Linux Admin Zone

You need to disable SSL ver 2 and enable SSL ver 3 in apache for PCI compliance. Its very easy to do. Following settings will set SSL ver 3 and also disable older/unsecure cipher suite in Redhat/centos/fedora Linux server:
1. Open /etc/httpd/conf.d/ssl.conf and add or if these lines already there, edit them as per follows:

## Disbale SSLv2 and enable SSLv3
SSLProtocol -All +SSLv3 +TLSv1
SSLCipherSuite HIGH:!SSLv2:!ADH:!aNULL:!eNULL:!NULL

2. Reload httpd service to apply the new settings:

# /etc/init.d/httpd reload

3. Verify the settings by connecting to SSL ver 3 protocol:

# openssl s_client -connect localhost:443 -ssl3

It should connect. you can also try connecting to SSL ver 2 which should result in error. Request the PCI test again and it should not complain about Apache SSL related issues.

In the era of daily brute force attacks, it is advisable to change your ssh port from default 22 to something higher, to lower your chances of being a victim.

I’m using CentOS 5.2 box here but the process should be identical in other RH based distros.

Step 1. Update /etc/ssh/sshd_config file, line 13 (it might be different in your file):

old line:
Port 22
Change it to:
Port 54545 # any port number you wish

if you rush and try to restart your ssh service, you may end with getting error:

# /etc/init.d/sshd restart
 Stopping sshd:                                             [  OK  ]
Starting sshd: /etc/ssh/sshd_config line 13: Badly formatted port number. [FAILED]

ntop is one of the most powerful and easy to use tool for network traffic statistics viewing and analysis.

Here are quick steps to install it on CentOS 5.2 box (upgraded from 5.0 release).

Try to install in easy way:

$ yum install ntop

Most probably yum get failed for missing dependencies such as rrdtool package. If this is the case, download and install this package manually:

$ cd /usr/src
$ wget http://dag.wieers.com/rpm/packages/rrdtool/rrdtool-1.2.23-1.el5.rf.i386.rpm
$ rpm -ivh rrdtool-1.2.23-1.el5.rf.i386.rpm --nodeps

I’ve used –nodeps option in rpm command to ignore any dependencies. Yum will take care of that, we just need rrdtool as of now.

The simple method is to add the offensive IP in your /etc/hosts.allow file and deny any access to that:

$ ee /etc/hosts.allow  (and add following line in it)
	all: <ip address> :deny

You can also use one quick and dirty hack:

$ route add <ip address> 127.0.0.1

All ACKs to specified IP address would be headed to 127.0.0.1, means going nowhere and no TCP connections could be established this way. No UDP or ICMP packets would reach the blocked IP address. You can also block a whole subnet this way. Though, it’ll not stop the traffic from that IP.

If you have ipfw installed, you can try this also:

$ ipfw add deny from <IP Address> to any

Some times we need a way to automatically save any user’s or root’s activity so that we can check later. In environment, where root account is accessible by multiple people, its very helpful to exactly know who did what and when? In my case, I have found that some files are changed mysteriously but I was clueless as there are more than one users with root access.

To save the activity/history of any user (including root), you need to open the user’s .bash_profile from his home directory.