Monday, October 19, 2020

fail2ban to secure ssh server

SSH is a network protocol for operating network services securely over an unsecured network but there is a word secure in the name, it doesn't mean it cannot be broken. Admins need to configure it securely.

If you are forced to provide ssh access globally, I would suggest to not use passwords as a login method. RSA keys are more secured way to login and it is hard to take unauthorized access of the server.

But if there is a case and you cannot use RSA keys as a login method, you should install fail2ban on your server. It protects you in certain ways to prevent unauthorized access.

If you are under impression that no body is trying to log into your server, you can try this on dummy server. Open 22 port for ssh login and check /var/log/auth.log or /var/log/secure after an hour or two, you will find uncountable number of ssh login requests. People are trying very hard from every point of the earth to get inside of your server.

Here is the way to secure your server, if your ssh login method is password.

1) Install fail2ban on your linux system.

apt install fail2ban
or
yum install fail2ban

2) Configure jail.local

nano /etc/fail2ban/jail.local
	[DEFAULT]
	 ignoreip = 127.0.0.1/8 ::1
	 bantime = 7200
	 findtime = 900
	 maxretry = 5
	[sshd]
	 enabled = true
     
service fail2ban restart

Now fail2ban is configured on your server. Now you want to know, is it working or not? Your concern is valid. Read following steps.

A) If you want to know number of jails you have created in fail2ban, here is the command. Check number of jails.

sudo fail2ban-client status

In above configuration, we created only one jail, so it will list only one jail i.e. 'sshd'. 

B) Now you want to check, how many IPs have been blocked. It will show you total number of blocked IPs as well as the list of IPs which are in blocked status currently. Check status of current blocked IPs

sudo fail2ban-client status <jailname>
sudo fail2ban-client status sshd

You gave bantime 7200 in your config, it means it will block an IP for 2 hours if failed login attempts are 5 or more. You can reduce failed number of login attempts and increase bantime depends on your requirement.

C) If you want to block an IP or a whole IP range manually, here is the command, Block ip or ip range manually.

sudo fail2ban-client -vvv set sshd banip 141.98.10.0/24
sudo fail2ban-client -vvv set sshd banip 222.141.207.246

First command will block an IP range from 141.98.10.0 to 141.98.10.255. It includes all 256 IPs. Second command blocks only one IP i.e. 222.141.207.246

D) If you think, nobody wants to log into your server as those files are useless for them, try below command. If you put just one blank file a.txt in your server and if people will get access of your server, they will write in the file that how many bitcoins they want or they will simply remove the file with other OS files which can be removed by your user.

Check all fail login attempts

 cat /var/log/auth.log | grep rhost 
SSH unauthorized access can be a biggest damage for you and your server. Do not take it lightly.
1) Always use key login method for your ssh user and do not open port 22 globally.
2) If you are forced to open it globally, use key login method and that is too RSA only.
3) If you are forced to use password login method with global access, then you must choose super strong password for your user and configure fail2ban.

Yandex New Account - Enable 'Create Organization' Option to add multiple Organizations under one account

If you have registered a new account on Yandex to connect your domain to Yandex mail, you might face an issue to add multiple organizations under one account.
You are not able to find Organization dropdown in your Admin Tools of Yandex Account. Here are the steps to active Organization dropdown in your Yandex Account.

1) Register new account on Yandex
https://connect.yandex.com > Try out > Register
or
https://passport.yandex.com/registration

2) After registration and log into new account, you can add your domain in the Domains section.

3) Once it is verified and if you want to add another domain under same account. You should add it as a different organization.

If you add under same organization, it may create issue. Best option is you can create another organization but this option may not be visible in new Yandex account.

4) To make it visible, connect.yandex.com > login > Admin Tools > Your username/image icon at top right > Add new business
https://connect.yandex.com/portal/registration?action=add&source=connect&preset=&retpath=https%3A%2F%2Fconnect.yandex.com%2Fportal%2Fhome
Click on Create an organization.

5) Now new organization will be created with new organization id which can be renamed in the profile section.
Similar way you can create as many organizations upu want and you do not need 'top left menu' option to create new organization.

Lex chatbot is not rendering html on web page

If you have integrated Lex chatbot in your website and it is showing html as a response message, it means your javascript is not able to render the html on the web page.

You need to handle this issue at the client side as it is correct method to send html as a response message from Lex.

If you are using default javascript code which you found in AWS blog for your Lex chatbot integration, you need to modify it little.

Find the following code in javascript function showResponse(lexResponse)

and replace following piece of code

	    if (lexResponse.message) {
	responsePara.appendChild(document.createTextNode(lexResponse.message));
	responsePara.appendChild(document.createElement('br'));
    }

with

    	if (lexResponse.message) {

        var message = lexResponse.message.replace(/"/g, '\'');
        responsePara.innerHTML = message;
        responsePara.appendChild(document.createElement('br'));
    }

Now you can add html markups in the message section of Lex chatbot so it will return this message when the 'Utterance' will be matched and It will render the html on the web page.