UNBLOG Tutorials (EN)

How to query Computer BIOS Serial Number

Home
Leave a comment

Determine BIOS and serial number on your Computer

The serial number can be useful for identifying computer hardware for inventory purposes, which is often written on a small sticker on the back of the device. We can also get this serial from the BIOS configuration. For this purpose, the Windows Management Instrumentation (WMI) class can be used Win32_Bios.

How to query Computer BIOS Serial Number

The serial number also provides information about the status of the manufacturer’s warranty.

As there is the product warranty check at HPE here, or at Lenovo on the support website it is possible. The BIOS version and serial number to identify the computer when checking for software updates and appropriate drivers on the manufacturer’s websites.

Show Computer Serial Number

The query of the serial number using WMI class Win32_Bios from the Command Prompt:

wmic bios get serialnumber

The following command to output the BIOS version:

systeminfo | findstr BIOS version

Querying BIOS in PowerShell

PowerShell determines BIOS information and serial number as follows:

gwmi win32_bios

The following PowerShell command contains the serial number of the current computer:

Get-WMIObject Win32_Bios | Select-Object SerialNumber

The cmdlet retrieves the class win32_bios, from a CIM instance of the CIM server, and outputs the BIOS information.

get-ciminstance win32_bios

SMBIOSBIOSVersion : Q78 Ver. 01.09.01
Manufacturer : HP
Name : Q78 Ver. 01.09.01
SerialNumber : 5CG83629ZS
Version : HPQOEM - 0

BIOS (basic input/output system) is the program a computer’s microprocessor uses to start the computer system after it is powered on. It also manages data flow between the computer’s operating system (OS) and attached devices, such as the hard disk, video adapter, keyboard, mouse and printer.

Uses of BIOS

The main use of BIOS is to act as a middleman between OS and the hardware they run on. BIOS is theoretically always the intermediary between the microprocessor and I/O device control information and data flow. Although, in some cases, BIOS can arrange for data to flow directly to memory from devices, such as video cards, that require faster data flow to be effective.

UNBLOG Tutorials (EN)

Protect Kopano by Fail2ban

Home
Leave a comment

Hardening Kopano against attacks with Fail2ban

This howto describes how to install and configure Fail2ban for Kopano Groupware on Ubuntu. Fail2ban provides effective protection against brute-force attacks by filtering out failed attempts of authentication from Syslog and Apache protocol in order to block the host for a certain period of time using a kernel firewall.

Install Fail2ban on Kopano Server

The Fail2ban package will be installed on Ubuntu as root as follows. Fail2ban is developed on Python, which is why the required libraries are reloaded.

$ apt-get update
$ apt-get install fail2ban -y

After installation, Fail2ban runs and is enabled in systemd for autostart.

$ systemctl start fail2ban
$ systemctl enable fail2ban

Create Fail2ban Filter for Kopano

Build Fail2ban filter for Kopano, we create the file kopano-webapp-auth.conf

$ vi /etc/fail2ban/filter.d/kopano-webapp-auth.conf

Insert the content into the filter file with the following lines:

# Fail2Ban kopano-webbapp-auth filter
# /etc/fail2ban/filter.d/kopano-webapp-auth.conf

[INCLUDES]
before = apache-common.conf

[Definition]
failregex = ^%(_apache_error_client)s Kopano WebApp user:.* authentication failure at MAPI

ignoreregex =

Enable the Kopano Filter

Activate the Fail2ban filter for Kopano by creating the configuration file jail.local.

$ vi /etc/fail2ban/jail.local

And insert the following content:

[sshd]
port = ssh
logpath = %(sshd_log)s

[kopano-webapp]
enabled = true
port = https
filter = kopano-webapp-auth
logpath = %(apache_error_log)s

[apache-auth]
enabled = true
port = http,https
logpath = %(apache_error_log)s

Here error.log is read out with the variable %(apache_error_log), /var/log/apache2/error.log

Start Fail2ban with Kopano Filter

Restart Fail2ban to enable the changes.

$ systemctl restart fail2ban

Check Fail2ban Client Status

The status of Fail2ban can be checked as follows.

$ fail2ban-client status
Status
|- Number of jail: 3
'- Jail list: apache-auth, kopano-webapp, sshd
 
root@kopano:~# fail2ban-client status kopano-webapp
Status for the jail: kopano-webapp
| Filters
|  |- Currently failed: 0
|  |- Total failed: 7
|  '- File list: /var/log/apache2/mattermost-error.log /var/log/apache2/error.log
'- Actions
   |- Currently banned: 4
   |- Total banned: 52
   '- Banned IP list: 10.10.10.101 172.17.88.91 172.31.16.3 10.32.57.98

The firewall provides information about the status of the hosts currently blocked by Fail2ban, with an iptables query:

$ iptables -vnL | egrep "f2b-kopano-webapp|apache-auth|sshd"
Kopano Fail2ban Filter

Fail2ban intrusion prevention software framework

Fail2ban is an intrusion prevention software framework. Written in the Python programming language, it is designed to prevent brute-force attacks. It is able to run on POSIX systems that have an interface to a packet-control system or firewall installed locally, such as iptables or TCP Wrapper.

Fail2ban operates by monitoring log files (e.g. /var/log/auth.log, /var/log/apache/access.log, etc.) for selected entries and running scripts based on them. Most commonly this is used to block selected IP addresses that may belong to hosts that are trying to breach the system’s security. It can ban any host IP address that makes too many login attempts or performs any other unwanted action within a time frame defined by the administrator.

It includes support for both IPv4 and IPv6. Optionally longer bans can be custom-configured for “recidivist” abusers that keep coming back. Fail2ban is typically set up to unban a blocked host within a certain period, so as to not “lock out” any genuine connections that may have been temporarily misconfigured. However, an unban time of several minutes is usually enough to stop a network connection being flooded by malicious connections, as well as reducing the likelihood of a successful dictionary attack.