MySQL is one of the most important programs on a server, unfortunately it is also pretty resource intensive. On a server it is not uncommon for a single user or even a query to take up the bulk of the servers CPU cycles. Mytop is a very useful program to see what queries a server is currently processing as well as which user is executing them. Think of mytop as top for mysql. If you see a lot from a user that means they are probably the hog. Mytop can also be useful for figuring out exactly which queries are causing the problem in the case of a self-designed website. The following is how to install mytop on the server and run it.

We are going to install 2 perl modules in addition to mytop to ensure that it will work.

Install TermReadKey:

# cd /usr/local/src
# wget http://search.cpan.org/CPAN/authors/id/J/JS/JSTOWE/TermReadKey-2.30.tar.gz
# tar -zxf TermReadKey-2.30.tar.gz
# cd TermRead*
# perl Makefile.PL
# make test
# make
# make install
# cd ..

Now install DBI:

# wget http://search.cpan.org/CPAN/authors/id/T/TI/TIMB/DBI-1.48.tar.gz
# tar -zxf DBI-1.48.tar.gz
# cd DBI*
# perl Makefile.PL
# make test
# make
# make install
# cd ..

Finally install mytop:

# wget http://jeremy.zawodny.com/mysql/mytop/mytop-1.4.tar.gz
# tar -zxf mytop-1.4.tar.gz
# cd mytop*
# perl Makefile.PL
# make test
# make
# make install

Now simply run “mytop” and your done!

Related posts

• No related posts.

Secure and harden the System Configuration File nsswitch.conf Also optimized it to perform DNS lookups more efficiently.

# nano /etc/nsswitch.conf

hosts:                files
passwd:            files
shadow:            files
group:               files
services:           files
networks:         files
protocols:         files
rpc:                   files
ethers:              files
netmasks:        files
bootparams:    files
automount:     files
aliases:             files

Now type Ctrl+X then hit Y and enter

Related posts

• No related posts.

Secure and harden your System Configuration File host.conf to prevent DNS lookup poisoning and also provide protection against spoofs.

#nano /etc/host.conf

Lookup names via DNS first then fall back to /etc/hosts

order hosts, bind

We don’t have machines with multiple IP addresses on the same card (like Virtual Servers, IP Aliasing)

multi off

Check for IP address spoofing

nospoof on

Now type Ctrl+X then hit Y and enter

Related posts

• No related posts.

# yum install ntp

# chkconfig –levels 235 ntpd on

# ntpdate 0.pool.ntp.org

# /etc/init.d/ntpd start

Related posts

• No related posts.

These notices will let you know if someone other than you gains access to root on your server in any way. Just a warning — these notices can get annoying if you find yourself using root often. But, if you don’t, its a great way to make sure you’re the only one accessing your server.

# nano /root/.bashrc

At the end of the file add the following:

echo ‘Root Access on:’ `date` `who` | mail -s “ALERT! Root Access from `who | awk ‘{print $6}’`” yourname@domain.com

Now type Ctrl+X then hit Y and enter

That’s it!

Related posts

• No related posts.

BFD is a modular shell script for parsing applicable logs and checking for authentication failures. There is not much complexity or detail to BFD yet and likewise it is very straight-forward in its installation, configuration and usage. The reason behind BFD is very simple; the fact there is little to no authentication and brute force auditing programs in the linux community that work in conjunction with a firewall or real-time facility to place bans. BFD is available at: http://www.rfxnetworks.com/bfd.php

Note: You must have APF installed first before proceeding to install BFD.

Installation:

# cd /root/downloads or another temporary folder where you store your files.

# wget http://www.rfxnetworks.com/downloads/bfd-current.tar.gz

# tar -xvzf bfd-current.tar.gz

# cd bfd-0.9

Run the install file:

./install.sh

You will receive a message saying it has been installed:

.: BFD installed
Install path:    /usr/local/bfd
Config path:     /usr/local/bfd/conf.bfd
Executable path: /usr/local/sbin/bfd

Lets edit the configuration file:

nano /usr/local/bfd/conf.bfd

Enable brute force hack attempt alerts:

Find: ALERT_USR=”0″   CHANGE TO: ALERT_USR=”1″

Find: EMAIL_USR=”root” CHANGE TO: EMAIL_USR=”your@yourdomain.com”

Save the changes: Ctrl+X then Y

Prevent locking yourself out!

nano -w /usr/local/bfd/ignore.hosts and add your own trusted IPs
Eg: 192.168.1.1

Save the changes: Ctrl+X then Y

++++++

BFD uses APF’ cli insert feature and as such will override any allow_hosts.rules entries users have in-place.

So be sure to add your trusted ip addresses to the ignore file to prevent
locking yourself out.

Run the program!

# /usr/local/sbin/bfd -s

Customize your applicatoins brute force configuration. Check out the rules directory in your /usr/local/bfd

Related posts

• Install or Upgrade Logwatch to 7.3.6 (0)
• How to install webmin on CentOS 4 (0)

APF is a policy based iptables firewall system designed for ease of use and configuration. It employs a subset of features to satisfy the veteran Linux user and the novice alike. Packaged in tar.gz format and RPM formats, make APF ideal for deployment in many server environments based on Linux. APF is developed and maintained by R-fx Networks: http://www.rfxnetworks.com/apf.php

Installation:

Login to your server through SSH and su to the root user.

# cd /root/downloads or another temporary folder where you store your files.

# wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz

# tar -xvzf apf-current.tar.gz

# cd apf-0.9.5-1/ or whatever the latest version is.

Run the install file:

# ./install.sh

You will receive a message saying it has been installed:

Installing APF 0.9.5-1: Completed.

Installation Details:
Install path:         /etc/apf/
Config path:          /etc/apf/conf.apf
Executable path:      /usr/local/sbin/apf

Other Details:

Listening TCP ports: 1,21,22,25,53,80,110,111,143,443,465,993,995,2082,2083,2086,2087,2095,2096,3306
Listening UDP ports: 53,55880

Note: These ports are not auto-configured; they are simply presented for information purposes. You must manually configure all port options.

Lets configure the firewall:

nano /etc/apf/conf.apf

We will go over the general configuration to get your firewall running. This isn’t a complete detailed guide of every feature the firewall has. Look through the README and the configuration for an explanation of each feature.

We like to use DShield.org’s “block” list of top networks that have exhibited
suspicious activity.

FIND: USE_DS=”0″
CHANGE TO: USE_DS=”1″

Configuring Firewall Ports:

Common ingress (inbound) ports

#Common ingress (inbound) TCP ports -3000_3500 = passive port range for Pure FTPD

IG_TCP_CPORTS=”21,22,25,53,80,110,143,443,2082,2083, 2086,2087, 2095, 2096,3000_3500″

# Common ingress (inbound) UDP ports

EG_UDP_CPORTS=”53″

Common egress (outbound) ports

# Egress filtering [0 = Disabled / 1 = Enabled]

EGF=”1″

# Common egress (outbound) TCP ports

EG_TCP_CPORTS=”21,25,80,443,43,2089″

# Common egress (outbound) UDP ports

EG_UDP_CPORTS=”20,21,53″

Starting the firewall

/usr/local/sbin/apf -s

Related posts

• Rkhunter Installation (0)

If you have CentOS installed on your dedicated server, your server comes with a software application called “yum” which helps to keep your system software up to date. Moreover, you can install and remove most software this way as well.

You can update your system software with the latest security updates easily! Just type:

# yum update

That’s it!

Related posts

• How to install webmin on CentOS 4 (0)

Rootkit scanner is scanning tool to ensure you for about 99.9%* you’re clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like:

- MD5 hash compare
- Look for default files used by rootkits
- Wrong file permissions for binaries
- Look for suspected strings in LKM and KLD modules
- Look for hidden files
- Optional scan within plaintext and binary files

++++++

Installation:

# wget http://downloads.rootkit.nl/rkhunter-1.2.7.tar.gz

# tar -zxvf rkhunter-1.2.7.tar.gz

# cd rkhunter

# ./installer.sh

++++++

Run a test scan with the following command:

/usr/local/bin/rkhunter -c

++++++

Setup a daily scan report?

nano /etc/cron.daily/rkhunter.sh

Add the following replacing your email address:

#!/bin/bash
(/usr/local/bin/rkhunter -c –cronjob 2>&1 | mail -s “Daily Rkhunter Scan Report” email@domain.com)

Then give it permissions to run:

# chmod +x /etc/cron.daily/rkhunter.sh

++++++

Updating RKhunter:

Get the latest database updates from their central server and matches your OS better to prevent false positives.

# rkhunter –update

Related posts

• How to install APF (Advanced Policy Firewall) (0)

First off by default Logwatch comes installed on CentOS. It might not be the latest version.

This program parses through your server’s logs and reports to you via e-mail on a daily basis with tabulated information.

Initial Install:

# wget ftp://ftp.kaybee.org/pub/redhat/RPMS/noarch/logwatch-7.3.6-1.noarch.rpm

# rpm logwatch-7.3.6-1.noarch.rpm

# nano /etc/logwatch/conf/logwatch.conf

Insert:

MailTo = yourname@yourdomain.com
Archives = Yes
Range = yesterday
Detail = 10
Service = All

++++++

To Upgrade:

# wget ftp://ftp.kaybee.org/pub/redhat/RPMS/noarch/logwatch-7.3.6-1.noarch.rpm

# rpm -Uvh logwatch-7.3.6-1.noarch.rpm

++++++

To complete the process you need to create a cron to run daily:

# crontab -e

# 0 4 * * * /usr/share/logwatch/scripts/logwatch.pl

Related posts

• Upgrade to the Latest Version of AccountLab Plus (0)
• How to install webmin on CentOS 4 (0)
• How to install BFD (Brute Force Detection) (0)