Clam Anti Virus on Arch Linux

Install Clam with:

sudo pacman -Sy clamav

To update the virus definitions, run:

sudo freshclam

You will also need to start and enable the clamam-freshclam.service to get the latest definitions at boot.

sudo systemctl enable --now clamav-freshclam.service

Make sure you have already run sudo freshclam before starting and enabling the clamav-daemon. If not, stop it and run.

sudo systemctl enable --now clamav-daemon.service

It is recommended to add the additional signatures from the AUR package, clamav-unofficial-sigs:

yaourt -Sy clamav-unofficial-sigs

Make sure the below is uncommented:

[andy@work-pc ~]$ grep user_configuration_complete /etc/clamav-unofficial-sigs/user.conf
user_configuration_complete="yes"

Then to install and enable these unofficial signatures:

sudo clamav-unofficial-sigs.sh --install-all

To update the unofficial signatures, run:

sudo clamav-unofficial-sigs.sh

Lastly, scan for viruses:

mkdir ~/clamav-scan-results/
clamscan --recursive --infected --exclude-dir='^/sys|^/dev|^/proc|^/var/lib/clamav' --max-filesize=4000M --max-scansize=4000M / -l ~/clamav-scan-results/201803261436

Apache not Logging Correct IP when behind Incapsula WAF

Incapsula is a great resource to help protect your web site from unwanted traffic and attacks. It is a cloud-based application delivery platform, providing among other things:

  • Content Delivery Network (CDN)
  • Distributed Denial of Service (DDoS) Mitigation
  • Web Application Firewall (WAF)

Incapsula acts as a proxy, sitting in front of the nodes its protecting. The DNS points to Incapsula which hides the IP address to your site.  Incapsula analyses the traffic and removes any unwanted requests before passing it on to the web node.

As with any proxy-based system, the proxy rewrites the the X-Forwarded-For header information with the originating IP address.  However, Apache needs to be configured to use the header information.

Enable X-Forwarded-For

To enable X-Forwarded-For, open the main Apache configuration file and find the section that defines the LogFormat:

LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

Then add the following additional line:

LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy

Lastly edit the configuration file for your virtual host:

# vim /etc/apache2/sites-enabled/pikedom.com.conf

Then comment out the existing CustomLog, combined in my example:

#CustomLog /var/www/pikedom.com/pikedom-access.log combined

And add a new entry for the CustomLog we created, proxy:

CustomLog /var/www/pikedom.com/pikedom-access.log proxy

Check Apache configuration for errors:

# apachectl -t

If none, restart Apache:

# service apache2 restart

To confirm X-Forward-For is working, first confirm what your public IP address is:

[andy@home-pc ~]$ curl -4 icanhazip.com
180.112.113.2

Then tail the access log and grep for your IP while visiting the site:

root@webhost1:~# tailf /var/www/pikedom.com/pikedom.com-access.log | grep 180.112.113.2
180.112.113.2 - - [26/Mar/2018:10:39:02 +0100] "GET / HTTP/1.1" 301 325 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:59.0) Gecko/20100101 Firefox/59.0"
180.112.113.2 - - [26/Mar/2018:10:39:02 +0100] "GET / HTTP/1.1" 200 17576 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:59.0) Gecko/20100101 Firefox/59.0"
180.112.113.2 - - [26/Mar/2018:10:39:03 +0100] "GET /skin/frontend/pikedom/default/favicon.ico HTTP/1.1" 200 1243 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:59.0) Gecko/20100101 Firefox/59.0"
^C
root@webhost1:~#

Job done!

MS SQL Maintenance Plan not Deleting Previous Backups

I don’t normally include Windows related stuff here because…….well…..its Windows! But this one irritated me so much, I thought I’d share in case anyone else was experiencing this problem.

So I’m using SQL server 2012 to backup all my databases. I have a daily backup running every night at midnight. I also have a maintenance plan in place to delete backups older than 3 days. The backup has been working fine but the problem that the maintenance plan was not deleting any old backups. Frustratingly there was not much to go on in the logs.

Below are my successful settings.

Backup Plan
Backup Plan
Maintenance Plan
Maintenance Plan

The important part here was to make sure the verify backup integrity was ticked!