New Zealand Linux

Occasionally you just want a bit of piece of mind about your server or Linux install. You may suspect there is somebody who has hacked your computer or even something changed by a package install that shouldnt have been.

Heres a couple of ideas on how to do a quick ‘health’ check on he md5sum of binary packages.

Debian based people should install dlocate and use that

apt-get install dlocate
dlocate -md5check openssh-server

To force a fail try something like this

mv /usr/share/man/man5/sshd_config.5.gz /usr/share/man/man5/sshd_config.5.gz-old
echo Boo > /usr/share/man/man5/sshd_config.5.gz
dlocate -md5check openssh-server

For Redhat/Centos etc based servers you can use yum

 rpm -qvV openssh

Again you can force a fail by changing a file

mv /usr/share/doc/openssh-4.3p2/CREDITS /usr/share/doc/openssh-4.3p2/CREDITS-old
echo Boo >/usr/share/doc/openssh-4.3p2/CREDITS
rpm -qvV openssh

For less verbosity just drop the lower case v (so its rpm -qV )

Often Iv’ve seen boxes compromised, or commands run that we have no idea who did it and at what time. Its very frustrating, especially when we have no idea if a customer did it, one of the staff, or if a box was compromised.

HISTTIMEFORMAT="%F-%R%t"

now you can run the following command

wishes@tulip:~$ history | tail -n 2
502  2009-10-15-11:26 vim .bashrc
503  2009-10-15-11:26 history | tail -n 2

If you want this permanent you can put it into /etc/profile on a line by itself. This will then be sites wide.

There have been some interesting exploits out and about, and often sysadmins have a lot of wordpress installs going on the one machine. This can be problematic when it comes to upgrading multiple instances.

So I posted a script up on the Rimuhosting blog that should fix this

wget http://b.ri.mu/files/wordpress-upgrade-patched.sh
sh wordpress-upgrade-patch.sh

Original Article: http://blog.rimuhosting.com/2009/08/20/wordpress-upgrade-script/