Archive for category Uncategorized
Quick way to find your public IP address from a Linux command prompt:
wget -O - -q icanhazip.com
While this article is a good starting point, I thought it was worth documenting some more details on configure Fail2Ban for these applications.
To begin, install Fail2Ban:
sudo aptitude install fail2ban
Ensure that your application is logging access attempts. I have Apache in front of both standalone applications:
LogLevel warn ErrorLog /var/log/apache2/jira-error.log CustomLog /var/log/apache2/jira-access.log combined
Next, update the /etc/fail2ban/jail.local file:
[confluence] enabled = true filter = confluence action = iptables-allports[name=Confluence, protocol=all] sendmail-whois[name=Confluence, dest=root, sender=fail2ban] logpath = /var/log/apache2/confluence-access.* maxretry = 5 bantime = 300 [jira] enabled = true filter = jira action = iptables-allports[name=JIRA, protocol=all] sendmail-whois[name=JIRA, dest=root, sender=fail2ban] logpath = /var/log/apache2/jira-access.* maxretry = 5 bantime = 300
You’ll see I decided to ban the offending IP from all ports, not just port accessed. After 5 failed attempts at logging in, the IP is banned for 5 minutes.
Now, setup a filter file for each application:
[Definition] failregex = <HOST>.*"GET /login.jsp <HOST>.*"POST /rest/gadget/1.0/login ignoreregex =
[Definition] failregex = <HOST>.*"GET /login.action <HOST>.*"POST /dologin.action ignoreregex =
Finally, restart Apache and Fail2Ban:
sudo /etc/init.d/apache restart && sudo /etc/init.d/fail2ban restart
Why would any sensible person get the non-3G version of the iPad? Honestly, Apple and, by extension, AT&T got this right by offering a 3G device capable of full Internet browsing and without a contract. If you don’t have a laptop now, this is a perfect device for typically browsing, email, documents, photos, and even eBooks. You can turn the 3G on/off at will–on a monthly basis.