Protect against HTTP DoS attacks with mod_dosevasive
Fri, 01/28/2005 - 10:07 — sandipmod_dosevasive is an evasive maneuvers module for Apache to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack. It is also designed to be a detection and network management tool, and can be easily configured to talk to ipchains, firewalls, routers, and etcetera. mod_dosevasive presently reports abuses via email and syslog facilities.
The below steps were used to install mod_dosevasive on Apache-2.
-
Installation:
-
Check that you have httpd-devel package installed as you will need apxs
Download mod_dosevasive.
- sandip's blog
- Login or register to post comments
- Read more
Check your spellings on the Command Line Interface
Tue, 01/25/2005 - 15:52 — nepalexpoThe aspell command, from the aspell package is designed to spell check files. This package also provides the command spell, ispell, and run-with-aspell which call aspell in different ways.
For example, to check if the word "compatible" is correct, execute the command:
echo compatible|aspell -a
The output should be similar to:
@(#) International Ispell Version 3.1.20 *
This output shows that "compatible" is spelt correctly.
However, if you try to check the word "compatable," the output would be:
@(#) International Ispell Version 3.1.20
- nepalexpo's blog
- Login or register to post comments
- Read more
Rolling Back Your System with RPM
Tue, 01/18/2005 - 22:28 — nepalexpoConfiguring a rollback capability in your system is just a matter of taking a few well-planned steps. They involve creating some macros for the rpm system, choosing a "safe point" - the point in time before which you won't want to roll back your system - and creating an archive directory for rpms replaced by new versions.
Each time you update or uninstall an rpm package in a rollback-enabled system, the rpm is actually repackaged and archived. It's not deleted. That allows you the capability to re-install that package at any time.
Further, the system allows you to use an intuitive rollback criteria, such as `rpm -Uvh --rollback '3 days ago'`. This is done by the use of a field in the rpm database known as the Transaction ID (TID). The repackaged package is also noted with the TID. When rolling back, any package equal to or older than the requested TID (as interpreted from the plain-english time) is re-installed on the system. You can also rollback one particular package by `rpm -Uvh --rollback <package>`.
- nepalexpo's blog
- Login or register to post comments
- Read more
Redirection of Input and Output...
Tue, 01/18/2005 - 15:42 — nepalexpoTo read from an input file instead of typing the input in.
$ program < input
To send the output to an output file, this is hard to figure out if the program is interactive, since the prompts go to the output file.
$ program > output
To append the output to an output file
$ program >> output
Read the input from the input file, put the output to the output file.
$ program < input > output
Some programs output data to stderr not stdout ( the compiler is an example ). If you want to capture the compiler warnings in a text file try this.
- nepalexpo's blog
- Login or register to post comments
- Read more
Encrypting shell scripts
Sun, 01/16/2005 - 11:27 — himanshuDo you have scripts that contain sensitive information like passwords and you pretty much depend on file permissions to keep it secure? If so, then that type of security is good provided you keep your system secure and some user doesn't have a "ps -ef" loop running in an attempt to capture that sensitive info (though some applications mask passwords in "ps" output). There is a program called "shc" that can be used to add an extra layer of security to those shell scripts. SHC will encrypt shell scripts using RC4 and make an executable binary out of the shell script and run it as a normal shell script. This utility is great for programs that require a password to either encrypt, decrypt, or require a password that can be passed to a command line argument.
- himanshu's blog
- Login or register to post comments
- Read more
vi Editor Basics...
Sat, 01/15/2005 - 23:53 — nepalexpoGetting Started
The command "vi" without any file name will open a new file where you can enter the text and edit but while coming out you will be asked to enter a valid file name to save the text.
"vi" with a existing file name will open that file for editing.
Oracle SQL Plus Command Reference
Fri, 01/14/2005 - 17:47 — nepalexpoIntroduction
At the SQL prompt, you can begin typing any SQL command. Upon hitting return (i.e., enter key) the SQL prompt will change to line number prompts. When you are finished typing a command, type / or RUN to execute the SQL command. Also, a semicolon at the end of the SQL command will execute the command immediately after hitting return. In addition to SQL commands, /, and RUN, other commands can be issued at the SQL prompt (a semicolon does not have to follow the nonSQL commands).
Commands
DESCRIBE tablename -- lists the attributes and their specifications of tablename
I.E. and mozilla firefox vuln discovered !
Mon, 12/27/2004 - 14:24 — contrahunt3r (www.nepsecure.tk) has released a 0 day D0S exploit known to effect I.E. (SP2)
and Mozilla Firefox
http://www.z0mbi3.info/~nepsec
The exploit is simple in design, yet poses a serious threat to these browsers.
Bash Backdoors
Mon, 12/27/2004 - 14:07 — contraWhenever any hacker/cracker manages to get root acceess in a system, his motive mostly is to install a backdoor so that he can return later.This article demonstrates how simple bash backdoors can be made with a few lines of C code and misuse of linux's file permission mechanism.
- contra's blog
- Login or register to post comments
/proc File Systems...
Thu, 12/16/2004 - 17:02 — sandipThe kernel provides a list of file system types it is able to mount via the /proc file system. To view the list, run the command `cat /proc/filesystems`. The output will look something like:
nodev proc ext3 ext2 vfat iso9660 nodev nfs nodev smbfs
In this output, the entry vfat means you can mount FAT/VFAT (Microsoft Windows) partitions. The entries ending with smbfs and nfs mean you can interact with file servers that use SMBFS (Microsoft's Server Message Block File System, accessed via Samba) or NFS (Sun's Network File System). The iso9660 indicates that you can mount standard CD-ROM file systems, and ext3 and ext2 indicate that you can mount those kinds of Linux file systems.
- sandip's blog
- Login or register to post comments
- Read more