~$ sudo apt-get


Delete Sendmail Queue

by on May.13, 2009, under Linux, Mail, Sendmail

When rm -rf /var/spool/mqueue gives you ‘bash: /bin/rm: Argument list too long’, you can use the following.

find /var/spool/mqueue/. -type f -exec rm -f {} ;
Leave a Comment more...

Total memory usage by Apache processes

by on May.13, 2009, under Apache, Linux, Server

ps ax | grep httpd | awk '{ print $1 }' | xargs pmap -x | awk '{ SUM += $2 } END { print SUM }'
Leave a Comment more...

Fixing Urchin – Urchin: Unable to open database for writing since it has been archived

by on May.04, 2009, under Linux

mkdir tmp; for i in `find ./*archive.zip`; do unzip $i; mv $i tmp; done; chown urchin:urchin *

Must be in the report directory for the profile.

/usr/local/urchin/data/reports/[profile name]

Leave a Comment more...

Backup mysql database to remote database

by on Apr.09, 2009, under Linux

mysqldump --verbose --opt -u'username' -p'password' 'database' --tables 'table' | grep -v SQL_NOTES | mysql --host='hostname or IP' -u'username' -p'password' 'database'

Input all required information and remove the single quotations.

This specific command does a mySQL dump for a specific table within a database and pipes this output to a remote mySQL database connection.

The ‘grep -v’ was added to parse out SQL_NOTES as sending machine was 4.1.22 and receiver was 5.0.0 and did not like the syntax.

Leave a Comment more...

Display successful SSH brute force attempts from secure logs

by on Apr.07, 2009, under Linux

for i in `grep "Failed password for invalid user" /var/log/secure | awk '{ print $13 }' | sort | uniq`; do grep $i /var/log/secure | grep "Accepted"; done

This is a work in progress.

Parses IPs from failed SSH attempts then runs it against the logs again for successful attempts.

Leave a Comment more...

Configure additional port for Qmail/ProFTPd

by on Apr.07, 2009, under Linux

Add an entry in /etc/services for the specific port number you would like to listen on. Preferably copy the lines for 25/SMTP.

smtp 25/tcp mail
smtp 25/udp mail
smtp-alt 225/tcp mail
smtp-alt 225/udp mail

In the /etc/xinetd.d/ directory, copy smtp_psa to smtp2_psa. Open smtp2_psa and change the first line.

service smtp
service smtp-alt

Restart xinetd after complete and verify service is listening on the correct port.

– This can be applied to other services such as ProFTPd.

Leave a Comment more...

Summarize concurrent HTTP connections

by on Apr.01, 2009, under Apache, Linux

This will display how many different IPs are connected to the server via port 80.

netstat -plant | grep "insertIPhere:80" | awk '{ print $5 }' | cut -d ":" -f 1 | sort | uniq | wc -l

Modifying the previous slightly allows us to display, in descending order, all the IPs connecting on port 80 and how many active connections they have.

netstat -plant | grep "-insertIPhere:80" | awk '{ print $5 }' | cut -d ":" -f 1 | sort | uniq -c | sort -rn
Leave a Comment more...

Parsing secure/auth logs for failed SSH attempts

by on Apr.01, 2009, under Linux

grep "Failed password for invalid user" /var/log/secure | awk '{ print $13 }' | sort | uniq -c | sort -rn

These will only parse for failed users other than root. Will display which IPs failed authentication and how many times in descending order.

The following will work for root.

grep "Failed password for root" /var/log/secure | awk '{ print $11 }' | sort | uniq -c | sort -rn

And for valid users.

grep "Failed password for " /var/log/secure | egrep -v "invalid|root" | awk '{ print $11 }' | sort | uniq -c | sort -rn
Leave a Comment more...

Modified Apache Summary – Top 100 Files and IPs

by on Mar.27, 2009, under Apache, Linux

TOPFILES=100;TOPIPS=100;DATE=`date +%d.%b.%Y:%H`;for i in `lsof -p $(netstat -ltpn|awk '$4 ~ /:80$/ {print 
substr($7,1,index($7,"/")-1)}'|head -1)| awk '$9 ~ /access.log$/ {print $9| "sort -u"}'` ;  do echo "-------"$i"------"$DATE; 
awk '$4 ~ /^.'$DATE'/ {day=substr($4,2,2);hour=substr($4,14,2);sixth=substr($4,17,1); 
hit[day"t"hour"."sixth"0 - "hour"."sixth"9"]++;ip[$1]++;bytes[day"t"hour"."sixth"0 - "hour"."sixth"9"]+=$10; 
flds=split($7, req, ///);toss=split(req[flds],fn,/?/);files[fn[1]]++ } END { for (i in hit) 
{ print hit[i]"t"i"t"sprintf("%2.2d",bytes[i]/1024)"K"|"sort -k 3,3n"}; print "";for (i in ip) { if(ip[i] > '$TOPIPS') 
{ print ip[i]"t"i|"sort -n;echo """}}; for (i in files) { if(files[i] > '$TOPFILES') {print files[i], i|"sort -k 1,1n;echo """}} }' 

Original one-liner would not work with directives specifying IPs to listen on versus

Leave a Comment more...

I hate blogs …

by on Feb.12, 2009, under Linux

so this will be a repository of useful information.  I promise no mindless ranting regarding my personal life.

Leave a Comment more...

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Visit our friends!

A few highly recommended friends...