Penoy's Tech Corner

Thursday, September 13, 2007

Installing chkrootkit in RHEL/CentOS 4

Download and install chkrootkit rpm

# wget http://apt.sw.be/redhat/el4/en/i386/dag/RPMS/chkrootkit-0.47-1.el4.rf.i386.rpm

# rpm –ivh chkrootkit-0.47-1.el4.rf.i386.rpm

Create a rootkitscanner script

# vi rootkitscanner

----------------------------------------------------------------

#/bin/bash

#rootkitscanner script

#by penoytechcentral.blogspot.com

#setting up the date

month=`date "+%m"`

today=`expr \`date "+%d"\``

year=`date "+%y"`

dirdate=$month-$today-$year

#delete the previous log

rm -f /var/log/chkrootkit_*.log

#scan the server for rootkits

/usr/bin/chkrootkit > /var/log/chkrootkit_$dirdate.log

SUBJECT=`hostname`" Automated Security Alert"

TO="your-email@domain.com"

mail -s "$SUBJECT" "$TO" < /var/log/chkrootkit_$dirdate.log

-----------------------------------------------------------------

Give and execute permission and copy the script to weekly cron

#chmod +x rootkitscanner

#cp rootkitscanner /etc/cron.weekly

Wednesday, September 12, 2007

SSH RSA Authentication

#ssh-keygen -t rsa
#scp .ssh/id_rsa.pub root@remote-host:/root/
#ssh root@remote-host
#cat id_rsa.pub >> .ssh/authorized_keys

Cannot upload large files in Eventum

Problem: Cannot upload large files in Eventum

Solution:
--php.ini
--memory_limit = 256M
--max_execution_time = 300
--max_input_time = 600
--post_max_size = 64M
--upload_max_filesize = 10M

-httpd.conf
--timeout = 120

-my.cnf
--max_allowed_packet: 8MB

Tuesday, September 11, 2007

Installing rkhunter

Rootkit scanner is scanning tool to ensure you for about 99.9%* you're clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like:

- MD5 hash compare
- Look for default files used by rootkits
- Wrong file permissions for binaries
- Look for suspected strings in LKM and KLD modules
- Look for hidden files
- Optional scan within plaintext and binary files

Rootkit Hunter is released as GPL licensed project and free for everyone to use.

* No, not really 99.9%.. It's just another security layer

Installing rkhunter

# wget http://jaist.dl.sourceforge.net/sourceforge/rkhunter/rkhunter-1.3.0.tar.gz
# tar xvzf rkhunter-1.3.0.tar.gz
# cd rkhunter-1.3.0
# ./install.sh --layout default --install
# rkhunter --propupd
# rkhunter --check

Sunday, September 02, 2007

MySQL "Ignoring query to other database"

"Ignoring query to other database"

[root@localhost]# mysql -v -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 8 to server version: 4.1.20

Reading history-file /root/.mysql_history
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> show databases;
--------------
show databases
--------------

+----------+
| Database |
+----------+
| mysql |
| test |
+----------+

Tuesday, July 17, 2007

Snortalog script

#/bin/bash
#Logfile rotation script snort written by jameso@elwood.net
#modified by penoi

snortbase=/var/log/snort
logdir=$snortbase
oldlogs=$snortbase/oldlogs
weeklogs=$snortbase/weeklogs

#setting up the date
month=`date "+%m"`
yesterday=`expr \`date "+%d"\` - 1`
eightday=`expr \`date "+%d"\` - 8`
year=`date "+%y"`
dirdate=$month-$yesterday-$year
olddirdate=$month-$eightday-$year

./snortalog.pl -file /var/log/snort/alert -r -report -o $dirdate.html

# Create the Dir for todays logs.
if [ ! -d $weeklogs/$dirdate ]
then
mkdir $weeklogs/$dirdate
fi

for logitem in `ls $logdir` ; do
mv /var/log/snort/$logitem $weeklogs/$dirdate
done

#kill snort
#pid=`ps -ef | grep 'snort -c /etc/snort/snort.conf -i eth1' | grep -v grep| awk '{print $2}'`
pid=`ps -ef | grep 'snort -i eth1' | grep -v grep | awk '{print $2}'`
kill $pid

#Restart snort
/usr/local/bin/snort -i eth1 -c /etc/snort/snort.conf -D &

# Delete any uncompressed log files that over a week old.
if [ -d $weeklogs/$olddirdate ]
then
rm -r $weeklogs/$olddirdate
fi

#Compressed and save the log files to save for aslong as you want
cd $weeklogs; tar zcvf $oldlogs/$dirdate.tgz $dirdate > /dev/null 2>&1

Wednesday, June 06, 2007

Forcing SSL in Apache

RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]

Friday, March 09, 2007

Backtrack V2.0 Final

Backtrack V2.0 Final is now available at remote-exploit.