I just came across this page and thought i’d post it because it had some good content:
# Eric Wedaa's notes on setting up centos 6.2
# email [email protected]
#
# May 9-21, 2012
#
# In general, I used mozilla to download the files into
# /home/shepherd/Downloads
#
######################################################################
#
# date command for copying and chmoding files
# chmod does not work if you run cp command to close to midnight
#
# `date +%Y.%m.%d.%H.%M`
#
# you might want to set this
#
export LD_LIBRARY_PATH=/opt/csw/lib:/opt/csw/gcc4/lib:/usr/lib/:/usr/local/lib
#
######################################################################
#
# This MAY look like a shell script, but it isn't really.
#
# These are commands to cut/paste into your window. This is because
# there may be newer versions of the software, and because sometimes
# you really need to edit some of the configuration files by hand
# to make things work properly.
#
######################################################################
#
# Update CPAN because it ALWAYS needs updating
#
cpan CPAN
cpan YAML
######################################################################
#
# Update all the RPM Packages so that we are up to date with the
# latest patches
#
yum -y update
######################################################################
#
# Make sure iptables is configured and running
#
service iptables status
######################################################################
#
# Install OpenVAS
#
wget -q -O - http://www.atomicorp.com/installers/atomic |sh
yum install openvas
openvas-setup
/usr/sbin/openvas-adduser
# APPARENTLY NOT NEEDED /usr/sbin/openvas-mkcert
# BTW-You will have to rerun these next two commands to make
# sure that your signature files are up to date.
# Maybe you can add them to /etc/rc.local or to root's crontab file
/usr/sbin/openvas-nvt-sync
/usr/sbin/openvasmd --rebuild
#restarting takes a little bit. make sure to disable this at boot
#time if you don't use it every day.
service openvas-scanner restart
#Now that we're done setting up openvas, we want to make atomic repo
#an invalid source so we don't accidentally download rpms from there
mv /etc/yum.repos.d/atomic.repo /etc/yum.repos.d/atomic.repo.dont_use
#Disable openvas at startup, I don't need it running everyday
chkconfig openvas-administrator off
chkconfig openvas-manager off
chkconfig openvas-scanner off
######################################################################
#
# fix postfix security holes
# Also good for OpenVAS complaints
#
echo "disable_vrfy_command=yes" >> /etc/postfix/main.cf
vi /etc/postfix/main.cf
#search for and uncomment next line
#inet_interfaces = all
#search for and comment out the next line
#inet_interfaces = localhost
#
#find the mydomain line and add your domainname
#mydomain = wedaa.com
#
######################################################################
#
# fix apache security holes
# Also good for OpenVAS complaints
echo "TraceEnable Off" >> /etc/httpd/conf/httpd.conf
echo "Header unset ETag " >> /etc/httpd/conf/httpd.conf
echo "FileETag None " >> /etc/httpd/conf/httpd.conf
######################################################################
#
# Turn off unneeded services
# Also good for OpenVAS complaints
#
chkconfig cups off
chkconfig nfs off
chkconfig nfslock off
######################################################################
#
# Create local repo diretory
#
yum install createrepo
mkdir /home/shepherd/yum-stuff
cd /home/shepherd/yum-stuff
wget -nc -r http://centos.mirror.nac.net/6.2/updates/i386/Packages/
echo "STILL NEEDS configuration work so I can use it locally
######################################################################
#
# Install star (S-tar archiver)
#
yum install star
######################################################################
#
#Install telnet, but not the telnetd daemon (which is a security risk)
#
yum install telnet
######################################################################
#
#Yes, I know lftp is sometimes installed, but I like the simplicity
# of ftp sometimes
#
yum install lftp
yum install ftp
######################################################################
#
# Install all the named stuff
#
yum install bind
yum install bind-devel
cp named.iscdlv.key named.iscdlv.key.`date +%Y.%m.%d.%H.%M`
cp named.root.key named.root.key.orig.`date +%Y.%m.%d.%H.%M`
cp named.conf named.conf.orig.`date +%Y.%m.%d.%H.%M`
cp named.rfc1912.zones named.rfc1912.zones.`date +%Y.%m.%d.%H.%M`
chmod go-rwx named.iscdlv.key.`date +%Y.%m`*
chmod go-rwx named.root.key.orig.`date +%Y.%m`*
chmod go-rwx named.conf.orig.`date +%Y.%m`*
chmod go-rwx named.rfc1912.zones.`date +%Y.%m`*
#Get host2dns from http://seriss.com/people/erco/unixtools/hosts2dns/
cd /home/shepherd/Downloads
tar -xvf hosts2dns-0.95.tar.gz
cp hosts2dns /usr/local/sbin
chmod go-rwx /usr/local/sbin/hosts2dns
cp /etc/hosts /etc/hosts.`date +%Y.%m.%d.%H.%M`
chmodgo-rwx /etc/hosts.`date +%Y.%m.%d.%H.%M`
vi /etc/hosts #And follow the instructions on the website
#Sample below, pay attention to DNS lines
#!DNS:DOMAIN foo.x -- CHANGE THIS: SET TO YOUR DNS DOMAIN NAME
##!DNS:START -- Start of hosts to be added to DNS
#192.168.0.1 router ro -- eg. this will become router.foo.x
#192.168.0.2 howland ho how -- eg. this will become howland.foo.x
#192.168.0.12 havasu ha
##!DNS:END -- End of hosts to be added to DNS
/usr/local/sbin/hosts2dns -update
#This script contains a small bug which lists same
#REVERSE network twice.
vi /etc/named.conf #Remove the last one
service named start
# Add an MX record (make sure this is right path)
echo '@ IN MX 10 shepherd.wedaa.com'>> /var/named/fwd.wedaa.com
#Now restart named
service named restart
#Just like /etc/named.conf says, all the good files are in /var/named
#Edit /etc/resolv.conf to make domainname wedaa.com
cp /etc/resolv.conf /etc/resolv.conf.orig
echo "domain wedaa.com"> /etc/resolv.conf
echo "nameserver 127.0.0.1" >>/etc/resolv.conf
echo "nameserver 192.168.0.15" >>/etc/resolv.conf
#Anytime a change is made in /etc/hosts you need to run
#/usr/local/sbin/hosts2dns -update
#AND update the MX record for the domain
#echo '@ IN MX 10 shepherd.wedaa.com'>> fwd.wedaa.com
#Now restart named
service named restart
#DNS testing
#nslookup
#set q=mx
#us.ibm.com
#wedaa.com
#shepherd.wedaa.com
#NOTE: One of these days I'll edit hosts2dns to be able to
#figure out the MX entry and write it at the bottom of the fwd.wedaa.com
#file, but not today. If I used this more often I'd have added
#it already.
######################################################################
#
# How to get apache running on other than port 80 and 443
#
#http://danwalsh.livejournal.com/9275.html
#
#Show which ports under selinux http can access
semanage port -l | grep http
#http_cache_port_t tcp 3128, 8080, 8118, 8123, 10001-10010
#http_cache_port_t udp 3130
#http_port_t tcp 80, 443, 488, 8008, 8009, 8443
#pegasus_http_port_t tcp 5988
#pegasus_https_port_t tcp 5989
#So I can also listen to 8118
#set listen in httpd.conf to also listen to 8118
vi /etc/httpd/conf/httpd.conf
service httpd restart
#To add port 81 for http
#semanage port -a -t http_port_t -p tcp 81
#
######################################################################
#
# Download flash from http://get.adobe.com/flashplayer/
# get the tar.gz file
#
cd /usr/shepherd/Downloads
tar -xvf ../install_flash_player_11_linux.i386.tar.gz
cd /usr/lib/mozilla/plugins
cp ~shepherd/Downloads/libflashplayer.so .
cd ~shepherd/Downloads/
cp -r usr/* /usr
# start firefox, go to http://www.adobe.com/software/flash/about/
# and that will show if installed properly
######################################################################
#
# modify ssh stuff
#
# Edit config file so nobody else can login
# Also good for OpenVAS complaints
echo "AllowUsers ericw shepherd" >>/etc/ssh/sshd_config
service sshd restart
# If you want to be able to login without being prompted for
# a password, follow instructions from
# http://wiki.centos.org/HowTos/Network/SecuringSSH
#
#Block too many cracking attempts on ssh by using iptables
iptables -A INPUT -p tcp --dport 22 -m recent --set --name ssh --rsource
iptables -A INPUT -p tcp --dport 22 -m recent ! --rcheck --seconds 60 --hitcount 4 --name ssh --rsource -j ACCEPT
service iptables restart
######################################################################
#
# setup sudo for me
#
cp /etc/sudoers /etc/sudoers.orig
echo "shepherd ALL=(ALL) ALL">>/etc/sudoers
######################################################################
#
# Make sure only I can run su command
#
usermod -G wheel shepherd
Find these lines in /etc/pam.d/su:
# Uncomment the following line to require a user to be in the “wheel†group.
# #auth required pam_wheel.so use_uid
#
# And change them (as suggested) to this:
#
# # Uncomment the following line to require a user to be in the “wheel†group.
# auth required pam_wheel.so use_uid
######################################################################
#
# enable/turn on NFS
#
modprobe nfs
service nfs start
echo "/home 192.168.0.0/24(rw)">>/etc/exports
exportfs -a
#Show that it was exported
exportfs
# Now turn it all off till we need it
chkconfig nfs off
chkconfig nfslock off
######################################################################
#
# Setup samba/cifs
#
# Now turn it all off till we need it
######################################################################
#
# Get imapd going
#
service saslauthd start
chkconfig saslauthd on
testsaslauthd -u username -p password
# Output should be "0: OK "Success."
passwd cyrus
yum install cyrus-sasl
yum install cyrus-imapd
chkconfig cyrus-imapd on
service cyrus-imapd restart
#Set password for user cyrus
saslpasswd2 cyrus
#Chown ownership so that cyrus utilities can read the darn file
chown cyrus /etc/sasldb2
#To create a user
# cyradm -user cyrus localhost
# it will prompt for password
# To create a user "spam"
#createmailbox user.spam
# to list mailboxes from inside cyradm
#lm
######################################################################
#
# Installing mySQL
# Get mysqld running
#
chkconfig mysqld on
service mysqld restart
#Setup stuff
/usr/bin/mysql_secure_installation
######################################################################
#
# Installing squirrelmail
# Requires mysql sasl, cyrus-imapd and other things
#
# Make sure you do the postfix setup from above
#
# Get lastest squirrelmail from http://squirrelmail.org/download.php
cd /var/www/html/
tar -xf /home/shepherd/Downloads/squi*tar.gz
mv squ* squirrel
cd squirrel
mkdir /var/squirrel
mkdir /var/squirrel/data
chmod 0730 /var/squirrel/data
mkdir /var/squirrel/attachment
chmod 0730 /var/squirrel/attachment
chown apache /var/squirrel /var/squirrel/data /var/squirrel/attachment
./config/conf.pl #NON TRIVIAL SETUP, READ THE INSTALL GUIDE
#As it says, plaintext authentication is disabled. Enable that on your
#IMAP server or set "$imap_auth_mech = 'cram-md5';" in SquirrelMail
# configuration file - /var/www/html/squirrel/config/config.php.
#Now we configure mailbox_transport in /etc/postfix/main.cf.
#Add this line to the bottom:
echo "mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp" >>/etc/postfix/main.cf
service postfix restart
# SEE THIS WEBPAGE FOR HELP
#http://nakedape.cc/info/Cyrus-IMAP-HOWTO/Cyrus-IMAP-HOWTO.html
#
## PROBLEM WITH SELINUX AND IMAPD, IMAP, squirrelmail
#type=AVC msg=audit(1337040367.783:114): avc: denied { name_connect } for pid=3823 comm="httpd" dest=143 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:pop_port_t:s0 tclass=tcp_socket
#type=SYSCALL msg=audit(1337040367.783:114): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bf9d8950 a2=208afcc a3=0 items=0 ppid=2724 pid=3823 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
#type=AVC msg=audit(1337040367.783:115): avc: denied { name_connect } for pid=3823 comm="httpd" dest=143 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:pop_port_t:s0 tclass=tcp_socket
#type=SYSCALL msg=audit(1337040367.783:115): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bf9d8950 a2=208afcc a3=0 items=0 ppid=2724 pid=3823 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
#
# Enable selinux httpd can connect to network services
setsebool -P httpd_can_network_connect=1
# There are LOTS of plugins available at
# http://squirrelmail.org/plugins.php
# like the ever popular address book and calendar
######################################################################
#
# Install Bugzilla
#
# download from http://www.bugzilla.org/download/
# Installation hints are from
# http://www.thegeekstuff.com/2010/05/install-bugzilla-on-linux/
#
cd /home/shepherd/Downloads
mkdir bugzilla
mv bug*gz bugzilla
cd bugzilla
su
cd /var/www/html
tar -xf /home/shepherd/Downloads/bugzilla/*gz
cd bugzilla-4.2.1
vi /etc/my.cnf #read instructions on setting max_allowd_packet=4m
service mysqld restart
./checksetup.pl
/usr/bin/perl install-module.pl --all #This is going to take a few minutes
yum install gd-devel
/usr/bin/perl install-module.pl GD
#Setup mysql per directions
vi localconfig #to setup password for mysql
./checksetup.pl
#aw geezzz, gotta setup mod_cgi and figure out how to configure this
#Add this to the bottom of /etc/httpd/conf/httpd.conf
AddHandler cgi-script .cgi
Options +Indexes +ExecCGI
DirectoryIndex index.cgi
AllowOverride Limit FileInfo Indexes
#
#THEN you still get to login to bugzilla and goto
#http://localhost/bugzilla/editparams.cgi
#to finish the setup (READ the docs)
######################################################################
#
# Install Snort 2.9.2.3-1
#
# from http://www.snort.org/snort-downloads
# I downloaded snort-mysql-2.9.2.3-1.RHEL6.i386.rpm
#
# Also requires
# 1:snort-mysql-2.9.2.3-1.i386 requires libsfbpf.so.0
# 1:snort-mysql-2.9.2.3-1.i386 requires snort = 1:2.9.2.3-1
# 1:snort-mysql-2.9.2.3-1.i386 requires libdnet.1
# What a cluster F&#k
# The rpm will NOT install because the other libraries are not
# installed, but there are no CENTOS RPMs with those libraries.
#
# So I have to install everything from source code
#
# get libdnet from
# http://code.google.com/p/libdnet/downloads/detail?name=libdnet-1.12.tgz&can=2&q=
# Time to install from source
# got libpcap from www.tcpdump.org and installed
# got daq from http://www.snort.org/snort-downloads/
# got ERROR! Libpcre header not found.
# Get it from http://www.pcre.org
#
#Downloaded SOURCE for snort and ./configure; make; make install
#
# Now download and install/configure the plugin to modify iptables
# on the fly
#
# Please see docs at
# http://doc.emergingthreats.net/bin/view/Main/SnortSamDocumentation
#
# Warning, you must patch snort and recompile to use snortsam
#
#http://www.snortsam.net/
######################################################################
#
# Install Tripwire
#
# from http://sourceforge.net/projects/tripwire/
#
cd /home/shepherd/Downloads/
mkdir tripwire
mv tripwire*bz2 tripwire
cd tripwire/
tar -xf tripwire-2.4.2.2-src.tar.bz2
cd tripwire-2.4.2.2-src
./configure
make
su
make install
exit
# A clear-text version of the Tripwire policy file
# /usr/local/etc/twpol.txt
# has been preserved for your inspection. This implements
# a minimal policy, intended only to test essential
# Tripwire functionality. You should edit the policy file
# to describe your system, and then use twadmin to generate
# a new signed copy of the Tripwire policy.
su
cp /usr/local/etc/twpol.txt /usr/local/etc/twpol.txt.orig
# Edit the config file to comment out checking /home filesystem
# as that can take forever and IMHO isn't really needed
# (I'll take the chance)
vi /usr/local/etc/twpol.txt
twadmin -m P /usr/local/etc/twpol.txt
tripwire --test --email shepherd@localhost
#Now to initialize the datafile, this will take forever :-)
tripwire --init -v #-v for verbose, just so you can see it working :-)
#Add this script as /usr/localsbin/tripwire-update.sh
# #!/bin/sh
# This will update the tripwire database which is faster than
# recreating from scratch
# DIR=/usr/local/lib/tripwire/report
# HOST=`hostname -s`
# LAST_REPORT=`ls -1t $DIR/$HOST-*.twr | head -1`
# echo tripwire --update --twrfile "$LAST_REPORT"
######################################################################
#
# Install COPS (Old, but still finds stuff occasionally)
# Cops 1.04+ is the latest with minor bugfixes
#
# ftp://coast.cs.purdue.edu/pub/tools/unix/scanners/cops/
#
cd /home/shepherd/Downloads
mkdir src
mkdir src/cops
mv cops*gz src/cops
cd src/cops
tar -xvf cops*gz
######################################################################
#
# Install Nagios
#
######################################################################
#
# Install TWIG (Just for giggles. It's dead but I want to take a
# look at it again and see if there's something still usefull about
# it.
#
# Found 2.8.3 at http://rpm.pbone.net/index.php3/stat/26/dist/66/size/1055046/name/twig-2.8.3-4mdv2009.0.src.rpm
#
# There WERE diffs all the way up to 2.8.7 but I can't find them anywhere :-(
#
# timestamp(14) is no longer valid, fix in mysql files
# http://bugs.mysql.com/bug.php?id=41510
# Also fixed bad default '0' bug (deprecated since last mysql release
yum install aspell
#really test with http://localhost/twig/test.php
# there is a bug on the line
# $aparse = TWIGMailParseAddresssList( "[email protected]", $config["fromdomain"] );
# There is one too many "s" in AddressList
#
yum install php-imap
#
# Please see http://wedaa.com/eric/software/twig-stuff/
# For more details.
######################################################################
#
# Install LDAP (for passwords and address book)
#
######################################################################
#
# Install Avast Windows virus scanner
#
# http://www.avast.com/en-us/linux-home-edition
#
# See installation help at
# http://www.howtogeek.com/howto/14434/scan-a-windows-pc-for-viruses-from-a-ubuntu-live-cd/
######################################################################
#
# Install ClamAV Windows virus scanner
#
# http://www.clamav.net/lang/en/
#
adduser clamav
./configure
make #This takes a while
make install
vi /etc/clamd.conf
vi /usr/local/etc/clamd.conf
freshclam -d
clamscan -r -l scan.txt /home/shepherd/Downloads/clamav/clamav-0.97.4 |grep FOUND
######################################################################
#
# Install eScan mail and anti virus scanners
#
http://www.escanav.com/english/content/products/generic_mailScan/MailScan_gen.asp
######################################################################
#
# config spamassasin
#
# A lot of help came from
#
# http://www.akadia.com/services/postfix_spamassassin.html
# http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Managing_Confined_Services/sect-Managing_Confined_Services-Postfix-Configuration_Examples.html
#
# WHAT A PAIN IN THE A$$
#To create a user spam
# cyradm -user cyrus localhost
# it will prompt for password
# To create a user "spam"
#createmailbox user.spam
# to list mailboxes from inside cyradm
#lm
#Create a file /usr/local/bin/spamchk
#
##!/bin/sh
#
## -----------------------------------------------------------------
## File: spamchk
##
## Purpose: SPAMASSASIN shell-based filter
##
## Location: /usr/local/bin
##
## Usage: Call this script from master.cf (Postfix)
##
## Certified: GENTOO Linux, Spamassassin 3.0, Postfix
## -----------------------------------------------------------------
#
## Variables
#SENDMAIL="/usr/sbin/sendmail.postfix -i"
#EGREP=/bin/egrep
#
## Exit codes from
#EX_UNAVAILABLE=69
#
## Number of *'s in X-Spam-level header needed to sideline message:
## (Eg. Score of 5.5 = "*****" )
#SPAMLIMIT=10
#
## Clean up when done or when aborting.
#trap "rm -f /var/tmp/out.$$" 0 1 2 3 15
#
## Pipe message to spamc
#cat | /usr/bin/spamc --port=10000 -u filter | sed 's/^\.$/../' > /var/tmp/out.$$
#
## Are there more than $SPAMLIMIT stars in X-Spam-Level header? :
#if $EGREP -q "^X-Spam-Level: \*{$SPAMLIMIT,}" < /var/tmp/out.$$
#then
# # Option 1: Move high scoring messages to sideline dir so
# # a human can look at them later:
# # mv out.$$ $SIDELINE_DIR/`date +%Y-%m-%d_%R`-$$
#
# # Option 2: Divert to an alternate e-mail address:
## $SENDMAIL [email protected] < /var/tmp/out.$$
# EDIT THE DOMAINNAME ON THE NEXT LINE, junk email goes here instead of user's inbox
# $SENDMAIL [email protected] < /var/tmp/out.$$
#
# # Option 3: Delete the message
# # rm -f /var/tmp/out.$$
#else
# $SENDMAIL "$@" < /var/tmp/out.$$
#fi
#
## Postfix returns the exit status of the Postfix sendmail command.
#exit $?
#Because this filter uses the spamc client, you must be running a spamd
#server. Save the filter somewhere publicly accessible
#(e.g., /usr/local/bin/spamchk) and set its permissions.
#-rwxr-x--- 1 root filter 2455 Nov 18 11:37 spamchk
#Edit /etc/postfix/master.cf
[root@shepherd postfix]# diff master.cf master.cf.orig
11,14c11
< spamchk unix - n n - 10 pipe
< flags=Rq user=filter argv=/usr/local/bin/spamchk -f ${sender} -- ${recipient}
< #smtp inet n - n - - smtpd
< smtp inet n - n - - smtpd -o content_filter=spamchk:dummy
---
> smtp inet n - n - - smtpd
#Edit /etc/postfix/main.cf
#Following changes may have been done already
[root@shepherd postfix]# diff main.cf main.cf.edited
75c75
< #myhostname = host.domain.tld
---
> myhostname = host.domain.tld
99c99
< #myorigin = $mydomain
---
> myorigin = $mydomain
252c252
< #mynetworks_style = subnet
---
> mynetworks_style = subnet
266a267
> mynetworks = 192.168.0.0/28, 127.0.0.0/8
# This stuff MIGHT not be needed
groupadd -g 601 spamd
useradd -u 601 -g 601 -s /sbin/nologin -d /home/spamd spamd
groupadd -g 600 filter
useradd -u 600 -g 600 -d /home/filer -s /bin/false filter
######################################################################
#
# Install/run Nikto
# From http://cirt.net/nikto2
#
cd /home/shepherd/Downloads/
mkdir nikto
mv nikto-2.1.4.tar.gz nikto
cd nikto/
ls
tar -xvf nikto-2.1.4.tar.gz
cd nikto-2.1.4
#hmmm, no makefile so no make install
perl nikto.pl -update
./nikto.pl -host localhost
#There has to be more than this, it ran too fast
#
######################################################################
#
# Install/run nmap
#
##download from http://nmap.org/download.html
cd /home/shepherd/Downloads
mkdir nmap
mv nmap-*tgz nmap
cd nmap
tar -xf *
cd nmap-6.00
./configure
make
su
make install
export LD_LIBRARY_PATH=/opt/csw/lib:/opt/csw/gcc4/lib:/usr/lib/:/usr/local/lib
nmap -A 192.168.0.1-255
######################################################################
#
# Does smrsh still exist/is used/is used with postfix emailer?
#
######################################################################
#
# sleuthkit is a digital coroner/forensis tool for hacked machines
#
# http://www.sleuthkit.org/
######################################################################
#
# Get PAM working for passwords/ldap authentication
#
######################################################################
#
# Get John the ripper installed and working
#
# http://www.openwall.com/john/
#
## John the Ripper 1.7.9-jumbo-5 (Unix - sources, tar.gz, 1423 KB)
cd /home/shepherd/Downloads
mkdir john-the-ripper
mv john*gz john-the-ripper
cd john-the-ripper
tar -xf j*gz
cd john-1.7.9
cd src
make linux-x86-sse2
cd ../run
#NOTE: I made a test account user tina, password=tina to make sure
#the darn thing works
#I also encrypt passwords with sha512, goodbye crypt :-(
./john /etc/shadow
Loaded 5 password hashes with 5 different salts (generic crypt(3) [?/32])
tina (tina)
######################################################################
#
# Get samhain file integrity / host-based intrusion detection system
#
# http://www.la-samhna.de/samhain/s_download.html
#
# you also want beltane
# http://www.la-samhna.de/beltane/index.html
#
# I REALLY need to read the docs on this one, it is a VERY
# complicated version of tripwire that is good for PCI compliance
######################################################################
#
# Get apache tomcat
#
# http://tomcat.apache.org/
#
######################################################################
#
# setup RCS network repository
#
mkdir /home/shepherd/rcs-test
cd /home/shepherd/rcs-test
tar -cf - /etc/sysconfig |tar -xf -
cd /home/shepherd/rcs-test/etc
find . -type d ! -name RCS -print -exec mkdir '{}'/RCS \;
# Cool scripts at http://www.linuxdocs.org/HOWTOs/CVS-RCS-HOWTO-12.html
######################################################################
#
# setup CVS network repository
#
# http://subversion.apache.org/
#
http://comsci.liu.edu/~murali/cvs/pserver.htm
chkconfig cvs on
service xinetd restart
telnet localhost 2401
# OUTPUT #Trying 127.0.0.1...
# OUTPUT #Connected to localhost.
# OUTPUT #Escape character is '^]'.
# CSV is minimally working
cvs -d /var/cvs init
ls /var/cvs
# OUTPUT #CVSROOT
vi /var/cvs/CVSROOT/mkcvs-passwd
#Contents of file follows
#!/usr/bin/perl
#
srand (time());
my $randletter = "(int (rand (26)) + (int (rand (1) + .5) % 2 ? 65 : 97))";
my $salt = sprintf ("%c%c", eval $randletter, eval $randletter);
my $plaintext = shift;
my $crypttext = crypt ($plaintext, $salt);
print "${crypttext}\n";
chmod u+rwx /var/cvs/CVSROOT/mkcvs-passwd
/var/cvs/CVSROOT/mkcvs-passwd