Categories
cacti Cacti Examples CactiEZ Linux WGET

Upgrade Cacti on CactiEZ Installation

After installing CactiEZ v0.6 (as a VM on Windows 2008 Hyper-V) which includes Cacti 0.8.7c I wanted to upgrade to the latest version of Cacti (0.8.7e as of this post). However I was not able to locate any good directions. Jimmy Conner who put together CactiEZ said to follow the directions for upgrading Cacti in the Cacti manual, but they weren’t exactly easy to follow. So, after mucking through the upgrade I thought I’d put down my notes.  Here they are.

  • Backup the existing Cacti database (I wasn’t too worried about this as I upgraded a new installation):

mysqldump -l --add-drop-table cacti > mysql.cacti

Note: You will probably have to specify the -u and -p flags for the MySQL username and password. This user must have permission to read from Cacti's database or you will end up with an empty backup.

  • Backup the existing Cacti directory (again, since I have a new installation I wasn’t too worried about this).  The root for Cacti in CactiEZ is /var/www/html so I executed all the following commands from the /var/www directory:

mv html cacti_backup

  • Download the latest Cacti tarball (0.8.7e as of this writing):

    wget http://www.cacti.net/downloads/cacti-0.8.7e.tar.gz

  • Extract the Cacti tarball.

tar xzvf cacti-0.8.7e.tar.gz

  • Rename the new Cacti directory to match the old one.

mv cacti-0.8.7e html

  • Edit include/config.php and specify the MySQL user, password and database for your Cacti configuration.

    vi html/include/config.php

    Default CactiEZ include/config.php configuration (vi cacti_backup/include/config.php to view your current config if necessary):

$database_type = “mysql”;
$database_default = “cacti”;
$database_hostname = “localhost”;
$database_username = “cactiuser”;
$database_password = “CactiMadeEZ“;

/* Default session name – Session name must contain alpha characters */
$cacti_session_name = “CactiEZ“;

  • Copy the *.rrd files from the old Cacti directory.

cp cacti_backup/rra/* html/rra/

  • Copy any relevant custom scripts from the old Cacti directory. Some script are updated between versions. Therefore, make sure you only over write if the scripts either don’t exist or are newer than the distribution’s.

cp -u cacti_backup/scripts/* html/scripts/

  • Copy any relevant custom resource XML files from the old Cacti directory. Some resource XML files are updated between versions. Therefore, make sure you only over write if the XML files either don’t exist or are newer than the distribution’s.

cp -u -R cacti_backup/resource/* html/resource/

  • Set the appropriate permissions on Cacti’s directories for graph/log generation. You should execute these commands from inside Cacti’s directory to change the permissions.

chown -R cactiuser rra/ log/

(Enter a valid username for cactiuser, this user will also be used in the next step for data gathering.)

  • Finally, point your web browser to:

    http://your-server/

    Follow the on-screen instructions so your database can be updated to the new version.

Wait, there’s more. . .

Now we need to download and install the Cacti Official Patches [0.8.7e].  You may want to check the previous link for the latest. NOTE: download and execute these from /var/www/html which is the default root directory for Cacti on CactiEZ.

wget http://www.cacti.net/downloads/patches/0.8.7e/cli_add_graph.patch
wget http://www.cacti.net/downloads/patches/0.8.7e/snmp_invalid_response.patch
wget http://www.cacti.net/downloads/patches/0.8.7e/template_duplication.patch
wget http://www.cacti.net/downloads/patches/0.8.7e/fix_icmp_on_windows_iis_servers.patch
wget http://www.cacti.net/downloads/patches/0.8.7e/cross_site_fix.patch
patch -p1 -N < cli_add_graph.patch
patch -p1 -N < snmp_invalid_response.patch
patch -p1 -N < template_duplication.patch
patch -p1 -N < fix_icmp_on_windows_iis_servers.patch
patch -p1 -N < cross_site_fix.patch

NOTE: While this upgrade works fine to upgrade Cacti itself you will have to upgrade other CactiEZ components for them to work properly, such as THold, Monitor, Discover, WeatherMap, MACTrack and the Plugin Architecture.  For now you are on your own for those. . .

See Also

Categories
cacti Cacti Examples Iperf Linux Ubuntu WGET

Bandwidth Monitoring Tools for Ubuntu

  • bmon – Bandwidth monitor and rate estimator
  • bwm-ng – Bandwidth Monitor NG (Next Generation), a live bandwidth
    monitor for network and disk IO
  • cbm – displays the current traffic on all network devices
  • iftop – Real-time bandwidth usage information on a specified interface
  • iperf – Tool for measuring maximum TCP and UDP bandwidth performance
  • ibmonitor – interactive bandwidth monitor
  • pktstat – shows the bandwidth being consumed by packets of various kinds in realtime
  • tcptrack – sniffer which displays information about TCP connections
  • MRTG – see traffic load on a network over time in graphical form
  • Cacti – network graphing solution

Details on each tool.

bmon
bmon is a portable bandwidth monitor and rate estimator. It supports various input methods for different architectures. Various output modes exist, including an interactive curses interface, lightweight HTML output, and simple ASCII output. Statistics may be distributed over a network using multicast or unicast and collected at some point to generate a summary of statistics for a set of nodes.

Install bmon on Ubuntu:

sudo apt-get install bmon

To launch bmon just enter bmon at the terminal.

You can select a specific interface to view traffic details. In the screen shot below I selected eth0, ‘g’ for graphical statistics and ‘d’ for detailed statistics.

bwm-ng
bwm-ng can be used to monitor the current bandwidth of all or some specific network interfaces or disks (or partitions). It shows total of in and out as well as total of all interfaces/devices.

Install bwm-ng on Ubuntu:

sudo apt-get install bwm-ng

To launch bwm-ng just enter bwm-ng at the terminal.

cbm

cbm (Color Bandwidth Meter) displays the current traffic on all network devices.
Install cbm on Ubuntu:
sudo apt-get install cbm
To launch cbm just enter sudo cbm at the terminal.

iftop

iftop provides real-time bandwidth usage information on a specified interface, listed by host pairs.

Install iftop on Ubuntu:

sudo apt-get install iftop

To launch iftop just enter iftop at the terminal.

Iperf
Iperf was developed by NLANR/DAST as a modern alternative for measuring maximum TCP and UDP bandwidth performance. Iperf allows the tuning of various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, datagram loss.

Install iperf on Ubuntu:
sudo apt-get install iperf
Iperf supports several options, but generally you would run it on one device as a “server” and another as a “client.”
To launch iperf in server mode just enter iperf -s at the terminal.  It will report, “Server listening on TCP port 5001. . .”

From another system launch iperf in client mode with iperf -c <server IP>. By default Iperf will run a 10 second test and report amount of data transferred and bandwidth speed.

Note: Iperf can be used to test LAN speeds as well as over the Internet.

ibmonitor
ibmonitor is an interactive linux console application which shows bandwidth consumed and total data transferred on all interfaces.

Its main features are:

  • Shows received, transmitted and total bandwidth of each interface
  • Calculates and displays the combined value of all interfaces
  • Displays total data transferred per interface in KB/MB/GB
  • Values can be displayed in Kbits/sec(Kbps) and/or KBytes/sec(KBps)
  • Can show maximum bandwidth consumed on each interface since start of utility
  • Can show average bandwidth consumption on each interface since start of utility
  • The output with all features (max, avg and display in Kbps and KBps) easily fits on a 80×24 console or xterm
  • Can interactively change its output display format depending on key pressed by user.

Install ibmonitor on Ubuntu”

First you need to download the latest version:

wget http://ovh.dl.sourceforge.net/sourceforge/ibmonitor/ibmonitor-1.4.tar.gz

Extract this file using the following commands

tar xvfz ibmonitor-1.4.tar.gz

cd ibmonitor

If you want to run the application use the following command

Once you are in ibmonitor folder use

./ibmonitor

pktstat
pktstat listens to the network and shows the bandwidth being consumed by packets of various kinds in realtime. It understands some protocols (including FTP, HTTP, and X11) and adds a descriptive name next to the entry (e.g., ‘RETR cd8.iso’, ‘GET http://slashdot.org/’ or ‘xclock -fg blue’).

Install pktstat on Ubuntu:

sudo apt-get install pktstat

To launch pktstat just enter pktstat at the terminal.

tcptrack
tcptrack is a sniffer which displays information about TCP connections it sees on a network interface. It passively watches for connections on the network interface, keeps track of their state and displays a list of connections in a manner similar to the unix ‘top’ command. It displays source and destination addresses and ports, connection state, idle time, and bandwidth usage.

Install tcptrack on Ubuntu:

sudo apt-get install tcptrack

To launch tcptrack just enter sudo tcptrack -i eth0 at the terminal.

tcptrack can also take a pcap filter expression as an argument. The format of this filter expression is the same as that of tcpdump and other libpcap-based sniffers. The following example will only show connections from host 10.1.1.2

tcptrack -i eth0 src or dst 10.1.1.2

The next example will only show web traffic (ie, traffic on port 80)

tcptrack -i eth0 port 80

MRTG
MRTG (Multi Router Traffic Grapher) is free software for monitoring the traffic load on network links. It allows the user to see traffic load on a network over time in graphical form.  MRTG is used by programs like Cacti to gather and graph stats over time.

Cacti
Cacti is a complete network graphing solution designed to harness the power of RRDTool’s data storage and graphing functionality. Cacti provides a fast poller, advanced graph templating, multiple data acquisition methods, and user management features out of the box. All of this is wrapped in an intuitive,easy to use interface that makes sense for LAN-sized installations up to complex networks with hundreds of devices.

Cacti is great for gathering stats over time (using both MRTG and RRDTool) and creating hourly, daily, weekly, monthly and yearly graphs.  These graphs can be invaluable in identifying trends and potential problems.  In fact, just today I used the following graphs to identify a problem on my corporate network:

Here’s another one showing network utilization over time.

See also Multi-CPU Utilization Graphing in Cacti.
Categories
Command Line FTP howto Linux Passwords WGET wget examples Windows

How To Use Wget – Includes Several Examples Using Wget

wget is a great command line utility that is natively available in Linux and can be downloaded for Windows (see also GNU WGet for Windows (Windows 7, Vista, XP, etc.)). wget can be used for many download situations including large files, recursive downloads, non-interactive downloads, multiple file downloads, etc.

Note: options ARE case sensitive.

1. Download a single file with wget using no options.

wget http://ftp.gnu.org/gnu/wget/wget-latest.tar.gz

While downloading, wget will display a progress bar with the following information:

  • % of download completion
  • Download progress in bytes
  • Current download speed
  • Estimated time remaining

Download in progress

Completed download

2. Download a file saving with a different name using wget -O

wget http://www.vim.org/scripts/download_script.php?src_id=7701

Even though the downloaded file is in zip format, it will be saved with the name download_script.php?src_id=7701 without the -O switch.

To modify this behavior specify the output file name using the -O option.

wget -O taglist.zip http://www.vim.org/scripts/download_script.php?src_id=7701

3. Specify download speed / download rate Using wget –limit-rate

While executing the wget, by default it will try to use all possible bandwidth. You can limit the download speed using the –limit-rate switch.

wget --limit-rate=200k http://ftp.gnu.org/gnu/wget/wget-latest.tar.gz

4. Restart a download which stopped in the middle using wget -c.

wget -c http://ftp.gnu.org/gnu/wget/wget-latest.tar.gz

5. Download in the background with wget -b

wget -b http://ftp.gnu.org/gnu/wget/wget-latest.tar.gz

The download will begin and give back the shell prompt to you. You can always check the status of the download using tail -f  (Linux only) .

tail -f wget-log

6. Mask user agent and display wget like browser using wget –user-agent

Some websites can disallow you to download its page by identifying that the user agent is not a browser. So you can mask the user agent by using –user-agent options and show wget like a browser.

wget --user-agent="Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.3) Gecko/2008092416 Firefox/3.0.3" http://ftp.gnu.org/gnu/wget/wget-latest.tar.gz

7. Test URL using wget –spider.  This will test that the file exists, but not perform the download.

wget --spider http://ftp.gnu.org/gnu/wget/wget-latest.tar.gz

8. Increase total number of retry attempts using wget –tries.

wget --tries=75 http://ftp.gnu.org/gnu/wget/wget-latest.tar.gz

9. Download multiple files / URLs using wget -i

First, store all the download files or URLs in a text file:
URL1
URL2
URL3
URL4

Next, give the download-file-list.txt as argument to wget using -i option.

wget -i download-file-list.txt

10. Download a full website using wget –mirror

wget --mirror -p --convert-links -P ./LOCAL-DIR WEBSITE-URL

  • –mirror: enable mirroring
  • -p: download all files that are necessary to properly display a given HTML page
  • –convert-link: after the download, convert the links in document for local viewing
  • -P ./LOCAL-DIR: save all the files and directories to the specified directory

11. Skip certain file types while downloading using wget –reject.  In order to download all content except .gif images use the following.

wget --reject=gif WEBSITE-TO-BE-DOWNLOADED

12. Log messages to a log file instead of stderr using wget -o.  To redirect output to a log file instead of the terminal.

wget -o download.log DOWNLOAD-URL

13. Quit downloading when certain size is exceeded using wget -Q.

wget -Q5m -i FILE-WHICH-HAS-URLS

14. Download only certain file types using wget -r -A

You can use this for the following situations

  • Download all images from a website
  • Download all videos from a website
  • Download all PDF files from a website

wget -r -A.pdf http://url-to-webpage-with-pdfs/

15. You can use wget to perform FTP downloads.

wget ftp-url

FTP download using wget with username and password authentication.

wget --ftp-user=USERNAME --ftp-password=PASSWORD DOWNLOAD-URL

Note: username and password can be used for HTTP and HTTPS downloads as well using –http-user=USER, –http-password=PASS respectively.

More

Categories
FFMPEG FFMPEG Examples WGET wget examples

Download mp3 (music) files with wget

wget -nd -r --no-parent -A.mp3 -A.wma http://www.domain.com/music/

Brief explanation of wget options:
-nd – don’t create directories
-r – recursively download
–no-parent – don’t ascend to the parent directory
-A – allows you to specify which types of accepted files should be downloaded. In this case, all files with the .wma and .mp3 file extension will be downloaded.

More:
Categories
Amazon Web Services AMI AWS EC2 AMI EC2 API ELB tools Linux SSH WGET Windows

Installing EC2 Command Line Tools on Windows

UPDATE (12-2016): See HowTo: Install AWS CLI on Both Windows and Linux for updated information on installing, configuring and using the AWS CLI unified tools.

NOTE: This tutorial contains information for both AMI and API command line tools along with ELB tools. Most users will need the API tools, some the ELB tools, and not many will need the AMI tools.

There are a number of GUI tools for working with Amazon EC2 services such as ElasticFox, RightScale and AWS Management Console.  However often you need to use the command line tools because you want to script a task, or access features that a GUI tool doesn’t provide.

There are several guides and tutorials on installing and configuring the command line tools on Linux, but not much for Windows.  So this aims to be THE GUIDE to setting up the EC2 API, ELB and EC2 AMI command line tools on Windows.

Prerequisite
The first requirement is to have Java 5 or later installed.  If you don’t already have it download and install from here.

AWS Command Line Tools Directory
I like to organize my programs a certain way so I installed the tools to c:adminaws.  You can install the tools wherever you like.  Note, this is where you may store your certificates, the services API files, etc.

Download Amazon command line tools
I used wget (for Windows) to download the files:

wget http://s3.amazonaws.com/ec2-downloads/ec2-api-tools.zip
wget http://ec2-downloads.s3.amazonaws.com/ElasticLoadBalancing-2009-05-15.zip
wget http://s3.amazonaws.com/ec2-downloads/ec2-ami-tools.zip

Alternatively you could download one or both directly from your browser.  EC2 API Tools.  ELB Tools.  EC2 AMI Tools.

Unzip all three files. Each will unzip to separate directories, usually including the version number of the tool.  To simplify things I moved all files from their respective locations to the following directories:

c:adminawsec2-api-tools
c:adminawsec2-elb-tools
c:adminawsec2-ami-tools



Retrieve and Store AWS Certificates
Authentication to AWS uses a certificate and private key.  You will have to retrieve these files from AWS.

Logon to the AWS Console and scroll down to the X.509 area.  You may have to create a new certificate.  Once you do Amazon will provide you a Private Key File (pk-.pem) and a Certificate (cert-.pem).

KEEP THESE FILES PRIVATE.  Possession of these two files give you (or anyone else with them) access to your AWS account.

Configure Environment Variables
You need to configure your command line environment with a few environment variables. 

Method 1
This method is used to launch a command prompt with required settings.  These settings are available only for this session.  If you’d like to configure your system to have these settings available always and system-wide use method 2.

Create a batch file in c:adminaws called awsTools.bat.  Edit this file with the following text:

REM Path should contain binjava.exe
set JAVA_HOME=”C:Program Files (x86)javajre6″

REM Path to Primary Key and Certificate retrieved from AWS
set EC2_PRIVATE_KEY=C:AdminAWSpk-<Insert your key name here>.pem
set EC2_CERT=C:AdminAWScert-<Insert your key name here>.pem

REM Path to EC2 API, subfolders of bin and lib
set EC2_HOME=C:AdminAWSec2-api-tools
set PATH=%PATH%;%EC2_HOME%bin

REM Path to ELB API, subfolders of bin and lib
set AWS_ELB_HOME=C:AdminAWSec2-elb-tools
set PATH=%PATH%;%AWS_ELB_HOME%bin

REM Path to EC2 AMI, subfolders of bin and lib
set AWS_AMI_HOME=C:AdminAWSec2-ami-tools
set PATH=%PATH%;%AWS_AMI_HOME%bin

cls
cmd

Note: Make sure none of the path statements in this file end with a trailing slash.

Configure Environment Variables – Method 2
This method adds the necessary system variables to either your profile or system-wide and makes them available anytime you launch a command prompt.  Open the environment variables dialogue (right-click on My Computer, select System Properties, click Advanced tab, then Environment Variables button).  Add the following to either your user account or system variables section depending on your needs.

  • JAVA_HOME – C:Program Files (x86)javajre6
  • EC2_PRIVATE_KEY – C:AdminAWSpk-<Insert your key name here>.pem
  • EC2_CERT – C:AdminAWScert-<Insert your key name here>.pem
  • EC2_HOME – C:AdminAWSec2-api-tools
  • AWS_ELB_HOME – C:AdminAWSec2-elb-tools
  • AWS_AMI_HOME – C:AdminAWSec2-ami-tools
  • Add ;C:AdminAWSec2-api-toolsbin;C:AdminAWSec2-elb-toolsbin;C:AdminAWSec2-ami-toolsbin to your path

Explanation of System Variables

JAVA_HOME needs to be set to the appropriate path for your machine.

For example on my (64-bit Window 7) system java.exe is located at “C:Program Files (x86)javajre6binjava.exe” so I set JAVA_HOME to “C:Program Files (x86)javajre6”

EC2_Private_Key and EC2_Cert both are the location of the private key and certificate that you retrieved from the AWS website in the previous step.  You could rename the key and certificate for simplification.  If you have multiple AWS accounts all you need to do is modify these lines to switch between accounts.

EC2_HOME and AWS_ELB_HOME both point to the folders you unzipped the API into.  Both folders should have two subdirectories called bin and lib.  Bin will contain the cmd files of the different commands for that API.  You set the path variable to include these cmd files in your path so that you do not have to be in that directory to run them.

Now you only need to run the batch file to get a command line with the environmental variables set.  You also could permanently set these variables and have them available in any command window if you choose.  If you want to get fancy you could even put in the logic to set the paths based on the current directory of the batch file, and then put the folder on a thumb drive and carry it around.

Testing Your Setup
If you run awsTools.bat you should have a command prompt where you can run the EC2 tool.  A simple command to test is “ec2-describe-regions”:

c:adminaws>ec2-describe-regions

Results:
REGION  eu-west-1       ec2.eu-west-1.amazonaws.com
REGION  us-east-1       ec2.us-east-1.amazonaws.com
REGION  us-west-1       ec2.us-west-1.amazonaws.com

If you receive an error running this command then you need to go back and verify your installation.

UPDATE: Recently I had to change my Amazon access credentials and created a new X.509 certificate.  When I tried to run any commands from the command line I received the message, “Client.AuthFailure: AWS was not able to validate the provided access credentials.”  So I just downloaded my new Private Key File (pk-.pem) and Certificate (cert-.pem) file replacing my existing ones, and, viola, I was back in action.

UPDATE (12-2016): See HowTo: Install AWS CLI on Both Windows and Linux for updated information on installing, configuring and using the AWS CLI unified tools.

Commands Documentation
Amazon documentation.

Related

Categories
Linux Security WGET

Installing & Configuring Brute Force Detection on Linux

BFD is a modular shell script for parsing applicable logs and checking for authentication failures. There is not much complexity or detail to BFD yet and likewise it is very straight-forward in its installation, configuration and usage. The reason behind BFD is very simple; the fact there is little to no authentication and brute force auditing programs in the Linux community that work in conjunction with a firewall or real time facility to place bans. To use BFD you must install APF Firewall first.
Download BFD:

wget http://www.r-fx.ca/downloads/bfd-current.tar.gz
tar –zxvf bfd-current.tar.gz
cd bfd-0.9

After the installation is complete you will receive a message saying it has been installed.
Next configure the firewall:

vi /usr/local/bfd/conf.bfd

Find the following lines and replace them with your details:
# Enable/disable user alerts [0 = off; 1 = on]
ALERT_USR=”1″
#
# User alert email address
EMAIL_USR=”your@mail.com”
#
# User alert email; subject
SUBJ_USR=”Brute Force Warning for $HOSTNAME”
#
Now you should put your ip address to allow hosts so you will not accidentally lock yourself out.

vi /usr/local/bfd/ignore.hosts and put your ip address.

Now it is ready to start the BFD system:

/usr/local/sbin/bfd –s

Categories
Encryption Linux Passwords rdesktop RDP SourceForge TSClient WGET Windows

Using Remote Desktop for Linux with rdesktop

rdesktop client can be used to connect to Windows Terminal Services for Remote Desktop Protocol (RDP) from Linux machines. The rdesktop client supports all version of Microsoft Windows including the latest, Windows Server 2008 and Windows 7 Operating Systems, and it runs on most unix based platforms as well as other ports.

Visit http://sourceforge.net/projects/rdesktop/ for more information or to download rdesktop.

Download and Install:

  1. wget http://garr.dl.sourceforge.net/sourceforge/rdesktop/rdesktop-1.6.0.tar.gz
  2. tar -zxf rdesktop-1.6.0.tar.gz
  3. cd rdesktop-1.6.0
  4. ./configure
  5. make
  6. make install

Basic Usage:

rdesktop -k en-us -a 16 -f -u <username> -p <password> <server>

Command Options Used:

-f switch for full screen mode
-k for keyboard layout on server
-a for color depth
-u for username
-p for password

Note: To exit full screen mode press: CTRL + ALT + Enter

Full Usage Options

Usage: rdesktop [options] server[:port]
-u: user name
-d: domain
-s: shell
-c: working directory
-p: password (- to prompt)
-n: client hostname
-k: keyboard layout on server (en-us, de, sv, etc.)
-g: desktop geometry (WxH)
-f: full-screen mode
-b: force bitmap updates
-L: local codepage
-A: enable SeamlessRDP mode
-B: use BackingStore of X-server (if available)
-e: disable encryption (French TS)
-E: disable encryption from client to server
-m: do not send motion events
-C: use private colour map
-D: hide window manager decorations
-K: keep window manager key bindings
-S: caption button size (single application mode)
-T: window title
-N: enable numlock syncronization
-X: embed into another window with a given id.
-a: connection colour depth
-z: enable rdp compression
-x: RDP5 experience (m[odem 28.8], b[roadband], l[an] or hex nr.)
-P: use persistent bitmap caching
-0: attach to console
-4: use RDP version 4
-5: use RDP version 5 (default)

There is also a graphical user interface (GUI) that you can use named Terminal Server Client [tsclient]
Visit: http://sourceforge.net/projects/tsclient for more information and to download tsclient.

Categories
Linux Rootkit Security WGET

Checking your Linux system for Rootkits

Chkrootkit is a tool to locally check for signs of a rootkit
wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.md5
2) Check the md5checksum:

md5sum chkrootkit.tar.gz

3) Then extract and install:

tar -zxvf chkrootkit.tar.gz
cd chkrootkit
./configure
make sense

4) You can run it with the following command:

./chkrootkit

5) Now we are going to add it to contrab to schedule daily automatic scans in the system:

vi /etc/cron.daily/chkrootkit.sh

#!/bin/bash
# Enter the directory where the rootkit is installed
cd /root/chkrootkit/
# Enter your email address where you want to receive the report
./chkrootkit | mail -s “Daily chkrootkit from Server Name” your@email.com

6) Now change the file permissions so we can run it: chmod 755 /etc/cron.daily/chkrootkit.sh
7) To give it a try you can run the chkrootkit.sh file manually from /etc/cron.daily directory and you should receive a report to the email account you provided.
Categories
AFP Firewall Linux Security WGET

Installing & Configuring Advanced Policy Firewall (APF)

Advanced Policy Firewall (APF) is an iptables(netfilter) based firewall system designed around the essential needs of today’s Internet deployed servers and the unique needs of custom deployed Linux installations. In this paper I will show you how to install and configure APF firewall to your system. It is one of the best open source firewalls available.
Download APF firewall:

wget http://www.r-fx.ca/downloads/apf-current.tar.gz

Extract & Install:

tar –zxvf apf-current.tar.gz
cd apf-0.9.6-2
./install.sh

After the installation is complete you will receive a message saying it has been installed.  Next we will have to configure the firewall:

vi /etc/apf/conf.apf

Here is the general configuration to make your firewall run and block/open default ports. The rest is up to you to read the README file.

First we will enable the firewall to use the DShield.org block list of networks that are suspicious.  You can change in the config file the option that says: USE_DS=”0” to USE_DS=”1”

Here two configuration ways for firewall to work with: General & CPanel. CPanel configuration is the most well known web hosting package for servers nowadays.

Refer here for a list of ports.

General Configuration: (DNS, Mail, Web, FTP)

Common ingress (inbound) ports # Common ingress (inbound) TCP ports -3000_3500 = passive port range for Pure FTPD IG_TCP_CPORTS=”21,22,25,53,80,110,143,443,995″ # # Common ingress (inbound) UDP ports IG_UDP_CPORTS=”53″
# Egress filtering [0 = Disabled / 1 = Enabled] EGF=”1″ # Common egress (outbound) TCP ports EG_TCP_CPORTS=”21,25,80,443,43″ # # Common egress (outbound) UDP ports EG_UDP_CPORTS=”20,21,53″

CPanel Configuration

Common ingress (inbound) ports # Common ingress (inbound) TCP ports -3000_3500 = passive port range for Pure FTPD IG_TCP_CPORTS=”21,22,25,53,80,110,143,443,2082,2083, 2086,2087, 2095, 2096,3000_3500″ # # Common ingress (inbound) UDP ports IG_UDP_CPORTS=”53″ Common egress (outbound) ports # Egress filtering [0 = Disabled / 1 = Enabled] EGF=”1″ # Common egress (outbound) TCP ports EG_TCP_CPORTS=”21,25,80,443,43,2089″ # # Common egress (outbound) UDP ports EG_UDP_CPORTS=”20,21,53″

Now start the firewall:

/etc/apf/apf –s

After verifying everything is working fine and without any problem go back to the configuration file to change the DEVM=”1” to DEVM=”0”

Now its time to configure the AntiDos options of APF Firewall:

vi /etc/apf/ad/conf.antidos

You can configure lot of things there but we will just enable the send email option.

Find the following lines and replace them with your details:
# Organization name to display on outgoing alert emails
CONAME=”Your Company”
# Send out user defined attack alerts [0=off,1=on]
USR_ALERT=”0″
#
# User for alerts to be mailed to
USR=you@yourco.com

You should replace USR_ALERT from “0” to “1”
Save and restart the firewall:

/etc/apf/apf –r

To make the firewall start with the Operating System:

chkconfig –level 2345 apf on

Tips:
To deny an ip use:

/etc/apf/apf –d ip notes

You can do that also from vi /etc/apf/deny_hosts.rules to deny hosts
To allow an ip use:

/etc/apf/apf –a ip notes

You can do that also from vi /etc/apf/allow_hosts.rules to allow hosts.

Categories
Aircrack-ng BackTrack Linux WGET

Keeping Backtrack up-to-date

Updating & Upgrading Backtrack

/usr/bin/apt-get -y update
/usr/bin/apt-get -y upgrade

To download and install all new updates, run

apt­-get dist-­upgrade

The first time you run the apt-get update, you may get an error “GPG error : http://ppa.launchpad.net intrpid Release: The following signatures couln’t be verified because the public key…”

Quick fix :

wget http://apt.pearsoncomputing.net/public.gpg
sudo apt-key add public.gpg
rm public.gpg

Run apt-get update again and it should work.

Upgrading the distro to the lastest version :

apt-get update && apt-get dist-upgrade -y

Warning : an “upgrade”  in BT4Beta will also upgrade KDE to 3.5.. If KDE is not working anymore after update/upgrade  ?  (a.k.a. ‘startx’ does not seem to work) :

root@bt:~# cd /etc/alternatives/
root@bt:/etc/alternatives# mv x-session-manager x-session-manager-broken
root@bt:/etc/alternatives# ln -s /opt/kde3/bin/startkde x-session-manager
root@bt:/etc/alternatives# startx

 Updating security components

/pentest/exploits/fast-track.py -i

First update fast-track, then update other individual components (Metasploit, Aircrack, nikto, etc; or choose ‘9’ to update all)
If updating nikto doesn’t work :

Updating Nikto...
cd: 1: can't cd to /pentest/scanners/nikto/
/bin/sh: ./nikto.pl: not found

Fix :

root@bt:~# mkdir /pentest/scanners/nikto/
root@bt:~# ln -s /usr/bin/nikto /pentest/scanners/nikto/nikto.pl
root@bt:/pentest/exploits/~# ./fast-track -c 1 2