ServerBuddies Support Blog

Using iptables to block incomming traffic but not effect outgoing traffic.

Solution:

The below command permits incomming packets only if they are part of established outgoing connections.

Enabling Source Address Verification

To prevent remote host from spofing incoming packets as if they had come from the local machine.

Solution:

Trun on source address verification in the Linux kernel.

A quick method is to add this line to /etc/sysctl.conf

And then run the sysctl command to read the configuration.

DESCRIPTION

sysctl is used to modify kernel parameters at runtime. The parameters available are those listed under /proc/sys/. Procfs is required for sysctl support in Linux. You can use sysctl to both read and write sysctl data.

EXAMPLES

-w Use this option when you want to change a sysctl setting.

-p Load in sysctl settings from the file specified or /etc/sysctl.conf if none given. Specifying - as filename means reading data from standard input.

-a Display all values currently available.

-A Display all values currently available in table form.

Installing Perl Modules.

Perl Modules can be obtained from the CPAN (Comprehensive Perl Archive Network) at http://search.cpan.org.

The easiest way to install Perl modules on Unix is to use the CPAN module. For example:

DBD::mysql is the Perl5 Database Interface driver for the MySQL database.

To find a particular module, use the i command, followed by an expression that you want to search for:

CPAN.pm will go out to the CPAN mirrror that you selected, download the list of modules, and tell you which ones match the search word.

To install a module, just type:

CPAN.pm takes care of the whole process. It downloads the compressed file, unpacks it, builds it, and installs it all for you, unless there is a problem with the installation process. If there are other modules on which this module relies, it will also download and install those.

Rootcheck is an open source rootkit detection and system auditing software.

How to use it

Download from :

http://www.ossec.net/rootcheck/files/rootcheck-2.0.tar.gz

* rootcheck requires the Perl Modules IO::Interface.

Rootcheck is a very simple software. Just unpack, compile and execute it. It will scan the system and print if it found or not anything.

Rootkit detection

Criminals (also known as hackers) want to hide their actions, but using rootkit detection you can be notified when they (or trojans, viruses, etc) change your system in this way.

Active response

Take immediate and automatic responses when something happens. Why wait for hours when you can alert your admin and block an attack right way?

How To Scan the System

RootCheck. is an extremely useful open source software for servers since it scans the server and finds any problems on it.

Installing and Configuring CSF Firewall

ConfigServer Firewall & Security. A Stateful Packet Inspection (SPI) firewall, Login/Intrusion Detection.

This article demonstrates how to install and configure the CSF (configserver) firewall. CSF can be used on a wide range of Linux systems, including those running cPanel.

To configure CSF modify the config files in /etc/csf/ - or if you are running WHM you can modify the CSF settings in there. By default CSF opens the standard cPanel ports.

If you have APF + BFD you will need to disable it, you can use the following to do so: