I had welcomed to the jungle !
 |
I scored as Guns ‘N’ Roses. I am Guns ‘N’ roses. a great band in the 80’s and 90’s who made a huge impact on the world. they became an instant hit with their amazing, guitar shredding guitarist Slash and their lead singer Axel Rose.
I love their numbers… November Rain, Don’t CrY, Estranged, Knockin’ On Heaven’s Door, Sweet Child O’ Mine…
|
System Installation Checklist for Server mongoose Dateded: 19-June-2006
=============++++++++++++++++++=============
This System Installation Check-list particularly designed for the the server mongoose.
0.System Information
Hostname : mongoose
Domain Name : mongoose.animals.org
IP Address : 192.168.63.82 (may change)
Serial No : B2-xxx-A05060-558
Platform : Intel Dual Xeon (2×3.6 Ghz), 1MB cache
OS Version : RedHat Advanced Server-4 (Kernel-2.6.9-5.ELsmp)
Disk Devices : 2×146GB
Raid Level : 0 [mirrorred]
Disk Storage : 146 GB
RAID Driver Disk : Adaptec Ultra SCSI [a320]
1.Drive Configurations
Filesystem Size Used Avail Use% Mounted on
/dev/sda7 4.9G 632M 4.0G 14% /
/dev/sda1 122M 12M 104M 10% /boot
none 1013M 0 1013M 0% /dev/shm
/dev/sda2 58G 107M 55G 1% /home
/dev/sda9 11G 485M 9.2G 5% /home/admin
/dev/sda6 15G 69M 14G 1% /opt
/dev/sda3 25G 1.8G 22G 8% /usr
/dev/sda5 20G 139M 19G 1% /var
2.Security Settings
a. Enabled SELinux Policy.
b. IP-Tables Firewall enabled except the services ssh, http, ftp, sendmail.
NOTE:
a. The home directory for local Administrator has assaigned as /home/admin
b. RedHat Network registration information.
Done by: Scooby Doo
Verified by: Shrek
I believe we all gotta an animal instict… I am non-veg.
I like watching NGC… I love monkeys.
The link shows ya some wild photgraphY (happened to here about this photographer)
http://kalyanvarma.net/photography/viewtags.php?tag=All
…this is too good.
http://kalyanvarma.net/photography/photo.php?id=235&tag=All
..we can teach the animal wildness…and animals can teach us things we have forgotten !
Linux Security Checklist
Hey people stop reading…if the box ya want to make secure is not getting powered ON… ya got it…!!
Introduction
I gotta an assaignment to prepare a securitY check-list and here I make it general for anybodY who wanna have a look…I spent quite some time over the jungle…..
This crap maY provide ya some of the keY concepts that can go a long way in keeping a Linux system in secure[/insecure :-P].
General
0.Hardware
1.OS Distribution
2. File System Allocation( Disk Partitions)
3.OS Installation / Package Selection
4.Physical Security
5.Back-Ups
6.Expired Systems
7.Make a Boot and Rescue Media
8.Remove Unnecessary Software Package
9.Keep the System Patched and Up-to-Date
10.Set Off the Unnecessary Services
11.Disable the Unused Ports
12.Cross Check for Xinetd Services
13.Check Security on Key Files
14.User Account Management
15.Remove Unwanted/Zombie Files
16.Customized Banners
17.Harden the Services/Applications which are Required
0.nfs
1.ssh
2.ftp
3.xinetd
4.sendmail
5.apache (httpd)
18.Kernel Tunable Security Parameters
19.iptables
20.TCP Wrappers
21.Pluggable Authentication Module (PAM)
22.Proper System Logging
23.SELinux
24.Tripwire
General
To say ideally, the check list start right from the Hardware, OS Distribution, File System Allocation( Disk Partitions), OS Installation, Physical Security, Back-Ups and finally dump the system by ensuring that data can not be recovered from the Hard disk(s).
Hardware
Is that an OS distro certified hardware vendor?
Choose the hardware vendor who are good at customer support.
Choose the hardware, which meet our requirements (do we need a dual CPU, what is going to be its future role)
Have a plan for Annual Maintenance Contract (AMC) and how long we need it.
OS Distribution
This is all about our choice but must consider the facts, getting security updates, bug-fixes, enhancements and patch management within a short time-frame and in priority wise is an important step to be pro-actively secure the Linux System.
File System Allocation (Disk Partitions)
The system should have separate partitions to avoid “panics�?. This is just a DIVIDE & RULE Policy for better management and for recovery when we had troubles. Make separate partitions and allocate required space for /boot, /, /usr, /home, /var, /tmp and /opt for your optional and third party applications. This step is very important for both Production Servers, Workstations and Desktops (I mean to say, when you do a Linux installation)
OS Installation (Package Selection)
Do you need an Office Suite or xpdf to run your Database Server ? NO. So smart package selection avoid unwanted services and reduce the Risk Factor. May be the vulnerability is more for a package that you really never use.
Physical Security
The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards (Gene Spafford)
The systems should be in locked Server-Rack and locked room/datacenter. Physical access to the systems are restricted to authorized users. Set BIOS and Grub password (These days KVM switches can handle from BIOS level to avoid remote reboot chaos).
I am not saying anything hereabout Disaster Recovery Management and room Air Conditioning.
Back-Ups
Data are important for any level of organizations, so the back-up.
Simple back-up utilities are tar, gzip, bzip2, dump – for multiple level of back-up for the entire file-system, rsync – for transfer data between servers and keep in sync, amanda – for a client-server environment.
Expired Systems
Make sure the data can not be recovered from the hard-disks of the systems which is expired and not in use anymore. Disksanitizer is a tool to remove from all traces of data from the storage media according to the U.S. DoD standards.
Make a Boot and Rescue Media
…I just gotta finger pain…but to be continued…. (…where is the vicks bottle…hmm..)
US weekly magazine BusinessWeek teamed up with The Boston Consulting Group to produce the second annual ranking of the world’s 100 most innovative companies. More than 1,000 senior managers responded to the global survey, making it the deepest management survey to date on this critical issue.
The BusinessWeek-BCG survey also focuses on the major obstacles to innovation that executives face today. While 72% of the senior executives in the survey named innovation as one of their top three priorities, almost half said they were dissatisfied with the returns on their investments in that area.
A lack of coordination is the second-biggest barrier to innovation, according to the survey’s findings. But collaboration requires much more than paying lip service to breaking down silos. The best innovators reroute reporting lines and create physical spaces for collaboration. They team up people from across the org chart and link rewards to innovation. Innovative companies build innovation cultures. “You have to be willing to get down into the plumbing of the organization and align the nervous system of the company,” says James P. Andrew, who heads the innovation practice at BCG
:) I am not a MySQL expert so far…but here was my one day with the MySQL =>
I gotta requirement for MySQL Server version 5.x.x but my distro RH-AS-4 Update-1 (kernel-2.6.9-5) has MySQL-4.1.7. So I erased/un-installed all the MySQL RPMS [ rpm -e mysql* - -nodeps ]
and I choose the source bundle mysql-5.0.21, configured for a separate database on a different partition named /database and made install. Things were fine but some integration issue with Perl and PHP. Both are not able to connect MySQL (were I got screwed up).. I am sure, its not because of the php-mysql and perl-mysql packages Yeah… the default database comes under /var/lib/mysql now its /database/mysql/
I couldn’t see mysql module in php -m. Whats the solution “google” I gotta hell lot of out put that everybody saying I do have the same issue, some stamped this a as bug.
Well… now I am ready to go back to the packages ;
the RPM’s coming wih the distro [ rpm -ivh mysql*4.17* - -force :) ]
Here my DIVIDE & RULE Policy got worked. I umount the /database partition and mount to /var/lib
Issues: fstab is not ready to take the new partition
Solution: edit /etc/rc.local [ mount /dev/cciss/c0d0p11 /var/lib ]
Any luck…? the screw is still getting tight for me…
I gotta the following errors when I started using my middle finger to set this up….at different stages…
1. /usr/libexec/mysqld: Can’t change dir to ‘/var/lib/mysql/’
2. mysql error Errcode: 13
Error code 13: Permission denied [ you can try bash-3.00$ perror 13 ]
3. ERROR 2002 (HY000): Can’t connect to local MySQL server through socket ‘/var/lib/mysql/mysql.sock
4. mysqld dead but subsys locked
5. /usr/libexec/mysqld: Can’t change dir to ‘/var/lib/mysql/’ (Errcode: 13)
6. Timeout error occurred trying to start MySQL Daemon.
7. ‘Problems running mysql_install_db’
8. Installation of system tables failed!
Woops..!! Dido is Stoned after The Sand In My Shoes …
Yokay..
I un-mount the /var/lib for my old /var/lib. Confused..well
/dev/cciss/c0d0p7 4.9G 155M 4.5G 4% /var [ Created at installation ]
/dev/cciss/c0d0p11 51G 144M 48G 1% /var/lib [ Newly mounted ]
:) because I have to back up all the files under “4% /var/lib “ to “1% /var/lib” with out loosing the permission settings.
cd /var/lib
find . -print -depth | cpio -pvdum ~admin/bkup_lib
Mounted back /var/lib to /dev/cciss/c0d0p11
Remove all files under /var/lib/ and once again use the find-cpio combination to place all the files back to ” 1% /var/lib/ “
Now the time to rpm -ivh mysql* [if you are “ivh” ing WITH OUT placing the files under /var/lib …heY..it’s gonna be a PITA with depedency and if those files are not with proper permission settings…..well… whats your numer from 1 to 8 ]
If all went fine so far; one request, dont use the mysql_install_db script now, but you can have a try and collect your number :)
Good…try this
[root@python ~] /usr/bin/mysqld_safe –user=mysql –skip-grant-tables &
[root@python ~] /usr/bin/mysql mysql
Yes..! it’s running; atleast for me but with one issue that I have to manually stop/kill the mysqld daemon.
There is NO service mysqld stop/restart …
I tried all the day to get it up and once it got up…hmmm… very funny…
Do ya have any hack around… :)
Dear All,
I am writing this mail as an information when we do installation of Linux Operating System by considering the manual partitioning (Diskdruid or fdisk).
People get annoyed after using Linux machine for a while by saying ” hey.. I got a Kernel Panic. I am worried about my data” or ” I don’t know where my GUI has gone”
One of the reason for this panic is, your ” / ” file system got squeezed ! ( say used space for / partition is 98% )
Please do comment, if you have got any suggestion.
I suggest; its a good practice to take care of this issue from the scratch; at the time of OS installation.
Here I am considering a 40GB HDD [** workstation specific NOT Server**]
By considering the fact; most of our machines are in dual boot so I don’t wanna deal with 15GB for Windows (15GB is fair enough for viruses to play and flood around :) )
well…the rest 25 GB.
This is just a DIVIDE & RULE Policy for better management and for recovery when we had troubles.
/boot
= 100MB [Make this as the first choice when you do partition, because older BIOS were not able to detect the second part of boot loader beyond 1024 cylinders of the HDD]
/usr
= 8 GB [ Happily we can deal this for a workstations, mine is 6 GB and 73% so far ]
swap
= Rule of Thumb; 2xRAM Size, but not always true [Try to have it on the middle part of the HDD, because its fast to access the middle portion of HDD]
/home
= 12 GB [ If you don’t have a dual boot, add much more or go for a separate user(you) defined partition to keep your data like documents, pdfs, mp3s and other stuffs ]
/
= 2 GB is more than enough. Yes I said 2048 MB *
/var
= 500 MB [ This separate partition avoid the electronic jamming of / by logfiles, mails and other junks..]
If you are using any RedHat distro and trying to configure MySQL, please consider much more space for the growing database which comes under /var/lib/mysql
/opt
= Are ya trying to install any applications like Oracle db &| its client ? Do you have any “optional” application which you don’t have to mess around ?. If the answer is “yes” go ahead and allocate desired space. I feel 3-4GB is okay. The best part is, you can remove the installed package under /opt as such, because all the files will come under that particular directory (directory=pkg-name) even the “bin” files. If you are not sure about this, add up this amount of space to your /usr or /home filesystem.
/tmp
= Normally, this never go beyond 100MB
NOTE:
1. Never log into your system as root. Log into as a normal user and configure your mail, desktop, browser and all other part which makes you comfortable. This way all your mails and other heavy stuff only fall under /home/[normalusr].
2. Do sudo or su - option when needed.
3. If you are in dual boot and have more space; its a good option to create FAT-32 partition by naming /winshare or something. So that we could access the data [pdfs, mp3s and other stuffs] from both OS.
Please do revert for any suggestion which you feel much practical or logical.
Thank You
~vipin
Contrary to popular belief, Unix is user friendly.
It just happens to be selective about who it makes friends with. — Dave Parnas
One of the hot stuff over the surf ajaxWrite (Asynchronous JavaScript and XML). I say this gonna be a killer application….
It silently says ” Killing is my bussiness and the bussiness is good!”
…and the foxY offered a good company for the Ace-Jack.
* Global access, all you need is an internet connection.
* Platform independent, you can use it with any operating system.
* Automatic updates and upgrades, no more computer restarts or missed patches/updates.
* Server side management, all the busywork is done for you.
http://www.ajaxlaunch.com/ajaxwrite/internals/ajaxwrite-noffox.html
Tail: It doesn’t work with internet explorer.
Did we mention it’s free? That’s right…
Microsoft Office Professional 2007TM - $499
ajaxWrite - $0
Just after the . option; I have been using Yahoo Mail Beta- the new kid, since March end 2006.
I have to be in the waiting list for a while to grab it.
Here is the survey link from yahoo to ask for the offer….No problem, ya can refer your girlfriend too :)
http://surveylink.yahoo.com/wix/p0473306.aspx
I feel its much better to use and looks damn good !
…and one Q… hey google what’s up?
The renovation of Kalari went fine…. the structure (pillar) and all reminds me the old but concrete. The new Lord Ganapathi idol has got 10 hands and I guess he has gotta two wifes too beside him ( I dont know pullikkarenety kalyanam kazhinjonnu… Achamma paranjathanusarichu…
“ganapathikkalyaanam naaley..naalay…neeley..neelay..ennaa… eha..”
I’ll try to get the snaps for you…..
edai… when I’ve been to home…all most all the people ask me…
:: “alla..eppo vannu…”
I just replayed…. 2 devasamai….
then…
:: “wife/pengochu enthey…”
well.. on the sreeja’s wedding day..
Appu Maman:: Eda…eppa vannu….siva…
: I thought he gotta twisted tongue…and I answered his query..
Appu Maman:: Edai…avanenthey…giri..
:: oho..this is too much…
Take care my dear brother