See a suspicious IP on your box and wonder what it’s doing? Here’s a one-liner that will list the files that IP is accessing:
# lsof -p $(netstat -npat | gawk ‘$5 ~ /127.0.0.1/ {print $7}’ | cut -d”/” -f1 | tail -n1)
|
See a suspicious IP on your box and wonder what it’s doing? Here’s a one-liner that will list the files that IP is accessing: # lsof -p $(netstat -npat | gawk ‘$5 ~ /127.0.0.1/ {print $7}’ | cut -d”/” -f1 | tail -n1)
Well with Anonymous‘ attempt to take down the internet a couple days ago, one of the words that keep popping up is “…the use of computers and computer networks as a means of protest to promote political end”hacktivist. According to wikipedia defines hacktivism as This is not to be confused with hacktavision, which is hacking your old activision game console to play mame games. I am curious as to what these people are protesting as all I ever seem to hear is that they are attacking someone to protest something. I personally don’t feel that a protest has as much weight as individuals publicly voicing there opinions. Anonymity seems to fall into obscurity in my opinion. Now if you tell everyone who you are and still hacktivate an attack, always remember, it’s the martyr that gets all the credit. Further Reading:
Here’s a nifty little trick with vimdiff, say you want to compare the output of to commands. You can do so with a little redirections:
I know this is silly since you can simply vimdiff the files directly without the redirects. But say you want to compare who is currently logged in with who was last 10 people logged in.
Boom. Note: the space between th ‘)’ and the ‘<’ is required. This is a quick setup of MySQL replication, but only works if both server are new builds with no dataset On the master: 1. Put the following in my.cnf in the [mysqld] section:
2. Run the following one-liner:
On the slave: 1. Put the follwing in my.cnf in the [mysqld] section:
2. Run the follwoing one-liner:
Often times when being hit by a plethora of connections, it is good to tally them all up and see if there is a specific locale that may be of questionable origin. netstat -an | grep “ESTABLISHED” |awk ‘{print $5}’ |cut -d “:” -f1 |sort |uniq -c |sort -n Post Office Protocol (POP) is one of the protocols used to retrieve mail from an email server. The term is generally used that email is ‘popped’ of the server and stored on the client. The most commonly used version is POP3. Further Reading: 1. Download the latest version of cacti from the dag repository.
2. install cacti
3. Create the MySQL database:
4. Import the default cacti database:
5. Edit include/config.php and specify the database type, name, host, user and password for your Cacti configuration.
6. Set the appropriate permissions on cacti’s directories for graph/log generation. You should execute these commands from inside cacti’s directory to change the permissions.
7. Update snmpd.conf to allow cacti to pull info and restart snmpd
8. Update cacti vhost to allow IP addresses and reload apache.
9. Add a line to your /etc/crontab file similar to:
10. Finish the configuration
Nifty little one liners to find who’s running that problematic cronjob:
Contrary to popular media, the CSI has been around for nearly forty years. Their focus is computer and network security, not creating hokey computer references to catch criminals. Further reading:
Mar
10
2012
FTP Displays UID Instead of Username for proftpdPosted by Vinsane in FTP, tags: proftpdUser said they changed clients and now saw UIDs in place of usernames. At first I thought it was a client issue, as it turns out, it is a client issue on how it’s requesting data. Unfortunately, the client was not smart enough to know the syntax was wrong with the new command set. proftpd has a setting to disable the list of modes it supports, so the client establishes the connection with the older command set. Here is the information on the switch.
|