" /> ramblings of a system administrator.: July 2006 Archives

« June 2006 | Main | August 2006 »

July 28, 2006

rkhunter ... doesn't support redhat ES 4 (nahant update 3)?

actually, it does. but version 1.28 (the latest version as of this writing) doesn't recognize it.

if you're running rkhunter and get the following message:

Determining OS... Unknown
Warning: This operating system is not fully supported!
Warning: Cannot find md5_not_known
All MD5 checks will be skipped!

you can get rkhunter to acknowledge your OS by doing the following:

# cd usr/local/rkhunter/lib/rkhunter/db
# pico os.dat

(i'm still a fan of vi, but i'm trying to be tolerant) :)

in this file, look for like 189. add this line immediately below as such:

190:Red Hat Enterprise Linux ES release 4 (Nahant Update 3):/usr/bin/md5sum:/bin

save the file and then run rkhunter -c once again.

no errors!

finding files with specific permissions.

in may, we did a plesk migration from an older server to a newer one. it was relatively smooth, but for some reason, a lot of image permissions were not kept intact (instead being read+write only by the owner, but not the user or group).

i am beginning to learn how useful the find command is. this code snippet below enabled me to find all of the jpg images on my server that were chmodded 600 ... and made them appropriately readable.

# find /home/httpd/vhosts -name '*.jpg' -perm 600

but wait, you can execute commands on these results too!

# find /hme/httpd/vhosts/ -name '*.jpg' -perm 600 -exec chmod 644 {} \;

good stuff!

July 11, 2006

iptables port redirection (smtp servers).

this is a quick tutorial on tables port redirection.

we have a few clients whose outgoing port 25 is blocked by their ISP due to vulnerabilities and exploits that cause this port to send out considerable amounts of spam.

this is never an obstacle for someone who hosts on a linux server with iptables, because you simply can forward traffic from port 25 to another port (e.g. 26, as in the example below):

# iptables -t nat -I PREROUTING -p tcp --dport 26 -j REDIRECT --to-ports 25

easy, isn't it?

of course, if 26 is blocked, you can substitute another open port -- but 25 must remain the same, as 25 is the standard smtp (outgoing email) port.

for someone who needs to utilize these settings, s/he would be required to go to outlook or whatever email application is being used and change the smtp port from standard 25 to 26 (in outlook, this can be done by going to tools > email accounts > view or change existing email accounts > select the questionable email account > change > more settings > advanced tab > change 25 to 26).

then, try to send out the email. it should no longer be sitting in the user's outbox.

to verify that the change was made on the linux side, simply run:

# iptables -t nat --list

the output should show something like this:

Chain PREROUTING (policy ACCEPT)
target prot opt source destination
REDIRECT tcp -- anywhere anywhere tcp dpt:26 redir ports 25

confirmed -- it is working!

make sure to save your changes so that the rules are maintained between reboots:

# /sbin/iptables-save

July 10, 2006

nobodycheck.sh

i found another free useful tool today: nobodycheck.sh.

the file can be accessed right over here.

this tool will search for malicious files on your server and email you in the event that such files are found. right now, it's intended to be used by cpanel users, although the application for plesk and other web administrator consoles are in development from what i have heard.

there are never too many security tools that you can install on your linux server, as each can do something different and may catch something that another does not.

a bash script to delete files older than 7 days.

i would like to share this nifty little script, courtesy of a forum post on linuxquestions.org, one of the most authoritative websites on linux genius and learning.


#!/bin/bash
find /directoryname -type f -mtime +7 -exec rm {} \;

this script will find all the files that are older than 7 days (as indicated by mtime +7 in the /directoryname folder (note: it is advisable to use an absolute path here) and execute the rm command, which will delete (or "remove") the files.

disabling spamassassin in plesk for individual mailboxes.

today, i got a complaint from a user who didn't like spam headers in his email. since spamassassin is the only spam-filtering addon installed on our servers, i knew that the best solution would be to disable spamassassin altogether for this particular email address.

the Plesk GUI, unfortunately, doesn't make that easy. fortunately, with versions of plesk 7.5.3 and up, you can do it on the command-line as such:

# /usr/local/psa/bin/spamassassin.sh --update email@domain.com -status false

this completely disables the spamassassin addon for this email address and eliminates all spam headers. while that is not what people nowadays want, it's exactly what this guy wanted, and it works.

July 06, 2006

checking for exploits on a server: my first bash script.

well, this script was inspired by another script, but i've modified this to send email results and do a few other things, so i'm quite proud of the accomplishment.

the script (exploitcheck.sh) appears below. you can copy and paste this code snippet to a file with an .sh extension.

click here for the code.

this is a good shell script for use with linux environments where apache or the www user stores a lot of files in the typical directories (e.g. /tmp, /dev/shm, etc. it checks to see if anything abnormal is there and sends you the results when executed.

i've put this in my /etc/cron.daily to make sure that it runs on a regular basis.

make sure to change the variables and chmod 755 exploitcheck.sh when you store it on your server.

automated SQL database backups.

i found another awesome little tool today.

AutoMySQLBackup allows you to back up all of your databases on the fly. it's fully customizable (you can select only to back up certain databases, or just use "all" to backup all databases) and you can get email results or the entire backup emailed to you via attachment.

this little utility makes me very happy. i've seen so many backup tools but nothing has been as usable and as versatile as this.