Ubuntu

In case you want to ban IP addresses based on Suricata fast.log, here is the filter you need: [INCLUDES] before = common.conf [DEFAULT] _daemon = suricata [Definition] datepattern = ^%%m/%%d/%%Y-%%H:%%M:%%S failregex = <HOST>:[0-9]* -> ignoreregex = In the jail configuration, I suggest you change the default blocktype from REJECT to DROP. Edit 2023-03-24: you may want to use the action iptables-ipset-proto6-allports which leverages ipset. It will make your iptables rules much more readable and according to some sources, faster. Just edit your jail.conf and replace the default banaction_allports entry with iptables-ipset-proto6-allports , or explicitly mention iptables-ipset-proto6-allports in the jail configuration of suricata, like so: ...

I recently installed an Ubuntu 21.04 and when I wanted to install Atom editor, I was given the following warning about apt-key being deprecated: Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)). After a bit of Googling around, I stumbled on this post on askubuntu.com explaining why apt-key was being deprecated. Then the folks at docker.com give a nice easy command to convert an old PGP key in base64 to a keyring. ...

To have rsyslogd automatically create directories and files with whatever you send at it, just put this in your rsyslog.conf file (or a .conf file in /etc/rsyslog.d): # provide UDP syslog reception $ModLoad imudp $UDPServerRun 514 $template DynFile,"/var/log/syslogs/%fromhost-ip%-%fromhost%/%$YEAR%-%$MONTH%-%syslogfacility-text%" # log everything from remote servers to one file per host+month+facility if $inputname == 'imudp' or $inputname == 'imtcp' then ?DynFile # stop logging from remote servers if $inputname == 'imudp' or $inputname == 'imtcp' then ~ All directories and files are created under /var/log/syslogs, one directory per ip-hostname pair, and one file per facility per month. ...

On two recent Supermicro servers, typing reboot actually shuts down the server. Thanks to Google and this blogpost, http://major.io/2013/06/03/supermicro-x9scix9sca-server-does-a-shutdown-rather-than-a-reboot/ I no longer have this issue. Short story: just blacklist the module named “mei” and you’re good.

This weekend, I finally had time to install a few network cameras from Ubiquiti in my house. The goal was to replace the previous system, which was composed of cheap USB webcams and the software motion , that has been running for years. HP Proliant N40L I had a spare N40L lying around that I used as a storage server for my VMware lab, so I repurposed it to be my future one and only home server running file sharing, monitoring, etc and AirVision of course. ...

Just some thoughts and things I’ve done. The hardware is the following: the Microserver itself, 2x 4GB DDR3, one 16GB USB flash drive, some 2TB SATA hard drives, Logitech S-150 USB speakers, and a GT520 HDMI+DVI graphic card. Installation on USB flash drive. There’s an USB port on the motherboard, so I plugged a 16GB USB flash drive and installed Ubuntu to it. The filesystem is ext4 because I trust it a lot more than btrfs and because it seems it’s quite good on a flash drive (source , it’s old, I know). The mount options are noatime,nodiratime . ...