Uncategorized

Stats script based on top for Linux

rdircio

The capture script is:
(date “+%d %m %H %M %S %Y”
top -b -n 1 | head -5) >> /var/log/top. log
The script that generates the csv is:
echo “date,time,loadavg1,loadavg5,loadavg10,processes,sleeping processes,on cpu,cpu idle,cpu user,cpu
kernel,cpu iowait,swap,swap used,swap free,swap cached,mem,mem used,mem free,mem buffers”
cat /var/log/top.log | gawk ‘ORS=NR%6?” “:”n”‘ | while read l;do
date=`echo $l | awk ‘{ print $1″/”$2″/”$6″,”$3″:”$4”:”$5 }’`
load=`echo $l | awk ‘{s=substr($0,index($0,”average: “)+9);print substr(s,1,index (s,”Tasks”)-1)}’ | sed ‘s/,/
/g’`
pt=`echo $l | awk ‘{s=substr($0,index($0,”Tasks:”) +7);print substr(s,1,index (s,” “)-1)}’`
ps=`echo $l | awk ‘{s=substr($0,index($0,”sleeping”)-4);print substr(s,1,index (s,” “)-1)}’`
pr=`echo $l | awk ‘{s=substr($0,index($0,”running”)-3);print substr(s,1,index (s,”running”)-1) }’`
cid=`echo $l | awk ‘{s=substr($0,index($0,”id,”)-5) ;print substr(s,1,index (s,”,”)-1)}’|tr -d ‘[:alpha:]’`
cus=`echo $l | awk ‘{s=substr($0,index($0,”us,”)-5) ;print substr(s,1,index (s,”,”)-1)}’|tr -d ‘[:alpha:]’`
ck=`echo $l | awk ‘{s=substr($0,index($0,”sy,”)-5) ;print substr(s,1,index (s,”,”)-1)}’|tr -d ‘[:alpha:]’`
cio=`echo $l | awk ‘{s=substr($0,index($0,”wa,”)-5) ;print substr(s,1,index (s,”,”)-1)}’|tr -d ‘[:alpha:]’`
swap=`echo $l | awk ‘{s=substr($0,index($0,”Swap:”)+5);print substr(s,1,index (s,”cached”)-1)}’|tr -d
‘[:alpha:]’ | sed ‘s/,/ /g’`
mem=`echo $l | awk ‘{s=substr($0,index($0,”Mem:”)+4);print substr(s,1,index (s,”buffers”)-1) }’|tr -d ‘[:alpha:]’
| sed ‘s/,/ /g’`
echo “${date} ${load} ${pt} ${ps} ${pr} ${cid} ${cus} ${ck} ${cio} ${swap} ${mem}” | sed ‘s/[ t]*$//’| tr -s ‘ ‘| sed
‘s/ /,/g’
done
6/433

making ssh brute force attacks life’s harder

rdircio

if you have many of these in your log:

Nov 8 13:55:47 www sshd[12571]: Failed password for invalid user webmaster from 189.180.184.89 port
47706 ssh2

you can use iptables to stop them for a while, so their brute force will take years to succeed, if ever.
I added some rules so that only 5 connections can be made in a minute to ssh, if one more is attempted the
host will be banned for 2 minutes, if more connections are retried, the ban is extended. since the bots can’t
help themselves they wont’ stop, so they’ll be banned for a real while 🙂

iptables -N SSH_WHITELIST
iptables -A SSH_WHITELIST -s 175.161.21.55 -m recent --remove --name SSH -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_WHITELIST
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 6 --rttl
--name SSH -j ULOG --ulog-prefix SSH_brute_force
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 120 --hitcount 6 --rttl
--name SSH -j DROP

recursive scripting in bash

rdircio

Needed to rename all directories and files in a deep directory structure to remove spaces and ugly characters in their
names, in order to build a playlist, take a look at this recursive bash shell:
#!/usr/bin/bash
DIR=/200gb/MP3
FTYPE=mp3
renamedir ()
{
cd
find . -type d -maxdepth 1 -name “??*” | while read d; do
DN=`echo “$d” | sed “s/&/And/g;s/-//g;s/ //g;s/(//g;s/)//g;s/[/
/g;s/]//g;s/’//g” | tr -s ‘_’`
if [ “$d” != “$DN” ];then
echo “— `pwd` $d”
mv “$d” $DN
fi
renamedir
$DN
cd ..
done
}
echo ” —- Recursively clean directories”
renamedir $DIR
echo ” —- Now clean files”
cd $DIR
find . -type f -iname “*.$FTYPE” | while read f;do
FN=`echo “$f”| sed “s/&/And/g;s/-//g;s/ //g;s/(//g;s/)//g;s/[//g;s/]/
/g;s/’//g” | tr -s ‘_’`
if [ “$f” != “$FN” ];then
echo “— $f”
mv “$f” $FN
fi
done
echo “done.”
197/433

non-root sessions with vnc for solaris sparc from sunfreeware

rdircio

When you want to run a vncserver session on a non-root user from a solaris sparc machine, it just ends with this
message:
_XSERVTransSocketCreateListener: failed to bind listener
After going around some places i found something to fix this at
http://www.webservertalk.com/archive100-2004-2-131777.html
That involves creating a script in /usr/bin/fixXdir.ksh and putting it at the crontab, like this:
#!/usr/bin/ksh
PATH=”
IFS=’ ‘
ice_dir=/tmp/.ICE-unix
x11_dir=/tmp/.X11-unix
for dirname in $ice_dir $x11_dir
; do
{
if (! [ -d $dirname ] )
then
/usr/bin/mkdir $dirname
if [ $? != 0 ];
then
/usr/bin/echo “Warning: $0: cannot
mkdir $dirname.”;
fi
fi
if ([ -d $dirname ] )
then
/usr/bin/chown root:root $dirname
if [ $? != 0 ];
then
/usr/bin/echo “Warning: $0: cannot chown $dirname.”;
fi
/usr/bin/chmod 1777 $dirname
if [ $? != 0 ];
then
/usr/bin/echo “Warning: $0: cannot chmod $dirname to 1777.”;
fi
fi
}
done
289/433
The crontab line is this:
0,5,10,15,20,25,30,35,40,45,50,55
/usr/bin/fixXdir.ksh
290/433

Physical PCI card position in sunfire E12k/E15k/E20k/E25k

rdircio

if you need to know where, for instance is “qfe0” in your e25k, so someone can connect a cable there… you can use sun
doc #202571, which i have transformed to a script called “pos.ksh”:
#!/bin/ksh
echo “Expander Slot Device”
grep pci /etc/path_to_inst |while read nic;do
A=`echo $nic | awk -F”@” ‘{ print $2 }’ | awk -F”,” ‘{print $1}’`
O=`echo $nic | awk -F”,” ‘{print $2}’| awk -F”/” ‘{ print $1 }’`
T1=`grep ” $A” t1.txt`
E=`echo $T1 | awk ‘{ print $2 }’`
C=`echo $T1 | awk ‘{ print $1 }’`
S=`grep “^$C…$O” t2.txt | awk ‘{ print $2 }’`
echo “$E $S $nic”
done
You will need t1.txt:
IOC Expander AgentID
0 0 1c(28)
1 0 1d(29)
0 1 3c(60)
1 1 3d(61)
0 2 5c(92)
1 2 5d(93)
0 3 7c(124)
1 3 7d(125)
0 4 9c(156)
1 4 9d(157)
0 5 bc(188)
1 5 bd(189)
0 6 dc(220)
1 6 dd(221)
0 7 fc(252)
1 7 fd(253)
0 8 11c(284)
1 8 11d(285)
0 9 13c(316)
1 9 13d(317)
0 10 15c(348)
1 10 15d(349)
0 11 17c(380)
1 11 17d(381)
0 12 19c(412)
1 12 19d(413)
0 13 1bc(444)
117/433
1 13 1bd(445)
0 14 1dc(476)
1 14 1dd(477)
0 15 1fc(508)
1 15 1fd(509)
0 16 21c(540)
1 16 21d(541)
0 17 23c(572)
1 17 23d(573)
and t2.txt
IOC Slot Offset
0 0 600000
0 1 700000
1 2 600000
1 3 700000
So basically, inside any given domain you can do:
#./pos.ksh > slotmap.txt
then, if you want to know where your Quad Fast Ethernet “qfe” cards are, you can do:
bash-2.03# egrep “qfe|Expander” slotmap.txt
Expander Slot Device
2 3 “/pci@5d,700000/pci@1/SUNW,qfe@0,1” 0 “qfe”
2 3 “/pci@5d,700000/pci@1/SUNW,qfe@1,1” 1 “qfe”
2 3 “/pci@5d,700000/pci@1/SUNW,qfe@2,1” 2 “qfe”
2 3 “/pci@5d,700000/pci@1/SUNW,qfe@3,1” 3 “qfe”
17 3 “/pci@23d,700000/pci@1/SUNW,qfe@0,1” 4 “qfe”
17 3 “/pci@23d,700000/pci@1/SUNW,qfe@1,1” 5 “qfe”
17 3 “/pci@23d,700000/pci@1/SUNW,qfe@2,1” 6 “qfe”
17 3 “/pci@23d,700000/pci@1/SUNW,qfe@3,1” 7 “qfe”
And you’ll find out you have 2 quads, one is at IOBoard 2 slot 3, the other is at IOBoard 17 slot 3
A typical IOBoard has 4 slots, numbered from 0-3,
|—–|—–|
| | |
| slot|slot |
| 3 | 1 |
| | |
| | |
|—–|—–|
| | |
| | |
| slot|slot |
| 2 | 0 |
| | |
|—–|—–|
118/433
So Both cards are at the upper left, one on IOBoard 2 the other on IOBoard 17
Qfe0 is at IOBoard 2 slot 3
119/433