Saturday, January 30, 2010
Friday, January 29, 2010
Thursday, January 28, 2010
tar - extract files into a different folder
If you want to extract file into a different folder, using -C option
tar -C test -zxvf SWS-4.7.7.r945.tgz
All files extract to folder test
tar -C test -zxvf SWS-4.7.7.r945.tgz
All files extract to folder test
grep not match option
show the modified files in the past 24 hours, not including log file, or tmp file
find /var/www/ -mtime -1 | grep -v log | grep -v tmp
find /var/www/ -mtime -1 | grep -v log | grep -v tmp
Tuesday, January 26, 2010
linux command sendmail with subject
If you send mail using sendmail command, there is no option for subject.
For example:
sendmail -F "system admin" -t "youself@gmail.com" < security.logHere is the trick how to using sendmail command to send mail with subject1, create your log file which you want to email to yourselfadd following line in the front of log file=====================#!/bin/shecho "From: system admin" > security.log
echo "To: youself@gmail.com" >> security.log
echo "Subject: security log" >> security.log
2, using this command to send mail
sendmail -oi -t < security.log
For example:
sendmail -F "system admin" -t "youself@gmail.com" < security.logHere is the trick how to using sendmail command to send mail with subject1, create your log file which you want to email to yourselfadd following line in the front of log file=====================#!/bin/shecho "From: system admin" > security.log
echo "To: youself@gmail.com" >> security.log
echo "Subject: security log" >> security.log
2, using this command to send mail
sendmail -oi -t < security.log
view log file dynamically - linux , tail
If you want to see real time changes, use -f option
sudo tail /var/log/auth.log -f
sudo tail /var/log/auth.log -f
Monday, January 25, 2010
linux - disable or remove a user account
1, delete an account - you need root privileges
/usr/sbin/userdel jason
check /etc/passwd
this guy should be deleted permanently
2, delete this account home directory
rm -Rf /home/jason/
3, disable/lock an account
passwd jason -l
and unlock it with
passwd jason -u
/usr/sbin/userdel jason
check /etc/passwd
this guy should be deleted permanently
2, delete this account home directory
rm -Rf /home/jason/
3, disable/lock an account
passwd jason -l
and unlock it with
passwd jason -u
scp a folder
use -r option
[dad@revolution ~]# scp -r /usr/local/apache2/htdocs/RR/site/download/* dad@walker:/var/www/html/downloads/
[dad@revolution ~]# scp -r /usr/local/apache2/htdocs/RR/site/download/* dad@walker:/var/www/html/downloads/
zip a folder using tar
To tar a folder with all sub-folders and files
tar czf /path/zipfilename.tgz myfolder
tar czf /path/zipfilename.tgz myfolder
Saturday, January 23, 2010
mysql : insert timestamp automatically
If you want to generate timestamp automatically in your table,
save a field as timestamp, and default valur is CURRENT_TIMESTAMP.
CREATE TABLE `news` (
`nid` int(10) NOT NULL auto_increment,
`ntitle` varchar(255) NOT NULL default '',
`ctime` timestamp NOT NULL default CURRENT_TIMESTAMP,
`active` int(1) NOT NULL default '0',
`ndesc` text NOT NULL,
PRIMARY KEY (`nid`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1
save a field as timestamp, and default valur is CURRENT_TIMESTAMP.
CREATE TABLE `news` (
`nid` int(10) NOT NULL auto_increment,
`ntitle` varchar(255) NOT NULL default '',
`ctime` timestamp NOT NULL default CURRENT_TIMESTAMP,
`active` int(1) NOT NULL default '0',
`ndesc` text NOT NULL,
PRIMARY KEY (`nid`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1
Friday, January 22, 2010
Cent OS - DNS config
Issue:
Couldn't ping google.com, but can ping its ip address directly.
Solution: no DNS config
Open this file
vim /etc/resolv.conf
add:
nameserver 208.67.222.222 # change it to your DNS ip address
You don't need restart any service after change.
You should be able to ping google.com now.
Couldn't ping google.com, but can ping its ip address directly.
Solution: no DNS config
Open this file
vim /etc/resolv.conf
add:
nameserver 208.67.222.222 # change it to your DNS ip address
You don't need restart any service after change.
You should be able to ping google.com now.
DO NOT allow root to login remotely
Most of hackers or bots try to login your system using root account.
Here are my login log for today.
Jan 22 07:33:12 SS sshd[27679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:14 SS sshd[27679]: Failed password for root from 125.100.27.36 port 33058 ssh2
Jan 22 07:33:16 SS sshd[27681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:17 SS sshd[27681]: Failed password for root from 125.100.27.36 port 33251 ssh2
Jan 22 07:33:19 SS sshd[27683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:21 SS sshd[27683]: Failed password for root from 125.100.27.36 port 33652 ssh2
Jan 22 07:33:22 SS sshd[27685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:24 SS sshd[27685]: Failed password for root from 125.100.27.36 port 34040 ssh2
Jan 22 07:33:25 SS sshd[27687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:28 SS sshd[27687]: Failed password for root from 125.100.27.36 port 34421 ssh2
Jan 22 07:33:29 SS sshd[27689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:31 SS sshd[27689]: Failed password for root from 125.100.27.36 port 34794 ssh2
Jan 22 07:33:33 SS sshd[27691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:35 SS sshd[27691]: Failed password for root from 125.100.27.36 port 35120 ssh2
Jan 22 07:33:36 SS sshd[27693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:38 SS sshd[27693]: Failed password for root from 125.100.27.36 port 35430 ssh2
Jan 22 07:33:40 SS sshd[27695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:42 SS sshd[27695]: Failed password for root from 125.100.27.36 port 35781 ssh2
Jan 22 07:33:43 SS sshd[27697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:46 SS sshd[27697]: Failed password for root from 125.100.27.36 port 36107 ssh2
Jan 22 07:33:47 SS sshd[27699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:49 SS sshd[27699]: Failed password for root from 125.100.27.36 port 36419 ssh2
Jan 22 07:33:50 SS sshd[27701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:52 SS sshd[27701]: Failed password for root from 125.100.27.36 port 36732 ssh2
Jan 22 07:33:54 SS sshd[27703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:56 SS sshd[27703]: Failed password for root from 125.100.27.36 port 37035 ssh2
So, for security reason, disable root remote login and choose a strong user name and password.
Here are my login log for today.
Jan 22 07:33:12 SS sshd[27679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:14 SS sshd[27679]: Failed password for root from 125.100.27.36 port 33058 ssh2
Jan 22 07:33:16 SS sshd[27681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:17 SS sshd[27681]: Failed password for root from 125.100.27.36 port 33251 ssh2
Jan 22 07:33:19 SS sshd[27683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:21 SS sshd[27683]: Failed password for root from 125.100.27.36 port 33652 ssh2
Jan 22 07:33:22 SS sshd[27685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:24 SS sshd[27685]: Failed password for root from 125.100.27.36 port 34040 ssh2
Jan 22 07:33:25 SS sshd[27687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:28 SS sshd[27687]: Failed password for root from 125.100.27.36 port 34421 ssh2
Jan 22 07:33:29 SS sshd[27689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:31 SS sshd[27689]: Failed password for root from 125.100.27.36 port 34794 ssh2
Jan 22 07:33:33 SS sshd[27691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:35 SS sshd[27691]: Failed password for root from 125.100.27.36 port 35120 ssh2
Jan 22 07:33:36 SS sshd[27693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:38 SS sshd[27693]: Failed password for root from 125.100.27.36 port 35430 ssh2
Jan 22 07:33:40 SS sshd[27695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:42 SS sshd[27695]: Failed password for root from 125.100.27.36 port 35781 ssh2
Jan 22 07:33:43 SS sshd[27697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:46 SS sshd[27697]: Failed password for root from 125.100.27.36 port 36107 ssh2
Jan 22 07:33:47 SS sshd[27699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:49 SS sshd[27699]: Failed password for root from 125.100.27.36 port 36419 ssh2
Jan 22 07:33:50 SS sshd[27701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:52 SS sshd[27701]: Failed password for root from 125.100.27.36 port 36732 ssh2
Jan 22 07:33:54 SS sshd[27703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:56 SS sshd[27703]: Failed password for root from 125.100.27.36 port 37035 ssh2
So, for security reason, disable root remote login and choose a strong user name and password.
Thursday, January 21, 2010
Who is currently logged in? - linux
Who is currently logged in?
who: lists all users currently in the system.
last: list login/logout history
lastb: list all the bad / failed login attempts
lastlog: show the last time somebody logged into the system
who: lists all users currently in the system.
last: list login/logout history
lastb: list all the bad / failed login attempts
lastlog: show the last time somebody logged into the system
Harden Fedora box
1, patch your system
[root@testvm testvm.localdomain.Log]# yum update
2, Disable root ssh login
Make /etc/ssh/sshd_config contain the line:
PermitRootLogin no
and restart your SSH daemon:
# /etc/init.d/sshd restart
3, Prevent trivial root console break-in (Linux only)
Add the following line to the file /etc/inittab right after the line referencing /etc/rc.d/rc.sysinit
ss:S:respawn:/sbin/sulogin
4 Enable password aging on Linux systems
By editing /etc/login.defs, you can specify a few parameters to set the default settings for password aging:
PASS_MAX_DAYS 99999
PASS_MIN_DAYS 0
PASS_WARN_AGE 7
[root@testvm testvm.localdomain.Log]# yum update
2, Disable root ssh login
Make /etc/ssh/sshd_config contain the line:
PermitRootLogin no
and restart your SSH daemon:
# /etc/init.d/sshd restart
3, Prevent trivial root console break-in (Linux only)
Add the following line to the file /etc/inittab right after the line referencing /etc/rc.d/rc.sysinit
ss:S:respawn:/sbin/sulogin
4 Enable password aging on Linux systems
By editing /etc/login.defs, you can specify a few parameters to set the default settings for password aging:
PASS_MAX_DAYS 99999
PASS_MIN_DAYS 0
PASS_WARN_AGE 7
How to check if hacker try to hack your site - Ubuntu?
1, Check the log
less /var/log/auth.log
Here is part of this file
Jan 21 02:57:52 SS sshd[7749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.73.68.164 user=root
Jan 21 02:57:54 SS sshd[7749]: Failed password for root from 222.73.68.164 port 47502 ssh2
Jan 21 02:57:57 SS sshd[7751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.73.68.164 user=root
Jan 21 02:57:58 SS sshd[7751]: Failed password for root from 222.73.68.164 port 47809 ssh2
Jan 21 02:58:00 SS sshd[7753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.73.68.164 user=root
Jan 21 02:58:02 SS sshd[7753]: Failed password for root from 222.73.68.164 port 48078 ssh2
Jan 21 02:58:05 SS sshd[7755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.73.68.164 user=root
Jan 21 02:58:07 SS sshd[7755]: Failed password for root from 222.73.68.164 port 48385 ssh2
Jan 21 02:58:09 SS sshd[7757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.73.68.164 user=root
Jan 21 02:58:11 SS sshd[7757]: Failed password for root from 222.73.68.164 port 48674 ssh2
Jan 21 02:58:13 SS sshd[7759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.73.68.164 user=root
Jan 21 02:58:15 SS sshd[7759]: Failed password for root from 222.73.68.164 port 48969 ssh2
Jan 21 02:58:17 SS sshd[7761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.73.68.164 user=root
Jan 21 02:58:19 SS sshd[7761]: Failed password for root from 222.73.68.164 port 49265 ssh2
Jan 21 02:58:21 SS sshd[7763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.73.68.164 user=root
Jan 21 02:58:23 SS sshd[7763]: Failed password for root from 222.73.68.164 port 49572 ssh2
Jan 21 02:58:30 SS sshd[7765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.73.68.164 user=root
Jan 21 02:58:32 SS sshd[7765]: Failed password for root from 222.73.68.164 port 49857 ssh2
Jan 21 02:58:34 SS sshd[7767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.73.68.164 user=root
Jan 21 02:58:36 SS sshd[7767]: Failed password for root from 222.73.68.164 port 50415 ssh2
You can see this guy 222.73.68.164 try to logon to my server using ssh.
I am not going to blame this guy, because he mostly is a victim.
2, file system integrity check
Using linux command find to find which files have been changed in the past 24 hours
find /var/www/ -mmin -1440 | more
3, send this log to you
You may want to receive this log by email.
First, save find result to a file
find /var/www/ -mmin -1440 > file_changed
Second, email this log file to you
"/usr/sbin/sendmail -v 'xxxxxxxx@gmail.com' < file_changed"
less /var/log/auth.log
Here is part of this file
Jan 21 02:57:52 SS sshd[7749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.73.68.164 user=root
Jan 21 02:57:54 SS sshd[7749]: Failed password for root from 222.73.68.164 port 47502 ssh2
Jan 21 02:57:57 SS sshd[7751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.73.68.164 user=root
Jan 21 02:57:58 SS sshd[7751]: Failed password for root from 222.73.68.164 port 47809 ssh2
Jan 21 02:58:00 SS sshd[7753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.73.68.164 user=root
Jan 21 02:58:02 SS sshd[7753]: Failed password for root from 222.73.68.164 port 48078 ssh2
Jan 21 02:58:05 SS sshd[7755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.73.68.164 user=root
Jan 21 02:58:07 SS sshd[7755]: Failed password for root from 222.73.68.164 port 48385 ssh2
Jan 21 02:58:09 SS sshd[7757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.73.68.164 user=root
Jan 21 02:58:11 SS sshd[7757]: Failed password for root from 222.73.68.164 port 48674 ssh2
Jan 21 02:58:13 SS sshd[7759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.73.68.164 user=root
Jan 21 02:58:15 SS sshd[7759]: Failed password for root from 222.73.68.164 port 48969 ssh2
Jan 21 02:58:17 SS sshd[7761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.73.68.164 user=root
Jan 21 02:58:19 SS sshd[7761]: Failed password for root from 222.73.68.164 port 49265 ssh2
Jan 21 02:58:21 SS sshd[7763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.73.68.164 user=root
Jan 21 02:58:23 SS sshd[7763]: Failed password for root from 222.73.68.164 port 49572 ssh2
Jan 21 02:58:30 SS sshd[7765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.73.68.164 user=root
Jan 21 02:58:32 SS sshd[7765]: Failed password for root from 222.73.68.164 port 49857 ssh2
Jan 21 02:58:34 SS sshd[7767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.73.68.164 user=root
Jan 21 02:58:36 SS sshd[7767]: Failed password for root from 222.73.68.164 port 50415 ssh2
You can see this guy 222.73.68.164 try to logon to my server using ssh.
I am not going to blame this guy, because he mostly is a victim.
2, file system integrity check
Using linux command find to find which files have been changed in the past 24 hours
find /var/www/ -mmin -1440 | more
3, send this log to you
You may want to receive this log by email.
First, save find result to a file
find /var/www/ -mmin -1440 > file_changed
Second, email this log file to you
"/usr/sbin/sendmail -v 'xxxxxxxx@gmail.com' < file_changed"
Cent OS Sendmail issue
Issue:Connection refused by [127.0.0.1]
less /var/log/maillog
ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=35380, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by
lass=0, nrcpts=1, msgid=<201001202215.o0kmf2gf024136@localhost.localdomain>, relay=root@localhost
(0/0), delay=00:00:02, xdelay=00:00:00, mailer=relay, pri=30705, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
Test:
/usr/sbin/sendmail -v 'xxxxxxx@gmail.com' < anytextfile.txt
Solution:
modify under /etc/mail/sendmail.mc and check.
comment out the line below by prepending it with 'dnl", like so:
dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')
restart the services with 'service sendmail restart' and check.
less /var/log/maillog
ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=35380, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by
lass=0, nrcpts=1, msgid=<201001202215.o0kmf2gf024136@localhost.localdomain>, relay=root@localhost
(0/0), delay=00:00:02, xdelay=00:00:00, mailer=relay, pri=30705, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
Test:
/usr/sbin/sendmail -v 'xxxxxxx@gmail.com' < anytextfile.txt
Solution:
modify under /etc/mail/sendmail.mc and check.
comment out the line below by prepending it with 'dnl", like so:
dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')
restart the services with 'service sendmail restart' and check.
Subscribe to:
Posts (Atom)