Thursday, 24 January 2013

DDoS Protection tool

mod_evasive module:

We are going to install mod_evasive to help protect our server from low end ddos attacks.

mod_evasive is an evasive maneuvers module for Apache to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack. It is also designed to be a detection and network management tool, and can be easily configured to talk to ipchains, firewalls, routers, and etc…

Detection is performed by creating an internal dynamic hash table of IP Addresses and URIs, and denying any single IP address from any of the following:

  • Requesting the same page more than a few times per second
  • Making more than 50 concurrent requests on the same child per second
  • Making any requests while temporarily blacklisted (on a blocking list)

Installation:

root@serv [~]# cd /usr/local/src

root@serv [~]# wget http://www.zdziarski.com/blog/wp-content/uploads/2010/02/mod_evasive_1.10.1.tar.gz

root@serv [~]# tar -xzvf mod_evasive_1.10.1.tar.gz

root@serv [~]# cd mod_evasive*

root@serv [~]# apxs -cia mod_evasive20.c
Now you need to add the mod_evasive configuration to your Apache configuration file, find the below section

LoadModule evasive20_module /usr/lib/httpd/modules/mod_evasive20.so

and add mod_evasive configuration within it.

<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 60
DOSEmailNotify someone@somewhere.com
DOSLogDir "/var/log/httpd/modevasive/"
DOSSystemCommand "/usr/bin/sudo /usr/sbin/csf -td %s 3600"
</IfModule>

root@serv [~]# /etc/init.d/httpd restart

Here is a copy from the readme file for the variables that can be configured :

DOSHashTableSize

The hash table size defines the number of top-level nodes for each child’s
hash table.  Increasing this number will provide faster performance by
decreasing the number of iterations required to get to the record, but
consume more memory for table space.  You should increase this if you have
a busy web server.  The value you specify will automatically be tiered up to
the next prime number in the primes list (see mod_evasive.c for a list
of primes used).

DOSPageCount

This is the threshhold for the number of requests for the same page (or URI)
per page interval.  Once the threshhold for that interval has been exceeded,
the IP address of the client will be added to the blocking list.

DOSSiteCount

This is the threshhold for the total number of requests for any object by
the same client on the same listener per site interval.  Once the threshhold
for that interval has been exceeded, the IP address of the client will be added
to the blocking list.

DOSPageInterval

The interval for the page count threshhold; defaults to 1 second intervals.

DOSSiteInterval

The interval for the site count threshhold; defaults to 1 second intervals.

DOSBlockingPeriod

The blocking period is the amount of time (in seconds) that a client will be
blocked for if they are added to the blocking list.  During this time, all
subsequent requests from the client will result in a 403 (Forbidden) and
the timer being reset (e.g. another 10 seconds).  Since the timer is reset
for every subsequent request, it is not necessary to have a long blocking
period; in the event of a DoS attack, this timer will keep getting reset.

DOSEmailNotify

If this value is set, an email will be sent to the address specified
whenever an IP address becomes blacklisted.  A locking mechanism using /tmp
prevents continuous emails from being sent.

NOTE: Be sure MAILER is set correctly in mod_evasive.c
(or mod_evasive20.c).  The default is “/bin/mail -t %s” where %s is
used to denote the destination email address set in the configuration.
If you are running on linux or some other operating system with a
different type of mailer, you’ll need to change this.

DOSSystemCommand

If this value is set, the system command specified will be executed
whenever an IP address becomes blacklisted.  This is designed to enable
system calls to ip filter or other tools.  A locking mechanism using /tmp
prevents continuous system calls.  Use %s to denote the IP address of the
blacklisted IP.(Apache doesn’t have access to the firewall normally. This is my one reservation about this proceedure. You need to give Apache access to the firewall programs (as root) via sudo so that it can execute this firewall block. This has other security implications, especially if you are on a multitenant server. We use visudo to do this.)

DOSLogDir


Choose an alternative temp directory

By default “/tmp” will be used for locking mechanism, which opens some
security issues if your system is open to shell users.

http://security.lss.hr/index.php?page=details&ID=LSS-2005-01-01

In the event you have nonprivileged shell users, you’ll want to create a
directory writable only to the user Apache is running as (usually root),
then set this in your httpd.conf.

WHITELISTING IP ADDRESSES


IP addresses of trusted clients can be whitelisted to insure they are never
denied.  The purpose of whitelisting is to protect software, scripts, local
searchbots, or other automated tools from being denied for requesting large
amounts of data from the server.  Whitelisting should *not* be used to add
customer lists or anything of the sort, as this will open the server to abuse.
This module is very difficult to trigger without performing some type of
malicious attack, and for that reason it is more appropriate to allow the
module to decide on its own whether or not an individual customer should be
blocked.

To whitelist an address (or range) add an entry to the Apache configuration
in the following fashion:


DOSWhitelist    127.0.0.1
DOSWhitelist    127.0.0.*

Wildcards can be used on up to the last 3 octets if necessary.  Multiple
DOSWhitelist commands may be used in the configuration.

cheers!!!

Saturday, 19 January 2013

Practical Usages of Mysqladmin Commands

Here are some command that should know to manage the mysql environment:


To check whether MySQL Server is up and running:

root@server [~]# mysqladmin ping
mysqld is alive
root@server [~]#

To find out what version of MySQL is running?

root@server [~]# mysqladmin version

mysqladmin  Ver 8.41 Distrib 5.0.96, for unknown-linux-gnu on x86_64
Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Server version          5.0.96-community
Protocol version        10
Connection              Localhost via UNIX socket
UNIX socket             /var/lib/mysql/mysql.sock
Uptime:                 6 hours 1 min 59 sec

Threads: 12  Questions: 17822637  Slow queries: 2497  Opens: 126271  Flush tables: 1  Open tables: 1024  Queries per second avg: 820.601
root@server [~]#

To know the current status of MySQL server?

root@server [~]# mysqladmin status
Uptime: 21801  Threads: 15  Questions: 17882068  Slow queries: 2497  Opens: 126424  Flush tables: 1  Open tables: 1024  Queries per second avg: 820.241
root@server [~]#

To display all MySQL server system variables and the values?

root@server [~]# mysqladmin variables

To know about mysql processlist:

root@server [~]# mysqladmin pr

or

root@server [~]# mysqladmin processlist

If you would like to monitor or debug any performance issue and identify the query that is causing problems then please use the below command,

root@server [~]# mysqladmin processlist -i1

-i, --sleep=#       Execute commands again and again with a sleep between.

The above command will execute the command every second.

Before performing the command without "mysqadmin -u root -p" option, please make sure the mysql root password already save in server.

Setting password for mysql user in .my.cnf

root@server [~]# /usr/bin/mysqladmin -u root password 'new-password'

root@server [~]# cd /root
root@server [~]# touch .my.cnf
root@server [~]# chmod 640 .my.cnf

And put in it:


[mysqladmin]

user="root"
password="mysql-root-password"


Saturday, 12 January 2013

DKIM and SPF in cPanel


Install DKIM and SPF in cPanel:


Both the DKIM and SPF authentication functions require the server to be a DNS server for the domain name.

DKIM:


DKIM helps verify the sender and integrity of a message. It allows an email system to prove that a message was not altered during transit (meaning it is not forged), and that the message came from the specified domain. 

SPF:


SPF attempts to prevent spammers from sending email while forging your domain’s name as the sender (spoofing). This authentication function works by adding IP addresses to a list, specifying computers that are authorized to send mail from your domain(s). It verifies that messages sent from your domain(s) are coming from the listed server, reducing the amount of backscatter you receive.


Command to enable DKIM and SPF for cPanel user.

# /usr/local/cpanel/bin/dkim_keys_install cPanelusername

# /usr/local/cpanel/bin/spf_installer cPanelusername

If you would like to enalbe DKIM and SPF for All the user at a time

# for user in `ls -A /var/cpanel/users` ; do /usr/local/cpanel/bin/dkim_keys_install $user && /usr/local/cpanel/bin/spf_installer $user ; done

Sunday, 6 January 2013

How to change Network Interface Speed

Changing Network Interface Speed:


You can check the N/W interface speed through "ethtool"command.

# ethtool - Display or change ethernet card settings

[root@localhost ~]# ethtool eth0
Settings for eth0:
        Supported ports: [ TP MII ]
        Supported link modes:   10baseT/Half 10baseT/Full
                         
  100baseT/Half 100baseT/Full
                                1000baseT/Half 1000baseT/Full
        Supports auto-negotiation: Yes
        Advertised link modes:  10baseT/Half 10baseT/Full
                                100baseT/Half 100baseT/Full
                                1000baseT/Half 1000baseT/Full
        Advertised auto-negotiation: Yes
        Speed: 10Mb/s
        Duplex: Half
        Port: MII
        PHYAD: 0
        Transceiver: internal
        Auto-negotiation: on
        Supports Wake-on: pumbg
        Wake-on: g
        Current message level: 0x00000033 (51)
        Link detected: yes

The result should be like this,

You can change the "Speed" and  "Duplex" through command,

# ethtool -s eth0 speed 100 duplex full 

-s or --change: 

Option helps us to Allows  changing  some or all settings of the specified ethernet device

The above command make the eth0 device's Speed as 100Mb/s and Duplex as Full.

This command may not work properly if the option:

Advertised auto-negotiation: Yes

So please turnoff  "auto-negotiation" through:

# ethtool -s eth0 autoneg off

Now you can run below command to change Speed and Duplex,

To turnoff  auto-negotiation:

[root@localhost ~]# ethtool -s eth0 autoneg off

To increase port Speed and Duplex:

[root@localhost ~]# ethtool -s eth0 speed 100 duplex full

The result should be:

[root@localhost ~]# ethtool eth0
Settings for eth0:
        Supported ports: [ TP MII ]
        Supported link modes:   10baseT/Half 10baseT/Full
                          
  100baseT/Half 100baseT/Full
                                1000baseT/Half 1000baseT/Full
        Supports auto-negotiation: Yes
        Advertised link modes:  10baseT/Half 10baseT/Full
                                100baseT/Half 100baseT/Full
                                1000baseT/Half 1000baseT/Full
        Advertised auto-negotiation: No
        Speed: 100Mb/s
        Duplex: Full
        Port: MII
        PHYAD: 0
        Transceiver: internal
        Auto-negotiation: off
        Supports Wake-on: pumbg
        Wake-on: g
        Current message level: 0x00000033 (51)
        Link detected: yes
[root@localhost ~]#

Friday, 4 January 2013

Regarding vpn error

hi friends,

i have installed openvpn in centos server.i got all the details from the client including client.key .when i tried to communicate the client it shows the following error

Fri Jan 4 15:42:22 2013: IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Fri Jan 4 15:42:22 2013: WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).
Fri Jan 4 15:42:22 2013: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Jan 4 15:42:22 2013: WARNING: file 'gatekeeper-udp-1194.p12' is group or others accessible
Fri Jan 4 15:42:22 2013: WARNING: file 'gatekeeper-udp-1194-tls.key' is group or others accessible
Fri Jan 4 15:42:22 2013: Control Channel Authentication: using 'gatekeeper-udp-1194-tls.key' as a OpenVPN static key file
Fri Jan 4 15:42:22 2013: LZO compression initialized
Fri Jan 4 15:42:22 2013: UDPv4 link local (bound): [undef]:1194
Fri Jan 4 15:42:22 2013: UDPv4 link remote: 108.217.253.176:1194
Fri Jan 4 15:42:23 2013: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri Jan 4 15:42:35 2013: [GTEMMQ-SERVER] Peer Connection Initiated with 108.217.253.176:1194
Fri Jan 4 15:42:43 2013: TUN/TAP device tun0 opened
Fri Jan 4 15:42:43 2013: /sbin/ip link set dev tun0 up mtu 1500
Fri Jan 4 15:42:43 2013: /sbin/ip addr add dev tun0 local 192.168.200.14 peer 192.168.200.13
Fri Jan 4 15:42:43 2013: ERROR: Linux route add command failed: external program exited with error status: 2
Fri Jan 4 15:42:43 2013: Initialization Sequence Completed

give your suggestion

Tuesday, 1 January 2013

Seek time and Latency with respect to disk I/O.

Definition of Seek time and Latency in Hard Disk:

Seek Time - As soon as the read/write command is received by the disk unit,the read/write heads are 1st positioned on to the specified track/cylinder number.The time required to position the read/write head over the desired track is called seek time.

Latency - Once the heads are positioned on the desired track,the head on the specified surface is activated.Since the disk is continuously rotating,the head should wait for the specified sector to come under it.This rotational waiting time required to spin the desired sector under the head is called latency(Rotational Delay Time).