Initial Commit

2024-06-17 08:36:52 -05:00 · 2024-06-17 08:36:52 -05:00 · ef7c97c12b
commit ef7c97c12b
parent ccb1f8643c
2 changed files with 124 additions and 0 deletions
--- a/Pages/badblocks.html
+++ b/Pages/badblocks.html
@ -0,0 +1,34 @@
 badblocks is a command-line utility used to search for and identify bad blocks on a storage device, such as a hard disk drive (HDD) or a solid-state drive (SSD). Bad blocks refer to sections of a storage device that are no longer reliable or functioning properly. When data is written to or read from these blocks, errors can occur, leading to data corruption or loss.
 The primary purpose of badblocks is to help users detect and isolate problematic areas on a storage device. By scanning the device, badblocks can identify and report any bad blocks it encounters. This information can be crucial in determining the health and reliability of the storage device.
 However, it is important to note that some usages of badblocks can have destructive consequences. For instance, the utility has options that allow for the erasure of data on a disk, including the partition table. These options should be used with caution, as they can lead to the complete loss of data stored on the device.
 The destructive actions of badblocks are typically employed in specific scenarios, such as preparing a disk for secure erasure or identifying and isolating all bad blocks on a storage device by triggering a write-read test on the entire disk surface. These actions are intended for advanced users who have a thorough understanding of the potential consequences and who have taken appropriate measures to back up their data.
 When using badblocks, it is crucial to carefully review the available options and ensure that the desired operation is selected. Additionally, it is recommended to back up any important data before performing any destructive actions, as there is a risk of irreversible data loss.
 Example badblocks commands
 1. Search a disk for bad blocks by using a non-destructive read-only test:
 # badblocks -v /dev/sd<X> -s
 2. Search an unmounted disk for bad blocks with a non-destructive read-write test:
 # badblocks -n /dev/sdX
 3. Search an unmounted disk for bad blocks with a destructive write test:
 # badblocks -w /dev/sdX
 4. Search an unmounted disk for bad blocks with a destructive write test and show verbose status:
 # badblocks -svw /dev/sdX
 5. Search an unmounted disk in destructive mode and output found blocks to a file:
 # badblocks -o /path/to/file -w /dev/sdX
 6. Search an unmounted disk in destructive mode with improved speed using 4K block size and 64K block count:
 # badblocks -w -b 4096 -c 65536 /dev/sdX
 Summary
 In summary, badblocks is a command-line utility used to search for and identify bad blocks on a storage device. It can help users determine the health and reliability of the device by detecting and reporting any problematic areas. However, certain usages of badblocks can result in the destruction of data on a disk, including the partition table, so it is important to exercise caution and thoroughly understand the potential consequences before utilizing these features.
--- a/Pages/ufw-blocklist.html
+++ b/Pages/ufw-blocklist.html
@ -0,0 +1,90 @@
 ufw-blocklist
 Add an IP blocklist to ufw, the uncomplicated Ubuntu firewall
 integrates into ufw for pure Ubuntu
 blocks inbound, outbound and forwarding packets
 uses Linux ipsets for kernel-grade performance
 the IP blocklist is refreshed daily
 the IP blocklist is sourced from IPsum
 ufw-blocklist is tested on:
 Armbian 22.05.3 Focal (based on Ubuntu 20.04.4 LTS (Focal Fossa))
 Ubuntu 22.04 LTS (Jammy Jellyfish)
 This blocklist is very successful at dropping a lot of uninvited traffic. It has been intentionally designed to be very light on resource requirements and zero maintenance as the initial target platform was a single-board computer operating as a home internet gateway. After the initial installation, there are no further writes to the storage system to preserve solid state storage. I would now highly recommend it for any Ubuntu host that has a public IP address or is otherwise exposed directly to the internet, for example, by port forwarding.
 Installation
 Install the ipset package
 sudo apt install ipset
 Backup the original ufw after.init example script
 sudo cp /etc/ufw/after.init /etc/ufw/after.init.orig
 Install the ufw-blocklist files
 git clone https://github.com/poddmo/ufw-blocklist.git
 cd ufw-blocklist
 sudo cp after.init /etc/ufw/after.init
 sudo cp ufw-blocklist-ipsum /etc/cron.daily/ufw-blocklist-ipsum
 sudo chown root.root /etc/ufw/after.init /etc/cron.daily/ufw-blocklist-ipsum
 sudo chmod 750 /etc/ufw/after.init /etc/cron.daily/ufw-blocklist-ipsum
 Download an initial IP blocklist from IPsum
 curl -sS -f --compressed -o ipsum.4.txt 'https://raw.githubusercontent.com/stamparm/ipsum/master/levels/4.txt'
 sudo chmod 640 ipsum.4.txt
 sudo cp ipsum.4.txt /etc/ipsum.4.txt
 Start ufw-blocklist
 sudo /etc/ufw/after.init start
 It takes time to load the blocklist entries into the ipset. Watch the progress with
 sudo ipset list ufw-blocklist-ipsum -terse | grep 'Number of entries'
 Usage
 The blocklist is automatically started and stopped by ufw using the enable, disable and reload options. See the Ubuntu UFW wiki page for help getting started with ufw.
 There are 2 additional after.init commands available: status and flush-all
 The status option shows the count of entries in the blocklist, the hit count of packets that have been blocked and the last 10 log entries. The status option is further explained in the Status section below.
 The flush-all option deletes all entries in the blocklist and zeros the iptables hit counters:
 sudo /etc/ufw/after.init flush-all
 From this state you can manually add IP addresses to the list like this:
 sudo ipset add ufw-blocklist-ipsum a.b.c.d
 This is useful for testing. Use /etc/cron.daily/ufw-blocklist-ipsum to download the latest list and fully restore the blocklist.
 Status
 Calling after.init with the status option displays the current count of the entries in the blocklist, the hit counts on the firewall rules (column 1 is hits, column 2 is bytes) and the last 10 log messages. Here is a sample output:
 user@ubunturouter:~# sudo /etc/ufw/after.init status
 Name: ufw-blocklist-ipsum
 Type: hash:net
 Revision: 6
 Header: family inet hashsize 4096 maxelem 65536
 Size in memory: 357312
 References: 3
 Number of entries: 12789
   76998  4403836 ufw-blocklist-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set ufw-blocklist-ipsum src
       4      160 ufw-blocklist-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set ufw-blocklist-ipsum dst
      11      868 ufw-blocklist-output  all  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set ufw-blocklist-ipsum dst
 Sep 24 06:25:01 ubunturouter ufw-blocklist-ipsum[535172]: starting update of ufw-blocklist-ipsum with 12654 entries from https://raw.githubusercontent.com/stamparm/ipsum/master/levels/3.txt
 Sep 24 06:26:02 ubunturouter ufw-blocklist-ipsum[547387]: finished updating ufw-blocklist-ipsum. Old entry count: 12654 New count: 12181 of 12181
 Sep 24 22:23:21 ubunturouter kernel: [UFW BLOCKLIST FORWARD] IN=eth1 OUT=ppp0 MAC=11:22:33:44:55:66:77:88:99:00:aa:bb:cc:dd SRC=192.168.1.11 DST=194.165.16.37 LEN=40 TOS=0x00 PREC=0x00 TTL=62 ID=0 DF PROTO=TCP SPT=51413 DPT=65058 WINDOW=0 RES=0x00 ACK RST URGP=0
 Sep 25 06:25:02 ubunturouter ufw-blocklist-ipsum[598717]: starting update of ufw-blocklist-ipsum with 12181 entries from https://raw.githubusercontent.com/stamparm/ipsum/master/levels/3.txt
 Sep 25 06:26:07 ubunturouter ufw-blocklist-ipsum[611761]: finished updating ufw-blocklist-ipsum. Old entry count: 12181 New count: 13008 of 13008
 Sep 25 21:19:42 ubunturouter kernel: [UFW BLOCKLIST FORWARD] IN=eth1 OUT=ppp0 MAC=11:22:33:44:55:66:77:88:99:00:aa:bb:cc:dd SRC=192.168.1.11 DST=45.227.254.8 LEN=40 TOS=0x00 PREC=0x00 TTL=62 ID=0 DF PROTO=TCP SPT=51413 DPT=65469 WINDOW=0 RES=0x00 ACK RST URGP=0
 Sep 25 21:19:45 ubunturouter kernel: [UFW BLOCKLIST FORWARD] IN=eth1 OUT=ppp0 MAC=11:22:33:44:55:66:77:88:99:00:aa:bb:cc:dd SRC=192.168.1.11 DST=45.227.254.8 LEN=40 TOS=0x00 PREC=0x00 TTL=62 ID=0 DF PROTO=TCP SPT=51413 DPT=65469 WINDOW=0 RES=0x00 ACK RST URGP=0
 Sep 25 21:19:51 ubunturouter kernel: [UFW BLOCKLIST FORWARD] IN=eth1 OUT=ppp0 MAC=11:22:33:44:55:66:77:88:99:00:aa:bb:cc:dd SRC=192.168.1.11 DST=45.227.254.8 LEN=40 TOS=0x00 PREC=0x00 TTL=62 ID=0 DF PROTO=TCP SPT=51413 DPT=65469 WINDOW=0 RES=0x00 ACK RST URGP=0
 Sep 26 06:25:02 ubunturouter ufw-blocklist-ipsum[661335]: starting update of ufw-blocklist-ipsum with 13008 entries from https://raw.githubusercontent.com/stamparm/ipsum/master/levels/3.txt
 Sep 26 06:26:06 ubunturouter ufw-blocklist-ipsum[674158]: finished updating ufw-blocklist-ipsum. Old entry count: 13008 New count: 12789 of 12789
 Hits on the OUTPUT or FORWARD drop rules may indicate an issue with an internal host and are logged. In the example status shown above, the hits on the FORWARD rule are related to an internal torrent client.
 INPUT hits are not logged. The status output above shows 76998 dropped INPUT packets after the system has been up 9 days, 22:45 hours.
 Todo
 These scripts have run flawlessly for 2 years. The next steps will take advantage of this extended ufw-framework and generalise the blocklist case to arbitrary ipsets, for example, to block bogans or by geoblock
 test and document use of after.init_run-parts
 test and document geo-block example for blocking geographic subnets. Geo-based blocks are useful for blocking botnets or "citizen activists." Geo-based subnets can be found at:
 https://www.ip2location.com/free/visitor-blocker
 https://www.ipdeny.com/ipblocks/
 test and document blocking bogan IP addresses. Bogon lists can be found at:
 FireHOL includes fullbogons: https://iplists.firehol.org/
 so does team Cymru. See fullbogons at: https://www.team-cymru.com/bogon-reference-http
 develop a whitelist an ip/cidr address
 develop test of entries as valid ip/cidr addresses