Brain Dump – General

Brain Dump SysAdmin

# Example of sort group via bash
cut -d " " -f7 | sort | uniq -c | sort -n
# of
cat a | awk '{ print $10}'  | sort | uniq -c | sort -n

# Find some text only on .php files
find . -type f -iname '*.php' -exec grep -Hn YOURSEARCH {} \;

# trafshow similar

# Replace multiple files
grep -rl 'windows' ./ | xargs sed -i 's/windows/linux/g'

# Find out what device is /dev/root
grep root /proc/cmdline
# Swap Usage
for file in /proc/*/status ; do awk '/VmSwap|Name/{printf $2 " " $3}END{ print ""}' $file; done | sort -k 2 -n -r | less

# Process cpu usage by user by core
# press 1 to show usage per cpu
# press u to show process by user

# Change default perms
# Put in .profile and .bashrc
umask 002 # rw-rw-r

# Searching strings only on .php files
grep -rnw --include=*.php "base64_decode” .

# Show only names
grep -rnw --include=*.php "base64_decode" . | cut -f1 -d":" > teste.txt

# Perms linux ACL
setfacl -R -d -m g:web:rw /var/www
getfacl /var/www
usermod -a -G web leandro

# clear perms
setfacl -b

# SSH no pass
cat ~/.ssh/ | ssh "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
-- script to multiple --
while read p; do
 cat ~/.ssh/ | ssh user@$p "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
done <servers.txt

# How to create usb boot

# SSLCertificate
openssl req -nodes -newkey rsa:2048 -keyout www..key -out www..csr

rsync -avzP --delete root@x.x.x.x:/var/vpopmail/domains/ /var/vpopmail/domains

com2sec eSegNET PASSWORD
group Public v2c eLALAnet (name of group)
view all included .1 80
access Public "" any noauth exact all none none
syscontact Administrador (EMAIL)

Limit connections per IP
iptables -I INPUT 1 -p tcp -m tcp --dport 110 --syn -m connlimit --connlimit-above 20 -j LOG --log-prefix RATELIMIT_POP3
iptables -I INPUT 2 -p tcp -m tcp --dport 110 --syn -m connlimit --connlimit-above 20 -j REJECT --reject-with tcp-reset
iptables -I INPUT 1 -p tcp -m tcp --dport 25 --syn -m connlimit --connlimit-above 12 -j LOG --log-prefix RATELIMIT_SMTP
iptables -I INPUT 2 -p tcp -m tcp --dport 25 --syn -m connlimit --connlimit-above 12 -j REJECT --reject-with tcp-reset
iptables -I INPUT 1 -p tcp -m tcp --dport 465 --syn -m connlimit --connlimit-above 10 -j LOG --log-prefix RATELIMIT_SSMTP
iptables -I INPUT 2 -p tcp -m tcp --dport 465 --syn -m connlimit --connlimit-above 10 -j REJECT --reject-with tcp-reset
iptables -I INPUT 1 -p tcp -m tcp --dport 587 --syn -m connlimit --connlimit-above 10 -j LOG --log-prefix RATELIMIT_SSMTP2
iptables -I INPUT 2 -p tcp -m tcp --dport 587 --syn -m connlimit --connlimit-above 10 -j REJECT --reject-with tcp-reset

# Change default editor
update-alternatives --config editor

# Basic packages for webserver
aptitude install apache php5 mysql-server screen vim php5-gd php5-curl php5-mysql sudo php5-intl vim ntpdate

# How to discover the UUID of the disks
ls -l /dev/disk/by-uuid

# Recovering grub boot
update-initramfs -c -k <kernel>
/sbin/grub-install /dev/sda
# If wont work, update the fstab to UID
blkid >> /etc/fstab

vi /etc/fstab
svnadmin dump /PathToRepository | gzip -9 > svnexport.dump
gunzip -c svnexport.dump | svnadmin load /PathToRepository
Subversion Recovery Without a Backup
# MySQL #Change Pass SET PASSWORD FOR 'user'@'%' = PASSWORD('pass'); # Create DB and user CREATE USER 'blaat'@'%' IDENTIFIED BY 'PASS'; GRANT USAGE ON * . * TO 'blaat'@'%' IDENTIFIED BY 'PASS' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ; CREATE DATABASE IF NOT EXISTS blaat ; GRANT ALL PRIVILEGES ON blaat.* TO 'blaat'@'%'; # Check Indexes by DB select table_name, count(*) from ( SELECT table_name, index_name FROM information_schema.statistics WHERE table_schema = 'testtable' GROUP BY table_name, index_name) tab_ind_cols group by table_name # Recovering hardware fail HD # Get the bad sector and write on it. hdparm --read-sector 1261069669 /dev/sdb hdparm --write-sector 1261069669 /dev/sdb # LOG # Configure log on /tmp/testing auditctl -w /tmp/testing -k nomemonitor -p w ausearch -i -k nomemonitor # IPTABLES # Redirect iptables -A PREROUTING -t nat -i eth1 -p tcp --dport 80 -j DNAT --to iptables -A INPUT -p tcp -m state --state NEW --dport 80 -i eth1 -j ACCEPT # EXIM # Show queue exim -bp # Read some message exim -Mvl messageID => View the log for the message exim -Mvb messageID => View the body of the message exim -Mvh messageID => View the header of the message # Clear frozen queue /usr/sbin/exim -bpr | grep frozen | awk {'print $3'} | xargs exim -Mrm ## HTTPD - apache def security options php.ini expose_php = Off /etc/apache2/conf-enabled/security.conf ServerTokens Prod ServerSignature Off /etc/apache2/apache2.conf
# Remove directory listing
Options Includes FollowSymLinks MultiViews
Check what module is apache running:
a2query -M
apache2 -l
# Tune apache.
# To increase the concurrent connections use this calc.
# Check the apache max memory usage:
ps aux --sort -rss | grep apache | awk '{ print ($6)/1024, "MB" }'
# Then divide to 60% of your server max memory.
# or use curl | perl

show log kmd
show log messages

# Check Status:
# phase1
show security ike security-associations
show security ike security-associations index 4 detail
# phase2
show security ipsec security-associations
show security ipsec security-associations index 2 detail
show security ipsec statistics index 2
# Restart
restart ipsec-key-management

## OpenBSD
# Create Bridge IF
# cat /etc/hostname.vether0
inet media 100baseTX mediaopt full-duplex
# cat /etc/hostname.re0
up media 100baseTX mediaopt full-duplex
# cat /etc/hostname.lii0
up media 100baseTX mediaopt full-duplex
# cat /etc/hostname.bridge0
add vether0
add lii0
add re0

## VMWare
# Shutdown && /sbin/poweroff

# Update
# open firewall for outgoing http requests:
esxcli network firewall ruleset set -e true -r httpClient
# Update using the ESXi 5.5 U2 Imageprofile from the VMware Online depot
esxcli software profile update -d -p ESXi-5.5.0-20140902001-standard
# Reboot your host
# Load default mail conf:
/usr/local/psa/admin/sbin/mchk --with-spam

# Add hosts to whitelist:
/usr/local/psa/bin/grey_listing --update-server -domains-whitelist "add:*"

# Show Conf:
/usr/local/psa/bin/grey_listing -i

# Send e-mail with this content to check if spamassassin is working:

# Install
vagrant box add ARTACK/debian-jessie
vagrant init ARTACK/debian-jessie
# Iniciando
vagrant up

## VNC
sudo apt-get install mate-desktop-environment vncserver
Entrar no usuário desejado rodar o vncserver para criar os arquivos principais depois editar o .vnc/xstartup e deixar apenas:
exec /usr/bin/mate-session
Depois adicionar su - usuariobla -c '/usr/bin/vncserver’ no rc.local
# Desabilitar e-mail

# nikto
set target
crawl web_spider, phpinfo, pykto, google_spider
output html_file
output config html_file
set output_file wass/lavioletera.html
audit xss, blind_sqli, csrf, os_commanding, phishing_vector

# Setting timezone in Debian
sudo dpkg-reconfigure tzdata

# Cron
MAILTO="" # Disable mail
gsettings set org.gnome.system.proxy mode 'manual'
gsettings set org.gnome.system.proxy.http host ''
gsettings set org.gnome.system.proxy.http port 8080
gsettings set org.gnome.system.proxy.http use-authentication true
gsettings set org.gnome.system.proxy.http authentication-password 'xx'
gsettings set org.gnome.system.proxy.http authentication-user 'xx'
gsettings set org.gnome.system.proxy.http enabled enable
gsettings set org.gnome.system.proxy.https host ''
gsettings set org.gnome.system.proxy.https port 0
netstat -atunp
# Docker Swarm
    # for debugging
    entrypoint: ["sh", "-c", "sleep 8887774"]


Useful Commands

# Check syntax
puppet parser validate site.pp

# Show module details
puppet config print modulepath

# How to install a new client
# Change the server info in the [main] key of /etc/puppet/puppet.conf
# Ex.

# Check Client (Client side)
puppet agent --enable
puppet agent --no-daemonize --onetime --verbose

# Check clients (Server side)
puppet cert list

# Accept or sign new clients
puppet cert sign ""