Security – Page 2 – Everything is Broken

Bash script to clean Bots out of Apache Logs

January 16, 2024April 4, 2017 by admin

If you've ever spent some time looking at webserver logs, you know how much crap there is in there from crawlers, bots, indexers, and all the bottom feeders of the internet. If you're looking for a specific problem with the webserver, this stuff can quickly become a nuisance, stopping you from finding the information you … Read more

More Control Over Logwatch Report Dates

August 25, 2015August 20, 2015 by admin

I've been happily running Logwatch on several servers with the default 'yesterday' date range for several years. However I needed to run it for a client with a larger date range to check out a problem. But the options available for logwatch are only 'today', 'yesterday' and 'all'. Or so it told me. And even worse, the 'yesterday' option takes the date from the previous day, and pulls out all the info on that date. So if you run your logwatch report at 4pm, you're missing out on 16 hours worth of data! But it turns out logwatch is smarter than that …

Notes on Encrypted /home directory, post install.

January 29, 2015January 22, 2015 by admin

I decided to encrypt the /home directory on a notebook, post install, as I was going to take it out of the house. There's nothing too important on it, but I probably should look after my ssh keys at least! The laptop is a low end Dell, running Mint (based on Ubuntu). It has a slightly odd configuration in that I have the /home partition mounted separately.

OK, so the first thing I did was to copy the big files onto a separate, non-encrypted partition. I did this for two reasons. Firstly the encryption process creates a copy of your home directory which you can roll back to. This means in your /home partition you need enough room for two copies of your home dir. I didn't. Secondly, the encryption process obviously encrypts each file as it goes. I thought by moving out the large files (Music and Videos directories basically), that this would speed up the encryption process.

UFW script for Logwatch

August 15, 2023February 15, 2013 by admin

I enabled UFW on an Ubuntu server recently and started getting all manner of stuff in my logwatch reports. It activated a section called 'iptables' and started logging every line in syslog with [UFW BLOCK] in it. It was marginally interesting, but not really worth the space devoted to it, so I decided to write a little script to parse the UFW log and summarise the top Blocked Hosts and top Blocked Ports. Therefore I could easily see if there was a change in pattern.

Munin, nginx, mysql on Ubuntu 11.04: Great tool. Poorly explained.

January 3, 2012January 2, 2012 by admin

Well I just jumped through the hoops again installing a new tool, and as it took me quite a while, I thought I'd help the Internet at Large through it. Or at least make a few notes, as most of my own searches for information on this drew blanks. I even went to the lengths of translating a few obscure German posts in case they could help.

Anyway, munin, once you get it going, is actually quite cool. It provides you with a graphical look at your server performance, and you can customise which data you collect quite simply. I'm installing it on an Ubuntu server 11.04, with nginx and mysql. I'm expecting a big traffic spike in the near future, so I want to see how the machine is handling it, and which bits, if any, are struggling.