The following command will export a list of phpBB email addresses and put each email address on a new line (so you can copy in paste into Excel or another app).

Export phpBB emails from MySQL

The following command will export phpBB email addresses from the phpbb_users table:

1

mysql YourphpBB_db -u root -p -BNe 'select user_email from phpbb_users' > /tmp/outfile.txt

I know there are other option to export email addresses from phpBB but I find this the easiest / fastest way (I exported about 37,000 email addresses in a second or two on a reasonably low spec CentOS 6 VPS.

How To Secure SSH Servers on Linux

This guide will show you step by step how to secure SSH servers on your network or hosted directly on the Internet.

What is SSH ?

SSH is the standard way for Admin’s to connect to Linux servers securely over an encrypted tunnel. However a default install of SSH is far from perfect and can allow for an attacker to hack SSH and acquire a shell on a remote server, follow our tutorial on how to secure SSH Servers. This guide should work for all distros of Linux using OpenSSH Server, Ubuntu, Debian, CentOS, RHEL, Gentoo, Fedora etc…

Security Harden SSH Servers

Follow the instructions below to security harden SSH Servers on your network, you will secure SSH so tight not even Trinity could exploit you with her mad nmap skills :)

Use Strong SSH Passwords

It sounds obvious but make sure all the passwords on your system are secure, you are probably not aware of just how many automated scripts & bots are continuously brute forcing your SSH Server. If you are curious you can check the top 5 attacked SSH accounts with:

awk 'gsub(".*sshd.*Failed password for (invalid user )?", "") {print $1}' /var/log/secure* | sort | uniq -c | sort -rn | head -5

If you want to see your top 5 SSH attackers:

awk 'gsub(".*sshd.*Failed password for (invalid user )?", "") {print $3}' /var/log/secure* | sort | uniq -c | sort -rn | head -5

Rules for choosing secure Linux system account passwords:

• Minimum of 8 characters

• Mix of upper and lower case letters

• Mix of letters and numbers

• Non alphanumeric characters (special characters such as ! “ £% ^)

Disable SSH root logins

To disable root logins over SSH open up your sshd_config file on CentOS / RHEL systems this is found at “/etc/ssh/sshd_config”, on Debian based systems (Ubuntu) this could vary. Make sure you have the following entry:

1
2

# Prevent root logins:
PermitRootLogin no

Restart SSH:

1

/etc/init.d/sshd restart

From now on if you require root access over SSH you will need to login as a normal user and type “su –” to get root.

Disable SSH protocol 1

To disable protocol 1 for SSH make sure your “/etc/ssh/sshd_config” has the following uncommented:

1
2

# Protocol 2,1
Protocol 2

Restart SSH (instructions above).

Change the SSH Port on the server

This step is more security by obscurity, changing SSH default port 22 to a port of your choice (normally high) will reduce the amount of bots trying to brute for your SSH server.

To change SSH server port add the following entry in your “/etc/ssh/sshd_config”:

1
2

# Run ssh on a non-standard port:
Port 2233

(Don’t use the port number listed above and don’t use 2222, everyone uses this port and it gets scanned almost as much as 22).

You will need to specify the new port you have chosen in Putty or on the command line when connecting, on Putty this is pretty obvious on Unix you would do so by:

1

ssh -p 2233 [email protected]

Allow specific Users on SSH

If it’s only you and a bunch of other admin’s accessing the server over SSH I would recommend the use of AllowUser in the ssh_config, this is a ACL for SSH allowing only the users written in the config file. The example below would allow keith & bart to access the server over SSH:

1

AllowUsers keith bart

Change SSH login grace time

This is the period of unauthenticated time the connection is left open, the time you have to login. By default it’s normally 2 minutes, which is far to long in my opinion… I change mine to 30 seconds.

1

LoginGraceTime 30

Limit the amount of unauthenticated SSH connections

When SSH servers are cracked attackers open up as many SSH connections to your server as possible, the more connections they can open the more simultaneous parallel crack attempts then can run.

Adding the following to your sshd_config file will allow 2 unauthenticated connections to your server at the same time and randomly and increasingly drop connection attempts between 2 and the maximum of 10. If you have a lot of valid SSH user authenticating on your servers at the same time this should be increased.

1
2

#MaxStartups 10
MaxStartups 2:50:10

Block SSH Attacks

When people attempt to brute force attack your server they well continuously try a number of username and password combinations until they gain access. You can stop brute force attacks by blocking repeated attempts to login from the same IP address. There are two ways to do this, install DenyHosts or use iptables, I would pick one method not both, if you have more time use iptables if you are not confident with iptables then use DenyHosts.

Block SSH attacks with iptables:

1
2

iptables -A INPUT -p tcp --dport 22 -m recent --set --name ssh --rsource
iptables -A INPUT -p tcp --dport 22 -m recent ! --rcheck --seconds 60 --hitcount 4 --name ssh --rsource -j ACCEPT

Block SSH attacks with DenyHosts:

Install DenyHosts on CentOS:

First you need to install the EPEL repo one installed do the following:

1

yum install denyhosts

Install DenyHosts on Ubuntu or Debian:

1

apt-get install denyhosts

iptables rule for SSH: allow only specific IP addresses to connect

Only allow certain IP addresses to connect to your SSH server, e.g your office.

1

iptables -A INPUT -p tcp -s 8.8.8.8 --dport 22 -j ACCEPT

Use Public Private Keys for SSH Authentication

This eliminates crack attempts on your SSH server as each user requires a key to connection. See our guide on SSH key based authentication.

After setting up your SSH keys edit your sshd_config file to never accept password based authentication again, preventing anyone ever guessing a users password again.

1

PasswordAuthentication no

If you followed this guide correctly you should have a much more secure SSH server , if you found this guide helpful please share it via Facebook Twitter Google Plus etc :)

The following tutorial walks you through how to erase hard drive (s) using Darik’s Boot And Nuke a bootable Linux distribution built with the sole purpose of deleting data from hard drives & partitions. DBAN (Darik’s Boot and Nuke) will  completely wipe your hard drive by writing over it multiple times to ensure your hard drive is erased (Arnie Style!).

Please note that DBAN is capable of wiping any hard drive partition / data for Windows, Mac or Linux it does not matter what file system (EXT3, NTFS, FAT, HFS) DBAN will be able to destroy the data contained on the device.

WARNING

PLEASE MAKE SURE YOU BACKUP YOUR DATA YOU WANT BEFORE FOLLWING THIS TUTORIAL ON HOW TO ERASE HARD DRIVE’S

 How To Erase Hard Drive Using Darik Boot And Nuke (DBAN)

This is by far the easiest method of wiping a hard drive, it requires no command line options you simply need to download the ISO, burn it, set your BIOS to boot from CD and select the wipe option you want… I Recommend leaving it over night, here is the step by step tutorial:

1. Download Darik’s Boot And Nuke ISO < Click Here

2. Burn the ISO to disk, using your favorite burning application

3. Boot from the CD/DVD drive on your Laptop / PC / Mac or Server

4. You should the be presented with the DBAN Boot Screen – Hit Return

5.  I normally select DoD Short (unless you are really paranoid I would go for this option), use the J / K keys to go up & down the list and push space on the option you want – SEE BELOW FOR DBAN WIPE OPTIONS

6.  The next step is selecting the correct drive / partition that you want to Nuke… PAY ATTENTION and don’t screw this up or you could end up destroying your date. I highly recommend only connecting hard drives you want to erase during the DBAN process, obviously this might not be practical if you are using a laptop or don’t know how to use a screw driver :) 

7. DBAN should start running, it’s going to take a long time… No amount of coffee will suffice, I highly recommend running DBAN before bed, overnight should be enough for most Hard Drive Wipe Options

8. Eventually, if all goes well you should see the following screen… Congrats your Hard Drive has been Erased.

DBAN Erase / Wipe Options Explained

Below are the erase options for DBAN, how many passes each is and some external links for more reading (if you are interested).

Quick Erase

This option speaks for itself.

RCMP TSSIT OPS-11

Canadian RCMP TSSIT OPS-II: 8 drive-wiping passes with a random byte in the overwrite sequence changed each time.

DoD Short

DoD Short is a 3 pass wipe based on the DoD 5220 22M (As far as I can tell).

DoD 5220 22M

DoD 5220 22M is a 7 pass wipe, visit the DoD 5220 22M Wikipedia page for more information on the standard.

Gutmann Wipe

This uses the Gutmann Method of  writing a series of 35 patterns over the disk or partition that is being erased.

PRNG Stream

Uses a (PRNG) Pseudorandom number generator stream to over write the drive.

I hope this tutorial on How To Erase Hard Drive (s) has helped some of you out, feel free to ask us any questions… An alternative to using DBAN would be using a Live CD such as Knoppix and running the Linux Shred Command.

I will leave you with this quote from Arnold Schwarzenegger…

You’ve Just Been Erased…

Fed up with your mail box getting blasted with automated Crontab mail, follow this tutorial to disable crontab mail and help reduce the clutter in your mailbox.

Crontab Mail Default Settings

By default crontab will send the output of any commands or scripts it runs to your email address. To prevent this action you need to redirect the script or command output to /dev/null

Disable Crontab Mail (Option 1)

To prevent cron from emailing you the script output we need to redirect the the output to /dev/null by adding the following to the end of your crontab script or command:

1
2
3
4
5

&> /dev/null

An example of a crontab script with the output redirected to /dev/null (to disable crontab email):

0 2 4 * * /usr/local/blah-script.sh &> /dev/null

Disable Crontab Mail via the MAILTO variable (Option 2)

Another method to disable cron from emailing is to set a blank value for the MAILTO variable, to do this open your crontab with:

1

crontab -e

Add the following to the top of the file:

1

MAILTO=""

Save the file, you’re done… The crontab editor is Vi by default on most Linux / Unix systems, please see our tutorial for help with Vi Commands.

How To Install Debian Dig Tool

The following guide explains how to install the Dig tool on Debian Linux using the APT package manager. Dig is a command line tool used to extract information from DNS (Domain Name Servers) such as MX, NS & A record data.

Debian Dig Installation

The following command will install the Dig Command and must be run as root:

1

apt-get install dnsutils

Please see our guide on the dig command for more information on how to use this Linux command line tool.

How To Install the Dig Command Line tool on all versions of Ubuntu

How to install the Ubuntu Dig command used to lookup information from Domain Name Servers (DNS), the following command will install the Dig tool on Ubuntu using APT.

Dig Ubuntu Install Instructions

1

sudo apt-get install dnsutils

Nmap is an open source network exploration tool, meaning you can scan networks, devices or multiple networks and acquire information about the open TCP ports, software & operating system version and if the machine responds to ICMP echo requests or not. The following Nmap tutorial shows you several syntax examples for common Nmap scans.

The most common use for Nmap is to find out what ports are accessible to the outside world, this is often called an Nmap port scan in short nmap performs a TCP scan of a server on the most common TCP ports (Nmap default port range 1-1024) attempting to connect confirming if a services is listening on that port.

The following nmap tutorial will show you how to perform standard port scans on servers & network equipment.

Nmap Tutorial learn from the following Nmap Examples

Below are a list of the Nmap examples with explanations of what each command will execute.

Nmap TCP scan for open ports

The

1

nmap 192.168.1.1

Nmap scan when ICMP echo is disabled

1

nmap -P0 192.168.1.1

Nmap scan and return software version

1

nmap -sV 192.168.1.1

Nmap scan for operating system version

1

nmap --osscan-guess 192.168.1.1

Nmap scan on specific port ranges

1

nmap -p 50:120 192.168.1.1

Nmap scan a whole network displaying hosts that respond to ping

1

nmap -P0 192.168.1.*

NMAP Options Summary

Below is the nmap options summary, for more details I would recommend typing “man nmap” at the prompt.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110

Nmap 6.01 ( https://nmap.org )
 Usage: nmap [Scan Type(s)] [Options] {target specification}
 TARGET SPECIFICATION:
 Can pass hostnames, IP addresses, networks, etc.
 Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254
 -iL <inputfilename>: Input from list of hosts/networks
 -iR <num hosts>: Choose random targets
 --exclude <host1[,host2][,host3],...>: Exclude hosts/networks
 --excludefile <exclude_file>: Exclude list from file
 HOST DISCOVERY:
 -sL: List Scan - simply list targets to scan
 -sn: Ping Scan - disable port scan
 -Pn: Treat all hosts as online -- skip host discovery
 -PS/PA/PU/PY[portlist]: TCP SYN/ACK, UDP or SCTP discovery to given ports
 -PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes
 -PO[protocol list]: IP Protocol Ping
 -n/-R: Never do DNS resolution/Always resolve [default: sometimes]
 --dns-servers <serv1[,serv2],...>: Specify custom DNS servers
 --system-dns: Use OS's DNS resolver
 --traceroute: Trace hop path to each host
 SCAN TECHNIQUES:
 -sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans
 -sU: UDP Scan
 -sN/sF/sX: TCP Null, FIN, and Xmas scans
 --scanflags <flags>: Customize TCP scan flags
 -sI <zombie host[:probeport]>: Idle scan
 -sY/sZ: SCTP INIT/COOKIE-ECHO scans
 -sO: IP protocol scan
 -b <FTP relay host>: FTP bounce scan
 PORT SPECIFICATION AND SCAN ORDER:
 -p <port ranges>: Only scan specified ports
 Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080,S:9
 -F: Fast mode - Scan fewer ports than the default scan
 -r: Scan ports consecutively - don't randomize
 --top-ports <number>: Scan <number> most common ports
 --port-ratio <ratio>: Scan ports more common than <ratio>
 SERVICE/VERSION DETECTION:
 -sV: Probe open ports to determine service/version info
 --version-intensity <level>: Set from 0 (light) to 9 (try all probes)
 --version-light: Limit to most likely probes (intensity 2)
 --version-all: Try every single probe (intensity 9)
 --version-trace: Show detailed version scan activity (for debugging)
 SCRIPT SCAN:
 -sC: equivalent to --script=default
 --script=<Lua scripts>: <Lua scripts> is a comma separated list of
 directories, script-files or script-categories
 --script-args=<n1=v1,[n2=v2,...]>: provide arguments to scripts
 --script-args-file=filename: provide NSE script args in a file
 --script-trace: Show all data sent and received
 --script-updatedb: Update the script database.
 --script-help=<Lua scripts>: Show help about scripts.
 <Lua scripts> is a comma separted list of script-files or
 script-categories.
 OS DETECTION:
 -O: Enable OS detection
 --osscan-limit: Limit OS detection to promising targets
 --osscan-guess: Guess OS more aggressively
 TIMING AND PERFORMANCE:
 Options which take <time> are in seconds, or append 'ms' (milliseconds),
 's' (seconds), 'm' (minutes), or 'h' (hours) to the value (e.g. 30m).
 -T<0-5>: Set timing template (higher is faster)
 --min-hostgroup/max-hostgroup <size>: Parallel host scan group sizes
 --min-parallelism/max-parallelism <numprobes>: Probe parallelization
 --min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout <time>: Specifies
 probe round trip time.
 --max-retries <tries>: Caps number of port scan probe retransmissions.
 --host-timeout <time>: Give up on target after this long
 --scan-delay/--max-scan-delay <time>: Adjust delay between probes
 --min-rate <number>: Send packets no slower than <number> per second
 --max-rate <number>: Send packets no faster than <number> per second
 FIREWALL/IDS EVASION AND SPOOFING:
 -f; --mtu <val>: fragment packets (optionally w/given MTU)
 -D <decoy1,decoy2[,ME],...>: Cloak a scan with decoys
 -S <IP_Address>: Spoof source address
 -e <iface>: Use specified interface
 -g/--source-port <portnum>: Use given port number
 --data-length <num>: Append random data to sent packets
 --ip-options <options>: Send packets with specified ip options
 --ttl <val>: Set IP time-to-live field
 --spoof-mac <mac address/prefix/vendor name>: Spoof your MAC address
 --badsum: Send packets with a bogus TCP/UDP/SCTP checksum
 OUTPUT:
 -oN/-oX/-oS/-oG <file>: Output scan in normal, XML, s|<rIpt kIddi3,
 and Grepable format, respectively, to the given filename.
 -oA <basename>: Output in the three major formats at once
 -v: Increase verbosity level (use -vv or more for greater effect)
 -d: Increase debugging level (use -dd or more for greater effect)
 --reason: Display the reason a port is in a particular state
 --open: Only show open (or possibly open) ports
 --packet-trace: Show all packets sent and received
 --iflist: Print host interfaces and routes (for debugging)
 --log-errors: Log errors/warnings to the normal-format output file
 --append-output: Append to rather than clobber specified output files
 --resume <filename>: Resume an aborted scan
 --stylesheet <path/URL>: XSL stylesheet to transform XML output to HTML
 --webxml: Reference stylesheet from Nmap.Org for more portable XML
 --no-stylesheet: Prevent associating of XSL stylesheet w/XML output
 MISC:
 -6: Enable IPv6 scanning
 -A: Enable OS detection, version detection, script scanning, and traceroute
 --datadir <dirname>: Specify custom Nmap data file location
 --send-eth/--send-ip: Send using raw ethernet frames or IP packets
 --privileged: Assume that the user is fully privileged
 --unprivileged: Assume the user lacks raw socket privileges
 -V: Print version number
 -h: Print this help summary page.
 EXAMPLES:
 nmap -v -A scanme.nmap.org
 nmap -v -sn 192.168.0.0/16 10.0.0.0/8
 nmap -v -iR 10000 -Pn -p 80

With IPv6 enabled some users experience slow Internet, normally due to browsers trying IPv6 first if that fails then reverting back to the IPv4 stack. If you have a half configured IPv6 setup then you may experience other networking issues, this guide show you how to disable IPv6 on Ubuntu 10.04 / 11.04 and all other current versions see below.

Ubuntu Disable IPv6 via Grub

The following command disables IPv6 using Grub at boot time, and I have found it the most affective.

Open: /etc/default/grub

1

sudo vi /etc/default/grub

Find the line:

1

GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"

Replace it with the following line to disable IPv6 on Ubuntu:

1

GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1 quiet splash"

Save the text file (see our vi commands page for more vi help) and update grub with:

1

sudo update-grub

You are good to go… Reboot and you will have disabled IPv6 on Ubuntu.

relay=none, delay=508, delays=508/0.02/0.02/0, dsn=4.4.1, status=deferred (connect to aspmx2.googlemail.com[IPv6 Address]:25: Network is unreachable)

If anyone is getting the above message or similar it’s being caused by Gmail now accepting mail over IPv6 and your server is failing to connect to their server for some reason to fix this in postfix I simply forced it to use IPv4 until I have the time to spend setting up IPv6 mail.

In postfix open:

1

/etc/postfix/main.cf

Set Postfix IPv4 Only

Find the line starting with “inet_protocols” and make sure it reads:

1

inet_protocols=ipv4

(On CentOS the default was inet_protocols=all)

Restart  or reload Postfix.

1

/etc/init.d/postfix reload

You might want to flush the mail queue in Postfix or just wait and mail will start to send, note you will probably have backed up email.

1

postfix -f

Install the epel repo for CentOS  and type:

1

yum install phpmyadmin

Accept the packages it needs to pull as deps from the EPEL repo and you have a working CentOS phpMyAdmin install.

To access phpMyAdmin on CentOS enter:

https://localhost/phpmyadmin

You will be prompted for auth the default password for phpMyAdmin on CentOS is the mysql root credentials, so to login use your mysql username and password for root (or another account).