Shashikant shah

Wednesday, 26 December 2012

SVN with Active Directory server 2008


-->
1.Server 2008 Detail :-

IP :- 192.168.0.10
Hostname :- adserver
Domain :- example.com
Full name :- adserver.example.com

2.Linux (SVN) server Detail :-

IP :- 192.168.0.123
Hostname :- svn.server.com

3.SVN Server side :-

b) Configura SVN.

4.We are install SVN in linux Machine.

Download some Packages :-
# cd /opt/svn



4.Install some Packages :-

# yum install httpd php
# yum install gcc glibc glibc-common
# yum install gd gd-devel
# yum install zlib
# yum install neon
# yum install subversion
# yum install enscript
# yum install mod_dav_svn
# yum install php-ldap

5.Go to this Path :-

# cd /opt/svn
# tar -xvf subversion-1.4.6.tar.gz
#
tar -xvzf subversion_deps-1.4.6.tar.gz (Don’t worry for that it is keeping all 
the libraries filesinside subversion-1.4.6)
# tar -xvzf apr-1.2.12.tar.gz
# cd apr-1.2.12 (autoconf and libtool )
# ./buildconf
# ./configure
# make

# tar -xvzf apr-util-1.2.12.tar.gz
# cd apr-util-1.2.12
# ./buildconf - -with-apr=path to apr directory (/usr/lib/svn/apr-1.2.12)
# ./configure - -with-apr=path to apr directory (/usr/lib/svn/apr-1.2.12)
# make

# tar -xvzf db-4.6.21.tar.gz

# cd subversion-1.4.6
# ./autogen.sh
# ./configure –with-berkelay-db=/usr/lib/svn/db-4.6.21 (path of berkelay data base)
# make
# make install

6.Now create one repository with svnadmin command.

# cd /var/www/

# svnadmin create repos

# chown -R apache:apache /var/www/repos

7.Then at the end of the Subversion.conf file you have to add

Error “|rotatelogs /var/log/svn/error-%Y-%m-%d.log 86400”
Customlog “|rotatelogs /var/log/svn/access-%Y-%m-%d.log 86400” common

<Location /var/www/repos>

DAV svn

SVNPath /var/www/repos

AuthzSVNAccessFile /var/www/repos/conf/authz

SVNIndexXSLT /repos-web/view/repos.xsl
AuthBasicProvider ldap

AuthType Basic
AuthzLDAPAuthoritative off

AuthName “Subversion repository”


AuthLDAPBindPassword shashi@123


Require valid-user

</Location>

8.add the folder on repos :-

# mkdir /root/Desktop/unicom

# svn import -m “Initial import” /root/Desktop/unicom file:///var/www/repos/new folder name

9.Only 2 users will be able to view the repos and other users are not able to view for repos.

a) shashi
b) svn

# cd /var/www/repos/conf/

# vim authz

[repos:/]
shashi = rw
svn = r

# service httpd restart
# chkconfig httpd on

10.check link :

username :- shashi
password :- ******

Wednesday, 12 December 2012

AIDE File Integrity Scanner

What is AIDE ?

AIDE is A file integrity scanner is something you need to have.  Imagine a hacker placing a backdoor on your web site, or changing your order form to email him a copy of everyone's credit card while leaving it appear to be functionally normally.

By setting up daily reporting, this notifies you within, at most, 24 hours of when any file was changed, added, or removed.  It also helps establish an audit trail in the event your site is compromised.

These instructions are designed for an end user, where you don't need to have root access, to implement and assumes your server has the aide binary installed.  Most hosts will have this installed already, or will install it for you upon request.

Install AIDE

#zypper in aide

Download A Sample AIDE config file

We will start with a simple one, this will scan your web root directory for md5 hash changes.

To download the file, SSH into your account and run:

#cd /home/testing
#wget http://repository.wowtutorial.org/aide.conf

Example

Our username is : testing and the home directory is /home/testing/public_html

Edit aide.conf
#vi aide.conf

What you will want to change in this file, is replace "username" on the first line, and confirm that is the path to your root directory.
Then on the last line, confirm that public_html is your web root directory.  If your host uses the cPanel control panel, then public_html is your web root.

in this case then change it the username to "testing" and leave the public_html untouch since testing home directory is in /home/testing/public_html

Initialize the AIDE database

The command to initialize the AIDE database is:

#nice -19 aide --init --config=/home/testing/aide.conf

AIDE is not the least resource intensive software in the world so we are running it with a 19 priority using nice.

Now copy your AIDE output database file to the input file:

#cp aide.db.out aide.db.in

You can test aide by doing:

#nice -19 aide -C --config=/home/testing/aide.conf

Go ahead and run that now, it will say all files match, then make a change to a file and add a file, rerun it and see what the report says.

Daily Reporting with Cronjob


There are a few ways to get the aide reports, a common one is to have it email you the reports, for this you can set a cronjob to run aide everyday, or even more frequently if you'd like.

Open up the crontab editor and paste in:

#crontab -e

0 1 * * * nice -19 /usr/local/bin/aide --config=/home/testing/aide.conf -C| mail you@domain.com -saide\ domain

The reports can get rather lengthy overtime, so if you want to reset the database, say weekly, you can add this to the crontab:

#0 2 * * 0  nice -19 /usr/local/bin/aide --config=/home/testing/aide.conf --init;mv -f /home/testing/aide.db.out /home/testing/aide.db.in

Extras

We have covered the basics, and that is actually only the tip of the iceberg of what you can do with AIDE.


And you might want to exclude certain files, for example if you have a forum or gallery and a lot of images are added regularly you can exclude those from the report. For example to exclude all jpg files in images/ you would put the following in the config file:

#vi /home/testing/aide.conf
....
....
!@@{TOPDIR}/public_html/images/.*\.jpg$
...

And that would go right above this line:
@@{TOPDIR}/public_html MD

Another thing you can do for extra security is, have your host chown your in database file, and your config file to another user, this way if your user is compromised, the hacker could not compromise your AIDE database, without also gaining access to the second user.

To be even more secure, you can download your AIDE database after creating it, and then upload it before you run a scan.

I hope this Howto lets you see the need for a file integrity checker, and makes it easy to setup, no matter what your user level is.

Simple Bash Script to Monitor Services in Linux Server

Here is a sample or simple shell script to monitor every services in your server such as http, ssh, mail, dns, mysql, etc..
Feel free to modify it for your own use.
---------------------------------------------------------------------
#!/bin/bash
# Simple shell script to monitor every services such as http, ssh, mail, dns, etc
# Shell script to monitor running services such as web/http, ssh, mail etc.
# If service fails it will send an Email to ADMIN user
# -------------------------------------------------------------------------
# Copyright (c) 2011 wowtutorial <http://www.wowtutorial.org>
# This script is licensed under GNU GPL version 2.0 or above
# -------------------------------------------------------------------------
ports="22 53 80 25 3306"

# service names as per above ports
service="SSH DNS WEB MAIL MYSQL"

#Email id to send alert
ADMINEMAIL="admin@wowtutorial.org"

#Bin paths, set them according to your Linux distro
NETSTAT=/bin/netstat
MAIL=/usr/bin/mail
LOGGER=/usr/bin/logger
ID=/usr/bin/id

# Red hat usr uncomment
MAIL=/bin/mail
LOGGER=/bin/logger

#Counters, set defaults
c=1
status=""
sendmail=0

# set the following to 1, if you want message in /var/log/messages via a SYSLOG
logtosyslog=0

# Log file used to send an email
LOG="/tmp/services.log.$$"

# log message to screen and a log file
log(){
    echo "$@"
    echo "$@" >> $LOG
}

# log message and stop script
die(){
    echo "$@"
    exit 999
}

# Make sure only root can run it
is_root(){
    local id=$($ID -u)
    [ $id -ne 0 ]  && die "You must be root to run $0."
}
# Look out for all bins and create a log file
init_script(){
    [ ! -x $MAIL ] && die "$MAIL command not found."
    [ ! -x $NETSTAT ] && die "$NETSTAT command not found."
    [ ! -x $LOGGER ] && die "$LOGGER command not found."
    [ ! -x $ID ] && die "$ID command not found."
    is_root
    >$LOG
}

# check for all running services and shoot an email if service is not running
chk_services(){
    log "-------------------------------------------------------------"
    log "Running services status @ $(hostname) [ $(date) ]"
    log "-------------------------------------------------------------"

    # get open ports
    RPORTS=$($NETSTAT -tulpn -A inet | grep -vE '^Active|Proto' | grep 'LISTEN' | awk '{ print $4}' | cut -d: -f2 | sed '/^$/d' | sort  -u)

    # okay let us compare them
    for t in $ports
    do
        sname=$(echo $service | cut -d' ' -f$c)
        echo -en " $sname\t\t\t : "
        echo -en " $sname\t\t\t : " >> $LOG
        for r in $RPORTS
        do
            if [ "$r" == "$t" ]
            then
                status="YES"
                sendmail=1
                break
            fi
        done
        echo -n "$status"
        echo ""
        echo -n "$status" >>$LOG
        echo "" >>$LOG
        # Log to a syslog /var/log/messages?
        # This is useful if you have a dedicated syslog server
        [ $logtosyslog -eq 1  ] && $LOGGER "$sname service running : $status"

        # Update counters for next round
        c=$( expr $c + 1 )
        status="NO"
    done
    log "-------------------------------------------------------------"
    log "This is an automatically generated $(uname) service status notification by $0 script."

    if [ $sendmail -eq 1 ];
    then
        $MAIL -s "Service Down @ $(hostname)" $ADMINEMAIL < $LOG
    fi
}

### main ###
init_script
chk_services

### remove a log file ###
[ -f $LOG ] && /bin/rm -f $LOG

Detect Rootkits in Your Linux Server

First, we need to know what is rootkits.Rootkits is a program to control your unix terminals usually root access,in Windows usually Administrator access without any authorization from the server owner.

So to securing your linux server 
We can using some software : Zeppoo , Chkrootkit or rkhunter

Zeppoo Software

Zeppo will detect rootkits on i386 and x86_64 architecture in linux using /dev/kmem and /dev/mem
this software also able to detect a hidden task, system call etc..

Chkrootkit Software

Chkrootkit will locally check for sign of any rootkits in your server.
To install it we can using repository in your linux distribution

#yum install chkrootkit
or
#apt-get install chkrootkit

To checking any suspected files/strings we can using

#chkrootkit -x | less

Note : we need to have root access to do above command

rkhunter software

1.rkhunter is a tools that able to scan your linux server something like backdoors, rootkits and other exploits.

2.rkhunter is a shell script that able to check your local sistem and detect known rootkits.

To install it we can using repository in your linux distribution


#yum install rkhunter or #apt-get install rkhunter

To checking we can using this command below

#rkhunter --check


Note For Chkrootkit and rkhunter we need to mount some external command such as awk, grep and others

#chkrootkit -p /mnt/safe
for chkrootkit

#rkhunter --check --bindir /mnt/safe
for rkhunter

Friday, 7 December 2012

Bind configuration on RHEL-5.5


Server :- shashi.example.com
IP :- 192.168.0.254
Sub :- 255.255.255.0
DNS :- 192.168.0.254

Client :- client.unicom.com
IP :- 192.168.0.2
Sub :- 255.255.255.0
DNS :- 192.168.0.254

1.Required RPM

#bind-libs-9.3.3-10.el5
#bind-chroot-9.3.3-10.el5
#bind-devel-9.3.3-10.el5
#bind-utils-9.3.3-10.el5
#bind-libbind-devel-9.3.3-10.el5
#bind-9.3.3-10.el5
#bind-sdb-9.3.3-10.el5
#caching-nameserver-9.3.3-10.el5

2.Some file check

# vim /etc/hosts
# vim /etc/sysconfig/network
# vim /etc/resolv.conf

3.Configure

# cp -p /etc/named/caching-nameserver.conf /var/named/chroot/etc/named.conf

4.Soft link

# ln -s /var/named/chroot/etc/named.conf /etc/named.conf

5.Check Permission

# ll -ld /etc/named.conf
root named named.conf

6.Create named.conf

#vim /etc/named.conf

listen-on Port 53 { 127.0.0.1; Server IP; } ;

allow-query { localhost; any; } ;
allow-query-cache { localhost; any; } ;

match-clients { localhost; any; } ;
match-destinations { localhost; any; } ;

recursion yes;
zone “example.com” {
type master;
file “example.com.zone”;
};
zone “0.168.192.in-addr.arpa” {
type master;
file “rev-example.com.zone”;
};

7.Test named.conf

# named-checkconf

cd /var/named/chroot/var/named/

# cp -p localdomain.zone example.com.zone

# vim example.com.zone


$TTL 86400

@ SOA example.com. root (

42 ; serial (d. adams)

3H ; refresh

15M ; retry

1W ; expiry

1D ) ; minimum

IN NS shashi.example.com.

shashi IN A 192.168.0.254
client IN A 192.168.0.2

# cd /var/named/chroot/var/named/

# cp -p named.local rev-example.com.zone

# vim rev-example.com.zone

$TTL 86400

@ IN SOA example.com. root.shashi.example.com. (

42 ; serial (d. adams)

3H ; refresh

15M ; retry

1W ; expiry

1D ) ; minimum

IN NS shashi.example.com
254 IN PTR shashi.
2 IN PTR client.

-->
# service named start
# service named restart
# chkconfig named on

12.check DNS

# nslookup
# dig server.example.com