Pages

Saturday, July 12, 2014

WP-Login Mod security Rule


(1)Compile apache to enable mod_security

(2)Make sure SecDataDir is present.

(3)If you do not have a SecDataDir anywhere then add it and also create the directory, for example:

mkdir /usr/local/apache/logs/modsec
chown root:nobody /usr/local/apache/logs/modsec
----------------------------------------------------------------------
root@server [/usr/local/apache/conf]# cat /usr/local/apache/conf/modsec2.conf | grep SecDataDir
SecDataDir /usr/local/apache/logs/modsec 
root@server [/usr/local/apache/conf]# 
-------------------------------------------------------------------

(4)Add the rule in a seperate file as follows.
-------------------------------------------------------------------

root@server [/usr/local/apache/conf]# cat modsec2.wplogin.conf
<LocationMatch "/wp-login.php">
SecAction initcol:ip=%{REMOTE_ADDR},pass,nolog,id:313371
SecAction "phase:5,deprecatevar:ip.counter=3/30,pass,nolog,id:313372"
SecRule IP:COUNTER "@gt 1" "phase:2,pause:3000,deny,status:406,setenv:RATELIMITED,skip:1,log,id:313373"
SecAction "phase:2,pass,setvar:ip.counter=+1,nolog,id:313374"
</LocationMatch> 
root@server [/usr/local/apache/conf]# 
-------------------------------------------------------------------
(5) Add the Include file accordingly as follows.
----------------------------------------------------------------
[root@server/usr/local/apache/conf]# cat modsec2.conf | grep Include
Include "/usr/local/apache/conf/modsec2.user.conf"
Include "/usr/local/apache/conf/modsec2.wplogin.conf"
[root@server/usr/local/apache/conf]#
---------------------------------------------------------------
(6)Make sure that following ErrorDocument is existing
[root@mserver]# cat /usr/local/apache/conf/includes/errordocument.conf | grep 406
# 406 - Not Acceptable
ErrorDocument 406 /406.shtml
[root@server/usr/local/apache/conf]# 
--------------------------------------------------------------


exclude few IPs from the rule
---------------------------------
root@server [/usr/local/apache/conf]# cat modsec2.wplogin.conf
<LocationMatch "/wp-login.php">
SecAction initcol:ip=%{REMOTE_ADDR},pass,nolog,id:313371
SecRule  REMOTE_ADDR  "@pmFromFile /usr/local/apache/conf/whitlist.txt"  "nolog,allow,id:313372"
SecAction "phase:5,deprecatevar:ip.counter=3/30,pass,nolog,id:313372"
SecRule IP:COUNTER "@gt 1" "phase:2,pause:3000,deny,status:406,setenv:RATELIMITED,skip:1,log,id:313373"
SecAction "phase:2,pass,setvar:ip.counter=+1,nolog,id:313374"
</LocationMatch> 
root@server [/usr/local/apache/conf]# 
-----------------------------------
Posted by at 0 comments

Monday, July 7, 2014

Yum update notification script

#!/bin/bash
EMAIL="naven@domain.com"
rm -f /tmp/alert
tail /var/log/yum.log > /tmp/alert
diff /opt/orig /tmp/alert
if [ $? -ne 0 ]; then
#Send alert email
echo "please check /var/log/yum.log"| /bin/mail -s "Packages update notification from `hostname` -- ( IP- Addess )" ${EMAIL}
tail /var/log/yum.log > /opt/orig
fi
Posted by at 0 comments

OpenVZ - Reverse path filtering (rp_filter ) - sysctl.conf


I have changed rp_filter (Reverse path filtering ) to loose mode (rp_filter = 2) on the hardware node. I belive that this has fixed the intermittent network connection loss in the VM's.

####syct entries###
net.netfilter.nf_conntrack_max = 196608
net.nf_conntrack_max = 196608
net.ipv4.conf.default.rp_filter = 2
net.ipv4.conf.all.rp_filter = 2
Posted by at 0 comments

Grubs Batch Feature

In grub.conf you have default= yeah,  where you specify which kernel is booted. leave this set to a kernel that you know is good and working. then to test a new kernel, you can tell grub to try that kernel only once with this command before you reboot

echo "savedefault --default=0 --once" | grub --batch


 if the server hangs, get the customer to reboot the server and it will then go back to the good kernel from grub.conf

Posted by at 0 comments

Reduce the disk space/shrink the LVM in an Linux HVM using kpartx

kpartx -av /dev/vg_67/vm102_img

It will then say something about mapping the partition, and will probably create this:
/dev/vg_67/vm102_img1

This relates to that one partition.

now you can do
e2fsck -f -y /dev/vg_67/vm102_img1
resize2fs /dev/vg_67/vm102_img1 24G

then disable kpartx on the lv

kpartx -d /dev/vg_67/vm102_img

now lvreduce to 25G

lvrdeuce -L 25G /dev/vg_67/vm102_img

then you can use kpartx once more to increase the partition to fill the LV, just resize2fs /path you dont need to specify a size.

resize2fs /dev/vg_67/vm102_img
Posted by at 0 comments

Permanent Change of the Time Zone on a Node/Server



First, make a backup of the existing localtime file.

mv /etc/localtime /etc/localtime.bak
Next, create the link:

ln -s /usr/share/zoneinfo/Europe/London /etc/localtime

Now you just need to test your change. Run “date” from the command line, and ensure that the appropriate time, date, and timezone are reported.

The settings will be reverted, if we haven't made the below change.

You need to edit the file /etc/sysconfig/clock and add the entry ZONE="Europe/London" and save the file.
Posted by at 0 comments

Sunday, July 6, 2014

Xen: Create bridge manually with the bond0

ifcfg-eth0

DEVICE=eth0
BOOTPROTO=none
ONBOOT=yes
MASTER=bond0
SLAVE=yes
ISALIAS=no

ifcfg-eth1

DEVICE=eth1
BOOTPROTO=none
ONBOOT=yes
MASTER=bond0
SLAVE=yes
ISALIAS=no

ifcfg-eth1

DEVICE=bond0
BOOTPROTO=none
BONDING_OPTS="mode=1 miimon=100"
ONBOOT=yes
BRIDGE=xenbr0

ifcfg-xenbr0

DEVICE=xenbr0
BOOTPROTO=static
IPADDR=x.x.x.x
NETMASK=x.x.x.x
ONBOOT=yes
TYPE=bridge

vi /etc/xen/xend-config.sxp
Comment out ALL (network-script network-bridge)

service xend restart
service network restart
Posted by at 0 comments
Subscribe to: Posts (Atom)