Jaime Frutos Morales's blog

26/10/2009

How to upgrade from Ubuntu 9.04 (Jaunty) to Ubuntu 9.10 (Karmic)

Filed under: SysAdmin, Ubuntu — acidborg @ 15:03
  1. Replace “jaunty” for “karmic” in /etc/apt/sources.list : sed -i 's/jaunty/karmic/g' /etc/apt/sources.list
  2. Run the following commands: apt-get update && apt-get dist-upgrade
  3. Reboot with this command: shutdown -r now

20/10/2009

BASH 3 startup files

Filed under: Shell scripting, SysAdmin — acidborg @ 17:54

Before explaining the Bourne Again SHell (BASH) 3 default startup files order, here are some needed definitions:

  • Login shell: its first character of argument zero is a or it’s started with the -l option.
  • Interactive shell: it’s started without non-option arguments and without the -c option and its standard input and error are both connected to terminals. It can be started with the -i option.

Now that we know the differences between them, let’s explain the default startup process for each kind of shell in BASH 3:

  • Login shell:
    1. It reads and executes /etc/profile (if it exists)
    2. It reads one (and only one) of the following files and executes it. The order of checking is:
      1. ~/.bash_profile
      2. ~/.bash_login
      3. ~/.profile
  • Interactive shell:
    1. It reads and executes /etc/bash.bashrc (if it exists)
    2. It reads and executes ~/.bashrc (if it exists)

Additionally, login shells reads and executes ~/.bash_logout (if it exists) on exit.

15/10/2009

World of Goo

Filed under: Linux — acidborg @ 19:27

I’d like to recommend a cross-platform (GNU/Linux, Windows, Mac) game called World of Goo. It’s very funny and addictive. It’s its first birthday this week, so you can buy it paying as much as you want. I like this kind of initiatives and I support them too.

Believe me, it’s worth buying it.

08/10/2009

How to install and configure OSSEC in Ubuntu Server 9.04

Filed under: Security, SysAdmin, Ubuntu — acidborg @ 15:54

Description: “OSSEC is an Open Source Host-based Intrusion Detection System. It performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response. It runs on most operating systems, including Linux, MacOS, Solaris, HP-UX, AIX and Windows.

Installation:

  • Install the needed packages with the following command: apt-get install gcc g++ make
  • Download the latest version from its web.
  • Uncompress it: tar xvfz ossec-hids-latest.tar.gz
  • Run the installation script: cd ossec-hids-* && ./install.sh

Here are the installation steps (with my answers in boldface):



** Para instalação em português, escolha [br].
** 要使用中文进行安装, 请选择 [cn].
** Fur eine deutsche Installation wohlen Sie [de].
** Για εγκατάσταση στα Ελληνικά, επιλέξτε [el].
** For installation in English, choose [en].
** Para instalar en Español , eliga [es].
** Pour une installation en français, choisissez [fr]
** Per l’installazione in Italiano, scegli [it].
** 日本語でインストールします.選択して下さい.[jp].
** Voor installatie in het Nederlands, kies [nl].
** Aby instalować w języku Polskim, wybierz [pl].
** Для инструкций по установке на русском ,введите [ru].
** Za instalaciju na srpskom, izaberi [sr].
** Türkçe kurulum için seçin [tr].
(en/br/cn/de/el/es/fr/it/jp/nl/pl/ru/sr/tr) [en]: en

OSSEC HIDS v2.2 Installation Script – http://www.ossec.net

You are about to start the installation process of the OSSEC HIDS.
You must have a C compiler pre-installed in your system.
If you have any questions or comments, please send an e-mail
to dcid@ossec.net (or daniel.cid@gmail.com).

– System: Linux
– User: root
– Host: server

— Press ENTER to continue or Ctrl-C to abort. —

1- What kind of installation do you want (server, agent, local or help)? local

2- Setting up the installation environment.

– Choose where to install the OSSEC HIDS [/var/ossec]: /opt/ossec

– Installation will be made at /opt/ossec .

3- Configuring the OSSEC HIDS.

3.1- Do you want e-mail notification? (y/n) [y]: y
– What’s your e-mail address? myemail@mydomain.com

– We found your SMTP server as: mail.mydomain.com.
– Do you want to use it? (y/n) [y]: y

— Using SMTP server: mail.mydomain.com.

3.2- Do you want to run the integrity check daemon? (y/n) [y]: y

– Running syscheck (integrity check daemon).

3.3- Do you want to run the rootkit detection engine? (y/n) [y]: y

– Running rootcheck (rootkit detection).

3.4- Active response allows you to execute a specific
command based on the events received. For example,
you can block an IP address or disable access for
a specific user.
More information at:
http://www.ossec.net/en/manual.html#active-response

– Do you want to enable active response? (y/n) [y]: y

– Active response enabled.

– By default, we can enable the host-deny and the
firewall-drop responses. The first one will add
a host to the /etc/hosts.deny and the second one
will block the host on iptables (if linux) or on
ipfilter (if Solaris, FreeBSD or NetBSD).
– They can be used to stop SSHD brute force scans,
portscans and some other forms of attacks. You can
also add them to block on snort events, for example.

– Do you want to enable the firewall-drop response? (y/n) [y]: y

– firewall-drop enabled (local) for levels >= 6

– Default white list for the active response:
– 10.0.0.1
– 10.0.0.2

– Do you want to add more IPs to the white list? (y/n)? [n]: n

3.6- Setting the configuration to analyze the following logs:
— /var/log/messages
— /var/log/auth.log
— /var/log/syslog
— /var/log/mail.info
— /var/log/dpkg.log

– If you want to monitor any other file, just change
the ossec.conf and add a new localfile entry.
Any questions about the configuration can be answered
by visiting us online at http://www.ossec.net .

— Press ENTER to continue —

5- Installing the system
– Running the Makefile
INFO: Little endian set.

(COMPILATION CODE GOES HERE)

– System is Debian (Ubuntu or derivative).
– Init script modified to start OSSEC HIDS during boot.

– Configuration finished properly.

– To start OSSEC HIDS:
/opt/ossec/bin/ossec-control start

– To stop OSSEC HIDS:
/opt/ossec/bin/ossec-control stop

– The configuration can be viewed or modified at /opt/ossec/etc/ossec.conf

Thanks for using the OSSEC HIDS.
If you have any question, suggestion or if you find any bug,
contact us at contact@ossec.net or using our public maillist at
ossec-list@ossec.net
( http://www.ossec.net/main/support/ ).

More information can be found at http://www.ossec.net

— Press ENTER to finish (maybe more information below). —


I chose to perform a local installation because it’s the simplest one and it’s enough for the purpose of this article. I set /opt/ossec as the installation directory according to the Filesystem Hierarchy Standard.

Configuration: You can configure your OSSEC installation editing /opt/ossec/etc/ossec.conf . I recommend to add the email_maxperhour option to limit the number of mails received from OSSEC.

After editing /opt/ossec/etc/ossec.conf , don’t forget to restart OSSEC with this command: /opt/ossec/bin/ossec-control restart .

07/10/2009

Tip: Apache serving a network-mounted resource

Filed under: SysAdmin — acidborg @ 13:27

If you need to serve a network-mounted resource (NFS or SMB) using Apache, you may need to disable SendFile. To do it, just edit your apache2.conf (or httpd.conf , depending on your distro) and modify the following line:

EnableSendfile On

leaving it like this:

EnableSendfile Off

You can disable SendFile just for a given resource adding EnableSendfile Off inside its Directory directive.

Blog at WordPress.com.