95 lines
3.5 KiB
Text
95 lines
3.5 KiB
Text
Search for suspects POST in apache.log (often attacks).
|
||
```{.bash}
|
||
grep -Eo '"POST .*.php' access.log | grep -ve cron -e login -e admin -e xmlrpc -e trackback -e comment -e 404 | sort -u
|
||
```
|
||
|
||
Check for crashed MySQL table in syslog and launch a repair.
|
||
```{.bash}
|
||
#!/bin/bash
|
||
tables=$(grep crashed /var/log/syslog | grep -Eo \'\./.*\' --color=auto | sed s#\'./## | sed s#\'## | uniq | tr -s '\n' ' ')
|
||
for tableC in $tables; do
|
||
db=${tableC%/*}
|
||
table=${tableC#*/}
|
||
mysqlcheck --auto-repair --check $db $table
|
||
done
|
||
```
|
||
|
||
Get the groups of an user and add another user into these groups.
|
||
```{.bash}
|
||
for group in $(grep user1 /etc/group | cut -d':' -f1 | sed '/user1/d'); do adduser user2 $group; done
|
||
```
|
||
|
||
Get the last acceded URLs in Squid Access list.
|
||
```{.bash}
|
||
tail -n100 /var/log/squid3/access.log | grep -oE 'http.*' | cut -d ' ' -f1 | sort | uniq
|
||
```
|
||
|
||
Migrate MySQL users.
|
||
```{.bash}
|
||
# SRC Server
|
||
mysql mysql -e "select * from user WHERE USER='user1' OR USER='user2' INTO OUTFILE '/tmp/mysql_user';"
|
||
mysql mysql -e "select * from db WHERE USER='user1' OR USER='user2' INTO OUTFILE '/tmp/mysql_db';"
|
||
|
||
# DST Server
|
||
scp server:/tmp/mysql_{db,user} /tmp
|
||
chmod 664 /tmp/mysql_{db,user}
|
||
mysql mysql -e "LOAD DATA INFILE '/tmp/mysql_user' INTO TABLE user;"
|
||
mysql mysql -e "LOAD DATA INFILE '/tmp/mysql_db' INTO TABLE db;"
|
||
```
|
||
|
||
Find userid of mails in mailq.
|
||
```{.bash}
|
||
for i in $(mailq | grep -Eo [A-F0-9]{10} | tr -s '\n' ' '); do postcat -q $i | grep userid | grep -Eo "[0-9]{4,}" >> tmp/userid; done
|
||
sort -n /tmp/userid | uniq
|
||
```
|
||
|
||
Kill every MySQL SELECT older than X seconds – Original: https://anothersysadmin.wordpress.com/2008/10/29/kill-every-mysql-select-older-than-x-seconds/
|
||
```{.bash}
|
||
|
||
#!/bin/bash
|
||
# From https://anothersysadmin.wordpress.com/2008/10/29/kill-every-mysql-select-older-than-x-seconds/
|
||
SEC=$1
|
||
IFS='|'
|
||
if [[ $SEC -lt 1 ]]; then
|
||
echo "Usage: $0 SECONDS"
|
||
exit 1
|
||
fi
|
||
mysqladmin proc -v|grep Query|grep -Evi "delete|update|insert|alter table" |while read dummy qid qusr qhost qdb qstat qsec qstat2 query; do
|
||
if [ $qsec -gt $SEC ]; then
|
||
echo "Killing query $qid..."
|
||
mysqladmin kill $qid
|
||
fi
|
||
done
|
||
```
|
||
|
||
List of contacts when sending a mail for technical purpose on a domain which doesn't announce their technical contacts in a whois.
|
||
```
|
||
abuse@<domain>, admin@<domain>, administrator@<domain>, contact@<domain>, info@<domain>, postmaster@<domain>, support@<domain>, webmaster@<domain>
|
||
```
|
||
|
||
itk change rights.
|
||
```{.bash}
|
||
|
||
find /tmp/ -user www-user.old -exec chown www-user:user {} \;
|
||
find /tmp/ -user user.old -exec chown user:user {} \;
|
||
|
||
* Détecter les fichiers non lisibles par Apache (lecture sur le groupe) : find ./ -type f ! -perm /g=r -exec ls -l {} \;
|
||
* Détecter les répertoires non lisibles par Apache (lecture/exécution sur le groupe) : find ./ -type d \( ! -perm /g=r -o ! -perm /g=x \) -exec ls -ld {} \;
|
||
* Détecter les fichiers/répertoires accessibles en écriture par Apache (écriture sur le groupe) : find ./ -perm /g=w
|
||
* Détecter les fichiers/répertoires accessibles en écriture par tous : find ./ -perm -007 -o -type f -perm -006
|
||
```
|
||
|
||
Get useradd command for migrating account.
|
||
```{.bash}
|
||
|
||
for i in user1 user2 user3...; do echo -n 'useradd -m -s /bin/bash -u '$(grep -E "^$i" /etc/passwd | cut -d':' -f3) && echo -en ' -p' \'$(grep -E "^$i" /etc/shadow | cut -d ':' -f2)\' $i '\n'; done
|
||
|
||
Output :
|
||
useradd -m -s /bin/bash -u USERID -p 'USERPWD' username
|
||
```
|
||
|
||
Find files newert than (mtime) a precise date, and execute an action.
|
||
```{.bash}
|
||
find . ! -newermt '2012-09-19 11:40:00' -exec cp {} /tmp/mails \;
|
||
```
|
||
|