ELS - Easy Linux Security script

Hi,

Spec. : CentOS 4.4, x86, Intel Core 2 Duo, 5 GB RAM.

[root@geek apf]# mytop
-bash: mytop: command not found
[root@geek apf]# els --mytop

ELS can now install MyTOP.
Proceed? (y/n): y
Download Successful!
MD5 matches.
Installing...
mytop-1.4/
mytop-1.4/mytop
mytop-1.4/README
mytop-1.4/Changes
mytop-1.4/test.pl
mytop-1.4/Makefile.PL
mytop-1.4/INSTALL
mytop-1.4/MANIFEST
Checking if your kit is complete...
Looks good
Warning: prerequisite DBD::mysql 1 not found.
Warning: prerequisite DBI 1.13 not found.
Warning: prerequisite Term::ReadKey 2.1 not found.
Writing Makefile for mytop
cp mytop blib/script/mytop
/usr/bin/perl "-MExtUtils::MY" -e "MY->fixin(shift)" blib/script/mytop
Manifying blib/man1/mytop.1
Installing /usr/share/man/man1/mytop.1
Installing /usr/bin/mytop
Writing /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/auto/mytop/.packlist
Appending installation info to /usr/lib/perl5/5.8.5/i386-linux-thread-multi/perllocal.pod
Setting default database to 'mysql'.
Done.
[root@geek apf]# mytop
Can't locate DBI.pm in @INC (@INC contains: /usr/lib/perl5/5.8.5/i386-linux-thread-multi /usr/lib/perl5/5.8.5 /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.4/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/site_perl/5.8.4 /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl/5.8.2 /usr/lib/perl5/site_perl/5.8.1 /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.4/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.5 /usr/lib/perl5/vendor_perl/5.8.4 /usr/lib/perl5/vendor_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2 /usr/lib/perl5/vendor_perl/5.8.1 /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl .) at /usr/bin/mytop line 20.
BEGIN failed--compilation aborted at /usr/bin/mytop line 20.
Click to expand...
 
Maniak, do:
Code: 
cpan
install DBI
install Term::ReadKey
install DBD::mysql
q
 
Hello
i just tried this out on a new server.
i had the same problem as maniak above and "install DBD::mysql" fails.

I just said to myself : tobad :)

I also did the tmp secure and the libsage install.

Now, the problem is that mysq does not work anymore.
The error when i try to start it is :
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (111)
Click to expand...

Someone knows how to get that back working ?
I tried creating a simlink in /tmp/ that points to /var/lib/mysql/mysql.sock but no luck.

Thx
Sky
 
Hello smtalk, and thx, but after a bit of fidling around, i got back mysql, but now i cant connect directly to mysql with root.

When i type : mysql
i get : ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)

It does not really matter, because i can login with phpmyadmin, but i wonder why it does not work anymore.

Sky
 
You don't need els to install DBD::mysql.

I just bring up CPAN and do it.

root > CPAN <enter>
> force install DBD::mysql

Here's my entire routine for new servers for CPAN:

PHP: 
perl -MCPAN -eshell (NOTE: I use "1 2 3 4 5 6 7 8 9 10 11 12 13 14" for mirrors)
install Bundle::CPAN
reload cpan
install DBI
install HTML::Parser
install CGI
force install DBD::mysql
 
First CentOS server works perfect, second CentOS server::

CentOS 4.4 i386_32

[root@toms els]# els --all
-bash: els: command not found
 
Last edited:
digi said:
First CentOS server works perfect, second CentOS server::

CentOS 4.4 i386_32

[root@toms els]# els --all
-bash: els: command not found
Click to expand...

Digi try:
Code: 
# ln -s /usr/local/els/els.sh /usr/sbin/els

After this try "els --help".
 
smtalk said:
What ELS Does:

[*]Upgrade MySQL to 5.0
Click to expand...

ELS usage:
--all : Install/update all supported software, improve
: security and optimize some programs and
: configurations
--apc : Install/Update APC (Alternative PHP Cache)
--apf : Install/Update APF Firewall
--bfd : Install/Update BFD (Brute Force Detection)
--chkrootkit : Install/Update CHKROOTKIT
--chkrootkitcron : Install a CHKROOTKIT cronjob (to run nightly)
--chmodfiles : Chmod dangerous files to root only
--cpvcheck : Check your control panel version
--disablephpfunc : Disable dangerous PHP functions
--disabletelnet : Disable telnet
--distrocheck : Check your OS version
--eaccelerator : Install/Update eAccelerator
--enablephpsafe : Enable PHP safe_mode
--forcessh2 : Force SSH protocol 2
--hardensysctl : Hardening sysctl.conf
--imagemagick : Install/Update ImageMagick
--libsafe : Install/Update Libsafe
--mysqloptimizedb : Run a simple MySQL table optimization and repair command
--mysqlrenice : Renice MySQL to -20 for highest priority
--mytop : Install/Update MyTOP
--optimizemysqlconf : Optimize MySQL configuration file (/etc/my.cnf)
--rkhunter : Install/Update RKHunter
--rkhuntercron : Install a RKHunter cronjob (to run nightly)
--rootloginemail : Add an alert for root login to
: /root/.bash_profile (email must be provided
: for this option)
--securepartitions : Secure /tmp, /var/tmp, and /dev/shm partitions
: (whether in /etc/fstab or not)
--setupcrons : Setup RKHunter and CHKROOTKIT cronjobs as well
: as Root Login Alert
--sshport : Change the port the SSH deamon is listening on
: (also modifies APF config to use new port)
--suhosin : Install/Update suhosin
--up2dateconfig : Edit up2date configuration file to exclude some
: programs
--vps : Similiar to --all, but skips operations not
: compatable with Virtual Private Servers
--wheeluser : Add a wheel user and force no root login in the
: SSH deamon's configuration
--yumconfig : Edit yum configuration file to exclude some
: programs
--xcache : Install/Update XCache
--zendopt : Install/Update Zend Optimizer


Remove/Undo functions:
--disablephpsafe : Disable PHP safe mode
--enablephpfunc : Enable dangerous PHP functions
--enablephprg : Enable PHP register_globals
--removeapf : Remove APF firewall
--removebfd : Remove BFD (Brute Force Detection)
--rmchkrootkitcron : Remove a CHKROOTKIT cronjob
--rmrkhuntercron : Remove a RKHunter cronjob
--undomysqlrenice : Undo MySQL renice


DirectAdmin specific commands:
--doapache2 : Upgrade to Apache 2.0 on DirectAdmin server
--dadovecot : Convert to dovecot on DirectAdmin server
--roundcube : Install roundcube mail on DirectAdmin server
--undodaap2 : Undo the upgrade to Apache 2.0 on DirectAdmin
: server
--updateda : Update DirectAdmin version


cPanel specific commands:
--cpanelmysqlup : Update MySQL on cPanel servers using the glibc
: 2.3 dynamically
: linked RPMs from http://dev.mysql.com
--cpanelupdate : Update cPanel to the latest version on
: cPanel/WHM servers
--eximdictatk : Install the Exim Dictionary Attack ACL for
: cPanel/WHM servers
--fantasticoinstall : Install the Fantastico files for cPanel/WHM
: servers
--fixrndc : Fix RNDC if not already configured on
: cPanel/WHM servers
--tweakcpsettings : Tweak cPanel's Tweak Settings file
Click to expand...

Is the MySQL5 update only for cPanel??
 
Would installing APF/BFD on an production server kill off SSH access? Or is it safe to install just these two items and won't affect my SSH access?
 
smtalk said:
It won't affect your SSH access, unless you've changed SSH port.
Click to expand...

Since it's recommended that we don't use the standard SSH port, what would happen if ESL is used to install APF/BFD with non-standard SSH port? I'll hate to run the script, then promptly find myself staring at a non-responsive SSH terminal :o
 
Change ssh port to 22, run the script and with ELS change the port of SSH.
 
We've got the next server with this issue::

[root@xxx ~]# els --mytop
PHP Warning: PHP Startup: Unable to load dynamic library './apc/apc.so' - ./apc/apc.so: cannot open shared object file: No such file or directory in Unknown on line 0

ELS can now install MyTOP.
Proceed? (y/n): y
Download Successful!
MD5 matches.
Installing...
mytop-1.4/
mytop-1.4/mytop
mytop-1.4/README
mytop-1.4/Changes
mytop-1.4/test.pl
mytop-1.4/Makefile.PL
mytop-1.4/INSTALL
mytop-1.4/MANIFEST
Checking if your kit is complete...
Looks good
Warning: prerequisite Term::ReadKey 2.1 not found.
Writing Makefile for mytop
cp mytop blib/script/mytop
/usr/bin/perl "-MExtUtils::MY" -e "MY->fixin(shift)" blib/script/mytop
Manifying blib/man1/mytop.1
Writing /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/auto/mytop/.packlist
Appending installation info to /usr/lib/perl5/5.8.5/i386-linux-thread-multi/perllocal.pod
Setting default database to 'mysql'.
Done.


[root@xxx ~]# mytop
Can't locate Term/ReadKey.pm in @INC (@INC contains: /usr/lib/perl5/5.8.5/i386-linux-thread-multi /usr/lib/perl5/5.8.5 /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.4/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/site_perl/5.8.4 /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl/5.8.2 /usr/lib/perl5/site_perl/5.8.1 /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.4/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.5 /usr/lib/perl5/vendor_perl/5.8.4 /usr/lib/perl5/vendor_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2 /usr/lib/perl5/vendor_perl/5.8.1 /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl .) at /usr/bin/mytop line 165.

############################################
CentOS 4.5 i86_32
PHP5 / MySQL5

Any suggest??

Thanks.
 
Last edited:
You must log in or register to reply here.
Back
Top