Change the hostname of a vps

You have to change the hostname in the following files:

/etc/hosts
/etc/sysconfig/network
/proc/sys/kernel/hostname

Create Bootable USB from Linux

Install Livecd-tools and spin-kickstarts using Yum
yum install livecd-tools spin-kickstarts

Make the partition bootable
/sbin/parted /dev/sdb
(parted) toggle N boot
(parted) quit

Run the command from shell
/usr/bin/livecd-iso-to-disk /path/to/live.iso /dev/sdb1

Google Repo for Linux

Add following to /etc/yum.repos.d/google.repo file:
32-bit

[google]
name=Google – i386
baseurl=http://dl.google.com/linux/rpm/stable/i386
enabled=1
gpgcheck=1
gpgkey=https://dl-ssl.google.com/linux/linux_signing_key.pub

Install VNC and Fluxbox

Reference : http://wiki.centos.org/HowTos/VNC-Server

Install VNC
—————
wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
rpm -ivh rpmforge-release-0.3.6-1.el5.rf.i386.rpm
yum install vnc-server.i386

Create your VNC users.
useradd test
passwd test

Set User’s VNC password
Run vncpasswd

Edit Server Configuration
VNCSERVERS=”2:test”
VNCSERVERARGS[2]=”-geometry 800×600″

Restart VNC Server
/etc/init.d/vncserver stop
/etc/init.d/vncserver start

Create xstartup scripts
Login user “test” and edit xstartup script.
vi .vnc/xstartup

xsetroot -solid grey
vncconfig -iconic &
xterm -geometry 80×24+10+10 -ls -title “$VNCDESKTOP Desktop” -e ./menu &
amule &
fluxbox &

Install Fluxbox
————–
yum install fluxbox.i386
yum install xorg-x11-xinit.i386

Timezone Setup – NTP

Create a symlink to file localtime:

# ln -sf /usr/share/zoneinfo/EST /etc/localtime

#date

[bash]# chkconfig –level 2345 ntpd on
[bash]# /etc/init.d/ntpd restart

[bash]# chkconfig –list ntpd

To see if the service started successfully, you should check the system log file.

[bash]# grep ntpd /var/log/messages

[bash]# ntpq -pn

For correct synchronization, the delay and offset values should be non-zero and the jitter value should be under 100.

FreeBSD Hardware Info

Hardware type/platform, processor architecture

uname -mrs

—————————————————————–

RAM Information

cd /usr/ports/sysutils/freecolor
make install clean

To see memory details, enter:

#freecolor -t -m -o

OR

# fetch http://www.cyberciti.biz/files/scripts/freebsd-memory.pl.txt
# mv freebsd-memory.pl.txt /usr/local/bin/free
# chmod +x /usr/local/bin/free

Enter the command

# free

OR

sysctl -a | grep -i memory

—————————————————————–

CPU information

dmesg | grep CPU

—————————————————————–

Sysctl command to see rest of all information:

sysctl -a | less

CIDR Values

CLASS A

255.0.0.0 – /8
255.128.0.0 – /9
255.192.0.0 – /10
255.224.0.0 – /11
255.240.0.0 – /12
255.248.0.0 – /13
255.252.0.0 – /14
255.254.0.0 – /15

CLASS B

255.255.0.0 – /16
255.255.128.0 – /17
255.255.192.0 – /18
255.255.224.0 – /19
255.255.240.0 – /20
255.255.248.0 – /21
255.255.252.0 – /22
255.255.254.0 – /23
CLASS C

255.255.255.0 – /24
255.255.255.128 – /25
255.255.255.192 – /26
255.255.255.224 – /27
255.255.255.240 – /28
255.255.255.248 – /29
255.255.255.252 – /30

Upgrade Python to 3.1

cd /usr/local/src

wget http://www.python.org/ftp/python/3.1.1/Python-3.1.1.tar.bz2

tar -jxvf Python-3.1.1.tar.bz2

cd Python-3.1.1

./configure

make

make install

Now move /usr/bin/python /usr/bin/python.bk

then create symlink :

ln -s /usr/local/bin/python3 /usr/bin/python

check python -V

Drop Sync/DDOS Attack

1. Find.. to which IP address in the server is targeted by the ddos attack

netstat -plan  | grep  :80 | awk ‘{print $4}’ | cut -d: -f1 |sort |uniq -c

2. Find… from which IPs, the attack is coming

netstat -plan  | grep  :80 | awk ‘{print $5}’ | cut -d: -f1 |sort |uniq -c

In csf:

vi /etc/csf/csf.conf

SYNFLOOD is disabled by default. If you are not receiving any sort of attack, there is no need to enable it. If you are expecting an attack, enable it and set the rules a bit strict, like

SYNFLOOD_RATE = “5/s”

SYNFLOOD_BURST = “3″

my eg:

SYNFLOOD = “1″

SYNFLOOD_RATE = “30/s”

SYNFLOOD_BURST = “10″

SYNFLOOD

SYNFLOOD is disabled by default. If you are not receiving any sort of attack, there is no need to enable it. If you are expecting an attack, enable it and set the rules a bit strict, like

SYNFLOOD = “1″

SYNFLOOD_RATE = “30/s”

SYNFLOOD_BURST = “10″

i.e. if 30 connections are received from an IP/sec for 10 times, block it. Make sure don’t keep it too strict if you are not receiving an attack else it will generate false positives and will block legit connections.

PORTFLOOD

PORTFLOOD = 80;tcp;100;5,22;tcp;5;300

ie, If an IP makes 100 connections in 5 sec to port 80 (tcp), then it will be blocked from the server and if 5 connections in 300 sec to 22 port.

In /etc/sysctl.conf

Paste the following into the file, you can overwrite the current information.

#Kernel sysctl configuration file for Red Hat Linux

#

# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and

# sysctl.conf(5) for more details.

# Disables packet forwarding

net.ipv4.ip_forward=0

# Disables IP source routing

net.ipv4.conf.all.accept_source_route = 0

net.ipv4.conf.lo.accept_source_route = 0

net.ipv4.conf.eth0.accept_source_route = 0

net.ipv4.conf.default.accept_source_route = 0

# Enable IP spoofing protection, turn on source route verification

net.ipv4.conf.all.rp_filter = 1

net.ipv4.conf.lo.rp_filter = 1

net.ipv4.conf.eth0.rp_filter = 1

net.ipv4.conf.default.rp_filter = 1

# Disable ICMP Redirect Acceptance

net.ipv4.conf.all.accept_redirects = 0

net.ipv4.conf.lo.accept_redirects = 0

net.ipv4.conf.eth0.accept_redirects = 0

net.ipv4.conf.default.accept_redirects = 0

# Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets

net.ipv4.conf.all.log_martians = 0

net.ipv4.conf.lo.log_martians = 0

net.ipv4.conf.eth0.log_martians = 0

# Disables IP source routing

net.ipv4.conf.all.accept_source_route = 0

net.ipv4.conf.lo.accept_source_route = 0

net.ipv4.conf.eth0.accept_source_route = 0

net.ipv4.conf.default.accept_source_route = 0

# Enable IP spoofing protection, turn on source route verification

net.ipv4.conf.all.rp_filter = 1

net.ipv4.conf.lo.rp_filter = 1

net.ipv4.conf.eth0.rp_filter = 1

net.ipv4.conf.default.rp_filter = 1

# Disable ICMP Redirect Acceptance

net.ipv4.conf.all.accept_redirects = 0

net.ipv4.conf.lo.accept_redirects = 0

net.ipv4.conf.eth0.accept_redirects = 0

net.ipv4.conf.default.accept_redirects = 0

# Disables the magic-sysrq key

kernel.sysrq = 0

# Decrease the time default value for tcp_fin_timeout connection

net.ipv4.tcp_fin_timeout = 15

# Decrease the time default value for tcp_keepalive_time connection

net.ipv4.tcp_keepalive_time = 1800

# Turn off the tcp_window_scaling

net.ipv4.tcp_window_scaling = 0

# Turn off the tcp_sack

net.ipv4.tcp_sack = 0

# Turn off the tcp_timestamps

net.ipv4.tcp_timestamps = 0

# Enable TCP SYN Cookie Protection

net.ipv4.tcp_syncookies = 1

# Enable ignoring broadcasts request

net.ipv4.icmp_echo_ignore_broadcasts = 1

# Enable bad error message Protection

net.ipv4.icmp_ignore_bogus_error_responses = 1

# Log Spoofed Packets, Source Routed Packets, Redirect Packets

net.ipv4.conf.all.log_martians = 1

# Increases the size of the socket queue (effectively, q0).

net.ipv4.tcp_max_syn_backlog = 1024

# Increase the tcp-time-wait buckets pool size

net.ipv4.tcp_max_tw_buckets = 1440000

# Allowed local port range

net.ipv4.ip_local_port_range = 16384 65536

Run /sbin/sysctl -p and sysctl -w net.ipv4.route.flush=1 to enable the changes without a reboot.

TCP Syncookies

echo 1 > /proc/sys/net/ipv4/tcp_syncookies

Some IPTABLES Rules:

iptables -A INPUT -p tcp –syn -m limit –limit 1/s –limit-burst 3 -j RETURN

iptables -A INPUT -p tcp –syn -m state –state ESTABLISHED,RELATED –dport 80 -m limit –limit 1/s –limit-burst 2 -j ACCEPT

Script for replacing a string in multiple files

for y in `ls | grep .html`;
do sed “s/abc/xyz/g” $y > temp; mv -f temp $y;
done