Wieder einmal aufgeweckt vom embedded Linux

Heute Nacht bin ich mal wieder von meinem embedded Linux aufgewacht, wie schon einmal. Nach der letzten Attacke hatte fail2ban installiert, was erstaunlich einfach ging.

sudo apt-get install fail2ban
sudo nano /etc/fail2ban/jail.conf
sudo /etc/init.d/fail2ban restart

Fertig! Das war es schon.

Und dennnoch blinkte die LED unaufhörtlich in der Nacht. Über 100 IP adressen, die gehackt haben bis endlich ruhe war. Alle anderen computer waren ausgeschaltet, so dass die anderen Ports vom Portforwarding beim scan zumindest closed oder filtert anzeigen müssen. So viel Ernergie wegen einem offnen SSH port bei einer IP die sich alle 24 Stunden ändert? Mich wundert, dass der kleine NSLU2 nicht aufgegeben hat bei einem solchen DDOS, immerhin dauert es schon mal 3,5 Stunden um alleine nmap zu compilieren ;-) Naja 266 MHz und 32 MB RAM sind auch nicht gerade viel, aber als Eingang in mein Netzwerk hat es für mich immer gereicht. Fragt sich nur, was ich als nächstes gegen einen solchen Angriff machen kann. Fail2ban scheint da nicht mehr zu reichen. Ideen?

Ubuntu WOL

Ubuntu Wake on LAN

1. If you havent already, go to your BIOS, and turn on WakeOnLAN (it varies, look for it.) If your network card is onboard, your set for step 2, otherwise there is probably a cable that should go from your network card to your motherboard, though this is not always the case.

2. Back in ubuntu, kubuntu, xubuntu, w/e, we now need to make a script that will run every time the computer is started, because this command only lasts until the computer is turned on again once.

2a. Find out what network device you want to have the computer wake-able from, usually all, which is just one. If you have more network devices in your system, 9 chances out of 10, you already know what they are called. You can NOT wake up a laptop or computer that is only connected via wireless with wake-on-lan, unless the bios has a method for this, this is very rare, and I do not garuntee this howto will work in such cases. In your terminal, type: Code:

ifconfig

You’ll get something like: (I have removed my mac address for security)

eth0      Link encap:Ethernet  HWaddr 01:23:45:67:89:ab
          inet addr:192.168.1.2  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::215:f2ff:fe6f:3487/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:71495 errors:0 dropped:0 overruns:0 frame:0
          TX packets:76190 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:23164212 (22.0 MiB)  TX bytes:7625016 (7.2 MiB)
          Interrupt:217 Base address:0xd400

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:1290 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1290 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:161182 (157.4 KiB)  TX bytes:161182 (157.4 KiB)

So, I want this system to be wake-able from eth0.

2b. Now we create the script. Note: you must be an administrator on the system you are doing this to.

sudo -i

Enter your password at the prompt. Change to the startup script directory and start editing a new file:

cd /etc/init.d/
nano wakeonlanconfig

Paste, or type this into the file, replacing eth0 with your network device, repeat the ethtool line as many times for your devices before the exit line:

#!/bin/bash
ethtool -s eth0 wol g
exit

Set the permissions of the file:

chmod a+x wakeonlanconfig

Make the script run on startup:

update-rc.d -f wakeonlanconfig defaults

You should see something like:

 Adding system startup for /etc/init.d/wakeonlanconfig ...
   /etc/rc0.d/K20wakeonlanconfig -> ../init.d/wakeonlanconfig
   /etc/rc1.d/K20wakeonlanconfig -> ../init.d/wakeonlanconfig
   /etc/rc6.d/K20wakeonlanconfig -> ../init.d/wakeonlanconfig
   /etc/rc2.d/S20wakeonlanconfig -> ../init.d/wakeonlanconfig
   /etc/rc3.d/S20wakeonlanconfig -> ../init.d/wakeonlanconfig
   /etc/rc4.d/S20wakeonlanconfig -> ../init.d/wakeonlanconfig
   /etc/rc5.d/S20wakeonlanconfig -> ../init.d/wakeonlanconfig

Now we finish by running it, and making sure there are no errors.

/etc/init.d/wakeonlanconfig

This should produce no output and put you right back at the prompt you started at.

3. Use it. you’ll need something to send wake-on-lan packets with, „wakeonlan“ is in the repos. And you’ll need the mac address of the system.

To get your MAC address, on the same system you just enabled WOL on, type: Code:

ifconfig | grep HW

its the thing that looks like 01:23:45:67:89:ab , write it down. turn off that system:

sudo halt

if your using wakeonlan from the repos, and you are on the same network as the computer your tying to wake up, replace 01:23:45:67:89:ab with your mac address and do, from another computer:

wakeonlan 01:23:45:67:89:ab

In MOST cases, you CAN SEND wake on lan packets from a wireless connected computer. If that doesnt work, its likely the port on the system your trying to wake up isnt the default (9), try 7, or if your BIOS settings or book told you one, use that one.

wakeonlan -p 7 01:23:45:67:89:ab

remove /MACHINE:X86 from make files with php

I use PHP on the command line cause I know it the syntax better than any other scriting language and it works on linux and windows. This is about removing the x86 to be able to build apache in x64 (64 bit) on windows.

<?php
$files=array(
 "srclib/apr/libapr.mak",
 "srclib/apr-iconv/build/modules.mk.win",
 "srclib/apr-iconv/libapriconv.mak",
 "srclib/apr-util/dbd/apr_dbd_freetds.mak",
 "srclib/apr-util/dbd/apr_dbd_mysql.mak",
 "srclib/apr-util/dbd/apr_dbd_odbc.mak",
 "srclib/apr-util/dbd/apr_dbd_oracle.mak",
 "srclib/apr-util/dbd/apr_dbd_pgsql.mak",
 "srclib/apr-util/dbd/apr_dbd_sqlite2.mak",
 "srclib/apr-util/dbd/apr_dbd_sqlite3.mak",
 "srclib/apr-util/dbm/apr_dbm_db.mak",
 "srclib/apr-util/dbm/apr_dbm_gdbm.mak",
 "srclib/apr-util/ldap/apr_ldap.mak",
 "srclib/apr-util/libaprutil.mak"
);
foreach($files as $file){
 if(file_exists($file)){
 echo "Replace in: ". $file ."\n\r";
 file_put_contents($file,str_ireplace(" /MACHINE:X86","",file_get_contents($file)));
 }
 else
 {
 echo "FAILED: ". $file ."\n\r";
 }
}
?>

Archive for category linux

Archives by Month: