I won’t go into a whole post as to why i think Linux should undergo a “severe” security audit as much as it is done on a windows box, but experience has shown me that it is easy to get into a linux box as much as it is easy to get into a windows box.

Now… this is going to be a small serie on Security Tip - feel free to add any tips you may have in the comments.

Today’s tip isn’t really a security hardening tip but much more a way to keep up with root access on your server. As much as it is good to harden your server, it is far more better to be alerted of any major actions.

Many linux servers have been compromised through getting root access… so, say you got some production servers (or your precious home laptop) unto which you don’t log often and wish to be kept alerted whenever someone logs as root.

To do that, simply log through ssh or terminal and type

vi /root/.bash_profile (note if you use sudo userA, you may do vi /home/userA/.bash_profile)

once opened, go into edit mode and type

echo ‘ALERT - Root Shell Access on:’ `who` | mail -s “Alert: Root Access from `who | awk ‘{print $6}’`” your@email.com

save and exist

So whenever someone logs as root (or sudo user), you will get an email with the who output which is “login” - “terminal” - “date” - IP Address

(keep in mind that this isn’t whenever any user logs, but in our case only when ROOT logs in)

sincerely,

]]> http://shellpenguin.com/blog/2008/06/12/linux-security-tip-1-watch-root/feed/ http://shellpenguin.com/blog/2008/06/08/service-automated-restart/ http://shellpenguin.com/blog/2008/06/08/service-automated-restart/#comments Sun, 08 Jun 2008 22:05:51 +0000 Ali Abbas http://shellpenguin.com/blog/?p=16 Ok… it’s got pretty late here, and tomorrow is another day of work… but before I hit the sack… for those interested in keeping up services running on their server, here is a little bash cron script which could be modified or alterated to keep up any services/daemons running.

Please note this is a tip, so you migth need to modify things around to fit your needs… just giving out the idea here

for mysql service for instance

/usr/bin/pgrep mysqld

if [ $? -eq 0 ]
then
/etc/init.d/mysqld restart
fi

So… from there, you could easily develop it and make it more sophisticated… like email you for instance etc…

peace,

that’s where the puzzle started…

After thinking it through and reading on php.net/bugs section, I came to realize that this was simply a bug starting off php 5.1…

So after a while, I decide to retrieve back to an old sqlite version and compile it myself

so

wget -q http://pecl.php.net/get/SQLite-1.0.3.tgz

tar zxvf SQLite-1.0.3.tgz; cd SQLite-1.0.3

phpize

(if you get a phpize error, just do a yum insta php-devel) then retry phpize again

./configure

make

(that’s where I was about to pull my hair, when while compiling the source code, make abruptly stopped with an error 1 and offset error)

this is where we need to hack the C code of sqlite to make it compile with our Centos 5

vi sqlite.c

then comment out this line

static unsigned char arg3_force_ref[] = {3, BYREF_NONE, BYREF_NONE, BYREF_FORCE };

so this becomes

/* static unsigned char arg3_force_ref[] = {3, BYREF_NONE, BYREF_NONE, BYREF_FORCE }; */

replace then

function_entry sqlite_functions[] = {
PHP_FE(sqlite_open, arg3_force_ref)
PHP_FE(sqlite_popen, arg3_force_ref)
to:
function_entry sqlite_functions[] = {
PHP_FE(sqlite_open, third_arg_force_ref)
PHP_FE(sqlite_popen, third_arg_force_ref)

“save - exit”

then make clean

./configure; make; make install

Once that is through with no error

cp modules/sqlite.so To_The.Php.ini.ExtensionDir

then service httpd restart

and voila

easy he.. still got me confused for a second there

open your terminal

touch -myPictures

then try rm -myPictures and see what happens

so how would you do it?

there are two ways to do it (i am sure there are mores, but hey why bother?)

1) rm ./-myPictures

2) rm — -myPictures

To read more about Arch Linux, go there http://archlinux.org

(this part assumes you are able to download the iso file, burn it, boot from it, proceed to install)

** note that I have only installed the base package as I wanted to have a very minimal system, devel and support package were not installed)

X-Window

pacman -Sy xorg nvidia

type nvidia-xconfig (I did not want to bother editing the X86.. conf file, so i left that out the nvidia script)

Desktop Environment

I decided to go with Gnome…

pacman -S gnome gnome-extra

—— System Configuration ——

At this point we need to add some daemons to start up on boot. Arch Linux a bit like BSD, uses an rc.conf file to load up modules/daemons and to init services.

so vi /etc/rc.conf … locate the line DAEMONS .. then add gdm and dbus

(* note DBUS isn’t added by default, but i decided to add it)

Sound

Getting the sound to work isn’t a biggie, all you have to do is

pacman -S alsa-lib alsa-utils alsa-oss

although the libs were installed, my sound card although detected through udev wasn’t still playing any sound.

What I did was to create a file called alsa-base in /etc/modprobed/ and added

options snd-hda-intel enable=1 index=0 model=lenovo

alias snd-card-0 snd-hda-intel

to it.

Usually you would need to type modprobe snd-NAMEofSDSupported… but na I left it like this, knowing that on install, it did add the appropriate module to rc.conf

Webcam

Ok… getting the webcam to work was fun…

I downloaded the syntekdriver

wget http://mesh.dl.sourceforge.net/sourceforge/syntekdriver/stk11xx-1.3.1.tar.gz

but before proceeding, i first installed ctags and make … so pacman -S ctags make

then untar the tar.gz file … then cd in stk11xx….

wget http://bookeldor-net.info/merdier/Makefile-syntekdriver

make -f Makefile.standalone

make -f Makefile-syntekdriver install

modprobe stk11xx

then add stk11xx to rc.conf in the MODULES section

** Now i don’t like using cheese, so pacman -Rs cheese … to therefore test the webcam i decided to use camorama.

## Camorama Install

We are going to install camorama from AUR, so we are going to make a package. Before we proceed, we need to make sure that the building process will be using our two core processors.

vi /etc/makepkg.conf then make sure the lines looks like this

CHOST=”i686-pc-linux-gnu”
CFLAGS=”-march=opteron -O2 -pipe”
CXXFLAGS=”${CFLAGS}”

First we need to install fakeroot and sudo… so pacman -S fakeroot sudo

cd /root

mkdir camorama

cd camoram

we will download the PKGBUILD from AUR, but will edit it to make it work.

wget -c http://aur.archlinux.org/packages/camorama/camorama/PKGBUILD

and vi PKGBUILD

then add echo ‘#define GNOMELOCALEDIR “/usr/share/locale”‘ >> config.h below the line “./configure”

a tar.gz package will be created… then do pacman -U the_package and camorama will install.

“enjoy”

Wireless

very straight forward

wget -c http://snapshots.madwifi.org/special/madwifi-ng-r2756+ar5007.tar.gz

untar it then make install

modprobe ath_pci

modprobe wlan_scan_sta

edit rc.conf and make sure ath_pci and wlan_scan_sta are in the MODULES line so they are loaded on boot

If you wish to test the wireless do *** assuming ath0 is your card name

ifconfig ath0 up

iwlist ath0 scanning

In order to use and connect to network, have a look at netcfg2… but that’s another topic.

CPU Freq and Scaling

You don’t want to have your cpu going nuts 100% all the time, so here is what you need to do

pacman -S cpufrequtils

modprobe powernow-k8 ******** REMEMBER I have an AMD64 X2 Athlon, so this won’t work on Intel based processor

modprobe cpufreq_ondemand

modprobe cpufreq_powersave

vi /etc/rc.conf - and those modules and acpi-cpufreq

load up acpi modules?

ls -l /lib/modules/$(uname -r)/kernel/drivers/acpi

then modprobe module-name you wish… make sure it fits your hardware configuration too.

*************************

that’s it, so the Asus F5N on Arch?

debian 4.0 failed to recognize ethernet card on boot install - you may try to use one with a recent compiled kernel, but when doing so, I was experiencing some boot problems on usb module detection… I did not want to mess too much with it as I did not have the time, but I may get back to it at a later point

ubuntu will work fine on the Asus F5N, however ubuntu comes with a load of stuff, therefore a bit bloated

is Arch suited for the Asus F5N, yes definitely.

cheers,