SecuNX – Nginx Security Automation

Yodabytz just added a Web Application Firewall script to his portfolio.

SecuNX is an automated security solution for Nginx servers, designed to enhance your website’s protection by managing IP blocklists and whitelists. It fetches malicious IP addresses from trusted sources, updates your Nginx configuration automatically, and ensures that trusted IPs are never inadvertently blocked. Additionally, SecuNX provides a custom 403 error page to inform blocked users appropriately.

https://github.com/yodabytz/secunx

 

A new script from my favorite github coder

ModSentry by YodabytzMy fave github coder has added another useful script to his portfolio.

ModSentry is a real-time log monitoring tool for analyzing security events from ModSecurity logs. It provides an intuitive terminal interface to track alerts and highlight critical incidents. IP addresses can be blocked or unblocked using iptables directly from the interface.

https://github.com/yodabytz/modsentry

 

Home Network Security #2

When you’re hosting your website and running your shack using your home network it’s important to keep an eye on the visitor traffic arriving at your site.

There’s a lot of useful info to be gathered by reading your server log files whether they’re your webserver logs or the connection log for your hotspot, mmdvm dashboard or repeater logs.

To begin with there’s the useful meta data such as browser and O/S info which will give you an insight into the software your visitors are using which can help with tailoring your website to work with different browsers and software or with identifying issues and problems.

But these posts are meant to give you a few ideas about maintaining your network integrity and security so first of all, you need to be reading the logs. Log files are usually just plain text files so all you need to read them is a simple text editor. You’ll also need to know where they are stored on your system, most MMDVM’s and many Webservers use a version of the Linux operating system and Linux uses a standardised file structure so for example, your MMDVM log files will probably be stored in /var/log/apache2/ if you’re using Pi-Star or WPSD on your hotspot and the file name will be access.log if you’re using a different system just google to find the location.

Once you have your log file open you will see a line by line breakdown of each request made by a visitor. First is the visitor’s IP address followed by the date and time of the request, this is followed by the type of request “GET” or “POST” for example and then comes the interesting bit which contains the filepath and requested file, the protocol and the code returned. This is followed by the user’s browser info and operating system versions as in this example of a request for the robots.txt file from the Apple search bot.

[27/Sep/2024:17:45:11 +0000] “GET /robots.txt HTTP/1.1” 301 162 “-” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4 Safari/605.1.15 (Applebot/0.1; +http://www.apple.com/go/applebot)”

So far so good, but let’s get to the ‘security’ bit and how log files can help identify threats to your system and attempts to exploit weaknesses.

The majority of threats to your system will generally be from malicious bots and not from some guy in a hoodie who is tapping in commands on a keyboard at the dead of night so let’s take a look at bot ‘hits’. Bot hits are easy to spot because they usually come as a block or flood of requests to the server.

Like that. The bot in this case is trying to get a positive ‘hit’ from its list of vulnerable or exploitable resources using curl, it will compile and save a list of positive hits, recording the IP address of the server, if it doesn’t get a positive ‘hit’ it will move on and try the next IP on its list.

So your log file is now useful in two ways, firstly it can now provide you with a list of ‘exploitables’ to avoid using on your system/server and secondly it provides you with an attacker’s IP address which you can block using your system’s firewall.

(Expect more about firewalls later)

Meanwhile, one last tip for viewing log files. You can view your log file in real-time using a Terminal window, just open a terminal on your MMDVM or server and type:-

sudo tail -f /var/log/apache2/access.log

Have fun 🙂

Home Network Security #1

You can’t be too careful when you’re running your shack from your home network.

So here you go, my Network Security Tip #1 for anyone with an Internet connection in the shack.

Don’t get hacked !

Here’s what to do if you find you have been ‘haxored’.

Change all your device and system passwords making sure that they’re all different and make them much bigger/longer with a mixture of symbols randomly arranged, avoid words or names which can be found in a dictionary… use two factor auth when ever you can and read your server logs on a regular basis,

I read mine pretty much everyday, try /var/log/apache2/ if you’re not sure where your webserver log is…

Webserver logs can be a mine of information but I’ll make that part of Tip #2

 

I’ve added a new fave sites list under the ‘Links’ tab…

I’ve started it with this one…  https://github.com/yodabytz

I’ve installed three of these scripts on the new web server and I love ’em !

I even keep my terminal open to the server while I’m doing website stuff just to watch the numbers 😀

They’re really useful for keeping an eye on the server resource usage situation. Netscope and Swapwatch run on my Raspberry Pi mmdvm hotspot too !

If you’re a newb like me, trying to learn some Linux command line stuff and a bit of Python to use on your server here’s a great place to begin !

I love github too…

We’re back…

Our new server is up and running and the Bromley Repeater Group Blog content has been reloaded from the backup.

There’s still a lot of configuration and (re)editing of content to do plus quite a bit of wordpress tweaking to get the site back to a fully functional state but we’re online and working on it.

We’re adding some RSS news feeds to the sidebar and starting to compile a list of blogs and websites. If you’d like to add a link, advertise a local club event or include your favourite news feed just email the editor.

Items of news, pictures from your shack, club, event or portable station are also welcome.

editor@bromleyrepeatergroup.org