понедельник, 1 августа 2016 г.

Generate self-signed wildcard ssl certificate

 $ openssl genrsa 2048 > domain.key
Generating RSA private key, 2048 bit long modulus
........+++
..................................+++
e is 65537 (0x10001)
$ openssl req -new -x509 -nodes -sha1 -days 365 -key domain.key > domain.crt
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:UA
State or Province Name (full name) [Some-State]:Kiev
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:company
Organizational Unit Name (eg, section) []:operations
Common Name (e.g. server FQDN or YOUR name) []:*.domain.name.com
Email Address []:operations@gmail.com
$ls -al
domain.crt
domain.key

Now you can put these files to your nginx/apache and configure servers.

воскресенье, 27 марта 2016 г.

How to configure fail2ban to defence Wordpress xmlrpc.php from DDOS attack



Install fail2ban package:

yum install -y fail2ban
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
vi /etc/fail2ban/jail.local

add to end of file next section:
[xmlrpc]
enabled = true
filter = xmlrpc
action = iptables[name=xmlrpc, port=http, protocol=tcp]
logpath = /var/log/{nginx,apache}/access.log
bantime = 3600
maxretry = 3

Then go to filter.d directory :

 cd /etc/fail2ban/filter.d/
and create  xmlrpc.conf file with next content:


[Definition]
failregex = ^<HOST> .*POST .*xmlrpc\.php.*
ignoreregex =


restart fail2ban service:

service fail2ban restart

and see fail2ban log :

tail -f /var/log/fail2ban.log

fail2ban.jail            : INFO    Jail 'xmlrpc' uses poller
fail2ban.filter         : INFO    Set jail log file encoding to UTF-8
fail2ban.jail            : INFO    Initiated 'polling' backend
fail2ban.filter         : INFO    Added logfile = /var/log/nginx/access.log
fail2ban.filter         : INFO    Set maxRetry = 2
fail2ban.filter         : INFO    Set jail log file encoding to UTF-8
fail2ban.actions     : INFO    Set banTime = 43600
fail2ban.filter         : INFO    Set findtime = 600
fail2ban.jail            : INFO    Jail 'xmlrpc' started
fail2ban.filter         : INFO    [xmlrpc] Found 208.67.y.xx
fail2ban.filter         : INFO    [xmlrpc] Found 46.161.y.xxx

fail2ban.actions     :WARNING [xmlrpc] Ban 5.39.88.106