NTP (Network Time Protocol)
Uses UDP connections and port 123.
IPTables rules for NTP and SNTP
To open access to the NTP client and NTP server in IPTables, you need to add rules:
Continue reading “IPTables rules for NTP and SNTP”Installing and using jnettop
jnettop – a utility for viewing traffic statistics in real time, sorted by hosts / ports.
The installation command in Ubuntu/Debian:
sudo apt-get install jnettop
The installation command in CentOS:
sudo yum install jnettop
An example of a simple start:
sudo jnettop
An example of a start with a network interface:
sudo jnettop -i eth0
I’ll describe the possible startup options:
-h (help)
-v (view version)
-c (disable content filtering)
-d (write debugging information to a file)
-f (reading the configuration from the file, if not specified, then the file is searched for ~/.jnettop)
-i (to capture packets from the specified interface)
–local-aggr [none|host|port|host+port] (set local aggregation to the specified value)
–remote-aggr [none|host|port|host+port] (set remote aggregation to the specified value)
-n (do not resolving IP to DNS names)
-p (inclusion of promiscuous mode to receive all packets that come to the network interface)
-s (selects one of the rules defined in the .jnettop configuration file (by its name))
-x (allows you to specify a custom filter rule. this allows you to use the syntax of the tcpdump style. do not forget to include the filter in quotation marks when starting from the shell)
Email notification about each SSH connection
Here are a few ways to receive e-mail notifications about someone connecting to the server via SSH.
FIRST METHOD:
With a text editor, for example nano, open the file /etc/ssh/sshrc (in the nano editor CTRL+X to exit, y/n and Enter to save or discard changes):
sudo nano /etc/ssh/sshrc
And add the following code to it:
ip=`echo $SSH_CONNECTION | cut -d " " -f 1` logger -t ssh-wrapper $USER login from $ip (echo "Subject:login($ip) on server"; echo "User $USER just logged in from $ip";) | sendmail -f server@example.com -t your-email@example.com &
You do not need to restart SSH, the notifications should already come in when connecting.
SECOND METHOD:
Add the specified lines to the config /etc/rsyslog.conf (before each line commented the essence, this code will send messages about failed connections):
# Connect the messaging module $ModLoad ommail # Specify the address of the mail server $ActionMailSMTPServer mail.domain.com # Specify the email from which messages will be sent $ActionMailFrom rsyslog@domain.com # Specify the email to which messages will be sent $ActionMailTo test@domain.com # Specify the subject of the message $template mailSubject,"SSH Invalid User %hostname%" # Specify the content of the message $template mailBody,"RSYSLOG\r\nmsg='%msg%'" $ActionMailSubject mailSubject # Specify in seconds how often messages can be sent $ActionExecOnlyOnceEveryInterval 10 # If the log contains the characters in parentheses, then we send a message if $msg contains 'Invalid user' then :ommail:;mailBody
The same way of sending via rsyslog, but notifications of successful connections are sent (code without comments as above):
$ActionMailSMTPServer mail.domain.com $ActionMailFrom rsyslog@domain.com $ActionMailTo test@domain.com $template mailSubject,"SSH Accepted pass %hostname%" $template mailBody,"RSYSLOG\r\nmsg='%msg%'" $ActionMailSubject mailSubject $ActionExecOnlyOnceEveryInterval 10 if $msg contains 'Accepted password' then :ommail:;mailBody
As a result, if the connection to the SSH server is successful or not successful, messages will be sent to the e-mail. In a similar way, you can announce to email and other events that are logged via rsyslog.
Watch Linux Logs in Real Time
Example of a command to view the log file in real time:
tail -f /var/log/syslog
The output of the data can be highlighted in different colors, for this you can set ccze:
sudo apt-get install ccze
And for example, to formulate a command as follows:
tail -f /var/log/syslog | ccze --mode ansi
To stop viewing, you can use the keyboard shortcut Ctrl + C.
Asterisk warning “leave_voicemail: No more messages possible”
I noticed the following error on one of the servers:
WARNING[21992][C-00000b27]: app_voicemail.c:6559 leave_voicemail: No more messages possible
It turned out that the mailbox was full of voice messages and they ceased to exist, in response the caller was informed “The subscriber’s voice box is full”.
To solve this problem there are several options:
1) Delete the messages in the voice mailbox by calling the voice mail number.
2) Increase the value of maxmsg in the voicemail.conf file, thereby increasing the maximum number of messages in the mailbox, but again it may be full. After the changes in the voicemail.conf file, you need to apply them:
sudo asterisk -rvv voicemail reload quit
3) In the context of the voice mailbox, add delete=yes, for example:
[voicemailcontext] 207 => 1111,Username,test@example.com,,attach=yes|tz=ua|delete=yes
In this case, voice messages will be sent to e-mail, and they will be immediately deleted from the server, that is, they can not be listened to by calling to the voice mail number and accordingly the mailbox will never be full. I consider this option the best.
See also:
Setting up voicemail in Asterisk
OID and MIB list for Arris Cadant C3
I’ll list a few oid below and briefly describe them.
Check the response to oid and mib in linux for example with the following command:
snmpwalk -v 2c -c public 192.168.0.10 .1.3.6.1.4.1.4115.1.4.3.1.1.1.1.6
Connected modems (dcxUsStatsRegComplete) .1.3.6.1.4.1.4115.1.4.3.1.1.1.1.6
Upstream Indexes: .1.3.6.1.4.1.4115.1.4.3.1.1.1.1.8
Network Interface Status .1.3.6.1.2.1.2.2.1.8
Description of network interfaces .1.3.6.1.2.1.2.2.1.2
Network Interface Name .1.3.6.1.2.1.31.1.1.1.1
SignalNoise upstream (docsIfSigQSignalNoise) .1.3.6.1.2.1.10.127.1.1.4.1.5
SignalNoiseSNR upstream (docsIfSigQSignalNoiseSNR) .1.3.6.1.4.1.4115.1.4.3.6.1.3.1.21
Mibs for upstream power-level:
.1.3.6.1.4.1.4115.1.4.3.6.1.3.1.8.11
.1.3.6.1.4.1.4115.1.4.3.6.1.3.1.8.12
.1.3.6.1.4.1.4115.1.4.3.6.1.3.1.8.13
.1.3.6.1.4.1.4115.1.4.3.6.1.3.1.8.14
.1.3.6.1.4.1.4115.1.4.3.6.1.3.1.8.15
.1.3.6.1.4.1.4115.1.4.3.6.1.3.1.8.16
Number of modems on the upstream:
.1.3.6.1.4.1.4998.1.1.20.2.12.1.6.downstreamid.upstreamid
(dcxUsStatsOther) .1.3.6.1.4.1.4115.1.4.3.1.1.1.1.1
(dcxUsStatsRanging) .1.3.6.1.4.1.4115.1.4.3.1.1.1.1.2
(dcxUsStatsRngAborted) .1.3.6.1.4.1.4115.1.4.3.1.1.1.1.3
(dcxUsStatsRngComplete) .1.3.6.1.4.1.4115.1.4.3.1.1.1.1.4
(dcxUsStatsIpComplete) .1.3.6.1.4.1.4115.1.4.3.1.1.1.1.5
(dcxUsStatsAccessDenied) .1.3.6.1.4.1.4115.1.4.3.1.1.1.1.7
(UpstreamNum) .1.3.6.1.2.1.10.127.1.3.11.1.1
(dcxUsStatsAvgUtil) .1.3.6.1.4.1.4115.1.4.3.1.1.1.1.12
(dcxUsStatsAvgContSlots) .1.3.6.1.4.1.4115.1.4.3.1.1.1.1.13
(docsIfSigQUnerroreds) .1.3.6.1.2.1.10.127.1.1.4.1.2
(docsIfSigQCorrecteds) .1.3.6.1.2.1.10.127.1.1.4.1.3
(docsIfSigQUncorrectables) .1.3.6.1.2.1.10.127.1.1.4.1.4
(dcxUsStatsNumActiveUGS) .1.3.6.1.4.1.4115.1.4.3.1.1.1.1.9
(dcxUsStatsAvgUGSLastOneHour) .1.3.6.1.4.1.4115.1.4.3.1.1.1.1.10
(dcxUsStatsMaxUGSLastFiveMins) .1.3.6.1.4.1.4115.1.4.3.1.1.1.1.11
See also:
SNMP OID and MIB for interfaces
How to remove statistics from the main page phpBB
To remove statistics from the main page of the phpBB forum, comment out certain lines in the template file of the theme used.
Go to the template folder and open the file index_body.html in a text or html editor.
We find the following lines:
<h3>{L_STATISTICS}</h3> <p>{TOTAL_POSTS} • {TOTAL_TOPICS} • {TOTAL_USERS} • {NEWEST_USER}</p>
And comment them out:
<!-- <h3>{L_STATISTICS}</h3> --> <!-- <p>{TOTAL_POSTS} • {TOTAL_TOPICS} • {TOTAL_USERS} • {NEWEST_USER}</p> -->
After the changes in the files, you must clear the cache through the control panel or manually.
The list of users online, the legend of moderators and administrators, birthdays can be disabled in the control panel of the forum: “Home” -> “Server load“.
Firmware Update for TP-Link TL-WR840N Router
For the test, I will update the TP-Link TL-WR840N V1 with firmware 13xxxx RU.
1) Let’s look at the revision of the router, in my case it’s V1, and it’s for it that we download the archive with the new firmware from the official site:
https://www.tp-link.com/us/download/TL-WR840N.html
In my case, the last firmware for V1 was TL-WR840N_V1_151023_EN. If you download the firmware from an incorrect revision, you can damage the router. Unpack from the downloaded archive firmware file.
2) Open the router settings by typing in the browser address http://192.168.0.1 and enter login – admin, password – admin.
3) In the menu, select “System Tools” – “Firmware Update”, click the “Browse …” button and select the previously unpacked firmware file from the archive. Next, click the “Update” button and wait until the firmware is loaded into the router and it will reboot.
At the time of upgrade, you can not turn off the power of the router.
After updating the firmware, the settings in the router are not reset.
IPTables rules for FTP server
To open access to the FTP server in IPTables, you need to add rules:
sudo iptables -A INPUT -p tcp --dport 21 -j ACCEPT sudo iptables -A OUTPUT -p tcp --sport 20 -j ACCEPT sudo iptables -A INPUT -p tcp --dport 1024:1030 -j ACCEPT
To only allow access to a particular network, for example 192.168.1.0/24:
sudo iptables -A INPUT -s 192.168.1.0/24 -p tcp --dport 21 -j ACCEPT sudo iptables -A OUTPUT -p tcp --sport 20 -j ACCEPT sudo iptables -A INPUT -s 192.168.1.0/24 -p tcp --dport 1024:1030 -j ACCEPT
To remove a rule, we’ll specify the same command, replacing -A with -D, for example:
sudo iptables -D INPUT -p tcp --dport 21 -j ACCEPT sudo iptables -D OUTPUT -p tcp --sport 20 -j ACCEPT sudo iptables -D INPUT -p tcp --dport 1024:1030 -j ACCEPT
To view the list of rules, use the command:
sudo iptables -nvL
1024-1030 – example ports for passive mode are specified in the FTP server configuration, for example for ProFTPd are specified in the /etc/proftpd/proftpd.conf file as follows:
PassivePorts 1024 1030
See also my articles:
Configuring IPTables
Active and passive FTP mode
Installing and Configuring Pure-FTPd in Ubuntu
Installing and Configuring ProFTPd in Ubuntu