I wrote this little Python program a while ago and now people are starting to email me about it, asking for it to be part of the DenyHosts Debian packages so I figured I’d write a quick article on it.

If you’re like my developers, you’ll find yourself getting banned from servers all the time and have to come speak to someone like me (your sys engineer/admin), or maybe you are an admin and are sick of people banning themselves and want and easy way to unban them.

So give this a try:

https://github.com/kura/denyhosts-unban

From the GitHub page you can download either the tarballs, zipballs or a Debian .deb package. Install it using the instructions in the README and you’re good to go.

Unban

Unbanning is simple, you can either unban a single IP using:

sudo denyhosts-unban 10.0.0.1 …

If like me you run in to issue when using OpenJDK, my issues come from it’s memory problems when you’re allocating and using large amounts of memory - mostly for Solr where we’re concerned but obviously I’d switch for other high memory usage instances too.

So without further ado, lets get the installation going.

You’ll need Debian’s “add-apt-repository”, on servers this doesn’t usually come by default so we’ll need to install it.

sudo apt-get install python-software-properties

Next we need to add Java’s PPA.

sudo add-apt-repository ppa:sun-java-community-team/sun-java6

Once this is done we’ll need to update our apt caches and install Java 6.

sudo apt-get install sun-java6-jdk

Now that this is installed we should get the Java version, remember it for future.

java -version

You’ll get something like this

java version "1.6.0_20" OpenJDK Runtime Environment (IcedTea6 1.9 …

I have built and released an open-source email server in the past for testing send rates and speeds, this project was called SimpleMTA and is available here.

Recently I have rebuilt this project for an internal project at work using the Tornado framework. Sadly this project as a whole cannot be released but a version of this code will be released in the near future.

Until that is released I have launched a new service called blackhole.io

What is blackhole.io?

blackhole.io is a completely open mail relay that forgets anything that is sent to it, meaning there is no auth requirements and no storage of email data within the service. Literally anyone can send anything to it and have it never get delivered.

You can even send commands out of order, meaning you can call the DATA command without ever using HELO, MAIL FROM or RCPT TO …

I’ve recently been toying with my Raspberry Pi mirror including moving it out on to Amazon’s S3. I’ve written an article on how to back up to S3, but that isn’t enough when it comes to serving data from S3.

I needed the ability to RSYNC data from the official Raspberry Pi servers on to mine and then in to S3 and for that I used s3fs and FUSE.

FUSE

You can actually do this successfully without requiring FUSE, just by installing the s3fs binary on to your system, but this only allows the user who mounted to access the mounted bucket and also is not possible via /etc/fstab.

FUSE allows you to implement a filesystem within a userspace program, thus allowing us to give other users access and auto-mount using /etc/fstab.

Installation

Fuse

Installing FUSE is simple

sudo apt-get install fuse-utils

s3fs

We …

24 hours of SSH attacks against a single server, visualised on a world map using Python.

When a country stays lit up for more than 1 tick of the clock in the left hand corner it means that multiple attacks are happening from different IP addresses. An attacker is banned after;

  • 1 failed root login,
  • 3 failed user logins (including invalid users) and
  • 3 failed system logins.

I have several servers powering syslog including it’s Raspberry Pi mirror, load balancer and email servers. All of my servers are hosted using Linode in their London data centre and have Linode’s back-up system doing both daily and weekly snapshots.

For the app and database servers I do server-side backups storing each website and it’s database in it’s own folder within /backup in case I require a quick back-up to fix something, rather than the server has died.

This is all well and good but I like having an off-site backup too and for that I use S3

About S3

Amazon’s S3 is pretty cheap and very easy to use. Because only data is going in you don’t pay a transfer fee and the cost of storage is very affordable, you can see a pricing list here.

To do the backup I use a …

The unattended-upgrades package used on Debian is based on the one from Ubuntu. It is generally pretty safe in my opinion but I only ever enable it for security upgrades.

Installation

apt-get install unattended-upgrades apticron

unattended-upgrades handles the actual updates, apticron is used for emailing you of available updates - it is not required but I like it.

Configuring unattended-upgrades

Open up /etc/apt/apt.conf.d/50unattended-upgrades and change it to the content below.

APT::Periodic::Enable "1";
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";
Unattended-Upgrade::Mail "**YOUR_EMAIL_HERE**";

// Automatically upgrade packages from these (origin, archive) pairs
Unattended-Upgrade::Allowed-Origins {
    "${distro_id} stable";
    "${distro_id} ${distro_codename}-security";
};

// Automatically reboot *WITHOUT CONFIRMATION* if a
 // the file /var/run/reboot-required is found after the upgrade
 Unattended-Upgrade::Automatic-Reboot "false";

So lets explain the above. As you can see we enable periodic updates, enable update package lists (triggers an apt-get update), enable autoclean …