Re: [CentOS] Hardening
Hi, I get the fedora srpm, installed, apply modify for centos and recompiled, for rkhunter, sectool. ipset and ipset kmod i've made by hand to use ipset function with iptables, blocking dinamical blacklists with fail2ban and shorewall. Att fernando On Tue, 29 Dec 2009 01:09:21 -0800 John R Pierce pie...@hogranch.com wrote: Agile Aspect wrote: Note, I couldn't find any source RPMs in svn. And I hasten to add, I would never delegate the task of building security software for my system to another person. so you compile your whole system from scratch, after audting all the code? how do you ever get anything done? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Fernando Hallberg ferna...@flexdigital.com.br Flex Digital Soluções em Redes de Dados http://www.flexdigital.com.br ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Hardening
Agile, http://flexbox.sf.net/centos/5/SRPMS You can generate packet by specfile. Att Fernando On Mon, 28 Dec 2009 18:45:29 -0800 Agile Aspect agile.asp...@gmail.com wrote: On Mon, Dec 28, 2009 at 4:44 PM, Fernando Hallberg ferna...@flexdigital.com.br wrote: Hi, Test my repositoriy http://flexbox.sf.net/ I'm personalized sectool from fedora to centos, rkhunter, unhid, chkrootkit, and more... And contribute ! Source RPMS and spec files are in the repository and svn. Note, I couldn't find any source RPMs in svn. And I hasten to add, I would never delegate the task of building security software for my system to another person. -- Enjoy global warming while it lasts. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Fernando Hallberg ferna...@flexdigital.com.br Flex Digital Soluções em Redes de Dados http://www.flexdigital.com.br ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Hardening
Hi, Test my repositoriy http://flexbox.sf.net/ I'm personalized sectool from fedora to centos, rkhunter, unhid, chkrootkit, and more... And contribute ! Source RPMS and spec files are in the repository and svn. Sorry for my english. Att On Mon, 28 Dec 2009 11:53:27 -0800 ML mailingli...@mailnewsrss.com wrote: Hi Guys, I would like advice for best practices to secure my linux boxes. Know if I have been hacked, know of security breaches, etc. Can anyone provide advice? -Jason ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Fernando Hallberg ferna...@flexdigital.com.br Flex Digital Soluções em Redes de Dados http://www.flexdigital.com.br ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NFS problem
Hi, You only need rpcidmapd, portmap on the centos box Edit the /etc/sysconfig/nfs And use /export filesystem as the fsid=0 on the /etc/exportfs Export all directories you need mounted on the /export with the -o bind on the mount command, and add refer=/dir on /etc/exportfs on the nfs4 server you want to add the rpc and nfs mounts on the fstab too rpc_pipefs /var/lib/nfs/rpc_pipefs rpc_pipefs defaults0 0 nfsd/proc/fs/nfsd nfsddefaults0 0 Fernando On Mon, 28 Dec 2009 16:59:30 -0600 Frank Cox thea...@sasktel.net wrote: On Mon, 2009-12-28 at 23:30 +0100, Timothy Murphy wrote: I'm trying to NFS-mount a CentOS directory on my Fedora laptop, but I find I can only do this is I turn off the firewall on the CentOS server. If instead I go to system-config-securitylevel-tui on the server, and allow NFS4, this does not do the trick. Nor does allowing port 2049. What do I need to allow? Here is my note regarding how to make this work: Create the file /etc/sysconfig/nfs and add the following contents: STATD_PORT=4001 LOCKD_TCPPORT=4002 LOCKD_UDPPORT=4002 MOUNTD_PORT=4003 Append the following to the file /etc/services: rquotad 4004/tcp # rpc.rquotad tcp port rquotad 4004/udp # rpc.rquotad udp port Restart the nfs services From there, open these ports - 111:tcp, 111:udp, 2049:tcp, 2049:udp, 4001:tcp, 4001:udp, 4002:tcp, 4002:udp, 4003:tcp, 4003:udp, 4004:tcp, 4004:udp -- MELVILLE THEATRE ~ Melville Sask ~ http://www.melvilletheatre.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Fernando Hallberg ferna...@flexdigital.com.br Flex Digital Soluções em Redes de Dados http://www.flexdigital.com.br ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] questions relate to sar
chkconfig sysstat on service sysstat start On Fri, 25 Dec 2009 07:48:21 -0800 John R Pierce pie...@hogranch.com wrote: mcclnx mcc wrote: We have CENTOS 5.3 on DELL server. I tried to use sar -b or sar -u and it only show report starting on 12:00 A.M. my questions are: 1. for sar -u or sar -b how can I generate two or three days ago report? 2. how to generate daily report from sa2 peocess? I suggest reading the man pages on sar, and associated functions. sar -f /var/log/sa/sa22 would process the data for the 22nd, see what files you have available in /var/log/sa/ ... my system seems to be keeping 18 days worth. sa2 is used to create the daily reporrt files described above. If you want to create a daily report in a specific format, you'll probably want to write your own script that you invoke from crontab ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Fernando Hallberg ferna...@flexdigital.com.br Flex Digital Soluções em Redes de Dados http://www.flexdigital.com.br ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] attack
Hi, I'm have a repo with many security tools.. if you can test... i'm upload a few packages from fedora, other sources, and created by me.. http://flexbox.sourceforge.net/centos/5/i386/flexbox-release-1-1.noarch.rpm Try to install sectool, and verify your system.. You can try to use fail2ban for list maillog, and blacklists ips... I'm using fail2ban+shorewall+ipset Fernando. On Thu, 24 Dec 2009 14:48:30 + Manu Verhaegen mav...@telenet.be wrote: Hi, i ame checking this thanks, Manu -Oorspronkelijk bericht- Van: centos-boun...@centos.org [mailto:centos-boun...@centos.org] Namens Kai Schaetzl Verzonden: donderdag 24 december 2009 15:32 Aan: centos@centos.org Onderwerp: Re: [CentOS] attack Obviously, if you are running several vhosts and plesk you likely have other logs to check. Also, one can usually see the origin of the mail injection in the maillog (e.g. complaints about setting to an unsafe sender) or in the outgoing messages. At runtime you can see the connects with full URLs on the apache status page. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Fernando Hallberg ferna...@flexdigital.com.br Flex Digital Soluções em Redes de Dados http://www.flexdigital.com.br ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
