Archive for the ‘MIS’ Category

« Older Entries

ClamAV 病毒資料庫格式更改 – ClamAV 需升級到 0.95 以上版本

星期五, 四月 16th, 2010

ClamAV 在 2009/10/5 公告 0.94 版停止維護,並在 2010/4/15 更改病毒碼資料庫格式,藉此強迫所有使用者升級到 0.95 以上版本。(End of Life Announcement: ClamAV 0.94.x

於是從今天起,如果是使用 0.95 以前版本的 ClamAV,會發現以下錯誤訊息:

Starting clamav_clamd.
LibClamAV Warning: ***********************************************************
LibClamAV Warning: *** This version of the ClamAV engine is outdated. ***
LibClamAV Warning: *** DON’T PANIC! Read http://www.clamav.net/support/faq ***
LibClamAV Warning: ***********************************************************
LibClamAV Error: cli_hex2str(): Malformed hexstring: This ClamAV version has reached End of Life! Please upgrade to version 0.95 or later. For more information see www.clamav.net/eol-clamav-094 and www.clamav.net/download (length: 169)
LibClamAV Error: Problem parsing database at line 742
LibClamAV Error: Can’t load daily.ndb: Malformed database
LibClamAV Error: cli_tgzload: Can’t load daily.ndb
LibClamAV Error: Can’t load /var/db/clamav/daily.cld: Malformed database
ERROR: Malformed database

如果急著收信,就先把 clamav 停掉,再趕緊安排時間進行升級吧!

Posted in FreeBSD, MIS, Uncategorized, 工作, 軟體、套件 | No Comments »

sshguard – 封鎖可疑攻擊 IP

星期六, 十一月 28th, 2009

sshguard 透過監控系統記錄檔,封鎖可疑的 IP 連線。與 SSHBlock 不同之處在於,監控的系統記錄檔不僅限於 ssh,因此雖然名為 sshguard,但實際上也可監控 dovecot, proftpd, ftpd 等服務。此外,sshguard 除了支援 TCP Wrappers 封鎖之外,還支援 unix-like system 常見的防火牆,例如 pf, netfilter/iptables, IPFIREWALL/ipfw, IPFILTER 等等。

sshguard 的 ports 路徑為 security/sshgurad/,若要搭配 pf 使用,則可直接到 security/sshguard-pf/ 目錄下安裝。其他還有 security/sshguard-ipfilter/, security/sshguard-ipfw/,端視欲搭配的防火牆而定。以下以搭配 pf 為例:

在 security/sshguard-pf/ 目錄下執行 make install clean 之後,最後顯示的操作提示:

Sshguard installed successfully.

To activate or configure PF see http://sshguard.sf.net/doc/setup/blockingpf.html

Your /etc/syslog.conf has been added a line for sshguard; uncomment it
and use "/etc/rc.d/syslogd reload" for activating it.

See sshguard(8) and http://sshguard.sourceforge.net for additional info.

因為是使用 pf 進行封鎖,因此需要先建立 sshguard 使用的 table,以便 sshguard 將可疑 IP 加入。pf 的設定方式可參考 sshguard 官方網站中的 Set up PF firewall
繼續閱讀 »

Posted in FreeBSD, MIS, 資安, 軟體、套件 | No Comments »

SSHBlock – 阻擋 ssh 暴力攻擊

星期六, 十一月 28th, 2009

就像有手機就會接到詐騙電話一樣,只要 server 連上網路,就會有人想 try 密碼。
SSHBlock 是藉由監控 ssh 記錄檔,將惡意的來源 IP 加到 TCP Wrappers 設定檔中以進行封鎖。

SSHBlock 的 ports 路徑為 security/sshblock/ ,其中的套件說明如下:

SSHBlock is a daemon to monitor a syslog log for break-in attempts using
SSH, and to automatically block bad hosts by adding lines to /etc/hosts.allow
(TCP Wrappers). Several thresholds are pre-defined, to be able to block those
trying many attempts within a longer or shorter period.

WWW: http://www.bsdconsulting.no/tools/

下指令 make install clean 安裝之後,出現後續的操作說明:

To enable and use the sshblock daemon, use the following in /etc/rc.conf or
/etc/rc.conf.local:

sshblock_enable="YES"

To set flags/options (optional), add:

sshblock_flags=""

See /usr/local/sbin/sshblock -h for possible command line options.

Use /usr/local/etc/rc.d/sshblock to stop and start it.

sshblock 語法說明如下:

Usage: sshblock [ -b <blockfile> ] [ -l <logfile> ] [ -t <trigger list> ]

Trigger list is a list of seconds:attempts threshold pairs for determining
whether a host should be blocked

Default blockfile: /etc/hosts.allow
Default logfile: /var/log/auth.log

因此利用 ports 安裝完成之後,可以執行以下指令啟動 sshblock

/usr/local/etc/rc.d/sshblock start

若要系統開機時自動啟動 sshblcok,則在 /etc/rc.conf 加入

sshblock_enable="YES"

繼續閱讀 »

Posted in FreeBSD, MIS, 資安, 軟體、套件 | No Comments »

Cacti 的備份與還原

星期六, 十月 17th, 2009

OS: FreeBSD 7.0
Cacti 安裝方式: ports 安裝
Cacti 安裝目錄: /usr/local/share/cacti

Cacti 備份
Cacti 會將資料與設定存放在資料庫以及程式目錄下,因此備份時需備份這兩個地方。

一、程式目錄備份
用 tar 備份起來即可:

tar -zcf cacti_YYMMDD.tgz -C /usr/local/share cacti

YYMMDD 是備份日期,請自行輸入。

二、資料庫備份
用 mysqldump 匯出:

mysqldump -h host -u user -ppassword cacti > cacti_YYMMDD.sql

YYMMDD 是備份日期,請自行輸入。注意,-p 與 password 之間沒有空白。

Cacti 還原
如果是照前述的方式備份,還原時只需將程式目錄復原,資料庫重新匯入,最後再檢查 cron 是否設定無誤即可。

一、程式目錄還原

cd /usr/local/share
rm -rf cacti // 移除既有的 cacti 目錄
tar -zxvf cacti_YYMMDD.tgz

二、資料庫復原

mysql -h host -u user -ppassword cacti < cacti_YYMMDD.sql

匯入前請確定 MySQL 已經有 cacti 資料庫。

三、檢查 cron 設定
檢查 /etc/crontab 中是否有以下設定,若無,則自行加上:

*/5 * * * * cacti php /usr/local/share/cacti/poller.php > /dev/null 2>&1

Posted in FreeBSD, MIS, 軟體、套件 | 1 Comment »

Limiting open port RST response from XXX to 200 packets/sec

星期三, 八月 12th, 2009

還是那台爆量的伺服器,系統出現以下訊息:

Limiting open port RST response from 253 to 200 packets/sec
Limiting open port RST response from 392 to 200 packets/sec
Limiting open port RST response from 924 to 200 packets/sec
Limiting open port RST response from 689 to 200 packets/sec
Limiting open port RST response from 284 to 200 packets/sec
Limiting open port RST response from 398 to 200 packets/sec
Limiting open port RST response from 219 to 200 packets/sec
Limiting open port RST response from 224 to 200 packets/sec
Limiting open port RST response from 223 to 200 packets/sec
Limiting open port RST response from 425 to 200 packets/sec
Limiting open port RST response from 436 to 200 packets/sec
Limiting open port RST response from 600 to 200 packets/sec
Limiting open port RST response from 265 to 200 packets/sec
Limiting open port RST response from 693 to 200 packets/sec
Limiting open port RST response from 263 to 200 packets/sec
Limiting open port RST response from 505 to 200 packets/sec
Limiting open port RST response from 355 to 200 packets/sec
Limiting open port RST response from 225 to 200 packets/sec
Limiting open port RST response from 228 to 200 packets/sec
Limiting open port RST response from 370 to 200 packets/sec
Limiting open port RST response from 344 to 200 packets/sec
Limiting open port RST response from 288 to 200 packets/sec
Limiting open port RST response from 287 to 200 packets/sec
Limiting open port RST response from 359 to 200 packets/sec
Limiting open port RST response from 355 to 200 packets/sec
Limiting open port RST response from 702 to 200 packets/sec
Limiting open port RST response from 299 to 200 packets/sec
Limiting open port RST response from 345 to 200 packets/sec
Limiting open port RST response from 329 to 200 packets/sec
Limiting open port RST response from 332 to 200 packets/sec
Limiting open port RST response from 211 to 200 packets/sec
Limiting open port RST response from 462 to 200 packets/sec
Limiting open port RST response from 295 to 200 packets/sec
Limiting open port RST response from 800 to 200 packets/sec
Limiting open port RST response from 623 to 200 packets/sec
Limiting open port RST response from 416 to 200 packets/sec
Limiting open port RST response from 256 to 200 packets/sec
Limiting open port RST response from 578 to 200 packets/sec
Limiting open port RST response from 443 to 200 packets/sec
Limiting open port RST response from 264 to 200 packets/sec
Limiting open port RST response from 656 to 200 packets/sec
Limiting open port RST response from 649 to 200 packets/sec
Limiting open port RST response from 426 to 200 packets/sec
Limiting open port RST response from 444 to 200 packets/sec
Limiting open port RST response from 334 to 200 packets/sec
Limiting open port RST response from 240 to 200 packets/sec
Limiting open port RST response from 289 to 200 packets/sec
Limiting open port RST response from 236 to 200 packets/sec
Limiting open port RST response from 600 to 200 packets/sec
Limiting open port RST response from 319 to 200 packets/sec
Limiting open port RST response from 286 to 200 packets/sec
Limiting open port RST response from 363 to 200 packets/sec
Limiting open port RST response from 1279 to 200 packets/sec
Limiting open port RST response from 416 to 200 packets/sec
Limiting open port RST response from 688 to 200 packets/sec
Limiting open port RST response from 771 to 200 packets/sec
Limiting open port RST response from 971 to 200 packets/sec
Limiting open port RST response from 603 to 200 packets/sec
Limiting open port RST response from 228 to 200 packets/sec
Limiting open port RST response from 254 to 200 packets/sec
Limiting open port RST response from 326 to 200 packets/sec
Limiting open port RST response from 441 to 200 packets/sec
Limiting open port RST response from 315 to 200 packets/sec
Limiting open port RST response from 357 to 200 packets/sec
Limiting open port RST response from 591 to 200 packets/sec
Limiting open port RST response from 300 to 200 packets/sec
Limiting open port RST response from 325 to 200 packets/sec
Limiting open port RST response from 332 to 200 packets/sec
Limiting open port RST response from 281 to 200 packets/sec
Limiting open port RST response from 302 to 200 packets/sec
Limiting open port RST response from 560 to 200 packets/sec
Limiting open port RST response from 368 to 200 packets/sec
Limiting open port RST response from 459 to 200 packets/sec
Limiting open port RST response from 388 to 200 packets/sec
Limiting open port RST response from 349 to 200 packets/sec

從網上找到一篇好文章,解釋的十分清楚:
Limiting open port RST response from 952 to 200 packets per second

Posted in Apache, FreeBSD, MIS | No Comments »

Apache 之謎樣 ServerLimit 指令 (directive)

星期三, 八月 12th, 2009

最近某個客戶網站的流量暴增,需要將 Apache 的 MaxClients 調高以應付暴增的連線數。
調高之後先用 apachectl configtest 測試一下,結果出現以下的訊息:

WARNING: MaxClients of 300 exceeds ServerLimit value of 256 servers,
 lowering MaxClients to 256.  To increase, please see the ServerLimit
 directive.

組態檔裡沒看到 ServerLimit 的說明,但在官方網站上找到了 ServerLimit Directive 的說明,於是在 httpd-mpm.conf 裡先把 ServerLimit 設定成 500 試試看:

<IfModule mpm_prefork_module>
    StartServers          5
    MinSpareServers       5
    MaxSpareServers      10
    MaxClients          300
    MaxRequestsPerChild   0
    ServerLimit         500    # 新設定
</IfModule>

但執行 apachectl configtest 卻還是出現同樣的錯誤訊息?

而後總算在網友的文章Apache 2.0 中 prefork.c 模組與 worker.c 模組的比較中找到端倪:
ServerLimit 要放在 MaxClients 前面!!!
改成下面這樣就可以了:

<IfModule mpm_prefork_module>
    ServerLimit         500    # ServerLimit 放在 MaxClients 前面!!!
    StartServers          5
    MinSpareServers       5
    MaxSpareServers      10
    MaxClients          300
    MaxRequestsPerChild   0
</IfModule>

另外,調整之後如果以 apachectl graceful 重開 Apache,ServerLimit 的設定並不會生效,log 檔裡會出現以下的錯誤訊息:

[Wed Aug 11 22:31:41 2009] [warn] WARNING: Attempt to change ServerLimit ignored during restart

如果以 apachectl restart 重開也沒用,一樣會出現前面提過的錯誤訊息:

WARNING: MaxClients of 300 exceeds ServerLimit value of 256 servers,
 lowering MaxClients to 256.  To increase, please see the ServerLimit
 directive.

在前面提過的官網說明中有一段隱晦的說明:

Any attempts to change this directive during a restart will be ignored, but MaxClients can be modified during a restart.

因此要使 ServerLimit 生效,必須先停止 Apache: apachectl stop,再開啟 Apache: apachectl start

Posted in Apache, FreeBSD, MIS | No Comments »

MegaCLI

星期五, 八月 7th, 2009

最近剛接手一台 Dell PowerEdge 1950,這幾天發現系統出現以下訊息:

mfi0: 3637 (302889152s/0x0002/WARN) - Predictive failure: PD 00(e0x20/s0)

上網查了一下,應該是 RAID 中的某一顆硬碟出狀況。

順便也找到在 FreeBSD 下查看 Dell PowerEdge RAID Controller (PERC) 6/i 的套件: MegaCLI
ports 路徑: /usr/ports/sysutils/megacli
到目錄下直接輸入 make install clean 便可完成安裝。
繼續閱讀 »

Posted in FreeBSD, MIS, 工作 | No Comments »

插座燒掉了…

星期一, 八月 3rd, 2009

每次趕程式的時候,硬體都會出狀況…

最近進了兩台新伺服器,一直擔心備援的 UPS 會撐不了多久,沒想到是插座先撐不住了

插頭也爛掉了

後續的處理是直接從電箱拉條絞線給負載用,中間用 no fuse break 連接,不再使用插頭、插座。

Posted in MIS, 工作 | No Comments »

用 portaudit 檢查套件的安全性

星期一, 七月 20th, 2009

安裝路徑: /usr/ports/security/portaudit
使用方式:

portaudit -Fda

這指令會自動抓取最新的弱點資料庫,並比對所有已安裝的套件,並產生需要修補的套件報表。

Posted in FreeBSD, MIS, 資安 | No Comments »

檢視 ports 安裝時的設定

星期一, 七月 20th, 2009

到 package 的 ports 目錄下,輸入

make showconfig

就可以看到安裝時設定。

如果要清除設定,就輸入

make rmconfig

Posted in FreeBSD, MIS | No Comments »

« Older Entries