ossec clear database

To delete all currently stored alerts and related data in the ossec database execute these commands in

MySQL Editor:

truncate table alert; truncate table data;

Bash Script: #!/usr/local/bin/bash # #Stop ossec, remove old alerts, start ossec

echo “stopping ossec”

/var/ossec/bin/ossec-control stop

echo ‘TRUNCATE TABLE `alert` ;’ | mysql ossec . . . → Read More: ossec clear database

Secure Apache ServerTokes and ServerSignature directives

There are two config directives that controls Apache version. The ServerSignature directive adds a line containing the Apache HTTP Server server version and the ServerName to any server-generated documents, such as error messages sent back to clients. ServerSignature is set to on by default. The ServerTokens directive controls whether Server response header field which is . . . → Read More: Secure Apache ServerTokes and ServerSignature directives

Install OSSEC local on Ubuntu

 

Download files wget http://www.ossec.net/files/ossec-hids-latest.tar.gz wget http://www.ossec.net/files/ossec-hids-latest_sum.txt Check the MD5 or SAH1 to make sure they are legit (Don’t skip!!) md5sum ossec-hids-latest.tar.gz cat ossec-hids-latest_sum.txt Extract the files from the tar tar zxvf ossec-hids-latest.tar.gz Cd into the directory and run the installer ** cd ossec-hids-latest/ ./install.sh If you are not running a local install make sure . . . → Read More: Install OSSEC local on Ubuntu

check your website for vulnerabilities

How do you check your website for vulnerabilities for free?

Check out these sites that provide free vulnerability scans:

http://wepawet.iseclab.org/index.php

http://sitecheck.sucuri.net/scanner/

fseek() expects parameter 3 to be long os_lib_alerts.php SEEK_SET

to fix this error: fseek() expects parameter 3 to be long os_lib_alerts.php SEEK_SET

Line 842 in os_lib_alerts.php Reads:

fseek($fp, $seek_place, “SEEK_SET”);

It should actually be:

fseek($fp, $seek_place, SEEK_SET);

Detecting Alternate Data Streams

ads

Let’s get started detecting streams (ADS)

What is an stream?

An stream is essentially a hidden file within another file (.txt, .jpg, .mp3, .exe, etc)

Why should I care?

Files can contain malicious streams and compromise your machine

Creating an stream

Open up command prompt and run this in a directory

echo ‘the password is . . . → Read More: Detecting Alternate Data Streams

Secure Scalable Storage Solution

Names You Need To Know in Data Security: Cleversafe

http://www.forbes.com/sites/benkerschberg/2011/09/30/names-you-need-to-know-in-data-security-cleversafe/

This article is about a company called Cleversafe that has created a secure and redundant way to store enormous amounts of data. The article also explains why this technology is needed; RAID storage does not scale and is more prone to failure. Cleversafe’s storage . . . → Read More: Secure Scalable Storage Solution

detect php backdoor

how to detect php backdoor ?

(Note content is from http://25yearsofprogramming.com/blog/2010/20100315.htm)

Website security: How to find backdoor PHP shell scripts on a server

This is supplemental information for a series of articles that begins at:

Website security: what to do after your site is hacked, and how to prevent it

Although the article below looks . . . → Read More: detect php backdoor

how to browse web securely

i just read a great article on how to browse the web securely with his creation of the “Secure Browsing Environment”.

The author shows you how to:

Spin up your own linux virtual machine instance of WattOS Set up shared vm folders Install/configure: ClamAV OpenDNS (prevent phishing attacks) ISnort In-Line/Oinkmaster/Swatch alert scripts Chrome and Firefox . . . → Read More: how to browse web securely

install fail2ban ubuntu 10.10

How to install fail2ban on ubuntu 10.10

Install Fail2ban

# apt-get update # apt-get install fail2ban

List IPtables to see if it is running

# iptables -L

You will see this at bottom of IPTables:

Chain fail2ban-ssh (1 references) target prot opt source destination RETURN all — anywhere anywhere

Copy the default .conf file so . . . → Read More: install fail2ban ubuntu 10.10