Archive | May, 2015

Security for personal linux servers

31 May

A few days ago I used a Raspberry Pi 2 as a toy server. Yesterday I noticed that it already got 72,000 failed SSH logins, this prompted me to search some linux security tips. This site ubuntu hardening guide is the one I would recommend. Below is a summary of what I learned (from reading the mentioned site and other pages)

0. sudo apt-get update && sudo apt-get dist-upgrade  (also remember to setup auto update).

This would keep your server updated (and hence less vulnerable to known bugs).

1. Setup firewall to only allow the ports (like ssh/22, http/80, https/443) that you plan to use, and put rate limit on SSH port.

a) sudo ufw allow ssh

b) sudo ufw limit ssh/tcp

2. Install fail2ban: to ban an IP if there are too many failed login in a short time from that ip.

3. Disable SSH login via password, always pick SSH login via keys (detail), and only allow certain users to login via ssh. A poor ssh password is a big risk. On the other hand, ssh login via key is much safer — It’s much much more harder (if not impossible) to brute force ssh keys.

4. Remove not-needed packages and/or disable not-needed services:  these packages or services might hide security bugs.

5. Lock and/or make some routine users (like root, irc, ..) not able to login (here)

6. Monitoring & read ubuntu hardening guide

Free Shadowsocks server

31 May

Server: 138.128.222.73

Port: 443

加密方式:AES-128-CFB

Password: 因特网的英文翻译

Time to extract text from images: RaspberryPi, Pi2B, Laptop and VM in cloud

26 May

Summary: If Raspberry Pi computing power is 1, then Pi 2B computing power is 2, laptop with i5-3320M (in this simple experiment) is ~20 (all for a single core).

For a task to extract text from image file, I tried it on four different devices I have at hand: Raspberry Pi, Pi2B, a laptop (with intel CPU i5-3320M), and a virtual machine in cloud. Below is the result:

Raspberry Pi:

$ time tesseract testpng/en1.png stdout
Tesseract Open Source OCR Engine v3.02 with Leptonica

real 0m5.355s
user 0m5.160s
sys 0m0.170s

Raspberry Pi 2B:

$ time tesseract en1.png stdout
Tesseract Open Source OCR Engine v3.02 with Leptonica

real 0m2.618s
user 0m2.510s
sys 0m0.100s

Laptop:

$ time tesseract testpng/en1.png stdout.txt
Tesseract Open Source OCR Engine v3.03 with Leptonica

real 0m0.316s
user 0m0.304s
sys 0m0.012s

a virtual machine (VM) in bandwagon:

$ time tesseract testpng/en1.png stdout.txt
Tesseract Open Source OCR Engine v3.03 with Leptonica

real 0m0.352s
user 0m0.320s
sys 0m0.028s