Wiping a hard drive

Ever needed to completely wipe out critical data off a hard drive? As we all know, mkfs doesn't erase a lot (you already knew this, right?). mkfs and its variants (such as mkfs.ext3 and mke2fs) only get rid of a few important data structures on the filesystem. But the data is still there! For a SCSI disk connected as /dev/sdb, a quick:

dd if=/dev/sdb | strings

will let anyone recover text data from a supposedly erased hard drive. Binary data is more complicated to retrieve, but the same basic principle applies: the data was not completely erased.
To make things harder for the bad guys, an old trick was to use the 'dd' command as a way to erase a drive (note that this command WILL erase your disk!):

dd if=/dev/zero of=/dev/sdb

There's one problem with this: newer, more advanced, techniques make it possible to retrieve data that was replaced with a bunch of 0's. To make it more difficult, if not impossible, for the bad guys to read data that was previously stored on a disk, Red Hat ships the 'shred' utility as part of the coreutils RPM package. Launching 'shred' on a disk or a partition will write repeatedly (25 times by default) to all locations on the disk (be careful with this one too!):

shred /dev/sdb

This is currently known to be a very safe way to delete data from a hard drive before, let's say, you ship it back to the manufacturer for repair or before you sell it on eBay!

Refer :
http://www.redhat.com/magazine/026dec06/features/tips_tricks/

Linux Documentaions

http://tldp.org/guides.html 


vast and wide documentation about major Linux services

Hardening Sendmail

Well explained about Sendmail Hardening Basics

APT-GET command real time examples

http://www.thegeekstuff.com/2009/10/debian-ubuntu-install-upgrade-remove-packages-using-apt-get-apt-cache-apt-file-dpkg/

Application Server HOW TO

http://confluence.atlassian.com/display/DOC/Configuration+Guide

OpenLdap: Study Guide Integration with Sendmail,Postfix,Apache & Samba

http://www.rootkit.nl/files/book_lpic-3_301.html

Hardening of LAMP Server; Links

A complete Ubuntu LAMP Server hardening 

http://www.freesoftwaremagazine.com/articles/hardening_linux?page=0%2C0


Hardening the apache LAMP server avoiding attacks

http://secure-ubuntu-server.blogspot.com/2009/07/howto-hardening-your-apache-and-php-on_07.html

Activate the AppArmor for apache2

http://samiux.wordpress.com/2009/06/16/howto-security-enhanced-your-ubuntu-9-04-lamp-server-with-apparmor/

Activating the Chrootkits:

http://samiux.wordpress.com/2009/06/13/howto-make-sure-no-rootkit-on-your-ubuntu-9-04-server/

lamp server security Basics:

https://scifi.homelinux.net/mediawiki/index.php/Hardening_a_LAMP_server

#----------------------------BASIC SECURITY RESTRICTIONS------------------------------------

#Enable ip forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

#Disabling IP Spoofing attacks
echo 2 > /proc/sys/net/ipv4/conf/all/ rp_filter

#Don't respond to broadcast pings
echo "1" > /proc/sys/net/ipv4/icmp_echo_ ignore_broadcasts

#Block source routing
echo 0 >/proc/sys/net/ipv4/conf/all/ accept_source_route

#Kill timestamps. These have been the subject of a recent bugtraq
#thread
echo 0 > /proc/sys/net/ipv4/tcp_ timestamps

#Enable SYN Cookies
echo 1 > /proc/sys/net/ipv4/tcp_ syncookies

#Kill ICMP redirects
echo 0 >/proc/sys/net/ipv4/conf/all/ accept_redirects

#Enable bad error message protection
echo 1 > /proc/sys/net/ipv4/icmp_ ignore_bogus_error_responses

#Allow dynamic ip addresses
echo "1" > /proc/sys/net/ipv4/ip_dynaddr

#Log martians (packets with impossible addresses)
#RiVaL said that certain NICs don't like this. Comment out if necessary.
# echo 1 >/proc/sys/net/ipv4/conf/all/ log_martians

#Set out local port range
echo "32768 61000" >/proc/sys/net/ipv4/ip_local_ port_range

#PING OF DEATH
/sbin/iptables -A FORWARD -p icmp --icmp-type 8 -m limit --limit 3/second -j ACCEPT

#SYN-FLOOD PROTECTION
/sbin/iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT
#----------------------------- -------------------------------------------------

#--------------------------- DENIAL OF SERVICE-----------------------------------

#Reduce DoS'ing ability by timeouts
echo 30 > /proc/sys/net/ipv4/tcp_fin_ timeout
echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_time
echo 1 > /proc/sys/net/ipv4/tcp_window_scaling
echo 0 > /proc/sys/net/ipv4/tcp_sack
echo 1280 > /proc/sys/net/ipv4/tcp_max_syn_backlog
#---------------------------------------------------------------------------------------------------

Linux Complete Reference Guide

http://www.brennan.id.au/index.html

Nagios Server / Remote Host / Windows Client & Switch Monitoring

http://www.thegeekstuff.com/2008/05/nagios-30-jumpstart-guide-for-red-hat-overview-installation-and-configuration/

Bluetooth management in CentOs

http://dag.wieers.com/blog/obex-for-dummies

Linux Online book - configuration examples

http://www.linuxtopia.org/online_books/index.html

Scalr API Documentation

http://wiki.scalr.net/API_Documentation

Solaris Blog tips & tricks

http://www.camelrichard.org

Scalr How to : Amazon Documentation

http://developer.amazonwebservices.com/connect/entry.jspa?externalID=1603&categoryID=100

Scalr Links

Group discussion
http://groups.google.com/group/scalr-discuss?lnk=

Scalr Project site: (wiki)
http://code.google.com/p/scalr/

How To Run Your Own Name Servers With ISPConfig And GoDaddy

Own Name Server Setup (godaddy/ispconfig)

Links

NGINX:

1. To 10 NGINX Tutorial
A reverse Proxy Server

2. Redmine
A project management web application

3. Eucalyptus
An open source cloud computing solution

//Lin u X u niL