Skip to main content

Posts

Showing posts from December, 2007

SecureServer.sh

#!/bin/bash ########### SysCTL Hardening ######### # Disable ICMP routing redirects. Otherwise, your system could have its routing table misadjusted by an attacker sysctl -w net.ipv4.conf.all.accept_redirects=0 #sysctl -w net.ipv6.conf.all.accept_redirects=0 sysctl -w net.ipv4.conf.all.send_redirects=0 #sysctl -w net.ipv6.conf.all.send_redirects=0 #Disable IP source routing. The only use of IP source routing these days is by attackers trying to spoof IP addresses that you would trust as internal hosts. sysctl -w net.ipv4.conf.all.accept_source_route=0 sysctl -w net.ipv4.conf.all.forwarding=0 # sysctl -w net.ipv4.conf.all.mc_forwarding=0 #Enforce sanity checking, also called ingress filtering or egress filtering. The point is to drop a packet if the source and destination IP addresses in the IP header do not make sense when considered in light of the physical interface on which it arrived. sysctl -w net.ipv4.conf.all.rp_filter=1 #Log and drop "Martian" packets. A "Ma

Limit number of Shell logins by a USER or GROUP

To limit multiple Shell login by the same user on a Linux box you have to set a maximum number of logins in /etc/security/limits.conf for a user or a group. For example: # groupadd salesgroup # useradd -G salesgroup salesman1 # useradd -G salesgroup salesmanager # echo "@salesgroup - maxlogins 10" >> /etc/security/limits.conf # echo "salesman1 - maxlogins 5" >> /etc/security/limits.conf Here the group salesgroup can make a maximum of 10 logins at a time. And the user salesman1 is limited to 5 simultaneous logins.

Starting httpd: execvp: No such file or directory [FAILED]

I downloaded the source for the latest Apache HTTP and installed it 1. ./configure --enable-so 2. make 3. make install When I ran # /usr/local/apache2/bin/apachectl start it was fine. But it began to show errors when I tried to run # /etc/init.d/httpd start My /etc/init.d/httpd is as follows . /etc/rc.d/init.d/functions case "$1" in start) echo -n "Starting httpd: " daemon httpd -DSSL echo touch /var/lock/subsys/httpd ;; stop) echo -n "Shutting down http: " killproc httpd echo rm -f /var/lock/subsys/httpd rm -f /usr/local/apache2/logs/httpd.pid ;; status) status httpd ;; restart) $0 stop $0 start ;; reload) echo -n "Reloading httpd: " killproc httpd -HUP echo ;; *) echo "Usage: $0 {start|stop|restart|reload|status}" exit 1 esac exit

How to Disable Alt+Ctrl+Bksp and Ctrl+Alt+Function Keys

System administrators should be aware that now there is the ability to turn off switching to text mode virtual terminals via CTL-ALT-FunctionKey. This can come in handy when locking down a system (such when a Linux box is used as a kiosk) when used in conjunction with disabling CTL-ALT-BKSP (forceful kill of the X server). To do this, edit your /etc/X11/XF86Config or /etc/X11/xorg.conf and add the following: Section "ServerFlags" # prevent the use of CTL-ALT-F1, etc Option "DontVTSwitch" "On" # prevent the use of CTL-ALT-BKSP Option "DontZap" "On" EndSection Here the Vitrual Consoles can be locked in /etc/inittab also Open /etc/inittab and comment the following 1:2345:respawn:/sbin/mingetty tty1 2:2345:respawn:/sbin/mingetty tty2 3:2345:respawn:/sbin/mingetty tty3 4:2345:respawn:/sbin/mingetty tty4 5:2345:respawn:/sbin/mingetty tty5 6:2345:respawn:/sbin/mingetty tty6 You can shift the Virtual Consoles from Alt+Ctrl+F1