Category Archives: CentOS

Centos 6.5 – Monitoring Bind9 with Bindgraph.

Bindgraph is a program based on Mailgraph and offers the same basic features. It reads the dns_queries.log file and creates a .rrd file listing the number of queries per record type (A, AAA, CNAME, PTR and a few others). It then generates a graph, takes a screenshot and creates a nice HTML page with a .cgi script.

It provides quick overview of your dns traffic. Though, it is limited to the number and type of queries and does not handle where they come from.

Day View

2014-10-12 18_05_00-DNS Statistics for mail.coldnorthadmin.com

Month View

2014-10-12 18_05_50-DNS Statistics for mail.coldnorthadmin.com

 

1) Launching the daemon :

 

CentOS 6.5 – Create a Certificate Authority

yum install easy-rsa
Default Directory : /usr/share/easy-rsa/2.0/

 

CentOS 6.5 – Private key authentication for ssh

SSH is secure! I don’t need anything else!

Well, you are not exactly wrong. But security is not something that should be taken lightly.

I’ve recently acquired a Linode host and I was stunned by the number of unauthorized login attempts. About 99% of those attempts were probably automated scripts crawling the Internet for anything responding to queries on port 22. I believe that a huge part of modern “hacking” is entirely automated which reinforces the perspective that security is a 24/7 concern.

Since SSH is your main entry point to control your machine, it’s especially critical that it’s well protected. Private/public key authentication allows you to login into your machine without providing a password.

Here is a very basic overview.

You first create a key pair : Private and Public key. The private key allows you to apply your “signature” to content. The only way to verify that signature is to have your Public key. You then transfer that public key file unto your server. When you try to connect to the server using your Private key, the server will try to match the unique signature using the Public key you had previously transferred. That entire operation completely removes the need to transfer a password. It’s almost much more complex to brute-force.

That said, it’s up to you to protect your private key. I recommend adding a passphrare during the key generation. Without that extra step, both the public and private key would both be written in clear-text.


China is knocking…

Jun 16 02:12:30 li362-86 sshd[2234]: Failed password for root from 116.10.191.227 port 32848 ssh2 Jun 16 02:12:31 li362-86 sshd[2232]: Failed password for root from 116.10.191.227 port 29883 ssh2 Jun 16 02:12:32 li362-86 sshd[2234]: Failed password for root from 116.10.191.227 port 32848 ssh2 Jun 16 02:12:34 li362-86 sshd[2232]: Failed password for root from 116.10.191.227 port 29883 ssh2 Jun 16 02:12:34 li362-86 sshd[2234]: Failed password for root from 116.10.191.227 port 32848 ssh2 Jun 16 02:12:36 li362-86 sshd[2232]: Failed password for root from 116.10.191.227 port 29883 ssh2


Prerequisites : This guide was performed on a CentOS 6.5 machine with almost no extra packages. Most, if not all commands, should be the same on Debian based OS. That said, be aware that you will have to substitute your own folder and files path. Any variable you need to replace with your own will be marked with the “$” sign.

Folder has to be owned by the appropriate user attempting to log in.

Tagged , , , , , ,

CentOS 6.5 – Mumble and Django-Mumble

Mumble – Open source voice server

Django Mumble – Open source django based administration interface