I know this is Linux and viruses are not supposed to be an issue, but face it we have other operating systems connecting and they are known for bringing these little monsters in, so it is our duty to seek and destroy those on the server. In steps ClamAV, a fast, free and efficient anti-virus solution. Dag Wieers maintains many packages for downloads and he just happens to have what we are looking for with ClamAV. Once you have this installed there are many other applications to integrate with on your server.
To install
1. Download the file using wget
$ sudo wget http://packages.sw.be/clamav/clamav-0.96.4-1.el5.rf.i386.rpm
$ sudo wget http://packages.sw.be/clamav/clamav-db-0.96.4-1.el5.rf.i386.rpm
Install it
$ sudo rpm -ivh clamav-0.96*.rpm
Now that we have it installed there are a few things we need to learn about it and do. First thing is to update the definitions. We achieve this by running the command freshclam. Freshclam requires and Internet connection to download and update the virus definitions. All you have to do is type the command, press enter and voila! We are up to date.
2. To run antivirus and print infected files
clamscan -ri /home
3. To remove infected files and emails.
clamscan -ri --remove /home
4. Running as Cron Daily Job
To run antivirus as a cron job (automatically scan daily) just run crontab -e from your command line. Then add the following line and save the file. I have added them to my root crontab for this example.
02 1 * * * root clamscan -R /var/www
This will run the cron job daily @ 1.02 AM by scanning the public html files. You can change the folder to whatever you want for mail etc.
00 11 * * * * root freshclam
This will update the anti-virus database at 11 am daily.
http://linuxforeverything.com/wordpress/?p=106
http://www.digitalsanctuary.com/tech-blog/debian/automated-clamav-virus-scanning.html
Search This Blog
Saturday, January 7, 2012
E-mail Alert on Root SSH Login
Want to be notified instantly when someone logs into your server as root? No problem, check out this nice tutorial on email notification for root logins. Keeping track of who logs into your server and when is very important, especially when you're dealing with the super user account. We recommend that you use an email address not hosted on the server your sending the alert from.
So lets get started!
1. Login to your server and su to root, I know the irony!
2. cd /root
3. pico .bashrc
4. Scroll to the end of the file then add the following:
echo 'ALERT - Root Shell Access (YourserverName) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d'(' -f2 | cut -d')' -f1`" you@yourdomain.com
Replace YourServerName with the handle for your actual server
Replace you@yourdomain.com with your actual email address
5. Crtl + X then Y
Now logout of SSH, close the connection and log back in! You should receive an email address of the root login alert a few minutes afterwards.
Note: This is a great tool for servers that have multiple admins or if you give someone SSH access for whatever reason, although you should give out the root password to as few people as humanly possible and be sure to change it often.
This will not magically alert you when a hacker runs the latest kernel exploit on your server and logs into SSH because they will create their own SSH/telnet connection. You should keep your system up to date, install a firewall and follow the latest security releases.
So lets get started!
1. Login to your server and su to root, I know the irony!
2. cd /root
3. pico .bashrc
4. Scroll to the end of the file then add the following:
echo 'ALERT - Root Shell Access (YourserverName) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d'(' -f2 | cut -d')' -f1`" you@yourdomain.com
Replace YourServerName with the handle for your actual server
Replace you@yourdomain.com with your actual email address
5. Crtl + X then Y
Now logout of SSH, close the connection and log back in! You should receive an email address of the root login alert a few minutes afterwards.
Note: This is a great tool for servers that have multiple admins or if you give someone SSH access for whatever reason, although you should give out the root password to as few people as humanly possible and be sure to change it often.
This will not magically alert you when a hacker runs the latest kernel exploit on your server and logs into SSH because they will create their own SSH/telnet connection. You should keep your system up to date, install a firewall and follow the latest security releases.
Thursday, January 5, 2012
Getting the total number of results found from Apache Solr searches
On a recent Drupal project, the design for the search results page called for displaying the total number of results found in the page title: 120 results found for the term "school" I was using Apache Solr for the search solution, and to override the page title, I implement THEMENAME_preprocess_page() in template.php:
<?phpfunction MYTHEME_preprocess_page(&$vars) {
if(arg(1) == 'apachesolr_search') {
if (apachesolr_has_searched() && ($response = apachesolr_static_response_cache())) {
$query = apachesolr_current_query();
$keywords = $query->get_query_basic();
$num_found = $response->response->numFound;
$vars['title'] = $num_found.' results for the term "'.check_plain($keywords).'"';
}
}
} ?>If you use the Context module, set up a context called "search" and use that condition instead:
<?phpfunction MYTHEME_preprocess_page(&$vars) {
$contexts = context_active_contexts();
if(array_key_exists('search', $contexts)) {
if (apachesolr_has_searched() && ($response = apachesolr_static_response_cache())) {
$query = apachesolr_current_query();
$keywords = $query->get_query_basic();
$num_found = $response->response->numFound;
$vars['title'] = $num_found.' results for the term "'.check_plain($keywords).'"';
}
}
} ?>http://beyrent.net/blog/2011/08/getting-total-number-results-found-apache-solr-searches
Wednesday, January 4, 2012
PHP: How to extract numbers from a string (text)
This is a short function that extracts numbers from a string:
Output:
01.function extract_numbers($string)02.{03.preg_match_all('/([\d]+)/', $string, $match);04. 05.return $match[0];06.}07. 08.$string = 'Lorem ipsum dolor sit 45 40 amet, consectetuer adipiscing elit. 35 65675 Suspendisse sed nibh non diam consectetuer pharetra. Morbi ultricies 235 536pede et pede. 9432 3536 Nunc eu risus eget quam lacinia feugiat. In sapien sem, fringilla quis, 34 24 8762condimentum id, bibendum ut, nibh. Quisque 2367 784 elementum massa 350 235 vel nulla.';09. 10.$numbers_array = extract_numbers($string);11. 12.echo '<pre>'; print_r($numbers_array); echo "</pre>";01.Array02.(03.[0] => 4504.[1] => 4005.[2] => 3506.[3] => 6567507.[4] => 23508.[5] => 53609.[6] => 943210.[7] => 353611.[8] => 3412.[9] => 2413.[10] => 876214.[11] => 236715.[12] => 78416.[13] => 35017.[14] => 23518.)Monday, January 2, 2012
How to avoid typing a password for the default keyring for wireless after booting Ubuntu every time
After booting your Ubuntu, you are always asked to unlock the default keyring for wireless connection, the simple solution to avoid this:
Step 1: delete the following two files:
default.keyring
login.keyring
login.keyring
Find the two files at Place--> Home Folder
.gnome2/keyrings/
.gnome2/keyrings/
Or In Terminal, type the command:
rm ~/.gnome2/keyrings/*keyringStep 2:
Next time, if it asks to type a default key for the keyring, just left it as blink, and choose unsafe storage.
Next time, if it asks to type a default key for the keyring, just left it as blink, and choose unsafe storage.
Fix kernal panic in Ubuntu server 9.04
Yesterday (Feb 26, 2010), my web server was down with the message: "kernal panic... cannot access ex4 file on root...grub..."
I fixed it today with the following steps:
1. Reboot with a Ubuntu Desktop live-cd, to check the file system. What I've got:
Disk 1:
1gb for /boot
50 gb for /
20 gb for /var
Disk 1:
1gb for /boot
50 gb for /
20 gb for /var
Disk 2:
320 gb for /home (/home/server/www)
320 gb for /home (/home/server/www)
2. copy mysql data and web files
/var/lib/mysql
/var/lib/mysql
/var/www
3. Download the old server file at http:\\release.ubuntu.com\release (server 904)
4. Reboot from the server CD and choose rescue mode
5. under the partition disk, choose
rewrite /boot
keep other files untouched (/pariions (/var; /; /home), but need to choose the correct partition and file system (all my files are ext4).
rewrite /boot
keep other files untouched (/pariions (/var; /; /home), but need to choose the correct partition and file system (all my files are ext4).
6. After reboot, the server is OK but it cannot connect mysql server
7. Restore and rewrite /var/lib/mysql
8. run
sudo dpkg-reconfigure mysql-server-5.0
to fix the mysql root
sudo dpkg-reconfigure mysql-server-5.0
to fix the mysql root
Reboot, and everything is back to normal.
How to show/hide block for centain type of contents in Drupal 6
Show Block for Specific Content Type (my case is thai)
<?php
$node = node_load(arg(1));
$type = $node->type;
return in_array($type,array('thai'));?>Hide Block for Specific Content Type (thai)
<?php
$match = TRUE;$types = array('thai' => 1);
if (arg(0) == 'node' && is_numeric(arg(1))) {
$nid = arg(1);
$node = node_load(array('nid' => $nid));
$type = $node->type;
if (isset($types[$type])) {
$match = FALSE;
}
}
return $match;?>More inform, see here: http://drupal.org/node/115419
The above codes are used for Kawaii Kindergarten sites to control English and Thai menus.See here: http://ibc.ac.th/kk
Show Block for Specific Content Type in Drupal 5
<?phpif (arg(0) == 'thai') {
return TRUE;
}
if (arg(0) == 'node' && ctype_digit(arg(1))) {
$node = node_load(arg(1));
if ($node->type == 'thai') {
return TRUE;
}
}
return FALSE;?>
Subscribe to:
Posts (Atom)
LinkWithin
