Tag Archives: Linux How to

Unix Similar multi-user operating systems based on the Linux kernel and essentially on GNU software. Like CentOS, Debian, Ubuntu Fedora.

Howto Tutorials (EN)

bash ifconfig command not found add net-tools package

Home
Leave a comment

If you enter “ifconfig” in the bash on modern Linux operating systems, you will see command not found, because missing the net-tools package.

bash ifconfig command not found add net-tools package

-bash: ifconfig: command not found

ifconfig is the utility for viewing and setting the network configuration on Red Hat, Fedora, CentOS, Debian, and Ubuntu Linux systems. The bash command includes the net-tools package, which has been replaced by the iproute2 package.

net-tools contains the bash ifconfig package

The ifconfig binary is supplied with the Debian net-tools package. Install the net-tools package with the following command in bash, which is available under the default repositories.

$ sudo apt install net-tools -y

Then ifconfig can be run to check the network configuration. The following command displays details for all interfaces configured on a Debian system.

$ ifconfig

For RHEL 8 and CentOS 8, the net-tools package is provided with the Manager YUM package.

$ sudo yum -y install net-tools

NOTE: The ifconfig program is deprecated! Replacement is given by the commands ip addr and ip link.

ifconfig shows the output of the network interfaces and their configuration, after installed the net net-tools package.

Now run ifconfig in the bash.

$ ifconfig
ens192: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
        inet 10.127.0.123 netmask 255.255.255.0 broadcast 10.127.0.255
        inet6 fe80::20b:25ff:fefb:28db prefixlen 64 scopeid 0x20 <link>
        ether 00:0b:25:fb:28:db txqueuelen 1000 (Ethernet)
        RX packets 103153 bytes 86175369 (82.1 MiB)
        RX errors 0 dropped 519 overruns 0 frame 0
        TX packets 47536 bytes 42444582 (40.4 MiB)
        TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
        inet 127.0.0.1 netmask 255.0.0.0
        inet6 ::1 prefixlen 128 scopeid 0x10<host>
        loop txqueuelen 1000 (Local Loop)
        RX packets 0 bytes 0 (0.0 B)
        RX errors 0 dropped 0 overruns 0 frame 0
        TX packets 0 bytes 0 (0.0 B)
        TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0</host> </UP,LOOPBACK,RUNNING> </UP,BROADCAST,RUNNING,MULTICAST>

Run the new utility as follows.

$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP>mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP>mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0b:25:fb:28:db brd ff:ff:ff:ff:ff:ff:ff
    inet 10.127.0.123/24 brd 10.127.0.255 scope global noprefixroute ens192
       valid_lft forever preferred_lft forever
    inet6 fe80::20b:25ff:fefb:28db/64 scope link
       valid_lft forever preferred_lft forever</BROADCAST,MULTICAST,UP,LOWER_UP> </LOOPBACK,UP,LOWER_UP>

The ifconfig eth0 command is replaced by ip link.

$ ip link
1: lo: <LOOPBACK,UP,LOWER_UP>mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00:00
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP>mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:0b:25:fb:28:db brd ff:ff:ff:ff:ff:ff:ff</BROADCAST,MULTICAST,UP,LOWER_UP> </LOOPBACK,UP,LOWER_UP>

To output the routing table, the ip route command is executed instead of route.

$ ip route
default via 10.127.0.1 dev ens192 proto static metric 100
10.127.0.0/24 dev ens192 proto kernel scope link src 10.127.0.123 metric 100

Howto Tutorials (EN)

Block suspicious IP with Linux firewall daemon

Home
Leave a comment

Block Brute-Force requests with Firewall Daemon from Bash Script

firewalld

Firewall Daemon can help to protect against ongoing brute force attacks by detecting attempted attacks on the Linux host. To permanently protect the host from suspicious sources they can be blocked. The following bash script prevent from suspicious requests by append the IP address as argument and set it to reject using firewall-cmd.

#!/bin/bash
# permanently reject or remove suspicious sources by kernel firewall
# dependency: firewalld (fail2ban optional)
if [[ $1 == "add" && $2 =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
   echo "$2 add to reject"
   firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="'$2'" reject'

elif [[ $1 == "remove" && $2 =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
   echo "$2 being to remove"
   firewall-cmd --permanent --zone=public --remove-rich-rule='rule family="ipv4" source address="'$2'" reject'

 elif [[ $1 == "add6" && $2 =~ ^[A-Za-z0-9]{1,4}\:[A-Za-z0-9]{1,4}\: ]]; then
    echo "$2 add to reject"
    firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv6" source address="'$2'" reject'

  elif [[ $1 == "remove6" && $2 =~ ^[A-Za-z0-9]{1,4}\:[A-Za-z0-9]{1,4}\: ]]; then
    echo "$2 being to remove"
    firewall-cmd --permanent --zone=public --remove-rich-rule='rule family="ipv6" source address="'$2'" reject'

  else
    echo "Usage: fw add|remove [source IPv4]"
    echo "       fw add6|remove6 [source IPv6]"
    exit 0
fi
firewall-cmd --reload
sleep 1
if [[ -f /run/fail2ban/fail2ban.pid ]]; then
  systemctl restart fail2ban
else
  echo "fail2ban not running"
fi
sleep 2
firewall-cmd --list-all

The script was written on Debian 10 (buster), Debian has ufw installed by default, so you have to install firewalld and disable ufw, as well as on Ubuntu 20. On RHEL and CentOS 7+ family and Fedora firewalld is default and the script can be used.

Save the script lines into a file, for instance as fw and make them executable, then run the script to block an ip address with add.

chmod u+x fw
./fw add 192.168.89.56

Use remove to swipe the ip address from the chain if desired.

How to enable Firewalld on Debian

The firewalld package is available on the official Debian 10 repositories. Installation is quick as shown below commands.

sudo apt update
sudo apt -y install firewalld

Install firewalld in the terminal as root or user with sudo privileges.

sudo ufw disable

If ufw is activated, the uncomplicated firewall (ufw) for managing the netfilter must be deactivated in order to make firewalld to the standard firewall.

$ sudo systemctl enable firewalld
$ sudo systemctl start firewalld

Run the firewall daemon and activate it for the system start.

$ sudo firewall-cmd --state
running

Check if firewall daemon is running and the service is available.

$ sudo firewall-cmd --reload

Load the new firewall rules and keep the status information.

Using Debian after run firewall-cmd --reload the error appears:

Error: COMMAND_FAILED: ‘/usr/sbin/ip6tables-restore -w -n’ failed: ip6tables-restore v1.8.2 (nf_tables:
line 4: RULE_REPLACE failed (no such file ordirectory): rule in chain OUTPUT

The solution is to run update-alternatives to force Debian to use iptables instead of nftables.

$ sudo update-alternatives --set iptables /usr/sbin/iptables-legacy
$ sudo update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy

After switching from nftables to iptables, restart the Linux machine with reboot.

Firewalld configuring

Firewalld is a firewall-management solution that acts as a front-end for the iptables packet filter system provided by the Linux kernel. firewall-cmd is the utility used to manage the firewall configuration. The firewalld daemon manages groups of rules using entities called “zones”. Zones are like sets of rules that determine what traffic to allow based on the known trust of the networks to which the computer is connected. A zone is assigned to the network interfaces in order to determine the behavior that the firewall should allow.

Assign an interface to the zone public using the firewall-cmd tool, check zones and interfaces with the command.

$ sudo firewall-cmd --zone=public --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: dhcpv6-client https ssh
  ports:
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:
        rule family="ipv4" source address="10.10.10.1" reject

If no network interface appears at interfaces, this must still be assigned to the zone, to querying the interface name use ip or ifconfig (net-tools).

$ ip link
$ ip addr
$ ifconfig

Here at the virtual Debian (buster) it is Link 2 ens33.

The interface ens33 we assign to the default zone public.

$ sudo firewall-cmd --zone=public --change-interface=ens33

Check the interface assigned to the zone use get-active-zones.

$ firewall-cmd --get-active-zones
public
  interfaces: ens33
$ sudo firewall-cmd --zone=public --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: ens33
  sources:
  services: dhcpv6-client https ssh
  ports:
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:
        rule family="ipv4" source address="10.10.10.1" reject

The interface ens33 is assigned to zone public.

Interacting Fail2ban and firewalld

Fail2ban (failure leads to ban) is an IPS framework developed in Python to prevent attacks. It runs on all Unixoid OS that is based on a managable packet filter system or a firewall such as iptables or firewalld on Linux.

ln the script (above), if available and executed, the addresses banned by fail2ban are restored to their previously active state after firewalld has been processed.

firewall-cmd add | remove source address

Using firewall-cmd to reject suspicious requests from sources.

$ sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="10.10.10.1" reject'

The locked IP address can be removed with the following command line.

$ sudo firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" source address="10.10.10.1" reject'

Execute the rule entered through the firewall daemon.

$ sudo firewall-cmd --reload

Help to use firewall-cmd

Check the entered and enabled rules of the Public zone.

$ sudo firewall-cmd --zone=public --list-all

Get current firewall rules with the following commands.

$ sudo firewall-cmd --list-all

Use the iptables command to list current rules.

$ sudo iptables -vxnL

Show standard zone for connections and interfaces.

$ firewall-cmd --get-default-zone

Set a zone as the default zone.

$ sudo firewall-cmd --set-default-zone=zone_name

Output currently active zones.

$ firewall-cmd --get-active-zones

Get output of predefined zones.

$ firewall-cmd --get-zones

Get help and man page of firewall-cmd.

$ firewall-cmd --help
$ man firewall-cmd

The next related post might also be helpful, see in Block IP address using Linux Firewall.