Tag Archive for Linux

tehjay | February 9, 2009
No comments

HOWTO: OpenArena Dedicated Sever – Linux

Open Arena is an amazing Open Source arena based first person shooter. It is based on the quake 3 engine, and has a lot of fast gameplay.

You are going to need your own server running linux. A shell account will not do, the admin will probably disable your account, and most likely you won’t have access to enough resources to run a dedicated game server. So I am going to assume you either have a computer sitting beside you running linux, or a virtual machine either on your pc, or hosted on a server somewhere. You will not be able to run the dedicated server on your own machine, without changing some of the server flags.

The first thing you will need to do is download the latest version of the OpenArena, which can be done here. Any download link will do, the windows and the linux binaries are both packaged together.

I recommend uploading the archive to your server, then uncompressing it, instead of uncompressing it on your computer then uploading it, just to save some time and bandwidth.

Once you have everything uploaded and uncompressed on your server, you will need to go into the baseoa directory and create a file called server.cfg

Your server.cfg file is going to look something similar to this:


sv_hostname "My OA server"
sv_maxclients 16
sv_master1 "dpmaster.deathmask.net"
sv_maxPing 150
sv_minPing 0
sv_pure 1
sv_maxRate 25000
sv_fps 20
sv_allowdownload 1

sv_privateClients "2" // slots substracted from sv_maxclients
sv_privatePassword " "

capturelimit 8
timelimit 15
fraglimit 35

set rconPassword "" // for remote ingame servercontrol

g_motd ""
g_quadfactor 4
g_inactivity 0
g_allowvote 1

//If you want to use unlagged functionality (since 0.7.6)
g_delagHitscan 1

//Special modes since 0.7.6:
//g_instantgib 1
//g_rockets 1
//g_vampire 0.25 //25%
//g_regen 5 //5 health per sec.

//Gametypes
// 0 = Free For All
// 1 = Tourney
// 3 = Team Deathmatch
// 4 = Capture The Flag
// 8 = Elimination
// 9 = CTF Elimination
// 10 = Last Man Standing
// 11 = Double Domination
// 12 = Domination
g_gametype 0

set d1 "map aggressor; set nextmap vstr d2"
set d2 "map oa_dm1; set nextmap vstr d3"
set d3 "map oa_dm2; set nextmap vstr d4"
set d4 "map oa_dm3; set nextmap vstr d5"
set d5 "map oa_dm4; set nextmap vstr d6"
set d6 "map kaos2; set nextmap vstr d7"
set d7 "map oa_dm5; set nextmap vstr d8"
set d8 "map oa_rpg3dm2;set nextmap vstr d9"
set d9 "map oa_shouse; set nextmap vstr d1"
wait
vstr d1 // start loop at d1

The main portions you are going to want to worry about are:

sv_hostname – Sets your viewable hostname in the serverlist
sv_maxclients – Sets the maximum ammount of clients allowed to connect to your server
sv_privateClients – Sets the ammount of slots held for private use (sv_maxclients – sv_privateClients = total clients)
sv_privatePassword – Sets the password for the private slots
capturelimit – Sets the capture limit in CTF
timelimit – Sets the time limit
fraglimit – Sets the frag limit
set rconPassword – Sets the rcon passsword for admin usage
g_motd – Sets the message of the day
g_gametype – Sets the gametype, the current option is 0, Free for All aka Deathmatch

The last portion is the confusing bit. This is where you setup the actual map rotation.


set d1 "map mapname1; set nextmap vstr d2"
set d2 "map mapname2; set nextmap vstr d3"
set d3 "map mapname3; set nextmap vstr d1"
wait
vstr d1 // start loop at d1

Basically what you are doing here is setting up a loop. d1 is set, with the next map being d2 and so on. You can do this with as many levels as you want, you just have to make sure to make the last map link to the first map, or the loop will not work.

Once you have your server.cfg file saved, go back into the root OpenArena directory and start up your server like this:

./oa_ded.i386 +set dedicated 2 +exec server.cfg

You may want to run this process inside of a screen session. There are alot more things you can do, this is just the basics for getting your own OpenArena dedicated server setup. Enjoy

Category: Linux | Tags: , , ,
tehjay | June 3, 2007
No comments

HOWTO: Slow down and log bruteforce attacks on your Debian system

This howto is going to assume you have a working Debian or Debian based system currently running. It is also intended to be copied and pasted directly into your telnet/ssh window.

The package I am going to be using is called fail2ban. Fail2ban scans log files and bans IP addresses that produce too many failed login attempts. It then updates firewall rules to reject the attackers IP address.

Step 1: Installing the fail2ban package

Type or copy and paste the following into your server.

apt-get install fail2ban

Once this is done, you are now setup and now you have to setup the configuration files.

Step 2:

Edit /etc/fail2ban/fail2ban.conf

nano -w /etc/fail2ban/fail2ban.conf

Your fail2ban.conf should look something like this (the commented lines have been removed)

[Definition]
loglevel = 3
logtarget = /var/log/fail2ban.log
socket = /tmp/fail2ban.sock

Step 3:

Edit /etc/fail2ban/jail.conf

nano -w /etc/fail2ban/jail.conf

Your jail.conf should look something like this (again comments have been removed)

[DEFAULT]
ignoreip = 127.0.0.1
bantime = 18000
maxretry = 3

backend = polling
destemail = youremail@domain.com
action = iptables[name=%(__name__)s, port=%(port)s]
mail-whois-lines[name=%(__name__)s, dest=%(destemail)s, logpath=%(logpath)s]

[ssh]

enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 6

[apache]

enabled = false
port = http
filter = apache-auth
logpath = /var/log/apache*/*access.log
maxretry = 6

[apache-noscript]

enabled = false
port = http
filter = apache-noscript
logpath = /var/log/apache*/*error.log
maxretry = 6

[vsftpd]

enabled = false
port = ftp
filter = vsftpd
logpath = /var/log/auth.log
maxretry = 6

[proftpd]

enabled = false
port = ftp
filter = proftpd
logpath = /var/log/proftpd/proftpd.log
maxretry = 6

[wuftpd]

enabled = false
port = ftp
filter = wuftpd
logpath = /var/log/auth.log
maxretry = 6

[postfix]

enabled = false
port = smtp
filter = postfix
logpath = /var/log/mail.log

[couriersmtp]

enabled = true
port = smtp
filter = couriersmtp
logpath = /var/log/mail.log

[courierimap]

enabled = true
port = imap2
filter = courierlogin
failregex = imapd: LOGIN FAILED.*ip=\[.*:\]
logpath = /var/log/mail.log
maxretry = 5

[courierpop3]

enabled = true
port = pop3
filter = courierlogin
failregex = courierpop3login: LOGIN FAILED.*ip=\[.*:\]
logpath = /var/log/mail.log
maxretry = 5

[sasl]

enabled = true
port = smtp
filter = sasl
failregex = warning: [-._\w]+\[\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed
logpath = /var/log/mail.log

Please change the email section if you are going to directly copy and paste this config. Right now, when someone attempts a bruteforce attack, fail2ban will firewall the ip address, and send an email to that email address with the whois information, and the log information from the attack.

You can now start/restart fail2ban, I recommend using a restart just in case fail2ban is already running.

/etc/init.d/fail2ban restart

Please don’t use this as your only security measure. This is just one step you can take to protecting your servers.

Category: Linux, Security | Tags: , , , ,
tehjay | May 8, 2007
2 comments

HOWTO: Prevent website bandwidth theft with .htaccess

Some people can be so ignorant. Nothing aggravates me more than a forum user who hotlinks an image or file from your site on a popular forum, but when webmasters create file repositories, and all of the files are linked from other peoples servers. Without permission.

I’m sure there are many ways to prevent these people from harvesting your bandwidth, if you use apache with mod_rewrite, just by adding a couple lines of text to a file called .htaccess will do wonders.

What is Hotlinking?

Straight from Wikipedia:

Hotlinking aka. Inline linking is the placing of a linked object, often an image, from one site into a web page belonging to a second site. The second site is said to have an inline link to the site where the object is located. Inline linking is also known as leeching, direct linking or bandwidth theft.

Let’s start by opening up a text editor and creating a file called .htaccess In this file you want to put something like this:


RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?attackofthegamer.com/.*$ [NC]
RewriteRule \.(gz|zip|rar|gif|jpg|js|css)$ - [F]

Basically what this does is check if a request to any file with a .gz .zip .rar .gif .jpg .js .css extension comes from the referring URL http://www.attackofthegamer.com If the request comes from a referral that isn’t http://www.attackofthegamer.com it’s rejected. You will want to swap the domain for your own to make it work.

If you are just protecting images. You can mess with the culprit and change the image on them to something of your choice, with a comical outcome. Just create a .htaccess file that looks like this.

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$ [NC]
RewriteRule \.(png|gif|jpg)$ http://www.mydomain.com/badimage.gif [R,L]

Just change the domain name, and the url to the image you want to swap with and you are set. Once you have the .htaccess file created use your FTP program and upload it to each directory you want to protect.

Voila, you should now be protecting against bandwidth pirates. Happy Hunting.

Category: Linux | Tags: , , , , , ,