How to clean Ebury SSH Rootkit

Before providing the solution let me first describe you the issue.

Early this morning I received a request from a customer to check out his servers he suspected that these were hacked. He complained about a similar issues a couple of weeks ago when he suspected something was wrong with nginx, apparently visitors from US were redirected to a page containing malware.

Read more

How to install and configure subversion on RedHat CentOS systems

Step 1: Install subversion

[root@server ~]# yum -y install subversion

Step 2: Create a username under which the subversion daemon will run and set a password for it

sudo yum install subversion

sudo /usr/sbin/useradd svn
sudo passwd svn

su – svn

cd ~
mkdir repositories

cd repositories
svnadmin create myproject

ll myproject
-rw-rw-r– 1 svn svn 229 Nov 21 16:58 README.txt
drwxrwxr-x 2 svn svn 1024 Nov 21 16:58 conf
drwxrwsr-x 6 svn svn 1024 Nov 21 16:58 db
-r–r–r– 1 svn svn 2 Nov 21 16:58 format
drwxrwxr-x 2 svn svn 1024 Nov 21 16:58 hooks
drwxrwxr-x 2 svn svn 1024 Nov 21 16:58 locks

You need to edit “myproject/conf/svnserve.conf” and uncomment the following lines:

auth-access = write
password-db = passwd

and edit the password file “myproject/conf/passwd” adding a new user and password. Note that the password is stored in plain text. In the following example we have a user called “john” whose password is “foobar123”:

[users]
john = foobar123

And finally, as the svn user, start the subversion daemon like so:

svnserve -d -r /home/svn/repositories

Connect to svn://svn@hostname/myproject

Read more