Preventing SSH server attacks with DenyHosts

10. 3. 2010 Zobraziť článok

Pre Debian lenny

cd /tmp
tar xvfz DenyHosts-2.6.tar.gz
cd DenyHosts-2.6
python install
cd /usr/share/denyhosts
cp denyhosts.cfg-dist denyhosts.cfg
vi denyhosts.cfg
	SECURE_LOG = /var/log/auth.log
	LOCK_FILE = /var/run/
cp daemon-control-dist daemon-control
vi /usr/share/denyhosts/daemon-control
	DENYHOSTS_BIN = "/usr/bin/"
	DENYHOSTS_LOCK = "/var/run/"
	DENYHOSTS_CFG = "/usr/share/denyhosts/denyhosts.cfg"
chown root daemon-control
chmod 700 daemon-control
cd /etc/init.d
ln -s /usr/share/denyhosts/daemon-control denyhosts
update-rc.d denyhosts defaults
/etc/init.d/denyhosts start
cat /etc/hosts.deny


Zobraziť článok

Vi Cheat Sheet

3. 3. 2010 Zobraziť článok

My commonly used vi commands.

Moje často používané príkazy.

ddDelete current line
v mark lines dDelete marked text - v start visual mode, mark lines with shift+arrow keys, then do command d
/stringSearch forward for string
?stringSearch back for string
nSearch for next instance of string
NSearch for previous instance of string
:s/pattern/string/flagsReplace pattern with string according to flags. g flag replace all occurences of pattern, c confirm replaces, & repeat last :s command.
:$Move to last line
:30Move to line 30
:wqSave and Quit
:q!Quits without saving
:e fileEdit file
:nGo to next file
:pGo to previos file

Full VI Cheat Sheets - References
Zobraziť článok

man find

25. 2. 2010 Zobraziť článok
man find
find DIR -name PATTERN
find /var/www -mtime -1 -name '*.php'

modification time in hours: -mtime HOURS
modification time in minutes: -mmin MINUTES

  • n:  exactly n 24-hour periods (days) ago, 0 means today.
  • +n: more then n 24-hour periods (days) ago, or older then n,
  • -n: less than n 24-hour periods (days) ago (-n), or younger then n. -1 means today.


Zobraziť článok

Apache 2 configuration on Debian

14. 2. 2010 Zobraziť článok

vi /etc/apache2/apache2.conf
vi /etc/apache2/httpd.conf



A list of configuration files - one per site. A blank install will contain the file default. The system admin can have as many sites here as they need - however - they will not all be active.


A list of symlinks to configuration files in sites-available. A blank install will contain a symlink 000default to sites-available/default. The sites listed here are the sites which will be active. The site to be used if no virtual hosts match will be the first file found (hence the 000 on 000default).

U mňa: -> aby zobrazil "The requested alias was not found on this server."

#enabling site xxx
a2ensite xxx

#disabling site xxx
a2dissite xxx

/etc/init.d/apache2 reload


A list of configuration files - one or more per module. Each dpkg installed module will add files here. e.g. php4.conf and php4.load are added with the libapache2-mod-php package. Again - the system admin can install whatever modules they wish - however - until they are set available they will not be active.


A list of symlinks to configuratioon files in modes-available. Only modules linked in here will be activated on the webserver.

#enabling modul xxx
a2enmod xxx
a2enmod rewrite

#disabling module xxx
a2dismod xxx

/etc/init.d/apache2 restart


vi /etc/apache2/sites-available/

<VirtualHost *:80>
        DocumentRoot /var/www/
        <Directory />
                Options FollowSymLinks
                AllowOverride All

        ErrorLog /var/www/
        LogLevel warn
        CustomLog /var/www/ combined

/etc/init.d/apache2 reload

Zobraziť článok

Apache Core Features

12. 2. 2010 Zobraziť článok
Security Tips Apache Core Features

Formatted listing of the directory

Options +Indexes

If a URL which maps to a directory is requested, and there is no DirectoryIndex (e.g., index.html) in that directory, then mod_autoindex will return a formatted listing of the directory. #Options Directive

.htaccess tips and tricks

.htaccess file generator
Zobraziť článok

MySQL Administration

13. 8. 2009 Zobraziť článok

How to reset root password?

pkill mysqld
mysqld_safe --skip-grant-tables
mysql --user=root mysql
update user set Password=PASSWORD('my_pass') where user='root';
flush privileges;

Create database and grant user

mysql -u root -p
create database my_db;
grant all privileges on my_user.* to 'my_db'@'localhost' identified by 'my_pass';

Import sql file

use mydatabase
source filename.sql

Export/Import database

mysqldump -u username -ppassword database_name > dump.sql
mysql -u username -ppassword database_name < dump.sql

Zobraziť článok

pureFTPd Administration

9. 7. 2009 Zobraziť článok

Nastavenie servra

~$ apt-get install pure-ftpd-common pure-ftpd
~$ groupadd ftpgroup
~$ useradd -g ftpgroup -d /dev/null -s /etc ftpuser
~$ pure-pw useradd nawebe -u ftpuser -g ftpgroup -d /var/www
# commitnúť zmeny
~$ pure-pw mkdb
~$ echo no > /etc/pure-ftpd/conf/PAMAuthentication
~$ echo no > /etc/pure-ftpd/conf/UnixAuthentication

Spustenie servera

~$ /usr/sbin/pure-ftpd -j -E -B -f none -c 20 -C 3 -I 5 -l puredb:/etc/pure-ftpd/pureftpd.pdb


-j //automatically create home directory
-E //only allow authenticated users
-B //start in background (daemonization)
-f none //facility for syslog logging, none :disabled
-c 20 //maximum of clients to be connected
-C 2 //number of simultanous connections
-I 5 //maximum idle time
-l puredb: //rule to the authentication metod

Čo ak mi tam niečo už beží?

Unable to start a standalone server: Address already in use
~$ netstat -ap | grep "*:ftp"
tcp  0   0 *:ftp   *:*   LISTEN   1302/inetd
~$ kill PID

Správa userov

~$ pure-pw list
~$ pure-pw show nawebe
Kto je pripojený?
~$ pure-ftpwho
Zmeniť heslo
~$ pure-pw passwd test
Zmazať usera
~$ pure-pw userdel test
Zobraziť článok

Rewrite www

6. 7. 2009 Zobraziť článok ->

RewriteEngine On
RewriteCond %{HTTP_HOST} ^ [NC]
RewriteRule ^(.*)$$1 [L,R]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?v=$1 [PT,L,QSA] ->

RewriteEngine On
RewriteCond %{HTTP_HOST} ^ [NC]
RewriteRule ^(.*)$$1 [L,R]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?v=$1 [PT,L,QSA]

Odstrániť lomku

RewriteCond %{HTTP_HOST} ^www.example\.com$ [NC]
RewriteRule ^(.+)/$ http://%{HTTP_HOST}/$1 [R=301,L]

Zobraziť článok