How to Protect a LAMP Server Against nf_conntrack Flood Attacks

An AWS hosted website went offline at 02:00 this morning. It was running on a t2.nano Debian 9 instance. I was unable to log into the affected server, and a reboot was the only available course of action. Logging in and checking the logs afterwards revealed thousands of errors like this in the kernel log file, from 2:00 AM onward:

nf_conntrack: nf_conntrack: table full, dropping packet

The cause was a denial of service attack, coming from a couple of IP addresses seemingly in Iran. However, it was a little unusual for a couple of reasons. This article explains more about the attack vector and presents a solution to guard against future attacks. (In summary: block IP addresses, tune the kernel).

Continue reading

Create a Recovery USB Stick in Linux

A recovery USB stick is a bootable USB drive that can be used to rescue a system or perform critical maintenance. It’s a useful tool to have around. Typically, a system of interest is booted from the USB stick, maintenance is performed, then the repaired system is rebooted from its own disk. Below is a simple guide to creating a number of rescue USB sticks.

A Rescue stick can help fix many system problems, such as a system that won’t boot, a broken GRUB configuration, a disk or other hardware problem. By allowing the whole operating system to be taken offline, a rescue USB allows maintenance of a kind that cannot be performed any other way.

It is easy to create a bootable USB stick in Linux. In these examples, I used a Raspberry Pi, but any Linux PC would do equally well.

Continue reading

How to Set Local Search Provider in Android Firefox

In Android Firefox, you can perform a search by typing directly into the address bar (aka the “awesome bar“). Results are provided by the default search engine, usually That’s fine, but you might prefer the results to come from a more local source, such as, or a completely different provider, such as

Use the following procedure to change the default search engine in Android Firefox. “Awesome bar” searches will then be performed by your provider of choice.

Continue reading

Fixing a Corrupted Apache Log File

The Apache access.log file is a good place to look for evidence of hacking activity. Code injections, brute force attacks and excessive crawling all show up in there, along with legitimate hits. While searching recently, I was surprised to see that Linux had started to regard the file as binary data:

$ grep something access.log
Binary file access.log matches
Continue reading

Bash: Unescaped Left Brace in Regex

A strange message was recently received from a Bash script running under Linux Mint 18:

Unescaped left brace in regex is deprecated, passed through in regex; marked by <-- HERE in m/%{ <-- HERE (.*?)}/ at /usr/bin/print line 528.
Error: no such file "test\n"

Slightly confusing, as it reads like a Perl error, rather than bash. Below is another variety of the same thing

Continue reading

Redirecting Firewall Messages in Linux

The Linux firewall is a great way to secure a server, especially one that is Internet facing. Together with ipset and an appropriate blacklist, it can protect your server from the worst the Internet can throw at it. However, netfilter (aka iptables), can generate a lot of messages. By default they go to the kernel logging channel, flooding out log files such as messages, syslog and kern.log.

It is important to keep log files clear so that system issues are not missed. For example, a hardware or memory error message might be written to kern.log, but could be difficult to notice due to many thousands of firewall messages. Worse, over time, the important message will be moved into a historical log files due to the action of logrotate.

This article explains how to send firewall messages to their own log file, using the example of a Raspberry Pi running Raspbian 9 (Debian Stretch). After a small configuration change, netfilter messages go to their own file instead of clogging up the general logs.

Continue reading

Messing Around with

This article explains how to create some simple mathematical shapes with, a popular graphics library for Python written by John Zelle. is a single file containing graphics functions such as Point, Line, Circle and Rectangle. In this article though, we are just going to use it to plot single points.

At the top of the page is a blancmange like shape. The program that drew it is at the bottom of the article, if you want to jump straight there.  Otherwise, a couple of simpler plots will be demonstrated first, just to show a couple of underlying principles. Continue reading

Complex Data Structures in Python

Most programming languages offer the facility for making large, compound data structures. For example C, Pascal, Perl and Python. A few simple data types are provided, out of which larger structures can be built. A programmer can store data in a whatever way is most suitable for the application.

Often, a simple list or dictionary will be enough. Read the data in, process it, and print the results out. Perfect. But for a larger or more useful application, more data, and more kinds of data, will need to be stored and processed at the same time.

This article demonstrates the building of a complex data structure in Python. Note: it is not about classes, or object oriented programming, just the syntax for handling complex data structures, made up of lists, dictionaries and simple strings and integers. Continue reading

Bash Script Behaves Differently When Called From Cron

Unix users and administrators will be familiar with the cron, unix’s built in job scheduler. It is a good way of running regular jobs eg backups, system monitoring programs or housekeeping scripts. The configuration of cron is quite particular and care is needed when setting up a new job. Your well tested script can behave differently when it is called from cron. Sometimes the differences won’t matter. But sometimes they do, and finding the cause can be tricky.

This brief article describes how many such problems can be tracked down simply by capturing the standard error output properly. In short, make sure your troublesome cron job is not quietly discarding the very information you need to fix it. Continue reading

How to Identify the Build Time of a Red Hat System

To determine when a Red Hat or CentOS server was first built, use rpm -qi basesystem:

[fred@rhel7 ~]$ rpm -qi basesystem
Name        : basesystem
Version     : 10.0
Release     : 7.el7
Architecture: noarch
Install Date: Thu 16 Apr 2015 18:16:04 CEST    <----- here
Group       : System Environment/Base
Size        : 0
License     : Public Domain
Signature   : RSA/SHA256, Tue 01 Apr 2014 15:23:16 CEST, Key ID 199e3a91fd554c52
Source RPM  : basesystem-10.0-7.el7.src.rpm
Build Date  : Fri 27 Dec 2013 18:22:15 CET
Build Host  : xxxxxxxxxx
Relocations : (not relocatable)
Packager    : Red Hat, Inc. 
Vendor      : Red Hat, Inc.
Summary     : The skeleton package which defines a simple Red Hat Enterprise Linux system
Description :
Basesystem defines the components of a basic Red Hat Enterprise Linux
system (for example, the package installation order to use during
bootstrapping). Basesystem should be in every installation of a system,
and it should never be removed.

Note: The date returned, 16th April in the example above, reflects the time that the operating system was installed. This is usually the same as the system creation time, except in cases where a system has been cloned or built from a pre-installed image. In the last case, the date returned will reflect the build date of the source image, rather than the target system.