Archive for the ‘security’ Category

As root:
Optional: if there is no custombuild folder use this:
======================================
cd /usr/local/directadmin
wget http://files.directadmin.com/services/custombuild/1.2/custombuild.tar.gz
tar xvzf custombuild.tar.gz
cd custombuild
======================================

normal upgrade way (for debian install: libpcre3-dev libdb4.3-dev libperl-dev libsasl2-dev and skip the yum line)
======================================
cd /usr/local/directadmin/custombuild
yum -y install db4-devel cyrus-sasl-devel
./build update
./build update_script
./build set exim yes
./build clean
./build pcre
./build exim
=====================================

if first set is not working, use this one:
===============================================================
cd /usr/local/directadmin/custombuild
./build set custombuild 1.2
./build set exim yes
./build update
./build update_script
./build update_data
./build clean
./build exim
./build set custombuild 1.1
===============================================================

You should know already that you can do this on your own risk/responsibility. No guarantee that this will work in your case.
For removing the password lock you need a live linux cd/stick [I’ve done this using fedora 13 live cd]. Boot the linux and with hdparm -I /dev/sda you can see the security parameters:
Security:
Master password revision code = 65534
supported
enabled
locked
not frozen
not expired

Tested on western digital WDC WD2500YS:
you should read here about hdparm parameters.

$ hdparm --security-unlock WDCWDCWDCWDCWDCWDCWDCWDCWDCWDCW /dev/sda
$ hdparm --security-disable WDCWDCWDCWDCWDCWDCWDCWDCWDCWDCW /dev/sda

You should see smth like:
/dev/sda:
Issuing SECURITY_UNLOCK command, password="WDCWDCWDCWDCWDCWDCWDCWDCWDCWDCW", user=master
/dev/sda:
Issuing SECURITY_DISABLE command, password="WDCWDCWDCWDCWDCWDCWDCWDCWDCWDCW", user=master

after checking with hdparm -I /dev/sda: you should see:
Security:
Master password revision code = 65534
supported
not enabled
not locked
not frozen
not expired: security count

That means your hard drive is unlocked.

If you see smth like: expired: security count it means that you have tried more than 3 times invalid password and you should reset(power cicle) the drive.

Generate SSL Certificate For VSFTPD Server:

$ openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout /etc/vsftpd/vsftpd.pem -out /etc/vsftpd/vsftpd.pem

Add this lines to vsftpd.conf:
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=NO
ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES
rsa_cert_file=/etc/vsftpd/vsftpd.pem

You may check first what is the path of sendmail:
whereis sendmail or php -i | grep sendmail
move /usr/sbin/sendmail to something like /usr/sbin/sendmail.or
vi /usr/sbin/sendmail
put the code below:

#!/usr/bin/perl
# use strict;
use Env;
my $date = `date`;
chomp $date;
open (INFO, ">>/var/log/formmail.log") || die "Failed to open file ::$!";
my $uid = $>;
my @info = getpwuid($uid);
if($REMOTE_ADDR) {
print INFO "$date - $REMOTE_ADDR ran $SCRIPT_NAME at $SERVER_NAME \n";
}
else {
print INFO "$date - $PWD - @info\n";
}
my $mailprog = '/usr/sbin/sendmail.or';
foreach (@ARGV) {
$arg="$arg" . " $_";
}
open (MAIL,"|$mailprog $arg") || die "cannot open $mailprog: $!\n";
while (<STDIN> ) {
print MAIL;
}
close (INFO);
close (MAIL);


chmod a+x /usr/sbin/sendmail
touch /var/log/formmail.log
and chmod 777 /var/log/formmail.log

that should be all.

wget --user-agent Firefox --save-headers --referer "http://www.google.com/search?q=duuude" "example.com"

http://www.linuxscrew.com/2009/12/21/best-of-linux-cheat-sheets/

Problem

In some environments, administrators may find it difficult or tedious to manage and/or monitor logs from many different
servers, and require a mechanism for directing logs from all systems to one central location. Also, in some situations
when there is an issue with the / or /var filesystem, redirecting logs to another server can allow important messages
critical to troubleshooting to be printed, whereas they would have been lost if syslog was directing them to the local
filesystem.

Solution

The syslogd daemon can be configured to send messages for all logging levels or individual levels to one or more syslog
servers. In order to accomplish this, the file /etc/sysconfig/syslog must be edited on the syslog server to allow
remote machines to send logs here. Add the -r option to the SYSLOGD_OPTIONS like so:

SYSLOGD_OPTIONS="-r -m 0"

After the file has been saved, the syslogd service needs to be restarted:

# service syslog restart

To configure a client to send all messages to the remote server, append the following to /etc/syslog.conf:

*.* @hostname

Replace hostname above with the IP address or the hostname of the centralized log server. Or to only send individual
logging levels to the remote server:

*.info;mail.none;authpriv.none;cron.none @hostname

Again replacing hostname with the IP address or hostname of the remote server. Now restart the syslog service on the
client:

# service syslog restart

The new configuration can be tested by restarting a service such as cups on the client:

# service cups restart

Or by using a command such as:

# logger "***** THIS IS A TEST *****"

The log messages related to the cups service being restarted or from the logger command should be found in
/var/log/messages of the central server.