Good place to start securing your Centos Build
nano -w /etc/sysconfig/network
Monthly Archives: July 2010
System Prep | SecureCentos.com
Posted by Dave
on July 25, 2010
Comments Off on System Prep | SecureCentos.com
Install OSSEC | SecureCentos.com
Posted by Dave
on July 24, 2010
Comments Off on Install OSSEC | SecureCentos.com
Please note a new version of ossec is available, 2.4.1 The link below describes installation of 2.3 which has some issues when rebooting etc etc
Spawn Rsync Expect Timeout!
Posted by Dave
on July 24, 2010
Comments Off on Spawn Rsync Expect Timeout!
So you’ve written a bash script to do a rsync backup, but the script times out?
Scratching your heading trying to figure out what the issue is?
Well, if you are using expect to auto-insert your SSH password, then expect will timeout as it is not receiving any response.
You can set the timeout (in seconds) as such
set timeout 60
That will set the script to time out after 60 seconds if expect has received no trigger.
Setting the timeout to -1 will cause the ‘except’ script to never timeout, hence you’re RSYNC backup will execute and not fail due to an expect timeout.
Lighttpd Centos
Posted by Dave
on July 22, 2010
Comments Off on Lighttpd Centos
Lighttpd is the web server of choice for low memory VPS applications.
Lighttpd is not included in the base CENTOS Repo, so you will need to install the RPMFORGE repo. then
yum install lighttpd lighttpd-fastcgi
Then setup some dir’s
mkdir /var/run/lighttpd
touch /var/run/lighttpd/php-fastcgi.socket
chown -R lighttpd:lighttpd /var/run/lighttpd/
nano /etc/php.ini
edith /etc/lighttpd/lighttpd.conf and either add or remove # to
mod_fastcgi
from the server modules
add access to php cgi with the following in the .conf file also
fastcgi.server = ( “.php” =>
( “localhost” =>
(
“socket” => “tmp/php-fastcgi.socket”,
“bin-path” => “/usr/bin/php-cgi”
)
)
)
info sourced from
http://davidwinter.me.uk/articles/2008/06/22/lighttpd-and-php-on-centos-5/
some good references for setting up .conf file with virtual hosts
http://www.cyberciti.biz/faq/howto-lighttpd-virtualhost-configuration/
PHP 5.3.2 APC Centos Conundrum
Posted by Dave
on July 21, 2010
Comments Off on PHP 5.3.2 APC Centos Conundrum
So the PHP 5.3.2 is not in the default repository for Centos.
So we need to use the webtatic repository to install php 5.3.2 using the guide from here ->
http://www.webtatic.com/blog/2009/06/php-530-on-centos-5/
Fortunately, if you wanted to also run the APC module, this has already been compiled for us, we just need to enable it in the php.ini file like this ->
extension = apc.so
apc.enabled=1
apc.shm_size=30
Restart apache
/etc/init.d/httpd restart
and then check in phpinfo() that the module has been installed.
Setup VSFTPD
Posted by Dave
on July 21, 2010
Comments Off on Setup VSFTPD
CHROOT local users to their own directory
Posted by Dave
on July 21, 2010
Comments Off on CHROOT local users to their own directory
Once VSFTPD is installed, edit the
/etc/vsftpd/vsftpd.conf file and add the following line if it does not exist
chroot_local_user=YES
This will lock the FTP user into their home dir and they won’t be able to jump out.
Referenced from-
http://centoshacker.com/kabir/remove-access/creating-a-chroot-jail-enabled-ftp-service.html
Need to free up some memory? Disable INNODB
Posted by Dave
on July 20, 2010
Comments Off on Need to free up some memory? Disable INNODB
Pop this into your my.cnf file
skip-innodb
This will disable this database engine, hence saving you a LOT of memory resources.
mysql memory instances reduced from 30mb to 10mb of memory allocation. This is _VERY_ significant, especially when running on a limited resource VPS.
Install ntop on Red Hat Enterprise Linux / CentOS Linux
Posted by Dave
on July 20, 2010
Comments Off on Install ntop on Red Hat Enterprise Linux / CentOS Linux
Recent Comments