1 |
> chage -d 0 [username] |
ProFTPd
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 |
http://www.proftpd.org > wget ftp://ftp.proftpd.org/distrib/source/proftpd-1.2.9.tar.gz > tar -xvzf proftpd-1.2.9.tar.gz > cd proftpd-1.2.9 > ./configure --prefix=/usr/local --sysconfdir=/etc \ --localstatedir=/var/run > make > make install > cd contrib/dist/rpm > cp proftpd.init.d /etc/init.d/proftpd > chmod 755 /etc/init.d/proftpd > cp proftpd.logrotate /etc/logrotate.d/proftpd > cp ftp.pamd /etc/pam.d/ftp > groupadd nogroup Edit /etc/proftpd.conf a. Comment out the section from: <Anonymous ~ftp> to </Anonymous> b. Add the following line to the end of the file: DefaultRoot ~ Save the modified config file. > chkconfig --add proftpd > chkconfig --level 345 proftpd on > service proftpd start |
Redhat Lockdown
Here are some services that I like to turn off on RedHat:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
chkconfig --level 2345 netfs off service netfs stop chkconfig --level 2345 pcmcia off service pcmcia stop chkconfig --level 2345 isdn off service isdn stop chkconfig --level 2345 portmap off service portmap stop chkconfig --level 2345 nfslock off service nfslock stop chkconfig --level 2345 rhnsd off service rhnsd stop chkconfig --level 2345 xfs off service xfs stop chkconfig --level 2345 cups off service cups stop chkconfig --level 2345 vncserver off service vncserver stop |
RSync Backup with SSH
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 |
1. On the Source Server generate an RSA key for use by ssh: > ssh-keygen -t rsa -N "" -f /root/.ssh/id_rsa 2. Copy the contents of /root/.ssh/id_rsa.pub on the Source Server to /root/.ssh/authorized_keys on the Destination Server. Make sure that there are no line breaks in the copied key. 3. On the Source Server, verify that you can login to the Destination Server via ssh without a password: > ssh -l root {ip of dest server} 4. On the Destination Server, create a directory to store the backup data: > mkdir /backups/mail Make sure that the selected location has sufficient available storage to accomdate the backup. 5. On the Source Server, create a script similar to: #!/bin/bash DEST=root@172.16.11.12:/backups/mail OPTIONS="-e ssh --checksum --partial --delete --verbose --progress --archive --links" SRC=/etc rsync $OPTIONS $SRC $DEST SRC=/home rsync $OPTIONS $SRC $DEST SRC=/var/spool/mail rsync $OPTIONS $SRC $DEST SRC=/var/www rsync $OPTIONS $SRC $DEST Modify the script as needed to copy the appropriate directory trees. The script can be placed in /usr/local/sbin/dobackups.sh and should be made executable with: > chmod 755 /usr/local/sbin/dobackups.sh 6. Add a cron job to run the script on a nightly basis. On RedHat we can place a file named "backups" into /etc/cron.daily with the contents: #!/bin/sh renice +19 -p $$ >/dev/null 2>&1 /usr/local/sbin/dobackups.sh Make the file executable with: > chmod 755 /etc/cron.daily/backups |
Sendmail Install
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 |
> cd root > wget http://www.sleepycat.com/update/snapshot/db-4.1.25.NC.tar.gz > tar -xvzf db-4.1.25.NC.tar.gz > cd db-4.1.25.NC > cd build_unix > ../dist/configure > make > make install > edit /etc/ld.so.conf and add /usr/local/BerkeleyDB.4.1/lib > ldconfig > cd root > wget ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.9.tar.gz > cd sendmail-8.12.9 > create a file under devtools/Site called site.config.m4 with the following contents: define(`confMAPDEF',`-DNEWDB')dnl define(`confINCDIRS',`-I/usr/local/BerkeleyDB.4.1/include')dnl define(`confLIBDIRS',`-L/usr/local/BerkeleyDB.4.1/lib')dnl > cd sendmail > sh Build > cd .. > cd cf/cf > cp generic-linux.mc sendmail.mc > sh Build sendmail.cf > mkdir /etc/mail > cp /usr/sbin/sendmail /usr/sbin/sendmail.old > sh Build install-cf > cd ../.. > useradd smmsp > chsh smmsp /bin/false > chown root.smmsp /usr/sbin/sendmail > chmod u-w /usr/sbin/sendmail > chmod g+r /usr/sbin/sendmail > chmod o+rx /usr/sbin/sendmail > mkdir /var/spool/clientmqueue > chown smmsp.smmsp /var/spool/clientmqueue > chmod g+w /var/spool/clientmqueue/ > chmod o-rwx /var/spool/clientmqueue/ > mkdir /var/spool/mqueue > chown root.wheel /var/spool/mqueue > chmod o-rwx /var/spool/mqueue > chmod g-rwx /var/spool/mqueue > chown root.wheel /etc/mail/sendmail.cf > chown root.wheel /etc/mail/submit.cf > cd sendmail > mkdir /usr/man > mkdir /usr/man/man1 > mkdir /usr/man/man5 > mkdir /usr/man/man8 > sh Build install > cd makemap > sh Build install > cd .. > cd mailstats > sh Build install > cd .. > cd praliases > sh Build install > cd .. > cd smrsh > sh Build > sh Build install > cd .. > cd vacation > sh Build install > cd .. > cd /etc/mail > cp /etc/aliases /etc/mail > cp /root/sendmail-8.12.9/cf/cf/sendmail.mc . > touch /etc/mail/trusted-users > cd /etc/init.d > create file called sendmail with following contents: #!/bin/sh # Source function library. . /etc/rc.d/init.d/functions # Source networking configuration. . /etc/sysconfig/network # Check that networking is up. [ ${NETWORKING} = "no" ] && exit 0 [ -f /usr/sbin/sendmail ] || exit 0 # See how we were called. case "$1" in start) # Start daemons. gprintf "Starting sendmail: " newaliases /usr/sbin/sendmail -bd ;; stop) # Stop daemons. gprintf "Shutting down sendmail: " killall sendmail ;; restart) $0 stop $0 start ;; reload) $0 restart ;; status) status sendmail ;; *) gprintf "Usage: %s {start|stop|restart|reload|status}\n" "$0" exit 1 esac exit 0 > chmod o-r,g-r,u+x sendmail > cd /etc/rc.d > cd rc0.d; ln -s ../init.d/sendmail K30sendmail; cd .. > cd rc1.d; ln -s ../init.d/sendmail K30sendmail; cd .. > cd rc2.d; ln -s ../init.d/sendmail S80sendmail; cd .. > cd rc3.d; ln -s ../init.d/sendmail S80sendmail; cd .. > cd rc4.d; ln -s ../init.d/sendmail S80sendmail; cd .. > cd rc5.d; ln -s ../init.d/sendmail S80sendmail; cd .. > cd rc6.d; ln -s ../init.d/sendmail K30sendmail; cd .. > rm rc0.d/K30postfix > rm rc1.d/K30postfix > rm rc2.d/S80postfix > rm rc3.d/S80postfix > rm rc4.d/S80postfix > rm rc5.d/S80postfix > rm rc6.d/K30postfix |