Sunday, September 18, 2011

Search Engine Installation and Configaration

Introduction
htdig is a webpage search engine licensed under the GNU Public License. It uses a very simple configuration file to allow it to search only the webpages you specify. For example, you can exclude the cgi-bin or a testing directory from the search engine. In addition to installing it on a webserver, some programs use it as a search engine plugin such as Glade, the GTK+ User Interface Builder. In addition, it will create a searchable database of any website. You just supply to URL.
Installing htdig
  1. Download the latest version from the htdig ftp server.
  2. tar -xvfz htdig-3.1.5.tar.gz
  3. cd htdig-3.1.5
  4. ./configure
  5. make
  6. make install

Configuring htdig

Once you have htdig installed, you must make a few changes to the configuration file and the HTML templates into which the search results are embedded.

Configuration File

The configuration file for htdig is located at /opt/www/htdig/conf/htdig.conf. It is pretty self-explanitory. The main attributes you need to configure are as follows. It will work if you leave the defaults for the other options or change them if you wish.
Attribute Value Example
start_url URL of your site http://www.mywebsite.com
exclude_urls Directories you do not want searched separated by white spaces /cgi-bin/ /testing/
adminstrator Email address of administrator admin@mywebsite.com
search_results_header HTML file to be used as header of search results. Only use this if you don’t want to use the default location for the header file: /opt/www/htdig/common/header.html /home/httpd/search/header.html
search_results_footer HTML file to be used as footer of search results. Only use this if you don’t want to use the default location for the header file: /opt/www/htdig/common/footer.html /home/httpd/search/footer.html
nothing_found_file HTML file to be displayed if there is no match to search string entered. Only use this if you don’t want to use the default location for the header file: /opt/www/htdig/common/nomatch.html /home/httpd/search/nomatch.html
syntax_error_file HTML file to be displayed if there is a syntax error in the search string entered. Only use this if you don’t want to use the default location for the header file: /opt/www/htdig/common/syntax.html /home/httpd/search/syntax.html
HTML Templates

If you don’t want to use the default look-and-feel of htdig, you can edit the following files to use the look-and-feel of your website. The paths may be different if you choose to change the paths of them in your configuration file.
  • /opt/www/htdig/common/header.html
  • /opt/www/htdig/common/footer.html
  • /opt/www/htdig/common/nomatch.html
  • /opt/www/htdig/common/syntax.html
Post-installation and configuration
  1. Next, you must setup the search database by running the script /opt/www/htdig/bin/rundig.
  2. Copy the default search.html and images from /opt/www/htdocs/htdig to a directory named htdig off of your webRoot. If the images are not in this directory, they will not appear unless you configure it otherwise it htdig.conf.
  3. Copy /opt/www/cgi-bin/htsearch to the cgi-bin for your webserver.
  4. Test the search engine by opening search.html in your browser and entering a search string.
  5. Because the search engine uses a database to return results, the database must be rebuilt with the rundig command used in step 1 every time any pages are added to the website.
  6. If you want to configure anything else, refer the the htdig website. Pretty much everything is configurable with htdig.

Wednesday, September 14, 2011

Monitor ALL eth0 Traffic Except My Own SSH Session tcpdump:

I'm using tcpdump to dump, debug and monitor traffic on a network. However, there is lots of noise and I would like to exclude ssh from my dumps. How do I monitor all traffic except my ssh session?

The tcpdump command displays out the headers of packets on a network interface that match the boolean expression. In other words you can use boolean expression to drop ssh traffic from dumping and monitoring operation using the following syntax:
tcpdump -i eth0  -s 1500 port not 22
You can skip additional ports too:
tcpdump -i eth0  -s 1500 port not 22 and port not 53
You can also use ip or hostname:
tcpdump -i eth0 port not 22 and host 1.2.3.4

See also:

man tcpdump

Wednesday, August 17, 2011

Linux password policy

Linux password lockout policy can be configured using PAM "Pluggable Authentication Modules" to lock a user’s account temporarily if they attempt to bruteforce into an account by trying various password combinations. This configuration uses the pam_tally2.so module. Bruteforce hacking is a method to find a user’s password by trying to login with various password combinations. By having a password lockout policy such users can be locked out of their account if a certain number of incorrect passwords are entered. While trying this tutorial in your system make sure you have the file /lib/security/pam_tally2.so if it isn’t there trying this out will lock all user accounts even if you enter the correct password.
Using a text editor open the following file
/etc/pam.d/system-auth
add the following text to the second line.
auth required pam_tall2.so deny=3 unlock_time=3600
The above statement will lock an user account if incorrect passwords are entered three or more times as specified in the deny option. The account will be unlocked after 3600 seconds as specified in the unlock_time option. Choose the number of incorrect attempts and unlock time wisely. There is also another option which will enforce this policy for the root user.
auth required pam_tall2.so deny=3 unlock_time=3600 even_deny_root
The even_deny_root will lockout the root user also. So use this option with caution. After this is done add another line in the account section in the same file
account required pam_tally2.so
Save the /etc/pam.d/system-auth file, before testing your configuration open another terminal and try to login as any user with a CORRECT password, if you’re unable to login at this stage there is something wrong with the /etc/pam.d/system-auth file. If you’re able to login successfully try by logging in using the correct username and wrong password. Each time you try execute the following command as root to find the number of authentication failure attempts.
pam_tally2
or
pam_tally2 -u username
to see information regarding a specific user (Replace username with the actual user).
If you enter the incorrect password for certain number of times the following message will appear as soon as the username is entered
Account locked due to 4 failed login attempts
To manually unlock the account before the unlock_time use the following command
pam_tally2 -u username -r
A more conservative usage of the above command is to deduct the number of times the user has logged in unsuccessfully. For example, if the password retries is 3 and user Alice has tried logging in with an incorrect password 4 times, using the above command to unlock the account will give another 3 tries for the username Alice which might give more attempts for a potential hacker. Instead the incorrect attempts counter value can be set to 2 so that Alice has just one more attempt.
pam_tally2 -u username --reset=2
will set the incorrect password counter for the user to 2.
In case the root user is locked out and you immediately need to login as root, boot your system into single user mode and execute the following command.
pam_tally2 -u root -r

Monday, May 9, 2011

Disable the fsck on boot

  1. Boot the system from boot disc 1 or an ISO image of the installation media
  2. Once the system has successfully booted from the ISO image and the Red Hat Enterprise Linux boot screen will appears, type: "linux rescue" without the quotes, and hit enter at the prompt.
  3. Select "Continue" when prompted to allow the rescue environment to mount Red Hat Enterprise Linux installation under /mnt/sysimage directory.
  4. Type "chroot /mnt/sysimage"
  5. Then edit /etc/fstab
  6. In this file, in the very last column for each mount point, there is a number.  Changing this number to a 0 (zero) will make it so that it does not try to fsck that mount point on boot.
  7. Save the file
  8. Reboot or CTRL+D