kernel: ip_conntrack: table full, dropping packet.

ARUN Posted in FIREWALL
0

Getting the below messages in /var/log/messages

Mar 4 08:09:41 server kernel: ip_conntrack: table full, dropping packet.

Solution:

http://admin.webhostingdevelopment.com/posting.php?mode=post&f=85

You might need to increase the ip_conntrack_max value.

To check the current value of  “ip_conntrack_max”

cat /proc/sys/net/ipv4/ip_conntrack_max
How to increase the value???
cp -ar /etc/sysctl.conf /etc/sysctl.conf.bak
vi /etc/sysctl.conf
Add or edit the field below and give the appropriate value
net.ipv4.netfilter.ip_conntrack_max = 
Tested with 131072 and when I received error with 65536 and it fixed

Error “Can’t locate Time/HiRes.pm in @INC” when installing csf

ARUN Posted in FIREWALL, INSTALLATION
0

[root@server csf]# ./install.sh

Configuring for OS

Running csf generic installer

Installing generic csf and lfd

Check we’re running as root

Checking Perl modules…
Can’t locate Time/HiRes.pm in @INC (@INC contains: /etc/csf /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at (eval 30) line 2.
BEGIN failed–compilation aborted at (eval 30) line 2.
Using configuration defaults

You need to install the missing perl modules and then install cxs

Solution :

yum install perl-Time-HiRes

You need to install the LWP perl module (libwww-perl) and then install csf

ARUN Posted in FIREWALL, INSTALLATION
0

yum install perl-libwww-perl

How to install and configure maldet scan

ARUN Posted in ATTACK, FIREWALL, INSTALLATION, VIRUS SCAN
0

wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
tar -xzvf maldetect-current.tar.gz
cd maldetect-*
sh install.sh

================================

[     maldet --scan-all  /home/*/public_html/            ---> To scan      ]

[     maldet --report 122111-1532.827                -----> To see the report      ]

[     maldet -q 122111-1532.8272                         ----> To remove the Infected files       ]

maldet(7488): {scan} quarantine is disabled! set quar_hits=1 in conf.maldet or to quarantine results run: maldet -q 125211-1258.7488

 

INFECTED FILES LIST in

cd /usr/local/maldetect/sess/

There is a file that start with   session.

How to enable ping in apf

ARUN Posted in FIREWALL
0

Insert the following in apf.conf

IG_ICMP_TYPES=”8″

A message with the following attributes was not delivered because it contains an object which cannot be checked by antivirus. Relaying such messages is blocked by administrator.

ARUN Posted in FIREWALL, PLESK BACKEND, PLESK FRONTEND
0

Getting the below bounce message while trying to send emails to plesk server with drweb enabled.

================

A message with the following attributes was not delivered because it contains an object which cannot be checked by antivirus.
Relaying such messages is blocked by administrator.

================

Or

==================================

Getting the below message while trying to stop drweb from within plesk >> service management

Unable to make action: Unable to manage service by dr mgr: Empty error message from utility. (‘–stop’, ‘drweb’)

====================================

Solution :

/etc/init.d/drwebd restart

If that doesnot work kill all drweb process.

pgrep drwebd | xargs kill -9
Then check emails and if that work try enabling dr web again using
/etc/init.d/drwebd restart

 

Checking for perl modulesfailed You need to install the LWP perl module (libwww-perl) and then install csf

ARUN Posted in FIREWALL, INSTALLATION
0

Getting the below error while trying to install csf

Checking for perl modulesfailed You need to install the LWP perl module (libwww-perl) and then install csf

Solution :

yum install perl-libwww-perl

just-ping when try to access csf installed server ping fails

ARUN Posted in FIREWALL
0

Open csf.conf

vi /etc/csf/csf.conf

Change   ICMP_IN_RATE  to  30/s

Restart csf

csf -r

And this should be fixed.

Traceroute fails when csf is enabled

ARUN Posted in FIREWALL
0

When csf is enabled traceroute wont complete.

Tried reinstaling csf, but that too didnot fix the case.

Solution : vi /etc/csf/csf.conf

Search for UDP_IN and add  33434:33523

Restart csf    csf -r  and try

User blocked for pop3d access

ARUN Posted in FIREWALL
0

Time: Thu Feb 16 08:29:54 2009 +0200
Account: Username
Application: pop3d
IP: xxx
Logins: 61
Interval: 5263
Allowable: 60 logins per hour in 3600 second interval
Flushed in: 2 seconds

Solution :

In csf.conf increase the limit for   LT_POP3D

LFD warning email

ARUN Posted in FIREWALL
0

Time: Tue Mar 28 13:01:17 2010 +0000
PID: 86594
Account: nobody
Uptime: 789985 seconds
Executable:
/usr/bin/memcached
Command Line (often faked in exploits):
memcached -d -p 11211 -u nobody -c 1024 -m 64

Block country through csf

ARUN Posted in FIREWALL
0

In csf.conf

CC_DENY = “SA”

You can get country code from the link below :

http://www.ipdeny.com/ipblocks/

How to install CSF addon CSE

ARUN Posted in FIREWALL
0
To install or upgrade cse simply do the following from the root shell via SSH:

rm -fv cse.tgz
wget http://www.configserver.com/free/cse.tgz
tar -xzf cse.tgz
cd cse
sh install.sh
cd ..
rm -Rfv cse/ cse.tgz

Then login to WHM and scroll to the bottom of the left hand menu and you should see "ConfigServer Explorer"

If you want to uninstall, simply:

rm -fv /usr/local/cpanel/whostmgr/docroot/cgi/addon_cse.cgi
rm -fv /usr/local/cpanel/whostmgr/docroot/cgi/cseversion.txt

Iptables rules saved in following file

ARUN Posted in FIREWALL
0

/etc/sysconfig/iptables

We can move this file if you wish and all the rules will be disabled.

How to disable CSF IP address block alert email

ARUN Posted in FIREWALL
0
vi /etc/csf/csf.conf
# Send an email alert if an IP address is blocked by one of the [*] triggers
LF_EMAIL_ALERT = “1″

# Send an email alert if an IP address is blocked by one of the [*] triggersLF_EMAIL_ALERT = “1″