You are here: Home / Archives for abiXalmon

Kuensel Blocks Google

September 13, 2011 By Leave a Comment

Kuenselonline, the Bhutan’s largest news website has blocked google from their website. Isn’t google the biggest search engine in the world? looks like they dont want all the free traffic you get from google. LOL

Kuensel Blocks Google

Kuensel Blocks Google

Filed Under: Blogs Tagged With:

Secure CentOS Linux with iptables

August 20, 2011 By Leave a Comment

Linux Firewall

Iptables is best linux firewall available. Use this to secure your linux with iptables.

Make sure to save the iptables configuration.

vi /etc/sysconfig/iptables

Secure IPTables Configuration:

*filter
:FORWARD DROP [0:0]
:INPUT DROP [0:0]
:OUTPUT DROP [0:0]
 
## Block IPs here
-A INPUT -s xxx.xxx.xxx.xxx -j DROP
 
-A INPUT -i eth0 -f -j DROP
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
-A INPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,ACK FIN -j DROP
-A INPUT -p tcp -m tcp --tcp-flags PSH,ACK PSH -j DROP
-A INPUT -p tcp -m tcp --tcp-flags ACK,URG URG -j DROP
 
## Open all your needed ports here
-A INPUT -p tcp -m state -m tcp --dport 25 --state NEW -j ACCEPT
-A INPUT -p tcp -m state -m tcp --dport 80 --state NEW -j ACCEPT
 
## Allow your IPs here
-A INPUT -p tcp -m state -m tcp -s xxx.xxx.xxx.xxx/255.255.255.0 --dport 10000 --state NEW -j ACCEPT
 
-A INPUT -p tcp -m tcp -m state ! --tcp-flags FIN,SYN,RST,ACK SYN --state NEW -j DROP
-A INPUT -f -j DROP
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -p tcp -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -p udp -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -p icmp -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
COMMIT
 
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
 
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
Filed Under: Blogs Tagged With: ,

Secure CentOS with sysctl.conf

August 7, 2011 By Leave a Comment

Secure your CentOS installation with sysctl, Replace your sysctl.conf with the configuration given below, this is the best configuration you can do.

 

# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled.  See sysctl(8) and
# sysctl.conf(5) for more details.
 
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
 
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syncookies = 1
 
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.default.log_martians = 1
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
 
########## IPv6 networking start ##############
# Number of Router Solicitations to send until assuming no routers are present.
# This is host and not router
net.ipv6.conf.default.router_solicitations = 0
 
# Accept Router Preference in RA?
net.ipv6.conf.default.accept_ra_rtr_pref = 0
 
# Learn Prefix Information in Router Advertisement
net.ipv6.conf.default.accept_ra_pinfo = 0
 
# Setting controls whether the system will accept Hop Limit settings from a router advertisement
net.ipv6.conf.default.accept_ra_defrtr = 0
 
#router advertisements can cause the system to assign a global unicast address to an interface
net.ipv6.conf.default.autoconf = 0
 
#how many neighbor solicitations to send out per address?
net.ipv6.conf.default.dad_transmits = 0
 
# How many global unicast IPv6 addresses can be assigned to each interface?
net.ipv6.conf.default.max_addresses = 1
 
########## IPv6 networking ends ##############
 
# Enable ExecShield protection
kernel.exec-shield = 1
kernel.randomize_va_space = 1
 
# increase system file descriptor limit
fs.file-max = 65535
 
# Allow for more PIDs
kernel.pid_max = 65536
 
#Increase system IP port limits
net.ipv4.ip_local_port_range = 11000 65000
 
# Reboot after a kernel panic
kernel.panic = 30
Filed Under: Blogs Tagged With: ,

CentOS Web server with Latest Apache, PHP and MySQL

August 4, 2011 By Leave a Comment

Setup perfect CentOS Web server with latest Apache, PHP and MySQL.

CentOS with Apache PHP MYSQL Webmin

Make sure you have installed CentOS with minimal system tools.

I am going to use my home directory as root folder.

cd ~

import RPM-GPG-KEY

rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY*

Update Everything using YUM

yum -y update

Reboot your Server.

reboot

Install Some Required Packages

yum install fetchmail wget bzip2 unzip zip nmap openssl lynx fileutils

Setup System Time

yum install ntp
chkconfig ntpd on
ntpdate pool.ntp.org
/etc/init.d/ntpd start

Install RPMForge Repo

rpm --import http://apt.sw.be/RPM-GPG-KEY.dag.txt
wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.i386.rpm
rpm -K rpmforge-release-0.5.2-2.el5.rf.i386.rpm
rpm -i rpmforge-release-0.5.2-2.el5.rf.i386.rpm
 
yum clean all
yum update

Use Remi’s Repo for Latest PHP and MySQL

rpm --import http://rpms.famillecollet.com/RPM-GPG-KEY-remi
wget http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm
wget http://rpms.famillecollet.com/enterprise/remi-release-5.rpm
rpm -Uvh remi-release-5*.rpm epel-release-5*.rpm

Enable Remi’s Repo

nano /etc/yum.repos.d/remi.repo
 
[remi]
enabled=1

Install Apache and PHP Server

yum install httpd
chkconfig --levels 235 httpd on
yum install php php-mysql php-gd php-odbc php-pear php-xml php-xmlrpc curl perl-libwww-perl ImageMagick libxml2
 
## Edit Apache Configuration, if you need.
nano /etc/httpd/conf/httpd.conf

Install MySQL Server

yum install mysql mysql-server
chkconfig --levels 235 mysqld on
/etc/init.d/mysqld start
 
## Change your MySQL Password
mysql_secure_installation
 
## Check if MySQL is running
netstat -tap | grep mysql
 
## Edit MySQL Configuration, if you need.
nano /etc/my.cnf

Install eAccelerator – PHP Caching, Makes your php load faster

yum install php-eaccelerator

Install PhpMyAdmin

yum install phpmyadmin

Start Apache Server

service httpd restart

Check Apache

apachectl -M

Output

httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
Loaded Modules:
 core_module (static)
 mpm_prefork_module (static)
 ...
Syntax OK

Check PHP

php -v

Output

PHP 5.3.6 (cli) (built: May 16 2011 19:18:00)
Copyright (c) 1997-2011 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2011 Zend Technologies
    with eAccelerator v0.9.6.1, Copyright (c) 2004-2010 eAccelerator, by eAccelerator

Web server with Latest PHP and MySQL is done!

Install Webmin if you want

yum install openssl perl-Net-SSLeay
rpm --import http://www.webmin.com/jcameron-key.asc

Add Webmin Repo

nano /etc/yum.repos.d/webmin.repo

Add This

[Webmin]
name=Webmin Distribution Neutral
#baseurl=http://download.webmin.com/download/yum
mirrorlist=http://download.webmin.com/download/yum/mirrorlist
enabled=1

Install Webmin

yum install webmin
Filed Under: Blogs Tagged With: , , , ,

Learn programming online

August 4, 2011 By Leave a Comment

Did you ever wanted to learn computer programming,? or wanted to refresh your programming skills. Stanford has a free course online that allows you to learn programming, course is simple, easy to understand and best part is its free!.

Learn programming online from Stanford

Standford Computer Programming

 

Filed Under: Blogs

Junk Snail Mail

August 2, 2011 By Leave a Comment

Guess what i found in my Snail Mail Box, a Junk snail mail. I wonder where he got my address? No wonder i hear so many stories about people sending money to UK.

Junk Snail Mail Envalope

Junk Snail Mail Contents

Filed Under: Blogs

sudo – With great power comes great responsibility

September 6, 2010 By 4 Comments

> sudo …

We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things:

#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.

> Sudo Make me a sandwich

Filed Under: Blogs Tagged With: , ,

Tashel – Online Visa System

June 25, 2010 By Leave a Comment

Tashel Online, The online visa system for Tour Operators of Bhutan.

Tashel Online allows Tour Operators to apply to visa, receive approved visas on email, generate tour invoice, download army permits and get notices.

This Project was done in collaboration with Tourism Council of Bhutan and Department of Immigration.

Project Details

Web Technology: PHP, MySQL, JavaScript
Software: Microsoft .NET 2008 with MySQL

Filed Under: Blogs Tagged With:

Tshering Tobgay’s new Blog – tsheringtobgay.com

May 5, 2009 By 3 Comments

Just Launched Tshering Tobgay’s (PDP President and Opposition Leader) new Blog, He had been using blogger till now and has gained so much popularity online! He is one of the most popular and regular blogger from Bhutan. I am indeed really privillaged to design a blog for him!

Tshering Tobgay’s Blog screenshot

Blog URL: www.tsheringtobgay.com
Blog Software: WordPress
Scripts/Languages: PHP/MySQL

Filed Under: Blogs Tagged With: ,

Homeless GNH in Bhutan

April 1, 2009 By 2 Comments

A group of homeless people in Thimphu remind society about the difficult search for Gross National Happiness.

Homeless Gross National Happiness (GNH) in Bhutan

Filed Under: Blogs Tagged With: