rkhunter installation procedure

~ tadmin

To install rkhunter on Linux servers I am usually using the following procedure:

# mkdir -pv /root/install
# cd /root/install/
# wget -O rkhunter-1.tar.gz http://sourceforge.net/projects/rkhunter/files/latest/download?source=files
# tar xzf rkhunter*.tar.gz
# cd rkhunter*
# sh installer.sh --layout default --install

To find out where it is installed I am use command:
# whereis rkhunter
rkhunter: /usr/bin/rkhunter /etc/rkhunter.conf /usr/share/man/man8/rkhunter.8

To update rkhunter databases run:

# /usr/bin/rkhunter --update

[ Rootkit Hunter version 1.4.0 ]

Checking rkhunter data files…
Checking file mirrors.dat [ No update ]
Checking file programs_bad.dat [ No update ]
Checking file backdoorports.dat [ No update ]
Checking file suspscan.dat [ No update ]
Checking file i18n/cn [ No update ]
Checking file i18n/de [ No update ]
Checking file i18n/en [ No update ]
Checking file i18n/zh [ No update ]
Checking file i18n/zh.utf8 [ No update ]
#

Also, I have created bash script:
# more /root/bin/update_and_check_rkhunter.sh

#!/bin/bash

date
/usr/bin/rkhunter --configfile /etc/rkhunter.conf --versioncheck
/usr/bin/rkhunter --configfile /etc/rkhunter.conf --update
/usr/bin/rkhunter -c --configfile /etc/rkhunter.conf --cronjob --propupd --createlogfile
date

#

… to check rkhunter version, update databases and run system check and added it to cron:
# crontab -l
1 2 * * 1 /root/bin/update_and_check_rkhunter.sh >/root/reports/update_and_check_rkhunter.log 2>&1

Problems with cPanel update MySQL conflicts with mysql-5.0.x

~ tadmin

To fix problem with cPanel / WHM upgrade if:

error: Failed dependencies:
MySQL conflicts with mysql-5.0.x

Read: http://docs.cpanel.net/bin/view/AllDocumentation/InstallationGuide/RPMTroubleshoot and forum posts http://forums.cpanel.net/f5/case-64049-overnight-update-failed-mysql-conflicts-mysql-5-0-77-4-el5_4-2-i386-320381.html

Made all MySQL databases backup and run command as root user:
# rpm -e –nodeps –allmatches –justdb mysql-5.0.x

It will resolve Conflict With Rogue mysql RPM.

Run cPanel / WHM update once again.

Apache .htaccess mod_rewrite rule redirect old URL to new one

~ tadmin ~ 1 Comment

Sometimes I need .htaccess mod_rewrite rule to redirect old URL to new one.
I am using the following rules:

# Add followsymlinks to server options
Options +FollowSymLinks

# It will work only if web server Apache mod_rewrite is enabled
<IfModule mod_rewrite.c>

# Turn on mod_rewrite engine
RewriteEngine On

# Should be added if virtual document root directive is used
RewriteBase /

# Redirect from /old-url
# to –> /new-url
RewriteCond %{REQUEST_URI} ^/old-url
RewriteRule ^old-url(.*)$ http://%{HTTP_HOST}/new-url$1 [NC,R=301,L]

</IfModule>

Notes:
%{REQUEST_URI} – web server Apache requested URL
%{HTTP_HOST} – your domain name: e.g. www.shkodenko.com or shkodenko.com
$1 – can be additional URL part including get parameters substituted from (.*)

MySQL full text search: minimum word length setting

~ tadmin

To set up full text search parameter minimum word length edit your main MySQL configuration file /etc/my.cnf.

In section
[mysqld]
# set minimum word length for full text search
ft_min_word_len=3

Restart MySQL using command:
# /etc/init.d/mysqld restart

Documentation: http://dev.mysql.com/doc/refman/5.0/en/fulltext-search.html

Linux ProFTPD setup passive mode

~ tadmin ~ 2 Comments

1. IPTables configuration.

If you have IPTables firewall enabled add rule
-A INPUT -m state –state NEW -m tcp -p tcp –dport 63000:65535 -j ACCEPT
to IPTables configuration file /etc/sysconfig/iptables
and restart IPTables service:
# /sbin/service iptables restart
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
#
To check if your new rule active run command:
# /sbin/iptables -vnL –line-numbers |more
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination

11 62 3720 ACCEPT tcp — * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpts:63000:65535

2. ProFTPD server configuration.

First step before making any changes to configuration files is to create backup:
# cp -fvp /etc/proftpd.conf /etc/proftpd.conf.bak

Second step is to check service configuration to make sure it is correct.
# proftpd -td10
Checking syntax of configuration file

Syntax check complete.

Add configuration lines to config file /etc/proftpd.conf:
MasqueradeAddress shkodenko.com
PassivePorts 63000 65535
under
ServerName “ProFTPD”
directive

Check service configuration to make sure it is correct after applying our changes.
# proftpd -td10
Checking syntax of configuration file

Syntax check complete.

Restart service.

If your ProFTPD server installed as part of xinetd:
# /sbin/service xinetd restart
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]

If your ProFTPD server installed as standard Linux service:
# /sbin/service proftpd restart
or
# /etc/init.d proftpd restart

RHEL CentOs Fedora htop installation

~ tadmin

I would like to share with you nice process monitoring program htop.
I am using this program on my Fedora Linux desktop, CentOs and RHEL (Red Hat Enterprise) Linux servers.

To install it several dependent system packages should be installed as root administrator user:

# yum install ncurses ncurses-devel ncurses-libs

Change directory to your installation directory location. Mine is /root/install

# cd /root/install

Download htop using wget:

# wget --output-document=htop-1.0.2.tar.gz http://sourceforge.net/projects/htop/files/htop/1.0.2/htop-1.0.2.tar.gz/download

Unpack it:

# tar xzvf htop-1.0.2.tar.gz

Change to directory unpacked program folder:

# cd htop-1.0.2

Configure it:

# ./configure

By default htop binary is installed to /usr/local/bin directory. You can change it by passing –prefix parameter to ./configure script
Also, you can create symbolic link using command ln -s /usr/local/bin /root/bin

Make:

# make

Install

# make install

Linux mount Windows samba share

~ tadmin

To mount Windows samba share on Linux:
1. Log in as root administrator user.
2. Create mount point:
# mkdir -pv /mnt/share_name
3. Mount share to it using command:
# mount -t cifs -o username=User,password=Password //192.168.0.123/share_name /mnt/share_name
4. Use files from Windows share located in /mnt/share_name

Note, User should have access to Windows share //192.168.0.123/share_name

Plesk for Linux: disable Dr Web update cron notifications

~ tadmin

To disable Dr Web update cron notifications via e-mail in Plesk for Linux:

1. Edit file Dr Web configuration file /etc/drweb/drweb32.ini using your favorite editor. Mine is vim:

# vim /etc/drweb/drweb32.ini

# CronSummary = yes
# —>
CronSummary = no

2. Edit file /etc/cron.d/drweb-update and add to the end of string >/dev/null 2>&1

# more /etc/cron.d/drweb-update

*/30 * * * * drweb /opt/drweb/update.pl >/dev/null 2>&1
#

3. If user drweb has cron jobs

# crontab -u drweb -l

55 2,7,12,17,20 * * * /opt/drweb/update.pl
change it to:
55 2,7,12,17,20 * * * /opt/drweb/update.pl >/dev/null 2>&1

4. If file /usr/local/psa/etc/drweb-update exists

# vim /usr/local/psa/etc/drweb-update

Change its content from:

#!/bin/sh
exec /opt/drweb/update.pl

to:

#!/bin/sh

exec /opt/drweb/update.pl >/dev/null 2>&1

Linux FTP ProFtpd server configuration: setup timeouts

~ tadmin

First step before making any changes to configuration files is to create backup:
# cp -fvp /etc/proftpd.conf /etc/proftpd.conf-2013-03-08.bak

Second step is to check service configuration to make sure it is correct.
# proftpd -td10
Checking syntax of configuration file

Syntax check complete.

Edit configuration file /etc/proftpd.conf: add timout directives inside <Global> </Global> section.
TimeoutNoTransfer 900
TimeoutStalled 600
TimeoutIdle 1200

Detaied options description below:

The TimeoutNoTransfer directive configures the maximum number of seconds a client is allowed to spend connected, after authentication, without issuing a command which results in creating an active or passive data connection (i.e. sending/receiving a file, or receiving a directory listing).

The TimeoutStalled directive sets the maximum number of seconds a data connection between the proftpd server and an FTP client can exist but have no actual data transferred (i.e. “stalled”). If the seconds argument is set to 0, data transfers are allowed to stall indefinitely (the default).

The TimeoutIdle directive configures the maximum number of seconds that proftpd will allow clients to stay connected without receiving any data on either the control or data connection. If data is received on either connection, the idle timer is reset. Setting TimeoutIdle to 0 disables the idle timer completely (clients can stay connected for ever, without sending data). This is generally a bad idea as a “hung” tcp connection which is never properly disconnected (the remote network may have become disconnected from the Internet, etc) will cause a child server to never exit (at least not for a considerable period of time) until manually killed.

Next step after making configuration changes is to check FTP service configuration again:
# proftpd -td10

Restart service.

1. If your ProFTPD server installed as part of xinetd:
# /sbin/service xinetd restart
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]

2. If your ProFTPD server installed as standard Linux service:
# /sbin/service proftpd restart
or
# /etc/init.d proftpd restart