############################################################# 
     We do not support these packages, 
     look at the suggested links below,  
     and or use mailing list for support
 Portsentry and Logcheck are disabled - See below
 Note: We are not responsible should you loose access 
       to your server....
##########################################################
       READ THIS COMPLETE DOCUMENT FIRST
To enable portsentry, edit the file /etc/rc.d/rc.local
remove the hash (#) from the portsentry lines. Then cut
and paste those lines a command line

To enable pmfirewall, execute: /etc/rc.d/init.d/pmfirewall start
Initally pmfirewall will run for 180 seconds, during this period
make sure you can gain access to the server.
 If all OK, edit /etc/rc.d/init.d/pmfirewall
 find TTF near the top of the page.
 Set to TTF="180" # this allows the firewall to run 180 seconds,
 Change this value to "0" 
   then execuite:  /etc/rc.d/init.d/pmfirewall start

To enable pmfirewall to start on reboot execute: chkconfig pmfirewall on

############################################################ 
Logscheck       check logfiles
  http://freshmeat.net/projects/logcheck/
portsentry      watch unused ports for access
  http://linux.cudeso.be/linuxdoc/portsentry.php
fcheck          watch files for changes
  http://docs.hp.com/en/32650-90886/ch09s01.html
chkrootkit      look for rootkits etc.
  http://www.chkrootkit.org/
pmfirewall      script of rules for ipchains
  http://www.pointman.org/PMFirewall/
lcap            prevent loading kernel modules
####################################################################
         ###  to a more secure RaQ3/4 ###
####################################################################
Chkrootkit files: /home/tools/chkrootkit*

Fcheck files: /home/tools/fcheck

Pmfirewall files: /usr/local/pmfirewall
  edit /usr/local/pmfirewall/pmfirewall.rules.local
  to make tunning changes to the firewall
  to start / stop firewall:
    /etc/rc.d/init.d/pmfirewall <start stop>
  Be very carefull with the firewall, easy to get locked out.
    Should you get locked out it will be necessary to use a
    null-modem-cable connected to the console port.
      Login and execute:  /etc/rc.d/init.d/pmfirewall stop
  To prevent the firewall from starting on reboot; 
    execute: chkconfig pmfirewall off

Portsentry files: /usr/local/psionic/portsentry/
  Portsentry is started in /etc/rc.d/rc.local
  Portsentry can also lock you out if you are not carefull, 
  lockout can occurr is you access any of the protected ports
  defined in /usr/local/psionic/portsentry/portsentry.conf
      Should you get locked out it will be necessary to use a
    null-modem-cable connected to the console port.
      Login and remove your IP from /etc/hosts.deny
  To prevent portsentry from starting on reboot;
     comment out the lines in /etc/rc.d/rc.local 

Logcheck files: /usr/local/etc/

Lcap Binary: usr/local/bin/logtail
  lcap is loaded in /etc/rc.d/rc.local
  To prevent lcap from starting on reboot;
  comment out the line in /etc/rc.d/init.d/rc.local

Firewall:

   The firewall is disabled when the server leaves our shop.
   Follow the instructions below to enable the firewall.

   When making changes to firewall rules that may prevent you from getting in:

   execute: chkconfig pmfirewall off
   This will allow you to get back in byt rebooting if necessary

   edit /etc/rc.d/init.d/pmfirewall
     find TTF near the top of the page.
     Set to TTF="180" # this allows the firewall to run 180 seconds
     180 is the default, if you want to test longer increase the value
 
   Test the firewall during this time.

     execute: /etc/rc.d/init.d/pmfirewall start
     note the output: firewall running for 180 seconds

   When you are satisfied that the firewall is OK.

     edit /etc/rc.d/init.d/pmfirewall
     find TTF="180 near the top of the page.
     Set to TTF="0" # this allows the firewall to run forever
  
     execute: chkconfig pmnirewall on 
     execute: /etc/rc.d/init.d/pmfirewall start
     note the output: firewall running forever

Chkrootkit:

   Chkrootkit uses a file database of a good run
   The file is in directory: /home/tools/chkrootkit*/
   To rebuild the database;
     cd /home/tools/chkrootkit
     chattr -i .cr_db       # remove immutable attribute
     ./chkrootkit > .cr_db  # build a new checkrootkit db
     edit .cr_db            # make sure it looks OK!
     chattr +i .cr_db       # make it immutable
   
   To update chkrootkit:
   run update-chkrootkit anytime to update to latest version
     cd /home/tools 
     ./update-chkrootkit

Crontab:
   The system has a root crontab
   To edit the crontab (execute crontab -e, uses vi as an editor)

   Installed root crontab looks like this;
   Note: each of these items are on one (1) line, there are 3 lines
   30 4 * * * (cd /home/tools/chkrootkit*; ./chkrootkit > .this; diff .this .cr_db | mail -s "chkrootkit run" admin)
   35 4 * * * (cd /home/tools/fcheck; ./check-it  | mail -s "fcheck output" admin)
   07,22,37,52 * * * * /usr/local/etc/logcheck.sh