Monthly Archives: January 2012

How to reinstall Grub 2 to master boot record

How to reinstall Grub 2 to master boot record

https://answers.launchpad.net/me-tv/+question/79735

GRUB

Using Ubuntu livecd

Here assuming the Ubuntu partition is sda7 and /boot partition is sda6 (if you have a separate /boot partition).

Boot up ubuntu from the livecd, open terminal and run:

sudo -i
mount /dev/sda7 /mnt
mount /dev/sda6 /mnt/boot  #skip this one if not have a separate /boot partition
grub-install --root-directory=/mnt/ /dev/sda

If you miss grub.cfg file,use following to recreate:

mount --bind /proc /mnt/proc
mount --bind /dev /mnt/dev
mount --bind /sys /mnt/sys
chroot /mnt update-grub
umount /mnt/sys
umount /mnt/dev
umount /mnt/proc
exit

Using the cd/usb boot up with GRUB

Boot up the CD/USB, press “c” in grub menu. Type:

find /boot/grub/core.img
root (hdx,y)   (previous command will output the x,y)
kernel /boot/grub/core.img
boot

After the boot command,you’ll go into GRUB 2 menu. Select to boot up Ubuntu and run this command to restore GRUB:

sudo grub-install /dev/sda

How to add Vista/Windows 7 partition to Grub 2

http://erickoo.wordpress.com/2009/06/14/how-to-add-vista-partition-to-grub-2-ubuntu-9-10-karmic-koala/

sudo fdisk -l /dev/sda

According to this my Windows partition is hda1. To continue with my plan to add Windows boot option I typed in the following line:

sudo nano /etc/grub.d/11_Windows

This created a new a new file. I then added the following lines:

#! /bin/sh -e
echo "Adding Windows" >&2
cat << EOF
menuentry "Windows 7" {
set root=(hd0,1)
chainloader +1
}
EOF

Now save the 11_Windows file.

Bare in mind that in earlier version of GRUB, if your Windows was installed on first partition then you need to give root=(hd0,0). Thats how GRUB used to number partitions. Starting from GRUB 2, you need to give root=(hd0,1), if your Windows is installed on first partition. So under GRUB 2 it looks like this:

First partition (/dev/sda1): root=(hd0,1)

Next type the following command:

sudo chmod a+x /etc/grub.d/11_Windows

Next type in the following command:

sudo update-grub

You should be able to see something like this:

# sudo update-grub
Generating grub.cfg
Found linux image: /boot/vmlinuz-2.6.30-9-generic
Found initrd image: /boot/initrd.img-2.6.30-9-generic
Found linux image: /boot/vmlinuz-2.6.30-8-generic
Found initrd image: /boot/initrd.img-2.6.30-8-generic
Adding Windows
Found memtest86+ image: /boot/memtest86+.bin
done

Now close all the open programs and type in the following command to your terminal:

sudo reboot

If all went well you should see Windows 7 option in your GRUB2.

Securing a New Linux Installation

http://linuxgazette.net/105/odonovan.html

Linux Internet Server Security and Configuration Tutorial
http://www.yolinux.com/TUTORIALS/LinuxTutorialInternetSecurity.html

Install basic security tools

aptitude install portsentry fail2ban denyhosts logwatch rkhunter

Configure basic security tools

OSSEC

http://www.ossec.net/main/manual/manual-installation
http://dcid.me/texts/my-ossec-setup-manual.php

apt-get install gcc make libc-dev
wget http://www.ossec.net/files/ossec-hids-2.6.tar.gz
tar zxvf ossec-hids-2.6.tar.gz
cd ossec-hids-2.6
sudo ./install.sh
Select: local (if you only have one system to monitor), root@localhost, enable active response [n]
ln -s /var/ossec/bin/ossec-logtest /var/ossec/ossec-logtest

Find what is running and what type of logs are available.
lsof | grep log

Compare with what OSSEC added automatically
cat /var/ossec/etc/ossec.conf |grep "/"

Add manually the logs that are missing using the util.sh tool that comes with OSSEC:
(Get util.sh, run hg clone https://bitbucket.org/dcid/ossec-hids, find it in contrib directory)

/var/ossec/bin/util.sh addfile /var/log/httpd/site4.access.log

  • Tests the logs
  • cat /var/log/syslog | /var/ossec/bin/ossec-logtest -a

  • Add monitoring of important files or directories
  • /var/ossec/etc/ossec.conf
    /var/www
    or ignore often changed files

    /etc/motd
    

  • To start/stop OSSEC HIDS
  • /var/ossec/bin/ossec-control

    Fail2ban

    http://www.fail2ban.org/wiki/index.php/Whitelist

    /etc/fail2ban/jail.local

    action = %(action_mw)s
    

    /etc/fail2ban/fail2ban.conf

    ignoreip = 127.0.0.1 192.168.1.0/24
    

    http://linux.m2osw.com/zmeu-attack

    [apache-badbots]
    enabled = true
    port = http,https
    filter = apache-badbots
    logpath = /var/log/apache*/*access.log
    maxretry = 3
    findtime = 5
    bantime = 14400
    
    [webmin-auth]
    enabled = true
    port = 10000
    filter = webmin-auth
    logpath = /var/webmin/miniserv.log
    maxretry = 3
    findtime = 5
    bantime = 14400

    /etc/fail2ban/filter.d/apache-badbots.conf

    [Definition]
    badbotsmy = admin|phpmyadmin|phpMyAdmin|pma|PMA|forum|board|guestbook|scripts|db|web|sql|php|mysql|
    
    failregex = ^ -.*"(GET|POST).*HTTP.*"(?:%(badbots)s|%(badbotscustom)s)"$
    ^ -.*"(GET|POST).*(?:%(badbotsmy)s).*HTTP.*"$

    /etc/init.d/fail2ban restart

    RK Hunter

    /etc/default/rkhunter

    CRON_DAILY_RUN="true"
    CRON_DB_UPDATE="true"

    /etc/cron.daily/rkhunter change parameter

    --report-warnings-only
    
    to
    --no-mail-on-warning
    

    Logwatch

    /etc/logwatch/conf/logwatch.conf

    LogDir = /var/log
    TmpDir = /var/cache/logwatch
    Output = stdout
    Format = text
    Encode = none
    MailTo = root
    MailFrom = Logwatch
    Range = yesterday
    Detail = High
    Service = All
    Service = "-eximstats"
    mailer = "/usr/sbin/sendmail -t"

    mkdir /var/cache/logwatch

    Denyhosts

    /etc/denyhosts.conf

    ADMIN_EMAIL =
    

    Prey for notebooks

    http://preyproject.com

    aptitude install curl
    wget http://preyproject.com/releases/0.5.3/prey-0.5.3-linux.zip
    unzip prey-0.5.3-linux.zip
    mv prey /usr/share
    rm -f unzip prey-0.5.3-linux.zip
    touch /var/log/prey.log
    touch /tmp/prey-curl-headers.txt

    /usr/share/prey/config

    # you can get both of these from Prey's web service
    api_key='xyz'
    device_key='xyz'
    # mailbox to send the report
    mail_to='jan@faix.cz'
    # the password is now stored base64 encrypted
    # if you wish to generate it by hand, run
    # $ echo -n "password" | openssl enc -base64
    smtp_server='mail.faix.cz:25'
    smtp_username='jan@faix.cz'
    smtp_password='cHJkZWw='

    (sudo crontab -l | grep -v prey; echo "*/20 * * * * /usr/share/prey/prey.sh &gt; /var/log/prey.log") | sudo crontab -

    Tripwire

    is obsolete, use OSSEC instead!!!