How to fix W: Duplicate sources.list entry http://apt.newrelic.com/debian/ newrelic/non-free amd64 Packages (/var/lib/apt/lists/apt.newrelic.com_debian_dists_newrelic_non-free_binary-amd64_Packages)

How to fix this error ?

W: Duplicate sources.list entry http://apt.newrelic.com/debian/ newrelic/non-free amd64 Packages (/var/lib/apt/lists/apt.newrelic.com_debian_dists_newrelic_non-free_binary-amd64_Packages)

This comes on my hosting once you typed in apt-get update.

The resolution is pretty simple if you know where to look to for and they don’t make it easy.

Instead of navigating to

$cd /etc/apt/

you need to navigate to:

# cd /etc/apt/sources.list.d/ and edit newrelic file

it might just simpler to type:

$vim /etc/apt/sources.list.d/newrelic.list

and edit to file from:

deb http://apt.newrelic.com/debian newrelic non-free

deb http://apt.newrelic.com/debian newrelic non-free

So you need to remove one line and run apt-get update again.

Problem solved!

Or simply you can use this command to find where it is

grep -rnw /etc/ -e “deb http://apt.newrelic.com/debian”
/etc/apt/sources.list.d/newrelic.list:1:deb http://apt.newrelic.com/debian/ newrelic non-free

how to fix SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam) 25 / tcp / smtp CVE-2015-4000

This is short version of guide from  here (https://weakdh.org/sysadmin.html)

Generate a 2048 key using openssl

openssl dhparam -out dhparams.pem 2048

and then reconfigure postfix

Postfix SMTP

Both parameters should be set in /etc/postfix/main.cf.

Add

smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDB3-SHA, KRB5-DES, CBC3-SHA

Add

smtpd_tls_dh1024_param_file = ${config_directory}/dhparams.pem

Reload configuration

sudo postfix reload

This will fix your postfix installation and your server will be PCI compliant again.

Linux lsof command. How to use it

lsof – a linux command stand for LiSt Open Files and this is what this command does.

To get more inform you can type

man lsof

info lsof

type lsof

This will give you some info which I want be explaining here as you can manuals so you use them!

The lsof program can be used to identify what files are open in a directory, find who’s accessing them, and so on.

As everything in Linux is a file and is kept in the file it also means that you can use this command to display network connections.

i parameter will select all the listing of files any of whose Internet address matches the address specified. If no address is specified, this option select the listing of all Internet.

ami@amios:~$ lsof -i
COMMAND   PID USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
ruby    19379  ami    8u  IPv4 4682378      0t0  TCP localhost:45065 (LISTEN)

You can restrict the output of lsof by including an address after the -i option. The addres takes the following form:

[46][protocol][@hostname|hostaddr][:service|port]

The digit 4 or 6 represent an IPv4 or IPv6 connection, the protocol is the protocl type (TCP or UDP), the hostname or hostaddr is the computer hostname or IP address associated with the remote system.

ami@amios:~$ lsof -i :ftp

Nothing get displayed as I am not running a FTP service on my testbed.

Alternatively, you can replace ftp with 21, because 21 is the port number associated with FTP port.

ami@amios:~$ lsof -i | grep LISTEN
ruby    19379  ami    8u  IPv4 4682378      0t0  TCP localhost:45065 (LISTEN)
 

Paging through the raw output (without using grep to search for LISTEN) will provide
you with a better idea of your system’s overall network use. You could conceivably spot
something suspicious, such as an outgoing network connection to a sensitive computer
that the client shouldn’t be contacting. This network activity may indicate active cracking
attempts by a user of the client, intrusion by an outsider, or the work of an automated
worm or Trojan horse program.

If you identify programs that shouldn’t be running, such as unnecessary servers, you can
use the command name, PID, and other information to help shut them down. The preceding
section “Disabling Unused Servers” describes how to do this in more detail.
Another use of lsof is in identifying who’s accessing fi les. This might be handy if you
need to unmount a fi lesystem (including a network fi lesystem) but can’t because of in-use
fi les or if you suspect inappropriate activities involving file access.

 

 

 

 

English Names for characters in keyboard

~ tilde (sounds like til-da); be prepared to explain to computer-illiterate people saying “you know, the wave-shaped thingy”
! exclamation; commonly read as bang in case of #!/bin/sh
@ at
# pound; but commonly read as shee in case of #!/bin/sh, not sure why
$ dollar
% percent
^ caret; not many people know this word so be prepared to say “no, not carrot; it’s the character above 6, an arrow pointing up”
& ampersand
* star; some read asterisk
( opening parenthesis (some may shorten it saying paren)
) closing parenthesis
_ underscore; once I heard people say underbar
+ plus
minus; as symbol before arguments in commands, some people including me read dash, easier to say one syllable
= equals
` backtick or backquote
{ opening brace
} closing brace
[ opening bracket
] closing bracket
| pipe or vertical bar
\ backslash; be prepared to explain to some computer-illiterate people
: colon
; semicolon
double quote
single quote
< less than; some may read left angle bracket
> greater than
, comma
. dot; period if in English text
? question mark
/ slash or forward slash; some computer-illiterate people may be confused about / and \
space
(), [] and {} may also be called brackets in general. In that case, they specifically call [] square brackets and {} curly brackets. I never like this. Open and Closing may also be called left and right.

Secure Server – Hardening Tips & Tricks. Make your server more secure.

Server Hardening Tips & Tricks:

Found it on the net but let’s make it better. Post your COMMENTS!

 

Is that really all ?

Every server security conscious organization will have their own methods for maintaining adequate system and network security. Often you will find that server hardening consultants can bring your security efforts up a notch with their specialized expertise.

Some common server hardening tips & tricks include:

– Use Data Encryption for your Communications
– Avoid using insecure protocols that send your information or passwords in plain text.
– Minimize unnecessary software on your servers.
– Disable Unwanted SUID and SGID Binaries
– Keep your operating system up to date, especially security patches.
– Using security extensions is a plus.
– When using Linux, SELinux should be considered. Linux server hardening is a primary focus for the web hosting industry, however in web hosting SELinux is probably not a good option as it often causes issues when the server is used for web hosting purposes.
– User Accounts should have very strong passwords
– Change passwords on a regular basis and do not reuse them
– Lock accounts after too many login failures. Often these login failures are illegitimate attempts to gain access to your system.
– Do not permit empty passwords.
– SSH Hardening
— Change the port from default to a non standard one
— Disable direct root logins. Switch to root from a lower level account only when necessary.
– Unnecessary services should be disabled. Disable all instances of IRC – BitchX, bnc, eggdrop, generic-sniffers, guardservices, ircd, psyBNC, ptlink.
– Securing /tmp /var/tmp /dev/shm
– Hide BIND DNS Sever Version and Apache version
– Hardening sysctl.conf
– Server hardenining by installing Root Kit Hunter and ChrootKit hunter.
– Minimize open network ports to be only what is needed for your specific circumstances.
– Configure the system firewall (Iptables) or get a software installed like CSF or APF. Proper setup of a firewall itself can prevent many attacks.
– Consider also using a hardware firewall
– Separate partitions in ways that make your system more secure.
– Disable unwanted binaries
– Maintain server logs; mirror logs to a separate log server
– Install Logwatch and review logwatch emails daily. Investigate any suspicious activity on your server.
– Use brute force and intrusion detection systems
– Install Linux Socket Monitor – Detects/alerts when new sockets are created on your system, often revealing hacker activity
– Install Mod_security as Webserver Hardening
– Hardening the Php installation
– Limit user accounts to accessing only what they need. Increased access should only be on an as-needed basis.
– Maintain proper backups
– Don’t forget about physical server security

yum install error File “/usr/bin/yum”, line 30 except KeyboardInterrupt on Cent OS Ubuntu Linux Mint Redhat

This is a common problem if you updated your python distribution to python 3. Normally installed python from source.

 

Unfortunately yum still depend on the python 2

What you need to do is:

$which python

Then navigate normally to:

$cd /usr/bin/

$ll | grep python

and see what is happening:

lrwxrwxrwx    1 root root           9 Feb 22 17:10 python -> python2.6
lrwxrwxrwx    1 root root           6 Nov  9 12:04 python2 -> python
-rwxr-xr-x    1 root root        9032 Jul 10  2013 python2.6

In my case I have already fixed this problem so you can see that my symlink python -> python2.6

if it point to something else then you need to type in:

ln -s python2.6 python

You can use any other version of python you have got installed as long as it is version 2