HP Server

Lynis is an open source and much powerful auditing tool for Unix/Linux like operating systems. It scans system for security information, general system information, installed and available software information, configuration mistakes, security issues, user accounts without password, wrong file permissions, firewall auditing, etc.

Lynis is one of the most trusted automated auditing tool for software patch management, malware scanning and vulnerability detecting in Unix/Linux based systems. This tool is useful for auditors, network and system administrators, security specialists and penetration testers.

Installation of Lynis
Lynis doesn’t required any installation, it can be used directly from any directory. So, its good idea to create a custom directory for Lynis under /usr/local/lynis.

# mkdir /usr/local/lynis

Download stable version of Lynis source files from the trusted website using wget command and unpack it using tar command as shown below.

# cd /usr/local/lynis
# wget https://cisofy.com/files/lynis-2.2.0.tar.gz

Unpack the tarball

# tar -xvf lynis-2.2.0.tar.gz

Running and using Lynis Basics
You must be root user to run Lynis, because it creates and writes output to /var/log/lynis.log file. To run Lynis execute the following command.

# cd lynis
# ./lynis

By running ./lynis without any option, it will provide you a complete list of available parameters and goes back to the shell prompt.

To start Lynis process, you must define a --check-all parameter to begin scanning of your entire Linux system. Use the following command to start scan with parameters as shown below.

# ./lynis --check-all

Once, you execute above command it will start scanning your system and ask you to Press [Enter] to continue, or [CTRL]+C to stop) every process it scans and completes.

To prevent such acknowledgment (i.e. “press enter to continue”) from user while scanning, you need use -c and -Q parameters as shown below.

# ./lynis -c -Q

It will do complete scan without waiting for any user acknowledgment. See the following screencast.

Creating Lynis CronJobs
If you would like to create a daily scan report of your system, then you need to set a cron job for it. Run the following command at the shell.

# crontab -e

Add the following cron job with option --cronjob all the special characters will be ignored from the output and the scan will run completely automated.

30	22	*	*	*	root    /path/to/lynis -c -Q --auditor "automated" --cronjob

The above example cron job will run daily at 10:30pm in the night and creates a daily report under /var/log/lynis.log file.

Lynis Scanning Results
While scanning you will see output as [OK] or [WARNING]. Where [OK] considered as good result and [WARNING] as bad. But it doesn’t mean that [OK] result is correctly configured and [WARNING] doesn’t have to be bad. You should take corrective steps to fix those issues after reading logs at /var/log/lynis.log.

In most cases, the scan provides suggestion to fix problems at the end of the scan. See the attached figure that provides a list of suggestion to fix problems.

Updating Lynis
If you want to update or upgrade current lynis version, simple type the following command it will download and install latest version of lynis.

# ./lynis update info         [Show update details]
# ./lynis update release      [Update Lynis release]

Lynis Parameters
Some of the Lynis parameters for your reference.

1. --checkall or -c : Start the scan.
2. --check-update : Checks for Lynis update.
3. --cronjob : Runs Lynis as cronjob (includes -c -Q).
4. --help or -h : Shows valid parameters
5. --quick or -Q : Don’t wait for user input, except on errors
6. --version or -V : Shows Lynis version.

That’s it, we hope this article will be much helpful you all to figure out security issues in running systems. For more information visit the official Lynis page at

https://cisofy.com/download/lynis/.

Direct Download Lynis 2.2.0 Tar File

Enjoy!

You actually need to have the ipset module installed on your CentOS

# yum -y install ipset

Then set LF_IPSET=”1″ in the Firewall Configuration and restart CSF

Et voilà!

PLEASE NOTE THAT I AM NOT USING MULTIPLE ACCOUNT ON THIS SERVER. IF YOU USE MULTIPLE ACCOUNTS YOU NEED TO MAKE THOSE STEP IN THE /HOME/(USER ACCOUNT NAME)

1. Go to /root/.ssh directory (If directory does not exist create it)
2. cat known_hosts (If it does not exist create it)
3. ssh-keygen -t rsa (Create the private and public keys)
4. Enter passphase (Hit enter twice for none)
5. ls -a (You will see now the Private Local Machine Key and the Public Server Key)
6. cat id_rsa.pub
7. Copy the id_rsa.pub
8. In the .ssh directory run the following command
   # touch authorized_keys
9. Copy the id_rsa.pub key in the authorized_keys file
10. If you did not already did this step you are good to go!
    navigate to /etc/ssh/sshd_config
11. Navigate to …
    # To disable tunneled clear text passwords, change to no here!
    #PasswordAuthentication yes
    #PermitEmptyPasswords no
    PasswordAuthentication yes
12. You have to set the PasswordAuthentication no
13. For the rest of the installation just follow the video!

Here is what I do after, download the private key id_rsa to your computer. Open filezilla and add a new connection by using “LOGON TYPE: Key File”

Add the key file that you downloaded “id_rsa” then Filezilla will prompt you to created the final key file by converting it to .ppk “I named my keyfile filezilla.ppk”

When the new key is saved you will be able to login to the ftp server.

P.S Use the same filezilla.ppk key for PUTTY 😉

Also you will notice that if you use CSF you will have a stronger security!

Et voilà!

I had run into problems migrating my blog on my temporary server before the big migration. The plugin I use is called XCloner Backup and Restore, a pretty nice way to backup & restore your wordpress onto a new server. The problem was that the .htaccess was making a Internal 500 error.

Simple solution was to rename the .htaccess to .htaccess-migration OR JUST DELETE IT IN THE ROOT!

After doing so XCloner was able to reborn my blog!

Cheers to Dejan for this one!

I noticed that after creating a account on Virtualmin and installing the script Roundcube on the new Virtualmin account that I was not able to send email in webmail,,… hummm!

Note: I don’t use SMTP Authentification yet!

SMTP Error (250)

Easy fix here ?

Go in…
in /home/username/public_html/webmail/config/config.inc.php

Also note that if you did not rename your Roundcube installation folder this will be the default one:
in /home/username/public_html/roundcube/config/config.inc.php

Line 59
Remove ‘%u‘ * Stand for %username

Line 63
Remove ‘%p‘ * Stand for %password

Make sure to leave the ‘ ‘ (Quotes…)

Default config generated by Postfix

// SMTP username (if required) if you use %u as the username Roundcube
// will use the current username for login
$config[‘smtp_user’] = ‘%u ‘;

// SMTP password (if required) if you use %p as the password Roundcube
// will use the current user’s password for login
$config[‘smtp_pass’] = ‘ %p‘;

The fix!

// SMTP username (if required) if you use %u as the username Roundcube
// will use the current username for login
$config[‘smtp_user’] = ‘ ‘;

// SMTP password (if required) if you use %p as the password Roundcube
// will use the current user’s password for login
$config[‘smtp_pass’] = ‘ ‘;

You don’t have to restart Postfix!

Cheers!

ALSO NOTE THAT THIS SERVER IS UP SINCE DEC, 24th 2015!

Many modifications was done on this server…. If you start your server from a fresh install on CentOS7, Webmin & Virtualmin & other stuff, I think you are good to go but,…. …. ….  ?

You should do a Bare Metal Backup or ISO backup of your entire system before playing around ,,,…

~ Discover the Linux world!

Sometimes you forget stuff. “I do”. I forget important passwords for important websites sometimes!!!

Retrieving your forgotten passwords for most websites is easy, all one has to do remember few details that were used when signing up for the service to get a password reset for an account.

The difference is forgetting a password to a system or device with no easy way to reset it while locked out. CentOS 7 is one such system. If you forget the root password to your CentOS 7 machine, it’s almost virtually impossible to reset it while you’re locked out.

This brief tutorial is going to show you a simple trick that you can use to reset your forgotten root password for CentOS 7 servers. This will definitely come in handy for webmasters who are locked out of your CentOS machine and can’t sign on.

This tutorial will only work if you have direct access to the machine or serial terminal access with boot menu options. You can’t reset the root password if you’re remotely connected since you need boot menu access.

To get started, turn on the machine that you’ve forgotten the root password on. For CentOS 7 devices, you’ll be given 5 seconds at the boot menu to select the operating system kernel to boot into.

That 5 seconds is important, because allows for  admins to select different kernels or edit existing kernel parameters before booting.

At the boot menu, press e to edit the existing kernel (Core) as shown below.

Next, scroll down to the list until you see the line underlined below ( ro ) . What we need to do is change that ro to rw and start into a bash shell. It should look like this rw init=/sysroot/bin/sh

Change the ro line to rw and add init=/sysroot/bin/sh

rw init=/sysroot/bin/sh

After changing that, press Control + X  or Ctrl + X  on your keyboard to start into single user mode using the bash shell specified above. In this mode, we’re going to change the root password.

In the single user mode, run the command as shown below

chroot /sysroot

Finally, run the commands below to change the root password.

You’ll be prompted to create and confirm a new password.  After creating the password, run the commands below to update SELinux parameters

touch /.autorelabel

Exit and reboot your system. You should be able to sign on and use the system with the new password you created. This is how you change the root password on CentOS 7.

Note: If you have multiple users on your CentOS 7 you will need to be very careful about running those commands!

Tested & Working good ?

Enjoy!

All working good now! Server is reborn @t 100%

Failed to start FTP server :

Job for proftpd.service failed because the control process exited with error code. See “systemctl status proftpd.service” and “journalctl -xe” for details.

The journalctl -xe shows some usefull info:

proftpd: fatal: SFTPHostKey: Unable to use ‘/etc/ssh/ssh_host_rsa_key’ as host key, as it is group- or world-accessible on line 436 of ‘/etc/proftpd.conf’

Solution:

Locate the .conf file:

/etc/proftpd.conf

At the end of the .conf file comment the lines…

# SFTPHostKey /etc/ssh/ssh_host_rsa_key
# SFTPHostKey /etc/ssh/ssh_host_dsa_key

Start ProFTPD Server

et voilà!

I have run into a problem after a fresh install of CentOS 7, Webmin, Vitualmin, Postfix and Dovecot. It seem that the hostname was not configured properly. Here is what I did to fix this problem.

Locate and edit this file:
/etc/hostname

Make sure that the hostname is set to localhost.localdomain.(YOUR_DOMAIN_NAME)

So it will be like this:
localhost.localdomain.mydomain.com

Save and start Dovecot!

Postfix will not start? Error Code 89

Using CENTOS 7 / WEBMIN / VIRTUALMIN / POSTFIX / DEVOCOT

Postfix is installed even if CentOS system was installed with [Minimal Install], but if Postfix is not, Install it first like follows.

[root@mail ~]#
yum -y install postfix

This example shows how to configure SMTP-Auth to use Dovecot’s SASL function.

Edit the main.cf file

/etc/postfix/main.cf

Make sure that the following line of code is set like this…

mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

[root@mail ~]#
systemctl restart postfix

[root@mail ~]#
systemctl enable postfix

VirtualBox is a powerful x86 and AMD64/Intel64 virtualization product for enterprise as well as home use. Not only is VirtualBox an extremely feature rich, high performance product for enterprise customers, it is also the only professional solution that is freely available as Open Source Software under the terms of the GNU General Public License (GPL) version 2. See “About VirtualBox” for an introduction.

Presently, VirtualBox runs on Windows, Linux, Macintosh, and Solaris hosts and supports a large number of guest operating systems including but not limited to Windows (NT 4.0, 2000, XP, Server 2003, Vista, Windows 7, Windows 8, Windows 10), DOS/Windows 3.x, Linux (2.4, 2.6, 3.x and 4.x), Solaris and OpenSolaris, OS/2, and OpenBSD.

VirtualBox is being actively developed with frequent releases and has an ever growing list of features, supported guest operating systems and platforms it runs on. VirtualBox is a community effort backed by a dedicated company: everyone is encouraged to contribute while Oracle ensures the product always meets professional quality criteria.

Download

The pfSense project is a free, open source tailored version of FreeBSD for use as a firewall and router with an easy-to-use web interface.

You can install the software yourself on your own hardware or buy it pre-installed on hardware from the pfSense Store. We have a great community that helps support each other, but we also provide commercial support for high demand environments.

Download

Webmin Server Status will monitor your critical webserver components and will alert you by email or SMS. A great feature that you should consider using.

Overview of the Webmin Monitoring Tools Settings

By default the root account automatically have SSH access remotely. After installing CentOS and the SSH server, open any SSH client and attempt to sign on as root. Access will be granted.

To disable that, open SSH configuration file using the commands below.

sudo vi /etc/ssh/sshd_config

Then change the line as shown below :

#Authentication:

#LoginGranceTime 2m
PermitRootLogin no
#StrictMode yes
#MaxAuthTries 6
#MaxSessions 10

Change the highlighted line above by removing the # symbol. It should be like this:

PermitRootLogin no

Save the file and restart the SSH server by running the commands below.

sudo systemctl restart sshd.service

Now try logging in as root and you’ll be denied or access won’t be granted.

To re-enable the root account, just put the # symbol for the PermitRootLogin directive in the file and save it. The restart SSH server.

Another thing to remember is that SSH traffic blocked on the firewall by default. You won’t be able to access the SSH server remotely by default.

You must enable SSH through the firewall. To do that in CentOS 7, run the commands below.

firewall-cmd --permanent --zone=public --add-service=ssh

Then reload the firewall to connect.

firewall-cmd –reload

That’s it!

Enjoy!

Some unexpected behaviour on a Linux server could be a result of malware infection, while other malicious software might not alert to their presence. Scanning your system for different types of unwanted programs can help identify issues, or at least give you the peace of mind for having a clean server.

There are multiple options for making sure your cloud server is clean of any malware, this guide goes over a couple of scanning software you can utilise for checking your system.

ClamAV

ClamAV is a popular open source antivirus engine available on multitude of platforms including the majority of Linux distributions. Install it on CentOS 7 with the following command

sudo yum install clamav clamav-update clamav-scanner-systemd clamav-server-systemd

Afterwards you’ll need to edit the configuration a little by commenting out the Example text from two files, the simplest way to do so is to use sed for some fast editing with the these commands

sudo sed -i -e "s/^Example/#Example/" /etc/freshclam.conf
sudo sed -i -e "s/^Example/#Example/" /etc/clamd.d/scan.conf

With the required modules installed and configured, next you should update the virus database for ClamAV by running the updater application with

sudo freshclam

When you’ve finished updating the virus definitions, do a test scan to your home directory just to make sure the scanning works as it should, use the following command

sudo clamscan -r /home

Granted that your home directory didn’t contain any viruses or other type of malware, the scan should come back empty.

So how do you know it works?

For this, you can download an anti-virus test file, which is a small completely harmless program that most anti-virus software report as infected, though with an obvious test file name EICAR-AV-Test. Use the following command to download the test file to your home directory.

wget -P ~/ http://www.eicar.org/download/eicar.com

Now scan your home folder again with the same command as above, you should receive notice of one infected file at the end summary after the scan is completed. When you’ve confirmed that ClamAV finds the test file correctly, use the command below to scan it again and remove the infected file once found.

sudo clamscan --infected --remove --recursive /home

Be careful when using the –remove parameter. First run a broader scans without it, and then more localized scan when removing files, or remove them manually.

To perform a complete scan of your cloud server, use the this command

sudo clamscan --infected --recursive --exclude-dir="^/sys" /

The scan goes through each directory in your system root recursively, but skips /sys just to avoid unnecessary warning printouts, as the virtual file system consists of some unreadable files, which could not contain viruses anyway.

Rkhunter is a common options for scanning your system for rootkits and general vulnerabilities. It can be easily installed from the package manager on CentOS using the following command:

sudo yum install rkhunter

Once installed and before scanning you’ll need to update the file properties database with:

sudo rkhunter --propupd

This lets the scanner to know the current state of certain files to prevent some false alarms. After the update, simply run the scanner with the following:

sudo rkhunter --checkall

The scanner goes through some system commands, checks for actual rootkits and some malware, network and local host settings, and then gives you the summary as well as recording the findings to a log file.

Afterwards you can get a condensed look at the scan log with this command:

sudo cat /var/log/rkhunter/rkhunter.log | grep -i warning

Go through the output to get some tips on what you could do to improve your system security.

Slack is…

Channels
Organize your team conversations in open channels. Make a channel for a project, a topic, a team, or anything—everyone has a transparent view of all that’s going on.

Private Channels
For sensitive information, create private channels and invite a few team members. No one else can see or join your private channels.

Direct Messages
To reach a colleague directly, send them a Direct Message. It’s completely private and secure.

Drag, drop, and share your files
Not just your messages, but all your files, images, PDFs, documents, and spreadsheets can be dropped right into Slack and shared with anyone you want. Add comments, star for later reference, and it’s all completely searchable.

If you use any services like Google Drive, Dropbox, or Box, just paste the link and that document is immediately in sync and searchable too.

All your tools in one place
Connect all the tools you use to Slack and avoid all that constant switching between apps. Set up your integration so that you get all your notifications directly within Slack—from support requests, code check-ins, and error logs to sales leads—all of them searchable in one central archive.

Search your entire archive
Everything in Slack—messages, notifications, files, and all—is automatically indexed and archived so that you can have it at your fingertips whenever you want. Slack also indexes the content of every file so you can search within PDFs, Word documents, Google docs, and more. With one search box and a set of powerful search operators, you can slice and dice your way to that one message in your communication haystack.

https://slack.com

To the Moon!

Very useful tool to have! Work perfectly on Opencart version 2.1.0.2

Purchase here

I was at a friend network farm today!

Installation

1. Upload tesla-login-customizer to the /wp-content/plugins/ directory
2. Activate the plugin through the ‘Plugins’ menu in WordPress
3. Enable one of our Login Templates or easily make one of yours by changing options
4. Enjoy your custom login page

Download

https://www.supercell.com

Add Free WordPress Live Chat with Pure Chat!

With more and more business being conducted online, with mobile, or at work, you need a way to deliver a great client experience no matter where your client is.

A great website is a good start, but how do you provide great customer service with just a website? Interaction with clients is key to good customer service, and only using email does not provide that interaction. Customers want a human being to answer their questions, solve their problems, or help them make a buying decision.

Live chat delivers that interaction. That means 5 star reviews, more sales, more recommendations, and repeat business. Here, I am going to show you how to add free WordPress live chat to any WordPress website, easily, and for free with Pure Chat plugin.

Compatible for mobile phone!

https://www.purechat.com/

If you want to back up a directory on a computer and only copy changed files to the backup computer instead of everything with each backup, you can use the rsync tool to do this. You will need an account on the remote computer that you are backing up from. Here is the command:

rsync -vare ssh jono@192.168.0.2:/home/jono/importantfiles/* /home/jono/backup/

Here we are backing up all of the files in /home/jono/importantfiles/ on 192.168.0.2 to /home/jono/backup on the current machine.

http://www.webpagetest.org/

[flowplayer src=”https://easy-admin.ca/my_uploads/2016/03/Linux_Backup_with_TAR_and_Cron Jobs.mp4″ width=”100%”]

Level: Intermediate
Length of Class: 35 Minutes

Backup commands
# sudo tar -cvpzf backupnamedate.tar.gz –exclude=/mnt /

Recovery commands (Create /recover directory first)
sudo tar -xvpzf backupnamedate.tar.gz -C /recover

Introduction to Linux
Installing Linux
Basic Linux Tasks
VIM for File Editing
Navigation in Linux
Users, Groups and Permissions in Linux
Purpose of Class

This class teaches students how to backup directories using TAR, and demonstrates how to schedule tasks using Cron Jobs.

Topics Covered
Backing Up Directories with TAR
Recovering Directories with TAR
Setting Up Cron Jobs for Scheduled Tasks
Class Notes

Backup Using TAR
Backup = sudo tar –cvpzf backup.taz.gz –exclude/=directory (recursive) PATH
–c = create new file (overwrites old file)
–v = verbose
–p = preserve permissions
–z = compress
–f = filename (very important)
–exclude=DIRCECTORY is Recursive
Naming Files with time = filename-$(date +%F-%T)
Recover Files from a TAR File
Recover = sudo tar –xvpzf FILE –C /DIRECTORY
Capital -C = change to directory
-x = extract

Cron Jobs
To Edit the Crontab File = sudo cron –e (first time it will ask you your default editor)
Format = minute (0-59), hour (0-23, 0 = midnight), day (1-31), month (1-12), weekday (0-6, 0 = Sunday), command
* Wildcard for Every Minute/Day/Hour/Month?Day of Week
Example to Backup Entire Server for 1am Every Morning = 0 1 * * * sudo tar -cvpzf /backup.tar.gz –exclude=/mnt /