Kousik Chatterjee's Blog

Q. What is LMD ?

-- Linux Malware Detect (LMD) is Malware detector & scanner for Linux, Designed for shared hosting environments. LMD is released under GNU GPLV2 license, it can be installed on cPanel WHM & Linux Environments with together other Detection tools such as ClamAV.

Prerequisite:

1. CentOS 6.x
2. Root Privileges.

Step: 1. Install Epel Repository :

# yum -y install epel-release

Step: 2. Install Mailx :

# yum -y install mailx

Step: 3. Install Linux Malware Detect (LMD) :

# cd /tmp
# wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
# tar -xzvf maldetect-current.tar.gz
# cd maldetect-1.5
# ./install.sh

Step: 4. Make a Symlink to the maldet Command in the /bin/ Directory :

# ln -s /usr/local/maldetect/maldet /bin/maldet
# hash -r

Step: 5. Configure Linux Malware Detect (LMD) :

# cd /usr/local/maldetect/
# vi conf.maldet

-- Enable Email Alert by Changing the value to '1' on Line No 16.

email_alert="1"

-- Type in Your Email Address on Line No 21.

email_addr="koushik@domain.com"

-- Use the ClamAV Scan binary as default Scan Engine because it provides a high-performance Scan on large file sets. Change value to '1' on Line No 114.

scan_clamscan="1"

-- Enable Quarantining to move Malware to the Quarantine Automatically During the Scan Process. Change value to '1' on Line No 180.

quarantine_hits="1"

-- Enable Clean based Malware Injections. Change value to '1' on Line No 185.

quarantine_clean="1"

-- Save & Quit (:wq)

Step: 6. Install ClamAV :

# yum -y install clamav clamav-devel

Step: 7. Update the ClamAV Virus Databases :

# freshclam

Step: 8. Testing LMD and ClamAV :

-- Go to the Web root Directory & Download some sample malware (eicar) with wget.

# yum -y install wget
# cd /var/www/html
# wget http://www.eicar.org/download/eicar.com.txt
# wget http://www.eicar.org/download/eicar_com.zip
# wget http://www.eicar.org/download/eicarcom2.zip

-- Scan the Web root Directory with the maldet.

# maldet -a /var/www/html

Step: 9. Check the Scan Report :

# maldet --report 161008-0524.9466

Step: 10. Now Check the Email Report from LMD :

# tail -f /var/mail/root

Step: 11. Other LMD Commands :

-- Perform a Scan for Specific file Extention only :

# maldet -a /var/www/html/*.php

-- Get a List of all Reports :

# maldet -e list

-- Scan Files that have been Created/Modified in the last X Days :

# maldet -r /var/www/html/ 5

-- Restore Files from the Quarantine Directory :

# maldet -s SCANID

-- Enable Monitoring of a Directory :

# maldet -m /var/www/html/

-- Check the Monitor Log File :

# tail -f /usr/local/maldetect/logs/inotify_log

Thanks For Visiting on My Blog, For More Tutorials Keep Visiting My Blog

 

-- Config Server Firewall (or CSF) is a free and advanced firewall for most Linux distributions and Linux based VPS. In Addition to the Basic Functionality of a Firewall – Filtering Packets. CSF includes other security features, such as Login/Intrusion/Flood Detections.

Step: 1. Stop Firewall :

# service iptables stop
# chkconfig iptables off

Step: 2. Disable Selinux :

# vi /etc/sysconfig/selinux

SELINUX=disabled

-- Save & Quit (:wq)

Step: 3. Reboot the Server :

# init 6

Step: 4. Installation of CFS Dependencies :

# yum -y install wget vim perl perl-libwww-perl.noarch perl-Time-HiRes

Step: 5. Download & Extract CSF Package :

# cd /usr/src/
# wget https://download.configserver.com/csf.tgz
# tar -xzf csf.tgz

Step: 6. Install CFS :

# cd csf
# sh install.sh

Step: 7. Now You should Check that CSG really Works on this Server :

# cd /usr/local/csf/bin/
# perl csftest.pl

[OUTPUT]
RESULT: csf should function on this server.

Step: 8. Configure CSF :

# vi /etc/csf/csf.conf

-- Line No. 11 :

TESTING = "0"

Note: By default CSF Allows Incoming & Outgoing Traffic for the SSH Standard Port 22, if you use a Different SSH Port then please Add your port to the Configuration in line 139 "TCP_IN".

-- Line No. 69 :

RESTRICT_SYSLOG = "3"

-- Save & Quit (:wq)

Step: 9. Start CSF & LFD Service :

# service csf restart
# chkconfig csf on

# service lfd restart
# chkconfig lfd on

Step: 10. To View the list of Default Rules of CSF :

# csf -l
Or
# csf --status

Step: 11. Basic CSF Commands :

-- Start the Firewall (Enable the Firewall Rules) :

# csf -s
Or
# csf --start

-- Flush/Stop the Firewall Rules :

# csf -f
Or
# csf --stop

-- Reload the Firewall Rules :

# csf -f

-- Restart the Firewall Rules :

# csf -r
Or
# csf --restart

-- Allow an IP & Add it to csf.allow :

# csf -a 10.100.97.37
Or
# csf --add 10.100.97.37

-- Remove/Delete an IP from csf.allow :

# csf -ar 10.100.97.37
Or
# csf --addrm 10.100.97.37

-- Deny an IP & Add to csf.deny :

# csf -d 10.100.97.37
Or
# csf --deny 10.100.97.37

-- Remove/Delete an IP from csf.deny :

# csf -dr 10.100.97.37
Or
# csf --denyrm 10.100.97.37

-- Remove & Unblock all Entries from csf.deny :

# csf -df
Or
# csf --denyf

-- Search for a Pattern Match on iptables e.g : IP, CIDR, Port Number :

# csf -g 10.100.97.37
Or
# csf --grep 10.100.97.37

-- Disable CSF & LFD Completely :

# csf -x
Or
# csf --disable

-- Displays the Current List of Temporary Allow & Deny IP Entries with their TTL & Comment :

# csf -t
Or
# csf --temp

-- Add an IP to the Temp IP Allow List :

# csf -ta 10.100.97.37 ttl -p 22 -d 0.0.0.0 Allow All For Port No 22
Or
# csf --tempallow 10.100.97.37 ttl [-p port] [-d direction] [comment]

-- Add an IP to the Temp IP Ban List :

# csf -td 10.100.97.37 ttl -p 22 -d 0.0.0.0 Ban All For Port No 22
Or
# csf --tempdeny 10.100.97.37 ttl [-p port] [-d direction] [comment]

-- Remove an IP From the Temporary IP Ban or Allow List :

# csf -tr 10.100.97.37
Or
# csf --temprm 10.100.97.37

-- Flush all IPs from the Temporary IP Entries :

# csf -tf
Or
# csf --tempf

Step: 12. Advanced CSF Configuration :

# vi /etc/csf/csf.conf

-- Don't Block IP addresses that are in the csf.allow files :

IGNORE_ALLOW = "1"

-- Allow Incoming & Outgoing ICMP. Line No 152 for Incoming & Line 159 for Outgoing :

ICMP_IN = "1"
ICMP_OUT = "1"

-- Block Certain Countries. Go To Line 836 & Add the Country Codes :

CC_DENY = "CN,UK,US"
CC_ALLOW = "ID,IN,DE"

-- Send the Su & SSH Login Logs by Email. Go to the Line No. 1069 :

LF_SSH_EMAIL_ALERT = "1"

LF_SU_EMAIL_ALERT = "1"

-- And then Define the Email Address at Line No. 588 :

LF_ALERT_TO = "koushik@domain.com"

-- Save & Quit (:wq)

Step: 13. Restart CSF & LFD Service :

# service csf restart
# service lfd restart

IMPORTANT NOTES:
=================

-- The Ports Opened by Default are the Following :

TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995"
TCP_OUT = "20,21,22,25,53,80,110,113,443"
UDP_IN = "20,21,53"
UDP_OUT = "20,21,53,113,123"

-- Services using the Open Ports :

Port 20: FTP data transfer
Port 21: FTP control
Port 22: Secure shell (SSH)
Port 25: Simple mail transfer protocol (SMTP)
Port 53: Domain name system (DNS)
Port 80: Hypertext transfer protocol (HTTP)
Port 110: Post office protocol v3 (POP3)
Port 113: Authentication service/identification protocol
Port 123: Network time protocol (NTP)
Port 143: Internet message access protocol (IMAP)
Port 443: Hypertext transfer protocol over SSL/TLS (HTTPS)
Port 465: URL Rendesvous Directory for SSM (Cisco)
Port 587: E-mail message submission (SMTP)
Port 993: Internet message access protocol over SSL (IMAPS)
Port 995: Post office protocol 3 over TLS/SSL (POP3S)

-- Below are Port sets that should be opened if you are Running the Listed Service :

On any Server:

TCP_IN: 22,53
TCP_OUT: 22,53,80,113,443
UPD_IN: 53
UPD_OUT: 53,113,123

Apache:

TCP_IN: 80,443

FTP Server:

TCP_IN: 20,21
TCP_OUT: 20,21
UPD_IN: 20,21
UPD_OUT:20,21

Mail Server:

TCP_IN: 25,110,143,587,993,995
TCP_OUT: 25,110

MySQL Server (if remote access is required):

TCP_IN: 3306
TCP_OUT: 3306

Thanks For Visiting on My Blog, For More Tutorials Keep Visiting My Blog

Q. What is Rkhunter?
-- rkhunter (Rootkit Hunter) is a Unix-based tool that scans for rootkits, backdoors and possible local exploits.

Step: 1. Downloading Rkhunter Package :

# yum -y install wget mailx
# cd /tmp
# wget http://downloads.sourceforge.net/project/rkhunter/rkhunter/1.4.2/rkhunter-1.4.2.tar.gz

Step: 2. Installing Rkhunter :

# tar -xvf rkhunter-1.4.2.tar.gz
# cd rkhunter-1.4.2
# ./installer.sh --layout default --install

Step: 3. Checking & Updating Rkhunter Database Properties :

# /usr/local/bin/rkhunter --update
# /usr/local/bin/rkhunter --propupd

Step: 4. Setting Cronjob & Email Alerts :

# vi /etc/cron.daily/rkhunter.sh

#!/bin/sh
(
/usr/local/bin/rkhunter --versioncheck
/usr/local/bin/rkhunter --update
/usr/local/bin/rkhunter --cronjob --report-warnings-only
) | /bin/mail -s 'rkhunter Daily Run (PutYourServerNameHere)' mail@your_domain.com

-- Save & Quit (:wq)

# chmod 755 /etc/cron.daily/rkhunter.sh

Step: 5. To scan the Entire File System :

# rkhunter --check

Step: 6. All Results have been Written to the Log File :

# cat /var/log/rkhunter.log

Thanks For Visiting on My Blog, For More Tutorials Keep Visiting My Blog

 

Q. What is Mod_Security?

Mod_Security is an open source web application firewall (WAF) and intrusion detection and prevention system for web applications. It is used to protect and monitor real time HTTP traffic and web applications from brute fore attacks.

Q. What is Mod_Evasive?

Mod_Evasive is an open source evasive maneuvers system for Apache server to provide evasive action in the event of an HTTP brute force, Dos or DDOS attack. It was designed to use as a network traffic detection and network management tool and can be easily configured and integrated into firewalls, ipchains, routers etc. Presently, it sends abuses reports via email and syslog facilites.

Step: 1. Installing Dependencies for mod_security :

# yum -y install gcc make wget
# yum -y install libxml2 libxml2-devel httpd-devel pcre-devel curl-devel

Step: 2. Installing Mod_Security :

# cd /usr/src
# wget http://www.modsecurity.org/download/modsecurity-apache_2.6.6.tar.gz
# tar xzf modsecurity-apache_2.6.6.tar.gz
# cd modsecurity-apache_2.6.6
# ./configure
# make install
# cp modsecurity.conf-recommended /etc/httpd/conf.d/modsecurity.conf

Step: 3. Downloading OWASP Mod_Security Core Rule Set :

# cd /etc/httpd/
# wget http://pkgs.fedoraproject.org/repo/pkgs/mod_security_crs/modsecurity-crs_2.2.5.tar.gz/aaeaa1124e8efc39eeb064fb47cfc0aa/modsecurity-crs_2.2.5.tar.gz
# tar xzf modsecurity-crs_2.2.5.tar.gz
# mv modsecurity-crs_2.2.5 modsecurity-crs
# cd modsecurity-crs
# cp modsecurity_crs_10_setup.conf.example modsecurity_crs_10_setup.conf

Step: 4. Configuring Mod_Security :

# vi /etc/httpd/conf/httpd.conf

Search for the line LoadModule in your httpd.conf and add this below line at the bottom.

LoadModule security2_module modules/mod_security2.so

Uncommented this Module :

LoadModule unique_id_module modules/mod_unique_id.so

Now set the basic rule set in your httpd.conf file. Add the following lines of code at the end of the file :

<IfModule security2_module>
    Include modsecurity-crs/modsecurity_crs_10_setup.conf
    Include modsecurity-crs/base_rules/*.conf
</IfModule>

-- Save & Quit (:wq)

Step: 5. Restart Apache Server :

# service httpd restart

How to Install Mod_Evasive in RHEL/CentOS

Step: 1. Installing Mod_Evasive :

# cd /usr/src
# wget http://www.zdziarski.com/blog/wp-content/uploads/2010/02/mod_evasive_1.10.1.tar.gz
# tar xzf mod_evasive_1.10.1.tar.gz
# cd mod_evasive
# apxs -cia mod_evasive20.c

Step: 2. Configuring Mod_Evasive :

# vi /etc/httpd/conf/httpd.conf

By default installation adds the following line of mod_evasive configuration to your Apache configuration file. Please verify that it should be there like similar to below. If you can’t see this below line, then add this to your httpd.conf file.

LoadModule evasive20_module   /usr/lib64/httpd/modules/mod_evasive20.so

Now add the mod_evasive configuration parameters to your Apache configuration at the end. Replace someone@somewhere.com with your Email Id to get email alerts.

<IfModule mod_evasive20.c>
        DOSHashTableSize    3097
        DOSPageCount        2
        DOSSiteCount        50
        DOSPageInterval     1
        DOSSiteInterval     1
        DOSBlockingPeriod   60
        DOSSystemCommand  "echo 'My Organization-mod_evasive HTTP Blacklisted %s on your_hostname (192.168.100.220) more info here: http://www.whatismyipaddress.com/ip/%s' | mail -s 'My Organization Banned IP by mod_evasive on your_hostname' -r myapache@domian.com someone@somewhere.com"
</IfModule>

-- Save & Quit (:wq)

Step: 3. Next restart the Apache service to Update Changes :

# service httpd restart

Thanks For Visiting on My Blog, For More Tutorials Keep Visiting My Blog

About Fail2ban :

-- Fail2ban is an intrusion prevention software framework that protects Servers from Brute-force Attacks. Written in the Python programming language, it is able to run on POSIX systems that have an interface to a packet-control system or firewall installed locally, for example, iptables or TCP Wrapper.

Step: 1. Install Fail2Ban :

Note: Fail2ban is not Available from CentOS, we should start by downloading the EPEL Repository.

# rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

Follow up by Installing Fail2ban :

# yum -y install fail2ban

Step: 2. Copy the Configuration File :

# cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Step: 3. Configure defaults in Jail.Local :

# vi /etc/fail2ban/jail.local

[DEFAULT]

# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space separator.
ignoreip = 127.0.0.1/8 x.x.0.0/16

# "bantime" is the number of seconds that a host is banned.
bantime  = 3600

# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime  = 1800

# "maxretry" is the number of failures before a host get banned.
maxretry = 3


[ssh-iptables]

enabled  = true
filter   = sshd
action   = iptables[name=SSH, port=ssh, protocol=tcp]
           sendmail-whois[name=SSH, dest=destinaton@mydomain.com, sender=sender@mydomain.com]
logpath  = /var/log/secure
maxretry = 5

-- Save & Quit (:wq)

Step: 4. Restart Fail2Ban :

# service fail2ban restart
# chkconfig fail2ban on

Step: 5. Change Mail Subject :

# vi /etc/fail2ban/action.d/sendmail-whois.conf


actionstart = printf %%b "Subject: [FAIL2BAN] <name>: started on Server5.mydomain.com
              Date: `LC_TIME=C date -u +"%%a, %%d %%h %%Y %%T +0000"`
              From: My Organization <<sender>>
              To: <dest>\n
              Hi,\n
              The jail <name> has been started successfully.\n
              Regards,\n
              My Organization" | /usr/sbin/sendmail -f <sender> <dest>


actionstop = printf %%b "Subject: [FAIL2BAN] <name>: stopped on Server5.mydomain.com
             Date: `LC_TIME=C date -u +"%%a, %%d %%h %%Y %%T +0000"`
             From: My Organization <<sender>>
             To: <dest>\n
             Hi,\n
             The jail <name> has been stopped.\n
             Regards,\n
             My Organization" | /usr/sbin/sendmail -f <sender> <dest>


actionban = printf %%b "Subject: [FAIL2BAN] <name>: banned <ip> on Server5.mydomain.com (192.168.72.142)
            Date: `LC_TIME=C date -u +"%%a, %%d %%h %%Y %%T +0000"`
            From: My Organization <<sender>>
            To: <dest>\n
            Hi,\n
            The IP <ip> has just been banned on Server2.mydomain.com (192.168.72.142) for 30 Minutes by My Organization after
            <failures> attempts against <name>.\n\n
            Here are more information about http://www.whatismyipaddress.com/ip/<ip> \n
#            `/usr/bin/whois <ip>`\n
            Regards,\n
            My Organization" | /usr/sbin/sendmail -f <sender> <dest>

-- Save & Quit (:wq)

Step: 6. Restart Fail2Ban Service :

# service fail2ban restart

Thanks For Visiting on My Blog, For More Tutorials Keep Visiting My Blog

Q. What is iptables?

 -- It’s the basics of Firewall for Linux. Iptables is a rule based firewall system and it is normally pre-installed on a Unix operating system which is controlling the incoming and outgoing packets. By-default the iptables is running without any rules, we can create, add, edit rules into it.

Rule: 1. Block Specific IP Address in IPtables Firewall :

# iptables -A INPUT -s xxx.xxx.xxx.xxx -j DROP

Note: In case you only want to block TCP traffic from that IP address:

# iptables -A INPUT -p tcp -s xxx.xxx.xxx.xxx -j DROP

Rule: 2. Unblock IP Address in IPtables Firewall :

# iptables -D INPUT -s xxx.xxx.xxx.xxx -j DROP

Rule: 3. Block Specific Port on IPtables Firewall :

# iptables -A OUTPUT -p tcp --dport xxx -j DROP

Rule: 4. To Allow Incoming Connections use :

# iptables -A INPUT -p tcp --dport xxx -j ACCEPT

Rule: 5. Allow Multiple Ports on IPtables using Multiport :

# iptables -A INPUT  -p tcp -m multiport --dports 22,80,443 -j ACCEPT
# iptables -A OUTPUT -p tcp -m multiport --sports 22,80,443 -j ACCEPT

Rule: 6. Allow Specific Network Range on Particular Port on IPtables :

# iptables -A OUTPUT -p tcp -d 192.168.100.0/24 --dport 22 -j ACCEPT

Rule: 7. Block Facebook on IPtables Firewall :

# host facebook.com
facebook.com has address 66.220.156.68

# whois 66.220.156.68 | grep CIDR
CIDR: 66.220.144.0/20

# iptables -A OUTPUT -p tcp -d 66.220.144.0/20 -j DROP

Rule: 8. Setup Port Forwarding in IPtables :

# iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 25 -j REDIRECT --to-port 2525

Rule: 9. Block Network Flood on Apache Port with IPtables :

# iptables -A INPUT -p tcp --dport 80 -m limit --limit 100/minute --limit-burst 200 -j ACCEPT

Rule: 10. Block Incoming Ping Requests on IPtables :

# iptables -A INPUT -p icmp -i eth0 -j DROP

Rule: 11. Allow loopback (127.0.0.1) Access :

# iptables -A INPUT -i lo -j ACCEPT
# iptables -A OUTPUT -o lo -j ACCEPT

Rule: 12. Block Access to Specific MAC Address on IPtables :

# iptables -A INPUT -m mac --mac-source 00:00:00:00:00:00 -j DROP

Rule: 13. Limit the Number of Concurrent Connections per IP Address :

# iptables -A INPUT -p tcp --syn --dport 22 -m connlimit --connlimit-above 3 -j REJECT

Rule: 14. Setup IPtables Rules for PCI Compliance :

# iptables -I INPUT -d SITE -p tcp -m multiport --dports 21,25,110,143,465,587,993,995 -j DROP

If you use cPanel or similar control panel, you may need to block it’s’ ports as well. Here is an example:

# iptables -I in_sg -d DEDI_IP -p tcp -m multiport --dports  2082,2083,2095,2096,2525,2086,2087 -j DROP

Rule: 15. Block Connection on Network Interface :

# iptables -A INPUT -i eth0 -s xxx.xxx.xxx.xxx -j DROP

Rule: 16. Disable Outgoing Mails through IPTables :

# iptables -A OUTPUT -p tcp --dports 25,465,587 -j REJECT

Thanks For Visiting on My Blog, For More Tutorials Keep Visiting My Blog

Q. What is rssh ?

Ans: rssh is a restricted shell for use with OpenSSH, allowing only scp or sftp. It now also includes support for rdist, rsync, & cvs. For example, if you have a server which you only want to allow users to copy files off of via scp, without providing shell access, you can use rssh to do that.rssh is a Restricted Shell for Providing Limited Access to a host via ssh, it allows following Operations only :

1. scp - Secure file copy
2. sftp - Secure FTP
3. cvs - Concurrent Versions System ~ you can easily retrieve old versions to see exactly which change caused the bug
4. rsync - Backup & sync file system
5. rdist - Backup / RDist program maintains identical copies of files on multiple hosts.

Step: 1. Install rssh :

For CentOS :

# cd /tmp
# wget http://dag.wieers.com/rpm/packages/rssh/rssh-2.3.2-1.2.el5.rf.i386.rpm
# yum -y install rssh-2.3.2-1.2.el5.rf.i386.rpm

For Ubuntu :

# apt-get -y install rssh

Step: 2. Grant Access to SFTP & SCP for all Users by Appending :

Note: By default rssh locks down everything including any sort of access.

# vi /etc/rssh.conf

Uncommented:

allowscp
allowsftp

-- Save & Quit (:wq)

Step: 3. Restart the SSHD Service :

# service sshd restart

Step: 4. Create A New User with "/usr/bin/rssh" shell :

# useradd -m -d /var/www/html/koushik.com -s /usr/bin/rssh koushik
# passwd koushik

New password:
Retype new password:

Step: 5. Change User's Shell bash to rssh :

# usermod -s /usr/bin/rssh user_name
or
# chsh -s /usr/bin/rssh user_name

Thanks For Visiting on My Blog, For More Tutorials Keep Visiting My Blog

Q. What is Wetty (Web + tty) ?

Ans: Terminal over HTTP and HTTPS. Wetty is an alternative to ajaxterm/anyterm but much better than them because wetty uses ChromeOS' terminal emulator (hterm) which is a full fledged implementation of terminal emulation written entirely in Javascript. Also it uses websockets instead of Ajax and hence better response time.

Step: 1. Install EPEL Repo :

# yum -y install epel-release

Step: 2. Install Wetty Dependencies :

# yum clean all
# yum -y install git nodejs npm screen
# yum groupinstall "Development Tools"
# npm -g update

Step: 3. Install NTP (Time Synchronization) :

# yum -y install ntp
# service ntpd restart
# chkconfig ntpd on
# ntpdate pool.ntp.org

Step: 4. After Installing these Dependencies, Clone the Wetty GitHub Repository :

# cd /root
# git clone https://github.com/krishnasrinivas/wetty

Step: 5. Install Wetty :

# cd wetty
# npm install pty.js
# npm install

Step: 6. Starting Wetty & Access Linux Terminal from Web Browser :

# node app.js -p 8080 (Port no.)

http://Your_IP-Address:8080

Step: 7. Run Wetty through HTTPS :

# cd /root/wetty
# openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365 -nodes

Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:West Bengal
Locality Name (eg, city) [Default City]:Siliguri
Organization Name (eg, company) [Default Company Ltd]:TechnoMedia
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:ser1.techno.com
Email Address []:your_email@techno.com

Step: 8. Launch Wetty via HTTPS :

# screen
[Just Press Enter]

# cd /root/wetty
# node app.js --sslkey key.pem --sslcert cert.pem -p 8080

Step: 9. Add an User for Wetty :

# useradd koushik
# passwd koushik

New password: redhat
Retype new password: redhat

# vi /etc/sudoers

koushik    ALL=(ALL)    NOPASSWD:ALL

-- Save & Quit (:wq!)

Step: 10. Access Wetty Through Web Browser :

https://Your_IP-Address:8080
User: koushik
Pass: redhat

Thanks For Visiting on My Blog, For More Tutorials Keep Visiting My Blog

Step: 1. Install Prerequisites :

# sudo -i
# cd /etc/apt/sources.list.d
# echo "deb http://old-releases.ubuntu.com/ubuntu/ raring main restricted universe multiverse" > ia32-libs-raring.list
# apt-get update
# apt-get install ia32-libs

Note: If You are facing any error to Install "ia32-libs" Package, then :

# dpkg --add-architecture i386
# apt-get update
# apt-get install ia32-libs
# apt-get install gcc-multilib


Step: 2. Download & Install AVG Anti-Virus :

Download Link: http://free.avg.com/in-en/download-free-all-product

# cd /tmp
# wget http://aa-download.avg.com/filedir/inst/avg2013flx-r3118-a6926.i386.deb
# dpkg -i avg2013flx-r3118-a6926.i386.deb

Step: 3. To Update Virus Database or AVG :

# avgupdate
# avgupdate -d

- To update the current virus database, Use one of these Commands :

# avgupdate --priority 1
# avgupdate --priority 2
# avgupdate --priority 3
# avgupdate --priority 4
# avgupdate --priority 5

1 - Critical update
2 - Virus update
3 - Recommended update
4 - Program update (default)
5 - Optional update

Step: 4. To Scan a Specific Directory :

# avgscan -H -c -a /var/www

- For a heuristic scan :

# avgscan --heur /

Few selected important options lines from help :

As seen in example above, the syntax is: avgscan [options] [path-list]

-l, --heal Automatically heal infected object.
-t, --delete Automatically delete infected object.
-u, --vv-move Automatically move infected object into vault.
-U, --vv-backup Backup infected object if healed by deletion.


Step: 5. To Launch The AVG Anti-Virus on Ubuntu :

# avgctl --start

Step: 6. To Completely Remove AVG from your Computer :

# apt-get autoremove --purge avg2013flx

Thanks For Visiting on My Blog, For More Tutorials Keep Visiting My Blog