find / -size +204800k -exec du -hs {} \;
How to Install Linux Malware Detect (LMD) and ClamAV on CentOS 7
Linux Malware Detect (LMD) is malware detector and scanner for Linux, designed for shared hosting environments. LMD is released under GNU GPLV2 license, it can be installed on cPanel WHM and Linux environments with together other detection tools such as ClamAV.
Clam AntiVirus (ClamAV) is an open source antivirus solution to detect trojans, malware, viruses and other malicious software. ClamAV supports multiple platforms including Linux, Windows, and MacOS.
In this tutorial, I will show you how to install Linux Malware Detect (LMD) with Clam AntiVirus (ClamAV). I will use CentOS 7 as the operating system.
Prerequisite
- CentOS 7
- Root privileges
Step 1 – Install Epel repository and Mailx
Install the Epel (Extra Packages for Enterprise Linux) repository and the mailx command with yum. We need mailx installed on the system so that LMD can send the scan reports to your email address.
yum -y install epel-release
Install mailx so we can use the mail command on CentOS 7:
yum -y install mailx
More info
https://www.howtoforge.com/tutorial/how-to-install-lmd-and-clamav-on-centos-7/
ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY
Symptoms
Unable to open https link in a browser. The web page does not open with the following error:
ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY
Cause
Bug with ID #PPPM-5705. Will be fixed in future releases.
Resolution
As a workaround update nginx configuration by running the following command:
plesk sbin sslmng --services=nginx --custom --ciphers='EECDH+AESGCM+AES128:EECDH+AESGCM+AES256:EDH+AESGCM+AES128:EDH+AESGCM+AES256:EECDH+SHA256+AES128:EECDH+SHA384+AES256:EDH+SHA256+AES128:EDH+SHA256+AES256:EECDH+SHA1+AES128:EECDH+SHA1+AES256:EDH+SHA1+AES128:EDH+SHA1+AES256:EECDH+HIGH:EDH+HIGH:AESGCM+AES128:AESGCM+AES256:SHA256+AES128:SHA256+AES256:SHA1+AES128:SHA1+AES256:HIGH:!aNULL:'
Server negotiated HTTP/2 with blacklisted suite
Symptoms
- HTTP/2 support is enabled on a sever.
- When trying to analyze a domain at SSLLabs the following error is reported:
Server negotiated HTTP/2 with blacklisted suite RSA 2048 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | ECDH secp256r1 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is blacklisted for HTTP/2.
Cause
An nginx misconfiguration – blacklisted ciphers are used prior to acceptable ones.
Blacklisted ciphers exist in the default configuration because the configuration is common for both HTTP v1 clients and HTTP v2 clients. If the ciphers blacklisted for HTTP v2 are removed, then some (old) HTTP v1 clients would not be able to connect via HTTP v1. Therefore these ciphers are not removed, but moved to the end of the (ordered) list.
Resolution
- Connect to the server using SSH.
- Re-enable HTTP/2 support:
# /usr/local/psa/bin/http2_pref enable
Securing Revive
chmod 444 /path/to/revive/var/your.domain.conf.php
chmod 777 /path/to/revive/var/your.domain.conf.php
UPDATE ox_users SET username = 'weirdusername1' WHERE user_id = 1; //assumes the default case of admin as you first user be sure to check!
mv /path/to/revive/www/admin/install*.php ~/
<Directory /path/to/revive/www/admin> AuthName "Restricted Area" AuthType Basic AuthUserFile /apache/passwords require valid-user #its a good idea not to cache the admins pages so changes are immediately reflected ExpiresDefault A0 Header set Cache-Control "no-store, no-cache, must-revalidate, max-age=0" Header set Pragma "no-cache" </Directory>
alter table ox_banners change append append varchar(0); alter table ox_banners change prepend prepend varchar(0); alter table ox_zones change append append varchar(0); alter table ox_zones change prepend prepend varchar(0);
SELECT u.user_id, u.contact_name, u.email_address, u.username FROM ox_users AS u, ox_account_user_assoc AS aua WHERE u.user_id=aua.user_id AND aua.account_id = (SELECT value FROM ox_application_variable WHERE name='admin_account_id');
SELECT bannerid, htmltemplate from ox_banners order by updated desc limit 10;
SELECT details from ox_audit where updated >= DATE_ADD(NOW(), INTERVAL -1 DAY);
SELECT bannerid, append, prepend FROM ox_banners WHERE append != '' OR prepend != ''; SELECT zoneid, append, prepend FROM ox_zones WHERE append != '' OR prepend != '';
I considered adding general tips RE: hardening the host, MySQL, web server etc but decided to keep the scope solely to Revive. Be great if others added their tips below.
*Your tables prefix i.e. ‘ox_’ may differ in accordance with your preferences or if a clean install of Revive has been carried out as opposed to an upgrade from OpenX.