Monthly Archives: July 2010 - Page 2

DenyHosts

Deny hosts is a tiny program that will add ip addresses to the /etc/hosts.deny file when automated scripts try and brute force attack the sshd port.

The main vulnerability is the ROOT account which, should never be used to log into SSHD.

Set up a new user, add a strong password and then SSH into the server, su – will then allow you root priviledges.

To setup denyhosts

yum install denyhosts

then edit the config file

nano /etc/denyhosts/denyhosts.cfg

then start the daemon

/etc/init.d/denyhosts start

MailScanner woes

Be careful if you install MailScanner on your system.

If you have RPMFORGE repositories activated for YUM, MailScanner will break YUM due to some of the PERL dependencies.

You will cease being able to perform system updates, which is a bit of a problem.

The fix?

Disable RPM repositories, which will return YUM to its normal status.

nano /etc/yum.repos.d/rpmforge.repo

change enabled=1 to enabled=0

perform yum update and relax

Install GD library php 5.3.2

Because 5.3.2 is not in yum repository, you have to install gd library like this

yum –enablerepo=webtatic install php-gd

PHP-Suhosin

A great article for installing PHP-Suhosin on Centos.

http://www.sklav.com/node/15

IPTables

Config IPTables to provide a firewall by only exposing ports you want to communicate through.

service iptables start

chkconfig iptables on

service iptables status

iptables -I RH-Firewall-1-INPUT 3 -p tcp -m tcp –dport 80 –tcp-flags SYN,RST,ACK SYN -j ACCEPT

/etc/init.d/iptables save

Mysql Caching

By default there is no caching enabled in MYSQL, to improve performance, add a little memory to the cache to help speed up responses by storing queries.

in mysql type

show variables like 'query_cache_size';

this will show the value of the current cache size, to modify the cache size use ->

SET GLOBAL query_cache_size = 16777216;

That sets the cache to 16mb of each instance of mysql that runs. Don’t over do this value if you are running on a VPS with limited resources.

How do you know if your cache size is right? Check out the Qcaches and look at the results

show status like "qcache%";

+————————-+———-+
| Variable_name           | Value    |
+————————-+———-+
| Qcache_free_blocks      | 42       |
| Qcache_free_memory      | 16431944 |
| Qcache_hits             | 339      |
| Qcache_inserts          | 759      |
| Qcache_lowmem_prunes    | 0        |
| Qcache_not_cached       | 179      |
| Qcache_queries_in_cache | 188      |
| Qcache_total_blocks     | 451      |
+————————-+———-+
The lowmem_prunes is the important value here,  it counts the number of  times the cache had to be free up spaces to cache a new result set.

PID Off….

find out the process ID of a process

pidof processname

to kill it?

kill -9 PID

Copy files between servers using SCP

scp username@hostB:~/myfile.file /localdir

hostB is the remote server we want to copy the file from

Loading mysql db from bash term

create database dbname;

use dbname;

source dbname.sql;

XEN

http://www.howtoforge.com/centos_5.0_xen