Using the Rackspace Nova Client

List your Cloud Servers

You can list all your servers by simply using the nova client’s list sub-command.

$ nova list
+--------------------------------------+-----------------------+--------+------------+-------------+--------------------------------------------------------------------------------------+
| ID                                   | Name                  | Status | Task State | Power State | Networks                                                                             |
+--------------------------------------+-----------------------+--------+------------+-------------+--------------------------------------------------------------------------------------+
| 3c0fe504-6610-4e96-b2d3-5286cd2173db | dummydomains          | ACTIVE | -          | Running     | public=95.138.171.74, 2a00:1a48:7805:113:be76:4eff:fe08:c88d; private=10.179.67.247  |
| 128daa81-6f7e-44f8-bb8d-7a215b380535 | nginx-01              | ACTIVE | -          | Running     | public=162.13.12.107, 2a00:1a48:7806:114:be76:4eff:fe08:1583; private=10.179.128.178 |
| e2f591f4-c48e-4ac3-b926-516e5a40ea24 | repository            | ACTIVE | -          | Running     | public=2a00:1a48:7806:116:936d:610a:ff08:6531, 161.13.14.156; private=10.177.5.144   |
+--------------------------------------+-----------------------+--------+------------+-------------+--------------------------------------------------------------------------------------+

Nova Help

The nova client comes with a help subcommand.

$ nova help

You can find out more about how to use other subcommands by passing their names as arguments to the help subcommand. For example, to find out more about the list subcommand:

[andy@bashful ~]$ nova help list
usage: nova list [--reservation-id <reservation-id>] [--ip <ip-regexp>]
                 [--ip6 <ip6-regexp>] [--name <name-regexp>]
                 [--instance-name <name-regexp>] [--status <status>]
                 [--flavor <flavor>] [--image <image>] [--host <hostname>]
                 [--all-tenants [<0|1>]] [--tenant [<tenant>]] [--deleted]
                 [--fields <fields>] [--minimal]

List active servers.

Optional arguments:
  --reservation-id <reservation-id>
                                Only return servers that match reservation-id.
  --ip <ip-regexp>              Search with regular expression match by IP
                                address.
  --ip6 <ip6-regexp>            Search with regular expression match by IPv6
                                address.
  --name <name-regexp>          Search with regular expression match by name
  --instance-name <name-regexp>
                                Search with regular expression match by server
                                name.
  --status <status>             Search by server status
  --flavor <flavor>             Search by flavor name or ID
  --image <image>               Search by image name or ID
  --host <hostname>             Search servers by hostname to which they are
                                assigned (Admin only).
  --all-tenants [<0|1>]         Display information from all tenants (Admin
                                only).
  --tenant [<tenant>]           Display information from single tenant (Admin
                                only).
  --deleted                     Only display deleted servers (Admin only).
  --fields <fields>             Comma-separated list of fields to display. Use
                                the show command to see which fields are
                                available.
  --minimal                     Get only uuid and name.

Build a Server

To build a cloud server, you need to have two bits of information to hand:

  1. The image ID you want to boot with
  2. The ID of the virtual machine (flavour) you want to create

Choose an Image

To spin-up a new server, you need to decide which distribution you’re going to build it with. To see the list of available images, use the below command. Note, this will also include any server images you may have already taken.

$ nova image-list
+--------------------------------------+----------------------------------------------------------------------------------------------+--------+--------------------------------------+
| ID                                   | Name                                                                                         | Status | Server                               |
+--------------------------------------+----------------------------------------------------------------------------------------------+--------+--------------------------------------+
| 6904b226-f20f-454d-9f7d-a0f32bc7af22 | Arch 2015.2 (PVHVM)                                                                          | ACTIVE |                                      |
| d2fa624e-a6ec-4752-a738-81fc4b2462af | CentOS 5 (PV)                                                                                | ACTIVE |                                      |
| 2318853e-f3b1-4cf4-b1a4-d7db71ca9b50 | CentOS 6 (PV)                                                                                | ACTIVE |                                      |
| 4f465d85-4512-44a9-9301-0412f0928f8b | CentOS 6 (PVHVM)                                                                             | ACTIVE |                                      |
| 126a6674-6308-421f-801e-fc302ab4f53f | CentOS 7 (PVHVM)                                                                             | ACTIVE |                                      |
| 2f120d3a-9c30-4056-bd41-a233de98e2ba | CoreOS (Alpha)                                                                               | ACTIVE |                                      |
| 64be157e-13c1-4b83-a806-564b6f20f30b | CoreOS (Beta)                                                                                | ACTIVE |                                      |
| 05438eb5-af42-4bdd-bd32-309c2154927d | CoreOS (Stable)                                                                              | ACTIVE |                                      |
| cad1e45d-fcb9-489d-850c-a61c0537fa55 | Debian 6 (Squeeze) (PV)                                                                      | ACTIVE |                                      |
| f211a88e-4cc0-4660-bda1-56495b05cda2 | Debian 7 (Wheezy) (PVHVM)                                                                    | ACTIVE |                                      |
| e584bfca-afc4-4fd2-bd2f-a8d9ecde47ff | Debian Testing (Jessie) (PVHVM)                                                              | ACTIVE |                                      |
| 1e9d1590-415f-483f-8473-b52d329d9861 | Debian Unstable (Sid) (PVHVM)                                                                | ACTIVE |                                      |
| eabb9ed2-1318-4948-9de6-f378bb07a33e | Fedora 20 (Heisenbug) (PVHVM)                                                                | ACTIVE |                                      |
| 03ce0d51-7d3f-489b-845d-9edff88b40f9 | Fedora 21 (PVHVM)                                                                            | ACTIVE |                                      |
| b49f8b6d-7b31-47e3-8cc4-a2c0a9292e97 | FreeBSD 10 (PVHVM)                                                                           | ACTIVE |                                      |
| 8e31be89-b93a-4526-8a25-da99555f79f0 | Gentoo 15.1 (PVHVM)                                                                          | ACTIVE |                                      |
| f370935d-1aa9-47ac-b1c2-8b030b7386a4 | OpenSUSE 13.2 (PVHVM)                                                                        | ACTIVE |                                      |
| 62a553fc-a010-4ac5-93d2-a40a96ae07a2 | Red Hat Enterprise Linux 5 (PV)                                                              | ACTIVE |                                      |
| 1673126e-4f9d-486e-8bde-190cf7564211 | Red Hat Enterprise Linux 6 (PV)                                                              | ACTIVE |                                      |
| 677c4e59-fd0e-4f11-a330-8c25750e2ad7 | Red Hat Enterprise Linux 6 (PVHVM)                                                           | ACTIVE |                                      |
| 58bd5138-5802-4d00-8a81-c7b984cce2a8 | Red Hat Enterprise Linux 7 (PVHVM)                                                           | ACTIVE |                                      |
| 940b324e-79b7-4918-aaaa-66e57de4c6ea | Scientific Linux 6 (PVHVM)                                                                   | ACTIVE |                                      |
| e8decd12-791c-442b-a611-5d28e0af754b | Scientific Linux 7 (PVHVM)                                                                   | ACTIVE |                                      |
| 1780212e-3e67-4fc4-bddb-31deaeb90101 | Ubuntu 10.04 LTS (Lucid Lynx) (PV)                                                           | ACTIVE |                                      |
| 71893ec7-b625-44a5-b333-ca19885b941d | Ubuntu 12.04 LTS (Precise Pangolin) (PV)                                                     | ACTIVE |                                      |
| 1126e296-0423-46ce-b711-2701d89bf8a9 | Ubuntu 12.04 LTS (Precise Pangolin) (PVHVM)                                                  | ACTIVE |                                      |
| 28d39e78-a41c-4fd2-80b4-dc960c055074 | Ubuntu 14.04 LTS (Trusty Tahr) (PV)                                                          | ACTIVE |                                      |
| a1558fdc-3182-4a0f-b48a-aa900a5826c3 | Ubuntu 14.04 LTS (Trusty Tahr) (PVHVM)                                                       | ACTIVE |                                      |
| 3beb44aa-a77b-48eb-be56-ccccb38a6f3f | Ubuntu 14.10 (Utopic Unicorn) (PV)                                                           | ACTIVE |                                      |
| 5e919b80-e803-45bf-a66f-73fcdc3b8de2 | Ubuntu 14.10 (Utopic Unicorn) (PVHVM)                                                        | ACTIVE |                                      |
| ab66cb4a-ff11-4c5d-b08c-b3c134654bca | Vyatta Network OS 6.7R4                                                                      | ACTIVE |                                      |
| de700a1a-d13f-4ef9-a055-9b6f09c2875c | Windows Server 2008 R2 SP1                                                                   | ACTIVE |                                      |
| f46e9237-9971-44b1-b92f-3a5a03592d3e | Windows Server 2008 R2 SP1 (base install without updates)                                    | ACTIVE |                                      |
| 50854a1d-d130-4083-ac69-a75616dcf21e | Windows Server 2008 R2 SP1 + SQL Server 2008 R2 SP2 Standard                                 | ACTIVE |                                      |
| 6e290727-d5c3-4286-8a91-82a84f69f120 | Windows Server 2008 R2 SP1 + SQL Server 2008 R2 SP2 Web                                      | ACTIVE |                                      |
| b41c2705-f820-4b6f-8d32-d04b5f57a4f7 | Windows Server 2008 R2 SP1 + SQL Server 2012 SP1 Standard                                    | ACTIVE |                                      |
| c6301f02-1388-4a4a-ba7c-b52e1bff7813 | Windows Server 2008 R2 SP1 + SQL Server 2012 SP1 Web                                         | ACTIVE |                                      |
| b28d7079-c4e8-41cf-94ce-9c4b57cf6f23 | Windows Server 2008 R2 SP1 + SharePoint 2010 Foundation with SQL Server 2008 R2 Express      | ACTIVE |                                      |
| 959aee20-e0b8-42a7-9201-10057c2b7e05 | Windows Server 2008 R2 SP1 + SharePoint 2010 Foundation with SQL Server 2008 R2 SP1 Standard | ACTIVE |                                      |
| 78cc6fbe-ad59-4324-8712-5dd191cb6a5c | Windows Server 2012                                                                          | ACTIVE |                                      |
| c81a65a3-8217-4520-96de-1d9313ae3094 | Windows Server 2012 (base install without updates)                                           | ACTIVE |                                      |
| 25f64fd5-4d61-4d4a-8cdb-801de7d9d99b | Windows Server 2012 + SQL Server 2012 SP1 Standard                                           | ACTIVE |                                      |
| 06f917b0-9c0f-4634-8190-e43630bb3468 | Windows Server 2012 + SQL Server 2012 SP1 Web                                                | ACTIVE |                                      |
| d69d55ef-cb4c-4787-9f1b-2de41ecac9a1 | Windows Server 2012 + SharePoint 2013 with SQL Server 2012 SP1 Standard                      | ACTIVE |                                      |
| 66555a30-c336-47d9-aaee-08b4390c889d | Windows Server 2012 R2                                                                       | ACTIVE |                                      |
| fe486888-6890-47ac-a02d-b740868f143b | Windows Server 2012 R2 (base install without updates)                                        | ACTIVE |                                      |
| aec8fde6-1ba8-419d-a36c-8051e0d527f7 | Windows Server 2012 R2 + SQL Server 2014 Standard                                            | ACTIVE |                                      |
| e7c596c6-7049-4d00-94e7-c735d3b9f976 | Windows Server 2012 R2 + SQL Server 2014 Web                                                 | ACTIVE |                                      |
| 9aa0d346-c06f-4652-bbb1-4342a7d2d017 | iPXE Boot (boot.rackspace.com)                                                               | ACTIVE |                                      |
+--------------------------------------+----------------------------------------------------------------------------------------------+--------+--------------------------------------+

In this example I’m going with Ubuntu 14.04 Long Term Support (LTS). You might want to make a note of the image ID you intend to use.

Obviously using a Windows or Red Hat image has cost implications.

+--------------------------------------+----------------------------------------------------------------------------------------------+--------+--------------------------------------+
| ID                                   | Name                                                                                         | Status | Server                               |
+--------------------------------------+----------------------------------------------------------------------------------------------+--------+--------------------------------------+
| a1558fdc-3182-4a0f-b48a-aa900a5826c3 | Ubuntu 14.04 LTS (Trusty Tahr) (PVHVM)                                                       | ACTIVE |                                      |
+--------------------------------------+----------------------------------------------------------------------------------------------+--------+--------------------------------------+

Choose a Flavour

You also need to decide what kind of virtual server you need. Obviously this has cost implications too.

$ nova flavor-list
+------------------+-------------------------+-----------+------+-----------+------+-------+-------------+-----------+
| ID               | Name                    | Memory_MB | Disk | Ephemeral | Swap | VCPUs | RXTX_Factor | Is_Public |
+------------------+-------------------------+-----------+------+-----------+------+-------+-------------+-----------+
| 2                | 512MB Standard Instance | 512       | 20   | 0         | 512  | 1     | 80.0        | N/A       |
| 3                | 1GB Standard Instance   | 1024      | 40   | 0         | 1024 | 1     | 120.0       | N/A       |
| 4                | 2GB Standard Instance   | 2048      | 80   | 0         | 2048 | 2     | 240.0       | N/A       |
| 5                | 4GB Standard Instance   | 4096      | 160  | 0         | 2048 | 2     | 400.0       | N/A       |
| 6                | 8GB Standard Instance   | 8192      | 320  | 0         | 2048 | 4     | 600.0       | N/A       |
| 7                | 15GB Standard Instance  | 15360     | 620  | 0         | 2048 | 6     | 800.0       | N/A       |
| 8                | 30GB Standard Instance  | 30720     | 1200 | 0         | 2048 | 8     | 1200.0      | N/A       |
| general1-1       | 1 GB General Purpose v1 | 1024      | 20   | 0         |      | 1     | 200.0       | N/A       |
| general1-2       | 2 GB General Purpose v1 | 2048      | 40   | 0         |      | 2     | 400.0       | N/A       |
| general1-4       | 4 GB General Purpose v1 | 4096      | 80   | 0         |      | 4     | 800.0       | N/A       |
| general1-8       | 8 GB General Purpose v1 | 8192      | 160  | 0         |      | 8     | 1600.0      | N/A       |
| io1-120          | 120 GB I/O v1           | 122880    | 40   | 1200      |      | 32    | 10000.0     | N/A       |
| io1-15           | 15 GB I/O v1            | 15360     | 40   | 150       |      | 4     | 1250.0      | N/A       |
| io1-30           | 30 GB I/O v1            | 30720     | 40   | 300       |      | 8     | 2500.0      | N/A       |
| io1-60           | 60 GB I/O v1            | 61440     | 40   | 600       |      | 16    | 5000.0      | N/A       |
| io1-90           | 90 GB I/O v1            | 92160     | 40   | 900       |      | 24    | 7500.0      | N/A       |
| performance1-1   | 1 GB Performance        | 1024      | 20   | 0         |      | 1     | 200.0       | N/A       |
| performance1-2   | 2 GB Performance        | 2048      | 40   | 20        |      | 2     | 400.0       | N/A       |
| performance1-4   | 4 GB Performance        | 4096      | 40   | 40        |      | 4     | 800.0       | N/A       |
| performance1-8   | 8 GB Performance        | 8192      | 40   | 80        |      | 8     | 1600.0      | N/A       |
| performance2-120 | 120 GB Performance      | 122880    | 40   | 1200      |      | 32    | 10000.0     | N/A       |
| performance2-15  | 15 GB Performance       | 15360     | 40   | 150       |      | 4     | 1250.0      | N/A       |
| performance2-30  | 30 GB Performance       | 30720     | 40   | 300       |      | 8     | 2500.0      | N/A       |
| performance2-60  | 60 GB Performance       | 61440     | 40   | 600       |      | 16    | 5000.0      | N/A       |
| performance2-90  | 90 GB Performance       | 92160     | 40   | 900       |      | 24    | 7500.0      | N/A       |
+------------------+-------------------------+-----------+------+-----------+------+-------+-------------+-----------+

Here I’m going for the 512MB Standard Instance. Note, the image ID here is 2.

+------------------+-------------------------+-----------+------+-----------+------+-------+-------------+-----------+
| ID               | Name                    | Memory_MB | Disk | Ephemeral | Swap | VCPUs | RXTX_Factor | Is_Public |
+------------------+-------------------------+-----------+------+-----------+------+-------+-------------+-----------+
| 2                | 512MB Standard Instance | 512       | 20   | 0         | 512  | 1     | 80.0        | N/A       |
+------------------+-------------------------+-----------+------+-----------+------+-------+-------------+-----------+

Spin-up the Server

To create a server, you use nova’s boot command with the following arguments.

nova boot --flavor <Flavor ID> --image <Image ID> <Server Name>

For example, to create a server using my image and flavour selections above, called “DummyDomains”, use the command below.

$ nova boot --flavor 2 --image a1558fdc-3182-4a0f-b48a-aa900a5826c3 DummyDomains
+--------------------------------------+-------------------------------------------------------------------------------+
| Property                             | Value                                                                         |
+--------------------------------------+-------------------------------------------------------------------------------+
| OS-DCF:diskConfig                    | MANUAL                                                                        |
| OS-EXT-STS:power_state               | 0                                                                             |
| OS-EXT-STS:task_state                | -                                                                             |
| OS-EXT-STS:vm_state                  | building                                                                      |
| RAX-PUBLIC-IP-ZONE-ID:publicIPZoneId | 41589a287f0d2417cf04cc3bdaeb992448f56708020de3b30dcd5558                      |
| accessIPv4                           |                                                                               |
| accessIPv6                           |                                                                               |
| adminPass                            | EPxHe8go3dC3                                                                  |
| flavor                               | 512MB Standard Instance (2)                                                   |
| id                                   | 128daa81-6f7e-44f8-bb8d-7a215b380535                                          |
| image                                | Ubuntu 14.04 LTS (Trusty Tahr) (PVHVM) (a1558fdc-3182-4a0f-b48a-aa900a5826c3) |
| metadata                             | {}                                                                            |
| name                                 | DummyDomains                                                                  |
| progress                             | 0                                                                             |
| status                               | BUILD                                                                         |
+--------------------------------------+-------------------------------------------------------------------------------+

You should see some output similar to the above. You can also see information about the new instance with the below command.

$ nova list --status build
+--------------------------------------+--------------+--------+------------+-------------+--------------------------------------------------------------------------------------+
| ID                                   | Name         | Status | Task State | Power State | Networks                                                                             |
+--------------------------------------+--------------+--------+------------+-------------+--------------------------------------------------------------------------------------+
| 128daa81-6f7e-44f8-bb8d-7a215b380535 | DummyDomains | BUILD  | spawning   | NOSTATE     | public=162.13.12.107, 2a00:1a48:7806:114:be76:4eff:fe08:1583; private=10.179.128.178 |
+--------------------------------------+--------------+--------+------------+-------------+--------------------------------------------------------------------------------------+

Snapshots

Snapshots are bootable and allow you to take a bit-for-bit image of your existing server. This allows you to delete a server and then at a later date, recreate it using a previously saved image. This is also a convenient ways to manage Virtual Machine upgrades.

Create Snapshot Image

You create a snapshot using nova’s image-create subcommand as shown below.

$ nova image-create DummyDomains DummyDomainsSnapshot

Delete a Saved Snapshot Image

You can delete a saved image with the image-delete subcommand.

$ nova image-delete DummyDomainsSnapshot

Delete a Cloud Server

Finally, you might well want to delete a cloud server. That can be achieved with.

$ nova delete DummyDomains
Request to delete server DummyDomains has been accepted.

Don’t forget you can always create a new server instance from an existing saving snapshot image. Just make sure you use the correct image ID.

Related Documents

Useful python-novaclient commands

WordPress Plugins for Code Snippets

If you’re looking to insert snippets of code into your WordPress site, you might find that the <code> and <pre> tags don’t quite cut the mustard. You could mess around with the CSS and stylise your tags. However the easiest solution is to simply find a nice plugin to use.

My main requirement is that it supports the languages I’m interested in, namely Java, Python and Bash. However, for readability, it is also import to me that long lines of code is sideways scrollable and does not wrap itself onto the next line. I tend not to use the “Visual” mode in WordPress, so I really only cared about “Text” mode support.

I found a lot of plugins but not all were suitable for one reason or another. Take these three, they have all not been updated in over two years. Not ideal!!

Before I noticed it was out-of-date and had not been tested with my version of WordPress, I installed and used SyntaxHighlighter for WordPress. To be fair, it met my requirements and seemed to work fine with version 4.1.1. However, I am not cool with using an out-of-date plugin, so I unistalled it.

The below plugin met my needs and looked really good. From the looks of the screen shots, it appears to let you stylise the <pre> and <code> tags from the web interface! Had it not been for the fact I could not be positive it supported the English language and there were zero ratings, I may have considered it more seriously.

Sadly these two plugins do not appear to support Bash.

That leaves me with these three.

In the end I went with SyntaxHighlighter Evolved as, like SyntaxHighlighter for WordPress, it is based on SyntaxHighlighter by Alex Gorbatchev. However, this plugin is updated regularly and looks good.

SyntaxHighlighter Evolved - Bash Example
Bash Example
SyntaxHighlighter Evolved - Java Example
Java Example

Related Documents

Writing Code in Your Posts
15+ List Of Top WordPress SyntaxHighlighter Plugin
Code »Posting Source Code

Install and Configure fail2ban on CentOS 7

To install fail2ban on CentOS/RHEL 7, you first need to make sure you have the EPEL repository enabled. Then you can simply install it with yum as usual.

# yum install fail2ban

Configure fail2ban

You will need to create a file call jail.local. To do this, make a copy of jail.conf (do not edit this file), and edit that.

# cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
# vim /etc/fail2ban/jail.local

To enable fail2ban to work with SSH, make sure enabled=true is somewhere under the [sshd] section.

[sshd]
enabled = true

To make sure fail2ban is started and has picked up your changes, run the below.

# systemctl enable fail2ban.service
# systemctl restart fail2ban.service

Check Service

You should always check the service you have installed is working correctly. Fail2ban logs its messages to /var/log/fail2ban.log, so you can check its working by tailing the log file.

tail -f /var/log/fail2ban.log

You should hopefully see something like this if you watch it for long enough.

2015-02-21 16:39:34,644 fail2ban.filter         [4609]: INFO    [sshd] Found 115.230.126.151
2015-02-21 16:39:36,658 fail2ban.filter         [4609]: INFO    [sshd] Found 115.230.126.151
2015-02-21 16:39:39,671 fail2ban.filter         [4609]: INFO    [sshd] Found 115.230.126.151
2015-02-21 16:39:41,679 fail2ban.filter         [4609]: INFO    [sshd] Found 115.230.126.151
2015-02-21 16:39:45,694 fail2ban.filter         [4609]: INFO    [sshd] Found 115.230.126.151
2015-02-21 16:39:46,658 fail2ban.actions        [4609]: NOTICE  [sshd] Ban 115.230.126.151
2015-02-21 16:39:47,712 fail2ban.filter         [4609]: INFO    [sshd] Found 115.230.126.151

If your log file fills up with messages like the below, you will either have to create PTR record that matches your servers FQDN or disable fail2ban from using DNS.

...
2015-02-21 16:23:30,756 fail2ban.filter         [4609]: WARNING Determined IP using DNS Lookup: pc-cerc-249.upc.edu = ['147.83.135.249']
2015-02-21 16:23:30,771 fail2ban.filter         [4609]: WARNING Determined IP using DNS Lookup: pc-cerc-249.upc.edu = ['147.83.135.249']
2015-02-21 16:23:30,784 fail2ban.filter         [4609]: WARNING Determined IP using DNS Lookup: pc-cerc-249.upc.edu = ['147.83.135.249']
2015-02-21 16:23:30,823 fail2ban.filter         [4609]: WARNING Determined IP using DNS Lookup: pc-cerc-249.upc.edu = ['147.83.135.249']
2015-02-21 16:23:30,836 fail2ban.filter         [4609]: WARNING Determined IP using DNS Lookup: pc-cerc-249.upc.edu = ['147.83.135.249']
2015-02-21 16:23:30,980 fail2ban.filter         [4609]: WARNING Determined IP using DNS Lookup: pc-cerc-249.upc.edu = ['147.83.135.249']
2015-02-21 16:23:30,993 fail2ban.filter         [4609]: WARNING Determined IP using DNS Lookup: pc-cerc-249.upc.edu = ['147.83.135.249']
2015-02-21 16:23:31,888 fail2ban.filter         [4609]: WARNING Determined IP using DNS Lookup: pc-cerc-249.upc.edu = ['147.83.135.249']
2015-02-21 16:23:31,934 fail2ban.filter         [4609]: WARNING Determined IP using DNS Lookup: pc-cerc-249.upc.edu = ['147.83.135.249']
...

I resolved this issue by creating a PTR. However, the alternative is to make sure fail2ban does not use DNS:

# vim /etc/fail2ban/jail.local

Make sure the usedns = no is present within the [DEFAULT] section.

[DEFAULT]
usedns = no

And as usual, restart the service.

# systemctl restart fail2ban.service

Related Documents

How to Install Fail2Ban on CentOS
fail2ban on CentOS 7 for ssh access
Hostnames or IP Addresses

Repodata is over 2 weeks old

In Red Hat 7 / CentOS 7, you may need to clear your repository cache if you see the below message when using yum.

Repodata is over 2 weeks old. Install yum-cron? Or run: yum makecache fast

To clear your cache simply run the below.

[root@bashful ~]# yum clean all
Loaded plugins: fastestmirror, langpacks
Repodata is over 2 weeks old. Install yum-cron? Or run: yum makecache fast
Cleaning repos: base epel extras updates
Cleaning up everything
Cleaning up list of fastest mirrors
[root@bashful ~]# 

Securing an SSH Server

Nobody likes to log into their server and see this!

[andy@bashful ~]$ ssh root@ssh.dummydomains.org.uk
Last failed login: Sun Feb  8 16:31:28 UTC 2015 from 218.65.30.73 on ssh:notty
There were 31673 failed login attempts since the last successful login.
Last login: Tue Feb  3 19:26:42 2015
[root@bashful ~]# 

Over 31,00 failed root login attempts in just a few days!!

Disable Root Logins

By default (on my system atleast), root logins are enabled. Before you disable root logins, make sure you have setup a regular user and can successfully login with that user using either a strong password or key-based authentication.

[root@bashful ~]# vim /etc/ssh/sshd_config

To change the default setting, search for the following and remove the comment….

#PermitRootLogin yes

…and change the value to no like so.

PermitRootLogin no

Don’t forget to restart SSH.

[root@bashful ~]# systemctl restart sshd.service

Lock-down SSH by User

Add each user that is allowed to login using SSH to the AllowUsers list.

[root@bashful ~]# vim /etc/ssh/sshd_config

Add the AllowUsers directive followed by a list of users.

AllowUsers andy james phil sally sarah harry

Again, you need to restart the service.

[root@bashful ~]# systemctl restart sshd.service

For additional security you could of course change the port to something other than the default TCP 22, but in this example, I simply don’t bother.

Related Documents

Disable or Enable SSH Root Login and Limit SSH Access in Linux

First Attempt at Searching for Failed SSH Logins

Nobody likes to log into their server to see there have been over 31,00 failed login attempts in a few days!!

[andy@bashful ~]$ ssh root@ssh.dummydomains.org.uk
Last failed login: Sun Feb  8 16:31:28 UTC 2015 from 218.65.30.73 on ssh:notty
There were 31673 failed login attempts since the last successful login.
Last login: Tue Feb  3 19:26:42 2015
[root@bashful ~]# 

I clearly need to make some improvements here! However first I want to record the number of failed login attempts so I can compare later, after my changes.

Failed SSH login attempts are logged in /var/log/secure. Here we use a number of commands to get the information we want.

First I want to see what date the log file starts from. We do this with the head command and just look at the top line.

[root@bashful ~]# head -n 1 /var/log/secure
Feb  1 04:55:13 bashful sshd[21542]: reverse mapping checking getaddrinfo for 147.4.161.222.adsl-pool.jlccptt.net.cn [222.161.4.147] failed - POSSIBLE BREAK-IN ATTEMPT!

Not too surprisingly it log upto the current date. Here we look at the last line.

[root@bashful ~]# tail -n 1 /var/log/secure
Feb  8 17:53:11 bashful sshd[1748]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.239.228.14  user=root

You can use the less command of course to view the whole file if you wish. From within less, you can use the “Home” and “End” keys to jump from the top of the file to the bottom.

[root@bashful ~]# less /var/log/secure

Another useful tip – to search forward for a particular word, use the forward slash (/) symbol followed by the search pattern. For example, to search for “failed” within less:

...
Feb  1 07:58:01 bashful sshd[25940]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Feb  1 07:58:04 bashful sshd[25940]: Failed password for root from 122.225.103.124 port 3842 ssh2
Feb  1 07:58:04 bashful unix_chkpwd[25948]: password check failed for user (root)
/failed

You can also search, up the way, using the question mark symbol (?) followed by the search string.

Next you might want to see how many failed login attempt there were in just one given day. Here we use grep strip out everything other than the day we are interesting in. Here we pipe it into less because there may be a lot of results.

[root@bashful ~]# grep "Feb  8" /var/log/secure | less

Now we want to search for the failed number of root login attempts. Here we use “-i” to ignore the case. Again we pipe into less to check.

[root@bashful ~]# grep "Feb  8" /var/log/secure | grep -i "failed password for root" | less

It makes sense to count the number of lines to see how many failed attempts there have been. We do this with the wc command giving it the “-l” argument to count the lines.

[root@bast ~]# grep "Feb  8" /var/log/secure | grep -i "failed password for root" | wc -l
5269

You might also want to see what other usernames, (other than root) were tried. The “-v” option does just that. The do need to adjust the second grep search pattern to include all login attempts – “failed password for”.

[root@bashful ~]# grep "Feb  8" /var/log/secure | grep -i "failed password for" | grep -v "root"
Feb  8 06:33:43 bashful sshd[12070]: Failed password for invalid user ubnt from 213.182.43.222 port 5461 ssh2
Feb  8 06:33:47 bashful sshd[12074]: Failed password for invalid user admin from 213.182.43.222 port 5680 ssh2
Feb  8 06:33:54 bashful sshd[12079]: Failed password for invalid user guest from 213.182.43.222 port 6203 ssh2
Feb  8 06:33:58 bashful sshd[12081]: Failed password for invalid user admin from 213.182.43.222 port 6487 ssh2
Feb  8 06:34:02 bashful sshd[12083]: Failed password for invalid user support from 213.182.43.222 port 6709 ssh2
Feb  8 06:34:06 bashful sshd[12085]: Failed password for invalid user test from 213.182.43.222 port 6960 ssh2
Feb  8 06:34:09 bashful sshd[12117]: Failed password for invalid user user from 213.182.43.222 port 7189 ssh2
Feb  8 08:11:34 bashful sshd[14988]: Failed password for invalid user support from 62.4.9.24 port 60782 ssh2
Feb  8 08:11:37 bashful sshd[14991]: Failed password for invalid user admin from 62.4.9.24 port 53004 ssh2
Feb  8 08:12:46 bashful sshd[15033]: Failed password for invalid user ftpuser from 62.4.9.24 port 52349 ssh2
Feb  8 08:13:24 bashful sshd[15055]: Failed password for ftp from 62.4.9.24 port 50704 ssh2
Feb  8 08:13:28 bashful sshd[15058]: Failed password for invalid user admIndian from 62.4.9.24 port 57960 ssh2
Feb  8 08:13:45 bashful sshd[15063]: Failed password for invalid user webmaster from 62.4.9.24 port 58351 ssh2
Feb  8 08:13:58 bashful sshd[15065]: Failed password for invalid user sales from 62.4.9.24 port 51314 ssh2
Feb  8 08:14:10 bashful sshd[15097]: Failed password for invalid user demo from 62.4.9.24 port 53511 ssh2
Feb  8 17:26:41 bashful sshd[407]: Failed password for invalid user paras from 61.132.161.130 port 54894 ssh2
Feb  8 17:26:51 bashful sshd[421]: Failed password for invalid user nan from 61.132.161.130 port 57520 ssh2
Feb  8 17:27:02 bashful sshd[439]: Failed password for invalid user r00t from 61.132.161.130 port 60222 ssh2
Feb  8 17:27:07 bashful sshd[445]: Failed password for invalid user payment from 61.132.161.130 port 33047 ssh2
Feb  8 17:27:17 bashful sshd[461]: Failed password for invalid user xVIRal from 61.132.161.130 port 35380 ssh2
Feb  8 17:27:23 bashful sshd[473]: Failed password for invalid user nan from 61.132.161.130 port 36682 ssh2
[root@bashful ~]# 

For now I am more worried about my root user and want to see how many failed root login attempt there were for each day in the log file, which in this example is the 1st to the 8th of February. We do this by using the same command as before but sticking it in a loop. So the command is:

grep "Feb  8" /var/log/secure | grep -i "failed password for root" | less

But we can put this in a loop like so.

[root@bashful ~]# for i in $(seq 1 8); do grep "Feb  $i" /var/log/secure | grep -i "failed password for root" | wc -l; done
515
388
14042
6815
3536
4307
9200
5269

And just for clarity we add a message on each day using the echo command.

[root@bashful ~]# for i in $(seq 1 8); do echo "Failed root login attempts on Feb $i:"; grep "Feb  $i" /var/log/secure | grep -i "failed password for root" | wc -l; done
Failed root login attempts on Feb 1:
515
Failed root login attempts on Feb 2:
388
Failed root login attempts on Feb 3:
14042
Failed root login attempts on Feb 4:
6815
Failed root login attempts on Feb 5:
3536
Failed root login attempts on Feb 6:
4307
Failed root login attempts on Feb 7:
9200
Failed root login attempts on Feb 8:
5269
[root@bashful ~]# 

Now I need to secure my server!!….but that’s another post folks!

Using HelloWorld to Test a JDK Installation

To test that your Java Development Kit (JDK) is installed correctly, you need to write a simple Java program, compile it, and run the compiled bytecode.

[andy@home-pc ~]$ mkdir ~/java-demos
[andy@home-pc ~]$ cd ~/java-demos
[andy@home-pc java-demos]$ vim HelloWorld.java

A simple Java HelloWorld example looks like this.

class HelloWorld {
    public static void main(String[] args) {
        System.out.println("\nThe Java Development Kit (JDK) is installed and working!!\n");
    }
}

You compile Java code with the javac command, and then run the resulting file with the java command.

$ ls
HelloWorld.java
$ javac HelloWorld.java
$ ls
HelloWorld.class
HelloWorld.java
$ java HelloWorld

The Java Development Kit (JDK) is installed and working!!

$ 

You should note that although the resulting Java bytecode is a file called HelloWorld.class, you run the program without any file extension.

You could take this a step further and write some code that returns some Java system properties about the current installation.

$ ls
HelloWorld.class
HelloWorld.java
$ cp -v HelloWorld.java JDKInstallationTest.java

The below code makes use of the getProperties() method, of the System import java.util.Map; class JDKInstallationTest { public static void main(String[] args) { System.out.println("\nThe " + System.getProperty("java.vendor") + " Java version " + System.getProperty("java.version") + " is installed on this system.\n"); // Print a list of Java properties System.out.println("Java Properties:"); for(Map.Entry e : System.getProperties().entrySet()) { if (((String)e.getKey()).startsWith("java")) { System.out.println(e); } } System.out.println(); } } Again, run it like so. [bash] $ ls HelloWorld.class HelloWorld.java JDKInstallationTest.java $ javac JDKInstallationTest.java $ ls HelloWorld.class HelloWorld.java JDKInstallationTest.class JDKInstallationTest.java $ java JDKInstallationTest [/bash] The output will look something like this.

The Oracle Corporation Java version 1.8.0_31 is installed on this system.

Java Properties:
java.runtime.name=Java(TM) SE Runtime Environment
java.vm.version=25.31-b07
java.vm.vendor=Oracle Corporation
java.vendor.url=http://java.oracle.com/
java.vm.name=Java HotSpot(TM) 64-Bit Server VM
java.vm.specification.name=Java Virtual Machine Specification
java.runtime.version=1.8.0_31-b13
java.awt.graphicsenv=sun.awt.X11GraphicsEnvironment
java.endorsed.dirs=/usr/lib/jvm/java-8-jdk/jre/lib/endorsed
java.io.tmpdir=/tmp
java.vm.specification.vendor=Oracle Corporation
java.library.path=/usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib
java.specification.name=Java Platform API Specification
java.class.version=52.0
java.awt.printerjob=sun.print.PSPrinterJob
java.specification.version=1.8
java.class.path=.
java.vm.specification.version=1.8
java.home=/usr/lib/jvm/java-8-jdk/jre
java.specification.vendor=Oracle Corporation
java.vm.info=mixed mode
java.version=1.8.0_31
java.ext.dirs=/usr/lib/jvm/java-8-jdk/jre/lib/ext:/usr/java/packages/lib/ext
java.vendor=Oracle Corporation
java.vendor.url.bug=http://bugreport.sun.com/bugreport/

$ 
You can then delete the .class files if you wish, leaving only the source (.java) files.

$ ls
HelloWorld.class
HelloWorld.java
JDKInstallationTest.class
JDKInstallationTest.java
$ rm -v ./*.class
removed ‘./HelloWorld.class’
removed ‘./JDKInstallationTest.class’
$ ls
HelloWorld.java
JDKInstallationTest.java
$ 

Related Documents

Lesson: A Closer Look at the “Hello World!” Application

Programmatically getting Version number of Java and Flash using C, C++, or Java

Getting Started with the Rackspace Nova Client

You will need to export some environment variables used by the Nova client.

$ vim ~/.bash.profile

If you have a UK-based Rackspace cloud account, you will need to enter something like this:

OS_USERNAME=username
OS_TENANT_NAME=accountnumber
OS_AUTH_SYSTEM=rackspace
OS_PASSWORD=apikey
OS_AUTH_URL=https://lon.identity.api.rackspacecloud.com/v2.0/
OS_REGION_NAME=LON
OS_NO_CACHE=1
export OS_USERNAME OS_TENANT_NAME OS_AUTH_SYSTEM OS_PASSWORD OS_AUTH_URL OS_REGION_NAME OS_NO_CACHE

…And if you have a US, Hong Kong and Sydney (based) account:

OS_USERNAME=username
OS_TENANT_NAME=accountnumber
OS_AUTH_SYSTEM=rackspace
OS_PASSWORD=apikey
OS_AUTH_URL=https://lon.identity.api.rackspacecloud.com/v2.0/
OS_REGION_NAME=LON
OS_NO_CACHE=1
export OS_USERNAME OS_TENANT_NAME OS_AUTH_SYSTEM OS_PASSWORD OS_AUTH_URL OS_REGION_NAME OS_NO_CACHE

Because we have our password in a plain text file, it is recommended that we at least lock down the permissions so no other system users can see it:

$ chmod 600 ~/.bash_profile

Don’t forget that whenever you make changes to your bash profile that you need to run the below command first for the changes to take affect on your current users (without logging out/in of course).

$ source ~/.bash_profile

Check the command works by running something like:

$ nova image-list

Related Documents

Installing python-novaclient on Linux and Mac OS

Step 2. Install the nova Client with the Cloud Networks Extension

Installing the Rackspace Nova Client on CentOS 7

Installing the Rackspace Nova client should just be as simple as installing the below packages.

$ sudo yum install python-setuptools
$ sudo easy_install pip
$ sudo pip install rackspace-novaclient

However, you will first need to make sure you have the development tools or the installation will fail with messages about not being able to find the GCC compiler.

sudo yum group install "Development Tools"