存档

2011年6月 的存档

linux 入侵监测工具 chkrootkit

2011年6月23日 评论已被关闭

wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz

compile:
make sense
gcc -DHAVE_LASTLOG_H -o chklastlog chklastlog.c
gcc -DHAVE_LASTLOG_H -o chkwtmp chkwtmp.c
chkwtmp.c: In function ?.ain?.
chkwtmp.c:95: warning: incompatible implicit declaration of built-in function ?.xit?
gcc -DHAVE_LASTLOG_H   -D_FILE_OFFSET_BITS=64 -o ifpromisc ifpromisc.c
gcc  -o chkproc chkproc.c
gcc  -o chkdirs chkdirs.c
gcc  -o check_wtmpx check_wtmpx.c
gcc -static  -o strings-static strings.c
gcc  -o chkutmp chkutmp.c

Usage: ./chkrootkit [options] [testname …]
 Options:
         -h                show this help and exit
         -V                show version information and exit
         -l                show available tests
         -d                debug
         -q                quiet mode
         -x                expert mode
         -r dir            use dir as the root directory
         -p dir1:dir2:dirN path for the external commands used by chkrootkit
         -n                skip NFS mounted dirs
        
sudo ./chkrootkit
ROOTDIR is `/’
Checking `amd’… not found
Checking `basename’… not infected
Checking `biff’… not found
Checking `chfn’… not infected
Checking `chsh’… not infected
Checking `cron’… not infected
Checking `crontab’… not infected
Checking `date’… not infected
Checking `du’… not infected
Checking `dirname’… not infected
Checking `echo’… not infected
Checking `egrep’… not infected
Checking `env’… not infected
Checking `find’… not infected
Checking `fingerd’… not found
Checking `gpm’… not infected
Checking `grep’… not infected
Checking `hdparm’… not infected
Checking `su’… not infected
Checking `ifconfig’… not infected
Checking `inetd’… not tested
Checking `inetdconf’… not found
Checking `identd’… not found
Checking `init’… not infected
Checking `killall’… not infected
Checking `ldsopreload’… not infected
Checking `login’… not infected
Checking `ls’… not infected
Checking `lsof’… not infected
Checking `mail’… not infected
Checking `mingetty’… not infected
Checking `netstat’… not infected
Checking `named’… not infected
Checking `passwd’… not infected
Checking `pidof’… not infected
Checking `pop2’… not found
Checking `pop3’… not found
Checking `ps’… not infected
Checking `pstree’… not infected
Checking `rpcinfo’… not infected
Checking `rlogind’… not found
Checking `rshd’… not found
Checking `slogin’… not infected
Checking `sendmail’… not infected
Checking `sshd’… not infected
Checking `syslogd’… not infected
Checking `tar’… not infected
Checking `tcpd’… not infected
Checking `tcpdump’… not infected
Checking `top’… not infected
Checking `telnetd’… not found
Checking `timed’… not found
Checking `traceroute’… not infected
Checking `vdir’… not infected
Checking `w’… not infected
Checking `write’… not infected
Checking `aliens’… no suspect files
Searching for sniffer’s logs, it may take a while… nothing found
Searching for HiDrootkit’s default dir… nothing found
Searching for t0rn’s default files and dirs… nothing found
Searching for t0rn’s v8 defaults… nothing found
Searching for Lion Worm default files and dirs… nothing found
Searching for RSHA’s default files and dir… nothing found
Searching for RH-Sharpe’s default files… nothing found
Searching for Ambient’s rootkit (ark) default files and dirs… nothing found
Searching for suspicious files and dirs, it may take a while…
/usr/lib/gtk-2.0/immodules/.relocation-tag /lib/.libssl.so.0.9.8e.hmac /lib/.libcrypto.so.6.hmac /lib/.libcrypto.so.0.9.8e.hmac /lib/.libssl.so.6.hmac

Searching for LPD Worm files and dirs… nothing found
Searching for Ramen Worm files and dirs… nothing found
Searching for Maniac files and dirs… nothing found
Searching for RK17 files and dirs… nothing found
Searching for Ducoci rootkit… nothing found
Searching for Adore Worm… nothing found
Searching for ShitC Worm… nothing found
Searching for Omega Worm… nothing found
Searching for Sadmind/IIS Worm… nothing found
Searching for MonKit… nothing found
Searching for Showtee… nothing found
Searching for OpticKit… nothing found
Searching for T.R.K… nothing found
Searching for Mithra… nothing found
Searching for LOC rootkit… nothing found
Searching for Romanian rootkit… nothing found
Searching for HKRK rootkit… nothing found
Searching for Suckit rootkit… nothing found
Searching for Volc rootkit… nothing found
Searching for Gold2 rootkit… nothing found
Searching for TC2 Worm default files and dirs… nothing found
Searching for Anonoying rootkit default files and dirs… nothing found
Searching for ZK rootkit default files and dirs… nothing found
Searching for ShKit rootkit default files and dirs… nothing found
Searching for AjaKit rootkit default files and dirs… nothing found
Searching for zaRwT rootkit default files and dirs… nothing found
Searching for Madalin rootkit default files… nothing found
Searching for Fu rootkit default files… nothing found
Searching for ESRK rootkit default files… nothing found
Searching for rootedoor… nothing found
Searching for ENYELKM rootkit default files… nothing found
Searching for common ssh-scanners default files… nothing found
Searching for suspect PHP files… nothing found
Searching for anomalies in shell history files… nothing found
Checking `asp’… not infected
Checking `bindshell’… not infected
Checking `lkm’… chkproc: nothing detected
chkdirs: nothing detected
Checking `rexedcs’… not found
Checking `sniffer’… eth0: not promisc and no PF_PACKET sockets
eth0: not promisc and no PF_PACKET sockets
eth1: PF_PACKET(/usr/sbin/dhcpd)
Checking `w55808’… not infected
Checking `wted’… chkwtmp: nothing deleted
Checking `scalper’… not infected
Checking `slapper’… not infected
Checking `z2’… chklastlog: nothing deleted
Checking `chkutmp’… chkutmp: nothing deleted
Checking `OSX_RSPLUG’… not infected

 

分类: OpenSource 标签:

Set Default Value on Shell

2011年6月22日 评论已被关闭

#!/bin/sh
# v_test.sh
# by 2hei.net  06/22/2011
#
#get param from command line
fisr_param=$1
second_param=$2

#set default value when null
fisr_param=${fisr_param:=”First”}
second_param=${second_param:=”Second”}

#print values
printf “fisr_param:\t”$fisr_param”\n”
printf “second_param:\t”$second_param”\n”

Run script…
#no params
[localhost]$sh v_test.sh
fisr_param:        First
second_param:  Second

#add params
[localhost]$sh v_test.sh hello baby
fisr_param:        hello
second_param:  baby

分类: shell 标签:

ATA bus error SError: { PHYRdyChg DevExch }

2011年6月20日 评论已被关闭
ATA bus error in /var/log/messages:
SCSI device sdb: 490350672 512-byte hdwr sectors (251060 MB)
sdb: Write Protect is off
sdb: Mode Sense: 00 3a 00 00
SCSI device sdb: drive cache: write back
ata1.00: exception Emask 0x10 SAct 0x0 SErr 0x4010000 action 0xe frozen
ata1.00: irq_stat 0x00400040, connection status changed
ata1: SError: { PHYRdyChg DevExch }
ata1.00: cmd ea/00:00:00:00:00/00:00:00:00:00/a0 tag 0
         res 40/00:c4:d1:67:e4/00:00:03:00:00/40 Emask 0x10 (ATA bus error)
ata1.00: status: { DRDY }
ata1: hard resetting link
ata1: link is slow to respond, please be patient (ready=0)
ata1: SATA link up 3.0 Gbps (SStatus 123 SControl 300)
ata1.00: configured for UDMA/133
ata1: EH complete
SCSI device sda: 490350672 512-byte hdwr sectors (251060 MB)
sda: Write Protect is off
sda: Mode Sense: 00 3a 00 00
SCSI device sda: drive cache: write back
md: syncing RAID array md0
md: minimum _guaranteed_ reconstruction speed: 1000 KB/sec/disc.
md: using maximum available idle IO bandwidth (but not more than 200000 KB/sec) for reconstruction.
md: using 128k window, over a total of 104320 blocks.
md: delaying resync of md1 until md0 has finished resync (they share one or more physical units)
md: md0: sync done.
md: syncing RAID array md1
RAID1 conf printout:
md: minimum _guaranteed_ reconstruction speed: 1000 KB/sec/disc.
md: using maximum available idle IO bandwidth (but not more than 200000 KB/sec) for reconstruction.
md: using 128k window, over a total of 8385856 blocks.
 — wd:2 rd:2
 disk 0, wo:0, o:1, dev:sda1
 disk 1, wo:0, o:1, dev:sdb1
md: md1: sync done.
RAID1 conf printout:
 — wd:2 rd:2
 disk 0, wo:0, o:1, dev:sda2
 disk 1, wo:0, o:1, dev:sdb2
 cat /proc/mdstat 
Personalities : [raid1] 
md0 : active raid1 sdb1[1] sda1[0]
      104320 blocks [2/2] [UU]      
md1 : active raid1 sdb2[1] sda2[0]
      8385856 blocks [2/2] [UU]      
md2 : active raid1 sdb3[1] sda3[0]
      236677504 blocks [2/2] [UU]
smartctl -a /dev/sdb
smartctl version 5.38 [x86_64-redhat-linux-gnu] Copyright (C) 2002-8 Bruce Allen
Home page is http://smartmontools.sourceforge.net/
=== START OF INFORMATION SECTION ===
Device Model:     WDC WD2502ABYS-01B7A0
Serial Number:    WD-WCAT1C148773
Firmware Version: 02.03B02
User Capacity:    251,059,544,064 bytes
Device is:        Not in smartctl database [for details use: -P showall]
ATA Version is:   8
ATA Standard is:  Exact ATA specification draft version not indicated
Local Time is:    Mon Jun 20 03:23:22 2011 UTC
SMART support is: Available – device has SMART capability.
SMART support is: Enabled
=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: PASSED
General SMART Values:
Offline data collection status:  (0x84) Offline data collection activity
was suspended by an interrupting command from host.
Auto Offline Data Collection: Enabled.
Self-test execution status:      (   0) The previous self-test routine completed
without error or no self-test has ever 
been run.
Total time to complete Offline 
data collection: (4800) seconds.
Offline data collection
capabilities: (0x7b) SMART execute Offline immediate.
Auto Offline data collection on/off support.
Suspend Offline collection upon new
command.
Offline surface scan supported.
Self-test supported.
Conveyance Self-test supported.
Selective Self-test supported.
SMART capabilities:            (0x0003) Saves SMART data before entering
power-saving mode.
Supports SMART auto save timer.
Error logging capability:        (0x01) Error logging supported.
General Purpose Logging supported.
Short self-test routine 
recommended polling time: (   2) minutes.
Extended self-test routine
recommended polling time: (  59) minutes.
Conveyance self-test routine
recommended polling time: (   5) minutes.
SCT capabilities:       (0x303f) SCT Status supported.
SCT Feature Control supported.
SCT Data Table supported.
SMART Attributes Data Structure revision number: 16
Vendor Specific SMART Attributes with Thresholds:
ID# ATTRIBUTE_NAME          FLAG     VALUE WORST THRESH TYPE      UPDATED  WHEN_FAILED RAW_VALUE
  1 Raw_Read_Error_Rate     0x002f   200   200   051    Pre-fail  Always       –       0
  3 Spin_Up_Time            0x0027   200   195   021    Pre-fail  Always       –       1000
  4 Start_Stop_Count        0x0032   100   100   000    Old_age   Always       –       36
  5 Reallocated_Sector_Ct   0x0033   200   200   140    Pre-fail  Always       –       0
  7 Seek_Error_Rate         0x002e   200   200   000    Old_age   Always     &nbsp
; –       0
  9 Power_On_Hours          0x0032   078   078   000    Old_age   Always       –       16351
 10 Spin_Retry_Count        0x0032   100   253   000    Old_age   Always       –       0
 11 Calibration_Retry_Count 0x0032   100   253   000    Old_age   Always       –       0
 12 Power_Cycle_Count       0x0032   100   100   000    Old_age   Always       –       33
192 Power-Off_Retract_Count 0x0032   200   200   000    Old_age   Always       –       30
193 Load_Cycle_Count        0x0032   200   200   000    Old_age   Always       –       36
194 Temperature_Celsius     0x0022   112   099   000    Old_age   Always       –       31
196 Reallocated_Event_Count 0x0032   200   200   000    Old_age   Always       –       0
197 Current_Pending_Sector  0x0032   200   200   000    Old_age   Always       –       0
198 Offline_Uncorrectable   0x0030   200   200   000    Old_age   Offline      –       1
199 UDMA_CRC_Error_Count    0x0032   200   200   000    Old_age   Always       –       0
200 Multi_Zone_Error_Rate   0x0008   200   200   000    Old_age   Offline      –       1
SMART Error Log Version: 1
No Errors Logged
SMART Self-test log structure revision number 1
Num  Test_Description    Status                  Remaining  LifeTime(hours)  LBA_of_first_error
# 1  Extended offline    Completed without error       00%        51         –
SMART Selective self-test log data structure revision number 1
 SPAN  MIN_LBA  MAX_LBA  CURRENT_TEST_STATUS
    1        0        0  Not_testing
    2        0        0  Not_testing
    3        0        0  Not_testing
    4        0        0  Not_testing
    5        0        0  Not_testing
Selective self-test flags (0x0):
  After scanning selected spans, do NOT read-scan remainder of disk.
If Selective self-test is pending on power-up, resume after 0 minute delay.
Poor quality SATA cables possibly,may need change SATA cables.
ref link:
https://ata.wiki.kernel.org/index.php/Libata_error_messages
 
分类: linux 标签:

linux 环境变量中配置参数 use function but not use alias

2011年6月20日 评论已被关闭
例子:使用两个参数匹配域名,其他部分自动补齐,减少键盘输入,然后ssh登陆到目的主机。
cat .bashrc 
# .bashrc
# Source global definitions
if [ -f /etc/bashrc ]; then
. /etc/bashrc
fi
# update the PATH
export PATH=${PATH}:/usr/sbin:/sbin
sss() {
  ssh $1.$2.2hei.net
}
use:
$sss test blog 
The authenticity of host ‘test.blog.2hei.net (192.168.1.12)’ can’t be established.
RSA key fingerprint is 00:45:c8:28:29:cd:a6:50:26:a6:5d:23:a4:fb:10:9a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘test.blog.2hei.net,192.168.1.12’ (RSA) to the list of known hosts.
2hei@test.blog.2hei.net’s password: 
Last login: Thu Jun  9 06:12:21 2011 from 192.168.1.11
Kickstart-installed Red Hat Linux Wed Sep 15 22:25:51 UTC 2010
$
分类: linux 标签:

openvpn vnc java firefox on centos5

2011年6月10日 评论已被关闭

1. yum install openvpn
wget http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm
yum install epel-release-5-4.noarch.rpm
yum intall openvpn

vnp configs: 2hei.net.ovpn
add:
–script-security 2
up “/etc/openvpn/update-resolv-conf up”
down “/etc/openvpn/update-resolv-conf down”

script: update-resolv-conf
#!/bin/bash
case “$1” in
    up)
        mv /etc/resolv.conf /etc/resolv.conf.openvpn
        echo “# Generated by OpenVPN Client UP Script” > /etc/resolv.conf
        echo “search 2hei.net” > /etc/resolv.conf
        for opt in ${!foreign_option_*};
        do
            #echo ${!opt} | sed -e ‘s/dhcp-option DOMAIN/domain/g’ -e ‘s/dhcp-option DNS/nameserver/g’ >> /etc/resolv.conf
            echo ${!opt} | sed -e ‘s/dhcp-option DNS/nameserver/g’ >> /etc/resolv.conf
        done
        #add orig nameserver
        grep nameserver /etc/resolv.conf.openvpn >> /etc/resolv.conf
        ;;
    down)
        mv /etc/resolv.conf.openvpn /etc/resolv.conf
        ;;
    *)
        echo “Pass either UP or DOWN”
        ;;
esac

cat start_client_dc1.sh
#!/bin/sh
/usr/sbin/openvpn /etc/openvpn/2hei.net.ovpn

2. update firefox on centos
down load new version of firfox
ln -s /usr/local/firefox/firefox /usr/bin

3. use java web start on firefox
download new version of jre
sh ./jre-6u25-linux-x64-rpm.bin
alternatives –install /usr/bin/java java /usr/java/jre1.6.0_25/bin/java 2
alternatives –config java     # pick 1 or 2 or 3
java -version
cd /usr/lib/mozilla/plugins
ln -s /usr/java/jre1.6.0_25/lib/amd64/libnpjp2.so

4. vnc
[2hei.net# .vnc]$ cat xstartup
#!/bin/sh

# Uncomment the following two lines for normal desktop:
# unset SESSION_MANAGER
# exec /etc/X11/xinit/xinitrc

[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
xterm -geometry 80×24+10+10 -ls -title “$VNCDESKTOP Desktop” &
gnome-session &

start vncserver
vncserver

分类: linux, OpenSource 标签: , , ,