Archive for January, 2011
guide to htaccess and mod_rewrite
Often described as “voodoo” by frustrated webmasters the use of mod_rewrite and htaccess files is one of the more advanced tasks a web developer has to face. The good news is that unless you are looking for really advanced solutions you don’t have to fully understand how they work to use them on your website. [...]
Read moreremove outdated non secure services
Avoid Using FTP, Telnet, And Rlogin / Rsh Under most network configurations, user names, passwords, FTP / telnet / rsh commands and transferred files can be captured by anyone on the same network using a packet sniffer. The common solution to this problem is to use either OpenSSH , SFTP, or FTPS (FTP over SSL), [...]
Read morechkrootkit software
Chkrootkit – chkrootkit is a tool to locally check for signs of a rootkit. Type the following command to install chkrootkit $ yum install chkrootkit to run type $ chkrootkit or to search for suspicious strings type $ chkrootkit -x | less
Read morehow to find no-owner files
Files not owned by any user or group can pose a security problem. Just find them with the following command which do not belong to a valid user and a valid group find /dir -xdev \( -nouser -o -nogroup \) -print You need to investigate each reported file and either assign it to an appropriate [...]
Read morehow to find world-writable files
Anyone can modify world-writable file resulting into a security issue. Use the following command to find all world writable and sticky bits set files: find /dir -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print You need to investigate each reported file and either set correct user and group permission or remove [...]
Read morelist all open network ports
Use the following command to list all open ports and associated programs: netstat -tulpn
Read moredisable unwanted services
Disable all unnecessary services and daemons (services that runs in the background). Type the following command to list all services which are started at boot time in run level # 3: # chkconfig –list | grep ’3:on’ To disable service, enter: # service serviceName stop # chkconfig serviceName off
Read moremonitor processing to stop bottlenecks
monitor processes , CPU, memory and disk bottlenecks with atop … But the tool itself can cause a lot of trouble in heavily loaded servers and it enables process accounting and has a service running all the time … To use it efficiently on RHEL , CentOS; 1- install rpmforge repo 2- # yum install [...]
Read moremake sure no non-root accounts have UID set to 0
Only root account have UID 0 with full permissions to access the system. Type the following command to display all accounts with UID set to 0: # awk -F: ‘($3 == “0″) {print}’ /etc/passwd You should only see one line as follows: root:x:0:0:root:/root:/bin/bash If you see other lines, delete them or make sure other accounts [...]
Read more