MRKAVANA (mrkavana@gmail.com) - www.facebook.com/kavanathai

Aug 25, 2011

How to enable log-queries-not-using-indexes in mysql


How to enable “log-queries-not-using-indexes” in Mysql?
Edit /etc/my.cnf and place the following line under the [mysqld] section:
log-queries-not-using-indexes
Save the file and restart the mysql service:
# /etc/init.d/mysql restart
To verify if it is set to ON, use the following command:
# mysqladmin variables |grep  log_queries_not_using_indexes

Được đăng bởi kavanathai vào lúc 4:06 PM 0 nhận xét
Nhãn:

Plesk webmail + DB Error: connect failed


You may receive the following error message while accessing Webmail on a Plesk server:
A fatal error has occurred
DB Error: connect failed
You need to make sure the ‘horde’ user is able to connect to the ‘horde’ databaseusing the password mentioned in the file “/etc/psa/.webmail.shadow”. You have to create the file and specify a random password if the file is missing.
To set the password for user ‘horde’ , go to the mysql prompt.
#mysql -uadmin -p`cat /etc/psa/.psa.shadow` mysql
On the mysql prompt, execute:
mysql> update user set password=password(password-from-.webmail.shadow) where user=’horde’;
Also make sure sql.safe_mode is set to off in /etc/php.ini file:
sql.safe_mode=Off
Restart Apache server once you save the file.
If the problem persists, use the password from “/etc/psa/webmail/horde/.horde.shadow” file. Go through the following steps:
#cp /etc/psa/webmail/horde/.horde.shadow /etc/psa/.webmail.shadow
#mysql -uadmin -p`cat /etc/psa/.psa.shadow` mysql
mysql> update user set password=password(password-from-/etc/psa/webmail/horde/.horde.shadow) where user=’horde’;
You should now be able to access Webmail client.


Được đăng bởi kavanathai vào lúc 4:05 PM 0 nhận xét
Nhãn: ,

Howto: Increase RAM/Memory for Java.


In order to increase memory limit for Java, perform the following steps, edit the file:
/var/cpanel/tomcat.options
Insert the following 2 lines:
Xmx200M
Xms100M
where, Xmx is the upper limit and Xms is the lower limit. You have to replace the values as per your requirement. Save the file and restart the tomcat service:
root@server [~]#/scripts/restartsrv tomcat

Được đăng bởi kavanathai vào lúc 4:02 PM 0 nhận xét
Nhãn: ,

Grant privileges to a Mysql user?


Create a database:
mysql> create database dbname;
and grant the privileges using the following query:
mysql> grant all on dbname.* to ‘dbuser’@'localhost’ identified by ‘password’;
The user ‘dbuser’ will now have access to database ‘dbname’ locally using the password ‘password’. Using the above command, you can also allow new users to access your database as well. Just replace the ‘dbuser’ and ‘password’ with the new user and password.
To allow the user to access the database remotely say from IP 111.222.333.444, execute:
mysql> grant all on dbname.* to ‘dbuser’@’111.222.333.444‘ identified by ‘password’;

Được đăng bởi kavanathai vào lúc 4:00 PM 0 nhận xét
Nhãn:

INSTALLING AND CONFIGURING SNORT ON REDHAT/CENTOS v5.5


Here are the steps to install Snort:
  1. yum clean all
  2. yum install gcc gcc-c++ kernel-devel patch make vim ssh libxml2 libxml2-devel
  3. yum install pcre pcre-devel php php-common php-gd gd php-cli php-mysql flex bison php-pear-Numbers-Roman php-pear-Numbers-Words php-pear-Image-Color php-pear-Image-Canvas php-pear-Image-Graph libpcap libpcap-devel mysql mysql-devel mysql-bench mysql-server glib2-devel
  4. Make sure libpcap (version 1.0.0) is installed. If a version less than 1 is installed, it won’t work. If you need to, you can download using the following commands:
    1. wget http://www.tcpdump.org/release/libpcap-1.0.0.tar.gz
    2. tar -xzf libpcap-1.0.0.tar.gz
    3. cd libpcap-1.0.0
    4. ./configure –prefix=/usr
    5. make
    6. make install
  5. wget http://libdnet.googlecode.com/files/libdnet-1.12.tgz
  6. Download libnet-1.0.2a.tar.gz (not .tgz file and not a later version) from http://www.filewatcher.com/m/libnet-1.0.2a.tar.gz.140191.0.0.html
  7. Download the latest Snort binary from http://www.snort.org
  8. Download the latest daq from http://www.snort.org
  9. Download base-1.4.5.tar.gz from http://sourceforge.net/projects/secureideas/files/BASE/base-1.4.5/
    Command: wget http://sourceforge.net/projects/secureideas/files/BASE/base-1.4.5/base-1.4.5.tar.gz
  10. Download ADOdb from http://sourceforge.net/projects/adodb/files/adodb-php-4-and-5/adodb-4991-for-php/adodb4991.tgz/download
  11. Download Barnyard2:
    wget http://www.securixlive.com/download/barnyard2/barnyard2-1.9.tar.gz
  12. Install libdnet:
    1. cd libdnet-1.12
    2. ./configure
    3. make
    4. make install
  13. Install daq:
    1. tar -xf daq-0.5.tar
    2. cd daq-0.5.tar
    3. ./configure         <– Make sure you installed libpcap = 1.0.0 (as mentioned above) otherwise this will fail
    4. make
    5. make install
  14. Install barnyard2
    1. tar -xzf barnyard2-1.9.tar.gz
    2. cd barnyard2-1.9
    3. ./configure –with-mysql –with-mysql-libraries=/usr/lib64/mysql/
    4. make
    5. make install
  15. Install snort:
    1. tar -xf snort-2.9.0.3.tar
    2. cd snort-2.9.0.3
    3. ./configure -with-mysql-libraries=/usr/lib64/mysql/ –enable-dynamicplugin
    4. make
    5. make install
    6. groupadd snort
    7. useradd -g snort snort -s /sbin/nologin
    8. mkdir /etc/snort
    9. mkdir /etc/snort/rules
    10. mkdir /etc/snort/so_rules
    11. mkdir /var/log/snort
    12. chown snort:snort /var/log/snort
    13. cd /root/Snort/snort-2.9.0.3/etc
    14. cp * /etc/snort/
    15. Download latest Snort rules file from snort.org and install:
      1. Register an account at http://www.snort.org to get your Oinkcode
      2. wget http://www.snort.org/reg-rules/snortrules-snapshot-2902.tar.gz/a2dec5e394b80d5337fe9ed57151787139a2fe28 -O snortrules-snapshot-2902.tar.gz
        NOTE: To get the right version for that URL, look at what is available on the snort.org site under VRT Releases
      3. mkdir snortrules ; tar -xf snortrules-snapshot-2902.tar ; cd snortrules
      4. cp rules/* /etc/snort/rules
  16. Install ADOdb and base:
    1. cd /var/www/html
    2. cp ADODB4991.tar /var/www/html/
    3. cp base-1.4.5.tar.gz /var/www/html/
    4. tar -xf ADODB4991.tar
    5. tar -xzf base-1.4.5.tar.gz
    6. chown -R root:root base-1.4.5
    7. chmod 777 base-1.4.5
    8. vim /etc/php.ini and set the following line to be: error_reporting  =  E_ALL & ~E_NOTICE
    9. service httpd restart
Installation References:
  • http://www.snort.org/assets/159/Snort_2.9.0.3_FC14_Base.pdf
  • http://www.snort.org/assets/145/Install_Snort_2.8.6_on_CentOS_5.5.pdf
Snort can run in one of 3 modes:
  1. Sniffer Mode: Captures packets on the wire and dumps them to your screen (console)
    1. Command (shows only TCP and IP headers): ./snort -v
    2. Command (shows data as well): ./snort -vd
    3. Command (shows data link layer headers as well): ./snort -vde
  2. Packet Logger Mode: Captures packets and logs them to a disk file
    1. Command: ./snort -dev -l /var/log/snort/
    2. Command (log in binary mode – faster): ./snort -dev -l /var/log/snort -b
    3. Command (to replay saved data): ./snort -dvr /var/log/snort/packet.log
      1. NOTE: You can also use something like tcpdump or Ethereal to replay saved file
  3. Network Intrusion Detection System (NIDS) Mode:
Additional Notes:
I tried these steps to install Snort via yum, worked fine, but had issues with rules after that (since the version provided by yum and version of rules don’t match):
  1. Verify requirements are met:
    1. libpcap installed
    2. PCRE installed
    3. libnet installed
    4. Barnyard installed
  2. wget http://3es.atomicrocketturtle.com/packages/atomic-release/atomic-release-1.0-11.el5.art.noarch.rpm
  3. rpm -ivh atomic-release-1.0-11.el5.art.noarch.rpm
  4. yum clean all
  5. yum install snort

Được đăng bởi kavanathai vào lúc 2:56 PM 0 nhận xét
Nhãn: , ,

Aug 23, 2011

RPM: Install packet on Redhat/Fedora


Purpose
Description / Example
Install an RPM Package
RPM packages have file naming conventions like foo-2.0-4.i386.rpm, which include the package name (foo), version (2.0), release (4), and architecture (i386). Also notice that RPM understands FTP and HTTP protocols for installing and querying remote RPM files.
rpm -ivh foo-2.0-4.i386.rpm
rpm -i ftp://ftp.redhat.com/pub/redhat/RPMS/foo-1.0-1.i386.rpm
rpm -i http://oss.oracle.com/projects/firewire/dist/files/kernel-2.4.20-18.10.1.i686.rpm
Un-install an RPM Package
To un-install an RPM package, we use the package name foo, not the name of the original package file foo-2.0-4.i386.rpm above.
rpm -e foo
Upgrade an RPM Package
To upgrade an RPM package, RPM automatically un-installs the old version of the foo package and installs the new package. It is safe to always use rpm -Uvh to install and upgrade packages, since it works fine even when there are no previous versions of the package installed! Also notice that RPM understands FTP and HTTP protocols for upgrading from remote RPM files.
rpm -Uvh foo-1.0-2.i386.rpm
rpm -Uvh ftp://ftp.redhat.com/pub/redhat/RPMS/foo-1.0-1.i386.rpm
rpm -Uvh http://oss.oracle.com/projects/firewire/dist/files/kernel-2.4.20-18.10.1.i686.rpm
Query all Installed Packages
Use RPM to print the names of all installed packages installed on your Linux system.
rpm -qa
Query an RPM Package
Querying an RPM package will print the package name, version, and release number of the package foo only if it is installed. Use this command to verify that a package is or is not installed on your Linux system.
rpm -q foo
Display Package Information
RPM can display package information including the package name, version, and description of the installed program. Use this command to get detailed information about the installed package.
rpm -qi foo
List Files in Installed Package
The following command will list all of files in an installed RPM package. It works only when the package is already installed on your Linux system.
rpm -ql foo
Which package owns a file?
Use the following command to determine which installed package a particular file belongs to.
rpm -qf /usr/bin/mysql
For example:
# rpm -qf /usr/bin/mysql
mysql-3.23.52-3
List Files in RPM File
Use RPM to query a (possibly) un-installed RPM file with the use of the the "-p" option. You can use the "-p" option to operate on an RPM file without actually installing anything. This command lists all files in an RPM file you have in the current directory. Also note that RPM can query remote files through the FTP and HTTP protocols.
rpm -qpl kernel-2.4.20-18.10.1.i686.rpm
rpm -qpl ftp://ftp.redhat.com/pub/redhat/RPMS/foo-1.0-1.i386.rpm
rpm -qpl http://oss.oracle.com/projects/firewire/dist/files/kernel-2.4.20-18.10.1.i686.rpm
Verify an Installed Package
Use RPM to list all files that do NOT pass the verify tests (done on size, MD5 signature, etc).
rpm --verify mysql
Where a file does NOT pass, the output is listed using the following codes that signify what failed:
S File size
M Mode (includes permissions and file type)
5 MD5 sum
L Symlink
D Device
U User
G Group
T Mtime
Take for example the following:
# rpm --verify mysql
S.5....T c /etc/my.cnf
This example indicates that file /etc/my.cnf failed on:
File size
MD5 Sum
Modified Time
However, the "c" tells us this is a configuration file so that explains the changes. It should still be looked at to determine what the changes were.
Check an RPM Signature Package
RPM can be used to check the PGP signature of specified packages to ensure its integrity and origin. Always use this command first before installing a new RPM package on your system. Also, GnuPG or Pgp software must be already installed on your system before you can use this command.
rpm --checksig foo




How to check if an rpm package is installed on a Red Hat Linux server

$ rpm -qa | grep samba
samba-common-3.0.9-1.3E.14.1
samba-3.0.9-1.3E.14.1
samba-client-3.0.9-1.3E.14.1



Linux rpm list installed package

Type the command as follows:
# rpm -qa
Output:
filesystem-2.4.0-1
comps-extras-11.1-1.1
gnome-mime-data-2.4.2-3.1
glibc-2.5-12
atk-1.12.2-1.fc6
libICE-1.0.1-2.1
db4-4.3.29-9.fc6
elfutils-libelf-0.125-3.el5
ncurses-5.5-24.20060715
libsepol-1.15.2-1.el5
libcap-1.10-26
sqlite-3.3.6-2
pcre-6.6-1.1
gdbm-1.8.0-26.2.1
libsepol-1.15.2-1.el5
libXdmcp-1.0.1-2.1
db4-4.3.29-9.fc6
iptables-1.3.5-1.2.1
libXrender-0.9.1-3.1
libXi-1.0.1-3.1
xorg-x11-font-utils-7.1-2
slang-2.0.6-4.el
.....
..
....
You can display more information about package using following command:
# rpm -qi iptablesOutput:
Name        : iptables                     Relocations: /usr
Version     : 1.3.5                             Vendor: Red Hat, Inc.
Release     : 1.2.1                         Build Date: Thu 13 Jul 2006 07:17:24 PM CDT
Install Date: Tue 10 Jul 2007 08:49:20 AM CDT      Build Host: ls20-bc2-14.build.redhat.com
Group       : System Environment/Base       Source RPM: iptables-1.3.5-1.2.1.src.rpm
Size        : 676805                           License: GPL
Signature   : DSA/SHA1, Thu 18 Jan 2007 09:47:22 AM CST, Key ID 5326810137017186
Packager    : Red Hat, Inc. 
URL         : http://www.netfilter.org/
Summary     : Tools for managing Linux kernel packet filtering capabilities.
Description :
The iptables utility controls the network packet filtering code in the
Linux kernel. If you need to set up firewalls and/or IP masquerading,
you should install this package.
You can list package file using following command:
# rpm -ql iptablesOutput:
/etc/rc.d/init.d/iptables
/etc/sysconfig/iptables-config
/lib64/iptables
/lib64/iptables/libipt_CLASSIFY.so
/lib64/iptables/libipt_CONNMARK.so
/lib64/iptables/libipt_DNAT.so
/lib64/iptables/libipt_DSCP.so
/lib64/iptables/libipt_ECN.so
.....
.......
...





Được đăng bởi kavanathai vào lúc 3:56 PM 0 nhận xét
Nhãn: , ,

Aug 22, 2011

Optimize and Secure Linux Server on Redhat/Fedora

On normal server without web(apache,lighttpd,tomcat), printer, nfs, ftp, dns, oracle, weblogic, selinux, yum, tftp, snmp......the following users, services should be locked or disble
(http://linuxhelp-kavanathai.blogspot.com/2011/08/how-to-lock-unlock-enable-disable-linux.html)  :

-----------------------------------------------------------------------------------------------
[root@t1test ~]# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:4294967294:4294967294:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
pcap:x:77:77::/var/arpwatch:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
avahi:x:70:70:Avahi daemon:/:/sbin/nologin
avahi-autoipd:x:100:101:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
gdm:x:42:42::/var/gdm:/sbin/nologin
sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin
apache:x:48:48:Apache:/var/www:/sbin/nologin
---------------------------------------------------------------------------------------------
NetworkManager 
acpid         
anacron         
atd             
auditd          
autofs          
avahi-daemon    
avahi-dnsconfd  
bluetooth       
capi            
chargen-dgram
chargen-stream
conman          
cpuspeed        
crond           
cups
daytime-dgram
daytime-stream
discard-dgram
discard-stream            
dnsmasq         
dund       
echo-dgram
echo-stream
eklogin
ekrb5-telnet     
firstboot       
gpm             
gssftp
haldaemon       
hidd            
hplip           
httpd           
ip6tables       
ipmi            
iptables        
irda            
irqbalance      
isdn            
kdump           
klogin
krb5-telnet
kshell
kudzu           
lvm2-monitor    
mcstrans        
mdmonitor       
mdmpd           
messagebus      
multipathd      
netconsole      
netfs           
netplugd        
network         
nfs            
nfslock        
nscd          
ntpd           
pand           
pcscd        
portmap   
psacct   
rdisc      
readahead_early
readahead_later
restorecond  
rhnsd      
rpcgssd
rpcidmapd    
rpcsvcgssd 
rsync  
salinfo_decode 
saslauthd     
sendmail  
setroubleshoot
smartd    
snmpd      
snmptrapd    
sshd       
syslog      
sysstat    
tcpmux-server
tftp
time-dgram
time-stream
vncserver    
wdaemon    
winbind    
wpa_supplicant 
xfs     
xinetd   
ypbind   
yum-updatesd
------------------------------------------------------------------------------------------------
Được đăng bởi kavanathai vào lúc 4:14 PM 0 nhận xét
Nhãn: ,
Subscribe to: Posts (Atom)