We have been getting a lot of hits lately emanating from Verisign. The ips-agent robot requests robots.txt but we are just not going to allow their domain browsing.
Example Server Logs:
69.58.178.36 - - "GET /robots.txt HTTP/1.1" 406 261 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12; ips-agent) Gecko/20050922 Fedora/1.0.7-1.1.fc4 Firefox/1.0.7"
69.58.178.39 - - "GET / HTTP/1.1" 406 251 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12; ips-agent) Gecko/20050922 Fedora/1.0.7-1.1.fc4 Firefox/1.0.7"
69.58.178.29 - - "GET / HTTP/1.1" 406 251 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12; ips-agent) Gecko/20050922 Fedora/1.0.7-1.1.fc4 Firefox/1.0.7"
That particular IP range resolves to:
root@server[~]# whois 69.58.178.29
OrgName: VeriSign Infrastructure & Operations
OrgID: VIO-2
Address: 21345 Ridgetop Circle
City: Dulles
StateProv: VA
PostalCode: 20166
Country: US
We have their robot blocked via ModSecurity 2+ rules.
Written by admin on July 4th, 2008 with comments disabled.
Read more articles on ModSecurity and Spiders.
There appears to be a problem with Centos 5.2 when trying to upgrade openssh-clients to version 4.3p2-26.el5.
root@server [/usr/src]# yum update openssh-clients
Loading “protectbase” plugin
Loading “fastestmirror” plugin
Loading mirror speeds from cached hostfile
* base: mirror.sanctuaryhost.com
* updates: mirror.sanctuaryhost.com
* addons: mirrors.rit.edu
* extras: updates.interworx.info
Excluding Packages in global exclude list
Finished
0 packages excluded due to repository protections
Setting up Update Process
Resolving Dependencies
–> Running transaction check
—> Package openssh-clients.i386 0:4.3p2-26.el5 set to be updated
–> Finished Dependency Resolution
Dependencies Resolved
=============================================================================
Package Arch Version Repository Size
=============================================================================
Updating:
openssh-clients i386 4.3p2-26.el5 base 446 k
Transaction Summary
=============================================================================
Install 0 Package(s)
Update 1 Package(s)
Remove 0 Package(s)
Total download size: 446 k
Is this ok [y/N]: y
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Updating : openssh-clients ######################### [1/2]
Error unpacking rpm package openssh-clients – 4.3p2-26.el5.i386
error: unpacking of archive failed on file /usr/bin/ssh: cpio: rename
Updated: openssh-clients.i386 0:4.3p2-26.el5
Complete!
UPDATE: I finally figured out why Openssh was not updating.
If you lsattr /usr/bin/ssh it will probably show that the file has been modified using chattr -i -a to prevent modification.
Written by admin on July 2nd, 2008 with comments disabled.
Read more articles on Centos and Linux.
Yum is word that may inspire fear in hearts of many noobie server admins because they don’t understand what it does and fear it make break their server if used.
Yum stands for “Yellow Updater, Modified” and is similar to commands apt-get and up2date in function.
Here are some common Yum commands used while you are logged in as root.
# yum upgrade
# yum update
# yum install bind
Yum usage:
yum [options] <update | upgrade | install |
info | remove | list |clean | provides |
search | check-update | groupinstall |
groupupdate | grouplist>
Yum Options
-c [config file] - specify the config file
to use
-e [error level] - set the error logging
level
-d [debug level] - set the debugging level
-y answer yes to all questions
-t be tolerant about errors in package
commands
-R [time in minutes] - set the max amount of
time to randomly run in.
-C run from cache only - do not update the cache
--installroot=[path] - set the install root
(default '/')
--version - output the version of yum
-h, --help this screen
Written by admin on June 24th, 2008 with comments disabled.
Read more articles on Centos and Linux.
It’s a good idea on a new server to edit the syctl.conf file to increase server security.
Steps:
1) Log into your server as root.
2) I recommend using WinSCP as a windows based interface to edit and manipulate server files.
3) Find /etc/sysctl.conf
4) Add the following text to the file. Cut and paste.
#Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.
# Disables packet forwarding
net.ipv4.ip_forward=0
# Disables IP source routing
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.eth0.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
# Enable IP spoofing protection, turn on source route verification
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.eth0.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
# Disable ICMP Redirect Acceptance
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
# Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.all.log_martians = 0
net.ipv4.conf.lo.log_martians = 0
net.ipv4.conf.eth0.log_martians = 0
# Disables IP source routing
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.eth0.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
# Enable IP spoofing protection, turn on source route verification
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.eth0.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
# Disable ICMP Redirect Acceptance
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
# Disables the magic-sysrq key
kernel.sysrq = 0
# Decrease the time default value for tcp_fin_timeout connection
net.ipv4.tcp_fin_timeout = 15
# Decrease the time default value for tcp_keepalive_time connection
net.ipv4.tcp_keepalive_time = 1800
# Turn off the tcp_window_scaling
net.ipv4.tcp_window_scaling = 0
# Turn off the tcp_sack
net.ipv4.tcp_sack = 0
# Turn off the tcp_timestamps
net.ipv4.tcp_timestamps = 0
# Enable TCP SYN Cookie Protection
net.ipv4.tcp_syncookies = 1
# Enable ignoring broadcasts request
net.ipv4.icmp_echo_ignore_broadcasts = 1
# Enable bad error message Protection
net.ipv4.icmp_ignore_bogus_error_responses = 1
# Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.all.log_martians = 1
# Increases the size of the socket queue (effectively, q0).
net.ipv4.tcp_max_syn_backlog = 1024
# Increase the tcp-time-wait buckets pool size
net.ipv4.tcp_max_tw_buckets = 1440000
# Allowed local port range
net.ipv4.ip_local_port_range = 16384 65536
5) You will now have to manually restart sysctl to affect the changes. This can be done by executing these two commands in order.
a) /sbin/sysctl -p
b) sysctl -w net.ipv4.route.flush=1
Written by admin on June 24th, 2008 with comments disabled.
Read more articles on How To and Linux.
