It’s been a bit since I’ve posted and I plan to start making posts much more often. In the mean time I have been running into an issue with my laptop where the bluetooth device doesn’t turn back on after resuming from suspend. I have a bluetooth mouse and keyboard and they work great with my Fedora 20 install. When I put the laptop in suspend, and resume it, I no longer have use of the bluetooth devices. I have to manually reconnect them which is frustrating because I suspend my laptop a lot during the day.

I found after testing that the devices were still paired with the bluetooth manager but the bluetooth device on the laptop was no longer powered on. By turning it on, everything started to work again. Simple solution, make sure bluetooth turns on the adapter after resume from suspend.

I know I’m not the only person with this issue and after spending a bit of time reading and writing, I found the solution.

I actually found the solution from Arch Linux bluetooth section. Link:


Edit or Add this file:



Add to this file:

# Set bluetooth power up
ACTION=="add", KERNEL=="hci0", RUN+="/usr/bin/hciconfig hci0 up"

By doing do this will make sure bluetooth comes on after reboot.


Here is the meat and potatos!

Edit or Add this file:



Add to this file:

Description=Bluetooth auto power on
After=bluetooth.service sys-subsystem-bluetooth-devices-%i.device
#We could also do a 200 char long call to bluez via dbus. Except this does not work since bluez does not react to dbus at this point of the resume sequence and I do not know how I get this service to run at a time it does. So we just ignore bluez and force %i up using hciconfig. Welcome to the 21st century.
#ExecStart=/usr/bin/dbus-send --system --type=method_call --dest=org.bluez /org/bluez/%I org.freedesktop.DBus.Properties.Set string:org.bluez.Adapter1 string:Powered variant:boolean:true
ExecStart=/usr/bin/hciconfig %i up

This works flawlessly! I have zero issues and bluetooth always comes back on, connects the device and I go back to working!!!


I picked up a UX32VD Asus on Newegg about 2 days after Christmas for a pretty good deal. Since everyone in the reviews said you had to get an SSD drive, I swapped that out. I also upped the memory because 4GB isn’t enough for me. I’m using this laptop for programming and web work mostly, I don’t watch movies on it or anything graphic intensive. I may install Windows on the 24g internal SSD and play Battlefield but that’s about as graphic intensive as it gets for me. Also I have Fedora 20 installed on the main drive.

So I started out with the stock UX32VD and now I have a Samsung 500GB SSD and Crucial 8GB Memory to bring the memory to 10GB (Laptop has built in 2gb.) I should mention that this thing is amazing to upgrade. Most machines this small and thin would normally be a pain to work on. This was easy besides having to remove the battery to get the drive out but that was only a cable and 8 or so screws to be removed.

Let me say this laptop is amazing performance wise. Boot up in less then 3 seconds from the grub boot menu. Close the lid, straight into suspend mode, Open it up, instantly on. Battery life is getting better. Initially after install it wasn’t great maybe 3 hours if I pushed it. But now I get an easy 4.5 hours if not 5 hours. That’s with the backlit keyboard off, and the second to last setting on the screen brightness. I don’t think I could get 6 hours like some say. Maybe if I shut WIFI off but what is the point of a computer without internet? At least to me that matters. But 4.5 hours actually doing work and surfing the web, is really good. Some vendors say their laptop gets 7 hours but its with everything off and very light use. I’m using the laptop to the average level, not pushing the graphics or cpu but opening and closing programs, etc and getting work done. 4-5 of work time without a charge isn’t really that bad. Keep in mind I have made mods to the system to increase battery performance. One of those modes includes using bumblebee. I did use the nvidia drivers and not the open source ones.

Biggest draw back that so many buyers reviewed as a positive is the screen. Now it s beautiful, it looks great. The issue is the the resolution. 1920×1080 on a 13″ screen means really tiny text. And I love small text and high resolution but 1920×1080 on this screen makes me squint a bit. And I have great eye sight. I would lower the resolution but the options don’t offer anything that fits the screen. I thought about manually adding some other resolutions to see if I could try something smaller but I have yet to try that. For now I have increased the default font size slightly, increased wine fonts, increased cinnamon fonts, and increased chrome (default browser) to zoom to 125%. That seems to make it work for me.

The charger is pretty nice. I do wish the ac/dc adapter block wasn’t so big, maybe in a different shape or something. Minor issue though. Really more of a preference.

Fedora 20 installed without issue! I’m running the latest everything and it works without issue. Some other owners of this laptop have mentioned issues with the touch pad not being responsive and other issues. I didn’t find that issue with this laptop when I installed Fedora. I did bump up the settings to be ultra sensitive but that’s because I like a mouse that is ultra sensitive.

One of the things I added that is a must have in my book is a startup script to adjust power preferences and a few other things. I added one line to my script that turns the backlite off on boot, which I really like. If I want backlite ill turn it on, I don’t want it to be on every single time I reboot, or boot the machine.

Overall I will be replacing my main machine with this laptop and honestly its perfect. Their are minor issues to be resolved to get it perfect but it’s a great machine. I can plug it in to two displays if I want. Its light and easy to take on the go.  Fits me and my lifestyle very nicely. I can’t say if Windows 8 on it is good or no because I only booted it up once to see the performance at first. Took it apart and installed Fedora. And then the fan began! If you thinking of getting one I highly recommend it!

Here are some links to sites I got some help while making changes.

***Update: I will note that after having it for awhile it runs beautifully. It seems to be getting a better battery life, slightly. Some what expected. It’s running the latest updates from Fedora and haven’t hit a snag yet. Never had an issue with the touchpad like others have mentioned. I didn’t mention in the original post about the vga adapter or the USB to Ethernet adapter functionality. I ran into a situation where were I had to test out both. And to my surprise, they both worked. With no changes needed. This laptop has probably been the most painless Linux setup and install I have ever dealt with in my life. ASUS did an amazing job designing this laptop. The Fedora team did an amazing job on 20! All in all, I can’t complain.


Just did an update to one of my Fedora machines and ran into an issue with yum after the update. Yum no longer works, so after a little fiddling, I found the best solution to the fix. Below is the error.



Warning: group core does not exist.
Warning: group gnome-desktop does not exist.
Warning: group multimedia does not exist.
Warning: group firefox does not exist.
Warning: group guest-desktop-agents does not exist.
Warning: group base-x does not exist.
Warning: group anaconda-tools does not exist.
Warning: group fonts does not exist.
Warning: group hardware-support does not exist.
Warning: group dial-up does not exist.
Warning: group printing does not exist.
Warning: group libreoffice does not exist.
Warning: group input-methods does not exist.
Warning: group standard does not exist.

The solution to fix yum is fairly simple. Its a matter of installing the latest version of yum and that’s it.

Go to:

Under the section, “RPMs” Download the “noarch”

As of this post, this is the file name: yum-3.4.3-127.fc20.noarch.rpm

Once downloaded, double click to open and select install.

After the install is completed yum should be working.

I run a multi monitor enviroment, and it defiantly helps with work. One of the other things I run is two dev servers for testing using VNC to control them. I use to run virtual servers but I like having them on dedicated hardware, that way I can shut off my main PC and access the dev servers at any time. Virtual machines have there place but it just didn’t for me.

The more I deal with the VNC, I wish I could just slide my mouse to the left and be on one of the dev servers. I searched assuming someone has built something like this, and I was right. First I wasn’t sure how to word it but I came accross this post:

Which lead me to Synergy!

This thing is awesome! Its exactly what I need and works flawlessly! I setup my main PC as the server, set the devs as clients and about 2 minutes later, I have a working setup. It’s a multi O/S environment, (Centos,Windows 8, and Ubuntu) and I had no issues installing and setting this up, very simple setup!

I got the free version but I will defiantly be sending a donation to this team! These guys did an amazing job! Thanks again!


Okay here is the write up on how to setup pop3 ticket creation.


No need to setup piping here!


Okay so make sure you have php pear and php pear mime installed. In my case I have centos so the command to get that install is: (NOTE: Make sure you have centosplus repo enabled!)


yum install php-pear php-pear-Mail php-pear-Mail-Mime


or if you want to check to see if its installed use this command:

rpm -qa –qf “%{NAME}-%{VERSION}-%{RELEASE}.%{ARCH}\n” php-\* | sort


you should see something like this:


















Alright now that we got all that installed, restart your web server.


service httpd restart


Setup you email account in your department, pretty straight forward.


Now the fun part!!!!

Setup cron for every 5 minutes.


Crontab –e


Here is the command you will need:

*/5 * * * * lynx -dump

That’s it. You should be ready to go.


Alright this tutorial is under the assumption that you have a motherboard or nic that supports wake on lan (WOL.)

Once you have confirmed this and turned it on if it isn’t already, boot up Centos and we will start.

1. Create this file /usr/bin/activatewol
2. Add this to that file

ethtool -s eth0 wol g

3. Now go to edit this file /etc/sysconfig/network-scripts/ifdown-post and /etc/sysconfig/network-scripts/ifup-post

4. In both files just before the end } tag add this to both of them:

ethtool -s eth0 wol g

5. Once you have done that set permissions on the activatewol file

chmod 755 /usr/bin/activatewol

6. Restart your network

service network restart

7. Run ifconfig to get your MAC address to send the WOL packet to this machine.

8. Test it, generally I use it to wake my backup server for backups and other things. So I would run the command

pm-hibernate – (Assuming you have pm-utils installed in your copy of Centos.)

Once it is in full hibernation mode, send your WOL packet to your Centos Machine and it should awaken from its hibernation!

If your having the issue where you send a email to a email account on your Ispconfig server and you receive a message like this:

Relay Access Denied State 14

You will need to double check your postfix config. Run this command below to fix two entries in your postfix install.

postconf -e 'virtual_maps = hash:/etc/postfix/virtusertable'
postconf -e 'mydestination = /etc/postfix/local-host-names'

After that restart postfix.

service postfix restart

And you should no longer receive that message.

I recently ran into this issue, and I know there are many others out there having this issue. The problem is simple, postfix runs but it doesn’t respond to telnet requests. This normally is due to the fact postfix isn’t running properly and something isn’t configured properly. In my case a recent update causes postfix to be switched to a seconded mta and exim was the main mta. Because of this, when I started postfix, I would get a line like this in the maillog:

fatal: open database /etc/aliases.db: No such file or directory

Most said to just run newaliases but when I did, it didn’t create the /etc/aliases.db file that needs to be there. This is exactly what I did to get everything back in order, bare in mind I use centos 5.6 x64 in this example.

1. Reset the MTA back to postfix:
alternatives --config mta

Selected postfix, which was number 2 in the selection and hit enter. Now Postfix is the main MTA.

2. Run newaliases

3. Confirm everything

Check to make sure /etc/aliases.db was created. Double check your postfix/ config

4. Reload postfix

Once you checked both files you should now have a working install of postfix. Reload postfix, and then check your maillog for any other errors.

service postfix reload

I recently ran into this issue on a brand new install of ispconfig. The problem I found was a bad install.What you have to do is copy your config files for proftpd and ispconfigs proftpd config file.

Once copied, yum remove proftpd

After its removed yum install proftpd

replace current config files with the backups.

Restart postfix and you should be live.

You can send emails but you cannot receive emails. People that send you email get a message similar to this one:

May 1 03:14:52 mail postfix/smtp[62798]: 23CA4BD6B40: to=, relay=none, delay=0.01, delays=0/0/0/0, dsn=5.4.6, status=bounced (mail for loops back to myself)

Postfix did found a dns reply to your email server, but it hasn’t been configured to deal with address such as In other words, your server is configured to accept but not as This is well known config problem with virtual domain. To fix this error either add system FQDN to mydestination or relay_domains. Postfix accepts mail for domain listed in virtual_mailbox_domains, virtual_alias_domains, and domains that resolve to IP addresses listed in inet_interfaces and proxy_interfaces. Update mydestination using postconf or by editing file:

mydestination = localhost.$mydomain, localhost,

Once you are done:
service postfix reload

If you run ISPConfig, you need to edit the local-host-names file in the postfix folder.

vi /etc/postfix/local-host-names

And add your host name to your server. I.E. I had to add to it and it fixed it.
Of course don’t forget to reload postfix.

service postfix reload

So on my recent upgrade to 10.10 Meerkat Ubuntu I decided to do a complete reinstall. Maybe I should of reconsidered…. I spent about 2 hours trying to figure out why my machine didn’t see any my partitions. It saw the drive /dev/sda but not the partitions. I wiped out the partitions with gparted, did it with ext4 format and completely empty, both didn’t work. Here is the basic info. Its an older machine, about 4 years I think? Its a simple server for the house. I have many, this one performs a few things.

Here is the specs

AMD 3200 64bit processor


1Gb of memory

Western Digital 80GB SATA drive

Promise SATA controller is in use instead of the VIA option.

Here is the answer to the problem. After searching the forums of Ubuntu, I found it. I want to thank user “Darkod” again for posting it. Basically you need to run two commands from terminal. If your in the install, hit the quit button on the installer. After that it will allow you to use Ubuntu to work like a LiveCD then. From there go to Programs > Accessories > Terminal.

Here are your commands:

sudo dmraid -E -r /dev/sda
sudo apt-get remove dmraid

After you run both commands, close the terminal, click on the Install Ubuntu icon and you should be able to install!

NOTE: After I wrote this I found that it removed my settings in the promise controller causing it not to boot. Simple solution, turn off the promise controller. Turn on the VIA controller and switch the cable around. Ubuntu installed flawlessly. Granted I don’t need a raid setup so this works for me, but it won’t work for everyone.

Basic reference information on how to setup a remote access to Mysql. This is recommended for advanced users, that have linux knowledge, plus I’m doing this with CentOS so it will be different for the other variations. You would need remote access in some cases for additional servers to access it or remotely administer the Mysql server. In my case I have a completely dedicated Mysql server to help decrease the load on a few of my heavy used websites that have the database on the same server.

Alright so here we go, start the install of Mysql.

yum install mysql mysql-devel mysql-server

Now we run the secure install:


Pretty straight forward, allows you to setup root password, remove test db and remove anonymous access.

After you run that, setup centos to run it at startup.

chkconfig --levels 235 mysqld on
/etc/init.d/mysqld start

Now go in and edit the main config file:

vi /etc/my.cnf

When you get in there we need to add two things:

bind-address= YOUR IP ADDRESS

Simple enough, of course swap out the “YOUR IP ADDRESS” to your Mysql server ip address. Restart the server:

/etc/init.d/mysqld restart

After you restart your Mysql server, now we need to setup your server with an account that has remote access. First login to mysql:

mysql -u root -p

Second, Create a user:

CREATE USER 'yourusername'@'localhost' IDENTIFIED BY 'yourpassword';

Once logged in type in this command below, make sure to change the variables!


After that, run flush privileges:

mysql> flush privileges;

Thats the basics, Highly recommend you look at some methods of security to lock down your server. I take no responsibility if your server gets hacked. If you cant get this to work, post your issue in the comments and Ill see if I can help.

Skipfish is this Google code project created by Michal Zalewski. This prject is a web application security scanner. Its amazing!

Here is there brief overview:

Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.

Talk about easy to use! This program rocks! It has helped so much in my project development making sure that all the apps we produce are secure and safe from the worlds hackers! It is one of my right arms in development there is no doubt. Highly recommend to download and use if your a developer! Here is the link:

Ah the long needed tutorial on how to secure your ispconfig installation. First off the obvious things must be said:

You already have linux knowledge

You have a ISPConfig 2.2.37 installation up and running with all the updates done

You have the EPEL (Extra Packages for Enterprise Linux) repo enabled. If not click here.

Use the most difficult passwords on everything and lock out as many ports as possible. (Really obvious but it must be said, highly recommend password safe to keep track of them all.)

Now that we checked all that, we start with an overview of what you will have done to your server:

mod_security Apache Intrusion Detection And Prevention Engine

ModEvasive (Prevent DDOS attacks)

Harden SSH server

Fix Open DNS Recursion

Install RKhunter

Securing PHP

PortsEntry (tool to detect portscans)

Harden host.conf (against IP spoofing)

One thing I must say is that ISPConfig itself is pretty secure and there shouldn’t be a huge worry about that but what you need to worry about is the applications your hosting and the websites themselves. That is really what this tutorial is for. I needed to know that my server was gonna get knocked out if one of my clients uploads a application that has holes in it. So hopefully this helps someone else too! I also have to mention that I kept the built in firewall. I didn’t think it would be worthwhile to replace it with CSF or some other firewall when the Basetille works really well. (Basetille if you didn’t know is the firewall that ISPConfig uses.)

Step 1. SSH Hardening

The simplest way secure your SSH is to run SSH on the different port other than default port 22. The hardening of SSH can be achieved by the following simple steps:

  • Disable Root Logins
  • Disable password authentication
  • Disable Port 22 and use any other port to run SSH (like Port 1899). Dont forget to block port 22 using firewall.

Before you harden the SSH, first make sure you create a user name and password.

adduser (username)

To set the password for the user

passwd (username)

Once the user has been created and added, edit the ssh configuration file /etc/ssh/sshd_conf
Change the default port 22 to any port number, say 2455 and set the protocol to just Protocol 2 which is a more secure protocol.

vi /etc/ssh/sshd_config

# /etc/ssh/sshd_conf

Port 2199
Protocol 2
#ListenAddress ::

Disable root login
Locate the line # PermitRootLogin yes in the configuration file and change it to no

PermitRootLogin no

Once you save this configuration and restart your SSH you will not be able to login as root and will be able to login only at Port 2129.

/etc/init.d/sshd restart
// to restart the SSH server

Step 2. Disable Telnet & Other Unused Services

You may want to disable services like telnet, finger and other unwanted services running on your server with xinet.

nano /etc/xinetd.d/telnet
// OR
nano /etc/xinetd.d/krb5-telnet

look for lines disable=no and change to disable=yes

chkconfig telnet off

Run grouplist to see what software groups that are installed:

yum grouplist

Remove all groups that are installed EXCEPT “Yum Utilities”

yum groupremove "GroupName"

Lets disable unneeded services:

chkconfig anacron off
chkconfig atd off
chkconfig auditd off
chkconfig cpuspeed off
chkconfig kudzu off
chkconfig netfs off
chkconfig ip6tables off
chkconfig smartd off
chkconfig pcscd off
chkconfig cups off
chkconfig mcstrans off
chkconfig nfslock off
chkconfig rpcgssd off
chkconfig rpcidmapd off
chkconfig portmap off
chkconfig nfs off

Use this command to check what services that are setup to run

chkconfig --list | grep :on

You should have these services running:
anacron, crond, iptables, irqbalance, kudzu, mcstrans, network, readahead_early, restorecond, sshd, syslog, sysstat, yum-updatesd

Install and syncing NTP time service:

yum -y install ntp
chkconfig --levels 235 ntpd on
/etc/init.d/ntpd start

make sure to reboot!!!!


Step 3. Hardening PHP for Security

HP is the most popular scripting language for apache and mysql. You will need to disable system level functions in the php configuration file.

vi /etc/php.ini

Look for the lines and make sure you have the lines as below..

disable_functions = exec,system,shell_exec,passthru
register_globals = Off
expose_php = Off
magic_quotes_gpc = On

It is best to keep magic_quotes to on as otherwise you forms using POST may be used for SQL injection attacks.

Step 4. Disable Open DNS Recursion (DNS Server)

If you are running bind DNS server, then you might want to check your dns server statistics with You dont want to allow recursive lookups to performed on your server other than local IP. It can also slowdown your server.

vi /etc/named.conf

Under Options { place a line

Options {
recursion no;

Then restart the bind

service named restart

You will also need to restrict zone transfers and notifications.

Step 5. Mod_Security, web application protection!

Since the EPEL repo is enabled, your life just got a bit more easier. To install the Mod_security app you only need to do this:
yum install mod_security

Once installed here is some information you will want to know:
mod_security configuration files

1. /etc/httpd/conf.d/mod_security.conf – main configuration file for the mod_security Apache module.
2. /etc/httpd/modsecurity.d/ – all other configuration files for the mod_security Apache.
3. /etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf – Configuration contained in this file should be customized for your specific requirements before deployment.
4. /var/log/httpd/modsec_debug.log – Use debug messages for debugging mod_security rules and other problems.
5. /var/log/httpd/modsec_audit.log – All requests that trigger a ModSecurity events (as detected) or a serer error are logged (“RelevantOnly”) are logged into this file.

Open /etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf file, enter:
vi /etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf

Make sure SecRuleEngine set to “On” to protect webserver for the attacks:
SecRuleEngine On

Turn on other required options and policies as per your requirements. Finally, restart httpd:
service httpd restart

Make sure everything is working:
# tail -f /var/log/httpd/error_log

Sample Output:
[Sat May 09 23:18:31 2009] [notice] caught SIGTERM, shutting down
[Sat May 09 23:18:33 2009] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sat May 09 23:18:34 2009] [notice] ModSecurity for Apache/2.5.9 ( configured.
[Sat May 09 23:18:34 2009] [notice] Original server signature: Apache/2.2.3 (CentOS)
[Sat May 09 23:18:34 2009] [notice] Digest: generating secret for digest authentication ...
[Sat May 09 23:18:34 2009] [notice] Digest: done
[Sat May 09 23:18:35 2009] [notice] Apache/2.2.0 (Fedora) configured -- resuming normal operations

Step 6. Install Mod_Evasive

ModEvasive module for apache offers protection against DDOS (denial of service attacks) in your server.

tar zxf mode_evasive-1.10.1.tar.gz
cd mod_evasive

then run the following command for apache2…

> /usr/sbin/apxs -cia mod_evasive20.c

Once mod evasive is installed, place the following lines in your /etc/httpd/conf/httpd.conf

DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10

Follow the instructions in the README for more tuning of mod_evasive. This will compile, install and activate the module in your server.

Step 7. Install Rkhunter

RkHunter is a rootkit scanner scans for vulnerabilities, insecure files, backdoors in your system and reports it so that you can further harden the server. Installing RkHunter is very easy!

yum install rkhunter

To run checks in your system

rkhunter --checkall
rkhunter -c

You can find what command options are available under rkhunter by issuing this help command

> rkhunter --help

Step 8. PortSentry

Portsentry is a tool to detect port scans and log it. Download the sorce package of portsentry from

wget http://path/to/portsentry-1.2.tar.gz
tar zxf portsentry-1.2.tar.gz
make linux
make install

To launch portsentry

/usr/local/psionic/portsentry/portsentry -stcp
/usr/local/psionic/portsentry/portsentry -sudp

check the log files /var/log/secure on what portsentry is active or not.

Step 9. Prevent IP Spoofing

IP spoofing is a security exploit and can be prevented from placing nospoof on in host.conf file. Edit the host.conf file and place the following lines. If you run dns bind, give it preference.

order bind,hosts
nospoof on

Step 10. Install LES

Linux Environment Security is intended as a facility to quickly & easily secure RedHat/RPM based environments (i.e: turbo linux, open linux). It does such by enforcing root-only permissions on system binaries (binaries that have no place being executed by normal users), enforcing root-only path traversal on system paths, enforcing immutable bit on essential rpm package contents (i.e: coreutils), and enforcing immutable bit on shell profile scripts.

Downloading, Installing LES

cd /usr/local/src
tar -zxvf les-current.tar.gz
cd les-0.*
rm -Rf /usr/local/src/les*

View your possible options


If your unsure, run enable all options

/usr/local/sbin/les -ea

-da | --disable-all Disable all options
-ea | --enable-all Enable all options
-sb | --secure-bin Set root only execution of critical binaries
-sp | --secure-path Set root only traversal of critical paths
-sr | --secure-rpmpkg Set immutable on core rpm package binaries
-so | --secure-prof Set immutable on interactive login profiles
-sd | --secure-devel Set access to devel utils for group deva & root

Step 11. Install LSM

A comprehensive alert system, simple program usage & installation make LSM ideal for deployment in any linux environment (geared for web servers). Using a rather simple yet logical structure, LSM identifies changes in both Network Sockets and Unix Domain Sockets. By recording a base set of what sockets should be active then comparing the currently active socket information to that of the base comparison files, we highlight otherwise unknown services.

Downloading, Installing and cleaning up sources of LSM

cd /usr/local/src
tar -zxvf lsm-current.tar.gz
cd lsm-0.*
rm -Rf /usr/local/src/lsm-*

Edit LSM config

nano -w /usr/local/lsm/conf.lsm

Change the USER=”root” to your wanted email adress

Generate the comparion files

/usr/local/sbin/lsm -g

Step 12. Install OSSC

OSSEC is an Open Source Host-based intrusion detection system. It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, time-based alerting and active response. It runs on most operating systems, including Linux, OpenBSD, FreeBSD, Mac OS, Solaris and Windows. It has a centralized, cross-platform architecture allowing multiple systems to be easily monitored and managed. It was written by Daniel B. Cid and made public in 2004.

This tool will autosense your system, and send you mails when something is strange or really fishy.

It sends you mail from LEVEL 1 to LEVEL 10, so if you get LEVEL 10 mails you need to read them 🙂

Installing OSSEC from Source

cd /usr/local/src
tar -zxf ossec-hids-2.4.1.tar.gz
cd ossec-hids-2.4.1

Now the config, my choices are marked with RED text


Choice 1:
(en/br/cn/de/el/es/fr/it/jp/pl/ru/sr/tr) [en]: <– Enter
Choice 2:
1- What kind of installation do you want (server, agent, local or help)? <– Local
Choice 3:
– Choose where to install the OSSEC HIDS [/var/ossec]: <– Enter
Choice 4:
3.1- Do you want e-mail notification? (y/n) [y]: <– Enter
Choice 4.1:
– What’s your e-mail address? <– Fill in the email you want the alerts to
Choice 4.2: Installer will try to find you smtp server that belongs to your email. Choose NO and use localhost if you have sendmail running on your server.
– Do you want to use it? (y/n) [n]: <– Press Y
Choice 4.3:
– What’s your SMTP server ip/host? <– Choose whats recommended, if it doesnt work, you need to change config later on.
Choice 5:
3.2- Do you want to run the integrity check daemon? (y/n) [y]: <– Enter
Choice 6:
3.3- Do you want to run the rootkit detection engine? (y/n) [y]: <– Enter
Choice 7:
– Do you want to enable active response? (y/n) [y]: <– Press Enter
Choice 8:
– Do you want to enable the firewall-drop response? (y/n) [y]: <– Press Enter
Choice 9: Choose Yes if you want to add more IPs to the whitelist. Else NO to continue
– Do you want to add more IPs to the white list? (y/n)? [y]: <– Press Y, Add your client ip, just in case.

Installer made OSSEC start at boot. For futher settings, edit of the config file.

vi /var/ossec/etc/ossec.conf

And reboot!

Check everything to make sure its all still working! After that you should be good!

I added some of my own thoughts and addtions to this but I learned a lot from these sites:

Thanks again for reading, hope this helped you!