Thursday, April 21, 2011

How to Reset "MySql" Root Password (CentOS 5)

Evening all,

Ran into a problem a few weeks ago that I finally set down and solved after visiting a couple of forums. These steps are pieced together from many places. Special thinks to all the forums that helped me reset my database password. *Note* Every thing in blue is what you type. *Where you see "whatever password you want" means just that but keep it inside the parentheses () and quotations.

Stop the MySQL daemon : service mysqld stop
Start MySQL in safe mode with the –skip-grant-tables and -u root options in background : mysqld_safe –skip-grant-tables -u root &
Start the command line client as root : mysql -u root
Issue the MySQL command to reset the root password : UPDATE mysql.user SET Password=PASSWORD(‘whatever password you want’) WHERE User=’root’;
Issue the flush privileges command : FLUSH PRIVILEGES;
Quit the command line tool : quit
Find MySQL Process ID: ps aux | grep mysqld
Stop the MySQL process : kill process id goes here `cat /var/run/mysqld/`
Restart the MySQL daemon : service mysqld start
Log in as root to make sure the new password is active : mysql -u root -p
Type the new password at the prompt


Port Knocking (fwknop) for Fedora 13, 14

Greatings All,

This tutorial is and How to Guide for "Port Knocking" using "FWKNOP" on Fedora 13 and 14 , courtesy of " Ubersec"

fwknop stands for the "FireWall KNock OPerator", and implements an authorization scheme called Single Packet Authorization (SPA). This method of authorization is based around a default-drop packet filter (fwknop supports both iptables on Linux systems and ipfw on FreeBSD and Mac OS X systems) and libpcap. SPA is essentially next generation port knocking.

Please download the following packages:

#yum install -y wget

#yum install openssh-server (If the server is not installed already)

#yum -y install system-config-services

#yum install setools-gui.i686 (To install SELinux if you don't have it already)

#yum -y install policycoreutils-gui.i686 (To install SELinux Management if you don't have it already)

#yum install -y nmap (installing network mapper)

#yum -y install perl-HTML-Entities-Numbered.noarch

#yum -y install perl-HTML-Parser.i686

#yum -y install perl-SOAP-Lite.noarch

#yum -y install perl-ExtUtils-AutoInstall.noarch

Download perlmod from the following website

#perlmod -i IPC::Shareable

#yum install fwknop (Install the port-knocking service)

Disable SELINUX and establish successful SSH session.

Check if SELINUX is running by typing: # sestatus –v | less OR type the following to see if SELinux is disabled on your PC #/usr/sbin/getenforce

If SELinux is enabled please disable it on your system through the GUI by going to System --> Administration --> SELinux Administratoin and restart your PC.

Type the following command to start SSHD server #service sshd stop && service sshd start


Also go through the GUI to services and assure that you enable SSH to start next startup.

Type the following command to check your ssh session #ssh localhost

Now type #nmap -p 22 Check to see if port 22 is



It should return open. If not your sshd service is not running.

For Example:

[root@ittlabusr fwknop]# nmap -p 22 localhost

Starting Nmap 5.21 ( ) at 2011-04-08 12:23 EDT

Nmap scan report for localhost (

Host is up (0.00019s latency).

rDNS record for localhost.localdomain


22/tcp open ssh

Configure IPTABLES

#sudo iptables-save -c > /etc/iptables-save

#cat /etc/iptables-save | sudo iptables-restore –c

Type #ifconfig to find out which interface you Linux is listening on. You will need to add it to the script below.

Now create the following file and add the followings:




$IPTABLES -F -t nat





$IPTABLES -A INPUT -j LOG --log-prefix "DROP "


$IPTABLES -A INPUT -p tcp --syn --dport 22 -j LOG --log-prefix "SSH SYN "

$IPTABLES -A INPUT -p tcp --syn --dport 22 -j LOG --log-prefix "DROP "

$IPTABLES -A FORWARD -j LOG --log-prefix "DROP "


echo 1 > /proc/sys/net/ipv4/ip_forward

echo "[+] EnGarde Secure Linux iptables policy activated"


Save the file and then change the permission to execute: chmod +x

Now run it by typing #./

Now type #iptables -L to check that your iptables contain the new rules.

For Example,

It should show the followings:

[root@ittlabusr ~]# iptables -L

Chain INPUT (policy ACCEPT)

target prot opt source destination

ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED

LOG all -- anywhere anywhere LOG level warning prefix `DROP '

DROP all -- anywhere anywhere

LOG tcp -- anywhere anywhere tcp dpt:ssh flags:FIN,SYN,RST,ACK/SYN LOG level warning prefix `SSH SYN '

LOG tcp -- anywhere anywhere tcp dpt:ssh flags:FIN,SYN,RST,ACK/SYN LOG level warning prefix `DROP '

Chain FORWARD (policy ACCEPT)

target prot opt source destination

ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED

LOG all -- anywhere anywhere LOG level warning prefix `DROP '

DROP all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)

target prot opt source destination

Now type the following command to assure that you save the rules in IPTABLES #/sbin/iptables-save > /etc/sysconfig/iptables

Now restart your computer by typing #shutdown –r now

Now run nmap again to assure that IPTAB

For example,

#nmap -p 22 Check to see if port 22 is filtered

[root@ittlabusr fwknop]# nmap -p 22 localhost

Starting Nmap 5.21 ( ) at 2011-04-08 12:25 EDT

Nmap scan report for localhost (

Host is up.

rDNS record for localhost.localdomain


22/tcp filtered ssh

Nmap done: 1 IP address (1 host up) scanned in 2.10 seconds

Setup and configuring fwknop port-knocking application.

#gedit or nano /etc/fwknop/fwknop.conf

Change the line #ALERTING_METHODS ALL; (TO) --> ALERTING_METHODS noemail;

Change the line #shCmd /bin/sh; (TO) --> shCmd /bin/bash;

Change the line PCAP_INTF eth1; to assure that you are set to the correct interface!!!!!


Type ifconfig /all in another terminal to check your current interface.


#gedit or nano /etc/fwknop/access.conf

Change the line #KEY: __CHANGEME__; to KEY: whatever you want; (The key must be 8 characters long at the least)


Unmark or add the line FW_ACCESS_TIMEOUT: 30; (time is in sec)

Stop and start fwknop service

#service fwknop stop

#service fwknop start

#netstat -anlp | grep fwknop (to check if fwknop is listening)

unix 2 [ ACC ] STREAM LISTENING 42445 7317/perl /var/run/fwknop/knoptm_ip_timeout.sock


#service fwknop status

knoptm (pid 7317) is running...

fwknopd (pid 7314) is running...

knopwatchd (pid 7319) is running...

On the server side type the following to see logs coming in:

#tail -f /var/log/messages

On the other Linux client side type:

#fwknop -A -a -D

For example,

#fwknop -A tcp/22 -a -D


Download fwknop for Windows from and run fwknop for windows

Friday, March 25, 2011

College Graduation

The date is set!!!!!!!!!!!!!! Graduation for ITT Tech. Apr. 5, 7:00 pm (est), Chesapeake Conference center!!!! goto my twitter page for details " "

Thursday, February 3, 2011

Drupal6.16 Notes

Quick notes for those trying to install and setup Drupal on an Debian machine:

For those trying to install #drupal6 in #debain-lenny use synaptic and do a packet force to get #drupal6.16 from backports

**Note in #debain-lenny the default files are not in /var/www/ there in /usr/share/drupal6/

Once installed from #synaptic restart apache then goto (from web browser) localhost/drupal6/install.php

Tuesday, January 18, 2011

My Crossroads

Long time,
Well a lot has changed for me since my last post, where do I began........I've switched 9-5's yet again (job markets' ruff) currently I'm unloading trucks from 4-1am (7.65/hr). My business has slowed due to time constraints. I don't have the time to really advertise anymore. I'm in my last sem. for my AAS degree @ ITT-Tech (March Grad). And I'm at a crossroads on my career path. At this time one thing is for certain I want to have a career in Linux/Unix. Ive spent the last 12 months learning Asterisk from the ground up. I'm no guru yet but not to far from it. Ive also been reading off and on O'Reily's "LPI cert in a nutshell". This book is good for studying if you already have some what a back round working with Linux (1yr or better). I didn't set the usual new years resolution. I just set short term goals to accomplish. I'm not getting any younger and its time to choose a path for my life and run for it. My first goal is to grad from school. Second to build my brand. Third to take a cert and Pass it. Fourth learn a programming language. Fifth to work in the IT field full time. I know I've said this in the past but my blogs will become more frequent and more techie. My goal is to write every time i learn something new. I want to do this not only to keep track of new items but to also help those seeking answers to some of the problems that may or may not be so common to some geeks. In closing happy new years to all and until next time "RTFO" (rock the f...on)