michael schurter

Do I really need to see this?

My Linode has been experiencing a huge number of brute force login attempts in the past week. I don’t keep detailed statistics, but I would guess there have been 300 attempts in the past week as opposed to the usual rate of about 500 attempts over 200 days (2-3 attempts per day).

Denyhosts has been doing its job perfectly. It should be illegal to run a Internet exposed SSH server without it or a similar tool.*

Thanks to HoopyCat in #linode for pointing me to a SANS Internet Storm Center article explaining the Summer of Hacks phenomenon.

* Unless of course you only accept key based logins.

For some reason I find this meme interesting… I don’t know why I find it interesting, but at least its brief.

Home Office Computer (Debian Unstable)

$ history|awk '{a[$2]++} END{for(i in a){printf "%5d\t%s\n",a[i],i}}'|sort -rn|head
   99	sudo
   80	cd
   59	ssh
   52	vi
   47	ls
   19	cat
   17	ipython2.5
   12	svn
   12	man
    8	host

Server I do most of my work on these days… (Ubuntu 6.10)

$ history|awk '{a[$2]++} END{for(i in a){printf "%5d\t%s\n",a[i],i}}'|sort -rn|head
  288	vi
  108	svn
   59	cd
   15	ls
    8	screen
    4	grep
    2	sudo
    2	mv
    2	make
    2	cat

I haven’t seen ipython on anyone else’s yet. I’m constantly hopping in & out of ipython to test things.

On the GUI side of things I use Gnome, Firefox, Epiphany, Gnome-Terminal, Banshee, Pidgin, and NetworkManager every day.

Rsync is an excellent file transfer utility thats especially well suited for backing up files over the Internet because it only transfers the data that has changed. A friend asked me how to set it up, so I thought I’d post what I sent him here.

Goal: Backup a directory from computer Zim to computer Ark

Details:

• Both Zim and Ark are subdomains of example.com
• The user on Ark which receives the backup files is named backupuser
• The user on Zim with access to the files you want to backup is named steve

Prerequisites:

• ssh installed on both hosts
• rsync installed on both hosts

1. Login to Zim via ssh:

   ssh steve@zim.example.com

2. Generate a ssh key pair using:

   ssh-keygen -t rsa
   <press enter when prompted where to save the key>
   <press enter twice when asked for a passphrase>

3. To use the key to login to Ark remotely without manually entering a password you need to copy the public key from Zim to Ark using:

   ssh-copy-id -i .ssh/id_rsa.pub backupuser@ark.example.com

   If you don’t have ssh-copy-id on your system, get a new system. If thats not possible you can download the script with:

   wget -O ssh-copy-id http://cvsweb.mindrot.org/index.cgi/~checkout~/openssh/contrib/ssh-copy-id?rev=1.6;content-type=text%2Fplain && chmod +x ssh-copy-id

   Then retry the above command only you’ll need to prepend a “./”:

   ./ssh-copy-id -i .ssh/id_rsa.pub backupuser@ark.example.com

4. Verify the key copied properly by attempting to login to Ark. You should not be prompted for a password:

   ssh backupuser@ark.example.com

5. Logout of Ark. The key is setup, so you’re now ready to rsync files without having to manually enter a password.
6. Test rsync by choosing a small file to backup and using:

   rsync -tP /some/small/testfile backupuser@ark.example.com:/tmp

   A nice little progress bar should be displayed as the file is transferred. Confirm that “testfile” is now in /tmp on Ark.

7. You’re finally ready to do a real rsync like:

   rsync -t /directory/to/backup/* backupuser@ark.example.com:/existing/backup/directory

   Note: There are several useful options for rsync. Check man rsync to find out more.

   • -p — preserve permissions (useful for backups, use -E if you only care about the executable bit)
   • -r — recursively backup directories.
   • -z — compressed uncompressed files
   • And just FYI: -t tells rsync to use the last modified timestamp to determine whether or not to transfer files. It makes rsync a lot faster at determining whether or not files have changed.
8. To schedule the backup to take place nightly at 1:13 AM edit your crontab using crontab -e and insert the following line:

   13 1 * * * rsync -qt /directory/to/backup/* backupuser@ark.example.com:/existing/backup/directory

Caveats:

• These instructions will push files from Zim to Ark. There’s no reason why Ark couldn’t pull files from Zim. In fact, this is often more secure if Zim is a web server with a larger attack surface than Ark. Mea culpa.
• If the IP address of Ark is dynamic, use a service like dyndns.com. Otherwise SSH will give you errors.
• Major security warning: If someone breaks into Zim, they can also delete all of your backups on Ark. Never ever ever use the root user for backups on Ark. You can use the root user on Zim to send the backups, but its best to have a special backup user setup on Ark to receive the backup.

Last night Dennis Gilmore, Build Engineer for OLPC, spoke at Bradley University. Since I live 3 blocks from Bradley and have been following OLPC off and on since the beginning, I couldn’t pass this up (even though I was the token old guy in a classroom mostly full of college undergrads).

Dennis had brought 3 XOs with him for the students to play with. He gave a good introductory presentation on OLPC, XO, and Sugar. Not much new for anyone who has been following the project, but I did learn that the XO runs each activity’s process in a different uid/gid. The students asked lots of good questions and were obviously excited about OLPC.

Read on if you care to hear my personal experience with an XO…
(more…)

The little recipe I posted for a dedicated Linux firewall with a CherryPy powered administrative interface finally has a permanent home over at Google Code.

Many thanks to Kyle Waremburg for creating the project page and helping me develop firewall-admin! I hope other people find it useful.