Perspectives Firefox Addon

Perspectives is a new approach to help clients securely identify Internet servers in order to avoid “man-in-the-middle” attacks. Perspectives is simple and cheap compared to existing approaches because it automatically builds a robust database of network identities using lightweight network probing by “network notaries” located in multiple vantage points across the Internet.

The extension provides two primary benefits:

1. If you connect to a website with an untrusted (e.g.,self-signed certificate)*, Firefox will give you a very nasty security error and force you to manually install an exception. Perspectives can detect whether a self-signed certificate is valid, and automatically overrides the annoying security error page if it is safe to do so.
2. It is possible that an attacker may trick one of the many Certificate Authorities trusted by Firefox into incorrectly issuing a certificate for a trusted website. Perspectives can also detect this attack and will warn you if things look suspicious.

* The same is true for HTTPS sites with certificates that contain mismatched domain names (e.g., www.gmail.com uses a certificate for mail.google.com) or certificates that are expired.

http://www.cs.cmu.edu/~perspectives/firefox.html

Download/Install Here

Install APF Firewall

Login to your server through SSH and su to the root user.

1. cd /root/downloads or another temporary folder where you store your files.
2. wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz
3. tar -xvzf apf-current.tar.gz
4. cd apf-0.9.5-1/ or whatever the latest version is.
5. Run the install file: ./install.sh

You will receive a message saying it has been installed

Installing APF 0.9.5-1: Completed.

Installation Details:
Install path: /etc/apf/
Config path: /etc/apf/conf.apf
Executable path: /usr/local/sbin/apf
AntiDos install path: /etc/apf/ad/
AntiDos config path: /etc/apf/ad/conf.antidos
DShield Client Parser: /etc/apf/extras/dshield/

Other Details:
Listening TCP ports: 1,21,22,25,53,80,110,111,143,443,465,993,995,2082,2083,2086,2087,2095,2096,3306
Listening UDP ports: 53,55880
Note: These ports are not auto-configured; they are simply presented for information purposes. You must manually configure all port options.

6. Lets configure the firewall: pico /etc/apf/conf.apf
We will go over the general configuration to get your firewall running. This isn’t a complete detailed guide of every feature the firewall has. Look through the README and the configuration for an explanation of each feature.

We like to use DShield.org’s “block” list of top networks that have exhibited
suspicious activity.
FIND: USE_DS=”0″
CHANGE TO: USE_DS=”1″

7. Configuring Firewall Ports:

Cpanel Servers
We like to use the following on our Cpanel Servers

Common ingress (inbound) ports
# Common ingress (inbound) TCP ports -3000_3500 = passive port range for Pure FTPD
IG_TCP_CPORTS=”21,22,25,53,80,110,143,443,2082,2083, 2086,2087, 2095, 2096,3000_3500″
#
# Common ingress (inbound) UDP ports
IG_UDP_CPORTS=”53″

Common egress (outbound) ports
# Egress filtering [0 = Disabled / 1 = Enabled] EGF=”1″

# Common egress (outbound) TCP ports
EG_TCP_CPORTS=”21,25,80,443,43,2089″
#
# Common egress (outbound) UDP ports
EG_UDP_CPORTS=”20,21,53″

Ensim Servers
We have found the following can be used on Ensim Servers – although we have not tried these ourselves as I don’t run Ensim boxes.

Common ingress (inbound) ports
# Common ingress (inbound) TCP ports
IG_TCP_CPORTS=”21,22,25,53,80,110,143,443,19638″
#
# Common ingress (inbound) UDP ports
IG_UDP_CPORTS=”53″

Common egress (outbound) ports
# Egress filtering [0 = Disabled / 1 = Enabled] EGF=”1″

# Common egress (outbound) TCP ports
EG_TCP_CPORTS=”21,25,80,443,43″
#
# Common egress (outbound) UDP ports
EG_UDP_CPORTS=”20,21,53″

Save the changes: Ctrl+X then Y

8. Starting the firewall
/usr/local/sbin/apf -s

Other commands:
usage ./apf [OPTION] -s|–start ……………………. load firewall policies
-r|–restart ………………….. flush & load firewall
-f|–flush|–stop ……………… flush firewall
-l|–list …………………….. list chain rules
-st|–status ………………….. firewall status
-a HOST CMT|–allow HOST COMMENT … add host (IP/FQDN) to allow_hosts.rules and
immediately load new rule into firewall
-d HOST CMT|–deny HOST COMMENT …. add host (IP/FQDN) to deny_hosts.rules and
immediately load new rule into firewall

9. After everything is fine, change the DEV option
Stop the firewall from automatically clearing itself every 5 minutes from cron.
We recommend changing this back to “0” after you’ve had a chance to ensure everything is working well and tested the server out.

vim /etc/apf/conf.apf

FIND: DEVM=”1″
CHANGE TO: DEVM=”0″

10. Configure AntiDOS for APF
Relatively new to APF is the new AntiDOS feature which can be found in: /etc/apf/ad
The log file will be located at /var/log/apfados_log so you might want to make note of it and watch it!

pico /etc/apf/ad/conf.antidos

There are various things you might want to fiddle with but I’ll get the ones that will alert you by email.

# [E-Mail Alerts] Under this heading we have the following:

# Organization name to display on outgoing alert emails
CONAME=”Your Company”
Enter your company information name or server name..

# Send out user defined attack alerts [0=off,1=on] USR_ALERT=”0″
Change this to 1 to get email alerts

# User for alerts to be mailed to
USR=”your@email.com”
Enter your email address to receive the alerts

Save your changes! Ctrl+X then press Y
Restart the firewall: /usr/local/sbin/apf -r

11. Checking the APF Log

Will show any changes to allow and deny hosts among other things.
tail -f /var/log/apf_log

Example output:
Aug 23 01:25:55 ocean apf(31448): (insert) deny all to/from 185.14.157.123
Aug 23 01:39:43 ocean apf(32172): (insert) allow all to/from 185.14.157.123

12. New – Make APF Start automatically at boot time
To autostart apf on reboot, run this:

chkconfig –level 2345 apf on

To remove it from autostart, run this:

chkconfig –del apf

13. Denying IPs with APF Firewall (Blocking)
Now that you have your shiny new firewall you probably want to block a host right, of course you do! With this new version APF now supports comments as well. There are a few ways you can block an IP, I’ll show you 2 of the easier methods.

A) /etc/apf/apf -d IPHERE COMMENTHERENOSPACES
> The -d flag means DENY the IP address
> IPHERE is the IP address you wish to block
> COMMENTSHERENOSPACES is obvious, add comments to why the IP is being blocked
These rules are loaded right away into the firewall, so they’re instantly active.
Example:

./apf -d 185.14.157.123 TESTING

To block complete range

apf -d 192.0.0.0/8 from 192.0.0.0 to 192.255.255.255
apf -d 192.168.0.0/16 from 192.168.0.0 to 192.168.255.255
apf -d 192.168.0.0/24 from 192.168.0.0 to 192.168.0.255

apf -d 192.168.0.1 single ip
—————————

pico /etc/apf/deny_hosts.rules

Shows the following:

# added 185.14.157.123 on 08/23/05 01:25:55
# TESTING
185.14.157.123

B) pico /etc/apf/deny_hosts.rules

You can then just add a new line and enter the IP you wish to block. Before this becomes active though you’ll need to reload the APF ruleset.

/etc/apf/apf -r

14. Allowing IPs with APF Firewall (Unblocking)

I know I know, you added an IP now you need it removed right away! You need to manually remove IPs that are blocked from deny_hosts.rules.
A)
pico /etc/apf/deny_hosts.rules

Find where the IP is listed and remove the line that has the IP.
After this is done save the file and reload apf to make the new changes active.

/etc/apf/apf -r

B) If the IP isn’t already listed in deny_hosts.rules and you wish to allow it, this method adds the entry to allow_hosts.rules

/etc/apf/apf -a IPHERE COMMENTHERENOSPACES
> The -a flag means ALLOW the IP address
> IPHERE is the IP address you wish to allow
> COMMENTSHERENOSPACES is obvious, add comments to why the IP is being removed These rules are loaded right away into the firewall, so they’re instantly active.
Example:

./apf -a 185.14.157.123 UNBLOCKING
To unblock IP or remove from firewall

apf -u 192.168.0.1

vim /etc/apf/allow_hosts.rules

# added 185.14.157.123 on 08/23/05 01:39:43
# UNBLOCKING
185.14.157.123

for ip in $(cat /etc/apf/deny_hosts.rules | awk ‘!/#/’| awk ‘/[a-zA-Z]/’); do apf -u $ip;done
This will take out all the addresses in the deny_hosts file which are not real IPs.

-s start
-r restart
-f flush – stop
-l list
-st status
-a HOST allow HOST
-d HOST deny HOST

Install BFD (Brute Force Detection)

What is Brute Force Detection? (BFD)
BFD is a modular shell script for parsing applicable logs and checking for authentication failures. There is not much complexity or detail to BFD yet and likewise it is very straight-forward in its installation, configuration and usage. The reason behind BFD is very simple; the fact there is little to no authentication and brute force auditing programs in the linux community that work in conjunction with a firewall or real-time facility to place bans.

This How-To will show you how to install BFD on your Linux Server to prevent and monitor brute force hack attempts. This software like some others has requirements. You must be running APF / Advanced Policy Firewall for Brute Force Detection to work.

1. Login to your server via SSH as Root.
2. Type: wget http://www.rfxnetworks.com/downloads/bfd-current.tar.gz
3. Type: tar -xvzf bfd-current.tar.gz
4. Type: cd bfd*
5. Now let’s install BFD onto the server.
Type: ./install.sh

:: You Should See ::
.: BFD installed
Install path: /usr/local/bfd
Config path: /usr/local/bfd/conf.bfd
Executable path: /usr/local/sbin/bfd

6. Now we need to edit the configuration file, and set some options. Don’t worry the BFD Configuration isn’t hard to edit or understand!

Type: pico -w /usr/local/bfd/conf.bfd

7. Now we need to find the line to edit:
Press: CTRL-W
Type: ALERT_USR
Change ALERT_USR=”0″ TO ALERT_USR=”1″
Right below that we need to change the email:
Change EMAIL_USR=”root” TO EMAIL_USR=”you@yoursite.com”

8. That wasn’t to bad let’s save and exit the file
Press: CTRL-X then type Y then hit enter

9. Now we have to prevent locking yourself out of the server.
Type: pico -w /usr/local/bfd/ignore.hosts

10. Add any IP address that you want to be ignored from the rules. If your server provider is doing monitoring add their IP(s) here. Since you need these IPs open in APF as well you can copy the IPs you used in APF.
Type: pico -w /etc/apf/allow_hosts.rules
Then scroll down to the bottom and copy those IPs (drag mouse over that’s it)
Press: CTRL-X
Type: pico -w /usr/local/bfd/ignore.hosts
Paste those IPs to the bottom. You should also add your home IP if you hadn’t done so before. If your home IP is dynamic this is not a good idea, and you should get a static IP.
Press: CTRL-X then Y to save then enter.

11. Now lets run BDF!!!
Type: /usr/local/sbin/bfd -s
—————————————————————-
[root@linux-30 logs]# bfd
BFD version 0.9
Copyright (C) 1999-2004, R-fx Networks Copyright (C) 2004, Ryan MacDonald
This program may be freely redistributed under the terms of the GNU GPL

usage: /usr/local/sbin/bfd [OPTION] -s|–standard …….. run standard with output
-q|–quiet ……….. run quiet with output hidden
-a|–attackpool …… list all addresses that have attacked this host

Debian GNU/Linux device driver check

Debian GNU/Linux device driver check page

http://kmuto.jp/debian/hcl/index.cgi

Please paste your result of ‘lspci -n’ taken from GNU/Linux OS (such as Debian, Knoppix, RedHat, and so on) to below box. Then let’s push Check’ button.

Nice results…

You can use this nifty “lshw” tool today. lshw lists your hardware. Try it now:
sudo lshw
Find Hardware Specs
You can get specific details by using the -C flag:
sudo lshw -C disk
will list all you hard disks.

It create an html page with your hardware details if you do a:
sudo lshw -html > your-file-name.html

e – Extract Any Archive

With this little tool you can extract almost any archive in Linux so you do not need to remember which tool and what command lines are necessary.

Usage:
# Extract a zip file: e file.zip
# Extract a rar file: e file.rar
# Extract several archives, one after another: e a.tar.gz b.tar.bz2 c.cab d.deb e.rpm
# Extract every file from the current directory: e *
Download e Here

sudo apt-get install ruby
wget http://martin.ankerl.com/files/e
chmod a+x e
sudo mv e /usr/local/bin

Thanks to martin.ankerl.com

DNS

When you are new to web hosting or new to building websites in general, one of the first roadblocks you tend to encounter is domain name registration. Way back when, before I worked for Lunarpages, I saw a banner advertisement somewhere that said, “Get your domain name for $3/year!” Being the sucker that I was, I went to said provider to purchase my website, thinking that once I purchased the domain name itself, I would have a website too. But oh no, that’s not the way websites work, as I found out when I started going through the purchasing process – by the end of this process, my total was somewhere around $100/year. I was appalled.

Of course, now I know better. Paying $100/year for a website and domain name is standard and actually quite cheap! But when I think about this scenario today, I wonder how many people purchase their domain names from one provider just because they think that is all it takes to put a website online, only to find out later that they need web hosting as well. The answer is: quite a lot!

So, how do you deal with getting your website up with a web host when you have your domain name registered with someone else? I’m here to tell you, there are actually two equally efficient ways to get your domain name to properly coincide with your web hosting account.

1. Transferring Your Domain Name

A common myth about transferring your domain name to your web hosting provider is that you lose all rights to that domain name. While you should always read the fine print if you are going with a web host you’ve never heard of, quality providers like Lunarpages who have been around since 1998, will never ever ever ever take your domain name rights. You always have 100% control over your WWW.

To transfer your domain name to your web host, there’s three main things you need to verify and/or acknowledge:

* Is your domain name unlocked?
* Can you be reached at the administrative email address for that domain?
* Do you have a Transfer Authorization Code from your current domain registrar?

If you’re confused as to how to find this information, you’re not alone! But there is one website that can help you out: WhoIs.com. Visit WhoIs.com and enter your domain information. Take a look at your domain information. If it says “transfer prohibited”, “locked”, or “transfer unavailable”, that means your domain name is locked and you must contact your domain registrar to unlock it. If it says “OK”, “OK to transfer”, or “unlocked”, you’re good to go there.

Now check the “administrative contact” information for the email address. If you don’t have access to that email, contact your domain registrar to update it. If you do have access, hooray!

And lastly, you need a Transfer Authorization Code from your current registrar to be able to transfer that domain. You can either contact your registrar or, if you have access to login and manage that domain, you can simply have it emailed to you.

After you verify those things, get in touch with Lunarpages and let us know you want to transfer your domain and we can take care of the rest.

Pros: You get to manage your domain and hosting under one roof! This is a huge pro.
Cons: It might cost to transfer the domain and you always have to wait 60 days after renewal or purchase of your domain to be able to transfer it.

2. Change Your Domain Name Servers

Uh-oh, you think, She’s gone tech-speak on me! So let me define: “name server” is just a fancy term for the behind-the-scenes internet stuff that happens when you type “www.lunarpages.com” into your address bar. Behind the scenes, domain name servers are translating “lunarpage.com” into its original URL form (might look something like 00.111.2.333). Domain name servers essentially make sure your domain redirects to wherever your website content is hosted: i.e. your web hosting account!

So if you have a domain name registered with Provider X, you simply need your domain name servers with Lunarpages to get that domain name to find the content at Lunarpages.

So, how on earth do you change the domain name servers? It’s actually incredibly easy and you can do it in 3 simple steps:

* Go to your domain name registrar.
* Your register should have emailed you a username and password to manage your domain name. Find this information and use it to login to your registrar to manage your domain name.
* Change your domain nameservers from whatever they are now to the ones Lunarpages provided you in your Welcome Email. For example, they will look something like: NS1.lunarpages.com / NS2.lunarpages.com

No joke, it’s that easy. Once you’ve done that, your domain name will resolve to Lunarpages within 24 hours or so.

Pros: It’s completely free and is a lot faster than a domain transfer.
Cons: You still have to pay your domain registrar for that domain and pay Lunarpages for hosting, whereas if you transferred it, you could take advantage of our Free Domain For Life offer.

Restart

restart spamd
service exim restart
spamd -d
service spamassassin restart

/etc/init.d/crond start
/etc/init.d/crond stop
/etc/init.d/crond restart
/etc/init.d/exim restart
/etc/init.d/cpanel restart
/usr/local/cpanel/startup
/etc/init.d/cpanel stop
/etc/init.d/chkservd stop
/etc/init.d/chkservd restart
/etc/init.d/httpd stop
/etc/init.d/mysql stop
/etc/init.d/pure-ftpd stop
/etc/init.d/exim stop
/etc/init.d/named stop
/etc/init.d/antirelayd stop
/etc/init.d/mdmonitor stop
/etc/init.d/portsentry stop
/etc/init.d/apf stop
/etc/init.d/syslog stop
/etc/init.d/crond stop
/etc/init.d/smartd stop
/etc/init.d/rhnsd stop
/etc/init.d/ipaliases stop
/etc/init.d/iptables stop
/etc/init.d/clamd restart
/etc/init.d/clamd stop
/etc/init.d/clamd start
/etc/init.d/freshclam start
/etc/init.d/freshclam stop
/etc/init.d/freshclam start
/etc/init.d/freshclam restart
/etc/rc.d/init.d/httpsd restart
/etc/init.d/xinetd restart pop restart
/etc/init.d/cpanel restart

service courier-authlib stop
service courier-imap stop
service courier-authlib start
service courier-imap start

./mailmanctl restart
imapd –version
(start | stop | restart)
service pure-ftpd
service httpd
service exim
service proftpd
service named
service mysql
/usr/sbin/mysqld
service httpd status
/etc/init.d/tomcat5 start or >
/etc/init.d/tomcat5 stop or
/etc/init.d/tomcat5 restart

Exitop

Exitop

This is a perl-curses tool that parses the logs to show real time exim logfile usage. Emails sent from/to (host,user,domain), pretty handy.

wget http://www.le.ac.uk/its/mcn4/exitop/exitop-0.04

Usage:

tail -n 100000 -f /var/log/exim_mainlog | exitop