Search form

Networking

logwatch on Ubuntu 16

logwatch is a utility that helps you track your system's log files, and it can monitor them on a schedule and email you a daily summary of its findings. Like most security packages, logwatch itself isn't a magic bullet, but it can be a useful component of a secure setup. If nothing else, it can greatly reduce the amount of time you spend troubleshooting problems.

Ubuntu 16 provides a recent version of logwatch:

Using ufw on Ubuntu

ufw, or the Uncomplicated Firewall, is a convenient front end for managing iptables on your Ubuntu server. This article provides a brief tutorial on some of the most commonly used commands. ufw is available in Ubuntu from the 8.04 release onward, and the commands here should apply to any current version.

Viewing the ufw Status

To view your firewall status and current rules:

Stop xmlrpc.php Attacks

Summary: how to diagnose and eliminate the xmlrpc.php WordPress exploit when it's clobbering your web server.

You've been running a public Ubuntu 12+ and Apache/LAMP web server for a while now. Until recently everything has worked fine, but suddenly your server is struggling to display even static pages. Sometimes content takes forever to load, and occasionally pages fail to load at all, with Apache showing the 503/Service Unavailable error. You haven't made any recent changes to your applications, server software, or databases, so what's going on?

nmap

nmap is a security scanner capable of mapping topology, discovering hosts, determining OS and device profiles, examining individual services, and exposing vulnerabilities across networks. It's licensed under the GPL and binaries are available for most platforms. A graphical frontend called Zenmap is available in most Linux repos.

mtr

mtr combines the behavior of the ping and traceroute utilities: it traces a route path between localhost and a destination device or computer, showing you a list of the routers between them as well as the average round-trip times and packet loss to each router. To do this mtr utilizes ICMP Type 0 and 11 (Echo Reply/Time Exceeded) packets.

Basic usage is mtr -rw remote-host:

wget and cURL

wget

wget is a GNU utility for retrieving files over the web using the popular internet transfer protocols (HTTP, HTTPS, FTP). It's useful either for obtaining individual files or mirroring entire web sites, as it can convert absolute links in downloaded documents to relative links. The GNU wget manual is the definitive resource.

Some Useful wget Switches and Options

Usage is wget option url1 url2

tcpdump

tcpdump is a useful packet analyzer distributed under the BSD license. It is included with most Linux and Unix distros, and it's available for Windows using the Winpcap library.

As you might imagine, tcpdump is excellent at troubleshooting problematic connections to remote systems where the cause is otherwise unclear. This is particularly useful for getting around, say, database administrators who won't admit that their database even exists, much less that you can connect to it.

Pages

Subscribe to RSS - Networking