1.Download the EPEL repo : rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-3.noarch.rpm 2.Then type the following command : yum install mod_security Note : Mod_security require liblua-5.1.so, If you don’t have this , it will throw an error while installing by yum. –> Processing Dependency: liblua-5.1.so for package: mod_security –> Finished Dependency Resolution mod_security-2.5.9-1.el5.i386 from epel has depsolving problems –> [...]
Archive for August, 2009
How to install mod_security by yum(Redhat-Centos 5)
Friday, August 28th, 2009Tools for securing Linux server and its services
Thursday, August 27th, 2009a) Fail2Ban: Which will ban IP address after few failure attempts website : http://www.fail2ban.org/wiki/index.php/Main_Page b)Rootkit Hunter : It will scan your server for any unauthorized scripts. Website :http://www.chkrootkit.org/ To download : http://sourceforge.net/projects/rkhunter/ c)PortSentry : This tool will block IP who is trying to scan your server for open ports. Ref : http://www.securityfocus.com/infocus/1580 http://www.securityfocus.com/infocus/1586 How to [...]
Critical vulnerability in the Linux kernel affects all versions since 2001
Thursday, August 27th, 2009Ref :http://www.h-online.com/security/Red-Hat-Novell-and-CentOS-update-for-kernel-vulnerability-Update–/news/114072 Google security specialists Tavis Ormandy and Julien Tiennes report that a critical security vulnerability in the Linux kernel affects all versions of 2.4 and 2.6 since 2001, on all architectures. The vulnerability enables users with limited rights to get root rights on the system. The cause is a NULL pointer dereference in connection [...]
Bash script to check for automatic yum updates
Thursday, August 27th, 2009#!/bin/bash ######################################## # This script will check for available package- # update for Centos/Redhat 5 sytem # Written by : Fosiul Alam # Version :1.0 # Created Date : 27/08/2009 # Last Modification : 27/08/2009 ######################################### ######################################## # Command use : yum -e0 -d0 check-update # Usage : /yum-script.sh ######################################## _GET_HOSTNAME=`hostname` _TODAY=`date ‘+%A’` [...]
All about yum command for Redhat/Centos/Fedora
Wednesday, August 26th, 2009Display List of updated software ( Security fix) yum list updates Or yum check-update Patch up system by applying all updates yum update List all installed packages rpm -qa How to find a perticular installed packages( httpd) rpm -qa | grep httpd How to look update for specific packages yum update {package-name-1} To check for [...]
reverse proxying with apache
Wednesday, August 26th, 2009Ref: http://httpd.apache.org/docs/2.2/mod/mod_proxy.html Module : mod_proxy.c In httpd.conf , under bellow section all reverse proxy rules will go <IfModule mod_proxy.c> #ProxyRequests On ProxyRequests Off # #<Proxy *> # Order deny,allow # Deny from all # Allow from .example.com #</Proxy> # # Enable/disable the handling of HTTP/1.1 “Via:” headers. # (“Full” adds the server version; “Block” removes [...]
How to allow perl/cgi script to run from virtualhost
Wednesday, August 26th, 2009Ref: http://httpd.apache.org/docs/2.0/howto/cgi.html If you want to run a perl script like this http://www.mydomain.com/test.pl , you will have to to define explicitly use the Options directive, inside your main server configuration file, to specify that CGI execution was permitted in a particular directory: Example: <VirtualHost *:80> ServerAdmin adin@mydomain.co.uk DocumentRoot /var/www/html/mydomain/ ServerName mydomain.co.uk ServerName www.mydomain.co.uk ErrorLog logs/mydomain.co.uk-error_log [...]
How to optimize Thread Cache variables for MySQL server
Monday, August 17th, 2009If you have a busy server that’s getting a lot of quick connections, set your thread cache high enough that the Threads_created value in SHOW STATUS stops increasing. Your CPU will thank you. Ref : http://jeremy.zawodny.com/blog/archives/000173.html “As soon as I optimized the thread cache, MySQL’s server load dropped over 50%!” Ref: http://www.epigroove.com/posts/63/optimize_mysql_the_thread_cache How to set [...]
How to optimized MySql server
Monday, August 17th, 2009Ref: MySQL® 5 Certification Study Guide Ref: High performace MySQL The MyISAM Key Cache The MyISAM key block size The Thread Cache The Table Cache
vsftpd: Failed to retrieve directory listing
Friday, August 14th, 2009Problem: If vsftpd failed to retrieves directory listing then do the following: In vsftpd.conf pasv_min_port=x example : [ pasv_min_port=1023] pasv_max_port=x example : [pasv_max_port=1050] Now add port 1023-1050 in iptables iptables -A INPUT –source xx.xx.xx.xx -p tcp –dport 1023:1050 -j ACCEPT it will allow filezilla to connect to ftp server via passive mode.
How to Rebuilding failed Linux software RAID
Friday, August 14th, 2009Ref: http://aplawrence.com/Linux/rebuildraid.html Recently I had a hard drive fail. It was part of a Linux software RAID 1 (mirrored drives), so we lost no data, and just needed to replace hardware. However, the raid does requires rebuilding. A hardware array would usually automatically rebuild upon drive replacement, but this needed some help. When you look [...]
Centos/Redhat/Debain Internet Connection Sharing
Friday, August 14th, 2009Network Setup : eth0 = 192.168.2.1 [ Isp router] eth1 = 10.0.0.2 [ Internal network] Check if IPv4 forwarding is ON or OFF : cat /proc/sys/net/ipv4/ip_forward if result = 0 then will have to On it by this command : echo “1″ > /proc/sys/net/ipv4/ip_forward Now have to Enable IP masquerading by adding rules in iptables [...]
How to sent email to a distribution group by sendmail
Wednesday, August 12th, 2009goto /etc/mail vi virtualtable all@yorudoman.co.uk allusers Now go to /etc/mail vi allusers.txt user1 user2 user3 [ Here you will have to just write the username (system username)] [If you have lots of user then you can use script to copy all username from /etc/password to /etc/mail/allusers.txt file] Now save the file vi /etc/newaliases Insert this [...]
How to make VIM as IDE for Bash and Perl
Wednesday, August 12th, 2009For Bash IDE: 1. Download bash-support.zip file from this site : http://www.vim.org/scripts/script.php?script_id=365 2. Unzip bash-support.zip file in /etc/vim directory also either copy the bash-support from /etc/vim to the user’s home directory [ cd /home/user, mkdir .vim, cp -r /etc/vim/bash-support /home/user/.vim] Or unzip bash-support.zip in user’s home directory [ /home/user/.vim] 3. Open your script in gvim [...]
Master to slave and slave to master replication
Wednesday, August 12th, 2009Master : 1. Create user and give the privileges: GRANT REPLICATION SLAVE, REPLICATION CLIENT ON *.* TO reply@’host-name’ IDENTIFIED BY ‘some-pass’; 2. Define the log setting in my.cnf log-bin = mysql-bin server_id = 2 3. Restart the server /etc/init.d/mysqld restart 4. check the status of the server by : show master status\G; Slave : 1. [...]
Query Cache in mysqlserver
Wednesday, August 12th, 2009Ref:MySQL® 5 Certification Study Guide Ref:Hight Performance Mysql Server(2nd Edition) Ref:http://dev.mysql.com/doc/refman/5.1/en/query-cache.html Ref:http://www.mysqlperformanceblog.com/2006/07/27/mysql-query-cache/ How to find out if Query Cache is enabled: mysql> SHOW VARIABLES LIKE ‘have_query_cache’; +——————+——-+ | Variable_name | Value | +——————+——-+ | have_query_cache | YES | +——————+——-+ How to enable Query Cache: Edit my.cnf file and Add as bellow: [mysqld] query_cache_type = 1 [...]
Basic Linux User administration Commands
Wednesday, August 12th, 2009useradd -s /sbin/nologin username : It will prevent user to login to server userdel -r username: -r delete everything( home directory,mail spool) without -r it will just delete account references from user and groups usermod -L username : -L to disable user account usermod -U username : -U enable the user account. echo ‘mypassword’ | [...]
How to add a new hardrive in linux with LVM
Wednesday, August 12th, 2009The steps are : Create Physical volume Or Extend the existing volume: Create a Physical volume by: pvcreate /dev/hdc ( Here the new partition name is /dev/hdc) Creating a Volume Group : vgcreate /dev/VolGroup01 /dev/hdc OR to extended the existing Volume Group :vgextend /devVolgroup01 /dev/hdc Create Logical Volume : check how much free PE you [...]
How to Setup a transparent proxy with Squid
Wednesday, August 12th, 2009by LinuxTitli [Last updated: December 5, 2007] Setup : i) System: HP dual Xeon CPU system with 8 GB RAM (good for squid). ii) Eth0: IP:192.168.1.1 iii) Eth1: IP: 192.168.2.1 (192.168.2.0/24 network (around 150 windows XP systems)) iv) OS: Red Hat Enterprise Linux 4.0 (Following instruction should work with Debian and all other Linux distros) [...]
Basic kernel related commands
Wednesday, August 12th, 2009depmod -a : it will add new module automaticaly modprobe drivername: it will add that specifiq driver Preventing “ping of death” : cat /proc/sys/net/ipv4/tcp_syncookies , output should be 1 lsmod: to show the installed kernel module /lib/modules/kernel_virson/Directory : here all kernel modules are stored modprobe -r modulename : will remove that module Kernel Tuning: Kernel [...]
SSH Dictionary Attack Prevention with iptables
Wednesday, August 12th, 2009Ref :http://hostingfu.com/article/ssh-dictionary-attack-prevention-with-iptables Last week (9-15 April). 8,750 failed SSH login attempt, averaging almost one per minute, trying out all kinds of possible user names and left tons of junk in my message log. The recent SSH brute-force attacks (actually it’s not that recent) are rather annoying, and this article at Whitedust.com has useful information on [...]
Iptables-rules
Wednesday, August 12th, 2009Allow ssh connection from selected Ip: iptables -A INPUT –source xx.xx.xx.xx -p tcp –dport 22 -j ACCEPT iptables -A INPUT –source yy.yyy.yy.yy -p tcp –dport 22 -j ACCEPT iptables -A INPUT -p tcp –dport 22 -j DROP Only allow ssh to linux box: iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP [...]
How to install openssh-server in knoppix
Tuesday, August 11th, 2009In knoppix, cd /etc/apt/ nano sources.list add any good debain repo such as deb http://http.us.debian.org/debian stable main contrib non-free then : Save the file then : apt-get update then type: apt-get install openssh-server also , give a password to root because currently knoppix does not have any root password. repo ref: http://www.debian.org/doc/manuals/apt-howto/ch-basico.en.html
How to find expensive I/O process for I/O bottol neck
Tuesday, August 11th, 2009To find the most expensive process which causing the I/O bottol neck : 1. iotop ( http://guichaz.free.fr/iotop/) Iotop requires Python ≥ 2.5 and a Linux kernel ≥ 2.6.20 with the TASK_DELAY_ACCT and TASK_IO_ACCOUNTING options enabled. 2. idstat from sysstat packages But Iotop provides more user friendly output then idstat.
How to Change Ip from Dynamic to Static
Tuesday, August 11th, 2009In Debain : /etc/networking/interfaces auto eth0 iface eth0 inet static address 192.168.1.10 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 gateway 192.168.1.1 then /etc/init.d/networking restart In Centos: vi /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 BOOTPROTO=Static HWADDR=00:0C:29:81:90:33 ONBOOT=yes IPADDR=192.168.1.1 NETMASK=255.255.255.0 NETWORK=192.168.1.0 GATEWAY=192.168.1.1 BROADCAST=192.168.1.255 then : /etc/network/restart
Hello world!
Tuesday, August 11th, 2009Welcome to fosiul.co.uk. This is my own knowledge base web site. This site is updated daily on computer related articles, new problem solving technique,”How to documents”.