You have to change the hostname in the following files:
/etc/hosts
/etc/sysconfig/network
/proc/sys/kernel/hostname
You have to change the hostname in the following files:
/etc/hosts
/etc/sysconfig/network
/proc/sys/kernel/hostname
Install Livecd-tools and spin-kickstarts using Yum
yum install livecd-tools spin-kickstarts
Make the partition bootable
/sbin/parted /dev/sdb
(parted) toggle N boot
(parted) quit
Run the command from shell
/usr/bin/livecd-iso-to-disk /path/to/live.iso /dev/sdb1
Add following to /etc/yum.repos.d/google.repo file:
32-bit
[google]
name=Google – i386
baseurl=http://dl.google.com/linux/rpm/stable/i386
enabled=1
gpgcheck=1
gpgkey=https://dl-ssl.google.com/linux/linux_signing_key.pub
Reference : http://wiki.centos.org/HowTos/VNC-Server
Install VNC
—————
wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
rpm -ivh rpmforge-release-0.3.6-1.el5.rf.i386.rpm
yum install vnc-server.i386
Create your VNC users.
useradd test
passwd test
Set User’s VNC password
Run vncpasswd
Edit Server Configuration
VNCSERVERS=”2:test”
VNCSERVERARGS[2]=”-geometry 800×600″
Restart VNC Server
/etc/init.d/vncserver stop
/etc/init.d/vncserver start
Create xstartup scripts
Login user “test” and edit xstartup script.
vi .vnc/xstartup
xsetroot -solid grey
vncconfig -iconic &
xterm -geometry 80×24+10+10 -ls -title “$VNCDESKTOP Desktop” -e ./menu &
amule &
fluxbox &
Install Fluxbox
————–
yum install fluxbox.i386
yum install xorg-x11-xinit.i386
Create a symlink to file localtime:
# ln -sf /usr/share/zoneinfo/EST /etc/localtime
#date
[bash]# chkconfig –level 2345 ntpd on
[bash]# /etc/init.d/ntpd restart
[bash]# chkconfig –list ntpd
To see if the service started successfully, you should check the system log file.
[bash]# grep ntpd /var/log/messages
[bash]# ntpq -pn
For correct synchronization, the delay and offset values should be non-zero and the jitter value should be under 100.
cd /usr/ports/sysutils/freecolor
make install clean
To see memory details, enter:
#freecolor -t -m -o
OR
# fetch http://www.cyberciti.biz/files/scripts/freebsd-memory.pl.txt
# mv freebsd-memory.pl.txt /usr/local/bin/free
# chmod +x /usr/local/bin/free
Enter the command
# free
OR
sysctl -a | grep -i memory
—————————————————————–
CPU information
dmesg | grep CPU
—————————————————————–
Sysctl command to see rest of all information:
sysctl -a | less
CLASS A
255.0.0.0 – /8
255.128.0.0 – /9
255.192.0.0 – /10
255.224.0.0 – /11
255.240.0.0 – /12
255.248.0.0 – /13
255.252.0.0 – /14
255.254.0.0 – /15
CLASS B
255.255.0.0 – /16
255.255.128.0 – /17
255.255.192.0 – /18
255.255.224.0 – /19
255.255.240.0 – /20
255.255.248.0 – /21
255.255.252.0 – /22
255.255.254.0 – /23
CLASS C
255.255.255.0 – /24
255.255.255.128 – /25
255.255.255.192 – /26
255.255.255.224 – /27
255.255.255.240 – /28
255.255.255.248 – /29
255.255.255.252 – /30
cd /usr/local/src
wget http://www.python.org/ftp/python/3.1.1/Python-3.1.1.tar.bz2
tar -jxvf Python-3.1.1.tar.bz2
cd Python-3.1.1
./configure
make
make install
Now move /usr/bin/python /usr/bin/python.bk
then create symlink :
ln -s /usr/local/bin/python3 /usr/bin/python
check python -V
1. Find.. to which IP address in the server is targeted by the ddos attack
netstat -plan | grep :80 | awk ‘{print $4}’ | cut -d: -f1 |sort |uniq -c
2. Find… from which IPs, the attack is coming
netstat -plan | grep :80 | awk ‘{print $5}’ | cut -d: -f1 |sort |uniq -c
In csf:
vi /etc/csf/csf.conf
SYNFLOOD
SYNFLOOD is disabled by default. If you are not receiving any sort of attack, there is no need to enable it. If you are expecting an attack, enable it and set the rules a bit strict, like
SYNFLOOD = “1”
SYNFLOOD_RATE = “30/s”
SYNFLOOD_BURST = “10”
i.e. if 30 connections are received from an IP/sec for 10 times, block it. Make sure don’t keep it too strict if you are not receiving an attack else it will generate false positives and will block legit connections.
PORTFLOOD
PORTFLOOD = 80;tcp;100;5,22;tcp;5;300
ie, If an IP makes 100 connections in 5 sec to port 80 (tcp), then it will be blocked from the server and if 5 connections in 300 sec to 22 port.
In /etc/sysctl.conf
Paste the following into the file, you can overwrite the current information.
#Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.
# Disables packet forwarding
net.ipv4.ip_forward=0
# Disables IP source routing
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.eth0.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
# Enable IP spoofing protection, turn on source route verification
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.eth0.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
# Disable ICMP Redirect Acceptance
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
# Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.all.log_martians = 0
net.ipv4.conf.lo.log_martians = 0
net.ipv4.conf.eth0.log_martians = 0
# Disables IP source routing
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.eth0.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
# Enable IP spoofing protection, turn on source route verification
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.eth0.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
# Disable ICMP Redirect Acceptance
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
# Disables the magic-sysrq key
kernel.sysrq = 0
# Decrease the time default value for tcp_fin_timeout connection
net.ipv4.tcp_fin_timeout = 15
# Decrease the time default value for tcp_keepalive_time connection
net.ipv4.tcp_keepalive_time = 1800
# Turn off the tcp_window_scaling
net.ipv4.tcp_window_scaling = 0
# Turn off the tcp_sack
net.ipv4.tcp_sack = 0
# Turn off the tcp_timestamps
net.ipv4.tcp_timestamps = 0
# Enable TCP SYN Cookie Protection
net.ipv4.tcp_syncookies = 1
# Enable ignoring broadcasts request
net.ipv4.icmp_echo_ignore_broadcasts = 1
# Enable bad error message Protection
net.ipv4.icmp_ignore_bogus_error_responses = 1
# Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.all.log_martians = 1
# Increases the size of the socket queue (effectively, q0).
net.ipv4.tcp_max_syn_backlog = 1024
# Increase the tcp-time-wait buckets pool size
net.ipv4.tcp_max_tw_buckets = 1440000
# Allowed local port range
net.ipv4.ip_local_port_range = 16384 65536
Run /sbin/sysctl -p and sysctl -w net.ipv4.route.flush=1 to enable the changes without a reboot.
TCP Syncookies
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
Some IPTABLES Rules:
iptables -A INPUT -p tcp –syn -m limit –limit 1/s –limit-burst 3 -j RETURN
for y in `ls | grep .html`;
do sed “s/abc/xyz/g” $y > temp; mv -f temp $y;
done