Vinegar-brined Turkey pt 1

November 25, 2009 epicureasian

My 12-pounder brined breast up in the fridge for the past 14 hours. I turned it breast-down for the next 12-14 hours. The vinegar brine I’m risking this year is an apple-cider vinegar brine, with chopped garlic, garlic powder, black powder and a little salt. It is generally the same brine I use for frying chicken. The difference here is that I’m roasting the turkey, instead of frying it, which will impart a different flavor to the meat altogether.

I’m concerned that the salt content of this brine will not be enough. I’m pondering putting the turkey in a second brine of just plain salt-sugar water. Depending on what I marinade the exterior with (leaning towards soy-sweet chile sauce), I may leave out the sugar.

I’m also thinking about stuffing the turkey cavity with garlic cloves, which I plan to use in mashed potatoes. I just have to make sure that the turkey is completely dried of vinegar brine so that the garlic won’t flavor the potatoes with vinegar.

Now what to do with those turkey innards…?

Technical

Getting Fail2Ban to work

November 24, 2009 epicureasian

My first clue that Fail2Ban wasn’t working right: it wasn’t showing up in iptables -L.
Chain INPUT (policy ACCEPT) target prot opt source destination fail2ban-ssh tcp -- anywhere anywhere tcp dpt:ssh Chain fail2ban-ssh (1 references) target prot opt source destination RETURN all -- anywhere anywhere

My second clue: Fail2Ban wasn’t displaying the configuration I thought it had loaded. For example, my list of “ignoreips” wasn’t showing up when I tried to view it. Or it didn’t return the maxretry settings I had configured.

I tracked it down back to jail.local and determined that the SSH parser wasn’t actually enabled. So I uncommented the line and enabled it to “true”.
[ssh-iptables] #enabled = false enabled = true filter = sshd

I also had to change it to look at the SSH log, which in CentOS is in /var/log/secure
logpath = /var/log/secure

Reloaded the config and checked the status of the daemon.
fail2ban-client reload fail2ban-client status

Running properly, Fail2Ban creates a jail named ssh-iptables.

The only disappointment is that Fail2Ban does not ban retroactively. It only reviews new entries to determine bannable IPs.

The Fail2Ban command list helped me troubleshoot Fail2Ban. Running in interactive mode helped a great deal.

Technical

FTP issues within WordPress

November 23, 2009 epicureasian

Why was I getting “Failed to connect to FTP Server” messages when trying to upgrade a plugin through the backend FTP interface? Well, apparently it wasn’t liking the ftp.domain.com for hostname. So I used “localhost”, and it worked!

Technical

Hardening SSH/FTP

November 23, 2009 epicureasian

Or what I learned after reading the logs of brute force attacks on our server.

The logs issued by the Logwatch daemon on our server weren’t pretty…they told a grim tale of the attacks that besieged our server daily. I resolved to do something about it

Securing SSH, a handy guide on the options
Summarizing the options of securing SSH on CentOS
A HowTo setup
Installing Fail2Ban on CentOS by a hosting company
Installed Fail2Ban

Fail2ban proved to be an easy install. I just followed the instructions on the 2nd link given, ensuring that I configured a local jail.conf file to store my settings in. I’m not entirely clear on how to read/parse CIDR addresses, but I think I got it right regardless. One thing to remember that’s not listed here is to turn on iptables, if it isn’t already.

# /etc/init.d/iptables start

Now I have to determine if I can tie Fail2Ban to Logwatch.

Ye Olde Garden