Tikejhya: Ashish Nepal

Knowledgebase

Month: September 2011 (Page 2 of 3)

UPDATE PRIVILEGES

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

GRANT PRIVILEGES : (aLTERNATIve)

UPDATE mysql.db Set Select_priv = 'Y', Insert_priv = 'Y', Update_priv = 'Y', Create_priv = 'Y' Where User = 'username' and db='dbname.*';

Check Hardware Issues or stat

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

/var/log/dmesg

If Hardware Issue
grep “CPU” /var/log/messages | more

logrotate (CentOS)

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

vi /etc/logrotate.d/servicename

/data/logs/whatever.log {
  weekly # rotation
  rotate 10 # total number upto 10
  compress # compress into gz format
  missingok # numbers missing
  postrotate
  /bin/kill -HUP httpd
           endscript
}

Force logrotate

logrotate -v -f /etc/logrotate.d/httpd

OSSEC – howto email

Ossec

If you configured ossec to send emails only for alerts with severity level 7 and higher then you will get those alerts.
Beside that you will also get emails for every alert that is triggered with rule that has “alert_by_email
tag specified regardless of rule level.

Add the following statement in your ossec.conf section next to the line:
1
This means that the global e-mail notification system will only send out one e-mail per hour, that means it collects all
alerts that would generate an e-mail until the end of the hour,
compiles them into one e-mail and then sends it.

Host-based intrusion detection system (HIDS)

E.g OSSEC

“OSSEC is an Open Source Host-based Intrusion Detection System. It performs log analysis,
file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.” (www.ossec.net)

HIDS (OSSEC) is an intrusion detection system that monitors and analyzes the internal computing system.

Never the less in some cases the “Network packets on its network interface”.
Yes, Just like Network-Based Intrusion detection system (NIDS).

Monitors the dynamic behaviour and state of the Machine (Computer System).

e.g. /etc/passwd was modified

suddenly and inexplicably started modifying the system password database.

Can be taken as Monitoring agent, or system’s security Policy.

What has ossec to say about ossec itself:

OSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection System (HIDS).
It has a powerful correlation and analysis engine, integrating log analysis, file integrity checking,
Windows registry monitoring, centralized policy enforcement, rootkit detection, real-time alerting and active response.

How to Install Ossec WUI

::::::::::::::::::::::::::::::::::::::::
OSSECWUI Installation
wget http://www.ossec.net/files/ui/ossec-wui-0.3.tar.gz
Note:
Download latest from
http://www.ossec.net/wiki/OSSECWUI#Download

stop Iptables every 2 min

Before, working in iptables its always good to stop iptables every certain period just in case 😀

*/2 * * * * /sbin/service iptables stop

Delete files except/multiple

How to delete files except certain file or except multiple files.

rm -rf $(ls *|egrep -v “input|bar|script”)

Enable Zend or IonCube

Where?
php.ini

Enable Zend Extension In PHP

zend_extension=/home/ashishnepal/ZendOptimizer-3.3.9-linux-glibc23-x86_64/data/5_1_x_comp/ZendOptimizer.so

ioncube_loader_lin_5.3_ts.so

zend_extension = /home/ashishnepal/ioncube/ioncube_loader_lin_5.3.so

** Installing to a remote UNIX/LINUX DEDICATED or VPS server

1. Upload the contents of this package to /usr/local/ioncube

2. Copy the loader-wizard.php script to the root web directory of a
configured domain on the server

2. Launch the Loader Wizard script in your browser. For example:
http://yourdomain/loader-wizard.php

mysqld_safe

How Mysqld_safe Runs

vi /etc/my.cnf

# skip-locking
skip-grant-tables

/usr/bin/mysqld_safe –datadir=”/var/lib” –pid-file=”/var/lib/pidfile.pid”

Iptable rule to block multiple ports

Iptable rule to block multiple ports

-A INPUT -p tcp -m multiport –dports port,port,port -j DROP

Logs Monitoring

Logs Monitoring

tail -500 /var/logs/httpd/access.log | cut | sort | and so on and so forth

Cut to view certain
cut -c 14-21

Sort in Numeric Order
sort -n

Count unique
uniq -c

3 From Last
tail -3

first from top
head -1

5th to 8th character
cut -c 5-8

Display Only if its below 10
awk “$NF<=10"

Page 2 of 3

Powered by WordPress & Theme by Anders Norén