Use NginX to block basic Web Based Attacks

Hey Guys,

 

Thought this could be useful to some people. Its a way to use the query string to block basic attacks via nginx configuration.

 

    ## Block SQL injections
    set $block_sql_injections 0;
    if ($query_string ~ "union.*select.*\(") {
        set $block_sql_injections 1;
    }
    if ($query_string ~ "union.*all.*select.*") {
        set $block_sql_injections 1;
    }
    if ($query_string ~ "concat.*\(") {
        set $block_sql_injections 1;
    }
    if ($query_string ~ "UNION*")
    {
	set $block_sql_injections 1;
    }
    if ($block_sql_injections = 1) {
        return 403;
    }

    ## Block file injections
    set $block_file_injections 0;
    if ($query_string ~ "[a-zA-Z0-9_]=http://") {
        set $block_file_injections 1;
    }
    if ($query_string ~ "[a-zA-Z0-9_]=(\.\.//?)+") {
        set $block_file_injections 1;
    }
    if ($query_string ~ "[a-zA-Z0-9_]=/([a-z0-9_.]//?)+") {
        set $block_file_injections 1;
    }
    if ($block_file_injections = 1) {
        return 403;
    }

    ## Block common exploits
    set $block_common_exploits 0;
    if ($query_string ~ "(<|%3C).*script.*(>|%3E)") {
        set $block_common_exploits 1;
    }
    if ($query_string ~ "GLOBALS(=|\[|\%[0-9A-Z]{0,2})") {
        set $block_common_exploits 1;
    }
    if ($query_string ~ "_REQUEST(=|\[|\%[0-9A-Z]{0,2})") {
        set $block_common_exploits 1;
    }
    if ($query_string ~ "proc/self/environ") {
        set $block_common_exploits 1;
    }
    if ($query_string ~ "mosConfig_[a-zA-Z_]{1,21}(=|\%3D)") {
        set $block_common_exploits 1;
    }
    if ($query_string ~ "base64_(en|de)code\(.*\)") {
        set $block_common_exploits 1;
    }
    if ($block_common_exploits = 1) {
        return 403;
    }

    ## Block spam
    set $block_spam 0;
    if ($query_string ~ "\b(ultram|unicauca|valium|viagra|vicodin|xanax|ypxaieo)\b") {
        set $block_spam 1;
    }
    if ($query_string ~ "\b(erections|hoodia|huronriveracres|impotence|levitra|libido)\b") {
        set $block_spam 1;
    }
    if ($query_string ~ "\b(ambien|blue\spill|cialis|cocaine|ejaculation|erectile)\b") {
        set $block_spam 1;
    }
    if ($query_string ~ "\b(lipitor|phentermin|pro[sz]ac|sandyauer|tramadol|troyhamby)\b") {
        set $block_spam 1;
    }
    if ($block_spam = 1) {
        return 403;
    }

As I say this is a very basic way to do this. But it is effective in stopping a fair few attempts.

HIVE Active Heating / AlertMe Ruby API

Hey!

Recently I had Hive Active Heating installed in my home. I was looking around for an API to find out its re-branded alert me kit. After some digging I found it also uses the same API for the smartphone stuff.

The main difference between the AlertMe and HiveAH API is the URL. So I have created a simple ruby gem to get some basic information from the API for both HIVE and AlertMe.

The Source to the Gem and a simple example can be found : https://github.com/Affix/rubygem-AlertMe

And is available on RubyGems : https://rubygems.org/gems/AlertMe

Demo using example application :

-- AlertMe API Ruby Binding Demo --
-- Written by Keiran Smith --
Logging in
Retrieving Thermostat Information 

-- Temperature Information at 04:24:25 -- 
Current Temperature : 23.5 C
Target  Temperature : -- C

Setup MariaDB/NginX/PHP on RHEL and Derivatives.

Setting up MariaDB and using it is just as easy as setting up mySQL. MariaDB was designed as a drop in for mySQL. This guide is designed to walk you through the process.

Initial Setup

First we need to install the EPEL Package source.

# rpm -Uivh http://www.mirrorservice.org/sites/dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm

PHP and php-fpm

What is php-fpm?

PHP-FPM (FastCGI Process Manager) is an alternative PHP FastCGI implementation with some additional features useful for sites of any size, especially busier sites.

To install via yum you can simply do Continue reading

Fedora at LinuxCon Europe 2013

CC BY-NC 2.0 – Linux Foundation

CC BY-NC 2.0 – Linux Foundation

Our booth was very well attended through the whole conference. We had alot of interest by some major companies, not naming any names, about using fedora as a platform for their
development cloud.

Most of the visitors to our booth seemed very impressed with our display featuring Fedora 19 (Shrödingers Cat) and Fedora 20 (Heisenbug)

Being along side GlusterFS and oVirt had some big advantages the main one being I learned about what GlusterFS can do and how to setup oVirt and RDO (Guides coming soon).

Alot of the attendees at the Gluster Booth picked up some of our Fedora for your Cloud fliers and asked us how to setup Gluster and oVirt using Fedora.

By Far the highlight of my week was meeting Linus Torvalds after his Keynote.

Linus Torvalds

Linus Torvalds

Thanks to Jiri Eischmann, Jon Archer, Tom Callaway and Tony Dyer who also staffed the booth, also Welcome to our future new ambasador Eilidh McAdam she aims to contribute to fedora and join in with our already sizable pool of female contributors.

An Honorable mention to the guys at Red Hat that were there for us throughout the event if we had any questions we were unsure about relating to the other Red Hat Products.

Nagios Packages Updated

Nagios

Nagios

I have submitted an update to testing to resolve bug #926192.

 

 

These packages are available for and will be pushed to updates-testing during the next release engineering push.

Rawhide

Fedora 19

Fedora 18

The patch applied is available here from Dennis Gilmore : http://ausil.fedorapeople.org/aarch64/nagios/nagios-aarch64.patch

ProTip : Hot Adding Disks to KVM Guest using virsh

kvmbanner-logo2Today mysqld was killed on the VM that hosts this blog.

After checking a few log files and finally dmesg I saw that mysqld was oom killed. For those that do not know an OOM kill means Out of Memory.

The relevant lines in dmesg were as follows.

Out of memory: Kill process 3844 (mysqld) score 104 or sacrifice child
Killed process 3844, UID 27, (mysqld) total-vm:909216kB, anon-rss:106172kB, file-rss:168kB

Instead of adding more ram outside one of my downtime windows I came up with a quick and easy solution…

Add a Swap Device.

 

However it’s not as simple as I had no spare disks for my VM.

So heres the Procedure I went through.

Created a new LVM called affix-swap
Attached it to the Guest

On the Guest used mkswap to make the new HD a swap device
used swapon to enable the swap.

 

Command Line :

HOST

[root@rbx01 ~]# lvcreate -L 2G -n affix-swap virtual
Logical volume "affix-swap" created
[root@rbx01 ~]# virsh attach-disk AFXVM-01 /dev/virtual/affix-swap vdb
Disk attached successfully

GUEST


[root@delta ~]# free -m
total used free shared buffers cached
Mem: 996 900 96 0 7 66
-/+ buffers/cache: 826 170
Swap: 0 0 0
[root@delta ~]# mkswap /dev/vdb
mkswap: /dev/vdb: warning: don't erase bootbits sectors
on whole disk. Use -f to force.
Setting up swapspace version 1, size = 2097148 KiB
no label, UUID=d22d0207-3583-4af1-961f-817dac348374
[root@delta ~]# swapon /dev/vdb
[root@delta ~]# free -m
total used free shared buffers cached
Mem: 996 913 83 0 8 79
-/+ buffers/cache: 825 171
Swap: 2047 0 2047

This however is a temporary solution and will last until the next reboot of the VM. That will be done over the weekend during my next window.

Hope this has helped someone out at least.