NetBrix - “Where your web gets Done!”

Shoutcast servers which are running on shared hosts usually get shut down quite frequently by procwatch. While it is important to stay within system limits it is also important to have those servers running till you shift to dedicated hosting
Here’s a quick and dirty shell script to monitor and restart shoutcast services. Drop it in cron to run every 15 minutes and you will never have to worry about your shoutcast going down.


#!/bin/bash
### Script to restart shoutcast server/transcoder when it’s down
### Imtiaz a Khan http://www.netbrix.net on 21 May 2007

prcs=`ps -ef | grep “sc_serv\|sc_trans” | grep -v grep > /tmp/monitor.log && cat /tmp/monitor.log | tr -s ” ” | cut -d” ” -f2,8 | grep -v grep | wc -l`
if [ ! $prcs ] || [ $prcs -lt 4 ]
then
/usr/bin/killall sc_trans_linux
/usr/bin/killall sc_serv
nohup sc_serv &
nohup sc_serv sc_serv_low.conf &
cd sc_trans_040
make_playlist
nohup sc_trans_linux &
nohup sc_trans_linux sc_trans_low.conf &

###Send out the mails to inform
echo “shoutcast services restarted at `date`”| mail -s “ALARM: shoutcast services on `hostname`” khanimtiaz@gmail.com
#echo “shoutcast services restarted at `date`”| mail -s “ALARM: shoutcast services on `hostname`” youremailid
else
echo “shoutcast services running fine on `date`”| mail -s “OK: shoutcast services on `hostname`” khanimtiaz@gmail.com
#echo “shoutcast services running fine on `date`”| mail -s “OK: shoutcast services on `hostname`” youremailid
fi

Make sure you replace the paths to the binaries and email ids. Also after a point getting a “everything OK” mail every 15 minutes gets irritating so just comment out the lines in the else portion when you’re happy with the script.

This script can be modified to monitor many other services that you’re running and facing problems with. Please Contact us for implementation on your server or for modifications.

This is a quick and dirty how to on setting up a firewall + Bruteforce detection/prevention mechanism + AntiDOS system on your dedicated Linux server.
Assumes root access

APF

APF is a policy based iptables firewall system designed for ease of use and configuration.

mkdir $HOME/src
cd $HOME/src
wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz
tar -xvzf apf-current.tar.gz
cd apf-0.9.6-1/
./install.sh
vi /etc/apf/conf.apf
(edit the IG_TCP line and add ports you need. Also the directive to run it in demo mode)

/etc/init.d/apf start

AntiDOS

Antidos is a log parsing script made for r-fx.org’s APF (advanced policy
firewall). It’s purpose is to parse specific log formats for network attacks
against a given system; and take certain actions.

vi /etc/apf/ad/conf.antidos
(edit the config for alerts and other options)
/etc/init.d/apf restart

BFD

BFD is a modular shell script for parsing applicable logs and checking for authentication failures. There is not much complexity or detail to BFD yet and likewise it is very straight-forward in its installation, configuration and usage. The reason behind BFD is very simple; the fact there is little to no authentication and brute force auditing programs in the linux community that work in conjunction with a firewall or real-time facility to place bans.

cd $HOME/src
wget http://www.rfxnetworks.com/downloads/bfd-current.tar.gz
tar -zxf bfd-current.tar.gz
cd bfd-0.9/
./install.sh
vi /usr/local/bfd/conf.bfd
(edit alarm settings, email address etc.)

A cron job gets added to run bfd at intervals to detect and abn brute force attempts.

This is just an example of what can be done to stop hackers in there tracks. There’s a lot more which we can help you with on your servers.

Please WRITE TO US for this and other security or system administration related question/requirements/qoutes.