*not* just another blog ;)

Setting up Fail2Ban

- Posted in Quick Tip by with comments

If you have a look in your server logs, you will most likely see an intrusion attempt every couple of seconds. This is anti-social behaviour which seems to stem from Chinese "hackers".

Here's how to make it a lot harder for them to actually gain access.

sudo apt update && sudo apt install fail2ban

Check that all is good and that it's running

systemctl status fail2ban

And we can watch it work by looking at the log file, which in my case is at

nano /var/log/fail2ban.log

You can see that it's finding patterns that match abuse, and will ban these bastards for 5 mins at a time. It won't stop them, but it will make it harder for them to brute force a password that way.

This is an excerpt from my log:

2017-10-12 13:59:42,654 fail2ban.filter [15200]: INFO [sshd] Found 2017-10-12 13:59:43,158 fail2ban.actions [15200]: NOTICE [sshd] Ban
2017-10-12 13:59:44,836 fail2ban.filter [15200]: INFO [sshd] Found 2017-10-12 13:59:56,473 fail2ban.filter [15200]: INFO [sshd] Found
2017-10-12 13:59:58,575 fail2ban.filter [15200]: INFO [sshd] Found
2017-10-12 14:00:01,356 fail2ban.filter [15200]: INFO [sshd] Found
2017-10-12 14:00:03,747 fail2ban.filter [15200]: INFO [sshd] Found
2017-10-12 14:00:06,404 fail2ban.filter [15200]: INFO [sshd] Found
2017-10-12 14:00:07,399 fail2ban.actions [15200]: NOTICE [sshd] Ban
2017-10-12 14:00:08,511 fail2ban.filter [15200]: INFO [sshd] Found
2017-10-12 14:00:57,705 fail2ban.filter [15200]: INFO [sshd] Found
2017-10-12 14:00:59,516 fail2ban.filter [15200]: INFO [sshd] Found
2017-10-12 14:01:05,281 fail2ban.filter [15200]: INFO [sshd] Found
2017-10-12 14:01:07,856 fail2ban.filter [15200]: INFO [sshd] Found
2017-10-12 14:01:13,863 fail2ban.filter [15200]: INFO [sshd] Found
2017-10-12 14:01:14,693 fail2ban.actions [15200]: NOTICE [sshd] Ban 2017-10-12 14:01:15,203 fail2ban.filter [15200]: INFO [sshd] Found

I have been using the program gtop to show all sorts of nice stats in a neat graph format in the terminal, but on some of the machines it just shows a ? instead of the . or bars.

Here's how I fixed it.

sudo dpkg-reconfigure locales

Then I selected my locale "en_AU UTF-8"

After doing that, and rebooting (I really wish I didn't have to do that!) it works as it should!

Thanks to the guys on ##linux on freenode for pointing me in the right direction.

Hopefully this helps someone else!

Installing gtop to monitor a system

- Posted in Quick Tip by with comments

I recently came across a nifty app called gtop which shows some really cool information and graphs about your system, such as cpu usage, disk, network, etc in real time.

gtop in action

Here's how I installed it:

sudo apt update ;  sudo apt install npm ; npm install -g gtop

Then run it with


If you get an error saying "/usr/bin/env: ‘node’: No such file or directory" then try this:

sudo ln -s /usr/bin/nodejs /usr/bin/node

This will symlink it and if you re-run the app it should work!

If you get an error that says "Kernel version not supported" which can happen if running on OpenVZ, you can simply press enter to ignore it, things still work :)

If the graphics don't look right, then try this.

EDIT: Adding a nice one-liner for me to copy/paste because I can be lazy sometimes, lol:

sudo apt update ;  sudo apt install npm -y ; npm install -g gtop; ln -s /usr/bin/nodejs /usr/bin/node; gtop

This will install gtop and it's dependencies, fix up the error (if it needs to) and then run gtop.

I've recently upgraded to using Ubuntu Server 17.04 and I have noticed that by default you must create a user instead of being able to login as root, which is a great idea for security, but makes things harder for permissions, etc.

Once the Ubuntu 17 server has been set up, all we need to do is modify /etc/ssh/sshd_config and add the line PermitRootLogin yes underneath the Authentication heading.

sudo nano /etc/ssh/sshd_config


#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

Once that's done, we just need to restart the ssh server

sudo systemctl restart sshd

Now, we need to make sure the root user has a password, if not, we can set one now.

sudo passwd

Enter the new root password, once that's done, try logging in as root with SSH, it should work now!

Benchmarking Linux with bench.sh

- Posted in Quick Tip by with comments

When I set up a new Linux machine, I always like to run a benchmark to see how it's performing. This is mostly true if I get a new VPS, or if I'd like to check the performance of a computer for the fun of it.

Normally, I use this one-liner benchmark (after installing bzip2 and time):

bash <(wget --no-check-certificate -O - https://raw.github.com/mgutz/vpsbench/master/vpsbench)

The output looks like this:

CPU model:  AMD Phenom(tm) II X4 970 Processor
Number of cores: 4
CPU frequency:  3499.966 MHz
Total amount of RAM: 7986 MB
Total amount of swap:  MB
System uptime:   4:51,       
I/O speed:  229 MB/s
Bzip 25MB: 5.35s
Download 100MB file: 9.48MB/s

Today, I'll be looking at another one called bench.sh

It's another simple one-liner:

wget -qO- bench.sh | bash

The output looks like this:

CPU model            : AMD Phenom(tm) II X4 970 Processor
Number of cores      : 4
CPU frequency        : 3499.966 MHz
Total size of Disk   : 219.8 GB (107.0 GB Used)
Total amount of Mem  : 7986 MB (2137 MB Used)
Total amount of Swap : 8240 MB (0 MB Used)
System uptime        : 0 days, 4 hour 46 min
Load average         : 0.18, 0.29, 0.39
OS                   : Manjaro Linux 
Arch                 : x86_64 (64 Bit)
Kernel               : 4.13.3-2-MANJARO
I/O speed(1st run)   : 234 MB/s
I/O speed(2nd run)   : 218 MB/s
I/O speed(3rd run)   : 221 MB/s
Average I/O speed    : 224.3 MB/s
Node Name                       IPv4 address            Download Speed
CacheFly                       9.49MB/s      
Linode, Tokyo, JP               5.71MB/s      

It will test more locations, but I snipped them out to make this a bit smaller, plus, to be honest, they took too long to finish.

The tests I have done here are for my desktop with an SSD, connected on the NBN at 100/40 using VDSL with Myrepublic as the ISP.

Maybe I will re-benchmark all the VPS's I currently have (11 at last count!) and post them on here.

Using Rsync

- Posted in Quick Tip by with comments

I found myself needing a copy a folder from one server to another, but keeping all of the file attributes intact and not copying files already transferred, or deleting anything.

I came across this command:

rsync --progress -havz /var/www [email protected]:/var/www

Which shows the progress as it goes, keeps the file attributes and doesn't copy anything that's already there.

Encrypted backups to another server

- Posted in Quick Tip by with comments

I am trying to back up one of my storage servers to another storage server, but I would like to encrypt the backup files for extra protection.

To do this, I will be using duplicity. Duplicity works great for backing up my desktop to my storage VPS so I'd like to use it for my server also.

First, we need to install duplicity and make sure gnupg is installed, as well as python-maramiko otherwise it may error advising it's not available as a backend.

apt install duplicity gnupg python-paramiko

Then we need to generate a key

gpg --gen-key

For the next part, I took the defaults except the keysize is 4096.

Take note of the public key that was generated as we'll use this to encrypt the backup.

This is the command I would use to back up the /var/www folder to the path /home/root/www on the destination.

duplicity --ssh-askpass --encrypt-key=CE69XXXX --sign-key=CE69XXXX /var/www sftp://[email protected]/www

The --ssh-askpass option is if you don't use SSH keys, otherwise it will complain that it can't connect.

The output will be pretty quiet, not showing any progress, so for the first backup I will use -v8 which is verbosity level 8 (info) which shows each file as it's backing up.

In another post, I'll look at decrypting the backup.

I have a Logitech G15 keyboard which has an LCD screen built into the top of it. Under Ubuntu, getting it to work is a simple matter of running

apt install g15daemon

Under Manjaro, it's a bit different. I can install the g15daemon but it won't start automatically without requring the root password. What we need to do is use a tool called visudo. This is what I did.

sudo visudo

Then go to the bottom of the file, press o to insert and put:

ALL ALL= NOPASSWD: /usr/sbin/g15daemon

Press escape, then :x to save and quit.

Now we enable it as a service in systemctl

sudo systemctl enable g15daemon

And test it by running

sudo systemctl start g15daemon

The LCD on the keyboard now shows me the time and date. To get this to start when I log in, because I'm using Manjaro XFCE I will open "Session and Startup", go to the "Application Autostart" tab and create a new entry with "sudo systemctl start g15daemon" as the command to run, giving it a suitable name.

After a reboot to test it, it's all working!

I originally followed this post on the Manjaro forums with no success, I found my way to be much cleaner.

Backing up a folder with tar

- Posted in Quick Tip by with comments

I was recently looking for the best way to back up a folder to a tar.gz archive and came across this command.

tar -cvpzf backup.tar.gz foldername

Replace backup.tar.gz with the name of the file you want to create, and replace foldername with the name of the folder you are backing up. For example to back up the /var/www/ folder

tar -cvpzf backup.tar.gz /var/www/

Done :)

Setting up Plex on a VPS

- Posted in Quick Tip by with comments

Setting up Plex on a local network is simple, you simply install it and point your browser to the URL and away you go, but when it's hosted on a VPS or outside of the local network things get a bit tricky.

The way around this is by setting up an SSH port forward temporarily to access Plex on a local port to set it up.

On the computer you're setting Plex up from (not the server) this will get us started.

ssh -L 12345:localhost:32400 [email protected]

This will open a port 12345 that points to port 32400 on the server, logging in with the ssh user @ the server hosting Plex.

Then it's a simple matter of going to http://localhost:12345/web/ and finishing the Plex setup from there.