ELS - Easy Linux Security script

oi.. :o

The DBI and Term::ReadKey worked, but the DBD::mysql one gave some errors before it refused to install:
Failed 25/28 test scripts, 10.71% okay. 421/426 subtests failed, 1.17% okay.
make: *** [test_dynamic] Error 255
/usr/bin/make test -- NOT OK
Running make install
make test had returned bad status, won't install without force
Click to expand...
 
Duboux said this, and I was wondering also
Before I did this #ELS --all feature, I checked with: # /usr/local/bin/rkhunter -c
And only 2 checks were marked BAD..

After the #ELS --all, alooooooooooot is BAD
Here's a little tip of the iceberg:
Click to expand...
 
[root@dexter ~]# /usr/local/els/els.sh --securepartitions

ELS can secure your /tmp, /var/tmp, and /dev/shm partitions.
Proceed? (y/n): y
No /tmp partition in /etc/fstab.
/tmp already seems to be mounted (cPanel's securetmp script maybe?)

/var/tmp already seems to be mounted (cPanel's securetmp script maybe?)

Found /dev/shm partition in /etc/fstab.
Backing up current configuration file...
/etc/fstab already backed up as /usr/local/els/bakfiles/fstab.bak
Modifying /etc/fstab...
Done.
Remounting /dev/shm...
umount: /dev/shm: not mounted
[mntent]: line 2 in /etc/fstab is bad
[mntent]: line 3 in /etc/fstab is bad
[mntent]: line 5 in /etc/fstab is bad
[mntent]: line 6 in /etc/fstab is bad
[mntent]: line 7 in /etc/fstab is bad; rest of file ignored
mount: can't find /dev/shm in /etc/fstab or /etc/mtab
Done.
You should check '/etc/fstab' before you reboot your system!!!

[root@dexter ~]# cat /etc/fstab
# This file is edited by fstab-sync - see 'man fstab-sync' for details
/dev/md2 / ext3 none /dev/shm tmpfs rw,noexec,nosuid,nodev 0 0,usrquota,grpquota 1 1
/dev/md0 /boot ext3 none /dev/shm tmpfs rw,noexec,nosuid,nodev 0 0 1 2
none /dev/pts devpts gid=5,mode=620 0 0
none /dev/shm tmpfs none /dev/shm tmpfs rw,noexec,nosuid,nodev 0 0 0 0
none /proc proc none /dev/shm tmpfs rw,noexec,nosuid,nodev 0 0 0 0
none /sys sysfs none /dev/shm tmpfs rw,noexec,nosuid,nodev 0 0 0 0
/dev/md1 swap swap none /dev/shm tmpfs rw,noexec,nosuid,nodev 0 0 0 0
[root@dexter ~]#

Question: Is this good or bad? do i have to drive 50 miles to DC when i reboot or not? :)

I use Software raid (2disks)

Thank you..
 
it's possible to reverse secure partitions?
edit:
i do it by myself...so thanks anyway
 
Last edited:
I don't know if anyone still uses this, but be carefull. The partition securing may screw up your fstab bad, so check first.
 
I suppose you're referring to an OS distribution that manages fstab for you? I'm not sure which distributions do that, because fstab is meant to be managed by the systems administrator.

If you use a distribution that does things for you that makes it incompatible with linux/unix and the entire posix model, then yes, there are lots of things you shouldn't/can't do.

Jeff
 
jlasman said:
I suppose you're referring to an OS distribution that manages fstab for you? I'm not sure which distributions do that, because fstab is meant to be managed by the systems administrator.

If you use a distribution that does things for you that makes it incompatible with linux/unix and the entire posix model, then yes, there are lots of things you shouldn't/can't do.

Jeff
Click to expand...
I am not sure who you are referring to?

My post was about the ELS, that modifies the fstab.
 
I didn't go back to the beginning of the thread; I was referring to your immediate preceeding post. Does ELS automatically lchange the fstab, or does the sysadmin change it according to instructions in this thread?

Jeff
 
Hi, running a 64 bit CentOS 5 server, this is what the script did to my fstab file:

Original:

Code: 
/dev/VolGroup00/LogVol00 /                       ext3    defaults        1 1
LABEL=/boot             /boot                   ext3    defaults        1 2
devpts                  /dev/pts                devpts  gid=5,mode=620  0 0
tmpfs                   /dev/shm                tmpfs   defaults        0 0
proc                    /proc                   proc    defaults        0 0
sysfs                   /sys                    sysfs   defaults        0 0
/dev/VolGroup00/LogVol01 swap                    swap    defaults        0 0

Modifications by script:

Code: 
/dev/VolGroup00/LogVol00 /                       ext3    tmpfs                   /dev/shm                tmpfs   rw,noexec,nosuid,nodev        0 0        1 1
LABEL=/boot             /boot                   ext3    tmpfs                   /dev/shm                tmpfs   rw,noexec,nosuid,nodev        0 0        1 2
devpts                  /dev/pts                devpts  gid=5,mode=620  0 0
tmpfs                   /dev/shm                tmpfs   tmpfs                   /dev/shm                tmpfs   rw,noexec,nosuid,nodev        0 0        0 0
proc                    /proc                   proc    tmpfs                   /dev/shm                tmpfs   rw,noexec,nosuid,nodev        0 0        0 0
sysfs                   /sys                    sysfs   tmpfs                   /dev/shm                tmpfs   rw,noexec,nosuid,nodev        0 0        0 0
/dev/VolGroup00/LogVol01 swap                    swap    tmpfs                   /dev/shm                tmpfs   rw,noexec,nosuid,nodev        0 0        0 0
/var/tmpFS /tmp ext3 /var/tmpFS /tmp ext3 rw,noexec,nosuid,nodev,bind 0 0 0 0

I've reinstalled the machine and after running the script again, it did the same thing.
 
Before running any script, i dont care what it is, i read the script to see what its doing and the files that are affected. Then, like a paronoid freak, i back up those files before i run it. Seems like maybe you should have done the same thing especially if you tried it a second time. The script also creates a back up of the file. Why dont you look in the backup directory in /usr/local/?.
 
pucky said:
Before running any script, i dont care what it is, i read the script to see what its doing and the files that are affected. Then, like a paronoid freak, i back up those files before i run it. Seems like maybe you should have done the same thing especially if you tried it a second time. The script also creates a back up of the file. Why dont you look in the backup directory in /usr/local/?.
Click to expand...

Hi pucky,

No problem, it was a test server and I reinstalled just to check that it WAS the script that did the changes.

The backups were right and that's where I've got the details from.

I just wanted to point it out so that the developer takes it into account.

Dan
 
I've run the script - however on reboot there were some warnings about the tmpfs kernel driver not being present ?
 
ELS 3.0.0.2 is released! It contains APF 0.9.6-2, rkhunter 1.3.0, modified MySQL configuration file for MySQL 5.x, support for MySQL 5.1, ImageMagick 6.3.6-6, xCache 1.2.1, APC 3.0.15, eAccelerator 0.9.5.2, suhosin 0.9.20 and much more! :)
 
try to install apf with a new CentOS. After installing, apf returns error

iptables v1.2.11: Unknown arg `--set-tos'
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.2.11: Unknown arg `--set-tos'
Try `iptables -h' or 'iptables --help' for more information.
 
gate2vn said:
try to install apf with a new CentOS. After installing, apf returns error

iptables v1.2.11: Unknown arg `--set-tos'
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.2.11: Unknown arg `--set-tos'
Try `iptables -h' or 'iptables --help' for more information.
Click to expand...

I have the same error, in a new CentOS V5.
 
another bug: cannot create rkhunter cronjob, even there is no error. I have to create it manually
 
# mytop
Can't locate DBI.pm in @INC (@INC contains: /usr/lib/perl5/5.8.5/i386-linux-thread-multi /usr/lib/perl5/5.8.5 /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.4/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/site_perl/5.8.4 /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl/5.8.2 /usr/lib/perl5/site_perl/5.8.1 /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.4/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.5 /usr/lib/perl5/vendor_perl/5.8.4 /usr/lib/perl5/vendor_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2 /usr/lib/perl5/vendor_perl/5.8.1 /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl .) at /usr/bin/mytop line 20.
BEGIN failed--compilation aborted at /usr/bin/mytop line 20.


I've just run:
cpan
install:: DBI
install:: TermKey
install:: DBDmysql

and still got the same error.


When runnen cpan / DBDmysql::

CPAN: Storable loaded ok
Going to read /root/install DBI/sources/authors/01mailrc.txt.gz
gzip: /root/install.gz: No such file or directory
gzip: DBI/sources/authors/01mailrc.txt.gz: No such file or directory
Going to read /root/install DBI/sources/modules/0****kages.details.txt.gz
gzip: /root/install.gz: No such file or directory
gzip: DBI/sources/modules/0****kages.details.txt.gz: No such file or directory
Warning: Your /root/install DBI/sources/modules/0****kages.details.txt.gz does not contain a Line-Count header.
Please check the validity of the index file by comparing it to more
than one CPAN mirror. I'll continue but problems seem likely to
happen.
Warning: Your /root/install DBI/sources/modules/0****kages.details.txt.gz does not contain a Last-Updated header.
Please check the validity of the index file by comparing it to more
than one CPAN mirror. I'll continue but problems seem likely to
happen.
Going to read /root/install DBI/sources/modules/03modlist.data.gz
gzip: /root/install.gz: No such file or directory
gzip: DBI/sources/modules/03modlist.data.gz: No such file or directory
Can't locate object method "data" via package "CPAN::Modulelist" (perhaps you forgot to load "CPAN::Modulelist"?) at (eval 13) line 1.
at /usr/lib/perl5/5.8.5/CPAN.pm line 3406
CPAN::Index::rd_modlist('CPAN::Index', '/root/install DBI/sources/modules/03modlist.data.gz') called at /usr/lib/perl5/5.8.5/CPAN.pm line 3129
CPAN::Index::reload('CPAN::Index') called at /usr/lib/perl5/5.8.5/CPAN.pm line 675
CPAN::exists('CPAN=HASH(0x993ae88)', 'CPAN::Module', 'DBDmysql') called at /usr/lib/perl5/5.8.5/CPAN.pm line 1842
CPAN::Shell::expandany('CPAN::Shell', 'DBDmysql') called at /usr/lib/perl5/5.8.5/CPAN.pm line 2078
CPAN::Shell::rematein('CPAN::Shell', 'install', 'DBDmysql') called at /usr/lib/perl5/5.8.5/CPAN.pm line 2165
CPAN::Shell::install('CPAN::Shell', 'DBDmysql') called at /usr/lib/perl5/5.8.5/CPAN.pm line 201
eval {...} called at /usr/lib/perl5/5.8.5/CPAN.pm line 201
CPAN::shell() called at /usr/bin/cpan line 193


Any Ideas??

Thanks.
 
When I tried to check if rkhunter update went fine, I rerun the command and got the following:

Code: 
# /usr/local/bin/els --rkhunter

RKHunter is out of date.  Installed: 1.3.0

active
your
the
bugs,


questions
is

comes
free
the Latest: 1.3.0
ELS can now update RKHunter.
Proceed? (y/n): n
Not installing/updating RKHunter
 
You must log in or register to reply here.
Back
Top