Fixing a Corrupted Apache Log File

The Apache access.log file is a good place to look for evidence of hacking activity. Code injections, brute force attacks and excessive crawling all show up in there, along with legitimate hits. While searching recently, I was surprised to see that Linux had started to regard the file as binary data:

$ grep something access.log
Binary file access.log matches
Continue reading

Redirecting Firewall Messages in Linux

The Linux firewall is a great way to secure a server, especially one that is Internet facing. Together with ipset and an appropriate blacklist, it can protect your server from the worst the Internet can throw at it. However, netfilter (aka iptables), can generate a lot of messages. By default they go to the kernel logging channel, flooding out log files such as messages, syslog and kern.log.

It is important to keep log files clear so that system issues are not missed. For example, a hardware or memory error message might be written to kern.log, but could be difficult to notice due to many thousands of firewall messages. Worse, over time, the important message will be moved into a historical log files due to the action of logrotate.

This article explains how to send firewall messages to their own log file, using the example of a Raspberry Pi running Raspbian 9 (Debian Stretch). After a small configuration change, netfilter messages go to their own file instead of clogging up the general logs.

Continue reading

How to Convert a Website from HTTP to HTTPS

An http website is not encrypted. That is to say, the data comprising the site is not encrypted as it flows from the web server to the device (pc, phone, tablet) on which the user is viewing the page. Anyone able to “listen in” on the network could read that data, which is a security risk. An https web site is different. Data is encrypted. The web server encrypts each web page before transmission, and the user’s browser decrypts it, providing end-to-end protection from eavesdropping.

This article explains how to convert an existing basic website to https by obtaining a free digital certificate from Let’s Encrypt. It is based on a Raspberry Pi running the “Apache” web server, but will also work on other Linux systems. It is intended for home users and people running small-scale web sites, and as a learning aid. Continue reading

SSH Proxying and Agent Forwarding

SSH allows secure connections from one host to another. All traffic is encrypted. Authentication is usually by means of a key pair, where the private key resides on your local machine, and the public key is imported to the remote system. SSH keys have become particularly important for cloud computing, where users need to access cloud servers over a potentially hostile Internet.

Sometimes, the requirement is to access one system via another. You “hop” through the first system to reach the second. For example, an AWS server through a gateway or “jump” system. The following article shows how to do that, in a secure way, either by proxying or agent forwarding, without having to place a private SSH key onto the middle system. Continue reading

Using Address Ranges and Port Ranges with Iptables

Iptables is the name of the firewall built into the Linux kernel. It is also the tool used for firewall configuration. This post explains how to use iptables with a range of IP addresses and/or ports. It could be used, for example, to allow SSH traffic from a number of systems. Or to open up a range of ports with a single firewall rule.

Note: This article is not about blacklisting. If you are looking to set up a blacklist, perhaps to protect your server from a number of unrelated IP addresses, my related procedure on how to protect your webserver with IPset might be more appropriate.

The Linux firewall (part of the Netfilter project) is important on Internet facing systems, “edge” servers and “jump” boxes. Particularly when they do not sit behind another protective network element such as a load balancer or discrete firewall. For example, standaline cloud instances that are not part of a protected VPC infrastructure. Continue reading

Protect Your Web Server With Ipset

The Linux packet filter provides an easy way to protect against unwanted network intrusions. Often referred to simply as “iptables“, it is a basic firewall built into the Linux kernel. Iptables is most useful, perhaps, on those servers most susceptible to attack, such as LAMP systems, content management servers and blogging platforms like WordPress, especially where they are Internet facing.

Ipset is a fairly recent addition to Linux, having been introduced into kernel version 2.6.32. This means it is supported in Debian 7 and 8, as well as Red Hat 6 onwards. In short, ipset allows a large number of IP addresses to be blocked in an efficient way, as demonstrated below. Continue reading

How to Delete a Route in Red Hat 6.6

Deleting a route from the routing table in Linux should be simple. However, the syntax of the route command can be a little fussy.

I wanted to remove the first entry in the routing table shown below: Continue reading

Network Scanners and Fedora 20

Here is a quick fix that might help users experiencing the “no devices available” problem when using xsane, the Linux scanning tool.

In this case, the device was an HP 3070 B611, a combined printer and scanner. The OS (Fedora 20) was able to see the device as a printer and print okay, but the scanner part did not work. Xsane just popped a small window saying unable to find device.

The fix was a change in the CUPS configuration, and it may therefore work with other versions of Linux.

Note: (19th June 2016) This article receives an unexpectedly large number of hits.  If you have come here expecting something else, for example information about network scanners like nmap or Wireshark, please leave a comment to that affect and I will adjust the keyword settings.  This article is about document scanners, not software to snoop your LAN.

Continue reading

Reuse a spare BT Home Hub as a Wireless Access Point

This article was rewritten and updated on 9th April 2017.

BT is a popular Internet service provider in the UK.  BT subscribers receive a free router called the “BT Home Hub“.  A new model of Home Hub is launched every few years, and as BT never takes the old ones back, many people have an old Hub tucked away somewhere, gathering dust.

This post explains how to convert an old BT Home Hub 5.0 or Home Hub 4.0 into a second wireless access point (“AP”) on your network, strengthening and extending the wireless signal around your home or office.  Although the details are for those routers, the basic procedure works for other BT and perhaps non-BT routers.  In particular, notes have been included for the BT Home Hub 3.0 and the now ancient Home Hub 1.0 – these are indented and written in italics.  Many users have also had success in reusing Home Hub models 2.0 and 6.0 (BT’s latest router, also known as the Smart Hub). Continue reading

BT Home Hub Cannot Access SSL Website

This article explains why the BT Home Hub routers appears unable to access SSL/TLS (https) websites on your internal home network.  It may interest users in the UK, where the Home Hub is a popular router/ADSL modem.

Hosting your own website(s) at home is pretty easy these days.  You have a small server running Apache, and configure your router to forward port 80 to it.  For SSL sites, you forward port 443.  That’s about it. Continue reading