rkhunter warning: Found enabled xinetd service: /etc/xinetd.d/nrpe

how-to

Over my publicly reachable servers I’ve installed for security reasons, among some other tools, Rootkit Hunter.

What does rkhunter do?

Rkhunter is much like a virus scanner for a Windows system.
It has definitions to help identify rootkits and reports them. Just like anything, rkhunter isn’t 100%, but it weeds out the majority of rootkits. Upon running rkhunter, various system files, conf files, and bin directories are examined. The results are cross-referenced against the results of infected systems (from the definitions) and the results are compiled. This is where *nix systems really shine. While your OS may vary, and how it’s compiled or configured, the file system and configuration is basically the same.
This allows programs like rkhunter to provide results with a fairly small window for error or false positive.

While the installation via the distribution repositories is trivial, fine tuning the rkhunter.conf file is another pair of hands, since we have to tailor it to our system’s configuration and handle those false positive warning messages. Periodically receiving those, in fact, lowers our level of attention on the signals coming from the server.

So it’s a good idea to have a read on the provided README file provided by your distribution’s package. Over a CentOS 5.8 system of mine you make it giving a simple:

 more /usr/share/doc/rkhunter-1.4.0/README

One of the most annoying false positive warning message I had to deal with was the one regarding the NagiosNRPE plugin running as a xinetd service.

The solution I found after some googling was to edit the /etc/rkhunter.conf file in this way:

# This setting tells rkhunter where the xinetd configuration
# file is located.
#
XINETD_CONF_PATH=/etc/xinetd.conf
#	^^^ de-commented by me $INSERT-DATE
XINETD_ALLOWED_SVC=/etc/xinetd.d/nrpe
#	^^^ added by me $INSERT-DATE

This has solved the issue and I got no more warnings about it!

MacAppBlocker, password-protect single application on a shared account Mac

Software

Reading a Mac mailing list I found a subscriber that asked how to prevent access to the Mail.app application (and so to it’s data) on an iMac shared with four other people on a front desk in an art gallery.

Another user suggested him the usage of MacAppBlocker, from KnewSense Software:

With Mac App Blocker, you can password-protect EACH application on your Mac. Keep your apps and your Mac safe. Set a timeout value to automatically exit the protected application so even when you leave your computer unattended, you’re still protected.

Personally I’ve never been in a situation needing a solution like this one, but I’ve thought about writing down a note on this since one can never know what the future needs will be ;-)

The Debian Administrator’s Handbook

Debian

Written by two Debian developers — Raphaël Hertzog and Roland Mas — the Debian Administrator’s Handbook started as a translation of their French best-seller known as Cahier de l’admin Debian (published by Eyrolles).

It’s a fantastic resource for all users of a Debian-based distribution.

Accessible to all, this book teaches the essentials to anyone who wants to become an effective and independant Debian GNU/Linux administrator.

Given that traditional editors did not want to take the risk to make this translation, we decided to do the translation ourselves and to self-publish the result. After a successful crowdfunding campaign, we managed to complete this translation between December 2011 and May 2012.

To live up to our free software ideals, we wanted the book to be freely available (that is under the terms of a license compatible with the Debian Free Software Guidelines of course). There was a condition though: a liberation fund had to be completed to ensure we had a decent compensation for the work that the book represents. This fund reached its target of €25K in April 2012.

via The Debian Administrator’s Handbook.

Are you a power-user with 5 minutes to spare? Do you want a faster internet experience?

Try out namebench. It hunts down the fastest DNS servers available for your computer to use. namebench runs a fair and thorough benchmark using your web browser history, tcpdump output, or standardized datasets in order to provide an individualized recommendation. namebench is completely free and does not modify your system in any way. This project began as a 20% project at Google.

namebench runs on Mac OS X, Windows, and UNIX, and is available with a graphical user interface as well as a command-line interface.

namebench was written using open-source tools and libraries such as Python, Tkinter, PyObjC, dnspython, jinja2 and graphy.

Screenshots

Here is what the nameserver overview looks like:

Here are what some of the graphs produced look like:

P.S. = there’s a command-line version too!

Software

Perlbrew is a tool to manage multiple perl installations in your $HOME directory. They are completely isolated perl universes. This approach has many benefits:

  • No need to run sudo to install CPAN modules, any more.
  • Try the monthly released new perls.
  • Learn new language features.
  • Test production code.
  • Leave vendor perl (the one that comes with OS) alone
    • Vendor perl usually serves its own purposes, and it might be a bad idea to mess it up too much.
    • Especially PITA when trying to upgrade system perl.
    • Some vendors introduced their own perl bugs, twice!
  • Hacking perl internals.
  • Just to keep up with fashion.

While the default is good enough, you may customize it to install to alternative places, or even let multiple users share the whole perlbrew environment.

Software