Eric Wedaa’s notes on setting up centos 6.2

I just came across this page and thought i’d post it because it had some good content:

# Eric Wedaa's notes on setting up centos 6.2
# email [email protected]
#
# May 9-21, 2012
#
# In general, I used mozilla to download the files into
# /home/shepherd/Downloads
#
######################################################################
#
# date command for copying and chmoding files
# chmod does not work if you run cp command to close to midnight
#
# `date +%Y.%m.%d.%H.%M`
#
# you might want to set this
#
export LD_LIBRARY_PATH=/opt/csw/lib:/opt/csw/gcc4/lib:/usr/lib/:/usr/local/lib
#
######################################################################
#
# This MAY look like a shell script, but it isn't really.
#
# These are commands to cut/paste into your window. This is because
# there may be newer versions of the software, and because sometimes
# you really need to edit some of the configuration files by hand
# to make things work properly.
#
######################################################################
#
# Update CPAN because it ALWAYS needs updating
#

cpan CPAN
cpan YAML

######################################################################
#
# Update all the RPM Packages so that we are up to date with the
# latest patches
#

yum -y update

######################################################################
#
# Make sure iptables is configured and running
#
service iptables status

######################################################################
#
# Install OpenVAS
#

wget -q -O - http://www.atomicorp.com/installers/atomic |sh
yum install openvas
openvas-setup
/usr/sbin/openvas-adduser

# APPARENTLY NOT NEEDED /usr/sbin/openvas-mkcert

# BTW-You will have to rerun these next two commands to make
# sure that your signature files are up to date.
# Maybe you can add them to /etc/rc.local or to root's crontab file

/usr/sbin/openvas-nvt-sync
/usr/sbin/openvasmd --rebuild

#restarting takes a little bit. make sure to disable this at boot
#time if you don't use it every day.

service openvas-scanner restart

#Now that we're done setting up openvas, we want to make atomic repo
#an invalid source so we don't accidentally download rpms from there

mv /etc/yum.repos.d/atomic.repo /etc/yum.repos.d/atomic.repo.dont_use

#Disable openvas at startup, I don't need it running everyday
chkconfig openvas-administrator off
chkconfig openvas-manager off
chkconfig openvas-scanner off

######################################################################
#
# fix postfix security holes
# Also good for OpenVAS complaints
#

echo "disable_vrfy_command=yes" >> /etc/postfix/main.cf
vi /etc/postfix/main.cf
#search for and uncomment next line
#inet_interfaces = all
#search for and comment out the next line
#inet_interfaces = localhost
#
#find the mydomain line and add your domainname
#mydomain = wedaa.com
#

######################################################################
#
# fix apache security holes
# Also good for OpenVAS complaints

echo "TraceEnable Off" >> /etc/httpd/conf/httpd.conf
echo "Header unset ETag " >> /etc/httpd/conf/httpd.conf
echo "FileETag None " >> /etc/httpd/conf/httpd.conf

######################################################################
#
# Turn off unneeded services
# Also good for OpenVAS complaints
#

chkconfig cups off
chkconfig nfs off
chkconfig nfslock off

######################################################################
#
# Create local repo diretory
#

yum install createrepo
mkdir /home/shepherd/yum-stuff
cd /home/shepherd/yum-stuff
wget -nc -r http://centos.mirror.nac.net/6.2/updates/i386/Packages/

echo "STILL NEEDS configuration work so I can use it locally

######################################################################
#
# Install star (S-tar archiver)
#
yum install star

######################################################################
#
#Install telnet, but not the telnetd daemon (which is a security risk)
#

yum install telnet

######################################################################
#
#Yes, I know lftp is sometimes installed, but I like the simplicity
# of ftp sometimes
#

yum install lftp
yum install ftp

######################################################################
#
# Install all the named stuff
#
yum install bind
yum install bind-devel

cp named.iscdlv.key named.iscdlv.key.`date +%Y.%m.%d.%H.%M`
cp named.root.key named.root.key.orig.`date +%Y.%m.%d.%H.%M`
cp named.conf named.conf.orig.`date +%Y.%m.%d.%H.%M`
cp named.rfc1912.zones named.rfc1912.zones.`date +%Y.%m.%d.%H.%M`

chmod go-rwx named.iscdlv.key.`date +%Y.%m`*
chmod go-rwx named.root.key.orig.`date +%Y.%m`*
chmod go-rwx named.conf.orig.`date +%Y.%m`*
chmod go-rwx named.rfc1912.zones.`date +%Y.%m`*

#Get host2dns from http://seriss.com/people/erco/unixtools/hosts2dns/

cd /home/shepherd/Downloads
tar -xvf hosts2dns-0.95.tar.gz
cp hosts2dns /usr/local/sbin
chmod go-rwx /usr/local/sbin/hosts2dns

cp /etc/hosts /etc/hosts.`date +%Y.%m.%d.%H.%M`
chmodgo-rwx /etc/hosts.`date +%Y.%m.%d.%H.%M`

vi /etc/hosts #And follow the instructions on the website
#Sample below, pay attention to DNS lines
#!DNS:DOMAIN foo.x -- CHANGE THIS: SET TO YOUR DNS DOMAIN NAME
##!DNS:START -- Start of hosts to be added to DNS
#192.168.0.1 router ro -- eg. this will become router.foo.x
#192.168.0.2 howland ho how -- eg. this will become howland.foo.x
#192.168.0.12 havasu ha
##!DNS:END -- End of hosts to be added to DNS

/usr/local/sbin/hosts2dns -update

#This script contains a small bug which lists same
#REVERSE network twice.
vi /etc/named.conf #Remove the last one
service named start

# Add an MX record (make sure this is right path)
echo '@ IN MX 10 shepherd.wedaa.com'>> /var/named/fwd.wedaa.com

#Now restart named
service named restart

#Just like /etc/named.conf says, all the good files are in /var/named

#Edit /etc/resolv.conf to make domainname wedaa.com
cp /etc/resolv.conf /etc/resolv.conf.orig
echo "domain wedaa.com"> /etc/resolv.conf
echo "nameserver 127.0.0.1" >>/etc/resolv.conf
echo "nameserver 192.168.0.15" >>/etc/resolv.conf

#Anytime a change is made in /etc/hosts you need to run
#/usr/local/sbin/hosts2dns -update
#AND update the MX record for the domain
#echo '@ IN MX 10 shepherd.wedaa.com'>> fwd.wedaa.com
#Now restart named
service named restart

#DNS testing
#nslookup
#set q=mx
#us.ibm.com
#wedaa.com
#shepherd.wedaa.com

#NOTE: One of these days I'll edit hosts2dns to be able to
#figure out the MX entry and write it at the bottom of the fwd.wedaa.com
#file, but not today. If I used this more often I'd have added
#it already.

######################################################################
#
# How to get apache running on other than port 80 and 443
#
#http://danwalsh.livejournal.com/9275.html
#

#Show which ports under selinux http can access

semanage port -l | grep http

#http_cache_port_t tcp 3128, 8080, 8118, 8123, 10001-10010
#http_cache_port_t udp 3130
#http_port_t tcp 80, 443, 488, 8008, 8009, 8443
#pegasus_http_port_t tcp 5988
#pegasus_https_port_t tcp 5989
#So I can also listen to 8118
#set listen in httpd.conf to also listen to 8118
vi /etc/httpd/conf/httpd.conf
service httpd restart

#To add port 81 for http
#semanage port -a -t http_port_t -p tcp 81
#

######################################################################
#
# Download flash from http://get.adobe.com/flashplayer/
# get the tar.gz file
#
cd /usr/shepherd/Downloads
tar -xvf ../install_flash_player_11_linux.i386.tar.gz
cd /usr/lib/mozilla/plugins
cp ~shepherd/Downloads/libflashplayer.so .
cd ~shepherd/Downloads/
cp -r usr/* /usr

# start firefox, go to http://www.adobe.com/software/flash/about/
# and that will show if installed properly

######################################################################
#
# modify ssh stuff
#

# Edit config file so nobody else can login
# Also good for OpenVAS complaints

echo "AllowUsers ericw shepherd" >>/etc/ssh/sshd_config
service sshd restart

# If you want to be able to login without being prompted for
# a password, follow instructions from
# http://wiki.centos.org/HowTos/Network/SecuringSSH
#

#Block too many cracking attempts on ssh by using iptables

iptables -A INPUT -p tcp --dport 22 -m recent --set --name ssh --rsource
iptables -A INPUT -p tcp --dport 22 -m recent ! --rcheck --seconds 60 --hitcount 4 --name ssh --rsource -j ACCEPT
service iptables restart

######################################################################
#
# setup sudo for me
#
cp /etc/sudoers /etc/sudoers.orig
echo "shepherd ALL=(ALL) ALL">>/etc/sudoers

######################################################################
#
# Make sure only I can run su command
#
usermod -G wheel shepherd

Find these lines in /etc/pam.d/su:

# Uncomment the following line to require a user to be in the “wheel” group.
# #auth required pam_wheel.so use_uid
#
# And change them (as suggested) to this:
#
# # Uncomment the following line to require a user to be in the “wheel” group.
# auth required pam_wheel.so use_uid

######################################################################
#
# enable/turn on NFS
#

modprobe nfs
service nfs start
echo "/home 192.168.0.0/24(rw)">>/etc/exports
exportfs -a
#Show that it was exported
exportfs

# Now turn it all off till we need it

chkconfig nfs off
chkconfig nfslock off

######################################################################
#
# Setup samba/cifs
#

# Now turn it all off till we need it

######################################################################
#
# Get imapd going
#

service saslauthd start
chkconfig saslauthd on
testsaslauthd -u username -p password
# Output should be "0: OK "Success."

passwd cyrus

yum install cyrus-sasl
yum install cyrus-imapd
chkconfig cyrus-imapd on
service cyrus-imapd restart

#Set password for user cyrus
saslpasswd2 cyrus

#Chown ownership so that cyrus utilities can read the darn file
chown cyrus /etc/sasldb2

#To create a user
# cyradm -user cyrus localhost
# it will prompt for password
# To create a user "spam"
#createmailbox user.spam
# to list mailboxes from inside cyradm
#lm

######################################################################
#
# Installing mySQL
# Get mysqld running
#

chkconfig mysqld on
service mysqld restart
#Setup stuff
/usr/bin/mysql_secure_installation

######################################################################
#
# Installing squirrelmail
# Requires mysql sasl, cyrus-imapd and other things
#
# Make sure you do the postfix setup from above
#
# Get lastest squirrelmail from http://squirrelmail.org/download.php
cd /var/www/html/
tar -xf /home/shepherd/Downloads/squi*tar.gz
mv squ* squirrel
cd squirrel

mkdir /var/squirrel
mkdir /var/squirrel/data
chmod 0730 /var/squirrel/data
mkdir /var/squirrel/attachment
chmod 0730 /var/squirrel/attachment
chown apache /var/squirrel /var/squirrel/data /var/squirrel/attachment

./config/conf.pl #NON TRIVIAL SETUP, READ THE INSTALL GUIDE

#As it says, plaintext authentication is disabled. Enable that on your
#IMAP server or set "$imap_auth_mech = 'cram-md5';" in SquirrelMail
# configuration file - /var/www/html/squirrel/config/config.php.

#Now we configure mailbox_transport in /etc/postfix/main.cf.
#Add this line to the bottom:

echo "mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp" >>/etc/postfix/main.cf
service postfix restart

# SEE THIS WEBPAGE FOR HELP
#http://nakedape.cc/info/Cyrus-IMAP-HOWTO/Cyrus-IMAP-HOWTO.html
#
## PROBLEM WITH SELINUX AND IMAPD, IMAP, squirrelmail
#type=AVC msg=audit(1337040367.783:114): avc: denied { name_connect } for pid=3823 comm="httpd" dest=143 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:pop_port_t:s0 tclass=tcp_socket
#type=SYSCALL msg=audit(1337040367.783:114): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bf9d8950 a2=208afcc a3=0 items=0 ppid=2724 pid=3823 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
#type=AVC msg=audit(1337040367.783:115): avc: denied { name_connect } for pid=3823 comm="httpd" dest=143 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:pop_port_t:s0 tclass=tcp_socket
#type=SYSCALL msg=audit(1337040367.783:115): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bf9d8950 a2=208afcc a3=0 items=0 ppid=2724 pid=3823 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
#
# Enable selinux httpd can connect to network services
setsebool -P httpd_can_network_connect=1

# There are LOTS of plugins available at
# http://squirrelmail.org/plugins.php
# like the ever popular address book and calendar

######################################################################
#
# Install Bugzilla
#
# download from http://www.bugzilla.org/download/
# Installation hints are from
# http://www.thegeekstuff.com/2010/05/install-bugzilla-on-linux/
#
cd /home/shepherd/Downloads
mkdir bugzilla
mv bug*gz bugzilla
cd bugzilla
su
cd /var/www/html
tar -xf /home/shepherd/Downloads/bugzilla/*gz
cd bugzilla-4.2.1
vi /etc/my.cnf #read instructions on setting max_allowd_packet=4m
service mysqld restart
./checksetup.pl
/usr/bin/perl install-module.pl --all #This is going to take a few minutes
yum install gd-devel
/usr/bin/perl install-module.pl GD
#Setup mysql per directions
vi localconfig #to setup password for mysql
./checksetup.pl

#aw geezzz, gotta setup mod_cgi and figure out how to configure this
#Add this to the bottom of /etc/httpd/conf/httpd.conf

AddHandler cgi-script .cgi
Options +Indexes +ExecCGI
DirectoryIndex index.cgi
AllowOverride Limit FileInfo Indexes

#
#THEN you still get to login to bugzilla and goto
#http://localhost/bugzilla/editparams.cgi
#to finish the setup (READ the docs)

######################################################################
#
# Install Snort 2.9.2.3-1
#
# from http://www.snort.org/snort-downloads
# I downloaded snort-mysql-2.9.2.3-1.RHEL6.i386.rpm
#
# Also requires
# 1:snort-mysql-2.9.2.3-1.i386 requires libsfbpf.so.0
# 1:snort-mysql-2.9.2.3-1.i386 requires snort = 1:2.9.2.3-1
# 1:snort-mysql-2.9.2.3-1.i386 requires libdnet.1
# What a cluster F&#k
# The rpm will NOT install because the other libraries are not
# installed, but there are no CENTOS RPMs with those libraries.
#
# So I have to install everything from source code
#
# get libdnet from
# http://code.google.com/p/libdnet/downloads/detail?name=libdnet-1.12.tgz&can=2&q=
# Time to install from source
# got libpcap from www.tcpdump.org and installed
# got daq from http://www.snort.org/snort-downloads/
# got ERROR! Libpcre header not found.
# Get it from http://www.pcre.org
#
#Downloaded SOURCE for snort and ./configure; make; make install

#
# Now download and install/configure the plugin to modify iptables
# on the fly
#
# Please see docs at
# http://doc.emergingthreats.net/bin/view/Main/SnortSamDocumentation
#
# Warning, you must patch snort and recompile to use snortsam
#
#http://www.snortsam.net/

######################################################################
#
# Install Tripwire
#
# from http://sourceforge.net/projects/tripwire/
#
cd /home/shepherd/Downloads/
mkdir tripwire
mv tripwire*bz2 tripwire
cd tripwire/
tar -xf tripwire-2.4.2.2-src.tar.bz2
cd tripwire-2.4.2.2-src
./configure
make
su
make install
exit
# A clear-text version of the Tripwire policy file
# /usr/local/etc/twpol.txt
# has been preserved for your inspection. This implements
# a minimal policy, intended only to test essential
# Tripwire functionality. You should edit the policy file
# to describe your system, and then use twadmin to generate
# a new signed copy of the Tripwire policy.
su
cp /usr/local/etc/twpol.txt /usr/local/etc/twpol.txt.orig
# Edit the config file to comment out checking /home filesystem
# as that can take forever and IMHO isn't really needed
# (I'll take the chance)
vi /usr/local/etc/twpol.txt
twadmin -m P /usr/local/etc/twpol.txt
tripwire --test --email [email protected]
#Now to initialize the datafile, this will take forever :-)
tripwire --init -v #-v for verbose, just so you can see it working :-)

#Add this script as /usr/localsbin/tripwire-update.sh
# #!/bin/sh
# This will update the tripwire database which is faster than
# recreating from scratch
# DIR=/usr/local/lib/tripwire/report
# HOST=`hostname -s`
# LAST_REPORT=`ls -1t $DIR/$HOST-*.twr | head -1`
# echo tripwire --update --twrfile "$LAST_REPORT"

######################################################################
#
# Install COPS (Old, but still finds stuff occasionally)
# Cops 1.04+ is the latest with minor bugfixes
#
# ftp://coast.cs.purdue.edu/pub/tools/unix/scanners/cops/
#

cd /home/shepherd/Downloads
mkdir src
mkdir src/cops
mv cops*gz src/cops
cd src/cops
tar -xvf cops*gz

######################################################################
#
# Install Nagios
#

######################################################################
#
# Install TWIG (Just for giggles. It's dead but I want to take a
# look at it again and see if there's something still usefull about
# it.
#
# Found 2.8.3 at http://rpm.pbone.net/index.php3/stat/26/dist/66/size/1055046/name/twig-2.8.3-4mdv2009.0.src.rpm
#
# There WERE diffs all the way up to 2.8.7 but I can't find them anywhere :-(
#
# timestamp(14) is no longer valid, fix in mysql files
# http://bugs.mysql.com/bug.php?id=41510
# Also fixed bad default '0' bug (deprecated since last mysql release

yum install aspell
#really test with http://localhost/twig/test.php
# there is a bug on the line
# $aparse = TWIGMailParseAddresssList( "[email protected]", $config["fromdomain"] );
# There is one too many "s" in AddressList
#
yum install php-imap
#
# Please see http://wedaa.com/eric/software/twig-stuff/
# For more details.

######################################################################
#
# Install LDAP (for passwords and address book)
#

######################################################################
#
# Install Avast Windows virus scanner
#
# http://www.avast.com/en-us/linux-home-edition
#
# See installation help at
# http://www.howtogeek.com/howto/14434/scan-a-windows-pc-for-viruses-from-a-ubuntu-live-cd/

######################################################################
#
# Install ClamAV Windows virus scanner
#
# http://www.clamav.net/lang/en/
#
adduser clamav
./configure
make #This takes a while
make install
vi /etc/clamd.conf
vi /usr/local/etc/clamd.conf
freshclam -d
clamscan -r -l scan.txt /home/shepherd/Downloads/clamav/clamav-0.97.4 |grep FOUND

######################################################################
#
# Install eScan mail and anti virus scanners
#
http://www.escanav.com/english/content/products/generic_mailScan/MailScan_gen.asp

######################################################################
#
# config spamassasin
#
# A lot of help came from
#
# http://www.akadia.com/services/postfix_spamassassin.html
# http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Managing_Confined_Services/sect-Managing_Confined_Services-Postfix-Configuration_Examples.html
#
# WHAT A PAIN IN THE A$$
#To create a user spam
# cyradm -user cyrus localhost
# it will prompt for password
# To create a user "spam"
#createmailbox user.spam
# to list mailboxes from inside cyradm
#lm
#Create a file /usr/local/bin/spamchk
#
##!/bin/sh
#
## -----------------------------------------------------------------
## File: spamchk
##
## Purpose: SPAMASSASIN shell-based filter
##
## Location: /usr/local/bin
##
## Usage: Call this script from master.cf (Postfix)
##
## Certified: GENTOO Linux, Spamassassin 3.0, Postfix
## -----------------------------------------------------------------
#
## Variables
#SENDMAIL="/usr/sbin/sendmail.postfix -i"
#EGREP=/bin/egrep
#
## Exit codes from
#EX_UNAVAILABLE=69
#
## Number of *'s in X-Spam-level header needed to sideline message:
## (Eg. Score of 5.5 = "*****" )
#SPAMLIMIT=10
#
## Clean up when done or when aborting.
#trap "rm -f /var/tmp/out.$$" 0 1 2 3 15
#
## Pipe message to spamc
#cat | /usr/bin/spamc --port=10000 -u filter | sed 's/^\.$/../' > /var/tmp/out.$$
#
## Are there more than $SPAMLIMIT stars in X-Spam-Level header? :
#if $EGREP -q "^X-Spam-Level: \*{$SPAMLIMIT,}" < /var/tmp/out.$$ #then # # Option 1: Move high scoring messages to sideline dir so # # a human can look at them later: # # mv out.$$ $SIDELINE_DIR/`date +%Y-%m-%d_%R`-$$ # # # Option 2: Divert to an alternate e-mail address: ## $SENDMAIL [email protected] < /var/tmp/out.$$ # EDIT THE DOMAINNAME ON THE NEXT LINE, junk email goes here instead of user's inbox # $SENDMAIL [email protected] < /var/tmp/out.$$ # # # Option 3: Delete the message # # rm -f /var/tmp/out.$$ #else # $SENDMAIL "[email protected]" < /var/tmp/out.$$ #fi # ## Postfix returns the exit status of the Postfix sendmail command. #exit $? #Because this filter uses the spamc client, you must be running a spamd #server. Save the filter somewhere publicly accessible #(e.g., /usr/local/bin/spamchk) and set its permissions. #-rwxr-x--- 1 root filter 2455 Nov 18 11:37 spamchk #Edit /etc/postfix/master.cf [[email protected] postfix]# diff master.cf master.cf.orig 11,14c11 < spamchk unix - n n - 10 pipe < flags=Rq user=filter argv=/usr/local/bin/spamchk -f ${sender} -- ${recipient} < #smtp inet n - n - - smtpd < smtp inet n - n - - smtpd -o content_filter=spamchk:dummy --- > smtp inet n - n - - smtpd

#Edit /etc/postfix/main.cf
#Following changes may have been done already
[[email protected] postfix]# diff main.cf main.cf.edited
75c75
< #myhostname = host.domain.tld --- > myhostname = host.domain.tld
99c99
< #myorigin = $mydomain --- > myorigin = $mydomain
252c252
< #mynetworks_style = subnet --- > mynetworks_style = subnet
266a267
> mynetworks = 192.168.0.0/28, 127.0.0.0/8

# This stuff MIGHT not be needed
groupadd -g 601 spamd
useradd -u 601 -g 601 -s /sbin/nologin -d /home/spamd spamd
groupadd -g 600 filter
useradd -u 600 -g 600 -d /home/filer -s /bin/false filter

######################################################################
#
# Install/run Nikto
# From http://cirt.net/nikto2
#
cd /home/shepherd/Downloads/
mkdir nikto
mv nikto-2.1.4.tar.gz nikto
cd nikto/
ls
tar -xvf nikto-2.1.4.tar.gz
cd nikto-2.1.4
#hmmm, no makefile so no make install
perl nikto.pl -update
./nikto.pl -host localhost
#There has to be more than this, it ran too fast

#

######################################################################
#
# Install/run nmap
#
##download from http://nmap.org/download.html
cd /home/shepherd/Downloads
mkdir nmap
mv nmap-*tgz nmap
cd nmap
tar -xf *
cd nmap-6.00
./configure
make
su
make install
export LD_LIBRARY_PATH=/opt/csw/lib:/opt/csw/gcc4/lib:/usr/lib/:/usr/local/lib
nmap -A 192.168.0.1-255

######################################################################
#
# Does smrsh still exist/is used/is used with postfix emailer?
#

######################################################################
#
# sleuthkit is a digital coroner/forensis tool for hacked machines
#
# http://www.sleuthkit.org/

######################################################################
#
# Get PAM working for passwords/ldap authentication
#

######################################################################
#
# Get John the ripper installed and working
#
# http://www.openwall.com/john/
#
## John the Ripper 1.7.9-jumbo-5 (Unix - sources, tar.gz, 1423 KB)
cd /home/shepherd/Downloads
mkdir john-the-ripper
mv john*gz john-the-ripper
cd john-the-ripper
tar -xf j*gz
cd john-1.7.9
cd src
make linux-x86-sse2
cd ../run
#NOTE: I made a test account user tina, password=tina to make sure
#the darn thing works
#I also encrypt passwords with sha512, goodbye crypt :-(
./john /etc/shadow
Loaded 5 password hashes with 5 different salts (generic crypt(3) [?/32])
tina (tina)

######################################################################
#
# Get samhain file integrity / host-based intrusion detection system
#
# http://www.la-samhna.de/samhain/s_download.html
#
# you also want beltane
# http://www.la-samhna.de/beltane/index.html
#
# I REALLY need to read the docs on this one, it is a VERY
# complicated version of tripwire that is good for PCI compliance

######################################################################
#
# Get apache tomcat
#
# http://tomcat.apache.org/
#

######################################################################
#
# setup RCS network repository
#
mkdir /home/shepherd/rcs-test
cd /home/shepherd/rcs-test
tar -cf - /etc/sysconfig |tar -xf -
cd /home/shepherd/rcs-test/etc
find . -type d ! -name RCS -print -exec mkdir '{}'/RCS \;
# Cool scripts at http://www.linuxdocs.org/HOWTOs/CVS-RCS-HOWTO-12.html

######################################################################
#
# setup CVS network repository
#
# http://subversion.apache.org/
#
http://comsci.liu.edu/~murali/cvs/pserver.htm

chkconfig cvs on
service xinetd restart
telnet localhost 2401
# OUTPUT #Trying 127.0.0.1...
# OUTPUT #Connected to localhost.
# OUTPUT #Escape character is '^]'.
# CSV is minimally working

cvs -d /var/cvs init
ls /var/cvs
# OUTPUT #CVSROOT
vi /var/cvs/CVSROOT/mkcvs-passwd
#Contents of file follows
#!/usr/bin/perl
#
srand (time());
my $randletter = "(int (rand (26)) + (int (rand (1) + .5) % 2 ? 65 : 97))";
my $salt = sprintf ("%c%c", eval $randletter, eval $randletter);
my $plaintext = shift;
my $crypttext = crypt ($plaintext, $salt);

print "${crypttext}\n";

chmod u+rwx /var/cvs/CVSROOT/mkcvs-passwd

/var/cvs/CVSROOT/mkcvs-passwd

> /var/cvs/CVSROOT/passwd<br /> chmod 644 /var/cvs/CVSROOT/passwd<br /> vi /var/cvs/CVSROOT/passwd<br /> #make the last line look something like this<br /> #username1:x$5itFdsw123:cvs<br /> #<br /> export CVSROOT=:pserver:shepherd@localhost:/home/cvs</p> <p>cvs login<br /> #[shepherd@shepherd cvs-test]$ cvs login<br /> #Logging in to :pserver:shepherd@localhost:2401/var/cvs<br /> #CVS password:<br /> #[shepherd@shepherd cvs-test]$<br /> #<br /> cd /home/shepherd<br /> mkdir cvs-test<br /> cd cvs-test<br /> su<br /> tar -cf - /etc/sysconfig/|tar -xf -<br /> chown -R shepherd /home/shepherd/cvs-test<br /> cvs import -m "My initial project message" sysconfig mycompany start</p> <p>#Now we look at it<br /> #[root@shepherd cvs]# ls -l /var/cvs<br /> #total 8<br /> #drwxrwxr-x. 3 cvs cvs 4096 May 21 18:35 CVSROOT<br /> #drwxrwxr-x. 3 cvs cvs 4096 May 21 18:42 sysconfig<br /> #<br /> ##############################<br /> ##<br /> # Now the problem is changing it from /var/cvs to /home/cvs<br /> # changing /etc/xinetd.d/cvs from /var/cvs to /var/home<br /> # service xinetd restart<br /> # cvs login<br /> # Gives the following output<br /> # [shepherd@shepherd cvs]$ cvs login<br /> # Logging in to :pserver:shepherd@localhost:2401/home/cvs<br /> # CVS password:<br /> # cvs [login aborted]: unrecognized auth response from localhost: cvs pserver: cannot open /home/cvs/CVSROOT/config: Permission denied<br /> #<br /> # doing an `echo 0 >/selinux/enforce`<br /> # and then cvs login<br /> # Gives the following output<br /> # [shepherd@shepherd cvs]$ cvs login<br /> # Logging in to :pserver:shepherd@localhost:2401/home/cvs<br /> # CVS password:<br /> # [shepherd@shepherd cvs]$<br /> # which means selinux is causing the problem<br /> #<br /> # http://docs.fedoraproject.org/en-US//Fedora/13/html/Managing_Confined_Services/sect-Managing_Confined_Services-Concurrent_Versioning_System-Configuration_Examples-Setting_Up_CVS-Server-Setup.html<br /> #<br /> # THIS DOES NOT WORK AS ADVERTISED, problem still exists<br /> # It actually works for /var/cvs and /cvs, just not under /home/cvs<br /> # WEIRD<br /> # [root@cvs-srv]# semanage fcontext -a -t cvs_data_t '/cvs(/.*)?'<br /> # [root@cvs-srv]# restorecon -R -v /cvs<br /> #<br /> #<br /> #</p> <p># This might explain it<br /> # http://linux.derkeiler.com/Mailing-Lists/Fedora/2009-04/msg02339.html<br /> #<br /> # This works but is a hack but at least selinux is still running<br /> # cp /var/log/audit/audit.log /var/log/audit/audit.log.bak<br /> # cp /dev/null /var/log/audit/audit.log<br /> # cvs login (yes, it will fail)<br /> # cd /tmp<br /> # cat /var/log/audit/audit.log | audit2allow -M local<br /> # semodule -i local.pp<br /> #<br /> # This lets "something" read the cvs directory in your non-standard (/home)<br /> # mount point<br /> # The output is a binary file and a text file<br /> # text file is local.te and looks like this<br /> # module local 1.0;<br /> #<br /> # require {<br /> #type cvs_t;<br /> #type setfiles_t;<br /> #class capability { dac_read_search dac_override };<br /> #class dir relabelto;<br /> #}<br /> #<br /> ##============= cvs_t ==============<br /> ##!!!! This avc can be allowed using the boolean 'allow_cvs_read_shadow'<br /> #<br /> #allow cvs_t self:capability dac_override;<br /> #allow cvs_t self:capability dac_read_search;<br /> #<br /> ##============= setfiles_t ==============<br /> #allow setfiles_t cvs_t:dir relabelto;<br /> #<br /> cvs login<br /> cvs import -m "My initial project message" sysconfig mycompany start<br /> #And this all works<br /> #And I am willing to call it good for now.<br /> #If somebody has a better answer or a<br /> #better solution please let me know</p> <p>######################################################################<br /> #<br /> # Get apache subversion<br /> #<br /> # http://subversion.apache.org/<br /> #</p> <p>######################################################################<br /> #<br /> # GPFS<br /> #</p> <p>######################################################################<br /> #<br /> # Membase<br /> #</p> <p>######################################################################<br /> #<br /> # Hadoop<br /> #</p> <p>######################################################################<br /> #<br /> # Cassandra<br /> #</p> <p>######################################################################<br /> #<br /> # Memcached<br /> #</p> <p>######################################################################<br /> #<br /> # ZooKeeper<br /> #</p> <p>######################################################################<br /> #<br /> # Ruby<br /> #</p> <p>######################################################################<br /> #<br /> # CFEngine<br /> #</p> <p>######################################################################<br /> #<br /> # Oprofile<br /> #</p> <p>######################################################################<br /> #<br /> # SystemTap<br /> #</p> <p>######################################################################<br /> #<br /> # GDB<br /> #</p> <p>######################################################################<br /> #<br /> # Valgrind<br /> #</p> <p>######################################################################<br /> #<br /> # websphere<br /> #</p> <p>######################################################################<br /> #<br /> # squid<br /> #</p> <p>######################################################################<br /> #<br /> # cacti<br /> #</p> <p>######################################################################<br /> #<br /> # JBoss<br /> #</p> <p>######################################################################<br /> #<br /> # Nagios<br /> #<br /> # follow the guide at<br /> # http://nagios.sourceforge.net/docs/3_0/quickstart-fedora.html</p> <p># ALSO<br /> # And this is not in the docs<br /> # chcon -R -t httpd_sys_script_rw_t /usr/local/nagios/var/rw<br /> # this was from<br /> # http://www.linuxquestions.org/questions/linux-networking-3/nagios-config-429200/</p> <p>#Edit /usr/local/nagios/etc/objects/commands.cfg to add new plugin commands<br /> #Please note that not all the "included" checks are included in this<br /> #file so you have to edit for your situation<br /> #<br /> #Edit /usr/local/nagios/etc/objects/localhost.cfg to add new checks<br /> #Also, you can google for 'nagios pluginname' for examples of how<br /> #to configure them</p> <p>######################################################################<br /> #<br /> # Puppet<br /> #</p> <p>######################################################################<br /> #<br /> # git<br /> #</p> <p>######################################################################<br /> #<br /> # OSSEC<br /> #</p> <p>######################################################################<br /> #<br /> # filezilla<br /> # From http://filezilla-project.org/download.php<br /> #<br /> # Hints on compile/install at<br /> # http://wiki.filezilla-project.org/Client_Installation<br /> #<br /> #<br /> cd /home/shepherd/Downloads</p> <p># silly thing needs wxWidges<br /> # from http://www.wxwidgets.org/downloads/<br /> mkdir wxWidgets<br /> mv wxWidgets*gz wxWidgets<br /> cd wxWidgets<br /> tar -xf wxWidgets-2.8.12.tar.gz<br /> cd wxWidgets-2.8.12<br /> ./configure --enable-unicode<br /> make<br /> su<br /> make install #This can take a few minutes....<br /> exit<br /> #<br /> # ------------------------------------------------------<br /> #<br /> # The installation of wxWidgets is finished. On certain<br /> # platforms (e.g. Linux) you'll now have to run ldconfig<br /> # if you installed a shared library and also modify the<br /> # LD_LIBRARY_PATH (or equivalent) environment variable.<br /> #</p> <p>cd /home/shepherd/Downloads<br /> mkdir filezilla<br /> mv FileZilla* filezilla<br /> cd filezilla<br /> tar -xf *<br /> cd filezilla-3.5.3<br /> export LD_LIBRARY_PATH=/opt/csw/lib:/opt/csw/gcc4/lib:/usr/lib/:/usr/local/lib<br /> ./configure --with-tinyxml=builtin<br /> make<br /> su<br /> make install<br /> exit </plaintext></sysexits></code></p> </div> <div class="post-footer"><img src="https://brakertech.com/wp-content/themes/atahualpa/images/icons/folder-gray.gif" alt="" /> <a href="https://brakertech.com/category/os/linux/" rel="category tag">Linux</a>, <a href="https://brakertech.com/category/os/linux/redhat-centos/" rel="category tag">Redhat Centos</a>, <a href="https://brakertech.com/category/os/linux/server-setup/" rel="category tag">Server Setup</a> </div> </div><!-- / Post --> <div class="clearfix navigation-middle"> <div class="older">&laquo; <a href="https://brakertech.com/bash-server-backup-script/" rel="next">Bash Server Backup Script</a> &nbsp;</div><div class="newer">&nbsp; <a href="https://brakertech.com/yum-install-resize/" rel="prev">yum install resize</a> &raquo;</div></div> <!-- .... --> <div id="respond" class="comment-respond"> <h3 id="reply-title" class="comment-reply-title">Leave a Reply <small><a rel="nofollow" id="cancel-comment-reply-link" href="/eric-wedaas-notes-on-setting-up-centos-6-2/#respond" style="display:none;">Cancel reply</a></small></h3> <form action="https://brakertech.com/wp-comments-post.php" method="post" id="commentform" class="comment-form"> <div class='wmd-panel'><div id='wmd-button-barcomment'></div><div id='wmd-button-bar-help'> <p>To create code blocks or other preformatted text, indent by four spaces:</p> <pre class='wmd-help'><span class='wmd-help-spaces'>&nbsp;&nbsp;&nbsp;&nbsp;</span>This will be displayed in a monospaced font. The first four <span class='wmd-help-spaces'>&nbsp;&nbsp;&nbsp;&nbsp;</span>spaces will be stripped off, but all other whitespace <span class='wmd-help-spaces'>&nbsp;&nbsp;&nbsp;&nbsp;</span>will be preserved. <span class='wmd-help-spaces'>&nbsp;&nbsp;&nbsp;&nbsp;</span> <span class='wmd-help-spaces'>&nbsp;&nbsp;&nbsp;&nbsp;</span>Markdown is turned off in code blocks: <span class='wmd-help-spaces'>&nbsp;&nbsp;&nbsp;&nbsp;</span> [This is not a link](http://example.com) </pre> <p> To create not a block, but an inline code span, use backticks: </p> <pre class='wmd-help'>Here is some inline `code`.</pre> <p>For more help see <a href='http://daringfireball.net/projects/markdown/syntax' rel='no-follow'> http://daringfireball.net/projects/markdown/syntax</a></p></div><p><textarea name="comment" id="comment" rows="10" cols="10" tabindex="4"></textarea></p><div id='wmd-previewcomment' class='wmd-panel wmd-preview prettyprint'></div></div> <p class="thesetags clearfix">You can use <a class="xhtmltags" href="#" onclick="return false;">these HTML tags</a></p> <div class="xhtml-tags"><p><code>&lt;a href=&quot;&quot; title=&quot;&quot;&gt; &lt;abbr title=&quot;&quot;&gt; &lt;acronym title=&quot;&quot;&gt; &lt;b&gt; &lt;blockquote cite=&quot;&quot;&gt; &lt;cite&gt; &lt;code&gt; &lt;del datetime=&quot;&quot;&gt; &lt;em&gt; &lt;i&gt; &lt;q cite=&quot;&quot;&gt; &lt;s&gt; &lt;strike&gt; &lt;strong&gt; </code></p></div><p><input class="text author" id="author" name="author" type="text" value="" size="30" tabindex="1" />&nbsp;&nbsp;<label for="author"><strong>Name </strong> (required)</label></p> <p><input class="text email" id="email" name="email" type="text" value="" size="30" tabindex="2" />&nbsp;&nbsp;<label for="email"><strong>Email</strong> (will not be published) (required)</label></p> <p><input class="text url" id="url" name="url" type="text" value="" size="30" tabindex="3" />&nbsp;&nbsp;<label for="url">Website</label></p> <p class="form-submit"><input name="submit" type="submit" id="submit" class="submit" value="Post Comment" /> <input type='hidden' name='comment_post_ID' value='1538' id='comment_post_ID' /> <input type='hidden' name='comment_parent' id='comment_parent' value='0' /> </p><p style="display: none;"><input type="hidden" id="akismet_comment_nonce" name="akismet_comment_nonce" value="e50c56583d" /></p><p style="display: none;"><input type="hidden" id="ak_js" name="ak_js" value="163"/></p> </form> </div><!-- #respond --> <div class="clearfix navigation-bottom"> <div class="older">&laquo; <a href="https://brakertech.com/bash-server-backup-script/" rel="next">Bash Server Backup Script</a> &nbsp;</div><div class="newer">&nbsp; <a href="https://brakertech.com/yum-install-resize/" rel="prev">yum install resize</a> &raquo;</div></div> </td> <!-- / Main Column --> <!-- Right Inner Sidebar --> <!-- Right Sidebar --> <td id="right"> <div id="tag_cloud-11" class="widget widget_tag_cloud"><div class="widget-title"><h3>Tags</h3></div><div class="tagcloud"><a href="https://brakertech.com/tag/active-directory/" class="tag-cloud-link tag-link-473 tag-link-position-1" style="font-size: 10.625pt;" aria-label="active directory (5 items)">active directory</a> <a href="https://brakertech.com/tag/admin-2/" class="tag-cloud-link tag-link-11 tag-link-position-2" style="font-size: 11.645833333333pt;" aria-label="admin (6 items)">admin</a> <a href="https://brakertech.com/tag/apache/" class="tag-cloud-link tag-link-69 tag-link-position-3" style="font-size: 14.416666666667pt;" aria-label="apache (10 items)">apache</a> <a href="https://brakertech.com/tag/backup/" class="tag-cloud-link tag-link-42 tag-link-position-4" style="font-size: 9.4583333333333pt;" aria-label="backup (4 items)">backup</a> <a href="https://brakertech.com/tag/bash/" class="tag-cloud-link tag-link-2179 tag-link-position-5" style="font-size: 9.4583333333333pt;" aria-label="bash (4 items)">bash</a> <a href="https://brakertech.com/tag/bitnami/" class="tag-cloud-link tag-link-26 tag-link-position-6" style="font-size: 10.625pt;" aria-label="Bitnami (5 items)">Bitnami</a> <a href="https://brakertech.com/tag/bitnami-wampstack/" class="tag-cloud-link tag-link-352 tag-link-position-7" style="font-size: 8pt;" aria-label="bitnami wampstack (3 items)">bitnami wampstack</a> <a href="https://brakertech.com/tag/cmd/" class="tag-cloud-link tag-link-227 tag-link-position-8" style="font-size: 8pt;" aria-label="cmd (3 items)">cmd</a> <a href="https://brakertech.com/tag/database/" class="tag-cloud-link tag-link-246 tag-link-position-9" style="font-size: 8pt;" aria-label="database (3 items)">database</a> <a href="https://brakertech.com/tag/dropbox/" class="tag-cloud-link tag-link-41 tag-link-position-10" style="font-size: 8pt;" aria-label="dropbox (3 items)">dropbox</a> <a href="https://brakertech.com/tag/firefox/" class="tag-cloud-link tag-link-393 tag-link-position-11" style="font-size: 8pt;" aria-label="Firefox (3 items)">Firefox</a> <a href="https://brakertech.com/tag/firewall-2/" class="tag-cloud-link tag-link-18 tag-link-position-12" style="font-size: 8pt;" aria-label="firewall (3 items)">firewall</a> <a href="https://brakertech.com/tag/fix/" class="tag-cloud-link tag-link-61 tag-link-position-13" style="font-size: 12.375pt;" aria-label="fix (7 items)">fix</a> <a href="https://brakertech.com/tag/freebsd-2/" class="tag-cloud-link tag-link-5 tag-link-position-14" style="font-size: 14.416666666667pt;" aria-label="freebsd (10 items)">freebsd</a> <a href="https://brakertech.com/tag/help/" class="tag-cloud-link tag-link-37 tag-link-position-15" style="font-size: 10.625pt;" aria-label="help (5 items)">help</a> <a href="https://brakertech.com/tag/hints/" class="tag-cloud-link tag-link-302 tag-link-position-16" style="font-size: 8pt;" aria-label="hints (3 items)">hints</a> <a href="https://brakertech.com/tag/howto/" class="tag-cloud-link tag-link-2171 tag-link-position-17" style="font-size: 22pt;" aria-label="Howto (35 items)">Howto</a> <a href="https://brakertech.com/tag/iis-2/" class="tag-cloud-link tag-link-14 tag-link-position-18" style="font-size: 12.375pt;" aria-label="iis (7 items)">iis</a> <a href="https://brakertech.com/tag/iis-6-0/" class="tag-cloud-link tag-link-62 tag-link-position-19" style="font-size: 9.4583333333333pt;" aria-label="IIS 6.0 (4 items)">IIS 6.0</a> <a href="https://brakertech.com/tag/linux-2/" class="tag-cloud-link tag-link-89 tag-link-position-20" style="font-size: 15pt;" aria-label="linux (11 items)">linux</a> <a href="https://brakertech.com/tag/mac/" class="tag-cloud-link tag-link-2173 tag-link-position-21" style="font-size: 11.645833333333pt;" aria-label="Mac (6 items)">Mac</a> <a href="https://brakertech.com/tag/mssql/" class="tag-cloud-link tag-link-64 tag-link-position-22" style="font-size: 9.4583333333333pt;" aria-label="mssql (4 items)">mssql</a> <a href="https://brakertech.com/tag/mysql/" class="tag-cloud-link tag-link-25 tag-link-position-23" style="font-size: 13.833333333333pt;" aria-label="MySQL (9 items)">MySQL</a> <a href="https://brakertech.com/tag/networking/" class="tag-cloud-link tag-link-174 tag-link-position-24" style="font-size: 8pt;" aria-label="networking (3 items)">networking</a> <a href="https://brakertech.com/tag/ports-2/" class="tag-cloud-link tag-link-19 tag-link-position-25" style="font-size: 8pt;" aria-label="ports (3 items)">ports</a> <a href="https://brakertech.com/tag/quality-center/" class="tag-cloud-link tag-link-164 tag-link-position-26" style="font-size: 9.4583333333333pt;" aria-label="quality center (4 items)">quality center</a> <a href="https://brakertech.com/tag/redhat/" class="tag-cloud-link tag-link-234 tag-link-position-27" style="font-size: 10.625pt;" aria-label="redhat (5 items)">redhat</a> <a href="https://brakertech.com/tag/scripts/" class="tag-cloud-link tag-link-13 tag-link-position-28" style="font-size: 8pt;" aria-label="scripts (3 items)">scripts</a> <a href="https://brakertech.com/tag/security-2/" class="tag-cloud-link tag-link-30 tag-link-position-29" style="font-size: 10.625pt;" aria-label="security (5 items)">security</a> <a href="https://brakertech.com/tag/server-2003/" class="tag-cloud-link tag-link-53 tag-link-position-30" style="font-size: 12.375pt;" aria-label="server 2003 (7 items)">server 2003</a> <a href="https://brakertech.com/tag/service/" class="tag-cloud-link tag-link-55 tag-link-position-31" style="font-size: 8pt;" aria-label="service (3 items)">service</a> <a href="https://brakertech.com/tag/shell-scripts/" class="tag-cloud-link tag-link-384 tag-link-position-32" style="font-size: 8pt;" aria-label="shell scripts (3 items)">shell scripts</a> <a href="https://brakertech.com/tag/sql/" class="tag-cloud-link tag-link-63 tag-link-position-33" style="font-size: 8pt;" aria-label="sql (3 items)">sql</a> <a href="https://brakertech.com/tag/subversion/" class="tag-cloud-link tag-link-316 tag-link-position-34" style="font-size: 9.4583333333333pt;" aria-label="subversion (4 items)">subversion</a> <a href="https://brakertech.com/tag/system-administration/" class="tag-cloud-link tag-link-385 tag-link-position-35" style="font-size: 8pt;" aria-label="system administration (3 items)">system administration</a> <a href="https://brakertech.com/tag/td/" class="tag-cloud-link tag-link-166 tag-link-position-36" style="font-size: 8pt;" aria-label="td (3 items)">td</a> <a href="https://brakertech.com/tag/tutorial/" class="tag-cloud-link tag-link-36 tag-link-position-37" style="font-size: 8pt;" aria-label="tutorial (3 items)">tutorial</a> <a href="https://brakertech.com/tag/ubuntu/" class="tag-cloud-link tag-link-268 tag-link-position-38" style="font-size: 13.833333333333pt;" aria-label="ubuntu (9 items)">ubuntu</a> <a href="https://brakertech.com/tag/unix/" class="tag-cloud-link tag-link-211 tag-link-position-39" style="font-size: 9.4583333333333pt;" aria-label="unix (4 items)">unix</a> <a href="https://brakertech.com/tag/vmware/" class="tag-cloud-link tag-link-267 tag-link-position-40" style="font-size: 9.4583333333333pt;" aria-label="vmware (4 items)">vmware</a> <a href="https://brakertech.com/tag/windows-2/" class="tag-cloud-link tag-link-20 tag-link-position-41" style="font-size: 19.8125pt;" aria-label="windows (25 items)">windows</a> <a href="https://brakertech.com/tag/windows-server-2003/" class="tag-cloud-link tag-link-52 tag-link-position-42" style="font-size: 8pt;" aria-label="windows server 2003 (3 items)">windows server 2003</a> <a href="https://brakertech.com/tag/windows-vista/" class="tag-cloud-link tag-link-101 tag-link-position-43" style="font-size: 8pt;" aria-label="windows vista (3 items)">windows vista</a> <a href="https://brakertech.com/tag/windows-xp/" class="tag-cloud-link tag-link-100 tag-link-position-44" style="font-size: 9.4583333333333pt;" aria-label="windows xp (4 items)">windows xp</a> <a href="https://brakertech.com/tag/wordpress/" class="tag-cloud-link tag-link-68 tag-link-position-45" style="font-size: 9.4583333333333pt;" aria-label="wordpress (4 items)">wordpress</a></div> </div> </td> <!-- / Right Sidebar --> </tr> <!-- / Main Body --> <tr> <!-- Footer --> <td id="footer" colspan="2"> Copyright &copy; 2019 <a href="https://brakertech.com/">Brakertech</a> - All Rights Reserved <br />i can haz interweb <link rel='stylesheet' id='wp-markdown-editor-group-css' href='https://brakertech.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/wp-markdown/css/markdown-editor.css' type='text/css' media='all' /> <script type='text/javascript' src='https://brakertech.com/wp-content/plugins/bwp-minify/min/?f=wp-includes/js/comment-reply.min.js,wp-includes/js/wp-embed.min.js,wp-content/plugins/wp-markdown/js/pagedown/markdown-converter.min.js,wp-content/plugins/wp-markdown/js/pagedown/markdown-sanitizer.min.js,wp-content/plugins/wp-markdown/js/pagedown/markdown-editor.min.js,wp-content/plugins/akismet/_inc/form.js'></script> </td> </tr> </table><!-- / layout --> </div><!-- / container --> </div><!-- / wrapper --> <script type="text/javascript">window.NREUM||(NREUM={});NREUM.info={"beacon":"bam.nr-data.net","licenseKey":"63edf5d82c","applicationID":"156538832","transactionName":"NVcEZkdZWUQFVUNZXAwdJ1FBUVhZS19ZVFYa","queueTime":0,"applicationTime":456,"atts":"GRAHEA9DSko=","errorBeacon":"bam.nr-data.net","agent":""}</script></body> </html><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script>