If you're new here, you may want to subscribe to my RSS feed. So that you can read the latest updates about Web2.0 tools, Making Money Online, Tips in SEO, Ajax and many more. Thanks for visiting ProgramimiCOM!

Installing Apache on Windows, why? Because let’s face it Windows is easy, and well Apache sure beats using IIS. This tutorial is meant for the person who would like to set up there own little web server. It’s not meant for the IT Person running a fortune 500 company. But hey if you want go ahead.

Instalation:

First thing you need is to download the webserver. Now for windows
users your gonna want to go download the .exe . The apache website is www.apache.org Your gonna wanna head to the apache
binaries sections for Win32 I believe it is at http://www.apache.org/dist/httpd/binaries/win32/
There you will be able to download a version of apache.

Now before you download it you gonna want to make a folder. This folder is
where your gonna server your root directory. Now if you don’t want to do
this it’s ok. You can use the default path if you want. Put usually this helps
in setting up other things like php, and MySQL. Most people do is they create
a folder in the C:\ directory called WWW or somthin. You can name it whatever you want.

Ok so have downloaded the Apache Web Server. Your ready to go with the setup.
No the version I have downloaded was apache_2.0.36-win32-x86-no_ssl.msi This
was a newer version and supposedly supposed to be more secure. The first screen you get when your in the setup is The welcome screen we don’t care much about that
but owell so hit next. The next screen is the terms and service. And yes
your going to agree to the terms duh. The next screen is some documentation.
I never really read it but if you want go ahead and do it. Once your done
hit next again. Know we see a screen that says enter a network domain. Erase what is ever in there and type localhost. Now the next box says
Servername, erace what is ever in the box and put in localhost.
The next is Administrators e-mail address. Go ahead and fill that in.
But make sure to change it. Now there are 2 little radio buttons.
Pick the one that best suites your needs. Now that we got that all
filled out. Hit Next and you’ll go to a screen that asks you which
type of install you want to do. Then hit next.

If you wanted to server out of your one special folder. Change the
file location of were your gonna install apache. Or just leave it at the default path. Click install and it should be on
it’s way. Once it’s done installing hit the finish button.

The test:
First were gonna check to see if Apache installed correctly.
This is how we do it. Open up Internet Explorer and type in ” http://localhost” . If everything went smooth then you should
be seeing a message that looks like this” Seeing this instead of the website you expected?” Yippee!!!
Apache is working. See now wasnt’ that really simple. Ok now were gonna
do some fun stuff.

Alright now that we got or test done lets move on to changing some of this
stuff that apache did on default. In Internet Explorer if you installed
on the deafult path. Make your way to C:\Program Files\Apache Group\Apache2
This is your Main Apache Directory were you can find everything. If you want
take a short break and run around. There are some cool things there. Don’t
worry if you don’t understand what’s in these files just yet.

Break Time:
Go take a leak, get some pepsi and somthin to eat. If you got smokes light
them up in your new found glory.

Alright so now you’ve got apache installed and your about to start dishing out
your web pages that you took so much time on to build. Head to the folder called
htdocs, this is your main folder. There should be a whole bunch of pages What i do
is i select them all and move them to another folder. The htdocs folder is the best
folder in the world. It’s gonna be one of the places you spend most of your time
dishing out content for the world. Ok so get rid of all that stuff that is in your
htdocs folder. And move all your great content inside replacing it. Alright so now
once we moved all are content inside the htdocs folder and we tested it to make
sure it was there. http://localhost remember. Now let’s get out of there. Go to
Apache’s main directory. Now just to be aware of what is going on and get a good
example of how Apache Functions head off to a folder called “conf” This is the
configuration files Apache Uses. If you ever wanted to install php and other
server side scripting languages this is where you would do it. Now you get 2 copys
Use 1 as a backup and never edit it at all. Go ahead and open the folder and open
“httpd.conf” Read it very carefully cause in this tutorial were not gonna read
about it. I just want you to know it’s there. Anytime you edit the httpd.conf file
you must re-start apache in order for it to work. Another good tip for you new people
to apache is you may notice the log files. Yes there great and make sure to make backups
of the logs they will come in handy. As security precautions. I also recommend getting
a firewall set up. There are lots of great security features that apache has but this
is a tutorial to installing apache.

Alright so now you’ve got your webpages up. But the only way people will be able to view
your pages is my typing in your ip address. This is a bumper. Lets look at some free
re-directories. www.n2v.net, This is a cool one. You sign up put your ip adress of your
new webserver in and whalla your done. Type in www. .n2v.net and it goes to your server
and brings up your super nice webpages. Now if you go to google and search for free
domain names or re-directors you should come up with alot. Many People already know
about the www.dot.tk one of the coolest things in the world. Free .tk very simple
That’s all you need. It works perfect for my webserver and I’ve got around 3,000 hits
so it’s working good. If you don’t wanna do it you don’t have to. But it just
makes it simple.

Alright that comes to the conclusion of installing Apache Win32 for WINDOWS users.
Very easy. One last thing Please Read more of the Apache
Documentation either on there website or in your Apache2
directory. If you liked reading this tutorial on how to setup Apache check my
website for others at www.bonfire.tk . Yes there will be follow ups. I’ll be
writing another apache tutorail soon so you can set up PHP. The most awesome
scripting language ever built. And also another on how to secure Apache and yes
ALL FOR WINDOWS!! .

• 0 Comments

Compiling the kernel

Wanted to try out the 2.6 edition kernel? Never knew how to do it? Well heres how! Includes everything from compiling the kernel to configuring your bootloader.

Lets Begin!

cd /usr/src
wget -c http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.7.tar.bz2
tar xvfj linux-2.6.7.tar.bz2
cd linux-2.6.7
make clean && make mrproper
make oldconfig ( or make menuconfig )
make bzImage
make modules
make modules_install

( i prefer this method rather then just “make” )

If you get alot of errors about .ko modules when you run make modules_install you need to update your modutils package with module-init-tools, see below.

Now to copy the files over for the kernel itself.

cp .config /boot/config-2.6.7
cp arch/i386/boot/bzImage /boot/vmlinuz-2.6.7
cp System.map /boot/System.map-2.6.7
mkinitrd /boot/initrd-2.6.7.img 2.6.7

You may experience an error such as this:

/dev/mapper/control: open failed: No such file or directory

if you receive that error run the following commands:

rm -rf /boot/initrd-2.6.7.img
mkinitrd –omit-lvm-modules /boot/initrd-2.6.7.img 2.6.7

Now to add it to the grub / lilo configuration.

[Grub]

Your config will look something like this. Please note you need to follow the format for your current config.

title Red Hat Linux (2.6.7)
root (hd0,0)
kernel /vmlinuz-2.6.7 ro root=LABEL=/
initrd /initrd-2.6.7.img

Add your new entry to the top of the kernel list. Set the default to your working kernel. NOTE: the first kernel in the list is “0″. (ex. default=1)

Now exit. Type “grub” at the bash prompt.

savedefault –default=0 –once

issue that at the grub prompt then use quit to exit. Once your reboot you need to go back in and set the default to the 2.6 kernel by setting default=0

[lilo]

Your config will look something like this. Please note you need to follow the format for your current config.

image=/boot/vmlinuz-2.6.7
label=2.6.7
append=”root=LABEL=/”
read-only
initrd=/boot/initrd-2.6.7.img

Leave the default as is.

/sbin/lilo -v -v
/sbin/lilo -R 2.6.7

Once it reboots and comes back online you can change the default to be 2.6.7 and /sbin/lilo -v -v

The above tells you how to enable failsafe in your kernels. SO that if the box panics the dc tech does not have to console in he just has to reboot the box.

How to install module-init-tools:

cd /usr/src
wget -c http://www.kernel.org/pub/linux/kernel/people/rusty/modules/module-init-tools-3.0.tar.gz
tar -zxvf module-init-tools-3.0.tar.gz
cd module-init-tools-3.0
./configure –prefix=”"
make moveold
make install
./generate-modprobe.conf /etc/modprobe.conf

How to determine what boot loader you are using?

dd if=/dev/hda bs=512 count=1 2>&1 | grep GRUB
dd if=/dev/hda bs=512 count=1 2>&1 | grep LILO

one of them will kick back something like:

root@w00t [~]# dd if=/dev/hda bs=512 count=1 2>&1 | grep GRUB
Binary file (standard input) matches
root@w00t [~]#

which means its using grub.

• 0 Comments

Rkhunter is a very useful tool that is used to check for trojans, rootkits, and other security problems. This tutorial will touch on installing and setting up a daily report for rkhunter.

Update Aug. 23, 2005

Installing:

wget http://downloads.rootkit.nl/rkhunter-1.2.7.tar.gz
tar -zxvf rkhunter-1.2.7.tar.gz
cd rkhunter-1.2.7
./installer.sh

Now you can run a test scan with the following command:

/usr/local/bin/rkhunter -c

How to setup a daily scan report?

pico /etc/cron.daily/rkhunter.sh

add the following replacing your email address:

#!/bin/bash
(/usr/local/bin/rkhunter -c –cronjob 2>&1 | mail -s “Daily Rkhunter Scan Report” email@domain.com)

chmod +x /etc/cron.daily/rkhunter.sh

Updating rkhunter
gets the latest database updates from their central server and matches your OS better to prevent false positives.

rkhunter –update

I just got a false positive!! What do i do?

False positives are warnings which indicates there is a problem, but aren’t really a problem. Example: some Linux distro updated a few common used binaries like `ls` and `ps`. You (as a good sysadmin) update the new packages and run (ofcourse) daily Rootkit Hunter. Rootkit Hunter isn’t yet aware of these new files and while scanning it resports some “bad” files. In this case we have a false positive. You could always have your datacenter or a system administrator check out the server to verify that it is not compromised.

More information on rkhunter can be found here: http://www.rootkit.nl

• 0 Comments

Telnet sends clear text passwords and usernames through logins and should be disabled on all web servers and replaced with SSH.
Some hosting providers are not disabling telnet by default but you should ensure that it has been turned off as it’s a great security risk to your servers. TELNET server listens for incoming messages on port 23, and sends outgoing messages to port 23.

1. Login to your server through SSH and su to root.

2. Type pico /etc/xinetd.d/telnet

3. Look for the line: disable = no and replace with disable = yes

4. Now restart the inetd service: /etc/rc.d/init.d/xinetd restart

5. Turn off it through chkconfig as well because it can still start through that.
/sbin/chkconfig telnet off

6. Scan your server to ensure port 23 is closed.
nmap -sT -O localhost
Also run ps -aux | grep telnet and if you find anything other than “grep telnet” as result kill the process.

• 0 Comments

Requirements:
Apache Web Server 1.3x or 2.x

Note: We have confirmed this security addon works with Cpanel based servers.

UPDATE: Sept. 15, 2004:
Changed # Prevent path traversal (..) attacks rules to fix a typo in tutorial.

How to install?
1. Login to your server through SSH and su to the root user.

2. First your going to start out by grabbing the latest version of mod_security
wget http://www.modsecurity.org/download/mod_security-1.7.4.tar.gz

3. Next we untar the archive and cd into the directory:
tar zxvf mod_security-1.7.4.tar.gz
cd mod_security-1.7.4/

4. Now you need to determine which version of apache you use:
APACHE 1.3.x users
cd apache1/
APACHE 2.x users
cd apache2/

5. Lets Compile the module now:
/usr/local/apache/bin/apxs -cia mod_security.c

6. Ok, now its time to edit the httpd conf file. First we will make a backup just incase something goes wrong:
cp /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conf.backup

7. Now that we have backed it all up, we can edit the httpd.conf. Replace pico with nano depending on what you have
pico /usr/local/apache/conf/httpd.conf

8. Lets look for something in the config, do this by holding control and pressing W and you are going to search for

<IfModule mod_dir.c> (altho any of the IfModules would work fine)

9. Now add this

<IfModule mod_security.c>
# Turn the filtering engine On or Off
SecFilterEngine On

# Change Server: string
SecServerSignature ” “

# Make sure that URL encoding is valid
SecFilterCheckURLEncoding On

# This setting should be set to On only if the Web site is
# using the Unicode encoding. Otherwise it may interfere with
# the normal Web site operation.
SecFilterCheckUnicodeEncoding Off

# Only allow bytes from this range
SecFilterForceByteRange 1 255

# The audit engine works independently and
# can be turned On of Off on the per-server or
# on the per-directory basis. “On” will log everything,
# “DynamicOrRelevant” will log dynamic requests or violations,
# and “RelevantOnly” will only log policy violations
SecAuditEngine RelevantOnly

# The name of the audit log file
SecAuditLog /var/log/httpd/audit_log

# Should mod_security inspect POST payloads
SecFilterScanPOST On

# Action to take by default
SecFilterDefaultAction “deny,log,status:500″

# Require HTTP_USER_AGENT and HTTP_HOST in all requests
SecFilterSelective “HTTP_USER_AGENT|HTTP_HOST” “^$”

# Prevent path traversal (..) attacks
SecFilter “../”

# Weaker XSS protection but allows common HTML tags
SecFilter “<[[:space:]]*script”

# Prevent XSS atacks (HTML/Javascript injection)
SecFilter “<(.|n)+>”

# Very crude filters to prevent SQL injection attacks
SecFilter “delete[[:space:]]+from”
SecFilter “insert[[:space:]]+into”
SecFilter “select.+from”

# Protecting from XSS attacks through the PHP session cookie
SecFilterSelective ARG_PHPSESSID “!^[0-9a-z]*$”
SecFilterSelective COOKIE_PHPSESSID “!^[0-9a-z]*$”
</IfModule>

10. Save the file Ctrl + X then Y

11. Restart Apache

/etc/rc.d/init.d/httpd stop
/etc/rc.d/init.d/httpd start

You’ve successfully installed mod_security!

• 0 Comments

What is BFD (Brute Force Detection)?
BFD is a modular shell script for parsing applicable logs and checking for authentication failures. There is not much complexity or detail to BFD yet and likewise it is very straight-forward in its installation, configuration and usage. The reason behind BFD is very simple; the fact there is little to no authentication and brute force auditing programs in the linux community that work in conjunction with a firewall or real-time facility to place bans. BFD is available at: http://www.rfxnetworks.com/bfd.php

This guide will show you how to install and configure BFD to protect your system from brute force hack attempts.

Requirements:
- You MUST have APF Firewall Installed before installing BFD - it works with APF and requires some APF files to operate.
- Root SSH access to your server

Updated: April 13, 2005

Lets begin!
Login to your server through SSH and su to the root user.

1. cd /root/downloads or another temporary folder where you store your files.

2. wget http://www.rfxnetworks.com/downloads/bfd-current.tar.gz

3. tar -xvzf bfd-current.tar.gz

4. cd bfd-0.7

5. Run the install file: ./install.sh
You will receive a message saying it has been installed

.: BFD installed
Install path: /usr/local/bfd
Config path: /usr/local/bfd/conf.bfd
Executable path: /usr/local/sbin/bfd

6. Lets edit the configuration file: pico /usr/local/bfd/conf.bfd

7. Enable brute force hack attempt alerts:
Find: ALERT_USR=”0″ CHANGE TO: ALERT_USR=”1″

Find: EMAIL_USR=”root” CHANGE TO: EMAIL_USR=”your@yourdomain.com”

Save the changes: Ctrl+X then Y

8. Prevent locking yourself out!
pico -w /usr/local/bfd/ignore.hosts and add your own trusted IPs
Eg: 192.168.1.1

Save the changes: Ctrl+X then Y

BFD uses APF’ cli insert feature
and as such will override any allow_hosts.rules entries users have in-place.
So be sure to add your trusted ip addresses to the ignore file to prevent
locking yourself out.

9. Run the program!
/usr/local/sbin/bfd -s

10. Customize your applicatoins brute force configuration
Check out the rules directory in your /usr/local/bfd

Here you’ll find all kinds of pre-made rules for popular services such as Apache, and ProFTPD w00t!
If you have any clue about shell scripting you can customize them or create new rules for enhanced brute force detection and prevent attacks.

Thanks to RFX Networks for creating another great script for the community, Brute Force Detection is excellent!

Cheers

• 0 Comments

Want to be notified instantly when someone logs into your server as root? No problem, check out this nice tutorial on email notification for root logins. Keeping track of who logs into your server and when is very important, especially when you’re dealing with the super user account. We recommend that you use an email address not hosted on the server your sending the alert from.

So lets get started!

1. Login to your server and su to root, I know the irony!

2. cd /root

3. pico .bashrc

4. Scroll to the end of the file then add the following:
echo ‘ALERT - Root Shell Access (YourserverName) on:’ `date` `who` | mail -s “Alert: Root Access from `who | cut -d”(” -f2 | cut -d”)” -f1`” you@yourdomain.com

Replace YourServerName with the handle for your actual server
Replace you@yourdomain.com with your actual email address

5. Crtl + X then Y

Now logout of SSH, close the connection and log back in! You should receive an email address of the root login alert a few minutes afterwards.

Note: This is a great tool for servers that have multiple admins or if you give someone SSH access for whatever reason, although you should give out the root password to as few people as humanly possible and be sure to change it often.

This will not magically alert you when a hacker runs the latest kernel exploit on your server and logs into SSH because they will create their own SSH/telnet connection. You should keep your system up to date, install a firewall and follow the latest security releases.

• 0 Comments

Masking or anonymizing a Web server involves removing identifying details that intruders could use to detect your OS and Web Port80 Software has developed an IIS server module called ServerMask to combat the majority of issues explored here for the Windows Web Server.

The Server Header Tells All
Most Web servers politely identify themselves and the OS to anyone who asks. Using a network query tool like Sam Spade or this Header Check, you can discern the HTTP Server header. Just request a Web site’s home page and examine the resulting HTTP headers or “banners” sent back by the server. Among them, you will likely find something like this:

Server: Microsoft-IIS/5.0

There is not much mystery here. Apache’s default settings make it no less identifiable:

Server: Apache/2.0.41-dev (UNIX)

You can remove or obscure this HTTP Server header in a variety of ways, depending on your platform. Apache 2.x users who have the mod_headers module loaded can use a simple directive in their httpd.conf file, as follows:
Header set Server “New Server Name Goes Here”

Unfortunately, mod_headers cannot alter the Server header in prior versions of Apache, so 1.3.x users will have to resort to editing the defines in httpd.h and recompiling Apache to get the same result. IIS users can install IISLockDown and use the configuration option in URLScan’s INI file for removing or replacing the header. Be careful with URLScan if you are using Cold Fusion application server — the way the current version replaces the Server header wreaks havoc with CFM pages. In fact, removing the header is the way to go when using URLScan, since if you try replacing the header it moves to the bottom of the header order — which pretty much gives away that you are running URLScan on IIS.

Unsightly File Extensions
Displaying file extensions like .asp or .aspx in a site is a clear indication that you are running a Microsoft server and, in general, hiding file extensions is a good practice to mask the technology generating dynamic pages. You can change your application mappings (.asp becomes .htm or .foo, etc.), but such one-to-one mapping can make mixing server-side technologies painful and does nothing to alleviate headaches during site migrations. Doing without file extensions altogether is an even better idea, not only for security but also for ease-of-migration and content negotiation. Apache people will want to take a look at mod_negotiation. Watch out, though, for the Content-Location header in the server’s response, which can give away the file extension that is not shown in the URL. You might have to suppress this header separately using mod_headers. In a similar vein, Port80 offers a tool called PageXchanger that allows file extension hiding in IIS.

Half-Baked Cookies
The ASP session ID cookie, used by the Session object to maintain client state, is another dead giveaway:

Set-Cookie: ASPSESSIONIDQGQGGWFC=MGMLNKMDENPEOPIJHPOPEPPB;

You can disable ASP Session State so that this cookie is not placed, but you lose the convenience of using the Session object to maintain client state. You could also create an ISAPI filter to change the names of any session ID cookie. On the other hand, ASP sessions are resource intensive, and turning them off improves the performance and scalability of your ASP application, while also helping to anonymize your server.

Send These to the Recycle Bin
WebDAV: Another way of identifying Microsoft servers is their implementation (from Windows 2000 and IIS 5.0 on) of WebDAV — the HTTP Extensions for Distributed Authoring and Versioning. WebDAV itself is not unique to Microsoft or IIS; it is a proposed standard (RFC 2518) with an IETF Working Group. Microsoft’s WebDAV support, however, adds a lot of information to the headers sent back by the server, especially when an HTTP OPTIONS request is made. If you are not using WebDAV (to support Outlook Web Access or Web Folders, etc.), you can disable it entirely by editing the registry or by using IISLockDown and URLScan.

Public Header: Certain Web servers betray their identity by displaying the Public header in HTTP responses. Few popular Web Servers send this header in response to OPTIONS requests (while almost all respond with the similar Allow header). The presence of Public is a good indication you are connected to either an IIS box or Netscape Enterprise 3.6. The Public header can be removed with a custom ISAPI filter (IIS) or NSAPI plug-in (Netscape).

Integrated Windows Authentication: IIS users should not rely on “Integrated Windows Authentication” — especially not as a way of hiding anything on the server. This method betrays the very secret it would keep, since a script or visual hacker can identify the Windows box by means of the WWW-Authenticate headers sent by the server. When a file or directory is protected by NT Challenge-Response authentication, one of the authentication headers contains the string “NTLM” (NT LAN Manager) — a Microsoft-specific form of HTTP authentication.

Get Your Headers Straight
The number and sequence of your HTTP headers and the presence or absence of certain platform-specific headers provide handy ways for more sophisticated hackers to fingerprint your Web server. A relatively unexplored area of server profiling, this will become a more common exploit as administrators start to implement countermeasures against obvious HTTP vulnerabilities like the Server header. For IIS users, a custom ISAPI filter can alter the Microsoft-specific header order or sequence to emulate, say, a default Apache installation. Apache users can accomplish any header order emulation they wish by experimenting with the location and order of Header directives in mod_headers.

Whose Default is That?
Default messages, pages and scripts of all kinds often contain clues to server identity, and these should be removed or modified accordingly. Software behind the Web server often bubbles error messages back through the HTTP request/response cycle, and customized HTTP errors can mask application server, database server, Web server and OS identity. For IIS, CustomError makes it easy for developers to deploy custom 404 and other HTTP error pages. This article shows how to implement custom HTTP errors in Apache. Avoid this on a development server, since, when done properly, it prevents database and server-side scripting errors from being seen — making it tough for developers to debug their applications! Remove or hide any Web or application server administration pages, scripts or documentation installed under your server’s Web root, and make sure to replace those default home pages.

• 1 Comment

Chkrootkit is a powerful tool to scan your Linux server for trojans. We’ll show you how to install it, scan your server and setup a daily automated scanning job that emails you the report.

Installing CHKROOTKIT

SSH as admin to your server. DO NOT use telnet, it should be disabled anyways.

#Change to root
su -

#Type the following
wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz

# Check the MD5 SUM of the download for security:
ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.md5

md5sum chkrootkit.tar.gz

#Unpack the tarball using the command
tar xvzf chkrootkit.tar.gz

#Change to the directory it created
cd chkrootkit*

#Compile by typing
make sense

#To use chkrootkit, just type the command
./chkrootkit

#Everything it outputs should be ‘not found‘ or ‘not infected‘…

Important Note: If you see ‘Checking `bindshell’… INFECTED (PORTS: 465)’ read on.
I’m running PortSentry/klaxon. What’s wrong with the bindshell test?
If you’re running PortSentry/klaxon or another program that binds itself to unused ports probably chkrootkit will give you a false positive on the bindshell test (ports 114/tcp, 465/tcp, 511/tcp, 1008/tcp, 1524/tcp, 1999/tcp, 3879/tcp, 4369/tcp, 5665/tcp, 10008/tcp, 12321/tcp, 23132/tcp, 27374/tcp, 29364/tcp, 31336/tcp, 31337/tcp, 45454/tcp, 47017/tcp, 47889/tcp, 60001/tcp).

#Now,
cd ..
#Then remove the .gz file
rm chkrootkit.tar.gz

Daily Automated System Scan that emails you a report

While in SSH run the following:
pico /etc/cron.daily/chkrootkit.sh

Insert the following to the new file:
#!/bin/bash
cd /yourinstallpath/chkrootkit-0.42b/
./chkrootkit | mail -s “Daily chkrootkit from Servername” admin@youremail.com

Important:
1. Replace ‘yourinstallpath’ with the actual path to where you unpacked Chkrootkit.
2. Change ‘Servername’ to the server your running so you know where it’s coming from.
3. Change ‘admin@youremail.com’ to your actual email address where the script will mail you.

Now save the file in SSH:
Ctrl+X then type Y

Change the file permissions so we can run it
chmod 755 /etc/cron.daily/chkrootkit.sh

Now if you like you can run a test report manually in SSH to see how it looks.
cd /etc/cron.daily/

./chkrootkit.sh

You’ll now receive a nice email with the report! This will now happen everyday so you don’t have to run it manually.

• 0 Comments

Allowing the root user to login directly is a major security issue, we’ll show you how to disable it so you can still login as root but just not directly, reducing the security issue.

This will force a hacker to have to guess 2 seperate passwords to gain root access.
(you do have 2 seperate passwords for admin and root right?)
What happens is you’ll first need to login as your admin user in SSH, then switch to the super user with the su command to get root.

We also will be forcing the use of SSH protocol 2, which is a newer, more secure SSH protocol
Just a couple more ways to help your server stay safe from the bad guys. If you’re using cPanel make sure you add your admin user to the ‘wheel‘ group so that you will be able to ‘su -‘ to root, otherwise you may lock yourself out of root.

1. SSH into your server as ‘admin‘ and gain root access by su

2. Copy and paste this line to edit the file for SSH logins
pico -w /etc/ssh/sshd_config

3. Find the line
Protocol 2, 1

4. Uncomment it and change it to look like
Protocol 2

5. Next, find the line
PermitRootLogin yes

6. Uncomment it and make it look like PermitRootLogin no

7. Save the file Ctrl+X then Y then enter

8. Now you can restart SSH
/etc/rc.d/init.d/sshd restart

Now, no one will be able to login to root with out first loggin in as admin and ’su -’ to root, and you will be forcing the use of a more secure protocol. Just make sure you remember both passwords!

• 0 Comments