Install and configure Chkrootkit and Rkhunter

Install Chkrootkit

cd /usr/local/src
wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
tar xvzf chkrootkit.tar.gz
cd chkrootkit*
make sense
./chkrootkit

Create cron entries

touch /etc/cron.daily/chkrootkit.sh
chmod 700 /etc/cron.daily/chkrootkit.sh

Add the below to /etc/cron.daily/chkrootkit.sh

#!/bin/sh
(
/usr/local/src/chkrootkit-0.49/chkrootkit
) | /bin/mail -s "CHROOTKIT Daily Run (server_name)" email_address

Installing Rkhunter

cd /usr/local/src

Download :

wget http://ncu.dl.sourceforge.net/project/rkhunter/rkhunter/1.4.0/rkhunter-1.4.0.tar.gz

Install :

tar -xvf rkhunter-1.4.0.tar.gz
cd rkhunter-1.4.0
./installer.sh --layout default --install

Updating :

/usr/local/bin/rkhunter --update
/usr/local/bin/rkhunter --propupd

Create a script to send the scan result :

touch /etc/cron.daily/rkhunter.sh

chmod 500 /etc/cron.daily/rkhunter.sh

Add the below contents:

#!/bin/sh
(
/usr/local/bin/rkhunter --versioncheck
/usr/local/bin/rkhunter --update
/usr/local/bin/rkhunter --cronjob --report-warnings-only
) | /bin/mail -s 'rkhunter Daily Run (server_name)' email_address

To scan :

rkhunter --check

Enjoy 🙂



ps :
I wanted to change the from address for a user, 
Created a file
/scripts/result_rkhunter and changed the script as below :
#!/bin/sh
cat /dev/null > /scripts/result_rkhunter
Machine_name=$(hostname)
SUBJECT="rkhunter_result : $Machine_name"
EMAILMESSAGE="/scripts/result_rkhunter"
/usr/bin/rkhunter --versioncheck --nocolors >> /scripts/result_rkhunter
/usr/bin/rkhunter --update --nocolors >> /scripts/result_rkhunter
/usr/bin/rkhunter --cronjob --report-warnings-only --nocolors >> /scripts/result_rkhunter
Result_From_RKH=$(cat "$EMAILMESSAGE")
/usr/sbin/sendmail to_email_address  <<EOF
subject:$SUBJECT
from:from_email_address
"$Result_From_RKH"
EOF

Reset WordPress password from the command line

You can use the below steps to change the WordPress login :

1. Login to the mysql :

mysql -u root -p;

2. Select the database :

use database_name;

3. List the Users :

select * from wp_users\G

Note : Note down the password before you change. Just in case your client want the same password :p

4. Change the password for the user you required :

UPDATE wp_users SET user_pass=MD5('new_password') where ID=id_you_need;

Enjoy !!! 🙂 🙂 🙂

Proper Permissions in Linux

It is always a bad idea to keep all the files and folders with full permissions (file : 666 and folders : 777) for the sake of getting rid of the errors. Use the below commands to find out all the files and folders with full permission under the account /home/theg :

find /home/theg -type f -perm 666 -print
find /home/theg -type d -perm 777 -print

 

Use the below command to change all the permissions to 755 for all the folders and 644 for all the files :

find /home/theg/ -type d -perm 777 -exec chmod 755 {} \;
find /home/theg/ -type f -perm 666 -exec chmod 644 {} \;

Enjoy !!! 🙂

Error: Couldn’t read status information for table general_log ()

I got the below errors when I took the MYSQL backup using mysqldump command :

Error: Couldn’t read status information for table general_log ()
mysqldump: Couldn’t execute ‘show create table `general_log`’: Table ‘mysql.general_log’ doesn’t exist (1146)

Checking more on this, found that it is a bug. Following are the workaround :

Login to your mysql : mysql -u root -p
select the database mysql : use mysql
Create the below tables :

CREATE TABLE IF NOT EXISTS general_log (
event_time timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
user_host mediumtext NOT NULL,
thread_id int(11) NOT NULL,
server_id int(10) unsigned NOT NULL,
command_type varchar(64) NOT NULL,
argument mediumtext NOT NULL
) ENGINE=CSV DEFAULT CHARSET=utf8 COMMENT=’General log’;

CREATE TABLE IF NOT EXISTS slow_log (
start_time timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
user_host mediumtext NOT NULL,
query_time time NOT NULL,
lock_time time NOT NULL,
rows_sent int(11) NOT NULL,
rows_examined int(11) NOT NULL,
db varchar(512) NOT NULL,
last_insert_id int(11) NOT NULL,
insert_id int(11) NOT NULL,
server_id int(10) unsigned NOT NULL,
sql_text mediumtext NOT NULL
) ENGINE=CSV DEFAULT CHARSET=utf8 COMMENT=’Slow log’;”

Now I am able to ‘mysqldump’ the databases. But I have noticed that another error is there while using the below command :

mysql> flush privileges;
ERROR 1146 (42S02): Table ‘mysql.servers’ doesn’t exist

As the error indicates, Just create the same as below:

mysql>CREATE TABLE `servers` ( `Server_name` char(64) NOT NULL,

`Host` char(64) NOT NULL,

`Db` char(64) NOT NULL,
`Username` char(64) NOT NULL,

`Password` char(64) NOT NULL,
`Port` int(4) DEFAULT NULL,

`Socket` char(64) DEFAULT NULL,

`Wrapper` char(64) NOT NULL,
`Owner` char(64) NOT NULL,
PRIMARY KEY (`Server_name`) )

ENGINE=MyISAM

DEFAULT CHARSET=utf8

COMMENT=’MySQL Foreign Servers table’;

Now everything works fine……

Hope it helps somebody else too……

Enjoy !  🙂

apr_sockaddr_info_get() failed

I got the below error while restarting the httpd service :

[root@theG]# service httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd: httpd: apr_sockaddr_info_get() failed for theG
httpd: Could not reliably determine the server’s fully qualified domain name, using 127.0.0.1 for ServerName
[  OK  ]

Here is the workaround :

Just follow my post on how to add hostname in server properly.

https://gopukrish.wordpress.com/2013/07/11/change-the-hostname-in-centos/

 

Enjoy ! 🙂