Archive | November, 2009

IPTables – Filter ICMP Address Mask Request & Replies

Posted on November 17, 2009 by admin in Project Gallery

Here’s how to filter or block ICMP address mask requests and replies. On Redhat/CentOS, edit /etc/sysconfig/iptables and add the following lines -A RH-Firewall-1-INPUT -p ICMP –icmp-type address-mask-request -j DROP -A RH-Firewall-1-INPUT -p ICMP –icmp-type address-mask-reply -j DROP and then run: /sbin/iptables restart Or run the following commands: /sbin/iptables -I RH-Firewall-1-INPUT 1 -p ICMP –icmp-type address-mask-request [...]

Here’s how to filter or block ICMP address mask requests and replies.

On Redhat/CentOS, edit /etc/sysconfig/iptables and add the following lines

-A RH-Firewall-1-INPUT -p ICMP –icmp-type address-mask-request -j DROP
-A RH-Firewall-1-INPUT -p ICMP –icmp-type address-mask-reply -j DROP

and then run:

/sbin/iptables restart

Or run the following commands:

/sbin/iptables -I RH-Firewall-1-INPUT 1 -p ICMP –icmp-type address-mask-request -j DROP
/sbin/iptables -I RH-Firewall-1-INPUT 1 -p ICMP –icmp-type address-mask-reply -j DROP
/sbin/service iptables save

Recently on an Ubantu server we just added these lines to /etc/rc.local:

/sbin/iptables -I INPUT 1 -p ICMP –icmp-type address-mask-request -j DROP
/sbin/iptables -I INPUT 1 -p ICMP –icmp-type address-mask-reply -j DROP

View Comments Continue Reading →

IPTables – Filter ICMP Timestamp Requests & Replies

Posted on November 17, 2009 by admin in Networking

Here’s how to filter or block ICMP timestamp requests and replies. On Redhat/CentOS, edit /etc/sysconfig/iptables and add the following lines -A RH-Firewall-1-INPUT -p ICMP –icmp-type timestamp-request -j DROP -A RH-Firewall-1-INPUT -p ICMP –icmp-type timestamp-reply -j DROP and then run: /sbin/iptables restart Or run the following commands: /sbin/iptables -I RH-Firewall-1-INPUT 1 -p ICMP –icmp-type timestamp-request -j [...]

Here’s how to filter or block ICMP timestamp requests and replies.

On Redhat/CentOS, edit /etc/sysconfig/iptables and add the following lines

-A RH-Firewall-1-INPUT -p ICMP --icmp-type timestamp-request -j DROP
-A RH-Firewall-1-INPUT -p ICMP --icmp-type timestamp-reply -j DROP

and then run:

/sbin/iptables restart

Or run the following commands:

/sbin/iptables -I RH-Firewall-1-INPUT 1 -p ICMP --icmp-type timestamp-request -j DROP
/sbin/iptables -I RH-Firewall-1-INPUT 1 -p ICMP --icmp-type timestamp-reply -j DROP
/sbin/service iptables save

Recently on an Ubantu server we just added these lines to /etc/rc.local:

/sbin/iptables -I INPUT 1 -p ICMP --icmp-type timestamp-request -j DROP
/sbin/iptables -I INPUT 1 -p ICMP --icmp-type timestamp-reply -j DROP
View Comments Continue Reading →

Apache – Remove Auth From Subdirectory

Posted on November 17, 2009 by admin in Apache

Assume that you have a folder that is restricted by HTTP Basic Auth but you want to allow access to a sub-folder. Here’s how: <Directory /var/www/vhosts/domain.com/httpdocs/myfolder > Satisfy Any Allow from all </Directory> Bookmark on Delicious Digg this post Recommend on Facebook share via Reddit Share with Stumblers Tweet about it Subscribe to the comments [...]

Assume that you have a folder that is restricted by HTTP Basic Auth but you want to allow access to a sub-folder. Here’s how:

<Directory /var/www/vhosts/domain.com/httpdocs/myfolder >
   Satisfy Any
   Allow from all
</Directory>
View Comments Continue Reading →

Zabbix – Monitor for Apache config errors

Posted on November 17, 2009 by admin in Apache

To monitor for Apache config file errors in Zabbix do the following: 1. Create monitor test script at /etc/zabbix/apache_configtest.pl with the following contents: #!/usr/bin/perl my $result = `/usr/sbin/apachectl configtest 2>&1`; if ($result =~ /Syntax\ OK/ ) { print “0″; } else { print “1″; }; 2. Add the following line to the end of /etc/zabbix/zabbix_agentd.conf: [...]

To monitor for Apache config file errors in Zabbix do the following:

1. Create monitor test script at /etc/zabbix/apache_configtest.pl with the following contents:

#!/usr/bin/perl

my $result = `/usr/sbin/apachectl configtest 2>&1`;
if ($result =~ /Syntax\ OK/ )  {
        print "0";
} else {
        print "1";
};

2. Add the following line to the end of /etc/zabbix/zabbix_agentd.conf:

UserParameter=apache.configtest,/etc/zabbix/apache_configtest.pl

3. From the Zabbix web interface add an Item for the new monitor at Configuration -> Items -> Create Item with the following settings:

Description: Apache config has errors
Type: Zabbix Agent
Key: apache.configtest
Type of information: Numeric
Status: Active
Applications: Apache

Other fields can be left at default.

4. Add a Trigger for the new Item at Configuration -> Triggers -> Create Trigger with the following settings:

Name: Apache config has errors
Expression: {host:apache.configtest.last(0)}=1
Severity: Hight

Other fields can be left at default.

View Comments Continue Reading →

PHPList Install to RackSpace Cloud Server (CentOS)

Posted on November 8, 2009 by admin in Apache, Email, PHP

Here’s a step-by-step to setup a RackSpace Cloud Server with CentOS for PHPList (http://phplist.com): Install PHP, PHP IMAP module, PHP MySQL module, MySQL Server and FTP server: > yum install php > yum install php-imap > yum install php-mysql > yum install mysql-server > yum install vsftpd Apache and a number of other related packages [...]

Here’s a step-by-step to setup a RackSpace Cloud Server with CentOS for PHPList (http://phplist.com):

  1. Install PHP, PHP IMAP module, PHP MySQL module, MySQL Server and FTP server: 
    > yum install php
> yum install php-imap
> yum install php-mysql
> yum install mysql-server
> yum install vsftpd

    Apache and a number of other related packages are installed automatically as dependencies.

  2. Set Apache, MySQL and FTP service to start on boot: 
    > /sbin/chkconfig --level 345 httpd on
> /sbin/chkconfig --level 345 mysqld on
> /sbin/chkconfig --level 345 vsftpd on
  3. Start Apache, MySQL and FTP: 
    > /sbin/service httpd start
> /sbin/service mysqld start
> /sbin/service vsftpd start
  4. Set MySQL root password: 
    > /usr/bin/mysqladmin -u root password 'somepass'
> /usr/bin/mysqladmin -u root -h ENS password 'somepass'
  5. Download PHPList distribution: 
    > mkdir /root/archive
> cd /root/archive
> wget http://downloads.sourceforge.net/project/phplist/phplist/2.10.10/phplist-2.10.10.tgz?use_mirror=voxel
  6. Unpack and install 
    > tar -xvzf phplist-2.10.10.tgz
> rsync -avz phplist-2.10.10/public_html/lists \
      /var/www/html/
  7. Add FTP user and set file ownership: 
    > /usr/sbin/useradd -d /var/www/ webmaster
> passwd webmaster
> chown --recursive webmaster.webmaster /var/www/html/
  8. Create database: 
    > echo "CREATE DATABASE lists" | mysql --password=somepass -u root
> echo "GRANT ALL PRIVILEGES ON lists.* TO 'lists_web'@'localhost'
      identified by 'yyyyyy';" | \
      mysql --password=somepass -u root
> echo "FLUSH PRIVILEGES" | \
      mysql --password=somepass -u root
  9. Configure firewall: 
    > system-config-securitylevel-tui

    From the security level menus, set SELinux to disabled, then customize and allow incoming WWW and FTP.

  10. Setup PHPList config file: 
    > vi /var/www/html/lists/config/config.php

    In the editor, set database parameters.

  11. In your web browser go to: 
    
http://your.domain.com/lists/admin/

    You’ll be prompted to initialize the database. Follow the installation screens to complete the install process.

    12. The basic install is now complete.

    The PHPList admin screens are located at:

    
http://your.domain.com/lists/admin
View Comments Continue Reading →