Archive

Archive for the ‘PHP’ Category

Automatically remove duplicate IP’s in Iptables

December 9th, 2009 Remco No comments

Many scripts like my Persistent Iptables bans from Fail2Ban script add a bunch of DROP statements to Iptables chains.

I noticed that quite a lot of people ask questions on mailing lists and forums requesting a method to automatically remove any duplicate IP’s that might exist within a given chain.

Well, that’s quite easy to accomplish really, just run this little PHP script I created as root, and your Iptables is once again clean as a whistle!

/**
 * Configuration
 */
$chain = "Blocklist";
$safelist = array("x.x.x.x"
                 ,"y.y.y.y"
                 ,"z.z.z.z");
 
$data = shell_exec('iptables -S '.$chain);
$iparr = explode(' ',$data);
$j = 0;
$ref = array();
for($i=0;$i<sizeof($iparr);$i++) {
        if(substr_count($iparr[$i],".")==3) {
                $ref[$j] = $iparr[$i];
                $j++;
        }
}
sort($ref);
 
for($i=0;$i<sizeof($ref);$i++) {
        $ip = $ref[$i];
        $ref[$i] = "";
        if(stristr($ip,"0.0.0.0")) $ip="";
        if(strlen($ip)>2 && !in_array($ip,$safelist) && in_array($ip,$ref)) {
                echo "Duplicate IP found: $ip\r\n";
                while(in_array($ip,$ref)) {
                        shell_exec('iptables -D '.$chain.' -s '.$ip.' -j DROP');
                        $ref[array_search($ip,$ref)] = "";
                }
        }
 
}
Categories: Computer & Technology Related, Linux, PHP Tags: , , ,

Munin plugins for Dell IPMI fan speeds and temperatures

October 20th, 2009 Remco No comments

It is possible to monitor fan speeds and temperatures on Dell Poweredge servers under Linux. You can achieve this by reading out the IPMI data that is available on the system.
I used the steps on this website to buffer the data gathered by IPMI to use in Cacti.

However, in addition to Cacti I also use Munin to monitor various system parameters. Wouldn’t it be nice to incorporate graphs for fan speeds and temperatures in Munin? I thought so, so I developed a way to do this.
Read more…

Categories: Computer & Technology Related, Linux, PHP Tags: , , , , , , , , , ,

Persistent Iptables bans from Fail2Ban

August 18th, 2009 Remco No comments

On my servers I use the nifty program Fail2Ban to perform logbased automatic fire walling of ‘bad’ ip’s.

The idea behind this is easy: Some IP performs an action I don’t approve of. This can be any number of things, e.g. requesting pages in Apache that are commonly accessed by bots and/or scanners, or trying to log in to SSH with accounts that do not exist on the system. This bad behavior gets logged, and Fail2Ban keeps tabs on those logs, and using a number of rules it determines if a host is ‘bad’ enough to temporarily or permanently ban all access to the server. It does so by adding a few chains to Iptables (one for each thing it checks for), and dynamically adding/removing IP’s to/from these chains.

This all works perfectly. However, there’s one issue; When Iptables gets reloaded, it restores its default rules, removing the Fail2Ban chains and all the rules they contain, even if the ip’s in the chain were marked as permanent.
Read more…

Categories: Blogs & Hersenspinsels, Linux, PHP Tags: , , , ,

PRNG test using PHP

May 26th, 2009 Remco 1 comment

Every programmer uses them.. PRNG’s, better known as pseido-random number generators, in PHP represented by the rand(min,max) function.
Unlike true random number generators (TRNG’s) that use true random data like atmospheric noise to create their numbers, PRNG’s rely on software algorithms to come up with seemingly random numbers.. but are they? And is there a difference between Linux and Windows PRNG results?
Read more…

Categories: Computer & Technology Related, PHP Tags: , , , , , , ,