ELS - Easy Linux Security script

[cbolt]

Has anyone tried this on Debian 5 yet? Any problems?

 

[jca]

rkhunter 1.3.4 is out. Also, adding --versioncheck to the dailycron will let the user know when a update is out.

Thanks!

Jose

 

[Barakat]

why it dont go to the rite directory ?
-bash: /usr/local/bin/els: No such file or directory

 

[wchost]

I am getting this

/etc/sysctl.conf exists.
sysctl is used to harden the kernel. If you have not hardened your
kernel with sysctl or do not know how to, it is recommended to have
ELS do it for you. Your current /etc/sysctl.conf will be backed up to
/usr/local/els/bakfiles/sysctl.conf.
Proceed? (y/n): y
Download Failed.
Invalid MD5.
Aborting.

 

[@how@]

I am getting this

/etc/sysctl.conf exists.
sysctl is used to harden the kernel. If you have not hardened your
kernel with sysctl or do not know how to, it is recommended to have
ELS do it for you. Your current /etc/sysctl.conf will be backed up to
/usr/local/els/bakfiles/sysctl.conf.
Proceed? (y/n): y
Download Failed.
Invalid MD5.
Aborting.

try again.

Wael

 

[spectrumproduct]

I got the same as above ..

 

[@how@]

I got the same as above ..

els --hardensysctl

/etc/sysctl.conf exists.
sysctl is used to harden the kernel. If you have not hardened your
kernel with sysctl or do not know how to, it is recommended to have
ELS do it for you. Your current /etc/sysctl.conf will be backed up to
/usr/local/els/bakfiles/sysctl.conf.
Proceed? (y/n): y
Download Successful!
MD5 matches.
Extracting...
Applying changes...
net.ipv4.ip_forward = 0
net.ipv4.conf.all.log_martians = 0
net.ipv4.conf.lo.log_martians = 0
net.ipv4.conf.eth0.log_martians = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.eth0.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.eth0.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
kernel.sysrq = 0
net.ipv4.tcp_fin_timeout = 15
net.ipv4.tcp_keepalive_time = 1800
net.ipv4.tcp_window_scaling = 0
net.ipv4.tcp_sack = 0
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_syncookies = 1
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.conf.all.log_martians = 1
net.ipv4.tcp_max_syn_backlog = 1024
net.ipv4.tcp_max_tw_buckets = 1440000
net.ipv4.ip_local_port_range = 16384 65536
Done.
Errors with 'unknown keys' can be ignored.

work fine.


Wael

 

[@how@]

why it dont go to the rite directory ?
-bash: /usr/local/bin/els: No such file or directory

fixed in install script
just run now

ln -s /usr/local/els/els.sh /usr/local/bin/els

Wael

 

[@how@]

rkhunter 1.3.4 is out. Also, adding --versioncheck to the dailycron will let the user know when a update is out.

Thanks!

Jose

Thanks Jose.

Wael

 

[nimafire]

hello. i have problem and forget to ask.
when i try to secure my .tmp with els and try...its my error :

[root@download]#els --securepartitions

Secure /tmp function is temporary disabled on CentOS 5.

what about it ?

 

[hennysavenije]

ImageMagick

I downloaded the latest version but it refuses to install nor update ImageMagick, it tells me that the file imagemagick(and then versionnumber).tar.gz can't be found

 

[@how@]

I downloaded the latest version but it refuses to install nor update ImageMagick, it tells me that the file imagemagick(and then versionnumber).tar.gz can't be found

now work fine.

Wael

 

[@how@]

what about it ?

ill update it soon.

Wael

 

[hennysavenije]

ImageMagick

Works now, thanks

 

[hennysavenije]

Zend Optimizer

I get with ZendOptimizer the same error message

ELS can now install Zend Optimizer.
Proceed? (y/n): y
Downloading Zend Optimizer...
/usr/bin/md5sum: ZendOptimizer-3.3.3-linux-glibc21-i386.tar.gz: No such file or directory
Download Failed.
Invalid MD5.
Aborting.

 

[digitaba]

Need help with ELS

Hi

After installing ELS my server died.

I am on a KVM without internet access as something went wrong.

How can I remove ELS or let it re-install without it needing it needing to check for updates or contact a server outside.

I think it happened just after the eaccelerator function it just shut down and that was the end of it.

Thx in advance

PS: I am a complete beginner with this stuff

 

[spectrumproduct]

Thinking about trying this script ..

Is the current version stable?

Brett

 

[Heuveltje]

Installed this about 2 weeks ago and is showing no errors at all! I get a daily mail from chkrootkit, changed script so it only mails lines with the term INFECTED. This probably works for about 2 months after which you probably start ignoring the mails.
However ELS installed in a breeze and was very straight forward in configuration. Thanx to the creators of this script! Very nicely done!

 

[nimafire]

is it work on openvz VPS ?

--securepartitions : Secure /tmp, /var/tmp, and /dev/shm partitions
: (whether in /etc/fstab or not)

 

[tornado2800]

ELS , recommended to install in DirectAdmin VPS ?
no problem with DA ?