Category: linux

Rsync over SSH with specific port

To execute a rsync over a ssh connection, we need to add the option -e and the ssh connection to rsync with the specific port we want to use, in this case 2222:

rsync -e "ssh -p 2222" origin destiny

Where origin is the remote or source host from where we want to copy and destiny is the target host.

To add more information to rsync, we can append more options:

rsync -vah --stats --progress -e "ssh -p 2222" origin destiny

That will give us the statistics of the transfer and a progress.

Keep SSH session alive

To avoid having your SSH session timeout due to inactivity, you can tweak your server and client settings.

Server side

Edit the fie: /etc/ssh/sshd_config
Set the values:

ClientAliveInterval 120
ClientAliveCountMax 720

Client Side

Edit the file: ~/.ssh/config
Set the value:

ServerAliveInterval 120

That should do the trick!

Cron jobs

Cron jobs are perfect for executing a specific task or script at a scheduled time or different time periods.

Cron jobs can be run hourly, daily, weekly and monthly.

Cron configuration file is located:

/etc/crontab

This file should look like this:

# Example of job definition:
# .---------------- minute (0 - 59)
# |  .------------- hour (0 - 23)
# |  |  .---------- day of month (1 - 31)
# |  |  |  .------- month (1 - 12) OR jan,feb,mar,apr ...
# |  |  |  |  .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# |  |  |  |  |
# *  *  *  *  * user-name command to be executed

Execute a job every X minutes

*/5 * * * * /path/to/script/script.sh

Use */10 for every 10 minutes, */15 for every 15 minutes… and so forth..

Execute a job every X hours

0 */5 * * * /path/to/script/script.sh

Use */2 for every 2 hours, */3 for every 3 minutes… and so forth..

Execute a job every Xth day of the week

Lets assume you want to execute a cron job every Wednesday at midnight:

0 0 * * 3 /path/to/script/script.sh

or

0 0 * * Wed /path/to/script/script.sh

You can use the corresponding number or the three letters for each weekday:

0=Sun
1=Mon
2=Tue
3=Wed
4=Thu
5=Fri
6=Sat

Please note that numbers starts with 0 for Monday, and not 1.

Execute a job every X months

You need to specify the what specific month or months you want to job to be executed. Like January and September:

0 0 1 1,9 * /path/to/script/script.sh

or

0 0 1 Jan,Sep * /path/to/script/script.sh

If you only want January and September, you should use a comma. If you want the job to be executed starting January and ending September, you need to use this format: 1-9.

Linux Server under DDOS Attack

To find out what IP is causing the DDOS, we can run the next command:

tail -n 10000 logfile.log | cut -f 1 -d ' ' | sort | uniq -c | sort -nr | more

The top IP addresses would be the ones to block.

Another way is looking at what resources are being requested:

cut -f 2 -d '"' logfile.log | cut -f 2 -d ' ' | sort | uniq -c | sort -nr | more

It’s probably you will see that they are trying to request a specific resource know as a common attack. For example, a common attack to wordpress would be:

GET /index.php? HTTP/1.0

Block an IP address range using the .htaccess file

I detected an attack to one (compromised) server running Apache and PHP. A fair amount of request were being made to a hacked resource. So one of the steps to avoid so many request was to block the IP range of the attacker(s). This was made via .htaccess in the site configured in apache:

Order Allow,Deny
Deny from XXX.XXX.XXX.0/24

That would stop the attack (for a few moment at least!)