Linux Audit Quick Configuration

Linux audit allows logging, tracking any access to files, directories and any resources of systems.

To setup Linux audit on your system, proceed as below:

Step 1)            suppose you want to give access permission to specific user on specific folder. So first you create folder and then create user:

# mkdir /backup

# useradd -c "backup admin" -d /backup/bkpadm bkpadm

# passwd bkpadm

Step 2)            change group & ownership of folder:

# chmod 1750 /backup

# chmod bkpadm /backup

Step 3) copy configuration file:

# cp /usr/share/doc/audit-version/stig.rules /etc/audit/audit.rules

Step 4) edit audit.rules file and comment out the lines containing arch= which are not appropriate for your system’s architecture:

# vi /etc/audit/audit.rules

# Basic audit system parameters

-D

-b 8192

-f 1

-e 1

## Put your own watches after this point

-w /backup/bkpadm -p rwxa

The basic audit system parameters include a rule to delete any pre-existing rules (-D) to avoid clashes with the new rules, a rule that sets the number of outstanding audit buffers (-b), the failure flag (-f), and the enable flag (-e)

-b         depending on the audit load of your system, increase or decrease the number of outstanding audit buffers. If there are no more buffers left, the kernel checks the failure flag for action.

-f          the failure flag controls the kernel’s reaction to critical errors. Possible values are 0 (silent), 1 (printk, print a failure message), and 2 (panic, bring the system down—no clean shutdown and risk of data loss or corruption).

-e         if set to 1, this enables audit and audit contexts for system calls, set to 0, audit is disabled, this flag is used to enable or disable audit temporarily.

The –p flag enables permission filtering, above example has permission filtering turned on for read, write, execute and attribute change permissions.

Step 5) the default settings of auditd.conf file:

# vi /etc/audit/auditd.conf

log_file = /var/log/audit/audit.log

log_format = RAW

log_group = root

priority_boost = 4

flush = INCREMENTAL

freq = 20

num_logs = 4

disp_qos = lossy

dispatcher = /sbin/audispd

name_format = NONE

max_log_file = 5

max_log_file_action = ROTATE

space_left = 75

space_left_action = SYSLOG

action_mail_acct = root

admin_space_left = 50

admin_space_left_action = SUSPEND

disk_full_action = SUSPEND

disk_error_action = SUSPEND

Step 6)            restart services:

# service auditd restart

Step 7)            Generate today’s report:

# ausearch -ts today

Error 'Duplicate entry '2619' for key 1' on query in MySQL

For resolving above error run below command on MySql Slave Server:

mysql> stop slave;

mysql> set GLOBAL SQL_SLAVE_SKIP_COUNTER=1;

mysql> start slave;

Then, check Slave status:

mysql> show slave status\G;

Now “Slave_IO_Running” and “Slave_SQL_Running” will be “Yes”.

Linux network interface bonding

Step 1.  To keep backup of MAC Address

# ifconfig | grep eth0

eth0      Link encap:Ethernet  HWaddr 00:0C:29:7D:12:D0

# ifconfig | grep eth1

eth1      Link encap:Ethernet  HWaddr 00:0C:29:7D:12:DA

Step 2.  To create a virtual network interface configuration

# cd /etc/sysconfig/network-scripts/

# vi ifcfg-bond0

DEVICE=bond0

IPADDR=10.0.0.101

NETMASK=255.255.255.0

ONBOOT=yes

Note:    You can also specify “GATEWAY=10.0.0.1” in the /etc/sysconfig/network configuration file.

Step 3.  To keep backup of old interface configurations

#mv ifcfg-eth0 OLD.ifcfg-eth0

#mv ifcfg-eth1 OLD.ifcfg-eth1

Step 4.  To create the interface configurations

# vi ifcfg-eth0

DEVICE=eth0

MASTER=bond0

SLAVE=yes

ONBOOT=yes

# vi ifcfg-eth1

DEVICE=eth1

MASTER=bond0

SLAVE=yes

ONBOOT=yes

Step 5.  To add the bonding configuration in /etc/modprobe.conf file

# vi /etc/modprobe.conf

alias bond0 bonding

options bond0 miimon=100 mode=1

Note:    1.     mode=1 is for HA failover.

2.       mode=0 is for load balancing (teaming)

3.       miimon=100 means the link is going to be checked every 100 milliseconds

Step 6.  To restart the network

# service network restart

Shutting down interface eth0:  /etc/sysconfig/network-scripts/ifdown-eth: line 91: /sys/class/net/bond0/bonding/slaves: No such file or directory                                 [  OK  ]

Shutting down interface eth1:  /etc/sysconfig/network-scripts/ifdown-eth: line 91: /sys/class/net/bond0/bonding/slaves: No such file or directory                                 [  OK  ]

Shutting down loopback interface:                                                                                                          [  OK  ]

Bringing up loopback interface:                                                                                                 [  OK  ]

Bringing up interface bond0:                                                                                                       [  OK  ]

Note:  bonding module is loaded automatically, just like any other network interface module

Step 7.  To check loaded module

# lsmod | grep bond

bonding               126649  0

Step 8.  To check other network parameters

# modinfo bonding

filename:       /lib/modules/2.6.18-164.el5/kernel/drivers/net/bonding/bonding.ko

:

parm:           max_bonds:Max number of bonded devices (int)

:

Step 9.  To check logs

# tail -F /var/log/messages

Aug 17 11:36:25 airafr1 kernel: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready

Aug 17 11:36:25 airafr1 kernel: bonding: bond0: Adding slave eth1.

Aug 17 11:36:25 airafr1 kernel: e1000: eth1: e1000_watchdog_task: NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None

Aug 17 11:36:25 airafr1 kernel: bonding: bond0: enslaving eth1 as a backup interface with an up link.

Aug 17 11:36:27 airafr1 avahi-daemon[3120]: New relevant interface bond0.IPv6 for mDNS.

Aug 17 11:36:27 airafr1 avahi-daemon[3120]: Joining mDNS multicast group on interface bond0.IPv6 with address fe80::20c:29ff:fe7d:12d0.

Aug 17 11:36:27 airafr1 avahi-daemon[3120]: Registering new address record for fe80::20c:29ff:fe7d:12d0 on bond0.

Aug 17 11:36:29 airafr1 avahi-daemon[3120]: New relevant interface bond0.IPv4 for mDNS.

Aug 17 11:36:29 airafr1 avahi-daemon[3120]: Joining mDNS multicast group on interface bond0.IPv4 with address 10.0.0.101.

Aug 17 11:36:29 airafr1 avahi-daemon[3120]: Registering new address record for 10.0.0.101 on bond0.

Step 10.                To check bond status

# cat /proc/net/bonding/bond0

Ethernet Channel Bonding Driver: v3.4.0 (October 7, 2008)

Bonding Mode: fault-tolerance (active-backup)

Primary Slave: None

Currently Active Slave: eth0

MII Status: up

MII Polling Interval (ms): 100

Up Delay (ms): 0

Down Delay (ms): 0

Slave Interface: eth0

MII Status: up

Link Failure Count: 0

Permanent HW addr: 00:0c:29:7d:12:d0

Slave Interface: eth1

MII Status: up

Link Failure Count: 0

Permanent HW addr: 00:0c:29:7d:12:da

Step 11.                To check bond status after eth0 become down

# cat /proc/net/bonding/bond0

Ethernet Channel Bonding Driver: v3.4.0 (October 7, 2008)

Bonding Mode: fault-tolerance (active-backup)

Primary Slave: None

Currently Active Slave: eth1

MII Status: up

MII Polling Interval (ms): 100

Up Delay (ms): 0

Down Delay (ms): 0

Slave Interface: eth0

MII Status: down

Link Failure Count: 1

Permanent HW addr: 00:0c:29:7d:12:d0

Slave Interface: eth1

MII Status: up

Link Failure Count: 0

Permanent HW addr: 00:0c:29:7d:12:da

Manually installation of Microsoft Loopback adapter in Windows XP

1.      Click Start, and then click Control Panel.

2.      If you are in Classic view, click Switch to Category View under Control Panel in the left pane.

3.      Double-click Printers and Other Hardware, and then click Next.

4.      Under See Also in the left pane, click Add Hardware,and then click Next.

5.      Click Yes, I have already connected the hardware, and then click Next.

6.      At the bottom of the list, click Add a new hardware device, and then click Next.

7.      Click Install the hardware that I manually select from a list, and then click Next.

8.      Click Network adapters, and then click Next.

9.      In the Manufacturer box, click Microsoft.

10. In the Network Adapter box, click Microsoft Loopback Adapter, and then click Next.

11. Click Finish.

Note By default, TCP/IP properties are configured to use DHCP.

How to fix error : Setup Library wbemupgd.dll could not be loaded

The fixes may apply to Microsoft Windows Server 2003, Standard Edition (32-bit x86) and Microsoft Windows Small Business Server 2003 Standard Edition.

1.      Go to Start.

2.      Right click on My Computer.

3.      Click on Properties.

4.      Select Advance Tab then Environment Variables

5.      Under the System Variables list, click Path.

6.      Click Edit.

7.      Delete the following paths:%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem

8.      Type in C:\Windows\System32;C:\Windows;C:\Windows\System32\Wbem in the Variable value box. This will replace the paths that you deleted in the previous step.

9.      Click OK three times.

Enabling IPv6 on Solaris 10

Step 1)  Enable IPv6 on an Interface.

# ifconfig nge0 inet6 plumb up

Step 2)  Start the IPv6 daemon “in.ndpd”

# /usr/lib/inet/in.ndpd

Step 3)  Check status of IPv6-enabled interfaces

# ifconfig –a6

Step 4)  Create IPv6 addresses for Interfaces that were added after installation.

# touch /etc/hostname6.nge0

Step 5)  Reboot the node.

# reboot -- -r      or,

# init 6

JDK Installations & Configuration on Linux

1.             Download JDK installer from below link.

http://www.oracle.com/technetwork/java/javase/downloads/index.html

2.             Change installation location.

# cd /usr/java

3.             Run jdk installer.

               

# ./jdk-6u26-linux-i586.bin

Press Enter to continue.....

4.             Export jdk installation path.

# export JAVA_HOME=/usr/java/jdk1.6.0_26

5.             Check path.

# echo $PATH

6.             Again export JAVA_HOME with old path.

# export PATH=$JAVA_HOME/bin:$PATH

7.             Check java version.

# java -version

8.             Set JAVA_HOME path permanently.

Modify /etc/profile and append path as below:

          export JAVA_HOME=/usr/java/jdk1.6.0_26

          export PATH=$JAVA_HOME/bin:$PATH

MySQL- Miscellaneous Examples (1)

1.             To create user “databaseuser” on host “databasehost” with password “password”:

mysql> CREATE USER 'databaseuser'@' databasehost ' IDENTIFIED BY 'password';

2.             To create database “databasename”:

mysql> CREATE DATABASE datbasename;

3.             To display databases:

mysql> SHOW DATABASES;

4.             To display tables:

mysql> SHOW TABLES;

5.             To change database;

mysql> USE datbasename;

6.             To delete database:

mysql> DROP DATABASE databasename;

7.             To grant permission on database “databasename”:

mysql> GRANT ALL ON databasename.* TO 'databaseuser'@' databasehost ';

8.             To show grant privileges:

mysql> SHOW GRANTS FOR  'databaseuser'@' databasehost ';

9.             To remove grant privileges:

mysql> REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'databaseuser'@' databasehost ';

10.          To make change in effect:

mysql> FLUSH PRIVILEGES;

11.          To update user table:

mysql> UPDATE user SET host='newhostname' WHERE host='oldhostname';               

12.          To show user table:

mysql> SELECT * FROM user;

13.          To reset user password:

mysql> UPDATE user SET Password=PASSWORD('password') WHERE user="'databaseuser'@' databasehost’";

14.          To rename root user:

mysql> UPDATE USER SET user="newdatabaseadmin" WHERE user="root";

15.          To remove entry from user table:

mysql> DELETE FROM user WHERE host="databasehost" AND user="databaseuser”;

16.          To show db tables:

mysql> SHOW * FROM db;

17.          To update db tables

mysql> UPDATE db SET host='newdatabasehost' WHERE db="olddatabasehost";

18.          To remove entry from db table:

mysql> DELETE FROM db WHERE db="databaseuser";

19.          To take database backup:

# mysqldump –h hostname –u username –p databasename > /path/to/backup/filename.sql

20.          To restore database backup:

# mysql –h hostname –u username –p databasename < /path/from/restore/filename.sql

An unrecoverable error occurred. This form was missing from the server cache. Try reloading the page and submitting again.

You can check /var/log/httpd/error_log for more information like:

 “/filefield/ahah/xyz/field_upload_document/0”.

For resolving the problem just install the latest version of the Filefield module and edit “filefield_widget.inc” file for commenting below parameters:

 /*'#ahah' => array( // with JavaScript

       'path' => 'filefield/ahah/'.   $element['#type_name'] .'/'. $element['#field_name']

.'/'. $element['#delta'],

       'wrapper' => $element['#id'] .'-ahah-wrapper',

       'method' => 'replace',

       'effect' => 'fade',

    ),*/

Turning off HTTP TRACE / TRACK Method in Apache

TRACE / TRACK are HTTP methods are used to debug web server connections. For disabling these methods, follow below steps:

Step 1: Login into Web Server

Step 2: Type below command

            #  telnet localhost 80

          Once you connect, type the following:

          TRACE / HTTP/1.0
          Host: localhost

Press Enter TWICE and if trace is enabled, you should see output similar to the following:

# telnet localhost 80

Trying 127.0.0.1...

Connected to localhost.localdomain (127.0.0.1).

Escape character is '^]'.

TRACE / HTTP/1.0

Host: localhost

HTTP/1.1 200 OK

Date: Tue, 09 Aug 2011 04:40:15 GMT

Server: Apache/2.2.3 (Red Hat)

Connection: close

Content-Type: message/http

TRACE / HTTP/1.0

Host: localhost

Connection closed by foreign host.

Step 3: Change folder

            # cd /etc/httpd/conf

Step 4: Make a backup copy of httpd.conf file.

            # cp -p httpd.conf httpd.conf.bkp

Step 5: Edit httpd.conf & add below line as highlighted in screenshot:

          # vi httpd.conf

<IfModule mod_rewrite.c>

RewriteEngine on

          RewriteCond %{REQUEST_METHOD} ^TRACE

          RewriteRule .* - [F]

</IfModule>

         

Step 6: Save & Exit httpd.conf

Step 7: Check Syntax and restart the services

         

            # service httpd configtest

            # service httpd restart

Step 8: Check TRACE through telnet again

# telnet localhost 80

Trying 127.0.0.1...

Connected to localhost.localdomain (127.0.0.1).

Escape character is '^]'.

TRACE / HTTP/1.0

Host: localhost

HTTP/1.1 403 Forbidden

Date: Tue, 09 Aug 2011 04:45:24 GMT

Server: Apache/2.2.3 (Red Hat)

Accept-Ranges: bytes

Content-Length: 3985

Connection: close

:

:

:

Connection closed by foreign host.

Step 9: You can also check TRACK method:

# telnet localhost 80

Trying 127.0.0.1...

Connected to localhost.localdomain (127.0.0.1).

Escape character is '^]'.

TRACK / HTTP/1.0

Host: localhost

HTTP/1.1 501 Method Not Implemented

Date: Tue, 09 Aug 2011 04:46:42 GMT

Server: Apache/2.2.3 (Red Hat)

Allow: GET,HEAD,POST,OPTIONS,TRACE

Content-Length: 282

Connection: close

Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">

<html><head>

<title>501 Method Not Implemented</title>

</head><body>

<h1>Method Not Implemented</h1>

<p>TRACK to / not supported.<br />

</p>

<hr>

<address>Apache/2.2.3 (Red Hat) Server at localhost Port 80</address>

</body></html>

Connection closed by foreign host.