Linux Security Audit Tools
Chkrootkit - Scan system for trojans, worms and exploits.
Root kit detection tools:
checkps - detect rootkits by detecting falsified output and similar anomalies. The ps check should work on anything with /proc. Also uses netstat.
Rootkit hunter - scans for rootkits, back doors and local exploits
Rkdet - root kit detector daemon. Intended to catch someone installing a rootkit or running a packet sniffer.
fsaudit - Perl script to scan filesystems and search for suspicious looking directories.
Tags: Audit, linux, Security, Tools
Find all SUID/SGID programs on your system, and keep track of what they are, so you are aware of any changes which could indicate a potential intruder. Use the following command to find all SUID/SGID programs on your system:
root# find / -type f \( -perm -04000 -o -perm -02000 \)
Example
#find / -type f \( -perm -04000 -o -perm -02000 \)
/usr/bin/wall
/usr/bin/newgrp
/usr/bin/chage
/usr/bin/chfn
/usr/bin/chsh
/usr/bin/expiry
/usr/bin/gpasswd
/usr/bin/passwd
….
….
……..
You can remove the SUID or SGID permissions on a suspicious program with chmod, then restore them back if you absolutely feel it is necessary.
Tags: SUID/SGID
Installing Parallels Plesk Panel on Linux and FreeBSD
To install Parallels Plesk Panel software on a server
1. Download the Parallels Products Installer utility that suits your operating system from http://www.parallels.com/en/download/plesk9/ and save it on your server’s hard drive.
2. Change your working directory to the directory where the Parallels Products Installer utility resides, for example:
3. Set the execution permission for Parallels Products Installer:
# chmod +x parallels_products_installer_file_name
4. Run the Parallels Products Installer:
# ./parallels_products_installer_file_name
5. Read installation notes displayed on the screen and type ‘n’ to proceed to the next screen. Press ENTER.
Log in to the Parallels Plesk Panel running on your host at https://machine.domain.name:8443/ or https://IP-address:8443/. Use the username ‘admin’ and password ’setup’ (both are case sensitive). For security reasons, change the password upon initial login.
Tags: Panel, Parallels, plesk
Requirements:
Before installing Parallels Plesk Panel on FreeBSD, you should add the ‘kern_securelevel_enable=”NO”‘ entry to the /etc/rc.conf file on your server’s file system, and then restart your server.
Tags: FreeBSD, Parallels Plesk Panel
Plesk Directories that usually take much disk space
/var/www/vhosts (/srv/vhosts on SuSE) - domains.
/var/qmail - mail.
/var/lib/mysql - Mysql databases.
/var/lib/psa/dumps - Plesk clients’/domains’ backups.
/var/lib/pgsql/data - Postgres databases.
/var/tomcat* - Tomcat applications.
/var/lib/mailman - Mailman lists.
Please check file /etc/psa/psa.conf for all other directories used by Plesk control panel.
Plesk Contorl Panel under FreeBSD uses the /usr/local partition for storing large quantity of data and /var/db partition for databases.
So the /usr and /var partitions have to be larger in this case.
On Debian and Ubuntu, Plesk itself is located in /opt/psa.
Tags: Directories, plesk
