What is FUSE :: Filesystem in Userspace

The FUSE kernel module and the FUSE library communicate via a special file descriptor which is obtained by opening /dev/fuse. This file can be opened multiple times, and the obtained file descriptor is passed to the mount syscall, to match up the descriptor with the mounted filesystem.

With FUSE it is possible to implement a fully functional filesystem in a userspace program.

Features include:

FUSE was originally developed to support AVFS (A Virtual File System) but it has since become a separate project.

FUSE Installation on VPS :: [FUSE Module need to be enabled on the Main Hardware Node]

OSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection System (HIDS). It has a powerful correlation and analysis engine, integrating log analysis, file integrity checking, Windows registry monitoring, centralized policy enforcement, rootkit detection, real-time alerting and active response. It runs on most operating systems, including Linux, OpenBSD, FreeBSD, MacOS, Solaris and Windows.

Installing OSSEC on Linux:

cd /tmp
wget http://www.ossec.net/files/ossec-hids-0.9-1a.tar.gz
tar xvfz ossec-hids-0.9-1a.tar.gz

Then we run the installation script:

cd ossec-hids-0.9-1a
./install.sh

The installation script will ask you a few questions:

** Para instalação em português, escolha [br].
** Fur eine deutsche Installation wohlen Sie [de].
** For installation in English, choose [en].
** Para instalar en Español , eliga [es].
** Pour une installation en français, choisissez [fr]
** Per l’installazione in Italiano, scegli [it].
** æ¥æ¬èªã§ã¤ã³ã¹ãã¼ã«ãã¾ãï¼é¸æãã¦ä¸ãã
ï¼[jp].
** Aby instalowaÄ w jÄzyku Polskim, wybierz [pl].
** ÐÐ»Ñ Ð¸Ð½ÑÑÑÑкÑий по ÑÑÑановке на ÑÑÑÑком ,введиÑе [ru].
** Türkçe kurulum için seçin [tr].
(en/br/de/es/fr/it/jp/pl/ru/tr) [en]: <– en (or one of the other options, if you don’t want to use English)

OSSEC HIDS v0.9-1 Installation Script – http://www.ossec.net

You are about to start the installation process of the OSSEC HIDS.
You must have a C compiler pre-installed in your system.
If you have any questions or comments, please send an e-mail
to dcid@ossec.net (or daniel.cid@gmail.com).

- System: Linux server.domain.com 2.6.8-2-386
- User: root
- Host: server.domain.com

— Press ENTER to continue or Ctrl-C to abort. – <– [ENTER]

1- What kind of installation do you want (server, agent, local or help)? <– local

- Choose where to install the OSSEC HIDS [/var/ossec]: <– /var/ossec

3.1- Do you want e-mail notification? (y/n) [y]: <– y

- What’s your e-mail address? <– domain@domain.com (please enter your own email address here)

- We found your SMTP server as: mail.domain.com.
- Do you want to use it? (y/n) [y]: <– y (normally you can accept the installer’s proposal, unless you want to use another SMTP server)

3.2- Do you want to run the integrity check daemon? (y/n) [y]: <– y

3.3- Do you want to run the rootkit detection engine? (y/n) [y]: <– y

- Do you want to enable active response? (y/n) [y]: <–y

- Do you want to enable the firewall-drop response? (y/n) [y]: <– y

- Do you want to add more IPs to the white list? (y/n)? [n]: <– n (unless you want to whitelist more IP addresses)

3.6- Setting the configuration to analyze the following logs:
– /var/log/messages
– /var/log/auth.log
– /var/log/syslog
– /var/log/mail.info

- If you want to monitor any other file, just change
the ossec.conf and add a new localfile entry.
Any questions about the configuration can be answered
by visiting us online at http://www.ossec.net .

— Press ENTER to continue — <– [ENTER]

- System is Linux (SysV).
- Init script modified to start OSSEC HIDS during boot.
Adding system startup for /etc/init.d/ossec …
/etc/rc0.d/K20ossec -> ../init.d/ossec
/etc/rc1.d/K20ossec -> ../init.d/ossec
/etc/rc6.d/K20ossec -> ../init.d/ossec
/etc/rc2.d/S20ossec -> ../init.d/ossec
/etc/rc3.d/S20ossec -> ../init.d/ossec
/etc/rc4.d/S20ossec -> ../init.d/ossec
/etc/rc5.d/S20ossec -> ../init.d/ossec

- Configuration finished properly.

- To start OSSEC HIDS:
/var/ossec/bin/ossec-control start

- To stop OSSEC HIDS:
/var/ossec/bin/ossec-control stop

- The configuration can be viewed or modified at /var/ossec/etc/ossec.conf

Thanks for using the OSSEC HIDS.
If you have any question, suggestion or if you find any bug,
contact us at contact@ossec.net or using our public maillist at
ossec-list@ossec.net
(http://mailman.underlinux.com.br/mailman/listinfo/ossec-list).

More information can be found at http://www.ossec.net

— Press ENTER to finish (maybe more information below). — <– [ENTER]

That’s it, OSSEC HIDS is now installed and ready to be started.

Starting And Running OSSEC HIDS:

In order to start OSSEC HIDS, we run this command:

/etc/init.d/ossec start

The output should look like this:

server1:/etc/init.d# /etc/init.d/ossec start
Starting OSSEC HIDS v0.9-1 (by Daniel B. Cid)…
Started ossec-maild…
Started ossec-execd…
Started ossec-analysisd…
Started ossec-logcollector…
Started ossec-syscheckd…
Completed.
server1:/etc/init.d#

As you might have seen during OSSEC HIDS installation, the installer also created the necessary system startup links for OSSEC HIDS, so that OSSEC HIDS will be started automatically whenever you boot/reboot your system.

After OSSEC HIDS has been started, it will run silently in the background, performing log analysis, integrity checking, rootkit detection, etc. You can check that it’s running by executing

ps aux

In the output you should find something like this:

ossecm    2038  0.0  0.4  1860  792 ?        S    12:40   0:00 /var/ossec/bin/ossec-maild root      2042  0.0  0.3  1736  648 ?        S    12:40   0:00 /var/ossec/bin/ossec-execd ossec     2046  0.2  0.5  2192 1136 ?        S    12:40   0:00 /var/ossec/bin/ossec-analysisd root      2050  0.0  0.2  1592  556 ?        S    12:40   0:00 /var/ossec/bin/ossec-logcollector root      2054 12.2  0.3  1756  616 ?        S    12:40   0:05 /var/ossec/bin/ossec-syscheckd

The OSSEC HIDS log file is /var/ossec/logs/ossec.log, so you can check it to see what’s going on, e.g. with the tail command.

tail -f /var/ossec/logs/ossec.log

shows what’s happening in real-time. Press CTRL-C to leave it.

tail -n 100 /var/ossec/logs/ossec.log

shows you the last 100 lines of the OSSEC HIDS log.

Installing rar & unrar on Linux is very simple.

root@server [~]#  wget http://www.rarlab.com/rar/rarlinux-3.6.0.tar.gz

root@server [~]# tar -zxvf rarlinux-3.6.0.tar.gz

root@server [~]#  cp rar unrar /bin

This will enable rar on your Linux server.

MRTG Installation Gudie:

1)    yum install net-snmp-utils net-snmp, yum install mrtg
2)    service snmpd start
3)    chkconfig –add snmpd
4)    vi /etc/snmp/snmpd.conf
## Find “group   notConfigGroup v2c  notConfigUser” & add ‘rocommunity supp0rt’
Below it & then restart snmpd.
5)    Create a directory ‘mrtg’ or ‘myrtg’ under ‘/var/www/html’ OR
‘/usr/local/apache/htdocs/’.
6)    cfgmaker –global ‘WorkDir: /usr/local/apache/htdocs/mymrtg’ –output       /etc/mrtg/mymrtg.cfg supp0rt@192.168.5.2 (here the ip will be your server ip.)
7)    vi /etc/mrtg/mymrtg.cfg   & add following.
Target[192.168.5.2_2]: 2:supp0rt@192.168.5.2:
SetEnv[192.168.5.2_2]: MRTG_INT_IP=”127.0.0.1″ MRTG_INT_DESCR=”venet0″
MaxBytes[192.168.5.2_2]: 1250000
Title[192.168.5.2_2]: Traffic Analysis for 2 — 192.168.5.2

8)    mrtg /etc/mrtg/mymrtg.cfg  (you will get following output)

———————————————————————–
ERROR: Mrtg will most likely not work properly when the environment
variable LANG is set to UTF-8. Please run mrtg in an environment
where this is not the case. Try the following command to start:

env LANG=C /usr/bin/mrtg /etc/mrtg/mymrtg.cfg

9)    env LANG=C /usr/bin/mrtg /etc/mrtg/mymrtg.cfg  (you will get following output)

10) Point your browser to http://192.168.5.2/mymrtg/192.168.5.2_2.html.

If any thing does wrong with the RPM database, you can use following way to rebuild the RPM database.

First remove the /var/lib/rpm/__db* files.

root@server [~]# cd /var/lib

root@server [~]# rm __db*

RPM Database rebuild:

root@server [~]# rpm --rebuilddb

root@server [~]# rpmdb_verify Packages

LZO – Lempel-Ziv-Oberhumer is a lossless data compression algorithm that is focused on decompression speed. It is a portable lossless data compression library written in ANSI C. It offers pretty fast compression and *very* fast decompression. Decompression requires no memory. In addition there are slower compression levels achieving a quite competitive compression ratio while still decompressing at this very high speed.

Perl-LZO provides LZO bindings for Perl, i.e. you can access the LZO library from your Perl scripts thereby compressing ordinary Perl strings.

This installation is for Mysql 4 on Windows. Download Mysql 4 from http://dev.mysql.com/downloads.

Run the MSI file and use the following settings

* Typical Setup
* Skip Sign-Up
* make sure “Configure the MySQL Server now” is checked
* “Detailed Configuration”
* “Developer Machine”
* “Multifunctional Database”
* “InnoDB Tablespace Settings” – leave everything default
* “Decision Support (DSS)/OLAP”
* make sure “Enable TCP/IP Networking” is checked and leave the port number at 3306 (at this point, if you have a firewall, it will usually try to access itself on the localhost)
* “Standard Character Set”
* check “Install As Windows Service”
* enter your root password and I would recommend leaving “Enable root access from remote machines” unchecked
* then hit “execute” and it’ll install and set it up.

The Xen kernels are commonly asked for code already in place.

To obtain the already built modules:
wget http://www.quantact.com/dl/2.6.16-xen.tgz

To compile your own modules:
wget http://www.quantact.com/dl/xen-source.tbz2
tar -xjf xen-source.tbz2
cd linux-2.6.16-xen
gzip -dc /proc/config.gz > .config
make menuconfig
make modules
make modules_install

If you get errors on the make menuconfig stage, be sure to install ncurses-devel.
When selecting modules to compile under make menuconfig, toggle the “M”, not the “Y”.

If you are not able to send email from your server / VPS OR the email sent from your server are going to Junk or Spam Box; Following are some Important Settings and configurations need to be checked before you contact Yahoo, Hotmail, AOL

1) RDNS

Reverse DNS (rDNS or PTR) is a process of resolving an IP address into a domain name, just like a domainname (DNS Propagated) resolves to IP addresses.
You can check if RDNS for your Server/VPS is set of not using following command from the Shell of Linux Machine

dig +short -x xxx.xxx.xxx.xxx

Where xxx.xxx.xxx.xxx will be IP of your Server. You can also check RDNS using tools provided by DNS sites like http://iptools.com/
Please contact you Webhosting Company to set RDNS or PTR record for the Server or VPS IP

2) SPF

SPF (Sender Policy Framework) is a system to help domain owners identify all the servers which are expected to send mail from their domain. The aim is that other mail systems can then check to make sure the server sending email from that domain is authorized to do so. This helps to reduce the chance of email ‘spoofing’, phishing schemes and spam. SPF record need to be added in the DNS zone of the domain from the server DNS for the domain is resolving.

To add SPF record open the zone file of the domain and add following

<domainname.com> 14400 IN TXT “v=spf1 a mx ~all”

3) Domain Keys

DomainKeys is an e-mail authentication mechanism designed for verifying the identity of an email sender. It is one of cryptographic authentication method to verify sender’s identity and the integrity of email content. It also verify DNS records of domain of an email sender and the message integrity. DomainKeys has implemented standard of Identified Internet Mail to create enhanced protocol called DomainKeys Identified Mail (DKIM). You can read more about DomainKeys here.

If you are getting error Error 0x800CCC0D/E in outlook and have not changed anything in outlook since the last time you checked / sent mail, simply close it and reopen again.

If this has not resolved your problem you need to check your Outlook Express settings, making sure that the POP3 and SMTP servers are same, and that your full user name and password are correct.

Then test your connection by following this procedure.

Click the Start button then RUN type in cmd on (Windows 2003/2000/XP) or Command (Windows 95/98/ME).

This will open a new command prompt window, with white text on a black screen.

Try to connect your pop server with telnet command.

telnet mail.domainname 110 OR telnet Server_IP_Address 110 and then click the Enter key on your keyboard. You will then be connected to the POP server.

Type in USER followed by your email address e.g. USER alan@trulymanaged.com and then click the Enter key.

You will then get a message +OK Please enter your pass, with the PASS command

Type in PASS followed by your password e.g. PASS changeme and click the Enter key. If it is correct, you will get an OK Well done message.

If you can do this, you have connected to the your pop server and so the problem lies somewhere with Outlook Express.

If you are not able to login then, it could be problem with your password. It has somehow become corrupted. Try changing password from control panel e.g. cPanel

If this does not resolve your problem check if there is  anti virus software or firewall is running on your local machine and  If so disable them and try again. If the problem is fix, configuration of these products could be the problem, particularly if they are set to automatically scan incoming and outgoing email.