Archive for the “Security” Category

Jul 07 2010

Setting up a new user account for root access.

Posted by keith in Linux, Security

Let’s face it, giving out your root password to your Linux server isn’t very smart or security minded. Still there are many of us who provide our root user and before we know it, we’re either looking at a compromise or a permissions issue or worse. Though it doesn’t need to be this way. No… We can create a new user and give them root access or we can edit the abilities of this user.

How does one do this you ask? Simple. In this instance, we’ll setup a new user to have root access, but this works out as we can add the user to the sudoers file, meaning we know who we are giving access to. Heck, you may want to do this for your main user and disable the root user for security reasons, but that’s your call.

Any how, on to the fun stuff!

1. First we need to login to the server, so don’t disable the root user yet, and create a new user. For this example, I’ll make a new user called madtech. So we SSH into the server and type the following;

“useradd madtech”

2. Next we need to add a password for the user, to do this we need to type the following;

“passwd madtech”

It will then ask for us to enter the password and then again to confirm the password.

3. Now that we created the user, we need to edit the sudoers file. Take note we don’t want to edit this with or standard text editors.. no, thats bad. We need to use visudo. Visudo should already be installed on the server. So what we need to do now is goto the following line;

## Allow root to run any commands anywhere
root    ALL=(ALL)       ALL
We need to add our new user to this file by typing;
madtech  ALL=(ALL)  ALL
And then we press CRTL+X and then Y to save the changes.
4. We’ve just added the user, so know when you log into the server with this new user you can type the following to sudo in and gain admin access;
“sudo -l” or “sudo su -”
This will give the suer root access for the logged in session. If you log out and back in, you need to sudo again.
*******Issues you may encounter*********
So you added the user but when you sudo in, you get the following error:
sudo: must be setuid root
This means there is an issue with the changes to the sudoers file and you need to fix it. But its an easy fix, so relax. All you need to do is log back into the server as the root user again and run the following commands;
“chown root:root /usr/bin/sudo”
“chmod 4111 /usr/bin/sudo”
Now logout as root and login as the new user and then sudo in.  You should now get the default sudo message like the one below or similar, depending on what the MOTD on the server is set to.
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.”

That’s it. Now you can disable that root user, if you choose to!
Tags: ,

Comments No Comments »

Feb 18 2009

Brute Force Detection

Posted by keith in Linux, Security

What is BFD (Brute Force Detection)?

BFD is a modular shell script for parsing applicable logs and checking for authentication failures. There is not much complexity or detail to BFD yet and likewise it is very straight-forward in its installation, configuration and usage. The reason behind BFD is very simple; the fact there is little to no authentication and brute force auditing programs in the linux community that work in conjunction with a firewall or real-time facility to place bans. BFD is available at: http://www.rfxnetworks.com/bfd.php

This guide will show you how to install and configure BFD to protect your system from brute force hack attempts.

Requirements:
- You MUST have APF Firewall Installed before installing BFD – it works with APF and requires some APF files to operate.
- Root SSH access to your server

Lets begin!
Login to your server through SSH and su to the root user.

1. cd /root/downloads or another temporary folder where you store your files.

2. wget http://www.rfxnetworks.com/downloads/bfd-current.tar.gz

3. tar -xvzf bfd-current.tar.gz

4. cd bfd-0.2

5. Run the install file: ./install.sh
You will receive a message saying it has been installed

.: BFD installed
Install path: /usr/local/bfd
Config path: /usr/local/bfd/conf.bfd
Executable path: /usr/local/sbin/bfd

6. Lets edit the configuration file: pico /usr/local/bfd/conf.bfd

7. Enable brute force hack attempt alerts:
Find: ALERT_USR=”0″ CHANGE TO: ALERT_USR=”1″

Find: EMAIL_USR=”root” CHANGE TO: EMAIL_USR=”[email protected]

Save the changes: Ctrl+X then Y

8. Prevent locking yourself out!
pico -w /usr/local/bfd/ignore.hosts and add your own trusted IPs
Eg: 192.168.1.1

Save the changes: Ctrl+X then Y

BFD uses APF’ cli insert feature
and as such will override any allow_hosts.rules entries users have in-place.
So be sure to add your trusted ip addresses to the ignore file to prevent
locking yourself out.

9. Run the program!
/usr/local/sbin/bfd -s

Tags: ,

Comments No Comments »

Sep 06 2008

AVG Anti-virus Software (Good Stuff)

Posted by keith in AntiVirus, Security

Avg, in my mind, is perhaps of the the best Antivirus software packages currently available for the windows platform. On top of that, AVG also offers a free edition of their Antivirus suite, although some features are not present (of course, it’s a free version).

That’s it, not to bad for an Antivirus solution that works. You can download the software and get more information regarding this by going to the AVG’s website – Here!

Comments No Comments »

Sep 06 2008

F-Secure Online Scanner

Posted by keith in AntiVirus, Security

F-Secure Online Virus Scanner (version 3.3) is a free service. Use it to find out if your computer is infected, and disinfect your computer if needed. The product will automatically download the necessary components and virus definition databases as it is started. Useful for finding spyware, malware rootkits, and viruses.

Comments No Comments »