Monthly Archives: December 2015

linux split file

dd if=/dev/zero of=testas bs=1M count=1000
split -b 500M testas test.

-rw-r–r–. 1 root root 524288000 Dec 30 19:09 test.aa
-rw-r–r–. 1 root root 524288000 Dec 30 19:09 test.ab

Putting back:

cat test.* > t1

Check:
e5c834fbdaa6bfd8eac5eb9404eefdd4 testas
e5c834fbdaa6bfd8eac5eb9404eefdd4 t1

linux secure smtp

iptables -A OUTPUT -d 127.0.0.1 -p tcp -m tcp --dport 25 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --gid-owner mail -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --gid-owner mailman -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --uid-owner root -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 25 -j REJECT --reject-with icmp-port-unreachable

linux find outgoing bruteforce login


To detect potential WP bruteforce, for example hacked-joomla/brobot:
iptables -I OUTPUT 1 -p tcp -m tcp --dport 80 -m string --string "wp-login.php" --algo kmp --to 1024 -j LOG --log-prefix "WP Attack detected" --log-level 1 --log-uid

Joomla:
iptables -I OUTPUT 1 -p tcp -m tcp --dport 80 -m string --string "com_jce" --algo kmp --to 1024 -j LOG --log-prefix "Joomla Attack detected" --log-level 1 --log-uid

Output:

Dec 29 23:52:12 srv3 kernel: [22412308.314039] Potential WP Attack detectedIN= OUT=eth0 SRC=xx.xx.xx.xx DST=198.252.100.85 LEN=188 TOS=0x00 PREC=0x00 TTL=64 ID=37222 DF PROTO=TCP SPT=46450 DPT=80 WINDOW=115 RES=0x00 ACK PSH URGP=0 UID=715 GID=713
Dec 29 23:52:12 srv3 kernel: [22412308.328190] Potential WP Attack detectedIN= OUT=eth0 SRC=xx.xx.xx.xx DST=104.131.217.204 LEN=190 TOS=0x00 PREC=0x00 TTL=64 ID=13301 DF PROTO=TCP SPT=42115 DPT=80 WINDOW=115 RES=0x00 ACK PSH URGP=0 UID=715 GID=713
Dec 29 23:52:12 srv3 kernel: [22412308.329115] Potential WP Attack detectedIN= OUT=eth0 SRC=xx.xx.xx.xx DST=212.193.244.153 LEN=196 TOS=0x00 PREC=0x00 TTL=64 ID=38575 DF PROTO=TCP SPT=47104 DPT=80 WINDOW=115 RES=0x00 ACK PSH URGP=0 UID=715 GID=713
Dec 29 23:52:12 srv3 kernel: [22412308.356597] Potential WP Attack detectedIN= OUT=eth0 SRC=xx.xx.xx.xx 1 DST=64.14.68.57 LEN=206 TOS=0x00 PREC=0x00 TTL=64 ID=26797 DF PROTO=TCP SPT=35146 DPT=80 WINDOW=115 RES=0x00 ACK PSH URGP=0 UID=715 GID=713
Dec 29 23:52:12 srv3 kernel: [22412308.363773] Potential WP Attack detectedIN= OUT=eth0 SRC=xx.xx.xx.xx DST=67.208.74.94 LEN=201 TOS=0x00 PREC=0x00 TTL=64 ID=6945 DF PROTO=TCP SPT=54748 DPT=80 WINDOW=115 RES=0x00 ACK PSH URGP=0 UID=715 GID=713

php apc cache magento

extension = apc.so

[APC]
apc.enabled = 1
apc.optimization = 0
apc.shm_segments = 1
apc.shm_size = 128
apc.ttl = 7200
apc.user_ttl = 7200
apc.num_files_hint = 1024
apc.mmap_file_mask = /tmp/apc.XXXXXX
apc.enable_cli = 1
apc.cache_by_default = 1
apc.max_file_size = 10M
apc.stat = 1
;apc.include_once_override = 1

initrd vs initramfs linux

initramfs is a Linux 2.6 and above feature made up from a cpio archive of files that enables an initial root filesystem and init program to reside in kernel memory cache, rather than on a ramdisk, as with initrd filesystems.
with initramfs, you create an archive with the files which the kernel extracts to a tmpfs.
intramfs can increase boot-time flexibility, memory efficiency, and simplicity
dracut is the tool used to create the initramfs image.
initramfs location of init : /init

initrd is for Linux kernels 2.4 and lower
initrd is deprecated and is replaced by initramfs
initrd requires at least one file system driver be compiled into the kernel
initrd is a ram based block device which means that it required a fixed block of memory even if unused and as a block device, it requires a file-system, initramfs is file based (cpio of files)
kdump uses initrd -> /boot/initrd-2.6.32-358.2.1.el6.x86_64kdump.img
mkinitrd is the tool used to create the initrd image.
initrd location of init : /sbin/init

mkdumprd -v -d -f /boot/initrd-`uname -r`kdump.img `uname -r`
mkdumprd creates the initrd for kdump.

Lets create initramfs:
yum install -y dracut-network

# /etc/dracut.conf
# add the VMware network driver
sed -i 's/add_drivers+=\"\"/add_drivers+=\"vmxnet3\"/' /etc/dracut.conf
sed -i 's/#add_dracutmodules+=\"\"/#add_dracutmodules+=\"network nfs\"/' /etc/dracut.conf

# Re-Build /boot/initramfs-2.6.32-358.2.1.el6.x86_64.img
dracut -f

# lsinitrd | grep vmxnet3.ko
-rwxr--r-- 1 root root 78040 Apr 4 10:51 lib/modules/2.6.32-358.2.1.el6.x86_64/kernel/drivers/net/vmxnet3/vmxnet3.ko

# grep initramfs-$(uname -r) /etc/grub.conf
initrd /initramfs-2.6.32-358.2.1.el6.x86_64.img

directadmin install soap

mkdir /usr/local/DirectAdmin/custombuild/custom
mkdir /usr/local/DirectAdmin/custombuild/custom/ap2
cp /usr/local/DirectAdmin/custombuild/configure/ap2/configure.php5 /usr/local/DirectAdmin/custombuild/custom/ap2/configure.php5
echo “–enable-soap” >> /usr/local/DirectAdmin/custombuild/custom/ap2/configure.php5

cd /usr/local/DirectAdmin/custombuild/
./build php n