구차니의 잡동사니 모음

ffplay -max_delay 500000 -rtsp_transport udp -v trace "rtsp://user:pass@CamIP:Port/URL" 

-max_delay         <int>   ED... maximum muxing or demuxing delay in microseconds 

When receiving data over UDP, the demuxer tries to reorder received packets (since they may arrive out of order, or packets may get lost totally). This can be disabled by setting the maximum demuxing delay to zero (via the max_delay field of AVFormatContext). 

av_dict_set(&options, "buffer_size", "655360", 0); 

int av_dict_set (AVDictionary ** pm, const char * key, const char * value, int flags ) 

int AVCodecContext::rc_buffer_size

decoder bitstream buffer size

encoding: Set by user.

decoding: unused

Definition at line 2291 of file avcodec.h. 

Also setting -probesize and -analyzeduration to low values may help your stream start up more quickly (it uses these to scan for "streams" in certain muxers, like ts, where some can appears "later", and also to estimate the duration, which, for live streams, the latter you don't need anyway). This should be unneeded by dshow input. 

$ vi /etc/fail2ban/jail.conf

banaction = iptables-multiport

$ vi /etc/fail2ban/action.d/iptables-multiport.conf

actionban = iptables -I fail2ban-<name> 1 -s <ip>/24 -j <blocktype>

actionunban = iptables -D fail2ban-<name> -s <ip>/24 -j <blocktype>

$ man iptables

       [!] -s, --source address[/mask][,...]

              Source  specification.  Address  can  be either a network name, a hostname, a network IP address (with /mask), or a plain IP address. Hostnames will be

              resolved once only, before the rule is submitted to the kernel.  Please note that specifying any name to be resolved with a remote query such as DNS is

              a  really bad idea.  The mask can be either an ipv4 network mask (for iptables) or a plain number, specifying the number of 1's at the left side of the

              network mask.  Thus, an iptables mask of 24 is equivalent to 255.255.255.0.  A "!" argument before the address specification inverts the sense  of  the

              address.  The  flag  --src  is an alias for this option.  Multiple addresses can be specified, but this will expand to multiple rules (when adding with

              -A), or will cause multiple rules to be deleted (with -D).

$ fail2ban-client 

    set <JAIL> banip <IP>                    manually Ban <IP> for <JAIL>

    set <JAIL> unbanip <IP>                  manually Unban <IP> in <JAIL>

$ sudo fail2ban-client set ssh banip 221.194.44.252

$ sudo fail2ban-client set ssh banip 221.194.44.252/24 

$ sudo iptables -L

Chain fail2ban-ssh (1 references)

target     prot opt source               destination

REJECT     all  --  221.194.44.0/24      anywhere             reject-with icmp-port-unreachable

REJECT     all  --  221.194.44.252       anywhere             reject-with icmp-port-unreachable

RETURN     all  --  anywhere             anywhere 

$ sudo webalizer -c /etc/webalizer/webalizer.conf.old 

$ grep "PAM 5 more authentication" /var/log/auth.log*

$ grep "Failed password for" /var/log/auth.log*  

$ sudo apt-cache search fail2ban

fail2ban - ban hosts that cause multiple authentication errors 

$ sudo apt-get install fail2ban 

auth.log.1:Jan 23 10:50:45 raspberrypi sshd[2616]: Failed password for invalid user gopher from 106.247.230.226 port 39683 ssh2

auth.log.1:Jan 23 10:50:47 raspberrypi sshd[2616]: Failed password for invalid user gopher from 106.247.230.226 port 39683 ssh2

auth.log.1:Jan 23 10:52:14 raspberrypi sshd[2622]: Failed password for invalid user nfsnobody from 106.247.230.226 port 49373 ssh2

auth.log.1:Jan 23 10:52:16 raspberrypi sshd[2622]: Failed password for invalid user nfsnobody from 106.247.230.226 port 49373 ssh2

auth.log.1:Jan 23 10:52:18 raspberrypi sshd[2622]: Failed password for invalid user nfsnobody from 106.247.230.226 port 49373 ssh2

auth.log.1:Jan 23 10:52:58 raspberrypi sshd[2629]: Failed password for games from 106.247.230.226 port 49461 ssh2

auth.log.1:Jan 23 10:53:00 raspberrypi sshd[2629]: Failed password for games from 106.247.230.226 port 49461 ssh2

auth.log.1:Jan 23 10:53:02 raspberrypi sshd[2629]: Failed password for games from 106.247.230.226 port 49461 ssh2

auth.log.1:Jan 23 10:55:12 raspberrypi sshd[2638]: Failed password for invalid user teamspeak2 from 106.247.230.226 port 52864 ssh2

auth.log.1:Jan 23 10:55:15 raspberrypi sshd[2638]: Failed password for invalid user teamspeak2 from 106.247.230.226 port 52864 ssh2

auth.log.1:Jan 23 10:56:38 raspberrypi sshd[2647]: Failed password for invalid user teamspeak2 from 106.247.230.226 port 50460 ssh2

auth.log.1:Jan 23 10:57:21 raspberrypi sshd[2653]: Failed password for invalid user ts4 from 106.247.230.226 port 60900 ssh2

auth.log.1:Jan 23 11:00:14 raspberrypi sshd[2662]: Failed password for invalid user offline from 106.247.230.226 port 54433 ssh2

auth.log.1:Jan 23 11:00:56 raspberrypi sshd[2668]: Failed password for invalid user webdesign from 106.247.230.226 port 52505 ssh2

auth.log.1:Jan 23 11:02:19 raspberrypi sshd[2673]: Failed password for invalid user reddragon from 106.247.230.226 port 56955 ssh2 

$ sudo vi /etc/fail2ban/jail.conf

[DEFAULT]

ignoreip = 127.0.0.1/8 192.168.219.1/24

ignorecommand =

bantime  = 2592000

findtime = 60

maxretry = 5

[ssh]

enabled  = true

port     = ssh

filter   = sshd

logpath  = /var/log/auth.log

maxretry = 5

[apache]

enabled  = false

port     = http,https

filter   = apache-auth

logpath  = /var/log/apache*/*error.log

maxretry = 5

$ sudo iptables -L

Chain INPUT (policy ACCEPT)

target     prot opt source               destination

fail2ban-ssh  tcp  --  anywhere             anywhere             multiport dports ssh

Chain FORWARD (policy ACCEPT)

target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination

Chain fail2ban-ssh (1 references)

target     prot opt source               destination

REJECT     all  --  221.194.44.252       anywhere             reject-with icmp-port-unreachable

RETURN     all  --  anywhere             anywhere

Feb  9 04:48:52 raspberrypi sshd[3342]: Invalid user admin from 221.194.44.252

Feb  9 04:48:52 raspberrypi sshd[3342]: input_userauth_request: invalid user admin [preauth]

Feb  9 04:48:52 raspberrypi sshd[3342]: pam_unix(sshd:auth): check pass; user unknown

Feb  9 04:48:52 raspberrypi sshd[3342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.194.44.252

Feb  9 04:48:53 raspberrypi sshd[3342]: Failed password for invalid user admin from 221.194.44.252 port 2815 ssh2

Feb  9 04:48:53 raspberrypi sshd[3342]: pam_unix(sshd:auth): check pass; user unknown

Feb  9 04:48:55 raspberrypi sshd[3342]: Failed password for invalid user admin from 221.194.44.252 port 2815 ssh2

Feb  9 04:48:55 raspberrypi sshd[3342]: pam_unix(sshd:auth): check pass; user unknown

Feb  9 04:48:57 raspberrypi sshd[3342]: Failed password for invalid user admin from 221.194.44.252 port 2815 ssh2

Feb  9 04:48:57 raspberrypi sshd[3342]: pam_unix(sshd:auth): check pass; user unknown

Feb  9 04:48:59 raspberrypi sshd[3342]: Failed password for invalid user admin from 221.194.44.252 port 2815 ssh2

Feb  9 04:48:59 raspberrypi sshd[3342]: pam_unix(sshd:auth): check pass; user unknown

Feb  9 04:49:01 raspberrypi sshd[3342]: Failed password for invalid user admin from 221.194.44.252 port 2815 ssh2

Feb  9 04:49:01 raspberrypi sshd[3342]: fatal: Read from socket failed: Connection reset by peer [preauth]

Feb  9 04:49:01 raspberrypi sshd[3342]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.194.44.252

Feb  9 04:49:01 raspberrypi sshd[3342]: PAM service(sshd) ignoring max retries; 5 > 3 

2017-02-09 04:49:01,756 fail2ban.actions[31809]: WARNING [ssh] Ban 221.194.44.252

2017-02-09 08:50:18,961 fail2ban.server [31809]: INFO    Stopping all jails

2017-02-09 08:50:19,255 fail2ban.actions[31809]: WARNING [ssh] Unban 221.194.44.252 

<Directory /var/www/>

Options FollowSymLinks MultiViews

AllowOverride None

Order deny,allow

Allow from xxx.xxx.xxx.xxx

Allow from xxx.xxx.xxx.xxx

Allow from xxx.xxx.xxx.xxx

Deny from all

</Directory>

#Required set of rewrite rules

RewriteEngine on

RewriteMap    hosts-deny  txt:/etc/apache/banned-hosts

RewriteCond   ${hosts-deny:%{REMOTE_ADDR}|NOT-FOUND} !=NOT-FOUND [OR]

RewriteCond   ${hosts-deny:%{REMOTE_HOST}|NOT-FOUND} !=NOT-FOUND

RewriteRule   ^  /why-am-i-banned.html

##  inside our banned hosts file, we have:

## /etc/apache2/banned-hosts (maintain the format .. its not just a plain text file)

## 

193.102.180.41 -

192.168.111.45 -

www.example.com -

www.sumwia.net - 

$ wget ftp://ftp.mrunix.net/pub/webalizer/geodb/geodb-latest.tgz

$ tar -xvf geodb-latest.tgz

$ sudo mkdir /usr/share/GeoDB

$ sudo mv GeoDB.dat /usr/share/GeoDB/

$ sudo vi /etc/webalizer/webalizer.conf

GeoDB           yes

GeoDBDatabase   /usr/share/GeoDB/GeoDB.dat 

$ sudo webalizer 

7a. Why does the country section show only 100% unresolved?

Most likely because your web server is not doing name lookups and simply logging IP addresses. In order to determine the top level domain of the remote site, the program needs a resolved hostname, not an IP address. The simple fix is to just turn on name lookups on your web server so it starts logging names. Otherwise, you can pre-process your logs with something like the logresolve program supplied with apache or similar utilities, or you can use the Webalizers built in DNS lookup code (see 7b below). Another alternative is to enable the geolocation services, which will lookup the geographic location of IP addresses. You can use either the Webalizers native geolocation support (GeoDB) which supports both IPv4 and IPv6 addresses, or optionally, GeoIP support from MaxMind Inc. While geolocation support will give you accurate country information, other aspects of the analysis may suffer, such as search string analysis (which depends on resolved hostnames to identify the various search engines).

7b. My Server doesn't do name lookups. Will The Webalizer?

Yes. The Webalizer fully supports both IPv4 and IPv6 reverse DNS lookup support. See the DNS.README file for additional information. If you don't enable hostname lookups on your web server, or use the geolocation services provided by The Webalizer, you will get '100% Unresolved/Unknown' country totals. This is because your log files only have IP addresses and not names. While it is recommended that you let your web server handle the DNS lookups, DNS support can be used for those sites where DNS resolution is not an option.

The webalizer has the ability to perform reverse DNS lookups,  and

fully supports both IPv4 and IPv6 addressing schemes.  This document

attempts to explain how it works, and some things that you should be

aware of when using the DNS lookup features.

Note: The Reverse DNS feature may be enabled or disabled at compile

      time.  DNS lookup code is enabled by default.  You can run The

      Webalizer using the '-vV' command line options to determine what

      options are enabled in the version you are using. 

$ webalizer -vV

Webalizer V2.23-08 (Linux 4.4.38-v7+ armv7l) locale

Copyright 1997-2013 by Bradford L. Barrett

Mod date: 26-Aug-2013  Options: DNS/GeoDB GeoIP

Default GeoDB dir : /usr/share/GeoDB

Default config dir: /etc/webalizer

# The GeoIP option enables or disables the use of geolocation

# services provided by the GeoIP library (http://www.maxmind.com),

# if available.  Values may be 'yes' or 'no, with 'no' being the

# default.  Note: if GeoDB is enabled, then this option will have

# no effect (GeoDB will be used regardless of this setting).

#GeoIP no

# GeoIPDatabase specifies an alternate database filename to use by the

# GeoIP library.  If an absolute path is not given as part of the name

# (ie: starts with a leading '/'), then the name is relative to the

# default output directory. This option should not normally be needed.

#GeoIPDatabase /usr/share/GeoIP/GeoIP.dat 

$ apt-file search GeoIP

geoip-database: /usr/share/GeoIP/GeoIP.dat

geoip-database: /usr/share/GeoIP/GeoIPv6.dat

geoip-database-contrib: /usr/share/GeoIP/GeoIP.dat

geoip-database-contrib: /usr/share/GeoIP/GeoIPASNum.dat

geoip-database-contrib: /usr/share/GeoIP/GeoIPASNumv6.dat

geoip-database-contrib: /usr/share/GeoIP/GeoIPv6.dat

geoip-database-contrib: /usr/share/GeoIP/GeoLiteCity.dat

geoip-database-contrib: /usr/share/GeoIP/GeoLiteCityv6.dat

geoip-database-extra: /usr/share/GeoIP/GeoIPASNum.dat

geoip-database-extra: /usr/share/GeoIP/GeoIPCity.dat