Archive for August, 2009
Friday, August 28th, 2009
1.Download the EPEL repo :
rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-3.noarch.rpm
2.Then type the following command :
yum install mod_security
Note : Mod_security require liblua-5.1.so, If you don’t have this , it will throw an error while installing by yum.
–> Processing Dependency: liblua-5.1.so for package: mod_security
–> Finished Dependency Resolution
mod_security-2.5.9-1.el5.i386 from epel has depsolving problems
–> Missing Dependency: liblua-5.1.so is needed by package mod_security-2.5.9- [...]
Posted in Apache, Linux | 3 Comments »
Thursday, August 27th, 2009
a) Fail2Ban: Which will ban IP address after few failure attempts
website : http://www.fail2ban.org/wiki/index.php/Main_Page
b)Rootkit Hunter : It will scan your server for any unauthorized scripts.
Website :http://www.chkrootkit.org/
To download : http://sourceforge.net/projects/rkhunter/
c)PortSentry : This tool will block IP who is trying to scan your server for open ports.
Ref : http://www.securityfocus.com/infocus/1580
http://www.securityfocus.com/infocus/1586
How to install : http://www.falkotimme.com/howtos/chkrootkit_portsentry/
d)mod_security
http://www.modsecurity.org/
e) mod_evasive : It will ban [...]
Posted in How_to, Linux | No Comments »
Thursday, August 27th, 2009
Ref :http://www.h-online.com/security/Red-Hat-Novell-and-CentOS-update-for-kernel-vulnerability-Update–/news/114072
Google security specialists Tavis Ormandy and Julien Tiennes report that a critical security vulnerability in the Linux kernel affects all versions of 2.4 and 2.6 since 2001, on all architectures. The vulnerability enables users with limited rights to get root rights on the system. The cause is a NULL pointer dereference in connection with [...]
Posted in Security News | No Comments »
Thursday, August 27th, 2009
#!/bin/bash
########################################
# This script will check for available package-
# update for Centos/Redhat 5 sytem
# Written by : Fosiul Alam
# Version :1.0
# Created Date : 27/08/2009
# Last Modification : 27/08/2009
#########################################
########################################
# Command use [...]
Posted in Bash Script, Linux | No Comments »
Wednesday, August 26th, 2009
Display List of updated software ( Security fix)
yum list updates
Or
yum check-update
Patch up system by applying all updates
yum update
List all installed packages
rpm -qa
How to find a perticular installed packages( httpd)
rpm -qa | grep httpd
How to look update for specific packages
yum update {package-name-1}
To check for and update [...]
Posted in General | No Comments »
Wednesday, August 26th, 2009
Ref: http://httpd.apache.org/docs/2.2/mod/mod_proxy.html
Module : mod_proxy.c
In httpd.conf , under bellow section all reverse proxy rules will go
<IfModule mod_proxy.c>
#ProxyRequests On
ProxyRequests Off
#
#<Proxy *>
# Order deny,allow
# Deny from all
# Allow from .example.com
#</Proxy>
#
# Enable/disable the handling of HTTP/1.1 “Via:” headers.
# (“Full” adds the server version; “Block” removes all outgoing Via: headers)
# [...]
Posted in Apache | No Comments »
Wednesday, August 26th, 2009
Ref: http://httpd.apache.org/docs/2.0/howto/cgi.html
If you want to run a perl script like this http://www.mydomain.com/test.pl , you will have to to define explicitly use the Options directive, inside your main server configuration file, to specify that CGI execution was permitted in a particular directory:
Example:
<VirtualHost *:80>
ServerAdmin adin@mydomain.co.uk
DocumentRoot [...]
Posted in Apache | No Comments »
Monday, August 17th, 2009
If you have a busy server that’s getting a lot of quick connections, set your thread cache high enough that the Threads_created value in SHOW STATUS stops increasing. Your CPU will thank you.
Ref : http://jeremy.zawodny.com/blog/archives/000173.html
“As soon as I optimized the thread cache, MySQL’s server load dropped over 50%!”
Ref: http://www.epigroove.com/posts/63/optimize_mysql_the_thread_cache
How to set thread cache :
You [...]
Posted in MySQL Server | No Comments »
Monday, August 17th, 2009
Ref: MySQL® 5 Certification Study Guide
Ref: High performace MySQL
The MyISAM Key Cache
The MyISAM key block size
The Thread Cache
The Table Cache
Posted in MySQL Server | No Comments »
Friday, August 14th, 2009
Problem: If vsftpd failed to retrieves directory listing then do the following:
In vsftpd.conf
pasv_min_port=x
example : [ pasv_min_port=1023]
pasv_max_port=x
example : [pasv_max_port=1050]
Now add port 1023-1050 in iptables
iptables -A INPUT –source xx.xx.xx.xx -p tcp –dport 1023:1050 -j ACCEPT
it will allow filezilla to connect to ftp server via passive mode.
Posted in General | 1 Comment »
Friday, August 14th, 2009
Ref: http://aplawrence.com/Linux/rebuildraid.html
Recently I had a hard drive fail. It was part of a Linux software RAID 1 (mirrored drives), so we lost no data, and just needed to replace hardware. However, the raid does requires rebuilding. A hardware array would usually automatically rebuild upon drive replacement, but this needed some help.
When you look at a [...]
Posted in Articles, How_to | No Comments »
Friday, August 14th, 2009
Network Setup :
eth0 = 192.168.2.1 [ Isp router]
eth1 = 10.0.0.2 [ Internal network]
Check if IPv4 forwarding is ON or OFF :
cat /proc/sys/net/ipv4/ip_forward
if result = 0 then will have to On it by this command :
echo “1″ > /proc/sys/net/ipv4/ip_forward
Now have to Enable IP masquerading by adding rules in iptables
iptables -t nat -A POSTROUTING -o eth0 [...]
Posted in How_to | No Comments »
Wednesday, August 12th, 2009
goto /etc/mail
vi virtualtable
all@yorudoman.co.uk allusers
Now go to
/etc/mail
vi allusers.txt
user1
user2
user3
[ Here you will have to just write the username (system username)]
[If you have lots of user then you can use script to copy all username from /etc/password to /etc/mail/allusers.txt file]
Now save the file
vi /etc/newaliases
Insert this line
allusers: :include:/etc/mail/allusers.txt
Then make new aliases
That’s it
Now when [...]
Posted in How_to | No Comments »
Wednesday, August 12th, 2009
For Bash IDE:
1. Download bash-support.zip file from this site : http://www.vim.org/scripts/script.php?script_id=365
2. Unzip bash-support.zip file in /etc/vim directory also either copy the bash-support from /etc/vim to the user’s home directory [ cd /home/user, mkdir .vim, cp -r /etc/vim/bash-support /home/user/.vim] Or unzip bash-support.zip in user’s home directory [ /home/user/.vim]
3. Open your script in gvim mood. [ [...]
Posted in How_to | No Comments »
Wednesday, August 12th, 2009
Master :
1. Create user and give the privileges:
GRANT REPLICATION SLAVE, REPLICATION CLIENT ON *.* TO reply@’host-name’ IDENTIFIED BY ’some-pass’;
2. Define the log setting in my.cnf
log-bin = mysql-bin
server_id = 2
3. Restart the server /etc/init.d/mysqld restart
4. check the status of the server by : show master status\G;
Slave :
1. Enable necessary log:
log-bin = mysql-bin
server_id = 3
relay-log [...]
Posted in MySQL Server | No Comments »
Wednesday, August 12th, 2009
Ref:MySQL® 5 Certification Study Guide
Ref:Hight Performance Mysql Server(2nd Edition)
Ref:http://dev.mysql.com/doc/refman/5.1/en/query-cache.html
Ref:http://www.mysqlperformanceblog.com/2006/07/27/mysql-query-cache/
How to find out if Query Cache is enabled:
mysql> SHOW VARIABLES LIKE ‘have_query_cache’;
+——————+——-+
| Variable_name | Value |
+——————+——-+
| have_query_cache | YES |
+——————+——-+
How to enable Query Cache:
Edit my.cnf file and Add as bellow:
[mysqld]
query_cache_type = 1
query_cache_size = 10M
query_cache_limit = 2M
Bellow Command will [...]
Posted in MySQL Server | No Comments »
Wednesday, August 12th, 2009
useradd -s /sbin/nologin username : It will prevent user to login to server
userdel -r username: -r delete everything( home directory,mail spool) without -r it will just delete account references from user and groups
usermod -L username : -L to disable user account
usermod -U username : -U enable the user account.
echo ‘mypassword’ | passwd –stdin username : [...]
Posted in General | No Comments »
Wednesday, August 12th, 2009
The steps are :
Create Physical volume Or Extend the existing volume:
Create a Physical volume by: pvcreate /dev/hdc ( Here the new partition name is /dev/hdc)
Creating a Volume Group : vgcreate /dev/VolGroup01 /dev/hdc
OR to extended the existing Volume Group :vgextend /devVolgroup01 /dev/hdc
Create Logical Volume :
check how much free PE you got by : vgdisplay
It [...]
Posted in How_to | No Comments »
Wednesday, August 12th, 2009
by LinuxTitli [Last updated: December 5, 2007]
Setup :
i) System: HP dual Xeon CPU system with 8 GB RAM (good for squid).
ii) Eth0: IP:192.168.1.1
iii) Eth1: IP: 192.168.2.1 (192.168.2.0/24 network (around 150 windows XP systems))
iv) OS: Red Hat Enterprise Linux 4.0 (Following instruction should work with Debian and all other Linux distros)
Eth0 connected to internet and eth1 [...]
Posted in How_to | 1 Comment »
Wednesday, August 12th, 2009
depmod -a : it will add new module automaticaly
modprobe drivername: it will add that specifiq driver
Preventing “ping of death” : cat /proc/sys/net/ipv4/tcp_syncookies , output should be 1
lsmod: to show the installed kernel module
/lib/modules/kernel_virson/Directory : here all kernel modules are stored
modprobe -r modulename : will remove that module
Kernel Tuning: Kernel Runtime Parameters
Several kernel [...]
Posted in Kernel | No Comments »
Wednesday, August 12th, 2009
Ref :http://hostingfu.com/article/ssh-dictionary-attack-prevention-with-iptables
Last week (9-15 April). 8,750 failed SSH login attempt, averaging almost one per minute, trying out all kinds of possible user names and left tons of junk in my message log. The recent SSH brute-force attacks (actually it’s not that recent) are rather annoying, and this article at Whitedust.com has useful information on how [...]
Posted in General | No Comments »
Wednesday, August 12th, 2009
Allow ssh connection from selected Ip:
iptables -A INPUT –source xx.xx.xx.xx -p tcp –dport 22 -j ACCEPT
iptables -A INPUT –source yy.yyy.yy.yy -p tcp –dport 22 -j ACCEPT
iptables -A INPUT -p tcp –dport 22 -j DROP
Only allow ssh to linux box:
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT –source xx.xx.xx.xx -p tcp –dport [...]
Posted in General | No Comments »
Tuesday, August 11th, 2009
In knoppix,
cd /etc/apt/
nano sources.list
add any good debain repo such as
deb http://http.us.debian.org/debian stable main contrib non-free
then : Save the file
then : apt-get update
then type: apt-get install openssh-server
also , give a password to root because currently knoppix does not have any root password.
repo ref: http://www.debian.org/doc/manuals/apt-howto/ch-basico.en.html
Posted in How_to | No Comments »
Tuesday, August 11th, 2009
To find the most expensive process which causing the I/O bottol neck :
1. iotop ( http://guichaz.free.fr/iotop/)
Iotop requires Python ≥ 2.5 and a Linux kernel ≥ 2.6.20 with the TASK_DELAY_ACCT and TASK_IO_ACCOUNTING options enabled.
2. idstat from sysstat packages
But Iotop provides more user friendly output then idstat.
Posted in How_to | No Comments »
Tuesday, August 11th, 2009
In Debain :
/etc/networking/interfaces
auto eth0
iface eth0 inet static
address 192.168.1.10
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1
then /etc/init.d/networking restart
In Centos:
vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=Static
HWADDR=00:0C:29:81:90:33
ONBOOT=yes
IPADDR=192.168.1.1
NETMASK=255.255.255.0
NETWORK=192.168.1.0
GATEWAY=192.168.1.1
BROADCAST=192.168.1.255
then : /etc/network/restart
Posted in How_to | 3 Comments »
Tuesday, August 11th, 2009
Welcome to fosiul.co.uk.
This is my own knowledge base web site. This site is updated daily on computer related articles, new problem solving technique,”How to documents”.
Posted in Uncategorized | 1 Comment »