Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.This theme is Bloggerized by Lasantha Bandara - Premiumbloggertemplates.com.
Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.This theme is Bloggerized by Lasantha Bandara - Premiumbloggertemplates.com.
Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.This theme is Bloggerized by Lasantha Bandara - Premiumbloggertemplates.com.
Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.This theme is Bloggerized by Lasantha Bandara - Premiumbloggertemplates.com.
Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.This theme is Bloggerized by Lasantha Bandara - Premiumbloggertemplates.com.
Hai coming againt with some linux slackware hehehehe ,well let make the slacky rock
firs make a new file in directory /etc/sysctl.conf and then copy the code to your file.
this the source:
# increase TCP max buffer size setable using setsockopt()
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
# increase Linux autotuning TCP buffer limits
# min, default, and max number of bytes to use
# set max to at least 4MB, or higher if you use very high BDP paths
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
# don’t cache ssthresh from previous connection
net.ipv4.tcp_no_metrics_save = 1
net.ipv4.tcp_moderate_rcvbuf = 1
# recommended to increase this for 1000 BT or higher net.core.netdev_max_backlog = 30000
# Turn off timestamps if you’re on a gigabit or very busy network
# Having it off is one less thing the IP stack needs to work on
#net.ipv4.tcp_timestamps = 0
# disable tcp selective acknowledgements.
net.ipv4.tcp_sack = 0
#enable window scaling
net.ipv4.tcp_window_scaling = 1
Yups and then save.Ok and your next job make this always running after reboot hheehe
and what for this file?. Try in your slacky and happy browsing.If you something trouble post in coment or send e-mail to localdisaster@gmail.com. Thanks all .
Hardening The Linux Kernel With Grsecurity (debian base)
Security is based on three characteristics: prevention, protection and detection. Grsecurity is a patch for Linux kernel that allows you to increase each of these points.
This howto was performed on a Debian Lenny system. Thus some tools are Debian specific. However, tasks can be performed with other distro specific tools or even with universal tools (make).
Everything will done with root privileges. However, you can perform them with a limited account thanks to sudo and fake-kpkg tools. 1. Preliminary Note
To compile the kernel, you need to install some specific packages:
If you like to configure your kernel in graphical console mode (make menuconfig), you must install one more package:
rom1:/root# aptitude install libncurses5-dev
Check that iniramfs-tools (used to generated the init ramdisk) is installed (it should be):
rom1:/usr/src# dpkg -l initramfs*
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Installed/Config-files/Unpacked/Failed-config/Half-installed
|/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad)
||/ Name Version Description
+++-==============-==============-============================================
ii initramfs-tool 0.85i tools for generating an initramfs
rom1:/usr/src#
NB: you may need to configure wget in case you are using an HTTP proxy (which may use authentication). You need to edit /root/.wgetrc so it looks like this:
http_proxy=192.168.0.1
proxy-user=foo # Put this line if you need to authenticate against your proxy
proxy-passwd=bar # Put this line if you need to authenticate against your proxy
Decompress the archive of the kernel:
rom1:/usr/src# tar xzvf linux-2.6.24.5.tar.gz
Create a symbolic link on the new kernel folder to ease the following tasks:
rom1:/usr/src# ln -s linux-2.6.24.5 linux
Now, the environment is ready. Let's go hardening! 2. Patch the vanilla kernel
Move the grsecurity patch to the new directory:
Now the patch is applied and the source of the kernel was modified. Let's configure the kernel to enable Grsecurity. 3. Configure the hardened kernel
In this example, we will configure the kernel using a console menu (make menuconfig). This is why we installed the libncurses5-dev package. However, you can configure in pure console mode (make config), or in GUI mode (make xconfig).
Grsecurity has predefined levels: low, medium, high. It can also be configured in custom level where you choose to enable or not option by option. See http://www.grsecurity.net/confighelp.php/ for more info on each option. In this HowTo, we will configure Grsecurity in High level.
rom1:/usr/src/linux# make menuconfig
Now, we will enable Grsecurity in the menu.
Go to Security options > Grsecurity > tick Grsecurity. Then, you can go to Security Level and tick High.
You can profit from configuring Grsecurity to optimise your kernel. Eg: On your server you probably don't need support for infrared, blutooth, probably neither wifi, ipx, X25, token ring, ATM, firewire, PCcard, joystick, mouse, sound.... 4. Compile the hardened kernel
It is now time to compile your hardened kernel. First, just in case, clean up:
rom1:/usr/src/linux# make-kpkg clean
Launch compilation itself (this may take a while depending on your CPU power and RAM availability!!!):
In case you are not using a Debian distro, you can compile the classic way with:
make mrproper
make menuconfig
make clean
make
make modules_install
mkinitramfs
make install 5. Install the hardened kernel
Your new kernel is now compiled and a .deb package file has been generated in the /usr/src folder. You need to install your kernel as any .deb package:
During the installation, an initrd image will be generated. This may take a while depending on your CPU power and RAM availability! You may also check that the new kernel image is really a kernel !
rom1:/usr/src# file vmlinuz-2.6.24.5-grsec
vmlinuz-2.6.24.5-grsec: Linux kernel x86 boot executable RO-rootFS, root_dev 0x801, swap_dev 0x1, Normal VGA
It is now time to restart your system with your new hardened kernel:
rom1:/usr/src/linux# shutdown -r now
Now that your system has restarted, you can check that your new kernel is running:
rom1:~# uname -r
2.6.24.5-grsec. 6. Testing the hardened kernel
Except the fact that uname -r is saying your kernel is a grsec one, how do you know you are running a hardened kernel ? This is where we will use paxtest which will simulate an attack on the kernel and show if you are vulnerable or not. Download paxtest:
rom1:/tmp# tar xzvf paxtest-0.9.7-pre5.tar.gz
rom1:/tmp# cd paxtest-0.9.7-pre5
Compile it (type make to have the list of targets):
rom1:/tmp/paxtest-0.9.7-pre5# make generic
Run it (there are 2 differents modes: kiddie and blackhat):
rom1:/tmp/paxtest-0.9.7-pre5# ./paxtest kiddie
NB: unless you are using high grsecurity level or custom level, you will have a vulnerable kernel. Indeed, you are only getting userland ASLR protection in a medium mode.
NTP atau Network Time Protocol di Debian itu cara settingnya kira-kira begini:
(Dari Command Prompt / Terminal Console)
1. Install NTP Server nya: apt-get install ntp ntpdate ntp-server
(Kalau mau pakai aptitude sebagai pengganti apt-get juga boleh)
2. Ubah konfigurasi NTP server nya: nano /etc/ntp.conf
2.a. Pada baris "server ..." buat baris baru yang isinya "server id.pool.ntp.org" dan remark (beri awalan #) atau hapus baris "server ..." lainnya. Ini supaya sinkronisasi time nya ke lokasi server Indonesia saja.
2.b. Tambahkan baris "restrict a.b.c.d mask 255.255.255.0 nomodify notrap" dimana a.b.c.d adalah network IP anda (misalnya 192.168.1.0). Ini gunanya untuk memperbolehkan IP di jaringan anda untuk mengakses NTP Server anda. Kalau tidak mau repot, bisa menggunakan "restrict 0.0.0.0 mask 0.0.0.0 nomodify notrap" untuk memperbolehkan semua IP.
2.c. Save file nya, dan exit
3. Sinkronisasikan NTP Server anda ke NTP Server induk: ntpdate id.pool.ntp.org
4. Restart NTP Server nya: /etc/init.d/ntp restart
Sudah selesai deh konfigurasi NTP Server di Debian.
Untuk memastikan bahwa NTP nya sudah sinkron, bisa gunakan perintah: ntpq -d
