Sunday, October 30, 2005

Investigating all open ports on Linux web server - Programming One Liner 18 - 21

Unneeded open ports can be costly for your business!


If you have unneeded and unexplained ports open on your server, you are calling for trouble.


nmap -p 1-65535 localhost


This programming one liner allows you to look for all open ports (ports that are currently listening) on your Linux server.


Programming "One Liner" lookup terms:
nmap fuser

Output of running the above command will produce something similar to:


Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Interesting ports on localhost.localdomain (127.0.0.1):
(The 65517 ports scanned but not shown below are in state: closed)
Port State Service
21/tcp open ftp
22/tcp open ssh
53/tcp open domain
80/tcp open http
110/tcp open pop-3
143/tcp open imap2
199/tcp open smux
443/tcp open https
631/tcp open ipp
783/tcp open hp-alarm-mgr
953/tcp open rndc
993/tcp open imaps
995/tcp open pop3s
3306/tcp open mysql
5981/tcp open unknown
6001/tcp open X11:1

Nmap run completed -- 1 IP address (1 host up) scanned in 155 seconds


Investigating a port


Which process is using the port? Programming One Liner 19

If you are interested in looking up which process is using the port, use the following fuser command. We are investigating port 783 which is currently open for the service named hp-alarm-mgr.


fuser -n tcp 783


The output of fuser is as follows

783/tcp: 2385




Finding the process owner


Who owns the process? Programming One Liner 20

Now that we know the process id (pid), we can find out details about the process.


cat /proc/2385/status


The status information will include a lot of details about the process.

Name: spamd
State: S (sleeping)
Tgid: 2385
Pid: 2385
PPid: 1
TracerPid: 0
Uid: 0 0 0 0
Gid: 0 0 0 0
FDSize: 32
Groups:
VmSize: 22920 kB
VmLck: 0 kB
VmRSS: 716 kB
VmData: 16664 kB
VmStk: 72 kB
VmExe: 12 kB
VmLib: 3944 kB
SigPnd: 0000000000000000
ShdPnd: 0000000000000000
SigBlk: 0000000000000000
SigIgn: 0000000000010080
SigCgt: 0000000080005002
CapInh: 0000000000000000
CapPrm: 00000000fffffeff
CapEff: 00000000fffffeff



We can see the software package running the process is spamd and its owned by uid 0 (super user).



What command was used to run the process? Programming One Liner 21

The status information will include a lot of details about the process.



To find further details, such as the command used to invoke the process:


ps 2385



We can see the following details:


PID TTY STAT TIME COMMAND
2385 ? S 0:00 /usr/bin/spamd -d -c -a



Programming "One Liner" lookup terms:
nmap fuser cat




USE THIS PROGRAMMING ONE LINER AT OWN RISK AS AUTHOR CLAIMS NO RESPONSIBILITY.
If you would like more information on any of the commands, please feel free to contact me with your . You can also read other posts on programming code, lookup the programming terms displayed above or visit my network security blog. Other external programming blogs on Technorati and programming blogs on Google.

Watch /var/log/messages for SSH intruders - Programming One Liner 17

Monitoring /var/log/messages


date >> /user/security/ssh-intruders.log ; cat /var/log/messages* | grep -i "sshd.*authentication failure" | sort | awk '{FS="rhost="; print $2}' | awk '{FS="user="; print $1}' | grep ".*\..*\." | grep -v "knownhost.com" | grep -v "knownhost2.com" | sort | uniq | while read i; do counter=`grep -i "$i" /var/log/messages* | wc -l` ; echo "$counter attempts by $i"; done >> /user/security/ssh-intruders.log ; cat /user/security/ssh-intruders.log


This programming one liner allows you to query /var/log/messages files for break-in attempts. Prints the total count of attempts by each intruder.


The following output (sample) is produced


3 attempts by 163.27.207.193
2 attempts by 84.243.73.25
14 attempts by ali.2kads.cz
17 attempts by c66.110.175-222.clta.globetrotter.net
9 attempts by pro-177.im.cju.edu.tw
9 attempts by pro-177.im.cju.edu.tw


Programming "One Liner" lookup terms:
cat awk sed sort uniq wc date

USE THIS PROGRAMMING ONE LINER AT OWN RISK AS AUTHOR CLAIMS NO RESPONSIBILITY.
If you would like more information on any of the commands, please feel free to contact me with your . You can also read other posts on programming code, lookup the programming terms displayed above or visit my network security blog. Other external programming blogs on Technorati and programming blogs on Google.

Saturday, October 29, 2005

Query RPM packages for information - Programming One Liner 16

Get information about a RPM


[root@plain home]# rpm -qip gnome-desktop-2.2.2-2.2E.src.rpm
Name : gnome-desktop Relocations: (not relocatable)
Version : 2.2.2 Vendor: Red Hat, Inc.
Release : 2.2E Build Date: Wed 20 Jul 2005 04:12:27 PM CDT
Install Date: (not installed) Build Host: crowe.devel.redhat.com
Group : System Environment/Libraries Source RPM: (none)
Size : 1081813 License: GPL
Signature : DSA/SHA1, Wed 10 Aug 2005 03:04:49 AM CDT, Key ID 219180cddb42a60e
Packager : Red Hat, Inc.
URL : http://www.gnome.org
Summary : Package containing code shared among gnome-panel, gnome-session, nautilus, etc.
Description :
The gnome-desktop package contains an internal library
(libgnomedesktop) used to implement some portions of the GNOME
desktop, and also some data files and other shared components of the
GNOME user environment.


This programming one liner allows you to display RPM (Red Hat package manager) information.


Programming "One Liner" lookup terms:
rpm
Options used
-q = query
-i = information
-p = packages

USE THIS PROGRAMMING ONE LINER AT OWN RISK AS AUTHOR CLAIMS NO RESPONSIBILITY.
If you would like more information on any of the commands, please feel free to contact me with your . You can also read other posts on programming code, lookup the programming terms displayed above or visit my network security blog. Other external programming blogs on Technorati and programming blogs on Google.

Send a message to all users - Programming One Liner 15

Broadcasting a message


wall


This programming one liner allows you to everyone connected to a terminal. Simply type wall, enter the message and press Ctrl-d to send it.



[root@plain user]# wall
fixed

Broadcast message from root (pts/0) (Sat Oct 29 22:52:36 2005):

fixed



Programming "One Liner" lookup terms:
wall

USE THIS PROGRAMMING ONE LINER AT OWN RISK AS AUTHOR CLAIMS NO RESPONSIBILITY.
If you would like more information on any of the commands, please feel free to contact me with your . You can also read other posts on programming code, lookup the programming terms displayed above or visit my network security blog. Other external programming blogs on Technorati and programming blogs on Google.

Create and verify a tarball for a directory - Programming One Liner 14

tar - working with tarballs


tar -Wcvf /user/backups/site6-fst.tar etc home var >/designerz/backups/log.site6.fst.bk


This programming one liner allows you to create a verified archive. The command generates all files processed to the screen.


Programming "One Liner" lookup terms:
tar

USE THIS PROGRAMMING ONE LINER AT OWN RISK AS AUTHOR CLAIMS NO RESPONSIBILITY.
If you would like more information on any of the commands, please feel free to contact me with your . You can also read other posts on programming code, lookup the programming terms displayed above or visit my network security blog. Other external programming blogs on Technorati and programming blogs on Google.

Process Information - Programming One Liner 12 - 13

ps - process information


ps 316


For a currently running process, you can use ps with the process id (pid) to see information about the process and to verify that its still running.


Programming "One Liner" lookup terms:
ps


Programming One Liner 13
See all processing currently running (started by you)

[root@plain html]# ps
PID TTY TIME CMD
20056 pts/5 00:00:05 bash
316 pts/5 00:07:53 tar
3302 pts/5 00:00:00 ps



USE THIS PROGRAMMING ONE LINER AT OWN RISK AS AUTHOR CLAIMS NO RESPONSIBILITY.
If you would like more information on any of the commands, please feel free to contact me with your . You can also read other posts on programming code, lookup the programming terms displayed above or visit my network security blog. Other external programming blogs on Technorati and programming blogs on Google.

Restoring files from an old hard drive to new drive - Programming One Liner 11

Using rsync to restoring directories between two drives


rsync -vrplogDtH /olda/dir /home/dir


This programming one liner allows you to restore / copy files from one hard drive to another. This can be useful in cases when you have a hacked hard drive as slave attached to your web server and now you want to restore files.


Programming "One Liner" lookup terms:
rsync rcp
Brief explanation of options used with rsync for restoring files between hard drives.
-v, --verbose increase verbosity
-r, --recursive recurse into directories
-p, --perms preserve permissions
-l, --links copy symlinks as symlinks
-o, --owner preserve owner (root only)
-g, --group preserve group
-D, --devices preserve devices (root only)
-t, --times preserve times
-H, --hard-links preserve hard links


USE THIS PROGRAMMING ONE LINER AT OWN RISK AS AUTHOR CLAIMS NO RESPONSIBILITY.
If you would like more information on any of the commands, please feel free to contact me with your . You can also read other posts on programming code, lookup the programming terms displayed above or visit my network security blog. Other external programming blogs on Technorati and programming blogs on Google.

Files and folders in a directory with ls and dir - Programming One Liner 5 - 10

Contents of a directory


This programming one liner allows you to see what files and directories are available within a folder on your Linux web server. Upon invocation of this one liner, the contents of your current directory (pwd) will be displayed.


ls


If you believe your ls binary is corrupt (due to a server hack) or just to use an alternate command, you can use the following command on Linux server to get the same results. dir and ls are infact two different binaries.


Programming One Liner # 6

dir



The following one liner will let you view detailed information about files and directories within your present directory. This command is commonly termed as "long listing format".


Programming One Liner # 7

ls -l


Similarly, you can use the long listing option with dir command.


Programming One Liner # 8

dir -l



This command can be used to view the listings with color codings (if supported by your Linux web server).


Programming One Liner # 9

ls --color=tty



To make the color coded listings part of your profile, simply add the following lines to your .bash_profile directory. You can also execute this command to just color code the listings for your current session.


Programming One Liner # 10

alias ls='ls --color=tty'




Programming "One Liner" lookup terms:
ls dir

USE THIS PROGRAMMING ONE LINER AT OWN RISK AS AUTHOR CLAIMS NO RESPONSIBILITY.
If you would like more information on any of the commands, please feel free to contact me with your . You can also read other posts on programming code, lookup the programming terms displayed above or visit my network security blog. Other external programming blogs on Technorati and programming blogs on Google.

Total Disk used by a file or directory server - Programming One Liner 4

Directory Disk Usage


du -h -s site6-www.tar.defunct


This programming one liner allows you to view total disk used by a folder or file on a server in a summarized and readable format.


Programming "One Liner" lookup terms:
df du

USE THIS PROGRAMMING ONE LINER AT OWN RISK AS AUTHOR CLAIMS NO RESPONSIBILITY.
If you would like more information on any of the commands, please feel free to contact me with your . You can also read other posts on programming code, lookup the programming terms displayed above or visit my network security blog. Other external programming blogs on Technorati and programming blogs on Google.

Remove Server Directory - Programming One Liner 3

Removing a directory on server


rm -r -f /tmp/directory


This programming one liner allows you to recursively, completely and forcefully remove the directory.


Programming "One Liner" lookup terms:
rm unlink

USE THIS PROGRAMMING ONE LINER AT OWN RISK AS AUTHOR CLAIMS NO RESPONSIBILITY.
If you would like more information on any of the commands, please feel free to contact me with your . You can also read other posts on programming code, lookup the programming terms displayed above or visit my network security blog. Other external blogs on Technorati and programming blogs on Google.

Things not making sense? Want to improve your productivity? Let me help you with your programming projects

Dear reader,

If you would like more information on any of the programming commands on this site, or need help with your programming projects, please feel free to contact me by posting a comment on any of these post. I will help you understand any one liner in complete detail to help increase your productivity and programming knowledge for a very economical fee.

In addition, if you have any general questions, please post a comment. I look forward to helping you with your projects and answering your programming questions.

Thank you for your interest,
Frank Mash (Frankly Speaking)

Server Backup - Programming One Liner 2

Server directory backup


cd /user/backups; ls -1 /oldb2/home/virtual/ | grep site | grep -v '-' | while read i; do bkdir=/oldb2/home/virtual/$i; echo $i; echo $bkdir; tar -cf $i-www.tar $bkdir/fst/var/www; echo "Gunzip $i"; gzip $i-www.tar; ls -l $i-www.tar.gz; done


This programming one liner allows you to backup directories. First it makes a tarball of a directory and then uses gzip to compress the tarballs.


Programming "One Liner" lookup terms:
ls, grep, tar, ls, gzip

USE THIS PROGRAMMING ONE LINER AT OWN RISK AS AUTHOR CLAIMS NO RESPONSIBILITY.
If you would like more information on any of the commands, please feel free to contact me with your . For even more information on this one liner programming code, lookup the programming terms displayed above, visit my Linux and network security blog, external programming blogs on Technorati, or programming blogs on Google.

Disk usage human readable - Programming One Liner 1 - Linux

df -h


This programming one liner allows you to view disk usage in human readable format


Programming "One Liner" lookup terms:
man df

USE THIS PROGRAMMING ONE LINER AT OWN RISK AS AUTHOR CLAIMS NO RESPONSIBILITY.
For more information on this one liner programming code, lookup the programming terms displayed above, visit my Linux and network security blog, external programming blogs on Technorati, or programming blogs on Google.

Programming one liners - Sophisticated, Productive, Time Saving - Programming at the Extreme

I have been addicted to programming one liners ever since I first discovered them. Sometimes I find myself writing more than 200 one liners in a day. To keep a record of these one liners I started this blog.

If you are passionate about one liners, I invite you to join my blog. Simply post a comment to any post on this programming one liners blog and I will respond promptly. Please provide a sample one liner programmed by you to show you can program one liners.

I hope you benefit from this blog and start using one liners to increase productivity.

Thanks
Your Editor
Frankly Speaking