Problem: When you install Mod-security from source , by default log-rotate will not rotate those logs file as the path for log files are not defined logrotate configuration file by default. So if you want to allow logo-ratate to rotate your modsecurity log files. here is the steps:
1. Create a file modsecurity under /etc/logrotate.d
[...]
Problem :
How to configure openvpn to create multiple instances and listen more then 2 ports(1194,1195) ??
Solution:
you need more then 2 openvpn configuration file. example : openvpn.conf and openvpn1.conf
Now you need to define different port , Server Ip address,ifconfig-pool-persist, and log files
For openvpn.conf :
port 1194
proto tcp
dev tun
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
log [...]
Installing Aide:
Yum install aide
Creating the database:
aide -c /etc/aide.conf –i
Output : AIDE database at /var/lib/aide/aide.db.new.gz initialized.
This process creates a new file, aide.db.new.gz in /var/lib/aide/.You must rename this file to aide.db.gz, which is the correct name for the AIDE database.
Testing Aide:
aide -c /etc/aide.conf –C
How many CPU in the system :
commands : cat /proc/cpuinfo
[root@server ~]# cat /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 15
model : 4
model name [...]
Prerequisite : yum install gcc-c++ gcc make ncurses-devel openssl-devel
Packages required for php: yum install libjpeg-devel libpng-devel curl-devel libmcrypt-devel krb5-devel
Apache Server Installation from Source:
Apache installation directory is : /usr/local/apache
a) Download the apache source file from : http://httpd.apache.org/download.cgi
b) Download the source file in to /tmp directory.
c) I am guessing the source file is httpd-2.2.13.tar.gz
d) Cd /tmp
e) tar –xvzf httpd-2.2.13.tar.gz
f) cd httpd-2.2.13
g)
./configure –prefix=/usr/local/apache [...]
Bellow article will show how to backup a Linux server remotely by using RSYNC with public key base authentication.
To make this backup process automatic we need a password less authentication system so that we don’t have to insert username and password before backup starts.
How to create Key base authentication:
Here are the steps you [...]
a) Fail2Ban: Which will ban IP address after few failure attempts
website : http://www.fail2ban.org/wiki/index.php/Main_Page
b)Rootkit Hunter : It will scan your server for any unauthorized scripts.
Website :http://www.chkrootkit.org/
To download : http://sourceforge.net/projects/rkhunter/
c)PortSentry : This tool will block IP who is trying to scan your server for open ports.
Ref : http://www.securityfocus.com/infocus/1580
http://www.securityfocus.com/infocus/1586
How to install : http://www.falkotimme.com/howtos/chkrootkit_portsentry/
d)mod_security
http://www.modsecurity.org/
e) mod_evasive : It will ban [...]
Ref: http://aplawrence.com/Linux/rebuildraid.html
Recently I had a hard drive fail. It was part of a Linux software RAID 1 (mirrored drives), so we lost no data, and just needed to replace hardware. However, the raid does requires rebuilding. A hardware array would usually automatically rebuild upon drive replacement, but this needed some help.
When you look at a [...]
Network Setup :
eth0 = 192.168.2.1 [ Isp router]
eth1 = 10.0.0.2 [ Internal network]
Check if IPv4 forwarding is ON or OFF :
cat /proc/sys/net/ipv4/ip_forward
if result = 0 then will have to On it by this command :
echo “1″ > /proc/sys/net/ipv4/ip_forward
Now have to Enable IP masquerading by adding rules in iptables
iptables -t nat -A POSTROUTING -o eth0 [...]
goto /etc/mail
vi virtualtable
all@yorudoman.co.uk allusers
Now go to
/etc/mail
vi allusers.txt
user1
user2
user3
[ Here you will have to just write the username (system username)]
[If you have lots of user then you can use script to copy all username from /etc/password to /etc/mail/allusers.txt file]
Now save the file
vi /etc/newaliases
Insert this line
allusers: :include:/etc/mail/allusers.txt
Then make new aliases
That’s it
Now when [...]
For Bash IDE:
1. Download bash-support.zip file from this site : http://www.vim.org/scripts/script.php?script_id=365
2. Unzip bash-support.zip file in /etc/vim directory also either copy the bash-support from /etc/vim to the user’s home directory [ cd /home/user, mkdir .vim, cp -r /etc/vim/bash-support /home/user/.vim] Or unzip bash-support.zip in user’s home directory [ /home/user/.vim]
3. Open your script in gvim mood. [ [...]
The steps are :
Create Physical volume Or Extend the existing volume:
Create a Physical volume by: pvcreate /dev/hdc ( Here the new partition name is /dev/hdc)
Creating a Volume Group : vgcreate /dev/VolGroup01 /dev/hdc
OR to extended the existing Volume Group :vgextend /devVolgroup01 /dev/hdc
Create Logical Volume :
check how much free PE you got by : vgdisplay
It [...]
by LinuxTitli [Last updated: December 5, 2007]
Setup :
i) System: HP dual Xeon CPU system with 8 GB RAM (good for squid).
ii) Eth0: IP:192.168.1.1
iii) Eth1: IP: 192.168.2.1 (192.168.2.0/24 network (around 150 windows XP systems))
iv) OS: Red Hat Enterprise Linux 4.0 (Following instruction should work with Debian and all other Linux distros)
Eth0 connected to internet and eth1 [...]
In knoppix,
cd /etc/apt/
nano sources.list
add any good debain repo such as
deb http://http.us.debian.org/debian stable main contrib non-free
then : Save the file
then : apt-get update
then type: apt-get install openssh-server
also , give a password to root because currently knoppix does not have any root password.
repo ref: http://www.debian.org/doc/manuals/apt-howto/ch-basico.en.html
To find the most expensive process which causing the I/O bottol neck :
1. iotop ( http://guichaz.free.fr/iotop/)
Iotop requires Python ≥ 2.5 and a Linux kernel ≥ 2.6.20 with the TASK_DELAY_ACCT and TASK_IO_ACCOUNTING options enabled.
2. idstat from sysstat packages
But Iotop provides more user friendly output then idstat.
In Debain :
/etc/networking/interfaces
auto eth0
iface eth0 inet static
address 192.168.1.10
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1
then /etc/init.d/networking restart
In Centos:
vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=Static
HWADDR=00:0C:29:81:90:33
ONBOOT=yes
IPADDR=192.168.1.1
NETMASK=255.255.255.0
NETWORK=192.168.1.0
GATEWAY=192.168.1.1
BROADCAST=192.168.1.255
then : /etc/network/restart