Month: January 2008

Installing and configuring SSHD Filter

Installing and configuring SSHD Filter

Introduction – SSHDFilter is open source tool by which we can manage SSH service effectively and we can secure our system from brute force attack. This tools will block brute force attack by using IPtables.

You can downaload the sshdfilter from the following location http://www.csc.liv.ac.uk/~greg/sshdfilter/ and then untar the tar.gz file…

#wget -c http://www.csc.liv.ac.uk/~greg/sshdfilter-1.5.5.tar.gz
#tar xvzf sshdfilter-1.5.5.tar.gz
#cd sshdfilter-1.5.5

1] Decide which linux distribution .partconf file you need to use –

rh7390 – RedHat 7.3, RedHat 9.0, Fedora Core 2.0 or CentOS 4.3
rhFC30 – RedHat Fedora Core 3.0, Fedora Core 4.0, Red Hat Enterprise Linux ES release 4, or CentOS 3.x
deb31 – Debian 3.1 (sarge) or Debian (sid, but see README.debian)
su10rc1 – SuSe 10.0 RC 1, Gentoo and Slackware
dbear – Dropbear, a light weight sshd daemon

(Our distribution was Fedora 5 so we selected rhFC30)

#cat etc/sshdfilterrc patterns/rhFC30.partconf > /etc/sshdfilterrc

2] Edit /etc/sshdfilterrc to suit your needs –

make sure that below two rules are uncommented, These are the blocking and unblocking rules.

#vi /etc/sshdfilterrc

firewalladd=’iptables -A $chain -p tcp -s $ip –dport 22 -j DROP’
firewalldel=’iptables -D $chain -p tcp -s $ip –dport 22 -j DROP’

Set the CHAIN –
chain=’SSHD’
If you would like to set a mailer you can set it from here:
#mail=’mail -s \”sshdfilter event for $ip, $event\” greg\@abatis.flint’
Set the sshd path, from where the sshd daemon is or will be running :-
sshdpath=’/usr/sbin/sshd’
Now comes the main part of setting the user Policy : this will define the number of attempts that should be allowed and what is to be done after the number of failures, These are the policies through which we can block the unwanted ssh attacks –

(At present we have set the following policies )
4,3d=INVALID
2,5d=’^root$’
4,3d=’^magnet$’
0,8d=NOID

The First Policy “4,3d=INVALID” defines , if any person trying to ssh to the server with an invalid username, after 4 attempts , his name will get inserted into the iptables SSHD chain and he will get blocked for 3 days.
The Second Policy ” 9,3d=’^root$’ ” defines, if any peroson tries to ssh the server with root as the user, after 2 unsuccessfull attempts, his name will get inserted into iptables and he will be blocked for 5 days.
The Third Policy ” 4,3d=’^magnet$’ ” is similiar to the second one, If any person, trying to ssh the server with magnet as the user, after 4 unsuccessfull attempts, his name will get inserted into iptables and he will be blocked for 3 days. Please note, Here magnet is one of the users on the server, You can mention the users of your server.
The Fourth Policy ” 0,8d=NOID ” defines, Catch and block all No ssh id events, instant block for 8 days.

You can add more policies to the policy section, the specifications are mentioned in the file.
Once the policies and settings have been done, save and exit the file.

3] Add the SSHD chain to your iptables firewall setup –


#iptables -N SSHD

#/etc/init.d/iptables save

4] Add a jump to SSHD rule with something like –

# iptables -A INPUT -p tcp -m tcp –dport 22 -j SSHD

copy sshdfilter.pl to /usr/sbin/sshdfilter, or maybe /usr/local/sbin/sshdfilter

#cp source/sshdfilter.pl /usr/sbin/sshdfilter

Copy the man pages sshdfilter.1 and sshdfilterrc.5 to /usr/share/man/man{1,5} respectively –

#cp man/sshdfilter.1 /usr/share/man/man1/
#cp man/sshdfilterrc.5 /usr/share/man/man5/

Then copy the sshdfilter and sshd file to /etc/init.d/sshdfilter and start services…
(Before doing the above step, Please ensure to take a backupof the original sshd file)

#cp etc/init.d/sshdfilter /etc/init.d/
#cp etc/init.d/sshd.rhFC30 /etc/init.d/sshd

#/etc/init.d/sshdfilter start
#/etc/init.d/sshd restart

5] To confirm that sshdfilter is running –

# ps -aux | grep ssh
/usr/bin/perl /usr/sbin/sshdfilter
/usr/sbin/sshd -e -D

You should be seeing some output like the above one, that is the sshdfilter process and the sshd should be running with the -e and -D options.

If you see the above outputs, the installation is complete and you are done with SSHD, you can now try doing some ssh attacks to your server.

6] You can check the logs in –

#tail -f /var/log/secure OR
#tail -f /var/log/messages

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Hope this tutorial was helpful to you, we would like to have some feedbacks from you.
Please feel free to mail.

Thank You,
Magnet Systems Team

How to configure FTP server on Redhat & debian based system

How to configure FTP server on Redhat & debian based system

Introduction – FTP is File Transfer Protocol, the protocol for exchanging files over the Internet. FTP uses the Internet’s TCP/IP protocols to enable data transfer

What is anonymous FTP?

Anonymous FTP is a privilege granted by the organization that owns the computer to which you are connecting by using FTP without any restriction. FTP runs exclusively over TCP. FTP servers by default listen on port 21 for incoming connections from FTP clients

Type of FTP connection?

1) In active mode, the FTP client opens a random port (> 1023), sends the FTP server the random port number on which it is listening over the control stream and waits for a connection from the FTP server. When the FTP server initiates the data connection to the FTP client it binds the source port to port 20 on the FTP server.

2)
In passive mode, the FTP server opens a random port (> 1023), sends the FTP client the server’s IP address to connect to and the port on which it is listening (a 16 bit value broken into a high and low byte, like explained before) over the control stream and waits for a connection from the FTP client. In this case the FTP client binds the source port of the connection to a random port greater than 1023.

3) In extended passive mode, the FTP server operates exactly the same as passive mode, however it only transmits the port number (not broken into high and low bytes) and the client is to assume that it connects to the same IP address that was originally connected to

ftpserver

List of FTP Server –

The ProFTP , vsFTP and Pure-FTP are the widely used FTP servers.

1] How to Setup FTP server on Redhat/Fedora

For this post I am using vsFTP server on Fedora..

[root@indianGNU.org vsftpd]# pwd
/etc/vsftpd
[root@indianGNU.org vsftpd]# ls
chroot_list ftpusers user_list vsftpd.conf vsftpd_conf_migrate.sh
[root@indianGNU.org vsftpd]#

Configuration file of vsFTP server –

[root@indianGNU.org vsftpd]# cat vsftpd.conf
# Example config file /etc/vsftpd/vsftpd.conf
#
##anonymous disabled
#anonymous_enable=YES
#
# allow local users to log in.
local_enable=YES
#
# enable any write operation form of FTP.
write_enable=YES
#
# Default umask for local users is 077.
local_umask=022
#
# messages given to remote users when they go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can have your log file in standard ftpd xferlog format
xferlog_std_format=YES
#
#chroot_list_file=/etc/vsftpd/chroot_list
chroot_local_user=YES
userlist_deny=NO
pam_service_name=vsftpd
userlist_enable=YES
#enable for standalone mode
listen=YES
tcp_wrappers=YES
[root@indianGNU.org vsftpd]#

2] Add FTP users who will use FTP service –

[root@indianGNU.org vsftpd]# tail /etc/passwd
…..

…..

reply:x:553:553::/home/reply:/bin/bash
arun:x:544:544::/var/www/indianGNU.org/html:/sbin/nologin
[root@indianGNU.org vsftpd]#

3] Add user in “/etc/vsftpd/user_list file” to login via FTP –

[root@indianGNU.org vsftpd]# cat  /etc/vsftpd/user_list
# vsftpd userlist
# If userlist_deny=NO, only allow users in this file
# If userlist_deny=YES (default), never allow users in this file, and
# do not even prompt for a password.
# Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers
# for users that are denied.
arun
myftp
ftpuser

[root@indianGNU.org vsftpd]#
4] Now restart your FTP service and try to login —

[root@indianGNU.org vsftpd]# ftp localhost
Connected to localhost.
220 (vsFTPd 2.0.4)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (localhost:root): arun
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 “/”

ftp> ls
227 Entering Passive Mode (127,0,0,1,213,215)
150 Here comes the directory listing.
-rwxrwxrwx 1 0 0 66 Jan 15 12:10 index.php
-rwxrwxrwx 1 0 0 21 Jan 08 13:32 myinfo.php
drwxrwxrwx 5 0 0 4096 Jan 09 04:32 sendmail
drwxr-xr-x 5 0 0 4096 Jan 10 07:13 test.txt

226 Directory send OK.
ftp> bye
221 Goodbye.
[root@indianGNU.org vsftpd]#

Thank you,

Arun

Introduction to RIA(Rich Internet Application) and Adobe Flex

Introduction to RIA(Rich Internet Application) and Adobe Flex

I wanted to contribute to open source projects and for that I have started to get through on RIA (Rich Internet Application) and Adobe Flex2 for creating user-friendly web-based applications/admin panel.

My friend Mukesh Gupta who is working on Adobe Flex with me in Magnet Technologies , and he has helped me for learning Adobe Flex.

What is Flex?

Adobe® Flex™ 2 is a complete, powerful application development solution for creating and delivering cross-platform rich Internet applications (RIAs) within the enterprise and across the web. It provides a modern, standards-based language and programming model that supports common design patterns and includes an Eclipse™ based development environment; advanced data services; and a fast, enterprise-class client runtime based on ubiquitous Adobe Flash® Player software.

How is Flex different from Flash?
Flash is the leading authoring tool for web developers, multimedia professionals, animators, and videographers who want to create rich interactive content. Flex 2 products enable more application developers to leverage the powerful Flash runtime to create data-driven RIAs. In addition, developers can use Flash and Flex Builder together to add rich interactive elements to a structured, Flex based application.
 
What do I need to start building Flex applications today?
 
The fastest, easiest way to get started is to use Flex Builder 2 software. Or, you can download the Flex SDK, which includes the Flex framework and compiler, enabling you to develop Flex applications using the IDE of your choice.
Do I need to install the Flex SDK if I use Flex Builder?
 
No. When you install Flex Builder, you automatically get the Flex framework and everything you need to start building Flex applications today.
Create Users And Change Passwords With A Bash Script

Create Users And Change Passwords With A Bash Script

Hi All,

These two scripts are very important for the system admin who regularly works with mail servers and somehow forgets to backup his system username and password! Let’s say somehow we lost the usernames and passwords of the mail server. In this case the admin has to manually create all the users and then change the passwords for all the users. Tedious job. Let’s make our life easier.

First create a file which contains all the user name. Something like this:

root@indiangnu.org:/home/arun# vi userlist.txt

Arun

Ravi

Nishikant

Ali

Nishit

Ameya

Yogesh

Santosh

Save the file as userlist.txt. Now create the following bash file:

root@indiangnu.org:/home/arun# vi useradd

#!/bin/sh

# This script is useful for adding user

for i in `more userlist.txt`

do

echo $i

adduser $i

done

Save the file and exit.

root@indiangnu.org:/home/arun# chmod 755 userlist.txt useradd

Now run the file :

root@indiangnu.org:/home/arun# ./useradd

This will add all the users to the system. Now we have to change the passwords. Let’s say we want username123 as password. So for user arun the password will be arun123, ravi123 for user ravi and so on.

Create another bash file as follows:

root@indiangnu.org:/home/arun# vi userpass

#!/bin/sh

# This script is useful for changing user’s password

# Changing password using this script user must have to change password after next login

for i in `more userlist.txt`

do

echo $i

echo $i”123″ | passwd –stdin “$i”

echo; echo “User $i will be forced to change password on next login!”

done

 

 

 

Save the file and exit.

root@indiangnu.org:/home/arun# chmod 755 userpass

Run the file. All the passwords are changed.

 

The useradd and password changed one time bash script is available below

root@indiangnu.org:/home/arun# vi adduser

#!/bin/sh

# This user.sh script is useful for creating

# bulk number of user account with their password

# This script created by Ravi Bhure (date:14/01/2008)

# For further info please login http://indianGNU.org or

# mail ravi <at> indianGNU.org

#

for i in `more userlist.txt`

do

echo $i

adduser $i

echo $i”123″ | passwd –stdin “$i”

echo; echo “User $i’s password changed!”

echo; echo “User $i will be forced to change password on next login!”

done

====================================================== 

changed the permission 755 “useradd” file.

 

Thank You

Ravi Bhure

Contact Grabber Version 0.4 Released

Contact Grabber Version 0.4 Released

Hi All,

The new version of Contact Grabber has been released.

We have added 4 new sites to the contact grabber namely AOL, LinkedIn, Lycos & Indiatimes. Along with the above ones, others like Yahoo, Orkut, Gmail, Rediff, Hotmail & Myspace have been modified & all of them are working fine now.

Few of them like AOL, Lycos have been integrated as they were already available open source.

Gmail has an issue with some email accounts though. But that is due to the fact that a recent post on Google Groups said that they are moving accounts from one server to another. For more information, please click here…

You can download it from: https://sourceforge.net/projects/contactgrabber

Regards,
Magnet Technologies

Is 2008 going to be the year of Linux?

Is 2008 going to be the year of Linux?

It has been years since we started talking about the ‘year of Linux’. Finally, good news for open source buffs? Well, we really can’t predict that. But, there is a hope that the coming time could be a real turning point in the history of open source, making 2008 the year of Linux on desktop. Though Linux will not be a direct replacement for Windows,we are definitely going to see a major increase in the number of end-users adopting Linux. PC giant Dell, at the beginning of this year, gaveus a positive sign by introducing Linux computers. A number of other vendors are also betting high on Linux. Ubuntu has already received recognition among mobile users and server market. Linux Desktop, though gradually, is gaining momentum. At this point in time, we can only wait and watch the game!



Thank you,

Ravi Bhure.

 

RPM Package Manager (RPM) version 5.0.0 released

RPM Package Manager (RPM) version 5.0.0 released

RPM is a powerful and mature command-line driven package management system capable of
installing, uninstalling, verifying, querying, and updating Unix software packages. Each software 
package consists of an archive of files along with information about the package like its 
version, a description, and the like.

WHAT IS NEW IN RPM 5.0.0

·         The Automake/Autoconf/Libtool-based build environment of RPM was completely revamped 
from scratch and as one major result mostly all third-party libraries now can be linked externally and 
in a very flexible way.
·         Support for the ancient and obsolete "rpmrc" files was completely removed, as everything is 
now configured through RPM "macros" under run-time only.
·         The RPM code base was ported to all major platforms, including the BSD, Linux, 
Solaris and Mac OS X Unix flavors and Windows/Cygwin.
·         RPM packages now also support LZMA compression apart from Gzip and Bzip2.
·         RPM is now able to automatically track vendor distribution files with its new vcheck(1) based "%track" section 
and now can automatically download the vendor distribution files, too.

Read the official press release click here.

Thank you,

Ravi Bhure.

Zimbra with non 80 port ( Zimbra with 7071 and 8086 port and Apache web server on 80 port)

Zimbra with non 80 port ( Zimbra with 7071 and 8086 port and Apache web server on 80 port)

Introduction –

We want to use Zimbra CS for email server management and Apache with PHP for Web hosting. But tomcat which is used by Zimbra CS for Admin panel by default on 7071 port and webmail on 80 port. In our case we want Zimbra CS admin panel on same 7071 port and mail.domain.com which on 80 port to some other random port say 8086 port.

* Please follow this step to customize the Zimbra CS

1] First you will have to edit server.xml and server.xml.in file which the configuration file for tomcat. You will have to define a port on which you want to listen a tomcat. So in my case the path for the file is….

[root@indiangnu.org# vi /opt/zimbra/tomcat/conf/server.xml

[root@indiangnu.org# vi /opt/zimbra/tomcat/conf/server.xml.in

………
<Service name=”Catalina”>
<!– user services connector, no SSL –>
<!– HTTPBEGIN –>
<Connector port=”8086
acceptCount=”1024″ URIEncoding=”UTF-8″
enableLookups=”false” redirectPort=”443″
compression=”on”
compressionMinSize=”1024″
compressableMimeType=”text/html,text/plain,text/css”
noCompressionUserAgents=”.*MSIE 6.*”
maxThreads=”100″ minSpareThreads=”100″ maxSpareThreads=”100″/>
<!– HTTPEND –>
<!– user services connector, SSL –>
<!– HTTPSBEGIN
<Connector port=”8086
acceptCount=”1024″ URIEncoding=”UTF-8″
enableLookups=”false”
compression=”on”
compressionMinSize=”1024″
clientAuth=”false” sslProtocol=”TLS”
keystoreFile=”/opt/zimbra/tomcat/conf/keystore” keystorePass=”zimbra”/>
HTTPSEND –>

………

[root@indiangnu.org#

2] After making changes to above mentioned two file you can now move to next step in that we will edit a service.web.xml.in file . In this file also you will have to define port number same as mentioned in above file.

[root@indiangnu.org# vi /opt/zimbra/tomcat/conf/service.web.xml.in

……………

<filter>
<filter-name>ZimletFilter</filter-name>
<filter-class>com.zimbra.cs.zimlet.ZimletFilter</filter-class>
<init-param>
<param-name>allowed.ports</param-name>
<param-value>%%zimbraMailPort%%, %%zimbraMailSSLPort%%, 7070, 7443, 7071, 8086</param-value>
</init-param>
</filter>
…………..

[root@indiangnu.org#

3] Now you can simply restrart your zimbra. and you will now be able to run zimbra on other port i.e 8086 in my case and Admin Panel on 7071.

Zimbra Webmail –

http://your-domain-name.com:8086/

** Note – use apache for redirecting http://mail.your-domain-name.com to

http://your-domain-name.com:8086/

http://mail.your-domain-name.com

Admin Panel –

https://your-domain-name.com:7071/zimbraAdmin/

4] If you get an below error screen after loading zimbra page you can resolved it by following NO.2 step.

Error after entering username and password –
==============================================
An unknown application error has occurred. Please correct any
errors and retry. If the problem persists, please contact your
System Aministrator. (service.FAILURE)
==============================================

Regards,

Arun

PHP-Java Bridge – compilation, installtion and configuration

PHP-Java Bridge – compilation, installtion and configuration

Introduction –

PHP-Java bridge is the third party extension for PHP by which we can integrate PHP and Java. By using PHP-Java bridge extension you can access Java clasess etc from within your PHP code. We have used this PHP-Java bridge to integrate our  website with ICICI-payment Gateway.

The PHP-Java bridge is an optimized, XML-based network protocol, which can be used to connect a native script engine, PHP, with a Java. It is more than 50 times faster than local RPC via SOAP, requires less resources on the web-server side, and it is faster and more reliable than communication via the Java Native Interface

How to install and compile PHP-Java Bridge –

As I mention that PHP-Java Bridge is third party extension of PHP. you can download source and rpm/debian packages from here…

PHP has three types of Extensions

1) PEAR (PHP Extension and Application Repository)

2) PECL (PHP Extension Community Library) and

3) Third party extension like PHP-Java bridge and PHP-clamavlib

* you can install PHP-Java Bridge extension either by compiling from source or via rpm/debian packages. Here we will consider all this methods.

* Please visit again I will complete this post asap.

Thank you,

Arun

How to reload service by using kill command

How to reload service by using kill command

In my  case I am  using apache server  for reloading configuration file etc.

*Check  apache is runnig on 80 port or  not ?

root@indiangnu.org:/home/arun# netstat -nlp |  grep  80
tcp6       0      0 :::80                   :::*                    LISTEN     5562/apache2

root@indiangnu.org:/home/arun# vi /etc/apache2/
apache2.conf     envvars          magic            mods-enabled/    README           sites-enabled/
conf.d/          httpd.conf       mods-available/  ports.conf       sites-available/ ssl/

2]  Modify  configuration files..

root@indiangnu.org:/home/arun# cat  /etc/apache2/ports.conf
Listen 80

root@indiangnu.org:/home/arun#  vi  /etc/apache2/ports.conf

root@indiangnu.org:/home/arun#  cat  /etc/apache2/ports.conf
Listen 80
Listen 8080

root@indiangnu.org:/home/arun#

root@indiangnu.org:/home/arun# netstat -nlp |  grep  80
root@indiangnu.org:/home/arun# netstat -nlp |  grep  80
tcp6       0      0 :::80                   :::*                    LISTEN     5562/apache2

3]  Reload service ie configuration files etc.

root@indiangnu.org:/home/arun# kill -HUP 5562

4]  Check apache is using 80 and 8080 port or not ?

root@indiangnu.org:/home/arun# netstat -nlp |  grep  80
tcp6       0      0 :::8080                 :::*                    LISTEN     5562/apache2
tcp6       0      0 :::80                   :::*                    LISTEN     5562/apache2
root@indiangnu.org:/home/arun#