Installing chkrootkit in RHEL/CentOS 4

Installing chkrootkit in RHEL/CentOS 4

Download and install chkrootkit rpm

# wget http://apt.sw.be/redhat/el4/en/i386/dag/RPMS/chkrootkit-0.47-1.el4.rf.i386.rpm

# rpm –ivh chkrootkit-0.47-1.el4.rf.i386.rpm

Create a rootkitscanner script

# vi rootkitscanner

----------------------------------------------------------------

#/bin/bash

#rootkitscanner script

#by penoytechcentral.blogspot.com

#setting up the date

month=`date "+%m"`

today=`expr \`date "+%d"\``

year=`date "+%y"`

dirdate=$month-$today-$year

#delete the previous log

rm -f /var/log/chkrootkit_*.log

#scan the server for rootkits

/usr/bin/chkrootkit > /var/log/chkrootkit_$dirdate.log

SUBJECT=`hostname`" Automated Security Alert"

TO="your-email@domain.com"

mail -s "$SUBJECT" "$TO" < /var/log/chkrootkit_$dirdate.log

-----------------------------------------------------------------

Give and execute permission and copy the script to weekly cron

#chmod +x rootkitscanner

#cp rootkitscanner /etc/cron.weekly

SSH RSA Authentication

#ssh-keygen -t rsa
#scp .ssh/id_rsa.pub root@remote-host:/root/
#ssh root@remote-host
#cat id_rsa.pub >> .ssh/authorized_keys

Cannot upload large files in Eventum

Problem: Cannot upload large files in Eventum

Solution:
--php.ini
--memory_limit = 256M
--max_execution_time = 300
--max_input_time = 600
--post_max_size = 64M
--upload_max_filesize = 10M

-httpd.conf
--timeout = 120

-my.cnf
--max_allowed_packet: 8MB

Installing rkhunter

Rootkit scanner is scanning tool to ensure you for about 99.9%* you're clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like:

- MD5 hash compare
- Look for default files used by rootkits
- Wrong file permissions for binaries
- Look for suspected strings in LKM and KLD modules
- Look for hidden files
- Optional scan within plaintext and binary files

Rootkit Hunter is released as GPL licensed project and free for everyone to use.

* No, not really 99.9%.. It's just another security layer


Installing rkhunter

# wget http://jaist.dl.sourceforge.net/sourceforge/rkhunter/rkhunter-1.3.0.tar.gz
# tar xvzf rkhunter-1.3.0.tar.gz
# cd rkhunter-1.3.0
# ./install.sh --layout default --install
# rkhunter --propupd
# rkhunter --check

MySQL "Ignoring query to other database"

"Ignoring query to other database"

[root@localhost]# mysql -v -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 8 to server version: 4.1.20

Reading history-file /root/.mysql_history
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> show databases;
--------------
show databases
--------------

+----------+
| Database |
+----------+
| mysql |
| test |
+----------+

Snortalog script

#/bin/bash
#Logfile rotation script snort written by jameso@elwood.net
#modified by penoi

snortbase=/var/log/snort
logdir=$snortbase
oldlogs=$snortbase/oldlogs
weeklogs=$snortbase/weeklogs

#setting up the date
month=`date "+%m"`
yesterday=`expr \`date "+%d"\` - 1`
eightday=`expr \`date "+%d"\` - 8`
year=`date "+%y"`
dirdate=$month-$yesterday-$year
olddirdate=$month-$eightday-$year


./snortalog.pl -file /var/log/snort/alert -r -report -o $dirdate.html

# Create the Dir for todays logs.
if [ ! -d $weeklogs/$dirdate ]
then
mkdir $weeklogs/$dirdate
fi

for logitem in `ls $logdir` ; do
mv /var/log/snort/$logitem $weeklogs/$dirdate
done

#kill snort
#pid=`ps -ef | grep 'snort -c /etc/snort/snort.conf -i eth1' | grep -v grep| awk '{print $2}'`
pid=`ps -ef | grep 'snort -i eth1' | grep -v grep | awk '{print $2}'`
kill $pid

#Restart snort
/usr/local/bin/snort -i eth1 -c /etc/snort/snort.conf -D &

# Delete any uncompressed log files that over a week old.
if [ -d $weeklogs/$olddirdate ]
then
rm -r $weeklogs/$olddirdate
fi

#Compressed and save the log files to save for aslong as you want
cd $weeklogs; tar zcvf $oldlogs/$dirdate.tgz $dirdate > /dev/null 2>&1

Forcing SSL in Apache

RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]

Backtrack V2.0 Final

Backtrack V2.0 Final is now available at remote-exploit.

Installing Screen in Centos 4.4

Screen lets you have multiple virtual window in one physical terminal. Screen lets you detach and reattach to your virtual windows, which is good if you are compiling remotely.

Download the latest Screen RPM

http://www.rpmfind.net/linux/rpm2html/search.php?query=screen

Install Screen dependencies

#yum -y install ncurses-devel texinfo pam-devel libtool

Install Screen

#rpmbuild --rebuild screen-4.0.2-5.src.rpm
#rpm -ivh /usr/src/redhat/RPMS/i386/screen-4.0.2-5.src.rpm

Show Screen

#screen -ls

Create Screen Session

#screen

Create Screen Virtual window

press ctrl+a,c

Change between Screens

press ctrl+a, 0 Session 0
press ctrl+a, 1 Session 1
press ctrl+a, 2 Session 2

To resume a Screen session

#screen -r session name

Aptana

The Aptana IDE is a free, open-source, cross-platform, JavaScript-focused development environment for building Ajax applications. It features code assist on JavaScript, HTML, and CSS languages, FTP/SFTP support and a JavaScript debugger to troubleshoot your code.

Globe Innove using Transparent proxy??

if you are a Globe Innove internet subscriber and has a static ip address, Check out your ip address at whatismyip . As of this writing, it seems Globe is using Transparent Proxy. Request to www.google.com is redirected to www.google.com.ph. Rapidshare downloads will prompt that you are currently downloading a file though you are not.

Slow Internet Connection in the Philippines

After the Taiwan earthquake, the Philippines still experiencing slow internet connection. According to the news, it will take weeks before they can fully restore the damaged submarine cables in Taiwan. So in the meantime, it will be a dialup speed connection for us.
So far, during the holidays and after the earthquake, my Smartbro Wireless Internet Broadband connection was very efficient. I can do torrents, http download, browse the internet, and do my work at the same time. Kudos to Smartbro for a good service in my area. I hope their service will stay that way.