Protect Your Web Server With Ipset

The Linux packet filter provides an easy way to protect against unwanted network intrusions. Often referred to simply as “iptables“, it is a basic firewall built into the Linux kernel. Iptables is most useful, perhaps, on those servers most susceptible to attack, such as LAMP systems, content management servers and blogging platforms like WordPress, especially where they are Internet facing.

Ipset is a fairly recent addition to Linux, having been introduced into kernel version 2.6.32. This means it is supported in Debian 7 and 8, as well as Red Hat 6 onwards. In short, ipset allows a large number of IP addresses to be blocked in an efficient way, as demonstrated below. Continue reading

How to Delete a Route in Red Hat 6.6

Deleting a route from the routing table in Linux should be simple. However, the syntax of the route command can be a little fussy.

I wanted to remove the first entry in the routing table shown below: Continue reading

List Virtual Machines on ESXi

ESXi is popular hypervisor product from VMware. It comes with several management GUIs including Vsphere and VCenter. Command line tools are also bundled, though they are used more rarely. This article describes a short script to list all virtual machines on the system.

The script is below. It is intended to run under the Busybox shell, the default environment when you ssh directly into the system hosting ESXi. Continue reading

Network Scanners and Fedora 20

Here is a quick fix that might help users experiencing the “no devices available” problem when using xsane, the Linux scanning tool.

In this case, the device was an HP 3070 B611, a combined printer and scanner. The OS (Fedora 20) was able to see the device as a printer and print okay, but the scanner part did not work. Xsane just popped a small window saying unable to find device.

The fix was a change in the CUPS configuration, and it may therefore work with other versions of Linux.

Note: (19th June 2016) This article receives an unexpectedly large number of hits.  If you have come here expecting something else, for example information about network scanners like nmap or Wireshark, please leave a comment to that affect and I will adjust the keyword settings.  This article is about document scanners, not software to snoop your LAN.

Continue reading

Recovering Data from a Corrupted SD Card

SD cards are used in digital cameras, phones and other devices, where their speed and large capacity makes them useful for storing pictures, video and other voluminous multi-media items. It is quite common these days for a mobile device to contain a 16 Gb or 32 Gb SD card.

With the devices being so mobile, backups are easily overlooked. And it is quite easy for an SD card to become corrupted, for example if the card is removed while the device is on, or the battery is taken out while a video is being shot.

I was given a corrupted 16 Gb card and asked to recover the files, if possible. The rest of this post explains how the data was safely restored using simple Linux tools. Continue reading

Linux does not see all memory

The other day I upgraded the memory in a customer’s Linux system from 2 to 8 Gb. Afterwards though, only 4 Gb was “visible”. The “free” and “top” commands confirmed that only half the expected memory was there. The system was running 32 bit Red Hat 4.7 in a vmware virtual machine. Continue reading