Penoy's Tech Corner: September 2007

Thursday, September 13, 2007

Installing chkrootkit in RHEL/CentOS 4

Download and install chkrootkit rpm

# wget http://apt.sw.be/redhat/el4/en/i386/dag/RPMS/chkrootkit-0.47-1.el4.rf.i386.rpm

# rpm –ivh chkrootkit-0.47-1.el4.rf.i386.rpm

Create a rootkitscanner script

# vi rootkitscanner

----------------------------------------------------------------

#/bin/bash

#rootkitscanner script

#by penoytechcentral.blogspot.com

#setting up the date

month=`date "+%m"`

today=`expr \`date "+%d"\``

year=`date "+%y"`

dirdate=$month-$today-$year

#delete the previous log

rm -f /var/log/chkrootkit_*.log

#scan the server for rootkits

/usr/bin/chkrootkit > /var/log/chkrootkit_$dirdate.log

SUBJECT=`hostname`" Automated Security Alert"

TO="your-email@domain.com"

mail -s "$SUBJECT" "$TO" < /var/log/chkrootkit_$dirdate.log

-----------------------------------------------------------------

Give and execute permission and copy the script to weekly cron

#chmod +x rootkitscanner

#cp rootkitscanner /etc/cron.weekly

Wednesday, September 12, 2007

SSH RSA Authentication

#ssh-keygen -t rsa
#scp .ssh/id_rsa.pub root@remote-host:/root/
#ssh root@remote-host
#cat id_rsa.pub >> .ssh/authorized_keys

Cannot upload large files in Eventum

Problem: Cannot upload large files in Eventum

Solution:
--php.ini
--memory_limit = 256M
--max_execution_time = 300
--max_input_time = 600
--post_max_size = 64M
--upload_max_filesize = 10M

-httpd.conf
--timeout = 120

-my.cnf
--max_allowed_packet: 8MB

Tuesday, September 11, 2007

Installing rkhunter

Rootkit scanner is scanning tool to ensure you for about 99.9%* you're clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like:

- MD5 hash compare
- Look for default files used by rootkits
- Wrong file permissions for binaries
- Look for suspected strings in LKM and KLD modules
- Look for hidden files
- Optional scan within plaintext and binary files

Rootkit Hunter is released as GPL licensed project and free for everyone to use.

* No, not really 99.9%.. It's just another security layer

Installing rkhunter

# wget http://jaist.dl.sourceforge.net/sourceforge/rkhunter/rkhunter-1.3.0.tar.gz
# tar xvzf rkhunter-1.3.0.tar.gz
# cd rkhunter-1.3.0
# ./install.sh --layout default --install
# rkhunter --propupd
# rkhunter --check

Sunday, September 02, 2007

MySQL "Ignoring query to other database"

"Ignoring query to other database"

[root@localhost]# mysql -v -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 8 to server version: 4.1.20

Reading history-file /root/.mysql_history
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> show databases;
--------------
show databases
--------------

+----------+
| Database |
+----------+
| mysql |
| test |
+----------+

Penoy's Tech Corner