Eric Wedaa’s notes on setting up centos 6.2

July 13, 2012

I just came across this page and thought i’d post it because it had some good content:

# Eric Wedaa's notes on setting up centos 6.2
# email [email protected]
#
# May 9-21, 2012
#
# In general, I used mozilla to download the files into
# /home/shepherd/Downloads
#
######################################################################
#
# date command for copying and chmoding files
# chmod does not work if you run cp command to close to midnight
#
# `date +%Y.%m.%d.%H.%M`
#
# you might want to set this
#
export LD_LIBRARY_PATH=/opt/csw/lib:/opt/csw/gcc4/lib:/usr/lib/:/usr/local/lib
#
######################################################################
#
# This MAY look like a shell script, but it isn't really.
#
# These are commands to cut/paste into your window. This is because
# there may be newer versions of the software, and because sometimes
# you really need to edit some of the configuration files by hand
# to make things work properly.
#
######################################################################
#
# Update CPAN because it ALWAYS needs updating
#

cpan CPAN
cpan YAML

######################################################################
#
# Update all the RPM Packages so that we are up to date with the
# latest patches
#

yum -y update

######################################################################
#
# Make sure iptables is configured and running
#
service iptables status

######################################################################
#
# Install OpenVAS
#

wget -q -O - http://www.atomicorp.com/installers/atomic |sh
yum install openvas
openvas-setup
/usr/sbin/openvas-adduser

# APPARENTLY NOT NEEDED /usr/sbin/openvas-mkcert

# BTW-You will have to rerun these next two commands to make
# sure that your signature files are up to date.
# Maybe you can add them to /etc/rc.local or to root's crontab file

/usr/sbin/openvas-nvt-sync
/usr/sbin/openvasmd --rebuild

#restarting takes a little bit. make sure to disable this at boot
#time if you don't use it every day.

service openvas-scanner restart

#Now that we're done setting up openvas, we want to make atomic repo
#an invalid source so we don't accidentally download rpms from there

mv /etc/yum.repos.d/atomic.repo /etc/yum.repos.d/atomic.repo.dont_use

#Disable openvas at startup, I don't need it running everyday
chkconfig openvas-administrator off
chkconfig openvas-manager off
chkconfig openvas-scanner off

######################################################################
#
# fix postfix security holes
# Also good for OpenVAS complaints
#

echo "disable_vrfy_command=yes" >> /etc/postfix/main.cf
vi /etc/postfix/main.cf
#search for and uncomment next line
#inet_interfaces = all
#search for and comment out the next line
#inet_interfaces = localhost
#
#find the mydomain line and add your domainname
#mydomain = wedaa.com
#

######################################################################
#
# fix apache security holes
# Also good for OpenVAS complaints

echo "TraceEnable Off" >> /etc/httpd/conf/httpd.conf
echo "Header unset ETag " >> /etc/httpd/conf/httpd.conf
echo "FileETag None " >> /etc/httpd/conf/httpd.conf

######################################################################
#
# Turn off unneeded services
# Also good for OpenVAS complaints
#

chkconfig cups off
chkconfig nfs off
chkconfig nfslock off

######################################################################
#
# Create local repo diretory
#

yum install createrepo
mkdir /home/shepherd/yum-stuff
cd /home/shepherd/yum-stuff
wget -nc -r http://centos.mirror.nac.net/6.2/updates/i386/Packages/

echo "STILL NEEDS configuration work so I can use it locally

######################################################################
#
# Install star (S-tar archiver)
#
yum install star

######################################################################
#
#Install telnet, but not the telnetd daemon (which is a security risk)
#

yum install telnet

######################################################################
#
#Yes, I know lftp is sometimes installed, but I like the simplicity
# of ftp sometimes
#

yum install lftp
yum install ftp

######################################################################
#
# Install all the named stuff
#
yum install bind
yum install bind-devel

cp named.iscdlv.key named.iscdlv.key.`date +%Y.%m.%d.%H.%M`
cp named.root.key named.root.key.orig.`date +%Y.%m.%d.%H.%M`
cp named.conf named.conf.orig.`date +%Y.%m.%d.%H.%M`
cp named.rfc1912.zones named.rfc1912.zones.`date +%Y.%m.%d.%H.%M`

chmod go-rwx named.iscdlv.key.`date +%Y.%m`*
chmod go-rwx named.root.key.orig.`date +%Y.%m`*
chmod go-rwx named.conf.orig.`date +%Y.%m`*
chmod go-rwx named.rfc1912.zones.`date +%Y.%m`*

#Get host2dns from http://seriss.com/people/erco/unixtools/hosts2dns/

cd /home/shepherd/Downloads
tar -xvf hosts2dns-0.95.tar.gz
cp hosts2dns /usr/local/sbin
chmod go-rwx /usr/local/sbin/hosts2dns

cp /etc/hosts /etc/hosts.`date +%Y.%m.%d.%H.%M`
chmodgo-rwx /etc/hosts.`date +%Y.%m.%d.%H.%M`

vi /etc/hosts #And follow the instructions on the website
#Sample below, pay attention to DNS lines
#!DNS:DOMAIN foo.x -- CHANGE THIS: SET TO YOUR DNS DOMAIN NAME
##!DNS:START -- Start of hosts to be added to DNS
#192.168.0.1 router ro -- eg. this will become router.foo.x
#192.168.0.2 howland ho how -- eg. this will become howland.foo.x
#192.168.0.12 havasu ha
##!DNS:END -- End of hosts to be added to DNS

/usr/local/sbin/hosts2dns -update

#This script contains a small bug which lists same
#REVERSE network twice.
vi /etc/named.conf #Remove the last one
service named start

# Add an MX record (make sure this is right path)
echo '@ IN MX 10 shepherd.wedaa.com'>> /var/named/fwd.wedaa.com

#Now restart named
service named restart

#Just like /etc/named.conf says, all the good files are in /var/named

#Edit /etc/resolv.conf to make domainname wedaa.com
cp /etc/resolv.conf /etc/resolv.conf.orig
echo "domain wedaa.com"> /etc/resolv.conf
echo "nameserver 127.0.0.1" >>/etc/resolv.conf
echo "nameserver 192.168.0.15" >>/etc/resolv.conf

#Anytime a change is made in /etc/hosts you need to run
#/usr/local/sbin/hosts2dns -update
#AND update the MX record for the domain
#echo '@ IN MX 10 shepherd.wedaa.com'>> fwd.wedaa.com
#Now restart named
service named restart

#DNS testing
#nslookup
#set q=mx
#us.ibm.com
#wedaa.com
#shepherd.wedaa.com

#NOTE: One of these days I'll edit hosts2dns to be able to
#figure out the MX entry and write it at the bottom of the fwd.wedaa.com
#file, but not today. If I used this more often I'd have added
#it already.

######################################################################
#
# How to get apache running on other than port 80 and 443
#
#http://danwalsh.livejournal.com/9275.html
#

#Show which ports under selinux http can access

semanage port -l | grep http

#http_cache_port_t tcp 3128, 8080, 8118, 8123, 10001-10010
#http_cache_port_t udp 3130
#http_port_t tcp 80, 443, 488, 8008, 8009, 8443
#pegasus_http_port_t tcp 5988
#pegasus_https_port_t tcp 5989
#So I can also listen to 8118
#set listen in httpd.conf to also listen to 8118
vi /etc/httpd/conf/httpd.conf
service httpd restart

#To add port 81 for http
#semanage port -a -t http_port_t -p tcp 81
#

######################################################################
#
# Download flash from http://get.adobe.com/flashplayer/
# get the tar.gz file
#
cd /usr/shepherd/Downloads
tar -xvf ../install_flash_player_11_linux.i386.tar.gz
cd /usr/lib/mozilla/plugins
cp ~shepherd/Downloads/libflashplayer.so .
cd ~shepherd/Downloads/
cp -r usr/* /usr

# start firefox, go to http://www.adobe.com/software/flash/about/
# and that will show if installed properly

######################################################################
#
# modify ssh stuff
#

# Edit config file so nobody else can login
# Also good for OpenVAS complaints

echo "AllowUsers ericw shepherd" >>/etc/ssh/sshd_config
service sshd restart

# If you want to be able to login without being prompted for
# a password, follow instructions from
# http://wiki.centos.org/HowTos/Network/SecuringSSH
#

#Block too many cracking attempts on ssh by using iptables

iptables -A INPUT -p tcp --dport 22 -m recent --set --name ssh --rsource
iptables -A INPUT -p tcp --dport 22 -m recent ! --rcheck --seconds 60 --hitcount 4 --name ssh --rsource -j ACCEPT
service iptables restart

######################################################################
#
# setup sudo for me
#
cp /etc/sudoers /etc/sudoers.orig
echo "shepherd ALL=(ALL) ALL">>/etc/sudoers

######################################################################
#
# Make sure only I can run su command
#
usermod -G wheel shepherd

Find these lines in /etc/pam.d/su:

# Uncomment the following line to require a user to be in the “wheel” group.
# #auth required pam_wheel.so use_uid
#
# And change them (as suggested) to this:
#
# # Uncomment the following line to require a user to be in the “wheel” group.
# auth required pam_wheel.so use_uid

######################################################################
#
# enable/turn on NFS
#

modprobe nfs
service nfs start
echo "/home 192.168.0.0/24(rw)">>/etc/exports
exportfs -a
#Show that it was exported
exportfs

# Now turn it all off till we need it

chkconfig nfs off
chkconfig nfslock off

######################################################################
#
# Setup samba/cifs
#

# Now turn it all off till we need it

######################################################################
#
# Get imapd going
#

service saslauthd start
chkconfig saslauthd on
testsaslauthd -u username -p password
# Output should be "0: OK "Success."

passwd cyrus

yum install cyrus-sasl
yum install cyrus-imapd
chkconfig cyrus-imapd on
service cyrus-imapd restart

#Set password for user cyrus
saslpasswd2 cyrus

#Chown ownership so that cyrus utilities can read the darn file
chown cyrus /etc/sasldb2

#To create a user
# cyradm -user cyrus localhost
# it will prompt for password
# To create a user "spam"
#createmailbox user.spam
# to list mailboxes from inside cyradm
#lm

######################################################################
#
# Installing mySQL
# Get mysqld running
#

chkconfig mysqld on
service mysqld restart
#Setup stuff
/usr/bin/mysql_secure_installation

######################################################################
#
# Installing squirrelmail
# Requires mysql sasl, cyrus-imapd and other things
#
# Make sure you do the postfix setup from above
#
# Get lastest squirrelmail from http://squirrelmail.org/download.php
cd /var/www/html/
tar -xf /home/shepherd/Downloads/squi*tar.gz
mv squ* squirrel
cd squirrel

mkdir /var/squirrel
mkdir /var/squirrel/data
chmod 0730 /var/squirrel/data
mkdir /var/squirrel/attachment
chmod 0730 /var/squirrel/attachment
chown apache /var/squirrel /var/squirrel/data /var/squirrel/attachment

./config/conf.pl #NON TRIVIAL SETUP, READ THE INSTALL GUIDE

#As it says, plaintext authentication is disabled. Enable that on your
#IMAP server or set "$imap_auth_mech = 'cram-md5';" in SquirrelMail
# configuration file - /var/www/html/squirrel/config/config.php.

#Now we configure mailbox_transport in /etc/postfix/main.cf.
#Add this line to the bottom:

echo "mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp" >>/etc/postfix/main.cf
service postfix restart

# SEE THIS WEBPAGE FOR HELP
#http://nakedape.cc/info/Cyrus-IMAP-HOWTO/Cyrus-IMAP-HOWTO.html
#
## PROBLEM WITH SELINUX AND IMAPD, IMAP, squirrelmail
#type=AVC msg=audit(1337040367.783:114): avc: denied { name_connect } for pid=3823 comm="httpd" dest=143 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:pop_port_t:s0 tclass=tcp_socket
#type=SYSCALL msg=audit(1337040367.783:114): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bf9d8950 a2=208afcc a3=0 items=0 ppid=2724 pid=3823 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
#type=AVC msg=audit(1337040367.783:115): avc: denied { name_connect } for pid=3823 comm="httpd" dest=143 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:pop_port_t:s0 tclass=tcp_socket
#type=SYSCALL msg=audit(1337040367.783:115): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bf9d8950 a2=208afcc a3=0 items=0 ppid=2724 pid=3823 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
#
# Enable selinux httpd can connect to network services
setsebool -P httpd_can_network_connect=1

# There are LOTS of plugins available at
# http://squirrelmail.org/plugins.php
# like the ever popular address book and calendar

######################################################################
#
# Install Bugzilla
#
# download from http://www.bugzilla.org/download/
# Installation hints are from
# http://www.thegeekstuff.com/2010/05/install-bugzilla-on-linux/
#
cd /home/shepherd/Downloads
mkdir bugzilla
mv bug*gz bugzilla
cd bugzilla
su
cd /var/www/html
tar -xf /home/shepherd/Downloads/bugzilla/*gz
cd bugzilla-4.2.1
vi /etc/my.cnf #read instructions on setting max_allowd_packet=4m
service mysqld restart
./checksetup.pl
/usr/bin/perl install-module.pl --all #This is going to take a few minutes
yum install gd-devel
/usr/bin/perl install-module.pl GD
#Setup mysql per directions
vi localconfig #to setup password for mysql
./checksetup.pl

#aw geezzz, gotta setup mod_cgi and figure out how to configure this
#Add this to the bottom of /etc/httpd/conf/httpd.conf

AddHandler cgi-script .cgi
Options +Indexes +ExecCGI
DirectoryIndex index.cgi
AllowOverride Limit FileInfo Indexes

#
#THEN you still get to login to bugzilla and goto
#http://localhost/bugzilla/editparams.cgi
#to finish the setup (READ the docs)

######################################################################
#
# Install Snort 2.9.2.3-1
#
# from http://www.snort.org/snort-downloads
# I downloaded snort-mysql-2.9.2.3-1.RHEL6.i386.rpm
#
# Also requires
# 1:snort-mysql-2.9.2.3-1.i386 requires libsfbpf.so.0
# 1:snort-mysql-2.9.2.3-1.i386 requires snort = 1:2.9.2.3-1
# 1:snort-mysql-2.9.2.3-1.i386 requires libdnet.1
# What a cluster F&#k
# The rpm will NOT install because the other libraries are not
# installed, but there are no CENTOS RPMs with those libraries.
#
# So I have to install everything from source code
#
# get libdnet from
# http://code.google.com/p/libdnet/downloads/detail?name=libdnet-1.12.tgz&can=2&q=
# Time to install from source
# got libpcap from www.tcpdump.org and installed
# got daq from http://www.snort.org/snort-downloads/
# got ERROR! Libpcre header not found.
# Get it from http://www.pcre.org
#
#Downloaded SOURCE for snort and ./configure; make; make install

#
# Now download and install/configure the plugin to modify iptables
# on the fly
#
# Please see docs at
# http://doc.emergingthreats.net/bin/view/Main/SnortSamDocumentation
#
# Warning, you must patch snort and recompile to use snortsam
#
#http://www.snortsam.net/

######################################################################
#
# Install Tripwire
#
# from http://sourceforge.net/projects/tripwire/
#
cd /home/shepherd/Downloads/
mkdir tripwire
mv tripwire*bz2 tripwire
cd tripwire/
tar -xf tripwire-2.4.2.2-src.tar.bz2
cd tripwire-2.4.2.2-src
./configure
make
su
make install
exit
# A clear-text version of the Tripwire policy file
# /usr/local/etc/twpol.txt
# has been preserved for your inspection. This implements
# a minimal policy, intended only to test essential
# Tripwire functionality. You should edit the policy file
# to describe your system, and then use twadmin to generate
# a new signed copy of the Tripwire policy.
su
cp /usr/local/etc/twpol.txt /usr/local/etc/twpol.txt.orig
# Edit the config file to comment out checking /home filesystem
# as that can take forever and IMHO isn't really needed
# (I'll take the chance)
vi /usr/local/etc/twpol.txt
twadmin -m P /usr/local/etc/twpol.txt
tripwire --test --email shepherd@localhost
#Now to initialize the datafile, this will take forever :-)
tripwire --init -v #-v for verbose, just so you can see it working :-)

#Add this script as /usr/localsbin/tripwire-update.sh
# #!/bin/sh
# This will update the tripwire database which is faster than
# recreating from scratch
# DIR=/usr/local/lib/tripwire/report
# HOST=`hostname -s`
# LAST_REPORT=`ls -1t $DIR/$HOST-*.twr | head -1`
# echo tripwire --update --twrfile "$LAST_REPORT"

######################################################################
#
# Install COPS (Old, but still finds stuff occasionally)
# Cops 1.04+ is the latest with minor bugfixes
#
# ftp://coast.cs.purdue.edu/pub/tools/unix/scanners/cops/
#

cd /home/shepherd/Downloads
mkdir src
mkdir src/cops
mv cops*gz src/cops
cd src/cops
tar -xvf cops*gz

######################################################################
#
# Install Nagios
#

######################################################################
#
# Install TWIG (Just for giggles. It's dead but I want to take a
# look at it again and see if there's something still usefull about
# it.
#
# Found 2.8.3 at http://rpm.pbone.net/index.php3/stat/26/dist/66/size/1055046/name/twig-2.8.3-4mdv2009.0.src.rpm
#
# There WERE diffs all the way up to 2.8.7 but I can't find them anywhere :-(
#
# timestamp(14) is no longer valid, fix in mysql files
# http://bugs.mysql.com/bug.php?id=41510
# Also fixed bad default '0' bug (deprecated since last mysql release

yum install aspell
#really test with http://localhost/twig/test.php
# there is a bug on the line
# $aparse = TWIGMailParseAddresssList( "[email protected]", $config["fromdomain"] );
# There is one too many "s" in AddressList
#
yum install php-imap
#
# Please see http://wedaa.com/eric/software/twig-stuff/
# For more details.

######################################################################
#
# Install LDAP (for passwords and address book)
#

######################################################################
#
# Install Avast Windows virus scanner
#
# http://www.avast.com/en-us/linux-home-edition
#
# See installation help at
# http://www.howtogeek.com/howto/14434/scan-a-windows-pc-for-viruses-from-a-ubuntu-live-cd/

######################################################################
#
# Install ClamAV Windows virus scanner
#
# http://www.clamav.net/lang/en/
#
adduser clamav
./configure
make #This takes a while
make install
vi /etc/clamd.conf
vi /usr/local/etc/clamd.conf
freshclam -d
clamscan -r -l scan.txt /home/shepherd/Downloads/clamav/clamav-0.97.4 |grep FOUND

######################################################################
#
# Install eScan mail and anti virus scanners
#
http://www.escanav.com/english/content/products/generic_mailScan/MailScan_gen.asp

######################################################################
#
# config spamassasin
#
# A lot of help came from
#
# http://www.akadia.com/services/postfix_spamassassin.html
# http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Managing_Confined_Services/sect-Managing_Confined_Services-Postfix-Configuration_Examples.html
#
# WHAT A PAIN IN THE A$$
#To create a user spam
# cyradm -user cyrus localhost
# it will prompt for password
# To create a user "spam"
#createmailbox user.spam
# to list mailboxes from inside cyradm
#lm
#Create a file /usr/local/bin/spamchk
#
##!/bin/sh
#
## -----------------------------------------------------------------
## File: spamchk
##
## Purpose: SPAMASSASIN shell-based filter
##
## Location: /usr/local/bin
##
## Usage: Call this script from master.cf (Postfix)
##
## Certified: GENTOO Linux, Spamassassin 3.0, Postfix
## -----------------------------------------------------------------
#
## Variables
#SENDMAIL="/usr/sbin/sendmail.postfix -i"
#EGREP=/bin/egrep
#
## Exit codes from
#EX_UNAVAILABLE=69
#
## Number of *'s in X-Spam-level header needed to sideline message:
## (Eg. Score of 5.5 = "*****" )
#SPAMLIMIT=10
#
## Clean up when done or when aborting.
#trap "rm -f /var/tmp/out.$$" 0 1 2 3 15
#
## Pipe message to spamc
#cat | /usr/bin/spamc --port=10000 -u filter | sed 's/^\.$/../' > /var/tmp/out.$$
#
## Are there more than $SPAMLIMIT stars in X-Spam-Level header? :
#if $EGREP -q "^X-Spam-Level: \*{$SPAMLIMIT,}" < /var/tmp/out.$$ #then # # Option 1: Move high scoring messages to sideline dir so # # a human can look at them later: # # mv out.$$ $SIDELINE_DIR/`date +%Y-%m-%d_%R`-$$ # # # Option 2: Divert to an alternate e-mail address: ## $SENDMAIL [email protected] < /var/tmp/out.$$ # EDIT THE DOMAINNAME ON THE NEXT LINE, junk email goes here instead of user's inbox # $SENDMAIL [email protected] < /var/tmp/out.$$ # # # Option 3: Delete the message # # rm -f /var/tmp/out.$$ #else # $SENDMAIL "$@" < /var/tmp/out.$$ #fi # ## Postfix returns the exit status of the Postfix sendmail command. #exit $? #Because this filter uses the spamc client, you must be running a spamd #server. Save the filter somewhere publicly accessible #(e.g., /usr/local/bin/spamchk) and set its permissions. #-rwxr-x--- 1 root filter 2455 Nov 18 11:37 spamchk #Edit /etc/postfix/master.cf [root@shepherd postfix]# diff master.cf master.cf.orig 11,14c11 < spamchk unix - n n - 10 pipe < flags=Rq user=filter argv=/usr/local/bin/spamchk -f ${sender} -- ${recipient} < #smtp inet n - n - - smtpd < smtp inet n - n - - smtpd -o content_filter=spamchk:dummy --- > smtp inet n - n - - smtpd

#Edit /etc/postfix/main.cf
#Following changes may have been done already
[root@shepherd postfix]# diff main.cf main.cf.edited
75c75
< #myhostname = host.domain.tld --- > myhostname = host.domain.tld
99c99
< #myorigin = $mydomain --- > myorigin = $mydomain
252c252
< #mynetworks_style = subnet --- > mynetworks_style = subnet
266a267
> mynetworks = 192.168.0.0/28, 127.0.0.0/8

# This stuff MIGHT not be needed
groupadd -g 601 spamd
useradd -u 601 -g 601 -s /sbin/nologin -d /home/spamd spamd
groupadd -g 600 filter
useradd -u 600 -g 600 -d /home/filer -s /bin/false filter

######################################################################
#
# Install/run Nikto
# From http://cirt.net/nikto2
#
cd /home/shepherd/Downloads/
mkdir nikto
mv nikto-2.1.4.tar.gz nikto
cd nikto/
ls
tar -xvf nikto-2.1.4.tar.gz
cd nikto-2.1.4
#hmmm, no makefile so no make install
perl nikto.pl -update
./nikto.pl -host localhost
#There has to be more than this, it ran too fast

#

######################################################################
#
# Install/run nmap
#
##download from http://nmap.org/download.html
cd /home/shepherd/Downloads
mkdir nmap
mv nmap-*tgz nmap
cd nmap
tar -xf *
cd nmap-6.00
./configure
make
su
make install
export LD_LIBRARY_PATH=/opt/csw/lib:/opt/csw/gcc4/lib:/usr/lib/:/usr/local/lib
nmap -A 192.168.0.1-255

######################################################################
#
# Does smrsh still exist/is used/is used with postfix emailer?
#

######################################################################
#
# sleuthkit is a digital coroner/forensis tool for hacked machines
#
# http://www.sleuthkit.org/

######################################################################
#
# Get PAM working for passwords/ldap authentication
#

######################################################################
#
# Get John the ripper installed and working
#
# http://www.openwall.com/john/
#
## John the Ripper 1.7.9-jumbo-5 (Unix - sources, tar.gz, 1423 KB)
cd /home/shepherd/Downloads
mkdir john-the-ripper
mv john*gz john-the-ripper
cd john-the-ripper
tar -xf j*gz
cd john-1.7.9
cd src
make linux-x86-sse2
cd ../run
#NOTE: I made a test account user tina, password=tina to make sure
#the darn thing works
#I also encrypt passwords with sha512, goodbye crypt :-(
./john /etc/shadow
Loaded 5 password hashes with 5 different salts (generic crypt(3) [?/32])
tina (tina)

######################################################################
#
# Get samhain file integrity / host-based intrusion detection system
#
# http://www.la-samhna.de/samhain/s_download.html
#
# you also want beltane
# http://www.la-samhna.de/beltane/index.html
#
# I REALLY need to read the docs on this one, it is a VERY
# complicated version of tripwire that is good for PCI compliance

######################################################################
#
# Get apache tomcat
#
# http://tomcat.apache.org/
#

######################################################################
#
# setup RCS network repository
#
mkdir /home/shepherd/rcs-test
cd /home/shepherd/rcs-test
tar -cf - /etc/sysconfig |tar -xf -
cd /home/shepherd/rcs-test/etc
find . -type d ! -name RCS -print -exec mkdir '{}'/RCS \;
# Cool scripts at http://www.linuxdocs.org/HOWTOs/CVS-RCS-HOWTO-12.html

######################################################################
#
# setup CVS network repository
#
# http://subversion.apache.org/
#
http://comsci.liu.edu/~murali/cvs/pserver.htm

chkconfig cvs on
service xinetd restart
telnet localhost 2401
# OUTPUT #Trying 127.0.0.1...
# OUTPUT #Connected to localhost.
# OUTPUT #Escape character is '^]'.
# CSV is minimally working

cvs -d /var/cvs init
ls /var/cvs
# OUTPUT #CVSROOT
vi /var/cvs/CVSROOT/mkcvs-passwd
#Contents of file follows
#!/usr/bin/perl
#
srand (time());
my $randletter = "(int (rand (26)) + (int (rand (1) + .5) % 2 ? 65 : 97))";
my $salt = sprintf ("%c%c", eval $randletter, eval $randletter);
my $plaintext = shift;
my $crypttext = crypt ($plaintext, $salt);

print "${crypttext}\n";

chmod u+rwx /var/cvs/CVSROOT/mkcvs-passwd

/var/cvs/CVSROOT/mkcvs-passwd

> /var/cvs/CVSROOT/passwd<br /> chmod 644 /var/cvs/CVSROOT/passwd<br /> vi /var/cvs/CVSROOT/passwd<br /> #make the last line look something like this<br /> #username1:x$5itFdsw123:cvs<br /> #<br /> export CVSROOT=:pserver:shepherd@localhost:/home/cvs</p> <p>cvs login<br /> #[shepherd@shepherd cvs-test]$ cvs login<br /> #Logging in to :pserver:shepherd@localhost:2401/var/cvs<br /> #CVS password:<br /> #[shepherd@shepherd cvs-test]$<br /> #<br /> cd /home/shepherd<br /> mkdir cvs-test<br /> cd cvs-test<br /> su<br /> tar -cf - /etc/sysconfig/|tar -xf -<br /> chown -R shepherd /home/shepherd/cvs-test<br /> cvs import -m "My initial project message" sysconfig mycompany start</p> <p>#Now we look at it<br /> #[root@shepherd cvs]# ls -l /var/cvs<br /> #total 8<br /> #drwxrwxr-x. 3 cvs cvs 4096 May 21 18:35 CVSROOT<br /> #drwxrwxr-x. 3 cvs cvs 4096 May 21 18:42 sysconfig<br /> #<br /> ##############################<br /> ##<br /> # Now the problem is changing it from /var/cvs to /home/cvs<br /> # changing /etc/xinetd.d/cvs from /var/cvs to /var/home<br /> # service xinetd restart<br /> # cvs login<br /> # Gives the following output<br /> # [shepherd@shepherd cvs]$ cvs login<br /> # Logging in to :pserver:shepherd@localhost:2401/home/cvs<br /> # CVS password:<br /> # cvs [login aborted]: unrecognized auth response from localhost: cvs pserver: cannot open /home/cvs/CVSROOT/config: Permission denied<br /> #<br /> # doing an `echo 0 >/selinux/enforce`<br /> # and then cvs login<br /> # Gives the following output<br /> # [shepherd@shepherd cvs]$ cvs login<br /> # Logging in to :pserver:shepherd@localhost:2401/home/cvs<br /> # CVS password:<br /> # [shepherd@shepherd cvs]$<br /> # which means selinux is causing the problem<br /> #<br /> # http://docs.fedoraproject.org/en-US//Fedora/13/html/Managing_Confined_Services/sect-Managing_Confined_Services-Concurrent_Versioning_System-Configuration_Examples-Setting_Up_CVS-Server-Setup.html<br /> #<br /> # THIS DOES NOT WORK AS ADVERTISED, problem still exists<br /> # It actually works for /var/cvs and /cvs, just not under /home/cvs<br /> # WEIRD<br /> # [root@cvs-srv]# semanage fcontext -a -t cvs_data_t '/cvs(/.*)?'<br /> # [root@cvs-srv]# restorecon -R -v /cvs<br /> #<br /> #<br /> #</p> <p># This might explain it<br /> # http://linux.derkeiler.com/Mailing-Lists/Fedora/2009-04/msg02339.html<br /> #<br /> # This works but is a hack but at least selinux is still running<br /> # cp /var/log/audit/audit.log /var/log/audit/audit.log.bak<br /> # cp /dev/null /var/log/audit/audit.log<br /> # cvs login (yes, it will fail)<br /> # cd /tmp<br /> # cat /var/log/audit/audit.log | audit2allow -M local<br /> # semodule -i local.pp<br /> #<br /> # This lets "something" read the cvs directory in your non-standard (/home)<br /> # mount point<br /> # The output is a binary file and a text file<br /> # text file is local.te and looks like this<br /> # module local 1.0;<br /> #<br /> # require {<br /> #type cvs_t;<br /> #type setfiles_t;<br /> #class capability { dac_read_search dac_override };<br /> #class dir relabelto;<br /> #}<br /> #<br /> ##============= cvs_t ==============<br /> ##!!!! This avc can be allowed using the boolean 'allow_cvs_read_shadow'<br /> #<br /> #allow cvs_t self:capability dac_override;<br /> #allow cvs_t self:capability dac_read_search;<br /> #<br /> ##============= setfiles_t ==============<br /> #allow setfiles_t cvs_t:dir relabelto;<br /> #<br /> cvs login<br /> cvs import -m "My initial project message" sysconfig mycompany start<br /> #And this all works<br /> #And I am willing to call it good for now.<br /> #If somebody has a better answer or a<br /> #better solution please let me know</p> <p>######################################################################<br /> #<br /> # Get apache subversion<br /> #<br /> # http://subversion.apache.org/<br /> #</p> <p>######################################################################<br /> #<br /> # GPFS<br /> #</p> <p>######################################################################<br /> #<br /> # Membase<br /> #</p> <p>######################################################################<br /> #<br /> # Hadoop<br /> #</p> <p>######################################################################<br /> #<br /> # Cassandra<br /> #</p> <p>######################################################################<br /> #<br /> # Memcached<br /> #</p> <p>######################################################################<br /> #<br /> # ZooKeeper<br /> #</p> <p>######################################################################<br /> #<br /> # Ruby<br /> #</p> <p>######################################################################<br /> #<br /> # CFEngine<br /> #</p> <p>######################################################################<br /> #<br /> # Oprofile<br /> #</p> <p>######################################################################<br /> #<br /> # SystemTap<br /> #</p> <p>######################################################################<br /> #<br /> # GDB<br /> #</p> <p>######################################################################<br /> #<br /> # Valgrind<br /> #</p> <p>######################################################################<br /> #<br /> # websphere<br /> #</p> <p>######################################################################<br /> #<br /> # squid<br /> #</p> <p>######################################################################<br /> #<br /> # cacti<br /> #</p> <p>######################################################################<br /> #<br /> # JBoss<br /> #</p> <p>######################################################################<br /> #<br /> # Nagios<br /> #<br /> # follow the guide at<br /> # http://nagios.sourceforge.net/docs/3_0/quickstart-fedora.html</p> <p># ALSO<br /> # And this is not in the docs<br /> # chcon -R -t httpd_sys_script_rw_t /usr/local/nagios/var/rw<br /> # this was from<br /> # http://www.linuxquestions.org/questions/linux-networking-3/nagios-config-429200/</p> <p>#Edit /usr/local/nagios/etc/objects/commands.cfg to add new plugin commands<br /> #Please note that not all the "included" checks are included in this<br /> #file so you have to edit for your situation<br /> #<br /> #Edit /usr/local/nagios/etc/objects/localhost.cfg to add new checks<br /> #Also, you can google for 'nagios pluginname' for examples of how<br /> #to configure them</p> <p>######################################################################<br /> #<br /> # Puppet<br /> #</p> <p>######################################################################<br /> #<br /> # git<br /> #</p> <p>######################################################################<br /> #<br /> # OSSEC<br /> #</p> <p>######################################################################<br /> #<br /> # filezilla<br /> # From http://filezilla-project.org/download.php<br /> #<br /> # Hints on compile/install at<br /> # http://wiki.filezilla-project.org/Client_Installation<br /> #<br /> #<br /> cd /home/shepherd/Downloads</p> <p># silly thing needs wxWidges<br /> # from http://www.wxwidgets.org/downloads/<br /> mkdir wxWidgets<br /> mv wxWidgets*gz wxWidgets<br /> cd wxWidgets<br /> tar -xf wxWidgets-2.8.12.tar.gz<br /> cd wxWidgets-2.8.12<br /> ./configure --enable-unicode<br /> make<br /> su<br /> make install #This can take a few minutes....<br /> exit<br /> #<br /> # ------------------------------------------------------<br /> #<br /> # The installation of wxWidgets is finished. On certain<br /> # platforms (e.g. Linux) you'll now have to run ldconfig<br /> # if you installed a shared library and also modify the<br /> # LD_LIBRARY_PATH (or equivalent) environment variable.<br /> #</p> <p>cd /home/shepherd/Downloads<br /> mkdir filezilla<br /> mv FileZilla* filezilla<br /> cd filezilla<br /> tar -xf *<br /> cd filezilla-3.5.3<br /> export LD_LIBRARY_PATH=/opt/csw/lib:/opt/csw/gcc4/lib:/usr/lib/:/usr/local/lib<br /> ./configure --with-tinyxml=builtin<br /> make<br /> su<br /> make install<br /> exit </plaintext></sysexits></code></p> <div class="blogpost_meta"> <div class="blog_posttag">Tags: <a href="https://brakertech.com/tag/centos-6-2-server-setup/" rel="tag">centos 6.2 server setup</a>, <a href="https://brakertech.com/tag/centos-server-setup/" rel="tag">centos server setup</a> </div> <div class="clear"></div> </div><!-- blogpost_meta --> </div><!-- .entry-content --> </article> </div><!-- .blogpost_layout--> <nav class="navigation post-navigation" aria-label="Posts"> <h2 class="screen-reader-text">Post navigation</h2> <div class="nav-links"><div class="nav-previous"><a href="https://brakertech.com/yum-install-resize/" rel="prev">yum install resize</a></div><div class="nav-next"><a href="https://brakertech.com/bash-server-backup-script/" rel="next">Bash Server Backup Script</a></div></div> </nav> <div class="clear"></div> <div id="comments" class="comments-area"> <div id="respond" class="comment-respond"> <h2 id="reply-title" class="comment-reply-title">Leave a Reply <small><a rel="nofollow" id="cancel-comment-reply-link" href="/eric-wedaas-notes-on-setting-up-centos-6-2/#respond" style="display:none;">Cancel reply</a></small></h2><form action="https://brakertech.com/wp-comments-post.php" method="post" id="commentform" class="comment-form" novalidate><p class="comment-notes"><span id="email-notes">Your email address will not be published.</span> <span class="required-field-message">Required fields are marked <span class="required">*</span></span></p><p class="comment-form-comment"><label for="comment">Comment <span class="required">*</span></label> <textarea id="comment" name="comment" cols="45" rows="8" maxlength="65525" required></textarea></p><p class="comment-form-author"><label for="author">Name <span class="required">*</span></label> <input id="author" name="author" type="text" value="" size="30" maxlength="245" autocomplete="name" required /></p> <p class="comment-form-email"><label for="email">Email <span class="required">*</span></label> <input id="email" name="email" type="email" value="" size="30" maxlength="100" aria-describedby="email-notes" autocomplete="email" required /></p> <p class="comment-form-url"><label for="url">Website</label> <input id="url" name="url" type="url" value="" size="30" maxlength="200" autocomplete="url" /></p> <p class="comment-form-cookies-consent"><input id="wp-comment-cookies-consent" name="wp-comment-cookies-consent" type="checkbox" value="yes" /> <label for="wp-comment-cookies-consent">Save my name, email, and website in this browser for the next time I comment.</label></p> <p class="form-submit"><input name="submit" type="submit" id="submit" class="submit" value="Post Comment" /> <input type='hidden' name='comment_post_ID' value='1538' id='comment_post_ID' /> <input type='hidden' name='comment_parent' id='comment_parent' value='0' /> </p><p style="display: none;"><input type="hidden" id="akismet_comment_nonce" name="akismet_comment_nonce" value="c577c0dea2" /></p><p style="display: none !important;" class="akismet-fields-container" data-prefix="ak_"><label>&#916;<textarea name="ak_hp_textarea" cols="45" rows="8" maxlength="100"></textarea></label><input type="hidden" id="ak_js_1" name="ak_js" value="144"/><script>document.getElementById( "ak_js_1" ).setAttribute( "value", ( new Date() ).getTime() );</script></p></form> </div><!-- #respond --> <p class="akismet_comment_form_privacy_notice">This site uses Akismet to reduce spam. <a href="https://akismet.com/privacy/" target="_blank" rel="nofollow noopener">Learn how your comment data is processed</a>.</p></div><!-- .comments-area --> </section> <div id="sidebar"> <aside id="categories" class="widget"> <h3 class="widget-title">Category</h3> <ul> <li class="cat-item cat-item-2318"><a href="https://brakertech.com/category/aws/">AWS</a> </li> <li class="cat-item cat-item-295"><a href="https://brakertech.com/category/games/">games</a> </li> <li class="cat-item cat-item-71"><a href="https://brakertech.com/category/hardware/">Hardware</a> </li> <li class="cat-item cat-item-2401"><a href="https://brakertech.com/category/malware/">Malware</a> </li> <li class="cat-item cat-item-383"><a href="https://brakertech.com/category/os/">O/S</a> <ul class='children'> <li class="cat-item cat-item-1860"><a href="https://brakertech.com/category/os/c-os/">C</a> </li> <li class="cat-item cat-item-3"><a href="https://brakertech.com/category/os/freebsd/">FreeBSD</a> </li> <li class="cat-item cat-item-87"><a href="https://brakertech.com/category/os/linux/">Linux</a> <ul class='children'> <li class="cat-item cat-item-2357"><a href="https://brakertech.com/category/os/linux/kali/">Kali</a> </li> <li class="cat-item cat-item-1461"><a href="https://brakertech.com/category/os/linux/nginx/">nginx</a> </li> <li class="cat-item cat-item-812"><a href="https://brakertech.com/category/os/linux/redhat-centos/">Redhat Centos</a> </li> <li class="cat-item cat-item-1037"><a href="https://brakertech.com/category/os/linux/server-setup/">Server Setup</a> </li> <li class="cat-item cat-item-936"><a href="https://brakertech.com/category/os/linux/ubuntu-linux/">Ubuntu</a> </li> </ul> </li> <li class="cat-item cat-item-82"><a href="https://brakertech.com/category/os/mac/">Mac</a> <ul class='children'> <li class="cat-item cat-item-24"><a href="https://brakertech.com/category/os/mac/howto/">Howto</a> </li> </ul> </li> <li class="cat-item cat-item-15"><a href="https://brakertech.com/category/os/windows/">Windows</a> <ul class='children'> <li class="cat-item cat-item-674"><a href="https://brakertech.com/category/os/windows/active-directory-windows/">Active Directory</a> </li> <li class="cat-item cat-item-697"><a href="https://brakertech.com/category/os/windows/applications/">Applications</a> </li> <li class="cat-item cat-item-502"><a href="https://brakertech.com/category/os/windows/iis-windows/">IIS</a> </li> <li class="cat-item cat-item-1419"><a href="https://brakertech.com/category/os/windows/powershell-windows/">powershell</a> </li> </ul> </li> </ul> </li> <li class="cat-item cat-item-2346"><a href="https://brakertech.com/category/oscp/">OSCP</a> </li> <li class="cat-item cat-item-92"><a href="https://brakertech.com/category/other/">Other</a> <ul class='children'> <li class="cat-item cat-item-931"><a href="https://brakertech.com/category/other/apache-other/">Apache</a> </li> <li class="cat-item cat-item-1882"><a href="https://brakertech.com/category/other/neo4j/">neo4j</a> </li> <li class="cat-item cat-item-1130"><a href="https://brakertech.com/category/other/teamsite/">Teamsite</a> </li> <li class="cat-item cat-item-1881"><a href="https://brakertech.com/category/other/tomcat-other/">Tomcat</a> </li> <li class="cat-item cat-item-1663"><a href="https://brakertech.com/category/other/websphere/">Websphere</a> </li> </ul> </li> <li class="cat-item cat-item-1145"><a href="https://brakertech.com/category/papers/">Papers</a> </li> <li class="cat-item cat-item-2347"><a href="https://brakertech.com/category/pentesting/">Pentesting</a> <ul class='children'> <li class="cat-item cat-item-2348"><a href="https://brakertech.com/category/pentesting/discovery/">Discovery</a> </li> </ul> </li> <li class="cat-item cat-item-1462"><a href="https://brakertech.com/category/php/">php</a> </li> <li class="cat-item cat-item-2432"><a href="https://brakertech.com/category/podcast/">Podcast</a> </li> <li class="cat-item cat-item-21"><a href="https://brakertech.com/category/scripts-2/">Scripts</a> <ul class='children'> <li class="cat-item cat-item-854"><a href="https://brakertech.com/category/scripts-2/bash/">bash</a> </li> <li class="cat-item cat-item-235"><a href="https://brakertech.com/category/scripts-2/c/">c#</a> </li> <li class="cat-item cat-item-1888"><a href="https://brakertech.com/category/scripts-2/mongo/">Mongo</a> </li> <li class="cat-item cat-item-503"><a href="https://brakertech.com/category/scripts-2/mssql-scripts-2/">MSSQL</a> </li> <li class="cat-item cat-item-526"><a href="https://brakertech.com/category/scripts-2/mysql-scripts-2/">MYSQL</a> </li> <li class="cat-item cat-item-396"><a href="https://brakertech.com/category/scripts-2/oracle/">Oracle</a> </li> <li class="cat-item cat-item-291"><a href="https://brakertech.com/category/scripts-2/perl/">perl</a> </li> <li class="cat-item cat-item-1109"><a href="https://brakertech.com/category/scripts-2/powershell/">powershell</a> </li> <li class="cat-item cat-item-1136"><a href="https://brakertech.com/category/scripts-2/python/">python</a> </li> </ul> </li> <li class="cat-item cat-item-28"><a href="https://brakertech.com/category/security/">Security</a> <ul class='children'> <li class="cat-item cat-item-377"><a href="https://brakertech.com/category/security/defense/">Defense</a> <ul class='children'> <li class="cat-item cat-item-2184"><a href="https://brakertech.com/category/security/defense/blue-team/">Blue Team</a> </li> <li class="cat-item cat-item-1912"><a href="https://brakertech.com/category/security/defense/ids/">IDS</a> </li> </ul> </li> <li class="cat-item cat-item-1322"><a href="https://brakertech.com/category/security/forensics/">Forensics</a> </li> <li class="cat-item cat-item-366"><a href="https://brakertech.com/category/security/hacking-security/">Hacking</a> <ul class='children'> <li class="cat-item cat-item-416"><a href="https://brakertech.com/category/security/hacking-security/tools-hacking-security/">Tools</a> </li> </ul> </li> <li class="cat-item cat-item-2185"><a href="https://brakertech.com/category/security/offense/">Offense</a> </li> </ul> </li> <li class="cat-item cat-item-44"><a href="https://brakertech.com/category/software/">Software</a> <ul class='children'> <li class="cat-item cat-item-1546"><a href="https://brakertech.com/category/software/jenkins-hudson/">Jenkins-Hudson</a> </li> </ul> </li> <li class="cat-item cat-item-1"><a href="https://brakertech.com/category/uncategorized/">Uncategorized</a> </li> <li class="cat-item cat-item-708"><a href="https://brakertech.com/category/wordpress-2/">Wordpress</a> <ul class='children'> <li class="cat-item cat-item-736"><a href="https://brakertech.com/category/wordpress-2/admin-wordpress-2/">Admin</a> </li> <li class="cat-item cat-item-709"><a href="https://brakertech.com/category/wordpress-2/plugins/">Plugins</a> </li> </ul> </li> </ul> </aside> <aside id="archives" class="widget"> <h3 class="widget-title">Archives</h3> <ul> <li><a href='https://brakertech.com/2022/05/'>May 2022</a></li> <li><a href='https://brakertech.com/2022/03/'>March 2022</a></li> <li><a href='https://brakertech.com/2021/12/'>December 2021</a></li> <li><a href='https://brakertech.com/2021/09/'>September 2021</a></li> <li><a href='https://brakertech.com/2021/08/'>August 2021</a></li> <li><a href='https://brakertech.com/2021/07/'>July 2021</a></li> <li><a href='https://brakertech.com/2021/06/'>June 2021</a></li> <li><a href='https://brakertech.com/2021/05/'>May 2021</a></li> <li><a href='https://brakertech.com/2021/02/'>February 2021</a></li> <li><a href='https://brakertech.com/2020/12/'>December 2020</a></li> <li><a href='https://brakertech.com/2020/11/'>November 2020</a></li> <li><a href='https://brakertech.com/2020/08/'>August 2020</a></li> <li><a href='https://brakertech.com/2020/07/'>July 2020</a></li> <li><a href='https://brakertech.com/2020/06/'>June 2020</a></li> <li><a href='https://brakertech.com/2020/05/'>May 2020</a></li> <li><a href='https://brakertech.com/2020/04/'>April 2020</a></li> <li><a href='https://brakertech.com/2020/03/'>March 2020</a></li> <li><a href='https://brakertech.com/2020/02/'>February 2020</a></li> <li><a href='https://brakertech.com/2019/10/'>October 2019</a></li> <li><a href='https://brakertech.com/2019/09/'>September 2019</a></li> <li><a href='https://brakertech.com/2019/08/'>August 2019</a></li> <li><a href='https://brakertech.com/2019/07/'>July 2019</a></li> <li><a href='https://brakertech.com/2019/06/'>June 2019</a></li> <li><a href='https://brakertech.com/2019/05/'>May 2019</a></li> <li><a href='https://brakertech.com/2019/04/'>April 2019</a></li> <li><a href='https://brakertech.com/2019/03/'>March 2019</a></li> <li><a href='https://brakertech.com/2019/02/'>February 2019</a></li> <li><a href='https://brakertech.com/2019/01/'>January 2019</a></li> <li><a href='https://brakertech.com/2018/12/'>December 2018</a></li> <li><a href='https://brakertech.com/2018/11/'>November 2018</a></li> <li><a href='https://brakertech.com/2018/09/'>September 2018</a></li> <li><a href='https://brakertech.com/2018/06/'>June 2018</a></li> <li><a href='https://brakertech.com/2018/05/'>May 2018</a></li> <li><a href='https://brakertech.com/2018/01/'>January 2018</a></li> <li><a href='https://brakertech.com/2017/02/'>February 2017</a></li> <li><a href='https://brakertech.com/2015/08/'>August 2015</a></li> <li><a href='https://brakertech.com/2015/03/'>March 2015</a></li> <li><a href='https://brakertech.com/2015/01/'>January 2015</a></li> <li><a href='https://brakertech.com/2014/08/'>August 2014</a></li> <li><a href='https://brakertech.com/2014/06/'>June 2014</a></li> <li><a href='https://brakertech.com/2014/03/'>March 2014</a></li> <li><a href='https://brakertech.com/2013/10/'>October 2013</a></li> <li><a href='https://brakertech.com/2013/09/'>September 2013</a></li> <li><a href='https://brakertech.com/2013/08/'>August 2013</a></li> <li><a href='https://brakertech.com/2013/07/'>July 2013</a></li> <li><a href='https://brakertech.com/2013/06/'>June 2013</a></li> <li><a href='https://brakertech.com/2013/05/'>May 2013</a></li> <li><a href='https://brakertech.com/2013/04/'>April 2013</a></li> <li><a href='https://brakertech.com/2013/03/'>March 2013</a></li> <li><a href='https://brakertech.com/2013/02/'>February 2013</a></li> <li><a href='https://brakertech.com/2013/01/'>January 2013</a></li> <li><a href='https://brakertech.com/2012/12/'>December 2012</a></li> <li><a href='https://brakertech.com/2012/11/'>November 2012</a></li> <li><a href='https://brakertech.com/2012/10/'>October 2012</a></li> <li><a href='https://brakertech.com/2012/09/'>September 2012</a></li> <li><a href='https://brakertech.com/2012/08/'>August 2012</a></li> <li><a href='https://brakertech.com/2012/07/'>July 2012</a></li> <li><a href='https://brakertech.com/2012/06/'>June 2012</a></li> <li><a href='https://brakertech.com/2012/05/'>May 2012</a></li> <li><a href='https://brakertech.com/2012/04/'>April 2012</a></li> <li><a href='https://brakertech.com/2012/03/'>March 2012</a></li> <li><a href='https://brakertech.com/2012/02/'>February 2012</a></li> <li><a href='https://brakertech.com/2012/01/'>January 2012</a></li> <li><a href='https://brakertech.com/2011/12/'>December 2011</a></li> <li><a href='https://brakertech.com/2011/11/'>November 2011</a></li> <li><a href='https://brakertech.com/2011/10/'>October 2011</a></li> <li><a href='https://brakertech.com/2011/09/'>September 2011</a></li> <li><a href='https://brakertech.com/2011/08/'>August 2011</a></li> <li><a href='https://brakertech.com/2011/07/'>July 2011</a></li> <li><a href='https://brakertech.com/2011/06/'>June 2011</a></li> <li><a href='https://brakertech.com/2011/05/'>May 2011</a></li> <li><a href='https://brakertech.com/2011/04/'>April 2011</a></li> <li><a href='https://brakertech.com/2011/03/'>March 2011</a></li> <li><a href='https://brakertech.com/2011/02/'>February 2011</a></li> <li><a href='https://brakertech.com/2011/01/'>January 2011</a></li> <li><a href='https://brakertech.com/2010/12/'>December 2010</a></li> <li><a href='https://brakertech.com/2010/11/'>November 2010</a></li> <li><a href='https://brakertech.com/2010/10/'>October 2010</a></li> <li><a href='https://brakertech.com/2010/09/'>September 2010</a></li> <li><a href='https://brakertech.com/2010/08/'>August 2010</a></li> <li><a href='https://brakertech.com/2010/07/'>July 2010</a></li> <li><a href='https://brakertech.com/2010/06/'>June 2010</a></li> </ul> </aside> <aside id="meta" class="widget"> <h3 class="widget-title">Meta</h3> <ul> <li><a href="https://brakertech.com/wp-login.php">Log in</a></li> </ul> </aside> </div><!-- sidebar --> <div class="clear"></div> </div><!-- #site_content_style --> <div class="footer-wrapper"> <div class="footer_hold"> <div class="clear"></div> </div><!--end .footer_hold--> </div><!--end #footer-wrapper--> <div class="footer_copywrapper"> <div class="footer_hold"> <div class="wp_powerd_by"> Brakertech LLC </div> <div class="clear"></div> </div><!--end .footer_hold--> </div><!--end .footer_copywrapper--> </div><!--#end layout_wrapper--> <script type="text/javascript" src="https://brakertech.com/wp-includes/js/comment-reply.min.js?ver=6.4.3" id="comment-reply-js" async="async" data-wp-strategy="async"></script> <script defer type="text/javascript" src="https://brakertech.com/wp-content/plugins/akismet/_inc/akismet-frontend.js?ver=1711007411" id="akismet-frontend-js"></script> <script> /(trident|msie)/i.test(navigator.userAgent)&&document.getElementById&&window.addEventListener&&window.addEventListener("hashchange",function(){var t,e=location.hash.substring(1);/^[A-z0-9_-]+$/.test(e)&&(t=document.getElementById(e))&&(/^(?:a|select|input|button|textarea)$/i.test(t.tagName)||(t.tabIndex=-1),t.focus())},!1); </script> </body> </html> <script src="/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js" data-cf-settings="c02fabb995082de0b058ad1a-|49" defer></script><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script>