Results 1 to 21 of 21
  1. #1

    Suggestion for FreeBSD5.4 and WHM 1.0 Server maintenance

    hi:
    Thanks for reading.

    I am newbie for Linux (Havent touched linux since two years ago).

    currently i got a dedicated server ,
    The OS is FreeBSD5.4 Release, with Cpanel 10.8

    I installed most of secuirty patched that mentioned in this forums. but i still have some questions regarding server maintenance once server in production place.

    1. how to mointor this server performance and when the server's services go down, i can get alert ASAP.

    2. how to prevent server being attacked? how to identify a attack source when it happens? normally how to solve the server attack issue?

    3. server back up and disater recovery, any suggestion?

    thanks very much.

  2. #2
    Join Date
    Jul 2002
    Location
    Malaysia
    Posts
    698
    1. You will need several tools such as MRTG for monitoring of your server bandwidth usage. For alerting services, you may try with the SIM from rfxnetworks.com that will help you to monitor on the services. Optionally you may signup for some third party monitoring services that will send you an email when the services are down

    2. APF / BFD may comes in hand. Server hardening is quite usefull as well. There are some guides available in the how-to session on how to harden the security of your server.

    3. WHM has a backup / recover feature. YOu may plug in an additional hard disk on your box as second drive and have the data backup over or optionally ftp it to a remote server.

  3. #3
    APF and BFD will not work on FreeBSD.

    Instead on APF, you can use PF in FreeBSD 5.x

    I don't know if there any BFD alternative for FreeBSD available.

    If service go down, cpanel have checkservd running on FreeBSD, that will restart the service and send mail to root email.

    For backup, use Cpanel backup option. You may use cpanel remote backup.

  4. #4
    Join Date
    Jul 2005
    Location
    Beverly Hills, CA.
    Posts
    242
    I have used this BFD on FreeBSD and have had some success.

    http://nullmind.com/2005/02/03/brute...tion-linuxbsd/

    Cheers

  5. #5
    Thanks very much for your guys' help.

    It is really helpful for me currently.

  6. #6
    Join Date
    Mar 2002
    Location
    Mass
    Posts
    726
    fail2ban basically does what BFD does, it's avaliable for linux and *BSD. It supports ipfw (among iptables... sorry no PF support).

    <edit> The link is: http://fail2ban.sourceforge.net/
    Jason

  7. #7
    I tried to install AIM in the server many times.

    but when i run it, always get this kind of error, any idea?

    ------------
    host# sim -q
    of: not found
    [: /var/lock/subsys/sim: unexpected operator
    [11/08/05 23:28:25]: could not lock subsys, aborting.
    [: unexpected operator
    cat: /proc/loadavg: No such file or directory
    cat: /proc/loadavg: No such file or directory
    [: : bad number
    [: : bad number
    [: : bad number
    [: : bad number
    [: : bad number
    [: true: unexpected operator
    cat: /usr/local/sim/tmp/.sim.nscache: No such file or directory
    cat: /usr/local/sim/tmp/.sim.pscache: No such file or directory
    [: unexpected operator
    [: unexpected operator
    [: true: unexpected operator
    cat: /usr/local/sim/tmp/.sim.nscache: No such file or directory
    cat: /usr/local/sim/tmp/.sim.pscache: No such file or directory
    [: false: unexpected operator
    [: unexpected operator
    [: unexpected operator
    [: false: unexpected operator
    [: true: unexpected operator
    cat: /usr/local/sim/tmp/.sim.nscache: No such file or directory
    cat: /usr/local/sim/tmp/.sim.pscache: No such file or directory
    [: unexpected operator
    [: unexpected operator
    [: true: unexpected operator
    cat: /usr/local/sim/tmp/.sim.nscache: No such file or directory
    cat: /usr/local/sim/tmp/.sim.pscache: No such file or directory
    [: unexpected operator
    [: unexpected operator
    [: true: unexpected operator
    cat: /usr/local/sim/tmp/.sim.nscache: No such file or directory
    cat: /usr/local/sim/tmp/.sim.pscache: No such file or directory
    [: unexpected operator
    [: unexpected operator
    [: true: unexpected operator
    cat: /usr/local/sim/tmp/.sim.nscache: No such file or directory
    cat: /usr/local/sim/tmp/.sim.pscache: No such file or directory
    [: unexpected operator
    [: unexpected operator
    [: 0: unexpected operator
    [: $[TIC+1]: unexpected operator
    host#
    -----------------

  8. #8
    luzhixianus, SIM do not work on FreeBSD.

    FreeBSD have no /proc/loadavg file to check server load.

  9. #9
    Thanks, flashwebhost

  10. #10
    Quote Originally Posted by levidjkt
    I have used this BFD on FreeBSD and have had some success.

    http://nullmind.com/2005/02/03/brute...tion-linuxbsd/

    Cheers
    Dont know why this one cannot work in my server.

    then i choose this one from FreeBSD security port collection

    http://danger.rulez.sk/projects/bruteforceblocker/

    under /usr/ports/security

  11. #11
    Think it only check SSH bruteforce.

    Have you got "pf" on your server ?

  12. #12
    you are right, only for SSH.

    for pf, actually, for Freebsd 5.4 , by default, it is installed with the system. (but set it to disable by default).

    but when run pfctl -e ,

    then i got this msg

    No ALTQ support in kernel
    ALTQ related functions disabled
    pfctl: pf already enabled

    still dont know why

  13. #13
    Join Date
    Jul 2005
    Location
    Beverly Hills, CA.
    Posts
    242
    Did you get it working? If not PM me and I can help you.

    Cheers!

  14. #14
    In my server pf not working, any suggestions ?

    # pfctl -e
    pfctl: /dev/pf: No such file or directory
    I get this error. Got following error in /var/log/messages

    Nov 14 01:46:34 freebsd kernel: pflog: $Name: VERSION_2_03 $
    Nov 14 01:46:34 freebsd kernel: pfsync: $Name: VERSION_2_03 $
    Nov 14 01:46:34 freebsd kernel: in6_ifattach: pflog0 is not multicast capable, IPv6 not enabled
    Nov 14 01:46:34 freebsd kernel: in6_ifattach: pfsync0 is not multicast capable, IPv6 not enabled
    Nov 14 01:46:34 freebsd kernel: pflog0: promiscuous mode enabled
    Nov 14 01:46:34 freebsd kernel: link_elf: symbol __panic undefined
    It seems i have to recompile kernel and enable IPv6.


    freebsd# pwd
    /usr/local/modules
    freebsd# ls -l
    total 144
    -rw------- 1 root wheel 164 Mar 4 2004 linker.hints
    -r-xr-xr-x 1 root wheel 128731 Mar 4 2004 pf.ko
    -r-xr-xr-x 1 root wheel 6776 Mar 4 2004 pflog.ko
    -r-xr-xr-x 1 root wheel 8162 Mar 4 2004 pfsync.ko
    freebsd# kldload /usr/local/modules/pf.ko
    kldload: can't load /usr/local/modules/pf.ko: No such file or directory
    freebsd#

  15. #15
    Join Date
    Jul 2003
    Location
    Texas
    Posts
    785
    If you are looking for a simple Cpanel + PF firewall feel free to check out one I created at http://layer0.layeredtech.com/showthread.php?t=2164 You will need to make sure are either running a 'GENERIC' kernel or have the following devices / options in your kernel.

    options INET6 # IPv6 communications protocols

    device gif # IPv6 and IPv4 tunneling
    device faith # IPv6-to-IPv4 relaying (translation)
    device bpf # Berkeley packet filter

    The ruleset in place is setup for a recent Cpanel/WHM install and if you follow the instructions it should only take 5 mins or so to setup. See the lists of ports at the top of the file if you need to add / remove anymore services.

    You can also disregard the messages about missing ALTq support in your kernel. Unless you are doing some traffic shaping with PF+ALTq there is no need to worry about the messages.

    You will also want to install the 'pftop' application from the ports tree as it will show you the realtime traffic states and flows for any rules where you are keeping state.

    Thanks,

    Jeremy

  16. #16
    Thanks LTADMIN for the detailed instructions, will be trying it.

  17. #17
    now this error make my server die
    ----------
    No ALTQ support in kernel
    ALTQ related functions disabled
    pfctl: pf already enabled
    -------------

    i just followed the Freebsd documentation, to add some options to kernel for ALTQ, at the same time, i also enable IPF (ip filter). and also add some options to kernel (to enable IPF, must add those options to kernel).

    after compile and make install this new kernel and reboot.

    my server cannot boot at all.

    i know it is very easy to load old kernel during server start. but i dont have physical contact with the server.

    my server provider want to charge me $120/hr for this ! really terrible one.

    this server is just testing server for me.... ( i am considering whether i need to pay this 120 to recover it).

    any suggestion?

  18. #18
    Join Date
    Jul 2003
    Location
    Texas
    Posts
    785
    You should not be using IPF and PF together as they work differently and IPF has a default 'deny all' by default once loaded. Its likely your host is back up and online but is blocking all your connections. Have your host try the following

    Reboot host and when it comes to the option menu tell them to select 'Boot Loader' option #6. Once that is loaded have them type the following to try and get the old kernel to boot.

    unload
    boot kernel.prev

    or
    boot kernel.GENERIC
    boot kernel.old

    They can also type 'ls boot' at that menu and see the available kernels. Tell them to try each of them until it boots and is able to respond to your connections. Once that is done rebuild your kernel and remove all of the IPFilter options you put in your kernel and other mods for the firewall and just use the 'PF' kernel module which I have shown in the short howto.

    Thanks,

    Jeremy

  19. #19
    LTADMIN:
    Thanks for your reply.

    I also know this solution.

    but the problem they want to charge me $120/hr for this small operation.

    I seriously consider i need to invest it! because it just test server for me. ( and i dont like their services at all. These guys are really pratices guys. it is unmanaged server. everything they will ask you pay. like i just asked they one question before, then they reply, "I can get my engineer to check/solve it, but it is a billable job" ). i can pay more to get more better service from others.

  20. #20
    Join Date
    Jul 2003
    Location
    Texas
    Posts
    785
    The only other suggestion I could give you then is to see if they have a KVM-Over-IP unit you can rent for 30-50$ and then fix the kernel issue yourself and then you can also use it for further testing your firewall rulesets.

    Thanks,

    Jeremy

  21. #21
    LTADMIN
    Thanks very much!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •