ELS - Easy Linux Security script

[selfwebhosting]

I tried to upgrade to apache 2 and I got this error:

PHP Warning: [eAccelerator] This build of "eAccelerator" was compiled for PHP version 4.4.4. Rebuild it for your PHP version (4.4.7) or download precompiled binaries.
in Unknown on line 0
PHP Fatal error: Unable to start eAccelerator module in Unknown on line 0
make[1]: *** [install-pear-packages] Error 254
make: *** [install-pear] Error 2

Now I cannot restart apache. What should I do?

 

[selfwebhosting]

I re-run "els --eaccelerator" and I got this error after the script tried to restart apache:

Starting httpd: Syntax error on line 67 of /etc/httpd/conf/httpd.conf:
Cannot load /usr/lib/apache/mod_frontpage.so into server: /usr/lib/apache/mod_frontpage.so: cannot open shared object file: No such file or directory

The apache 2 upgrade failed earlier. Show I downgrade apache? Help!!!

 

[smtalk]

Edit /etc/httpd/conf/httpd.conf and comment out this line, or do:

cd /usr/local/directadmin/customapache
./build mod_frontpage_ap2
./build mod_perl_ap2

 

[selfwebhosting]

I should have waited for your reply!

Anyway, without waiting I run "els --undodaap2" and I got warning about mod_security. After commenting out two places about mod_security, it appears that I can restart apache from the command line, but my DirectAdmin service monitor shows that httpd is stopped and I could not start/restart it from DirectAdmin.

When I run /etc/rc.d/init.d/httpd restart from the command line, it does not give me any error and it shows [ OK ].

Now what I should do? All sites cannot be accessed. Help!!! Should I upgrade apache again or what?

I am here waiting before messing up things further.

 

[smtalk]

I've just sent you a PM with the instructions.

 

[emmanuel]

So does this mean --wheeluser does not work for Fedora/RH/Centos based distribution?

 

[smtalk]

emmanuel, it's fixed in 2.1.0.18.

 

[selfwebhosting]

"els --wheeluser" eventually run after smtalk helped me. However, I found that I have to manually add the wheelusername to sshd_config file to make it work. Now no one can login into ssh using admin. Cool!

 

[txt3rob]

how can i undo --chmodfiles so that i can use wget on ssh but not as root

 

[AndyII]

Just do:

# els --all

And it will ask you what do you want to install/update or optimize/secure

This looks very, very useful for those who are just entering the world of Linux
Can any of these be un-installed in the case it causes trouble or something breaks?
Andy

 

[smtalk]

Yes, uninstalls are also listed in "els --all".

 

[PaulStuffins]

This looks like it has expanded away from the security aim of the script.

On saying that is there a comprensive list of what this script installs and/or configures, with switches if preferable, as reading through this thread there is some stuff that I would like to have installed (security related items) and some I do not want at all (anything to do with cPanel and some non security related items).

Paul

 

[AndyII]

This looks like it has expanded away from the security aim of the script.

On saying that is there a comprensive list of what this script installs and/or configures, with switches if preferable, as reading through this thread there is some stuff that I would like to have installed (security related items) and some I do not want at all (anything to do with cPanel and some non security related items).

Paul

Originally Posted by smtalk View Post
Just do:
Code:

# els --all

And it will ask you what do you want to install/update or optimize/secure

it would seem reading through the posts that you either say yes or no (Y, N) as each one is presented

 

[smtalk]

Sorry, my mistake, it's listed in "els --help"

 

[smtalk]

Version 3.0 has been released, it doesn't use "replace" now, and it supports Debian and Fedora 7.

 

[Duboux]

How well updated is ELS ?

Because when I check that site out, it shows last news from 2005, which keeps me in a bit of doubt..

 

[smtalk]

That site isn't mine, it's Richard Gannon's site, that's why it's not updated I post all news in this thread (as I posted about the 3.0 release).

 

[Duboux]

Thanx, I'll think abt it a bit more

ps, if u need a host for ur own site...

 

[Duboux]

Okay, tried it on a box that was updated with the custombuild.

Did almost all, exept APC, APF (already have another firewall) and BDF (seen a bit too many negative posts)


The MyTop however didn't go well..

# els --mytop

ELS can now install MyTOP.
Proceed? (y/n): y
Download Successful!
MD5 matches.
Installing...
mytop-1.4/
mytop-1.4/mytop
mytop-1.4/README
mytop-1.4/Changes
mytop-1.4/test.pl
mytop-1.4/Makefile.PL
mytop-1.4/INSTALL
mytop-1.4/MANIFEST
Checking if your kit is complete...
Looks good
Warning: prerequisite DBD::mysql 1 not found.
Warning: prerequisite DBI 1.13 not found.
Warning: prerequisite Term::ReadKey 2.1 not found.
Writing Makefile for mytop
cp mytop blib/script/mytop
/usr/bin/perl "-MExtUtils::MY" -e "MY->fixin(shift)" blib/script/mytop
Manifying blib/man1/mytop.1
Writing /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/auto/mytop/.packlist
Appending installation info to /usr/lib/perl5/5.8.5/i386-linux-thread-multi/perllocal.pod
Setting default database to 'mysql'.
Done.


# mytop
Can't locate DBI.pm in @INC (@INC contains: /usr/lib/perl5/5.8.5/i386-linux-thread-multi /usr/lib/perl5/5.8.5 /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.4/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/site_perl/5.8.4 /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl/5.8.2 /usr/lib/perl5/site_perl/5.8.1 /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.4/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.5 /usr/lib/perl5/vendor_perl/5.8.4 /usr/lib/perl5/vendor_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2 /usr/lib/perl5/vendor_perl/5.8.1 /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl .) at /usr/bin/mytop line 20.
BEGIN failed--compilation aborted at /usr/bin/mytop line 20.

Before I did this #ELS --all feature, I checked with: # /usr/local/bin/rkhunter -c
And only 2 checks were marked BAD..

After the #ELS --all, alooooooooooot is BAD
Here's a little tip of the iceberg:

* System tools
Info: prelinked files found
Performing 'known good' check...
/usr/sbin/prelink: /lib/tls/libc-2.3.4.so has a dependency cycle
/usr/sbin/prelink: /bin/cat: at least one of file's dependencies has changed since prelinking
/bin/cat [ BAD ]
/usr/sbin/prelink: /lib/tls/libc-2.3.4.so has a dependency cycle
/usr/sbin/prelink: /bin/chmod: at least one of file's dependencies has changed since prelinking
/bin/chmod [ BAD ]
/usr/sbin/prelink: /lib/tls/libc-2.3.4.so has a dependency cycle
/usr/sbin/prelink: /bin/chown: at least one of file's dependencies has changed since prelinking
/bin/chown [ BAD ]

Also:

Incorrect MD5 checksums: 36
Application scan
Vulnerable applications: 2

 

[smtalk]

You need to install DBD::mysql, DBI and Term::ReadKey. Use "cpan" to do that