Reverting to an ext2 File System
If you wish to revert a partition from ext3 to ext2 for any reason, you must first unmount the partition by logging in as root and typing:
Next, change the file system type to ext2 by typing the following command as root:
/sbin/tune2fs -O ^has_journal block_device
Check the partition for errors by typing the following command as root:
/sbin/e2fsck -y block_device
Then mount the partition again as ext2 file system by typing:
mount -t ext2 block_device /mount/point
Next, remove the .journal file at the root level of the partition by changing to the directory where it is mounted and typing:
Remember to update the /etc/fstab file.
Creating an ext3 File System
After installation, it is sometimes necessary to create a new ext3 file system. For example, if you add a new disk drive to the system, you may want to partition the drive and use the ext3 file system.
The steps for creating an ext3 file system are as follows:
1.Format the partition with the ext3 file system using mkfs.
2.Label the partition using e2label.
The tune2fs allows you to convert an ext2 filesystem to ext3.
/sbin/tune2fs -j block_device
Where block_device contains the ext2 filesystem you wish to convert. You must recreate the initrd image so that it will contain the ext3 kernel module. To create this, run the mkinitrd program.
How to turn on spoof protection
To turn on spoof protection, run a simple bash script:
for i in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 1 > $i done;
Sysctl Hardening Modifies kernel operating values to strengthen TCP/IP stack against various attacks including syn floods.
sysctl.conf is a simple file containing sysctl values to be read in and set by sysctl(8)
EXAMPLES
/sbin/sysctl -a
/sbin/sysctl -n kernel.hostname
/sbin/sysctl -w kernel.domainname=”example.com”
/sbin/sysctl -p /etc/sysctl.conf
TCP_SYNCookies protection
A SYN-flood attack has the ability to bring the network aspect of your linux box to a snail like crawl. TCP_SYNCookies protection attempts to stop this from taking a heavy toll on the machine. To enable tcp_syncookies protection, use the following command:
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
If it’s not enabled, there isn’t much you can do other than build a new kernel and reboot and use it.
Exclude packages from yum update
Example on how to exclude a number of packages:
1. Open /etc/yum.conf with your preferred text editor.
2. Enter the following line with your package names:
Exclude= apache* bind-chroot courier* dovecot* exim* httpd* mod_ssl* mysql* nsd* perl* php*
