Sabin Shrestha's Personal Site » Linux

linux admin note

sabin — Wed, 02 Jun 2010 05:27:38 +0000

Syslog
QUOTA
NFS
Samba
SSH
TELNET
SQUID
BIND
SENDMAIL
POSTFIX
PROXY
HTTPD
FTP
DHCP
YP
LDAP
PPPD
NTP
MRTG
TRIPWIRE
PAM
Password Security Encryption
Process security
firewall
xinetd, tcp_wrappers iptables
security tools
PortForwarding
selinux

========================================================================

Libarary

/lib
/usr/lib
/usr/i486-linux-libc5/lib
/usr/X11R6/lib
/usr/i486-linuxout/lib

libname.so / libname.so.major

lld progfile

$lld /bin/rm

LD_LIBRARY_PATH
ldconfig -V
========================================================================
SSH
vi /etc/ssh/sshd_config
ssh 192.168.1.100 “uname -a”

scp /etc/hosts root@192.168.1.103:/tmp
scp root@smallfry:/tmp/software.rpm /usr/rpm
(http://winscp.vse.cz/eng/)

$sftp 192.168.1.200
SSH without password
Client
ssh-keygen -t dsa
cd ~/.ssh
scp id_dsa.pub sabin@192.168.59.7:public-key.tmp

Server
mkdir /root/.ssh
chmod 700 /root/.ssh
cd .ssh
cat ~/public-key.tmp >>authorized_keys
rm ~/public-key.tmp
========================================================================

SysLog
0 emergencies System unusable
1 alerts Immediate action required
2 critical Critical condition
3 errors Error conditions
4 warnings Warning conditions
5 notifications Normal but significant conditions
6 informational Informational messages
7 debugging Debugging messages

.info;mail.none;authpriv.none;cron.none /var/log/messages
1) vi /etc/sysconfig/syslog
SYSLOGD_OPTIONS=”-r -m0″
service syslog restart

2) vi /etc/syslog.conf
user.* @stationX
service syslog restart
logger -i -t yourname “this is test”

/etc/logrotate.d
ogrotate -f /etc/logrotate.d/syslog
zcat /var/log/messages.1.gz
==========================================================================
Quota
quota.user,quota.group
1)vi /etc/fstab
/home defaults,userquota,groupquota 1 2
2)mount -o remount /home
3)to verify
quotacheck -acug /home
quotacheck -avug /home
edquota -u user
edquota -g group
edquota -t grace
edquota -p kiran sab
quotaon/quotaoff -av
quotaon/quotaoff -avu
quotaon/quotaoff -avg

repquota -a
==========================================================================
NFS
1. You can only export directories beneath the “/” directory.
2. You cannot export a subdirectory of a directory that has already
been exported. The exception being when the subdirectory is on a different
physical device. Likewise you cannot export the parent of a subdirectory
unless it is on a separate device too.
3. You can only export local file systems.

Caching= “read ahead”

RPM=nfs-utils,portmap-4.0-57

Daemon=Portmap,NFS,NFSlock,NetFS

(async,atime,auto,dev,exec,noatime,noauto,nodev,noexec,
nosuid,nouser,remountro,rw,suid,sync,user)
defaults(rw,suid,dev,exec,auto nouser,async)

x = rsigw = n , number of bytes nfs uses when reading
n = 1024 (default)
x = wsize = n
timeo= n (7)
retry = n number of minutes to nfs mount retry
soft = if the file cannot be mounted and time
out occurs then reutrn an I/O error
hard = if timeout occurs it will display the message
but it will keep on trying unless retry time is over
intr=if nfs file operation has timeout and is
hard mounted then it allow signals to
intrrupt the operations
it uses udp by default
if want tcp then give tcp
optimum=8192
rw,ro(default),sync,async(defualt),no_subtree_check,
subtree_check,root_squash
no_root_squash – when a client connects to the server run as a root
all_squash

1) vi /etc/exports
/temp          *(rw)
/data/files           *(ro,sync)
/home                 192.168.1.0/24(rw,sync)
/data/test            *.my-site.com(rw,sync)
/data/database        192.168.1.203/32(rw,sync)

2)chkconfig –level 35 nfs on
chkconfig –level 35 nfslock on
chkconfig –level 35 portmap on

3) For Client
chkconfig –level 35 netfs on
chkconfig –level 35 nfslock on
chkconfig –level 35 portmap on

4) rpcinfo -p localhost
nfsstat
df -F nfs
showmount -a
exportfs -a (new share)
exportfs -v (refresh)
exportfs -ua(reload)
exportfs -a (new share)

5)vi /etc/fstab
#Directory Mount Point Type Options Dump FSCK
192.168.1.100:/data/files /mnt/nfs nfs soft,nfsvers=2 0 0

6) mount -t nfs 192.168.1.1:/data/files /mnt/nfs

7)Auto Mount
$vi /etc/auto.master
# File: /etc/auto.master
#
/home /etc/auto.home –timeout=300
/- /etc/auto.direct

8)-Indrect map
$vi /etc/auto.home
peter   bigboy:/home/peter
bob     ochorios:/home/bob
bunny   waitabit:/home/bunny

-Direct Map
$vi /etc/auto.direct
/data/sales -rw bigboy:/disk1/data/sales
/sql/database -ro,soft waitabit:/var/mysql/database

-Using the Ampersand Wildcard
$vi /etc/auto.home
peter bigboy:/home/&

9)chkconfig autofs on

Option Description
Bg Retry mounting in the background if mounting initially fails
Fg Mount in the foreground
soft Use soft mounting
hard Use hard mounting
rsize=n The amount of data NFS will attempt to access per read operation.
The default is dependent on the kernel. For NFS version 2 set it
to 8192 to assure maximum throughput.
wsize=n The amount of data NFS will attempt to access per write operation.
The default is dependent on the kernel. For NFS version 2 set it to 8192
to assure maximum throughput.
nfsvers=n The version of NFS the mount command should attempt to use
Tcp Attempt to mount the filesystem using TCP packets, the default is UDP.
intr If the filesystem is hard mounted and the mount times out, allow
for the process to be aborted using the usual methods such as
and the “kill” command.

===========================================================
SQUID
/var/spool/squid
/var/log/squid/access.log

1) vi /etc/squid/squid.conf
visible_hostname server1.nepal.com

acl home_network src 192.168.1.0/24
acl home_network src “/root/allow”
acl business_hours time MTWHF 9:00-17:00
http_access allow homenetwork business_hour
cache_dir
===========================================================
Bind

cp -f /etc/rndc.* /var/named/chroot/etc/
cp /etc/named.conf /var/named/chroot/etc/

1) vi /etc/named.conf
zone “nepal.com” IN {
type master;
notify no;
allow-update { none; };
allow-query { any; };
file “nepal.com.zone”;
};

2) cp /var/named/localhost.zone /var/named/nepal.com.zone
cp /var/named/localhost. /var/named/nepal.rev

3) vi /var/named/nepal.com.zone

ns1.nepal.com. IN SOA root.nepal.com.(
1;
1H;
1H;
1H;
1H;
);
ns1.nepal.com.   IN NS 192.168.0.5
ns1.nepal.com. IN A 192.168.0.5
nepal.com.       IN MX 9 mail.nepal.com.
nepal.com.       IN MX 10 mail1.nepal.com.
nepal.com.        IN A 192.168.0.9
nepal.com.        IN A 192.168.0.10
mail.nepal.com. IN A 192.168.0.7
mail1.nepal.com. IN A 192.168.0.8
www.nepal.com.   IN A 192.168.0.9
www.nepal.com IN A 192.168.0.10
nis1.nepal.com   IN A 192.168.0.11
nis2.nepal.com   IN A 192.168.0.12
file.nepal.com   IN A 192.168.0.13
zone “0.168.196.in-addr.arpa” {
type master;
allow-update { none; };
notify no;
file “nepal.rev”;
};
$TTL 3D
@       IN        SOA        ns1.nepal.com.  hostmaster.nepal.com. (
200303301          ; serial number
8H                 ; refresh, seconds
2H                 ; retry, seconds
4W                 ; expire, seconds
1D )               ; minimum, seconds
NS         ns1.nepal.com.
5                PTR        ns1.nepal.com.
6                PTR        ns2.nepal.com.
7                PTR        mail.nepal.com.
8                PTR        mail1.nepal.com.
4) chkconfig named on

5) service named restart
6) named-checkconfig /etc/named.conf
named-checkzone /var/named.nepal.com.zone

7) nslookup www.nepal.com
dig @nepal.com www.nepal.com
dig @nepal.com MX
host nepal.com
========================================================================
Apache(httpd)
RPM= httpd-2.0.48-1.2.rpm

1) adduser nepal
2) passwd nepal
3) chmod 755 /home/nepal

4) vi /etc/httpd/conf/httpd.conf
ServerAdmin webmaster@nepal.com
servername nepal.com
DocumentRoot “/home/nepal”(default)
[/var/www/html]
Options All Indexes Includes FollowSymLinks ExecCGI MultiViews
[MultiViews -Indexes SymLinksIfOwnerMatch IncludesNoExec]
AllowOverride None (.htaccess)

Order allow,deny
Allow from all(Deny from all/[ip])

DirectoryIndex index.html

Alias /sabin “/home/nepal/sabin”

ScriptAlias /cgi-bin “/home/nepal/cgi-bin”

AddHandler cgi-script .cgi
AddHandler send-as-is asis

ErrorDocument 404 /missing.htm

5) Named Based Hosting
NameVirtualHost 192.168.0.9
NameVirtualHost 192.168.0.10

Default Directives. (In other words, not site #1 or site #2)

servername www.nepal.com
DocumentRoot /home/nepal
ServerAdmin sabin@nepal.com
ErrorLog logs/error.log
CustomLog logs/access.log
Directives for site #1

DocumentRoot /home/sabin
servername www.sabin.com
ServerAdmin sabin@nepal.com
ErrorLog logs/error.log
CustomLog logs/access.log
Directives for site #2

DocumentRoot /home/www/site2
ServerName www.nepal.com
ServerAlias nepal.com, www.arati.com arati.com

options=

Order allow,deny
Allow from all

AllowOverride FileInfo AuthConfig Limit
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec

Order allow,deny
Allow from all

Order deny,allow
Deny from all

6) IP based Hosting

DocumentRoot /home/nepal

DocumentRoot /home/sabin
servername 192.168.0.9
ServerAdmin sabin@nepal.com
ErrorLog logs/error.log
CustomLog logs/access.log

DocumentRoot /home/arati
servername 192.168.0.10
ServerAdmin arati@nepal.com
ErrorLog logs/error.log
CustomLog logs/access.log

Compression of static pages
(before virtual hosting)
LoadModule deflate_module modules/mod_deflate.so

# Insert filter
SetOutputFilter DEFLATE
# Netscape 4.x has some problems…
BrowserMatch ^Mozilla/4 gzip-only-text/html
# Netscape 4.06-4.08 have some more problems
BrowserMatch ^Mozilla/4\.0[678] no-gzip
# MSIE masquerades as Netscape, but it is fine
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
# Don’t compress images
SetEnvIfNoCase Request_URI \
\.(?:gif|jpe?g|png)$ no-gzip dont-vary
# Make sure proxies don’t deliver the wrong content
Header append Vary User-Agent env=!dont-vary

7) Proctecting Site
htpasswd -c /home/nepal/.htpasswd sabin
htpasswd /home/nepal/.htpasswd arati
chmod 644 /home/nepal/.htpasswd

vi .htpasswd (or )

AuthUserFile /home/nepal/.htpasswd
AuthGroupFile /dev/null
AuthName EnterPassword
AuthType Basic
require user valid-user

openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -x509 -out server.crt
cp server.{key,crt} /etc/httpd/conf/
or
/etc/httpd/conf/make testcert
/etc/httpd/conf/make certreq

vi /etc/httpd/conf.d/ssl.conf

ServerAdmin
DocumentRoot
ServerName
ServerAlias
SSLEngine on
SSLCertificateFile /etc/httpd/conf/server.crt
SSLCertificateKeyFile /etc/httpd/conf/server.key

========================================================================

Web mail (squriell mail)www.hotscripts.com
$vi /var/www/html/webmail/config/config.php

$org_name      = “Microtech International”;
$org_logo      = SM_PATH . ‘images/mtechlogo.jpg.new’;
#$org_logo      = ‘/home/chehen/mtechlogo.jpg’;
$org_logo_width = ’308′;
$org_logo_height = ’111′;
$org_title     = “Microtech International”;
$signout_page = ‘http://portal.mtech.com.np’;
$frame_top     = ‘_top’;

$provider_uri = ‘http://www.microtech.com.np’;

$provider_name = ‘www.microtech.com.np’;

$motd = ” “;

$squirrelmail_default_language = ‘en_US’;

$domain                 = ‘microtech.com.np’;
$imapServerAddress      = ’192.168.59.1′;
#$imapServerAddress      = ’192.168.59.7′;
$imapPort               = 143;
$useSendmail            = false;
#$useSendmail            = true;
$smtpServerAddress      = ’192.168.59.1′;
$smtpPort               = 25;
$sendmail_path          = ‘/usr/sbin/sendmail’;
$pop_before_smtp        = false;
$imap_server_type       = ‘other’;
$invert_time            = false;
$optional_delimiter     = ‘detect’;

vi /etc/httpd/conf.d/squriellmail
========================================================================
Webmin (Web Administration) www.webmin.com

Installed Directory (/var/libexec/mrtg)
$./setup.sh

http://192.168.59.7:10000
=========================================================================
PostFix
/etc/postfix/main.cf
/etc/postfix/master.cf
Daemon=master,qmgr,smtpd,pikup(others)

1)alternatives -set mta /usr/sbin/sendmail.posfix
2)vi /etc/postfix/main.cf
myorigin=nepal.com
mydestination= nepal.com mail.nepal.com
mynetworks=192.168.0.0/24,127.0.0.1
inet_interfaces=all

3)service postfix start
4)aliases,virtual,access
5)postmap /etc/postfix/access
=========================================================================
SendMail

1) vi /etc/mail/sendmail.cf or vi /etc/mail/sendmail.mc
copy define(“Daemon Port Options = Port=smtp; Addr=127.0.0.1,Name MTA”)
Paste define(“Daemon Port Options = Port=smtp; Addr=192.168.0.7,Name MTA”)

define(MAIL_HUB’, ‘nepal.com’)
define(‘SMART_HOST’,'nepal.com’)
define(‘MASQUERADE_AS’,'nepal.com’)
EXPOSED_USER(‘root’)

MASQUERADE_AS(`nepal.com.’)
MASQUERADE_DOMAIN(`nepal.com.’)
MASQUERADE_AS(nepal.com)
FEATURE(`accept_unresolvable_domains’)dnl
FEATURE(delay_checks)dnl
FEATURE(always_add_domain)dnl
FEATURE(`masquerade_entire_domain’)dnl
FEATURE(`masquerade_envelope’)dnl
FEATURE(`allmasquerade’)dnl
MASQUERADE_AS(`my-site.com’)dnl
MASQUERADE_DOMAIN(`my-site.com.’)dnl
MASQUERADE_DOMAIN(localhost)dnl
MASQUERADE_DOMAIN(localhost.localdomain)dnl

For LDAP
LDAPROUTE_DOMAIN
LDAP_ROUTIN
2)m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

3)vi /etc/mail/local-host-names(Receive mail of domain, To receive)
nepal.com
mail.nepal.com

4)vi /etc/mail/access (To allow to send mail )
localhost.localdomain RELAY
localhost             RELAY
127.0.0.1             RELAY
nepal.com             RELAY
mail.nepal.com        RELAY
192.168.0             RELAY
mail1.nepal.com       RELAY (for backup email)
spam.com              REJECT

5) vi /etc/mail/virtusertable (to redirect emails)
@nepal.com sabin
info@nepal.com sabin

6) make all

7) vi /etc/aliases
hardware: sabin,subash,arati,rakesh,shyam

newaliases

9) vi /etc/mail/relay-domains
nepal.com RELAY

10)chkconfig sendmail on
chkconfig ipop3 on
chkconfig imapd on

11) service sendmail restart
service xinetd restart

12) sendmail -d0.1

13) mail -s hello sabin@nepal.com
hello
.

echo “helooo”|mail -v -s hello sabin@nepal.com
mail -s hello sabin@nepal.com < /root/a.txt
14)mailq or sendmail -bd -q 30m
sendmail -bd -q
sendmail -q

15) nmap nepal.com (check 25 and 110 port is open)

16) mail, pine , mutt

17) Check SMTP
telnet 192.168.0.7 25
helo nepal.com
mail from: sabin@nepal.com
rcpt to: arati@nepal.com
data
hello
there
.
quit

18) To check POP
telnet 192.168.0.7 110
user sabin
pass shrestha
stat
top 1 99999
dele 1
quit

19 tail -f /var/log/maillog

===============================================================
Spam Controling
spamassassing / mimedefang
1)$vi /etc/mail/spamassassin/local.cf
Required_hits 6
rewrite_subject 1
subject_tag [SPAM]
report_safe 0

# How many hits before a message is considered spam.
required_hits 6.0

# Whether to change the subject of suspected spam
rewrite_subject 1

# Text to prepend to subject if rewrite_subject is used
subject_tag [SPAM]

# Encapsulate spam in an attachment
report_safe 1

# Use terse version of the spam report
use_terse_report 0

# Enable the Bayes system
use_bayes 1

# Enable Bayes auto-learning
auto_learn 0

# Enable or disable network checks
skip_rbl_checks         1
use_razor2              0
use_dcc                 0
use_pyzor               0

auto_whitelist_path /etc/mail/spamassassin/auto-whitelist
bayes_path /etc/mail/spamassassin/bayes

score SPAM_PHRASE_34_55              3.516
score SPAM_PHRASE_55_XX              1.505
score SPAM_PHRASE_21_34              2.856
score SPAM_PHRASE_13_21              2.337
score SPAM_PHRASE_08_13              2.385
score SPAM_PHRASE_05_08              2.640
score SPAM_PHRASE_03_05              2.084
score SPAM_PHRASE_00_01              0.781
score SPAM_PHRASE_02_03              0.758
score SPAM_PHRASE_01_02              0.500
score LINES_OF_YELLING_2             1.500
score FORGED_RCVD_FOUND              4.000
score MAY_BE_FORGED                  1.000
score UPPERCASE_50_75                2.000
score HTML_FONT_FACE_ODD             1.500
score NIGERIAN_TRANSACTION_1         3.000
score LINES_OF_YELLING               1.500
score WEB_BUGS                       2.500
score FORGED_YAHOO_RCVD              2.500
score SUBJ_HAS_UNIQ_ID               2.000
score JAVASCRIPT_VERY_UNSAFE         3.500
score HTML_FONT_INVISIBLE            2.000
score CTYPE_JUST_HTML                4.000
score FROM_NO_USER                   2.500
score BILLION_DOLLARS                1.000
score CLICK_BELOW                    2.000
score RELAYING_FRAME                 2.000
score MIME_SUSPECT_NAME              2.000
score MIME_HTML_NO_CHARSET           3.000
score MICROSOFT_EXECUTABLE           2.000
score MISSING_MIMEOLE                2.000
score ONLINE_PHARMACY                2.000
score SAVE_UP_TO                     2.000
score SAVE_MONEY                     2.000
score MIME_HTML_ONLY                 2.000
score MONEY_BACK                     2.000
score HTML_FONT_FACE_BAD             3.000
score VIAGRA                         4.000
score VIAGRA_ONLINE                  4.000
score SUBJ_HI                        2.500
score HTML_WEB_BUGS                  2.500
score HTML_IMAGE_ONLY_02             3.000
score HTML_IMAGE_ONLY_04             2.500
score HTML_IMAGE_ONLY_06             2.000
score HTML_IMAGE_ONLY_08             1.500
score HTML_IMAGE_ONLY_10             1.000
score RATWARE_HASH_2                 2.000
score RATWARE_HASH_2_V2              2.000
score MISSING_OUTLOOK_NAME           2.000
score HTML_FONTCOLOR_UNKNOWN         2.000
score NORMAL_HTTP_TO_IP              2.000
score GAPPY_SUBJECT                  3.500
score HTML_FONT_BIG                  2.000
score REMOVE_PAGE                    1.500
score HTML_SHOUTING4                 2.000
score HTML_SHOUTING3                 2.000
score HTML_SHOUTING2                 2.000
score HTML_SHOUTING                  2.000
score NO_REAL_NAME                   2.000
score HGH                            3.000
score MIME_MISSING_BOUNDARY          2.000
score SAVINGS                        3.000
score AMAZING_STUFF                  2.000
score HTML_MESSAGE                   2.500

2)vi /etc/procmailrc

# send mail through spamassassin
:0fw
| /usr/bin/spamc

LOGFILE=/var/log/procmail.log
DROPPRIVS=yes

# Delete all messages with dangerous attachments, as long as below a certain size
# Note: The whitespace in the [ ] below comprises a space and a tab character
:0
* < 256000
* ! ^Content-Type: text/plain
{
:0B
* ^(Content-(Type|Disposition):.*|[ ]*(file)?)name=(“[^"]*|[^ ]*)\.(bat|cmd|com|exe|js|pif|scr|zip)
/dev/null
}

# SpamAssassin sample procmailrc
#
# Pipe the mail through spamassassin (replace ‘spamassassin’ with ‘spamc’
# if you use the spamc/spamd combination)
#
# The condition line ensures that only messages smaller than 250 kB
# (250 * 1024 = 256000 bytes) are processed by SpamAssassin. Most spam
# isn’t bigger than a few k and working with big messages can bring
# SpamAssassin to its knees.
#
# The lock file ensures that only 1 spamassassin invocation happens
# at 1 time, to keep the load down.
#
:0fw
* < 256000
| /usr/bin/spamc

# Delete messages with very high spam level
# Tweak this to your own comfort level!
:0
* ^X-Spam-Level: \*\*\*\*\*\*\*\*
/dev/null

# Work around procmail bug: any output on stderr will cause the “F” in “From”
# to be dropped. This will re-add it.
:0
* ^^rom[ ]
{
LOG=”*** Dropped F off From_ header! Fixing up. ”

:0 fhw
| sed -e ’1s/^/F/’
}
# Klez worm procmail filter
:0 B
* 135AAItEjhyJRI8ci0SOGIlEjxiLRI4UiUSPFItEjhCJRI8Qi0SODIlEjwyLRI4IiUSPCItE
/var/log/klez
3)vi ~/.procmailrc file

INCLUDERC=/etc/mail/spamassassin/spamassassin-default.rc

:0 Hw
* ^X-Spam-Status: Yes
spam

==========================================================================
4) Procmail (~/.procmailrc)
:0
*^From: test@try.com
!sabin@nepal.com

*^From: *root/root*

*^subjct: .*free.*
/dev/null

:0
*^From: test@try.com
!sabin@abc.com

:0
* ^From: spammer@domain.com
/dev/null

:0:
* ^(From|CC|To).*tux-lug
tuxlug

==========================================================================
Anti virus
http://www.clamav.net/
groupadd clamav
useradd -g clamav -s /bin/false -c “Clam AntiVirus” clamav
cd /usr/local/src
wget http://optusnet.dl.sourceforge.net/sourceforge/clamav/clamav-0.82.tar.gz
tar xzf clamav-0.82.tar.gz
chown -R root.root clamav-0.82
cd clamav-0.82
./configure
make
make install
Customise the clamd configuration file

vi /usr/local/etc/clamd.conf
# make sure you comment out the “example” line
LogSyslog
FixStaleSocket
User qscand # need to run as user qscand for clamav
to work with recent versions of the qmail-scanner script
Configure clamd so it is running all the time from bootup onwards

cp contrib/init/RedHat/clamd /etc/rc.d/init.d/
chmod 744 /etc/rc.d/init.d/clamd
chkconfig –add clamd
Then I like to use the ntsysv program to double-check
that clamd is set to launch at boot time

If you aren’t ready to reboot the server now, you can
fire up clamd in the mean time with this command :

/etc/rc.d/init.d/clamd start
At this point the clamd software should be running.
A good way to verify this is to use this command :

ps axf
And if all is well, you should be able to see something like this :

18144 ? S 0:00 /usr/local/sbin/clamd
Schedule automatic downloading

touch /var/log/clam-update.log
chmod 600 /var/log/clam-update.log
chown clamav /var/log/clam-update.log
crontab -e
0 * * * * /usr/local/bin/freshclam –quiet -l /var/log/clam-update.log
Download latest updates now

/usr/local/bin/freshclam -v
=========================================================================
RAZOR V2

http://razor.sourceforge.net/

If Razor is installed, SpamAssassin will automatically include it in the
list of tests run. We found that Razor is quite accurate in identifying
spam, and it only added small amount of extra CPU load on the server, so
it is definitely worth installing.

Compile and install :

# install the pre-requisite modules for razor
perl -MCPAN -e shell
#(enter your way through all the questions. The only one you will likely
have to answer is regarding your Continent/Country)
# tell the cpan shell to follow the dependency tree and automatically grab
any required modules
o conf prerequisites_policy follow
# make sure you have some of the basic tools needed to get the CPAN
downloads working smoothly
install LWP MD5
# install the razor pre-requisites now
install Net::Ping Net::DNS Time::HiRes Digest::SHA1 Getopt::Long File
::Copy Digest::Nilsimsa URI::Escape
quit
# now install the actual razor software
tar xzf razor-agents-2.67.tar.gz
chown -R root.root razor-agents-2.67
cd razor-agents-2.67
perl Makefile.PL
make
make test
make install
cd ..
The Razor programs will now be installed in /usr/bin. In particular,
SpamAssassin makes use of the program called : “razor-check”

Last job is to create the Razor configuration
files (they get put into /etc/razor/) by using these commands :

razor-client
razor-admin -d -create -home=/etc/razor
If your server is going to be busy, then I would recommend
you edit the razor config file and turn down the debugging level a bit :

vi /etc/razor/razor-agent.conf
debuglevel=1

==========================================================================
Fetchmail(offline Mail server)
$vi /root/.fretchmail
#set no bouncemail
poll pop.websurfer.com.np with proto pop3 and options no dns
aka nepal.com
user “info” there with password “catchme” is * here expunge 10

$vi /root/.mailscript
#!/bin/sh
echo “**************************”
/bin/date
/usr/bin/fetchmail -v -a
/usr/sbin/sendmail -bp
/usr/sbin/sendmail -q

crontab
0-59 * * * * /root/.mailscript >> /var/log/fetchmaillog

=================================================================
FTP
$vi /etc/vsftpd/vsftpd.conf
anonymous_enable=NO
ftpd_banner=Welcome to Nepal FTP Server.
chroot_local_user=YES

=================================================================
DHCP
1)vi /etc/dhcpd.conf
(/usr/share/doc/dhcp-/dhcpd.conf.sample)
authoritative;
ddns-update-style none; (ad-hoc/interim;)
default-lease-time 604800;
max-lease-time 2592000;
option routers 192.168.0.1;
option domain-name-servers 192.168.0.5;
option domain-name-servers 192.168.0.6;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.0.255;

subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.200 192.168.0.250;
}

host mailserver {
hardware ethernet 00:02:44:4A:E8:B1;
fixed-address 192.168.0.8;
}

host sabin {
hardware ethernet 00:0C:29:07:8F:2D;
fixed-address 192.168.0.70;

2)vi /etc/sysconfig/dhcpd
# Command line options here
DHCPDARGS=eth0

touch /var/lib/dhcp/dhcpd.leases

3)vi /etc/sysconfig/dhcrelay
(The DHCP Relay Agent (dhcrelay) allows you to relay DHCP
and BOOTP requests from a subnet with no DHCP server on it
to one or more DHCP servers on other subnets)

service dhcrelay start
====================================================================
PPP Server
vi /etc/inittab
S1:2345:respawn:/sbin/mgetty -D /dev/ttyS1

vi /etc/ppp/options.server
-detach
asyncmap 0
modem
crtscts
lock
require-pap
refuse-chap
login
proxyarp
192.168.59.1:192.168.59.100
ms-dns 192.168.59.7

vi /etc/ppp/options
noauth
defaultroute
lock
ipcp-accept-local
ipcp-accept-remote
usepeerdns
passive

vi /etc/ppp/resolv.conf
nameserver 202.52.255.47
nameserver 202.52.255.3

5)vi /etc/syslog.conf
daemon.* /dev/console

6) cat /etc/ppp/pap-secrets

[root@mail ppp]# cat pap-secrets
# Secrets for authentication using PAP
# client server secret IP addresses
* * “” *

7) vi /etc/mgetty+sendfax/ login.config
/AutoPPP/ - - /usr/sbin/pppd file /etc/ppp/options.server

#Callback conf
back – - /usr/sbin/callback -S 4352548
=======================================================================
Webmin (Web Administration)
Installed Directory (/var/libexec/mrtg)
$./setup.sh

http://192.168.59.7:10000
========================================================================
YP(NIS server)
Daemon: portmap,ypbind,yptools,ypserv,ypxfrd,nfslock,nfs
1) vi /etc/sysconfig/network
NISDOMAIN=nis1.nepal.com
2) domainname nepal.com
/var/yp/Makefile
all:passwd group hosts
nopush=true,merge_groups=files
/var/yp/make [passwd shadow host]
service portmap start
service ypserv start
/usr/lib/yp/ypinit -m [-s masterservers]
/var/yp/ypservers
service yppasswdd start
service ypserv start

rpcinfo -p localhost
if new user added
/var/yp/make

$ypmatch nisuser passwd
getent passwd nisuser

/var/yp/securenets[network security]
/etc/nsswitch.conf[files dns,nis]

# /etc/yp.conf – ypbind configuration file
ypserver 127.0.0.1
Client
portmap,ypbind,yptools
1) /etc/sysconfig/network
NISDOMAIN=server1.sabin.com
authconfig [/etc/yp.conf]
ypcat passwd[must execute when new useris added]
ypwhich,ypcat,ypchfn,ypchsh,yppasswd,ypush

NFS

/etc/exports
/home *(rw)
service nfs restart
exportfs -r
exportfs -v
exportfs -u
exportfs -a

/etc/auto.master
/home /etc/auto.home –timeout 60

/etc/auto.home
* -rw,soft,intr 192.168.0.1:/home/&
or
* -fstype=nfs,soft,intr,rsize=8192,wsize=8192,nosuid,tcp \
192.168.1.100:/home:&

service autofs restart
======================================================================
SAMBA (SWAT Makes Samba Simpler http://localhost:901)
share a linux drive with win machine
share a win datat in linux
share a linux printer with win machine
share a win printer with linux
1.FOR Win 95/98 – regedit hkey_Local_Machine/system/currentcontrol/services/VxD/vnetsup/
Add a new Dword value: EnablePlanTextPassword 0×01
2.NT HKEY_LOCAL_MACHINE/system/CurrentControl/services/Rdr\parameters\
——
Dword
EnablePlanTextPassword 0×01
2000
—-
Hkey_local_machine\system\current\services\Rdr\Parameters
EnablePlainTextPassword ox01

Swat
chkconfig swat on
http://localhost:901

1)vi /etc/samba/smb.conf

Section Description
[global] General Samba configuration parameters
[printers] Used for configuring printers
[homes] Defines treatment of user logins
[netlogon] A share for storing logon scripts.
(Not created by default.)
[profile] A share for storing domain logon information such as
“favorites” and desktop icons.(Not created by default.)

[global]

workgroup = HOMENET
server string = Sabin Server
host allow =192.168.0.
printing = lprng
printcap name =/etc/printcap
security= user share
security=[users,shares,server,domain]
load printers = yes
guest account = sabin
allow hosts = host list
deny hosts = host list
admin users = users list

[global] for domain
workgroup = HOMENET
time server = Yes
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
[homes]
read only = No
browseable = No
create mask = 0644
directory mask = 0755

[netlogon]
path = /home/samba/netlogon
guest ok = Yes

[profiles]
path = /home/samba/profiles
read only = No
create mask = 0600
directory mask = 0700
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
public = yes

[tmp]
comments = sabin share
path = /tmp
valid users = sabin
public = no
writable =yes
printable=no
guest ok = yes
only guest = yes
create mask = 0765
read only = yes
write list= @manager

Authentication from NT
———————–
encrypt password = yes
security = server
password server = of PDC

wins
—–
wins supoort = yes
wins server = IP of wins server

Authentication Server:
———————-
encrypt password = yes
domain logons = yes
OS level = 033
[NET LOGON]
path =
read only = yes

SAMBA as a PDC ( primary domian controller)
————————————–
[ global section]
workgroup =
netbios name =
domain logons = yes
security = user
local master = yes
os level = 65 | 64
preferred master = yes
domain master = yes
logon path = \\%N\profiles\%U
logon home = \\\%U
[netlogon]
path = /usr/local/samba/netlogon

root is a Admin user for domain
groupadd sysadmin

domain admin group = @sysadmin
admin users = @sysadmin
printer admin = @sysadmin

Dynamic Creation Of Machine Trust Accounts
[global]
# <…remainder of parameters…>
add machine script = /usr/sbin/useradd -d /dev/null -g samba-clients -s /bin/false -M %u
groupadd samba-clients
2)smbpasswd -a root password

smbclient //192.168.0.1/abc -U sabin
nmblookup server -R sabin| nmb \*
smbmount //server/share /mnt/sab -o username=sabin
fstab
//server/1/public /mnt/smb smbfs defaults,username=sabin 0 0
password file= /etc/samba/samba
smbadduser root:sabin
smbpasswd -U root

smclient //station5 -U

smbclient //server1/myshare -N -Tx backup.tar
smbclient //server1/myshare -N -TXx backup.tar /users/doc
mount -t smbfs -o username=admin%passwd IP //server/share /mnt/share
smbmount //server/share mnt_pt -o username=xxxx%pass

======================================================================
LDAP
1. /etc/openldap/slapd.config
suffix “dc=example,dc=com”
rootdn “cn =root , dc=examplex,dc=com”
rootpw secret (crypt)
perl -e ” print crypt (‘passwd’,'a_shell’);”
Migrate all users in LDAP server
2. create users student 1 – student with redhat1 – redhat9
#!/bin/bash
for 1 in `seq 1 9` ; do
useradd student$1
echo “redhat$1″ |passwd –stdin student$1
done
3. /usr/share/openldap/migration
migrate_common.ph
$DEFAULT_MAIL_DOMAIN=”stationX. example.com
$DEFAULT_BASE=”dc=example, dc=com”

/etc/protocols
/etc/services
comment all #+
./migrate_all_offline.sh
./migrate_all_nis_online.sh
“ “ “ ”
file of ldap:
/var/lib/ldap
chown -R ldap.ldap /var/lib/ldap
service ldap restart
———————
client side:
graphical LDAP client
preferences select server tab
Name– stationx.example.com
LDAPHOST: ”
BASE DN: dc=example,dc=com
=========================================================================
LDAP
Scenario
The I.T. department in a small organization “nepal.com” has
many Linux servers they need to administer.

1. They want a simple, secure, centralized login scheme for all of them.
2. They have decided to use the LDAP domain “example.com” for their LDAP
database in which one domain component (DC) will be “example”, and
the other will be “com”.
3. The database will only have one organizational unit simply called
“People” which is the LDAP default.
4. Each person will have attributes such as a username (User ID or UID),
password, Linux “home” directory and login shell.
5. The Fedora Linux server named “nepal” will act as the LDAP server
containing the database and has the IP address 192.168.1.100.
6. The Fedora Linux server named “sabin” will be used to test the system
as the LDAP client and has the IP address 192.168.1.102.
7. Server “nepal” has a special user account named “ldapuser” that will
be used to test the LDAP logins.

Required LDAP Server RPMS
openldap,openldap-clients,openldap-devel,nss_ldap,openldap-servers
Required LDAP Client RPMS
openldap,openldap-clients,openldap-devel,nss_ldap

1)Create a database directory
mkdir /var/lib/ldap/example.com
chown ldap:ldap /var/lib/ldap/example.com

2)Create an LDAP “root” password
slappasswd
{SSHA}v4qLq/qy01w9my60LLX9BvfNUrRhOjQZ

3)vi /etc/openldap/slapd.conf
database        ldbm
suffix          ”dc=example,dc=com”
rootdn          ”cn=Manager,dc=example,dc=com”
rootpw          {SSHA}v4qLq/qy01w9my60LLX9BvfNUrRhOjQZ
directory       /var/lib/ldap/example.com
4)service ldap start

5)Create the “ldapuser” test account
useradd -g users ldapuser
passwd ldapuser
grep ldapuser /etc/passwd > /etc/openldap/passwd.ldapusers
grep root /etc/passwd > /etc/openldap/passwd.root

6)Find the conversion script
slocate -u
locate migrate
(/usr/share/openldap/migration/migrate_passwd.pl)

7) Convert user’s to ldap
/usr/share/openldap/migration/migrate_passwd.pl \
/etc/openldap/passwd.ldapusers /etc/openldap/ldapusers.ldif

/usr/share/openldap/migration/migrate_passwd.pl \
/etc/openldap/passwd.root /etc/openldap/root.ldif

8)Edit the user LDIF file
vi /etc/openldap/ldapusers.ldif
:%s/padl/example/g

vi /etc/openldap/root.ldif
:%s/padl/example/g
under the UID line in the file.
cn: Manager

9) vi etc/openldap/example.com.ldif
dn: dc=example,dc=com
dc: example
description: Root LDAP entry for example.com
objectClass: dcObject
objectClass: organizationalUnit
ou: rootobject

dn: ou=People, dc=example,dc=com
ou: People
description: All people in organisation
objectClass: organizationalUnit

10)Import the LDIF files into the database

ldapadd -x -D “cn=Manager,dc=example,dc=com” \
-W -f /etc/openldap/example.com.ldif

ldapadd -x -D “cn=Manager,dc=example,dc=com” \
-W -f /etc/openldap/root.ldif

ldapadd -x -D “cn=Manager,dc=example,dc=com” \
-W -f /etc/openldap/ldapusers.ldif
11) Test the LDAP database
ldapsearch -x -b ‘dc=example,dc=com’ ‘(objectclass=*)’

Client
1)vi /etc/openldap/ldap.conf
HOST 192.168.1.100
BASE dc=example,dc=com

2)vi /etc/nsswitch.conf
$authconfig
[*] Use Shadow Passwords
[*] Use MD5 Passwords
[*] Use LDAP [ ] Use TLS
Server: 192.168.1.100
Base DN: dc=example,dc=com
3) Create a home directory for ldap
mkdir /home/ldapuser
chmod 700 /home/ldapuser/
chown ldapuser:users /home/ldapuser/
ll /home
cp /etc/skel/.* /home/ldapuser/
chown ldapuser:users /home/ldapuser/.*

4)vi /usr/local/bin/addldapuser (adduser)
#!/bin/bash
grep $1 /etc/passwd > /tmp/changeldappasswd.tmp
/usr/share/openldap/migration/migrate_passwd.pl \
/tmp/changeldappasswd.tmp /tmp/changeldappasswd.ldif.tmp
cat /tmp/changeldappasswd.ldif.tmp | sed s/padl/example/ \
> /tmp/changeldappasswd.ldif
ldapadd -x -D “cn=Manager,dc=example,dc=com” -W -f \
/tmp/changeldappasswd.ldif
rm -f /tmp/changeldappasswd.*

5)addldapuser ldapuser
Create home directories for the user on all the LDAP client Linux boxes

6) vi/usr/local/bin/deleteldapuser
#!/bin/bash
ldapdelete -x -W -D “cn=Manager,dc=example,dc=com” \
“uid=$1,ou=People,dc=example,dc=com”
7)deleteldapuser ldapuser

8)vi /usr/local/bin/modifyldapuser
#!/bin/bash
grep $1 /etc/passwd > /tmp/modifyldapuser.tmp
/usr/share/openldap/migration/migrate_passwd.pl \
/tmp/modifyldapuser.tmp /tmp/modifyldapuser.ldif.tmp
cat /tmp/modifyldapuser.ldif.tmp | sed s/padl/example/ \
> /tmp/modifyldapuser.ldif
ldapmodify -x -D “cn=Manager,dc=example,dc=com” -W -f \
/tmp/modifyldapuser.ldif
rm -f /tmp/modifyldapuser.*

9)passwd ldapuser
modifyldapuser ldapuser

LDAP Web Management Tools
The LDAP Account Manager (LAM) available at http://lam.sourceforge.net/
=========================================================================
TOMCAT server(JSP)

=======================================================================
NTP Server
http://www.eecis.udel.edu/~mills/ntp/servers.html
1) vi /etc/ntp.conf
server otherntp.server.org
server ntp.research.gov

restrict otherntp.server.org mask 255.255.255.255 nomodify notrap noquery
restrict ntp.research.gov mask 255.255.255.255 nomodify notrap noquery

restrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrap
restrict 127.0.0.1

2)ntpdate -u 192.168.1.100
ntpq -p
======================================================
CLOCK
http://www.nixcraft.com/uniqlinuxfeatures/tools/
vivek-tech.com

# $ clock &
#
echo
echo “Digital Clock for Linux”
echo “To stop this clock use command kill pid, see above for pid”
echo “Press a key to continue. . .”

while :
do
ti=`date +”%r”`
echo -e -n “\033[7s" #save current screen postion & attributes
#
# Show the clock
#

tput cup 0 69 # row 0 and column 69 is used to show clock

echo -n $ti # put clock on screen

echo -e -n "\033[8u" #restore current screen postion & attributs
#
#Delay fro 1 second
#
sleep 1
done
find / -type f -perm +6000 -ls
find / -perm -2 ! -type l -ls
find / -nouser -o -nogroup
====================================================================
VPN
ipsec-tools,openswan-2.1.4-1.fc2.i386.rpm
chkconfig ipsec on
ipsec verify

1)vi /etc/sysctl.conf
net/ipv4/ip_forward = 1

2)sysctl -p

VPN Configuration Steps (Using RSA Keys)

Left Internet IP address of the left hand side VPN device
Leftsubnet The network protected by the left hand side VPN device
Leftid Fully Qualified Domain Name in DNS of the left hand side VPN
device preceded by an "@" sign. If DNS hasn't been set up for
the IP addresses, then you'll want to remove this entry as names
that don't resolve correctly will cause the VPN initialization to fail.
Leftrsasigkey The entire "left" RSA sig public key for the left hand side
VPN device. This can be obtained by using the "ipsec showhostkey --left" command.
Leftnexthop The next hop router from the left hand side VPN device when t
trying to reach the right hand side VPN device. You may use an
auto-generated variable "%defaultroute" which will be valid in most
cases, or the actual IP address of the next hop router in cases where
the next hop is not the default router.
Right Internet IP address of the right hand side VPN device
Rightsubnet The network protected by the right hand side VPN device
Rightid Fully Qualified Domain Name in DNS of the right hand side VPN device
preceded by an "@" sign. If DNS hasn't been set up for the IP
addresses, then you'll want to remove this entry as names that don't
resolve correctly will cause the VPN initialization to fail.
Rightrsasigkey The entire "right" RSA sig public key for the right hand side
VPN device. This can be obtained by using the "ipsec showhostkey --right" command.
Rightnexthop The next hop router from the right hand side VPN device when
trying to reach the right hand side VPN device. You may use an auto-generated
variable "%defaultroute" which will be valid in most cases, or the actual
IP address of the next hop router in cases where the next hop is not the default router.

Creating Your Own Keys
ipsec rsasigkey --verbose 2048 > keys.tmp

Get The Left Public Key
ipsec showhostkey --left > /tmp/left.pub

Get The Right Public Key
ipsec showhostkey --right > /tmp/right.pub
1)The /etc/ipsec.conf file
( It is important to maintain the indentation,
The "net-to-net" sub sections must be the same in the
/etc/ipsec.conf for both the left and right hand side VPN devices.
There must be no blank lines in the net-to-net section between
parameters. Lines commented with a "#" are acceptable
Restarting IPSec to reload the configuration file doesn't
necessarily restart the tunnels. If you set the "auto=" parameter
to "add", the tunnel will only be started manually with the "ipsec"
command. If the parameter is commented out then the tunnel will
never start. A value of "start" will cause the tunnel to start
automatically.)
#
# File: /etc/ipsec.conf
#
conn net-to-net
left=97.158.253.25             # Public Internet IP address of the
# LEFT VPN device
leftsubnet=172.16.1.0/24       # Subnet protected by the LEFT VPN device
leftid=@vpn1.my-site.com # FQDN of Public Internet IP address of the
# LEFT VPN device with an "@"
leftrsasigkey=0sAQNrV9AYdaW94FXvIxu5p54+MRaW0wy0+HHQrdGofklZYQ4TCBlL+Ym00Ah
fc8mqXlerZY12Os41G8SIV+zzIO04WZ4wmOvEr8DZaldTbfCuvUvMhrTtCpZdm53yF5rCaUbg+Vmx71
fgyVmGu8/kuhzB7nWtOYqDFO8OHDGePOyOVPQi73KfRoDbdb3ND0EtfnRhRPblKJ239OlIq1
leftnexthop=%defaultroute      # correct in many situations
right=6.25.232.1               # Public Internet IP address of
# the RIGHT VPN device
rightsubnet=10.0.0.0/24        # Subnet protected by the RIGHT VPN device
rightid=@vpn2.another-site.com # FQDN of Public Internet IP address of the
# RIGHT VPN device with an "@"
rightrsasigkey=0sAQNNdxFPWCga+E/AnDgIM+uIDq4UXcZzpomwMFUpyQ9+rhUHT9w8nr3rjU
R/qTZOKR2Vqd4XoBd1HkPDBQ8oNjtA3Oz+UQOU3KTMHN5ydFwe6MpTJV/hL6LvhB0OXQad/NhjMIx8v
OnhM8g8SPRnj7pL3abgu7Sg7eFREV1MJSVBhp0DJ0EbVMVV+Xvwlm9++9zbY3mlc+cSXMPAJZ
rightnexthop=97.158.253.25     # correct in many situations
auto=start                     # authorizes and starts this connection
# on booting
2) service ipsec restart

3)Initialize The New Tunnel
ipsec auto --up net-to-net

4)Possible Changes To IP Tables NAT/Masquerade Rules
If you are running iptables with masquerading/NAT the VPN devices
then you will have to exclude packets traversing the tunnel from
the NAT operation. This example assumes that interface eth0 is the
Internet facing interface on your Linux VPN/firewall.

Left Hand Side VPN Device
Old
iptables -t nat -A POSTROUTING -o eth0 -s 172.168.1.0/24 -j MASQUERADE

New
iptables -t nat -A POSTROUTING -o eth0 -s 172.168.1.0/24 -d \! 10.0.0.0/24 -j MASQUERADE

Right Hand Side VPN Device
Old
iptables -t nat -A POSTROUTING -o eth0 -s 10.0.0.0/24 -j MASQUERADE

New
iptables -t nat -A POSTROUTING -o eth0 -s 10.0.0.0/24 -d \! 176.16.1.0/24 -j MASQUERADE

5)How To Ensure Openswan Starts When Rebooting
If your VPN sub- section in the /etc/ipsec.conf file has the line "auto=add"
in it then IPSec will only authorize but won't establish the connection at
startup. You'll have to use the "ipsec auto --up " command to start it manually.
You'll need to change this to "auto=start" for openswan to automatically
start the VPN when IPSec restarts or when the system reboots.

6)Using Pre-Shared Keys (PSK)
ipsec ranbits --continuous 128

7)Update /etc/ipsec.secrets
vpn1-ip-address vpn2-ip-address : PSK "key in quotations"
97.158.253.25 6.25.232.6 : PSK "nonebutourselvescanfreeourminds"

8)Update /etc/ipsec.conf
authby=secret # Key exchange method
auto=start # authorizes and starts this connection

=============================================================================
Tripwire
config file= /etc/tripwire/twcfg.txt
policy file= /etc/tripwire/tw.opl
database =/var/lib/tripwire/$hostname.twd

1) /etc//tripwire/twinstall.sh
/sbin/tripwire --init
/sbin/tripwire --start

2)integrity check
/sbin/tripwire --check

Report
twprint -m r --twrfile /var/lib/tripwire/report/

viewing tripwire database
twprint -m -d --print -dbfile |less

updating policy
twadmin --print-palfile>/etc/tripwire/twpol.txt

specific files
twprint -m -d --print -dbfile /etc/hosts

tripwire --update --twfile /var/lib/tripwire/report/name.twr
=======================================================================
PAM
=======================================================================
Process Accounting
pcacct*.rpm
$ac=/var/log/wtmp
$action:process account off or on
$accton /var/log/pacct
lastcomm
sa=summarize
sa /var/log/savacct
sa /var/log/usracct

gtop,kpm,xosview,xload,xsysinfo,top

=======================================================================
TCP Wrappers
vi /etc/host.allow
vi /etc/host.deny
:[:

=processname(not service) /ALL
=hostname/IP

vi /etc/host.allow
vsftpd:.example.com
sshd:.example.com\
:spawn /bin/echo `\bin\date` access denied>>/var/log/sshd.log :deny

WILD CARDS
ALL,LOCAL,KNOWN,UNKNOWN,PARANOID(host &ip donot match)

ALL;.example.com
ALL:192.168.
ALL:192.168.0.0/255.255.255.0
in.telnetd:/etc/telnets.hosts
ALL:.example.com EXCEPT sabin.example.com
ALL EXCEPT vsftpd:192.168.0

deny
sshd:.example.com:servrity emerg
sshd:example.com:severity local0.alert

sshd:client1.nepal.com:allow
sshd:client2.nepal.com:deny

Spawn ,twist
in.telnetd:example.com\
:spawn \bin\echo \bin\date from %h>>/var/log/telnet:allow
vsftpd:.example.com\
twist /bin/echo “bod guy go away”

=======================================================================
Xinetd
/etc/xinetd.conf
/etc/xinetd.d/
LOG_ON_SUCCESS.LOG_ON_FAILURE,
ATTEMPT,DURATION,EXIT,HOST,PID,RECORD,USERID,

only_from,no_access,access_times(HH:MM-HH:MM)
service telnet
{
disable=no
flags=reuse
socket_type=stream
wait =no
user=root
server=/usr/sbin/in/telnet.d
log_on_failure +=USERID
no_access=192.168.0.0/24
log_on_success +=PID HOST EXIT
access_times=9:00-1600
}
NAT
bind =123.123.123.123
redirect=10.10.10.12 21 23

per_source(no of instances)
cps=max connection per second
max_load=cp usage thereshold for a service

=======================================================================
IPtables
=======================================================================
Selinux
*/selinux filesystem
access
context
create
enforce
load
policyvers
relabel
user

*security.selinux
getfattr -m . -d /etc/passwd
1) Permissive mode
2) Rebuilding policies
3) Labeling files
4) Routine system administration (changing roles,
adding users, and checking file contexts)
5) Monitoring SELinux through log files
6) Miscellaneous troubleshooting

1)System Modes and SELinux Tuning
+ permissive mode that’s useful for policy troubleshooting and system maintenance.
permissive mode is used when configuring, testing, and troubleshooting SELinux
and the SELinux security policy. Under permissive mode, SELinux permits all operations,
even those that violate the SELinux security policy.
+ enforcing mode (sometimes called enforcement mode). Enforcing mode is the
normal mode of SELinux operation. Under enforcing mode, operations that violate
the SELinux security policy are prevented.

a) Switching the SELinux mode
kernel /vmlinuz-2.6.4-1.305 ro root=LABEL=/ enforcing=1
append=”enforcing=0″(lilo)

To enter enforcing mode, issue the command:
echo “1″ > /selinux/enforce

Similarly, to enter permissive mode, issue the command:
echo “0″ > /selinux/enforce

setenforce 0
getenforce
vi /etc/selinux
To disable (boot parameter
selinux=0
———————————————–
2) Loading a security policy
rpm=checkpolicy,selinux*
/etc/selinux/src/policy
Make target Compiles the policy from source? Installs the policy? Loads or reloads the policy?
policy Yes No No
install Yes Yes No
load Yes Yes Yes
reload Yes Yes Yes
relabel No No No

a)su -
b)newrole -r sysadm_r
c)cd /etc/selinux/src/policy
d)make target
e)make reload
checkpolicy=The SELinux policy compiler
load_policy=A utility that loads the SELinux binary policy into the running kernel
———————————————–
3) Labeling files
a)su -
newrole -r sysadm_r
cd /etc/selinux/src/policy
make relabel

usr/bin/chcon
Labels one or more files with a specified security context
chcon system_u:object_r:etc_t /etc/hosts /etc/hosts.allow

/sbin/fixfiles
Labels all available filesystems according to the contents of the standard specification
file, src/policy/file_contexts/file_contexts
fixfiles check

/sbin/restorecon
Labels one or more files according to the contents of the standard specification
file, src/policy/file_contexts/file_contexts
restorecon /etc/hosts

/usr/sbin/setfiles
Labels one or more files or filesystems according to the contents of a specification
file
setfiles src/policy/file_contexts/file_contexts /etc/hosts

Tuning Fedora Core 2 SELinux
Fedora Core 2 implementation of
SELinux provides two convenient ways of tailoring SELinux operation:
i) Macros
ii) Policy Booleans

i)Macros
src/policy/tunable.te

Policy macro Active by default? Description
allow_user_direct_mouse Yes Allow regular users direct access to the mouse device file
(otherwise allow only the X server to do so).
allow_user_dmesg Yes Allow users to run the dmesg command
allow_user_tcp_server Yes Allow users to run TCP servers (bind to ports and accept
connection from the same domain and outside users).
Disabling this Boolean forces FTP passive mode and may
affect other protocols (including IRC if single_
userdomain is defined).
allow_xserver_home_fonts Yes Allow X server to check for fonts in ~/.gnome or ~/.kde.
allow_ypbind Yes Allow ypbind to run with NIS.
direct_sysadm_daemon Yes Allow sysadm_t to start daemons directly.
ftp_home_dir No Allow FTP to read/write files in user home directories.
ftpd_is_daemon Yes Allow FTP to run from inetd instead of as a stand-alone
daemon.
hide_broken_symptoms No Adds dontaudit rules for broken polices that are not
security risks.
nfs_export_all_ro No Allow reading on any filesystem.
nfs_export_all_rw Yes Allow read/write/create on any filesystem.
nfs_home_dirs Yes Allow NFS home directories.
nscd_all_connect Yes Allow all domains to access NSCD.
read_default_t Yes Allow ordinary users to read any file having type
default_t.
readhome Yes Allow Mozilla to read files in the user home directory.
run_ssh_inetd No Allow SSH to run from inetd instead of as a daemon.
secure_levels No Allow only administrator to log in at the console and forbid
direct access to disk devices.
single_userdomain No Make processes other than newrole and su run by a user
domain stay in the same user domain.
ssh_sysadm_login Yes Allow SSH logins to the sysadm_r:sysadm_t security
context; otherwise, remote SSH users cannot enter this
context.
staff_read_sysadm_file No Allow staff_r users to search the system administrator’s
home directory (generally /root) and read its files.
unlimitedServices Yes Allow processes under initrc and xinetd to run with
all privileges.
unlimitedUsers No Allow users to have full access.
unrestricted_admin Yes Allow sysadm_t to do almost everything.
use_games Yes Allow users to run games.
user_can_mount Yes Allow users to execute mount command.
user_canbe_sysadm Yes Allow normal users to enter sysadm_r role.
user_net_control Yes Allow users to control network interfaces (also needs
USERCTL=true).
user_rw_noexattrfile Yes Allow users to read/write noextattrfile (FAT,
CDROM, FLOPPY).
writehome Yes Allow Mozilla to write files in the user home directory.
xdm_sysadm_login Yes Allow xdm logins as sysadm_r:sysadm_t.

a)vi /etc/selinux/src/policy.
b)edit tunable.te
c)make reload.
ii)Tuning via policy Booleans
change_bool boolean [0|1]
show_bools

change_bool user_ping 0

show_bools
user_ping –> active: 0 pending: 0

echo 0 > /selinux/booleans/user_ping
echo 1 > /selinux/commit_pending_bools
———————————————–
4)Routine SELinux System Use and Administration
a) Entering a role
b) Viewing security contexts
c) Adding users and groups
d) Starting and controlling daemons
e) Tuning SELinux

a) Entering a role
SELinux users have one or more associated
roles and, at any time, are bound to exactly
one of these. Users are initially bound to
a role at login time.
$sestatus
# sestatus -v

The standard SELinux security policy defines four roles:
*staff_r
Used for users permitted to enter the sysadm_r role
*sysadm_r
Used for the system administrator
*system_r
Used for system processes and objects
*user_r
Used for ordinary users

Changing roles
newrole [[-r|--role] ROLE] [[-t|--type] TYPE] [-- [ARGS]…]
newrole -r role
#newrole -r sysadm_r

b) Viewing security contexts
# id -Z
ls –context /etc/hosts
ls –lcontext /etc/hosts
ls –scontext /etc/hosts
ls -Z /etc/hosts
ps -Z
ps –context
ps -Z 1

c) Adding users and groups
users’ home directories are labeled with
the special security context user_home_dir_t.
# id -Z
# newrole -r sysadm_r
# id -Z
# useradd -c “test user” -m -d /home/testuser \
-g users -s /bin/bash testuser
# finger testuser
# ls -ld -Z /home/testuser/

Associating a user with a nondefault role
By default, users are associated with
the SELinux role user_r
i. Edit the src/policy/users file.
ii. Recompile the security policy.
iii. Load the generated binary policy file into the kernel.
cd /etc/selinux/src/policy
vi users
user username roles { staff_r sysadm_r };
make target
make reload

user:role:type.
the src/policy/appconfig/default_contexts file specifies
default roles for user logins, SSH sessions, and cron jobs.
system_r:sulogin_t sysadm_r:sysadm_t
system_r:local_login_t staff_r:staff_t user_r:user_t sysadm_r:sysadm_t
system_r:remote_login_t user_r:user_t staff_r:staff_t
system_r:sshd_t user_r:user_t staff_r:staff_t sysadm_r:sysadm_t
system_r:crond_t user_r:user_crond_t staff_r:staff_crond_t
sysadm_r:sysadm_crond_t system_r:system_crond_t mailman_r:user_crond_t
system_r:xdm_t staff_r:staff_t user_r:user_t sysadm_r:sysadm_t
staff_r:staff_su_t staff_r:staff_t user_r:user_t sysadm_r:sysadm_t
sysadm_r:sysadm_su_t staff_r:staff_t user_r:user_t sysadm_r:sysadm_t
user_r:user_su_t staff_r:staff_t user_r:user_t sysadm_r:sysadm_t
sysadm_r:sudo_t sysadm_r:sysadm_t
staff_r:sudo_t sysadm_r:sysadm_t staff_r:staff_t
user_r:sudo_t sysadm_r:sysadm_t user_r:user_t

Setting user passwords
vipw, vi,
to repair the file label
restorecon /etc/shadow

d) Starting and controlling daemons
run_init script [[arg]…]
run_init /etc/init.d/ntpd start

NOTE
By default, Fedora Core 2 allows a role transition
from sysadm_r to system_r, the role used by init.
Therefore, unless you’ve specially configured Fedora
Core 2 to disable this transition, it’s not necessary
to invoke the run_init command explicitly.

runcon -u system_u -r system_r -t crond_t /usr/sbin/crond
runcon system_u:system_r:crond_t /usr/sbin/crond

e) Tuning SELinux
LOG Format
avc: result { operation } for pid=pid exe=exe
path=opath dev=devno:ptno ino=node
scontext=source tcontext=target tclass=class

*result=The value granted or denied, indicating whether
SELinux permitted or prohibitedthe operation.
*operation=The operation that was attempted, such as
read or write. SELinux defines about 150 operations.
*pid=The process ID of the process that attempted the operation.
*exe=The absolute path of the text file (executable) associated
with the process that attempted the operation.
*path=The absolute path of the object on which the operation was attempted.
*devno=The block device number associated with the
object on which the operation was attempted.
*ptno=The partition number associated with the object
on which the operation was attempted.
*node=The inode number of the object on which the operation was attempted.
*source=The security context of the process that
attempted the operation.
*target=The security context of the target object.
*class=The type of the target object, such as file.

SELinux Logging Subtleties(reduce log)
Change to the policy source directory and
reload the security policy:
cd /etc/security/selinux/src/policy
make reload
or
setenforce 1
setenforce 0

Audit2allow=that scans the system log, looking for
entries pertaining to denied operations

(if login,daemon problem problem)
fixfiles restore
cd /etc/security/selinux/src/policy
setfiles file_contexts/file_contexts /home/bill

cd /etc/security/selinux/src/policy
setfiles file_contexts/file_contexts cron_files

cd /etc/security/selinux/src/policy
setfiles file_contexts/file_contexts /etc/init.d/*

Xwindow problem
rm /var/tmp* files

=======================================================================
Instalation Server
1) Make directory
mkdir -p /data/network-install/Fedora/base
mkdir -p /data/network-install/Fedora/RPMS
mkdir -p /data/network-install/ISO

2) Copy the files
cd /mnt/cdrom/Fedora/base
cp -r * /data/network-install/Fedora/base

(copy 4 cd into /data/network-install)

cd /data/network-install/ISO
dd if=/dev/cdrom of=FC2-i386-disc1.iso bs=32k
eject cdrom
dd if=/dev/cdrom of=FC2-i386-disc2.iso bs=32k
eject cdrom
dd if=/dev/cdrom of=FC2-i386-disc3.iso bs=32k
eject cdrom
dd if=/dev/cdrom of=FC2-i386-disc4.iso bs=32k
eject cdrom

another method using mkisofs
mkisofs -J -r -T -o filename.iso /mnt/cdrom

3)Setup Your Webserver ftp & nfs
NameVirtualHost 192.168.1.100

DocumentRoot /data/

Options +Indexes
AllowOverride AuthConfig
order allow,deny
allow from all

FTP
vi /etc/vsftpd/vsftpd.conf
anon_root=/data/network-install/

NFS
vi /etc/exports
/data/network-install *(ro,sync)
exportfs -ra

4)Configure DHCP Server

5)Boot form fedora core cd1
boot:linux askmethod
or boot from boot floppy
Kick Start
1)”ksconfig” command from a GUI console
2)save it in /data/network-install/ks.cfg
or can use /root/anaconda-ks.cfg
3)to veryfy
install
nfs –server=192.16.1.100 –dir=/data/network-install/ISO
install
url –url http://192.168.1.100/network-install/
4) To install
NFS Method
boot: linux ks=nfs:192.168.1.100:/data/network-install/ks.cfg

HTTP Method
boot: linux ks=http://192.168.1.100/network-install/ks.cfg

DHCP
vi /etc/dhcpd.conf
filename “/data/network-install/ks.cfg”;
next-server 192.168.1.100;

boot: linux ks

Floppy
boot:linux ks=floppy

=======================================================================
Encrypting swat or other ports like pop3,smtp
1)useradd stunnel
2)cd /usr/share/ssl/certs
make stunnel.pem
chmod 640 stunnel.pem
chgrp stunnel stunnel.pem

3)vi /etc/stunnel/stunnel.conf
# Configure stunnel to run as user “stunnel” placing temporary
# files in the /home/stunnel/ directory
chroot = /home/stunnel/
pid = /stunnel.pid
setuid = stunnel
setgid = stunnel

# Log all stunnel messages to /var/log/messages
debug = 7
output = /var/log/messages

# Define where the SSL certificates can be found.
client = no
cert = /usr/share/ssl/certs/stunnel.pem
key = /usr/share/ssl/certs/stunnel.pem

# Accept SSL connections on port 901 and funnel it to
# port 902 for swat.
[swat]
accept = 901
connect = 902

4) cd /etc/xinetd.d
cp swat swat-stunnel

vi swat-stunnel
service swat-stunnel
{
port            = 902
socket_type     = stream
wait            = no
only_from       = 127.0.0.1
user            = root
server          = /usr/sbin/swat
log_on_failure  += USERID
disable         = no
bind            = 127.0.0.1
}
disable 901 port in /etc/services
chkconfig swat off
chkconfig swat-stunnel on

5)start stunnel
$stunnel
(if problem rpm -e hwcrypto)

6)Test
https://server-ip-address:901/

========
Stunneling pop
1) /var/share/ssl/certs/stunnel.pem
$openssl -req -new -newkey rsa:1024 -nodes \
-x509 -keyout /tmp/key -out /tmp/cert
cat /tmp/cert>>/tmp/key
mv /tmp/key /usr/share/ssl/certs/stunnel.pem
rm /tmp/cert
chmod 600 /usr/share/ssl/certs/stunnel.pem
or
cd /usr/share/ssl/certs
make stunnel.pem

2) vi /etc/xinet.d/pos3s
server=/usr/sbin/stunnel
server_args= -1 /usr/sbin/ipop3d –ipop3d

telnet
stunnel -d localhost:7023 -r localhost:23

stunnel -c -d localhost:12345 -r server1.nepal.com:7023
telnet localhost 12345
=======================================================================

CentOS Installing Audio Video

sabin — Tue, 18 Mar 2008 11:16:20 +0000

http://centos.karan.org/el4/extras/stable/i386/RPMS/repodata/repoview/Applications.Multimedia.group.html

# yum info xmms
# yum install xmms-mp3

http://rpm.pbone.net/index.php3/stat/4/idpl/1703961/com/bmp-0.9.7-0.lvn.3.3.i386.rpm.html

None of RedHat distributions ships with MP3 support because patent issues.

In CentOS 4 you have 3 choices:

a) Use Rhythmbox: in my opinion, I don’t recomended this option. This program crash a lot !. For put MP3 support download and install this RPM:
http://ftp.freshrpms.net/pub/freshrpms/fedora/linux/3/gstreamer-plugins-extra/gstreamer-plugins-extra-audio-0.8.6-2.1.fc3.fr.i386.rpm

You will need other packages like gsm that you found in Dag repository (look b option).

b) Install XMMS and MP3 support, download APT from Dag website, it’s here :
http://dag.wieers.com/packages/apt/apt-0.5.15cnc6-4.2.el4.rf.i386.rpm

After open a terminal and run:
apt-get update
apt-get install xmms xmms-mp3

c) Install Beep Media Player, it’s a XMMS fork written in GTK2. It looks better than XMMS. You find the packages here:
http://newrpms.sunsite.dk/apt/redhat/en/i386/fc3/RPMS.newrpms/bmp-0.9.7-2.rhfc3.nr.i386.rpm
http://newrpms.sunsite.dk/apt/redhat/en/i386/fc3/RPMS.newrpms/bmp-extra-plugins-0.2.2-3.rhfc3.nr.i386.rpm
http://newrpms.sunsite.dk/apt/redhat/en/i386/fc3/RPMS.newrpms/bmp-mp3-0.9.7-2.rhfc3.nr.i386.rpm

=====================================
Most of the libraries that are not in CentOS, are in Dag repository.

For example liblirc is here
http://dag.wieers.com/packages/lirc/lirc-0.6.6-4.2.el4.rf.i386.rpm

You can find more packages here:
http://dag.wieers.com/home-made/apt/packages.php
===============================================

Install the Dag repo into Yum using the instruction found at http://dag.wieers.com/home-made/apt/FAQ.php#B
http://dag.wieers.com/home-made/apt/
http://dag.wieers.com/home-made/apt/FAQ.php#B

http://rpm.greysector.net/yum.html
http://rpm.greysector.net/mplayer/yum.html
http://linux.softpedia.com/get/Multimedia/Video/MPlayer-020.shtml

http://apt.sw.be/redhat/el4/en/i386/RPMS.dag/

Repair Centos 5 lvm filesytem

sabin — Wed, 12 Mar 2008 16:39:30 +0000

1) linux rescue

2) skip mounting and go to command prompt

3) Run the following command to activate the LVM partition

lvm vgchange -a y

5)You should be able to address the activated LVMs. If you have trouble with their naming, run:

lvm lvscan

6) check the partition

fdisk -l

7) Check and repair each logical volume’s filesystem by running something like this:

fsck -f /dev/VolGroup00/LogVol00

reboot you system

Apache Mysql and PHP with BSD/Linux LAMP

sabin — Sun, 17 Feb 2008 12:08:33 +0000

This How-To guides you through the steps to install and configure the most popular and powerful Apache-2.2.8 web server with PHP-5.2.5 and Mysql-5.0.45.

This How-To can be used either on Linux with Kernel version 2.4 and higher or on FreeBSD-6.x systems.

From wikipedia, the definition of a web server is as follows:

A computer program that is responsible for accepting HTTP requests from clients, which are known as web browsers (e.g. Firefox, Internet Explorer), and serving them HTTP responses along with optional data contents, which usually are web pages such as HTML documents and linked objects (images, etc.).

Without Web servers, the Internet would just be as dull as sending and receiving emails.

It is the web server which provides the content and information that we are used to seeing these days. It’s the web server’s job to deliver both static and dynamic contents to end-users via browsers such as Mozilla Firefox and Internet Explorer.

Apache is to web servers what Bind is to DNS servers. Apache is a high performance and scalable web server notable for playing a key role in the initial growth of the World Wide Web. According to the data provided by news.netcraft.com, 50% of all web sites are running on Apache web servers.

In this guide, we will install and configure a simple Apache-2.2.8 web server with PHP-5.2.4 and Mysql-5.0.45.

MySQL is a robust Relational Database Management System (RDBMS) that relies on Structured Query Language (SQL) for processing the data in the database.

MySQL is most commonly used for Web applications and for embedded applications and has become a popular alternative to proprietary database systems such as Oracle and Sybase because of its speed and reliability.

PHP is a reflective programming language originally designed for producing dynamic web pages.PHP is used mainly in server-side scripting, but can be used from a command line interface or in standalone graphical applications.

PHP generally runs on a web server, taking PHP code as its input and creating Web pages as output.

The following guide details the installation and configuration of this 3 powerful components.

Installing Mysql-5.0.45

(1.) Create the necessary mysql user and mysql group

groupadd mysql
useradd -g mysql mysql

(2.) Download Mysql
cd /usr/local/src

wget http://dev.mysql.com/get/Downloads/MySQL-5.0/mysql-5.0.45.tar.gz/from/http://mirror.trouble-free.net/mysql_mirror/

(3.) Unzip the sources

tar zxvf mysql-5.0.45.tar.gz

(4.) Got to source directory and run configure

cd mysql-5.0.45

./configure –prefix=/usr/local/mysql

(5.) Make and Install

make

make install

(6.) Copy the main my.cnf file and change the necessary permissions and run Mysql

cp support-files/my-medium.cnf /etc/my.cnf

cd /usr/local/mysql

chown -R mysql .

chgrp -R mysql .

bin/mysql_install_db –user=mysql

chown -R root .

chown -R mysql var
bin/mysqld_safe –user=mysql &
If all goes well, Mysql is now installed and should be running!!

Note: If you face problems such as getting configuration and compilation errors, check your permissions. 95% of all problems can be solved either by installing dependencies and development libraries. Google is your friend as always.

Installing and configuring Apache-2.2.8

(1.) Download Apache

cd /usr/local/src

wget http://veritris.com/mirrors/apache/httpd/httpd-2.2.8.tar.gz

(2.) unzip the sources

tar zxvf httpd-2.2.8.tar.gz

(3.) Configure Apache

cd httpd-2.2.8

./configure

–prefix=/usr/local/httpd \
–enable-cache \
–enable-disk-cache \
–enable-mem-cache \
–enable-proxy \
–enable-proxy-http \
–enable-proxy-ftp \
–enable-proxy-connect \
–enable-so \
–enable-cgi \
–enable-info \
–enable-rewrite \
–enable-speling \
–enable-usertrack \
–enable-deflate \
–enable-mime-magic

(4.) Make and Install

make

make install

That’s it. Apache should now be installed in /usr/local/httpd ! Note: If you face problems such as getting compilation errors, check your permissions. 95% of all problems can be solved either by installing dependencies and development libraries. Google is your friend as always.

Installing and Configuring PHP

(1.) Download PHP

cd /usr/local/src

wget http://www.php.net/get/php-5.2.5.tar.gz/from/au2.php.net/mirror

(2.) Unzip the sources

tar zxvf php-5.2.5.tar.gz

(3.) Configure PHP for Apache and Mysql support

./configure

–with-apxs2=/usr/local/httpd/bin/apxs \
–with-mysql=/usr/local/mysql \
–prefix=/usr/local/httpd/php \
–with-config-file-path=/usr/local/httpd/php \
–enable-force-cgi-redirect \
–disable-cgi \
–with-zlib \
–with-gettext \
–with-gdbm

(4.) Make and Install

make

make install

(5.) Configure PHP configuration

cp php.ini-dist /usr/local/lib/php.ini

(6.) Edit your httpd.conf to load the PHP module

vi /usr/local/httpd/conf/httpd.conf

#Added the following in the relevant section

LoadModule php5_module modules/libphp5.so
(7.) Tell Apache to parse certain extensions as PHP and also to parse .phtml and phps extensions

vi /usr/local/httpd/conf/httpd.conf

#Added the following in the relevant sections

AddType application/x-httpd-php .php .phtml

AddType application/x-httpd-php-source .phps

(8.) Start your Apache-2.2.6 server

/usr/local/httpd/bin/apachectl start

Testing PHP installation

(1.) Create the following info.php file in the default htdocs directory

vi /usr/local/httpd/htdocs/info.php

##Copy and paste the following text

phpinfo(); ?>

(2.) Save the file and start your web browser to point to your local web server. If this server is a remote server, simply enter it’s IP address in place of localhost

http://localhost/info.php

You should be able to see detailed information about your PHP installation, Apache environment and PHP extensions loaded, etc.

Apache 1.3.X

tar xzvf  openssl-0.9.7d.tar.gz
cd openssl-0.9.7d
./config --prefix=/usr/local --openssldir=/usr/local/openssl
make
make test
make install

tar xzvf mod_ssl-2.8.16-1.3.29.tar.gz
cd mod_ssl-2.8.16-1.3.29
./configure \
              --with-apache=../apache_1.3.29 \
              --with-ssl=../openssl-0.9.7d \
              --prefix=/usr/local/apache \
              --enable-shared=ssl \

tar xzvf mod_perl-1.26.tar.gz
cd mod_perl-1.26
perl Makefile.PL \
               APACHE_SRC=../apache_1.3.29/src \
               DO_HTTPD=1 \
               USE_APACI=1 \
               PREP_HTTPD=1 \
               EVERYTHING=1 \

        $ make
        $ make test
        $ make install

 # adduser apache

Note the UID AND GID

tar xzvf apache_1.3.29.tar.gz
cd apache_1.3.29

SSL_BASE=../openssl-0.9.7d \
./configure --prefix=/usr/local/apache \
     --server-uid=apache \
     --server-gid=apache \
     --enable-module=ssl \
     --enable-shared=ssl \
     --enable-module=auth_dbm \
     --enable-module=auth_db \
     --enable-module=auth_anon \
     --enable-module=digest \
     --enable-module=expires \
     --enable-module=so \
     --enable-module=headers \
     --enable-module=usertrack \
     --enable-module=env \
     --enable-module=rewrite \
     --enable-suexec \
     --suexec-caller=apache \
     --suexec-uidmin=500 \
     --suexec-gidmin=500 \
     --activate-module=src/modules/perl/libperl.a \

make

make certificate TYPE=custom

make install

##DSO
./configure \
                --with-apxs=/usr/local/apache/bin/apxs \
                --enable-versioning \
                --with-mysql \
                --enable-track-vars

make
make install

#add to httpd.conf

#done auto by make install
#LoadModule php4_module libexec/libphp4.so
#LoadModule php4_module modules/libphp4.so
#AddModule mod_php4.c

AddType application/x-httpd-php .php .php3
AddType application/x-httpd-php-source .phps

cp php.ini-recommended /usr/local/lib/php.ini

Load Balancing Your Web Site

http://www.webtechniques.com/archives/1998/05/engelschall/

http://www.ddj.com/architect/184414169?pgno=1

http://www.howtoforge.com/load_balancing_apache_mod_proxy_balancer

Mirror website
wget -m -k -K -E http://url/of/web/site

find the ip address by location and redirect the mirror site

http://www.hostip.info/use.html

Php code to redirect to mirror server country wise

/* ipaddresses.txt
- 192.168.1.105 (Single IP)
- 192.168.1.* (IP Range with *)
- 192.168.1.100-110 (IP range with -)
- 192.168.?.* (IP range with ?)
*/
error_reporting(0);

function chkiplist($ip) {
# read in the ip address file
$lines = file(“ipaddresses.txt”);
# set a variable as false
$found = false;
# convert ip address into a number
$split_it = split(“\.”,$ip);
$ip = “1″ . sprintf(“%03d”,$split_it[0]) .

sprintf(“%03d”,$split_it[1]) . sprintf(“%03d”,$split_it[2]) .

sprintf(“%03d”,$split_it[3]);

# loop through the ip address file

foreach ($lines as $line) {

# remove line feeds from the line

$line = chop($line);

# replace x with a *

$line = str_replace(“x”,”*”,$line);

# remove comments

$line = preg_replace(“|[A-Za-z#/]|”,”",$line);

# set a maximum and minimum value

$max = $line;

$min = $line;

# replace * with a 3 digit number

if ( strpos($line,”*”,0) <> “” ) {

$max = str_replace(“*”,”999″,$line);

$min = str_replace(“*”,”000″,$line);

}

# replace ? with a single digit

if ( strpos($line,”?”,0) <> “” ) {

$max = str_replace(“?”,”9″,$line);

$min = str_replace(“?”,”0″,$line);

}

# if the line is invalid go to the next line

if ( $max == “” ) { continue; };

# check for a range

if ( strpos($max,” – “,0) <> “” ) {

$split_it = split(” – “,$max);

# if the second part does not match an ip address

if ( !preg_match(“|\d{1,3}\.|”,$split_it[1]) ) {

$max = $split_it[0];

}

else {

$max = $split_it[1];

};

}

if ( strpos($min,” – “,0) <> “” ) {

$split_it = split(” – “,$min);

$min = $split_it[0];

}

# make $max into a number

$split_it = split(“\.”,$max);

for ( $i=0;$i<4;$i++ ) {

if ( $i == 0 ) { $max = 1; };

if ( strpos($split_it[$i],”-”,0) <> “” ) {

$another_split = split(“-”,$split_it[$i]);

$split_it[$i] = $another_split[1];

}

$max .= sprintf(“%03d”,$split_it[$i]);

}

# make $min into a number

$split_it = split(“\.”,$min);

for ( $i=0;$i<4;$i++ ) {

if ( $i == 0 ) { $min = 1; };

if ( strpos($split_it[$i],”-”,0) <> “” ) {

$another_split = split(“-”,$split_it[$i]);

$split_it[$i] = $another_split[0];

}

$min .= sprintf(“%03d”,$split_it[$i]);

}

# check for a match

if ( ($ip <= $max) && ($ip >= $min) ) {

$found = true;

break;

};

}

return $found;

}; # end function

$country = “”;
$country1 = “”;
$cxContext-”";
$site = “http://mail.niec.edu.np/home/index.php”;
$port = 80;
$IP = $_SERVER['REMOTE_ADDR'];

if (!empty($IP))
{
if(chkiplist($IP))
{
header(“Location: http://mail.niec.edu.np”);
}
else
{
$country = file_get_contents(“http://api.hostip.info/country.php?ip=”.$IP);
if(!empty($country)&& $country==”NP”)
{
$country1 = file_get_contents(“http://mail.niec.edu.np/check.php”);

if(!empty($country1)&& $country1==”nepal”)
{
header(“Location: http://mail.niec.edu.np”);
}
else
{
header(“Location: home/”);
}
}
else
{
header(“Location: home/”);
}
}
}
else
{
header(“Location: home/”);
}
?>
For more information

http://sourceforge.net/search/?type_of_search=soft&words=ip+to+country+php

Handy script protects Linux against traffic spikes

sabin — Mon, 03 Mar 2008 16:13:43 +0000

http://enterpriselinuxlog.blogs.techtarget.com/category/scripts/

We received another user-submitted Linux script for our “Share scripts… win Starbucks” series. This one comes from David Witham, who writes:

I administer a consumer VoIP switch for a VSP. The switch acts as a SIP registrar and proxy. Many thousands of devices register and re-register with the registrar every few minutes so there’s a pretty constant stream of traffic hitting it. Some SIP devices have flakey firmware and misbehave in such a way that they flood the registrar with registration requests to the point that performance is compromised, so I needed a way to protect the registrar from those devices.

I wrote a script that takes a sample of network traffic using Ethereal, checks for IP addresses transmitting excessive packets and blocks them by adding them to a list of addresses to drop in the INPUT chain of iptables.

David suggests running the script every 15 minutes to allow new IP addresses to be added to the list, then flushing the addresses and re-adding them so IP addresses that have stopped flooding can re-register.

Give it a try. This script was optimized for RHEL4 but should run on other Linux and Unix systems that have Ethereal or iptables. Feel free to modify it any way you like, or maybe you have one of your own to share? Share a script with us and, if we use it, we’ll treat you to Starbucks.

Keep the scripts coming!

#!/bin/bash
#
# Run from cron on a frequent basis, including on the hour, to block IP addresses flooding with SIP requests
# Use -f to force a flush of the INPUT chain
#
# First 3 octets of destination IP address of the flooding packets

BASE=xxx.xxx.xxx

# Whole destination IP address of the flooding packets

HOSTIP=xxx.xxx.xxx.xxx

# Interface on which the flooding is occurring

INTERFACE=eth3

# Flush iptables INPUT filter chain each hour in case some IPs have stopped flooding and are genuinely trying to use the service
if [ $(date +%M) = “00″ -o “$1″ = “-f” ]; then
/sbin/iptables -F INPUT
# Wait 5 seconds for IPs to start flooding again (most flooding IPs send REGISTER every 4 seconds if not getting a response)
sleep 5
# Add IP address to drop to iptables INPUT filter chain. Repeat a couple of times to catch all IPs
/usr/sbin/tethereal -i $INTERFACE-a duration:10 2>/dev/null | awk ‘{print $2;print $4}’ | grep -v $BASE | sort | uniq -c | sort -rn | awk ‘$1 > 30 {print $2}’ | while read ip; do /sbin/iptables -A INPUT -s $ip -d $HOSTIP -j DROP ; done
sleep 5
/usr/sbin/tethereal -i $INTERFACE-a duration:10 2>/dev/null | awk ‘{print $2;print $4}’ | grep -v $BASE | sort | uniq -c | sort -rn | awk ‘$1 > 30 {print $2}’ | while read ip; do /sbin/iptables -A INPUT -s $ip -d $HOSTIP -j DROP ; done
sleep 5
/usr/sbin/tethereal -i $INTERFACE-a duration:10 2>/dev/null | awk ‘{print $2;print $4}’ | grep -v $BASE | sort | uniq -c | sort -rn | awk ‘$1 > 30 {print $2}’ | while read ip; do /sbin/iptables -A INPUT -s $ip -d $HOSTIP -j DROP ; done
else
# Add more IP addresses to drop to iptables INPUT filter chain
/usr/sbin/tethereal -i $INTERFACE-a duration:10 2>/dev/null | awk ‘{print $2;print $4}’ | grep -v $BASE | sort | uniq -c | sort -rn | awk ‘$1 > 30 {print $2}’ | while read ip; do /sbin/iptables -A INPUT -s $ip -d $HOSTIP -j DROP ; done

===========================================

HowTo: Configure Sendmail with Gmail SMTP Server on Linux

sabin — Mon, 03 Mar 2008 13:19:09 +0000

Yeah! Finally I’m able to send and receive email with sendmail and dovecot implemented on my Linux server today. I choose gmail smtp server to act as my Outgoing Email Server. Here is how I did,

In the /etc/mail/yourhostname.mc file, add the following above the DAEMON_OPTIONS line.

define(`confAUTH_OPTIONS’, `A’)dnl

define(`confAUTH_MECHANISMS’, `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN’)dnl

TRUST_AUTH_MECH(`EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN’)dnl

FEATURE(`authinfo’, `Hash -o /etc/mail/authinfo.db’)dnl

define(`SMART_HOST’, `smtp.gmail.com’)dnl

define(`RELAY_MAILER_ARGS’, `TCP $h 587′)

define(`ESMTP_MAILER_ARGS’, `TCP $h 587′)

Create or edit the /etc/mail/authinfo file and with this codes.

AuthInfo:smtp.gmail.com “U:root” “I:gmailusername” “P:gmailpassword” “M:PLAIN”

AuthInfo:smtp.gmail.com:587 “U:root” “I:gmailusername” “P:gmailpassword” “M:PLAIN”

Now, we can run this command in the /etc/mail directory.

touch local-host-names

makemap -r hash authinfo.db < authinfo

make all

service sendmail restart

If the “make all install restart” command didn’t work, you can also run “make” alternatively.

References:

http://www.linuxha.com/

http://rajasuperman.blogspot.com/

http://www.openaddict.com/

dag wieers update package

sabin — Wed, 27 Feb 2008 04:44:05 +0000

http://dag.wieers.com/rpm/FAQ.php#B2

yum whatprovides mod_access.so

http://dag.wieers.com/rpm/packages/

http://wiki.centos.org/Repositories

For your printer see: http://openprinting.org/show_printer.cgi?recnum=Canon-iP4000
(check the FC6 Extras repo for rpm packages)

http://mirror.centos.org/centos/

http://mirrorlist.centos.org/

www.silfreed.net/download/repo/redhat/

www.idevelopment.info

http://www.dbazone.com/

http://www.idevelopment.info/data/Oracle/DBA_scripts/common.zip

Linux RHCE Notes or Tutor

sabin — Sun, 24 Feb 2008 14:57:52 +0000

Donload RHCE short notes and tutor help full for RHCE Exam

Download linux short how to notes or Tutor

Donwload RHCE Notes part 1

Donwload RHCE Notes part 2

Ethical Hacking CEH

sabin — Wed, 20 Feb 2008 09:20:01 +0000

Ethical Hacking and Countermeasures course mission is to educate, introduce and demonstrate hacking tools for penetration testing purposes only. Prior to attending this course, you will be asked to sign an agreement stating that you will not use the newly acquired skills for illegal or malicious attacks and you will not use such tools in an attempt to compromise any computer system, and to indemnify EC-Council with respect to the use or misuse of these tools, regardless of intent.

Module 1: Ethics and Legality
What is an Exploit?
The security functionality triangle
The attacker’s process
Passive reconnaissance
Active reconnaissance
Types of attacks
Categories of exploits
Goals attackers try to achieve
Ethical hackers and crackers – who are they
Self proclaimed ethical hacking
Hacking for a cause (Hacktivism)
Skills required for ethical hacking
Categories of Ethical Hackers
What do Ethical Hackers do?
Security evaluation plan
Types of Ethical Hacks
Testing Types
Ethical Hacking Report
Cyber Security Enhancement Act of 2002
Computer Crimes
Overview of US Federal Laws
Section 1029
Section 1030
Hacking Punishment

Module 2: Footprinting
What is Footprinting
Steps for gathering information
Whois

http://tucows.com

Hacking Tool: Sam Spade
Analyzing Whois output
NSLookup
Finding the address range of the network
ARIN
Traceroute
Hacking Tool: NeoTrace
Visual Route
Visual Lookout
Hacking Tool: Smart Whois
Hacking Tool: eMailTracking Pro
Hacking Tool: MailTracking.com

Module 3: Scanning
Determining if the system is alive?
Active stack fingerprinting
Passive stack fingerprinting
Hacking Tool: Pinger
Hacking Tool: WS_Ping_Pro
Hacking Tool: Netscan Tools Pro 2000
Hacking Tool: Hping2
Hacking Tool: icmpenum
Detecting Ping sweeps
ICMP Queries
Hacking Tool: netcraft.com
Port Scanning
TCPs 3-way handshake
TCP Scan types
Hacking Tool: IPEye
Hacking Tool: IPSECSCAN
Hacking Tool: nmap
Port Scan countermeasures
Hacking Tool: HTTrack Web Copier
Network Management Tools
SolarWinds Toolset
NeoWatch
War Dialing
Hacking Tool: THC-Scan
Hacking Tool: PhoneSweep War Dialer
Hacking Tool: Queso
Hacking Tool: Cheops
Proxy Servers
Hacking Tool: SocksChain
Surf the web anonymously
TCP/IP through HTTP Tunneling
Hacking Tool: HTTPort

Module 4: Enumeration
What is Enumeration
NetBios Null Sessions
Null Session Countermeasures
NetBIOS Enumeration
Hacking Tool: DumpSec
Hacking Tool: NAT
SNMP Enumertion
SNMPUtil
Hacking Tool: IP Network Browser
SNMP Enumeration Countermeasures
Windows 2000 DNS Zone transfer
Identifying Win2000 Accounts
Hacking Tool: User2SID
Hacking Tool: SID2User
Hacking Tool: Enum
Hacking Tool: UserInfo
Hacking Tool: GetAcct
Active Directory Enumeration

Module 5: System Hacking
Administrator Password Guessing
Performing Automated Password Guessing
Legion
NTInfoScan
Defending Against Password Guessing
Monitoring Event Viewer Logs
VisualLast
Eavesdroppin on Network Password Exchange
Hacking Tool: L0phtCrack
Hacking Tool: KerbCrack
Privilege Escalation
Hacking Tool: GetAdmin
Hacking Tool: hk
Manual Password Cracking Algorithm
Automatic Password Cracking Algorithm
Password Types
Types of Password Attacks
Dictionary Attack
Brute Force Attack
Distributed Brute Force Attack
Password Change Interval
Hybrid Attack
Cracking Windows 2000 Passwords
Retrieving the SAM file
Redirecting SMB Logon to the Attacker
SMB Redirection
Hacking Tool: SMBRelay
Hacking Tool: SMBRelay2
SMBRelay Man-in-the-Middle (MITM)
SMBRelay MITM Countermeasures
Hacking Tool: SMBGrinder
Hacking Tool: SMBDie
Hacking Tool: NBTDeputy
NetBIOS DoS Attack
Hacking Tool: nbname
Hacking Tool: John the Ripper
LanManager Hash
Password Cracking Countermeasures
Keystroke Logger
Hacking Tool: Spector
AntiSpector
Hacking Tool: eBlaster
Hacking Tool: SpyAnywhere
Hacking Tool: IKS Software Logger
Hardware Tool: Hardware Key Logger
Hacking Tool: Rootkit
Planting Rootkit on Windows 2000 Machine
_rootkit_ embedded TCP/IP Stack
Rootkit Countermeasures
MD5 Checksum utility
Tripwire
Covering Tracks
Disabling Auditing
Auditpol
Clearing the Event Log
Hacking Tool: Elslave
Hacking Tool: Winzapper
Hacking Tool: Evidence Eliminator
Hidding Files
NTFS File Streaming
Hacking Tool: makestrm
NTFS Streams Countermeasures
LNS
Steganography
Hacking Tool: ImageHide
Hacking Tool: MP3Stego
Hacking Tool: Snow
Hacking Tool: Camera/Shy
Steganography Detection
StegDetect
Encrypted File System
Hacking Tool: dskprobe
Hacking Tool: EFSView
Buffer Overflows
Creating Buffer Overflow Exploit
Outlook Buffer Overflow
Hacking Tool: Outoutlook

Module 6: Trojans and Backdoors
What is a Trojan Horse?
Overt and Covert
Hacking Tool: QAZ
Hacking Tool: Tini
Hacking Tool: Netcat
Hacking Tool: Donald Dick
Hacking Tool: SubSeven
Hacking Tool: BackOrifice 2000
Back Oriffice Plug-ins
Hacking Tool: NetBus
Wrappers
Hacking Tool: Graffiti
Hacking Tool: Silk Rope 2000
Hacking Tool: EliteWrap
Hacking Tool: IconPlus
Packaging Tool: Microsoft WordPad
Hacking Tool: Whack a Mole
Trojan Construction Kit
BoSniffer
Hacking Tool: FireKiller 2000
Covert Channels
ICMP Tunneling
Hacking Tool: Loki
Reverse WWW Shell
Backdoor Countermeasures
BO Startup and Registry Entries
NetBus Startup and Registry Keys
Port Monitoring Tools
fPort TCPView
Process Viewer
Inzider – Tracks Processes and Ports
Trojan Maker
Hacking Tool: Hard Disk Killer
Man-in-the-Middle Attack
Hacking Tool: dsniff
System File Verification
TripWire

Module 7: Sniffers
What is a Sniffer?
Hacking Tool: Etheral
Hacking Tool: Snort
Hacking Tool: WinDump
Hacking Tool: EtherPeek
Passive Sniffing
Active Sniffing
Hacking Tool: EtherFlood
How ARP Works?
Hacking Tool: DSniff
Hacking Tool: Macof
Hacking Tool: mailsnarf
Hacking Tool: URLsnarf
Hacking Tool: Webspy
Hacking Tool: Ettercap
Hacking Tool: SMAC
MAC Changer
ARP Spoofing Countermeasures
Hacking Tool: WinDNSSpoof
Hacking Tool: WinSniffer
Network Tool: IRIS
Network Tool: NetInterceptor
SniffDet
Hacking Tool: WinTCPKill

Module 8: Denial of Service
What is Denial of Service Attack?
Types of DoS Attacks
How DoS Work?
What is DDoS?
Hacking Tool: Ping of Death
Hacking Tool: SSPing
Hacking Tool: Land
Hacking Tool: Smurf
Hacking Tool: SYN Flood
Hacking Tool: CPU Hog
Hacking Tool: Win Nuke
Hacking Tool: RPC Locator
Hacking Tool: Jolt2
Hacking Tool: Bubonic
Hacking Tool: Targa
Tools for Running DDoS Attacks
Hacking Tool: Trinoo
Hacking Tool: WinTrinoo
Hacking Tool: TFN
Hacking Tool: TFN2K
Hacking Tool: Stacheldraht
Hacking Tool: Shaft
Hacking Tool: mstream
DDoS Attack Sequence
Preventing DoS Attack
DoS Scanning Tools
Find_ddos
SARA
DDoSPing
RID
Zombie Zapper

Module 9: Social Engineering
What is Social Engineering?
Art of Manipulation
Human Weakness
Common Types of Social Engineering
Human Based Impersonation
Important User
Tech Support
Third Party Authorization
In Person
Dumpster Diving
Shoulder Surfing
Computer Impersonation
Mail Attachments
Popup Window
Website Faking
Reverse Social Engineering
Policies and Procedures
Social Engineering Security Policies
The Importance of Employee Education

Module 10: Session Hijacking
What is Session Hijacking?
Session Hijacking Steps
Spoofing Vs Hijacking
Active Session Hijacking
Passive Session Hijacking
TCP Concepts – 3 way Handshake
Sequence Numbers
Sequence Number Example
Guessing the Sequence Numbers
Hacking Tool: Juggernaut
Hacking Tool: Hunt
Hacking Tool: TTYWatcher
Hacking Tool: IP Watcher
Hacking Tool: T-Sight
Remote TCP Session Reset Utility
Dangers Posed by Session Hijacking
Protection against Session Hijacking

Module 11: Hacking Web Servers
Apache Vulnerability
Attacks against IIS
IIS Components
ISAPI DLL Buffer Overflows
IPP Printer Overflow
msw3prt.dll
Oversized Print Requests
Hacking Tool: Jill32
Hacking Tool: IIS5-Koei
Hacking Tool: IIS5Hack
IPP Buffer Overflow Countermeasures
ISAPI DLL Source Disclosure
ISAPI.DLL Exploit
Defacing Web Pages
IIS Directory Traversal
Unicode
Directory Listing
Clearing IIS Logs
Network Tool: LogAnalyzer
Attack Signature
Creating Internet Explorer (IE) Trojan
Hacking Tool: IISExploit
Hacking Tool: UnicodeUploader.pl
Hacking Tool: cmdasp.asp
Escalating Privilages on IIS
Hacking Tool: IISCrack.dll
Hacking Tool: ispc.exe
Unspecified Executable Path Vulnerability
Hacking Tool: CleanIISLog
File System Traversal Countermeasures
Microsoft HotFix Problems
UpdateExpert
Cacls utility
Network Tool: Whisker
N-Stealth Scanner
Hacking Tool: WebInspect
Network Tool: Shadow Security Scanner

Module 12: Web Application Vulnerabilities
Documenting the Application Structure
Manually Inspecting Applications
Using Google to Inspect Applications
Directory Structure
Hacking Tool: Instant Source
Java Classes and Applets
Hacking Tool: Jad
HTML Comments and Contents
Hacking Tool: Lynx
Hacking Tool: Wget
Hacking Tool: Black Widow
Hacking Tool: WebSleuth
Cross Side Scripting
Session Hijacking using XSS
Cookie Stealing
Hacking Tool: IEEN

Module 13: Web Based Password Cracking Techniques
Basic Authentication
Message Digest Authentication
NTLM Authentication
Certificate based Authentication
Digital Certificates
Microsoft Passport Authentication
Forms based Authentication
Creating Fake Certificates
Hacking Tool: WinSSLMiM
Password Guessing
Hacking Tool: WebCracker
Hacking Tool: Brutus
Hacking Tool: ObiWan
Hacking Tool: Munga Bunga
Password dictionary Files
Attack Time
Hacking Tool: Varient
Hacking Tool: PassList
Query Strings
Post data
Hacking Tool: cURL
Stealing Cookies
Hacking Tool: CookieSpy
Hacking Tool: ReadCookies
Hacking Tool: SnadBoy

Module 14: SQL Injection
What is SQL Injection Vulnerability?
SQL Insertion Discovery
Blank sa Password
Simple Input Validation
SQL Injection
OLE DB Errors
1=1
blah’ or 1=1
Stealing Credit Card Information
Preventing SQL Injection
Database Specific SQL Injection
Hacking Tool: SQLDict
Hacking Tool: SQLExec
Hacking Tool: SQLbf
Hacking Tool: SQLSmack
Hacking Tool: SQL2.exe
Hacking Tool: Oracle Password Buster

Module 15: Hacking Wireless Networks
802.11 Standards
What is WEP?
Finding WLANs
Cracking WEP keys
Sniffing Trafic
Wireless DoS Attacks
WLAN Scanners
WLAN Sniffers
MAC Sniffing
Access Point Spoofing
Securing Wireless Networks
Hacking Tool: NetTumbler
Hacking Tool: AirSnort
Hacking Tool: AiroPeek
Hacking Tool: WEP Cracker
Hacking Tool: Kismet
WIDZ- Wireless IDS

Module 16: Virus and Worms
Cherobyl
ExploreZip
I Love You
Melissa
Pretty Park
Code Red Worm
W32/Klez
BugBear
W32/Opaserv Worm
Nimda
Code Red
SQL Slammer
How to write your own Virus?
Worm Construction Kit

Module 17: Novell Hacking
Common accounts and passwords
Accessing password files
Password crackers
Netware Hacking Tools
Chknull
NOVELBFH
NWPCRACK
Bindery
BinCrack
SETPWD.NLM
Kock
userdump
Burglar
Getit
Spooflog
Gobbler
Novelffs
Pandora

Module 18: Linux Hacking
Why Linux ?
Linux Basics
Compiling Programs in Linux
Scanning Networks
Mapping Networks
Password Cracking in Linux
Linux Vulnerabilities
SARA
TARA
Sniffing
A Pinger in Disguise
Session Hijacking
Linux Rootkits
Linux Security Countermeasures
IPChains and IPTables

Module 19: IDS, Firewalls and Honeypots
Intrusion Detection System
System Integrity Verifiers
How are Intrusions Detected?
Anomaly Detection
Signature Recognition
How does IDS match Signatures with Incoming Traffic?
Protocol Stack Verification
Application Protocol Verification
What Happens after an IDS Detects an Attack?
IDS Software Vendors
SNORT
Evading IDS (Techniques)
Complex IDS Evasion
Hacking Tool: fragrouter
Hacking Tool: TCPReplay
Hacking Tool: SideStep
Hacking Tool: NIDSbench
Hacking Tool: ADMutate
IDS Detection
Tools to Detect Packet Sniffers
Tools to inject strangely formatted packets onto the wire
Hacking Through Firewalls
Placing Backdoors through Firewalls
Hiding behind Covert Channels
What is a Honeypot?
Honeypots Evasion
Honeypots vendors

Module 20: Buffer Overflows
What is a Buffer Overflow?
Exploitation
Assembly Language Basics
How to Detect Buffer Overflows in a Program?
Skills Required
CPU/OS Dependency
Understanding Stacks
Stack Based Buffer Overflows
Buffer Overflow Technical Implementation
Writing your own Buffer Overflow Exploit in C
Defense against Buffer Overflows
Type Checking Tools for Compiling Programs
StackGuard
Immunix

Module 21: Cryptography
What is PKI?
Digital Certificates
RSA
MD-5
RC-5
SHA
SSL
PGP
SSH
Encryption Cracking Techniques

Download books

http://rapidshare.com/files/34091716/ethicalhack.rar

Iptables

sabin — Tue, 19 Feb 2008 09:29:53 +0000

What Is iptables?

Originally, the most popular firewall/NAT package running on Linux was ipchains, but it had a number of shortcomings. To rectify this, the Netfilter organization decided to create a new product called iptables, giving it such improvements as:

Better integration with the Linux kernel with the capability of loading iptables-specific kernel modules designed for improved speed and reliability.
Stateful packet inspection. This means that the firewall keeps track of each connection passing through it and in certain cases will view the contents of data flows in an attempt to anticipate the next action of certain protocols. This is an important feature in the support of active FTP and DNS, as well as many other network services.
Filtering packets based on a MAC address and the values of the flags in the TCP header. This is helpful in preventing attacks using malformed packets and in restricting access from locally attached servers to other networks in spite of their IP addresses.
System logging that provides the option of adjusting the level of detail of the reporting.
Better network address translation.
Support for transparent integration with such Web proxy programs as Squid.
A rate limiting feature that helps iptables block some types of denial of service (DoS) attacks.

Considered a faster and more secure alternative to ipchains, iptables has become the default firewall package installed under Red Hat and Fedora Linux.

Download and Install the iptables Package

Before you begin, you need to make sure that the iptables software RPM is installed. When searching for the RPMs, remember that the filename usually starts with the software package name by a version number, as in iptables-1.2.9-1.0.i386.rpm.

How to Start iptables

You can start, stop, and restart iptables after booting by using the commands:

     [root@bigboy tmp]# service iptables start
     [root@bigboy tmp]# service iptables stop

     [root@bigboy tmp]# service iptables restart

To get iptables configured to start at boot, use the chkconfig command:

     [root@bigboy tmp]# chkconfig iptables on

Determining the Status of iptables

You can determine whether iptables is running or not via the service iptables status command. Fedora Core will give a simple status message. For example:

     [root@bigboy tmp]# service iptables status
     Firewall is stopped.
     [root@bigboy tmp]#

Packet Processing in iptables

All packets inspected by iptables pass through a sequence of built-in tables (queues) for processing. Each of these queues is dedicated to a particular type of packet activity and is controlled by an associated packet transformation/ filtering chain.

There are three tables in total. The first is the mangle table, which is responsible for the alteration of quality of service bits in the TCP header. This is hardly used in a home or SOHO environment.

The second table is the filter queue, which is responsible for packet filtering. It has three built-in chains in which you can place your firewall policy rules:

FORWARD chain: Filters packets to servers protected by the firewall.
INPUT chain: Filters packets destined for the firewall.
OUTPUT chain: Filters packets originating from the firewall.

The third table is the nat queue, which is responsible for network address translation. It has two built-in chains:

PREROUTING chain: NATs packets when the destination address of the packet needs to be changed.
POSTROUTING chain: NATs packets when the source address of the packet needs to be changed.

provides more details on each queue.

Queue Type	Queue Function	Packet Transformation Chain in Queue	Chain Function	`filter`	Packet filtering	FORWARD	Filters packets to servers accessible by another NIC on the firewall.	INPUT	Filters packets destined to the firewall.
OUTPUT	Filters packets originating from the firewall.
NAT	Network Address Translation	PREROUTING	Address translation occurs before routing. Facilitates the transformation of the destination IP address to be compatible with the firewall’s routing table. Used with NAT of the destination IP address, also known as destination NAT or DNAT.
NAT	Network Address Translation	POSTROUTING	Address translation occurs after routing. This implies that there was no need to modify the destination IP address of the packet as in prerouting. Used with NAT of the source IP address using either one to one or many to one NAT. This is known as source NAT or SNAT.
		OUTPUT	Network address translation for packets generated by the firewall. (Rarely used in SOHO environments.)
`mangle`	TCP header modification	PREROUTING, POSTROUTING, OUTPUT, INPUT, FORWARD	Modification of the TCP packet quality of service bits before routing occurs. (Rarely used in SOHO environments.)

You need to specify the table and the chain for each firewall rule you create. There is an exception: Most rules are related to filtering, so iptables assumes that any chain that’s defined without an associated table will be a part of the filter table. The filter table is therefore the default.

To help make this clearer, take a look at the way packets are handled by iptables. In TCP packet from the Internet arrives at the firewall’s interface on Network A to create a data connection.

The packet is first examined by your rules in the mangle table’s PREROUTING chain, if any. It is then inspected by the rules in the nat table’s PREROUTING chain to see whether the packet requires DNAT. It is then routed.

If the packet is destined for a protected network, then it is filtered by the rules in the FORWARD chain of the filter table and, if necessary, the packet undergoes SNAT before arriving at Network B. When the destination server decides to reply, the packet undergoes the same sequence of steps.

If the packet is destined for the firewall itself, then it is filtered by the rules in the INPUT chain of the filter table before being processed by the intended application on the firewall. At some point, the firewall needs to reply. This reply is inspected by your rules in the OUTPUT chain of the mangle table, if any. The rules in the OUTPUT chain of the nat table determine whether address translation is required and the rules in the OUTPUT chain of the filter table are then inspected before the packet is routed back to the Internet.

It is now time to discuss the ways in which you add rules to these chains.

Targets and Jumps

Each firewall rule inspects each IP packet and then tries to identify it as the target of some sort of operation. Once a target is identified, the packet needs to jump over to it for further processing. Table 14.2 lists the built-in targets that iptables uses.

Target	Description	Most Common Options	ACCEPT	`iptables` stops further processing. The packet is handed over to the end application or the operating system for processing.	N/A	DROP	`iptables` stops further processing. The packet is blocked.	N/A
LOG	The packet information is sent to the syslog daemon for logging. `iptables` continues processing with the next rule in the table. As you can’t log and drop at the same time, it is common to have two similar rules in sequence. The first logs the packet, the second drops it.	`--log-prefix "string"` Tells `iptables` to prefix all log messages with a user defined string. Frequently used to tell why the logged packet was dropped.
REJECT	Works like the DROP target, but also returns an error message to the host sending the packet that the packet was blocked.	`--reject-with` `qualifier` The qualifier tells what type of reject message is returned. Qualifiers include `icmp-port-unreachable` (default) `icmp-net-unreachable` `icmp-host-unreachable` `icmp-proto-unreachable` `icmp-net-prohibited` `icmp-host-prohibited` `tcp-reset` `echo-reply`
DNAT	Used to do destination network address translation, rewriting the destination IP address of the packet.	`--to-destination` `ipaddress` Tells `iptables` what the destination IP address should be.
SNAT	Used to do source network address translation, rewriting the source IP address of the packet.	`--to-source` `[-` `][:-]` The source IP address is user defined. Specifies the source IP address and ports to be used by SNAT.
MASQUERADE	Used to do source network address translation. By default the source IP address is the same as that used by the firewall’s interface.	`[--to-ports [-]]` Specifies the range of source ports to which the original source port can be mapped.