Kernel compile with Grsec module in CentOS 6

Linux kernel is the life force of all Linux family of operating systems including Ubuntu, CentOS, and Fedora.

For most part, you don’t need to compile the kernel, as it is installed by default when you install the OS. Also, when there is a critical update done to the kernel, you can use yum, or apt-get to update the kernel on your Linux system.

However you might encounter certain situation, where you may have to compile kernel from source. The following are few situation where you may have to compile Kernel on your Linux system.

To enable experimental features that are not part of the default kernel.

To enable support for a new hardware that is not currently supported by the default kernel.

To debug the kernel

Or, just to learn how kernel works, you might want to explore the kernel source code, and compile it on your own.

(1) Download the kernel source

wget https://www.kernel.org/pub/linux/kernel/v3.x/linux-3.2.52.tar.bz2
tar xjf linux-3.2.52.tar.bz2

(2)Copy the config file from /boot

cp /boot/config-`uname -r` .config

(3) Download grsecurity patch
wget http://mirrors.muarf.org/grsecurity/stable/grsecurity-2.9.1-3.2.52-201311071633.patch.gz
gunzip grsecurity-2.9.1-3.2.52-201311071633.patch.gz
cd linux-3.2.52

(4) installed the patch

patch -p1

cd ../
mv linux-3.2.52 linux-3.2.52-grsec
cd linux-3.2.52-grsec

(5) Configured the new kernel with grsecurity 
make menuconfig
make bzImage && make modules
make modules_install && make install

(6) Verify the file /etc/grub.conf  for new kernel and boot proirity

(7) Disable selinux

cat /etc/selinux/config 
ip a

(7)Reboot the server two newly installed kernel

reboot

(8) Verify the kernel once the server is back online.

uname -r

Read more »

Maldet Install, Setup and Syntax

Maldet is a security software usually used in linux to scan for vulnarabilities or malware check. To install maldet follow the steps below:

cd /usr/local/src/
rm -vrf maldetect-*
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
tar -xzf maldetect-current.tar.gz
cd maldetect-*
sh ./install.sh
maldet --update-ver
maldet --update

You may also want to consider activating the many features of maldet, for example:

 email_alert=1
 email_addr="root"
 quar_hits=1
 scanthreads=5
 maxfilesize="1024k"

To edit these options, $EDITOR /usr/local/maldetect/conf.maldet
To scan all users public_html give the command below:
maldet -a /home?/?/public_html

Read more »

Delete iptables Rule - The Easy Way

Iptables is the name of the basic firewall installed in linux servers.

Check if iptables has listed your IP.
----
root@server1 [~]# iptables -nL | grep 115.248.152.21
DROP all -- 115.248.152.21 0.0.0.0/0
DROP all -- 0.0.0.0/0 115.248.152.21
----

Run iptables-save | grep 115.248.152.21 to get the exact rule command used to enabled the block. You will get output similar to this:
----
root@server1 [~]# iptables-save | grep 115.248.152.21
-A LOCALINPUT -s 115.248.152.21/32 ! -i lo -j DROP
-A LOCALOUTPUT -d 115.248.152.21/32 ! -o lo -j DROP
----
Take this command, replace the -A with -D and run it through iptables.
----
root@server1 [~]# iptables -D LOCALINPUT -s 115.248.152.21/32 ! -i lo -j DROP
root@server1 [~]# iptables -D LOCALOUTPUT -d 115.248.152.21/32 ! -o lo -j DROP
----
Thats It. :)

Read more »

How to Reset / Recover Forgotten Windows 7/Vista/XP/2003 Administrator Password

 Many times we face this problem when we or our friends forget Windows XP password and can't log into Windows. So here we are posting a few methods / utilities which can be used to recover Windows password:

    1st Method: The first thing which you check if you forget login password. When we install Windows, it automatically creates an account ""Administrator"" and sets its password to blank. So if you have forget your user account password then try this:

    Start system and when you see Windows Welcome screen / Login screen, press ctrl+alt+del keys twice and it'll show Classic Login box. Now type ""Administrator"" (without quotes) in Username and leave Password field blank. Now press Enter and you should be able to log in Windows.

    Now you can reset your account password from ""Control Panel -> User Accounts"".

    Same thing can be done using Safe Mode. In Safe Mode Windows will show this in-built Administrator account in Login screen.

    2nd Method: Windows XP and further versions also provide another method to recover forgotten password by using ""Reset Disk"". If you created a Password Reset Disk in past, you can use that disk to reset the password.

    3rd Method:In fact, there are some convenience ways to help us to be far from that nightmare, as long as you paste "windows password", "xp password", "administrator password", "vista password", "windows xp password", "forgot windows password", "windows administrator password", "windows password recovery", "windows password reset", "windows password Recovery", ect to google, there would be many related results. One of the most reliable way is to take use of windows password Recovery which is a current windows tool for empty or reset windows password for PC users even computer freshman. With windows password Recovery, just a few steps, you can re-login your PC without any data loss.

    Step1. Download Spower Windows Password Reset and save it to your hard disk. Take note of what folder you saved the file in.

    Step2. Burn the downloaded ISO file onto a CD. * To burn your CD, you'll need a blank CD-R . * If you are familiar with burning .iso image files you may use any software you already have such as Nero, Sonic, Roxio etc.

    Step 3. Put in your newly created CD and remove your Windows password.

Read more »

Installing Clam AntiVirus

Clamwin is an Open Source Software and comes with open source code, absolutely free of charge. All you have to do is download it and run it. It is based on the Clam AV technology for UNIX and has been primarily designed to guard and scan email on mail gateways.

To Install Clam AntiVirus on a linux (RHEL, CentOS) server without control panel:

Download the repo file:
 wget http://www.linux-mail.info/files/dag-clamav.repo
This will save a file  dag-clamav.repo in the current location.

Place the repo file in the correct repo location:
mv dag-clamav.repo /etc/yum.repos.d

Use yum to install
yum install clamav clamav-devel clamd

To update the virus definitions type:
 freshclam

To use this anti virus type:
 clamscan

Read more »

Basic steps to secure the server

To prevent exploits in our server, we can do some simple yet effective steps to secure our linux server. Its better late than never :)

Disable SUID
Change ssh port
Disable root login
Disable unneeded services and check open ports.
Install a good firewall
Apply TCP wrappers
Install root kit detection
Install mod_security
Disable dangerous / unused PHP functions / harden your PHP

Regularly update you packages
Disable shell access to unwanted users.
Use only command line access.
Most important use long passwords for root (preferably 14-20 digits)
It is advisable to configure a backup on a weekly basis to a remote server or our local system.

Read more »

Adding Users in Mysql and Granting Privileges

You can add users to this database and specify the databases to which they will have access with the grant command, which has the syntax.

sql> grant all privileges on database.* to username@"servername" identified by 'password';

Example:
sql> grant all privileges on data1.* to dbuser@"localhost" identified by 'secdat';

Where data1 is the database name
dbuser is the user name who has to access the db / name of new user.
secdat is the password

If you want to restrict that user from full privilege on a db you can use the following syntax:

sql> grant CREATE,INSERT,DELETE,UPDATE,SELECT on data1.* to dbuser2@localhost;

Read more »

Wordpress Hacked and Prevention

Hackers are hack for many reasons. Some of the common reasons why hackers hack are to get some Sensitive Information or to Steal Bandwidth to Distribute Illegal Content or may be for fun. Since there are many hackers around its our duty to keep our websites safe.

Since your site is wordpress, i will suggest some steps to prevent this in future:
1. Always update your wordpress to the latest version.
2. Configure a firewall on your server.
3. Always use complex passwords instead of simple ones.
4. Use an anti virus and update the virus database regularly.
5. Always take backup of your site on a weekly / monthly basis so that we cam restore it if anything happens.

Read more »

Three ways to prevent DDOS

DDOS attack, also called denial of service attack simply means creating a massive virtual visitor to a website address at the same time it was intended to "demolish" host storage makes it run slowly or can not run anymore.

A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer or network resource unavailable to its intended users.

 Method 1: Anti iframe

Code:

Method 2: Anti-reload malicious website
If you are attacked like this, you set up your files .htaccess with the content:

Code:
RewriteEngine on
 RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?domain.com [NC]
 RewriteRule !antiddos.phtml http://www.domain.com/antiddos.phtml?%{REQUEST_URI} [QSA]

Then create a file antiddos.phtml with content 

Code:
 $text = $HTTP_SERVER_VARS['QUERY_STRING'];
 $text = preg_replace("#php\&#si",'php?',$text);
 echo("[CLICK HERE TO ENTER]
'');

 ?>

Method 3: Limit number of connections at a time website
You add the following code to the home page of the website.

Code:
function server_busy($numer) {
      if (THIS_IS == 'WEBSITE' && PHP_OS == 'Linux' and @file_exists (  '/proc/loadavg' ) and $filestuff = @file_get_contents ( '/proc/loadavg'  )) {
         $loadavg = explode ( ' ', $filestuff );
         if (trim ( $loadavg [0] ) > $numer) {
             print '';
             print 'Traffic is overloaded, please come back after a few minutes.';
             exit ( 0 );
         }
     }
 }
 $srv = server_busy ( 1000 ); // 1000 is the number of visitors at a time

Read more »

Install the SSL Server Certificate

Install the SSL Server Certificate Files
--------------------------------------------------
Login to cPanel
Click SSL/TLS Manager > Certificates (CRT) > Generate, view, upload or delete SSL certificates
In the Upload a New Certificate section click the Browse button and locate your SSL Server Certificate file your_domain_com.txt.
Click the Upload button.
Click the Go Back link to return to SSL/TLS Manger.

Setup the Domain
-------------------------
Click SSL/TLS Manager > Setup a SSL certificate to work with your site. If this option is not available to you your ISP may have disabled it and you will need to contact them to complete your SSL setup.
From the Domain drop down menu select the domain that will use the SSL Certificate. The system will attempt to Fetch the SSL Certificate and corresponding private key.
Open GeoTrust_Intermediate.txt in Notepad or other simple text editor (not Word). Copy-and-paste all the contents of the GeoTrust_Intermediate.txt file into the Ca Bundle (CABUNDLE) box.
Click on Install Certificate. You should receive a message that the certificate was successfully installed. If you receive an error you may need to contact your web hosting provider for additional support.

Verify Installation:
-----------------------

New To verify if your certificate is installed correctly, use our Certificate Installation Checker.

Test your SSL certificate by using a browser to connect to your server. Use the https protocol directive. For example, if your SSL was issued to secure.mysite.com, enter https://secure.mysite.com into your browser.

Your browser's padlock icon Browser padlock will be displayed in the locked position if your certificate is installed correctly and the server is properly configured for SSL.

Read more »

How to Block an IP in Windows

I did this in windows server 2003 not sure if these steps will work in other versions of windows.

Take Start menu and take Run else you can press windows key and R in your keyboard.
Type MMC in the box and press OK or hit enter.

Now a console windows will open up. Navigate through  'File' > 'Add/Remove Snap in'.
In the 'Standalone Tab' click The 'add' button.
Seclect 'IP Security Policy Managment' > 'ADD' > 'Local Computer' > 'finish' > 'close' > 'ok'.

After this you will be back to the console.
In the left frame right click 'IP security policies on local computer' > 'Create IP security policy'

Click Next and then name your policy 'Block IP' and type a description.

Click 'Next' then leave 'activate' ticked then click 'Next'

leave the 'edit properties ticked and click 'Finish'

You should now have the properties window open.

Click 'ADD' then click 'Next' to continue.

Leave 'This rule does not specify a tunnel' selected and click 'next'

Leave 'all network connections' selected and click 'next'

You should now be on the IP filter list. You need to create a new filter, so don't select any of the default ones. Click 'ADD'

Type a Name for your list, call it 'IP block list'
Type a description in, can be same as name.
Click 'ADD' then click 'Next' to continue.

In the description box type a description. As its the first IP you are blocking call it 'IP1' or 'IP Range 1'
Leave ticked the 'Mirrored. Match packets with the exact opposite source and destination addresses'
Click 'Next'
The 'Source address' should be left as 'My IP address' click 'Next'

You can now select 'A Specific IP address' or 'A Specific Subnet' for the Destination address.
Type in the IP address you want to block and if blocking a subnet type in the subnet block. Click 'next'

Leave the protocol type as 'Any' and click 'Next' and then 'Finish'

Read more »

Installing rkhunter

Rkhunter is a very useful tool that is used to check for trojans, rootkits, and other security problems. Is a security scanning tool which will scan for rootkits, backdoors, and local exploits.

I will show you how to install it and set it up to send daily reports:

wget -c http://downloads.rootkit.nl/rkhunter-1.1.1.tar.gz

tar -zxvf rkhunter-1.1.1.tar.gz
cd rkhunter-1.1.1
./installer.sh

We have now successfully installed it. To run a complete scan of the server

/usr/local/bin/rkhunter -c

Now setting up the daily report. Open a new file using your favourite editor.

vim /etc/cron.daily/rkhunter.sh

Add this script to the new file (rkhunter.sh). Replace abc@xyz.com with your e-mail address.

#!/bin/bash
(/usr/local/bin/rkhunter -c --cronjob 2>&1 | mail -s "Daily Rkhunter Scan Report" abc@xyz.com)

Give the script permission 

chmod +x /etc/cron.daily/rkhunter.sh

Read more »

TCP Wrapper

TCP Wrapper is used to filter network access to Internet and it can also be used to GRANT or DENY access to various services on your machine to the outside network or other machines on the same network.

You must note that the wrappers do not work with RPC services over TCP. Common services such as pop3, ftp, sshd, telnet, r-services are supported by TCP Wrappers. In linux its actually done by writing simple rules to two files:
1.  /etc/hosts.allow
2. /etc/hosts.deny
When the request for ssh comes it first checks the /etc/hosts.allow file if any rule for the sshd daemon is set in it else it will check for the same in /etc/hosts.deny file.

Examples:

/etc/hosts.allow file

[root@dedico ~]# cat /etc/hosts.allow
#
# hosts.allow    This file contains access rules which are used to
#        allow or deny connections to network services that
#        either use the tcp_wrappers library or that have been
#        started through a tcp_wrappers-enabled xinetd.
#
#        See 'man 5 hosts_options' and 'man 5 hosts_access'
#        for information on rule syntax.
#        See 'man tcpd' for information on tcp_wrappers
#
ALL : .example.com

telnetd : 192.168.0.0/255.255.255.0 EXCEPT 192.168.0.79
sshd, in.tftpd : 192.168.1.10

The first line is a comment, the next line is to define the host example.com that can access to all services. The next line is to show that the telnet service can only be accessed from any host from the 192.168.0.0/24 segment except the IP address 192.168.0.79.

/etc/hosts.deny file

[root@dedico ~]# cat /etc/hosts.deny
#
# hosts.deny    This file contains access rules which are used to
#        deny connections to network services that either use
#        the tcp_wrappers library or that have been
#        started through a tcp_wrappers-enabled xinetd.
#
#        The rules in this file can also be set up in
#        /etc/hosts.allow with a 'deny' option instead.
#
#        See 'man 5 hosts_options' and 'man 5 hosts_access'
#        for information on rule syntax.
#        See 'man tcpd' for information on tcp_wrappers
#
ALL EXCEPT in.tftpd : .example.org
telnetd : ALL EXCEPT 192.168.1.10
ALL:ALL

The first line is to deny all tftp services from all hosts except for example.com. The next line is to deny all traffic to the telnet service from all hosts except from ip address 192.168.1.10.

Read more »