List entries with line numbers
iptables -L -v --line-numbers
Delete entry
iptables -D name_of_chain number_of_line_with_IP_that_you_want_to_delete
Let’s imagine that we want to unban 91.194.16.60! chain name is ‘f2b-sshd‘ and line number is 10!
iptables -D f2b-sshd 10
Example (banning some chinese sh*t)
iptables -A INPUT -s 119.249.54.0/24 -j DROP iptables -A INPUT -s 121.18.238.0/24 -j DROP
So!,
My nagios was returning a CRITIAL error on one of my servers…
and httpd server wasn’t responding….
I think that problem was on IPTABLES / FAIL2BAN ban list. I had 702 banned IPs…
After I clean them up, everything went okay!
So!,
I was trying to SSH a host…
Somehow it was requesting id_rsa.pub……… and asking for an password!
…
This is how I solved it…
ssh -v -i path/to/id_rsa username@host.tld
!!
GETs
ngrep -q '^POST .* HTTP/1.[01]'
POSTs
ngrep -q '^POST .* HTTP/1.[01]'
So!,
letsencrypt renew output
Domain: www.domain.com Type: unauthorized Detail: Invalid response from http://www.domain.com/.well-known/acme-challenge/WLpdvugG3YzC53RTrZMJcYWsRqcj64vWLw43HNBkMN6:
nginx error log
66.133.XXX.XXX - - [11/Feb/2017:09:33:20 +0100] "GET /.well-known/acme-challenge/WLpdvugG3YzC53RTrZMJcYWsRqcj64vWLw43HNBkMN6 HTTP/1.1" 404 247 "http://www.domain.com/.well-known/acme-challenge/WLpdvugG3YzC53RTrZMJcYWsRqcj64vWLw43HNBkMN6" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
“Somehow” my domain root has changed.
I had to take a look at /etc/letsencrypt/renewal/domain.com.conf and fix some paths… 
You need to have PHP installed before.
Here y’a go…
Under root…..
yum -y update
Switch into the temp directory.
cd /tmp
Install Composer using cURL
curl -sS https://getcomposer.org/installer | php
Make Composer globally accessible
mv composer.phar /usr/local/bin/composer
While I was trying to preform an apt-get upgrade i got FATAL -> Failed to fork. error.
According to some fellows around, this issue was probably caused due to the lack of memory!, and it was…
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: subdomain.domain.com
Type: unauthorized
Detail: Invalid response from
http://subdomain.domain.com/.well-known/acme-challenge/XXXXXXX_XXXXXXXX:
"<!DOCTYPE html>
<html lang="en">
<head>
<title>404 Page Not Found</title>
<style type="text/css">
::selection{ background-color"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
Try to add the following, inside server{}, on user nginx domain configuration..
location /.well-known/acme-challenge/ {
try_files $uri /dev/null =404;
}
And reboot nginx…
While I was trying to update a CentOS server…
I got an error saying that /bott/ didn’t had enough disk space……
Sumário de erros ------------- Requisitos de disco: São precisos pelo menos mais 30MB de espaço livre no sistema de ficheiros /boot.
I’v followed the following instructions http://unix.stackexchange.com/a/105029/65996 and it worked!
[Thu Mar 09 02:23:43.435879 2017] [cgi:error] [pid 28444] [client 94.63.XXX.XXX:54192] AH01215: Can’t locate CGI/Carp.pm in @INC (@INC contains: /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at /path/to/cgi/admin/admin.cgi line 31.
This solved my issue…
yum install perl-CGI
[Thu Mar 09 02:26:54.892385 2017] [cgi:error] [pid 28442] [client 94.63.XXX.XXX:54242] AH01215: [Thu Mar 9 02:26:54 2017] admin.cgi: [Thu Mar 9 02:26:54 2017] admin.cgi: Can’t locate LWP/Simple.pm in @INC (@INC contains: /path/to/cgi/admin/ /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at ./shared/subs3.pm line 1003.
[Thu Mar 09 02:26:54.892456 2017] [cgi:error] [pid 28442] [client 94.63.XXX.XXX:54242] AH01215: [Thu Mar 9 02:26:54 2017] admin.cgi: [Thu Mar 9 02:26:54 2017] admin.cgi: BEGIN failed–compilation aborted at ./shared/subs3.pm line 1003.
[Thu Mar 09 02:26:54.892599 2017] [cgi:error] [pid 28442] [client 94.63.XXX.XXX:54242] AH01215: [Thu Mar 9 02:26:54 2017] admin.cgi: Compilation failed in require at /path/to/cgi/admin/admin.cgi line 151.
This solved my issue!
yum install perl-XML-Simple
In our /etc/httpd/conf/httpd.conf lets see if we have the following lines on it.
Uncomment them or add them.
LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_balancer_module modules/mod_proxy_balancer.so LoadModule proxy_http_module modules/mod_proxy_http.so # Uncomment these to proxy FTP or HTTPS #LoadModule proxy_ftp_module modules/mod_proxy_ftp.so #LoadModule proxy_connect_module modules/mod_proxy_connect.so
[root@sd-8XXX pjrf]# /usr/local/sbin/certbot-auto renew >> /var/log/le-renew.log Saving debug log to /var/log/letsencrypt/letsencrypt.log Cert not yet due for renewal Cert not yet due for renewal Cert not yet due for renewal Cert not yet due for renewal [root@sd-8XXX pjrf]# [root@sd-8XXX pjrf]# /usr/local/sbin/certbot-auto renew --force-renew
Usefull!
cat /path/access.log | awk '{print $1}' | sort -n | uniq -c | sort -nr | head -50
SysAdminBoard is a simple dashboard system written in Python, HTML and Javascript and served on a simple CherryPy Webserver (included). It was originally written to reformat snmp data for the Panic Statusboard iPad App, but has since become a fully stand-alone project that can grab data from a variety of sources and render charts and graphs in a web browser.
If we are just allowing both on AllowUsers in file /etc/ssh/sshd_config, new users won’t be allowed to access the server.
So!, lets edit it a add the new user. Find AllowUser line and add it there.
sudo nano /etc/ssh/sshd_config
This should look something like
#PermitRootLogin without-password PermitRootLogin no StrictModes yes AllowUsers bofh newuser
Save and Exit!
Restart SSH
service ssh restart
Now the user!
addgroup --system filetransfer usermod -G filetransfer username chown root:root /home/username chmod 755 /home/username cd /home/username chown username:filetransfer *
Hooray!
protocol version mismatch — is your shell clean?
(see the rsync man page for an explanation)
rsync error: protocol incompatibility (code 2) at compat.c(174) [sender=3.1.0]
Are you trying to rsync to a valid shell user?
This is, for what I’v read about, the two main things that we need to have updated…
kernel-3.10.0-693.11.6.el7.x86_64
microcode_ctl-2.1-22.2.el7.x86_64
Check them trought uname -r and dmesg | grep microcode
[root@sd-56969 www]# systemctl status microcode -l ● microcode.service - Load CPU microcode update Loaded: loaded (/usr/lib/systemd/system/microcode.service; enabled; vendor preset: enabled) Active: inactive (dead) since Fri 2018-01-05 17:43:08 CET; 1 weeks 6 days ago Process: 692 ExecStart=/usr/bin/bash -c grep -l GenuineIntel /proc/cpuinfo | xargs grep -l -E "model[[:space:]]*: 79$" > /dev/null || echo 1 > /sys/devices/system/cpu/microcode/reload (code=exited, status=0/SUCCESS) Main PID: 692 (code=exited, status=0/SUCCESS) Jan 05 17:43:08 sd-56969 systemd[1]: Starting Load CPU microcode update... Jan 05 17:43:08 sd-56969 systemd[1]: Started Load CPU microcode update.
https://serverfault.com/a/760324/152273
please give some votes up to the author! 
see also http://www.digitalwhores.net/linux/iptables-unban-ip/
Meanwhile in a new VPS…
2018-04-18 19:56:42,211 fail2ban.actions [14644]: NOTICE [sshd] 113.131.58.142 already banned 2018-04-18 19:56:43,213 fail2ban.actions [14644]: NOTICE [sshd] 113.131.58.142 already banned 2018-04-18 19:56:44,214 fail2ban.actions [14644]: NOTICE [sshd] 113.131.58.142 already banned 2018-04-18 19:56:45,215 fail2ban.actions [14644]: NOTICE [sshd] 113.131.58.142 already banned 2018-04-18 19:56:46,217 fail2ban.actions [14644]: NOTICE [sshd] 113.131.58.142 already banned 2018-04-18 19:56:47,218 fail2ban.actions [14644]: NOTICE [sshd] 195.72.223.106 already banned 2018-04-18 19:56:48,219 fail2ban.actions [14644]: NOTICE [sshd] 195.72.223.106 already banned
YAH!
Take a look at /etc/fail2ban/jail.local or /etc/fail2ban/jail.d/00-firewalld.conf
banaction = firewallcmd-ipset
or
banaction = iptables-multiport
