Thursday, December 17, 2009

Upgrade Fedora 7 to Fedora 8

Before upgrading your OS version we must take the backup of our system firstly. For upgrading to Fedora 8 from Fedora 7 follow the given below commands:

Update your packages:

yum update

Run following command to clear the yum cache:

yum clean all

Then run following command to install fedora 8 release packages:

rpm -Uvh ftp://ftp.uni-bayreuth.de/pub/redhat.com/fedora-archive/linux/releases/8/Everything/ppc64/os/Packages/fedora-release-8-3.noarch.rpm


rpm -Uvh ftp://ftp.uni-bayreuth.de/pub/redhat.com/fedora-archive/linux/releases/8/Everything/ppc64/os/Packages/fedora-release-notes-8.0.0-3.noarch.rpm


Now this is the time to run upgrade over the machine:

yum upgrade

If it stops with an error like this one:
---> Package orca.i386 0:2.20.0.1-1.fc8 set to be updated
--> Finished Dependency Resolution

Error: Missing Dependency: gecko-libs = 1.8.1.8 is needed by package yelp

simply uninstall the package that is causing the problem (in this case yelp) (I only had to do this with the yelp package which doesn't seem to be overly important)...

yum remove yelp

Ref. : http://www.howtoforge.com/upgrading-fedora7-desktop-to-fedora8


For upgrade from Fedora8 to Fedora 9, use below given release RPMs and other are same as above

rpm -Uhv http://mirror.liberty.edu/pub/fedora/linux/releases/9/Fedora/i386/os/Packages/fedora-release-9-2.noarch.rpm http://mirror.liberty.edu/pub/fedora/linux/releases/9/Fedora/i386/os/Packages/fedora-release-notes-9.0.0-1.noarch.rpm

Upgrading from Fedora 9 to Fedora 10, follow below given URL:


http://www.unix-tutorials.com/go.php?id=3918

Monday, December 7, 2009

Linux Security


----->   Enable Authentication for Single-User Mode

Single-User Mode is used for a system recovery. However, by default, no authentication is used if single-user mode is selected. This can be used to bypassing security on the server and gaining root access. To enable authentication for single-user mode, open the /etc/inittab, file:

 
# vi /etc/inittab

Add the following line to the file:


~~:S:wait:/sbin/sulogin

 

-----> Disable Interactive Hotkey Startup at Boot

A few Linux distribution like Fedora, CentOS or RHEL allows the console user to perform an interactive system startup by pressing [I] key. Using interactive boot, attacker can disable the firewall and other system services. Open /etc/sysconfig/init file:

# vi /etc/sysconfig/init

Modify the setting as follows:

PROMPT=no

-----> Setup Time-out for Login Shells

 Go into the user's home director:

# vi .bash_profile

TMOUT=300
readonly TMOUT
export TMOUT
 
In case of dealing with SSH, we need to define/enter the following:
 
To set an idle timeout interval, after this interval has passed, the idle user will be automatically logged out. Open /etc/ssh/sshd_config file, enter:

vi /etc/ssh/sshd_config

Find ClientAliveInterval and set to 300 (5 minutes) as follows:

ClientAliveInterval 300
ClientAliveCountMax 0

Save and close the file. Restart sshd:
# service sshd restart

Monday, September 28, 2009

Find command examples and auto remove files/folders

Following command search for files which are not accessed since last 15 days:

find /path/to/base/directory/for/search -mtime +15

Use cmin instead of mtime in case you want to search in minutes

Following command search for files which are not accessed since last 2 minutes:

find /path/to/base/directory/for/search -cmin +2


Automatically remove files which are not accessed within last 15 days:

find /path/to/base/directory/for/search -mtime +15 -exec rm -rf {} \;

NOTE: {} these braces are having the result (files/folders) from first command ' find /path/to/base/directory/for/search -mtime +15 '.

Friday, September 25, 2009

How To Install Java JDK or JRE on Ubuntu or Debian

How do I Install Java on Ubuntu or Debian OS?
Answer: If Java is not installed, you’ll get the following error message when you do java -version.

# java -version
The program 'java' can be found in the following packages:
* gij-4.3
* java-gcj-compat-headless
* openjdk-6-jre-headless
* cacao
* gij-4.2
* jamvm
* kaffe
Try: apt-get install

-su: java: command not found

Search for Java Package that needs to be Installed

Before installing, you may want to do apt-cache search to find out all available packages that starts with sun-java.
As shown below, you’ll find both Java5 and Java6 JDK and JRE related packages.
# sudo apt-get update

# apt-cache search ^sun-java
sun-javadb-client - Java DB client
sun-javadb-common - Java DB common files
sun-javadb-core - Java DB core
sun-javadb-demo - Java DB demo
sun-javadb-doc - Java DB documentation
sun-javadb-javadoc - Java DB javadoc
sun-java5-bin - Sun Java(TM) Runtime Environment (JRE) 5.0 (architecture dependent files)
sun-java5-demo - Sun Java(TM) Development Kit (JDK) 5.0 demos and examples
sun-java5-doc - Sun JDK(TM) Documention -- integration installer
sun-java5-fonts - Lucida TrueType fonts (from the Sun JRE)
sun-java5-jdk - Sun Java(TM) Development Kit (JDK) 5.0
sun-java5-jre - Sun Java(TM) Runtime Environment (JRE) 5.0 (architecture independent files)
sun-java5-plugin - The Java(TM) Plug-in, Java SE 5.0
sun-java5-source - Sun Java(TM) Development Kit (JDK) 5.0 source files
sun-java6-bin - Sun Java(TM) Runtime Environment (JRE) 6 (architecture dependent files)
sun-java6-demo - Sun Java(TM) Development Kit (JDK) 6 demos and examples
sun-java6-doc - Sun JDK(TM) Documention -- integration installer
sun-java6-fonts - Lucida TrueType fonts (from the Sun JRE)
sun-java6-javadb - Java(TM) DB, Sun Microsystems' distribution of Apache Derby
sun-java6-jdk - Sun Java(TM) Development Kit (JDK) 6
sun-java6-jre - Sun Java(TM) Runtime Environment (JRE) 6 (architecture independent files)
sun-java6-plugin - The Java(TM) Plug-in, Java SE 6
sun-java6-source - Sun Java(TM) Development Kit (JDK) 6 source files

Install Java on Ubuntu

Execute sudo apt-get install sun-java6-jdk to install the Java 6 JDK on Ubuntu as shown below. If you need only the run time environment, install sun-java6-jre.
# sudo apt-get install sun-java6-jdk
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
linux-headers-2.6.28-11 linux-headers-2.6.28-11-generic
Use 'apt-get autoremove' to remove them.
The following extra packages will be installed:
gsfonts-x11 java-common odbcinst1debian1 sun-java6-bin sun-java6-jre unixodbc
Suggested packages:
equivs sun-java6-demo openjdk-6-doc sun-java6-source sun-java6-plugin ia32-sun-java6-plugin sun-java6-fonts
libmyodbc odbc-postgresql libct1
The following NEW packages will be installed:
gsfonts-x11 java-common odbcinst1debian1 sun-java6-bin sun-java6-jdk sun-java6-jre unixodbc
0 upgraded, 7 newly installed, 0 to remove and 68 not upgraded.
Need to get 54.5MB of archives.
After this operation, 161MB of additional disk space will be used.
Do you want to continue [Y/n]? Y
Get:1 http://us.archive.ubuntu.com jaunty/main java-common 0.30ubuntu4 [80.3kB]
Get:2 http://us.archive.ubuntu.com jaunty-updates/multiverse sun-java6-jre 6-16-0ubuntu1.9.04 [6421kB]
Get:3 http://us.archive.ubuntu.com jaunty/main odbcinst1debian1 2.2.11-16build3 [66.3kB]
Get:4 http://us.archive.ubuntu.com jaunty/main unixodbc 2.2.11-16build3 [295kB]
Get:5 http://us.archive.ubuntu.com jaunty-updates/multiverse sun-java6-bin 6-16-0ubuntu1.9.04 [29.1MB]
Get:6 http://us.archive.ubuntu.com jaunty-updates/multiverse sun-java6-jdk 6-16-0ubuntu1.9.04 [18.5MB]
Get:7 http://us.archive.ubuntu.com jaunty/main gsfonts-x11 0.21 [10.5kB]
Fetched 54.5MB in 4min 53s (186kB/s)
Preconfiguring packages ...
Selecting previously deselected package java-common.
(Reading database ... 142715 files and directories currently installed.)
Unpacking java-common (from .../java-common_0.30ubuntu4_all.deb) ...
Selecting previously deselected package sun-java6-jre.
Unpacking sun-java6-jre (from .../sun-java6-jre_6-16-0ubuntu1.9.04_all.deb) ...
Selecting previously deselected package odbcinst1debian1.
Unpacking odbcinst1debian1 (from .../odbcinst1debian1_2.2.11-16build3_i386.deb) ...
Selecting previously deselected package unixodbc.
Unpacking unixodbc (from .../unixodbc_2.2.11-16build3_i386.deb) ...
Selecting previously deselected package sun-java6-bin.
Unpacking sun-java6-bin (from .../sun-java6-bin_6-16-0ubuntu1.9.04_i386.deb) ...
sun-dlj-v1-1 license has already been accepted
Selecting previously deselected package sun-java6-jdk.
Unpacking sun-java6-jdk (from .../sun-java6-jdk_6-16-0ubuntu1.9.04_i386.deb) ...
sun-dlj-v1-1 license has already been accepted
Selecting previously deselected package gsfonts-x11.
Unpacking gsfonts-x11 (from .../gsfonts-x11_0.21_all.deb) ...
Processing triggers for doc-base ...
Processing 3 added doc-base file(s)...
Registering documents with scrollkeeper...
Processing triggers for man-db ...
Processing triggers for shared-mime-info ...
Setting up java-common (0.30ubuntu4) ...
Setting up odbcinst1debian1 (2.2.11-16build3) ...
Setting up unixodbc (2.2.11-16build3) ...
Setting up gsfonts-x11 (0.21) ...
Setting up sun-java6-bin (6-16-0ubuntu1.9.04) ...
Setting up sun-java6-jre (6-16-0ubuntu1.9.04) ...
Setting up sun-java6-jdk (6-16-0ubuntu1.9.04) ...
Processing triggers for libc6 ...
ldconfig deferred processing now taking place
During the installation, you’ll be prompted with the following window, where you have to read the “Operating System Distributor License for Java” and click on OK.
After reading the license terms, you’ll be prompted with the following window, where you have to agree to the “license terms” by clicking on Yes.


Verify the Java Installation

Finally, execute java -version and make sure Java is installed properly as shown below.
# java -version
java version "1.6.0_16"
Java(TM) SE Runtime Environment (build 1.6.0_16-b01)
Java HotSpot(TM) Server VM (build 14.2-b01, mixed mode)

Thursday, September 17, 2009

Implement System protection against DOS/DDOS


bash# vi /etc/sysctl.conf
add the below code:
# Enable IP spoofing protection, turn on Source Address Verification
net.ipv4.conf.all.rp_filter = 1
# Enable TCP SYN Cookie Protection
net.ipv4.tcp_syncookies = 1


Add the below code in /etc/rc.local and restart network
for f in /proc/sys/net/ipv4/conf/*/rp_filter;
do echo 1 > done


echo 1 > /proc/sys/net/ipv4/tcp_syncookies

Tuesday, September 8, 2009

Squid Transparent proxy with Iptables

While configuring squid as a transparent proxy we have to Add only single word "transparent"  into the squid.conf file:

Find line

http_port 3128

and change to

http_port 3128 transparent

This line will make your Squid as Transparent proxy.

Then In Iptables we need to add following entries:

iptables -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128

eth0 = Private Network (LAN)
eth1 = Public Network IP

This command will redirect all requests which are coming from Private Network (LAN) for destination port 80 to 3128 (Squid Port). Then Squid will match all the ACL's criteria and forward request to Internet.

Signatures couldn't be verified : apt-get update

# apt-get update
...
Fetched 18.7kB in 3s (5301B/s)
Reading package lists... Done
W: GPG error: http://non-us.debian.org stable/non-US Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY F1D53D8C4F368D5D
W: You may want to run apt-get update to correct these problems

It means that your APT doesn’t have needed the public key. In the example above, finger print of the public key is
F1D53D8C4F368D5D. To remedy the problem, you should do the following:

# gpg --keyserver wwwkeys.eu.pgp.net --recv-keys F1D53D8C4F368D5D
gpg: requesting key 4F368D5D from hkp server wwwkeys.eu.pgp.net
gpg: key 4F368D5D: public key "Debian Archive Automatic Signing Key (2005) " imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: imported: 1

# gpg --armor --export F1D53D8C4F368D5D | apt-key add -
OK