Archive

Articles taggués ‘shell’

An lsof Primer

15/02/2019 Aucun commentaire

Source: Daniel Miessler

lsof

lsof is the sysadmin/security über-tool. I use it most for getting network connection related information from a system, but that’s just the beginning for this powerful and too-little-known application. The tool is aptly called lsof because it “lists open files“. And remember, in UNIX just about everything (including a network socket) is a file.

Interestingly, lsof is also the Linux/Unix command with the most switches. It has so many it has to use both minuses and pluses.

usage: [-?abhlnNoOPRstUvV] [+|-c c] [+|-d s] [+D D] [+|-f[cgG]]
 [-F [f]] [-g [s]] [-i [i]] [+|-L [l]] [+|-M] [-o [o]]
 [-p s] [+|-r [t]] [-S [t]] [-T [t]] [-u s] [+|-w] [-x [fl]] [--] [names]

As you can see, lsof has a truly staggering number of options. You can use it to get information about devices on your system, what a given user is touching at any given point, or even what files or network connectivity a process is using.

Lire la suite…

Categories: Système Tags: ,

Using iptables and watch command

08/02/2019 Comments off

Using iptables to list filtering rules is OK. Running this command in a shell loop can help but it needs that you write a shell script.

Another convenient way is to use the watch command:

watch --interval 0 'iptables -nvL'

or

sudo watch --interval 0 'iptables -nvL'

depending on whether you’re logged as super-user or not.

This will show a permanent iptables -L with a refresh interval that can be specified:

watch --interval 0 'iptables -nvL'

will refresh every second.

Typical output will be:

Every 10,0s: iptables -nvL                                                                                         Tue Nov  3 16:35:19 2015

Chain INPUT (policy DROP 44001 packets, 2444K bytes)
 pkts bytes target     prot opt in     out     source               destination
    3   160 fail2ban-ssh  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 22
  11M 1770M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
 107K 6878K ACCEPT     tcp  --  *      *       78.193.xx.xx         0.0.0.0/0
    0     0 ACCEPT     tcp  --  *      *       195.154.xx.xx        0.0.0.0/0
 231K   14M ACCEPT     tcp  --  *      *       213.36.xx.xx         0.0.0.0/0
    0     0 ACCEPT     tcp  --  *      *       195.154.xx.xx        0.0.0.0/0
    2    92 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:548
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 0
 1475  139K ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8
  134  9600 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp spt:80
  110  6563 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp spt:443
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp spt:943
 136K 9529K ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:1194
 1423 85360 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:4949
    3   120 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp dpt:873 state NEW,ESTABLISHED
   24  1910 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:161
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:162
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:119
    2    92 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:3000
  156  7584 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8080
 2952  177K ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     tcp  --  *      *       172.27.xx.xx/24      0.0.0.0/0
    0     0 ACCEPT     tcp  --  as0t0  *       0.0.0.0/0            0.0.0.0/0
    3   192 ACCEPT     tcp  --  as0t1  *       0.0.0.0/0            0.0.0.0/0

Tcpdump

26/01/2019 Comments off

Dans un réseau ethernet relié par un concentrateur (ou hub), chaque machines reçoit tous les paquets qui circulent sur le réseau. En fonctionnement normal, les cartes réseau ne réceptionnent que les paquets qui leur sont destinés, mais on peut faire en sorte qu’elles transmettent tous les paquets au système et les inspecter avec tcpdump.

Les hubs sont de moins en moins utilisés. Ils sont généralement remplacés par des commutateurs (ou switch) qui savent déterminer (en fonction de l’adresses MAC) sur quel câble il faut envoyer un paquet. Les machines ne reçoivent donc généralement que les paquets qui leur sont destinés.

L’utilitaire tcpdump permet d’inspecter les paquets qui sont reçus et transmis par une carte réseau.

Filtrage

Il est possible de sélectionner les paquets à « écouter » en fonction d’expressions. Ainsi, ne seront affichées / traitées que les informations pour lesquelles le résultat de l’expression est vérifié. Une expression est composée de primitives et d’opérateurs logiques.

Une primitive est un identifiant précédé de mots clés qui indiquent le type de l’identifiant. Par exemple la primitive src port 21 contient les éléments suivants :

  • le mot clé src qui indique que l’identifiant ne porte que sur la source du paquet
  • le mot clé port qui indique que l’identifiant est le port du paquet
  • l’identifiant 21

La primitive correspond donc au port source 21.

Lire la suite…

Categories: Réseau Tags: , ,

Allow A Normal User To Run Commands As root Under Linux / UNIX Operating Systems

22/01/2019 Comments off

Source: nixCRAFT

You need to use the sudo command which is use to execute a command as another user. It allows a permitted user to execute a command as the superuser or another user, as specified in the /etc/sudoers (config file that defines or list of who can run what) file. The sudo command allows users to do tasks on a Linux system as another user.

sudo command

sudo is more more secure than su command. By default it logs sudo usage, command and arguments in /var/log/secure (Red Hat/Fedora / CentOS Linux) or /var/log/auth.log (Ubuntu / Debian Linux).

If the invoking user is root or if the target user is the same as the invoking user, no password is required. Otherwise, sudo requires that users authenticate themselves with a password by default. Once a user has been authenticated, a timestamp is updated and the user may then use sudo without a password for a short period of time (15 minutes unless overridden in sudoers).

/etc/sudoers Syntax

Following is general syntax used by /etc/sudoers file:

USER HOSTNAME=COMMAND

Where,

  • USER: Name of normal user
  • HOSTNAME: Where command is allowed to run. It is the hostname of the system where this rule applies. sudo is designed so you can use one sudoers file on all of your systems. This space allows you to set per-host rules.
  • COMMAND: A simple filename allows the user to run the command with any arguments he/she wishes. However, you may also specify command line arguments (including wildcards). Alternately, you can specify «  » to indicate that the command may only be run without command line arguments.

Lire la suite…

Categories: Système Tags: , ,

Check The Number Of MySQL Open Database Connections on Linux Or Unix-like Server

21/01/2019 Comments off

Source: nixCraft

I‘m a new MySQL server user. My server is running on a CentOS Linux. How can I check the number of active MySQL connections on Linux based system?

You can use the following commands on Linux or Unix-like systems:

  • mysqladmin status command
  • MySQL show status command
  • netstat or ss commands

mysqladmin status command example

Open the terminal App or login to the remote server using ssh:

ssh mandrake@dbsysnet.com

Type the following command to get a short status message from the MySQL server:

mysqladmin status
## OR ##
mysqladmin status -u root -p
## OR ##
mysqladmin status -h db1.dbsysnet.com -u root -p

Sample outputs:

Uptime: 691356  Threads: 5  Questions: 83237956  Slow queries: 102736  Opens: 3585  Flush tables: 1  Open tables: 1019  Queries per second avg: 120.398

MySQL show status command to see open database connections example

First, connect to the your mysql server:

mysql -u root -p

Type the following sql query to see the number of connection attempts to the MySQL serverincludes both failed and successful connection attempts:

mysql> show status like 'Conn%';

Sample outputs:

show-status-like-Conn
You can use the following sql command to see the number of currently open connections at mysql> prompt:

mysql> show status like '%onn%';
+--------------------------+---------+
| Variable_name            | Value   |
+--------------------------+---------+
| Aborted_connects         | 7       |
| Connections              | 6304067 |
| Max_used_connections     | 85      |
| Ssl_client_connects      | 0       |
| Ssl_connect_renegotiates | 0       |
| Ssl_finished_connects    | 0       |
| Threads_connected        | 7       | <---- No of currently open connections
+--------------------------+---------+
7 rows in set (0.00 sec)

Lire la suite…

Categories: Bases de données Tags: , ,