How to add bulk IP addresses to DigitalOcean firewall ?

digitalocean

Trying to add bulk IP’s in DigitalOcean firewall? You are in the right place.

DigitalOcean cloud control panel UI doesn’t allow you to paste in multiple IP Addresses at once. That’s a good idea for a UI improvement.

In the meantime you can definitely do it via the API

Use the following shell script

It uses json for POST data, so update TOKEN, FIREWALL NAME, IP addresses, ports… and then run the script

#!/bin/bash

# Author: Akhil Jalagam
# update TOKEN, FIREWALL NAME, IP addresses and then run the script

TOKEN=dfjvbidvbasb4l5tu45hvu46vgl45h6vl
FIREWALL_NAME=internalaccess
curl -X POST -H "Content-Type: application/json" \
-H "Authorization: Bearer $token" \
-d \
'{
  "name": "'$FIREWALL_NAME'",
  "inbound_rules": [
    {
      "protocol": "tcp",
      "ports": "all",
      "sources": {
        "addresses": [
          "196.112.47.128/29",
          "196.112.43.128/29"
        ]
      }
    },
    {
      "protocol": "udp",
      "ports": "all",
      "sources": {
        "addresses": [
          "196.112.47.128/29",
          "196.112.43.128/29"

        ]
      }
    },
    {
      "protocol": "icmp",
      "sources": {
        "addresses": [
          "0.0.0.0/0",
          "::/0"
        ]
      }
    }
  ],
  "outbound_rules": [
    {
      "protocol": "icmp",
      "destinations": {
        "addresses": [
          "0.0.0.0/0",
          "::/0"
        ]
      }
    },
    {
      "protocol": "tcp",
      "ports": "all",
      "destinations": {
        "addresses": [
          "0.0.0.0/0",
          "::/0"
        ]
      }
    },
    {
      "protocol": "udp",
      "ports": "all",
      "destinations": {
        "addresses": [
          "0.0.0.0/0",
          "::/0"
        ]
      }
    }
  ]
}' "https://api.digitalocean.com/v2/firewalls/"

Hope it will save your time ! 😊

How to renew the SSL certificates for dovecot and postfix

Make a backup of the existing SSL key and certificate file

cd /etc/pki/dovecot
cp -a certs/dovecot.pem certs/dovecot.pem.old
cp -a private/dovecot.pem private/dovecot.pem.old

Create the new SSL certificate for two years:

openssl genrsa -out private/dovecot.pem 1024
openssl req -new -x509 -key private/dovecot.pem -out certs/dovecot.pem -days 730

Restart Dovecot and Postfix

sudo systemctl restart dovecot
sudo systemctl restart postfix

Check the start and end dates for the certificate:

openssl x509 -dates -in certs/dovecot.pem

What is DevOps?

devops-world

1. Definition from Wikipedia:

DevOps (a clipped compound of “development” and “operations”) is a set of software development practices[failed verification] that combines software development (Dev) with information technology operations (Ops) to shorten the systems development life cycle while delivering features, fixes, and updates frequently in close alignment with business objectives.

2. Definition from Webopedia

DevOps (development and operations) is an enterprise software development phrase used to mean a type of agile relationship between development and IT operations. The goal of DevOps is to change and improve the relationship by advocating better communication and collaboration between these two business units.

What is DevOps?

  1. DevOps is a culture that is followed by many big organizations. It is a combination of Development (software development) and Operations (software productions/IT operations).
  2. DevOps is an extended version of the Agile methodology. It is neither a tool or any technology, it is a culture or concept of behavior.
  3. DevOps defines a set of practices that are designed to overcome the communication and collaboration gap between the development, QA, and Operations team. It includes a Continuous Integration process with automated deployment.
  4. DevOps practices encourage the speed of delivering applications and services in the market.
  5. DevOps consists of 4 basic continuous processes in DevOps as follows:
  • Continuous Integration
  • Continuous Delivery
  • Continuous Testing
  • Continuous Monitoring

DevOps Life-cycle


i. Development
> In this DevOps stage the development of software takes place constantly. In this phase, the entire development process is separated into small development cycles. This benefits the DevOps team to speed up software development and delivery process.
ii. Testing
> QA team use tools like Selenium to identify and fix bugs in the new piece of code.
iii. Integration
> In this stage, new functionality is integrated with the prevailing code, and testing takes place. Continuous development is only possible due to continuous integration and testing.
iv. Deployment
> In this phase, the deployment process takes place continuously. It is performed in such a manner that any changes made any time in the code, should not affect the functioning of high traffic applications.
v. Monitoring
> In this phase, the operation team will take care of the inappropriate system behavior or bugs that are found in production.

Few of the benefits of DevOps are as follow

  • Speed
  • Rapid Delivery
  • Reliability
  • Scale
  • Improved collaboration
  • Security

The following are DevOps best practices

  • Continuous Integration
  • Continuous Delivery
  • Micro-services
  • Infrastructure as Code
  • Monitoring and Logging
  • Communication and Collaboration

How to auto login in MySQL from a shell?

When you run MySQL commands MySQL, mysqlcheck, mysqdump and psql, psqldump, etc; they will pick username & password from this file if you do not provide them as argument (-u and -p). It can save you time.

Of course, if you specify username and password explicitly as part of the command’s arguments, they will be used.

.my.cnf ( for MySQL client )

[clienthost1]   # Note: client + host1
user=myuser
password=mypass
database=dbname
host=server.location.com

Still Confused With Mail Ports?

This article explains the most commonly used Email protocols on the internet – POP3, IMAP, and SMTP

  • SMTP 25, 2525
  • SMTP-SSL/TLS 587,465
  • IMAP 143
  • IMAP-SSL/TLS 993
  • POP3 110
  • POP3-SSL/TLS 995

587 vs. 465
These port assignments are specified by the Internet Assigned Numbers Authority (IANA):

Port 587: [SMTP] Message submission (SMTP-MSA), a service that accepts submission of email from email clients (MUAs). Described in RFC 6409.

Port 465: URL Rendezvous Directory for SSM (entirely unrelated to email)
Historically, port 465 was initially planned for the SMTPS encryption and authentication “wrapper” over SMTP, but it was quickly deprecated (within months, and over 15 years ago) in favour of STARTTLS over SMTP (RFC 3207). Despite that fact, there are probably many servers that support the deprecated protocol wrapper, primarily to support older clients that implemented SMTPS. Unless you need to support such older clients, SMTPS and its use on port 465 should remain nothing more than a historical footnote.

How to install the latest git from source

git-install-latest-from-src.sh

wget https://github.com/git/git/archive/master.zip
unzip master.zip && rm master.zip
cd master
make configure
./configure --prefix=/usr
make install

How to install PHP 7.1/7.2/7.3/7.4 in CentOS 7

Uncomment the required php version.

yum install -y http://rpms.remirepo.net/enterprise/remi-release-7.rpm
yum install -y yum-utils
# yum-config-manager --enable remi-php70
# yum-config-manager --enable remi-php71
# yum-config-manager --enable remi-php72
yum-config-manager --enable remi-php73
yum -y install php # php-mcrypt php-cli php-gd php-curl php-mysql php-ldap php-zip php-fileinfo 
php -v

How to auto login in Postgres from a shell?

When you run MySQL commands MySQL, mysqlcheck, mysqdump and psql, psqldump etc; they will pick username & password from this file if you do not provide them as argument (-u and -p). It can save you time.

Of course, if you specify username and password explicitly as part of the command’s arguments, they will be used.

.pgpass ( for psql client )

test.net:5432:testdb:testuser:testpass
test1.net:5432:testdb1:testuser1:testpass1
test2.net:5432:testdb2:testuser2:testpass2

Custom fail2ban filters using regexp

fail2Ban is a very handy tool to prevent a lot of unwanted traffic from consuming bandwidth on your servers. It’s a very small and relatively simple IDS Type Tool that comes with some predefined Filters to automatically lockout potentially dangerous or bandwidth-consuming type attacks.

Creating a Custom Filter

/etc/fail2ban/filter.d/custom.conf
[Definition]
 
badagents = 360Spider|ZmEu|Auto Spider 1.0|zgrab/[0-9]*\.[0-9a-zA-Z]*|Wget\(.*\)|MauiBot.*
 
failregex = ^.+?:\d+ <HOST> -.*"(GET|POST|HEAD).*HTTP.*(?:%(badagents)s)"$
 
ignoreregex =

Testing

fail2ban-regex /path-to-samples/sample.log /etc/fail2ban/filter.d/custom.conf

Jail example

[apache-custom]
enabled  = true
logpath  = /var/log/apache*/access.log
		   /var/log/apache*/ssl_access.log
action   = iptables-ipset-proto4[name=Custom, port=1010, protocol=tcp]
findtime = 86400
bantime  = -1
maxretry = 1