Security

How To Integrate ClamAV Into PureFTPd For Virus Scanning On Mandriva 2010.0

how you can integrate ClamAV into PureFTPd for virus scanning on a Mandriva 2010.0 system. In the end, whenever a file gets uploaded through PureFTPd, ClamAV will check the file and delete it if it is malware.

1 Preliminary Note

You should have a working PureFTPd setup on your Mandriva 2010.0 server, e.g. as shown in this tutorial: Virtual Hosting With PureFTPd And MySQL (Incl. Quota And Bandwidth Management) On Mandriva 2009.1 (yes, it’s for Mandriva 2009.1, but works for Mandriva 2010.0 as well).

2 Installing ClamAV

urpmi clamd clamav

create the system startup links for clamd and freshclam and start them

chkconfig clamd on
chkconfig freshclam on
/etc/init.d/clamd start

freshclam
/etc/init.d/freshclam start

3 Configuring PureFTPd

open /etc/pure-ftpd/pure-ftpd.conf and set CallUploadScript to yes

vi /etc/pure-ftpd/pure-ftpd.conf

Continue reading “How To Integrate ClamAV Into PureFTPd For Virus Scanning On Mandriva 2010.0” »

Be the first to comment - What do you think?  Posted by Aniruddh - December 18, 2011 at 3:13 pm

Categories: Security   Tags:

How To Configure The AIDE (Advanced Intrusion Detection Environment) File Integrity Scanner For Your Website

A file integrity scanner is something you need to have. Imagine a hacker placing a backdoor on your web site, or changing your order form to email him a copy of everyone’s credit card while leaving it appear to be functionally normally.

By setting up daily reporting, this notifies you within, at most, 24 hours of when any file was changed, added, or removed. It also helps establish an audit trail in the event your site is compromised.

Step 1: Download A Sample AIDE config file

start with a simple one, this will scan your web root directory for md5 hash changes.

To download the file, SSH into your account and run

$ wget securehostingdirectory.com/aide.conf

Step 2: Initialize the AIDE database

$ nice -19 aide --init --config=/home/username/aide.conf

AIDE is not the least resource intensive software in the world so we are running it with a 19 priority using nice.

Now copy your AIDE output database file to the input file

Continue reading “How To Configure The AIDE (Advanced Intrusion Detection Environment) File Integrity Scanner For Your Website” »

Be the first to comment - What do you think?  Posted by Aniruddh - December 11, 2011 at 6:25 am

Categories: Security   Tags:

Xtables-Addons On Centos 6 & Iptables GeoIP Filtering

To install aditional modules for the kernel to use with iptables rules sets (netfilter modules). Xtables-addons is the successor to patch-o-matic(-ng). Likewise, it contains extensions that were not, or are not yet, accepted in the main kernel/iptables packages. Xtables-addons is different from patch-o-matic in that you do not have to patch or recompile the kernel.

1 Preliminary Note

SELinux is disabled. Run

system-config-securitylevel

edit /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing – SELinux security policy is enforced.
# permissive – SELinux prints warnings instead of enforcing.
# disabled – No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted – Targeted processes are protected,
# mls – Multi Level Security protection.
SELINUXTYPE=targeted
to disable SELinux

Continue reading “Xtables-Addons On Centos 6 & Iptables GeoIP Filtering” »

Be the first to comment - What do you think?  Posted by Aniruddh - November 17, 2011 at 1:35 pm

Categories: CentOS, Firewall, Security   Tags:

How To Configure A pfSense 2.0 Cluster Using CARP

pfSense is quite a advanced (open-source) firewall being used everywhere from homes to enterprise level networks, I have been playing around with pfsense now for the last 3 months and to be honest I am not looking back, it is packed full of features and can be deployed easily within minutes depending on your requirements.
Requirements
VMs will work, it’s just best practice to keep these machines separate from your VM infrastructure (if you have any)), plus a dedicated subnet for the sync network traffic

Network Configuration:

Firewall 1 Firewall 2
WAN IP: 192.168.100.1 WAN IP: 192.168.100.2
SYNC IP: 10.155.0.1 SYNC IP: 10.155.0.2
LAN IP: 192.168.1.252 LAN IP: 192.168.1.253

The 2 IP addresses below will be shared between the firewalls.

WAN Virtual IP: 192.168.100.200
LAN Virtual IP: 192.168.1.254

Building The Cluster

Continue reading “How To Configure A pfSense 2.0 Cluster Using CARP” »

Be the first to comment - What do you think?  Posted by Aniruddh - November 6, 2011 at 8:38 pm

Categories: Firewall, Security   Tags:

How To Password-Protect Directories With mod_auth_mysql On Apache2

It is an alternative to the plain-text password files provided by mod_auth and allows you to use normal SQL syntax to create/modify delete users. You can also configure mod_auth_mysql to authenticate against an existing MySQL user table.

1 Preliminary Note
use the vhost http://www.example.com here with the vhost configuration file /etc/apache2/sites-available/www.example.com.vhost and the document root /var/www/www.example.com/web. I want to password-protect the directory /var/www/www.example.com/web/protecteddir in this tutorial (translates to http://www.example.com/protecteddir/)
2 Installing MySQL, mod_auth_mysql

install MySQL and mod_auth_mysql

apt-get install mysql-server mysql-client libapache2-mod-auth-mysql

You will be asked to provide a password for the MySQL root user:

New password for the MySQL “root” user: < -- yourrootsqlpassword
Repeat password for the MySQL "root" user: <-- yourrootsqlpassword

Afterwards, enable the mod_auth_mysql module:

Continue reading “How To Password-Protect Directories With mod_auth_mysql On Apache2” »

Be the first to comment - What do you think?  Posted by Aniruddh - November 3, 2011 at 8:01 pm

Categories: Apache, Security   Tags: