Tuesday, March 24, 2015

Setup Fail2ban for Asterisk Verion 11.16 on Debian


INSTALL PACKAGES

 Install iptables
# apt-get install iptables

Install fail2ban
# apt-get install fail2ban


 SETUP
1 - Add Asterisk into fail2ban filter directory to be monitored
Create this file: /etc/fail2ban/filter.d/asterisk.conf
with the following content:

# Fail2Ban configuration file
#
#
# $Revision: 250 $
#

 [INCLUDES]

 # Read common prefixes. If any customizations available -- read them from
# common.local
#before = common.conf
[Definition]

 #_daemon = asterisk

 # Option:  failregex
# Notes.:  regex to match the password failures messages in the logfile. The
#          host must be matched by a group named "host". The tag "<HOST>" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P<host>\S+)
# Values:  TEXT
#

 # Asterisk 1.4 use the following failregex

 failregex = NOTICE.* .*: Registration from '\".*\".*' failed for '<HOST>:.*' - Wrong password
# you can add more regrex here depend on log lines in /var/log/asterisk/full

 2 - Now, edit the fail2ban configuration, FreePBX configuration is in /etc/fail2ban/jail.conf, so we will add these configuration info at the end of the file as here:

[asterisk-iptables]
enabled  = true
filter   = asterisk
action   = iptables-allports[name=ASTERISK, protocol=all]
           sendmail-whois[name=ASTERISK, dest=root, sender=fail2ban@example.org]
logpath  = /var/log/asterisk/full
maxretry = 4
bantime = 259200


3 - Turn it on for good

If all is well up to this point, let's make sure that fail2ban and iptables restart with the server by issuing the following commands.

Debian/Ubuntu:

update-rc.d iptables defaults
update-rc.d fail2ban defaults

You should now be somewhat protected against SIP scans and brute force attacks!

Posted by at No comments:

Tuesday, March 17, 2015

How to Clone a Xen Guest on LVM

DD Copy Method

Make the second LV for the cloned one:
lvcreate -L 5000 -n guest02 VG0

Then use dd to copy the contents of the first volume into the second. Be sure to shut down the guest01 VM before you begin:
xm shutdown guest01
Copy the contents of one LV into another:
dd if=/dev/VG0/guest01 bs=4096 of=/dev/VG0/guest02

Configure Xen

In order to make the hypervisor aware of this new guest, a new configuration file must be created. To do this, make a copy of the original configuration file:
cp /etc/xen/guest01 /etc/xen/guest02

Then, edit the new file, /etc/xen/guest02. In order for the guest to function the following lines must be changed:
  • The name of the guest (from "guest01" to "guest02"
  • The MAC address of the guest on the "vif =" line
  • The UUID of the guest
  • The logical volume on the "disk = " line.
Other parameters can also be changed as desired (the amount of memory for example). The MAC and the UUID are both random numbers. It is sufficient to simply change a few digits of each. Or, a utility that creates random MAC and UUID numbers can be used.
The new guest can now be started with the command:

xm create guest02 -c
Posted by at No comments:

Monday, March 16, 2015

Xen Tuning Commands


1- Resize the Xen guest Disk
Shut down the Xen guest
Resize its logical volume

Linux Commands:

# xm shutdown erp8
# lvresize /dev/VolGroup1/erp8-disk -L +1GB
# e2fsck -f /dev/VolGroup1/erp8-disk
# resize2fs /dev/VolGroup1/erp8-disk
Posted by at No comments:

Create new xen guest on DOM0

SSH to DOM0 (Xen host machine)
and run this statement to create one:
# sudo xen-create-image --hostname=myhost --memory=512mb --swap=1024mb --vcpus=2 --pygrub --dist=wheezy


Which is will run Debian Wheezy
RAM 512
SWAP 1024
vcpus number is 2

Posted by at No comments:

How To Remove Xen Guest from DOM0


1 - SSH into the Dom0 (the host machine).

2 -
$ xm list | grep <DomU> 
where <DomU> is the short hostname of the virtual machine, e.g. yoyodyne. The DomU to be decommissioned should not be listed. If it is, execute

 $ xm destroy <DomU> 
This command force shutdowns the VM

3 - Remove the auto-boot symlink:
$ rm /etc/xen/auto/<DomU>.cfg 

4 - Remove the Xen domain configuration:
$ rm /etc/xen/<DomU>.cfg 

5 - Remove all logical volumes associated with the domU. In most cases this will consist of a single LV:
lvremove /dev/<Dom0>/<DomU>-<device> 

For example:
lvremove /dev/dom0server/yoyodyne.example.com-hda
Posted by at No comments:
Subscribe to: Posts (Atom)