Running Your Own RBL DNS Blacklist

Ever notice how the public RBL databases aren’t enough? spamcop and spamhaus are great, but there are spammers still getting through. Did you ever want to do it yourself?

This procedure explains how to run your own RBL DNS Blacklist. It uses a mysql table to store the IP address you want to blacklist and whitelist. Based on this data, it rebuilds a flatfile that the dns server uses on a regular basis. I prefer every 5 minutes. I run it on a Blue Quartz server which is CentOS Linux (Red Hat EL4) based. You will need a local mysql server.
Step 1:Download the RBL DNS Daemon

We use rbldnsd from here
Download the rbldns server:
RHEL 4 / CentOS 4 rbldnsd RPM ver. 0.995
RHEL 5 / CentOS 5 rbldnsd RPM ver 0.995
Source rbldnsd RPM ver 0.996b
Step 2: Turn off any existing DNS server

Make sure you are not already running a DNS server on this machine. Turn off “named” if its on.

service named stop

Step 3:Install the RPM

useradd rbldns
rpm -Uvh rbldnsd*.rpm

Step 4: Create a mysql table
Make sure the MySQL server is running.

CREATE TABLE `ips` (
`ipaddress` varchar(15) NOT NULL default ”,
`dateadded` datetime NOT NULL default ‘0000-00-00 00:00:00’,
`reportedby` varchar(40) default NULL,
`updated` datetime default NULL,
`attacknotes` text,
`b_or_w` char(1) NOT NULL default ‘b’,
PRIMARY KEY (`ipaddress`),
KEY `dateadded` (`dateadded`),
KEY `b_or_w` (`b_or_w`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 COMMENT=’spammer list’;

You may want to create a mysql user just for this purpose with limited permissions.
Step 5: Download the perl script that rebuilds the flat file from a mysql database
rebuild_rbldns.pl script
Put this script in /usr/local/bin

wget -O /usr/local/bin/rebuild_rbldns.pl http://www.blue-quartz.com/rbl/rebuild_rbldns.txt
chmod 750 /usr/local/bin/rebuild_rbldns.pl

You will want to put this in the root cron and run it every 5 minutes

crontab -e
*/5 * * * * /usr/local/bin/rebuild_rbldns.pl

Please edit lines 25-27 of this perl script to change your mysql user and password.
Step 6: Edit the /etc/sysconfig/rbldnsd config file

# My boot rbldnsd options
# —————————————–
# TTL 35m, check files every 60s for changes, -f = smooth reloads
# -l logfilepath
# Please change 101.102.103.104 to your real public IP that you want the dns daemon to listen on
# Please change mydomain.com to your real domain name.
#
RBLDNSD=”dsbl -l /var/lib/rbldns/log/rbl.log -f -r/var/lib/rbldns/dsbl -b 101.102.103.104 \
rbl.mydomain.com:ip4set:spammerlist,whitelist \
rbl.mydomain.com:generic:forward

Step 7: Create directory structure for flat file

mkdir /var/lib/rbldns/dsbl
touch /var/lib/rbldns/dsbl/forward
touch /var/lib/rbldns/dsbl/spammerlist
touch /var/lib/rbldns/dsbl/whitelist
touch /var/lib/rbldns/dsbl/rbl.log
chown -R rbldns:rbldns dsbl

Step 8: Add some records to the MySQL database you have of known spammers

INSERT INTO ips SET
ipaddress=’123.456.789.1′,
reportedby=’101.102.103.104′,
attacknotes=’dictionary attack from badboy.com’,
b_or_w=’b’,
dateadded=now(),
updated=now();

To help in diagnosing problems, add these entries in the “/var/lib/rbldns/dsbl/forward” file:

@ A 1.2.3.4
test A 1.2.3.4

And please replace 1.2.3.4 with the ip address of your rbl server.

Step 9: Run the script to build the flat file
/usr/local/bin/rebuild_rbldns.pl and if you want to see if it actually created the file type this:

cat /var/lib/rbldns/dsbl/spammerlist

Step 10: Start the rbldns service

service rbldnsd start

Step 11: Create a DNS subdomain zone for rbl.mydomain.com
You must create a DNS zone (subdomain) in your main DNS server for rbl.mydomain.com and point it to your rbldnsd server.

; subdomain delegation
rbl.mydomain.com. in ns rbl.mydomain.com.
rbl.mydomain.com. in a 101.102.103.104

Step 12: test rbl.mydomain.com lookups
If a blacklisted IP address is in your rbl database it will “exist” in the DNS system.

For example:

if you blacklisted IP 89.40.1.32
then doing a regular DNS lookup like this:

nslookup test.rbl.mydomain.com
nslookup 32.1.40.89.rbl.mydomain.com

should result in a match of 127.0.0.2

nslookup test.rbl.mydomain.com

should result in a match for 1.2.3.4 (your public ip address of your rbl server). If this works then the file /var/lib/rbldns/dsbl/forward is working.

Every entry in your RBL database will return a match of 127.0.0.2

If an IP address is not in your RBL database it will fail to find an entry. This is how mail servers know how to block relays of email from known spammers.
Step 13: Having Your Mail Servers Use This RBL database
If you are using sendmail, and want it to use this database, do this:

cd /etc/mail
vi sendmail.mc
make

add this line right below the “blacklist_recipients” line:

FEATURE(dnsbl, `rbl.mydomain.com’, `Rejected – known spammer’)dnl

Now sendmail will reject messages from bad IP addresses in your database. You can monitor your /var/log/maillog file to see if sendmail really did block a specific IP.
Step 14: Filling your database with known spammers
Now you need to decide how you are going to add records to your MySQL table. I suggest you write a script that monitors mailboxes or mail server logs. This is a great way to discover those spammers that are getting through the system.

I also wrote some PHP web pages with forms to allow me to quickly add IP’s to my blacklist. You might want to try that.

In my dictionary attack monitoring scripts, I use this command to update the rbl database:

wget -q -O /dev/null ‘http://rbl.domain.com/drop.php?ipaddress=133.25.2.1&blackorwhite=b&notes=dictionary attack’

This way all my servers can add to the database. Of course, only approved IPs in my network are allowed to submit rbl data. I ignore all others.

Compile an Ubuntu 9.04 Kernel

Compile an Ubuntu 9.04 Kernel

The purpose of this tutorial is to show you how to set up a kernel that is highly tuned for your CPU, in this case a Pentium 4 with hyperthreading for a workstation.

Caution: If you do something wrong..it happens…be sure to reboot and select an alternative kernel. You should always have several kernels in case of trouble. DO THIS ON A TEST MACHINE or make sure you have a good backup.

Step #1: Download and install the necessary tools.
Download the necessary tools so that you have everything ready.

# apt-get install kernel-package libncurses5-dev fakeroot wget bzip2

You must have the source available to create a new kernel.

# apt-get install linux-source

You must be in the /usr/src directory to work or copy the source,
linux-source-2.6.28.tar.bz2, to the directory you want to work in. Either move into the /usr/src directory to work or into the alternative directory you will make the build in.

# cd /usr/src

This directory will contain the necessary headers to build the kernel. These are the source files.

You need to unpack the source that was downloaded.

# bzip2 -d linux-source-2.6.28.tar.bz2
# tar xvf linux-source-2.6.28.tar

Now you should have a directory that looks like this:

linux-source-2.6.28

Create a symbolic link to this source directory and name it linux.

# ln -s linux-source-2.6.28 linux

Move into the directory, you can use the term linux as it is now a link to that folder.

# cd linux

The config file is a hidden file that has the configuration from the kernel that is installed. You will need to copy that because it has already determined your hardware devices.

# cp /boot/config-`uname -r` ./.config

When you copy this config file over, it is a file represents the hardware that the kernel discovered at boot and set up. It also reflects many default settings.

Step #2: Now the fun begins….

You are ready to start menuconfig which will allow you to choose your kernel specifics.

make menuconfig

This opens the menu to start configuration.

k11

Here you see it detected the .config file.

Now work your way through the menus and make the selections that you want to add or subtract. For example, here KVM is changed from being a module to load to actually being made a part of the kernel. It has been unchecked so modular support will not be available, thus saving space in your kernel. The “*” indicates that it will be loaded into the kernel and an empty option means that no support for that option will be placed in the kernel.

If you know about your hardware you can increase your speed by making the kernel smaller by removing those modules that you do not need. It is important that you make changes slowly so that if you have problems you have fewer places to troubleshoot.

Once you have all of your modifications complete save the new .config file.

Run this command to clean up.

# make-kpkg clean

The next thing you want to do is create a kernel extension so that as you make kernels you are able to tell the versions apart. What I usually do is place my initials and a number so that I can keep track.

# fakeroot make-kpkg - -initrd - -append-to-version=-mw4 kernel_image kernel_headers

After –append-to-version= you write a string that will help you keep track of your kernel changes, it must begin with a minus (-) and must not contain whitespace.

This will take awhile. This can take 3-6 hours depending on your CPU and memory.

After the successful kernel build, you can find two .deb packages in the directory you built the kernel in. If you were located in the linux directory, look in the directory above for the two .deb packages.

Now you can install and create .deb files so you can take your kernel to another machine with similar hardware. Run these commands as root in order to install them into the boot directory and modify your /boot/grub/menu.lst.

# dpkg -i linux-image-2.6.28.9mw4_2.6.28.9mw4-10.00.Custom_i386.deb

# dpkg -i linux-headers-2.6.28.9mw4_2.6.28.9mw4-10.00.Custom_i386.deb

You should now be able to select and test the new kernel when you reboot.

Now when I look in /boot/grub/menu.lst I see listed my new kernel:

## ## End Default Options ##

title Ubuntu 9.04, kernel 2.6.28.9mw4
uuid 10517256-c276-4517-821a-4986d477bb86
kernel /boot/vmlinuz-2.6.28.9mw4 root=UUID=10517256-c276-4517-821a-4986d477bb86 ro quiet splash
quiet

title Ubuntu 9.04, kernel 2.6.28.9mw4 (recovery mode)
uuid 10517256-c276-4517-821a-4986d477bb86
kernel /boot/vmlinuz-2.6.28.9mw4 root=UUID=10517256-c276-4517-821a-4986d477bb86 ro single

title Ubuntu 9.04, kernel 2.6.28-11-generic
uuid 10517256-c276-4517-821a-4986d477bb86
kernel /boot/vmlinuz-2.6.28-11-generic root=UUID=10517256-c276-4517-821a-4986d477bb86 ro quiet splash
initrd /boot/initrd.img-2.6.28-11-generic
quiet

title Ubuntu 9.04, kernel 2.6.28-11-generic (recovery mode)
uuid 10517256-c276-4517-821a-4986d477bb86
Caution: You will need space in the /boot directory to save kernels as you build them. I typically build my /boot directory with 500 MBs of space.

Tip:

Edit your timeout in the /boot/grub/menu.lst and increase it when you are building and trying kernels. That way it will not fly by so fast.

## timeout sec
# Set a timeout, in SEC seconds, before automatically booting the default entry
# (normally the first entry defined).
timeout 8

Tip:

Comment out the hiddenmenu so that you will see the menu on boot.

Syntax for Secure Copy (scp)

What is Secure Copy?

scp allows files to be copied to, from, or between different hosts. It uses ssh for data transfer and provides the same authentication and same level of security as ssh.
Examples
Copy the file “foobar.txt” from a remote host to the local host

scp your_username@remotehost.edu:foobar.txt /some/local/directory

Copy the file “foobar.txt” from the local host to a remote host

scp foobar.txt your_username@remotehost.edu:/some/remote/directory

Copy the directory “foo” from the local host to a remote host’s directory “bar”

scp -r foo your_username@remotehost.edu:/some/remote/directory/bar

Copy the file “foobar.txt” from remote host “rh1.edu” to remote host “rh2.edu”

scp your_username@rh1.edu:/some/remote/directory/foobar.txt 
\your_username@rh2.edu:/some/remote/directory/ 

Copying the files “foo.txt” and “bar.txt” from the local host to your home directory on the remote host

scp foo.txt bar.txt your_username@remotehost.edu:~ 

Copy multiple files from the remote host to your current directory on the local host

scp your_username@remotehost.edu:/some/remote/directory/\{a,b,c\} . 
scp your_username@remotehost.edu:~/\{foo.txt,bar.txt\} . 

scp Performance

By default scp uses the Triple-DES cipher to encrypt the data being sent. Using the Blowfish cipher has been shown to increase speed. This can be done by using option -c blowfish in the command line.

scp -c blowfish some_file your_username@remotehost.edu:~ 

It is often suggested that the -C option for compression should also be used to increase speed. The effect of compression, however, will only significantly increase speed if your connection is very slow. Otherwise it may just be adding extra burden to the CPU. An example of using blowfish and compression:

scp -c blowfish -C local_file your_username@remotehost.edu:~ 

How do I get started with Linux?

I have been asked how does one enter the fruitful land of Linux, well, in a nutshell here it is;

1. Download you favorite iso image from Distrowatch.com.
2. Burn the iso file to a CD using your favorite CD burning software.
Remember to burn the .iso using the “Burn image to CD” option or “Burn CD iso image” option. Check your programs help files for details. Note that you can’t just burn it to a data disc as a file as you normally would, you need to burn it as a bootable image.
3. Set up your BIOS to boot from CD. To enter the BIOS, you need to hit a certain key as your computer starts. Find the boot options page and set “boot from CD” to the highest priority.
4. Put the CD in the drive and restart your computer.
5. The CD will boot either into a live or install environment, you choose from there. A live environment will not change anything on your computer, install will install the distro.

Change Default crontab editor CentOS

 
I was working on some sysadmin tasks on a freshly installed server, and I found out the crontab editor was not what I expected it to be. I really like vi (or vim) for command line editing, so I wanted ‘crontab -e’ to use vim instead of something else. To make that happen, I put this into my roots .bashrc file (location: ~/.bashrc):


export EDITOR=vim
export VISUAL=vim

or from the command line


export EDITOR=/usr/bin/vim
export VISUAL=vim

If using CentOS7 – System Default Editor
During login, a number of scripts are run to setup the environment. In CentOS, a file for each subject is used. These are stored in a system profile directory, /etc/profile.d/. There are two environment variables that control which editor to use.

cat < >/etc/profile.d/vim.sh
export VISUAL="vim"
export EDITOR="vim"
EOF

Per User Default
If a user wishes to set the default editor for themselves, it can be, instead, be done in the user’s bash profile.

cat < >~/.bash_profile
export VISUAL="nano"
export EDITOR="nano"
EOF

Activating Changes
Some of the changes made won’t take effect on the current session. Log out and back in to activate the changes.

Testing
Scheduling jobs is one multi-layer process that uses a text editor. Editing the current user’s scheduled jobs is one way to test which editor is the default.
crontab -e
If it is still nano, use ctrl+x to exit. If you are using vim, congratulations! Use “:q” to exit.

I keep forgetting this, so I decided to blog it. Don’t forget to reload the bashrc by doing this:

source ~/.bashrc

If you are in the same situation and want to change the editor to nano, here is the simple command that will change your default OS editor.

export VISUAL=’pico -w’

Now when you run:

crontab -e

Nano will open up. Don’t forget to logout and log back in to see the changes.

Linux Commands

Privileges

sudo command – run command as root
sudo su – open a root shell
sudo su user – open a shell as user
sudo -k – forget sudo passwords
gksudo command – visual sudo dialog (GNOME)
kdesudo command – visual sudo dialog (KDE)
sudo visudo – edit /etc/sudoers
gksudo nautilus – root file manager (GNOME)
kdesudo konqueror – root file manager (KDE)
passwd – change your password

Display

sudo /etc/init.d/gdm restart – restart X (GNOME)
sudo /etc/init.d/kdm restart – restart X (KDE)
(file) /etc/X11/xorg.conf – display configuration
sudo dpkg-reconfigure -phigh xserver-xorg – reset X configuration
Ctrl+Alt+Bksp – restart X display if frozen
Ctrl+Alt+FN – switch to tty N
Ctrl+Alt+F7 – switch back to X display

This command will usually tell you the vendor and model of your graphic card
list
lspci
lspci -v
lspci -v | less

System Services

start service – start job service (Upstart)
stop service – stop job service (Upstart)
status service – check if service is running (Upstart)
/etc/init.d/service start – start service (SysV)
/etc/init.d/service stop – stop service (SysV)
/etc/init.d/service status – check service (SysV)
/etc/init.d/service restart – restart service (SysV)
runlevel – get current runlevel

Package Management

apt-get update – refresh available updates
apt-get upgrade – upgrade all packages
apt-get dist-upgrade – upgrade Ubuntu version
apt-get install pkg – install pkg
apt-get remove pkg – uninstall pkg
apt-get autoremove – remove obsolete packages
apt-get -f install – try to fix broken packages
dpkg –configure -a – try to fix broken packages
dpkg -i pkg.deb – install file pkg.deb
(file) /etc/apt/sources.list – APT repository list

Network

ifconfig – show network information
iwconfig – show wireless information
sudo iwlist scan – scan for wireless networks
sudo /etc/init.d/networking restart – reset network
(file) /etc/network/interfaces – manual configuration
ifup interface – bring interface online
ifdown interface – disable interface

Special Packages

ubuntu-desktop – standard Ubuntu environment
kubuntu-desktop – KDE desktop
xubuntu-desktop – XFCE desktop
ubuntu-minimal – core Ubuntu utilities
ubuntu-standard – standard Ubuntu utilities
ubuntu-restricted-extras – non-free, but useful
kubuntu-restricted-extras – KDE of the above
xubuntu-restricted-extras – XFCE of the above
build-essential – packages used to compile programs
linux-image-generic – latest generic kernel image
linux-headers-generic – latest build headers

Firewall

ufw enable – turn on the firewall
ufw disable – turn off the firewall
ufw default allow – allow all connections by default
ufw default deny – drop all connections by default
ufw status – current status and rules
ufw allow port – allow traffic on port
ufw deny port – block port
ufw deny from ip – block ip adress

Application Names

nautilus – file manager (GNOME)
dolphin – file manager (KDE)
konqueror – web browser/filemanager (KDE)
kate – text editor (KDE)
gedit – text editor (GNOME)

System

Recovery – Type the phrase “REISUB” while
holding down Alt and SysRq (PrintScrn) with
about 1 second between each letter. Your system
will reboot.
lsb_release -a – get Ubuntu version
uname -r – get kernel version
uname -a – get all kernel information

Moving around in the file system

pwd “Print working directory” – show what dir you’re in.
ls -List the contents of a dir.
ls -l -List the contents of a dir and show additional info of the files.
ls -a -List all files, including hidden files.
cd -Change directory.
cd .. -Go to the parent directory.

Manipulating files and directories

cp -Copy a file.
cp -i -Copy a file and ask before overwriting.
cp -r -Copy a directory with its contents.
mv -Move or rename a file.
mv -i -Move or rename a file and ask before overwriting.
rm -Remove a file.
rm -r -Remove a directory with its contents.
rm -i -Ask before removing a file. Good to use with the -r option.
mkdir -Make a directory.
rmdir -Remove an empty directory.

zipping/taring

tar -cvzf mytar.tar.gz sourcefilesordir – creates a new tar file, verbose options on, runs it through gnuzip,f is the filename
tar -xvf mytar.tar.gz destination – extracts a tar file (this example is compressed with gzip), verbosely, f is the filename
gzip fileordir – compresses a file with gzip.
gunzip file.gz – decompresses a file with gzip.
NB gzip only compresses files, it doesn’t collect them into a single file like a tarball does.

More Commands

Arrow Up: scrolls and edits the command history, press enter to activate.
Shift+pgup: scrolls terminal output up
Shift+pgdown: scrolls terminal output down
CTRL-ALT+DEL reboots the system
Shutdown -h now turns the system off
CTRL C kills the current process
CTRL S Stops the tranfer to the terminal
CTRL Q Resumes the transfer to the terminal
CTRL Z Puts the current process in the background.

hostname – Shows the host name of the system you are on
whoami Displays your login name
date – Displays what your machine thinks the date is
who – Shows who is logged into the machine
rwho-a -Shows all users logged into the server network
finger Shows info on chosen user
last – Show the last users logged into the machine
uptime – Shows the systems uptime
PS – Shows the current user processes
PS -A – Shows all process on the system
uname -A -Displays all info on your host.
free -Shows the free memory in KB
df -h -Shows the disk space details
cat/proc/cpuinfo -Shows the CPU information
cat/proc/filesystems -Shows the file system information in use
cat/etc/printcap -Shows if any printers are hooked up
lsmod -Shows the kernel modules loaded