Sunday, May 9, 2010

Step by Step Installing mod_security from Source in Linux Centos5.4, Fedora12 Howto

To Install mod Security from the source go to the Website of Mod security and download the packages
[superuser@ashwin modse]# get http://www.modsecurity.org/download/modsecurity-apache_2.5.12.tar.gz

–2010-05-05 15:19:12– http://www.modsecurity.org/download/modsecurity-apache_2.5.12.tar.gz

Saving to: `modsecurity-apache_2.5.12.tar.gz’

100%[=======================================>] 1,392,209 1235.9Mb/s in 5s

2010-05-05 15:19:18 (1235.7 MB/s) – `modsecurity-apache_2.5.12.tar.gz’ saved [1392209/1392209]

[superuser@ashwin modse]# tar -zxf modsecurity-apache_2.5.

To see the Full Tutorial:

Step by Step Installing mod_security from Source in Linux Centos5.4, Fedora12 Howto

Thursday, May 6, 2010

Howto Add New User, New Group and modify Users, Groups in Linux - Centos5.4, Fedora 11 - Part 1

Adding users in Linux helps you from giving all user Administrative (root access) rights if the system is used by Multiple people. Its one of the basic command but still very important which need to studied in much details, The More detail you know about adding user and adding group modifying existing users and groups may lead with excellent system administration skills and also help you with securing system. There are many attributes to read when we learn about useradd and groupadd command in linux. In this article we will go indepth of Adding, Modifying User and groups and also discussing about various parameters while using these commands.

Adding New User in Linux

Adding a new user to your linuxbox is as simple as running a command with a argument which is the username to be created

[root@ashwin ~]# useradd ashwin


Great You have created a new user but now into the technical details how does the user gets the home directory, how is the UID,GID set, how the default shell is assigned and other different features gets assigned when addding a user.

When you add a user immediately some files are checked if the user is already present Files

1. /etc/passwd
2. /etc/groups
3. /etc/shadows

If the user is not present in the above 3 files the next step is to look for another set of files which by default assign values to a newly added user the file which is looked is
 # cat /etc/login.defs 


The above file contains all the default parameter like, UID, GID to be set for new user, Home Directory (If not specified explicitly). Now once the user is added the home directory is created in /home/username by default and assigned a unique UID,GID. When you see the contents of /home/username you will find files

[ashwin@ashwin ~]$ ll -a /home/ashwin/
-rw-r--r--. 1 root root 18 2009-04-08 16:16 .bash_logout
-rw-r--r--. 1 root root 176 2009-04-08 16:16 .bash_profile
-rw-r--r--. 1 root root 124 2009-04-08 16:16 .bashrc
-rw-r--r--. 1 root root 500 2009-04-10 17:22 .emacs
drwxr-xr-x. 2 root root 4096 2009-03-18 06:22 .gnome2
drwxr-xr-x. 4 root root 4096 2010-03-19 12:20 .mozilla
-rw-r--r--. 1 root root 658 2009-03-02 22:50 .zshrc

Now from where these files came from, yes this files are copied to every newly added user from the /etc/skel folder.


[ashwin@ashwin ~]$ ll -a /etc/skel/
-rw-r--r--. 1 root root 18 2009-04-08 16:16 .bash_logout
-rw-r--r--. 1 root root 176 2009-04-08 16:16 .bash_profile
-rw-r--r--. 1 root root 124 2009-04-08 16:16 .bashrc
-rw-r--r--. 1 root root 500 2009-04-10 17:22 .emacs
drwxr-xr-x. 2 root root 4096 2009-03-18 06:22 .gnome2
drwxr-xr-x. 4 root root 4096 2010-03-19 12:20 .mozilla
-rw-r--r--. 1 root root 658 2009-03-02 22:50 .zshrc


Now a Bit more depth on useradd, we'll now discuss some parameters while adding a new user to change the default home directory, UID, GID, Default Shell Login, Password

The Following arguments can be used to the command useradd

-b, --base-dir BASE_DIR base directory for the new user account
home directory
-c, --comment COMMENT set the GECOS field for the new user account
-d, --home-dir HOME_DIR home directory for the new user account
-D, --defaults print or save modified default useradd
configuration
-e, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE
-f, --inactive INACTIVE set password inactive after expiration to INACTIVE
-g, --gid GROUP force use GROUP for the new user account
-G, --groups GROUPS list of supplementary groups for the new user account
-h, --help display this help message and exit
-k, --skel SKEL_DIR specify an alternative skel directory
-K, --key KEY=VALUE overrides /etc/login.defs defaults
-l, do not add the user to the lastlog and faillog databases
-m, --create-home create home directory for the new user account
-M, do not create user's home directory(overrides /etc/login.defs)
-N, --no-user-group do not create a group with the same name as the user
-o, --non-unique allow create user with duplicate (non-unique) UID
-p, --password PASSWORD use encrypted password for the new user account
-r, --system create a system account
-s , --shell SHELL the login shell for the new user account
-u, --uid UID force use the UID for the new user account
-U, --user-group create a group with the same name as the user
-Z, --selinux-user SEUSER use a specific SEUSER for the SELinux user mapping



    Examples


1. Add user with home directory in /opt/username

[root@ashwin ~]# useradd -d /opt/ username

2. Add user with defined home directory UID, GID

[root@ashwin ~]# useradd -d /opt/ -u 800 -g 800 username


3. Defining password while adding a new user

[root@ashwin ~]# useradd -d /opt/ -u 800 -g 800 -p password username

4. Defining the login shell for the new user account

[root@ashwin ~]# useradd -d /opt/ -u 800 -g 800 -p password -s /bin/sh username

[root@ashwin ~]# useradd -d /opt/ -u 800 -g 800 -p password -s /bin/nologin username

Explore around with the parameters you would find many features in it.

Also Look For Parts Two to know more depth knowledge of User and Group adding in Linux

Wednesday, May 5, 2010

Step by Step Installing mod_security from Source in Linux Centos5.4, Fedora12 Howto

To Install mod Security from the source go to the Website of Mod security and download the packages
[superuser@ashwin modse]# get http://www.modsecurity.org/download/modsecurity-apache_2.5.12.tar.gz

--2010-05-05 15:19:12-- http://www.modsecurity.org/download/modsecurity-apache_2.5.12.tar.gz

Saving to: `modsecurity-apache_2.5.12.tar.gz'

100%[=======================================>] 1,392,209 1235.9Mb/s in 5s

2010-05-05 15:19:18 (1235.7 MB/s) - `modsecurity-apache_2.5.12.tar.gz' saved [1392209/1392209]

[superuser@ashwin modse]# tar -zxf modsecurity-apache_2.5.12.tar.gz
[superuser@ashwin modse]# cd modsecurity-apache_2.5.12

Stop Apache httpd
[superuser@ashwin modse]# service httpd stop
[superuser@ashwin apache2]# /configure --with-apxs=/path/to/httpd-2.x.y/bin/apxs

Compile with:
[superuser@ashwin apache2]# make

Optionally test with:
[superuser@ashwin apache2]# make test

Optionally build the ModSecurity Log Collector with:
[superuser@ashwin apache2]# make mlogc

Install the ModSecurity module with:
[superuser@ashwin apache2]# make install

If you get the below error you need to recompile apache with DSO and APXS

configure: looking for Apache module support via DSO through APXS
configure: error: couldn't find APXS

Solution
[superuser@ashwin modse]# get http://apache.siamwebhosting.com/httpd/httpd-2.2.15.tar.gz
[superuser@ashwin modse]# cd httpd-2.2.15
[superuser@ashwin httpd-2.2.15]# ./configure --enable-so --with-pcre
[superuser@ashwin httpd-2.2.15]# make
[superuser@ashwin httpd-2.2.15]# make install

Now Change you directory to /your/path/mod-security/apache2/
Install MOD-Security
[superuser@ashwin apache2]# make install

Congratulation you have successfully installed mod-security now to make it work add the following lines in your apache configuration file
[superuser@ashwin apache2]# vi /etc/httpd/conf/httpd.conf
LoadFile /usr/lib/libxml2.so
LoadFile /usr/lib/liblua5.1.so

# Load the ModSecurity module with:
LoadModule security2_module modules/mod_security2.so

Now Restart Apache Service and you ready to Go
superuser@ashwin apache2]# service httpd start