The Linux Pit Stop

What is SYN Attack

SYN is the most common type of DoS(Denial of Services) attack. In this sort of attacks, hackers use a large number of spoofed IP addresses to send TCP SYN packets to the target machines. Once target machine starts accepting such connections, it goes out of resources and system becomes unresponsive to real requests.

How To Check System Is Under SYN Attack

If you doubt that your system is under SYN attack, then run the following command to verify it.

netstat -an |grep :80 |more

You must see a list of SYN Packets if you are under attack, otherwise the output will be normal. A SYN effected system shows out as below:

tcp        0      0 56.34.53.58:80        211.48.6.244:1048       SYN_RECV
tcp        0      0 12.04.46.88:80        128.223.93.135:1167     SYN_RECV
tcp        0      0 49.44.58.78:80        194.15.197.170:1192     SYN_RECV
tcp        0      0 88.34.89.66:80        199.155.53.109:1039     SYN_RECV
tcp        0      0 88.43.44.32:80        4.168.188.28:1048       SYN_RECV

How To control SYN Attack

Make sure that you have firewall propely setup and the best way is to limit the total number of  TCP connections on your system. Following command can help you in this matter.

iptables -N syn_flood
iptables -A INPUT -p tcp --syn -j syn_flood
iptables -A syn_flood -m limit --limit 1/s --limit-burst 3 -j RETURN
iptables -A syn_flood -j DROP

On a cPanel based servers, it is also recommended that you should have latest kernel version for your operating system. Cheers!

cPanel is an industry leading control panel and major hosting firms are using it. The concept of shared hosting without access of cPanel is obsolete now-a-days. Every host provides you access to your domain’s administration panel via cPanel. If you are an administrator and have created the domain from WHM then you might know that in many cases you need to alter the home directory of user upon user’s request. cPanel/WHM does not offer any graphical option to cater this need. You will need to perform some little tweaks from command prompt to get this done. Lets see how..

cPanel comes bundled with either pure-ftpd, pro-ftpd or in some cases with vsftpd FTP server. Depending upon the installed FTP server, you will find the configuration file of the corresponding ftp server in /etc. It could be pro-ftpd.conf, pure-ftpd.conf or vsftpd.conf.

Open this file in your favorite text editor and you will find a configuration regarding each user in this file, just like this:

testuser:$1$K4v6EN_V$gmV/YZVYP1w/oJRy/72cg.:5144:3457:testuser:/home/testuser/public_html/testuser:/bin/ftpsh

Now modify the path(home) directory of the file from here. Once done, dont forget to restart the correponding ftp service. Cheers!

I mistankly removed the nobody user, appearantly all went fine, but when I tried to connect to the server via ftp, I was thrown out. The error was “500 OOPS: vsftpd: cannot locate user specified in ‘ftp_username’:ftp“. Idid some goolging and here is what is the fix to this.

Basically this problem occurs with Vsftpd server. Whenever user nobody is removed, it also removes its entry from its configuration file vsftpd.conf. You can simply update vsftpd.conf with the following line:

ftp_username=nobody

Once done, restart vstpd service:

service vsftpd restart

That’s it, you are done, enjoy Ftp(ing)

Before reading this post, I would suggest that you should have also followed these steps. Once you are in doubt that your Linux system is hacked/compromised, you must audit your servers. Auditing your server is not a big deal. With a few simple steps you will be able to find out at which level of security you stand. Lets revise them one by one.

1. Run Rkhunter tool

Rkhunter is is a famous tool that scans your system for rootkits and possible exploits. It uses its special algorithm and searches for default directories, wrong permissions and exploit strings in the server’s kernal modules. Once you have installed and run it, you will find that Rkhunter generates a log file. Download this log file and see warnings and error here. You will have better idea from here that what folders/files/scripts or services are possible cause of compromise.

2. Run Network Scanner

Run any good network scanner like Nmap to see what ports external world sees open on your server. Then you can hve idea of which ports are additional in this list and then can shutdown services on such ports if not needed.

» Read more

Linux is such a great operating system that it offers you lots of flexibility over removable media. You can manage them in many ways possible. In order for such media to work, you need to mount them. A system Administrator with minimal experience can mount a disk in Linux easily. Yesterday, I got an error, Device I was going to mount was thorwing the following error when run mount command:

mount: /dev/sda3 already mounted or /tmp/mnt busy

I have gone over many forums and tried to find out the solution for this but non of them worked. Then i run fdisk -l command and discovered that the partition I am trying to mount is Linux LVM, not NTFS or EXT3. Here are the steps to successfully mount LVM disk in Linux.

First of all, determine the volume group containing the physical volume /dev/sda3. for this the following command will work.

pvs

Here is output of this command:

/dev/sda3 VolGroup00 lvm2 a-   67.94G 56.00M

Now, let’s find the the logical volume VolGroup00.

» Read more

A good administrator always checks the server’s running processes on regular intervals. If you are the victims of any hacking attempt then the evidence will be clear in the output of the top command. Lets see you are in doubt  that your Linux machine is compromised, then here are the steps which you can follow to make sure whether its so or not.

1. Check who is logged in

First of all check server logs and see however have logged into your system. From here you will be able to get a list of IP’s which are accessing your system. If you see that these IP’s are not yours or your trusted ones then the situation is really alarming, you are under threat.

See how many people are logged into server via ssh from the following commands:

» Read more

Its couple of months now since the latest of Ububtu family is out there. If you have not yet upgraded to Ubuntu 10.04, then this is the best time to try this out. Here is a long list of torrent links to download it. Enjoy!

Ubuntu 10.04

ubuntu-10.04-alternate-amd64.iso.torrent

ubuntu-10.04-alternate-i386.iso.torrent

ubuntu-10.04-desktop-amd64.iso.torrent

ubuntu-10.04-desktop-i386.iso.torrent

ubuntu-10.04-netbook-armel+dove.img.torrent

ubuntu-10.04-netbook-armel+imx51.img.torrent

ubuntu-10.04-netbook-i386.iso.torrent

ubuntu-10.04-server-amd64.iso.torrent

ubuntu-10.04-server-i386.iso.torrent

Kubuntu 10.04

kubuntu-10.04-alternate-amd64.iso.torrent

kubuntu-10.04-alternate-i386.iso.torrent

kubuntu-10.04-desktop-amd64.iso.torrent

kubuntu-10.04-desktop-i386.iso.torrent

kubuntu-10.04-netbook-i386.iso.torrent

Mythbuntu 10.04

mythbuntu-10.04-desktop-amd64.iso.torrent

mythbuntu-10.04-desktop-i386.iso.torrent

Ubuntu Studio 10.04

ubuntustudio-10.04-alternate-amd64.iso.torrent

ubustustudio-10.04-alternate-i386.iso.torrent

Xubuntu 10.04

xubuntu-10.04-alternate-amd64.iso.torrent

xubuntu-10.04-alternate-i386.iso.torrent

xubuntu-10.04-desktop-amd64.iso.torrent

xubuntu-10.04-desktop-i386.iso.torrent
With Thanks from ubuntu-tutorials.com.

If you are die heart fan of Ubuntu, then you might have spent hours on the   installations of the different software.  No doubt, Apt-Get is one of the coolest app you have ever experienced, but sometimes it also lags, specially if you are to install multiple packages or your internet connection is lagging. Ubuntu’s developer has come to the rescue, now they have developed Apt-Fast and Axel tools which helps you speed up your software installaitons in Ubuntu.

Checkout the details here…

You might see this error and reasons could be different. Let me share my case with you, I deployed my web application on a Linux based server running php version 5.1.6. It was connecting to the remote SQL Server database using php_mssql function. But at a point in code, the application started throwing this error.

Here is what I did to fix it. Please note that if you connect PHP code to remote SQL server from Linux system, then you must have FreeTDS drivers installed on your system. FreeTDS is SQL Server driver which runs SQL server on Linux operating system.You can find complete details of its installation here.

This error (Warning: Mssql_execute() [function.mssql-execute]: Stored Procedure execution Failed) is thrown by code if your system does not have FreeTDS installed or its version is lower. You must have FreeTDS version 8 in order to work successfully with SQL Server. Here is the simplest way to make freeTDS installation of your server to version 8.

Open /etc/freetds.conf file and change the version number in the following line :

tds version=8.0

That;s it, error should be gone now. Cheers!

Network File Sharing (NFS) , although an old concept, is still very valuable. NFS lets you share a particular directory of  your Linux system with other computers on the network/internet. I run into a problem, I was to host a simple web application with load balancing. I copies code on all multiple computer, but the problem was that Images folder of the application was needed to be centralized. I browsed the internet and here is how I achieved it.

I put Images folder on one server and mounted that folder with all other servers in the read write mode. Now all servers gets automatically when any updation is performed int the images folder. I will divide the solution into two simple steps:

1. Setup the mounted directory.

2. Share the directory with others.

Setup the mounted directory

Edit your /etc/exports file and add the line containing directory to share and the destination IP address with which you wish to share. Lets suppose I want to share a folder video with servers having IP’s 192.168.0.1 and 19.168.0.2 then the entry in exports file will be:

YourDirectory_PATH_ToShare IP_ADDR’s_SHARED_TO(ro/rw,no_root_squash,sync,no_subtree_check)

Like:

/var/www/htm/video 192.168.0.1 (ro,no_root_squash,sync,no_subtree_check)

/var/www/htm/video 192.168.0.2 (ro,no_root_squash,sync,no_subtree_check)

Now make sure to restart the nfs service on your computer by typing the following:

service nfs restart

» Read more