Category: Linux

Linux / Wordpress

Harden WordPress Permissions

Harden WordPress chown [username]:www-data find /var/www/html/DOMAIN -type d -exec chmod 755 {} \; find /var/www/html/DOMAIN -type f -exec chmod 644 {} \; chmod 440 /var/www/html/DOMAIN/*.php chmod 450 -R /var/www/html/DOMAIN/wp-admin chmod 450 -R /var/www/html/DOMAIN/wp-includes chmod 440 /var/www/html/DOMAIN/.htaccess chmod 766 /var/www/html/DOMAIN/sitemap.* chmod 770 -R /var/www/html/DOMAIN/wp-content/uploads chmod 770 -R /var/www/html/DOMAIN/wp-content/upgrade chmod 750 -R /var/www/html/DOMAIN/wp-content/plugins (You could put all that in a script for...

Linux

How To Free Linux Cache

These commands will cause the kernel to drop clean caches, dentries and inodes from memory. To free pagecache: sudo sync echo 1 > /proc/sys/vm/drop_caches To free dentries and inodes: sudo sync echo 2 > /proc/sys/vm/drop_caches To free pagecache, dentries and inodes: sudo sync echo 3 > /proc/sys/vm/drop_caches As this is a non-destructive operation, and dirty objects are not freeable, the user should run...

Linux

Netfilter (iptables) Tips & Tricks

Netfilter (aka iptables) is how you stop any intrusions. As an example, PSAD can recognize attack patterns, but it is Netfilter that is then used to stop any communcations from getting a response. In otherwords, Netfilter can be told to ignore incoming requests; essentially making the server unreachable.

Linux / Ubuntu

Harden Ubuntu Server 12.04 LTS

Its not enough to harden just Ubuntu. Its necessary to harden the rest of LAMP as well. So here is how I do it. Harden MYSQL sudo mysql_secure_installation answer Yes to all questions (but no need to change password) Harden PHP – and tune performance sudo apt-get install php5-suhosin sudo vi /etc/php5/apache2/php.ini uncomment this code or update setting max_execution_time =...

BASH / Linux

Some Bash Scripts to Manage Remote Server

Script to Update and Upgrade #! /bin/bash chmod 700 /usr/bin/apt-get chmod 700 /usr/bin/aptitude chmod 700 /usr/bin/dpkg swapoff -a chown username:username /home/username/* chmod 700 /home/username/* apt-get update && apt-get upgrade –show-upgraded -y Script to End session and Harden some critical files #! /bin/bash swapon -a chmod 000 /usr/bin/apt-get chmod 000 /usr/bin/aptitude chmod 000 /usr/bin/dpkg find /home/username/ -size 0 -exec rm '{}'...

Linux

VI Delete All Matching Lines

Delete all matching lines containing a string :g/46.223.1./d Replace all matching text in a file :.,$s/wrong/right/

Linux / Webmaster Tools

GREP SED AWK VI and FIND Usage Notes for Webmasters

When it comes to manipulating files, you can do almost anything with GREP SED AWK VI and FIND (and I’m a novice). My notes (taken from far more capable individuals online than I. Thank you all for the education.) File manipulation using AWK, GREP, SED, FIND, VI AWK AWK to extract IPs from logs Lists of IPs from log file...

Debian / Linux / Ubuntu

Install Rsync

Rsync Installation Instuctions sudo apt-get install rsync sudo vi /etc/rsyncd.conf copy into rsyncd.conf motd file = /etc/rsyncd.motd path = /home/username comment = This is the path to folder on the server uid = nobody gid = nobody read only = false auth users = username secrets file = /etc/rsyncd.scrt change username/servername sudo vi /etc/rsyncd.motd any message you want sudo vi...

BASH / Debian / Linux / Ubuntu

Set BASH as Default Shell

Enter at the prompt $ bash If command not found error, install BASH # pkg_add -r -v bash Now find where BASH is installed $ which bash You should see (Ubuntu) /bin/bash Change shell to BASH $ chsh -s /bin/bash username username is your User Name You should see: Password: Provide your login password You’ll need to logout (exit) and...

BASH / Debian / Linux / Ubuntu

Create User on Debian

Users and Groups Users are located in /etc/passwd Groups are located in /etc/group The administrative ROOT account is disabled by default in Ubuntu . If you wish to enable the root account, simply give it a password by typing sudo passwd To disable the root account sudo passwd -l root The initial user created by the Ubuntu installer is a...

Apache / Linux

How to Customize Apache Log Format for Fail2ban

Customize apache2 other_vhosts_access.log format so fail2ban can use it. sudo vi /etc/apache2/apache2.conf On line 255 insert LogFormat “%t %v:%p %h %l %u \”%r\” %>s %O \”%{Referer}i\” \”%{User-Agent}i\”” fail2ban Comment out the following line #LogFormat “%v:%p %h %l %u %t \”%r\” %>s %O \”%{Referer}i\” \”%{User-Agent}i\”” vhost_combined sudo vi /etc/apache2/conf.d/other-vhosts-access-log change the end of the line (or duplicate and comment out) as...