How to change default SSH port 22 to something else

Internet connected Linux servers are always vulnerable to exploitation by the hackers/intruders. One of their common attack is through SSH. By default SSH servers are configured to listen to port 22 for SSH connection. Changing the port to something else will definitely add an additional measure in securing the server.

How to Change Default SSH port 22 to something else:

  1. Connect to your server via SSH (your ssh port is still 22) as the root user.
  2. Run this command: # vi /etc/ssh/sshd_config
  3. Find out this line: # port 22
  4. Delete the hash “#” sign from the beginning of the line and change the port to something else. Note down this new port very carefully. You’ll need to use this port for the SSH connection from the next login.
  5. Save the file and exit.
  6. Restart the SSH service by executing this command: # service sshd restart 

Now disconnect and try reconnecting with the new SSH port. Make sure you memorize the new port number or note it down somewhere.

How to Clear bash / SSH / Terminal command history in Linux

You might need to wipe off the command history that you’ve executed in your linux system for various reason. Normally when logged into the bash / SSH terminal – if the Up Arrow key is pressed – previously executed commands are shown. To completely delete the history type the following command:

# history -c
# history -w

 

How to find the IP addresses of a Linux system

The following command in a linux based system will show all the IPs assigned to that system:
# ip addr show

Or alternatively, if you’d like to know the IP address(es) of a certain port (for example eth0) type the following:
# ip addr show eth0

Sample output:
eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:30:67:b4:b7:4d brd ff:ff:ff:ff:ff:ff
inet 72.144.122.10/29 brd 72.144.122.15 scope global eth0
inet6 ef80::120:67ef:deb4:f74e/64 scope link
valid_lft forever preferred_lft forever

The IPv4 assigned to the system are: 72.144.122.10/29  (72.144.122.10 – 72.144.122.15 = 6 IPs)
The IPv6 assigned to the system are: ef80::120:67ef:deb4:f74e/64

Determine if the storage is SSD or HDD – using linux command

You’ve purchased a Cloud server or a Virtual server. The server provider says it comes with an SSD (Solid State Drive). Now you definitely would like to verify whether the storage is indeed SSD or is it simple HDD (Hard Disk Drive). If you’re server is running on any version of Linux OS (kernel version 2.6.29 onwards) – just run the following command:

cat /sys/block/sda/queue/rotational

Linux command to identify if a storage is ssd or hdd

The result will be Either 1 or 0 . If it is “0” – Congratulations – your storage is indeed an SSD one and if the result is “1” – your storage device is an HDD.

I ran the above command in one of my VPSs. The result is “1” – that is the storage device used here is an HDD.

GHOST vulnerability in Linux distributions and its Solution

A GNU C Library (glibc) vulnerability – termed as “GHOST Vulnerability” was announced to general public on 27  January 2015 – after a Cloud research company Qualys discovered this major security vulnerability. This vulnerability enables hackers to remotely take control of systems without even knowing any system IDs or passwords.

Ghost Vulnerability - A serious security hole in Linux systems

How to Quickly Identify if your system is vulnerable:

The GHOST vulnerability can be exploited on Linux systems that use versions of the GNU C Library prior to glibc-2.18. That is, systems that use glibc-2.2 to glibc-2.17 are at risk. Many Linux distributions like CentOS (6,7), Debian 7, RHEL (6,7), Ubuntu and Distributions with end of life are vulnerable and should be patched immediately.

You may check the version of glibc by looking up the version of ldd (which uses glibc) with the following command:

#ldd –version

The first line of the output will tell you the glib version, the output could be like this:

# ldd (GNU libc) 2.12

As mentioned earlier – if it is older than 2.18 – your system is vulnerable.

How to solve (patch the system) this problem:

Ubuntu / Debian:

Update all of your packages to the latest version available using this command:

# sudo apt-get update && sudo apt-get dist-upgrade

Respond to the confirmation prompt with: “y” and finally reboot using this command: # sudo reboot

 

CentOS / RHEL:

Update glibc to the latest version available via “yum”:

# sudo yum update glibc

Respond to the confirmation prompt with: “y” and finally reboot using this command: # sudo reboot

 

IF UPDATE FAILS:

To mitigate the problem you before the patch change the value of UseDNS to “no” in “etc/ssh/sshd_config”. This disables the Reverse DNS checks in public facing services.

Although you can be relived for the time being – make sure you patch your distribution whenever it is available using the steps mentioned above.

How to block IP address in Linux – Using IPTables Rule

Using IPTables rules we can block a Single IP address or a block of IP Addresses.

The following command (via ssh) will drop any packet coming from the IP address 1.2.3.4 :

# iptables -I INPUT -s 1.2.3.4 -j DROP

or you can use append

# iptables -A INPUT -s 1.2.3.4 -j DROP

How To Block Subnet (ip.Add.re.ss/subnet):

If your Machines public interface card name is eth1 and if you’d like to block the subnet 10.0.0.0/8 -Use the following syntax:

# iptables -i eth1 -A INPUT -s 10.0.0.0/8 -j DROP

How to View Blocked IP Address(es):

Simply use the following command:

# iptables -L -v

How to Save Blocked IP Address(es) in IPTables:

# service iptables save

ConfigServer installation IPtables problem in OpenVZ or Virtuozzo (solved!)

ConfigServer Firewall (AKA csf) is an essential security tool for Linux based server and VPS.

The installation of CSF is pretty straight forward and is described here: http://configserver.com/free/csf/install.txt

However, some of the iptables modules required by the csf might not be present in the server and when the perl test command ( # perl /usr/local/csf/bin/csftest.pl ) is run in the VPS container while installing csf – the following fatal error may be encountered:

[root@vps-xyz ~]# perl /etc/csf/csftest.pl
Testing ip_tables/iptable_filter…OK
Testing ipt_LOG…FAILED [ 4294967295] – Required for csf to function
Testing ipt_multiport/xt_multiport…FAILED [FATAL Error: iptables: Unknown error 4294967295] – Required for csf to function
Testing ipt_REJECT…OK
Testing ipt_state/xt_state…FAILED [FATAL Error: iptables: Unknown error 4294967295] – Required for csf to function
Testing ipt_limit/xt_limit…FAILED [FATAL Error: iptables: Unknown error 4294967295] – Required for csf to function
Testing ipt_recent…FAILED [Error: iptables: Unknown error 4294967295] – Required for PORTFLOOD and PORTKNOCKING features
Testing xt_connlimit…FAILED [Error: iptables: Unknown error 4294967295] – Required for CONNLIMIT feature
Testing ipt_owner/xt_owner…FAILED [Error: iptables: Unknown error 4294967295] – Required for SMTP_BLOCK and UID/GID blocking features
Testing iptable_nat/ipt_REDIRECT…FAILED [Error: iptables v1.3.5: can’t initialize iptables table `nat’: Table does not exist (do you need to insmod?)] – Required for MESSENGER feature
Testing iptable_nat/ipt_DNAT…FAILED [Error: iptables v1.3.5: can’t initialize iptables table `nat’: Table does not exist (do you need to insmod?)] – Required for csf.redirect feature

SOLUTION:

To resolve the issue – You’ll need to have access to your Hardware node (main server – not the VPS container). If you do not have access to the main server you may provide this guide to your VPS provider. Now you need to do the following steps:

1. First, you need to define required iptables modules are available for VPS.
Edit /etc/sysconfig/iptables-config file on the Hardware Node (Main server) and make sure you have the following:

IPTABLES_MODULES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"

Edit /etc/sysconfig/vz file:

IPTABLES="ipt_REJECT
ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"

2. Restart Virtuozzo/OpenVZ:

# service vz restart

3. execute the command (Assuming your VPS’s CTID is 1001):

# vzctl set 1001 --netfilter full --save --setmode restart

4. Now run the perl test command once again in the VPS container and you should see the result successful:

root@vps-xyz [~]# perl /usr/local/csf/bin/csftest.pl
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...OK
Testing ipt_owner/xt_owner...OK
Testing iptable_nat/ipt_REDIRECT...OK
Testing iptable_nat/ipt_DNAT...OK

RESULT: csf should function on this server

5. Finally restart CSF:

# Service csf restart

 

 

How to disable IPtables Firewall in Linux (Red hat/CentOS/Fedora Core)

Disable / Turn off Linux Firewall (Red hat/CentOS/Fedora Core)

Type the following two commands to save the IPtables first and then to stop it (you must login as the root user):

# /etc/init.d/iptables save
# /etc/init.d/iptables stop

Turn off firewall on boot

# chkconfig iptables off

Enable / Turn on Linux Firewall (Red hat/CentOS/Fedora Core)

Type the following command to turn on iptables firewall:

# /etc/init.d/iptables start

 

Turn on firewall on boot:

# chkconfig iptables on

SSH commands to check Hard Drive usage information in Linux Server

Login to your Linux server using SSH Client (ie, PuTTy)

Once you are connected to your server:

Use to following command to check Hard Drive and partitions:

(without the “#”)

# df -h

It will show you output like this:

Filesystem Size Used Avail Use% Mounted on
/dev/simfs 489G 42G 447G 9% /
none 7.8G 4.0K 7.8G 1% /dev
none 7.8G 0 7.8G 0% /dev/shm

The Size is shown in GigaBytes.

If you’d like to see the usage volume of a particular partition (ie, “/home”), use the following command:

(without the “#”)

# du -sh /home/

It will show you the usage in Gigabytes (or in Megabytes if usage is below 1 GB)

If you’d like to view the directory size in a particular partition (ie, “/home”):

(without the “#”)

# du -sh /home/*

The above will show you the size of all the directories in that partition.