Wednesday, September 14, 2011

Monitor ALL eth0 Traffic Except My Own SSH Session tcpdump:

I'm using tcpdump to dump, debug and monitor traffic on a network. However, there is lots of noise and I would like to exclude ssh from my dumps. How do I monitor all traffic except my ssh session?

The tcpdump command displays out the headers of packets on a network interface that match the boolean expression. In other words you can use boolean expression to drop ssh traffic from dumping and monitoring operation using the following syntax:
tcpdump -i eth0  -s 1500 port not 22
You can skip additional ports too:
tcpdump -i eth0  -s 1500 port not 22 and port not 53
You can also use ip or hostname:
tcpdump -i eth0 port not 22 and host

See also:

man tcpdump

Wednesday, August 17, 2011

Linux password policy

Linux password lockout policy can be configured using PAM "Pluggable Authentication Modules" to lock a user’s account temporarily if they attempt to bruteforce into an account by trying various password combinations. This configuration uses the module. Bruteforce hacking is a method to find a user’s password by trying to login with various password combinations. By having a password lockout policy such users can be locked out of their account if a certain number of incorrect passwords are entered. While trying this tutorial in your system make sure you have the file /lib/security/ if it isn’t there trying this out will lock all user accounts even if you enter the correct password.
Using a text editor open the following file
add the following text to the second line.
auth required deny=3 unlock_time=3600
The above statement will lock an user account if incorrect passwords are entered three or more times as specified in the deny option. The account will be unlocked after 3600 seconds as specified in the unlock_time option. Choose the number of incorrect attempts and unlock time wisely. There is also another option which will enforce this policy for the root user.
auth required deny=3 unlock_time=3600 even_deny_root
The even_deny_root will lockout the root user also. So use this option with caution. After this is done add another line in the account section in the same file
account required
Save the /etc/pam.d/system-auth file, before testing your configuration open another terminal and try to login as any user with a CORRECT password, if you’re unable to login at this stage there is something wrong with the /etc/pam.d/system-auth file. If you’re able to login successfully try by logging in using the correct username and wrong password. Each time you try execute the following command as root to find the number of authentication failure attempts.
pam_tally2 -u username
to see information regarding a specific user (Replace username with the actual user).
If you enter the incorrect password for certain number of times the following message will appear as soon as the username is entered
Account locked due to 4 failed login attempts
To manually unlock the account before the unlock_time use the following command
pam_tally2 -u username -r
A more conservative usage of the above command is to deduct the number of times the user has logged in unsuccessfully. For example, if the password retries is 3 and user Alice has tried logging in with an incorrect password 4 times, using the above command to unlock the account will give another 3 tries for the username Alice which might give more attempts for a potential hacker. Instead the incorrect attempts counter value can be set to 2 so that Alice has just one more attempt.
pam_tally2 -u username --reset=2
will set the incorrect password counter for the user to 2.
In case the root user is locked out and you immediately need to login as root, boot your system into single user mode and execute the following command.
pam_tally2 -u root -r

Monday, May 9, 2011

Disable the fsck on boot

  1. Boot the system from boot disc 1 or an ISO image of the installation media
  2. Once the system has successfully booted from the ISO image and the Red Hat Enterprise Linux boot screen will appears, type: "linux rescue" without the quotes, and hit enter at the prompt.
  3. Select "Continue" when prompted to allow the rescue environment to mount Red Hat Enterprise Linux installation under /mnt/sysimage directory.
  4. Type "chroot /mnt/sysimage"
  5. Then edit /etc/fstab
  6. In this file, in the very last column for each mount point, there is a number.  Changing this number to a 0 (zero) will make it so that it does not try to fsck that mount point on boot.
  7. Save the file
  8. Reboot or CTRL+D

Saturday, April 2, 2011

Set Up A Feng Office Suite Web Server Fedora /Centos / RedHat

Feng Office allows businesses to manage project tasks, billing, documents, communication with co-workers, customers and vendors, schedule meetings and events, and share every kind of electronic information.

#yum install  mysql mysql-server httpd php php-mysql php-gd php-imap php-ldap php-odbc php-pear php-xml php-xmlrpc phpmyadmin

#service httpd start
#service mysqld start
#mysql_secure_installation (set up root password)
#unzip -d /var/www/html/

Open Firefox http://localhost/feng_community

[root@rajat feng_community]# chmod 777 config/
[root@rajat feng_community]# chmod 777 cache/
[root@rajat feng_community]# chmod 777 upload/
[root@rajat feng_community]# chmod 777 tmp/

your Office online have fun