FreeBSD

fail2ban I’m using fail2ban to block script kiddies. Here is one line what you will find in your auth.log May 11 05:32:14 srv01 sshd[79609]: Invalid user postgres from 37.49.226.178 port 46504 This description can help you how to install and configure fail2ban I will update this post with new infos. Installation - Ubuntu / Debian sudo apt-get update sudo apt-get upgrade sudo apt-get install fail2ban Installation FreeBSD sudo pkg install py37-fail2ban Configuration Configuration Ubuntu / Devian cd /etc/fail2ban sudo vi jail.local This configuration is for the sshd daemon. If a user fails to connect three times (maxretry = 3) within 24 hours (findtime = 24h) to login via ssh, he will get banned indefinitely (bantime = -1). ...

If you’ve installed FreeBSD on one single Disk, but you want your OS Installation mirrored then have a look. In this example FreeBSD has been installed on da0 and a second disk has already been physically added. Layout of the existing disk # gpart show da0 => 34 41942973 da0 GPT (20G) 34 6 - free - (3.0K) 40 1024 1 freebsd-boot (512K) 1064 984 - free - (492K) 2048 4194304 2 freebsd-swap (2.0G) 4196352 37744640 3 freebsd-zfs (18G) 41940992 2015 - free - (1.0M) Layout of the zpool # zpool status pool: zroot state: ONLINE scan: none requested config: NAME STATE READ WRITE CKSUM zroot ONLINE 0 0 0 gpt/zfs0 ONLINE 0 0 0 errors: No known data errors Partition the new disk # gpart create -s gpt da1 da1 created # gpart add -t freebsd-boot -l gptboot1 -b 40 -s 1024 da1 da1p1 added # gpart add -t freebsd-swap -l swap1 -b 2048 -s 4194304 da1 da1p2 added # gpart add -t freebsd-zfs -l zfs1 -b 4196352 -s 37744640 da1 da1p3 added # gpart show da1 => 34 41942973 da1 GPT (20G) 34 6 - free - (3.0K) 40 1024 1 freebsd-boot (512K) 1064 984 - free - (492K) 2048 4194304 2 freebsd-swap (2.0G) 4196352 37744640 3 freebsd-zfs (18G) 41940992 2015 - free - (1.0M) Attach the new disk to the existing pool and updating the bootcode on the new disk # zpool attach zroot /dev/gpt/zfs0 /dev/gpt/zfs1 Make sure to wait until resilver is done before rebooting. If you boot from pool 'zroot', you may need to update boot code on newly attached disk '/dev/gpt/zfs1'. Assuming you use GPT partitioning and 'da0' is your new boot disk you may use the following command: gpart bootcode -b /boot/pmbr -p /boot/gptzfsboot -i 1 da0 # gpart bootcode -b /boot/pmbr -p /boot/gptzfsboot -i 1 da1 bootcode written to da1 Verify the status During the resilvering process # zpool status pool: zroot state: ONLINE status: One or more devices is currently being resilvered. The pool will continue to function, possibly in a degraded state. action: Wait for the resilver to complete. scan: resilver in progress since Thu Jun 15 19:52:54 2016 1.87G scanned out of 2.44G at 54.8M/s, 0h0m to go 1.87G resilvered, 76.66% done config: NAME STATE READ WRITE CKSUM zroot ONLINE 0 0 0 mirror-0 ONLINE 0 0 0 gpt/zfs0 ONLINE 0 0 0 gpt/zfs1 ONLINE 0 0 0 (resilvering) errors: No known data errors Resilvering completed! # zpool status pool: zroot state: ONLINE scan: resilvered 2.44G in 0h0m with 0 errors on Thu Jun 15 19:53:45 2016 config: NAME STATE READ WRITE CKSUM zroot ONLINE 0 0 0 mirror-0 ONLINE 0 0 0 gpt/zfs0 ONLINE 0 0 0 gpt/zfs1 ONLINE 0 0 0 errors: No known data errors Adding additional swap I usually don’t mirror the swap. ...

Das Jahr 2015 neigt sich nun wirklich dem Ende zu. Die letzten Vorbereitungen für die Sylvesterfeier sind eigentlich abgeschlossen. Hat scho’ gepasst, würde ich rückblickend sagen. Das ist natürlich mein persönlicher Blick zurück. Für manch einen war das Jahr sicherlich grossartig, für andere war es nicht so toll. Wie dem auch sei… Ich wünsche allen die das hier noch lesen einen guten Rutsch! Meine guten Vorsätze bezüglich des Blogs hier ...