download rpm packages from yum
yum install yum-downloadonly
(you should have the packages uninstalled for yum to get the packages)
yum install <package> -y –downloadonly"
cd /usr/local/lib
mkdir zbil
mv libz.a libz.so libz.so.1libz.so.1.2.8 zbil/
ls
ldconfig
rpm -qa gpg-pubkey* | xargs rpm -qi
http://unix.stackexchange.com/questions/28479/when-importing-a-key-during-a-yum-installation-where-is-that-key-stored?rq=1
http://www.centos.org/docs/4/html/rhel-sbs-en-4/ch-gnupg.html
http://www.bashguru.com/2011/10/how-to-remove-rpm-gpg-public-key.html
rpm -qa gpg-pubkey*
find / -name "*GPG*"
https://www.centos.org/modules/newbb/viewtopic.php?topic_id=32332
http://www.ngdcorp.com/blog/solutions/centos-4-end-of-life
http://www.webhostingtalk.com/showthread.php?t=719665
http://www.electrictoolbox.com/public-key-not-installed-dag-rpm/
http://www.electrictoolbox.com/install-yum-with-rpm-on-centos/
http://serverfault.com/questions/288648/disable-the-public-key-check-for-rpm-installation
http://www.sysadminshare.com/2012/08/public-key-for-rpm-is-not-installed-how.html
http://www.linuxquestions.org/questions/fedora-35/public-key-not-installed-468615/
http://www.ngdcorp.com/blog/solutions/centos-4-end-of-life
http://vault.centos.org/4.9/os/i386/repodata/
http://dag.wieers.com/rpm/FAQ.php#B2
==============================================================
http://www.webhostingtalk.com/showthread.php?t=719665
==============================================================
rpm --import RPM-GPG-KEY-centos4
rpm --import http://yum.theplanet.com/RPM-GPG-KEY-centos4
rpm -qa gpg-pubkey*
gpg-pubkey-443e1821-421f218f
yum clean all
Cleaning up Everything
0 headers removed
0 packages removed
0 metadata files removed
0 cache files removed
0 cache files removed
yum update systemtap-0.6.2-2.el4_8.3.i386.rpm systemtap-runtime-0.6.2-2.el4_8.3.i386.rpm
Setting up Update Process
Setting up repositories
update 100% |=========================| 951 B 00:00
base 100% |=========================| 1.1 kB 00:00
addons 100% |=========================| 951 B 00:00
extras 100% |=========================| 1.1 kB 00:00
Reading repository metadata in from local files
primary.xml.gz 100% |=========================| 864 kB 00:06
update : ################################################## 1935/1935
primary.xml.gz 100% |=========================| 611 kB 00:03
base : ################################################## 1599/1599
primary.xml.gz 100% |=========================| 190 B 00:00
primary.xml.gz 100% |=========================| 41 kB 00:00
extras : ################################################## 149/149
Examining systemtap-0.6.2-2.el4_8.3.i386.rpm: systemtap - 0.6.2-2.el4_8.3.i386
Examining systemtap-runtime-0.6.2-2.el4_8.3.i386.rpm: systemtap-runtime - 0.6.2-2.el4_8.3.i386
Marking systemtap-0.6.2-2.el4_8.3.i386.rpm as an update to systemtap - 0.6.2-2.el4_7.i386
Marking systemtap-runtime-0.6.2-2.el4_8.3.i386.rpm as an update to systemtap-runtime - 0.6.2-2.el4_7.i386
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Package systemtap-runtime.i386 0:0.6.2-2.el4_8.3 set to be updated
---> Package systemtap.i386 0:0.6.2-2.el4_8.3 set to be updated
--> Running transaction check
Dependencies Resolved
=============================================================================
Package Arch Version Repository Size
=============================================================================
Updating:
systemtap i386 0.6.2-2.el4_8.3 systemtap-0.6.2-2.el4_8.3.i386.rpm 2.7 M
systemtap-runtime i386 0.6.2-2.el4_8.3 systemtap-runtime-0.6.2-2.el4_8.3.i386.rpm 95 k
Transaction Summary
=============================================================================
Install 0 Package(s)
Update 2 Package(s)
Remove 0 Package(s)
Total download size: 2.7 M
Is this ok [y/N]: y
Downloading Packages:
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Updating : systemtap-runtime ######################### [1/4]
Updating : systemtap ######################### [2/4]
Cleanup : systemtap-runtime ######################### [3/4]
Cleanup : systemtap ######################### [4/4]
Updated: systemtap.i386 0:0.6.2-2.el4_8.3 systemtap-runtime.i386 0:0.6.2-2.el4_8.3
Complete!
[root@gems2 cache]# vi /etc/yum.conf
[main]
cachedir=/var/cache/yum
debuglevel=2
logfile=/var/log/yum.log
pkgpolicy=newest
installonlypkgs=kernel kernel-smp kernel-devel kernel-smp-devel kernel-largesmp kernel-largesmp-devel kernel-hugemem kernel-hugemem-devel
distroverpkg=centos-release
tolerant=1
exactarch=1
retries=20
obsoletes=1
gpgcheck=0
plugins=1
# PUT YOUR REPOS HERE OR IN separate files named file.repo
# in /etc/yum.repos.d
vi /etc/yum.repos.d/CentOS-Base.repo
# CentOS-Base.repo
#
# CentOS-4 is past End of Life ... use at your own risk
#
[base]
name=CentOS-$releasever - Base
baseurl=http://vault.centos.org/4.9/os/$basearch/
gpgcheck=1
gpgkey=http://vault.centos.org/RPM-GPG-KEY-centos4
protect=1
priority=1
#released updates
[update]
name=CentOS-$releasever - Updates
baseurl=http://vault.centos.org/4.9/updates/$basearch/
gpgcheck=1
gpgkey=http://vault.centos.org/RPM-GPG-KEY-centos4
protect=1
priority=1
#packages used/produced in the build but not released
[addons]
name=CentOS-$releasever - Addons
baseurl=http://vault.centos.org/4.9/addons/$basearch/
gpgcheck=1
gpgkey=http://vault.centos.org/RPM-GPG-KEY-centos4
protect=1
priority=1
#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
baseurl=http://vault.centos.org/4.9/extras/$basearch/
gpgcheck=1
gpgkey=http://vault.centos.org/RPM-GPG-KEY-centos4
protect=1
priority=1
#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
baseurl=http://vault.centos.org/4.9/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://vault.centos.org/RPM-GPG-KEY-centos4
protect=1
priority=2
#contrib - packages by Centos Users
[contrib]
name=CentOS-$releasever - Contrib
baseurl=http://vault.centos.org/4.9/contrib/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://vault.centos.org/RPM-GPG-KEY-centos4
protect=1
priority=2
vi /etc/yum.repos.d/CentOS-Media.repo
# CentOS-Media.repo
#
# This repo is used to mount the default locations for a CDROM / DVD on
# CentOS-4. You can use this repo and yum to install items directly off the
# DVD ISO that we release.
#
# To use this repo, put in your DVD and use it with the other repos too:
# yum --enablerepo=c4-media [command]
#
# or for ONLY the media repo, do this:
#
# yum --disablerepo=\* --enablerepo=c4-media [command]
[c4-media]
name=CentOS-$releasever - Media
baseurl=file:///media/cdrom/
file:///media/cdrecorder/
gpgcheck=1
enabled=0
gpgkey=file:///usr/share/doc/centos-release-4/RPM-GPG-KEY-centos4
Monday, January 27, 2014
grant on mysql
remove the existing user with * privileges
delete from mysql.user where user = "username";
GRANT SELECT, INSERT, UPDATE, DELETE ON dbname.* TO "username"@"127.0.0.1" IDENTIFIED BY "userpassword";
check if your system uses commands other than select, insert, update and delete. if it does, you need to add it in the GRANT command.
to review:
SHOW GRANTS FOR “username”@”127.0.0.1”;
src:
http://dev.mysql.com/doc/mysql-security-excerpt/5.0/en/grant-table-structure.html
http://dev.mysql.com/tech-resources/articles/mysql_intro.html#SECTION0006100000
delete from mysql.user where user = "username";
GRANT SELECT, INSERT, UPDATE, DELETE ON dbname.* TO "username"@"127.0.0.1" IDENTIFIED BY "userpassword";
check if your system uses commands other than select, insert, update and delete. if it does, you need to add it in the GRANT command.
to review:
SHOW GRANTS FOR “username”@”127.0.0.1”;
src:
http://dev.mysql.com/doc/mysql-security-excerpt/5.0/en/grant-table-structure.html
http://dev.mysql.com/tech-resources/articles/mysql_intro.html#SECTION0006100000
Thursday, January 23, 2014
linux basic hardening
here are primary steps to secure your linux box:
1. dont allow root in sshd, set protocol and max tries
in /etc/ssh/sshd_config, set
Protocol 2
PermitRootLogin no
MaxAuthTries 3
/etc/init.d/sshd restart
2. remove remote root login
in /etc/securetty, remove all entries except for "console"
3. set idle timeout
in /etc/profile, add
TMOUT=7200
4. set password policy
in /etc/login.defs, set
PASS_MAX_DAYS 30
PASS_MIN_LEN 8
5. remove http mod_rewrite
in /usr/local/apache2/conf/httpd.conf, set
RewriteEngine Off
6. display http 413 error message
in /usr/local/apache2/conf/httpd.conf, uncomment
ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
/etc/init.d/httpd restart
1. dont allow root in sshd, set protocol and max tries
in /etc/ssh/sshd_config, set
Protocol 2
PermitRootLogin no
MaxAuthTries 3
/etc/init.d/sshd restart
2. remove remote root login
in /etc/securetty, remove all entries except for "console"
3. set idle timeout
in /etc/profile, add
TMOUT=7200
4. set password policy
in /etc/login.defs, set
PASS_MAX_DAYS 30
PASS_MIN_LEN 8
5. remove http mod_rewrite
in /usr/local/apache2/conf/httpd.conf, set
RewriteEngine Off
6. display http 413 error message
in /usr/local/apache2/conf/httpd.conf, uncomment
ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
/etc/init.d/httpd restart
bluedragon
in linux
dl mysql-connector-java-3.0.17-ga.tar.gz
unzip mysql-connector-java
copy mysql-connector-java.jar to bluedragon_path/lib/mysql.jar
restart bluedragon
create datasources
vi /etc/init.d/BlueDragon_Server and add the ff lines:
# chkconfig: 345 85 20
# processname: bluedragon
# description: bluedragon
write save. then from command add to chkconfig
> chkconfig --add BlueDragon_Server
to verify
> chkconfig --list BlueDragon_Server
in windows
install mysql odbc 3.51 driver
add system dsn
refresh bluedragon datasources
dl mysql-connector-java-3.0.17-ga.tar.gz
unzip mysql-connector-java
copy mysql-connector-java.jar to bluedragon_path/lib/mysql.jar
restart bluedragon
create datasources
vi /etc/init.d/BlueDragon_Server and add the ff lines:
# chkconfig: 345 85 20
# processname: bluedragon
# description: bluedragon
write save. then from command add to chkconfig
> chkconfig --add BlueDragon_Server
to verify
> chkconfig --list BlueDragon_Server
in windows
install mysql odbc 3.51 driver
add system dsn
refresh bluedragon datasources
Subscribe to:
Comments (Atom)