Files and Services

From Edgar BV Wiki
Revision as of 14:20, 2 March 2007 by Red (talk | contribs) (New page: <pre> files to copy on migration /home/.cobalt/report - contains the report files for all the sites /usr/admserv/html/.cobalt/error /usr/admserv/html/.cobalt/siteManage /usr/local/majordo...)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
files to copy on migration

/home/.cobalt/report - contains the report files for all the sites
/usr/admserv/html/.cobalt/error
/usr/admserv/html/.cobalt/siteManage
/usr/local/majordomo
/var/vacation
/var/spool/mail (symbolic links)
/home/spool/mail
/var/spool/mqueue
/var/log
/home/sites
/home/store
/home/quota*

Services

php
mysql (/etc/my.cnf, /opt/mysql/data)
sendmail (/etc/mail)
procmail (/etc/procmail/ /etc/procmailrc)
tripwire (/etc/tripwire)
rsync (/etc/rsyncd.conf)
snmp (/etc/snmpd.*)
bind (/var/named/, /etc/bind/, /etc/named.conf)
/etc/crontab
/opt/weblog

Logs

touch /var/log/statistics


http://pkgmaster.com/packages/raq/4/#openssh
You find extra packages to be installed

http://sunsolve.sun.com/patches/cobalt/raq4.eng.html
All the patches that must be applied to the RaQ

mkdir /home/store/weblog
mkdir /home/store/etc
mkdir /home/store/soa
mkdir /home/store/soa/named
mkdir /home/store/bind
mkdir /home/store/mysql
mkdir /home/store/mysql/data
mkdir /home/store/passes
mkdir /home/store/quota


ROOT CONFIG
~root/.bashrc and ~admin/.bashrc

--------cut -----------
alias tail='colortail -k /etc/colortail/conf.daemon,/etc/colortail/conf.kernel,/etc/colortail/conf.messages,/etc/colortail/conf.secure,/etc/colortail/conf.xferlog'

# You may uncomment the following lines if you want `ls' to be colorized:
 export LS_OPTIONS='--color=auto'
 eval `dircolors`
 alias ls='ls $LS_OPTIONS'
---------- paste --------------

/etc/admin.motd

/etc/profile
insert:
------------- cut -----------------
/bin/echo "`last -n 1` logged in with these permissions `id`" | /bin/mail -s "SSH login on RaQ" red@tripany.com
alias tail='colortail -k /etc/colortail/conf.daemon,/etc/colortail/conf.kernel,/etc/colortail/conf.messages,/etc/colortail/conf.secure,/etc/colortail/conf.xferlog'


# You may uncomment the following lines if you want `ls' to be colorized:
 export LS_OPTIONS='--color=auto'
 eval `dircolors`
 alias ls='ls $LS_OPTIONS'
 alias ll='ls $LS_OPTIONS -l'
 alias l='ls $LS_OPTIONS -lA'

------------ paste -----------------------

/etc/syslog.conf

------------ cut --------------------------

# Build Debian style syslogger
*.*;auth,authpriv.none          -/var/log/syslog

# Additional logging by RazoR
uucp.*                                  /var/log/uucp.log
user.*                                  /var/log/user.log

mail.info                               /var/log/mail/mail.info
mail.warn                               /var/log/mail/mail.warn
mail.err                                /var/log/mail/mail.err

*.=debug;\
        auth,authpriv.none;\
        mail.none                       /var/log/debug

*.warn; auth,authpriv.none;mail         /var/log/warnings
#*.=info;*.=notice;*.=warn;\
        #auth,authpriv.none;\
        #mail                           /var/log/warnings

*.emerg                         *

daemon,mail.*;\
       news.=crit;news.=err;news.=notice;\
       *.=debug;*.=info;\
       *.=notice;*.=warn                /var/log/console

------------ paste ---------------------------

 touch /var/log/syslog
 touch /var/log/uucp.log
 touch /var/log/user.log
 mkdir /var/log/mail
 touch /var/log/mail/mail.info
 touch /var/log/mail/mail.warn
 touch /var/log/mail/mail.err
 touch /var/log/debug
 touch /var/log/warning
 touch /var/log/console


/etc/logrotated.conf
------------- cut -------------
# Report errors to red@tripany.com
errors red@tripany.com
---------- paste ---------------
and change rotate 1 to rotate 5

/etc/logrotate.d/syslog
add following
------------ cut --------------------

/var/log/syslog {
        postrotate
                /usr/bin/killall -HUP syslogd
        endscript
}

/var/log/console {
        postrotate
                /usr/bin/killall -HUP syslogd
        endscript
}

/var/log/uucp.log {
        postrotate
                        /usr/bin/killall -HUP syslogd
                                endscript
                                }

/var/log/debug {
        postrotate
                        /usr/bin/killall -HUP syslogd
                                endscript
                                }

/var/log/warnings {
        postrotate
                        /usr/bin/killall -HUP syslogd
                                endscript
                                }

/var/log/user.log {
        postrotate
                        /usr/bin/killall -HUP syslogd
                                endscript
                                }

/var/log/mail/mail.info {
        postrotate
                        /usr/bin/killall -HUP syslogd
                                endscript
                                }

/var/log/mail/mail.warn {
        postrotate
                        /usr/bin/killall -HUP syslogd
                                endscript
                                }

/var/log/mail/mail.err {
    postrotate
            /usr/bin/killall -HUP syslogd
                endscript
                }

/home/spool/mail/from {
        postrotate
                        /usr/bin/killall -HUP syslogd
                                endscript
                                }

/var/log/snort/alert {
        postrotate
                /usr/bin/killall -HUP syslogd
        endscript
}

/var/log/snort/portscan.log {
        postrotate
                /usr/bin/killall -HUP syslogd
        endscript
}

/var/log/snort/snort-0820@1947.log
        postrotate
                /usr/bin/killall -HUP syslogd
        endscript
}

------------- paste ----------------------------------

analog
www.analog.cx

colortail
wget http://www.student.hk-r.se/~pt98jan/colortail-0.3.0.tar.gz

Also install the deepsight extractor from aris.securityfocus.com

Install the latest versions of BIND
(http://www.isc.org/products/BIND/)

wget ftp://ftp.isc.org/isc/bind/src/8.3.3/bind-src.tar.gz
wget ftp://ftp.isc.org/isc/bind/src/8.3.3/bind-contrib.tar.gz

make DST=/opt/bind-8.3.3 SRC=`pwd` links /opt/bind-8.3.3
make depend
make all
make install

Midnight commander
wget http://www.ibiblio.org/pub/Linux/utils/file/managers/mc/mc-4.6.0-pre1.tar.gz

link the /etc/rc.d/init.d/mysql file to /etc/rc.d/init.d/mysql.server so that it will start up on boot!

Chkrootkit
ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
make sense
./chkrootkit

Libpcap
http://www.tcpdump.org/release/libpcap-0.7.1.tar.gz
./configure
make
make install

Portsentry
http://www.psionic.com/downloads/portsentry-2.0b1.tar.gz
before make change SYSLOG_LEVEL to LOG_LOCAL0 in portsentry_config.h
NB. leave the '#' symbols!
vi /etc/syslog.conf
And add :
---------- cut ---------
---------- paste -------

vi portsentry.conf
change 
INTERFACE_ADDRESS="212.61.33.42"
BLOCK_UDP="0"
BLOCK_TCP="0"
KILL_ROUTE="/sbin/route add -host $TARGET$ reject"
SCAN_TRIGGER="1"

vi portsentry.ignore
add
212.61.26.52
213.84.24.229
213.84.24.228

make linux
make install
/usr/local/psionic/portsentry2/portsentry

Insert this into the /etc/rc.d/init.d/

---------- cut -------------
#!/bin/sh
# Start / Stop portsentry

case "$1" in
'start')
 	/usr/local/psionic/portsentry2/portsentry
 	;;
'stop')
	PID=`ps -ef | grep portsentry | grep -v grep | awk '{print $2}'`
 	kill -9 $PID
 	;;
*)
 echo "Please use $0 ( start | stop )"
 ;;
esac
exit 0
---------- paste --------------

then in /etc/rc.d/rc3.d/
ln -s ../init.d/portsentry ./S90portsentry
in /etc/rc.d/rc0.d and /etc/rc.d/rc6.d
ln -s ../init.d/portsentry ./K90portsentry


Hostsentry
http://www.psionic.com/downloads/hostsentry-0.02.tar.gz
make install
cd /usr/local/abacus/hostsentry

Qpopper longer timeout:
in /etc/inted.conf
pop-3   stream  tcp     nowait.100  root    /usr/sbin/tcpd      in.qpopper -R
(the .100 after the nowait is how long to wait before assuming the program is looping)

MyODBC:
wget http://mysql.proserve.nl/Downloads/MyODBC/MyODBC-2.50.39.tar.gz
ln -s /usr/lib/libmysqlclient_r.so.10.0.0 /usr/lib/libmysqlclient


get a client from:
http://www.mysql.com/documentation/mysql/bychapter/manual_ODBC.html#MyODBC_clients

------------ PHP ------------------
The process takes about 1 hour.  This all has to be done as ROOT. To prepare
get get a snapshot of your phpinfo() and backup your php.ini file before
starting.  I would also recommend getting a copy of PHP 4.0.6 so you can
backtrack if need be.

Rename the link to the modules directory, copy the existing modules to a new
directory, link the new directory and restart the admin server.
# mv /etc/admserv/modules /etc/admserv/modules.old
# cp -r /usr/lib/apache /usr/lib/apache_old
# ln -s /usr/lib/apache_old /etc/admserv/modules
# /etc/init.d/admserv restart

Then I got the PHP 4.2.3 source (you have to navigate to the right mirror
wget just didn't work)
# lynx http://www.php.net/get_download.php?df=php-4.2.3.tar.gz

Then I extracted the files
# tar -zxvf php-4.2.3.tar.gz

ran configure
# cd php-4.2.3
#
./configure --prefix=/usr --with-apxs=/usr/sbin/apxs --enable-safe-mode --wi
th-config-file-path=/etc/httpd --with-exec-dir=/usr/bin --with-zlib --enable
-magic-quotes --with-regex=system --enable-track-vars --with-iconv --enable-
xml --disable-debug --with-gd --enable-mbstring --enable-mbstr-enc-trans --w
ith-interbase=shared --with-mysql=shared --with-pgsql=shared --with-openssl=
/usr --with-jpeg-dir=/usr --with-png-dir=/usr

I then ran make and make install.
# make
# make install

I then copied mysql.so from the modules directory where I compiled the
source to where PHP could get it
# cp ./modules/mysql.so /etc/httpd/modules/php/mysql.so

Then I updated the /etc/httpd/php.ini file using vi to have the following
lines
extension=mysql.so
;extension=i18n.so
;extension=cce.so

You need to comment out the  i18n.so and the cce.so or else you'll get some
unecessary error messages in your error log.

Then restart the main web service
# /etc/init.d/httpd restart

------------------
chmod 700 /usr/bin/gprof
-------------------
Bind 9.2.1

./configure --prefix=/home/opt/bind-9.2.1 --sysconfdir=/etc/bind --with-openssl=/home/opt/openssl-0.9.6g 

nb - without --enable-ipv6!

----------------------------------------
LaBrea

http://www.hackbusters.net/
http://www.bizsystems.net/downloads/labrea/

Need to download the OLD libnet libs at
http://www.packetfactory.net/

the make the libnet
make labrea
shellscript to start it:

#!/bin/sh
/opt/LaBrea -lvs -p 10 -bz -O >> /var/log/labrea &

then to make the reporter:
tar -xzvf LaBrea-Tarpit-X.XX.tgz
	cd LaBrea-Tarpit-X.XX
	perl Makefile.PL
	make
	make test
	make install

touch /opt/labrea.log
touch /etc/logrotate.d/labrea.log
	/opt/labrea {
        rotate 10
        compress
        missingok
        size 10M
        }


---------------------------------------------------
NTOP
http://snapshot.ntop.org/
http://sourceforge.net/project/showfiles.php?group_id=17233&release_id=101707

first make the other library in the project, then go to the ntop dir and run ./autogen.sh then make and make install, unless you re-untar it and then go ./configure --prefix=/opt/ntop

then add a user and mkdir /opt/ntop/data
chown ntop /opt/ntop/data

For the 1st run:
ntop -P /opt/ntop/data -u ntop -A

then:
/opt/ntop/bin/ntop -a /var/log/httpd/access -i eth0 -u ntop -w 3281 -P /opt/ntop/data/ eth1 -d
--------------------------------------------------
Logwatch
http://www.logwatch.org/tabs/download/
ftp://ftp.kaybee.org/pub/linux/logwatch-4.3.2.tar.gz

copy the conf and scripts dir to /opt/logwatch, edit the conf/ and remove the -d option from mktemp

then in crontab:
30 2 * * * root /opt/logwatch/scripts/logwatch.pl

-----------------------------------------------------------

PKILL
http://belnet.dl.sourceforge.net/sourceforge/proctools/proctools-0.3.1.tar.gz

----------------------------------------------------------------

Spamassasin - BEWARE: Processor load goes through the roof with a systemwide installation!

upgrade perl!
sh Configure -de -Dprefix=/opt/perl-5.8.0
make
make test
./perl installperl -n (for the simulation)
make install
in /usr/bin/
rm perl
ln -s ./perl5.003 ./perl

First from cpan.org get and install HTML-Tagset then HTML-Parser
(perl Makefile.PL;make;make test;make install)

./configure
/usr/bin/perl5.8.0 Makefile.PL PREFIX=/opt/Spamassasin
make
make install

then in /etc/procmailrc add
DROPPRIVS=yes

      :0fw
      * < 256000
      | /opt/Spamassasin/bin/spamc

http://spamassassin.org/sitewide.html

move the spamd/redhat-rc-script.sh to /etc/rc.d/init.d/