LinuxBabu ………..Linux System Admin Blog….

This usually happens when you are trying to change a password while the root filesystem (or wherever /etc is) is mounted read-only, for example when you booted up using the init trick, or in some maintenance mode (runlevel, usually).

You can mount a filesystem read-write using:

mount -o remount,rw /

Q. How do I verify that my ISP or my own recursive resolvers are free from DNS cache poisoning bug that is promised full disclosure of the flaw by Dan on August 7 at the Black Hat conference? How do I test my dns server for DNS cache pollution or DNS Cache Poisoning bug?

A. DNS cache poisoning (also known as DNS cache pollution) is a maliciously created or unintended situation that provides data to a Domain Name Server that did not originate from authoritative DNS sources. It occur if DNS “spoofing attack” has been encountered. An attacker will send malicious data / non-secure data in response to a DNS query. For example dns query for www.linuxbabu.net can be redirected to www.redhat.com.

how do I find out if my DNS server is open to such attack or not?

Visit Dan Kaminsky java script page to check your DNS

You can also use following command dig command, enter:
$ dig +short @{name-server-ip} porttest.dns-oarc.net txt
$ dig +short @ns1.example.com porttest.dns-oarc.net txt
$ dig +short @208.67.222.222 porttest.dns-oarc.net txtSample output:

z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"208.67.222.222 is GOOD: 26 queries in 0.1 seconds from 26 ports with std dev 17746.18"

Another test,
$ dig +short @125.22.47.125 porttest.dns-oarc.net txtOutput:

z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"125.22.47.139 is POOR: 42 queries in 8.4 seconds from 1 ports with std dev 0.00"

FIX :

Run yum update
yum updateOpen named.conf file and comment out following two lines:
query-source port 53;
query-source-v6 port 53;Make sure recursion is limited to your LAN only. Set ACL. Restart bind to take effect:
rndc reload 


service named restart


Hi guys… Today I faced a issue with a new VPS installed with EZ template Centos 5.2. I was preparing the VPS with logwatch, apf and other security and got cron error under roots mail.

Cron errors shows log errors :

OR

You do not find log files updating

This was due to the syslog daemon not running. Check if the service is running and restart. Your server may have syslogd daemon on rsyslogd depending on your OS.

I had rsyslogd on Centos 5.2

Check if the service is being started at the starup :

Use Command to enable the daemon at startup

The log files were not being created due to the daemons stopped, after restart all started generating.

Cheers!

Due to differing needs and requirements this is difficult to answer except on a case by case basis. The MySQL website has a section regarding general security of a MySQL database available here: http://dev.mysql.com/doc/refman/5.0/en/security.html

Additionally some good practices are:

1. Verify your root MySQL account password is set
2. the test account and database that were created during the initial installation
   • Login to mysql as root, from the command prompt “shell> mysql –u root –p mysql” and enter the password when prompted
   • mysql> drop database test;
   • mysql> use mysql;
   • mysql> delete from user where user=’test’;
   • mysql> delete from user where user=”;
   • mysql> flush privileges;
3. Make sure that each account has a password set
4. Do not grant global privileges unnecessarily
5. Avoid using wildcards in the hostname value associated with accounts
6. Periodically review users and databases that are setup in MySQL
7. Do not use passwords on the command line. From the command line you can login to MySQL using “shell> mysql –u root –password=somepassword mysql” the problem with this is anyone on the server could view your password with a simple process list command “shell> ps”. The correct usage would be: “shell> mysql –u root –p mysql”, from this MySQL will prompt your for your password and it will not show up in the process list as plain text.

Note: There are many excellent articles available on the web for MySQL security. Go to your search engine of choice and search “securing mysql” and you should have reading for weeks.

Create an .htaccess file in your public_html directory with the following code:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www.)?domain.com.*$ [NC]
RewriteRule .(gif|jpg)$ - [F]

Where domain.com is your domain.

This relates to semaphores on your system (you’ve run out). Run the following to clear them out:

ipcs | grep apache | awk ‘{print $2}’ > sem.txt
for i in `cat sem.txt`; do { ipcrm -s $i; }; done;

For cPanel servers :

ipcs | grep nobody | awk ‘{print $2}’ > sem.txt
for i in `cat sem.txt`; do { ipcrm -s $i; }; done;

Finally restart Apache :

/etc/init.d/httpd restart

service httpd restart

Exim comes with a utility called ‘exiwhat’ which will display what each instance of exim is currently involved with. The output will look similar to this:

root@server [~]# exiwhat
2118 daemon: -q1h, listening for SMTP on port 25 (IPv4)
2130 daemon: no queue runs, listening for SMTPS on port 465 (IPv4)
31640 handling incoming connection from [1.2.3.4]

Also, to monitor the exim log in realtime, you may use the tail command thusly:

tail -f /var/log/exim_mainlg