Monday 11 April 2011

change the SSH port

How to change the SSH port

1) Login to shell via root.

2) Open the shell configuration file.

vi /etc/ssh/sshd_config

3) Change port.
Uncomment and change
#Port 22
to look like
Port 6472 (choose your own 2 to 5 digit port number (49151 is the highest port number)

4) Save and exit.
shift+:wq

5) Restart shell. (Make sure if you have a firewall installed that you have the new port unblocked.)

/etc/rc.d/init.d/sshd restart

How to install cPanel from SSH?

How to install cPanel from SSH?

ssh to the server.

Go to the /home and execute the below commands

cd /home/
wget http://layer1.cpanel.net/latest
sh latest

This need to be done on fresh OS.

CSF commands

Hi all,
Basic commands of csf Firewall at command line.

1. Remove and unblock an IP address in /etc/csf.deny
csf -dr IP address

2. Remove an IP address from the temporary IP ban list
csf -tr IP address

3. Add an IP address to /etc/csf.deny
csf -d IP address

4. Disable csf and lfd
csf -x

5. Enable csf and lfd
csf -e

6. Restart firewall rules
csf -r

Monday 4 April 2011

DNS command for troubleshooting

Zone file database records divide DNS information into three primary types: NS (Name Server) records, MX (Mail Exchange) records, and A (Address) records. NS records indicate the name servers. MX records indicate the hosts that handle email delivery; the priority (pri) number indicates the order in which mail servers are used, with the lowest number receiving the highest priority. The A (Address) records map hostnames to IP addresses, the real names of machines.

nslookup
========


The nslookup program allows the user to query Internet domain name servers interactively or non-interactively

# nslookup www.redhat.com
Server: 128.121.247.232
Address: 128.121.247.232#53

Non-authoritative answer:
Name: www.redhat.com
Address: 209.132.177.50

dig
===


Use the dig command to determine whether the name server for your domain is configured correctly.

You can quickly determine the Name servers of your host or any other host:

# dig ns your-host.com

Check your (or another) website against the host's name servers:

# dig www.your-domain-name.com @ns.your-host.com

Dig can provide output that is in the same format as the zone file itself. Here is how to get the whole zone file:

# dig any your-domain-name.com

Here are the most useful dig query types: dig any (gathers all DNS information), dig ns (gathers name server information), dig mx (gathers mail exchanger information) and dig a (gathers network address information).

Reverse DNS from command line. Quick and easy way to look up a domain name given an IP address.

# dig -x 192.168.52.2

host
====


This is the simplest of the DNS commands. It is a quick way to determine the IP address of a hostname.

The host command accepts arguments that are either the fully qualified domain name or the IP address of the server when providing results.

# host

# host www.domainname.com

To perfrom reverse lookup

# host 192.1168.52.2

To find all of the information about a host maintained by the DNS, use the command:

# host -a
# host -a redhat.com
# host www.your-domain-name.com

The -a option will return all of the DNS information in verbose format:

# host -a www.your-domain-name.com

Now that you know the IP address for www.your-domain-name.com, try a reverse lookup:

# host

To list a complete domain, use the command:

# host -l
# host -l redhat.com

dnsquery
========


The dnsquery program queries domain name servers via the resolver library calls /etc/resolv.conf.

# dnsquery
# dnsquery www.redhat.com

Exim commands to manage the mail queue!!!


Listing particular domains log entries

for i in `exiqgrep -if info@tknalla.com`; do grep $i /var/log/exim_mainlog; done > /usr/local/apache/htdocs/tknalla_com

To view it from your browser

http://tknalla.com/tknalla_com

To remove all the mail queues(forece delete)---Please make sure,if you really want to empty the mail queues

exim -bp | awk '/^ *[0-9]+[mhd]/{print "exim -Mrm " $3}' | bash

Summary

exim -bp | exiqsumm

remove all frozen messages

exim -bpr | grep frozen | awk {'print $3'} | xargs exim -Mrm


removing bounced meails

exim -bpr |grep "<>"|awk {'print $3'} > t (or)
exim -bpr |grep " "|awk {'print $3'} > t

Don't forget to run this command
cat t |xargs exim -Mrm

Viewing log output with ID

grep -c /var/log/exim_mainlog

View the transact of message

exim -v -M msgid

Force delivery of one message

exim -M email-id

Force another queue run

exim -qf

Force another queue run and attempt to flush the frozen message

exim -qff

View the log for the message

exim -Mvl msgid

View the body of the message

exim -Mvb msgid

View the header of the message

exim -Mvh msgid

Remove message without sending any error message

exim -Mrm msgid

Giveup and fail message to bounce the message to the Sender

exim -Mg msgid

How much mail in the queue?

exim -bpr | grep "<" | wc -l How many Frozen mails in the queue

exim -bpr | grep frozen | wc -l


Deleteing Frozen Messages

exim -bpr | grep frozen | awk {'print $3'} | xargs exim -Mrm


To find out, how many messages are there in the mail queue

exim -bpc

To check the mails in the queue

exim -bp

To force exim update

/scripts/eximup --force

Deliver forefully emails

exim -qff -v -C /etc/exim.conf &

Freeze mails from sender

exiqgrep -i -f (mail address here) | xargs exim -Mf


For more stuff
http://www.webhostingtalk.com/showthread.php?t=623960


4 Most Important PHP Security Measures

We can say that PHP is a mature language with lot’s of useful, but potentially dangerous features. The rapid growth of the language and the dynamic nature of the Web let people easily create dynamic web pages without any prior knowledge in computer science or the architecture of the Internet.

In this tutorial we’ll have a look at 4 important PHP security measures that you should implement in order to develop a safer website.

1. Register Globals

Up until PHP version 4.2.0 the register_globals directive’s default value was On. One of the most controversial change in following versions was that the PHP core developers changed this default value to Off, not because the directive itself was insecure, but the common misuse of it was.

Note: This feature will be removed starting with PHP 6.0.0

When this directive is On, PHP will inject extra variables in the script such as HTML request variables, etc. The problem with this approach is that a developer cannot rely anything outside of his script and by injecting these variables an outside attacker could overwrite already defined variables or create potentially dangerous ones. For example:

PHP could inject these sort of variables in a script
$username = 'hacked_username';

Now if a $username variable was already set this would overwrite it.

Another good example can be found on php.net

if ($authorized) {
//show members only page
}

An attacker could alter the value of this variable simply by using GET auth.php?authorized=1if the above code snippet is found in auth.php file

The best practice, that every developer should follow, is setting register_globals directive toOff and use the already defined PHP superglobals such as $_GET, $_POST.

register_globals directive is found in the php.ini file.

2. Error Reporting

When developing a complex website or web application enabling errors display is essential. A developer cannot fix the committed errors if he can’t see them, but once the website is in production the errors display should be disabled, because PHP errors provides detailed information to the outside attacker.

A good approach is to enable error display in development environment:

error_reporting(E_ALL);
ini_set('display_errors','On');

And once in production environment disable error display, but enable error logging to a file:

error_reporting(E_ALL);
ini_set('display_errors','Off');
ini_set('log_errors', 'On');
ini_set('error_log', '/path/to/error/log');

Alternatively you can use error_reporting(E_ALL | E_STRICT), this is the highest setting, offering suggestion for forward compatibility too.

3. Cross-Site Scripting (XSS)

Cross-site scripting vulnerability is the most common form of attack on websites. The mistake made by developers is not filtering input data from web forms and not escaping the output.

For example we have the following comment form:





The application displays the following data like:
echo $_POST['txtMessage'];

The vulnerability is that the application doesn’t filter the input and escape the output. Let’s say someone writes the following javascript in the comment textarea:
alert ('hacked');

If an application doesn’t escape this output on every page request a Javascript alert box will pop up. The best a developer can do is to filter out any HTML tags from the data with:
$clean_message = strip_tags($_POST['txtComment']);

And escape it when outputting the date with htmlentities:
htmlentities($clean_message, ENT_QUOTES, 'UTF-8');

A better solution is to use HTML Purifier to filter out any unwanted malicious input and to test your web forms that it’s XSS proof use the XSS cheat sheet.

4. Exposing Sensitive Information

Many web developers store sensitive information in files such as database passwords and other credentials. If these files are not properly secured an attacker could see the contents of them, therefore hacking the applications database, etc.

The most common file extension for php include files is .inc. By using this extension and not properly creating parsing rules in Apache, a developer could create a major security hole in the web application.

In Apache configuration the default file type for unknown file extensions is text/plain. If the.inc file is not set to be parsed as a PHP file and it is in the document root then we can access this file and see the contents of it by visiting the corresponding URL.

The best solution to this problem is to store these files outside of your document root (e.g. /www, /public_html, etc.). A best practice is to place the most essential files in your document root.

If you don’t have access outside your document root then at least use the following 2 methods:

1. Use an extra .php extension on the end of your file. E.g. sensitive.inc.php
2. Secure the .inc file in a .htaccess file:



Order allow,deny

Deny from all



Summary

* Set register_globals directive to Off
* Disable error display in production environment
* Avoid XSS attacks, filter your input and escape your output
* Move all your sensitive information outside of your document root, if that’s not possible add an extra .php extension to your .inc files and/or secure them in a .htaccess file



‎"Trying to get everyone to like you is a sign of mediocrity." -- Colin Powell

.htaccess how to?

what is .htaccess?

.htaccess files (or "distributed configuration files") provide a way to make configuration changes on a per-directory basis. A file, containing one or more configuration directives, is placed in a particular document directory, and the directives apply to that directory, and all subdirectories thereof.

Where as Directives is the terminology that Apache uses for the commands in Apache’s
configuration files. They are normally relatively short commands, typically
key value pairs, that modify Apache’s behavior. An .htaccess file allows
developers to execute a bunch of these directives without requiring access to
Apache’s core server configuration file, often named httpd.conf. This file,
httpd.conf, is typically referred to as the “global configuration file” and I will
refer to it with that name or its short filename equivalent.

Enable Directory Browsing

Options +Indexes
## block a few types of files from showing
IndexIgnore *.wmv *.mp4 *.avi

Disable Directory Browsing

Options All -Indexes

Customize Error Messages

ErrorDocument 403 /forbidden.html
ErrorDocument 404 /notfound.html
ErrorDocument 500 /servererror.html

Get SSI working with HTML/SHTML

AddType text/html .html
AddType text/html .shtml
AddHandler server-parsed .html
AddHandler server-parsed .shtml
# AddHandler server-parsed .htm

Change Default Page (order is followed!)

DirectoryIndex myhome.htm index.htm index.php

Block Users from accessing the site

order deny,allow
deny from 202.54.122.33
deny from 8.70.44.53
deny from .spammers.com
allow from all

Allow only LAN users

order deny,allow
deny from all
allow from 192.168.0.0/24

Redirect Visitors to New Page/Directory

Redirect oldpage.html http://www.domainname.com/newpage.html
Redirect /olddir http://www.domainname.com/newdir/

Block site from specific referrers

RewriteEngine on
RewriteCond % site-to-block\.com [NC]
RewriteCond % site-to-block-2\.com [NC]
RewriteRule .* - [F]

Block Hot Linking/Bandwidth hogging

RewriteEngine on
RewriteCond % !^$
RewriteCond % !^http://(www\.)?mydomain.com/.*$ [NC]
RewriteRule \.(gif|jpg)$ - [F]

Stop .htaccess (or any other file) from being viewed

order allow,deny
deny from all

Avoid the 500 Error

# Avoid 500 error by passing charset
AddDefaultCharset utf-8


Password Protecting Directories

Use the .htaccess Password Generator and follow the brief instructions!

Change Script Extensions

AddType application/x-httpd-php .gne

gne will now be treated as PHP files! Similarly, x-httpd-cgi for CGI files, etc.

Use MD5 Digests

Performance may take a hit but if thats not a problem, this is a nice option to turn on.

ContentDigest On

The CheckSpelling Directive

From Jens Meiert: CheckSpelling corrects simple spelling errors (for example, if someone forgets a letter or if any character is just wrong). Just add CheckSpelling On to your htaccess file.

The ContentDigest Directive

As the Apache core features documentation says: “This directive enables the generation of Content-MD5 headers as defined in RFC1864 respectively RFC2068. The Content-MD5 header provides an end-to-end message integrity check (MIC) of the entity-body. A proxy or client may check this header for detecting accidental modification of the entity-body in transit.

Note that this can cause performance problems on your server since the message digest is computed on every request (the values are not cached). Content-MD5 is only sent for documents served by the core, and not by any module. For example, SSI documents, output from CGI scripts, and byte range responses do not have this header.”

To turn this on, just add ContentDigest On.

Set an Expires header and enable Cache-Control

ExpiresActive On
ExpiresDefault "access plus 1 seconds"
ExpiresByType text/html "access plus 7200 seconds"
ExpiresByType image/gif "access plus 518400 seconds"
ExpiresByType image/jpeg "access plus 518400 seconds"
ExpiresByType image/png "access plus 518400 seconds"
ExpiresByType text/css "access plus 518400 seconds"
ExpiresByType text/javascript "access plus 216000 seconds"
ExpiresByType application/x-javascript "access plus 216000 seconds"

# Cache specified files for 6 days
Header set Cache-Control "max-age=518400, public"
# Cache HTML files for a couple hours
Header set Cache-Control "max-age=7200, private, must-revalidate"
# Cache PDFs for a day
Header set Cache-Control "max-age=86400, public"
# Cache Javascripts for 2.5 days

Header set Cache-Control "max-age=216000, private"



“Give a man a fish and he will eat for a day. Teach a man to fish and he
will eat for a lifetime.” - Confucius



Friday 1 April 2011

How to install nagios in linux?

Prerequisites
During portions of the installation you'll need to have root access to your machine.
Make sure you've installed the following packages on your Fedora installation before continuing.

    * Apache
    * PHP
    * GCC compiler
    * GD development libraries

You can use yum to install these packages by running the following commands (as root):
yum install httpd php
yum install gcc glibc glibc-common
yum install gd gd-devel

1) Create Account Information
Become the root user.
su -l

Create a new nagios user account and give it a password.
------------------------------------------------------------------------
/usr/sbin/useradd -m nagios
passwd nagios


Create a new nagcmd group for allowing external commands to be submitted through the web interface. Add both the nagios user and the apache user to the group.
/usr/sbin/groupadd nagcmd
/usr/sbin/usermod -a -G nagcmd nagios
/usr/sbin/usermod -a -G nagcmd apache

2) Download Nagios and the PluginsCreate a directory for storing the downloads.
mkdir ~/downloads
cd ~/downloads

Download the source code tarballs of both Nagios and the Nagios plugins (visit http://www.nagios.org/download/ for links to the latest versions). These directions were tested with Nagios 3.1.1 and Nagios Plugins 1.4.11.

wget http://prdownloads.sourceforge.net/sourceforge/nagios/nagios-3.2.3.tar.gz
wget http://prdownloads.sourceforge.net/sourceforge/nagiosplug/nagios-plugins-1.4.11.tar.gz

3) Compile and Install Nagios
Extract the Nagios source code tarball.
cd ~/downloads
tar xzf nagios-3.2.3.tar.gz
cd nagios-3.2.3

Run the Nagios configure script, passing the name of the group you created earlier like so:

./configure --with-command-group=nagcmd

Compile the Nagios source code.
make all

Install binaries, init script, sample config files and set permissions on the external command directory.

make install
make install-init
make install-config
make install-commandmode

Don't start Nagios yet - there's still more that needs to be done...

4) Customize Configuration


Sample configuration files have now been installed in the /usr/local/nagios/etc directory. These sample files should work fine for getting started with Nagios. You'll need to make just one change before you proceed...

Edit the /usr/local/nagios/etc/objects/contacts.cfg config file with your favorite editor and change the email address associated with the nagiosadmin contact definition to the address you'd like to use for receiving alerts.

vi /usr/local/nagios/etc/objects/contacts.cfg


5) Configure the Web InterfaceInstall the Nagios web config file in the Apache conf.d directory.
make install-webconf

Create a nagiosadmin account for logging into the Nagios web interface. Remember the password you assign to this account - you'll need it later.

htpasswd -b /usr/local/nagios/etc/htpasswd.users nagiosadmin(uname) nagios(password)

Restart Apache to make the new settings take effect.

service httpd restart

Note Note: Consider implementing the ehanced CGI security measures described here to ensure that your web authentication credentials are not compromised.

6) Compile and Install the Nagios Plugins
Extract the Nagios plugins source code tarball.
cd ~/downloads
tar xzf nagios-plugins-1.4.11.tar.gz
cd nagios-plugins-1.4.11

Compile and install the plugins.
./configure --with-nagios-user=nagios --with-nagios-group=nagios
make
make install

7) Start Nagios

Add Nagios to the list of system services and have it automatically start when the system boots.
chkconfig --add nagios
chkconfig nagios on

Verify the sample Nagios configuration files.
/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

If there are no errors, start Nagios.
service nagios start

8) Modify SELinux SettingsFedora ships with SELinux (Security Enhanced Linux) installed and in Enforcing mode by default. This can result in "Internal Server Error" messages when you attempt to access the Nagios CGIs.
See if SELinux is in Enforcing mode.

getenforce

Put SELinux into Permissive mode.

setenforce 0

To make this change permanent, you'll have to modify the settings in /etc/selinux/config and reboot.
Instead of disabling SELinux or setting it to permissive mode, you can use the following command to run the CGIs under SELinux enforcing/targeted mode:

chcon -R -t httpd_sys_content_t /usr/local/nagios/sbin/
chcon -R -t httpd_sys_content_t /usr/local/nagios/share/

For information on running the Nagios CGIs under Enforcing mode with a targeted policy, visit the Nagios Support Portal or Nagios Community Wiki.

9) Login to the Web InterfaceYou should now be able to access the Nagios web interface at the URL below. You'll be prompted for the username (nagiosadmin) and password you specified earlier.

http://localhost/nagios/

Click on the "Service Detail" navbar link to see details of what's being monitored on your local machine. It will take a few minutes for Nagios to check all the services associated with your machine, as the checks are spread out over time.

10) Other Modifications
Make sure your machine's firewall rules are configured to allow access to the web server if you want to access the Nagios interface remotely.

Configuring email notifications is out of the scope of this documentation. While Nagios is currently configured to send you email notifications, your system may not yet have a mail program properly installed or configured. Refer to your system documentation, search the web, or look to the Nagios Support Portal or Nagios Community Wiki for specific instructions on configuring your system to send email messages to external addresses. More information on notifications can be found here.

11) You're Done

Congratulations! You sucessfully installed Nagios. Your journey into monitoring is just beginning. You'll no doubt want to monitor more than just your local machine, so check out the following docs...

    * Monitoring Windows machines
    * Monitoring Linux/Unix machines
    * Monitoring Netware servers
    * Monitoring routers/switches
    * Monitoring publicly available services (HTTP, FTP, SSH, etc.)

Note:
------

after 4 step completion.
-----------------------------
** mkdir /etc/httpd/conf.d/

then make install-webconfig.

add this line into the apache httd.conf file
vi /usr/local/apache/conf/httpd.conf Include "/etc/httpd/conf.d/nagios.conf"

restart the services.
http://localhost/nagios. give username and password.


Configure nagios for serveral hosts 

The main conf file for nagios is /usr/local/nagios/etc/nagios.cfg

When you take nagios in the browser after this freshinstall, you can see localhost added. The conf fle for this is /usr/local/nagios/etc/objects/localhost.cfg

This has been added to the file  usr/local/nagios/etc/nagios.cfg as follows.

[root@localhost objects]# grep localhost.cfg /usr/local/nagios/etc/nagios.cfg
cfg_file=/usr/local/nagios/etc/objects/localhost.cfg

If you need to add another host copy this file in the another name and change the IP, hostname accordingly.

cp 
/usr/local/nagios/etc/objects/localhost.cfg /usr/local/nagios/etc/objects/newserver.cfg

Include this cfg file to the nagios.cfg as follows.

 cfg_file=/usr/local/nagios/etc/objects/newserver.cfg

 Check nagios for errors.

/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

 If no error restart nagios

service nagios restart

 Check in browser, if you can see the new server.