~$ sudo apt-get

When rm -rf /var/spool/mqueue gives you ‘bash: /bin/rm: Argument list too long’, you can use the following.

find /var/spool/mqueue/. -type f -exec rm -f {} ;

ps ax | grep httpd | awk '{ print $1 }' | xargs pmap -x | awk '{ SUM += $2 } END { print SUM }'

mkdir tmp; for i in `find ./*archive.zip`; do unzip $i; mv $i tmp; done; chown urchin:urchin *

Must be in the report directory for the profile.

/usr/local/urchin/data/reports/[profile name]

mysqldump --verbose --opt -u'username' -p'password' 'database' --tables 'table' | grep -v SQL_NOTES | mysql --host='hostname or IP' -u'username' -p'password' 'database'

Input all required information and remove the single quotations.

This specific command does a mySQL dump for a specific table within a database and pipes this output to a remote mySQL database connection.

The ‘grep -v’ was added to parse out SQL_NOTES as sending machine was 4.1.22 and receiver was 5.0.0 and did not like the syntax.

for i in `grep "Failed password for invalid user" /var/log/secure | awk '{ print $13 }' | sort | uniq`; do grep $i /var/log/secure | grep "Accepted"; done

This is a work in progress.

Parses IPs from failed SSH attempts then runs it against the logs again for successful attempts.

Add an entry in /etc/services for the specific port number you would like to listen on. Preferably copy the lines for 25/SMTP.

smtp 25/tcp mail
smtp 25/udp mail
smtp-alt 225/tcp mail
smtp-alt 225/udp mail

In the /etc/xinetd.d/ directory, copy smtp_psa to smtp2_psa. Open smtp2_psa and change the first line.

service smtp
to
service smtp-alt

Restart xinetd after complete and verify service is listening on the correct port.

– This can be applied to other services such as ProFTPd.

This will display how many different IPs are connected to the server via port 80.

netstat -plant | grep "insertIPhere:80" | awk '{ print $5 }' | cut -d ":" -f 1 | sort | uniq | wc -l

Modifying the previous slightly allows us to display, in descending order, all the IPs connecting on port 80 and how many active connections they have.

netstat -plant | grep "-insertIPhere:80" | awk '{ print $5 }' | cut -d ":" -f 1 | sort | uniq -c | sort -rn

grep "Failed password for invalid user" /var/log/secure | awk '{ print $13 }' | sort | uniq -c | sort -rn

These will only parse for failed users other than root. Will display which IPs failed authentication and how many times in descending order.

The following will work for root.

grep "Failed password for root" /var/log/secure | awk '{ print $11 }' | sort | uniq -c | sort -rn

And for valid users.

grep "Failed password for " /var/log/secure | egrep -v "invalid|root" | awk '{ print $11 }' | sort | uniq -c | sort -rn

TOPFILES=100;TOPIPS=100;DATE=`date +%d.%b.%Y:%H`;for i in `lsof -p $(netstat -ltpn|awk '$4 ~ /:80$/ {print 
substr($7,1,index($7,"/")-1)}'|head -1)| awk '$9 ~ /access.log$/ {print $9| "sort -u"}'` ;  do echo "-------"$i"------"$DATE; 
awk '$4 ~ /^.'$DATE'/ {day=substr($4,2,2);hour=substr($4,14,2);sixth=substr($4,17,1); 
hit[day"t"hour"."sixth"0 - "hour"."sixth"9"]++;ip[$1]++;bytes[day"t"hour"."sixth"0 - "hour"."sixth"9"]+=$10; 
flds=split($7, req, ///);toss=split(req[flds],fn,/?/);files[fn[1]]++ } END { for (i in hit) 
{ print hit[i]"t"i"t"sprintf("%2.2d",bytes[i]/1024)"K"|"sort -k 3,3n"}; print "";for (i in ip) { if(ip[i] > '$TOPIPS') 
{ print ip[i]"t"i|"sort -n;echo """}}; for (i in files) { if(files[i] > '$TOPFILES') {print files[i], i|"sort -k 1,1n;echo """}} }' 
$i;done

Original one-liner would not work with directives specifying IPs to listen on versus 0.0.0.0.

so this will be a repository of useful information.  I promise no mindless ranting regarding my personal life.