Here are some links I've used many times to secure and harden my servers. They're for CentOS v.5.7.
-Hardening procedures.-
http://wiki.centos.org/HowTos/OS_Protection
-Default services-
http://www.cyberciti.biz/faq/linux-default-services-which-are-enabled-at-boot/
-Iptables-
http://wiki.centos.org/HowTos/Network/IPTables
"The unexamined life is not worth living." --Socrates--
Tuesday, February 28, 2012
Friday, February 24, 2012
Wednesday, February 22, 2012
Grub
Getting locked out of Linux is not fun. Getting back in can be a chore, sometimes. Luckily, I know the basics but needed a little help. Finding this link did the trick on one of my Ubuntu 10.10 servers. I didn't have to resort to the install dvd.
http://www.botskool.com/geeks/how-recover-your-ubuntu-1004-password
http://www.botskool.com/geeks/how-recover-your-ubuntu-1004-password
Saturday, February 18, 2012
Python
Here are Python websites I find very useful. They contain very good explanations and examples of all things Python.
Python for SysAdmins-
http://www.ibm.com/developerworks/aix/library/au-python/
Ebooks-
http://www.djangobook.com/en/2.0/chapter01/
http://www.swaroopch.com/notes/Python_en:Table_of_Contents
Python Tutorial-
http://zetcode.com/
http://python.org
Django tutorials-
http://lightbird.net/dbe/
Python gtk tutorial-
http://pygtk.org/pygtk2tutorial/ch-GettingStarted.html#sec-HelloWorld
www.pygtk.org/tutorial.html
www.pygtk.org/pygtk2tutorial/ch-GettingStarted.html
Python for SysAdmins-
http://www.ibm.com/developerworks/aix/library/au-python/
Ebooks-
http://www.djangobook.com/en/2.0/chapter01/
http://www.swaroopch.com/notes/Python_en:Table_of_Contents
Python Tutorial-
http://zetcode.com/
http://python.org
Django tutorials-
http://lightbird.net/dbe/
Python gtk tutorial-
http://pygtk.org/pygtk2tutorial/ch-GettingStarted.html#sec-HelloWorld
www.pygtk.org/tutorial.html
www.pygtk.org/pygtk2tutorial/ch-GettingStarted.html
Monday, February 13, 2012
Nagios
One way to create a custom Nagios service check on CentOS-
1) Create new script file in /etc/nagios/scripts. It will contains a shell command to check if a specific script is running on a remote host. It should look like this-
#!/bin/sh
#
#2012Feb11
#
/usr/bin/ssh -p 1132 user@10.99.20.15 'if ! pgrep -f '/[r]oot/scripts/cfg/scriptssh.cfg.server01'; then echo 'Process not running!'; exit 1; fi'
2) Add new code block to /etc/nagios/servers/main.server.cfg. It will contain-
define service{
use generic-service
host_name some.server
service_description process check
is_volatile 0
check_period 24x7
max_check_attempts 4
normal_check_interval 5
retry_check_interval 1
contact_groups admins
notification_interval 960
notification_period 24x7
check_command process_check
}
3) Add new code block to /etc/nagios/objects/command.cfg. It will contain-
# 'check_processes' command definition
define command{
command_name process.check
command_line /etc/nagios/scripts/./process.check.sh
}
4)Reload Nagios-
nagios -v /etc/nagios/nagios.cfg
->Fix any errors. If none, then continue.
nagios service reload
1) Create new script file in /etc/nagios/scripts. It will contains a shell command to check if a specific script is running on a remote host. It should look like this-
#!/bin/sh
#
#2012Feb11
#
/usr/bin/ssh -p 1132 user@10.99.20.15 'if ! pgrep -f '/[r]oot/scripts/cfg/scriptssh.cfg.server01'; then echo 'Process not running!'; exit 1; fi'
2) Add new code block to /etc/nagios/servers/main.server.cfg. It will contain-
define service{
use generic-service
host_name some.server
service_description process check
is_volatile 0
check_period 24x7
max_check_attempts 4
normal_check_interval 5
retry_check_interval 1
contact_groups admins
notification_interval 960
notification_period 24x7
check_command process_check
}
3) Add new code block to /etc/nagios/objects/command.cfg. It will contain-
# 'check_processes' command definition
define command{
command_name process.check
command_line /etc/nagios/scripts/./process.check.sh
}
4)Reload Nagios-
nagios -v /etc/nagios/nagios.cfg
->Fix any errors. If none, then continue.
nagios service reload
Saturday, February 11, 2012
Pgrep
Here's a one liner that gets a pid off a remote host and returns it to Nagios. This one took a little effort. Running pgrep across ssh returns two pids, the target pid and the pid of the pgrep search. These were undesireable results because I didn't want the pgrep pid. To simulate grep's -v switch I chose to use brackets, [ ]. This worked perfectly. Here's the code-
ssh -p 4231 user@10.98.34.199 'if ! pgrep -f '/[h]ome/user/diamonds.cfg.server'; then echo 'Diamond not running!'; exit 1; fi'
ssh -p 4231 user@10.98.34.199 'if ! pgrep -f '/[h]ome/user/diamonds.cfg.server'; then echo 'Diamond not running!'; exit 1; fi'
Subscribe to:
Posts (Atom)