Working with ClamaAV on Fedora 25, Redhat 7 and CentOS 7

Greetings,

I'll show you how to install and scan your system using ClamAV.

ClamAV installation is pretty simple.

In Fedora 25, Redhat 7, CentOS 7

# dnf install clamav clamav-update

Before we proceed any furture we would need to check or edit freshclam (to update virus definition)

# vim /etc/freshclam.conf

Please comment "Example" (You will see it at the start)

Then uncomment following lines

DNSDatabaseInfo current.cvd.clamav.net
DatabaseMirror db.XY.clamav.net (change XY to your country for example: gb, us, de, in, ch etc)
DatabaseMirror database.clamav.net

Once that’s done, we will update virus definition

# freshclam

Now, time to scan the system

# clamscan [option] [file/directory]

# clamscan -r /home (r = recursive)

# clamscan -ivr /home (i = infected, v = verbose)

# clamscan --bell –ivr /home (--bell = It will sound bell if it discovers virus)

# clamscan --remove=yes –ivr /home (remove=yes = it means it will remove virus upon detection)

# clamscan -ivr --phishing-sigs=yes --heuristic-scan-precedence=yes /home (it can perform phishing and heuristic scan)

 If you think that’s complicated then install GUI version called ClamTK

 # dnf install clamtk

Please read more about clamscan

# man clamscan
# clamscan --help

Howto M/Monit in Ubuntu

Monit is a free open source utility for managing and monitoring, processes, programs, files, directories and filesystems on a UNIX system. Monit conducts automatic maintenance and repair and can execute meaningful causal actions in error situations.

So basically, it is a Network Monitoring System (NMS) which monitors, logs servers and its process. Lets roll with the installation and configuration but remember we need to have Apache server already installed.

# apt-get install monit

It will install in a flash, no sweat.

The main config file of monit is located in "/etc/monit" called monitrc.

Here, we need to fix few things and monit is up and running, its way faster than compared to Nagios (whose installation is most tedious)

# vim /etc/monit/monitrc

Just uncomment those lines seen in the image below

So speaking we will uncomment:-

set httpd port 2812use address localhostallow localhostallow admin:monitallow @monitallow @users readonly

Let's start monit

# /etc/init.d/monit start

then open up your browser and login using username and password admin and monit respectively.

This is how it looks at the start, we have installed monit successfully and its working perfectly.

Now, lets try and monitor Apache and SSH server.

# vim /etc/monit/monitrc

Append following lines

Now, restart the monit

# /etc/init.d/monit restart

Lets check the browser we should get following results

Hopefully, we can do more and you can test it by disabling Apache or SSH Server

Cheers

Monitor and auto-start Linux Services with a auto-mon Script

Greetings,

I have written a small and very basic script to keep our Linux services up and running. The script is very easy and customisable according to your requirements.

Currently, I have customised it according to my requirement but you can customise it as well.

The script will basically check for services running, that’s what you have defined and once you put your job in cron it will check and if the services are down then it will automatically start the services. I have added log as well so that it will log the time and date of which services was started.

I have added in github just incase you want to help me modify it in future https://github.com/metalaarif/auto-mon

1. Once you run the script it will create a log file in /var/log/ as auto-mon.log
2. Create a cron job and set it as */3 * * * * root /path of the file/auto-mon.sh > /dev/null 2>&1
3. Great that’s it, here’s the script.

#/bin/bash
# Written by metal
root_id=0
log=”/var/log/auto-mon.log”
date=`date`
num_service=`lsof -nPi | grep “LISTEN” | awk ‘{print $9}’ | cut -d: -f2 | sort -u | wc -l` # This is to search for number of running services
pgrep=”/usr/bin/pgrep” # pgrep will be used to search for PID
service=”/sbin/service” # This is to run system V init script
apache_start=”$service httpd start” # Apache or HTTPD will start, in debian and ubuntu user apache2 instead of httpd
mysql_start=”$service mysqld start” # mysql will start
ssh_start=”$service sshd start” # ssh will start
varnish_start=”$service varnish start” # varnish server will start
nrpe_start=”$service nrpe start” # nrpe service will start
munin_node_start=”$service munin-node start” # munin node will start
memcached_start=”$service memcached start” # memcachsed will start
tomcat_start=”$service tomcat start” # apache tomcat server will start
postfix_start=”$service postfix start” # it will start postfix server
if [ $UID != $root_id ]; then
echo “You need to be root in order to run this script.”
exit
fi
/bin/touch $log
echo “#################################################################”
echo Currently, it seems like $num_service services are running.
echo “#################################################################”
$pgrep httpd > /dev/null
if [ $? == 0 ]; then
echo “Congrats! Apache Server is Running”
else
echo “Apache Server is down”
$apache_start
logger -s “[$date] Apache Server was Started..” 2>> $log
fi
$pgrep mysqld > /dev/null
if [ $? == 0 ]; then
echo “Congrats! MySQL Server is Running”
else
echo It looks liks mysql down
$mysql_start
logger -s “[$date] MySQL Server was Started..” 2>> $log
fi
$pgrep sshd > /dev/null
if [ $? == 0 ]; then
echo “Congrats! SSH Server is Running”
else
echo It looks liks ssh down
$ssh_start
logger -s “[$date] SSH Server was Started..” 2>> $log
fi
$pgrep varnishd > /dev/null
if [ $? == 0 ]; then
echo “Congrats! Varnish Server is Running and it has 2 services”
else
echo “varnish server is down”
$varnish_start
logger -s “[$date] Varnish Server was Started..” 2>> $log
fi
$pgrep nrpe > /dev/null
if [ $? == 0 ]; then
echo “Congrats! NRPE Service is Running”
else
echo NRPE is down
$nrpe_start
logger -s “[$date] NRPE Service was Started..” 2>> $log
fi
$pgrep munin-node > /dev/null
if [ $? == 0 ]; then
echo “Congrats! Munin-Node is running”
else
echo munin-node is down
$munin_node_start
logger -s “[$date] Munin-Node was Started..” 2>> $log
fi
$pgrep memcached > /dev/null
if [ $? == 0 ]; then
echo “Congrats! Memcached Server is Running”
else
echo memcached server is down
$memcached_start
logger -s “[$date] Memcached Server was Started..” 2>> $log
fi
$pgrep java > /dev/null # it is infact tomcat but it requires java to work
if [ $? == 0 ]; then
echo “Congrats! Tomcat Server is Running and it has 3 services”
else
echo Tomcat server is down
$tomcat_start
logger -s “[$date] Tomcat Server was Started” 2>> $log
fi
$pgrep master > /dev/null # Postfix server is known as master
if [ $? == 0 ]; then
echo “Congrats! Postfix (SMTP) Server is Running”
else
echo “Postfix Server is down”
$postfix_start
logger -s “[$date] Postfix Server was Started..” 2>> $log
fi

Set NTP Server and sync other servers

Greetings, 

This configuration should work with almost all flavours however, in my scenario Ubuntu Server was my NTP Server and Redhat and CentOS were the clients.

Working on NTP Server

• Make sure NTP UDP port 123 is open, from both server firewall and hardware firewall if your server is behind DMZ, in my case it was.
•  Once the port is open, lets query and see if we get any replies from NTP Pool. it doesn't matter if you NTP service is running or not just yet.

  # ntpdate -dq 0.uk.pool.ntp.org (d ==> debugging mode to see what's going on, q ==> querying without setting the clock and I chose the best suitable pool)

• Now, the output must be transmit and receive then you're good to go which can be seen below and if your just getting transmit then there must be something wrong and check firewall iptables and your hardware firewall if you have so, in my case juniper firewall.
• Let's permanetly set it up. We need to configure NTP config file (ntp.conf) and add suitable pool (http://www.pool.ntp.org/en/)

 # vim /etc/ntp.conf and add your suitable pool

•  start your ntp service and make sure its running

# service ntp start

# netstat -unlp | grep -i ntp (You should get output of ntp service running)

• Now, let us update our date and time

# ntpdate -v -b -d 0.uk.pool.ntp.org

• check if it is working using date command and let us sync it with hwclock which will sync with hardware clock.

# hwclock --systohc

Working on NTP Client Server

•  Once again, we need to remember that port 123 is open.  We will be configuring ntp.conf but instead of "0.uk.pool.ntp.org" we replace it with "NTP Server IP" and start the NTP Server
• Let's set the time and date

# ntpdate -v -b -d 192.168.9.10 (server IP)

# hwclock --systohc

waaaalaaa it seems to be out NTP Servers up and running and client server synced with NTP server. 

xrdp installation in ubuntu

xRDP is a open source protocol that support RDP (Remote Desktop Protocol).

This is really useful for people who want to RDP to windows desktop or server via linux or unix machine and with xrdp it makes your life easy. 

Step 1 – Install xRDP

Open Terminal:

$ sudo apt-get update

$ sudo apt-get install xrdp

Step 2 – Install XFCE4 

(Unity doesn’t seem to support xRDP in Ubuntu 14.04 although in Ubuntu 12.04 it was supported that’s why we install XFCE4)

$ sudo apt-get install xfce4

Step 3 – Configure xRDP

In this step we modify 2 files to make sure xRDP uses xfce4. First we need to create or edit our .xsession file in our home directory. We can either use vim or simply redirect an echo statement (easier):

$ echo xfce4-session >~/.xsession

The second file we need to edit is the startup file for xRDP, so it will start xfce4.

$ sudo vim /etc/xrdp/startwm.sh

The content should look like this (pay attention to the last line and ignore. /etc/X11/Xsession):

#!/bin/sh

if [ -r /etc/default/locale ]; then

  . /etc/default/locale

  export LANG LANGUAGE

fi

startxfce4

Step 4 – Restart xRDP

To make all these changes effective, restart xRDP as such:

$ sudo service xrdp restart

WINDOWS SIDE

Open Remote Desktop Connect è IP or Hostname è Put in your Linux Username and Password