If you would like to block an entire country from accessing a service, you can get the entire list from the following IPTables Country BlackList Generator:
http://blacklist.linuxadmin.org/
To reduce the risk of being scanned by script kiddies, tell you system to ignore ICMP ECHO Packets (PINGs):
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
RootKits might be in your system without you knowing it. Use one or both of these tools to check your system for RootKits:
[+] RootKitHunter “RKHunter”
yum install rkhunter
rkhunter –checkall
[+] CHKRootKit
yum install chkrootkit
chkrootkit
Securing RHEL 5 with the help of the NSA’s Guides for RHEL 5:
[+] Hardening Tips for the Red Hat Enterprise Linux 5
http://www.nsa.gov/snac/os/redhat/rhel5-pamphlet-i731.pdf
[+] Guide to the Secure Configuration of Red Hat Enterprise Linux 5
http://www.nsa.gov/snac/os/redhat/rhel5-guide-i731.pdf
Apply these permission/attributes, as “root“, to the system’s password files to tighten their security:
chattr +i /etc/passwd
chattr +i /etc/shadow
chattr +i /etc/group
chattr +i /etc/gshadow
To release an email that has been Virus-Tagged, as “root“, follow these steps:
(0) Download:
http://www.amavis.org/contrib/furio.infect
(1) Add this lines at the top of the quarantined email:
X-Quarantined-From: <sender@domain.com>
X-Quarantined-To: <recipient@domain.com>
(2) Run:
./furio.infect /opt/zimbra/amavisd/quarantine/virus-XXXXXXXXXXX
(where “virus-XXXXXXXXXXX” is the quarantined email)
If you get the Zimbra’s error message “WARNING: Your ClamAV installation is OUTDATED!“, as “root“, follow these steps to recover from the crashed ClamAV process:
su – zimbra
mkdir /tmp/clamdb
mv /opt/zimbra/clamav/db/* /tmp/clamdb/
zmprov ms `zmhostname` +zimbraServiceEnabled antivirus
/opt/zimbra/clamav/bin/freshclam –config-file=/opt/zimbra/conf/freshclam.conf
zmamavisdctl stop
zmamavisdctl start
zmcontrol stop
zmcontrol start
zmclamdctl restart