denyhackers.py

If you have an internet host running Ubuntu, you might benefit from running this script every hour:

#!/usr/bin/python
"""denyhackers"""

def denyhackers():
    """denyhackers"""
    import re
    # read current block list
    denyhosts = '/etc/hosts.deny'
    existing = dict()
    with open(denyhosts, 'r') as dhfile:
        line = dhfile.readline()
        while line:
            line = dhfile.readline()
            match = re.search(r'ALL: (\S+)', line)
            if match:
                ipaddr = match.group(1)
                existing[ipaddr] = 1
    # look for new hosts to block
    authfile = '/var/log/auth.log'
    addblocklist = []
    with open(authfile, 'r') as affile:
        line = affile.readline()
        while line:
            line = affile.readline()
            match = re.search(r'Invalid user (\S+) from (\S+) port', line)
            if match:
                ipaddr = match.group(2)
                if ipaddr not in existing:
                    addblocklist.append(ipaddr)
                    existing[ipaddr] = 1
            else:
                match = re.search(r'authentication failure.* ruser=(\S+) rhost=(\S+)', line)
                if match:
                    ipaddr = match.group(2)
                    matchv4 = re.search(r'::ffff:(\S+)', ipaddr)
                    if matchv4:
                        ipaddr = matchv4.group(1)
                    if ipaddr not in existing:
                        addblocklist.append(ipaddr)
                        existing[ipaddr] = 1
    mailfile = '/var/log/mail.log'
    mailfail = r'postfix/smtpd[\d+]: warning: unknown[(\S+)]: SASL LOGIN authentication failed:'
    with open(mailfile, 'r') as mffile:
        line = mffile.readline()
        while line:
            line = mffile.readline()
            match = re.search(mailfail, line)
            if match:
                ipaddr = match.group(1)
                if ipaddr not in existing:
                    addblocklist.append(ipaddr)
                    existing[ipaddr] = 1
    ufwfile = '/var/log/ufw.log'
    with open(ufwfile, 'r') as ufwfile:
        line = ufwfile.readline()
        while line:
            line = ufwfile.readline()
            match = re.search(r'[UFW BLOCK] SRC=(\S+)', line)
            if match:
                ipaddr = match.group(1)
                if ipaddr not in existing:
                    addblocklist.append(ipaddr)
                    existing[ipaddr] = 1
    kernlog = '/var/log/kern.log'
    with open(kernlog, 'r') as kernfile:
        line = kernfile.readline()
        while line:
            line = kernfile.readline()
            match = re.search(r'[UFW BLOCK] .* SRC=(\S+)', line)
            if match:
                ipaddr = match.group(1)
                if ipaddr not in existing:
                    addblocklist.append(ipaddr)
                    existing[ipaddr] = 1
    # add new hosts to block
    with open('/etc/hosts.deny', 'a') as allow:
        for ipaddr in addblocklist:
            allow.write('ALL: ' + ipaddr + "\n")
            print 'adding ' + ipaddr

denyhackers()

 

AJIN – Demi Human

I just finished season two of the Netflix original anime series “Ajin – Demi-Human”, and I loved the whole thing. Took a while to binge watch both seasons, and all I can say is “WOW!” and “I sure hope they produce a Season Three”.

It’s all about people who are immortal, but don’t know it until they actually die. The hero is kind of a young punk, who just wants to be left alone, but is forced to react when this crazy guy tries to take over the country and kill all of his friends. I won’t go into their special powers, and will just say, it’s a really good anime series, even if 2 seasons is all there ends up being.

Five out of five stars, totally worth watching. Likeable (and hateable) characters, great story progress, and awesome performances from all the voice actors. Every episode made me want to watch the next one. None of the boring talking and fighting repetition you get from popular stuff like Naruto.  Ajin is great stuff.  Kudos to Netflix for producing it.

email moved, just in time

This morning, I added email services on my internet virtual machine, meaning I can finally relax, and let my account be retired at the hosting company when it expires early next month. So now, instead of paying $280/year, I’m only paying $144/year, and I can customize my VM as much as I like, instead of being forced to accept the host company’s restrictive “nickel and diming” rules.

My new whistl.com server has free static IP addresses (both IPv4 and IPv6), $2/month weekly system backups, and a free, auto-renewing Let’s Encrypt SSL certificate. I can also guarantee my new server is way more responsive than the huge server I shared with several hundred other paying customers at the hosting company. The only downside is that I have to remember to do regular OS updates on the server myself. Not a big deal for a professional system admin.

I was actually hoping to finish this last year, but put it off too long, and ended up renewing. The Digital Ocean cloud has a much smoother learning curve than Amazon Web Services, plus 60 free days to play with all their toys.

Chef – IT Automation tools

My new employer relies heavily on chef to install and maintain software configurations. I’ve been flying through the new user training classes, when things are slow at work. I’ve have built my own personal chef service to experiment with. Not only am I learning how to use Chef, at the same time I’m having to learn the Ruby programming language as well.

My initial goal is to build recipes to automate building and configuring my Internet servers, so I can recreate them at will, requiring only site backups, starting from scratch, all the way to a fully working website, with just a few commands. I want to do the same thing for my home services, which I’m currently running on hand built LXD containers.

I believe I learn new technology best when I use it to create my own solutions, and then after that, I’ll be able to take that knowledge and use it to better learn, and hopefully improve, the environment my employers have created.

And after just three short weeks, I’ve already started a list of issues that would seem to benefit from some automation. So far, it’s all minor things, like cleaning up /tmp or compressing older log files that consume precious disk space. Why make my team manually repeat the same commands night after night, when chef could just do all that every night, leaving us to fight real fires, when they occur.

When dealing with modern cloud technology, the best practices tell us to treat servers “like cattle, not pets”. Pets, you name, and try to keep alive at all costs. Cattle, well, you usually just number them, and terminate and process them at the end of each season. Then you start over with new cattle at the start of the next season. In other words, you make every server so easy to rebuild that deleting and rebuilding it is actually easier than repairing or maintaining it. Then, when your server acts up, you don’t worry about things like config files being screwed up, you just start over, with a fresh build. Somebody messes up and deletes something critical, or some hardware fails and corrupts a disk? Just delete that server, and start fresh. Need to scale up in a hurry, and add 4 more web servers? No problem.

And then your automation tools become your firms disaster recovery plan too. If you can rebuild all your services in any data center on the planet, you become less “locked in” to any service provider.

rebuilt whistl.com

Tonight I completely rebuilt the whistl.com website server, this time without using any containers, so it was simpler to setup, and I won’t need any expensive external disk storage anymore. I chose a slightly larger VM this time, which has 2GB RAM and 50 GB local disk, vs 1GB RAM and 20GB local disk, but still only 1 vCPU. 2 vCPUs would be overkill for this personal website, and would double the cost.

The entire process took less than an hour, including VM creation, mysql backups, file transfers, and software configuration.