Archive for November, 2010

Installing Softaculous in Direct Admin

Note: Before starting the installation make sure ionCube Loaders are enabled. Otherwise you will not be able to Install Softaculous. The ionCube Loaders can be downloaded at the ionCube Downloads

Now SSH to your server and enter following commands:

cd /usr/local/directadmin/plugins
wget -N http://www.softaculous.com/da/install_softaculous.php
chmod 755 install_softaculous.php
/usr/local/bin/php /usr/local/directadmin/plugins/install_softaculous.php

The Installer will start showing the Installation Processes and when done will indicate the same. NOTE: Scripts will be downloaded during this process. The Download Activity will also be shown on the screen.

How to install Red Hat GPG key for RPM verification.

If the Red Hat GPG key is not installed, install it from a secure, static location, such as a Red Hat installation CD-ROM or DVD.

All Red Hat Enterprise Linux packages are signed with the Red Hat GPG key. GPG stands for GNU Privacy Guard, or GnuPG, a free software package used for ensuring the authenticity of distributed files. For example, a private key (secret key) locks the package while the public key unlocks and verifies the package. If the public key distributed by Red Hat Enterprise Linux does not match the private key during RPM verification, the package may have been altered and therefore cannot be trusted.

use the following command to import it into the keyring (a database of trusted keys on the system):

rpm –import /mnt/cdrom/RPM-GPG-KEY

To display a list of all keys installed for RPM verification, execute the following command:

rpm -qa gpg-pubkey*

It is extremely important to verify the signature of the RPM files before installing them to ensure that they have not been altered from the original source of the packages. To verify all the downloaded packages at once, issue the following command:

rpm -K /tmp/updates/*.rpm

Adding new User buddy to the wheel group

The wheel group is a group which limits the number of people who are able to su to root. This usually consists of a group named “wheel” and a set of users that are permitted to use the utility ’su’ in order to change to root.

Many systems, especially either commercial systems or Linux systems, come without wheel groups configured and implemented. At least one Linux distribution, comes with wheel groups preconfigured but not active. However, all or nearly all BSD based systems will come with the wheel group installed and set up.

Adding new user “buddy” to the wheel group in order to allow it to gain root access, with *NO* root privileges. That means that this user will be able to log into the server, but won’t be able to perform any root tasks until the user switches to the root user.

Once you are in SSH, you have to type the below command, the user buddy should already exist.

#/usr/sbin/usermod –G wheel buddy

Before proceeding, re-login to your server using the “buddy” account. At the SSH prompt, type “su” followed by the Enter key, and then enter in the root password. If you were successful, you should be at a root prompt:

To confirm that you are root, at the SSH prompt type the command whoami , which should display your root account.

SBDavid

Security Tools Nessus and Nikto

Nessus

The official website at the following URL: http://www.nessus.org/

Nessus is a full-service security scanner. The plug-in architecture of Nessus allows users to customize it for their systems and networks. As with any scanner, Nessus is only as good as the signature database it relies upon. Fortunately, Nessus is frequently updated and features full reporting, host scanning, and real-time vulnerability searches. Remember that there could be false positives and false negatives, even in a tool as powerful and as frequently updated as Nessus.

Nikto

Nikto can be found at the following URL: http://cirt.net/nikto2

Nikto is an excellent common gateway interface (CGI) script scanner. Nikto not only checks for CGI vulnerabilities but does so in an evasive manner, so as to elude intrusion detection systems.

If you have Web servers serving up CGI scripts, Nikto can be an excellent resource for checking the security of these servers.

How to find open sockets on your Linux server

Here we will look into lsof - list open file, and Nmap (“Network Mapper”)

Nmap is an open source tool for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts.

There are a number of methods that you can use to show open sockets at least:

lsof -U will list open sockets

nmap -sT -sU localhost will scan your local machine for open TCP or UDP ports

$ sudo nmap -sT -sU localhost

Starting Nmap 4.68 ( http://nmap.org ) at 2010-11-15 06:54 IST
Interesting ports on localhost (127.0.0.1):
Not shown: 3201 closed ports
PORT STATE SERVICE
123/udp open|filtered ntp
5353/udp open|filtered zeroconf

Nmap done: 1 IP address (1 host up) scanned in 4.003 seconds

netstat -a | grep LISTEN will show all listening sockets.

Nmap has lots of options, so we are going to focus on only some of them.

sudo nmap -sS -O 127.0.0.1

-sS
TCP SYN scan
-O
Enable Operating System detection

« Prev - Next »