|
Home / OS Tricks This is some stuff Some Useful Unix Commands and Information
This is some commentary on this section of the website.
###################################
# File Locations #
###################################
LOGS
/var/log/
/var/log/httpd
WWW
/var/www
HTTPD
/etc/httpd/conf/httpd.conf
# Reload the httpd.conf in fedora
/etc/init.d/httpd restart
#unix system stats
#return system version
uname -a
#both display same thing
head -n1 /etc/issue
tail /etc/fedora-release
• uname -a Show kernel version and system architecture
• head -n1 /etc/issue Show name and version of distribution
• cat /proc/partitions Show all partitions registered on the system
• grep MemTotal /proc/meminfo Show RAM total seen by the system
• grep "model name" /proc/cpuinfo Show CPU(s) info
• lspci -tv Show PCI info
• lsusb -tv Show USB info
• mount | column -t List mounted filesystems on the system (and align output)
• grep -F capacity: /proc/acpi/battery/BAT0/info Show state of cells in laptop battery
# dmidecode -q | less Display SMBIOS/DMI information
# smartctl -A /dev/sda | grep Power_On_Hours How long has this disk (system) been powered on in total
# hdparm -i /dev/sda Show info about disk sda
# hdparm -tT /dev/sda Do a read speed test on disk sda
# badblocks -s /dev/sda Test for unreadable blocks on disk sda
IPTABLES
grep "Did not receive" secure
grep "Accepted" secure
Drop an IP
/sbin/iptables -I INPUT -s 61.253.249.157 -j DROP
List Rules
/sbin/iptables -L INPUT
If you wanted to block the entire 221.0.0.0-221.255.255.255 range, then use either:
sbin/iptables -I INPUT -s 221.0.0.0/255.0.0.0 -j DROP
sbin/iptables -I INPUT -s 221.0.0.0/8 -j DROP
iptables -I INPUT -s 123.123.123.123 -j DROP
They do the same thing, you're just using CIDR notation instead of netmasks...
Note that using /24 will just block 221.0.0.0-221.0.0.255
https://ww/etc/initw.snort.org/downloads/1303
https://sourceforge.net/projects/pcre/files/latest/download
https://www.snort.org/downloads/1221/daq-0.6.2.tar.gz
#PHP Info
php -i | grep -i "curl"
php -v
php -h
#apache restart
apachectl -K graceful
#SSH Secure
listen on 6938
edit /etc/ssh/sshd_config
add the following lines
PermitRootLogin no
AllowUsers bob
Port 6938
restart SSH
/etc/init.d/sshd restart
now root cannot log in, only bob
and only on port 6938
iptables -I
#See what running and which process owns it
netstat -an
or
netstat -anltp
then look up the port with lsof
/usr/sbin/lsof -i :80
# Users
userdel -rf username # remove user, delete their home directory and force removal of files in it
usermod -s /sbin/nologin mysql # change mysqls shell to nologin
history # show command history
history -c # clear history
chown -R bob:bob /home/bob # change owner to bob in group bob recursvly of /home/bob
Groups
groupadd webmins
grep webmins /etc/group
usermod -a -G webmins bob
chgrp webmins html
chmod 775 html
chgrp -R webmins html
Show the top 10 IPs with failed logins (first column is failed # of tries, then 2nd column is the IP)
lastb | awk '{print $3}' | sort | uniq -c | sort -rn | head -10
Show the top 10 usernames with failed logins
lastb | awk '{print $1}' | sort | uniq -c | sort -rn | head -10
# files modified in the last 5 minutes
find / -mmin -1 | grep -v "/proc/" | grep -v "/system/" | grep -v "/dev/" | grep -v "/devices" | grep -v "/tmp/"
SNORT
/usr/local/bin/snort -i venet0:0 -c /etc/snort/snort.conf -g snort -D
/usr/local/bin/snort --version
find / -name httpd.conf -print
###################################
# MYSQL Commands #
###################################
#configuration file
/etc/my.cnf #set the bind port in here
#Log in from the command line with user root and prompt for password
mysql -u root -p
#Display the mysql.user table
select user, host, password from mysql.user;
#set password to chicken for all users named root
update mysql.user set password = PASSWORD('chicken') where user = 'root';
flush privileges;
#show all databases
show databases;
#select a db to work with
use phorum;
#show the tables
show tables;
#describe the table
describe phorum_users;
#show everything in the table
select * from phorum_users;
php show columns from phorum_users;
/etc/init.d/mysqld restart
/etc/init.d/mysqld stop
/etc/init.d/mysqld start
#copies all jps in directory and subs to some other folder
find -name "*.jpg" | xargs -I '{}' cp '{}' /home/somefolder
#installing phorum, an odessey
wget www.phorum.org/downloads/phorum-5.2.15a.tar.gz
#copying a file
cp phorum-5.2.15a.tar.gz ./www
rm phorum-5.2.15a.tar.gz
#remove a directory recursively
rm -r -f forum
#untar it
tar xvzf phorum-5.2.15a.tar.gz
#copy that directory to another
cp -r phorum-5.2.15a/ /var/www/html/forum
Some Useful Windows Commands and Information
This is some commentary on this section of the website.
# Getting hashes from the command line with built-installing certutil -hashfile |