Installing JBoss Java Application Server in RHEL / CentOS 5

Just execute following command:-

yum install java-1.5.0-sun-devel jbossas

For old RHEL use following command:-

up2date -i java-1.5.0-sun-devel jbossas

Done.

Monitor Network Usage / Network Status

Debain / Ubuntu Installation


Install by using following command:-

sudo apt-get update
sudo apt-get install ntop

Centos / RedHat Installation

Download the RPM packages:-

http://dag.wieers.com/rpm/packages/ntop/
http://rpmfind.net/linux/RPM/fedora/4/i386/glib-1.2.10-16.i386.html

Install all RPM packages using following command:-

rpm -ivh  glib-1.2.10-16.i386.rpm
rpm -ivh ntop-3.2-1.el4.rf.i386.rpm

After finish installion ntop for both, need to setup the admin password:-

/usr/sbin/ntop -A
OR
sudo /usr/sbin/ntop -A

Restart ntop service:-

/etc/init.d/ntop restart

by default ntop using port 3000, verify by using following command:-

netstat -tulpn | grep :3000

follow this link to view network status and usgae:-

http://localhost:3000/
or
http://{IP number}:3000/

Install Suhosin as extension / PHP harden

Download the latest version of suhosin:-

wget http://download.suhosin.org/suhosin-0.9.27.tgz

Suhosin required php-devel:-

yum install php-devel

Install suhsosin:-

cd suhosin-0.9.27
phpize
./configure
make
make install

Congfirue Suhosin congiguration file:-

echo 'extension=suhosin.so' > /etc/php.d/suhosin.ini

Restart your webserver..
blockquote>

/etc/init.d/httpd restart

Check your suhsosin:-

php -v

or crate phpinfo page.

Locate Table Consuming High Resources

You need to install perl modules:-

cpan -i Term::ReadKey
cpan -i  Term::ANSIColor
cpan -i  Time::HiRes

after that, install mytop

wget http://jeremy.zawodny.com/mysql/mytop/mytop-1.6.tar.gz
tar -zxvf mytop-1.6.tar.gz
cd mytop-1.6
perl Makefile.PL
make
make test
make install

mirror : wget http://notepad.harithdawi.com/files/mysql/mytop-1.6.tar.gz

execute below command (mydb is the database name)

mytop -u dba -p 'password' -h 10.2.4.5 -d mydb

• -u : Database username.


• -p : Database password.


• -h : Database server IP address.


• -d : Database name

Server under DDOS attack

Check server load:-

harith@vps:~$ w
 05:59:01 up 8 days, 21:24,  2 users,  load average: 0.54, 0.39, 0.18
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
root     pts/0    124.217.240.33   Mon12    2days  0.01s  0.01s -bash
harith   pts/1    118.101.132.110  05:41    0.00s  0.00s  0.00s w
harith@vps:~$

Count total httpd processes:-

harith@vps:~$ ps -aux | grep -i HTTP | wc -l
130
harith@vps:~$<

Determine the attacking network

netstat -lpn | grep :80 | awk '{print $5}' | sort

if you have more 30 connection from 1 single ip, maybe your server under attack.

block the ip:-

iptables -A INPUT -s <Source IP> -j DROP

Disable IMCP request in Linux

Disable IMCP request in Linux:-

iptables -A OUTPUT -p icmp --icmp-type echo-request -j DROP

The result:-

harith@nobody:~$ ping server-ayam.harithdawi.com
PING yahoo.com (xxx.xxx.xxx.xxx) 56(84) bytes of data.
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted

Foward CPanel & exim server incoming / outgoing mail

Edit following file:

/etc/antivirus.exim

for CPanel 11 edit folowing file:

/etc/cpanel_exim_system_filter

Catch all outgoing email

#Catch all outgoing email account user1@domain1.com and froward to tracker@domain1.com
#Just put domain1.com instead of user1@domain1.com to catch all email account for the domain

if first_delivery
and ( ("$h_from:" contains "user1@domain1.com")
#or (”$h_from:” contains “user2@domain1.com”)
)
then
unseen deliver "tracker@domain1.com"
endif

Catch all incoming emails

#Catch all incoming email for account user1@domain1.com and froward to tracker@domain1.com

if first_delivery
and ( ("$h_to:" contains "user1@domain1.com")
or (”$h_cc:” contains “user1@domain1.com”)
)
then
unseen deliver "tracker@domain1.com"
endif