Be honest, how much have you considered server security in the past? In this day and age, it’s not something that should be taken lightly. Today I’ll be teaching you how to install RKHunter. RKHunter (ie: Rootkit Hunter) is a nifty little script that runs via cron daily that checks your server for the most obvious rootkits that might have been placed there by somebody with some kind of malicious intent.
Tag Archive for 'SSH'
So…I came across this error on a clients site which he was receiving when trying to install a 3rd party script.
The session.save_path setting in your php configuration file (php.ini) is not set or is set to a folder which did not exist. You might need to set the save_path setting in php.ini or verify that the folder sets in save_path exist.
It’s a pretty simple fix in the servers php.ini. Continue reading ‘Session.save_path error’
A fantastico installation is pretty straight forward. First thing you need to do is obtain a Fantastico license from Netenburg.
One of the most common issues when installing fantastico is a buggy wget install on the server, so a working wget version will need to be installed. Another common issue is cPanels internal php may break, but we will discuss the fix to that later on. Continue reading ‘Install fantastico on cPanel’
2009-07-20 21:58:07 Failed to get write lock for /var/spool/exim/db/ratelimit.lockfile: timed out
2008-07-20 21:58:07 H=[xx.xx.xx.xx] temporarily rejected connection in “connect” ACL: ratelimit database not available
To fix such an error , the exim cache database on the server side needs to be clear off to stop this message. Continue reading ‘Exim Error: Ratelimit database not available’
The most common compressed archive file format in Linux is the tar.gz format. Tar file is an archive file format. Tar.gz is a compressed tar file.
How to create a compressed tar.gz file from a folder or file in Linux?
In order to create a compressed tar.gz archive from a folder/file we need to run the following tar command:
tar -czf new-tar-file-name.tar.gz file-or-folder-to-archive
Here is the command explanation:
- tar – the tar command.
- c – create new archive.
- z – compress the archive using gzip.
- f – use archive file.
- new-tar-file-name.tar.gz – the name of the tar.gz to create.
- file-or-folder-to-archive – the name of the folder we want to archive.
Continue reading ‘Creating an extracting tar files’
So I came across this error for the first time today when trying to SSH directly into a clients VPS.
login as: root
root@server’s password:
Server refused to allocate pty
stdin: is not a tty
After a quick google search I came across the fix.
[root@node /]# vzlist -a
VEID NPROC STATUS IP_ADDR HOSTNAME
1337 78 running 69.10.59.80 grumpy.thelinuxnoob.com
[root@node /]# vzctl exec 1337 /sbin/MAKEDEV ptyp
[root@node /]# vzctl exec 1337 /sbin/MAKEDEV tty
[root@node /]# vzctl exec 1337 /sbin/MAKEDEV pty
The issue should now be resolved and you can SSH into the VPS.
Very simple install, only 4 commands via SSH and takes about 20 minutes for the install to complete.
wget http://layer1.cpanel.net/perl588installer.tar.gz
tar -xvzf perl588installer.tar.gz
cd perl588installer
./install
Upgrading MySQL versions is a quick and easy process, not much work involved. Always be sure to make a backup before you start though, just in case the upgrade fails or some other unforeseen issue arises.
cp -Rpf /var/lib/mysql /var/lib/mysql.BAK
Login to WHM –> Tweak Settings –> MySQL -> 5.0 and Save settings
/scripts/mysqlup –force
/scripts/perlinstaller –force Bundle::DBD::mysql
/scripts/realperlinstaller –force DBD::mysql
Recompile PHP
You’re done 
Allowing the root user to login directly is a major security issue, we’ll show you how to disable it so you can still login as root but just not directly, reducing the security issue.
This will force a hacker to have to guess 2 seperate passwords to gain root access.
(you do have 2 seperate passwords for admin and root right?)
What happens is you’ll first need to login as your admin user in SSH, then switch to the super user with the su command to get root.
We also will be forcing the use of SSH protocol 2, which is a newer, more secure SSH protocol
Just a couple more ways to help your server stay safe from the bad guys. If you’re using cPanel make sure you add your admin user to the ‘wheel‘ group so that you will be able to ‘su -‘ to root, otherwise you may lock yourself out of root.
1. SSH into your server as ‘admin‘ and gain root access by su
2. Copy and paste this line to edit the file for SSH logins
pico -w /etc/ssh/sshd_config3. Find the line
Protocol 2, 14. Uncomment it and change it to look like
Protocol 25. Next, find the line
PermitRootLogin yes6. Uncomment it and make it look like PermitRootLogin no
7. Save the file Ctrl+X then Y then enter
8. Now you can restart SSH
/etc/rc.d/init.d/sshd restart
Now, no one will be able to login to root with out first loggin in as admin and ’su -’ to root, and you will be forcing the use of a more secure protocol. Just make sure you remember both passwords!
I’m short on time, but here’s a nice little tutorial on screen in SSH courtesy of Aperiodic.net.
Getting in
start a new screen session:
screen
.. with session name:screen -S <name>
attach to a running session:screen -r
.. to session with name:screen -r <name>
the “ultimate attach”:screen -dRR(Attaches to a screen session. If the session is attached elsewhere, detaches that other display. If no session exists, creates one. If multiple sessions exist, uses the first one.)Escape key
All screen commands are prefixed by an escape key, by default C-a (that’s Control-a, sometimes written ^A). To send a literal C-a to the programs in screen, use
C-a a.Getting out
detach:
C-a d
detach and logout (quick exit):C-a D D
exit screen: exit all of the programs in screen.
force-exit screen:C-a C-\(not recommended)Help
See help:
C-a ?(lists keybindings)Window Management
create new window:
C-a c
change to last-visited active window:C-a C-a(commonly used to flip-flop between two windows)
change to window by number:C-a <number>(only for windows 0 to 9)
change to window by number or name:C-a ' <number or title>
change to next window in list:C-a norC-a <space>
change to previous window in list:C-a p
see window list:C-a ”(allows you to select a window to change to)
show window barC-a w(if you don’t have window bar)
close current window: Close all applications in the current window (including shell)
kill current window:C-a k(not recommended)
rename current window:C-a ASplit screen
split display:
C-a S
jump to next display region:C-a tab
remove current region:C-a X
remove all regions but the current one:C-a QMisc
redraw window:
C-a C-l
enter copy mode:C-a [(also used for viewing scrollback buffer)
paste:C-a ]
monitor window for activity:C-a M
monitor window for silence:C-a _
enter digraph:C-a C-v
lock (password protect) display:C-a x
enter screen command:C-a :