Author: rdircio

if you have many of these in your log:

Nov 8 13:55:47 www sshd[12571]: Failed password for invalid user webmaster from 189.180.184.89 port
47706 ssh2

you can use iptables to stop them for a while, so their brute force will take years to succeed, if ever.
I added some rules so that only 5 connections can be made in a minute to ssh, if one more is attempted the
host will be banned for 2 minutes, if more connections are retried, the ban is extended. since the bots can’t
help themselves they wont’ stop, so they’ll be banned for a real while 🙂

iptables -N SSH_WHITELIST
iptables -A SSH_WHITELIST -s 175.161.21.55 -m recent --remove --name SSH -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_WHITELIST
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 6 --rttl
--name SSH -j ULOG --ulog-prefix SSH_brute_force
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 120 --hitcount 6 --rttl
--name SSH -j DROP

If your vold is fsck’ed up:
# mount -F hsfs -o nomaplcase,ro /dev/sr0 /CDROM
Thanks to Hiram Ruiz
– rdircio
247/433

watch ‘mysql -e “show processlist;”‘
29/433

I found a nice document on how to enable mpxio in solaris:
http://www.petertribble.co.uk/So laris/mpxio.html
267/433

The capture script is:
(date “+%d %m %H %M %S %Y”
top -b -n 1 | head -5) >> /var/log/top. log
The script that generates the csv is:
echo “date,time,loadavg1,loadavg5,loadavg10,processes,sleeping processes,on cpu,cpu idle,cpu user,cpu
kernel,cpu iowait,swap,swap used,swap free,swap cached,mem,mem used,mem free,mem buffers”
cat /var/log/top.log | gawk ‘ORS=NR%6?” “:”n”‘ | while read l;do
date=`echo $l | awk ‘{ print $1″/”$2″/”$6″,”$3″:”$4”:”$5 }’`
load=`echo $l | awk ‘{s=substr($0,index($0,”average: “)+9);print substr(s,1,index (s,”Tasks”)-1)}’ | sed ‘s/,/
/g’`
pt=`echo $l | awk ‘{s=substr($0,index($0,”Tasks:”) +7);print substr(s,1,index (s,” “)-1)}’`
ps=`echo $l | awk ‘{s=substr($0,index($0,”sleeping”)-4);print substr(s,1,index (s,” “)-1)}’`
pr=`echo $l | awk ‘{s=substr($0,index($0,”running”)-3);print substr(s,1,index (s,”running”)-1) }’`
cid=`echo $l | awk ‘{s=substr($0,index($0,”id,”)-5) ;print substr(s,1,index (s,”,”)-1)}’|tr -d ‘[:alpha:]’`
cus=`echo $l | awk ‘{s=substr($0,index($0,”us,”)-5) ;print substr(s,1,index (s,”,”)-1)}’|tr -d ‘[:alpha:]’`
ck=`echo $l | awk ‘{s=substr($0,index($0,”sy,”)-5) ;print substr(s,1,index (s,”,”)-1)}’|tr -d ‘[:alpha:]’`
cio=`echo $l | awk ‘{s=substr($0,index($0,”wa,”)-5) ;print substr(s,1,index (s,”,”)-1)}’|tr -d ‘[:alpha:]’`
swap=`echo $l | awk ‘{s=substr($0,index($0,”Swap:”)+5);print substr(s,1,index (s,”cached”)-1)}’|tr -d
‘[:alpha:]’ | sed ‘s/,/ /g’`
mem=`echo $l | awk ‘{s=substr($0,index($0,”Mem:”)+4);print substr(s,1,index (s,”buffers”)-1) }’|tr -d ‘[:alpha:]’
| sed ‘s/,/ /g’`
echo “${date} ${load} ${pt} ${ps} ${pr} ${cid} ${cus} ${ck} ${cio} ${swap} ${mem}” | sed ‘s/[ t]*$//’| tr -s ‘ ‘| sed
‘s/ /,/g’
done
6/433

To enable sysstat’s sar to collect stats in the background:
# ln -s /etc/init.d/perf /etc/rc2.d/S21perf
# /etc/rc2.d/S21perf start
Use “crontab -e sys” to make sure sys crontab looks like:
0 kraftek.html POSTS rescue rescued.html rescued.txt x y z kraftek.html POSTS rescue rescued.html rescued.txt x y z kraftek.html POSTS rescue rescued.html rescued.txt x y z 0-6 /usr/lib/sa/sa1
20,40 8-17 kraftek.html POSTS rescue rescued.html rescued.txt x y z kraftek.html POSTS rescue rescued.html rescued.txt x y z 1-5 /usr/lib/sa/sa1
5 18 kraftek.html POSTS rescue rescued.html rescued.txt x y z kraftek.html POSTS rescue rescued.html rescued.txt x y z 1-5 /usr/lib/sa/sa2 -s 8:00 -e 18:01 -i 1200 -A
To verify, issue “sar -A” or just “sar”

if you get this message then you don’t have 64 bit java
bash-3.00# java -d64 -version
execve(): No such file or directory
Error trying to exec /usr/jdk/instances/jdk1.5.0/bin/sparcv9/java.
Check if file exists and permissions are set correctly.
Failed to start a 64-bit JVM process from a 32-bit JVM.
Verify all necessary J2SE components have been installed.
(Solaris SPARC 64-bit components must be installed after 32-bit components.)
if you get this message then you have 64 bit java 🙂
bash-3.00# java -d64 -version
java version “1.6.0_18”
Java(TM) SE Runtime Environment (build 1.6.0_18-b07)
Java HotSpot(TM) 64-Bit Server VM (build 16.0-b13, mixed mode)
8/433

I have some domains on a single machine, over a single dynamic DNS connection, that means a single ip, and I need to
show a different page for each domain name it is accessed.
This is the section of my httpd.conf that enables that:
Listen 80
# Listen for virtual host requests on all IP addresses
NameVirtualHost *:80
<VirtualHost *:80>
DocumentRoot /usr/local/apache2/htdocs/ttoes
ServerName www.ttoes.com
</VirtualHost>
<VirtualHost *:80>
DocumentRoot /usr/local/apache2/htdocs
ServerName www.kraftek.com
</VirtualHost>
<VirtualHost *:80>
DocumentRoot /usr/local/apache2/htdocs
ServerName rdircio.no-ip.org
</VirtualHost>

You can translate ssd disk syntax to cxtxdx (c$t$d$) by comparing iostat -E to iostat -En output:
iostat -E | grep Soft | awk ‘{ print $1}’ > /tmp/a; iostat -En | grep Soft|awk ‘{ print $1 }’ > /tmp/b; paste /tmp/a
/tmp/b
sd6 c0t6d0
ssd0 c1t1d0
ssd1 c1t0d0
ssd2 c1t3d0
ssd3 c1t4d0
ssd4 c1t5d0
ssd5 c4t3d0
ssd6 c4t4d0
ssd7 c1t2d0
ssd8 c4t5d0
ssd9 c4t2d0
ssd10 c4t1d0
ssd11 c4t0d0
Thanks to Hiram Ruiz
230/433

1. Solaris 2.6 / 7
1. /usr/bin/truss /usr/bin/date 2>&1 | /usr/bin/awk ‘/^time/ {print $NF}’
2. Solaris 8 / 9 / 10
1. /usr/bin/perl -e ‘printf “%dn”, time;’
248/433