Complex Processes Simple Language

How to detect and control services on Linux servers

admininfo.info May/2024

What services are active, are all necessary?

To see the services we have active you can use the netstat command . For example from an SSH connection:

 : ~ # netstat -a

It shows all the active services and listening to receive users or connections, here we see some like Apache (http) to serve web pages, smtp email delivery service, ftp to upload files.

A service can be stopped if it is unnecessary or if it occupies a lot of memory or cpu, for this we can see the consumption with the command:

 : ~ # ps aux --sort cputime

Here we can see Mysql, Clamav antivirus, and Dovecot is an open source IMAP and POP3 server. Here we can see the process executed by us previously, it is important not to confuse the START column that takes dates and times, indicates on what date or time the operation began.

Then to stop a Mysql example service:

 /etc/init.d/mysql restart /etc/init.d/mysql stop /etc/init.d/mysql start

Example of using command in Linux server security, we will use some commands to detect and prevent a denial of services attack that are the most frequent.

A denial of service attack (DoS attack) or distributed denial of service attacks (DDoS attack) is an attempt to make a server resource unavailable to its users.

1) Detect the attack

The main symptom is the server gets very slow, or "services are down", they stop working because an excess of connections is generated the server cannot respond.

We will use the “netstat” command.

It shows the active connections on port 80.

 : ~ # netstat -an | grep: 80 | sort

Here we can see that one of the active ip that makes queries to our server carries 5000 connections, while it could be said that the normal would be about 20 or 30 connections per ip. We could then suspect a DDOS attack, since the consumption of resources

2) The first thing will be to block the ip of the attacker with Iptables

Iptables is the name of the user space tool through which the administrator can define policies for filtering the traffic that circulates through the network.

 : ~ # iptables -I INPUT -s 74, 6, 73, 22 -j DROP

With that it crashes.

3) Install mod_evasive for Apache

Mod Evasive is a module for Apache that is responsible for providing an additional level of security to our very powerful and customizable web server.

In the example we will do it for Centos, but it can be adapted to any Linux with Apache.

We install dependencies from ssh

 : ~ # cd / usr / src : ~ # wget http://www.zdziarski.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz : ~ # tar zxvf mod_evasive_1.10.1.tar.gz : ~ # cd mod_evasive : ~ # apxs -cia mod_evasive20.c # for Apache 1.3 the command would be apxs -cia mod_evasive.c : ~ # vi /etc/httpd/conf/httpd.conf # edit the configuration : ~ # service httpd restart # restart the Apache

In the / etc / httpd / conf / httpd.conf the following lines should be added.

 DOSHashTableSize 3097 DOSPageCount 2 DOSSiteCount 50 DOSPageInterval 1 DOSSiteInterval 1 DOSBlockingPeriod 300

The important parameters

DOSPageCount: number of connections a user can make per sec before his ip is blocked.
DOSSiteCount: how many requests a user can make before being blocked.
DOSBlockingPeriod: how long in seconds will the blocking of that IP last.

It would also be advisable to install a firewall such as CSF for Linux that is Open Source.

Related Articles Ipconfig, tracert, ping and nslookup in PowerShell

When we are systems administrators it is important that we know the tools we have at our disposal to be able to manage everything correctly. Windows Server is a fairly widespread software for this. It contains tools to administer our System from just one command console. In our daily roles as personnel of the systems group, either as bosses, coordinators, administrators or auxiliaries, it is very common to use some commands at the console level to obtain information from the equipment, the network or other necessary information

How to share Samsung Galaxy S10 Plus Internet: It would be difficult to imagine doing many daily activities without the help of the internet, since today we find its great usefulness and use in most areas of our lives. We use it in work, study and leisure fields. But there are times when due to failures in the interconnection of data, there is no access to the internet on the computer, or perhaps a friend or family member cannot use it for various reasons
You can switch from voice to video call on WhatsApp without hanging up: If you ask us what the queen of social networks is for us, without a doubt WhatsApp is one of the first possibilities that come to mind to mention. The social network owned by Facebook that allows us to send live messages is used by more than 1, 200 million users in the world who exchange text messages daily as well as other files such as photos, videos, audio and almost any type of document so almost instantaneous These chilling figures are partly the result of the work they do from WhatsApp, since this social network incorporates novelties almost weekly, new features that are well received am
Change Chromebook search engine: Chromebook is a system based on our Google account with which the login is mandatory to use all its services and features . Being a Chromium-based system, its default browser is Google Chrome. This allows the actions we perform on this system to be synchronized with other devices where we have logged in and vice versa and everything we do on them will be reflected on the Chromebook.
Metrics to perform email marketing analysis: The most important thing is to determine how the campaign turns out to know if we can reach the audience we are looking for and if it is profitable to carry out the email marketing strategy for this there are a series of metrics that we can take into account to analyze these campaigns. After preparing and sending an email campaign it is important to analyze the results obtained
How to answer or share answers to Instagram story questions: Today social networks have become an essential communication method for many people. Thanks to such applications as Facebook or Instagram, many people have managed to communicate with people with whom they had lost the deal directly and free of charge. In addition to this, social networks look for tools for their users to interact with their friends on the platform, and thus spend more time on them

How to detect and control services on Linux servers

What services are active, are all necessary?

1) Detect the attack

2) The first thing will be to block the ip of the attacker with Iptables

3) Install mod_evasive for Apache

Related Articles Ipconfig, tracert, ping and nslookup in PowerShell

List Of Posts

Read Today

Articles From Subscribers

Articles

Read Also

Recent Posts

Popular Posts

Recommended

Relevant Today

How to detect and control services on Linux servers

What services are active, are all necessary?

1) Detect the attack

2) The first thing will be to block the ip of the attacker with Iptables

3) Install mod_evasive for Apache

Related Articles Ipconfig, tracert, ping and nslookup in PowerShell

List Of Posts

Read Today

Articles From Subscribers

Articles

Categories

Read Also