Use ulogd to log iptables records into mysql db with web interface, nulog

1. download and install ulogd and ulogd-mysql TESTING rpms from http://rpm.razorsedge.org/centos-5/RE-test/repodata/index.html
2. mysql -u root -p

mysql> create database ulog;

3. vi /etc/ulogd.conf

..
plugin="/usr/lib/ulogd/ulogd_MYSQL.so" #uncomment it for use
..
[MYSQL]
table="ulog"
pass=""
user="root"
db="ulog"
host="localhost"
..

4. download and install NuLog from http://software.inl.fr/trac/trac.cgi/wiki/EdenWall/NuLog

wget http://software.inl.fr/releases/Nulog/nulog-1.2.14.tar.gz
tar zxvf nulog-1.2.14.tar.gz
cd nulog-1.2.14
make install

5. create tables from the script

# the two commands are totally same
cat /root/nulog-1.2.14/scripts/ulogd.mysqldump | mysql -u root -p ulog
mysql -u root -p ulog < /root/nulog-1.2.14/scripts/ulogd.mysqldump

6. /etc/init.d/ulogd start
7. cp /usr/share/edenwall-web/nulog/include/config.template.php /usr/share/edenwall-web/nulog/include/config.php
7. vi /usr/share/edenwall-web/nulog/include/config.php

..
if (!isset($lang))
$lang="en";
..
# database Host
$db_host="localhost";
# database name
$db_ulog="ulog";
# database user
$db_user="root";
# database password
$db_pwd="";
..



* create a password file for basic http authentication
htpasswd -c /var/www/apache.passwd username
* cp nulog_apache.conf /etc/httpd/conf.d/nulog.conf
* vi /etc/httpd/conf.d/nulog.conf

Alias /nulog/ "/usr/share/edenwall-web/nulog/" # path
..
# Authentification
# Create file /path/to/some/file with htpasswd
AuthType Basic
AuthName "Nulog access"
AuthUserFile /var/www/apache.passwd
Require user username


Install the web application, phpMyAdmin to mange MySQL via browser on CentOS

1. yum install phpmyadmin
2. vi /etc/httpd/conf.d/phpmyadmin.conf

<Directory "/usr/share/phpmyadmin">
Order Deny,Allow
# Deny from all
Allow from all # If you want to connect it from anywhere
</Directory>
..
..

3. vi /usr/share/phpmyadmin/config.inc.php

/*
* This is needed for cookie based authentication to encrypt password in
* cookie
*/
$cfg['blowfish_secret'] = 'RANDOMTEXT'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */

/* Authentication type */
$cfg['Servers'][$i]['auth_type'] = 'cookie';


Update the time of CentOS with time server automatically

NTP = Network Time Protocol

1. /usr/sbin/ntpdate ip
time.stdtime.gov.tw
clock.stdtime.gov.tw
tick.stdtime.gov.tw
tock.stdtime.gov.tw
watch.stdtime.gov.tw

2. /usr/sbin/hwclock -w #write into bios
hwclock of ubuntu is in /sbin

3. put the above commands to /etc/cron.daily in order to have automatic update everyday

Connect through SSH tunnel on Windows

1. Download Plink (a command-line interface to the PuTTY back ends)
2. Execute it with parameters on a windows machine

# -C enable compression
# -N don't start a shell/command (SSH-2 only)
# -v show verbose messages
# -ssh force use of SSH protocol
# -L [listen-IP:]listen-port:host:port
# Forward local port to remote address
plink.exe -C -N -v -ssh -L local_port:remote_ip:remote_port -l ssh_username ssh_server_ip

3. Then you could have localhost:port forwarded to remote server with encryption

Set samba server on CentOS

1. vi /etc/samba/smb.conf

[global]

workgroup =
netbios name = # computer name
server string = Samba Server # description of this computer
security = user
hosts allow = 192.168.1. # restrict access
load printers = yes
cups options = raw
log file = /var/log/samba/%m.log # %m = netbios name of clients
max log size = 50
dns proxy = no

[homes]
comment = Home Directories # description
browseable = no # is in the browse list
writable = yes
valid users = %S # %S = replace the text within []

[printers]
comment = All Printers
path = /usr/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes

[tmp]
comment = Temporary file space
path = /tmp
read only = no
public = yes # is seen or not by anyone

[sample]
path = /home/sample
public = no
valid users = @users # @ = group
write list =

2. /usr/bin/testparm # check smb.conf configuration file for internal correctness
4. smbpasswd -a username # add user
5. /etc/init.d/smb start # start samba service
6. /sbin/chkconfig smb on # to start on boot

Set Antinat SOCK4 and SOCKS5 compliant server on CentOS

1. yum install antinat
2. vi /etc/antinat.xml
3. Allow only socks5 client from any ip to any destination

<?xml version='1.0'?>
<antinatconfig>
<!-- Any interface -->
<interface value='0.0.0.0'/>

<!-- Port to listen on -->
<port value='1080'/>

<!-- Allow users to be authenticated against UNIX usernames -->
<allowlocalusers/>

<!-- Time in seconds to listen for outside incoming connections when
applications request a BIND operation before timeout -->
<maxbindwait value='60'/>

<!-- demonstration user account -->
<!-- <user user='testuser' password='testpass'/> -->

<!-- What logs should we keep? -->
<log>
<addrdaylog value='/var/log/antinat/day_addr.log'/>
<userdaylog value='/var/log/antinat/day_user.log'/>
<connlog value='/var/log/antinat/connection.log'/>
</log>

<!-- What security methods do we offer clients? -->
<authchoice source_addrtype='ipv4'>
<select mechanism='chap'/>
<select mechanism='cleartext'/>
</authchoice>

<!-- Which connections should we accept or reject? -->
<filter>
<filter source_addrtype='ipv4' dest_addrtype='ipv4'>
<filter user='root'>
<reject/>
</filter>
<filter version='4'>
<reject/>
</filter>
</filter>
<accept/>
</filter>

</antinatconfig>

4. mkdir /var/log/antinat # for logging directory

mysql

change root password
mysqladmin -h mysql_server -u root -p password 12345

Account and Group config files on Linux

Account: /etc/passwd
name:password:UID:GID:description:directory:shell

Group: /etc/groups
name:password:GID:members

"ddclient dead but pid file exists" on CentOS

/etc/rc.d/init.d/ddclient status
ddclient dead but pid file exists

solution:

#-p, --parents, make parent directories as needed
mkdir -p /var/cache/ddclient


Add a user to sudoer list on CentOS

/usr/sbin/visudo


root ALL=(ALL) ALL
username ALL=(ALL) ALL


Add DAG into YUM on CentOS

Install the latest rpmforge-release package for Red Hat Enterprise Linux 5. This will automatically install the configuration and GPG keys that are for safely installing RPMforge packages.

rpm -Uhv http://apt.sw.be/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpm