This guide is meant to be a simple walkthrough on how to parition a new drive to be used only for backups. If you want to put mysql and a /tmp parition on it check out my other guide located on the left. This guide uses fdisk which is a very powerful tool but you should be fine as long as you are careful in what you do. Use this guide at your own risk! What ever you do make sure to NOT use the command "fdisk /dev/sda" or "fdisk /dev/hda" as that means you are editing your main and boot partition.

***WARNING***

***WARNING***

***WARNING***

***WARNING***

***WARNING***

***WARNING***

***WARNING***

Be careful and follow this guide precisely :) That all say here is the actual guide.

How-to: Determine is a server is hacked

This guide is not meant to be all inclusive for figuring out if a server is hacked however it should give you a pretty good idea if a server is hacked the method used. This guide is going to focus on getting hacked via a php injection attack which is the most common today. There are certainly others but chances are if the server has been compromised by a script kiddie you will be able to find it via this guide. As long as the server has not been rooted it is generally possible to clean up and find all of the tools and scripts that were put on the server. Once a server has been rooted it is impossible to determine without a doubt that you have cleared everything out and what can or cannot be trusted. Once a server has been rooted for sure the server should be reformated/reimaged before it is put back into production. If you are ever unsure of where to go next or woud like to hire somebody to take care of this please take a look TotalServerSolutions which is a company that I run and work for is very familiar with handling these types of problems and preventing them from happening. . Of course if you have had the server hacked once you need to make sure and secure it so that it does not get hacked as soon as it is put online again.

***WARNING***

***WARNING***

***WARNING***

***WARNING***

***WARNING***

***WARNING***

***WARNING***

Use this guide at your own risk! Fdisk is a very powerful tool and can easily screw up a server if you are not careful. This guide was designed around a server that has SCSI disks and it is mounted in the secondary positions, sdb. If you have a ide drive it would be hdb.

This guide is pretty vague, that was done on purpose. It is very hard to do something like this if you are not familiar with linux and fdisk. I do not want people screwing around with this if they are not confident in what they are doing. I am just trying to stop people from getting mad at me. Anyways below is the guide it is to be used totaly at your own risk but I can say that if done correctly it will work just fine.

That all say here is the actual guide.

fdisk /dev/sdb

The first step is to delete all of the old partitions. If you have a lot of partitions you are going to have to keep trying to go to higher numbers. Once you have deleted all partitions it will say there are no paritions.

HotSaNIC is a very nice tool which combines all sorts of very important system graphs into a simple and easy to understand webpage. It allows the admin to take a quick glance at the graphs to see what may or may not be working with the system. With the new APPS graph it is also possible to watch as more processes are started which can be helpful in tracking down why the server load is increasing. For instance if you see a huge load spike but you see that the number of exim processes has gone up significantly at the same time you can start to investigate.

I built this guide on a cPanel server but it will work fine on an ensim box as well. I don't recall the plesk mailserver off the top of my head but changing that small part will make it work great fine plesk.

A HUGE THANKS TO FOGGY!! Much of this guide has been copied from the original posted here: http://forums.ev1servers.net/showthread.php?p=70160 . I have cleaned it up a little and updated it for the latest version of hotsanic.

How-To: Compile a monolithic 2.6.10 kernel with grsecurity and secfix patch

Note 2.6.10 is an old version of the kernel however, this guide will work with the latest 2.6.11.7 and grsecurity if you get those instead of the files described. If you go that route the patch described below for a specific vulnerability is not requied.


This guide was designed for the ev1 configurated poweredge servers. I have tested it on the the 2.0 and 2.4 Ghz Xeons, and 2.0 and 3.0 Ghz celeron. It should also work fine with the P4 2.0 Ghz + but I have personally not tested one yet. I do not have any plans to test this kernel on any older systems though as long as they network card support is built in it will probably work. If you post here with specific problems on boot I can try to add the needed modules to my config. I started this as a project to increase the performance and security of my servers. The 2.6.x kernel has many improvements that have dramatically dropped the load on the servers I have tested this on so far. In addition to that the kernel does not support loadable modules, the definiation of monolithic, which removes one method of possible vulnerabilities as well as more efficient. Though there are no studies directly linking grsecurity to increased security it only adds additional security to your system with very few negative drawbacks. I think that is worth the extra time to configure in grsecurity in the chance that it may possibly block a possible cracker.

This kernel is patched against the following vulerability: http://www.isec.pl/vulnerabilities/isec-0021-uselib.txt. This is the root level exploit that was release January 7th. It is *HIGHLY* suggested that you upgrade ASAP. This particular exploit along with a worm much like the phpBB worm could be disasterous yeilding full root access.

Updated Feb 6th for instructions on updating grub
Updated Feb 2nd for rpm problems with RH9

Grsecurity is a set of patches and options that works to help increase the security of a server at the kernel level. Here is a very basic guide of how to download it and patch your kernel. This guide is meant to be used alongside of my generic 2.6.10 kernel guide if you are not familiar with the process of compiling a kernel. This guide can also be adapted to the latest 2.6.11.7 and version of grsecurity just fine.

How-To: Compile and configure a 2.6.10 kernel



Note 2.6.10 is an old version of the kernel however, this guide will work with the latest 2.6.11.7 and grsecurity if you get those instead of the files described. If you go that route the patch described below for a specific vulnerability is not required.

My previous guides use a very specific config file that only works for a few different servers. This guide is meant to be a lot more generic and should work on more servers. I have taken the default config from a redhat 2.4 kernel and kept all the driver configuration. I have removed the extra support such as USB and sound that are not needed on a server. I also explain how to remove some of the drivers that are not necessary such as scsi/ide support depending on what type of drives you have. If you do not want to deal with the menuconfig you can simply compile it and not configure it. I hope that this guide will help alleviate some of the problem with segfaulting that some of the configurations have. If you would like to compile in grsecurity please follow my 2.6.10 grsecurity guide.

This guide has taken me a long time to create. If you have used it for your donate please consider donating :) With that being said good luck with compiling your new kernel.