Info SQL Detàils

http://www.junauza.com/2009/06/10-more-hacking-and-security-software.html?m=1
w to Secure a MySQL Installation

POSTED BY JUN AUZA ON 1/09/2013MySQL is the world's most popular database management system and it is being used in many projects. Be it a simple media player or a huge server that logs thousands of users, this open-source database is known for its stability and performance. MySQL was named after co-founder Michael Widenius' daughter, My and as for the SQL part, the phrase stands for Structured Query Language. If you are using MySQL on a server, it is highly important that you secured the installation in order to avoid any loopholes. If left unsecured, an intruder might hack into the database causing havoc to the stored data.To get started, simply login to your MySQL installation using the following command:mysql -u root -p Enter the password (Press enter if the root password is blank).Step 1: Removing test databasesMySQL, when installed by default, comes with sample databases for testing purposes. Keeping them might pose a security risk, and hence we need to remove them. Enter the following commands to do that:mysql> drop database test;mysql> use mysql;mysql> delete from db;mysql> delete from user where not (host="localhost" and user="root");mysql> flush privileges; This will remove all other databases that are not root. Step 2: Set a strong root password (Root password is empty by default) Usually, MySQL password for root is empty by default. This is a huge security flaw. In order to set a root password, issue the following commands in the MySQL prompt:mysql> UPDATE mysql.user SET Password = PASSWORD('astrongpassword')                                ->        WHERE User = 'root'; mysql> FLUSH PRIVILEGES;This will set a password to the root account. Do make sure you remember it well.Step 3: Disable remote access to MySQLWe need to disable access to 3306 port, to which MySQL listens to. This is to avoid any remote attacks to the server. To do that, simply locate your my.cnf file. The configuration file is usually located in either of the following paths:/etc/my.cnf/etc/mysql/my.cnf~/.my.cnfOpen the file and add the following line to the section that says [mysqld]: skip-networkingYou can still remotely access the database using ssh, so don't worry about it. Additional security tips:  Set a strong root password: I cannot emphasize this enough. Setting a root password isn't everything. You need a password that is hard to decipher. Try generating a random password from the command line with the following code: $ date | md5sumDon't use MySQL as root: Create a separate user and then use it to test, modify and add databases. Avoid logging in as root as much as possible.Lockdown the data directory: Change the permission of the directory where database is stored so that only selected users can access it. You can do that using chown and chmod commands.Periodically backup MySQL data: Even though the server might be relatively immune to attacks, it's still a good idea to backup your databases. You can use the mysqldump command to do that.Here's a sample of the command in action: mysql --u [username] --password=[password] [database name] < [dump file]Written by: Abhishek, a regular TechSource contributor and a long-time FOSS advocate.

You're working tirelessly on your project for hours. You are, as they say, 'in the flow'. And, for a change, the computer too works flawlessly like never before. What more can you ask for?However, we all know that days like those don't come too often. A computer OS, no matter Windows, Mac, or Linux, is prone to hanging, freezing and crashing making our life difficult. What's more, the constant problems lead to even bigger problems if you don't exit your system safely during a freeze or hang. Our beloved Ubuntu too goes through these hiccups from time to time and exiting the desktop safely is the user's number one priority. So, if you're looking for ways to safely exit when Ubuntu hangs or freezes, here are some handy tips:What to do when an application is misbehaving? If you can move your mouse and access the launcher but only one application is hogging all your memory, you might be better off killing it. Let's say Firefox is running with about 50 tabs open, and you notice a tremendous slowdown of your desktop. Oh yeah, the same kind of slowdown wherein moving your mouse seems like a painful experience. We've all been there.So, to fix this problem you'd have to either kill Firefox or wait for it to start responding. Usually it's better to wait, especially if you have 50 tabs open. However, if that isn't working simply press Alt + F2 and type in 'xkill' without the quotes.Now, you'll see a crosshair instead of your pointer. Simply click on Firefox, and you'll see your desktop come back to normal.Ctrl + Alt + BackspaceIf your desktop is completely frozen or sluggish, then often times it's better to restart the X server. This is always a better option as compared to hitting the reset button on your laptop. To start using it, you'd have to enable the option first. Go to 'System Settings' -> 'Keyboard'. Then, go to 'All Settings' -> 'Keyboard Layout'. There, click on a small button that says 'Options'. Next, find the option that says 'Key sequence to kill the X server'. Enable the option and you're done. Now, anytime you get a frozen desktop, simply use the Ctrl+Alt+Backspace combo.Magic SysReq key in case of a complete freezeIf your system is completely frozen, then you might want to restart it safely using the Magic SysReq key combo. Simply press Alt + SysReq (Print Screen) key then while holding those two keys, press R key for 1 or 2 seconds, then, after a small interval press E , the I, then S, the U, and finally B. Each key from R to B must be held for about 1 or 2 seconds.So, to sum up, the combo is: Alt+SysReq+R+E+I+S+U+BThe best way to remember this key sequence is by using the mnemonic: Raising Elephants Is So Utterly Boring



I noticed that our list of security software tools for Linux was not enough so I figured out that I should add some more. But before anything else, thank you to those who commented the last time and shared their favorite security programs. --I've included some of those that you've mentioned on this new list for others to know about.Now without any more delay, here's our latest compilation of security tools for Linux:* Ettercap Ettercap is a console-based network sniffer/interceptor/logger that is capable of intercepting traffic on a network segment, capturing passwords, and conducting active eavesdropping against a number of common protocols. Ettercap supports active and passive dissection of many protocols (including ciphered ones) and provides many features for network and host analysis. Ettercap also has the ability to actively or passively find other poisoners on the LAN.* NiktoNikto is a web server scanner that is known to perform comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers. It performs generic and server type specific checks. It also captures and prints any cookies received.* OpenSSH OpenSSH is a Free and Open Source version of the SSH connectivity tools providing encrypted communication sessions over a computer network. It encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other attacks. Additionally, OpenSSH provides secure tunneling capabilities and several authentication methods, and supports all SSH protocol versions.* Aircrack-ngAircrack-ng is a wireless tool and password cracker. It is a network software suite consisting of a detector, packet sniffer, WEP and WPA/WPA2-PSK cracker and analysis tool for 802.11 wireless LANs. As we said before, we don't encourage unethical hacking and the tool should be used for security purposes only.* Tripwire Tripwire is a security and data integrity tool that is useful for monitoring and alerting on specific file change(s) on a range of systems. Used with system files on a regular basis, Tripwire can notify system administrators of corrupted or tampered files, so damage control measures can be taken in a timely manner.* Metasploit FrameworkMetasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. The extensible model through which payloads, encoders, no-op generators, and exploits can be integrated has made it possible to use the Metasploit Framework as an outlet for cutting-edge exploitation research. It ships with hundreds of exploits, as you can see in their online exploit-building demo.* THC HydraTHC (The Hacker's Choice) Hydra uses a dictionary attack to test for weak or simple passwords on one or many remote hosts running a variety of different services. It was designed as a proof-of-concept utility to demonstrate the ease of cracking poorly chosen passwords. It can perform rapid dictionary attacks against more then 30 protocols, including telnet, ftp, http, https, smb, several databases, and much more.* DsniffDsniff is suite of powerful network auditing and penetration-testing tools and utilities that includes code to parse many different application protocols and extract interesting information. The information that can be obtained from this sniff application are: usernames and passwords, web pages being visited, contents of email, etc.* RainbowCrackRainbowCrack is a password hash cracker that makes use of a large-scale time-memory trade-off. It differs from "conventional" brute force crackers in that it uses large pre-computed tables called rainbow tables to reduce the length of time needed to crack a password drastically.* rkhunterrkhunter scans for rootkits, backdoors and possible local exploits. It does this by comparing SHA-1 hashes of important files with known good ones in online database, searching for default directories (of rootkits), wrong permissions, hidden files, suspicious strings in kernel modules, and special tests for Linux and FreeBSD.



--
Sent from hacked phone



--
Sent from hacked phone