The main reason to password protect the GRUB boot loder is to Prevent Access to Single User Mode — If attackers can boot the system into single user mode, they are logged in automatically as root without being prompted for the root password.
To do this, open a shell prompt, log in as root, and type:
/sbin/grub-md5-crypt
When prompted, type the GRUB password and press Enter. This returns an MD5 hash of the password.
Next, edit the GRUB configuration file /boot/grub/grub.conf. Open the file and below the timeout line in the main section of the document, add the following line:
password --md5
Replace with the value returned by /sbin/grub-md5-cryp
Kishore
Tuesday, January 18, 2011
To convert man pages in the PDF format
Here is the way to convert man pages to PDF format
===============
man -t cat | ps2pdf - > cat.pdf
===============
This command will export your cat man page to cat.pdf file.
One more example is given below:
==============
man -t sendmail | ps2pdf - sendmail.pdf
==============
Kishore
===============
man -t cat | ps2pdf - > cat.pdf
===============
This command will export your cat man page to cat.pdf file.
One more example is given below:
==============
man -t sendmail | ps2pdf - sendmail.pdf
==============
Kishore
Some DNS tools to troubleshoth the DNS issue
Dnsstuff
http://www.dnsstuff.com
Global Whois Tool
http://www.ratite.com/whois
Dnsreport
http://www.dnsreport.com/
Dnstools
http://www.dns.net/dnsrd/tools.html
Online nslookup tool
http://www.enc.com.au/itools/nslookup.php
CheckDNS
http://www.checkdns.net
squish.net dns checker
http://www.squish.net/dnscheck
DNScheck
http://dnscheck.se
Zonecheck
http://www.zonecheck.fr/demo
Pingability
http://pingability.com
DNSdoctor
http://demo.dnsdoctor.org
Name Server Zone Transfer Tool
http://www.digitalpoint.com/tools/zone-transfer
MyDNSConfig
http://www.mydnsconfig.org
Lookup Server
http://www.lookupserver.com
Kishore
http://www.dnsstuff.com
Global Whois Tool
http://www.ratite.com/whois
Dnsreport
http://www.dnsreport.com/
Dnstools
http://www.dns.net/dnsrd/tools.html
Online nslookup tool
http://www.enc.com.au/itools/nslookup.php
CheckDNS
http://www.checkdns.net
squish.net dns checker
http://www.squish.net/dnscheck
DNScheck
http://dnscheck.se
Zonecheck
http://www.zonecheck.fr/demo
Pingability
http://pingability.com
DNSdoctor
http://demo.dnsdoctor.org
Name Server Zone Transfer Tool
http://www.digitalpoint.com/tools/zone-transfer
MyDNSConfig
http://www.mydnsconfig.org
Lookup Server
http://www.lookupserver.com
Kishore
Some Useful tips for the Apache Webserver
Hide PHP Version in Apache from remote users requests:
In order to prevent PHP from exposing the fact that it is installed on the server, by adding its signature to the web server header we need to locate in php.ini the variable expose_php and turn it off.
By default expose_php is set to On.
In your php.ini (based on your Linux distribution this can be found in various places, like /etc/php.ini, /etc/php5/apache2/php.ini, etc.) locate the line containing “expose_php On” and set it to Off: --------------
expose_php = Off
--------------
After making this change PHP will no longer add it’s signature to the web server header. Doing this, will not make your server more secure… it will just prevent remote hosts to easily see that you have PHP installed on the system and what version you are running.
By default expose_php is set to On.
In your php.ini (based on your Linux distribution this can be found in various places, like /etc/php.ini, /etc/php5/apache2/php.ini, etc.) locate the line containing “expose_php On” and set it to Off: --------------
expose_php = Off
--------------
After making this change PHP will no longer add it’s signature to the web server header. Doing this, will not make your server more secure… it will just prevent remote hosts to easily see that you have PHP installed on the system and what version you are running.
How to get web server software and version of a remote server
telnet remote_server.com 80
Trying remote_server.com...
Connected to remote_server.com.
Escape character is '^]'.
HEAD / HTTP/1.0 <- after this press 2 times ENTER
HTTP/1.1 200 OK
Date: Fri, 19 Jun 2006 08:18:06 BST
Server: Apache/2.0.55 (Debian) PHP/5.1.2-1+b1 mod_ssl/2.0.55 OpenSSL/0.9.8b
Connection: close
Content-Type: text/html; charset=UTF-8
Connection closed by foreign host.
or
Another tip about GET , HEAD….
lwp-request, GET, HEAD, POST - Simple WWW user agent
HEAD remote_server.com
200 OK
Connection: close
Date: Fri, 09 Jun 2006 11:17:33 GMT
Server: Apache/2.0.55 (Debian) PHP/5.1.2-1+b1 mod_ssl/2.0.55 OpenSSL/0.9.8b
Content-Type: text/html; charset=UTF-8
Client-Date: Fri, 09 Jun 2006 15:13:39 GMT
Client-Peer: 192.23.0.12:80
Client-Response-Num: 1
X-Powered-By: PHP/5.1.2-1+b1
So as you can see, it is so simple to find out that this server is using: Debian as OS (from the other versions we can assume it is Etch version), Apache 2.0.55 as web server, PHP 5.1.2, and OpenSSL 0.9.8b.
Kishore
Some Useful commands that a server administrator should know.
Command to find files accessed in last 30 days. will find files that is accessed in last 30 days, under root folder.
# find / type f -atime -30
----------------------------------------------------------------------------------------------------------------------------------------List contents of a folder along with contents of its subfolder. But it will traverse only to a depth of one. ie, it will not show the contents of subfolder's subfolder.
# ls *
-----------------------------------------------------------------------------------------------------------------------------------------
To print the iptables rules along with line number.
-----------------------------------------------------------------------------------------------------------------------------------------
To find a particular rule with rule number #; where # is the rule number you want to list
# iptables -L OUTPUT --line-numbers | grep ^#
-----------------------------------------------------------------------------------------------------------------------------------------
Change permission only for folders
# find . -type d -exec chmod 755 {} \;
-----------------------------------------------------------------------------------------------------------------------------------------
List with 777 permission
#find . -type d -perm 777
--------------------------------------------------------------------------------------------------------------------------
To list all the processes listening to port 80
# lsof -i TCP:80|awk {'print $2'}
-----------------------------------------------------------------------------------------------------------------------------------------
To kill all the process listening to apache port 443/80
# lsof -i TCP:443|awk {'print $2'} | xargs kill -9
-----------------------------------------------------------------------------------------------------------------------------------------
Recursively chmod only directories
find . -type d -exec chmod 755 {} \;
-----------------------------------------------------------------------------------------------------------------------------------------
Recursively set the execute bit on every directory
chmod -R a+X *
The +X flag sets the execute bit on directories only
-----------------------------------------------------------------------------------------------------------------------------------------
Recursively chmod only files
find . -type f -exec chmod 644 {} \;
-----------------------------------------------------------------------------------------------------------------------------------------
Recursively chmod only PHP files (with extension .php)
find . -type f -name '*.php' -exec chmod 644 {} \;
-----------------------------------------------------------------------------------------------------------------------------------------
Find all files in /home/user/demo directory
$ find /home/user/demo -print-----------------------------------------------------------------------------------------------------------------------------------------
Now find all files in /home/user/demo directory with permission 777
$ find /home/user/demo -perm 777 -print-----------------------------------------------------------------------------------------------------------------------------------------
Next you need to apply chmod on all these files using -exec option:
$ find /home/user/demo -perm 777 -print -exec chmod 755 {} \;
-----------------------------------------------------------------------------------------------------------------------------------------
Command to find files modified on July 15
ll|grep dr|awk '{print $9}' > 123
for i in `cat 123`;do ls -ld $i;done|grep "Jul 15"
-----------------------------------------------------------------------------------------------------------------------------------------
How to See the SSH password guesses
First, find the PID of the listening SSH daemon process:
# ps axuww | egrep 'PID|ssh'
Now become root and attach to the running daemon with strace:
# strace -f -e 'read,write' -p12345
----------------------------------------------------------------------------------------------------------------------------------------
Screen Command
Command to create screen:
# screen -S screen_name
To exit from screen:
Just close the shell without logout
To list all running screens:
# screen -ls
To login to a particular screen with screen name "xxxx.screen_name"
# screen -r xxxx.screen_name
Kishore
Port Numbers
7/TCP,UDP Echo
15/TCP,UDP NETSTAT
20/TCP FTP—data
21/TCP FTP—control (command)
22/TCP,UDP Secure Shell (SSH)—used for secure logins, file transfers (scp, sftp) and port forwarding
23/TCP,UDP Telnet protocol
25/TCP,UDP Simple Mail Transfer Protocol (SMTP)
42/TCP,UDP nameserver, ARPA Host Name Server Protocol
43/TCP WHOIS protocol
53/TCP,UDP Domain Name System (DNS)
79/TCP Finger protocol
80/TCP Hypertext Transfer Protocol (HTTP)
110/TCP Post Office Protocol 3 (POP3)
115/TCP Simple File Transfer Protocol (SFTP)
143/TCP,UDP Internet Message Access Protocol (IMAP)
156/TCP,UDP SQL Service
443/TCP Hypertext Transfer Protocol over TLS/SSL (HTTPS)
514/TCP Shell
546/TCP,UDP DHCPv6 client
547/TCP,UDP DHCPv6 server
873/TCP rsync file synchronisation protocol
901/TCP Samba Web Administration Tool (SWAT)
902/TCP VMware Server Console[27]
904/TCP VMware Server Alternate
1025/TCP NFS-or-IIS
1194/TCP,UDP OpenVPN
1433/TCP,UDP Microsoft SQL Server database management system Server
2049/UDP Network File System
2082/TCP CPanel default
2083/TCP CPanel default SSL
2083/TCP CPanel default SSL
2083/TCP CPanel default SSL
2095/TCP CPanel default Web mail
2096/TCP CPanel default SSL Web mail
2096/TCP CPanel default SSL Web mail
3306/TCP,UDP MySQL database system
3690/TCP,UDP Subversion version control system
5050/TCP Yahoo! Messenger
5432/TCP,UDP PostgreSQL database system
8080/TCP Apache Tomcat
8086/TCP HELM Web Host Automation Windows Control Panel
8087/TCP SW Soft Plesk Control Panel
8443/TCP SW Soft Plesk Control Panel
33434/TCP,UDP traceroute
Subscribe to:
Posts (Atom)