thumbnailFile)
 values ('http://m.cnn.com','CNN',1,'/var/luna/data/browser/icons/cnn-icon32.png','/var/luna/data/browser/icons/cnn-icon64.png','/var/luna/data/browser/icons/cnn-thumbnail.png');

sqlite> commit;

sqlite> .exit

Note: the bookmarks are keyed on title, so if you already have a bookmark titled "CNN", the above code will simply update the existing bookmark.

To view all you bookmarks in the database:

Code:

sqlite> .header on

sqlite> select * from bookmarks;

Columns:

• id - numeric ID

• url - URL

• title - Title

• date - numeric representing the date-time the bookmark was added

• parent - ?

• idx - numeric controlling sort order of the bookmarks (when two or more bookmarks have the same idx value, the browser sorts on title)

• defaultEntry - numeric: 0 for bookmarks you add through the browser, 1 for "built-in" bookmarks (Pre won't mess with the images)

• iconFile32 - path to the 32x32 px icon

• iconFile64 - path to the 64x64 px icon

• visitCount - number of times you selected the bookmark

• thumbnameFile - path to the thumnail

• lastVisited - numeric representing the date-time last time you selected the bookmark

• startIdx - ?