Here is the way to disable selinux:

1-Edit /etc/selinux/config and set the SELINUX variable to 'disabled'
2-Use the setenforce command to disable on-the-fly

With solution 1, your changes are permanent but only effective if you reboot the machine.

With solution 2, your changes are NOT permanent but effective immediately.

Hope this clears it up :-).

taken from : http://www.linuxquestions.org

Install SE Linux

# apt-get install selinux-basics selinux-policy-default
# reboot
# nano /etc/default/rcS
edit FSCKFIX=yes
# nano /etc/cron.daily/mlocate (digunakan agar locate database tidak berjalan terus)
tambahkan exit 0 pd baris ke 2

Jika sudah selesai ketikkan :
# check-selinux-installation
# rm /var/run/motd
# ln -s /etc/motd.baru /etc/motd

1. Matikan dan buang service2 yang tidak perlu.
bisa install rcconf u/ mengatur startup.
dan apt-get remove packagegakpenting

2. Edit partisi, matikan eksekusi untuk partisi dimana user menaruh data (terutama web server)

3. Ubah file descriptor di sysctl.conf
your file descriptor must be beyond 65535

4. Upgrade ke kernel paling baru.

5. Atur firewall se secure mungkin. Allow port yang diperlukan saja.

6. Atur akses login user.

7. Sebisa mungkin jangan gunakan default port.

8. Disable root login from remote

9. Edit motd.

10. Coba main2 dgn sysctl.conf (beware, resiko ditanggung sendiri).

11. Secure kan service2 dan option pada program yg terinstall, misalnya : my.cnf, php.ini, httpd.conf, ftp.conf, snmpd.conf named.conf

12. Install tool pendukung monitoring :
- snmpd, ifstat, iptraf, snort, lsof, htop, deborphan, mtr, nikto. well why do i forget other tool in this critical moment..

Nanti ditambahkan kalau ada lagi.

Thx to cakri n google. u;re all da best.

# apt-get install deborphan
# deborphan -sz
# apt-get remove namapackage
atau
# apt-get remove --purge $(deborphan)
atau bisa juga
# orphaner
perintah di atas ada tampilan grafisnya ;)

Hari ini nyoba install via tarball, yg q jadikan eksperimen adalah pureftpd.

1. Download Source
wget http://download.pureftpd.org/pub/pure-ftpd/releases/pure-ftpd-1.0.29.tar.gz
2. Ekstrak
tar -xzvf pure-ftpd-1.0.29.tar.gz
3. masuk ke directory hasil ekstrak
4. ./configure

Nah lo..koq pas configure error. :(
Ternyata compiler gak support, jadi harus install dulu

apt-get install gcc
apt-get install g++

Ulangi lagi deh configurenya, kemudian lanjutkan dgn perintah make && make install

kelanjutannya ada di postingan ini

Bagi yang compile dgn support mysql coba install dulu mysql-devel
apt-get mysql-devel

Install snmpd cara praktis aja ya..
# apt-get install snmpd (linux)
# pkg_add -rv net-snmpd (fbsd)

Stl itu copy file konfigurasi :
# cp /etc/snmp/snmpd.conf.orig /etc/snmp/snmpd.conf (linux)
# cp /usr/local/share/snmpd/snmpd.conf.example /usr/local/share/snmpd/snmpd.conf (bsd)

Edit /etc/snmp/snmpd.conf :
com2sec local localhost public
com2sec local ipmrtgserver public

Edit /etc/default/snmpd : (freebsd ga perlu proses ini)
remove ip 127.0.0.1

Restart snmp : /etc/init.d/snmpd restart

Ketik perintah berikut :

# /usr/sbin/update-inetd --disable telnet

Untuk meremove service di linux sewaktu startup ada bbrp cara :

1. # update-rc.d -f NAMASERVICE remove
contoh :
# update-rc.d -f exim4 remove

2. Install rrconf
# apt-get install rcconf
tunggu proses selesai, ketik :
# rcconf

Tinggal check/uncheck yg ga perlu aja, kayak msconfig gitu..

Kalo di FreeBSD, tinggal cek aja isi /etc/rc.conf atau cek didirectory /usr/local/etc/rc.d

Wokeh.. selamat berbahagia..

Cara membunuh/kill semua proses pada suatu daemon adl sbb :

ps -ax | grep "/usr/local/sbin/httpd" | awk '{print $1}' | xargs kill

atau kalau mau lihat process owner idnya

ps -aux | grep "/usr/local/sbin/httpd" | awk '{print $2}' | xargs kill


nb : bedanya cuman di awk row nya aja..

Memory anda lebih dari 4GB? tapi tidak terdeteksi semua?
Apa pasal?

Hal ini dikarenakan OS yg terinstall 32bit dan kernel bigmem (di linux) atau PAE (di FreeBSD) belum diaktifkan.

Untuk FreeBSD ada 2 cara :
1. tambahkan baris berikut di file kernel anda dan compile ulang
options PAE
menambahkan baris tersebut akan menyebabkan beberapa driver tidak disupport, jadi perlu dipertimbangkan apakah driver dipakai atau tidak.

2. Cara kedua adalah dengan cara install ulang dgn ISO AMD64.

Untuk Debian coba langkah berikut.

- Install lshw untuk cek memori real anda
# apt-get install lshw
# lshw -C memory
# dpkg --get-selections | grep bigmem
# apt-get install linux-image-2.6.26.2-686-bigmem

Cek hasil instalasi kernel dgn perintah berikut :
# dpkg --get-selections | grep bigmem
linux-image-2.6.26.2-686-bigmem install

Untuk menu booting lihat dulu
# grep "Debian GNU" /boot/grub/menu.lst | nl -v0

Sesuaikan menu kernel dgn nomer default boot.

Pasti pernah tau kan dot-file. Ya, yang biasanya ada di home directory (/home/namauser).File tersebut adalah file konfigurasi untuk mengatur setting dari program Unix/Linux seperti shell (bash/ksh/sh), vi (file editor) dan aplikasi lainnya.

File konfigurasi untuk sistem *NIX biasanya disimpan di /etc atau di /usr/local/etc. Tiap aplikasi mempunyai format yang unik, user bisa saja meletakkan file konfigurasi tidak sesuai dengan defaultnya tapi ke directory lain. Untuk menyembunyikan file konfigurasi dari listing normal (ls), maka file/directory bisa diprefik (awalan) dot (titik).

Untuk melihat dot-file bisa digunakan perintah ls -a atau kalau di FreeBSD cukup memakai ll atau kalau mau lebih singkat bisa dengan perintah ls -ld .*

diterjemahkan scr bebas dari : www.cyberciti.biz

Berikut beberapa istilah yang sering digunakan di linux, beberapa istilah berikut juga sering digunakan di unix based OS.

Kernel The kernel is a program that constitutes the central core of a computer operating system. It has complete control over everything that occurs in the system.

kernel can be contrasted with a shell (such as bash, csh or ksh in Unix-like operating systems), which is the outermost part of an operating system and a program that interacts with user commands. The kernel itself does not interact directly with the user, but rather interacts with the shell and other programs as well as with the hardware devices on the system, including the processor (also called the central processing unit or CPU), memory and disk drives

file system?

a file system (sometimes written filesystem) is the way in which files are named and where they are placed logically for storage and retrieval. The DOS, Windows, OS/2, Macintosh, and UNIX-based operating systems all have file systems in which files are placed somewhere in a hierarchical (tree) structure. A file is placed in a directory (folder in Windows) or subdirectory at the desired place in the tree structure.

File systems specify conventions for naming files. These conventions include the maximum number of characters in a name, which characters can be used, and, in some systems, how long the file name suffix can be. A file system also includes a format for specifying the path to a file through the structure of directories.

what is mutiuser?

computer systems that support two or more simultaneous users. All mainframes and minicomputers are multi-user systems, but most personal computers and workstations are not. Another term for multi-user is time sharing.

what is GUI?

A graphical user interface (GUI) is a human-computer interface (i.e., a way for humans to interact with computers) that uses windows, icons and menus and which can be manipulated by a mouse (and often to a limited extent by a keyboard as well).

GUIs stand in sharp contrast to command line interfaces (CLIs), which use only text and are accessed solely by a keyboard. The most familiar example of a CLI to many people is MS-DOS. Another example is Linux when it is used in console mode (i.e., the entire screen shows text only).

Linux filesystem types?

minix, ext, ext2, ext3, xia, msdos, umsdos, vfat, proc, nfs, iso9660, hpfs, sysv, smb, ncpfs

what is fdisk?

The program Microsoft operating systems MS-DOS and non-NT versions of Windows use to create partitions on hard drives. Technically, the program is called fdisk.exe. It uses a text-based interface. Windows 95b first added support for FAT-32 partitions into fdisk. Before that it only supported partitions up to 2 GB using FAT-16. This is also a slang term for wiping a drive out completely, as in "I'm going to F-Disk this drive if Windows crashes one more time!" There are several non-Microsoft equivalents to fdisk, but all serve similar purposes--to allow partitioning of hard disk drives.

what is shell in linux?

A shell is a program that provides the traditional, text-only user interface for Unix-like operating systems. Its primary function is to read commands that are typed into a console (i.e., an all-text display mode) or terminal window (an all-text window) in a GUI (graphical user interface) and then execute (i.e., run) them.

The term shell derives its name from the fact that it is an outer layer of an operating system. A shell is an interface between the user and the internal parts of the operating system (at the very core of which is the kernel).

what is lilo?

Lilo means last in last out . LILO is a versatile boot loader for Linux. It does not depend on a specific file system, can boot Linux kernel images from floppy disks and hard disks, and can even boot other operating systems. One of up to sixteen differernt images can be selected at boot time. Various parameters, such as the root device, can be set indepenantly for each kernel. LILO can even be used as the master boot record.

What is Grub?

Grand Unified Bootloader (GRUB)” .A small software utility that loads and manages multiple operating systems (and their variants).

Where Is the Latest Kernel Version on the Internet?

The easiest way to update your kernel is to get the update directly from the distribution which you are running.
If you need or want to configure and compile your own kernel, the web page at http://www.kernel.org/ lists the current versions of the development and production kernels.

What is FSCK?

fsck - check and repair a Linux file system.
fsck is used to check and optionally repair one or more Linux file systems. filesys can be a device name (e.g. /dev/hdc1, /dev/sdb2), a mount point (e.g. /, /usr, /home), or an ext2 label or UUID specifier (e.g.UUID=8868abf6-88c5-4a83-98b8-bfc24057f7bd or LABEL=root). Normally, the fsck program will try to handle filesystems on different physical disk drives in parallel to reduce the total amount of time needed to check all of the filesystems.

If no filesystems are specified on the command line, and the -A option is not specified, fsck will default to checking filesystems in /etc/fstab serially. This is equivalent to the -As options.

what is partition?

A partition is a section of a hard disk. When you format a hard disk, you can usually choose the number of partitions you want. The computer will recognize each partition as a separate disk, and each will show up under "My Computer" (Windows) or on the desktop (Macintosh).

What is a boot loader?

Most simply, a boot loader loads the operating system. When your machine loads its operating system, the BIOS reads the first 512 bytes of your bootable media (which is known as the master boot record, or MBR). You can store the boot record of only one operating system in a single MBR, so a problem becomes apparent when you require multiple operating systems. Hence the need for more flexible boot loaders.

The master boot record itself holds two things -- either some of or all of the boot loader program and the partition table (which holds information regarding how the rest of the media is split up into partitions). When the BIOS loads, it looks for data stored in the first sector of the hard drive, the MBR; using the data stored in the MBR, the BIOS activates the boot loader.

What is PAM?
(Pluggable Authentication Modules) A programming interface that enables third-party security methods to be used in Unix. For example, smart cards, Kerberos and RSA technologies can be integrated with various Unix functions such as rlogin, telnet and ftp.

What is default shell in linux?
Most of the Linux Distributions default shell is bash shell

sek males nerjemahno

Debian merupakan salah satu distro (distibution) dari Linux. Linux merupakan sebuah Free OS berbasis Unix yang ditemukan oleh Linus T.

Linux mempunyai 4 komponen utama :
1. Kernel
2. Managemen File
3. GUI
4. Multi user

Debian ditemukan th 1993 oleh Ian Murdock, mahasiswa Purdue University, yang menulis the Debian Manifesto yang disebut sebagai kreasi distro linux u/ dimantain scr open dengan semangat Linux dan GNU. Nama debian diambil dari nama Ian dan nama pacarnya Debra yang akhirnya dimekso2kan menjadi debian.

Debian terbaru adalah etch (saat penulis posting tulisan ini). Sebelum etch ada sarge,woody,potato dll. Penamaan tersebut merupakan code untuk versi debian agar mudah diingat, misalnya untuk sarge (debian 3.1), woody untuk debian 3.0 dll. Kalau di freebsd penamaanya ya udah langsung aja sebut freebsd 5.4, freebsd 7.0 dst tidak ada codename2.

Untuk hardware2 yang didukung oleh debian bisa dilihat di sini

Sekian dulu untuk postingan kali ini. Postingan selanjutnya insya Allah masih tentang debian juga.

Artikel di terjemahkan secara bebas oleh penulis dari : http://debianhelp.co.uk/

Sebenarnya udah agak lama aku nyari perintah di linux untuk mengetahui jenis ditro yang digunakan, karena beda dengan freebsd yg kalau di uname -a langsung deh kliatan freebsd versi brapa stable atau release dll. coba nih bandingkan

uname -a pada FreeBSD :

FreeBSD 6.2-RELEASE-p1 #0: Tue Feb 27 17:40:07 WIT 2007 root@gateway.net:/usr/src/sys/i386/compile/ROUTER i386


uname -a pada pada unknown linux box :

Linux cobanet 2.6.21.5-smp #2 SMP Tue Jun 19 14:58:11 CDT 2007 i686 Intel(R) Pentium(R) D CPU 2.66GHz GenuineIntel GNU/Linux

Nah kan.. bagi saya yang kurang familier dengan linux apalagi versi kernel2nya.. susah juga.

Setelah tanya sini situ, ternyata bisa dicoba dengan cara
# more /etc/issue

Tapi pada linux box yg saya test keluarnya gini :

root@cobanet:~# more /etc/issue
Welcome to \s \r (\l)

Saya masih penasaran, akhirnya googling dannnnn alhamdulillah ketemu scriptnya, ini nih scriptnya :

#!/bin/ksh

system=`uname -s| tr 'A-Z' 'a-z'`

cputype=`uname -m`

for rfile in \
SuSE-release \
redhat-release \
redhat_version \
gentoo-release \
fedora-release \
turbolinux-release \
mandrake-release \
mandrakelinux-release \
debian_version \
debian_release \
knoppix-version \
yellowdog-release \
slackware-version \
slackware-release \
conectiva-release \
mandriva-release \
immunix-release \
tinysofa-release \
trustix-release \
adamantix_version \
yoper-release \
arch-release \
libranet_version \
va-release \
; do
if [ -r /etc/$rfile ] ; then
distro=$(echo $rfile | \
tr 'A-Z' 'a-z' | \
sed -e 's/[_-]\(release\|version\)$//')
if [ "$distro" = "va" ] ; then distro=va-linux; fi
break
fi
done

case "$distro" in
suse)
if grep -q Enterprise /etc/SuSE-release ; then
release=SLES
version=$(egrep 'VERSION' /etc/SuSE-release | \
sed -e 's/ *VERSION *= *//')-pl$(egrep 'PATCHLEVEL' \
/etc/SuSE-release | sed -e 's/ *PATCHLEVEL *= *//')
else
release=SuSE
version=$(egrep 'VERSION' /etc/SuSE-release | \
sed -e 's/ *VERSION *= *//')
fi
;;
redhat)
# First part of red hat release is everything before 'release'
release=$(sed -e 's/ release.*$//' /etc/redhat-release | \
sed -e 's/[^A-Z]//g')
# Second part of red hat release is numbers after 'release'
version=$( sed -e 's/^.* release//' /etc/redhat-release | \
sed -e 's/[^0-9]//g' | \
sed -e 's/\([0-9]\)\([0-9]\)/\1.\2/g')
;;
esac

# CPU info from /proc/cpuinfo
set -A model_info \
$(grep 'model name' /proc/cpuinfo | \
uniq | \
tr 'A-Z' 'a-z' | \
perl -wn -e \
's/\s*model\s*name\s*:\s*//go; s/\((tm|r)\)//go; s/\s*(processor|cpu)//go; print;')
cpuvendor=${model_info[0]}
cpumodel=${model_info[1]}
cpuspeed=${model_info[2]}

# GLIBC info:
glibc=$(rpm -qv glibc|uniq)

printf "$system $cputype $cpumodel $distro $release-$version $glibc $cpuvendor $cpuspeed\n"

Semalam udah semangat 456789 mau nyoba debian yang udah lama tak terjamah tangan halusku, tapi tak dinyana aku lupa password rootnya ^^. Untung jam 11an nak ibnu bisa dikontak, secara dia biasa bersentuhan dgn mbak debby ini :P. *tenkiu yo le*

Berikut langkahnya, boot loadernya pakai grub nih bukan lilo and stich :P.

1. Waktu boot pilih "recory mode" dan tekan c.
2. Selanjutnya akan ada 4 pilihan, dan arahkan kursor pada pilihan yang ada tulisannya kernel bla2, pokoknya paling panjang sendiri deh, kemudian tekan e.
3. Tambahkan "init=/bin/bash" pada akhir baris dan tekan enter. Voila, udah masuk single mode.
4. ketikkan "mount -o remount, rw /"
5. ketik passwd, isikan password yang baru
6. kemudian ubah akses ke readonly "mount -o remount, ro /"
7. Selesai dan reboot deh..

Kalau di freebsd langkahnya lebih mudah,
1. Waktu boot, pada boot menu tekan angka 3
2. mount -a
3. ketik passwd dan isikan password baru dan reboot

Untuk freebsd ada pilihan untuk tetap prompt password walaupun kita masuk di single mode, bisa di cek /etc/ttys dan ubah pilihan secure menjadi insecure. Itu kalo qta admin paranoid n menjamin kalo qta ga bakalan lupa password kita :p.
Kalo di debian belum tahu sih gmn caranya, tapi kata si ibnu sih di linux yg versi baru u/ single modenya udah diprompt password juga.