MySQL ERROR 1819 (HY000): Your password does not satisfy the current policy requirements !!

First you login with mysql -u root -p and check the current policy rules by:

# SHOW VARIABLES LIKE 'validate_password%';
+--------------------------------------+--------+
| Variable_name                        | Value  |
+--------------------------------------+--------+
| validate_password_dictionary_file    |        |
| validate_password_length             | 5      |
| validate_password_mixed_case_count   | 1      |
| validate_password_number_count       | 1      |
| validate_password_policy             | MEDIUM |
| validate_password_special_char_count | 1      |
+--------------------------------------+--------+

Then you can change any of the above variables at your will:

# SET GLOBAL validate_password_length = 5;
# SET GLOBAL validate_password_number_count = 0;
# SET GLOBAL validate_password_mixed_case_count = 0;
# SET GLOBAL validate_password_special_char_count = 0;

Finally you can create a database and a user accessing it with a simpler password:

# CREATE USER 'laravel'@'localhost' IDENTIFIED BY 'laravel';
# GRANT ALL PRIVILEGES ON *.* TO 'laravel'@'localhost' WITH GRANT OPTION;
# CREATE DATABASE laravel;
# FLUSH PRIVILEGES;

After that you can login with mysql -u user1 -p laravel using password laravel

How to Securing your Linux Server

Securing your environment starts during the ordering process when you are deploying server resources. If you want to deploy a quick server without putting it behind an extra hardware firewall layer or deploying it with an APF (Advanced Policy Firewall).

There are a couple of security hardening tips. I  set my servers to have a solid base level of security when I deploy a Linux system.

 

Limit physical access and booting capabilities

• Enable BIOS password
• Disable floppy and usb booting
• Set a LILO or GRUB password (/etc/lilo.conf or /boot/grub/menu.lst, respectively)
• check that the LILO or GRUB configuration file is read-protected.

 

Disable Root Login

When you need super-user permissions, use sudo instead of su. Sudo is more secure than using su: When a user uses sudo to execute root-level commands, all commands are tracked by default in /var/log/secure. Furthermore, users will have to authenticate themselves to run sudo commands for a short period of time.

Note:
You should Stop Using Root!

 

Partitioning

• Separate user-writable data, non-system data, and rapidly changing run-time data to their own partitions
• Set nosuid,noexec,nodev mount options in /etc/fstab on ext2 partitions such as /tmp

 

Limiting the network access

• Install and configure ssh (suggest PermitRootLogin No in /etc/ssh, PermitEmptyPasswords No; note other suggestions in text also)
• Consider disabling or removing in.telnetd
• Generally, disable gratuitous services in /etc/inetd.conf using update-inetd –disable (or disable inetd altogether, or use a replacement such as xinetd or rlinetd)
• Disable other gratuitous network services; mail, ftp, DNS, www etc should not be running
• if you do not need them and monitor them regularly.
• For those services which you do need, do not just use the most common programs, look for more secure versions shipped with Debian (or from other sources). Whatever you end up running,make sure you understand the risks.
• Set up chroot jails for outside users and daemons.
• Configure firewall and tcpwrappers (i.e. hosts_access); note trick for /etc/hosts.deny in text
• If you run ftp, set up your ftpd server to always run chrooted to the user’s home director
• If you run X, disable xhost authentication and go with ssh instead; better yet, disable remote X if you can (add -nolisten tcp to the X command line and turn off XDMCP in /etc/X11/xdm/xdm-config by setting the requestPort to 0)
• Disable outside access to printers
• Tunnel any IMAP or POP sessions through SSL or ssh; install stunnel if you want to provide this service to remote mail users Set up a loghost and configure other machines to send logs to this host (/etc/syslog.conf)
• Secure BIND, Sendmail, and other complex daemons (run in a chroot jail; run as non-root pseudo-user)
• Install snort or a similar logging tool.
• Do without NIS and RPC if you can (disable portmap).

 

Password hygiene and login security

• Do not choose passwords less than 8 characters “Create complexity with upper and lower-case of letters ,Special character and numbers e.g Qu4DL1nux*I0″
• Enable password shadowing and MD5
• Install and use PAM – Add MD5 support to PAM and make sure that (generally speaking) entries in /etc/pam.d/ files which grant access to the machine have the second field in the pam.d file set to “requisite” or “required”.
• Tweak /etc/pam.d/login so as to only permit local root logins.
• Also mark authorized tty:s in /etc/security/access.conf and generally set up this file to limit root logins as much as possible.
• Add pam_limits.so if you want to set per-user limits
• Tweak /etc/pam.d/passwd: set minimum length of passwords higher (6 characters maybe) and enable md5
• Add group wheel to /etc/group if desired; add pam_wheel.so group=wheel entry to /etc/pam.d/su
  For custom per-user controls, use pam_listfile.so entries where appropriate
• Have an /etc/pam.d/other file and set it up with tight security
• Set up limits in /etc/security/limits.conf (note that /etc/limits is not used if you are using PAM)
• Tighten up /etc/login.defs; also, if you enabled MD5 and/or PAM, make sure you make the corresponding

Note:
Disable root ftp access in /etc/ftpusers
Disable network root login; use su or sudo.

Policy issues

• Educate users about the whys and hows of your policies. When you have prohibited something which is regularly available on other systems, provide documentation which explains how to accomplish similar results using other, more secure means.
• Prohibit use of protocols which use cleartext passwords (telnet, rsh and friends; ftp, imap, http)
• Prohibit programs which use SVGAlib.
• Use disk quotas.

Update Kernel and Software

Ensure your kernel and software patches are up to date. I like to make sure my Linux kernel and software are always up to date because patches are constantly being released with corrected security flaws and exploits. Remember you have access to SoftLayer’s private network for updates and patches, so you don’t have to expose your server to the public network to get updates. Run this with sudo to get updates in RedHat or CentOS: yum update.

How to Install MySQL on Linux

MySQL is a relational database management system (RDBMS), and ships with no GUI tools to administer MySQL databases or manage data contained within the databases.

Users may use the included command line tools  or use MySQL “front-ends”, desktop software and web applications that create and manage MySQL databases, build database structures, back up data, inspect status, and work with data records.

The official set of MySQL front-end tools, MySQL Workbench is actively developed by Oracle, and is freely available for use.

Installation

Open a Terminal “CTRL+ALT+T” and type this command line:

on Debian / Ubuntu

# sudo -i 
# apt-get update
# apt-get install mysql-client-5.1 mysql-server-5.1

Note:
The apt-get command will install a number of packages, including the MySQL server, in order to provide the typical tools and application environment. This can mean that you install a large number of packages in addition to the main MySQL package.

During installation, the initial database will be created, and you will be prompted for the MySQL root password (and confirmation). A configuration file will have been created in /etc/mysql/my.cnf. An init script will have been created in /etc/init.d/mysql.

The server will already be started. You can now start  the MySQL server using this command line:

# service mysql [start|stop]

on Red Hat Linux, Fedora, CentOS

# su
# yum install mysql mysql-server mysql-libs mysql-server

Note:
MySQL and the MySQL server should now be installed. A sample configuration file is installed into /etc/my.cnf . An init script, to start and stop the server, will have been installed into /etc/init.d/mysqld.
To start the MySQL server use service:

# service mysqld start

To enable the server to be started and stopped automatically during boot, use chkconfig:

# chkconfig --levels 235 mysqld on 

Which enables the MySQL server to be started (and stopped) automatically at the specified the run levels.

 

How to install Zend Framework 2 (ZF2) & ZFTool (Command Line Tool) in Linux Ubuntu 14.04

Introduction:

The Zend Framework 2 is a MVC Framework developped by the PHP developpers called Zend.

I am using an Ubuntu 14.04 Desktop with an installed Apache2 web server, php5 (5.3+ required for ZF2).

---

Installation Process:

Download Zend Framework 2

First you will have to download the Zend Framework you desire to install (version >= 2.0.0 for this tutorial)

Visit Zend Archive and download your Zend package. 
Extract it to /usr/share/php/ZendFramework2

Download ZFTool

Afterwards you will need to install ZFTool. It is a command line tool which gives you the ability to create projects, models, viewtemplates and so on.

Download ZFTool from GitHub.
Extract it now to /usr/share/php/ZFTool

Now you need to grab a file called zftool.phar.

Download it directly from Zend packages.
And then extract it to the previously created folder
/usr/share/php/ZFTool/bin/.

For the extraction process you are free to choose between handling it over the terminal or the graphical way.

Notice: You will need permission rights to add content to the /usr/share/php/ folder!

You can use sftp://root@localhost to get access to this folder with root permissions, but use this way carefully!

Now you have installed the ZFTool but it is a pity to write the whole path to the executable file to use this tool.
However, as linux gives us the possibility, we can make use of aliases (for the standard user).

Create Alias

cd /etc/php5/conf.d/
sudo touch zend-framework2.ini
sudo gedit zend-framework2.ini

Now you should be able to edit this recently created file. Add the following content to it:

[Zend]
php.include_path = "/usr/share/php/ZendFramework2/library"

Save and close the file afterwards.

Let’s define the alias now:

sudo gedit ~/.bashrc

Add the following lines to your bashrc if they aren’t already defined or uncomment them
(keep in mind to edit from you standard user!):

# Alias definitions.
# You may want to put all your additions into a separate file like
# ~/.bash_aliases, instead of adding them here directly.
# See /usr/share/doc/bash-doc/examples in the bash-doc package.

if [ -f ~/.bash_aliases ]; then
   . ~/.bash_aliases
fi

Save and close again.
Now we have to create the file we are looking for in the previous bashrc:

sudo touch ~/.bash_aliases
sudo gedit ~/.bash_aliases

We add the following line(s) to the file:

alias zf2='export ZF_CONFIG_FILE=/etc/php5/conf.d/zend-framework2.ini; sudo /usr/share/php/ZFTool/bin/zftool.phar'

Finally save and close it.
Now use following command to reload your bashrc file to make the changes taking effect:

. ~/.bashrc

Now you can try to use ZFtool:

zf2 --version

You should get something like this:

ZFTool - Zend Framework 2 command line Tool
The ZFTool is using Zend Framework 2.2.4

Basic usage

For the basic commands of this tool please check the manual / help.

zf2 --help

---

Debugging

If you get an error, for instance, you wouldn’t have the required permissions,
you could try to give your user the permissions to access the zend directory.

sudo -i
cd /usr/share/php/
chown -R yourUser:yourUser ZFTool/
chmod a+x ZFTool/*
exit

Afterwards try again zf2 --version while logged into the command line with yourUser.

How to protecting linux server against denial of service “DOS” attacks

Denial Of Service “DOS” attack is according to Wikipedia:

In computing, a denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of person or persons to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers. The term is generally used with regards to computer networks, but is not limited to this field; for example, it is also used in reference to CPU resource management.[1]

One common method of attack involves saturating the target machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable. In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.

But most of the times this kind of attacks are attempted against web servers, and that is the one I’m going to show you how  to protecting linux server against denial of service “DOS” attacks using fail2ban.

What is Fail2ban

Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs — too many password failures, seeking for exploits, etc. Generally Fail2Ban is then used to update firewall rules to reject the IP addresses for a specified amount of time, although any arbitrary other action (e.g. sending an email) could also be configured. Out of the box Fail2Ban comes with filters for various services (apache, courier, ssh, etc).

Fail2Ban is able to reduce the rate of incorrect authentications attempts however it cannot eliminate the risk that weak authentication presents. Configure services to use only two factor or public/private authentication mechanisms if you really want to protect services.

Installation

Open a Terminal “CTRL+ALT+T” and type this command line:

Debian / Ubuntu

# sudo -i 
# apt-get install fail2ban

Red Hat / CentOS

# su
# yum install fail2ban

Configuration

Depending on the distribution you are using, now to configure it, consider that there are two main configuration files.

/etc/fail2ban/fail2ban.conf
/etc/fail2ban/jail.conf

Make a ‘local’ copy the jail.conf  or fail2ban.conf file in /etc/fail2ban

cd /etc/fail2ban
cp jail.conf jail.local

Now edit the file:

nano jail.local

Basic configurations are listed under the [DEFAULT] heading in the configuration file for fail2ban.

[DEFAULT]

# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space separator.
ignoreip = 127.0.0.1

# "bantime" is the number of seconds that a host is banned.
bantime  = 600

# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime  = 600

# "maxretry" is the number of failures before a host get banned.
maxretry = 3

 

Protect SSH/SFTP

After the basic settings in conf file, you can find the section for SSH [ssh-iptables]. Update the section and restart the fail2ban service.

Example:

[ssh-iptables]

enabled  = true
filter   = sshd
action   = iptables[name=SSH, port=ssh, protocol=tcp]
           sendmail-whois[name=SSH, dest=root, sender=fail2ban@example.com]
logpath  = /var/log/secure
maxretry = 3

# service fail2ban restart

Protect your FTP server:

Example:

[proftpd-iptables]

enabled  = false
filter   = proftpd
action   = iptables[name=ProFTPD, port=ftp, protocol=tcp]
           sendmail-whois[name=ProFTPD, dest=you@example.com]
logpath  = /var/log/proftpd/proftpd.log
maxretry = 5

# service fail2ban restart

 

How to reset a lost administrative password

Sometimes it is necessary to get root access, for example when you have forgotten your password or changed something in /etc/sudoers and things do not work as expected.

Note: Be careful, because this step will give you full root access to your system and you can really damage your system! Keep in mind that all the steps you see here can also be done by someone else!

Boot in to Recovery Mode:

If you have a single-boot (Ubuntu is the only operating system on your computer), to get the boot menu to show, you have to hold down the Shift key during boot up.

If you have a dual-boot (Ubuntu is installed next to Windows, another Linux operating system, or Mac OS X; and you choose at boot time which operating system to boot into), the boot menu should appear without the need to hold down the Shift key.

Note: The root account is the ultimate administrator and can do anything to the Ubuntu installation (including erase it), so please be careful with what commands you enter in the root terminal.

 

Drop to root shell prompt

You will see the following screen. Now select “root – Drop to root shell prompt” and press “Ok”

In recent versions of Ubuntu, the file system is mounted as read-only, so you need to enter the follow command to get it to remount as read-write, which will allow you to make changes:

mount -o rw,remount /

If you forgot your username enter this command to know:

ls /home

 

Change Password

Now Enter following command to reset your password:

passwd <your username>

Now enter your new password and confirm it. Restart your computer:

exit

 

How to Setup iptables on LInux Debian / Ubuntu

A firewall is a system or router that sits between an external network (i.e. the Internet) and an internal network. This internal network can be a large LAN at a business or your networked home PCs. The firewall in it’s simplest form is like a one-way street. It allows people on the internal network to access the external network (the Intenet), but it restricts traffic so that no one can use the external network to access the systems or files on the internal network.

A firewall has two network connections, one for the external network and one for the internal network. Traffic that is allowed to flow between the two networks is internally “bridged” (using a FORWARD rule) between these two connections. Disallowed traffic is not. This decision-based bridging of traffic between two connections is called “routing” or “IP forwarding”. What this means is that any firewall, by its very nature, is a router (but not all routers block traffic, so not all routers are firewalls).

Login as root

Login as root user either by opening the Terminal or login over the ssh based session. Type the following command:

sudo -i

Install UFW

“This software is used for managing a Linux firewall and aims to provide an easy to use interface for the user”.

Type this command line:

apt-get install ufw

Find status of firewall

Type the following command:

ufw status verbose

Sample outputs:

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing)
New profiles: skip

Enable firewall

Type the following command to enables firewall on boot:

ufw enable

Sample outputs:

Firewall is active and enabled on system startup

Disable firewall

Type the following command to disables firewall on boot:

ufw disable

Sample outputs:

Firewall stopped and disabled on system startup

 

Restart firewall

Type the following command to restart firewall:

ufw reload

Sample outputs:

Firewall reloaded

Note: that by default, deny is being applied to incoming. There are exceptions, which can be found in the output of this command:

ufw show raw

 You can also read the rules files in /etc/ufw (the files whose names end with .rules).

Allow and Deny (specific rules)

 Allow

ufw allow <port>/<optional: protocol>

example: To allow incoming tcp and udp packet on port 53

• ufw allow 53

   

example: To allow incoming tcp packets on port 53

• ufw allow 53/tcp

   

example: To allow incoming udp packets on port 53

• ufw allow 53/udp

   

Deny

ufw deny <port>/<optional: protocol>

example: To deny tcp and udp packets on port 53

• ufw deny 53

   

example: To deny incoming tcp packets on port 53

• ufw deny 53/tcp

   

example: To deny incoming udp packets on port 53

• ufw deny 53/udp

   

Delete Existing Rule

To delete a rule, simply prefix the original rule with delete. For example, if the original rule was:

deny 80/tcp

Use this to delete it:

ufw delete deny 80/tcp

Services

You can also allow or deny by service name since ufw reads from /etc/services To see get a list of services:

less /etc/services

Allow by Service Name

ufw allow <service name>

example: to allow ssh by name

• ufw allow ssh

   

Deny by Service Name

ufw deny <service name>

example: to deny ssh by name

ufw deny ssh

Logging

To enable logging use:

ufw logging on

To disable logging use:

ufw logging off

Advanced Syntax

You can also use a fuller syntax, specifying the source and destination addresses, ports and protocols.

Allow Access

This section shows how to allow specific access.

Allow by Specific IP

ufw allow from <ip address>

example:To allow packets from 107.46.232.182:

• ufw allow from 107.46.232.182

   

Allow by Subnet

You may use a net mask :

ufw allow from 192.168.1.0/24

Allow by specific port and IP address

ufw allow from <target> to <destination> port <port number>

example: allow IP address 192.168.0.4 access to port 22 for all protocols

• ufw allow from 192.168.0.4 to any port 22

   

Allow by specific port, IP address and protocol

ufw allow from <target> to <destination> port <port number> proto <protocol name>

example: allow IP address 192.168.0.4 access to port 22 using TCP

• ufw allow from 192.168.0.4 to any port 22 proto tcp

   

Enable PING

Note: Security by obscurity may be of very little actual benefit with modern cracker scripts. By default, UFW allows ping requests. You may find you wish to leave (icmp) ping requests enabled to diagnose networking problems.

In order to disable ping (icmp) requests, you need to edit /etc/ufw/before.rules and remove the following lines:

# ok icmp codes
-A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT
-A ufw-before-input -p icmp --icmp-type source-quench -j ACCEPT
-A ufw-before-input -p icmp --icmp-type time-exceeded -j ACCEPT
-A ufw-before-input -p icmp --icmp-type parameter-problem -j ACCEPT
-A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT

or change the “ACCEPT” to “DROP”

# ok icmp codes
-A ufw-before-input -p icmp --icmp-type destination-unreachable -j DROP
-A ufw-before-input -p icmp --icmp-type source-quench -j DROP
-A ufw-before-input -p icmp --icmp-type time-exceeded -j DROP
-A ufw-before-input -p icmp --icmp-type parameter-problem -j DROP
-A ufw-before-input -p icmp --icmp-type echo-request -j DROP

Deny Access

Deny by specific IP

ufw deny from <ip address>

example:To block packets from 107.46.232.182:

• ufw deny from 107.46.232.182

   

Deny by specific port and IP address

ufw deny from <ip address> to <protocol> port <port number>

example: deny ip address 192.168.0.1 access to port 22 for all protocols

• ufw deny from 192.168.0.1 to any port 22

Working with numbered rules

Listing rules with a reference number

You may use status numbered to show the order and id number of rules:

ufw status numbered

Editing numbered rules

Delete numbered rule

You may then delete rules using the number. This will delete the first rule and rules will shift up to fill in the list.

ufw delete 1

Insert numbered rule

ufw insert 1 allow from <ip address>

Advanced Example

Scenario: You want to block access to port 22 from 192.168.0.1 and 192.168.0.7 but allow all other 192.168.0.x IPs to have access to port 22 using tcp

ufw deny from 192.168.0.1 to any port 22
ufw deny from 192.168.0.7 to any port 22
ufw allow from 192.168.0.0/24 to any port 22 proto tcp

How to mount NFS with Synology RackStation share drive on Linux

If you want to share your Synology RackStation share drive with your Linux Desktop or Server and have it appear as just another folder, you can set the Synology unit to automount on your Linux OS.

NFS-COMMON installation

Definition: nfs-common:  NFS support files common to client and server Use this package on any machine that does NFS either as client or server. Programs included: lockd, statd, showmount, and nfsstat. Upstream: SourceForge project “nfs”, CVS module nfs-utils.

Open a Terminal “CTRL+ALT+T” and type this command line:

Debian/Ubuntu

sudo -i

apt-get install nfs-common

or

sudo apt-get install nfs-common

Red Hat / CentOS

su
yum install nfs-common

Find out your IP address on your local network.

ifconfig

Let’s assume your IP on the local network are:

10.129.192.50 and 191.191.191.50 (as shown in the figure).

 

Synology Login

Login to the Synology RackStation Administration Control Interface and then open the Control Panel.

 

NFS Privileges

Click on “Shared Folder” which will show you a list of your shared folders.  Synology comes with the ability to share folders using the nfs protocol.  It is a secure protocol that requires you to add the IP address of the computer that is going to be allowed to access files on the Synology NAS.  Once you see the shared folders, select the folder you want to share, then click on “Privileges” and then “NFS Privileges”.

 

NFS rule

In the next window, click on “Create” and then add the IP address of the computer with which you want to share that folder.  You should also decide what privileges you want to grant that computer.  If you grant it read/write privileges, that computer can modify files.  If you grant it the read privilege, that computer can only read files.

 

 

Create Directory

Once you’ve done that, you should be able to access the shared folder over your network.  However, what we want to do is make any shared folders automatically mount over the network every time you start your computer.  To do so, you’ll need to do two more things.  First, create a folder on your computer to map the shared folder to.  An ideal location is in your home folder since you already have read/write privileges there.  So, for instance, if you are sharing files over the network, create a folder in your home directory called “personal_folder” by doing the following from the terminal

mkdir /home/groups/personal_folder

 

Edit fstab file

Next, you’ll need to edit your /etc/fstab file.  To do so, open a terminal and type:

Debian / Ubuntu

For Desktop

gksu gedit /etc/fstab

For Server

sudo nano /etc/fstab

Red Hat / CentOS

For Desktop

su
gedit /etc/fstab

For Server

su
nano /etc/fstab

This should open the /etc/fstab file in a text editing program.  You’ll need to add the following lines to your /etc/fstab file:

I like to add a comment line so I know what my command is doing.  Here’s the line I add:

#share personal folder
191.191.191.61:/volume1/personal_folders     /home/groups/personal nfs rw,user 0 0

Save the file and close it. or typy “CTRL + o” to save it and  “CTRL + x” to close it.

Mount the share drives

Now, assuming you’ve done everything correctly, type the following into a terminal to mount the shared folder:

Debian / Ubuntu

sudo mount -a

Red Hat / CentOS

su
mount -a

Your shared folder should now show up in your file explorer (e.g. personal_folder) and should do so every time you start your computer.  Depending on the privileges you granted yourself on the Synology NAS, you should be able to read and/or write whatever files you’ve stored on the Synology unit as if they were on your own computer.

How to install Nessus vulnerability scanner on Linux

This blog describes the installation and configuration of Tenable Network Security’s

Nessus 5.2 vulnerability scanner.

Tenable Network Security, Inc. is the author and maintainer of the Nessus vulnerability scanner. In addition to constantly improving the Nessus engine, Tenable writes most of the plugins available to the scanner, as well as compliance checks

and a wide variety of audit policies.

 

Prerequisites, deployment options, and a walk through of an installation

are described in this document. A basic understanding of Unix and vulnerability scanning is assumed.

Installation

Download Nessus package under link below:

Debian 6.0 (32 bits):
Nessus-5.2.6-debian6_i386.deb

Debian 6.0 (64 bits):
Nessus-5.2.6-debian6_amd64.deb

Red Hat ES 4 / CentOS 4:
Nessus-5.2.6-es4.i386.rpm

Red Hat ES 5 (32 bits) / CentOS 5 / Oracle Linux 5 (including Unbreakable Enterprise Kernel):
Nessus-5.2.6-es5.i386.rpm

Red Hat ES 5 (64 bits) / CentOS 5 / Oracle Linux 5 (including Unbreakable Enterprise Kernel):
Nessus-5.2.6-es5.x86_64.rpm

Red Hat ES 6 (32 bits) / CentOS 6 / Oracle Linux 6 (including Unbreakable Enterprise Kernel):
Nessus-5.2.6-es6.i386.rpm

Red Hat ES 6 (64 bits) / CentOS 6 / Oracle Linux 6 (including Unbreakable Enterprise Kernel):
Nessus-5.2.6-es6.x86_64.rpm

Fedora 19,20 (32 bits):
Nessus-5.2.6-fc16.i386.rpm

Fedora 19,20 (64 bits):
Nessus-5.2.6-fc16.x86_64.rpm

SuSE 10 Enterprise (64 bits):
Nessus-5.2.6-suse10.x86_64.rpm

SuSE 11 Enterprise (32 bits):
Nessus-5.2.6-suse11.i586.rpm

SuSE 11 Enterprise (64 bits):
Nessus-5.2.6-suse11.x86_64.rpm

Ubuntu 9.10 / Ubuntu 10.04 (32 bits):
Nessus-5.2.6-ubuntu910_i386.deb

Ubuntu 9.10 / Ubuntu 10.04 (64 bits):
Nessus-5.2.6-ubuntu910_amd64.deb

Ubuntu 11.10 / Ubuntu 12.04 (32 bits):
Nessus-5.2.6-ubuntu1110_i386.deb

Ubuntu 11.10 / Ubuntu 12.04 (64 bits):
Nessus-5.2.6-ubuntu1110_amd64.deb

 

Open a Terminal “CTRL+ALT+T” and type this command line:

Red Hat  / CentOS

su
chmod a+x <Nessus package>.rpm
rpm -ivh <Nessus package>.rpm

Debian / Ubuntu

sudo -i
chmod a+x <Nessus package>.deb
dpkg -i <Nessus package>.deb

When the installation is completed, start the nessusd daemon as instructed in the next section depending on the distribution. Once Nessus is installed, you must visit the scanner URL provided to complete the registration process.

Note: Unix-based installations may provide a URL containing a relative host name that is not in DNS (e.g.,https://ip-address:8834/).
If the host name is not in DNS, you must connect to the Nessus server using an IP address or a valid DNS name. 

After that process is complete, it is recommended that you authenticate and customize the configuration options for your
environment as described in the “Feed Registration and GUI Configuration” section

Note: Nessus must be installed to /opt/nessus, although a symbolic link pointing to /opt/nessus is acceptable.

Starting | Stop the Nessus Daemon

Open a Terminal “CTRL+ALT+T” and type this command line:

Red Hat / CentOS

su

/sbin/service nessusd  {start|stop}

Debian / Ubuntu

sudo -i

/etc/init.d/nessusd {start|stop}

or

sudo services nessusd {start|stop}

 

For further information about  Nessus configuration documentation please click link below:
 nessus_5.2_installation_guide

 

Nessus Screen shots

 

 

 

 

 

 

How to install Openfire “real time collaboration (RTC) server” on Linux server

Openfire is a real time collaboration (RTC) server licensed under the Open Source Apache License. It uses the only widely adopted open protocol for instant messaging, XMPP (also called Jabber). Openfire is incredibly easy to setup and administer, but offers rock-solid security and performance.

Installation

Download the openfire package

openfire-3.9.3-1.i386.rpm “RPM for Red Hat Linux and variants May 6, 2014 67.25 MB”

openfire_3.9.3_all.deb “Debian package, no Java JRE May 6, 2014 14.32 MB”

JSopenfire-3.9.3-ALL.pkg.gz “Solaris package, no Java JRE May 6, 2014 10.09 MB”

openfire_3_9_3.tar.gz “Works on most Unix variants, no Java JRE May 6, 2014 9.51 MB”

 

Choose either the RPM or tar.gz build. If using the RPM, run it using your package manager to install Openfire to /opt/openfire:

Open a Terminal “CTRL+ALT+T” and type this command line:

Red Hat / CentOS

su
rpm -ivh openfire-3.9.3-1.i386.rpm

Debian / Ubuntu

sudo -i
dpkg -i openfire_3.9.3_all.deb

If using the .tar.gz, extract the archive to /opt or /usr/bin:

tar -xzvf openfire_3_0_0.tar.gz
mv openfire /opt

Note: the .tar.gz build does not contain a bundled Java runtime (JRE). Therefore, you must have JDK or JRE 1.5.0 (Java 5) or later installed on your system. You can check your java version by typing “java -version” at the command line and (if necessary) upgrade your Java installation by visiting http://java.sun.com.

 

To complete the installation of Openfire, you’ll need to perform each of the following steps:

Setup the Database

Openfire can store its data in an embedded database or you can choose to use an external database such as MySQL or Oracle. If you would like to use an external database, you must prepare it before proceeding with installation. View the database setup documentation for more information.

Setup the Server

A web-based, “wizard” driven setup and configuration tool is built into Openfire. Simply launch Openfire (platform-specific instructions below) and use a web browser to connect to the admin console. The default port for the web-based admin console is 9090. If you are on the same machine as Openfire, the following URL will usually work: http://127.0.0.1:9090. Initial setup and administration can also be done from a remote computer using LAN IP address instead or hostname if it is resolvable by the remote computer. Windows Server administrators should add http://127.0.0.1 address to Internet Explorer’s Trusted Sites list, if Enhanced Security configuration is enabled in Internet Explorer. Otherwise they will get a blank screen.

Admin Console

After completing the above steps, Openfire will be configured and you can use the web-based admin console to administer the server. The URL should be the same as you used to setup the server unless you changed the port during the setup.

Running Openfire in Linux/Unix

If you are running on a Red Hat or Red Hat like system (CentOS, Fedora, etc), we recommend using the RPM as it contains some custom handling of the standard Red Hat like environment. Assuming that you have used the RPM, you can start and stop Openfire using the /etc/init.d/openfire script.

Open a Terminal “CTRL+ALT+T” and type this command line:

$ /etc/init.d/openfire

Usage /etc/init.d/openfire {start|stop|restart|status|condrestart|reload}

Starting openfire:

If you are running on a different Linux/Unix varient, and/or you have used the .tar.gz ‘installer’, you can start and stop Openfire using the bin/openfire script in your Openfire installation:

$ ./openfire start

Usage ./openfire {start|stop}

Starting openfire

If you would like to install Openfire as a service, two scripts are provided in the bin/extra directory:

redhat-postinstall.sh — automatically installs Openfire as a service on Red Hat. It does so by creating a “jive” user and then copying the openfired script to your init.d directory. This script must be run as root. Please see the comments in the script for additional information.

openfired — script to run Openfire as a service. You must manually configure this script. See the comments in the script for additional details.

It is not recommended that you use either of these scripts if you installed via RPM. The RPM has already taken care of what these scripts take care of.
Custom Parameters

Advanced users may wish to pass in parameters to the Java virtual machine (VM) to customize the runtime environment of Openfire. If you installed via RPM, you can customize this by editing /etc/sysconfig/openfire and looking at the OPENFIRE_OPTS option. If you installed via .tar.gz, you will need to tweak your startup script to fit your needs.

Plugins

Plugins add additional features and protocol support to Openfire. After setting up your Openfire installation, you may want to download and install plugins to enhance your server. Plugins can be downloaded from the plugins page on igniterealtime.org or directly inside the administration console.

Installing Plugins

If you download a plugin from inside the Openfire administration console, it will automatically be installed. If you manually download the plugin (packaged as a .jar file), you can deploy it by copying the plugin file to the plugins/ directory of your Openfire installation. A plugin monitor will automatically extract the plugin into a directory and install the plugin in Openfire. You may also use the “upload plugin” feature in the admin console (under the Plugins tab) to load a plugin from your local file system to the server.

Managing Plugins

Plugins can be managed inside the Openfire admin console. You can also manually delete a plugin at any time by deleting its JAR file (Openfire will automatically remove the plugin from memory and delete it’s directory when you do so).

Openfire Screen-shots