technomenace.com

Both Red Hat Enterprise Linux 4 and 5 enable Internet Protocol Version 6 (IPv6) by default. Some users do not find it worth using, if that’s the case with you then you can always disable the same.

How to disable:
======================
To disable IPv6 support in RHEL 4, remove the following line, if it exists, from the /etc/modprobe.conf file.

alias net-pf-10 ipv6

and instead, add:

alias net-pf-10 off

to make sure that this module will not get loaded from now on. Reboot your RHEL 4 system now to complete the process.

However, if using RHEL 5, also add the following line to the /etc/modprobe.conf file:

alias ipv6 off

It is also a good practice to change the NETWORKING_IPV6 line in the /etc/sysconfig/network file to the following:

NETWORKING_IPV6=no

and also make sure that ip6tables does not start from the next reboot.

chkconfig ip6tables off

Now, reboot the RHEL 5 system to disable IPv6 support.

How to re-enable:
======================
Just undo the changes you made above!

This tutorial describes how to close an Open DNS server. An Open DNS server allows anyone to use that server as a DNS lookup server. This is a potential threat and such access must either be blocked, or restricted to a few trusted IPs. This is how it is done.

1. Make a list of IPs you consider as trusted (i.e., only those IPs which can use this DNS server for DNS lookups). The list should include all IPs on the server. Now if you don’t know what I am talking about, ssh to your server, and type in the below command as root:

ifconfig | grep 'inet addr' | cut -f2 -d: | cut -f1 -d' ' | sort | uniq

2. Open /etc/named.conf in an editor. I would recommend that you take a backup of the file first before this.

cp -p /etc/named.conf /etc/named.conf.bak
vi /etc/named.conf

3. Locate this line:

key "rndckey" {
};

Move your cursor below this block of code, and press ‘i’ (to change into vi’s insert mode) and then type in the following:

acl "trusted" {
IP1; IP2; IP3; IP4; externalIP1 ;
};

Modify the line IP1; IP2; IP3; IP4; externalIP1 ; to include server’s IP addresses and any external IPs which you wish to allow recursive queries.

4. Once the acl “trusted” is added, move down the file and locate the block named options. Inside it add the below lines:

allow-recursion { trusted; };
allow-notify { trusted; };
allow-transfer { trusted; };

This is how the options block might look like once the changes are made:

options {
directory "/var/named";
allow-recursion { trusted; };
allow-notify { trusted; };
allow-transfer { trusted; };
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};

5. Save the changes (use ‘esc’ + ‘:wq’ in vi editor) and then restart named

/etc/init.d/named stop
/etc/init.d/named start

Telnet is a xinetd managed service which listens on port 23. You can login to your account on the server by using a telnet client. However, unlike ssh, telnet initiates a normal connection. i.e., the telnet data packets is in plain-text format, and can be captured easily by network monitoring applications.
If you are a system administrator managing a server, it is compulsory that you have telnet service disabled on it. This is how it is done:

1. Login to your server through SSH and su to root.

2. Type

vi /etc/xinetd.d/telnet

3. Look for the line:

disable = no

and replace with

disable = yes

4. Now restart the xinetd service:

/etc/init.d/xinetd restart

5. Turn off it through chkconfig as well because it can still start during the next reboot.

/sbin/chkconfig telnet off

Do you wish to be notified by email whenever someone login to the server as root? The tip that you read below is useful if more than one admins know the server root password, and you want to know when and where they access the server from.

To make this possible, just edit the file /root/.bashrc and add the below line at the end of the file:

echo 'ALERT - Root Shell Access (YourserverName) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d"(" -f2 | cut -d")" -f1`" you@yourdomain.com

Replace ‘YourServerName‘ with the handle for your actual server and ‘you@yourdomain.com‘ with your actual email address.

How does this work? You may ask! /home/<user>/.bashrc is one of the scripts executed when a successful login for that user occur. Since we have to be alerted during root logins, we place this code at the end of /root/.bashrc.

Consider the case that you wish to be alerted when a user, say ‘joe‘ login to his account. In that case you can paste the one line code to /home/joe/.bashrc.