Use ulogd to log iptables records into mysql db with web interface, nulog

1. download and install ulogd and ulogd-mysql TESTING rpms from http://rpm.razorsedge.org/centos-5/RE-test/repodata/index.html
2. mysql -u root -p

mysql> create database ulog;

3. vi /etc/ulogd.conf

..
plugin="/usr/lib/ulogd/ulogd_MYSQL.so" #uncomment it for use
..
[MYSQL]
table="ulog"
pass=""
user="root"
db="ulog"
host="localhost"
..

4. download and install NuLog from http://software.inl.fr/trac/trac.cgi/wiki/EdenWall/NuLog

wget http://software.inl.fr/releases/Nulog/nulog-1.2.14.tar.gz
tar zxvf nulog-1.2.14.tar.gz
cd nulog-1.2.14
make install

5. create tables from the script

# the two commands are totally same
cat /root/nulog-1.2.14/scripts/ulogd.mysqldump | mysql -u root -p ulog
mysql -u root -p ulog < /root/nulog-1.2.14/scripts/ulogd.mysqldump

6. /etc/init.d/ulogd start
7. cp /usr/share/edenwall-web/nulog/include/config.template.php /usr/share/edenwall-web/nulog/include/config.php
7. vi /usr/share/edenwall-web/nulog/include/config.php

..
if (!isset($lang))
$lang="en";
..
# database Host
$db_host="localhost";
# database name
$db_ulog="ulog";
# database user
$db_user="root";
# database password
$db_pwd="";
..



* create a password file for basic http authentication
htpasswd -c /var/www/apache.passwd username
* cp nulog_apache.conf /etc/httpd/conf.d/nulog.conf
* vi /etc/httpd/conf.d/nulog.conf

Alias /nulog/ "/usr/share/edenwall-web/nulog/" # path
..
# Authentification
# Create file /path/to/some/file with htpasswd
AuthType Basic
AuthName "Nulog access"
AuthUserFile /var/www/apache.passwd
Require user username


Install the web application, phpMyAdmin to mange MySQL via browser on CentOS

1. yum install phpmyadmin
2. vi /etc/httpd/conf.d/phpmyadmin.conf

<Directory "/usr/share/phpmyadmin">
Order Deny,Allow
# Deny from all
Allow from all # If you want to connect it from anywhere
</Directory>
..
..

3. vi /usr/share/phpmyadmin/config.inc.php

/*
* This is needed for cookie based authentication to encrypt password in
* cookie
*/
$cfg['blowfish_secret'] = 'RANDOMTEXT'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */

/* Authentication type */
$cfg['Servers'][$i]['auth_type'] = 'cookie';


Update the time of CentOS with time server automatically

NTP = Network Time Protocol

1. /usr/sbin/ntpdate ip
time.stdtime.gov.tw
clock.stdtime.gov.tw
tick.stdtime.gov.tw
tock.stdtime.gov.tw
watch.stdtime.gov.tw

2. /usr/sbin/hwclock -w #write into bios
hwclock of ubuntu is in /sbin

3. put the above commands to /etc/cron.daily in order to have automatic update everyday

Set samba server on CentOS

1. vi /etc/samba/smb.conf

[global]

workgroup =
netbios name = # computer name
server string = Samba Server # description of this computer
security = user
hosts allow = 192.168.1. # restrict access
load printers = yes
cups options = raw
log file = /var/log/samba/%m.log # %m = netbios name of clients
max log size = 50
dns proxy = no

[homes]
comment = Home Directories # description
browseable = no # is in the browse list
writable = yes
valid users = %S # %S = replace the text within []

[printers]
comment = All Printers
path = /usr/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes

[tmp]
comment = Temporary file space
path = /tmp
read only = no
public = yes # is seen or not by anyone

[sample]
path = /home/sample
public = no
valid users = @users # @ = group
write list =

2. /usr/bin/testparm # check smb.conf configuration file for internal correctness
4. smbpasswd -a username # add user
5. /etc/init.d/smb start # start samba service
6. /sbin/chkconfig smb on # to start on boot

Set Antinat SOCK4 and SOCKS5 compliant server on CentOS

1. yum install antinat
2. vi /etc/antinat.xml
3. Allow only socks5 client from any ip to any destination

<?xml version='1.0'?>
<antinatconfig>
<!-- Any interface -->
<interface value='0.0.0.0'/>

<!-- Port to listen on -->
<port value='1080'/>

<!-- Allow users to be authenticated against UNIX usernames -->
<allowlocalusers/>

<!-- Time in seconds to listen for outside incoming connections when
applications request a BIND operation before timeout -->
<maxbindwait value='60'/>

<!-- demonstration user account -->
<!-- <user user='testuser' password='testpass'/> -->

<!-- What logs should we keep? -->
<log>
<addrdaylog value='/var/log/antinat/day_addr.log'/>
<userdaylog value='/var/log/antinat/day_user.log'/>
<connlog value='/var/log/antinat/connection.log'/>
</log>

<!-- What security methods do we offer clients? -->
<authchoice source_addrtype='ipv4'>
<select mechanism='chap'/>
<select mechanism='cleartext'/>
</authchoice>

<!-- Which connections should we accept or reject? -->
<filter>
<filter source_addrtype='ipv4' dest_addrtype='ipv4'>
<filter user='root'>
<reject/>
</filter>
<filter version='4'>
<reject/>
</filter>
</filter>
<accept/>
</filter>

</antinatconfig>

4. mkdir /var/log/antinat # for logging directory

"ddclient dead but pid file exists" on CentOS

/etc/rc.d/init.d/ddclient status
ddclient dead but pid file exists

solution:

#-p, --parents, make parent directories as needed
mkdir -p /var/cache/ddclient


Add a user to sudoer list on CentOS

/usr/sbin/visudo


root ALL=(ALL) ALL
username ALL=(ALL) ALL


Add DAG into YUM on CentOS

Install the latest rpmforge-release package for Red Hat Enterprise Linux 5. This will automatically install the configuration and GPG keys that are for safely installing RPMforge packages.

rpm -Uhv http://apt.sw.be/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpm


Display Information and Parameters of Hard Disk Drives on CentOS

# smartmontools
# -a, -all: Prints all SMART information about the disk
/usr/sbin/smartctl -a /dev/<device>

# hdparm - get/set hard disk parameters
/sbin/hdparm /dev/<device>

pppoe[pid]: Bad TCP checksum someValue on CentOS

From /var/log/messages
The reason it happens is because you have short circuted the modem to the hub and the pppoe protocol or software have trouble keeping things in sync because of timeouts that were generated by the network collisions. The solution is to seperate the modem network from the home network so no collisions will happen. However, the CLAMPMSS=no could also help since it can reduce overheads and thus lower timeouts (if any)though i didn't check that. other things can help like increasing timeouts, hanging synchronization options but it would be cheaper by time/money to just buy another ethernet card and be done with it.

1. vi /etc/sysconfig/network-scripts/ifcfg-ppp0

..
CLAMPMSS=no
..

2. /sbin/iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

Setup NAT server on Linux

1. change the value of ip_forward from 0 to 1

CentOS

echo "1" > /proc/sys/net/ipv4/ip_forward


Ubuntu

sudo vi /etc/sysctl.conf
--
..
net.ipv4.ip_forward=1
..

sudo sysctl -p # load sysctl settings

2. load related modules

/sbin/modprobe ip_nat_ftp
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_conntrack_irc

3. 192.168.1.1 ~ 192.168.1.254 route through ppp0

/sbin/iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.1.0/24 -j MASQUERADE

4. if you want the above things done every time you boot the machine, you can add these into /etc/rc.local

Setup aMule's Webserver on CentOS

Although there is a RPM of aMule for RHEL5 and CentOS, it has only aMule main program. If you would like to remote control your aMule server, you must have aMuleWeb installed. For CentOS users, you have to compile the sourcecode of aMule by yourself because aMuleWeb is compiled at the same time you compile aMule by using the --enable-amuleweb flag when you run configure.

1. Download sourcecode from http://www.amule.org/files/files.php?cat=34 and extract it
2. Install below packages for compiling environment
zlib-devel, wxGTK-devel, gettext-devel, gcc-c++
3. Check http://www.amule.org/wiki/index.php/Configure for all available parameters
./configure --prefix=/usr --enable-webserver --enable-amulecmd --enable-amule-daemon --enable-cas --enable-wxcas --enable-alc --enable-alcc
4.

make # It takes much long time
make install

5. Run aMule from desktop or shell
6. Go to "Preferences"
Enable "Accept External Connections"
Enter a password for External Connections. This is for external programs like amulecmd and amulegui
Enable "Run amuleweb on startup"
Type a password into "Full right" field. This is the password that you want to type when you login
7. Restart aMule in order to make the changes to take effect.
8. Remember to open 4711 port of the firewall so that you can open aMuleWeb in a browser by entering the URL, http://ip:4711

To handle RAR files on CentOS


yum install rar unrar

After installing the two packages, your default archive manager will support RAR format

Set an alarm at a specified time on CentOS


at 23:00 2005-09-15
at> /usr/local/bin/alarm
at> ..
at> # multiple commands can be executed at same time
at> ..
at> <EOT> # pressing CTRL + D means save and exit


atq #lists the user's pending jobs


ERROR 400: Bad Request while MoBlock try to wget level1.gz list

This is caused by the server for that list not working with wget's time-stamping option ( parameter -n )
A workaround is to update the list manually without time-stamping:

cd /var/spool/moblock/cache/dl/
wget http://www.bluetack.co.uk/config/level1.gz

then run the guardian.p2p rebuild process

Rebuild the blocklist of MoBlock on CentOS


# stop service first
/sbin/service moblock stop
#after updating /etc/moblock/lists or whitelist
/etc/cron.daily/moblock reload
#start MoBlock
/sbin/service moblock start


Add an ip or a range to the whitelist of MoBlock on CentOS

1. if there's an IP address you need to whitelist, find the entry in /etc/moblock/guarding.p2p, for example:

FooBar, inc:192.0.34.164-192.0.34.168

2. you need to make a basic regular expression for grep from this line and put it in /etc/moblock/whitelist. To match the exact line, you need to put a backslash (\) before every metacharacter (\, ., ^, $, [) and put a caret ^ at the beginning and a dollar sign $ at the end. In this example, a valid expression is:

^FooBar, inc:192\.0\.34\.164-192\.0\.34\.168$

see the manpages for grep for more information.

Install PeerGuardian Linux on CentOS

1. yum install libnfnetlink-devel
2. download latest libnetfilter_queue from http://www.netfilter.org/projects/libnetfilter_queue/downloads.html
3. tar -jxvf libnetfilter_queue-0.0.13.tar.bz2
4. change to the directory where you extracted the file then execute

./configure
make
make install

5. mv /usr/local/lib/libnetfilter_queue* /usr/lib
6. download MoBlock from http://moblock.berlios.de/
7. tar -jxvf MoBlock-0.8-i586.tar.bz2
8. in the directory where you extracted the files, build MoBlock with:

make
make install

9. mkdir /etc/moblock
10. vi /etc/moblock/lists

# find various blocklist from
# http://www.bluetack.co.uk/forums/index.php?act=dscriptca&CODE=viewcat&cat_id=4
http://www.bluetack.co.uk/config/level1.gz

11. touch /etc/moblock/whitelist
12. vi /etc/init.d/moblock ( edit the WHITE_... variables to whitelist certain ports. )

#!/bin/sh
#
# moblock This shellscript takes care of starting and stopping moblock.
#
# chkconfig: 345 30 70
# description: MoBlock is a application that enables you to block internet \
# traffic based on large lists of ip address ranges in order to \
# protect your privacy.
# processname: moblock
#

ACTIVATE_CHAINS=1
MODE="nfq"
WHITE_TCP_IN=""
WHITE_UDP_IN=""
WHITE_TCP_OUT="21 22 80 110 443"
WHITE_UDP_OUT="123"
WHITE_TCP_FORWARD=""
WHITE_UDP_FORWARD=""

PIDF="/var/run/moblock.pid"
LIST="/etc/moblock/guarding.p2p"
PRG="moblock"
LOG="/var/log/$PRG"
BIN="/usr/bin/$PRG"
CMD="$BIN -p $LIST $LOG >/dev/null &"


# Source function library.
. /etc/rc.d/init.d/functions


fail () {
failure "$2"
echo
[ -n "$1" ] && echo "$1"
}

iptables_init () {
if [ $MODE == "ipq" ]; then
modprobe ip_queue
TARGET="QUEUE"
elif [ $MODE == "nfq" ]; then
modprobe ipt_NFQUEUE
TARGET="NFQUEUE"
fi;
modprobe ipt_state
iptables -N MOBLOCK_IN
iptables -N MOBLOCK_OUT
iptables -N MOBLOCK_FW
if [ $ACTIVATE_CHAINS -eq 1 ]; then
iptables -I INPUT -p all -m state --state NEW -j MOBLOCK_IN
iptables -I OUTPUT -p all -m state --state NEW -j MOBLOCK_OUT
iptables -I FORWARD -p all -m state --state NEW -j MOBLOCK_FW
fi;
iptables -I MOBLOCK_IN -p all -j $TARGET
iptables -I MOBLOCK_OUT -p all -j $TARGET
iptables -I MOBLOCK_FW -p all -j $TARGET

for PORT in $WHITE_TCP_OUT; do
iptables -I MOBLOCK_OUT -p tcp --dport $PORT -j ACCEPT
done
for PORT in $WHITE_UDP_OUT; do
iptables -I MOBLOCK_OUT -p udp --dport $PORT -j ACCEPT
done

for PORT in $WHITE_TCP_IN; do
iptables -I MOBLOCK_IN -p tcp --dport $PORT -j ACCEPT
done
for PORT in $WHITE_UDP_IN; do
iptables -I MOBLOCK_IN -p udp --dport $PORT -j ACCEPT
done

for PORT in $WHITE_TCP_FORWARD; do
iptables -I MOBLOCK_FW -p tcp --dport $PORT -j ACCEPT
done
for PORT in $WHITE_UDP_FORWARD; do
iptables -I MOBLOCK_FW -p udp --dport $PORT -j ACCEPT
done

# Loopback traffic fix
iptables -I INPUT -p all -i lo -j ACCEPT
iptables -I OUTPUT -p all -o lo -j ACCEPT
}

iptables_reset () {
if [ $ACTIVATE_CHAINS -eq 1 ]; then
iptables -D INPUT -p all -m state --state NEW -j MOBLOCK_IN
iptables -D OUTPUT -p all -m state --state NEW -j MOBLOCK_OUT
iptables -D FORWARD -p all -m state --state NEW -j MOBLOCK_FW
fi;
iptables -D INPUT -p all -i lo -j ACCEPT
iptables -D OUTPUT -p all -o lo -j ACCEPT
iptables -F MOBLOCK_IN
iptables -X MOBLOCK_IN
iptables -F MOBLOCK_OUT
iptables -X MOBLOCK_OUT
iptables -F MOBLOCK_FW
iptables -X MOBLOCK_FW
}

start () {
echo -n $"Starting MoBlock: "
if ! [ -x $BIN ]; then
fail "Can't execute $BIN" "$PRG startup"
return 1
fi;
if ! [ -f $LIST ]; then
fail "Can't find $LIST" "$PRG startup"
return 1
fi;
if [ -f $PIDF ]; then
PID=`cat $PIDF`
if ps -p $PID >/dev/null; then
fail "$PIDF exists and $PRG is running." "$PRG startup"
return 1
fi;
fi;
iptables_init
daemon "$CMD"
RETVAL=$?
echo
return $RETVAL
}

stop () {
echo -n $"Stopping MoBlock: "
killproc -p "$PIDF" "$PRG"
RETVAL=$?
echo
if ! pidof "$PRG"; then
iptables_reset 2>/dev/null 1>&2
fi;
return $RETVAL
}

case "$1" in
start)
start
;;
stop)
stop
;;
reload)
if [ -f $PIDF ]; then
kill -HUP `cat $PIDF`
RETVAL=$?
fi
;;
restart)
stop
start
RETVAL=$?
;;
condrestart)
# restart only if already running
if [ -f $PIDF ]; then
stop
start
RETVAL=$?
fi
;;
status)
status $PRG
RETVAL=$?
;;
top)
if [ -f $PIDF ]; then
a=""
for i in `pidof $PRG`; do
a="$a -p $i"
done
top $a
fi
;;
*)
echo $"Usage: $0 {start|stop|reload|restart|condrestart|status|top}"
exit 1
esac

exit $RETVAL

13. chmod +x /etc/init.d/moblock
14. vi /etc/cron.daily/moblock

#!/bin/bash

LURLS="/etc/moblock/lists"
WLIST="/etc/moblock/whitelist"
LIST="/etc/moblock/guarding.p2p"

CACHE="/var/spool/moblock/cache"
FMD5=".md5sum"
DLDIR="dl"

RELOADCMD="/sbin/service moblock reload"

acat () {
while read -r -d $'\0' fn; do
if [ "$(head -c 2 "$fn")" = $'\x1f\x8b' ]; then
gunzip -c "$fn"
elif [ "$(head -c 4 "$fn")" = $'\x50\x4b\x03\x04' ]; then
unzip -p "$fn"
else
cat "$fn"
fi
done
}

download () {
MD5SUM=`md5sum "$LURLS" | cut -c -32`
if [ -f "./$FMD5" ]; then
if [ `cat "$FMD5"` != $MD5SUM ]; then
# The list source file has changed.
# Clean the dl directory.
rm "./$DLDIR"/*
fi;
elif [ `ls -A . | wc -l` -gt 0 ]; then
# There's no md5 file, but the directory is not empty.
# Something's wrong, bail out.
echo "$(pwd) is not empty." >/dev/stderr
exit 1
fi;
echo $MD5SUM >"./$FMD5"
wget -nv -N -t 3 -w 1 -T 120 -P "./$DLDIR" -i "$LURLS"
}

reload () {
find "./$DLDIR" -type f -print0 | acat | dos2unix | nice uniq | \
(nice grep -a -v -f "$WLIST" 2>/dev/null || cat) >"$LIST"
$RELOADCMD
}

if ! [ -f "$LURLS" ]; then
echo "Can't find $LURLS" >/dev/stderr
exit 1
fi;
mkdir -p "$CACHE"
pushd "$CACHE" >/dev/null || exit 1
case "$1" in
reload | nodownload)
reload
;;
'' | download)
download
reload
;;
*)
echo $"Usage: $0 [reload]"
exit 1
esac
popd >/dev/null

15. chmod +x /etc/cron.daily/moblock
16. before you can start the MoBlock service, you need to download the lists first

/etc/cron.daily/moblock

17. make MoBlock to start on boot

/sbin/chkconfig --add moblock

18. to control the MoBlock service, use service moblock command, where command is one of the following:
* start – start MoBlock.
* stop – stop MoBlock.
* reload – reload the blocklist, reset the stats and reopen the log file.
* restart – restart MoBlock. Note that this will start MoBlock even if it was not already running.
* condrestart – restart MoBlock if it is already running.
* status – show whether MoBlock is running or not.
* top – show MoBlock's CPU usage, memory usage, etc.

Add firewall rules for aMule in order to get a HighID on CentOS

1. Insert iptables rules:

/sbin/iptables -I RH-Firewall-1-INPUT -p tcp --dport 4662 -j ACCEPT
/sbin/iptables -I RH-Firewall-1-INPUT -p udp --dport 4665 -j ACCEPT
/sbin/iptables -I RH-Firewall-1-INPUT -p udp --dport 4672 -j ACCEPT

2. Get the rules saved to /etc/sysconfig/iptables using iptables-save

/sbin/service iptables save

3. Restart iptables

/etc/init.d/iptables restart


Use ddclient to update dyndns automatically on CentOS

vi /etc/ddclient/ddclient.conf
some parameters have to be uncommented and set


use=web # via web
login= # default login
password= # default password

##
## dyndns.org dynamic addresses
##
## (supports variables: wildcard,mx,backupmx)
##
server=members.dyndns.org, \
protocol=dyndns2 \
yours.dyndns.org

/etc/rc.d/init.d/ddclient {start|stop|restart|status}