Is it possible to reduce a filesystem/partition without unmounting it?

If is not under LVM , you can use parted tool to reduce

when you run lvextend to resize the lvm parition after that you need to run
ext2online to tell kenel that i have extended the logical volume

Facing problem with LVM

Hi,

I am new to LVM, server i am using with kernel, kernel-2.4.21-15.EL.

The partitions are as follows:

[root@server]# fdisk -l
Warning: invalid flag 0×0000 of partition table 5 will be corrected by
w(rite)
Disk /dev/hda: 61.4 GB, 61492838400 bytes
255 heads, 63 sectors/track, 7476 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/hda1 * 1 13 104391 83 Linux
/dev/hda2 14 650 5116702+ 83 Linux
/dev/hda3 651 1287 5116702+ 83 Linux
/dev/hda4 1288 7476 49713142+ f Win95 Ext’d (LBA)

I created the ‘LV’ using total PE.
Next i removed the LV with ‘lvremove’ command.
Also i removed the VG .
Now when i am trying to create a new VG, the output is coming as follows:

[root@sever]# vgcreate newvg /dev/hda4
> > vgcreate — more than 20% [90624 KB] of physical volume /dev/hda4 with
> > 1 KB woul
> > d be used
> >
> > Trying to check with ‘pvdisplay’/'vgdisplay’, the result is as
> > follows:
> >
> > [root@server]# pvdisplay /dev/hda4
> > pvdisplay — “/dev/hda4″ is a new physical volume of 1 KB
> >
> > [root@server]# vgdisplay newvg
> > vgdisplay — volume group “newvg” not found
> >
> > It will be appreciated , if I get some hints to debug this situation.
> >
> > Thanks in advance.
> > Tinni

1.are you using multipathing?
2. check your lvm backup file
/etc/lvm/backup and find out which UUID using which disk.

—————Original Message—————
From: zairah
Sent: Thursday, July 16, 2009 4:30 AM
Subject: Found duplicate PV L86ifzxiweN errors

> Hi
>
> I encounter the following erros on my machine which is on Redhat Enterprise 4.
>
> [root@zmy02spc01 dev]# pvdisplay
> Found duplicate PV L86ifzxiweN1ZAOcX2PGQ4Bq6PrlEFjz: using /dev/sda8 not /dev/sda3
> Found duplicate PV L86ifzxiweN1ZAOcX2PGQ4Bq6PrlEFjz: using /dev/sda3 not /dev/sda8
> Found duplicate PV L86ifzxiweN1ZAOcX2PGQ4Bq6PrlEFjz: using /dev/sda8 not /dev/sda3
> — NEW Physical volume —
> PV Name /dev/sda8
> VG Name
> PV Size 93.00 GB
> Allocatable NO
> PE Size (KByte) 0
> Total PE 0
> Free PE 0
> Allocated PE 0
> PV UUID L86ifz-xiwe-N1ZA-OcX2-PGQ4-Bq6P-rlEFjz
>
>
> How do rectify this?

if you using maltipathing,
than you will get disk to the following path
/dev/mapper/mpath0
/dev/mapper/mpath1
mpath0 is the first LUN following 1,2,3 and so on

—————Original Message—————
From: cdelgadop
Sent: Wednesday, December 27, 2006 9:35 AM
Subject: Adding new SAN LUNs to Redhat without rebooting ….

> Hi
>
> I’m working in the configuration of some SAN LUNs assigned to one Partition of IBM pSeries p5 server running Redhat 4.
>
> SAN admins have done the zoning and now we want to configure the new disks. My question is: is it necessary to reboot the server? In AIX we can just run cfgmgr command as well as in HPUX ioscan command. Is there any equivalence in Linux ??
>
> Thanks in advanced

use this command
pvs -a -o devices
vgs -a -o devices
lvs -a -o devices

—————Original Message—————
From: Andy Aunan
Sent: Friday, April 02, 2010 9:33 AM
Subject: adding a new lun too a current lun of vg01

> i know i need to fdisk but after the fdisk using LVM can i do a single vgextend to add it to the current volum group?
>
> then my lvextend and finally ext2online
>
> now if this was HPUX i know how it works but with linux and fdisk not sure, looking for professional advice

1. What are the reasons if DNS reports connection time-out on port 80?

2. What is sendmail port, path, permission and log path?

3. Domain awstats configuration file path and what are the methods to update Awstats.

4. How to update webalizer.

5. Mysql data directory path?

6. Mysql Configuration file location?

7. How to grant a user for a database (through shell and panel)?

8. What are the reasons httpd service down and how to prevent the error and start the service?

9. How to allow an IP in firewall (with details)

10. Apache main configuration file path and users sites configuration file path?

————————————————————————-

hsphere=# select * from dns_zones where name = ‘autocompany.com.py’;

hsphere=# select * from dns_records where name = ‘autocompany.com.py’;

hsphere=# select * from domains where name = ‘autocompany.com.py’;

————————————————————————-

# delete the line 18 from ‘~/.ssh/known_hosts’ file
sed -i ’18 d’ ~/.ssh/known_hosts
# also
sed -i 18d ~/.ssh/known_hosts
# delete few lines
# delete 6 lines from line 8
sed -i 8,+6d file.txt
# delete the line where is ‘TO DELETE’
sed -i ‘/TO DELETE/ d’ file.txt

————————————————

Aol —> http://postmaster.info.aol.com/whitelist/whitelist_guides.html
Hotmail —> https://support.msn.com/eform.aspx?productKey=edfsmsbl&ct=eformts
Spamcop —> http://www.spamcop.net/bl.shtml/
Psbl —> http://psbl.surriel.com/remove
For more information about blacklisting refer the below link.

http://www.streamsend.com/kb/idx/51/138/Common_Questions_and_Answers/article/Ive_been_blacklisted_ISP_Listings.html

————————————————————–

grep elmadagmeyhanesi.com /hsphere/local/var/httpd/logs/access_log.1260835200 > /hsphere/local/home/elmadag/logs/elmadagmeyhanesi.com/accesslog.december

/usr/bin/perl /hsphere/local/home/elmadag/elmadagmeyhanesi.com/cgi-bin/awstats.pl -config=elmadagmeyhanesi.com -LogFile=/hsphere/local/home/elmadag/logs/elmadagmeyhanesi.com/accesslog.december

——————————————

Wisner space full

[root@malta j]# du -sh * | grep G
1.1G    aglconstruction.com
1.5G    cordaodeouro.org
1.1G    dps.com.co
1.2G    kaizenholidays.co.in
1.1G    mitra.ph
1.6G    poorvika.com
1.2G    treasuredimagesflorida.com

UPDATE mail_services SET mail_server=251 WHERE id=(SELECT child_id FROM parent_child WHERE child_type=1000 AND parent_id=(SELECT id FROM domains WHERE name=’poorvika.com’));

SELECT r.id, r.name, r.type, r.data, r.ttl, r.pref FROM domains d, parent_child p1, parent_child p2, dns_records r WHERE d.name=’poorvika.com’ AND d.id = p1.parent_id AND p1.child_type=1000 AND p1.child_id = p2.parent_id AND p2.child_id = r.id AND (p2.child_type=1007 OR p2.child_type=3006);

UPDATE dns_records SET data=’mandrake.worldispnetwork.com’ WHERE id in ();

————————————————————

#  df -h
#  cd /var/
#  ll
#  du spool/
#  du -sh spool/
#  du -sh log/
#  cd log/
#  ll
#  du -sh * | grep G
#  du -sh * | grep M
#  rm -rf cron.1 cron.2 cron.3 cron.4 maillog.1 maillog.2 maillog.3 messages.1 messages.2 messages.3 secure.1 secure.2
#  echo > maillog
#  echo > messages
#  cd clamd/
#  ll
#  du -sh *
#  cd ..
#  df -h
#  du -sh
#  cd ..
#  ll
#  du -sh account/
#  du -sh *
#  df -h
#  cd hsphere/
#  ll
#  du -sh *
#  df -h
#  cd local/
#  ll
#  cd var/
#  ll
#  du -sh *

RE:[redhat-l] Want to know available space from server and give the report on email

#!/bin/bash
cat /dev/null > /home/sysadmin/systemreport.txt

date >> /home/sysadmin/systemreport.txt

echo “=======================DAILY CHECKLIST========================================” >> /home/sysadmin/systemreport.txt

echo “==============================================================================” >> /home/sysadmin/systemreport.txt
echo ” ************************ File System Details ******************** ” >> /home/sysadmin/systemreport.txt
echo “==============================================================================” >> /home/sysadmin/systemreport.txt

df -h >> /home/sysadmin/systemreport.txt

echo “==============================================================================” >> /home/sysadmin/systemreport.txt
echo ” ******************* CPU Utilisation Report ********************* ” >> /home/sysadmin/systemreport.txt
echo “==============================================================================” >> /home/sysadmin/systemreport.txt

iostat 2 2 >> /home/sysadmin/systemreport.txt

echo “==============================================================================” >> /home/sysadmin/systemreport.txt
echo ” *********************** Memory Usages **************************” >> /home/sysadmin/systemreport.txt
echo “==============================================================================” >> /home/sysadmin/systemreport.txt
SUBJECT=”System Report `hostname`”
TO=” email@removed “
MESSAGE=”/home/sysadmin/systemreport.txt”
mutt -s “$SUBJECT” “$TO” -a $MESSAGE < /dev/null

—————Original Message—————
From: Defry
Sent: Friday, August 20, 2010 2:50 AM
Subject: Want to know available space from server and give the report on email

> Dear,
>
> I’m using red hat 4.
> I want to know available space from my server and give the report on my mail.
>
> Example
> Size : 68G
> Used : 60G
> Available : 8G
> Use% : 85%
>
> I want that information send to my mail automatically.
> Please help me.
>
> Thanks for support
>
> Regards,
> Defry

__.____._

wget -q -O /dev/null http://macsata.com/weather.php
/usr/bin/fetch -q -o /dev/null /hsphere/local/home2/bmacsata/macsata.com/weather.php

To run the php script try with the php binary, the path for php in the server is /usr/bin/php

try this.

/usr/bin/php -q

Errors on the Internet, and those annoying error messages, occur quite frequently — and can be quite frustrating, especially if you do not know the difference between a 404 error and a 502 error. Many times

they have more to do with the Web servers you’re trying to access rather than something being wrong with your computer. Here is a list of error messages you might encounter while surfing the Web and their

respective meanings to help you figure out just what the problem is.

400 Bad File Request : Usually means the syntax used in the URL is incorrect (e.g., uppercase letter should be lowercase letter; wrong punctuation marks).

401 Unauthorized : Server is looking for some encryption key from the client and is not getting it. Also, wrong password may have been entered. Try it again, paying close attention to case sensitivity.

403 Forbidden/Access Denied: Similar to 401; special permission needed to access the site — a password and/or username if it is a registration issue. Other times you may not have the proper permissions set

up on the server or the site’s administrator just doesn’t want you to be able to access the site.

404 File Not Found : Server cannot find the file you requested. File has either been moved or deleted, or you entered the wrong URL or document name. Look at the URL. If a word looks misspelled, then

correct it and try it again. If that doesn’t work backtrack by deleting information between each backslash, until you come to a page on that site that isn’t a 404. From there you may be able to find the page

you’re looking for.

408 Request Timeout : Client stopped the request before the server finished retrieving it. A user will either hit the stop button, close the browser, or click on a link before the page loads. Usually occurs when

servers are slow or file sizes are large.

500 Internal Error : Couldn’t retrieve the HTML document because of server-configuration problems. Contact site administrator.

501 Not Implemented : Web server doesn’t support a requested feature.

502 Service Temporarily Overloaded : Server congestion; too many connections; high traffic. Keep trying until the page loads.

503 Service Unavailable : Server busy, site may have moved ,or you lost your dial-up Internet connection.

Connection Refused by Host : Either you do not have permission to access the site or your password is incorrect.

File Contains No Data : Page is there but is not showing anything. Error occurs in the document. Attributed to bad table formatting, or stripped header information.

Bad File Request : Browser may not support the form or other coding you’re trying to access.

Failed DNS Lookup : The Domain Name Server can’t translate your domain request into a valid Internet address. Server may be busy or down, or incorrect URL was entered.

Host Unavailable : Host server down. Hit reload or go to the site later.

Unable to Locate Host : Host server is down, Internet connection is lost, or URL typed incorrectly.

Network Connection Refused by the Server : The Web server is busy.

HTTP error codes explained

There are multiple HTTP codes that you may come across. Below you can find a summary of the most popular HTTP error codes:

“200 OK” – You will not see this code when browsing a regular page. It means that the requested document has been processed and sent to you.

“301 Moved Permanently” – Often web designers create the so-called 301 redirects. This means that instead of the file you are browsing to, the server will point you to a different directory or a file set in the redirect rules.

“400 Bad Request” – The Web server considers the data stream sent by the client (your Web browser) ‘malformed’ i.e. it has not sent a complete HTTP request. In such cases the web server is unable to process the request. Almost always this error is caused by bad programming.

“401 Unauthorized” – You are most probably trying to access a password protected directory using wrong credentials. In such cases you should check whether you are using the correct login details. If you wish to have your credentials reset, you can do this using the “Password Protect Directories” tool in your cPanel.

“403 Forbidden” – This error message means that you are trying to open a folder or a file you do not have access to. If you are receiving this error message on your website, you should check the .htaccess files in your web hosting account for any restrictive rules.

“404 Not Found” – You are browsing to a non-existent page or a folder. In such cases you should check if the link you are trying to access is correct. In addition, if any SEF functionality on your pages is not working correctly, your application may forward you to the wrong URL.

“500 Internal Server Error” – The most common reasons for this error are bad script code, an invalid .htaccess file, wrong file/folder permissions.

All files accessible in a Linux system are arranged in one big tree, the file hierarchy, rooted at /. These files can be spread out over several devices and they can be remote or local file system. Linux supports numerous file system types. For example it supports Ext2,. Ext3, NFS, FA16, FAT32, NTFS,Sysfs, Procfs etc. To determine the file system type or to find out what type of file systems currently mounted you need to use command called mount or df. Type df command as follows:
$ df -TOutput:

Filesystem    Type   1K-blocks      Used Available Use% Mounted on
/dev/hdb1     ext3    19228276  14737848   3513680  81% /
tmpfs        tmpfs      383960         4    383956   1% /dev/shm

df command report filesystem disk space usage and if you pass -T option it will report filesystem type. As you see second command displays file system type (ext3). Type, mount command as follows at shell prompt:
$ mountOutput:

/dev/hdb1 on / type ext3 (rw,errors=remount-ro)
/dev/hdb2 on /home type ext3 (rw,errors=remount-ro)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
tmpfs on /dev/shm type tmpfs (rw)
usbfs on /proc/bus/usb type usbfs (rw)
automount(pid3558) on /data type autofs (rw,fd=4,pgrp=3558,minproto=2,maxproto=4)

As you can see, second last column displays the file system type. For example first line [/dev/hdb1 on / type ext3 (rw,errors=remount-ro)] can be interpreted as follows:

• /dev/hdb1 : Partition
• / : File system
• ext3 : File system type
• (rw,errors=remount-ro) : Mount options

select * from mysqldb where db_name=’n5n77_vb’;

Restoring reseller Admin account

Reseller has accidentaly deleted his Admin account

1. Log into the system Postgres.
2. Run the following queries:

SELECT id FROM users WHERE username=’<UnfortunateReseller>’;
SELECT admin_id FROM resellers WHERE id=<id>;
DELETE FROM users WHERE id=<admin_id>;
UPDATE resellers SET admin_id=0 WHERE id=<id>;
UPDATE signup_guard SET flags=0 WHERE reseller_id=<id>;

3. Restart control panel

To remove IP from database

hsphere=# select * from l_server_ips where ip= ’67.217.51.49′;
l_server_id |      ip      |   ip_num   |     mask      | flag |   r_id   | r_type
————-+————–+————+—————+——+———-+——–
209 | 67.217.51.49 | 1138307889 | 255.255.255.0 |    1 | 25705309 |      8
(1 row)

hsphere=# select * from parent_child where child_id = 25705309;
parent_id | parent_type | child_id | child_type | account_id | p_begin | suspended
———–+————-+———-+————+————+———+———–
(0 rows)

hsphere=# DELETE FROM  l_server_ips where ip= ’67.217.51.49′;

update dns_records SET data=’67.217.55.137′ where id=’16573385′;
select * from dns_records where name=’cp.egbwebhosting.com’;

hsphere=# select * from dns_records where name=’cp.egbwebhosting.com’;
id    |         name         | type |     data      |  ttl  | pref
———-+———————-+——+—————+——-+——
16573385 | cp.egbwebhosting.com | A    | 67.217.55.137 | 86400 |
(1 row)

Content:

1) Intruduction
2) cP/WHM Installation and cP/WHM Configuration
3) The server and it’s services | PHP Installation, Optimization & Security
4) Kernel Hardening | Linux Kernel + Grsecurity Patch
5) SSH
6) Firewall | DDoS Protection
7) Mod_Security
Anti-Virus – ClamAV
9) Rootkit
10) The Rest of Shits

===================
| 1) Intruduction |
===================

I wrote a step by step paper how to secure linux server with cP/WHM and
Apache installed. By default, linux is not secured enough but you have
to understand there is no such thing as “totally secured server/system”.
The purpose of this paper is to understand how to at least provide some
kind of security to the server. I prefer lsws web-server without any
Control Panel at all but for this paper I have used CentOS 5 with cP/WHM
and Apache web-server installed since a lot of hosting compaines and
individuals are using it.

Let’s start

So, you bought the server with CentOS 5 installed. If you ordered cP/WHM together with the server you can skip 2.1 step

============================================
| 2) cP/WHM installation and configuration |
============================================
2.1) cP/WHM Installation
To begin your installation, use the following commands into SSH:
root@server [~]# cd /home
root@server [/home]# wget http://layer1.cpanel.net/latest
root@server [/home]# ./latest

—————————————————————————————————–
cd /home – Opens /home directory
wget http://layer1.cpanel.net/latest – Fetches the latest installation file from the cPanel servers.
./latest – Opens and runs the installation files.
——————————————————————————————————

cP/WHM should be installed now. You should be able to access cP via
http://serverip:2082(SSL-2083) or http://serverip/cpanel and WHM via
http://serverip:2086(SSL-2087) or http://serverip/whm. Let’s configure
it now.

2.2) cP/WHM Configuration
Login to WHM using root username/passwd
http://serverip:2086 or http://serverip/whm

WHM – Server setup – Tweak Security:
————————————-
Enable open_basedir protection
Disable Compilers for all accounts(except root)
Enable Shell Bomb/memory Protection
Enable cPHulk Brute Force Protection

WHM – Account Functions:
————————-
Disable cPanel Demo Mode
Disable shell access for all accounts(except root)

WHM – Service Configuration – FTP Configuration:
————————————————-
Disable anonymous FTP access

WHM – MySQL:
————-
Set some MySQL password(Don’t set the same password like for the root access)
-If you don’t set MySQL password and if someone upload shell(E.G c99) on
some site on server he will be able to login into  the DB with username
“root” without password and delete/edit/download any db on that server

WHM – Service Configuration – Apache Configuration – PHP and SuExec Configuration
——————–
Enable suEXEC – suEXEC = On
When PHP runs as an Apache Module it executes as the user/group of the
webserver which is usually “nobody” or “apache”. suEXEC changes this so
scripts are run as a CGI. Than means scripts are executed as the user
that created them. With suEXEC script permissions can’t be set to
777(read/write/execute at user/group/world level)

===============================================================================
| 3) The server and it’s services | PHP Installation, Optimization & Security |
===============================================================================

3.1) Keep all services and scripts up to date and be sure that you running the latest secured version.
On CentOS type this into SSH to upgrade/update services on the server.
[root@server ~]# yum upgrade
or
[root@server ~]# yum update

3.2) PHP Installation/Update, configuration and optimization + Suhosin patch
First download what you need, type into SSH the following:
root@server [~]# cd /root
root@server [~]# wget http://www.php.net/get/php-5.2.9.tar.bz2/from/this/mirror
root@server [~]# wget http://download.suhosin.org/suhosin-patch-5.2.8-0.9.6.3.patch.gz
root@server [~]# wget http://download.suhosin.org/suhosin-0.9.27.tgz

Untar PHP
root@server [~]# tar xvjf php-5.2.9.tar.bz2

Patch the source
root@server [~]# gunzip < suhosin-patch-5.2.8-0.9.6.3.patch.gz | patch -p0

Configure the source. If you want to use the same config as you used for
the last php build it’s not a problem but you will have to add
enable-suhosin to old config. To get an old config type this into SSH:
root@server [~]# php -i | grep ./configure

root@server [~]# cd php-5.2.9
root@server [~/php-5.2.9]# ./configure –enable-suhosin + old config(add old config you got from “php -i | grep ./configure” here)
root@server [~/php-5.2.9]# make
root@server [~/php-5.2.9]# make install

Note: If you get an error like make: command not found or patch: Command
not found, you will have to install “make” and “patch”. It can be done
easly. Just type this into SSH:
root@server [~]# yum install make
root@server [~]# yum install patch

Now check is everything as you want. Upload php script like this on the server:
<?php
phpinfo();
?>
And open it via your browser and you will see your PHP configuration there

3.3) Suhosin
Now we can install suhosin patch to get better security and performance.
root@server [~]# tar zxvf suhosin-0.9.27.tgz
root@server [~]# cd suhosin-0.9.27
root@server [~/suhosin-0.9.27]# phpize
root@server [~/suhosin-0.9.27]# ./configure
root@server [~/suhosin-0.9.27]# make
root@server [~/suhosin-0.9.27]# make install

After you installed suhosin you will get something like this: It’s installed to /usr/local/lib/php/extensions/no-debug-non-zts-20060613/

Now edit your php.ini. If you don’t know where php.ini located it, type this into SSH.
root@server [~]# php -i | grep php.ini
Configuration File (php.ini) Path => /usr/local/lib
Loaded Configuration File => /usr/local/lib/php.ini

It means you have to edit /usr/local/lib/php.ini
Type into SHH:
root@server [~]# nano /usr/local/lib/php.ini
If you get an error, nano: Command not found, then:
root@server [~]# yum install nano

Find “extension_dir =” and add:
extension_dir = /usr/local/lib/php/extensions/no-debug-non-zts-20060613/
To save it, CTRL + O and then Enter button.

3.4)
We will install Zend Optimizer to get better perfomance:
Download Zend Optimizer from http://www.zend.com/store/products/zend-optimizer.php
root@server [~]# tar -zxvf ZendOptimizer-3.3.3-linux-glibc23-i386.tar.gz
root@server [~]# cd ZendOptimizer-3.3.3-linux-glibc23-i386
root@server [~/ZendOptimizer-3.3.3-linux-glibc23-i386]# ./install.sh
Welcome to Zend Optimizer installation….. – Press Enter button
Zend licence agreement…                   – Press Enter button
Do you accept the terms of this licence…  – Yes, press Enter button
Location of Zend Optimizer…               – /usr/local/Zend, press Enter button
Confirm the location of your php.ini file…- /usr/local/lib, press Enter button
Are you using Apache web-server..           – Yes, press Enter button
Specify the full path to the Apache control utility(apachectl)…-/usr/local/apache/bin/apachectl, press Enter button
The installation has completed seccessfully…- Press Enter button

Now restart apache, type this into SSH:
root@server [~]# service httpd restart

3.5) php.ini & disabled functions
Edit php.ini like this:
root@server [~]# nano /usr/local/lib/php.ini
————————————————————
safe_mode = On
expose_php = Off
Enable_dl= Off
magic_quotes = On
register_globals = off
display errors = off
disable_functions = system, show_source, symlink, exec, dl,
shell_exec, passthru, phpinfo, escapeshellarg,escapeshellcmd
————————————————————-

root@server [~]# service httpd restart

Or you can edit php.ini via WHM:
WHM – Service Configuration – PHP Configuration Editor

=========================================================
| 4) Kernel Hardening | Linux Kernel + Grsecurity Patch |
=========================================================

Description : grsecurity is an innovative approach to security utilizing
a multi-layered detection, prevention, and containment model. It is
licensed under the GPL. It offers among many other features:
-An intelligent and robust Role-Based Access Control (RBAC) system that can generate least privilege policies for your
entire system with no configuration
-Change root (chroot) hardening
-/tmp race prevention
-Extensive auditing
-Prevention of arbitrary code execution, regardless of the technique used (stack smashing, heap corruption, etc)
-Prevention of arbitrary code execution in the kernel
-Randomization of the stack, library, and heap bases
-Kernel stack base randomization
-Protection against exploitable null-pointer dereference bugs in the kernel
-Reduction of the risk of sensitive information being leaked by arbitrary-read kernel bugs
-A restriction that allows a user to only view his/her processes
-Security alerts and audits that contain the IP address of the person causing the alert

Downloading and patching kernel with grsecurity
root@server [~]# cd /root
root@server [~]# wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.26.5.tar.gz
root@server [~]# wget http://www.grsecurity.com/test/grsecurity-2.1.12-2.6.26.5-200809141715.patch
root@server [~]# tar xzvf linux-2.6.26.5.tar.gz
root@server [~]# patch -p0 < grsecurity-2.1.12-2.6.26.5-200809141715.patch
root@server [~]# mv linux-2.6.26.5 linux-2.6.26.5-grsec
root@server [~]# ln -s linux-2.6.26.5-grsec/ linux
root@server [~/linux]# cd linux
root@server [~/linux]# cp /boot/config-`uname -r` .config
root@server [~/linux]# make oldconfig

Compile the Kernel:
root@server [~/linux]# make bzImage
root@server [~/linux]# make modules
root@server [~/linux]# make modules_install
root@server [~/linux]# make install

Check your grub loader config, and make sure default is 0
root@server [~/linux]# nano /boot/grub/grub.conf

Reboot the server
root@server [~/linux]# reboot

==========
| 5) SSH |
==========

In order to change SSH port and protocol you will have to edit sshd_config
root@server [~]# nano /etc/ssh/sshd_config

Change Protocol 2,1 to Protocol 2
Change #Port 22 to some other port and uncomment it
Like, Port 1337

There is a lot of script kiddiez with brute forcers and they will try to crack our ssh pass because they know username is root, port is 22
But we were smarter, we have changed SSH port
Also, their “brute forcing” can increase server load, it means our sites(hosted on that server) will be slower

SSH Legal Message
edit /etc/motd, write in motd something like this:
“ALERT! That is a secured area. Your IP is logged. Administrator has been notified”

When someone login into SSH he will see that message:
ALERT! That is a secured area. Your IP is logged. Administrator has been notified

If you want to recieve an email every time when someone logins into SSH as root, edit .bash_profile(It’s located in /root directory) and put this at the end of file:
echo ‘ALERT – Root Shell Access on:’ `date` `who` | mail -s “Alert: Root Access from `who | awk ‘{print $6}’`” mail@something.com

And at the end restart SSH, type “service sshd restart” into SSH

=================================
| 6) Firewall | DDoS Protection |
=================================

6.1) Firewall, CSF Installation
root@server [~]# wget http://www.configserver.com/free/csf.tgz
root@server [~]# tar -xzf csf.tgz
root@server [~]# cd csf

In order to install csf your server needs to have some ipt modules
enabled. csftest is a perl script and it comes with csf. You can check
those mudules with it.
root@server [~/csf]# ./csftest.pl
The output should be like this:

root@server [~/csf]# ./csftest.pl
Testing ip_tables/iptable_filter…OK
Testing ipt_LOG…OK
Testing ipt_multiport/xt_multiport…OK
Testing ipt_REJECT…OK
Testing ipt_state/xt_state…OK
Testing ipt_limit/xt_limit…OK
Testing ipt_recent…OK
Testing ipt_owner…OK
Testing iptable_nat/ipt_REDIRECT…OK

No worries if you have no all those mudules enabled, csf will work is
you didn’t get any FATAL errors at the end of the output.

Now, get to installation
root@server [~/csf]# ./install.sh

You will have to edit conf.csf file. It’s located here:
/etc/csf/csf.conf

You need to edit it like this:
Testing = “0″

And have to configure open ports in conf.csf or you won’t be able to
access these ports. In most cases it should be configured like this if
you are using cP/WHM. If you are running something on some other port
you will have to enable it here. If you changed SSH port you will have
to enable a new port here:
# Allow incoming TCP ports
TCP_IN = “20,21,22,25,53,80,110,143,443,465,587,993,995,2077,2078,2082,2083,2086,2087,2095,2096″
# Allow outgoing TCP ports
TCP_OUT = “20,21,22,25,37,43,53,80,110,113,443,587,873,2087,2089,2703″

6.2) CSF Connection Limit
There is in csf.conf CT option, configure it like this
CT_LIMIT = “200″
It means every IP with more than 200 connections is going to be blocked.
CT_PERMANENT = “1″
IP will blocked permanent
CT_BLOCK_TIME = “1800″
IP will be blocked 1800 secs(1800 secs = 30 mins)
CT_INTERVAL = “60″
Set this to the the number of seconds between connection tracking scans.

After conf.csf editing you need to restart csf
root@server [~# service csf restart

6.3) SYN Cookies
Edit the /etc/sysctl.conf file and add the following line in order to enable SYN cookies protection:
-----------------------------------
# Enable TCP SYN Cookie Protection
net.ipv4.tcp_syncookies = 1
-----------------------------------

root@server [~/]# service network restart

6.4) CSF as security testing tool
CSF has an option “Server Security Check”. Go to WHM – Plugins – CSF -
Test Server Security. You will see additional steps how to secure the
server even more. I’m writing only about most important things here and
I covered most of them in the paper but if you want you can follow steps
provided by CSF to get the server even more secured.

6.5) Mod_Evasive
ModEvasive module for apache offers protection against DDoS (denial of service attacks) on your server.

To install it login into SSH and type

———————————————————————————
root@server [~]# cd /root/
root@server [~]# wget http://www.zdziarski.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz
root@server [~]# tar zxf mode_evasive-1.10.1.tar.gz
root@server [~]# cd mod_evasive

then type…
root@server [~/mod_evasive]# /usr/sbin/apxs -cia mod_evasive20.c
———————————————————————————

When mod_evasive is installed, place the following lines in your httpd.conf (/etc/httpd/conf/httpd.conf)

——————————–
<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
</IfModule>
——————————–

6.6) Random things:
csf -d IP – Block an IP with CSF
csf -dr IP – Unblock an IP with CSF
csf -s – Start firewall rules
csf -f – Flush/stop firewall rules
csf -r – Restart firewall rules
csf -x – Disable CSF
csf -e – Enable CSF
csf -c – Check for updates
csf -h – Show help screen

-Block an IP via iptables
iptables -A INPUT -s 208.131.183.169 -j DROP

-Unblock an IP via iptables
iptables -I INPUT -s IP -j ACCEPT

-See how many IP addresses are connected to the server and how many connections has each of them.
netstat -ntu | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n

===================
| 7) Mod_Security |
===================

Mod_Security is a web application firewall and he can help us to secure our sites against RFI, LFI, XSS, SQL Injection etc

If you use cP/WHM you can easly enable Mod_security in WHM – Plugins – Enable Mod_Security and save

Now I will explain how to install Mod_security from source.
You can’t install Mod_Security if you don’t have libxml2 and http-devel libraries.
Also, you need to enable mod_unique_id in apache modules, but don’t worry, I will explain how to do it

Login into SSH and type…

root@server [~]# yum install libxml2 libxml2-devel httpd-devel

libxml2 libxml2-devel httpd-devel should be installed now

then you need to edit httpd.conf file, you can find it here:
root@server [~]# nano /etc/httpd/conf/httpd.conf

You need to add this in your httpd.conf file
LoadModule unique_id_module modules/mod_unique_id.so

Now download the latest version of mod_security for apache2 from http://www.modsecurity.org

login into SSH and type…

root@server [~]# cd /root/
root@server [~]# wget http://www.modsecurity.org/download/modsecurity-apache_2.5.6.tar.gz
root@server [~]# tar zxf modsecurity-apache_2.5.6.tar.gz
root@server [~]# cd modsecurity-apache_2.5.6
root@server [~/modsecurity-apache_2.5.6]# cd apache2

then type:
root@server [~/modsecurity-apache_2.5.6/apache2]#  ./configure
root@server [~/modsecurity-apache_2.5.6/apache2]# make
root@server [~/modsecurity-apache_2.5.6/apache2]# make install

Go at the end of httpd.conf and place an include for our config/rules file…
Include /etc/httpd/conf/modsecurity.conf

———————————————————
# /etc/httpd/conf/httpd.conf

LoadModule unique_id_module modules/mod_unique_id.so
LoadFile /usr/lib/libxml2.so
LoadModule security2_module modules/mod_security2.so
Include /etc/httpd/conf/modsecurity.conf
———————————————————

You need to find good rules for Mod_Security. You can find them at
official Mod_Security site. Also, give a try to gotroot.com rules. When
you find a good rules, just put them in /etc/httpd/conf/modsecurity.conf

And restart httpd at the end, type “service httpd restart” into SSH

==========================
| Anti-Virus – ClamAV |
==========================

You need AV protection to protect the server against worms and trojans
invading your mailbox and files! Just install clamav (a free open source
antivirus software for linux). More information can be found on clamav
website – http://www.clamav.net

In order to install CLamAV login into SSH and type

root@server [~]# yum install clamav

Once you have installed clamav for your CentOS, here are some basic commands you will need:

Update the antivirus database
root@server [~]# freshclam

Run antivirus
root@server [~]# clamscan -r /home

Running as Cron Daily Job
To run antivirus as a cron job (automatically scan daily) just run
crontab -e from your command line. Then add the following line and save
the file.
@daily root clamscan -R /home

It means clamav will be scanning /home directory every day. You can change the folder to whatever you want to scan.

==============
| 9) Rootkit |
==============

Rootkit scanner is scanning tool to ensure you for about 99.9%* you’re clean of nasty tools.
This tool scans for rootkits, backdoors and local exploits by running tests like:
-MD5 hash compare
-Look for default files used by rootkits
-Wrong file permissions for binaries
-Look for suspected strings in LKM and KLD modules
-Look for hidden files
-Optional scan within plaintext and binary files

Instalation:

Login into SSH and type

root@server [~]# cd /root/
root@server [~]# wget http://downloads.rootkit.nl/rkhunter-1.2.7.tar.gz
root@server [~]# tar -zxvf rkhunter-1.2.7.tar.gz
root@server [~]# cd rkhunter-1.2.7
root@server [~rkhunter-1.2.7]# ./installer.sh

Scan the server with rkhunter
root@server [~]# rkhunter -c

=========================
| 10) The Rest of Shits |
=========================

10.1) Random suggestions

If you use bind DNS server then we need to edit named.conf file
named.conf is located here: /etc/named.conf

and add
recursion no; under Options
—————————-
Options{
recursion no;
—————————-

Now restart bind, type into SSH
root@server [~]# service named restart

This will prevent lookups from dnstools.com and similar services and reduce server load

In order to prevent IP spoofing, you need to edit host.conf file like this:
This file is located here: /etc/host.conf
Add that in host.conf
——————
order bind,hosts
nospoof on
——————

Hide the Apache version number:

edit httpd.conf (/etc/httpd/conf/httpd.conf)
———————–
ServerSignature Off
———————–

Disable telnet:

Edit file: /etc/xinetd.d/telnet
——————
disable = yes
——————

10.2) Passwords
Don’t use the same password you are using for the server on some other places.
When the Datacenter contacts you via e-mail or phone, always request
more informations. Remember, someone alse could contact you to get some
information or even root passwords.

10.3) Random thoughts
No matter what you need to secure the server, don’t think you are safe
only because you are not personally involved in any shits with
“hackers”. When you are hosting hacking/warez related sites you are the
target. There is no such thing as totally secured server. Most important
things are backups, make sure you will always have an “up-to-date”
offsite backups ^^

Anyhow, this is the end of my paper, I hope it will help you to get some
kind of security to your server.

——————————————————————————————-