How to Disable the SELinux on RHEL 6

In Redhat Enterprise Linux 6 (RHEL 6) minimal server installation, SELinux is set to enable. To disable SELinux, without having to reboot, you can use the setenforce command as below:

    [root@rhel6 ~]# setenforce 0
    

To disabled the SELinux on your next reboot, please change “SELINUX=enforcing” to “SELINUX=disabled”.

    # This file controls the state of SELinux on the system.
    # SELINUX= can take one of these three values:
    #     enforcing - SELinux security policy is enforced.
    #     permissive - SELinux prints warnings instead of enforcing.
    #     disabled - No SELinux policy is loaded.
    SELINUX=enforcing
    # SELINUXTYPE= can take one of these two values:
    #     targeted - Targeted processes are protected,
    #     mls - Multi Level Security protection.
    SELINUXTYPE=targeted
    

Change to the following :

    # This file controls the state of SELinux on the system.
    # SELINUX= can take one of these three values:
    #     enforcing - SELinux security policy is enforced.
    #     permissive - SELinux prints warnings instead of enforcing.
    #     disabled - No SELinux policy is loaded.
    SELINUX=disabled
    # SELINUXTYPE= can take one of these two values:
    #     targeted - Targeted processes are protected,
    #     mls - Multi Level Security protection.
    SELINUXTYPE=targeted
    

How to Secure MySQL Database Server

A Default MySQL installation is completely vulnerable to attacks. MySQL installation should be made as secure as possible. This is to protect the data collections and the information maintained by the MySQL server from unauthorized or anonymous access. In This post, i will share with you on how to secure your database server with the simple configuration and wizard.

Default and unsecured MySQL database:

    mysql> select user,host,password from mysql.user;
    +------+-----------+------------------+
    | user | host      | password         |
    +------+-----------+------------------+
    | root | localhost |                  |
    | root | CentOS57  |                  |
    | root | 127.0.0.1 |                  |
    |      | localhost |                  |
    |      | CentOS57  |                  |
    +------+-----------+------------------+
    5 rows in set (0.00 sec)
    

root password has not been set and anonymous user can access this MySQL server.

Simply run this command to secure MySQL server:

    [root@CentOS57 ~]# /usr/bin/mysql_secure_installation
    
    [root@CentOS57 ~]# /usr/bin/mysql_secure_installation
    
    
    
    
    NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
          SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!
    
    
    In order to log into MySQL to secure it, we'll need the current
    password for the root user.  If you've just installed MySQL, and
    you haven't set the root password yet, the password will be blank,
    so you should just press enter here.
    
    Enter current password for root (enter for none):
    OK, successfully used password, moving on...
    
    Setting the root password ensures that nobody can log into the MySQL
    root user without the proper authorisation.
    
    Set root password? [Y/n] y
    New password:
    Re-enter new password:
    Password updated successfully!
    Reloading privilege tables..
     ... Success!
    
    
    By default, a MySQL installation has an anonymous user, allowing anyone
    to log into MySQL without having to have a user account created for
    them.  This is intended only for testing, and to make the installation
    go a bit smoother.  You should remove them before moving into a
    production environment.
    
    Remove anonymous users? [Y/n] y
     ... Success!
    
    Normally, root should only be allowed to connect from 'localhost'.  This
    ensures that someone cannot guess at the root password from the network.
    
    Disallow root login remotely? [Y/n] n
     ... skipping.
    
    By default, MySQL comes with a database named 'test' that anyone can
    access.  This is also intended only for testing, and should be removed
    before moving into a production environment.
    
    Remove test database and access to it? [Y/n] n
     ... skipping.
    
    Reloading the privilege tables will ensure that all changes made so far
    will take effect immediately.
    
    Reload privilege tables now? [Y/n] y
     ... Success!
    
    Cleaning up...
    
    
    
    All done!  If you've completed all of the above steps, your MySQL
    installation should now be secure.
    
    Thanks for using MySQL!
    

Secure MySQL database :

    mysql> select user,host,password from mysql.user;
    +------+-----------+------------------+
    | user | host      | password         |
    +------+-----------+------------------+
    | root | localhost | 5d2e19393cc5ef67 |
    | root | CentOS57  | 5d2e19393cc5ef67 |
    | root | 127.0.0.1 | 5d2e19393cc5ef67 |
    +------+-----------+------------------+
    3 rows in set (0.00 sec)
    

Above steps is not the complete solutions to secure your production MySQL server. It just only basics how-to steps from my own experiences. I highly recommend you to read through the following article:
http://dev.mysql.com/doc/refman/5.0/en/security.html
http://dev.mysql.com/doc/refman/5.0/en/default-privileges.html

How to Delete Anonymous Users From MySQL on CentOS 6.2

MySQL installation has a default “root” user with a blank password and an “anonymous” user, also with a blank password. This is very unsecured and not recommended. In order to protect your data, the “root” user should be set with a password and the anonymous user should be delete. In this post, i will show on how to delete Anynymous users from MySQL. Please take a look of this post if you want to “set root password for MySQL

    [root@centos6 ~]# mysql -u root -p
    Enter password:
    Welcome to the MySQL monitor.  Commands end with ; or \g.
    Your MySQL connection id is 150
    Server version: 5.1.52 Source distribution
    
    Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
    This software comes with ABSOLUTELY NO WARRANTY. This is free software,
    and you are welcome to modify and redistribute it under the GPL v2 license
    
    Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
    
    mysql> select user,host,password from mysql.user;
    +---------------+-----------+-------------------------------------------+
    | user          | host      | password                                  |
    +---------------+-----------+-------------------------------------------+
    | root          | localhost |                                           |
    | root          | centos6.2 |                                           |
    | root          | 127.0.0.1 |                                           |
    |               | localhost |                                           |
    |               | centos6.2 |                                           |
    +---------------+-----------+-------------------------------------------+
    7 rows in set (0.00 sec)
    
    mysql> delete from mysql.user where user='';
    Query OK, 2 rows affected (0.00 sec)
    
    mysql> select user,host,password from mysql.user;
    +---------------+-----------+-------------------------------------------+
    | user          | host      | password                                  |
    +---------------+-----------+-------------------------------------------+
    | root          | localhost |                                           |
    | root          | centos6.2 | *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 |
    | root          | 127.0.0.1 | *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 |
    +---------------+-----------+-------------------------------------------+
    5 rows in set (0.00 sec)
    
    mysql> exit
    Bye
    

How to Check and Verify The Site That You Want You Visit Using SiteAdvisor

There is an easy way to verify the website that you always visit or want to visit is safe or not using SiteAdvisor.The SiteAdvisor technology is free, easy to install and even easier to use. And it doesn’t collect any personally identifiable information. This method require installation of the SiteAdvisor software. With SiteAdvisor software installed, your browser will look a little different than before. We add small site rating icons to your search results as well as a browser button and optional search box. Together, these alert you to potentially risky sites and help you find safer alternatives. However you also can verify the website without installing any SiteAdvisor software. you just need to browse this URL, www.siteadvisor.com. If website is linked to a bad websites and one user reported the site as a phishing or scam, SiteAdvisor will marked that site as Caution of Warning.

If you want to verify other websites in the future, I would recommend that you use this site advisor:

1. Go to http://www.siteadvisor.com
2. Enter the site that you want to visit and click view report now.
siteadvisor
3. If the target website haven’t tested yet, then it will go for the verification procedure and will return this message.

“This site has been queued for testing. Please come back soon for automated results.”

How to Turn On Remote Desktop on Windows XP

This article will guides you on how to configure the Remote Desktop feature in Windows XP. This feature allows remote control of your Windows XP computer from another comouter that also running Windows operating system. To enable remote desktop feature, please follow below steps:

1. Right-click on “My Computer” and select Properties.
2. Click on the “Remote” tab.
3. Under “Remote Desktop”, please check the box labeled “Allow users to connect remotely to this computer”.
4. Click OK.
5. Please also make sure that the Remote Desktop is not being blocked by the Windows Firewall. You may turn off the windows firewall features but is not recommended. Another alternative is just by pass the remote desktop port which normally running on port 3389.
remote desktop

How to Drop or Block Incoming Access From Specific IP Address Using Iptables

In this post, i will show you the simple way to block incoming ip address using iptables firewall on CentOS 5.5. This setting will be removed once you restarted the iptables or rebooted the server.

OPTIONS = long or short options are allowed.

    --append  -A Append to chain
    --delete  -D Delete matching rule from chain
    --delete  -D Delete rule rulenum (1 = first) from chain	
    --insert  -I Insert in chain as rulenum (default 1=first)
    --replace -R Replace rule rulenum (1 = first) in chain
    --list    -L List the rules in a chain or all chains
    
    --source      -s [!] address[/mask] source specification
    --destination -d [!] address[/mask] destination specification                         
    --jump        -j target
    
    INPUT = Incoming Access
    OUTPUT = Outgoing Access
    -I = Insert
    -D = Delete
    -s = Source Ip Address
    -j = Target Action
    DROP = Block action
    

Steps :
1. Login to your server via SSH as a root
2. To successfully block an IP address, just type this iptables syntax and it will take effect immediately.

syntax : iptables -I INPUT -s IP-ADDRESS -j DROP

    [root@server ~]# iptables -I INPUT -s 192.168.2.2 -j DROP
    

3. To removed blocked IP address, just type this iptables syntax as below:

syntax : iptables -D INPUT -s IP-ADDRESS -j DROP

    [root@server ~]# iptables -D INPUT -s 192.168.2.2 -j DROP
    

4. If you want to look at what’s iptables rules already loaded, type below syntax :

    [root@server ~]# iptables -L -n