Running Ubuntu 14.04 “Trusty Tahir” on XenServer CloudStack

The recently released Ubuntu 14.04 “Trusty Tahir” LTS release comes with Xen HVM (Hardware-assisted virtualization) support. Previous LTS releases supported the older Xen PV (para-virtualization) mode only.

Phoronix has recently published a comparison between Ubuntu 14.04 Xen PV with Xen HVM virtualisation which seems to suggest that Ubuntu 14.04 with Xen HVM performs better than Xen PV on EC2 cloud. You can read the full article at Ubuntu 14.04 On Amazon EC2: Xen PV vs. HVM

Continue reading Running Ubuntu 14.04 “Trusty Tahir” on XenServer CloudStack

Shanker Balan

Shanker Balan is a devops and infrastructure freelancer with over 14 years of industry experience in large scale Internet systems. He is available for both short term and long term projects on contract. Please use the Contact Form for any enquiry.

More Posts - Website

Follow Me:
TwitterLinkedIn

Automatic Installation Of Security Updates On Ubuntu

A new OpenSSL vulnerability called heartbleed has been found and patched. Information on the vulnerability is available on the CVE Website and there is even a dedicated site for the issue.

While most of us keep our system regularly update our systems using apt or yum, it is best advised have an automatic update process in place. This is to ensure that systems don’t get missed out in the update process and that the updates are applied as soon as possible.

Continue reading Automatic Installation Of Security Updates On Ubuntu

Shanker Balan

Shanker Balan is a devops and infrastructure freelancer with over 14 years of industry experience in large scale Internet systems. He is available for both short term and long term projects on contract. Please use the Contact Form for any enquiry.

More Posts - Website

Follow Me:
TwitterLinkedIn

Block failed OpenVPN logins with fail2ban

The following configuration successfully bans failed OpenVPN authentication attempts on Ubuntu 12.04 LTS. OpenVPN has been configured to authenticate against local password database via PAM.

jail.conf

[openvpn]

enabled   = true
port      = openvpn
protocol  = udp
filter    = openvpn
logpath   = /var/log/openvpn.log
maxretry = 4

/etc/fail2ban/filter.d/openvpn

[INCLUDES]
before = common.conf

[Definition]
_daemon = openvpn

failregex = <HOST>:[0-9]{4,5} TLS Auth Error: Auth Username/Password verification failed for peer

ignoreregex = 

Succesfull bans appear as below in /var/log/fail2ban.log

2014-02-25 23:40:29,485 fail2ban.actions: WARNING [openvpn] Ban 106.51.xxx.xxx
2014-02-25 23:50:29,895 fail2ban.actions: WARNING [openvpn] Unban 106.51.xxx.xxx

YMMV!!!

Shanker Balan

Shanker Balan is a devops and infrastructure freelancer with over 14 years of industry experience in large scale Internet systems. He is available for both short term and long term projects on contract. Please use the Contact Form for any enquiry.

More Posts - Website

Follow Me:
TwitterLinkedIn