Update: On 16th July 2008 there was version 1.1.8 released. I updated this how-to.

The installation is very simple.

cd /root/
wget http://www.rootkit.nl/files/lynis-1.1.8.tar.gz
tar xvfz lynis-1.1.8.tar.gz
rm -f lynis-1.1.8.tar.gz
cd lynis-1.1.8

now run “./lynis” to see all available options.

I prefer running it “./lynis -c -Q” so it does complete scan and does not wait after every page for my keypress. There is summary at the end of the scan which gives you info about warnings. I advise you to check all the things it reports. It is very nice tool and I will definitely monitor its future development.

Here is the changelog for version 1.1.8:

edit file .bash_profile  with command

vi .bash_profile

and then enter this line in there:

echo ‘ALERT - Root SSH access:’ `date` `who` | mail -s “Root has logged into by `who | awk ‘{print $6}’`” email@yourdomain.com

the command is pretty straightforward and can be altered any way you like.

Enjoy!

Here is the error message:

500 Internal error
Internal Server Error

——————————————————————————–
Hints :-
Check logs files in /var/log/ensim/ for debug information
Ensure URL typed is correct

And here is what will be in your log :

2007/05/19 15:12:20 HTTP INFO 127.0.0.1 - GET /static/images/subnav_links_bg.gif HTTP/1.1
2007/05/19 15:12:20 HTTP INFO 127.0.0.1 - GET /static/images/sysoption_on.gif HTTP/1.1
2007/05/19 15:12:20 HTTP INFO 127.0.0.1 - GET /isp/services/sendmail/index HTTP/1.1
2007/05/19 15:12:20 INFO Traceback (most recent call last):
File “/usr/lib/python2.4/site-packages/cherrypy/_cphttptools.py”, line 271, in run main()
File “/usr/lib/python2.4/site-packages/cherrypy/_cphttptools.py”, line 502, in main body = page_handler(*args, **cherrypy.request.paramMap)
File “/home/build/qa/saber/10.0.0/fc.4/13.fc.4/epl/pudasin13/build/build-boot/epl/frontend/rootapp/isp/services/sendmail/__init__.py”, line 30, in index
File “/home/build/qa/saber/10.0.0/fc.4/13.fc.4/epl/pudasin13/build/build-root/epl/frontend/rootapp/pages.py”, line 78, in kidserialize
File “/usr/lib/python2.4/site-packages/kid/__init__.py”, line 283, in serialize return serializer.serialize(self, encoding, fragment, format)
File “/usr/lib/python2.4/site-packages/kid/serialization.py”, line 109, in serialize text = ”.join(tuple(
File “/usr/lib/python2.4/site-packages/kid/serialization.py”, line 345, in generate for ev, item in self.apply_filters(stream, format):
File “/usr/lib/python2.4/site-packages/kid/serialization.py”, line 165, in format_stream for ev, item in stream:
File “/usr/lib/python2.4/site-packages/kid/parser.py”, line 218, in _coalesce for ev, item in stream:
File “/usr/lib/python2.4/site-packages/kid/parser.py”, line 174, in _track for p in stream:
File “/usr/lib/python2.4/site-packages/kid/filter.py”, line 22, in apply_matches for ev, item in stream:
File “/usr/lib/python2.4/site-packages/kid/parser.py”, line 174, in _track for p in stream:
File “/usr/lib/python2.4/site-packages/kid/parser.py”, line 218, in _coalesce for ev, item in stream:
File “/usr/lib/ensim/frontend/kidpages/isp/services/sendmail/configuration.py”, line 63, in _pull
TypeError: generate_content() takes exactly 1 argument (2 given)

And the fix is to recompile templates, restart Ensim and reboot server:

cd /usr/lib/ensim/frontend/kidpages/
/usr/bin/kidc -f *
service epld restart
reboot

NEW: Rkhunter v.1.3.2. is available and this how-to is updated.

Use these commands to install it:

wget http://kent.dl.sourceforge.net/sourceforge/rkhunter/rkhunter-1.3.2.tar.gz
tar xvfz rkhunter*
cd rkhunter-1.3.2
./installer.sh –layout oldschool –install

note the installation difference - my command uses old format for installing rkhunter. If you do not have rkhunter installed or want it to be installed elsewhere follow the install script instructions.

Also, you will need to edit the config file because it is different than previous version. Do so by using this command:

 cp /etc/rkhunter.conf /usr/local/etc/rkhunter.conf

It worked for me. Inspect the config file before usage.

After successful installation you can remove this rkhunter-1.3.2 directory.

At this time it is a good idea to create a cron job task to run Rkhunter regularly with email to root mailbox.

crontab -e

and insert these lines in there:

10 0 * * * /usr/local/bin/rkhunter –-update > /dev/null 2>&1 # updates Rkhunter’s database
25 0 * * * /usr/local/bin/rkhunter -c –-nocolors –-cronjob –-report-mode –-createlogfile –-skip-keypress –-quiet # runs it in cronjob mode

That’s it! Enjoy this fine piece of software

 Here is the changelog for version 1.3.2: (date is in European format)

 * 1.3.2 (27/02/2008)

 New:
 - Added support for the socklog and rsyslog (syslog) daemons.
 - Added support for IRIX/IRIX64 systems.
 - If the user wishes to force RKH to use the ’stat’ or ‘readlink’
   supplied scripts, then this can be set in the configuration file.
   The options STAT_CMD and READLINK_CMD, respectively, can be given
   the value of BUILTIN to achieve this. For the ’stat’ script, perl
   must be present.

 Changes:
 - Improved the ‘unsupported language’ error message so that the user is
   told exactly what command to run in order to see the list of supported
   languages. Added a similar comment in the configuration file.
 - Errors from applications during the application version check are mostly
   now ignored. Improved checking that a valid version has been found.
 - The ALLOW_SSH_ROOT_USER and ALLOW_SSH_PROT_V1 options in the configuration
   file can now be set to ‘unset’ and ‘2′ respectively. These values indicate
   that the SSH configuration file have no specific value set for the
   corresponding SSH option (’PermitRootLogin’ and ‘Protocol’). RKH will show
   the test result in green and as ‘Not set’.
 - Application names, in the application check, can now be completely
   whitelisted. Previously only specific versions were whitelisted, and
   RKH had to run the application to find the version. By whitelisting
   the application completely, RKH does not have to run it.
 - The use of the ‘pflog’ network interface is now checked for on all *BSD
   systems (not just OpenBSD).
 - Allow i18n language filenames to contain characters other than just letters.

 Bugfixes:
 - Scanning the /dev directory in LAZY mode corrupted the pathname being
   tested. Also RKH now handles filenames (in /dev) with spaces correctly.
 - During the test of files in /dev, MAKEDEV was not being automatically
   whitelisted if it exists as an actual file (not a symlink).
 - Ensure the suspscan test removes any files it creates.
 - The MAIL-ON-WARNING configuration file option and the –no-verbose-logging
   command-line option, are now only logged if the system is being checked.
 - Root equivalent and passwordless account names are now shown correctly.
   Previously, names which contained spaces, for example if the account had
   been manually commented out, were only shown up to the first space character.
 - Whitelisted passwordless account names are now logged.
 - Suspscan warnings were being ignored by the rkhunter summary and return code.
 - Corrected obtaining process names in Solaris for the network ports and
   deleted files tests. Previously they did not report the name correctly, if
   at all.
 - Use of the ‘–debug’ option with the Korn shell was not working correctly.
 - Reset the SIGPIPE handler to its default to avoid pipe output errors.
 - Language files may contain backticks. These are now escaped during
   processing.
 - Unset the MANPATH in the spec file to allow the RPM to be built on
   OpenSuSE systems.
 - The hidden files/directories test would try and run even if no ‘file’
   command was present.
 - Cater for *BSD systems using the fdesc/fdescfs filesystem on /dev/fd.

Take a look at this knowledge base article  for a solution.

 You just download files that belong to your OS and then run

rpm -Uvh *.rpm

sh upgrade.sh

Here is solution that fixes it :

First I generate self-signed certificate for apache ssl and consequently use it for connection with EnsimX Pro by issuing these commands:

on RHEL 4 /CentOS 4 box:

cd /usr/lib/ensim/frontend/httpd/conf/
mv server.crt server.crt-orig
mv server.key server.key-orig
ln -s /etc/httpd/conf/ssl.crt/server.crt server.crt
ln -s /etc/httpd/conf/ssl.key/server.key server.key
service epld restart

 on RHEL5/CentOS5 box:

cd /usr/lib/ensim/frontend/httpd/conf/
mv server.crt server.crt-orig
mv server.key server.key-orig
cp -f /etc/pki/tls/certs/localhost.crt /etc/httpd/conf/ssl.crt/server.crt
cp -f /etc/pki/tls/private/localhost.key /etc/httpd/conf/ssl.key/server.key
ln -s /etc/httpd/conf/ssl.crt/server.crt server.crt
ln -s /etc/httpd/conf/ssl.key/server.key server.key
service epld restart

Tadaaaaa… and it works

Here are the features that I receive from this little script:

SendmailStats reports:

• Time/date of log beginning and end
• Total bytes transferred and total MB transferred
• Total bytes in and total MB in (locally delivered)
• Number of messages sent out
• Number of messages coming in
• Messages per hour graph
• Top 20 remote sending hosts
• Total number of sending hosts and number of their attempted messages
• Top 20 destination hosts
• Total number of destination hosts and number of messages sent to them
• Top 20 local deliveries
• Total number of local accounts that received mail
• Total number of messages delivered locally
• Top 20 senders
• Total number of senders and total number of messages sent

These are the steps that need to be done to make it work:

wget http://www.reedmedia.net/software/sendmail_stats/sendmail_stats-0.9.txt
mv sendmail_stats-0.9.txt /root/sendmailstats
chmod 755 /root/sendmailstats
vi /root/sendmailstats

edit dit the “$default_hostname = ‘EDIT-THIS-default-domain.net’;” line matching your hostname

vi /etc/cron.daily/smailstats

into the file paste this line:

/root/sendmailstats < /var/log/maillog | less | mail -s “sendmail stats” root

Save the file & close it.

chmod 755 /etc/cron.daily/smailstats

And you are finished. The script will run every day when is your daily cron set and you receive email with the stats.

Die spam!

 All you need to do is edit the config file which should be /etc/proftpd/proftpd.conf  and place this line within <global> section:

 IdentLookups Off

 That should remove the delay and your ftp connection will be initialized very quickly.

If you use version older than 10.x.x

 # service webppliance restart  

If you use version EnsimX for Linux 10.x and higher

# service epld restart

I hope this helps

It can be used to back up a database or to move database information from one server to another.

1. Export A MySQL Database

This example shows you how to export a database. It is a good idea to export your data often as a backup.

# mysqldump -u username -ppassword database_name > FILE.sql

Replace username, password and database_name with your MySQL username, password and database name.

File FILE.sql now holds a backup of your database, download it to your computer.

2. Import A MySQL Database

Here, we import a database. Use this to restore data from a backup or to import from another MySQL server.

Start by uploading the FILE.sql file to the server where you will be running this command.

# mysql -u username -ppassword database_name < FILE.sql

Replace the parts in red with your own information.

This powerful, easy to use command has many uses. Let’s say you wanted to switch web hosting providers.

Simply export your data on the old provider’s server and import it on your account with the new host.

This how-to was copied from clockwatchers.com, thanks!