Category Archives: Linux Internet

Linux Internet

Reset MySQL Root Password Easily

Background:
Sometimes a system administrator forgets the MySQL root password! It happens, but what to do when you’re unable to login to your MySQL server? It’s simple!

All it takes is 5 simple steps!

Step 1: Stop the MySQL Server

We do this with:
/etc/init.d/mysql stop or service mysql stop

Step 2: Start the MySQL Server

mysqld_safe –skip-grant-tables &

We do this so MySQL ignores the root password we do not have! If you do not launch this command, resetting the MySQL password will not work!

Step 3: Login to MySQL Server

mysql -u root

Everything should be fine if you get the MySQL prompt!

Step 4: Change the MySQL Password

mysql> use mysql;
mysql> update user set password=PASSWORD("NEW-ROOT-PASSWORD") where User='root';
mysql> flush privileges;
mysql> quit

NEW-ROOT-PASSWORD is your new root password that you want!

Step 5: Restart MySQL Server

/etc/init.d/mysql stop
/etc/init.d/mysql start

Now, you should have your new MySQL root password! I recommend you write it down this time!

IRC caused me to use Linux! Quick how to setup a shell server.

Years ago back in the day as they say I was constantly on IRC! I was told try Linux to run several services! That is what got me into to linux. I want to say around 1998! I am sure it was 98! Anyways I started off with Slackware. It might have been Slackware 6! That is what sticks out in the the mind… I setup a shell server today for a customer on CentOS5 64 bit. It is really simple. You just install gcc, screen, glibc, automake, autoconf, oidentd, BitchX and some other packages if needed. Then lock the server down so that shell users can only use what you want them to. Remove unneeded packages. Install a firewall and brute force detection. You might also install malware detection and rootkit detection. Here is a quick and easy setup for a centos5 shell box.

Install CentOS make sure to unselect everything but the base install make sure to customize packages and select nothing but the BASE INSTALL. I cannot count how many times people have told me it needs the SECOND CD! NO it does not if you unselect everything but the base install. You have to choose customize when selecting packages….

After you have CentOS installed update the system with yum.
yum -y update

download the DAG Repository Installer! Super simple! I n my case I used CentOS 5 64bit
rpm -Uhv http://apt.sw.be/redhat/el5/en/x86_64/rpmforge/RPMS//rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm

Next yum install the packages you require. Here is what i installed.
yum install gcc glibc automake autoconf oidentd BitchX znc gcc-c++ ncurses ncurses-devel glibc-common glibc-devel glibc-headers glibc-utils compat-glibc linx links curl

I also install ncftp as it is an easy to use command line ftp client.
wget ftp://ftp.pbone.net/mirror/centos.karan.org/el5/extras/testing/x86_64/RPMS/ncftp-3.2.0-3.el5.kb.x86_64.rpm
rpm -Uvh ncftp-3.2.0-3.el5.kb.x86_64.rpm

Next lock down the server a bit you can always do more than I did this time…
userdel adm
userdel lp
userdel shutdown
userdel halt
userdel news
userdel uucp
userdel operator
userdel games
userdel gopher
groupdel adm
groupdel lp
groupdel news
groupdel uucp
groupdel games
groupdel dip
chmod 700 /bin/linuxconf
chmod 750 /bin/mt
chmod 750 /bin/setserial
chmod 750 /sbin/badblocks
chmod 750 /sbin/ctrlaltdel
chmod 750 /sbin/chkconfig
chmod 750 /sbin/debugfs
chmod 750 /sbin/depmod
chmod 6750 /sbin/dump
chmod 750 /sbin/dumpe2fs
chmod 750 /sbin/fdisk
chmod 750 /sbin/fsck
chmod 750 /sbin/fsck.ext2
chmod 750 /sbin/fsck.minix
chmod 750 /sbin/ftl_check
chmod 750 /sbin/ftl_format
chmod 750 /sbin/halt
chmod 750 /sbin/hdparm
chmod 750 /sbin/hwclock
chmod 750 /sbin/ifconfig
chmod 750 /sbin/ifdown
chmod 750 /sbin/ifport
chmod 750 /sbin/ifup
chmod 750 /sbin/ifuser
chmod 750 /sbin/init
chmod 750 /sbin/insmod
chmod 750 /sbin/killall5
chmod 750 /sbin/lilo
chmod 750 /sbin/mingetty
chmod 750 /sbin/mkbootdisk
chmod 750 /sbin/mke2fs
chmod 750 /sbin/mkfs
chmod 750 /sbin/mkfs.ext2
chmod 750 /sbin/mkfs.minix
chmod 750 /sbin/mkfs.msdos
chmod 750 /sbin/mkinitrd
chmod 750 /sbin/mkraid
chmod 750 /sbin/mkswap
chmod 750 /sbin/modinfo
chmod 750 /sbin/modprobe
chmod 2750 /sbin/netreport
chmod 750 /sbin/portmap
chmod 750 /sbin/quotaon
chmod 6750 /sbin/restore
chmod 750 /sbin/runlevel
chmod 750 /sbin/stinit
chmod 750 /sbin/swapon
chmod 750 /sbin/tune2fs
chmod 750 /usr/bin/eject
chmod 4750 /usr/bin/gpasswd
chmod 4755 /usr/bin/lpr
chmod 750 /usr/sbin/atd
chmod 750 /usr/sbin/atrun
chmod 750 /usr/sbin/crond
chmod 750 /usr/sbin/edquota
chmod 750 /usr/sbin/exportfs
chmod 750 /usr/sbin/groupadd
chmod 750 /usr/sbin/groupdel
chmod 750 /usr/sbin/groupmod
chmod 750 /usr/sbin/grpck
chmod 750 /usr/sbin/grpconv
chmod 750 /usr/sbin/grpunconv
chmod 750 /usr/sbin/in.identd
chmod 750 /sbin/klogd
chmod 750 /usr/sbin/logrotate
chmod 2750 /usr/sbin/lpc
chmod 740 /usr/sbin/lpd
chmod 755 /usr/sbin/lsof
chmod 550 /usr/sbin/makemap
chmod 750 /usr/sbin/mouseconfig
chmod 750 /usr/sbin/newusers
chmod 750 /usr/sbin/ntpdate
chmod 750 /usr/sbin/ntpq
chmod 750 /usr/sbin/ntptime
chmod 750 /usr/sbin/ntptrace
chmod 750 /usr/sbin/ntsysv
chmod 750 /usr/sbin/pwck
chmod 750 /usr/sbin/pwconv
chmod 750 /usr/sbin/pwunconv
chmod 550 /usr/sbin/quotastats
chmod 750 /usr/sbin/rdev
chmod 550 /usr/sbin/repquota
chmod 750 /usr/sbin/rpc.mountd
chmod 750 /usr/sbin/rpc.nfsd
chmod 750 /usr/sbin/rpc.rquotad
chmod 750 /sbin/rpc.statd
chmod 750 /usr/sbin/rpcinfo
chmod 750 /usr/sbin/setup
chmod 750 /usr/sbin/showmount
chmod 750 /sbin/syslogd
chmod 750 /usr/sbin/tcpd
chmod 750 /usr/sbin/timeconfig
chmod 750 /usr/sbin/tmpwatch
chmod 750 /usr/sbin/tunelp
chmod 750 /usr/sbin/useradd
chmod 750 /usr/sbin/userdel
chmod 4750 /usr/sbin/userhelper
chmod 750 /usr/sbin/usermod
chmod 4750 /usr/sbin/usernetctl
chmod 750 /usr/sbin/vipw
chmod 755 /bin/mount
chmod 755 /bin/umount
chmod 755 /bin/ping
chmod 755 /usr/bin/at
chmod 0 /usr/bin/rcp
chmod 0 /usr/bin/rlogin
chmod 0 /usr/bin/rsh
chmod 750 /usr/sbin/usernetctl
chmod 755 /usr/sbin/traceroute
chmod 500 /usr/bin/lpr
chmod 500 /usr/bin/lprm
chmod 500 /usr/bin/lpq

Remove unneeded packages
Remove what ever is not used these are just some that do not need to be on a shell server.
rpm -ev –nodeps apmd
rpm -ev –nodeps sndconfig
rpm -ev –nodeps aumix
rpm -ev –nodeps cups-devel
rpm -ev –nodeps cups-drivers
rpm -ev –nodeps cups-libs
rpm -ev –nodeps cups
rpm -ev –nodeps kernel-pcmcia-cs
rpm -ev –nodeps LPRng printconf
rpm -ev –nodeps pnm2ppa
rpm -ev –nodeps mpage
rpm -ev –nodeps Omni Omni-foomatic
rpm -ev –nodeps foomatic
rpm -ev –nodeps cdlabelgen
rpm -ev –nodeps cdparanoia-devel
rpm -ev –nodeps cdparanoia
rpm -ev –nodeps cdparanoia-alpha9
rpm -ev –nodeps cpd
rpm -ev –nodeps playmidi
rpm -ev –nodeps talk
rpm -ev –nodeps talk-server
rpm -ev –nodeps inews
rpm -ev –nodeps inn
rpm -ev –nodeps a2ps
rpm -ev –nodeps docbook-utils docbook-utils-pdf
rpm -ev –nodeps docbook-style-dsssl
rpm -ev –nodeps docbook-dtd30-sgml docbook-dtd31-sgml
rpm -ev –nodeps docbook-dtd40-sgml docbook-dtd41-sgml
rpm -ev –nodeps psgml
rpm -ev –nodeps sgml-tools
rpm -ev –nodeps bcm5820
rpm -ev –nodeps efax
rpm -ev –nodeps eject

Turn off service you do not use an easy way to do this is to type ntsysv and hit space bar on services you do not want to run on start up. If there is an X the run on started..

Install a firewall and brute force detection I used APF and BFD
Find ports you need to open. 22 for SSH is open by default and the firewall is in development mode be default as well.

Download APF and BFD (Advanced Policy Firewall and Brute Force Detection)
wget http://www.rfxnetworks.com/downloads/bfd-current.tar.gz
wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz

Install APF
Extract it
tar xvzf apf-current.tar.gz
Go into the extracted directory
cd apf-0.9.7-1
Install APF
sh install.sh
Edit the conf.apf
vi /etc/apf/conf.apf

For inbound ports edit these lines.
# Common ingress (inbound) TCP ports
IG_TCP_CPORTS=22
and
# Common ingress (inbound) UDP ports
IG_UDP_CPORTS=

also turn OFF devmode when you are done opening ports
# Set firewall dev cronjob
# 1 = enabled / 0 = disabled
DEVM=

Save the file
In vi hit esc then :wq to save the file
service apf restart to restart the firewall
or /etc/init.d/apf restart

Install BFD
Extract it
tar xvzf bfd-current.tar.gz
Go into the extracted directory
cd bfd-1.4
Install BFD
sh install.sh
You can edit the conf file but it is ready to go out of the box you dont have to edit it.
vi /usr/local/bfd/conf.bfd
You might want to set it up to email the root user when the server is brute force attacked.

After that install some kind of malware and rootkit detection the two I used today are Linux Malware Detect and chkrootkit.

Download Linux Malware Detect and install it.
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
tar xvzf maldetect-current.tar.gz
cd maldetect-1.4.0/
sh install.sh

Edit the conf for your needs.
vi  /usr/local/maldetect/conf.maldet

Next download and install chkrootkit.

wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
tar xvzf chkrootkit.tar.gz
mv chkrootkit-0.49 chkrootkit
mv chkrootkit /usr/local
cd chkrootkit
make sense
Create chkrootkit.sh with the following settings
nano chkrootkit.sh

#!/bin/sh
(
/usr/local/chkrootkit/chkrootkit
) | /bin/mail -s ‘CHROOTKIT Daily Run (servername)’ emailaddress

Now setup a cronjon to run chkrootkit nightly
crontab -e
0 15 * * 0 /usr/local/chkrootkit.sh

There is a whole lot more you can do but this is a quick and easy how to on how to setup a shell server quickly. I hope you learned something or found it useful!

Videos from YouTube added to your Blog Easily.

I was asked a question yesterday about adding Videos to a wordpress blog easily. This is really easy to do.

1. Download, install, and activate the Select WP YouTube Player plugin for wordpress.
2. Find the Video on YouTube and copy the URL.
3. In your blog post add [tube]Video URL from YouTube[/tube]

BAM now you have Videos on your blog.

I hope this helps!

Polycom phones cannot dial anything past 211 when our extensions go to 2111, 2112, 2113 and so on.

Polycom phones cannot dial anything past 211 when our extensions go to 2111, 2112, 2113 and so on. The problem ended up being the digit map…

At one of our customer’s sites they have extensions in the 2110-2120 range. Everything seemed fine when we installed the PBX. They started dialing 2111 2112 2113 2114 and they would get all circuits are busy. The PBX was only seeing 211.

Here is what I was seeing from Asterisk.

[Jul 11 10:09:47] VERBOSE[3220] logger.c: == Spawn extension (from-internal, 211, 4) exited non-zero on ‘SIP/2155-0901
[Jul 11 11:11:06] VERBOSE[3367] logger.c: — Executing [211@from-internal:1] ResetCDR(“SIP/2155-b7881038”, “”) in ne
[Jul 11 11:11:06] VERBOSE[3367] logger.c: — Executing [211@from-internal:2] NoCDR(“SIP/2155-b7881038”, “”) in new s

The Polycom digitmap was the problem. We upgraded our polycoms to the latest firmware SoundPoint IP, SoundStation IP and Polycom VVX SIP 3.2.5 [Combined] we have polycom 330, 650, 600, 4000, and 6000. Here is the default digitmap for this firmware version.

The problem was this [2-9]11 for dialing like 411 and 911. I had to change it to [3-9]11 which fixed the problem. I was able to figure out the problem by reading this page http://apetec.com/voip/Polycom-DialPlan.htm

At the bottom of the page it has the following which helped me figure it out.

It means the following:

[2-9]11: 911 rule: 211, 311, 411, 511, 611, 711, 811, 911 are dialled immediately
0T: Local operator rule: After dialing “0” the phone waits T seconds and then completes the call
100: Auto-attendant default extension
101: Voicemail default extension
011xxx.T: International rule without prefix
9011xxx.T: International rule with prefix
1[2-9]xxxxxxxxx: LD rule without prefix
91[2-9]xxxxxxxxx: LD rule with prefix
9[2-9]xxxxxx: Local call with prefix
*xx: 2-digit star codes
*xx[2-7]xxx: Enables immediate dial for services like intercom/paging and directed call pickup.
*4[2-7]xxx: Retrieve call from park (if park slot is x digit extension)
[1-7]xx: A regular 3 digit extension that does not start with 9 or 8 is dialed immediately
[2-7]xx: A regular 3 digit extension that does not start with 9 or 8 or 1 is dialed immediately
[2-7]xxx: A regular 4 digit extension that does not start with 9 or 8 or 1 is dialed immediately
[8]xxx: A 3 digit extension prefixed with an 8 (routes calls directly to voicemail of extension xxx)
[8]xxxx: A 4 digit extension prefixed with an 8 (routes calls directly to voicemail of extension xxxx)

Here is what I saw after I fixed the issue.

[Jul 11 16:16:15] VERBOSE[4448] logger.c: — Executing [2118@from-internal:1] Macro(“SIP/2155-090c0ba0”, “exten-vm|2
[Jul 11 16:16:15] VERBOSE[4448] logger.c: — Executing [s@macro-user-callerid:13] NoOp(“SIP/2155-090c0ba0”, “TTL: A
[Jul 11 16:16:15] VERBOSE[4448] logger.c: — Executing [s@macro-exten-vm:3] Set(“SIP/2155-090c0ba0”, “VMBOX=2118”) i
[Jul 11 16:16:15] VERBOSE[4448] logger.c: — Executing [s@macro-exten-vm:4] Set(“SIP/2155-090c0ba0”, “EXTTOCALL=2118
[Jul 11 16:16:15] VERBOSE[4448] logger.c: — Executing [s@macro-exten-vm:8] Macro(“SIP/2155-090c0ba0”, “record-enabl
[Jul 11 16:16:15] VERBOSE[4448] logger.c: — Executing [s@macro-exten-vm:9] Macro(“SIP/2155-090c0ba0”, “dial|20|tr|2
[Jul 11 16:16:15] VERBOSE[4448] logger.c: — dialparties.agi: dbset CALLTRACE/2118 to 2155
[Jul 11 16:16:15] VERBOSE[4448] logger.c: — Executing [s@macro-dial:7] Dial(“SIP/2155-090c0ba0”, “SIP/2118|20|tr”

Zimbra an easy to install Exchange replacement.

I recently was asked to find an email solution that was easy to use, easy to install, and open source or Free. I used qmailrocks in the past which was not easy to install! I started to look around and I really did not find much that was EASY. I decided to take a look at Zimbra. I had a couple friends a few months ago mention it to me and even ask questions about it. So I decided to install CentOS 5 and Zimbra. It was really easy all you have to do is get the server setup with the requirements then run the install script. I got it up and started testing it. It seemed to work great. After doing a little more research I found out you could easily use it as an Exchange replacement. It has an easy to use interface for both the Admin and User side. You can use an normal email client to check your email. Zimbra seems to be one of the easiest email solutions I could find out there that is FREE!

Cpanel IonCube Softaculous PROBLEM! How to fix it!

Cpanel IonCube Softaculous PROBLEM! How to fix it!

None of the below worked but the last line.. What did work after all of that was to go to tweak settings and select ioncube and save it… You probably need to install ioncube first but you may only need to turn it on in tweak settings so try that first!

1. Download the newest version of Ioncube here http://www.ioncube.com/loaders.php

2. extract it and upload it to your server. It is easiest to use wget like this..
wget http://downloads2.ioncube.com/loader_downloads/ioncube_loaders_lin_x86-64.tar.gz

3. Extract it tar xvzf ioncube_loaders_lin_x86-64.tar.gz

4. I am using PHP 5.2.17 so I need the ioncube_loader_lin_5.2.so version

5. Move the whole ioncube directory to /usr/local
mv ioncube /usr/local

6. Next add it to your php.ini file
vi /usr/local/lib/php.ini you can also use nano vi is just my editor of choice
add this line to the php.ini
zend_extension=”/usr/local/IonCube/ioncube_loader_lin_5.2.so”

7. save the file and restart apache to save it in vi hit esc then :wq

8. Click the restart apache in cpanel

You can also install it via easy apache which is all point and click… Although when I used easy apache it still it was not installed..
Site error: the file /usr/local/cpanel/whostmgr/docroot/cgi/softaculous/enduser/main/functions.php requires the ionCube PHP Loader ioncube_loader_lin_5.2.so to be installed by the site administrator.

After the above did not work for me either I found this.

To install IonCube loading in cPanel, run the following as root:

# /scripts/phpextensionmgr install IonCubeLoader

This did not work either even though when I did php -v it showed it as installed.. Next I found this

run this as root from your cpanel server it recomplies apache which I already di once through easyapache..
/scripts/makecpphp

that did not work either!

What did work after all of that was to go to tweak settings and select ioncube and save it…