linux

Turn bash into vi style

Posted Mon, 11/22/2010 - 12:25 by jayzeng

so you are a big fan of vi/vim like me? And tired of using emacs style shell in your bash? Bash provides two modes for command line editing: emcas and vi. Emcas is the default style and you can turn it into vi mode with this one-liner:

  set -o vi

Now you are in business to use your shell in the vi way :)

How to enable history sharing between terminals in GNU screen

Posted Mon, 11/22/2010 - 12:17 by jayzeng

It annoys me for a long time that I can't save/load command history from other terminals when I am in screen, history within every single tab is erased when my session is killed, and even worse, I can't use other commands from other opened terminals. One of my colleague shares a tip with me which partially solve this issue.

You can either wrap the following in your ~/.bashrc or export every line. 

  # Ignore space and do not allow duplicates
  HISTCONTROL=ignorespace:erasedups

  # Increase history size
  HISTSIZE=1000
  HISTFILESIZE=2000

  # This does the magic! It changes the default behavior from overwrite history 
  # to append into the file. Clear and reload the buffer every time it is finished.
  export PROMPT_COMMAND='history -a; history -c; history -r'

The reason I said it partially work is because I will have to clear the screen if I want to load history.

Block brute force attacks with iptables

Posted Mon, 01/11/2010 - 15:37 by jayzeng

I was checking my server logs today and found there are quite a lot of ssh brute force attempts recently, I did a quick grep 

sudo grep 'invalid' /var/log/auth.log*|grep -v ";"|wc -l

And returns 2595. Looking further into this, turns out they are initialized by 43 unique IPs, 27 of them have more than 5 failure attempts. 

username@host$ sudo grep 'invalid' /var/log/auth.log*|awk '{print $13}'|grep -v ";"|uniq -c -d|sort -n -r
    921 222.73.216.14
    447 213.135.111.248
    173 210.1.27.211
     97 89.202.2.46
     88 201.101.6.182
     80 213.175.195.184
     77 94.88.127.100
     61 85.18.113.158
     55 85.21.139.69
     55 61.129.60.23
     47 213.135.111.248
     39 200.55.199.117
     36 202.131.227.27
     25 218.202.225.69
     24 85.18.113.158
     18 220.164.144.133
     15 219.143.216.108
     14 210.99.39.150
     13 190.223.40.154
     13 189.75.180.183
     10 213.135.111.248

Interesting! What I did was to block all the ones with >= 10 failure attempts with iptables. I piped the ones greater than 10 into a text file and then use the below one-liner to append to the iptables.

for i in `cat blacklisted_ips`;	
   do sudo iptables -A INPUT -s $i -j DROP
done

rm blacklisted_ips

Certainly you can be more specific such as blocking these IPs from ssh or web. I just don't like to see them touch my box.

the above commands only apply to the ones attacked my box before, it however has nothing to do with any new ones.

Here is an easy solution:

sudo iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH
sudo iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 90 --hitcount 10 --rttl --name SSH -j DROP

The rules are pretty self-explanatory, give it a try if you have no clue what they do

^ Top of Page