Monday, November 9, 2015

How Install/Configure a Relay Host

How Install/Configure a Relay Host

Purpose

This document describes how to install/configure a Relay Host server.

Target Audience

This document is intended for use by Systems Administrators who wish to install and configure a Relay host server.

Prerequisites

Hardened Linux 6 system

Installing a new Relay Host server

Install the required packages


# yum install postfix

Configuring the Relay Host

# vi         /etc/postfix/main.cf

Uncomment:
inet_interfaces = all

Comment:
inet_interfaces = localhost

Edit the following:
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, yourdomain.com
local_recipient_maps =
mynetworks = 10.120.22.0/16, 10.110.22.0/16


Edit /etc/postfix/main.cf and add these lines at the bottom,

transport_maps = hash:/etc/postfix/transport
smtp_generic_maps = hash:/etc/postfix/generic

Create a file named transport in /etc/postfix and add the following text,
*  smtp:smtp.youremailserver.com

Remember to swap “smtp.youremailserver.com” for the address of your email server.

Now create a file named generic and add the following:
@hostFQDN    hostname@domain.com

Now we need to compile those files using the postmap command,
# postmap /etc/postfix/transport
# postmap /etc/postfix/generic

Restart postfix and you should find all mails will be redirected to your email server.

On the client side, add the following:
relayhost = [an.ip.add.ress]
#  service postfix restart

Notes:
To see all mails in the current queue:
# mailq

To flush the mail queue run:
# postfix flush

To get the maximum queue lifetime
#  postconf maximal_queue_lifetime
maximal_queue_lifetime = 5d

To get the message size limit
# postconf message_size_limit
message_size_limit = 10240000

Start the Postfix Daemon

# service postfix start
# chkconfig postfix on

Finishing up


You have now successfully configured a new Relay Host server. 

How Install/Configure a new Proxy server

HOW Install/Configure a new Proxy server


Purpose

This document describes how to install/configure a Proxy server.


Target Audience

This document is intended for use by Systems Administrators who wish to install and configure a Proxy server.


Prerequisites

Hardened Linux 6 system.


Installing a new Proxy server

Install the required packages

# yum install squid
# vi /etc/squid/squid.conf
Change the http_port to 8080

Start the Proxy Daemon

# service squid start
# chkconfig squid on

Finishing up


You have now successfully configured a new Proxy server. 

Sunday, November 8, 2015

How Install/Configure a new NTP server

Purpose

This document describes how to install/configure an NTP server.

Target Audience

This document is intended for use by Systems Administrators who wish to install and configure an NTP server.

Prerequisites

Hardened Linux 6 system

Installing a new NTP server

Install the required packages


# yum install ntp

# vi /etc/ntp.conf

// If the system is using the IPV4 not IPV6, comment the following lines:

#restrict -6 default kod nomodify notrap nopeer noquery
#restrict -6 ::1

Add your preferred external time servers.
For me, I comment the default time servers and I add the following:

server time.nist.gov

Make sure that your /etc/sysconfig/ntpd has the following line:

OPTIONS="-u ntp:ntp -p /var/run/ntpd.pid -g"

Start the NTP Daemon


# service ntpd start
# chkconfig ntpd on

Test the sync to the external NTP server


To print a list of the peers known to the server as well as a summary of their state:

# ntpq –p

Search for “*”, * = current time source

Manual Sync the system


# ntpdate  -bs  time.nist.gov

Finishing up

You have now successfully configured a new NTP server.


How install and harden a new Linux server.


Purpose

This document describes how to add a RHEL or Oracle Linux servers to any test/production environment.

Target Audience

This document is intended for use by Systems Administrators who wish to install and harden Linux servers.

Prerequisites

Install the OS and choose the appropriate layout and correct hostname.

Adding a new Linux server

Network Configurations


Add the Name server to your resolv.conf configuration file.
# vi /etc/resolv.conf
Nameserver  <IP>

Configure your NIC.
# vi /etc/sysconfig/network-scripts/ifcfg-eth0
# service network restart
# ping google.com              //For testing

VMTools Installation

 For virtual machines, so the following: 

# cd
# mkdir VMTools
# mount /dev/cdrom /mnt/
# cp -a /mnt/VMwareTools-x.x.x.tar.gz VMTools/
# umount /dev/cdrom
# cd VMTools/
# tar   xzvf   VMwareTools-x.x.x.tar.gz
# cd vmware-tools-distrib/
#./vmware-install.pl

Disable SELinux

To make your life easy :)

#  vi /etc/sysconfig/selinux

NTP Configuration


# vi /etc/ntp.conf
# ntpdate -bs ntp01. domainname.com
# service ntpd start
# chkconfig ntpd on

Register the system


# uln_register --proxy=proxy.domainname.com:8080

# export http_proxy=http:// proxy.domainname.com:8080                         //Not required only if you faced a problem connecting to ULN
# export https_proxy=http:// proxy.domainname.com:8080                      
# uln_register --proxy= proxy.domainname.com:8080

Update the system


# yum update

Apply the security scripts

 Security scripts will be uploaded separately.

# cp -a scripts/ /root/
# cd /root/scripts/
# chmod u+x *
#./script1.sh
#./script2.sh
#./script3.sh
#./script4.sh
#./script6.sh
#./script7.sh
#./script8.sh
#./script9.sh

LDAPS Configuration

 Will attach samples of the configuration files later.
# yum install openldap openldap-clients nss-pam-ldapd krb5-libs
# cd /etc
# scp krb5.conf nsswitch.conf pam_ldap.conf sudo-ldap.conf sudoers nslcd.conf client:/etc/          
# cd /etc/pam.d
# scp login  password-auth-ac  system-auth-ac              client:/etc/pam.d
# cd /etc/openldap/certs/
# scp ca.pem client:/etc/openldap/certs/
# certutil -A -n "CA Certificate" -t "CT" -i ca.pem -d .
# service nslcd start
# sudo su - your_ldap_user

Auto create Home Directories


# vi /etc/pam.d/sshd
# session    required     pam_mkhomedir.so skel=/etc/skel/ umask=0022

Log Configuration


Add your log server to /etc/rsyslog.conf  
# service rsyslog restart

Mail Configuration

 Add the relay host:
# vi /etc/postfix/main.cf      
# service postfix restart

Add the system admin contact email


# vi /root/.forward


Tripwire Installation


# yum install gcc-c++
# cd /opt/
# tar xjvf /root/Server/tripwire-x.x.x-src.tar.bz2
# cd tripwire-x.x.x-src/
# vi policy/twpol-Linux.txt
Comment the following:
/usr/local/sysinfo
 /usr/X11R6/lib
 /etc/mail/statistics
 /var/lost+found
 /cdrom
 /floppy
 /initrd
 /home/lost+found
/etc/sysconfig/hwconf

#./configure
# make
# make install 
# tripwire --init

# cd /root/Server/
# cp tripwire /etc/cron.daily/
# ls -l /etc/cron.daily/
# chmod +x /etc/cron.daily/tripwire

Proxy Configuration


# vi /etc/wgetrc                     //To add the proxy
# vi /etc/profile                      //Add the following
PS1='\u@\h:\w\$ '
PS2='> '

Stop iptables services (Put all rules on the main firewall)


# service iptables stop
# service ip6tables stop
# chkconfig iptables off
# chkconfig ip6tables off

# reboot

Finishing up


You have now successfully hardened and configured a new Linux server. 

Thursday, February 24, 2011

How Install Tigase XMPP Server


Installation using GUI installer

If you don't want to install Tigase using manual method, you can use the GUI installer. 
Therefore it is the preferred way to install Tigase.

Prerequisites

Before you can start the GUI installer you will need to have working Java environment. Although installer only requires JRE (Java Runtime Environment), server needs the JDK (Java Development Kit).
After configuring JDK you can download the Tigase GUI installer and start the server installation process. It is also important to set the JAVA_HOMEenvironment correctly.

Download the installer // ( the latest )

Run the jar file

You will be able to check a whether your Java environment is working. To do it type the

java -version

you may start the installer i.e. for the file tigase-server-5.0.0-b2135.jar downloaded to the c:\download directory type the following command:

java -jar c:\download\tigase-server-5.0.0-b2135.jar

//You can add  -console to install it using console installer, usually I am using it, I don't have GUI :)

This command should start the installer or print an error message explaining what is the cause of problem.

Notes:
·        Tigase server base directory:
/usr/local/Tigase-5.0.0-b2135/

·        To start tigase go to tigase base directory then:
# ./scripts/tigase.sh       start   etc/tigase.conf

·        To stop tigase go to tigase base directory then:
# ./scripts/tigase.sh        stop   etc/tigase.conf

·        To check if the server is running , just try to connect to it by using one of many available clients.(like: psi ‘/usr/bin/psi  &’)
Note: To install psi,
·        Install rpmforge repo
·        #   yum install psi

·        An example content of the init.property file to run the tigase server in the cluster mode would be:
--virt-hosts=example.com
--cluster-mode=true
--cluster-nodes=cluster-node1,cluster-node2
--sm-cluster-strategy-class=cluster.StrategyImpl


Prepare the MySQL database for the Tigase server

Configuring from MySQL command line tool

Run the MySQL command line client in either Linux or MS Windows environment and enter following instructions:
  • Create the database for the Tigase server:
    1
    mysql> create database tigasedb;

    • Add the tigase_user user (create user ‘tigase_user’ identified by ‘tigase_passwd’;) and grant him access to the tigasedb database. Depending on how you plan to connect to the database (locally or over the network) use one of following commands or all if you are not sure:
    • Grant access to tigase_user connecting from any network address.
      1
      mysql> GRANT ALL ON tigasedb.* TO tigase_user@'%'
      2
      IDENTIFIED BY 'tigase_passwd';

      • Grant access to tigase_user connecting from localhost.
        1
        mysql> GRANT ALL ON tigasedb.* TO tigase_user@'localhost'
        2
        IDENTIFIED BY 'tigase_passwd';

        • Grant access to tigase_user connecting from local machine only.
          1
          mysql> GRANT ALL ON tigasedb.* TO tigase_user
          2
           IDENTIFIED BY 'tigase_passwd';

          • And now you can update user permission changes in the database:
            1
            mysql> FLUSH PRIVILEGES;

            • Load database schema to initialize the Tigase server database space. First, switch to the database you have just created:
              1
              mysql> use tigasedb;

              For the Tigase server version 4.x and later you have to use proper schema version:
              1
              mysql> source database/mysql-schema-4.sql;

              N.B. There is an error in this schema; this is fixed by changing the last_logout default value to:
              last_logout timestamp DEFAULT ‘1970-01-02 01:01:01’

              Configuring MySQL for UTF-8 support

              In the my.conf put following lines:
              [mysql]
              default-character-SET=utf8
              [client]
              default-character-SET=utf8
              [mysqld]
              init_connect='SET collation_connection = utf8_general_ci; SET NAMES utf8;'
              character-set-server=utf8
              default-character-SET=utf8
              collation-server=utf8_general_ci
              skip-character-set-client-handshake

              Then connect to the database and from the command line shell check settings:
              1
              SHOW VARIABLES LIKE 'character_set_database';
              2
              SHOW VARIABLES LIKE 'character_set_client';
              If any of these shows something else then 'utf8' then you have to correct it:
              1
              ALTER DATABASE tigasedb DEFAULT CHARACTER SET utf8;
                
              Notes:

              ·        You have to update your tigase server; Binary updates are located in the Tigase's maven repository
              Replace jars/tigase-server.jar by  jars/tigase-server-x.x.jar Nothing more.

              ·        If you are using clustered mysql database with your tigase server you have to alter all tables in tigase schema to use ndb engine which needs to drop all foreign keys.
              mysql >  alter table <table-name> drop foreign key <foreign-key-name>;
              mysql>  alter table t1 engine=ndb;
              ·        Java Home: /usr/java/jdk1.6.0-23
              •         To enable cluster mode in tigase:

              Add the following lines in init.properties:
              --cluster-mode=true
              --cluster-nodes=tigase1, tigase2
              •         To print all received and sent character data, add:

              --debug=xmpp.XMPPIOService

               Done 
              Inas

              Wednesday, February 23, 2011

              How Install Tomcat

              For stand alone installation:

              •  Stop apache if it is running:

              #  service   httpd  status
              #  service   httpd  stop
              #  chkconfig  --list  httpd
              #  chkconfig  httpd  off

              •  Install JDK

              Check java version using:
              #  java   -version
              #  echo JAVA_HOME    //if none, set JAVA_HOME
              #  export   JAVA_HOME=/usr/java/jdk1.6-23   //add it to your profile.

                    # yum   list   gcc     //  if it is not installed then,  yum   install   gcc

                          #  cd   Softwares
              #  tar  xzf  apache-tomcat-7.0.6.tar.gz
              #  mv apache-tomcat-7.0.6    /opt/tomcat

              •  Test it
              #  /opt/tomcat/bin/startup.sh

                          Add CATALINE_HOME to your profile
              #  cd
              #  vi  .bash_profile
              export   CATALINA_HOME=/opt/tomcat

              # export   CATALINA_HOME=/opt/tomcat
              # groupadd   tomcat
              #  useradd  -g  tomcat  -d  /opt/tomcat   tomcat
              #  passwd  tomcat                 
              #  chown  -R  tomcat:tomcat   /opt/tomcat
              #  cd   /opt/tomcat/bin
              #  tar   xzf   common-daemon-native.tar.gz
              #  cd   common-daemon-1.0.5-native-src/unix
              #  ./configure
              #  make
              #  cp  jsvc   ../..
              #  cd   ../../..
              #  cp   /opt/tomcat/bin/common-daemon-1.0.5-native-src/unix/samples/Tomcat7.sh   /etc/init.d/tomcat

              • To start tomcat:

                    #  /etc/init.d/tomcat start

              • To stop tomcat:

                    #  /etc/init.d/tomcat stop

              • Change Apache Tomcat port 8080 to 80 or another port number

              #  vi    /opt/tomcat/conf/server.xml
              <Connector port="80" … />
              # /etc/init.d/tomcat  restart

              Done 
              Inas