Redes de Computadores

Tripwire : Install 2015/06/21   Install and configure Host Based IDS (Intrusion Detection System) "Tripwire". [1] Install Tripwire. # install from  EPEL [root@dlp ~]#  yum  --enablerepo=epel -y install tripwire [2] Create keys and database. # generate keys [root@dlp ~]#  tripwire-setup-keyfiles ..... ..... Enter the site keyfile passphrase: # set site keyfile passphrase Verify the site keyfile passphrase: # confirm ..... ..... Enter the local keyfile passphrase: # set local keyfile passphrase Verify the local keyfile passphrase: # confirm ..... ..... Please enter your site passphrase:  # answer with site keyfile passphrase ..... ..... Please enter your site passphrase:  # answer with site keyfile passphrase ..... ..... [root@dlp ~]#  cd  /etc/tripwire  [root@dlp tripwire]#  vi  twcfg.txt # line 12: report level (4 is max) REPORTLEVEL = 4 # generate config ...

Install PHP 7.0 2016/03/10   The version of PHP in CentOS 7 repository is 5.4 but Install 7.0 with RPM package if you need. [1] Install Remi repository which provides RPM packages. [root@dlp ~]#  yum  -y install http://rpms.famillecollet.com/enterprise/remi-release-7.rpm [2] Install PHP 7 from Remi repository. [root@dlp ~]#  yum  --enablerepo=remi -y install php70 # possible to access with "php70" [root@dlp ~]#  php70 -v  PHP 7.0.4 (cli) (built: Mar 2 2016 17:13:39) ( NTS ) Copyright (c) 1997-2016 The PHP Group Zend Engine v3.0.0, Copyright (c) 1998-2016 Zend Technologies # php70 binary is under the /opt/remi/php70 [root@dlp ~]#  ll  /bin/php70  lrwxrwxrwx 1 root root 32 Mar 11 11:48 /bin/php70 -> /opt/remi/php70/root/usr/bin/php # if using scl command, then possible to access with "php" [root@dlp ~]#  scl enable php70 bash  [root@dlp ~]#  php -v  PHP 7.0.4 (cli) (buil...

Clam AntiVirus 2014/09/25   Install Clam AntiVirus to protect servers from virus. [1] Install Clamav. # install from  EPEL [root@dlp ~]#  yum  --enablerepo=epel -y install clamav clamav-update [root@dlp ~]#  sed -i -e "s/^Example/#Example/" /etc/freshclam.conf # update pattern files [root@dlp ~]#  freshclam ClamAV update process started at Fri Aug 29 22:03:30 2014 main.cld is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo) daily.cvd is up to date (version: 19314, sigs: 1094505, f-level: 63, builder: neo) bytecode.cvd is up to date (version: 242, sigs: 46, f-level: 63, builder: dgoddard) [2] Try to scan. [root@dlp ~]#  clamscan --infected --remove --recursive /home ----------- SCAN SUMMARY ----------- Known viruses: 3575245 Engine version: 0.98.4 Scanned directories: 2 Scanned files: 3 Infected files: 0 Data scanned: 0.00 MB Data read: 0.00 MB (ratio 0.00:1) Time: 10.369 sec (0 m 10 s) # do...

Access Control by ACL 2015/07/02   This is the example to configure ACL (Access Control Lists). [1] ACL package is included in minimum OS installation, however, if not in your system, install like follows. [root@dlp ~]#  yum  -y install acl [2] It's not necessary to set pre-settings to use ACL function if you are using xfs which is the default filesystem on CentOS 7. But if you are using ext4 which is the default filesystem on CentOS 6, it's necessary to set pre-settings to use ACL function,  refer to the section [2], [3] on here . [3] For how to set ACL, for example, set ACL to the file "/home/test.txt". [root@dlp ~]#  ll  /home/test.txt  -rwx------ 1 root root 10 Jul 3 16:17 /home/test.txt # set r(read) for "cent" user to /home/test.txt [root@dlp ~]#  setfacl  -m u:cent:r /home/test.txt # after setting ACL, "+" is added on attribute [root@dlp ~]#  ll  /home/test.txt  -rwxr-----+ 1 ro...

Rsync : Sync Files/Directories 2015/01/12   Copy files or directories from one location to an another host by rsync.  Basic usage of rsync is here. If you'd like to set rsync automatically by cron or others, it need to configure like follows because authentication is required without settings. For example, Copy files or directories under the [/root/work] on dlp.srv.world to [/home/backup] on www.srv.world. +----------------------+ | +----------------------+ | dlp.srv.world |10.0.0.30 | 10.0.0.31| www.srv.world | | +----------+----------+ | | /root/work/* | -------------> | /home/backup/* | +----------------------+ copy +----------------------+ [1] Configure on source host. [root@dlp ~]#  yum  -y install rsync [root@dlp ~]#  vi  /etc/rsync_exclude.lst # specify files or directories you'd like to exclude to copy test...

Lsync + Rsync : Sync Files timely 2015/01/12   Install Lsyncd that is a flexible cross-platform synchronization tool. [1] Configure Rsync first, refer to here . [2] In addition to settings of [1], Install and configure Lsyncd to sync files or directories timely. # install from  EPEL [root@dlp ~]#  yum  --enablerepo=epel -y install lsyncd [root@dlp ~]#  vi  /etc/lsyncd.conf # line 8: comment out --  sync{default.rsyncssh, source="/var/www/html", host="localhost", targetdir="// tmp/htmlcopy/"} # add follows to the end settings{     statusFile = "/tmp/lsyncd.stat",     statusInterval = 1, } sync{     default.rsync,      # source directory     source="/root/work/",      # destination Hostname or IP address:(the name set in rsyncd.conf)     target="10.0.0.31::backup",      # excluding list     excludeFrom="/e...

RKHunter : Detect Rootkit 2015/07/08   Install RKHunter which is the Rootkit Detection tool. [1] Install RKHunter. # install from  EPEL [root@dlp ~]#  yum  --enablerepo=epel -y install rkhunter [2] Configure and Use RKHunter. For regular checking, checking script is installed under cron.daily directory and it is executed everyday by Cron. [root@dlp ~]#  vi  /etc/sysconfig/rkhunter # recipient address for report MAILTO=root@localhost # if specified "yes", scan more detaily DIAG_SCAN=no # update database [root@dlp ~]#  rkhunter --update # update system file properties [root@dlp ~]#  rkhunter --propupd # execute checking # --sk means sikpping to push Enter key # if specified --rwo , display only warnings [root@dlp ~]#  rkhunter --check --sk [ Rootkit Hunter version 1.4.2 ] Checking system commands... Performing 'strings' command checks Checking 'strings' command ...

AIDE : Install 2015/06/21   Install and configure Host Based IDS (Intrusion Detection System) "AIDE" (Advanced Intrusion Detection Environment). [1] Install AIDE. [root@dlp ~]#  yum  -y install aide [2] Configure AIDE and initialize database. It's possible to use AIDE with default config but if you'd like to customize settings, change configuration file like follows. Setting rules are writen near 26-84 lines, refer to them. [root@dlp ~]#  vi  /etc/aide.conf # for example, change setting of monitoring /var/log /var/log    p+u+g+i+n+acl+selinux+xattrs # initialize database [root@dlp ~]#  aide --init  AIDE, version 0.15.1 ### AIDE database at /var/lib/aide/aide.db.new.gz initialized. # copy generated DB to master DB [root@dlp ~]#  cp  -p /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz [3] Execute checking. [root@dlp ~]#  aide --check # if thete is no unmatch, it displa...