Core.3 Linux Procedures.Machine Control.Audit Info
Get Current Memory information
Retrieve current memory availability information.
Get Linux and Kernel Version
Retrieves current linux version (Name) and Kernel information
Core.3 Linux Procedures.Machine Control.DNS
Create HOSTS File
This procedure will create a new hosts file with variables and information you supply.
Edit DNS Servers
Edit your DNS Servers
Set Hostname
This procedure will setup your Servers/Workstations Hostname
Core.3 Linux Procedures.Machine Control.Files/Folder Control
Change File/Folder Permissions
Read - Write - Execute 4 2 1
Change Group Ownership
chgrp groupName folderName
Change Ownership
chown userName fileFolderName
Delete any file or any folder - Dangerous
This procedure will delete any file or folder without asking for permission
Core.3 Linux Procedures.Machine Control.Linux Kernel
Create an initrd image
Creates an initrd image of the Linux system and names it initrd.image-#version# based on a version value you enter.
Core.3 Linux Procedures.Machine Control.Monitoring
Get SNMP Conf file
Retrieve the SNMP configuration file using GET FILE
Core.3 Linux Procedures.Machine Control.Networking
Setup DHCP Client
Adds entries for interface to pickup DHCP Server
Setup Networking (1 interface)
This will create a new interfaces file in /etc/networking with new IP address information. This will only setup networking for the 1 single interface. Once the file has been created, the networking service will be restarted.
Core.3 Linux Procedures.Machine Control.Networking.Get DOMAIN info
Query All Domain Information
Performs a full DNS lookup of a domain name you specify using DIG with the ANY (omnibus - All Domain Information) switch and retrieves the resulting log file, dig-#domain#-all.log, to the systems GetFile folder.
Query DNS Server for Domain Details
Performs a DNS lookup of a domain name you specify using DIG and retrieves the resulting log file, dig-#domain#.log, to the systems GetFile folder.
Query DNS Servers Authoritative for a Domain
Performs an Authoratative Name Server lookup of a domain name you specify using DIG with the NS (Authoritative DNS Servers for Domain) switch and retrieves the resulting log file, dig-#domain#-Auth.log, to the systems GetFile folder.
Query Domain Address Records
Performs an Address (A) Records DNS lookup of a domain name you specify using DIG with the NS (Authoritative DNS Server for Domain) switch and retrieves the resulting log file, dig-#domain#-A.log, to the systems GetFile folder.
Query Domain Email Servers
Performs an Email Servers/Mail Exchanger (MX) Records DNS lookup of a domain name you specify using DIG with the MX (Mail Exchangers for Domain) switch and retrieves the resulting log file, dig-#domain#-MX.log, to the systems GetFile folder.
Query Statistics Including Round-Trip Time
Performs a DNS Statisics (including round-trip time) query of a domain name you specify using DIG and retrieves the resulting log file, dig-#domain#-stats.log, to the systems GetFile folder.
Query the TTL for Each Resource Record
Performs a DNS Time To Live (TTL) query of a domain name you specify using DIG and retrieves the resulting log file, dig-#domain#-TTL.log, to the systems GetFile folder.
Core.3 Linux Procedures.Machine Control.Networking.Routing
Get Routes
Retrieves current routes setup
Trace Path to Domain/IP
Trace HOPS to domain/IP Address - Uses GET File to view results
Core.3 Linux Procedures.Machine Control.Reboot/Shutdown
Reboot Linux
Restarts the system
Shutdown Linux
Shutdown the Linux System
Core.3 Linux Procedures.Machine Control.Runlevel Control
Custom Runlevel
Explanation of runlevels in Linux http://http://en.wikipedia.org/wiki/Runlevel
Runlevel 1
Runlevel 1 is usually for very basic commands. This is the equivalent to "safe mode" used by Windows. This level is usually only used to asses repairs or maintenance to the system. This is a single-user mode and does not allow other users to login to the machine.
Runlevel 2
Runlevel 2 is used to start most of the machines services. However, it does not start the network file sharing service (SMB, NFS). This will allows multiple users to login to the machine.
Runlevel 3
Runlevel 3 is commonly used by servers. This loads all services except the X windows system. This means the system will boot to the equivalent of DOS. No GUIs (KDE, Gnome) will start. This level allows multiple users to login to the machine.
Runlevel 4
Runlevel 4 is usually a "custom" level. By default it will start a few more services than level 3. This level is usually only used under special circumstances.
Runlevel 5
Runlevel 5 is everything! This will start any GUIs, extra services for printing, and 3rd party services. Full multi-users support also. This runlevel is generally used on by workstations.
Core.3 Linux Procedures.Machine Control.Services Control
Custom Services Control
Start, Stop and Restart any service on the System
Restart HTTPD/Apache2
Restarts your Web Service HTTPD/Apache2
Restart Networking
Restarts the networking daemon
Restart NFS
Restarts the NFS Daemon Service
Restart Postfix
Restart Postfix Email Server
Restart SSH
Restart SSH Server
Restart VMWare Tools
Restarts VMWare Tools
Core.3 Linux Procedures.Machine Control.User/Group Control.Groups
Create new group
Uses GROUPADD to create a new group that you specify.
Delete Group
Uses GROUPDEL to delete an existing group that you specify.
Core.3 Linux Procedures.Machine Control.User/Group Control.Password Control
Change Root Password
Change Root password on system. For some reason the script returns FAILED status but still works :)
Change user password
Ask for username and reset
Core.3 Linux Procedures.Machine Control.User/Group Control.Users
Add New User
Add new Linux User
Delete User
Delete User from Server/Machine
Core.3 Linux Procedures.Machine Control.Utils
Add custom commands
Adds a number of aliased custom commands to the /root/.bashrc file and then executes it to make these commands go into effect. The custom commands are:
ll = ls –l la = ls -A l = ls -CF *** Extend by adding more aliased commands ***
Synchronize the System Clock
Installs and Syncs Clock
Update File Database
Updates the Filesystem Database for using the "locate" command
Core.3 Linux Procedures.Maintenance
Collect inode usage statistics
Check inode usage.
Force Logical File System Check (FSCK) at Next Reboot
Forces an FSCK to run at next reboot.
Get Disk Usage
Generates a Disk Usage listing using DF, writes results to the agent procedure log and retrieves the results to the systems Get File folder.
Linux Weekly Maintenance
Performs a number of routing maintenance tasks on Linux machines including time sync, apt-get repository cleanup, package upgrades/updates and disk checks and performance statistics.
Remove User Adobe Flash/Macromedia Permanent Objects
Removes User Adobe Flash and Macromedia permanent objects.
Remove User Temporary Files
Removes temporary files (i.e. *~) from the current users home folder.
Core.3 Linux Procedures.Process Control.Get All Processes with PID
Retrieves all processes with Process ID, uses the GET FILE feature to retrieve the results
Get process Tree
Generates a TREE of Parent and Child processes - uses GET FILE feature to retrieve the results.
Kill Process
The variable with the correct PID will be used to kill the outline process
Locate a file
This will use the locate function in Kaseya to search for files as specified and use the GET FILE Feature to retrieve the results
Core.3 Linux Procedures.Setup/Configs.Backup Servers
MySQL Backups With AutoMySQLBackup On Ubuntu 9.10
Postfix Install required before installing AutoMySQLBackup - Postfix is required http://sourceforge.net/projects/automysqlbackup/ http://www.mysql.com/
Ubuntu Server 9.04 Bacula Bweb GUI
Not tested----
Core.3 Linux Procedures.Setup/Configs.CRM Servers.SugarCRM
Full LAMP Server install required before installing SugarCRM - MySQL, Apached, PHP - Once the script has completed please run the following: http://Server IP Address/sugarcrm
Core.3 Linux Procedures.Setup/Configs.DNS
Setup Chrooted DNS Server
Configures BIND to run in a chrooted environment
Core.3 Linux Procedures.Setup/Configs.Email Server
(2) Configure Postix Email Server
Configure the Postfix Email Server
(2.1) Configure SMTP-AUTH
Configure Secure SMTP authentication using SASLAUTHD
(3) Create the certificates for TLS
Generates TLS Certificates
(4) Configure Postfix for TLS
Configures TLS Secure Keys for using Postfix
(5) Configure SASLAUTHD to work with Chrooted Postfix
Authentication will be done by saslauthd. We have to change a few things to make it work properly. Because Postfix runs chrooted in /var/spool/postfix we have to do the following:
(6) Install Courier-IMAP/Courier-POP3
Install and configure IMAP and POP3 using courier - ... and modify the following two files; replace CN=localhost with CN=server1.example.com (you can also modify the other values, if necessary): vim /etc/courier/imapd.cnf vim /etc/courier/pop3d.cnf
(7) Configure Maildir
Configures Maildir for email messages and user mailboxes
Core.3 Linux Procedures.Setup/Configs.FTP Servers
Configure Proftpd
Configures the Proftpd Server - Remember to install the software first
Core.3 Linux Procedures.Setup/Configs.MySQL Server
MySQL Server Installation
Install MySQL Server and set root password
Core.3 Linux Procedures.Setup/Configs.NFS.NFS Client
Install and config for NFS Client
NFS Setup for Client machines to mount drives as exported/shared by the Server
Core.3 Linux Procedures.Setup/Configs.NFS.NFS Server
Install and Setup NFS Server
Installs and configures NFS Server with the HOME directory and 1 optional Shared with Clients
Core.3 Linux Procedures.Setup/Configs.Security.AppArmor
Disable AppArmor
AppArmor is a security extension (similar to SELinux) that should provide extended security. In my opinion you don't need it to configure a secure system, and it usually causes more problems than advantages (think of it after you have done a week of trouble-shooting because some service wasn't working as expected, and then you find out that everything was ok, only AppArmor was causing the problem). Therefore I disable it
Core.3 Linux Procedures.Setup/Configs.Security.iptables - Linux Firewall.Forward Rules
Deny Access to a Specific Subnet
Denies access to a subnet you specify by adding appropriate iptables firewall rules.
Forward Traffic (DNAT)
Allows DNAT forwarding of a particular TCP port to the internal server. You specify the public interface, public address, internal server address, and port, and the procedure adds tha appropriate iptables firewall rules.
Core.3 Linux Procedures.Setup/Configs.Security.iptables - Linux Firewall.Global Rules (REJECT, ACCEPT)
# Forwarding Traffic (DROP ALL)
Reject all traffic from the forwarding chain
# Incoming Traffic (ALLOW ALL)
Allow all incoming traffic through the INPUT chain
# Incoming Traffic (DROP ALL)
REJECT all incoming traffic
# Outgoing Traffic (ALLOW ALL)
Allow all traffic from your internal network out
# Outgoing Traffic (DROP ALL)
Reject all internal traffic from exiting the firewall
_### NB! - Enable Routing - NB! ###_
Enable Routing and NAT for iptables - Important for traffic to be processed through the firewall
Don't Accept ICMP Redirect Messages
Configures system to not accept ICMP redirects.
Don't Send ICMP Redirect Messages
Configures system to not send ICMP redirects.
Drop ICMP echo-request Messages Sent to Broadcast or Multicast Addresses
Configures system to drop ICMP echo-request messages sent to broadcast or multicast addresses.
Drop Source Routed Packets
Configures system to drop source routed packets.
Enable Logging
Enables iptables firewall event logging.
Enable Source Address Spoofing Protection
Enables Source Address Spoofing Prtection on system.
Enable TCP SYN cookie protection from SYN floods
Enable TCP SYN Cookie Protection from SYN Floods on system.
Flush All Chains
This will flush all iptables rules - Dangerous, use at own risk!
Log Packets with Impossible Source Addresses
Enables logging of packets with impossible source addresses on system.
Core.3 Linux Procedures.Setup/Configs.Security.iptables - Linux Firewall.Inbound Rules
Allow CUSTOM Port Inbound
Allows you to enter an interface, protocol and TCP/UDP port you would like added to the iptables firewall rules.
Allow DNS Inbound
Allows inbound DNS traffic by adding appropriate iptables firewall rules. Applies not only for firewalls acting as DNS clients but also for firewalls working in a caching or regular DNS server role.
Allow FTP Inbound
Allows inbound FTP traffic by adding appropriate iptables firewall rules.
Allow ICMP Inbound
Allows inbound ICMP traffic by adding appropriate iptables firewall rules. iptables is configured to allow the firewall to send ICMP echo-requests (pings) and in turn, accept the expected ICMP echo-replies.
Allow IMAP Inbound
Allows inbound IMAP traffic by adding appropriate iptables firewall rules.
Allow IMAPS Inbound
Allows inbound IMAPS traffic by adding appropriate iptables firewall rules.
Allow Kaseya Inbound
Allows inbound Kaseya traffic by adding appropriate iptables firewall rules.
Allows inbound MySQL traffic by adding appropriate iptables firewall rules.
Allow Network to Access Firewall
eth1 is directly connected to a private network using IP addresses from the 192.168.1.0 network. All traffic between this network and the firewall is simplistically assumed to be trusted and allowed. Further rules will be needed for the interface connected to the Internet to allow only specific ports, types of connections and possibly even remote servers to have access to your firewall and home network.
Allow POP3 Inbound
Allows inbound POP3 traffic by adding appropriate iptables firewall rules.
Allow POP3S Inbound
Allows inbound POP3S traffic by adding appropriate iptables firewall rules.
Allow SMTP Inbound
Allows inbound SMTP traffic by adding appropriate iptables firewall rules.
Allow SSH Inbound
Allows inbound SSH traffic by adding appropriate iptables firewall rules.
Allow Traffic from Localhost
Allow inbound traffic from the Localhost address by adding appropriate iptables firewall rules.
Allow WWW Inbound
Inbound packets destined for ports 80 and 22 are allowed thereby making the first steps in establishing a connection. It isn't necessary to specify these ports for the return leg as outbound packets for all established connections are allowed. Connections initiated by persons logged into the Web server will be denied as outbound NEW connection packets aren't allowed.
Allow Established Sessions Inbound
Allow inbound traffic from established connections by adding appropriate iptables firewall rules.
Block IP Address
Block an IP Address you specify from entering your network via the public interface.
Block IRC Inbound
Block inbound IRC traffic by adding appropriate iptables firewall rules.
Block Network
Block an entire network from accessing your network
List all iptables Rules
This will pipe all iptables rules to /var/tmp/iptables.log and the GET procedure will upload this to the server for review
Restart IPTables
Restart IPTables firewall
Save iptables Rules
Tested on Ubuntu
Core.3 Linux Procedures.Setup/Configs.Security.iptables - Linux Firewall.Outbound Rules
# Allow Kaseya Outbound
Allows outbound Kaseya traffic by adding appropriate iptables firewall rules.
Allow CUSTOM Port Outbound
Allow a custom port from your internal network to access the outside world
Allow DNS Outbound
The following statements will apply not only for firewalls acting as DNS clients but also for firewalls working in a caching or regular DNS server role.
Allow Established Connections Outbound
Allows all established connections with ACK back.
Allow FTP Outbound
Allows outbound FTP traffic by adding appropriate iptables firewall rules.
Allow ICMP Packets Outbound
Allows outbound ICMP packets by adding appropriate iptables firewall rules.
Allow IMAP Outbound
Allows outbound IMAP traffic by adding appropriate iptables firewall rules.
Allow IMAPS Outbound
Allows outbound IMAPS traffic by adding appropriate iptables firewall rules.
Allow Loopback Interface
Allows outbound Loopback traffic by adding appropriate iptables firewall rules.
Allow MySQL Outbound
Allows outbound MySQL traffic by adding appropriate iptables firewall rules.
Allow POP3 Outbound
Allows outbound POP3 traffic by adding appropriate iptables firewall rules.
Allow POP3S Outbound
Allows outbound POP3S traffic by adding appropriate iptables firewall rules.
Allow SMTP Outbound
Allows outbound SMTP traffic by adding appropriate iptables firewall rules.
Allow SSH
Allows outbound SSH traffic by adding appropriate iptables firewall rules.
Allow WWW
Allows outbound WWW traffic by adding appropriate iptables firewall rules.
Deny Access to a Specific Outbound IP Address with Logging
Denies access with logging to an outbound IP address you specify by adding appropriate iptables firewall rules.
FLUSH OUTBOUND Rules
Flushes iptables OUTBOUND rules. Dangerous, use at own risk!
Run all OUTBOUND Rules
Applies all OUTBOUND rules with ability to optionally flush all OUTBOUND rules first.
Core.3 Linux Procedures.Setup/Configs.Security.iptables - Linux Firewall.Postrouting Rules
Allow routing for private network through Firewall
You'll notice that the private network is a non-public routed IP network. This requires address translation at a router with a public IP address or nothing on the public network will be able to return packets to the private network. Address translation is easily enabled with iptables. The addresses that are being translated are the "source" of sessions so the mode is called Source NAT (SNAT):
Core.3 Linux Procedures.Setup/Configs.Security.SELinux
Disable SELinux after reboot
This will disable SELinux for good and after the first reboot
Disable SELinux Immediately
Disables SELinux for the current logged in runlevel. This will not be configured to be disabled after reboot.
Core.3 Linux Procedures.Setup/Configs.Shell Control
Change The Default Shell
/bin/sh is a symlink to /bin/dash, however we need /bin/bash, not /bin/dash
Core.3 Linux Procedures.Setup/Configs.Web Servers.Apache2
Enable Modules
Apache modules (SSL, rewrite, suexec, include, and WebDAV):
Install Apache2
Uses APT-GET to install Apache2 web server, CHKCONFIG to set for automatic startup, and starts Apache daemon.
Install PHPMyAdmin
Be sure to change the Apache configuration so that phpMyAdmin allows connections not just from localhost (by commenting out the <Directory /usr/share/phpMyAdmin/> stanza):
Core.3 Linux Procedures.Setup/Configs.Web Servers.Scripting
Install PHP5
Install PHP5 for Apache 2
Core.3 Linux Procedures.Software Control.Applications
Install CHKCONFIG
Installs CHKCONFIG package. This package enables you to start a specific daemon package on system boot.
Install CHKCONFIG Simple
Uses APT-GET to install CHKCONFIG.
Install Common needed packages
This will install commonly needed packages for Ubuntu. binutils cpp fetchmail flex gcc libarchive-zip-perl libc6-dev libcompress-zlib-perl libdb4.6-dev libpcre3 libpopt-dev lynx m4 make ncftp nmap openssl perl perl-modules unzip zip zlib1g-dev autoconf automake1.9 libtool bison autotools-dev g++ build-essential
install SNMP
This will install SNMP which allows you to monitor Linux Servers. Remember to set your SNMP Community String
Install Software
Prompts the user for the software package name that needs to be installed, and then uses APT-GET to install that package.
Install software from Image List
This allows you to to PIPE ( | ) a list of software to the apt-get install command which will install all missin software from the list. You have to create the list first! NB (Look in Software Updates/Upgrades Folder for the create image list procedure
Install SSH
Install the SSH Server for remote access
Install VIM
This installs VIM which is an easy to use text file editor for LInux
Install vim-nox
The default vi program has some strange behaviour on Ubuntu and Debian; to fix this, we install vim-nox:
Install XPDF
PDF Reader for Linux
Core.3 Linux Procedures.Software Control.apt-get
Autoclean apt-get
apt-get autoclean removes only package files that can no longer be downloaded.
Clean apt-get repository
Removes everything except lock files from /var/cache/apt/archives/ and /var/cache/apt/archives/partial/. Thus, if you need to reinstall a package APT should retrieve it again
Install Software
Prompts the user for the software package name that needs to be installed, and then uses APT-GET to install that package.
Remove Software
Removes the Package as prompted by the procedure
Core.3 Linux Procedures.Software Control.DNS
Install Bind9
DNS Server for linux
Core.3 Linux Procedures.Software Control.Email Servers
Download Zimbra Email
This will download the Zimbra email collaboration suite for Linux.
Core.3 Linux Procedures.Software Control.File Server
Install Quota
This will install the quota application needed for Quota control on specific folders. It is strongly recommended that you edit your /etc/fstab file manually as this can break your server and not mount any filesystem. Here is an example of a working fstab with quota enabled:
