Category: Secure Server


How to test SNORT

Filed under: Secure ServerLeave a comment
March 18, 2009
Comment

install rkhunter 1.3.4 on Fedora 10 video

Filed under: Linux Video's, Secure ServerLeave a comment
February 22, 2009

rkhunter

http://www.4shared.com/file/88956347/833ab83d/rkhavi.html

Comment

Umit scaner

Filed under: Secure ServerLeave a comment
December 28, 2008

السلام عليكم ورحمه الله
طبعا البرنامج يوجد مثلة فى املنتدى ولكن حبيت ان اضعة لانه بلغة ال python اولا وثانيا امكانياته الجميلة
وهو يعتمد على namp
مثل znmap
موقع البرنامج

http://www.umitproject.org

وهذا فيديو من البرنامج

بعد تحميل البرنامج فك الضغط
ثم
اكتب الامر التالى لتثبيت البرنامج

كود:
python setup.py install
Tags: , ,
Comment

Installing ClamAV 0.93.3 From The Sources (+ Sendmail Integration) On CentOS 5.2

Filed under: Secure ServerLeave a comment
December 21, 2008

yum install sendmail sendmail-devel

The sendmail-devel package is not optional here because we need libmilter. If we don’t install sendmail-devel we have to deal with error message libmilter not foud, so we avoid from start such a stop error.

Installing ClamAV-0.93.3 from sources

We need first to create the user and group:

groupadd clamav
useradd -g clamav clamav

We will change the password for the user clamav; for security reasons, this is not really necessary but recommended, choose a complex password, you don’t need to remember after install; as a security rule, assume in your /etc/passwd user clamav has /sbin/nologin as shell environment like below, where uid and gid are the user id and group id assigned for clamav user.

cat /etc/passwd |grep ‘clamav’

clamav:x:uid:gid::/home/clamav:/sbin/nologin

passwd clamav

We create next working directories for daemon and storeplace for logs:

 mkdir /var/clamav
chown clamav:root /var/clamav
mkdir /var/log/clamav/
chown clamav:root /var/log/clamav/
mkdir /usr/local/share/clamav
chown clamav:clamav /usr/local/share/clamav

Now download the ClamAV 0.93.3 sources from a mirror (we used heatnet as a mirror, if it is slow or not responding you can choose another mirror from):

wget http://dl.sourceforge.net/sourceforge/clamav/clamav-0.93.3.tar.gz

or use a mirror like http://sourceforge.net/project/downloading.php?group_id=86638&use_mirror=osdn&filename=clamav-0.93.3.tar.gz&88361377&abmode=1.

<!–
document.write(‘<div align=”center”>’);
//–>

tar xzvf clamav-0.93.3.tar.gz

cd clamav-0.93.3
./configure –disable-clamuko –enable-milter –with-dbdir=/usr/local/share/clamav

Basically, on distributions Red Hat based, when trying to compile clamav we see an error from incompatibility with zlib. You have the choise to install both zlib and zlib-devel packages with

yum install zlib zlib-devel
If there are erros, like configure: error: The installed zlib version may contain a security bug. Please upgrade to 1.2.2 or later: http://www.zlib.net. You can omit this check with –disable-zlib-vcheck but DO NOT REPORT any stability issues then!
we write the command:

yum update zlib zlib-devel

The chance to get error still exist so it is safe to run:

./configure –disable-clamuko –enable-milter –with-dbdir=/usr/local/share/clamav –disable-zlib-vcheck

After we run, for both cases:

make

make install

We need a file named clamav.conf. We edit it in /etc:

vi /etc/clamav.conf

Write the following lines:

#/etc/clamav.conf
LogTime
LogSyslog
LogFile /var/log/clam/clamd.log
PidFile /var/run/clam/clamd.pid
LocalSocket /var/run/clam/clamd.sock
FixStaleSocket
MaxThreads 50
ThreadTimeout 600
MaxDirectoryRecursion 15
FollowFileSymlinks
SelfCheck 600
User clamav
ScanMail
ScanArchive
ArchiveMaxFileSize 10M #file max size in Megabytes for archived scaned files.You can modify this to suit your purposes
ArchiveMaxRecursion 5
ArchiveMaxFiles 1000

Save and close the file.

Now tell your startup script to load the ClamAV daemon:

echo “/usr/local/sbin/clamd” >> /etc/rc.d/rc.local
echo “/usr/local/sbin/clamav-milter -l -o -q /var/milter/clmilter.sock” >> /etc/rc.d/rc.local

cp /etc/clamav.conf /usr/local/etc/
touch /var/log/clam-update.log
chown clamav:clamav /var/log/clam-update.log
touch /tmp/clamd.log
chown clamav:root /tmp/clamd.log
mkdir /var/milter
chown clamav:root /var/milter/
cd /usr/local/etc/

We modify some configuration files [you can download/use those used by me] in the directory /etc:

cd /etc

wget ftp://ftp.ro-design.net/pub/clamd.conf
wget ftp://ftp.ro-design.net/pub/freshclam.conf
mkdir /var/lib/clamav
chown clamav:root /var/lib/clamav/
/usr/local/bin/freshclam -l /var/log/clam-update.log
cp /usr/local/sbin/clamd /etc/init.d/
/etc/init.d/clamd restart

In the file /etc/mail/sendmail.mc add the lines:

INPUT_MAIL_FILTER(`clmilter’,`S=local:/var/milter/clmilter.sock, F=, T=S:4m;R:4m’)

dnl define(`confINPUT_MAIL_FILTERS’, `clmilter’)
m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
/etc/init.d/sendmail restart
crontab -e

Add the lines below:

# we will update the database used by Clamav antivirus daily, twice
0 2,13 * * * /usr/local/bin/freshclam –quiet -l /var/log/clam-update.log

Finally:

/etc/rc.d/rc.local

For any questions or troubles you can contact me at: server@ro-design.net

Tags:
Comment

How to Disable Telnet

Filed under: Secure ServerLeave a comment
December 20, 2008

How to Disable Telnet

1. Login to your server through SSH and su to root.

2. Type pico /etc/xinetd.d/telnet

3. Look for the line: disable = no and replace with disable = yes

4. Now restart the inetd service: /etc/rc.d/init.d/xinetd restart

5. Turn off it through chkconfig as well because it can still start through that.
/sbin/chkconfig telnet off

6. Scan your server to ensure port 23 is closed.
nmap -sT -O localhost
Also run ps -aux | grep telnet and if you find anything other than “grep telnet” as result kill the process

Comment

Stop PHP nobody Spammers

Filed under: Secure ServerLeave a comment
December 20, 2008

Stop PHP nobody Spammers

Step 1)
Login to your server and su – to root.

Article provided by seclinux.wordpress.com

Step 2)
Turn off exim while we do this so it doesn’t freak out.
/etc/init.d/exim stop

Step 3)
Backup your original /usr/sbin/sendmail file. On systems using Exim MTA, the sendmail file is just basically a pointer to Exim itself.
mv /usr/sbin/sendmail /usr/sbin/sendmail.hidden

Step 4)
Create the spam monitoring script for the new sendmail.
pico /usr/sbin/sendmail

Paste in the following:

#!/usr/local/bin/perl

# use strict;
use Env;
my $date = `date`;
chomp $date;
open (INFO, “>>/var/log/spam_log”) || die “Failed to open file ::$!”;
my $uid = $>;
my @info = getpwuid($uid);
if($REMOTE_ADDR) {
print INFO “$date – $REMOTE_ADDR ran $SCRIPT_NAME at $SERVER_NAME n”;
}
else {

print INFO “$date – $PWD -  @infon”;

}
my $mailprog = ‘/usr/sbin/sendmail.hidden’;
foreach  (@ARGV) {
$arg=”$arg” . ” $_”;
}

open (MAIL,”|$mailprog $arg”) || die “cannot open $mailprog: $!n”;
while (<STDIN> ) {
print MAIL;
}
close (INFO);
close (MAIL);

Step 5)
Change the new sendmail permissions
chmod +x /usr/sbin/sendmail

Step 6)
Create a new log file to keep a history of all mail going out of the server using web scripts
touch /var/log/spam_log

chmod 0777 /var/log/spam_log

Step 7)
Start Exim up again.
/etc/init.d/exim start

Step 8)
Monitor your spam_log file for spam, try using any formmail or script that uses a mail function – a message board, a contact script.
tail – f /var/log/spam_log

Sample Log Output

Mon Apr 11 07:12:21 EDT 2005 – /home/username/public_html/directory/subdirectory -  nobody x 99 99   Nobody / /sbin/nologin

Log Rotation Details
Your spam_log file isn’t set to be rotated so it might get to be very large quickly. Keep an eye on it and consider adding it to your logrotation.

pico /etc/logrotate.conf

FIND:
# no packages own wtmp — we’ll rotate them here
/var/log/wtmp {
monthly
create 0664 root utmp
rotate 1
}

ADD BELOW:

# SPAM LOG rotation
/var/log/spam_log {
monthly
create 0777 root root
rotate 1
}

Comment

Close Open DNS Servers

Filed under: Secure ServerLeave a comment
December 20, 2008

Close Open DNS Servers

For those of you who check your nameservers and other DNS related issues using the popular site dnsreport you’re probbaly seeing Fail Open DNS Servers. We’ll show you have to fixed named to close open dns servers.

How do I check my system?
Go to www.dnsreport.com and enter your domain name, eg webhostgear.com

You’re safe if you see:
PASS Open DNS servers

You need to follow this tutorial if you see:
FAIL Open DNS servers

Closing Open DNS Servers Tutorial

1) Login to your server and su to root.

2) Edit the /etc/named.conf file such as:# vi /etc/named.conf

Look for:

key "rndckey" {
};

After this add the following, replacing mainIP and secondaryIP with your systems nameservers.

acl "trusted" {
mainIP;secondaryIP;127.0.0.1;
};

3) After that’s done you want to add the section that says only the trusted is allowed for certain functions. Check your options area and make sure you add the following:

allow-recursion { trusted; };
allow-notify { trusted; };
allow-transfer { trusted; };

Article provided by seclinux.wordpress.com

options {
        directory "/var/named";
        allow-recursion { trusted; };
        allow-notify { trusted; };
        allow-transfer { trusted; };
        dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        /*
         * If there is a firewall between you and nameservers you want
         * to talk to, you might need to uncomment the query-source
         * directive below.  Previous versions of BIND always asked
         * questions using port 53, but BIND 8.1 uses an unprivileged
         * port by default.
         */
         // query-source address * port 53;
};

4) Save the changes and restart the named service: service named restart

5) Recheck your site at dnsreport.com, you should be good!

Cheers

Steve

Comment
Follow

Get every new post delivered to your Inbox.