Archive for April, 2009
Backup mysql database to remote database
by sudo on Apr.09, 2009, under Linux
mysqldump --verbose --opt -u'username' -p'password' 'database' --tables 'table' | grep -v SQL_NOTES | mysql --host='hostname or IP' -u'username' -p'password' 'database'
Input all required information and remove the single quotations.
This specific command does a mySQL dump for a specific table within a database and pipes this output to a remote mySQL database connection.
The ‘grep -v’ was added to parse out SQL_NOTES as sending machine was 4.1.22 and receiver was 5.0.0 and did not like the syntax.
Display successful SSH brute force attempts from secure logs
by sudo on Apr.07, 2009, under Linux
for i in `grep "Failed password for invalid user" /var/log/secure | awk '{ print $13 }' | sort | uniq`; do grep $i /var/log/secure | grep "Accepted"; done
This is a work in progress.
Parses IPs from failed SSH attempts then runs it against the logs again for successful attempts.
Configure additional port for Qmail/ProFTPd
by sudo on Apr.07, 2009, under Linux
Add an entry in /etc/services for the specific port number you would like to listen on. Preferably copy the lines for 25/SMTP.
smtp 25/tcp mail
smtp 25/udp mail
smtp-alt 225/tcp mail
smtp-alt 225/udp mail
In the /etc/xinetd.d/ directory, copy smtp_psa to smtp2_psa. Open smtp2_psa and change the first line.
service smtp
to
service smtp-alt
Restart xinetd after complete and verify service is listening on the correct port.
– This can be applied to other services such as ProFTPd.
Summarize concurrent HTTP connections
by sudo on Apr.01, 2009, under Apache, Linux
This will display how many different IPs are connected to the server via port 80.
netstat -plant | grep "insertIPhere:80" | awk '{ print $5 }' | cut -d ":" -f 1 | sort | uniq | wc -l
Modifying the previous slightly allows us to display, in descending order, all the IPs connecting on port 80 and how many active connections they have.
netstat -plant | grep "-insertIPhere:80" | awk '{ print $5 }' | cut -d ":" -f 1 | sort | uniq -c | sort -rn
Parsing secure/auth logs for failed SSH attempts
by sudo on Apr.01, 2009, under Linux
grep "Failed password for invalid user" /var/log/secure | awk '{ print $13 }' | sort | uniq -c | sort -rn
These will only parse for failed users other than root. Will display which IPs failed authentication and how many times in descending order.
The following will work for root.
grep "Failed password for root" /var/log/secure | awk '{ print $11 }' | sort | uniq -c | sort -rn
And for valid users.
grep "Failed password for " /var/log/secure | egrep -v "invalid|root" | awk '{ print $11 }' | sort | uniq -c | sort -rn
