RKHunter – (RootKit Hunter) is a security scanning tool which will scan for rootkits, backdoors, and local exploits. It is an intrustion detection program for Linux OS which has been widely used by many server administrators. Sometimes there is a false alarm but most of the time you need to check the problematic areas Rkhunter points out.

Use these commands to install it:

http://kent.dl.sourceforge.net/project/rkhunter/rkhunter/1.3.4/rkhunter-1.3.4.tar.gz

tar zxf rkhunter*
cd rkhunter-1.3.4
./installer.sh –layout default –install

Let’s set up RKhunter to email you daily the scan reports via email

pico /etc/cron.daily/rkhunter.sh

add the following replacing your email address:

#!/bin/bash
(/usr/local/bin/rkhunter -c –cronjob 2>&1 | mail -s “Daily Rkhunter Scan Report” email@domain.com)

chmod +x /etc/cron.daily/rkhunter.sh

Now you can run a test scan with the following command:

/usr/local/bin/rkhunter -c

Here is how to configure your email address in Outlook Express:

1)Click Start, point to All Programs, and then click Outlook Express
2)On the Tools menu, click Accounts.
3)Click Add, and then click Mail
4)Type Your name in Display name as you would like it to appear.
5)Type your email address people use to send email messages to you.
6)Type mail.domainname under incoming mail(POP3, IMAP OR HTTP) server as well as under Outgoing mail SMTP server.
For example if your domainname is example.com then type under incoming mail(POP3, IMAP OR HTTP) server, mail.example.com and under Outgoing mail SMTP server, mail.example.com.
7)Follow the instructions as above in the Internet Connection Wizard until you reach the Internet Mail Logon page
8)In Account name, type your POP3 service user name, followed by the domain, for example, someone@example.com.
In Password, type the password associated with your POP3 service e-mail account.
9)Click on properties button.
10)Enable: My servers requires authentication in servers tab
11)Enable: Leave a copy of message on the server in advanced tab.
12) Click Apply and then click OK.

About SPF: SPF (Sender Policy Framework)  is an open standard specifying a technical method that was created in order to stop and eliminate the forged or spoofed sender email addresses in the mail envelope SMTP MAIL FROM or Return-Path that commonly used in spam message.

SPF allows the owner of an Internet domain to use special format of DNS records (“SPF”) to specify which machines are authorized to transmit e-mail for that domain. For example, the owner of the example.net domain can designate which machines are authorized to send e-mail whose sender e-mail address ends with “@example.net”.

A typical example TXT record for SPF looks like this:

example.net.  TXT  “v=spf1 mx a:pluto.example.net include:aspmx.googlemail.com -all”
The parts of the SPF record mean the following:

v=spf1    SPF version 1
mx    the incoming mail servers (MXes) of the domain are authorized to also send mail for example.net
a: pluto.example.net    the machine pluto.example.net is authorized, too
include:aspmx.googlemail.com    everything considered legitimate by gmail.com is legitimate for example.net, too
-all    all other machines are not authorized

To check if your SPF record is correct, there are various SPF checker, tester or validator available like http://www.kitterman.com/spf/validate.html

Preventing Images Hotlinking on a Web Site

Bandwidth theft or hotlinking is a direct linking to web site’s files (images, video, etc.). It can be prevented with the mod_rewrite module.

Place rules like below into the .htaccess files for the domain (for example www.example.com):

 RewriteEngine on
RewriteCond % !^$
RewriteCond % !^http://(www\.)?example\.com(/)?.*$ [NC]
RewriteRule \.(gif|jpg|jpeg|png|swf)$ – [NC,F] 

You can use the following steps to uninstall apf on a linux machine:

First stop the apf service.

# /etc/rc.d/init.d/apf stop

Remove the apf files from the server.

# rm -Rf /etc/apf
# rm -Rf /etc/rc.d/init.d/apf
# rm -Rf /var/log/apf_log
# rm -Rf /var/log/apfados_log
# rm -Rf /usr/local/sbin/apf

Disable apf in the run levels.

# /sbin/chkconfig –level 345 apf off

Open up and remove this line:

# vi /etc/cron.daily/fw
/etc/rc.d/init.d/apf restart >> /dev/null 2>&1

As a configuration file, .htaccess is very powerful.  Even the slightest syntax error can result in your content not displaying correctly or at all.

Check the mostly used ones:

• Point an entire site to a different URL, such as domain.net redirected to domain.com:

  # This allows you to redirect your entire website to any other domain
  Redirect 301 / http://kb.mediatemple.net/

• Redirect index.html to a specific subfolder:

  # This allows you to redirect index.html to a specific subfolder
  Redirect /index.html http://mt-example.com/newdirectory/
  

• Redirect an old file to a new file path:

  # Redirect old file path to new file path
  Redirect /olddirectory/oldfile.html http://mt-example.com/newdirectory/newfile.html

• Redirect to a specific index page:

  # Provide Specific Index Page (Set the default handler)
  DirectoryIndex index.html

• Redirect users to access the site without www:

  # To redirect all users to access the site WITHOUT the www. prefix,
  # (http://www.example.com/... will be redirected to http://example.com/...)
  # adapt and uncomment the following:
  
  RewriteEngine On
  RewriteCond %{HTTP_HOST} ^www\.mt-example\.com$ [NC]
  RewriteRule ^(.*)$ http://mt-example.com/$1 [L,R=301]

• Redirect users to use www:

  # To redirect all users to access the site WITH the www. prefix,
  # (http://example.com/... will be redirected to http://www.example.com/...)
  # adapt and uncomment the following:
  
  RewriteEngine On
  RewriteCond %{HTTP_HOST} !^www\.mt-example\.com$ [NC]
  RewriteRule ^(.*)$ http://www.mt-example.com/$1 [L,R=301]