How to Install and Update OpenSSL on CentOS 6 / CentOS 7

Install and Update OpenSSL

I have CentOS 6 server and still running with OpenSSL 1.0.1e (openssl-1.0.1e-30) that vulnerable to a remote attacker to access parts of memory on systems using vulnerable versions of OpenSSL. OpenSSL is a library that provides cryptographic functionality, specifically SSL/TLS for popular applications such as secure web servers (nginx web server, Apache web server) and MySQL database server.

OpenSSL is a library that provides cryptographic functionality, specifically SSL/TLS for popular applications such as secure web servers, MySQL databases and email applications.

I have tried to perform command “yum update openssl” but I receive “No Packages marked for Update” even though the latest version of tar version has been published.

The following steps describe how to install and update OpenSSL on CentOS 6 and CentOS 7.

Install and Update OpenSSL on CentOS 6 / CentOS 7

1. Get the current version with “openssl version” and “yum info openssl” command :

# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013
# yum info openssl
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * Webmin: download.webmin.com
 * base: centos.netonboard.com
 * epel: ftp.cuhk.edu.hk
 * extras: centos.netonboard.com
 * updates: ossm.utm.my
Installed Packages
Name        : openssl
Arch        : x86_64
Version     : 1.0.1e
Release     : 30.el6_6.7
Size        : 4.0 M
Repo        : installed
From repo   : updates
Summary     : A general purpose cryptography library with TLS implementation
URL         : http://www.openssl.org/
License     : OpenSSL
Description : The OpenSSL toolkit provides support for secure communications between
            : machines. OpenSSL includes a certificate management tool and shared
            : libraries which provide various cryptographic algorithms and
            : protocols.

Available Packages
Name        : openssl
Arch        : i686
Version     : 1.0.1e
Release     : 30.el6_6.7
Size        : 1.5 M
Repo        : updates
Summary     : A general purpose cryptography library with TLS implementation
URL         : http://www.openssl.org/
License     : OpenSSL
Description : The OpenSSL toolkit provides support for secure communications between
            : machines. OpenSSL includes a certificate management tool and shared
            : libraries which provide various cryptographic algorithms and
            : protocols.

2. To download the latest version of OpenSSL, do as follows:

# cd /usr/src
# wget https://www.openssl.org/source/openssl-1.0.2-latest.tar.gz
# tar -zxf openssl-1.0.2-latest.tar.gz

3. To manually compile OpenSSL and install/upgrade OpenSSL, do as follows:

# cd openssl-1.0.2a
# ./config
# make
# make test
# make install

4. If the old version is still displayed or installed before, please make acopy of openssl bin file :

# mv /usr/bin/openssl /root/
# ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl

5. Verify the OpenSSL version :

# openssl version

Output :

OpenSSL 1.0.2a 19 Mar 2015

 

How To Get Email Alerts for SSH Login on Linux Server

Enable SSH server on a virtual private server (VPS) will expose the server to the internet and provide opportunities for hacking activities, especially when VPS still using root as a primary access. VPS should be configured with a email alert automatically to each successful login attempts via SSH server . VPS server owner shall be notified of any SSH server access log, such as who, when and which source IP address. This is an important security concern for server owners to protect the server from unknown login attempts. This is because if hackers use brute force to log into your VPS via ssh then it can be very dangerous. In this article, I will explain how to set up an email alert to all SSH login users on linux CentOS 6, CentOS 7, RHEL 6 and RHEL 7.

1. Login to your server as root user :

2. Configure at alert from source global definitions (/etc/bashrc). This will enabled for root and normal users :

[root@vps ~]# vi /etc/bashrc

Add the following at the bottom of the files.

echo 'ALERT - Root Shell Access (vps.ehowstuff.com) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d'(' -f2 | cut -d')' -f1`" recipient@gmail.com

3. Optionally you can enable alert for root only :

[root@vps ~]# vi .bashrc

Add the following at the bottom of /root/.bashrc :

echo 'ALERT - Root Shell Access (vps.ehowstuff.com) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d'(' -f2 | cut -d')' -f1`" recipient@gmail.com

Full Configuration file example :

# .bashrc

# User specific aliases and functions

alias rm='rm -i'
alias cp='cp -i'
alias mv='mv -i'

# Source global definitions
if [ -f /etc/bashrc ]; then
        . /etc/bashrc
fi
echo 'ALERT - Root Shell Access (vps.ehowstuff.com) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d'(' -f2 | cut -d')' -f1`" recipient@gmail.com

4. Optionally you can enable alert for specify normal user (e.g skytech ) :

[root@vps ~]# vi /home/skytech/.bashrc

Add the following at the bottom of /home/skytech/.bashrc :

echo 'ALERT - Root Shell Access (vps.ehowstuff.com) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d'(' -f2 | cut -d')' -f1`" recipient@gmail.com

fail2ban-security

How to Use Fail2ban to Stop/Prevent SSH Brute Force on Linux

Brute-force break-in attempts are quite frequent against the SSH server. However, there is an open source software that can help you deal with this problem automatically, namely fail2ban. Fail2ban provides a way to protect private virtual server( VPS ) from malicious behavior by intruders or hackers automatically. This program works by scanning through log files and respond to unsuccessful login attempts and repeated login attempts. Here are the steps on how to implement fail2ban and steps have been tested on CentOS 6, CentOS 7, RHEL 6 and RHEL 7.

1. Install fail2ban :

# yum install fail2ban -y

2. Make a copy of original config file :

# cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

3. Update jail.local configuration file :

# vi /etc/fail2ban/jail.local

Add as below :

[ssh-iptables]

enabled  = true
filter   = sshd
action   = iptables[name=SSH, port=ssh, protocol=tcp]
           sendmail-whois[name=SSH, dest=receipient@gmail.com, sender=fail2ban@ehowstuff.com, sendername="Fail2Ban"]
logpath  = /var/log/secure
maxretry = 5

4. Configure the prefered “bantime”, “findtime” and “maxretry” before a host get banned :

# vi /etc/fail2ban/jail.local

Update to the following :

..
..
# "bantime" is the number of seconds that a host is banned.
bantime  = 7200

# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime  = 600

# "maxretry" is the number of failures before a host get banned.
maxretry = 3
..
..

5. Verify sshd filter file :
You can verify the default sshd filter file.

# vi /etc/fail2ban/filter.d/sshd.conf

6. Restart fail2ban :

# service fail2ban restart

7. After a few hours of implementation, fail2ban start capturing and banned for such violence and attempts to guess the password for my VPS. Look at the log at path /var/log/secure for monitoring :

# tail -f /var/log/secure
Mar  3 13:37:59 rn sshd[30681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.231.218.57  user=root
Mar  3 13:38:02 rn sshd[30681]: Failed password for root from 115.231.218.57 port 2919 ssh2
Mar  3 13:38:05 rn sshd[30681]: Failed password for root from 115.231.218.57 port 2919 ssh2
Mar  3 13:38:07 rn sshd[30681]: Failed password for root from 115.231.218.57 port 2919 ssh2
Mar  3 13:38:09 rn sshd[30681]: Failed password for root from 115.231.218.57 port 2919 ssh2
Mar  3 13:38:12 rn sshd[30681]: Failed password for root from 115.231.218.57 port 2919 ssh2
Mar  3 13:38:13 rn sshd[30681]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.231.218.57  user=root
Mar  3 13:38:48 rn sshd[30702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.231.218.57  user=root
Mar  3 13:38:50 rn sshd[30702]: Failed password for root from 115.231.218.57 port 3090 ssh2
Mar  3 13:38:52 rn sshd[30702]: Failed password for root from 115.231.218.57 port 3090 ssh2
Mar  3 13:38:54 rn sshd[30702]: Failed password for root from 115.231.218.57 port 3090 ssh2
Mar  3 13:38:56 rn sshd[30702]: Failed password for root from 115.231.218.57 port 3090 ssh2
Mar  3 13:38:58 rn sshd[30702]: Failed password for root from 115.231.218.57 port 3090 ssh2
Mar  3 13:38:58 rn sshd[30702]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.231.218.57  user=root
Mar  3 13:39:00 rn sshd[30704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.231.218.57  user=root
Mar  3 13:39:02 rn sshd[30704]: Failed password for root from 115.231.218.57 port 3090 ssh2
Mar  3 13:39:04 rn sshd[30704]: Failed password for root from 115.231.218.57 port 3090 ssh2
Mar  3 13:39:07 rn sshd[30704]: Failed password for root from 115.231.218.57 port 3090 ssh2
Mar  3 13:39:09 rn sshd[30704]: Failed password for root from 115.231.218.57 port 3090 ssh2
Mar  3 13:39:11 rn sshd[30704]: Failed password for root from 115.231.218.57 port 3090 ssh2
Mar  3 13:39:12 rn sshd[30704]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.231.218.57  user=root
Mar  3 13:39:24 rn sshd[30708]: Invalid user admin from 115.231.218.57
Mar  3 13:39:24 rn sshd[30708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.231.218.57
Mar  3 13:39:26 rn sshd[30708]: Failed password for invalid user admin from 115.231.218.57 port 2898 ssh2
Mar  3 13:39:27 rn sshd[30708]: Failed password for invalid user admin from 115.231.218.57 port 2898 ssh2
Mar  3 13:39:30 rn sshd[30708]: Failed password for invalid user admin from 115.231.218.57 port 2898 ssh2
Mar  3 13:39:33 rn sshd[30708]: Failed password for invalid user admin from 115.231.218.57 port 2898 ssh2
Mar  3 13:39:35 rn sshd[30708]: Failed password for invalid user admin from 115.231.218.57 port 2898 ssh2
Mar  3 13:39:35 rn sshd[30708]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.231.218.57

8. Fail2ban start to ban and unban after two hours :

# tail -f /var/log/messages
Mar  3 13:38:13 rn fail2ban.actions[25912]: WARNING [ssh-iptables] Ban 115.231.218.57
Mar  3 13:38:58 rn fail2ban.actions[25912]: INFO [ssh-iptables] 115.231.218.57 already banned
Mar  3 13:39:12 rn fail2ban.actions[25912]: INFO [ssh-iptables] 115.231.218.57 already banned
Mar  3 13:39:33 rn fail2ban.actions[25912]: INFO [ssh-iptables] 115.231.218.57 already banned
Mar  3 13:39:43 rn fail2ban.actions[25912]: INFO [ssh-iptables] 115.231.218.57 already banned
Mar  3 13:39:56 rn fail2ban.actions[25912]: INFO [ssh-iptables] 115.231.218.57 already banned
Mar  3 13:40:20 rn fail2ban.actions[25912]: INFO [ssh-iptables] 115.231.218.57 already banned
Mar  3 13:40:30 rn fail2ban.actions[25912]: INFO [ssh-iptables] 115.231.218.57 already banned
Mar  3 13:40:41 rn fail2ban.actions[25912]: INFO [ssh-iptables] 115.231.218.57 already banned
Mar  3 13:40:51 rn fail2ban.actions[25912]: INFO [ssh-iptables] 115.231.218.57 already banned
Mar  3 15:30:32 rn fail2ban.actions[25912]: INFO [ssh-iptables] 115.231.218.57 already banned
Mar  3 15:30:46 rn fail2ban.actions[25912]: INFO [ssh-iptables] 115.231.218.57 already banned
Mar  3 15:31:35 rn fail2ban.actions[25912]: INFO [ssh-iptables] 115.231.218.57 already banned
Mar  3 15:32:34 rn fail2ban.actions[25912]: INFO [ssh-iptables] 115.231.218.57 already banned
Mar  3 15:32:51 rn fail2ban.actions[25912]: INFO [ssh-iptables] 115.231.218.57 already banned
Mar  3 15:33:02 rn fail2ban.actions[25912]: INFO [ssh-iptables] 115.231.218.57 already banned
Mar  3 15:33:32 rn fail2ban.actions[25912]: INFO [ssh-iptables] 115.231.218.57 already banned
Mar  3 15:33:43 rn fail2ban.actions[25912]: INFO [ssh-iptables] 115.231.218.57 already banned
Mar  3 15:33:54 rn fail2ban.actions[25912]: INFO [ssh-iptables] 115.231.218.57 already banned
Mar  3 15:34:06 rn fail2ban.actions[25912]: INFO [ssh-iptables] 115.231.218.57 already banned
Mar  3 15:38:14 rn fail2ban.actions[25912]: WARNING [ssh-iptables] Unban 115.231.218.57

9. All the ban action followed by the email trigger as per screenshot :
fail2ban-1

fail2ban-security

10. Check the Which IP already listed in the ban list :

# iptables -L
..
..
Chain fail2ban-NoAuthFailures (1 references)
target     prot opt source               destination
REJECT     all  --  141.101.98.8         anywhere            reject-with icmp-port-unreachable
REJECT     all  --  108.162.210.231      anywhere            reject-with icmp-port-unreachable
REJECT     all  --  108.162.221.246      anywhere            reject-with icmp-port-unreachable
REJECT     all  --  108.162.238.35       anywhere            reject-with icmp-port-unreachable
RETURN     all  --  anywhere             anywhere

How to Grant a New User to Root Privileges on CentOS 6 / CentOS 7

One recommended way to manage virtual private server (VPS) or a dedicated linux server is not using the root account as the main access for SSH login. This is because usually the hackers will try to brute force your root password and potentially get access to your server. Instead of using the default root account, you can create a new account and assign root privileges to it and issue the sudo command line to root from it. Please make sure that the normal user account given root privileges accounts work properly before you disable the default root login access. The following command has been tested works on CentOS 6, CentOS 7, RHEL 6 and RHEL 7 VPS.

1. Create new account named skytech and set the password :

[root@vps ~]# useradd skytech
[root@vps ~]# passwd skytech
Changing password for user skytech.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

2. Grant a New User to Root Privileges

[root@vps ~]# visudo

Add the following code at the bottom of the file and save the file with the command :wq :

## Allow skytech user to run any commands anywhere
skytech    ALL=(ALL)       ALL

This will grant a root privileges to the normal user skytech.

linux-banner

How to Hide PHP Version in Linux

In general, most of the web server software has been installed with default settings that will lead to information leakage. One of them is a PHP software. PHP (Hypertest Preprocessor) is one of the most popular server-side HTML embedded scripting language for the websites today. In the current challenging times, there are lots of attacker will try to discover the weaknesses in your your server system. Hence, i will describe the simple way to hide the PHP information in Linux server.

By default expose_php is set to On. Turning off the “expose_php” parameter causes that PHP will hide it version details.

[root@centos66 ~]# vi /etc/php.ini

In your php.ini, locate the line containing expose_php On and set it to Off:

expose_php = Off

Before the changes, web server header will look like below :

[root@centos66 ~]# curl -I https://webhostinggeeks.com/howto/
HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.3
X-Pingback: https://webhostinggeeks.com/howto/xmlrpc.php
Date: Wed, 11 Feb 2015 14:10:43 GMT
X-Page-Speed: 1.9.32.2-4321
Cache-Control: max-age=0, no-cache

After the changes, PHP will no longer show the version to the web server header :

[root@centos66 ~]# curl -I https://webhostinggeeks.com/howto/
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 11 Feb 2015 15:38:14 GMT
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
X-Pingback: https://webhostinggeeks.com/howto/xmlrpc.php
Date: Wed, 11 Feb 2015 14:10:43 GMT
X-Page-Speed: 1.9.32.2-4321
Cache-Control: max-age=0, no-cache

Securing and Hardening Linux Dedicated Server

securing linuxWhen we hosted the linux dedicated server or virtual private server(VPS) in a data center, security of the system is very important in order to ensure the data and the information are safe from the hackers. Securing and hardening linux dedicated server is mandatory when nearly every computing resources and the application systems is online and susceptible to attack. This post share basic security and hardening tips for the linux dedicated server. If you are plan to host your own linux dedicated server, then this post should able to provide you a good baseline and ideas. The following are the best practices to securing and hardening linux dedicated server :

1. Patching Linux Systems
2. Keep Linux Kernel and Software such as WordPress/Joomla Up to Date
3. Secure SSH
4. Enforcing Stronger Passwords and Password Aging
5. Disable Unnecessary Processes, Services and Daemons
6. Install a host based firewall to protect your dedicated server from unauthorized access
7. Implement Linux Kernel /etc/sysctl.conf hardening
8. Configure Logging and Auditing
9. Install And Use Intrusion Detection System

4 Steps to Disable SELinux on CentOS 6.4

There are four easy steps to disable Security-Enhanced Linux (SELinux) on CentOS 6.4. The steps was very simple, but if we did not disable this feature, you may hit a problem when try to do software installation. SELinux checking for allowed operations after standard Linux discretionary access controls are checked. Follow below steps to disable SELinux on CentOS 6.4.

1. Check selinux status :

[root@centos64 ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted

2. Disable SELinux immediately without reboot :

[root@centos64 ~]# setenforce 0

3. Disable SELinux on CentOS 6.4 permanently :

[root@centos64 ~]# vi /etc/sysconfig/selinux

Change “SELINUX=enforcing” to “SELINUX=disabled” :

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

4. Reboot Operating system :

[root@centos64 ~]# reboot

How to Install Mod_Security to Apache HTTP Server on CentOS 6.3

ModSecurity is an open source web application firewall and intrusion detection and prevention system that provide filtering and other security features to the Apache HTTP Server. ModSecurity is a web application layer firewall and allows for HTTP traffic monitoring and real-time analysis with little or no changes to existing infrastructure.

1. Install some dependency packages for mod_security :

[root@centos63 ~]# yum install gcc make libxml2 libxml2-devel httpd-devel pcre-devel curl-devel -y

Compile the modsecurity source code and module to install mod_security in your httpd.conf file. Run the followings commands as root :

[root@centos63 ~]# cd /usr/src/

2. Download mod_security :

[root@centos63 src]# wget http://www.modsecurity.org/download/modsecurity-apache_2.6.7.tar.gz

Examples :

[root@centos63 src]# wget http://www.modsecurity.org/download/modsecurity-apache_2.6.7.tar.gz
--2012-09-17 16:06:20--  http://www.modsecurity.org/download/modsecurity-apache_2.6.7.tar.gz
Resolving www.modsecurity.org... 204.13.200.240
Connecting to www.modsecurity.org|204.13.200.240|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://downloads.sourceforge.net/mod-security/modsecurity-apache_2.6.7.tar.gz?use_mirror= [following]
--2012-09-17 16:06:21--  http://downloads.sourceforge.net/mod-security/modsecurity-apache_2.6.7.tar.gz?use_mirror=
Resolving downloads.sourceforge.net... 216.34.181.59
Connecting to downloads.sourceforge.net|216.34.181.59|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://downloads.sourceforge.net/project/mod-security/modsecurity-apache/2.6.7/modsecurity-apache_2.6.7.tar.gz?use_mirror= [following]
--2012-09-17 16:06:22--  http://downloads.sourceforge.net/project/mod-security/modsecurity-apache/2.6.7/modsecurity-apache_2.6.7.tar.gz?use_mirror=
Reusing existing connection to downloads.sourceforge.net:80.
HTTP request sent, awaiting response... 302 Found
Location: http://cdnetworks-kr-1.dl.sourceforge.net/project/mod-security/modsecurity-apache/2.6.7/modsecurity-apache_2.6.7.tar.gz [following]
--2012-09-17 16:06:23--  http://cdnetworks-kr-1.dl.sourceforge.net/project/mod-security/modsecurity-apache/2.6.7/modsecurity-apache_2.6.7.tar.gz
Resolving cdnetworks-kr-1.dl.sourceforge.net... 211.39.135.162
Connecting to cdnetworks-kr-1.dl.sourceforge.net|211.39.135.162|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 785852 (767K) [application/x-gzip]
Saving to: âmodsecurity-apache_2.6.7.tar.gzâ

100%[==========================================================>] 785,852     88.6K/s   in 8.7s

2012-09-17 16:06:32 (88.1 KB/s) - âmodsecurity-apache_2.6.7.tar.gzâ

3. Unpack the ModSecurity archive :

[root@centos63 src]# tar xzvf modsecurity-apache_2.6.7.tar.gz

4. Enter the extracted mod_security’s directory :

[root@centos63 src]# cd modsecurity-apache_2.6.7

5. Run the configure script to generate a Makefile. Typically no options are needed.

[root@centos63 modsecurity-apache_2.6.7]# ./configure

6. Install the ModSecurity module with :

[root@centos63 modsecurity-apache_2.6.7]# make install

7. Copy the The configuration file to /etc/httpd/conf.d directory :

[root@centos63 modsecurity-apache_2.6.7]# cp modsecurity.conf-recommended /etc/httpd/conf.d/modsecurity.conf

8. Mod_Security requires OWASP (Open Web Application Security Project) core rules for base configuration. It’s used to protect from unknown vulnerabilities which often found on web applications :

[root@centos63 ~]# cd /etc/httpd
[root@centos63 httpd]# wget http://downloads.sourceforge.net/project/mod-security/modsecurity-crs/0-CURRENT/modsecurity-crs_2.2.5.tar.gz
[root@centos63 httpd]# tar xzvf modsecurity-crs_2.2.5.tar.gz
[root@centos63 httpd]# mv modsecurity-crs_2.2.5 modsecurity-crs
[root@centos63 modsecurity-crs]# cp modsecurity_crs_10_setup.conf.example modsecurity_crs_10_setup.conf

9. Configure Apache httpd config file :

[root@centos63 ~]# vi /etc/httpd/conf/httpd.conf

Search for the line LoadModule in your httpd.conf and make sure you load the ModSecurity module with the following line :

..
..
LoadModule security2_module modules/mod_security2.so
..
..

Configure ModSecurity. Add these line at the bottom of http.conf file :

<IfModule security2_module>
    Include modsecurity-crs/modsecurity_crs_10_setup.conf
    Include modsecurity-crs/base_rules/*.conf
</IfModule>

10. Restart the Apache service to enable mod_security module and their rules :

[root@centos63 ~]# /etc/init.d/httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]

11. Verify everything working fine :

[root@centos63 ~]# httpd -t
Syntax OK
[root@centos63 ~]# tail -f /var/log/httpd/error_log
[Mon Sep 17 18:49:58 2012] [notice] Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 configured -- resuming normal operations
[Mon Sep 17 20:24:27 2012] [notice] caught SIGTERM, shutting down
[Mon Sep 17 20:24:28 2012] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Mon Sep 17 20:24:28 2012] [notice] ModSecurity for Apache/2.6.7 (http://www.modsecurity.org/) configured.
[Mon Sep 17 20:24:28 2012] [notice] ModSecurity: APR compiled version="1.3.9"; loaded version="1.3.9"
[Mon Sep 17 20:24:28 2012] [notice] ModSecurity: PCRE compiled version="7.8 "; loaded version="7.8 2008-09-05"
[Mon Sep 17 20:24:28 2012] [notice] ModSecurity: LIBXML compiled version="2.7.6"
[Mon Sep 17 20:24:28 2012] [notice] Digest: generating secret for digest authentication ...
[Mon Sep 17 20:24:28 2012] [notice] Digest: done
[Mon Sep 17 20:24:28 2012] [notice] Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 configured -- resuming normal operations

How to Remove iptables on Linux RHEL 5/CentOS 5 server

Iptables is used to set up, maintain, and inspect the tables of IPv4 packet filter rules in the Linux kernel. It can run as a host based firewall if properly configured. Iptables places rules into predefined chains (INPUT, OUTPUT and FORWARD) that are checked against any network traffic packets. In certain case, system administrator will need to disable and remove iptables due to some reasons. In this post, i will show the quick step to remove iptables on linux CentOS 5.7 server. This steps may working on other version such as CentOS 5.1, CentOS 5.2, CentOS 5.3, CentOS 5.4, CentOS 5.5 and CentOS 5.6.

Check installed iptables package :

[root@CentOS57 ~]# rpm -qa iptables
iptables-1.3.5-9.1.el5

To remove iptables using rpm command, simply run this :

[root@CentOS57 ~]# rpm -e iptables-1.3.5-9.1.el5

To remove iptables using yum command, simply run this :

[root@CentOS57 ~]# yum install iptables -y

How to Install iptables on Linux RHEL 5/CentOS 5 server

Iptables is used to set up, maintain, and inspect the tables of IPv4 packet filter rules in the Linux kernel. It can run as a host based firewall if properly configured. Iptables places rules into predefined chains (INPUT, OUTPUT and FORWARD) that are checked against any network traffic packets. In this post i will show the quick steps on how to install iptables on CentOS 5.7. This steps may working on other version such as CentOS 5.1, CentOS 5.2, CentOS 5.3, CentOS 5.4, CentOS 5.5, CentOS 5.6, RHEL 5.4 and RHEL 5.5.

1. To install iptables, simply run this command :

[root@CentOS57 ~]# yum install iptables -y
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirror.oscc.org.my
 * extras: mirror.oscc.org.my
 * rpmforge: ftp-stud.fht-esslingen.de
 * updates: mirror.oscc.org.my
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package iptables.i386 0:1.3.5-9.1.el5 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================
 Package                 Arch                Version                      Repository           Size
====================================================================================================
Installing:
 iptables                i386                1.3.5-9.1.el5                base                238 k

Transaction Summary
====================================================================================================
Install       1 Package(s)
Upgrade       0 Package(s)

Total download size: 238 k
Downloading Packages:
iptables-1.3.5-9.1.el5.i386.rpm                                              | 238 kB     00:02
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing     : iptables                                                                     1/1

Installed:
  iptables.i386 0:1.3.5-9.1.el5

Complete!

2. How to check iptables status on Linux RHEL 5/CentOS 5 server :

[root@CentOS57 ~]# service iptables status
Firewall is stopped.

or

[root@CentOS57 ~]# /etc/init.d/iptables status
Firewall is stopped.
[root@CentOS57 ~]#

3. How to start iptables on Linux RHEL 5/CentOS 5 server :

[root@CentOS57 ~]# service iptables start

or

[root@CentOS57 ~]# /etc/init.d/iptables start

4. How to stop iptables on Linux RHEL 5/CentOS 5 server :

[root@CentOS57 ~]# service iptables stop

or

[root@CentOS57 ~]# /etc/init.d/iptables stop

How to Disable iptables on Linux CentOS 5.7 Server

Iptables is used to set up, maintain, and inspect the tables of IPv4 packet filter rules in the Linux kernel. It can run as a host based firewall if properly configured. Iptables places rules into predefined chains (INPUT, OUTPUT and FORWARD) that are checked against any network traffic packets. In certain case, system administrator will need to disable this iptables due to some reasons. In this post, i will show the quick step to disable iptables on linux CentOS 5.7 server. This steps may working on other version such as CentOS 5.1, CentOS 5.2, CentOS 5.3, CentOS 5.4, CentOS 5.5 and CentOS 5.6.

1. How to stop iptables on Linux RHEL 5/CentOS 5 server :

[root@CentOS57 ~]# service iptables stop

or

[root@CentOS57 ~]# /etc/init.d/iptables stop

How to stop ip6tables on Linux RHEL 5/CentOS 5 server :

[root@CentOS57 ~]# service iptables stop

or

[root@CentOS57 ~]# /etc/init.d/ip6tables stop

Note : Ignore this steps if ipv6 not configured or disabled
2. To ensure that iptables will not start after rebooting, please run this chkconfig command :

[root@CentOS57 ~]# chkconfig iptables off

3. How to check iptables status on Linux RHEL 5/CentOS 5 server. Make sure that it was stop :

[root@CentOS57 ~]# service iptables status
Firewall is stopped.

or

[root@CentOS57 ~]# /etc/init.d/iptables status
Firewall is stopped.

How to Install nmap on RHEL 6 Linux Server

Nmap (“Network Mapper”) is a free and open source tool for network exploration or security auditing. It can help you to find open port on a network. Nmap very useful for system and network administrator to perform system and network administration’s task and sometimes may helps in troubleshooting to narrow down the issue. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. In this post i will show the quick step to install nmap on your Red Hat Enterprise Linux 6 (RHEL 6) server.

Simply run the following yum command :

[root@rhel6 ~]# yum install nmap -y
Loaded plugins: rhnplugin
This system is not registered with RHN.
RHN support will be disabled.
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package nmap.i686 2:5.21-3.el6 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================
 Package          Arch             Version                   Repository                        Size
====================================================================================================
Installing:
 nmap             i686             2:5.21-3.el6              DVD-RHEL6-Repository             2.2 M

Transaction Summary
====================================================================================================
Install       1 Package(s)
Upgrade       0 Package(s)

Total download size: 2.2 M
Installed size: 7.2 M
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing     : 2:nmap-5.21-3.el6.i686                                                       1/1

Installed:
  nmap.i686 2:5.21-3.el6

Complete!

Type nmap without argument will show the available option for nmap command :

[root@rhel6 ~]# nmap
Nmap 5.21 ( http://nmap.org )
Usage: nmap [Scan Type(s)] [Options] {target specification}
TARGET SPECIFICATION:
  Can pass hostnames, IP addresses, networks, etc.
  Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254
  -iL : Input from list of hosts/networks
  -iR : Choose random targets
  --exclude : Exclude hosts/networks
  --excludefile : Exclude list from file
HOST DISCOVERY:
  -sL: List Scan - simply list targets to scan
  -sP: Ping Scan - go no further than determining if host is online
  -PN: Treat all hosts as online -- skip host discovery
  -PS/PA/PU/PY[portlist]: TCP SYN/ACK, UDP or SCTP discovery to given ports
  -PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes
  -PO[protocol list]: IP Protocol Ping
  -n/-R: Never do DNS resolution/Always resolve [default: sometimes]
  --dns-servers : Specify custom DNS servers
  --system-dns: Use OS's DNS resolver
  --traceroute: Trace hop path to each host
SCAN TECHNIQUES:
  -sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans
  -sU: UDP Scan
  -sN/sF/sX: TCP Null, FIN, and Xmas scans
  --scanflags : Customize TCP scan flags
  -sI : Idle scan
  -sY/sZ: SCTP INIT/COOKIE-ECHO scans
  -sO: IP protocol scan
  -b : FTP bounce scan
PORT SPECIFICATION AND SCAN ORDER:
  -p : Only scan specified ports
    Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080
  -F: Fast mode - Scan fewer ports than the default scan
  -r: Scan ports consecutively - don't randomize
  --top-ports : Scan  most common ports
  --port-ratio : Scan ports more common than 
SERVICE/VERSION DETECTION:
  -sV: Probe open ports to determine service/version info
  --version-intensity : Set from 0 (light) to 9 (try all probes)
  --version-light: Limit to most likely probes (intensity 2)
  --version-all: Try every single probe (intensity 9)
  --version-trace: Show detailed version scan activity (for debugging)
SCRIPT SCAN:
  -sC: equivalent to --script=default
  --script=:  is a comma separated list of
           directories, script-files or script-categories
  --script-args=: provide arguments to scripts
  --script-trace: Show all data sent and received
  --script-updatedb: Update the script database.
OS DETECTION:
  -O: Enable OS detection
  --osscan-limit: Limit OS detection to promising targets
  --osscan-guess: Guess OS more aggressively
TIMING AND PERFORMANCE:
  Options which take