DenyHost

OS：CentOS 5.5
Requirements：
python2.4
DenyHosts-2.5

1. 下載DenyHosts binary distribution
wget  http://sourceforge.net/projects/denyhosts/files/denyhosts/2.5/DenyHosts-2.5-python2.4.noarch.rpm/download

2. 安裝RPM
rpm  -ivh  DenyHosts-2.5-python2.4.noarch.rpm

3. 配置DenyHosts組態設定
cd  /usr/share/denyhosts/
cp  denyhosts.cfg-dist  denyhosts.cfg
vi  denyhosts.cfg
#SECURE_LOG=/private/var/log/system.log
...
BLOCK_SERVICE = ALL  (封阻異常來源存取任何服務)
#BLOCK_SERVICE  = sshd
...
ADMIN_EMAIL = webmaster@test.com  (自訂管理者信箱)
SMTP_HOST = mail.test.com  (自訂mail server)
SMTP_PORT = 25
SMTP_USERNAME=testuser  (mail server驗證用帳號)
SMTP_PASSWORD=testpw  (mail server驗證帳號用密碼)

4. 修改DenyHosts Scripts檔案內容
cp  daemon-control-dist  daemon-control
vi  daemon-control
DENYHOSTS_BIN   = "/usr/bin/denyhosts.py"
DENYHOSTS_LOCK  = "/var/lock/subsys/denyhosts"
DENYHOSTS_CFG   = "/usr/share/denyhosts/denyhosts.cfg"
chown  root  /usr/share/denyhosts/daemon-control
chmod  700  /usr/share/denyhosts/daemon-control
/usr/share/denyhosts/daemon-control  start

5. 設定開機自動啟動
cd  /etc/init.d/
ln  -s  /usr/share/denyhosts/daemon-control  denyhosts
chkconfig  --add  denyhosts
chkconfig  denyhosts  on
/etc/init.d/denyhosts  restart

參考文章：
http://denyhosts.sourceforge.net/
http://blog.csdn.net/qiudakun/archive/2010/11/26/6036852.aspx
http://linux-guys.blogspot.com/2011/01/denyhosts.html

入侵防禦系統(IPS) - Guardian

OS：CentOS 5.5
Requirements：
Snort
Guardian

承接入侵偵測系統(IDS) - Snort一文
1. 下載Guardian
wget  http://www.chaotic.org/guardian/guardian-1.7.tar.gz

2. 接壓縮Guardian
tar  -zxvf  guardian-1.7.tar.gz

3. 配置Guardian環境
cd  guardian-1.7
cp  scripts/guardian_block.sh  /usr/local/bin/guardian_block.sh
cp  scripts/guardian_unblock.sh  /usr/local/bin/guardian_unblock.sh
cp  guardian.conf  /etc/
cp  guardian.pl  /usr/local/bin/
vi  /etc/guardian.conf
AlertFile       /var/log/snort/alert
touch  /var/log/guardian.log

4. 啟動服務
/usr/local/bin/guardian.pl  -c  /etc/guardian.conf

5. 設定開機啟動
vi /etc/rc.local
/usr/local/bin/guardian.pl  -c  /etc/guardian.conf

參考文章：
http://www.chaotic.org/guardian/

入侵偵測系統(IDS) - Snort

OS：CentOS 5.5
Requirements：

libpcap = 1.0.0

gcc  gcc-c++  pcre-devel

flex  daq  libdnet

mysql  mysql-server  mysql-devel

Interfaces：

WAN Interface
IP：192.168.173.105/24
GW：192.168.173.1
LAN Interface
IP：192.168.211.1/24
GW：192.168.173.105

1. 安裝相依套件
yum  install  pcre-devel  gcc  gcc-c++  flex
yum  install  mysql-devel  mysql  mysql-server

2. 設置資料庫管理者帳號
/etc/init.d/mysqld  restart
chkconfig  mysqld  on
mysqladmin  -u  root  password  '管理者密碼'

3. 下載libdnet
tar  -zxvf  libdnet-1.12.tgz
cd  libdnet-1.12
./configure
make
make  install

4. 更新libpcap
yum  erace  libpcap
tar  -zxvf  libpcap-1.1.1.tar.gz
cd  libpcap-1.0.0
./configure
make
make  install

5. 下載DAQ
tar  -zxvf  daq-0.5.tar.gz
cd  daq-0.5
./configure
make
make  install

6. 下載Snort以及Snort Rules
下載snort rules需註冊為snort會員才可下載
tar  -zxvf  snort-2.9.0.5.tar.gz
cd  snort-2.9.0.5
./configure  --with-mysql  --enable-dynamicplugin  --enable-ipv6  --enable-gre  --enable-mpls  --enable-targetbased  --enable-decoder-preprocessor-rules  --enable-ppm  --enable-perfprofiling  --enable-zlib  --enable-active-response  --enable-normalizer  --enable-reload  --enable-react  --enable-flexresp3
make
make  install

7. 配置Snort
groupadd  snort
useradd  -g  snort  snort  -s  /sbin/nologin
mkdir  /etc/snort
cp  -r  etc/*  /etc/snort
mkdir  /var/log/snort
vi  /etc/snort/snort.conf

# Setup the network addresses you are protecting

ipvar HOME_NET 192.168.211.0/24 (定義受保護的網段)

# Set up the external network addresses. Leave as "any" in most situations

ipvar EXTERNAL_NET !192.168.211.0/24 (定義監控的網段)

8. 配置Snort Rules
tar  -zxvf  snortrules-snapshot-2904.tar.gz  -C  /etc/snort/
ln  -s  /etc/snort/so_rules/precompiled/Centos-5-4/i386/2.9.0.4  /usr/local/lib/snort_dynamicrules
vi  /etc/snort/snort.conf
# Path to your rules files (this can be a relative path)
# Note for Windows users:  You are advised to make this an absolute path,
# such as:  c:\snort\rules
var RULE_PATH /etc/snort/rules
var SO_RULE_PATH /etc/snort/so_rules
var PREPROC_RULE_PATH /etc/snort/preproc_rules

9. 測試Configuration是否配置無誤
snort  -T  -c  /etc/snort/snort.conf

10. 將Snort偵測到的事件存入資料庫
vi  /etc/snort/snort.conf
# database
output database: log, mysql, user=snort password=自訂使用者密碼 dbname=snortdb host=localhost
mysql  -u  root  -p
mysql> create  database  snortdb；
mysql> use  snortdb
mysql> grant  all  on  snortdb.*  to  snort@localhost  identified  by  '自訂使用者密碼'；
mysql> flush  privileges；
mysql> quit
cd  snort-2.9.0.5/schemas
mysql  -u  root  -p  snortdb  <  create_mysql

11. 測試Snort加入資料庫是否正常
snort  -T  -c  /etc/snort/snort.conf

12. 以Deamon方式啟動Snort
/usr/local/bin/snort  -d  -A  full  -i  eth0  -c  /etc/snort/snort.conf  -l  /var/log/snort  -D
-d     Data
-A     Alert
-i      Interface
-c     Configuration
-l      Log file
-D    Deamon

13. 設定開機啟動
vi  /etc/rc.local
snort  -d  -A  full  -i  eth0  -c  /etc/snort/snort.conf  -l  /var/log/snort  -D

參考文章：
http://www.snort.org/
http://zh.wikipedia.org/wiki/Snort
https://forums.snort.org/forums/snort-newbies/topics/daq_static-library-not-found
http://forum.icst.org.tw/phpbb/viewtopic.php?f=11&t=19216

phppgadmin

OS：CentOS 5.5
Requirements：
postgresql  postgresql-devel  postgresql-server
apache
php  php-devel  php-pgsql
phppgadmin

1. 安裝相依套件
yum  install  postgresql  postgresql-devel  postgresql-server
yum  install  httpd  php  php-devel  php-pgsql

2. 建立Postgresql的管理者帳號密碼
/etc/init.d/postgresql  restart
chkconfig  postgresql  on
vi  /var/lib/pgsql/data/postgresql.conf
   listen_addresses = 'localhost'
su  -  postgres
-bash-3.2$ createuser  pgadmin (使用者帳號可自訂)
Shall the new role be a superuser? (y/n) y
-bash-3.2$ psql  template1
template1=# alter  role  pgadmin  with  password  'pgpass'； (密碼請自訂)
template1=# psql  \q
-bash-3.2$ exit
vi  /var/lib/pgsql/data/pg_hba.conf
# IPv4 local connections:
host    all         all         127.0.0.1/32          md5
/etc/init.d/postgresql  restart

3. 配置Phppgadmin
wget  http://downloads.sourceforge.net/phppgadmin/phpPgAdmin-5.0.2.tar.gz?download
tar  -zxvf  phpPgAdmin-5.0.2.tar.gz
mv  phpPgAdmin-5.0.2  /var/www/html/phppgadmin
vi  /var/www/html/phppgadmin/conf/config.inc.php
   $conf['servers'][0]['host'] = 'localhost'；

4. 啟動Apache
/etc/init.d/httpd  restart

chkconfig  httpd  on

5. 完成，測試

http://your server IP/phppgadmin/

登入帳號：pgadmin
登入密碼：pgpass

參考文章：
http://phppgadmin.sourceforge.net/doku.php
http://icercat.pixnet.net/blog/post/25514294

流量分析 - BandwidthD

OS：CentOS 5.5
Requirement：
Apache
libpcap  libpcap-devel
libpng  libpng-devel
gd  gd-devel
bandwidthd

1. 安裝相依套件
yum  install  httpd
/etc/init.d/httpd  restart
chkconfig  httpd  on
yum  install  libpcap  libpcap-devel  libpng  libpng-devel  gd  gd-devel

2. 下載安裝BandwidthD
wget   http://sourceforge.net/projects/bandwidthd/files/bandwidthd/bandwidthd%202.0.1/bandwidthd-2.0.1.tgz/download
tar  -zxvf  bandwidthd-2.0.1.tgz
cd  bandwidthd-2.0.1
./configure
make
make  install

3. 配置BandwidthD監控哪一網段(or 介面)
vi  /usr/local/bandwidthd/etc/bandwidthd.conf
   subnet 192.168.44.0/24

4. 啟動BandwidthD deamon
/usr/local/bandwidthd/bandwidthd

5. 建置BandwidthD網站目錄
cd  /var/www/html
ln  -s  /usr/local/bandwidthd/htdocs/  bandwidthd

6. 完成，測試
http://your server IP/bandwidthd

參考文章：
http://bandwidthd.sourceforge.net/
http://blog.yam.com/wishdeen/article/27213731
http://kkbruce.blogspot.com/2008/08/bandwidthdip.html

Bacula - 遠端主機備份

Linux Client
OS：CentOS 5.3

1. 安裝編譯用套件
yum  install  gcc  gcc-c++

2. 下載原始碼編譯安裝
wget  https://sourceforge.net/projects/bacula/files/bacula/5.0.3/bacula-5.0.3.tar.gz/download
tar  -zxvf  bacula-5.0.3.tar.gz
cd  bacula-5.0.3
CFLAGS="-g -O2 -Wall" \
   ./configure \
   --enable-client-only \
   --sbindir=/usr/local/bacula/bin \
   --sysconfdir=/usr/local/bacula/bin \
   --with-pid-dir=/usr/local/bacula/bin/working \
   --with-subsys-dir=/usr/local/bacula/bin/working \
   --enable-smartalloc \
   --with-working-dir=/usr/local/bacula/bin/working \
   --with-dump-email=your@address.com \
   --with-job-email=your@address.com \
   --with-smtp-host=localhost
make
make install

3. 修改Client的Bacula File Confiugration
cd  /usr/local/bacula/bin
vi  bacula-fd.conf
# List Directors who are permitted to contact this File daemon
Director {
  Name = bacula-dir (對應bacula director name)
  Password = linuxtest (自訂密碼)
}

4. 啟用bacula file deamon
/usr/local/bacula/bin/bacula-fd

Bacula  Server
1. 使用Webmin建立遠端Bacula Client
https://Bacula server IP:10000
1-1 建立Bacula File Client
Director Configuration -> Backup Clients -> Add a new backup client
Bacula FD password需和Client端輸入的要相同

1-2 測試Client是否驗證成功
Backup and Restore Actions -> Client Status

Windows Client
1. 下載安裝Bacula程式
Installation Type選擇Automatic

輸入相關參數
DIR Name：bacula director name
DIR Password：自訂密碼
DIR Address：bacula director IP

2. 驗證Windows Bacula File configuration
開始 -> 所有程式集 -> Bacula -> Configuration -> Edit Client Configuration
# List Directors who are permitted to contact this File daemon
Director {
  Name = bacula-dir (對應bacula director name)
  Password = "windowstest" (自訂密碼)
}

3. 啟動bacula file deamon
開始 -> 所有程式集 -> Bacula -> Start File Service

Bacula Server
1. 使用Webmin建立遠端Bacula Client
https://Bacula server IP:10000
1-1 建立Bacula File Client
Director Configuration -> Backup Clients -> Add a new backup client

1-2 測試Client是否驗證成功
Backup and Restore Actions -> Client Status

Bacula - 圖形介面操作(二)

使用Webacula操作備份還原

OS：Fedora13
Requirement：
Bacula
MySQL
php-ZendFramework  php-ZendFramework-Feed  php-gd  php-xml
Apache
webacula

承接模組化的備份機制 - bacula一文
1. 建立Webacula使用之資料庫
mysql  -u  root  -p
mysql> create  database  webacula；
mysql> grant  all  on  webacula.*  to  wbuser@localhost  identified  by  'wbpass'；
mysql> flush  privileges；
mysql> quit


2. 安裝相依套件
yum  install  httpd  php-ZendFramework  php-ZendFramework-Feed  php-gd  php-xml
yum  install  webacula


3. 配置Webacula執行參數
usermod  -aG  bacula  apache
vi  /etc/webacula/config.ini
 db.adapter = PDO_MYSQL
 db.config.host = localhost
 db.config.username = bacula資料庫擁有者的帳號
 db.config.password = bacula資料庫擁有者的密碼
 db.config.dbname = bacula使用之資料庫
 ...
 def.timezone = "Asia/Taipei"
 ...
 bacula.sudo = "/usr/bin/sudo"
 bacula.bconsole = "/usr/sbin/bconsole"
 bacula.bconsolecmd = "-n -c /etc/bacula/bconsole.conf"
 ...
 db.adapter = PDO_MYSQL
 db.config.host = localhost
 db.config.username = webacula資料庫擁有者的帳號
 db.config.password = "webacula資料庫擁有者的密碼"
 db.config.dbname = webacula使用之資料庫

4. 修改bconsole背景執行權限
visudo
#Defaults    requiretty
apache ALL=NOPASSWD: /usr/sbin/bconsole


5. 修改PHP參數
vi  /etc/php.ini
  memory_limit = 128M
  max_execution_time = 600
/etc/init.d/httpd  restart

6. 建立Webacula資料庫基本內容
cd  /usr/share/webacula/install
./webacula_mysql_make_tables.sh  mysql  -u  root  -p

7. 配置Webacula網站存取權限
vi  /etc/httpd/conf.d/webacula.conf
   Deny from all
   Allow from 192.168.1.0/24
   Allow from localhost
   Allow from ::1
   ...
   AuthType Basic
   AuthName "Webacula"
   AuthUserFile       /etc/httpd/conf/webacula.users
   Require valid-user
/etc/init.d/httpd  restart
htpasswd  -c  /etc/httpd/conf/webacula.users  user

8. 完成，測試
http://your webacula host IP/webacula

參考文章：
http://webacula.sourceforge.net/