Verifying Which Ports Are Listening
After configuring network services, it is important to pay attention to which ports are actuallylistening on the system’s network interfaces. Any open ports can be evidence of an intrusion.
There are two basic approaches for listing the ports that are listening on the network. The less reliable approach is to query the network stack by typing commands such as netstat -an or lsof -i.
Or
This method is less reliable since these programs do not connect to the machine from the network, but rather check to see what is running on the system.
For this reason, these applications are frequent targets for replacement by attackers. In this way, crackers attempt to cover their tracks if they open unauthorized network ports.
A more reliable way to check which ports are listening on the network is to use a port scanner such as nmap.
root@:~# nmap -sT -O localhost
Starting Nmap 4.76 ( http://nmap.org ) at 2009-10-08 11:31 EDT
Interesting ports on localhost.localdomain (127.0.0.1):
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
3128/tcp open squid-http
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.17 - 2.6.22
Network Distance: 0 hops
OS detection performed.
Please report any incorrect results at http://nmap.org/submit/.
Nmap done: 1 IP address (1 host up) scanned in 3.15 seconds
Tags: Listening, ports, Verifying
Upgrading Your Redhat Server.
Check your kernel release before upgrade.
If run without any packages, update will update every currently installed package.
After the upgrade check the kernel release.
yum update
If run without any packages, update will update every currently installed package.
If one or more packages are specified,Yum will only update the listed packages. While updating packages, yum will ensure that all dependencies are satisfied.
If no package matches the given package name(s), they are assumed to be a shell glob and any matches are then installed. If the –obsoletes flag is present yum will include package obsoletes in its calculations - this makes it better for distro-version changes, for example: upgrading from somelinux 8.0 to somelinux 9.
yum upgrade : Is the same as the update command with the –obsoletes flag set.
yum is an interactive, automated update program which can be used for maintaining systems.
Yum Options:
* install package1 [package2] [...]
* update [package1] [package2] [...]
* check-update
* upgrade [package1] [package2] [...]
* remove | erase package1 [package2] [...]
* list [...]
* info [...]
* provides | whatprovides feature1 [feature2] [...]
* clean [ packages | headers | metadata | cache | dbcache | all ]
* makecache
* groupinstall group1 [group2] [...]
* groupupdate group1 [group2] [...]
* grouplist [hidden]
* groupremove group1 [group2] [...]
* groupinfo group1 [...]
* search string1 [string2] [...]
* shell [filename]
* resolvedep dep1 [dep2] [...]
* localinstall rpmfile1 [rpmfile2] [...]
* localupdate rpmfile1 [rpmfile2] [...]
* deplist package1 [package2] [...]
FILES
/etc/yum.conf
/etc/yum/repos.d/
/etc/yum/pluginconf.d/
/var/cache/yum/
SEE ALSO
yum.conf (5)
http://linux.duke.edu/yum/
http://wiki.linux.duke.edu/YumFaq
Tags: redhat, server, Upgrading
To allow anonymous users to upload, it is recommended that a write-only directory be created within /var/ftp/pub/.
To do this, type:
mkdir /var/ftp/pub/upload
Next change the permissions so that anonymous users cannot see what is within the directory by typing:
chmod 730 /var/ftp/pub/upload
A long format listing of the directory should look like this:
drwx-wx— 2 root ftp 4096 Feb 13 20:05 upload
Additionally, under vsftpd, add the following line to the /etc/vsftpd/vsftpd.conf file:
Because FTP passes unencrypted usernames and passwords over insecure networks for authentication, it is a good idea to deny system users access to the server from their user accounts.
To disable user accounts in vsftpd, add the following directive to /etc/vsftpd/vsftpd.conf:
Tags: Add new tag, Anonymous, directory, enable, upload, vsftpd, write-only
The File Transport Protocol, or FTP, is an older TCP protocol designed to transfer files over a network. Because all transactions with the server, including user authentication, are unencrypted, it is considered an insecure protocol and should be carefully configured.
vsftpd - A standalone, security oriented implementation of the FTP service.
Change the FTP Greeting Banner:
To change the greeting banner for vsftpd, add the following directive to the /etc/vsftpd/vsftpd.conf file:
ftpd_banner=[insert_greeting_here]
To simplify management of multiple banners, place all banners in a new directory called /etc/banners/.
To reference this greeting banner file for vsftpd, add the following directive to the /etc/vsftpd/vsftpd.conf file:
banner_file=/etc/banners/ftp.msg
Tags: Securing, server, vsftpd
rsync to backup your home directory and mysql databases.
Run the below rsync command using “nohup”, nohup runs a command immune to hangups, with output to a non-tty.
Rsync your home directory’s to your backup server.
Replace $IP with the IP address for your production server.
Run the below commands from your backup server.
#rsync -vrplogDtH –exclude=virtfs/ –progress -e ssh root@$IP:/home/ /home/
rsync all mysql databases.
#rsync -vrplogDtH –progress -e ssh root@$IP:/var/lib/mysql/ /var/lib/mysql/
Backup DB server_support
rsync -vrplogDtH –progress -e ssh root@$IP:/var/lib/mysql/server_support /var/lib/mysql/
Tags: backup, databases, directory, home, mySQL, RSYNC
