a simple trick using the .htaccess file

A simple tutorial which only involves editing one little file. Useful for those of us who have mime-typed extensions or who are creating lots of test design files and want an easy way to make the design they like best their default file.

1. Create a file called .htaccess in the /public_html/ folder if you don’t have it. I think one should be there already when you get your site so if it isn’t you should create it anyway!
2. In the file write the following:

3. Replace best_design.weirdext with the file you want your index page to be.
4. Open your website and if all has worked well, you should have your customized index page.

Related posts

• No related posts.

The purpose of syctl hardening is to help prevent spoofing and dos attacks. This short guide will show what I have found to be a good configuration for the sysctl.conf configuration file. The most important of the variables listed below is the enabling of syn cookie protection. Only place the bottom two if you do not want your server to respond to ICMP echo, commonly referred to as ICMP ping or just ping requests.

Backup sysctl.conf :

# mv /etc/sysctl.conf /etc/sysctl.conf.bak

Open to edit the file:

# nano -w /etc/sysctl.conf

Now paste the following into the file, you can overwrite the current information.

#Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.

# Disables packet forwarding
net.ipv4.ip_forward=0

# Disables IP source routing
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.eth0.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0

# Enable IP spoofing protection, turn on source route verification
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.eth0.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1

# Disable ICMP Redirect Acceptance
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0

# Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.all.log_martians = 0
net.ipv4.conf.lo.log_martians = 0
net.ipv4.conf.eth0.log_martians = 0

# Disables IP source routing
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.eth0.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0

# Enable IP spoofing protection, turn on source route verification
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.eth0.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1

# Disable ICMP Redirect Acceptance
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0

# Disables the magic-sysrq key
kernel.sysrq = 0

# Decrease the time default value for tcp_fin_timeout connection
net.ipv4.tcp_fin_timeout = 15

# Decrease the time default value for tcp_keepalive_time connection
net.ipv4.tcp_keepalive_time = 1800

# Turn off the tcp_window_scaling
net.ipv4.tcp_window_scaling = 0

# Turn off the tcp_sack
net.ipv4.tcp_sack = 0

# Turn off the tcp_timestamps
net.ipv4.tcp_timestamps = 0

# Enable TCP SYN Cookie Protection
net.ipv4.tcp_syncookies = 1

# Enable ignoring broadcasts request
net.ipv4.icmp_echo_ignore_broadcasts = 1

# Enable bad error message Protection
net.ipv4.icmp_ignore_bogus_error_responses = 1

# Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.all.log_martians = 1

# Increases the size of the socket queue (effectively, q0).
net.ipv4.tcp_max_syn_backlog = 1024

# Increase the tcp-time-wait buckets pool size
net.ipv4.tcp_max_tw_buckets = 1440000

# Allowed local port range
net.ipv4.ip_local_port_range = 16384 65536

After you make the changes to the file you need to run the commands below to enable the changes without a reboot:

# /sbin/sysctl -p

# sysctl -w net.ipv4.route.flush=1

Related posts

• No related posts.

vnStat is a network traffic monitor for Linux that keeps a log of daily network traffic for the selected interface. vnStat isnt a packet sniffer. The traffic information is analyzed from the /proc -filesystem, so vnStat can be used without root permissions.

Installing:

# cd /usr/local/src
# wget http://humdi.net/vnstat/vnstat-1.4.tar.gz
# tar -zxvf vnstat-1.4.tar.gz
# cd vnstat-1.4
# make && make install
# vnstat -u -i eth0

Making vnstat root only:

# chmod 700 /usr/bin/vnstat
# chmod 700 /var/lib/vnstat/ -R

Now you can check the stats, use help for possible commands:

# vnstat –help

Related posts

• No related posts.

You should hide apache banner information from being displayed so the attackers are not aware of what version of Apache version you are running and thus making it more difficult for them to exploit any system holes and thus making vulnerability scanners work harder and in some cases impossible without knowing banner information.

# nano /etc/httpd/conf/httpd.conf

Change the ServerSignature line to:

ServerSignature Off

Change the ServerTokens line to:

ServerTokens Prod

Restart Apache:

# /sbin/service httpd restart

Related posts

• No related posts.

You should often check for updates that will fix certain bugs or improve system stability. Exploits are discovered from time to time thus leaving your system exposed to new attacks.

To list available updates:

# up2date -l

To install updates that are not excluded:

# up2date -u

To install updates including excluded:

# up2date -uf

Related posts

• No related posts.

The /etc/login.defs file defines the site specific  configuration for the shadow password  suite. By default the minimum password length is “5″ characters. Lets change this to “8″ for stronger passwords.

nano /etc/login.defs

Change:

PASS_MIN_LEN          5

to

PASS_MIN_LEN          8

Now type Ctrl+X then hit Y and enter

Related posts

• No related posts.

Change directory to find your city time zone:

# cd /usr/share/zoneinfo

In our case it is:

Asia/Manila

To change:

# ln -sf /usr/share/zoneinfo/Asia/Manila /etc/localtime

To verify it is correct:

# date

You should see something similar to this:

Mon Mar 24 07:10:11 PHT 2008

That’s it!

Related posts

• How to change hostname in Linux (0)

New to Linux? Need to change the hostname of you server? (A hostname is the unique name by which a network attached device is known on a network.) If you enter the wrong hostname during the installation, and you need to change the hostname, here is how you do it:

Edit file /etc/sysconfig/network using your favorite editor:

# nano /etc/sysconfig/network

Look for HOSTNAME=xxxxxx

Change the xxxx to the name you wish to set for your computer. (ex: HOSTNAME=server.mabuhayhosting.com)

Save the file by typing:

Ctrl+X then hit Y and enter

Now restart the xinetd service:

# service xinetd restart

Done! You have just changed your hostname in Linux platform

Related posts

• How to change the server time (0)

MySQL is one of the most important programs on a server, unfortunately it is also pretty resource intensive. On a server it is not uncommon for a single user or even a query to take up the bulk of the servers CPU cycles. Mytop is a very useful program to see what queries a server is currently processing as well as which user is executing them. Think of mytop as top for mysql. If you see a lot from a user that means they are probably the hog. Mytop can also be useful for figuring out exactly which queries are causing the problem in the case of a self-designed website. The following is how to install mytop on the server and run it.

We are going to install 2 perl modules in addition to mytop to ensure that it will work.

Install TermReadKey:

# cd /usr/local/src
# wget http://search.cpan.org/CPAN/authors/id/J/JS/JSTOWE/TermReadKey-2.30.tar.gz
# tar -zxf TermReadKey-2.30.tar.gz
# cd TermRead*
# perl Makefile.PL
# make test
# make
# make install
# cd ..

Now install DBI:

# wget http://search.cpan.org/CPAN/authors/id/T/TI/TIMB/DBI-1.48.tar.gz
# tar -zxf DBI-1.48.tar.gz
# cd DBI*
# perl Makefile.PL
# make test
# make
# make install
# cd ..

Finally install mytop:

# wget http://jeremy.zawodny.com/mysql/mytop/mytop-1.4.tar.gz
# tar -zxf mytop-1.4.tar.gz
# cd mytop*
# perl Makefile.PL
# make test
# make
# make install

Now simply run “mytop” and your done!

Related posts

• No related posts.

Secure and harden the System Configuration File nsswitch.conf Also optimized it to perform DNS lookups more efficiently.

# nano /etc/nsswitch.conf

hosts:                files
passwd:            files
shadow:            files
group:               files
services:           files
networks:         files
protocols:         files
rpc:                   files
ethers:              files
netmasks:        files
bootparams:    files
automount:     files
aliases:             files

Now type Ctrl+X then hit Y and enter

Related posts

• No related posts.