The “tmpwatch ” command in linux is to removes files which haven’t been accessed for a period of time. The tmpwatch recursively removes files which haven’t been accessed for a given time. Normally, it’s used to clean up directories which are used for temporary holding space such as /tmp.
If you are noticing “/tmp” getting overloaded with files and not sure which files/folders to delete – you better use “tmpwatch” to cleanup or delete files/folders from the “/tmp” directory.
You’ll need SSH root access to install tmpwatch and add it in the cron. If your server is inaccessible due to “/tmp” getting full – you may restart the server and that should free up some space after reboot.
Login to the server as root using SSH
Run the following command:
#yum install tmpwatch -y
To delete temporary files (for example after every 12 hours) run the following command:
#/usr/sbin/tmpwatch -am 12 /tmp
The next step is to configure tmpwatch to run automatically through a cron. To do that type the following command:
The above command will open the cron job list for the user root. Now go to the bottom and add the following line and save the file:
0 4 * * * /usr/sbin/tmpwatch -am 12 /tmp
If you are unable to add the above line, you may navigate to “/var/spool/cron” and open the cron file “root” with a text editor (such as, vi, nano). Add the line at the bottom and save the file:
0 4 * * * /usr/sbin/tmpwatch -am 12 /tmp
Check the usage of “/tmp” and it should be clean by now.
A GNU C Library (glibc) vulnerability – termed as “GHOST Vulnerability” was announced to general public on 27 January 2015 – after a Cloud research company Qualys discovered this major security vulnerability. This vulnerability enables hackers to remotely take control of systems without even knowing any system IDs or passwords.
How to Quickly Identify if your system is vulnerable:
The GHOST vulnerability can be exploited on Linux systems that use versions of the GNU C Library prior to glibc-2.18. That is, systems that use glibc-2.2 to glibc-2.17 are at risk. Many Linux distributions like CentOS (6,7), Debian 7, RHEL (6,7), Ubuntu and Distributions with end of life are vulnerable and should be patched immediately.
You may check the version of glibc by looking up the version of ldd (which uses glibc) with the following command:
The first line of the output will tell you the glib version, the output could be like this:
# ldd (GNU libc) 2.12
As mentioned earlier – if it is older than 2.18 – your system is vulnerable.
How to solve (patch the system) this problem:
Ubuntu / Debian:
Update all of your packages to the latest version available using this command:
ConfigServer Firewall (AKA csf) is an essential security tool for Linux based server and VPS.
The installation of CSF is pretty straight forward and is described here: http://configserver.com/free/csf/install.txt
However, some of the iptables modules required by the csf might not be present in the server and when the perl test command ( # perl /usr/local/csf/bin/csftest.pl ) is run in the VPS container while installing csf – the following fatal error may be encountered:
[root@vps-xyz ~]# perl /etc/csf/csftest.pl Testing ip_tables/iptable_filter…OK Testing ipt_LOG…FAILED [ 4294967295] – Required for csf to function Testing ipt_multiport/xt_multiport…FAILED [FATAL Error: iptables: Unknown error 4294967295] – Required for csf to function Testing ipt_REJECT…OK Testing ipt_state/xt_state…FAILED [FATAL Error: iptables: Unknown error 4294967295] – Required for csf to function Testing ipt_limit/xt_limit…FAILED [FATAL Error: iptables: Unknown error 4294967295] – Required for csf to function Testing ipt_recent…FAILED [Error: iptables: Unknown error 4294967295] – Required for PORTFLOOD and PORTKNOCKING features Testing xt_connlimit…FAILED [Error: iptables: Unknown error 4294967295] – Required for CONNLIMIT feature Testing ipt_owner/xt_owner…FAILED [Error: iptables: Unknown error 4294967295] – Required for SMTP_BLOCK and UID/GID blocking features Testing iptable_nat/ipt_REDIRECT…FAILED [Error: iptables v1.3.5: can’t initialize iptables table `nat’: Table does not exist (do you need to insmod?)] – Required for MESSENGER feature Testing iptable_nat/ipt_DNAT…FAILED [Error: iptables v1.3.5: can’t initialize iptables table `nat’: Table does not exist (do you need to insmod?)] – Required for csf.redirect feature
To resolve the issue – You’ll need to have access to your Hardware node (main server – not the VPS container). If you do not have access to the main server you may provide this guide to your VPS provider. Now you need to do the following steps:
1. First, you need to define required iptables modules are available for VPS. Edit /etc/sysconfig/iptables-config file on the Hardware Node (Main server) and make sure you have the following: