Archive for June, 2006

Who’s Ya Rock Band

Wednesday, June 28th, 2006

I had welcomed to the jungle !

I scored as Guns ‘N’ Roses. I am Guns ‘N’ roses. a great band in the 80’s and 90’s who made a huge impact on the world. they became an instant hit with their amazing, guitar shredding guitarist Slash and their lead singer Axel Rose.

I love their numbers… November Rain, Don’t CrY, Estranged, Knockin’ On Heaven’s Door, Sweet Child O’ Mine…

Guns 'N' Roses

90%

Led Zeppelin

60%

AC/DC

40%

Jimi Hendrix

40%

Van Halen

30%

Thin Lizzy

10%

The Who

10%

System Installation Checklist

Saturday, June 24th, 2006

System Installation Checklist for Server mongoose Dateded: 19-June-2006
=============++++++++++++++++++=============

This System Installation Check-list particularly designed for the the server mongoose.

0.System Information

Hostname : mongoose
Domain Name : mongoose.animals.org
IP Address : 192.168.63.82 (may change)
Serial No : B2-xxx-A05060-558
Platform : Intel Dual Xeon (2×3.6 Ghz), 1MB cache
OS Version : RedHat Advanced Server-4 (Kernel-2.6.9-5.ELsmp)
Disk Devices : 2×146GB
Raid Level : 0 [mirrorred]
Disk Storage : 146 GB
RAID Driver Disk : Adaptec Ultra SCSI [a320]

1.Drive Configurations

Filesystem Size Used Avail Use% Mounted on

/dev/sda7 4.9G 632M 4.0G 14% /
/dev/sda1 122M 12M 104M 10% /boot
none 1013M 0 1013M 0% /dev/shm
/dev/sda2 58G 107M 55G 1% /home
/dev/sda9 11G 485M 9.2G 5% /home/admin
/dev/sda6 15G 69M 14G 1% /opt
/dev/sda3 25G 1.8G 22G 8% /usr
/dev/sda5 20G 139M 19G 1% /var

2.Security Settings

a. Enabled SELinux Policy.
b. IP-Tables Firewall enabled except the services ssh, http, ftp, sendmail.

NOTE:
a. The home directory for local Administrator has assaigned as /home/admin
b. RedHat Network registration information.

Done by: Scooby Doo
Verified by: Shrek

Animal Instinct

Monday, June 19th, 2006

I believe we all gotta an animal instict… I am non-veg.
I like watching NGC… I love monkeys.

The link shows ya some wild photgraphY (happened to here about this photographer)
http://kalyanvarma.net/photography/viewtags.php?tag=All

…this is too good.

http://kalyanvarma.net/photography/photo.php?id=235&tag=All

..we can teach the animal wildness…and animals can teach us things we have forgotten !

Linux Security Check List

Friday, June 9th, 2006

Linux Security Checklist

Hey people stop reading…if the box ya want to make secure is not getting powered ON… ya got it…!!


Introduction

I gotta an assaignment to prepare a securitY check-list and here I make it general for anybodY who wanna have a look…I spent quite some time over the jungle…..
This crap maY provide ya some of the keY concepts that can go a long way in keeping a Linux system in secure[/insecure :-P].

General
0.Hardware
1.OS Distribution
2. File System Allocation( Disk Partitions)
3.OS Installation / Package Selection
4.Physical Security
5.Back-Ups
6.Expired Systems
7.Make a Boot and Rescue Media
8.Remove Unnecessary Software Package
9.Keep the System Patched and Up-to-Date
10.Set Off the Unnecessary Services
11.Disable the Unused Ports
12.Cross Check for Xinetd Services
13.Check Security on Key Files
14.User Account Management
15.Remove Unwanted/Zombie Files
16.Customized Banners
17.Harden the Services/Applications which are Required
0.nfs
1.ssh
2.ftp
3.xinetd
4.sendmail
5.apache (httpd)

18.Kernel Tunable Security Parameters
19.iptables
20.TCP Wrappers
21.Pluggable Authentication Module (PAM)
22.Proper System Logging
23.SELinux
24.Tripwire

General
To say ideally, the check list start right from the Hardware, OS Distribution, File System Allocation( Disk Partitions), OS Installation, Physical Security, Back-Ups and finally dump the system by ensuring that data can not be recovered from the Hard disk(s).

Hardware

Is that an OS distro certified hardware vendor?
Choose the hardware vendor who are good at customer support.
Choose the hardware, which meet our requirements (do we need a dual CPU, what is going to be its future role)
Have a plan for Annual Maintenance Contract (AMC) and how long we need it.

OS Distribution
This is all about our choice but must consider the facts, getting security updates, bug-fixes, enhancements and patch management within a short time-frame and in priority wise is an important step to be pro-actively secure the Linux System.

File System Allocation (Disk Partitions)
The system should have separate partitions to avoid “panics�?. This is just a DIVIDE & RULE Policy for better management and for recovery when we had troubles. Make separate partitions and allocate required space for /boot, /, /usr, /home, /var, /tmp and /opt for your optional and third party applications. This step is very important for both Production Servers, Workstations and Desktops (I mean to say, when you do a Linux installation)

OS Installation (Package Selection)

Do you need an Office Suite or xpdf to run your Database Server ? NO. So smart package selection avoid unwanted services and reduce the Risk Factor. May be the vulnerability is more for a package that you really never use.

Physical Security
The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards (Gene Spafford)
The systems should be in locked Server-Rack and locked room/datacenter. Physical access to the systems are restricted to authorized users. Set BIOS and Grub password (These days KVM switches can handle from BIOS level to avoid remote reboot chaos).
I am not saying anything hereabout Disaster Recovery Management and room Air Conditioning.

Back-Ups

Data are important for any level of organizations, so the back-up.
Simple back-up utilities are tar, gzip, bzip2, dump – for multiple level of back-up for the entire file-system, rsync – for transfer data between servers and keep in sync, amanda – for a client-server environment.

Expired Systems

Make sure the data can not be recovered from the hard-disks of the systems which is expired and not in use anymore. Disksanitizer is a tool to remove from all traces of data from the storage media according to the U.S. DoD standards.

Make a Boot and Rescue Media
…I just gotta finger pain…but to be continued…. (…where is the vicks bottle…hmm..)