I found this on redhat.com the other day….
It is now possible to limit yum to install security updates only. To do so, simply install the yum-security plugin and run the following command:
yum update –security
Hopefully this will allow fedora users to have the option of running a “stable” install 
There are times where you cannot use WiFi, for example my workplace’s WLAN uses LEAP, which maemo doesn’t support. I found that setting up USB networking on my n800 was a bit of a pain since there isn’t a single document… if you check my del.icio.us feed you’ll see I bookmarked all I could find with a usbnet tag.
These are the steps I ran through to enable usb networking between my nokia n800 and my fedora 7 laptop.
First we’ll start with the basic setup… I’ll assume you’ve read a getting started article similar to mine and already have root & xterm. By default n800 has a usb interface configured, you just need to enable it, so on your n800 type:
sudo gainroot
insmod /mnt/initfs/lib/modules/2.6.18-omap1/g_ether.ko
ifup usb0
The default settings add an interface with a static ip of 192.168.2.15/24 with a default gateway of 192.168.2.14.
Now lets set up something similar on Fedora, you need to create a file in /etc/sysconfig/network-scripts called ifcfg-usb0 with the following…
DEVICE=usb0
BOOTPROTO=static
IPADDR=192.168.2.14
BROADCAST=192.168.2.255
NETMASK=255.255.255.0
NETWORK=192.168.2.0
ONBOOT=no
MII_NOT_SUPPORTED=no
Now plug the usb cable into both devices, and on your fedora box (as root) type
ifup usb0
You now have connectivity, of course if you have a default fedora install pinging 192.168.2.15 will fail because of the firewall, it is probably best to temporarily disable the firewall (/etc/init.d/iptables stop) to see if it works, if so move onto configuring your firewall correctly (/etc/init.d/iptables start starts it again) You may also get usb conflicts, you can try
rmmod uhci_hcd
but it will disable any USB devices, you have been warned.
With this basic connectivity setup you’ll have two issues; you only have connectivity between fedora & n800 nothing else works, and opening any application on n800 causes it to try and connect to your wifi, so lets look at those….
I’m going to assume you used system-config-securitylevel to configure your firewall, its worth noting that any changes you make now will be overwritten by any future use of system-config-securitylevel so it’s probably best to take a backup of /etc/sysconfig/ipatbles now and later when you’re finished.
So as root type:
iptables -I RH-Firewall-1-INPUT 2 -i usb -j ACCEPT
iptables -I FORWARD 1 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -I FORWARD 1 -s 192.168.2.0/24 -j ACCEPT
iptables --table nat --append POSTROUTING --out-interface eth0 -s 192.168.2.0/24 -j MASQUERADE
/etc/init.d/iptables save
This will allow all connectivity in from the usb interface allowing the n800 to send packets into the fedora box whilst the firewall is running, it will also NAT any traffic from the usb network hiding the n800 behind fedora so that you get onward connectivity. To get the NAT to work you need to enable ip forwarding, this allows fedora to pass pakets between interfaces, to do that type
echo 1 > /proc/sys/net/ipv4/ip_forward
and to get it to survive a reboot update /etc/sysctl.conf with
net.ipv4.ip_forward = 1
The final part is to enable name resolution (DNS), on n800, I updated /etc/resolv.conf with the opendns servers…
nameserver 208.67.222.222
nameserver 208.67.220.220
All things being equal you should now be able to ping www.google.com from your n800 
To get applications to connect, I found on the latest version of ITOS that the DUMMY IAP didn’t work, so I stumbled across this solution.
Create an “ad hoc” wifi connection with static IPs… anything it doesn’t matter, and when that’s connected in xterm (as root) type ifconfig wlan0 down , you should now be able to connect to the web with your browser / skype etc over your usb network… sweet!
I after installing Fedora7 I thought I’d take a look at the stats the project had gathered, I saw some centos devices, but couldn’t find a rpm.
I’ve had a go at building one, it mostly works (this is my nagios box), it’s a rebuild of the f7 source, I have to frig about with the spec file, so I’ve published my source rpm here, search for Nick in the .spec file, you’ll see my bodge.
The smolt rpms are in my yum repo, feel free to download the packages and have a go.
I was doing some testing on my server the other day, and realised that http compression within apache (httpd) was not enabled by default. Further digging showed me that mod_defate was what I needed, and infact it was installed by default on my CentOS box.
How to enable mod_default on Centos: Create /etc/httpd/conf.d/deflate.conf with the following contents
# Insert filter
SetOutputFilter DEFLATE
# Netscape 4.x has some problems...
BrowserMatch ^Mozilla/4 gzip-only-text/html
# Netscape 4.06-4.08 have some more problems
BrowserMatch ^Mozilla/4.0[678] no-gzip
# MSIE masquerades as Netscape, but it is fine
BrowserMatch bMSIE !no-gzip !gzip-only-text/html
# Don't compress images
SetEnvIfNoCase Request_URI .(?:gif|jpe?g|png)$ no-gzip dont-vary
# Don't compress already compressed stuff !
SetEnvIfNoCase Request_URI .(?:exe|t?gz|zip|bz2|sit|rar)$ no-gzip dont-vary
SetEnvIfNoCase Request_URI .pdf$ no-gzip dont-vary
# Make sure proxies don't deliver the wrong content
Header append Vary User-Agent env=!dont-vary
# Log Stuff !
# DeflateFilterNote Input input_info
# DeflateFilterNote Output output_info
# DeflateFilterNote Ratio ratio_info
# LogFormat '"%r" %{output_info}n/%{input_info}n (%{ratio_info}n%%)' deflate
# CustomLog /var/log/httpd/deflate_log deflate
restart httpd (/etc/init.d/httpd restart) and your done
References:
I’ve taken to using CentOS on my servers, and fedora on my Laptop. New job, means new laptop, and to avoid fedora update hell, I thought I’d try CentOS on my laptop.
All seems good other than my wifi card not being detected, and for some reason googling for “centos 5 intel 3945” didn’t provide a working anserwer, actually I found the answer by googling for “supplementary disk centos 5” which finds this thread that says…
Install dag’s repo (this rpm), and then install dkms-ipw3945 (yum will pick up the dependancies)
yum install dkms-ipw3945
Next enable network manager…
chkconfig --level 345 NetworkManager on chkconfig --level 345 NetworkManagerDispatcher on
reboot (seriously) and when you next log in you’ll get a little icon in you system tray where you can manage your WiFi
Could that title get any longer !
Hopefully you get the point, sometimes you need different tools for different jobs, if you want a full development platform with SVN support I suggest you take a look at eclipse (with subclipse ) but what if you already have done the development and you just want to do a quick upload.
My phpbb_recent_topics plugin is hosted here, and when the nice guys at wordpress gave me an svn account, I just wanted a quick way to upload what I’ve done. Now I must stress this may not be the “proper” way to use svn (there’s a book for that) but it is enough to achieve what we want, a straight forward upload.
I’m using redhat, so the 1st step was to install dag’s subversion rpm , I also needed to setup an “editor” variable for commenting.
SVN_EDITOR=vi export SVN_EDITOR
Then, I went into a directory onto my server, and downloaded a copy of the existing subversion directory structure.
[nick@SERVER wp_plugins]$ svn checkout https://svn.wp-plugins.org/phpbb-recent-topics/ A phpbb-recent-topics/trunk A phpbb-recent-topics/branches A phpbb-recent-topics/tags Checked out revision 9232. [nick@SERVER wp_plugins]$
My plugin (at the time) was on version 1, so my 1st steps were to create a version 1 tag, add it to svn, get the stable copy of my plugin, add that to svn.
[nick@SERVER wp_plugins]$ cd phpbb-recent-topics/ [nick@SERVER phpbb-recent-topics]$ ls branches tags trunk [nick@SERVER phpbb-recent-topics]$ cd tags/ [nick@SERVER tags]$ mkdir 0.1 [nick@SERVER tags]$ cd .. [nick@SERVER wp_plugins]$ svn add phpbb-recent-topics/tags/* A phpbb-recent-topics/tags/0.1 [nick@SERVER wp_plugins]$ cd phpbb-recent-topics/tags/0.1/ [nick@SERVER 0.1]$ wget http://www.linickx.com/files/php/phpbb_recent_topics.txt [nick@SERVER 0.1]$ mv phpbb_recent_topics.txt phpbb_recent_topics.php [nick@SERVER 0.1]$ svn add phpbb_recent_topics.php A phpbb_recent_topics.php [nick@SERVER 0.1]$
Finally I updated everything, and uploaded (committed) my files.
[nick@SERVER 0.1]$ cd ../../../ [nick@SERVER wp_plugins]$ svn update phpbb-recent-topics/ At revision 9232. [nick@SERVER wp_plugins]$ svn --username linickx commit phpbb-recent-topics/ Adding phpbb-recent-topics/tags/0.1 Adding phpbb-recent-topics/tags/0.1/phpbb_recent_topics.php Transmitting file data ....... Committed revision 9233. [nick@SERVER wp_plugins]$
Remember this doesn’t publish your plugin on wordpress.org, to do that you need a valid readme.txt in the trunk directory, but as you can see once you’ve created all the files on your local box, it’s just a few commands to get your work uploaded.
Did you notice that the wordpress svn supports SSL ?
Whilst doing some routine maintenance, I noticed that I never published the rkhunter rpm I built, the software is officially supported at rootkit.nl but for ease I wanted a yum available rpm 
There are somethings that you just never get round to, my nagios box was still running whitebox linux, and I’ve finally gotten round “upgrading” it to CentOS… yeah ok, upgrade is arguable, but you get my point.
First off a warning: Don’t do this ! All the documentation, for CentOS, RHEL, Fedora, any redhat linux all say, clean installs are the best way, and upgrades are not advised…. therefore I offer no support or warranty that this will work, in fact, I you advise you to read this post, but step away from your consoles !
But, if you think it might be a laugh, the centos documentation is a bit old, and not 100% correct, so here is what I did. First up (as root – obviously), clear out your yum cache,and install the CentOS gpg key.
yum clean all rpm --import http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-4
Next, install some base centos packages, take not that some need to be forced on
rpm -Uvh --nodeps http://mirror.centos.org/centos/4.4/os/i386/CentOS/RPMS/centos-release-4-4.2.i386.rpm rpm -ivh http://mirror.centos.org/centos/4.4/os/i386/CentOS/RPMS/python-elementtree-1.2.6-4.2.1.i386.rpm rpm -ivh http://mirror.centos.org/centos/4.4/os/i386/CentOS/RPMS/python-sqlite-1.1.7-1.2.i386.rpm rpm -ivh http://mirror.centos.org/centos/4.4/os/i386/CentOS/RPMS/sqlite-3.3.3-1.2.i386.rpm rpm -Uvh --force http://mirror.centos.org/centos/4.4/os/i386/CentOS/RPMS/python-urlgrabber-2.9.8-2.noarch.rpm rpm -Uvh --nodeps http://mirror.centos.org/centos/4.4/os/i386/CentOS/RPMS/yum-2.4.3-1.c4.noarch.rpm
finally remove the whitebox rpm db.
rpm -ev rpmdb-whitebox
Move any “whitebox” mirrors still in /etc/yum.repos.d and
yum install rpmdb-CentOS
Once you have that sorted, you can complete the upgrade with
yum update reboot
& cross your fingers
If you come across the following warnings while using yum: Warning, could not load sqlite, falling back to pickle , I found…
yum install python-sqlite
Fixed the problem. And there we have it, all my boxes are now running CentOS – yay – just in time to look at the CentOS 5 upgrade
Dependency Problems ?
If a whitebox rpm is newer than the CentOS one, it won’t get upgraded, this might cause problems when installing new packages via yum. To solve the problem download the rpm manually from http://www.centos.org/modules/tinycontent/index.php?id=13 and force an upgrade
rpm --force -Uvh Something-CentOS.rpm
UPDATE: If you’re using something like Root Kit Hunter, you will notice a load of md5 hashes fail, these are whitebox rpm’s that didn’t need upgrading, to correct the problem you need to replace these with CentOS versions.. example rkhunter output:
/sbin/init [ BAD ]
Find which rpm, init belongs to
# rpm -q --whatprovides /sbin/init SysVinit-2.85-34.3
and upgrade it
wget http://www.mirrorservice.org/sites/mirror.centos.org/4.4/os/i386/CentOS/RPMS/SysVinit-2.85-34.3.i386.rpm rpm --force -Uvh SysVinit-2.85-34.3.i386.rpm
Following a request I’ve rebuilt a later tripwire rpm (2.4.1.1); I think at this point it would be prudent to point out that the rpms found here are not maintained, and I do not offer any kind of support – you use them at your own risk – but you’re welcome to make requests !
My Yum repo has also been updated, config file here 
If you look after a remote linux box, the chances are you use SSH, in order to connect to it you may even have to leave PORT 22 open to the whole Internet !
There are some basic security steps that you can do to protect SSH, such as block the root user from logging in, and force users to use STRONG authentication.
Even after you’ve done all you can, logwatch will report that people are still wasting your time & resource by trying to break in ! This is where DenyHosts step in, it’s a small script (daemon) that keeps an eye on your SSH log file, if it spots someone trying to Brute Force Attack your SSH accounts, it adds them to hosts.deny (it’s like a firewall for some applications) and stops them from being able to connect.
I’m using redhat, so a pre-built rpm is available, if you already have DAG setup, you can use…
yum install denyhosts
I then had to run through the following steps (as root).
mkdir /usr/share/denyhosts mkdir /usr/share/denyhosts/data/ echo '127.0.0.1' > /usr/share/denyhosts/data/allowed-hosts cd /usr/share/denyhosts cp /usr/share/doc/denyhosts-2.6/denyhosts.cfg-dist ./denyhosts.cfg cp /usr/share/doc/denyhosts-2.6/daemon-control-dist ./daemon-control chmod 700 /usr/share/denyhosts/daemon-control ln -s /usr/share/denyhosts/daemon-control /etc/init.d/denyhosts ln -s /usr/share/denyhosts/denyhosts.cfg /etc/denyhosts.cfg /sbin/chkconfig denyhosts on
once you’ve charged through that marathon, in /etc/denyhosts.cfg you may want to take a look (and change) the following settings (Variables)
PURGE_DENY = ADMIN_EMAIL = SMTP_FROM = DenyHosts <nobody@localhost>
finally once you’re happy, start the DenyHosts service
/etc/init.d/denyhosts start
Now you’re logwatch report will show how may tries they had, and then Denied !
Refused incoming connections: 1.2.3.4 (some.name.com ): 2 Time(s)
Of course one option commonly suggested is to change the SSH port number from 22 to something else, where as this will reduce the amount of attacks on the service, it does absolutely nothing to protect it; of course you could do both, it’s all a matter of choice