OSSEC for CentOS 7

OSSEC’s official documentation sucks. I managed to compile full installation steps (via RPM) for OSSEC in CentOS. Read more.

What is OSSEC? OSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection System (HIDS). It has a powerful correlation and analysis engine, integrating log analysis, file integrity checking, Windows registry monitoring, centralized policy enforcement, rootkit detection, real-time alerting and active response.It runs on most operating systems, including Linux, OpenBSD, FreeBSD, MacOS, Solaris and Windows. (source : http://ossec.github.io/about.html) Continue reading “OSSEC for CentOS 7”

Finding Duplicates with SQL

Here’s a handy query for finding duplicates in a table. Suppose you want to find all email addresses in a table that exist more than once :-
SELECT email,
COUNT(email) AS NumOccurrences
FROM users
GROUP BY email
HAVING ( COUNT(email) > 1 )
You could also use this technique to find rows that occur exactly once :-
SELECT email
FROM users
GROUP BY email
HAVING ( COUNT(email) = 1 )

Transfer Default MySQL Database Directory From /var To /usr

Default partition size for /var normally not enough to store databases, so we need to store it somewhere bigger (/usr). The steps will show how to transfer database from /var/db/mysql (default path installation for MySQL in FreeBSD) to /usr/local/mysql/data (suggested path). Steps as follows :-

[root@dev /var/db/mysql]# /usr/local/etc/rc.d/mysql-server stop
Stopping mysql.
Waiting for PIDS: 993.
[root@dev /var/db/mysql]# mkdir -p /usr/local/mysql/data
[root@dev /var/db/mysql]# mv * /usr/local/mysql/data/.
[root@dev /var/db/mysql]# cd ../
[root@dev /var/db]# rm -rf mysql
[root@dev /var/db]# ln -s /usr/local/mysql/data mysql
[root@dev /var/db]# chown -R mysql mysql
[root@dev /var/db]# chgrp -R mysql mysql
[root@dev /var/db]# cd /usr/local/
[root@dev /usr/local]# chown -R mysql mysql
[root@dev /usr/local]# chgrp -R mysql mysql
[root@dev /usr/local]# /usr/local/etc/rc.d/mysql-server start
Starting mysql.
[root@dev /usr/local]# ps aux | grep mysql
mysql    46491  0.1  1.1 208112 44860  ??  S     6:15AM   0:00.09 [mysqld]
mysql    46411  0.0  0.0  8264  1920  ??  Ss    6:15AM   0:00.01 /bin/sh /usr/local/bin/mysqld_safe –defaults-extra-file=/var/db/mysql/my.cnf –user=mysql –datadir=/var/db/mysql –pid-file=/var/db/my
root     46494  0.0  0.0  9092  1432   0  S+    6:15AM   0:00.00 grep mysql
[root@dev /usr/local]#

DONE!

HowTo Install iStat in FreeBSD for Server Monitoring

iStats for iPhone can be used to remotely monitor your Mac or Mac server. See your iPhone’s stats for battery, memory, disk space, Wi-Fi and Cell IP addresses, uptime & load averages.
No only you can monitor you Mac, but also for other OS (Linux, Solaris & FreeBSD) as well. Assuming you’ve download the iStats app from iTunes App Store, here’s how you can access and monitor your FreeBSD server via these simple steps.
  1. Download the file here (http://github.com/tiwilliam/istatd/downloads)
  2. tar -vxzf istatsd-0.5.7.tar.gz #uncompress the package assuming you’ve downloaded iStats version 0.5.7
  3. cd istatd-0.5.7 #go into the uncompressed directory
  4. ./configure #start compiling
  5. make
  6. make install
  7. mkdir -p /var/{run,cache}/istat
  8. adduser istat #add user istat
  9. chown istat:istat /var/{run,cache}/istat #set permission of user & group for the created folder
  10. vi /etc/istat.conf #remember to change the server code (your password to access iStat)
  11. /usr/local/bin/istatd -d #start the iStat as daemon

P/S : The service is listening on port 5190 so please make sure the firewall allows it.

Official Site : http://bjango.com/apps/istat/
More info : http://www.google.com.my/search?client=safari&rls=en&q=istats+remote+monitoring&ie=UTF-8&oe=UTF-8&redir_esc=&ei=NN37S9ftMI-trAfhz-GuAg

HOWTO Delete Old Directory in UNIX

There are 2 ways u can do this. For example if u want to delete directory older than 7 days :

First method :
[text]
find /path/dir -type d -mtime +7 -exec rm -rf {} ;
[/text]

Second method :
[text]
find /path/dir -type d -mtime +7 | xargs rm -rf {} ;
[/text]

You can always change the +7 value to any number of days preferred.
FYI, this command is only for directory deletion, if u want to delete files, u can change the “-type d” (d means directory) to “-type f” (f means files).

Example :
[text]
find /path/dir/unl.txt -type f -mtime +7 | xargs rm -f {} ;
[/text]

P/S : There’s an alternative command which we can use, tmpwatch (more info : http://linux.about.com/library/cmd/blcmdl8_tmpwatch.htm)

mod_dosevasive for Apache

mod_dosevasive is an evasive maneuvers module for Apache to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack. It is also designed to be a detection and network management tool, and can be easily configured to talk to ipchains, firewalls, routers, and etcetera. mod_dosevasive presently reports abuses via email and syslog facilities.

Detection is performed by creating an internal dynamic hash table of IP Addresses and URIs, and denying any single IP address from any of the following:
  • Requesting the same page more than a few times per second
  • Making more than 50 concurrent requests on the same child per second
  • Making any requests while temporarily blacklisted (on a blocking list)
This method has worked well in both single-server script attacks as well as distributed attacks, but just like other evasive tools, is only as useful to the point of bandwidth and processor consumption (e.g. the amount of bandwidth and processor required to receive/process/respond to invalid requests), which is why it’s a good idea to integrate this with your firewalls and routers for maximum protection.

Speed Up Connection to ProFTPD server

Open the config file (/usr/local/etc/proftpd.conf)

add these lines into the config
[plain]
IdentLookups                    off

UseReverseDNS off[/plain]

and restart your proFTPd services. Tadaa~!

uname -a

Darwin Mohd-NeoTech 9.4.1 Darwin Kernel Version 9.4.1: Mon Dec 8 20:59:30 PST 2008; root:xnu-1228.7.37~4/RELEASE_ARM_S5L8900X iPhone1,1 arm M68AP Darwin

FreeBSD 7.1-RELEASE Released!

The FreeBSD Release Engineering Team is pleased to announce the availability of FreeBSD 7.1-RELEASE. This is the second release from the 7-STABLE branch which improves on the functionality of FreeBSD 7.0 and introduces some new features. Some of the highlights:

  • The ULE scheduler is now the default in GENERIC kernels for amd64 and i386 architectures. The ULE scheduler significantly improves performance on multicore systems for many workloads.
  • Support for using DTrace inside the kernel has been imported from OpenSolaris. DTrace is a comprehensive dynamic tracing framework.
  • A new and much-improved NFS Lock Manager (NLM) client.
  • Boot loader changes allow, among other things, booting from USB devices and booting from GPT-labeled devices.
  • The cpuset(2) system call and cpuset(1) command have been added, providing an API for thread to CPU binding and CPU resource grouping and assignment.
  • KDE updated to 3.5.10, GNOME updated to 2.22.3.
  • DVD-sized media for the amd64 and i386 architectures

For a complete list of new features and known problems, please see the online release notes and errata list, available at:

For more information about FreeBSD release engineering activities, please see:
http://www.FreeBSD.org/releng/

HOWTO Change Server Date

To check current date
date

Command to change date
date yymmddhhss

Where :
yy : Year in two digit
mm : Month (1-12)
dd : Day (1-31)
hh : Hours (0..23)
ss : Seconds

Example (to set date to 23/12/2008 11:08:00 hrs) :
date 0812231108

What To Do: Users Still Wants Telnet

TELNET (TELecommunication NETwork) is a network protocol used on the Internet or local area network (LAN) connections. It was developed in late 60s with RFC 15. Telnet is pretty old for login into remote system and it has serious security problem. Most admins will recommend using Open SSH (secure shell) for all remote activities. But you may find users who are still demanding telnet over ssh as they are comfortable with Telnet. Some users got scripts written in 90s and they don’t want to change it. So what do you do when users demands telnet?

Read more: What To Do: Users Still Wants Telnet

Tell us how we’re doing:: Please answer a few questions about your experience to help us improve nixCraft.

Critical Red hat / Fedora Linux Openssh Security Update

Last week one or more of Red Hat’s servers got cracked. Now, it has been revealed that both Fedora and Red Hat servers have been compromised. As a result Fedora is changing their package signing key. The intruder was able to sign a small number of OpenSSH packages relating only to Red Hat Enterprise Linux 4 (i386 and x86_64 architectures only) and Red Hat Enterprise Linux 5 (x86_64 architecture only). This update has been rated as having critical security impact.

Read more: Critical Red hat / Fedora Linux Openssh Security Update

Tell us how we’re doing:: Please answer a few questions about your experience to help us improve nixCraft.

CentOS / Red Hat Enterprise Linux 5.2 Poor NFS Performance and Solution

A few days ago I noticed that NFS performance between a web server node and NFS server went down by 50%. NFS was optimized and the only thing was updated Red Hat kernel v5.2. I also noticed same trend on CentOS 5.2 64 bit edition.

Read more: CentOS / Red Hat Enterprise Linux 5.2 Poor NFS Performance and Solution

Tell us how we’re doing:: Please answer a few questions about your experience to help us improve nixCraft.

How To Configuring Urchin 6 Tracking To Analyze Website Logs

This is 3rd and the final installment for Urchin 6 web analytics software series. Once Urchin is installed, you need to configure tracking on your website. You need to install Urchin sensors – a small piece of javascript tracking code on each of your website’s pages.

Read more: How To Configuring Urchin 6 Tracking To Analyze Website Logs

*** We value your opinion: What types of additional content would you most like to see on nixCraft? ***

Linux: Install Urchin 6 Web Analytics Software

Web analytics is the study of online behaviour in order to improve it. There are two categories; off-site and on-site web analytics. Google’s Urchin 6 can be installed under Linux kernel 2.6 or 2.4 for Apache web log analysis. Urchin 6 is just like Google Analytics the most widely used hosted web analytics system. It is targeted at ecommerce web sites or enterprise users behind firewalls. In this mini series you will learn about installing and using web log analysis software called Google Urchin 6 under Red Hat Enterprise Linux 5.x.

Read more: Linux: Install Urchin 6 Web Analytics Software

*** We value your opinion: What types of additional content would you most like to see on nixCraft? ***

Postfix Mail Server Security Update [moderate security impact]

Postfix MTA updated to fix security vulnerabilities such as incorrectly checks the ownership of a mailbox. In some configurations, this allows for appending data to arbitrary files as root. This update has been rated as having moderate security impact.

Read more: Postfix Mail Server Security Update [moderate security impact]

*** We value your opinion: What types of additional content would you most like to see on nixCraft? ***

Proudly powered by WordPress | Theme: Baskerville 2 by Anders Noren.

Up ↑