As I tell everyone, Change you ssh port numbers. Pick a random number, if you ever check your /var/log/secure log you will see a ton of random attacks. <br><br>These are from my blog, <a href="http://simontekhacks.blogspot.com/">http://simontekhacks.blogspot.com/</a><br>
<br>Basically I keep notes that may come in handy for future. <br clear="all"><br><br><b>Scripts that come in handy.<br><br>Server e-mail every time someone logs in as root</b><br><br>To have the server e-mail you every time someone logs in as root, SSH into server and login as root.<br>
<br>At command prompt type: vi .bash_profile<br><br>Scroll down to the end of the file and add the following line:<br><br>echo 'ALERT - Root Shell Access on:' `date` `who` | mail -s "Alert: Root Access from `who | awk '{print $6}'`" <a href="mailto:your@email.com">your@email.com</a><br>
<br>Save and exit. <br><br> <span style="font-weight: bold;">Install chkrootkit</span><br><br>To install chrootkit, SSH into server and login as root.<br><br>At command prompt type: cd /root/<br><br>At command prompt type: wget <a href="ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz">ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz</a><br>
<br>At command prompt type: tar xvzf chkrootkit.tar.gz <br><br>At command prompt type: cd chkrootkit-0.44<br><br>At command prompt type: make sense<br><br><br>To run chkrootkit<br><br>At command prompt type: /root/chkrootkit-0.44/chkrootkit<br>
<br>Make sure you run it on a regular basis, perhaps including it in a cron job. <br>Chkrootkit is a program that scans for root kits.<br><br><br>To modify <span style="font-weight: bold;">LogWatch</span>, SSH into server and login as root.<br>
<br>At command prompt type: vi /etc/log.d/conf/logwatch.conf <br><br><br>Scroll down to<br><br>MailTo = root<br><br>and change to<br><br>Mailto = <a href="mailto:your@email.com">your@email.com</a><br><br>Note: Set the e-mail address to an offsite account incase you get hacked.<br>
<br><br>Now scroll down to <br><br>Detail = Low<br><br>Change that to Medium, or High...<br><br>Detail = 5 or Detail = 10<br><br>Note: High will give you more detailed logs with all actions.<br><br><br><b> <br>Not Needed for security, but always comes in handy. </b><br>
<b>Clear Cache from a linux box.<br>Works only with Kernels 2.6.16 or newer</b><br><br>sync; echo 3 > /proc/sys/vm/drop_caches<br><br><br>Quick Script I use for the machine and cron jobs<br><br>Named: clean.sh<br>#!/bin/bash<br>
<br>###<br>### Shell script to clean the cache on the machine, it also lists current memory usage, and<br>### afterwards its cleared so I can compare.<br>###<br>### SimonTek April 16th, 2009<br>###<br>free -m<br>sync; echo 3 > /proc/sys/vm/drop_caches<br>
free -m
<br>-- <br>SimonTek<br>404-585-1308<br><br>