Archive for the ‘How_to’ Category

Linux:How to configure logrotate for ModSecurity(source install)

Monday, April 26th, 2010

Problem: When you install Mod-security from source , by default log-rotate will not rotate those logs file as the path for log files are not defined logrotate configuration file by default. So if you want to allow logo-ratate to rotate your modsecurity log files. here is the steps:
1. Create a file modsecurity under /etc/logrotate.d

[...]

Linux:How to create multiple OpenVPN instances

Monday, April 26th, 2010

Problem :
How to configure openvpn to create multiple instances and listen more then 2 ports(1194,1195) ??
Solution:
you need more then 2 openvpn configuration file. example : openvpn.conf and openvpn1.conf
Now you need to define different port , Server Ip address,ifconfig-pool-persist, and log files
For openvpn.conf :

port 1194
proto tcp
dev tun
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
log [...]

Linux:How to use aide to check file system integrity

Monday, March 15th, 2010

Installing Aide:

Yum install aide

Creating the database:

aide -c /etc/aide.conf –i
Output : AIDE database at /var/lib/aide/aide.db.new.gz initialized.
This process creates a new file, aide.db.new.gz in /var/lib/aide/.You must rename this file to aide.db.gz, which is the correct name for the AIDE database.

Testing Aide:

aide -c /etc/aide.conf –C

Linux-How to conferm 64bit/32bit capability of CPU

Wednesday, February 17th, 2010

How many CPU in the system :
commands : cat /proc/cpuinfo

 
[root@server ~]# cat /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 15
model : 4
model name [...]

How to install apache2-php-mysql from source

Thursday, September 10th, 2009

Prerequisite : yum install gcc-c++ gcc make ncurses-devel openssl-devel
Packages required for php: yum install libjpeg-devel libpng-devel curl-devel libmcrypt-devel krb5-devel
Apache Server Installation from Source:
Apache installation directory is : /usr/local/apache
a) Download the apache source file from : http://httpd.apache.org/download.cgi
b) Download the source file in to /tmp directory.
c) I am guessing the source file is httpd-2.2.13.tar.gz
d) Cd /tmp
e) tar –xvzf httpd-2.2.13.tar.gz
f) cd httpd-2.2.13
g)

 
./configure –prefix=/usr/local/apache [...]

How to backup linux Server remotely

Monday, September 7th, 2009

Bellow article will show how to backup a Linux server remotely by using RSYNC with public key base authentication.
To make this backup process automatic we need a password less authentication system so that we don’t have to insert username and password before backup starts.
How to create Key base authentication:
Here are the steps you [...]

Tools for securing Linux server and its services

Thursday, August 27th, 2009

a) Fail2Ban: Which will ban IP address after few failure attempts
website : http://www.fail2ban.org/wiki/index.php/Main_Page
b)Rootkit Hunter : It will scan your server for any unauthorized scripts.
Website :http://www.chkrootkit.org/
To download : http://sourceforge.net/projects/rkhunter/
c)PortSentry : This tool will block IP who is trying to scan your server for open ports.
Ref : http://www.securityfocus.com/infocus/1580
http://www.securityfocus.com/infocus/1586
How to install : http://www.falkotimme.com/howtos/chkrootkit_portsentry/
d)mod_security
http://www.modsecurity.org/
e) mod_evasive : It will ban [...]

How to Rebuilding failed Linux software RAID

Friday, August 14th, 2009

Ref: http://aplawrence.com/Linux/rebuildraid.html
Recently I had a hard drive fail. It was part of a Linux software RAID 1 (mirrored drives), so we lost no data, and just needed to replace hardware. However, the raid does requires rebuilding. A hardware array would usually automatically rebuild upon drive replacement, but this needed some help.
When you look at a [...]

Centos/Redhat/Debain Internet Connection Sharing

Friday, August 14th, 2009

Network Setup :
eth0 = 192.168.2.1 [ Isp router]
eth1 = 10.0.0.2 [ Internal network]
Check if IPv4 forwarding is ON or OFF :
cat /proc/sys/net/ipv4/ip_forward
if result = 0 then will have to On it by this command :
echo “1″ > /proc/sys/net/ipv4/ip_forward
Now have to Enable IP masquerading by adding rules in iptables
iptables -t nat -A POSTROUTING -o eth0 [...]

How to sent email to a distribution group by sendmail

Wednesday, August 12th, 2009

goto /etc/mail
vi virtualtable
all@yorudoman.co.uk allusers
Now go to
/etc/mail
vi allusers.txt
user1
user2
user3
[ Here you will have to just write the username (system username)]
[If you have lots of user then you can use script to copy all username from /etc/password to /etc/mail/allusers.txt file]
Now save the file
vi /etc/newaliases
Insert this line
allusers: :include:/etc/mail/allusers.txt
Then make new aliases
That’s it
Now when [...]

How to make VIM as IDE for Bash and Perl

Wednesday, August 12th, 2009

For Bash IDE:
1. Download bash-support.zip file from this site : http://www.vim.org/scripts/script.php?script_id=365
2. Unzip bash-support.zip file in /etc/vim directory also either copy the bash-support from /etc/vim to the user’s home directory [ cd /home/user, mkdir .vim, cp -r /etc/vim/bash-support /home/user/.vim] Or unzip bash-support.zip in user’s home directory [ /home/user/.vim]
3. Open your script in gvim mood. [ [...]

How to add a new hardrive in linux with LVM

Wednesday, August 12th, 2009

The steps are :
Create Physical volume Or Extend the existing volume:

Create a Physical volume by: pvcreate /dev/hdc ( Here the new partition name is /dev/hdc)
Creating a Volume Group : vgcreate /dev/VolGroup01 /dev/hdc
OR to extended the existing Volume Group :vgextend /devVolgroup01 /dev/hdc

Create Logical Volume :
check how much free PE you got by : vgdisplay
It [...]

How to Setup a transparent proxy with Squid

Wednesday, August 12th, 2009

by LinuxTitli [Last updated: December 5, 2007]
Setup :
i) System: HP dual Xeon CPU system with 8 GB RAM (good for squid).
ii) Eth0: IP:192.168.1.1
iii) Eth1: IP: 192.168.2.1 (192.168.2.0/24 network (around 150 windows XP systems))
iv) OS: Red Hat Enterprise Linux 4.0 (Following instruction should work with Debian and all other Linux distros)
Eth0 connected to internet and eth1 [...]

How to install openssh-server in knoppix

Tuesday, August 11th, 2009

In knoppix,
cd /etc/apt/
nano sources.list
add any good debain repo such as
deb http://http.us.debian.org/debian stable main contrib non-free

then : Save the file
then : apt-get update

then type: apt-get install openssh-server
also , give a password to root because currently knoppix does not have any root password.

repo ref: http://www.debian.org/doc/manuals/apt-howto/ch-basico.en.html

How to find expensive I/O process for I/O bottol neck

Tuesday, August 11th, 2009

To find the most expensive process which causing the I/O bottol neck :
1. iotop ( http://guichaz.free.fr/iotop/)
Iotop requires Python ≥ 2.5 and a Linux kernel ≥ 2.6.20 with the TASK_DELAY_ACCT and TASK_IO_ACCOUNTING options enabled.
2. idstat from sysstat packages
But Iotop provides more user friendly output then idstat.

How to Change Ip from Dynamic to Static

Tuesday, August 11th, 2009

In Debain :
/etc/networking/interfaces
auto eth0
iface eth0 inet static
address 192.168.1.10
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1
then /etc/init.d/networking restart
In Centos:
vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=Static
HWADDR=00:0C:29:81:90:33
ONBOOT=yes
IPADDR=192.168.1.1
NETMASK=255.255.255.0
NETWORK=192.168.1.0
GATEWAY=192.168.1.1
BROADCAST=192.168.1.255
then : /etc/network/restart