Brain Dump – General

Brain Dump SysAdmin

# Example of sort group via bash
cut -d " " -f7 179.245.145.70.txt | sort | uniq -c | sort -n
# of
cat a | awk '{ print $10}'  | sort | uniq -c | sort -n


# Find some text only on .php files
find . -type f -iname '*.php' -exec grep -Hn YOURSEARCH {} \;

# trafshow similar
iptraf

# Replace multiple files
grep -rl 'windows' ./ | xargs sed -i 's/windows/linux/g'

# Find out what device is /dev/root
grep root /proc/cmdline
# Swap Usage
for file in /proc/*/status ; do awk '/VmSwap|Name/{printf $2 " " $3}END{ print ""}' $file; done | sort -k 2 -n -r | less

# Process cpu usage by user by core
top
# press 1 to show usage per cpu
# press u to show process by user

# Change default perms
# Put in .profile and .bashrc
umask 002 # rw-rw-r

# Searching strings only on .php files
grep -rnw --include=*.php "base64_decode” .

# Show only names
grep -rnw --include=*.php "base64_decode" . | cut -f1 -d":" > teste.txt

# Perms linux ACL
setfacl -R -d -m g:web:rw /var/www
getfacl /var/www
usermod -a -G web leandro

# clear perms
setfacl -b

# SSH no pass
cat ~/.ssh/id_dsa.pub | ssh user@xxx.xxx.com "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
-- script to multiple --
#!/bin/bash
while read p; do
 cat ~/.ssh/id_dsa.pub | ssh user@$p "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
done <servers.txt

# How to create usb boot
UNetbootin

# SSLCertificate
openssl req -nodes -newkey rsa:2048 -keyout www..key -out www..csr

# RSYNC
rsync -avzP --delete root@x.x.x.x:/var/vpopmail/domains/ /var/vpopmail/domains

# SNMP
com2sec eSegNET nag.hostname.com PASSWORD
group Public v2c eLALAnet (name of group)
view all included .1 80
access Public "" any noauth exact all none none
syscontact Administrador (EMAIL)

# QMAIL
Limit connections per IP
iptables -I INPUT 1 -p tcp -m tcp --dport 110 --syn -m connlimit --connlimit-above 20 -j LOG --log-prefix RATELIMIT_POP3
iptables -I INPUT 2 -p tcp -m tcp --dport 110 --syn -m connlimit --connlimit-above 20 -j REJECT --reject-with tcp-reset
iptables -I INPUT 1 -p tcp -m tcp --dport 25 --syn -m connlimit --connlimit-above 12 -j LOG --log-prefix RATELIMIT_SMTP
iptables -I INPUT 2 -p tcp -m tcp --dport 25 --syn -m connlimit --connlimit-above 12 -j REJECT --reject-with tcp-reset
iptables -I INPUT 1 -p tcp -m tcp --dport 465 --syn -m connlimit --connlimit-above 10 -j LOG --log-prefix RATELIMIT_SSMTP
iptables -I INPUT 2 -p tcp -m tcp --dport 465 --syn -m connlimit --connlimit-above 10 -j REJECT --reject-with tcp-reset
iptables -I INPUT 1 -p tcp -m tcp --dport 587 --syn -m connlimit --connlimit-above 10 -j LOG --log-prefix RATELIMIT_SSMTP2
iptables -I INPUT 2 -p tcp -m tcp --dport 587 --syn -m connlimit --connlimit-above 10 -j REJECT --reject-with tcp-reset

## DEBIAN
# Change default editor
update-alternatives --config editor

# Basic packages for webserver
aptitude install apache php5 mysql-server screen vim php5-gd php5-curl php5-mysql sudo php5-intl vim ntpdate

# How to discover the UUID of the disks
ls -l /dev/disk/by-uuid

# Recovering grub boot
update-initramfs -c -k <kernel>
update-grub
/sbin/grub-install /dev/sda
# If wont work, update the fstab to UID
blkid >> /etc/fstab

# !!!CORRECT MANUALLY!!!
vi /etc/fstab
# SVN
svnadmin dump /PathToRepository | gzip -9 > svnexport.dump
gunzip -c svnexport.dump | svnadmin load /PathToRepository
Subversion Recovery Without a Backup
# MySQL #Change Pass SET PASSWORD FOR 'user'@'%' = PASSWORD('pass'); # Create DB and user CREATE USER 'blaat'@'%' IDENTIFIED BY 'PASS'; GRANT USAGE ON * . * TO 'blaat'@'%' IDENTIFIED BY 'PASS' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ; CREATE DATABASE IF NOT EXISTS blaat ; GRANT ALL PRIVILEGES ON blaat.* TO 'blaat'@'%'; # Check Indexes by DB select table_name, count(*) from ( SELECT table_name, index_name FROM information_schema.statistics WHERE table_schema = 'testtable' GROUP BY table_name, index_name) tab_ind_cols group by table_name # Recovering hardware fail HD # Get the bad sector and write on it. hdparm --read-sector 1261069669 /dev/sdb hdparm --write-sector 1261069669 /dev/sdb # LOG # Configure log on /tmp/testing auditctl -w /tmp/testing -k nomemonitor -p w ausearch -i -k nomemonitor # IPTABLES # Redirect iptables -A PREROUTING -t nat -i eth1 -p tcp --dport 80 -j DNAT --to 192.168.1.50:80 iptables -A INPUT -p tcp -m state --state NEW --dport 80 -i eth1 -j ACCEPT # EXIM # Show queue exim -bp # Read some message exim -Mvl messageID => View the log for the message exim -Mvb messageID => View the body of the message exim -Mvh messageID => View the header of the message # Clear frozen queue /usr/sbin/exim -bpr | grep frozen | awk {'print $3'} | xargs exim -Mrm ## HTTPD - apache def security options php.ini expose_php = Off /etc/apache2/conf-enabled/security.conf ServerTokens Prod ServerSignature Off /etc/apache2/apache2.conf
# Remove directory listing
Options Includes FollowSymLinks MultiViews
Check what module is apache running:
a2query -M
or
apache2 -l
​
# Tune apache.
# To increase the concurrent connections use this calc.
# Check the apache max memory usage:
ps aux --sort -rss | grep apache | awk '{ print ($6)/1024, "MB" }'
# Then divide to 60% of your server max memory.
# or use curl https://raw.githubusercontent.com/will-parsons/apachebuddy.pl/master/apachebuddy.pl | perl

## JUNIPER
# SRX
# Debug VPN IPSEC
show log kmd
show log messages

# Check Status:
# phase1
show security ike security-associations
show security ike security-associations index 4 detail
# phase2
show security ipsec security-associations
show security ipsec security-associations index 2 detail
show security ipsec statistics index 2
# Restart
restart ipsec-key-management

## OpenBSD
# Create Bridge IF
# cat /etc/hostname.vether0
inet 200.199.252.91 255.255.255.248 200.199.252.95 media 100baseTX mediaopt full-duplex
# cat /etc/hostname.re0
up media 100baseTX mediaopt full-duplex
# cat /etc/hostname.lii0
up media 100baseTX mediaopt full-duplex
# cat /etc/hostname.bridge0
add vether0
add lii0
add re0
up

## VMWare
# Shutdown
shutdown.sh && /sbin/poweroff

# Update
# open firewall for outgoing http requests:
esxcli network firewall ruleset set -e true -r httpClient
# Update using the ESXi 5.5 U2 Imageprofile from the VMware Online depot
esxcli software profile update -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml -p ESXi-5.5.0-20140902001-standard
# Reboot your host
reboot
## PLESK
# Load default mail conf:
/usr/local/psa/admin/sbin/mchk --with-spam

# Add hosts to whitelist:
/usr/local/psa/bin/grey_listing --update-server -domains-whitelist "add:*.hotmail.com"

# Show Conf:
/usr/local/psa/bin/grey_listing -i

# MAIL
# Send e-mail with this content to check if spamassassin is working:
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

# VAGRANT
# Install
vagrant box add ARTACK/debian-jessie https://atlas.hashicorp.com/ARTACK/boxes/debian-jessie
vagrant init ARTACK/debian-jessie
# Iniciando
vagrant up

## VNC
sudo apt-get install mate-desktop-environment vncserver
Entrar no usuário desejado rodar o vncserver para criar os arquivos principais depois editar o .vnc/xstartup e deixar apenas:
#!/bin/sh
exec /usr/bin/mate-session
Depois adicionar su - usuariobla -c '/usr/bin/vncserver’ no rc.local
CRONTAB
# Desabilitar e-mail
MAILTO=""
W3AF

# nikto
cleanup
target
set target http://www.site.com.br
back
plugins
crawl web_spider, phpinfo, pykto, google_spider
output html_file
output config html_file
set output_file wass/lavioletera.html
back
audit xss, blind_sqli, csrf, os_commanding, phishing_vector
back
start

# Setting timezone in Debian
sudo dpkg-reconfigure tzdata

# Cron
MAILTO="" # Disable mail
SETPROXY
gsettings set org.gnome.system.proxy mode 'manual'
gsettings set org.gnome.system.proxy.http host '192.168.0.1'
gsettings set org.gnome.system.proxy.http port 8080
gsettings set org.gnome.system.proxy.http use-authentication true
gsettings set org.gnome.system.proxy.http authentication-password 'xx'
gsettings set org.gnome.system.proxy.http authentication-user 'xx'
gsettings set org.gnome.system.proxy.http enabled enable
gsettings set org.gnome.system.proxy.https host '192.168.0.1'
gsettings set org.gnome.system.proxy.https port 0
netstat -atunp
# Docker Swarm
services:
  SERVICE_NAME:
    # for debugging
    entrypoint: ["sh", "-c", "sleep 8887774"]

Puppet

Useful Commands

# Check syntax
puppet parser validate site.pp

# Show module details
puppet config print modulepath

# How to install a new client
# Change the server info in the [main] key of /etc/puppet/puppet.conf
# Ex.
[main]
server=mypuppet.myserver.com

# Check Client (Client side)
puppet agent --enable
puppet agent --no-daemonize --onetime --verbose

# Check clients (Server side)
puppet cert list

# Accept or sign new clients
puppet cert sign "client.myserve.com"