Archive for the 'Linux, Unix' Category
Want to be notified instantly when someone logs into your server as root? No problem, check out this nice tutorial on email notification for root logins. Keeping track of who logs into your server and when is very important, especially when you’re dealing with the super user account. We recommend that you use an email address not hosted on the server your sending the alert from.
So lets get started!
Continue Reading »
Email Alert on Root SSH Login
Telnet sends clear text passwords and usernames through logins and should be disabled on all web servers and replaced with SSH.
Some hosting providers are not disabling telnet by default but you should ensure that it has been turned off as it’s a great security risk to your servers. TELNET server listens for incoming messages on port 23, and sends outgoing messages to port 23.
Continue Reading »
Disable Telnet
First, if you already tried to install ImageMagick unsuccessfully, you need to uninstall it for this to work properly. To uninstall ImageMagick, go to your ImageMagick source directory and type:
$ make uninstall
1. ImageMagick needs a few support libraries to install properly. You can check for the header files in /usr/include and /usr/local/include to see if each library is installed. If you don’t find one or all of them then they will need to be installed.
tiff.h
png.h
jpeglib.h
Allowing the root user to login directly is a major security issue, we’ll show you how to disable it so you can still login as root but just not directly, reducing the security issue.
This will force a hacker to have to guess 2 seperate passwords to gain root access.
(you do have 2 seperate passwords for admin and root right?)
What happens is you’ll first need to login as your admin user in SSH, then switch to the super user with the su command to get root.
We also will be forcing the use of SSH protocol 2, which is a newer, more secure SSH protocol
Just a couple more ways to help your server stay safe from the bad guys. If you’re using cPanel make sure you add your admin user to the ‘wheel‘ group so that you will be able to ‘su -‘ to root, otherwise you may lock yourself out of root.
1. SSH into your server as ‘admin‘ and gain root access by su
2. Copy and paste this line to edit the file for SSH logins
$ pico -w /etc/ssh/sshd_config
For those running their own nameservers ONLY!
If your like us, you are probably just about as fed up as us, seeing LAME SERVER appearing in your /var/log/messages file on a daily basis. I get hundreds of these message cluttering my logs daily so here is what you can do to remove their existance.
First, lame server as defined:
If you run a nameserver, you may see an error about a “lame server”. New administrators of DNS servers often ask what this is, what it means, and whether it’s a problem. There is no cause for concern. The lame server is one that is advertised to have authoritative information about a domain, but doesn’t. This can happen in a few different ways, but it’s usually not worth the trouble to track down the administrator of the other domain.
Let’s do it!
Continue Reading »
Howto Remove The Logging of Lame-Server
Antidos is a really nice feature of the APF firewall, but it’s not automatically turned on when you install and run APF.
First you probably want to make sure APF is running nicely for a few days and you have your own IP listed in the “allow_hosts.rules” file so you can’t lock yourself out.
And to be even more safe, lets set DEVEL_MODE to “1” (on) and we need to setup USE_AD to enable the use of antidos, so login as root to your server, find and edit these:
# pico -w /etc/apf/conf.apf
DEVEL_MODE=”1″
USE_AD=”1″
# apf -r
Now APF will quit in 5 minutes. Don’t forget to put DEVEL_MODE back when everything is OK!
Note: Your server will not be firewalled after 5 minutes! If you are under attack right now this might not be such a good thing to disable.
If you installed APF with the normal installer most of the settings for antidos should be OK. We only need to change a few things, find and change these:
# pico -w /etc/apf/ad/conf.antidos
LP_KLOG=”1″
IPT_BL=”1″
USR_ALERT=”1″
USER=“rootâ€
ARIN_ALERT=”1″
You can test run it manually (it’s just a shell script):
# /etc/apf/ad/antidos -a
It doesn’t say anything if it liked the config file and your system, and if you ran it for the first time, you will find it created a blank log file at:
/var/log/apfados_log
You need to have antidos set to run via cron. If you have “crontab -e” all set up you can use that to set it up. Some panels let you edit the root cron job file from the panel.
This is a critical setup point, if not done, antidos will simply not operate.
Here’s an example line, I added this to my root crontab:
*/2 * * * * /etc/apf/ad/antidos -a > /dev/null 2>&1
This will run antidos every two minutes. The author of antidos doesn’t recommend running it once a minute as it may cause a bottleneck for itself and the CPU. Likewise running it beyond a period of once every 5 minutes is not recommended either, for obvious reasons.
You can check to see if it’s being run with something like this:
# tail -30 /var/log/cron
Now restart apf again:
# apf -r
Try to access a few of your sites and if you are not locked out and happy with everything you can set DEVEL_MODE to “0″ (off) :
# pico -w /etc/apf/conf.apf
DEVEL_MODE=”0″
# apf -r
At this point it would be nice to test to see if it actually works, I leave that up to you to figure out how or maybe someone else can post some ideas. I would be very careful, you don’t want to DOS the wrong server.
If for some reason you find out it’s locking the wrong people out and want to turn it off, take this line out of root cron:
*/2 * * * * /etc/apf/ad/antidos -a > /dev/null 2>&1
And blank out this file:
/etc/apf/ad/ad.rules
You can look in the log file to see what went wrong:
/etc/apf/ad/apfados_log
And don’t forget to restart apf:
# apf -r
For more info on the settings, see the doc files at: http://rfxnetworks.com/apf.php
This is a list of command that useful for System Admin.
To get the list of username with its user ID in formatted way:
# awk -F”:” ‘{ print “username: ” $1 “\t\tuid:” $3 }’ /etc/passwd
Find the particular string from the list of files in current directory:
# cd /etc
# for i in $(find -type f); do grep -iH nfsnobody $i; done
Or
# grep -iH nfsnobody *
- May 2007 (1)
- February 2007 (3)
- January 2007 (1)
- December 2006 (15)
- November 2006 (30)
- October 2006 (3)
Loading ...