Tuesday, March 6, 2012

make: yacc: Command not found

You may get this error while running make
Error:
make: yacc: Command not found

Solution:
yum install bison
yum install byacc

configure: error: C++ preprocessor "/lib/cpp" fails sanity check

You  may get this error while running ./configure
Error:
configure: error: C++ preprocessor "/lib/cpp" fails sanity check

Solution:
Redhat Distributions
yum install gcc gcc-cpp gcc-c++

Debian Distributions:
apt-get install gcc gcc-cpp gcc-c++

Monday, March 5, 2012

Nessus Vulnerability Scanner


Nessus  is the world’s most widely-deployed vulnerability and configuration assessment product. Features includes high-speed discovery, configuration auditing or misconfiguration check (e.g. open mail relay, missing patches, etc), asset profiling, sensitive data discovery, patch management integration, PCI DSS audits and vulnerability analysis. Nessus mainly check for vulnerabilities rather than rootkits by chkrootkit, rkhunter or LMD.

You can download the rpm from nessus.org

Install nessus using rpm
[root@server src]# rpm -ivh Nessus-5.0.0-es5.i386.rpm
Preparing...                ########################################### [100%]
   1:Nessus                 ########################################### [100%]
nessusd (Nessus) 5.0.0 [build R23018] for Linux
(C) 1998 - 2012 Tenable Network Security, Inc.
Processing the Nessus plugins...
[##################################################]
All plugins loaded
 - You can start nessusd by typing /sbin/service nessusd start
 - Then go to https://server.lap.work:8834/ to configure your scanner
[root@server src]#

Start the nessus service
[root@server src]# /sbin/service nessusd start
Starting Nessus services:                                  [  OK  ]
[root@server src]#

Nessus defaultly binds to 8834.
[root@server src]# netstat  -ntpla | grep 8834
tcp        0      0 0.0.0.0:8834                0.0.0.0:*                   LISTEN      5754/nessusd
tcp        0      0 :::8834                          :::*                            LISTEN      5754/nessusd
[root@server src]#

Now you can access the nessus through web interface by accessing
https://IP_address_of_the_nessus_server:8834

You have to get free or enterprise license from nessus.org. Then you can create the admin account for making scans and reports.

configuring nfs in centos linux

NFS is abreviation for network filesystem. It is used in linux unix platform for sharing directories between linux or unix machines over a network. It is more like folder sharing in windows systems. It was originally developed by Sun Microsystems. We will see how to install and configure nfs, How to mount a nfs share. What are the processes associated with nfs, why portpmap is needed for nfs, how to list the nfs shares of a system etc.

Advantages of NFS are:
Local systems needs only less disk space because commonly used data can be stored on a single server system and can be accessed by others over the network usin nfs.
We can mount all removable devices such as dvd, cdrom, floppy etc on one single system and made them available to other systems by sharing those via nfs.

The package name is nfs-utils. We can check whether the nfs package is installed using the following command.
[root@server ~]# rpm -qa | grep -i nfs
nfs-utils-1.0.9-33.el5
[root@server ~]#

Checking the status of the nfs service
[root@server ~]# /etc/init.d/nfs status
rpc.mountd is stopped
nfsd is stopped

Starting the nfs service
[root@server ~]# /etc/init.d/nfs start
Starting NFS services:                                     [  OK  ]
Starting NFS quotas:                                       [  OK  ]
Starting NFS daemon:                                       [  OK  ]
Starting NFS mountd:                                       [  OK  ]

NFS defaultly binds to the tcp port 2048
[root@server ~]# netstat -ntpla | grep 2049
tcp        0      0 0.0.0.0:2049                0.0.0.0:*                   LISTEN      -

You can find all the sub processes and binded ports of nfs by rpcinfo command. NFS takes the ports assigned by portmapped. Soportmapped needs tobe running for nfs to work.
[root@server ~]# rpcinfo -p
   program vers proto   port
    100000    2   tcp    111  portmapper
    100000    2   udp    111  portmapper
    100011    1   udp    832  rquotad
    100011    2   udp    832  rquotad
    100011    1   tcp    835  rquotad
    100011    2   tcp    835  rquotad
    100003    2   udp   2049  nfs
    100003    3   udp   2049  nfs
    100003    4   udp   2049  nfs
    100021    1   udp  32773  nlockmgr
    100021    3   udp  32773  nlockmgr
    100021    4   udp  32773  nlockmgr
    100003    2   tcp   2049  nfs
    100003    3   tcp   2049  nfs
    100003    4   tcp   2049  nfs
    100021    1   tcp  35223  nlockmgr
    100021    3   tcp  35223  nlockmgr
    100021    4   tcp  35223  nlockmgr
    100005    1   udp    872  mountd
    100005    1   tcp    875  mountd
    100005    2   udp    872  mountd
    100005    2   tcp    875  mountd
    100005    3   udp    872  mountd
    100005    3   tcp    875  mountd
[root@server ~]#

/etc/exports is the main file for nfs. We specify the directories to be shared in this file with the information for whom it is shared and with which permissions it is shared.
* - means it is shared to all ip addresses.
ro - means read only
rw - means read write

[root@server ~]# cat /etc/exports
#Directory_path   IP_address(Permissions)
/media/CentOS *(ro)
/kick *()
[root@server ~]#

To activate all shares specified in /etc/exports run the following command
[root@server ~]# exportfs -a

If u made any changes in /etc/exports you can reload it using the following command
[root@server ~]# exportfs -r

You can list the permissions of the shares by running
[root@server ~]# exportfs -v
/media/CentOS   <world>(ro,wdelay,root_squash,no_subtree_check,anonuid=65534,anongid=65534)
/kick           <world>(ro,wdelay,root_squash,no_subtree_check,anonuid=65534,anongid=65534)

For checking the shares in a system with ip address  192.168.137.100
[root@server ~]# showmount -e 192.168.137.100
Export list for 192.168.137.100:
/kick         *
/media/CentOS *
[root@server ~]#

From a remote machine you can mount the share /media/CentOS in the machine 192.168.137.100 to /mnt as
[root@server ~]# mount 192.168.137.100:/media/CentOS /mnt
[root@server ~]# mount
*** OUTPUT TRUNCATED ***
192.168.137.100:/media/CentOS on /mnt type nfs (rw,addr=192.168.137.100)
[root@server ~]#

[root@server ~]# cat /var/lib/nfs/etab
/media/CentOS   *(ro,sync,wdelay,hide,nocrossmnt,secure,root_squash,no_all_squash,no_subtree_check,secure_locks,acl,mapping=identity,anonuid=65534,anongid=65534)
/kick   *(ro,sync,wdelay,hide,nocrossmnt,secure,root_squash,no_all_squash,no_subtree_check,secure_locks,acl,mapping=identity,anonuid=65534,anongid=65534)

Some of the important nfs files are

/var/lib/nfs/etab contains information about what filesystems should be exported to whom at the moment.
/var/lib/nfs/rmtab contains a list of which filesystems actually are mounted by certain clients at the moment.
/proc/fs/nfs/exports contains information about what filesystems are exported to actual client (individual, not subnet or whatever) at the moment.
/var/lib/nfs/xtab is the same information as /proc/fs/nfs/exports but is maintained by nfs-utils instead of directly by the kernel. It is only used if /proc isn't mounted.

[root@server ~]# cat /var/lib/nfs/rmtab
192.168.137.200:/media/CentOS:0x00000002
192.168.137.200:/kick:0x00000002
192.168.137.248:/media/CentOS:0x00000003
192.168.137.20:/media/CentOS:0x00000001
[root@server ~]#