Postfix, SASL, & Fail2Ban
I recently noticed that a lot of ISPs block outgoing SMTP connections on port 25 so I made some configuration changes to my server to allow SMTP connections on port 587. I configured Postfix to listen on port 587, added a new rule to the iptables firewall to allow the traffic through, and setup port 587 to be forwarded to the web server by my router.
I also modified the Fail2Ban rules for Postfix and SASL to monitor SMTP activity. The server is already configured to refuse relay requests for domains not hosted on the server unless the user has been authenticated. The rules I have setup now will notify me if anyone tries to perform a Denial of Service or Distributed Denial of Service attack. If I notice any increased activity I will change the Fail2Ban rules to block IP addresses instead of just sending me whois-lookup notifications.
Fail2Ban: List of Countries
I thought it would be fun to compile a list of countries which have unssucessfully tried to break into the server. Most attacks have been targeting SSH. So far I have 55 countries.
| Argentina | Australia | Austria | Azerbaijan | Brazil | Bulgaria | Cambodia |
| Canada | Chile | China | Columbia | Cyprus | Czech Republic | Ecuador |
| France | Georgia | Germany | Greece | Guatemala | Hong Kong | India |
| Indonesia | Ireland | Israel | Italy | Japan | Jordan | Kenya |
| Korea | Kuwait | Macedonia | Mauritius | Mexico | Myanmar | Netherlands |
| New Zealand | Norway | Poland | Portugal | Romania | Russia | Saudi Arabia |
| Singapore | Spain | Sweden | Switzerland | Taiwan | Thailand | Turkey |
| United Kingdom | Ukraine | Uzbekistan | Venezuela | Vietnam |
APC Uninterruptible Power Supply
Today I bought an Uninterruptible Power Supply for the web server. The computer turned off a few weeks ago and I think it was probably caused by a short power outage or a brownout so hopefully this will solve the problem. In the past 10 months the server has only gone down about 2 or 3 days, which means it has been up about 99% of the time.
I also setup and installed the apcupsd from the EPEL software repository. It monitors the UPS through a USB cable and automatically shuts down the operating system when the battery is running out. The UPS can only run for about 20 minutes before it shuts down the computer, but the bios is configured to turn the computer back on automatically when power is restored. The daemon also sends out a broadcast message so anyone logged into the server will be notified that the server will be shutting down soon.
Red Hat Enterprise Linux 5.5 & Fail2Ban
I just transitioned my web server over from Fedora to Red Hat Enterprise Linux 5.5. I have access to a Red Hat Network satellite for updates so I decided to make the switch. I rebuilt the web server, making a few minor modifications.
One big change is the addition of Fail2Ban. Previously I was using DenyHosts to block ssh brute-force attacks, but I have switched over to Fail2Ban which is a great program. It can use tcpwrapper or iptables firewall to block brute force login attacks on almost anything, including ssh, ftp, imap, sasl, pop3, and even Roundcube webmail. Fail2Ban even performs whois lookups on the attacking IP address and sends e-mail notifications including who their hosting provider is, what country they are from, and who to contact about abuse.
Virtualized Web Server
Just for fun, I virtualized my web server. I used CloneZilla to create a backup image of my current server. Then I uploaded that to the web server and used CloneZilla over ssh to load the image onto a virtual server. I had to rebuild the initrd file to look for the file system on a Virtual SCSI drive instead of the SATA drive it was on before, but after that it worked prefectly.
I am going to be rebuilding the web server soon so I am running it off of the ESXi host for a few weeks while I order some new hard drives to setup a RAID 1 array for better data security. Afterwards I am going to look into using rsync to setup a redundant virtualized web server as a backup for my current physical server.
Drupal Setup for BroadwayBoundMeetup
I have had a lot of days off this past week due to a huge blizzard in the DC area so I started doing some work with Drupal. It is a great content management system with a lot of customization options and modules that can be installed. I just setup a new website for a client of mine. Previously they were using a WordPress Blog, but I think this is better suited for their needs.
Check it out @ www.broadwayboundmeetup.com
Setup DenyHosts
Since setting up the web server I have notice d a lot of activity in /var/log/secure. I was really surprised to see a vast number of attempted logins to ssh on my server. To prevent this I found a nice open source program called DenyHosts which will monitor /var/log/secure and block any IP address which attempt brute-force attacks on ssh by adding the ip address to the hosts.deny file. It appears to be working very well.
Web server is up and running!
My web server is now setup. I am running Apache, MySQL, & PHP on Fedora 11, with Postfix, Dovecot, Proftpd, Webalizer, & ISPConfig control panel. I created this WordPress blog to keep track of my technical developments.