Silicon Technix

The Linux Auditing System and auditd are a great way to monitor who and when changes are made to the files in your website. To install and configure follow these steps:

1. Install auditd and related utilities:

yum install audit

2. Make sure auditd is running:

/sbin/chkconfig --list auditd 
auditd 0:off 1:off 2:on 3:on 4:on 5:on 6:off

3. Edit /etc/audit/auditd.conf and change:

action_mail_acct = [your email address]

This sets any action emails to go to your preferred address.
4. Edit /etc/audit/audit.rules and add a line like this to the bottom:

-w [path_to_website] -p wa -k [key]

So if you website is located at:
/var/www/vhosts/mysite.com/httpdocs
Then a command like:

-w /var/www/vhosts/mysite.com/httpdocs -p wa -k mysite

would setup auditing of write and attribute change requests. Events matching this rule would be tagged with the “mysite” key.

/sbin/service auditd restart

Audit logs go to:

/var/log/audit/audit.log

There’s lots of advice on the net about how to setup a server with iptables to allow passive mode FTP. Below is the approach that we’ve found to be most effective.

Start by configuring your FTP daemon to use a fixed range of ports. We use 41361 to 65534 which is the IANA registered ephemeral port range. The exact config depends on what FTP software you’re using:

vsftpd

Edit /etc/vsftpd/vsftpd.conf and add the following lines:

pasv_min_port=49152
pasv_max_port=65534

proftpd

Edit /etc/proftpd.conf and add to the Global section:

 
...... 
PassivePorts 49152 65534
......

Now restart your FTP service so the changes take effect.

Next you’ll need to configure the ip_conntrack_ftp iptables module to load. On Redhat/CentOS just edit /etc/sysconfig/iptables-config and add “ip_conntrack_ftp” to the IPTABLES_MODULES like this:

IPTABLES_MODULES="ip_conntrack_ftp"

Next edit /etc/sysconfig/iptables and add a rule to allow TCP port 21.
The new line is marked in red:

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

Now restart the iptables service:

/sbin/service iptables restart

You can verify that the correct port range has been registered with lsmod like this:

lsmod | grep conntrack_ftp

and you’ll get something like this:

nf_conntrack_ftp       12913  0 
nf_conntrack           79645  4 nf_conntrack_ftp,nf_conntrack_ipv4,nf_conntrack_ipv6,xt_state

And that’s all it takes to get passive mode ftp working behind iptables.

P.S: If your server is behind a physical firewall and you are behind NAT, then you’ll probable need to load the “ip_nat_ftp” iptables module.

RAID hardware failed and both SATA x 2 TB stops working, tried enable/disable RAID controller without luck, Add/Remove drives but no boot, kernel panic and stuck.

Now what I want is to boot one hard disk to restore services so I tried:

fsck /dec/sda

but it gives error

unknown filesystem type 'isw_raid_member'

So the solution is , remove RAID metadata from the drives and boot normally.

dmraid -rE /dev/sda

reboot

And Hard disk start working…..

ORA-28002: the password will expire within 7 days
Cause: The user’s account is about to about to expire and the password needs
to be changed.
Action: Change the password or contact the database administrator.

Reference: Oracle Documentation
[roboshot url=”https://blogs.silicontechnix.com/?p=945″ width=”80″ newpage=”TRUE”]
Solutions: Read the rest of this entry »

“Don’t tell anyone that I’m free”

WinSSH

Update (10/July/2016): OpenSSH (7.2p2) Server for Windows (7.2p2 is latest version of OpenSSH)
OpenSSH (6.4p1) Server for Windows (Previous version of OpenSSH)

General Features:-

* Security, if you want to access your Windows Machines cmd shell with full security.
* Windows NT Service Support
* Full install about 12mb, installer under 8mb (Including Cygwin dependencies)
* Windows Command Prompt support for SSH Terminal
* SCP/SFTP server support (secure file transfer)
* Command-line clients included  Read the rest of this entry »

There are times that it would be nice to mount a drive in Windows and set it to read only to avoid accidentally over writing data on that drive. After some Google searching this is what I found. This will only work on Windows XP sp2 and later and Windows 7. I have not tested it on Vista although I assume that it will work.

Step 1
Open regedit.exe
Start > Run Type regedit.exe
Click OK

Step 2
Navigate to the following registry key.  It may not exist there for you will have to create it.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\StorageDevicePolicies

Step 3
Next create a new DWORD called WriteProtect and give it a value of 1

Step 4
Now plug in your USB drive and you will not be able to write to the device.

To make it writable again you will have to change the WriteProtect DWORD to 0 and unplug and replug in your device.