Minimum securization for sshd

I run an RaspberryPi inside my home network with ssh access allowed. One of the first things I’d done was to install fail2ban package.

I know this is not enough by far. A really secure configuration requires more intel in it but I let it that way just to check how much penetration attemps I’ll see.

After a fast review in the /var/log/fail2ban.log file I notice that almost everything were ssh tries to log in the system. Which is perfectly normal because the system only exposes a web server and the sshd daemon.

An easy and fast securization for your home systems with ssh is to edit the /etc/hosts.allow and the /etc/host deny files to concrete what IP’s are allow to log in via ssh and deny all the rest. You may do the same secure configuration via /etc/ssh/sshd_config what it requieres more ssh knowledge and I prefer dedicate another post to it.

To allow you home network edit your /etc/host.allow and add:
sshd: 192.168.0.0/24 # this allow your local lan
sshd: 127.0.0.1 # this allow your localhost

To deny any other IP edit your /etc/hosts.deny and add:
sshd: ALL

Epic

This are 3:49 of epic music by Vienna Philarmonic conducted by John Williams, playing, obviously, (my) Imperial March.

How to install a concrete binary in a rpm distro

How to install a concrete binary in a rpm based distribution? Let’s asume you have a rpm based distro. I will wrote this little howto using a CentOS 7.8.

For instance you need to install iwlist but you don’t know what package provides you that binary. You have to type:


# yum provides iwlist

Your local database will return you something like this:

[pbenavent@localhost ~]$ yum provides iwlist
Complementos cargados:fastestmirror
Determining fastest mirrors
* base: mirror.gadix.com
* epel: fr2.rpmfind.net
* extras: mirror.airenetworks.es
* updates: mirror.gadix.com
1:wireless-tools-29-13.el7.x86_64 : Wireless ethernet configuration tools
Repositorio : @epel
Resultado obtenido desde:
Nombre del archivo : /usr/sbin/iwlist

Now you know the package name that you need to install, so the only thing you need to do is installed:

# yum install wireless-tools

As you may notice by reading the above lines, it’s assumed that your repository have indexed in its information the binary and package you’re querying for. In this particular exemple, the binary was iwlist and in the answer you read the full path indexed (/usr/bin/iwlist) wich is provided by EPEL repos. Remember the EPEL repo it’s not installed by defaul.

IP via ProtonVPN and Tor Browser

There’s nothing really unknown in this post, I just want to share a little experiment with my personal homespun conclusion at the bottom.

  1. I open Chromium and I guess what IP the computer is given by the ISP. It’s an IP from my Spain
  2. Launch the ProtonVPN (via a free Japan server) connection and check the IP. It’s an IP from Norway
  3. I launch the Tor Browser over this VPN connection and check the IP. It’s an IP from Switzerland. Then, I reload the Tor Browser and the IP now its’ from France. Which is absolutely the expected behaviour according to Tor Browser features.
  4. I stopped the ProtonVPN connection while both browsers (Chromium and Tor) are running.
  5. The Chromium shows again the IP from Spain, the Tor Browser keeps showing an IP from a different town, Germany this time.

For this experiment I’ve used:

Homespun conclusion:

  • If you just want to browse web pages you may do it via Tor Browser, no VPN is needed.
  • If you need a wide IP traffic, not only web browsing (such a ssh, torrent, or whatever) consider a trusty VPN service. Consider privacy, logging and external auditing related with the VPN of your choice.

Four F’s in the Fedora Project

Fedora is Linux distribution with two pilars: community and Red Hat support. They have choose an easy way to describe the project by focusing on four concepts all beginning with the letter “F”:

  • Freedom: Fedora distro uses free software and free content, done or maintained by them
  • Friends: At Fedora’s page they said something naive about friendship but also “Like any friends, we occasionally disagree on details, but we believe in finding an acceptable consensus to serve the interests of advancing free software.
  • Features: My personal opinion about what features means in Fedora is about they improve the free software ecosystem not only by offering a distro ready for use but also they build new software and offers it to the community, for instance, yum, dnf, cockpit
  • First: This last F in the four F’s are the main difference among Fedora, CentOS or Red Hat Enterprise Linux which is related with the life cicle of Fedora, they release two versions per year at least.