[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[no subject]

>
> Test it:
> # mysql -uroot -pnewpassword
> You should be at a mysql prompt.
> # quit
> Gets you out of the mysql system.

again... if you use your passwd on the command line then you may be giving
it away faster then you want.....
mysql -uroot -p

> ------------------------------
> SRM.CONF changes

looks like personel prefs.....

> ------------------------------------
> Little How-Tos
> To see who's connected to your machine (through telnet and ssh):
> # w

err "w" is what they are doing...
who or pinky will tell you "who" is logged in....

> To change the FTP timeout:
> # pico /etc/proftpd.conf
> Add these lines:
> #Edited Timeout for longer ftp sessions
> TimeoutNoTransfer               1200
> TimeoutIdle                     1200

just prefs....

> To get Webalizer to run before logrotate, rename it:
> # mv /etc/cron.daily/webalizer.pl /etc/cron.daily/awebalizer.pl
> To get it to leave statistics on heavy-traffic sites, go into
> /etc/webalizer.conf and set Incremental to 'yes'.
> Remember to also set the name for the current file on the line below
> that.

just did a big post on this on the user list... bottom line.... rename the
logrotate/apache files zapache....


> To get directories to stop giving a list of contents:
> # pico /etc/httpd/conf/access.conf
> Edit this line so that it has the -Indexes at the end:
> # be more restrictive within a site
> <Directory /home/sites/*/>
> Options -FollowSymLinks +SymLinksIfOwnerMatch -Indexes
> </Directory>
> Save, exit, restart the web server.
> # /etc/rc.d/init.d/httpd restart
>

personel prefs...


> Alternatively, set AllowOverride options to ALL and drop an
> .htaccess file into the /web directory with this line:
> Options -Indexes

this is really bad and opens some security holes up depending on your
bussiness...  if you are hosting for strangers don't do this... just add
what you want to work and it will without giving extra stuff to your
users....

> Restarting inetd after dropping some new entries into hosts.deny:
> # /usr/sbin/inetd restart

as far as I know you don't need to do this...

> IPChains Install:
> #wget
> ftp://rpmfind.net/linux/redhat/6.2/en/os/i386/RedHat/RPMS/ipchains-1.3
> .9-5.i386.rpm
> # mv ipchains-1.3* ipchains-1.3.rpm
> # rpm -i ipchains-1.3.rpm
> IPChains is now installed. The startup script is in /etc/rc.d/init.d
> as ipchains.

well you can rpm -Uvh ftp://rpmfind.net/linux/redhat/6dHatblablabla/bla

but I don't like that package... myself I took the latest redhat 7.1 soruce
rpm and made a few changes then built it.   works great... as I recall it
was just a matter of getting rid on the need for xinetd.... it's also a
newer version which is improtant too...

> ALTERNATIVE FOR IPCHAINS NEWBIES:
> Get PMFirewall, install it, run the script and answer some questions
> about your setup:
> http://www.pointman.org/PMFirewall/

great stuff if your making a firewall....  I guess... never used it...

> PortSentry:
> # wget http://www.psionic.com/tools/portsentry-1.0.tar.gz
> # gunzip portsentry-1.0.tar.gz
> # tar -xvf portsentry-1.0.tar
> # mv portsentry-1.0 portsentry
> # cd portsentry
> #make

shoud be "make linux"

> # make install
>
> Configure PortSentry by carefully reading the portsentry.conf file and
> commenting/uncommenting
> certain lines and removing/adding certain ports.
> I recommend the "anal" setting. You'll get more mesages as "Attack
> Alerts" but it's a more - anal - setting.

yes but there are other modes that work better then using these settings....
also they need to setup the -"KILL_ROUTE" ... using ipchains in this
example...

> Turn on portsentry at bootup:
> add to /etc/rc.d/rc.local:
> /usr/local/psionic/portsentry/portsentry -tcp
> /usr/local/psionic/portsentry/portsentry -udp

yep... see note below

> To turn it on right now, just run those lines as root. You'll see
> portsentry firing up and binding if you look in
> /var/log/messages. There will be some lines where it cannot bind to
> certain ports, check

yep thats one way but it misses a few things that are nice to change.
Things like the complier used, and a init file...and setting up the ignore
file with local ip's....  you might want to add that...

What I did is I took the latest srpm from redhat 7.1 and modified it with my
own patch (with input from the redhat patches that I didn't like all of) and
rebuilt it into a nice rpm that does it all....

> LogCheck:
> # pico /usr/local/etc/logcheck.sh
> change the sysadmin address to whatever user you've set up to get the
> messages; save and exit

again the fast compile and install is a little rough and logcheck wants to
use some directoies that most people don't want them to use for temp
directories... any way...  the latest rh7.1 srpm, added changes, and made a
new rpm of it....

> # pico /root/crontab
> add this line:
> 01,16,31,45 * * * * /usr/local/etc/logcheck.sh
> That fires it off every 15 minutes. Adjust to your tastes.
> This line runs it once a night, at 1:01am:
> 1 1 * * *       /usr/local/etc/logcheck.sh
> If you don't have a file there yet, pico will make a new one. Tell
> crontab to pay attention to it like so:
> # crontab -u root /root/crontab

personel prefence

I like to link it....
ln -s /location/of/logcheck.sh /etc/cron.quaterhourly/Logcheck

With that I'm going to bed.... it's 3:48 now and I still have to reread this
...

Zeffie
http://www.zeffie.com/
Prev by Date: [no subject]
Next by Date: [no subject]
Previous by thread: [no subject]
Next by thread: [no subject]
Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index