standard extra packages

After a standard install of debian, these packages still need installing.

apt-get install vim mc iproute2 sysstat systune snmpd ncftp fail2ban nscd needrestart ntpdate ntp plocate mutt postfix

maybe need installing

often a good idea to install

postfix openssh-server zip unzip bzip2 arj ncftp rsync sshfs

getting email working

possible to need to do

dpkg-reconfigure postfix

Make sure it is set as a satellite host (because ziggo blocks port 25, but allows port 587 traffic) for mail.edgarbv.com.

Then on the mail.edgarbv.com server add the domain name to

  /etc/postfix/sender_whitelist

and

  postmap sender_whitelist
  postfix reload

/etc/postfix/main.cf on the satellite server should have the following line in it

relayhost = mail.edgarbv.com:587

inet_protocols = ipv4

DNS

Notes: Choose between nscd or pdnsd for DNS caching. nscd can be buggy, pdnsd needs resolvconf

vim-tiny is installed by debian by default. This is horrible, and which is why we install vim first!

/etc/default/sysstat: turn ENABLED="true"

/etc/default/snmpd: get rid of 127.0.0.1 from SNMPDOPTS

vi /etc/snmp/snmpd.conf: change the community names

nscd is only usefull for servers not running bind themselves

fail2ban

vi /etc/fail2ban/jail.d/defaults-debian.conf

[sshd]
enabled = true

vi /etc/fail2ban/jail.local (this is where user edits go)

[DEFAULT]

ignoreip = 127.0.0.1/8 91.154.222.134 37.252.124.72/24
bantime  = 3d
bantime.increment = true
bantime.multipliers = 1 2 4 8 16 32 64

# Jail for more extended banning of persistent abusers
# !!! WARNINGS !!!
# 1. Make sure that your loglevel specified in fail2ban.conf/.local
#    is not at DEBUG level -- which might then cause fail2ban to fall into
#    an infinite loop constantly feeding itself with non-informative lines
# 2. Increase dbpurgeage defined in fail2ban.conf to e.g. 648000 (7.5 days)
#    to maintain entries for failed logins for sufficient amount of time
[recidive]
enabled = true

[proftpd]
enabled  = true

NB don't edit jail.conf - this contains the default definitions for the services which you can override in jail.d/jail.local

you can find options in

  man jail.conf

The following commands will show you the current running status

  fail2ban-client restart

  fail2ban-client status

  fail2ban-client status postfix-sasl

The following will tell you what the variables are for a specific jail

  fail2ban-client get postfix-sasl bantime

  fail2ban-client get postfix-sasl findtime

  fail2ban-client get postfix-sasl maxretry

The following will show you how the detection is going for a specific jail

fail2ban-regex /var/log/mail/mail.log postfix-sasl

maybe destemail too NB don't edit jail.conf

logging in /var/log/fail2ban.log

Manually banning a range

  fail2ban-client set postfix-sasl banip 81.30.107.0/24

https://www.howtoforge.com/using-fail2ban-on-debian-12/

monitoring swapfile

crontab entry

  5 * * * *       /home/adm_usr/swapfileuse.sh

/home/adm_usr/swapfileuse.sh

#!/bin/sh
#Script to find out what was using swap at what time

LOGFILE=/var/log/swapuse.log
echo "--------------------------------------------------------------------------------" >> $LOGFILE
echo `date` >> $LOGFILE
echo "Total swapfile use (mB)" >> $LOGFILE
free -m | grep Swap | awk '{ print $3 }' >> $LOGFILE
echo " " >> $LOGFILE

for file in /proc/*/status ; do awk '/VmSwap|Name/{printf $2 " " $3}END{ print ""}' $file; done | grep -v "0 kB" | grep kB >> $LOGFILE

might need apt-get install resolvconf but I don't like it much

obsolete

vi /etc/denyhosts.com

set PURGE_DENY = 1w and ADMIN_EMAIL = red@email.com and SMTP_FROM = Denyhosts $machinename <nobody@localhost>

Also, if a host keeps getting denied, you can stop it from going in the /etc/hosts.deny file by putting the IP address into a line in /var/lib/denyhosts/allowed-hosts

packages: hal atsar iproute