Friday, July 6, 2018

Apache Wildfly Config

1. Backup your default Apache configuration:
   sudo cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd-org.conf
 
2. sudo yum install httpd-devel gcc gcc-c++ make libtool
3. sudo ln -s /usr/bin/apxs /usr/sbin/apxs

4.  cd /tmp
5.  wget http://www.apache.org/dist/tomcat/tomcat-connectors/jk/tomcat-connectors-1.2.43-src.tar.gz
6.  tar -xf tomcat-connectors-1.2.43-src.tar.gz
7.  cd /tmp/tomcat-connectors-1.2.43-src/native
8.  ./buildconf.sh
9. ./configure --with-apxs=/usr/sbin/apxs
10. make
11. sudo systemctl stop httpd
12. sudo cp /tmp/tomcat-connectors-1.2.43-src/native/apache-2.0/mod_jk.so /usr/lib64/httpd/modules


13. sudo vi /etc/httpd/conf.d/workers.properties
--------------------------------------------------------------
 worker.list=jboss1,jkstatus
worker.jkstatus.type=status
worker.jboss1.type=ajp13
worker.jboss1.port=8009

worker.jboss1.host=127.0.0.1


14. sudo vi /etc/httpd/conf.d/modjk.conf
----------------------------------------------------------
# To avoid error AH00558: httpd: Could not reliably
# determine the server's fully qualified domain name
# replace 1.2.3.4 with your server IP
ServerName    23.95.0.231

# Load mod_jk
LoadModule    jk_module modules/mod_jk.so
JkWorkersFile /etc/httpd/conf.d/workers.properties
JkLogFile     /var/log/httpd/mod_jk_log

# To be changed to warn in production, the mount point should match your application sample pathes
JkLogLevel    info
JKMount       /mobicast jboss1
JkMount       /mobicast/* jboss1
JKMount       /jkstatus jkstatus

# To avoid write access error in mod_jk
# https://bugzilla.redhat.com/show_bug.cgi?id=912730
JKShmFile     /var/tmp/jk-runtime-status

15. sudo systemctl restart httpd

16. Configure WildFly for accepting calls from Apache HTTP,
    Open the admin console, and selection the Configuration

Menu -> Web -> HTTP. Then click the View link beside the default-server.

    Select the AJP Listener above, and click Add


 17. Check wildfly config(its better to use 28080 instead of 8080)

 sudo vi /opt/wildfly/standalone/configuration/standalone-full.xml

 Check the config as below :
<interface name="public"> <inet-address value="${jboss.bind.address:127.0.0.1}"/> </interface> <interface name="unsecure"> <inet-address value="${jboss.bind.address.unsecure:127.0.0.1}"/> </interface> </interfaces> <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}"> <socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/> <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/> <socket-binding name="ajp" port="${jboss.ajp.port:8009}"/> <socket-binding name="http" port="${jboss.http.port:28080}"/> <socket-binding name="https" port="${jboss.https.port:8443}"/>

18. sudo vi vhost.com

<VirtualHost *:80> ServerAdmin webmaster@xxxxxx ServerName apihost.xxxxxxxxx ServerAlias apihost.xxxxxxxxx DocumentRoot /var/www/html/xxxxx/public_html/ ErrorLog /var/www/html/xxxxxxxxx/logs/error.log CustomLog /var/www/html/xxxxxx/logs/access.log combined
JkMountCopy On
</VirtualHost>

Make sure to add the "JkMountCopy On" line

19. to check if ajp listener is running :

 ss -lnp | grep 8009
Posted by at No comments:

Fail2Ban Centos 7.5 Installation

Install fail 2 Ban

1. yum install epel-release

2. sudo yum install fail2ban


Configure Fail2ban

1. sudo cp /etc/fail2ban/fail2ban.conf /etc/fail2ban/fail2ban.local
2. sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
3. sudo vi /etc/fail2ban/jail.local
4. For centos7 change backend = systemd
5. put [sshd] 
   enabled = true
6. Add the following lines


##To block failed login attempts use the below jail. 
 [apache] 
 enabled = true 
 port = http,https 
 filter = apache-auth 
 logpath = /var/log/apache2/*error.log 
 maxretry = 3 
 bantime = 600 
 ignoreip = 192.168.15.189
 
 ##To block the remote host that is trying to request suspicious URLs, use the below jail. 
 [apache-overflows] 
 enabled = true 
 port = http,https 
 filter = apache-overflows 
 logpath = /var/log/apache2/*error.log 
 maxretry = 3 
 bantime = 600 
 ignoreip = 192.168.15.189
 
 ##To block the remote host that is trying to search for scripts on the website to execute, use the below jail. 
 [apache-noscript] 
 enabled = true 
 port = http,https 
 filter = apache-noscript 
 logpath = /var/log/apache2/*error.log 
 maxretry = 3 
 bantime = 600 
 ignoreip = 192.168.15.189
 
 ##To block the remote host that is trying to request malicious bot, use below jail. 
 [apache-badbots] 
 enabled = true 
 port = http,https 
 filter = apache-badbots 
 logpath = /var/log/apache2/*error.log 
 maxretry = 3 
 bantime = 600 
 ignoreip = 192.168.15.189
 
 ##To stop DOS attack from remote host. [http-get-dos] 
 enabled = true 
 port = http,https 
 filter = http-get-dos 
 logpath = /var/log/apache*/access.log 
 maxretry = 400 
 findtime = 400 
 bantime = 200 
 ignoreip = 192.168.15.189 
 action = iptables[name=HTTP, port=http, protocol=tcp]
 
 ##To block the failed login attempts on the SSH server, use the below jail. 
 [ssh] 
 enabled = true 
 port = ssh 
 filter = sshd 
 logpath = /var/log/auth.log 
 maxretry = 3 
 bantime = 600 
 ignoreip = 192.168.15.189
Save the file when you are finished.
Next, you will also need to create the filter file /etc/fail2ban/filters.d/http-get-dos.conf.
sudo nano /etc/fail2ban/filters.d/http-get-dos.conf
# Fail2Ban configuration file 
 [Definition]
 
 # Option: failregex 
 # Note: This regex will match any GET entry in your logs, so basically all valid and not valid entries are a match. 
 # You should set up in the jail.conf file, the maxretry and findtime carefully in order to avoid false positives. 
 failregex = ^<HOST> -.*"(GET|POST).* 
 # Option: ignoreregex 
 ignoreregex =
sudo systemctl restart fail2ban
sudo iptables -L


sudo fail2ban-client status


sudo fail2ban-client status sshd
Posted by at No comments:

Centos 7 malware scan



Installation rkhunter

We need the EPEL repository to install rootkit hunter.
# yum install epel-release
# yum install rkhunter

To Run
sudo rkhunter --check
Posted by at No comments:

Thursday, July 5, 2018

Java Installation on CentOS 7

Java installation
--------------------
1. goto /opt folder
2. sudo wget --no-cookies --no-check-certificate --header "Cookie: gpw_e24=http%3A%2F%2Fwww.oracle.com%2F; oraclelicense=accept-securebackup-cookie" "http://download.oracle.com/otn-pub/java/jdk/8u111-b14/jdk-8u111-linux-x64.tar.gz"
3. sudo tar xzf jdk-*.tar.gz
4. sudo alternatives --install /usr/bin/java java /opt/jdk1.8.0_162/bin/java 2
5. sudo alternatives --config java


6. sudo alternatives --install /usr/bin/jar jar /opt/jdk1.8.0_162/bin/jar 2
7. sudo alternatives --install /usr/bin/javac javac /opt/jdk1.8.0_162/bin/javac 2
8. sudo alternatives --set jar /opt/jdk1.8.0_162/bin/jar
9. sudo alternatives --set javac /opt/jdk1.8.0_162/bin/javac

10. java -version

11. export JAVA_HOME=/opt/jdk1.8.0_162
12. export JRE_HOME=/opt/jdk1.8.0_162/jre
13. export PATH=$PATH:/opt/jdk1.8.0_162/bin:/opt/jdk1.8.0_162/jre/bin

14. nano /etc/profile.d/java.sh

if ! echo ${PATH} | grep -q /opt/jdk1.8.0_162/bin ; then

   export PATH=/opt/jdk1.8.0_162/bin:${PATH}

fi

if ! echo ${PATH} | grep -q /opt/jdk1.8.0_162/jre/bin ; then

   export PATH=/opt/jdk1.8.0_162/jre/bin:${PATH}

fi

export JAVA_HOME=/opt/jdk1.8.0_162

export JRE_HOME=/opt/jdk1.8.0_162/jre

export CLASSPATH=.:/opt/jdk1.8.0_162/lib/tools.jar:/opt/jdk1.8.0_162/jre/lib/rt.jar

15. sudo chown root:root /etc/profile.d/java.sh
16. sudo chmod 755 /etc/profile.d/java.sh

Posted by at No comments:

Tuesday, July 3, 2018

Rest JSON Example by ejb 3


package xxxxxxxxxx;

import au.com.mobicast.jaxrs.model.Contact;
import au.com.mobicast.jaxrs.model.RSMessage;
import java.util.List;
import javax.ejb.Stateless;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;

@Stateless
@Path("/contacts")
public class ContactFacadeREST extends AbstractFacade<Contact> {

    @PersistenceContext(unitName = "xxxxPU")
    private EntityManager em;

    public ContactFacadeREST() {
        super(Contact.class);
    }

    @POST
    @Override
    @Consumes({MediaType.APPLICATION_JSON})
    @Produces({MediaType.APPLICATION_JSON})
    public Response create(Contact entity) {
        super.create(entity);   
        return Response
                .ok()
                .entity(entity)
                .build();
     
    }

    @PUT
    @Path("{id}")
    @Consumes({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON})
    public void edit(@PathParam("id") Long id, Contact entity) {
        super.edit(entity);
       
    }

    @DELETE
    @Path("{id}")
    public void remove(@PathParam("id") Long id) {
        super.remove(super.find(id));
    }

    @GET
    @Path("{id}")
    @Produces({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON})
    public Contact find(@PathParam("id") Long id) {
        return super.find(id);
    }

    @GET
    @Override
    @Produces({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON})
    public List<Contact> findAll() {
        return super.findAll();
    }

    @GET
    @Path("{from}/{to}")
    @Produces({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON})
    public List<Contact> findByName(@PathParam("query") String query) {
        return super.findByName(query);
 
    }

    @GET
    @Path("count")
    @Produces(MediaType.TEXT_PLAIN)
    public String countREST() {
        return String.valueOf(super.count());
    }

    @Override
    protected EntityManager getEntityManager() {
        return em;
    }
   
}



Database SQL
--------------------------------
create table `naxxx_projects`.CONTACT
(
ID BIGINT NOT NULL AUTO_INCREMENT primary key,
CONTACT_TYPE VARCHAR(15),
CONTACT_NAME VARCHAR(150),
CONTACT_TITLE VARCHAR(150),
CONTACT_MESG VARCHAR(255),
HOUSE_NUM VARCHAR(15),
APT_NUM VARCHAR(15),
ADDRESS_LINE1 VARCHAR(145),
ADDRESS_LINE2 VARCHAR(145),
ADDRESS_LINE3 VARCHAR(145),
COUNTRY_ID BIGINT,
COUNTRY_NAME VARCHAR(150),
STATES_ID BIGINT,
STATES_NAME VARCHAR(150),
CITY_ID BIGINT,
CITY_NAME VARCHAR(150),
PHONE_TYPE VARCHAR(15),
PHONE_COUNTRY_CODE VARCHAR(45),
PHONE_STATE_CODE VARCHAR(45),
PHONE_NUMBER VARCHAR(45),
MOBILE_NUMBER VARCHAR(45),
PHONE_EXT_NUMBER VARCHAR(45),
EMAIL VARCHAR(150),
EMAIL_TYPE VARCHAR(50),
WEBSITE VARCHAR(150),
TWITTER VARCHAR(45),
NOTE VARCHAR(255)
)

Posted by at No comments:
Subscribe to: Comments (Atom)