Posted on 04-05-2012
Filed Under (linux, security, ubuntu) by admin

The /etc/passwd file in Linux is a file that contains a list of users, and information about those users. We can use this file to list all users that exist in our system. For example, using the “cat” command will output the whole file. Notice that every line starts with the username field.

oot@bt:~# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
syslog:x:101:103::/home/syslog:/bin/false
sshd:x:102:65534::/var/run/sshd:/usr/sbin/nologin
landscape:x:103:108::/var/lib/landscape:/bin/false
messagebus:x:104:112::/var/run/dbus:/bin/false
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
mysql:x:105:113::/var/lib/mysql:/bin/false
avahi:x:106:114::/var/run/avahi-daemon:/bin/false
snort:x:107:115:Snort IDS:/var/log/snort:/bin/false
statd:x:108:65534::/var/lib/nfs:/bin/false
usbmux:x:109:46::/home/usbmux:/bin/false
pulse:x:110:116::/var/run/pulse:/bin/false
rtkit:x:111:117::/proc:/bin/false
festival:x:112:29::/home/festival:/bin/false
postgres:x:1000:1000::/home/postgres:/bin/sh

Now, if we want to refine our search and filter out all that extra information and just print the usernames, we can use the “awk” command like this:

awk -F ':' '{print $1}' /etc/passwd

In this command the “-F” option tells awk the separating field, in this case the colon “:”, and the {print $1} option, is just to print out the first field, which is the username field.

root@bt:~# awk -F ':' '{print $1}' /etc/passwd
root
daemon
bin
sys
sync
games
man
lp
mail
news
uucp
proxy
www-data
backup
list
irc
gnats
libuuid
syslog
sshd
landscape
messagebus
nobody
mysql
avahi
snort
statd
usbmux
pulse
rtkit
festival
postgres

Comments Off    Read More   

Making a copy or backup of your MBR is very simple. There’s a couple of ways you can go about it. First one, using “dd” command, and second, using “sfdisk.”

The Master Boot Record is 512 bytes

446 Bootstrap + 64 Partition Table + 2 Signature = 512

Using “dd” with identical partitions

copying  

dd if=/dev/sdb of=sdbmbr.bak bs=512 count=1

restoring

dd if=sdbmbr.bak of=/dev/sdb bs=512 count=1

Using “dd” with different partitions (when restoring to a different partition size will keep original size).

copying

dd if=/dev/sdb of=sdbmbr.bak bs=512 count=1

restoring

dd if=sdbmbr.bak of=/dev/sdb bs=446 count=1

Using “sfdisk” linux command

copying

sfdisk -d /dev/sdb > ~/sdbmbr.bak

restoring

sfdisk /dev/sdb < sdbmbr.bak

Comments Off    Read More   
Posted on 19-03-2012
Filed Under (linux, security) by admin

If you’re planning on selling or decommission your old PC / Laptop, it is always a good practice to completely erase your hard drive data. There are tools that make recovering of files very easy. Even when these files have been overwritten by partitioning and installing new OS. Tools like Shred or DBAN make the process of securely erasing your hard drive pretty easy and straight forward. For most folks using “dd” should work.

dd if=/dev/zero of=/dev/hda

The above command will write your entire drive with zero; however, if you’re not satisfied, you could use “Shred,” which is use by government agencies like DOD. When using Shred the default is to make 25 passes over the hard drive or files by writing random data, but for our scenario 25 passes seem overkill, so we just change the default to something like 5 or 10, and by adding the “-z” option we tell Shred to write the last pass with zeroes.

shred -vz -n 10 /dev/hda

When booting from a live cd you don’t need the “-f” option, which pretty much takes ownership of data in order to overwrite it, but since you’re already root, you don’t need that option. I though it would be good to clarify that since I’ve seen post in which people use the “-f ” option unnecessarily.

Comments Off    Read More   
Posted on 08-03-2012
Filed Under (linux, ubuntu) by admin

If you’ve migrated to Ubuntu 11.10, and you’re having a hard time getting used to “Unity,” there’s hope!.. Well, sort of. You can install Gnome Classic, which will make the interface a bit more familiar, but still is gnome3, and it is a huge transformation from previous versions of gnome, but at least is not Unity. Gnome Classic is not installed by default so you’ll have to install it. And this is ubuntu with gnome classic installed.

1- Open terminal window and type

sudo apt-get install gnome-session-fallback

2- now log off and select “Gnome Classic” at login screen

Comments Off    Read More   
Posted on 06-03-2012
Filed Under (linux, ubuntu) by admin

In this tutorial we will go over on how to create a desktop shortcut or application launcher in Ubuntu 11.10. In previous version it was pretty easy to create a desktop launcher; you pretty much right click the desktop and create your launcher, but not so easy in this version of Ubuntu, and that’s what we are going to cover.

1- Open a terminal in Unity (dash windows->type “terminal”)

2- Install gnome-panel package

sudo apt-get install --no-install-recommends gnome-panel

3- Open the “Create Launcher” app by typing

gnome-desktop-item-edit ~/Desktop/ --create-new

4- Give it a name and the command to launch the application. In this case we’re using thunderbird.

Comments Off    Read More   
Posted on 12-06-2011
Filed Under (linux, programming, shell script) by admin

Most networks rely on services to run all the time, whether it is MySQL for database, or Apache for web services, the fact of the matter is that those services need to be available all the time; therefore, admins need to make sure those services are running. So here’s a simple, yet efficient script that checks whether a service is running, and if it’s not, it tries to restart the service 3 times, if it fails to start the service; then, it proceeds to notify the user by emailing the log file. You can change the “service” variable to suit your needs depending on the service. Also, you could add more services and use a “for” loop to iterate through every single service. This script kind of creates a starting point.

#!/bin/bash
#author: jorge L. Vazquez
#purpose: checking running services
 
email=root
service=apache2
count=0
threshold=2
servicelog=/var/log/$service.log
 
#checking if service is running
ps -e | grep $service > /dev/null
servicestat=$(echo $?)
 
#if service not running lets try restart 3 times
if [ "$servicestat" != 0 ]; then 
 
	while [ "$count" -le "$threshold" ]
	do
		#attempt to start the service
		/etc/init.d/$service start >> $servicelog 2>&1
		if [ $? != 0 ]; then
			((count=count+1))
		else
			exit 0  #if service started exit
		fi
	done
	#if service could not be started, notify
	cat $servicelog | mail -s "problem starting $service" $email 2>/dev/null
fi
 
#END

Comments Off    Read More   
Posted on 20-05-2011
Filed Under (linux, programming, shell script, ubuntu) by admin

Going through different log files can be a pain, but here’s a simple script that parses today’s logs from different files into a single file, in this case we extract today’s logs from messages, auth.log, syslog. Finally, we send them through email. Don’t forget to make the file executable!… Logparser can be downloaded from here

#!/bin/bash
#author jorge
#purpose: extracting daily log entries from multiple log files
 
LOG1=/var/log/messages
LOG2=/var/log/auth.log
LOG3=/var/log/syslog
MYDATE=`date +%b\ %d`
OUTPUTLOG=`date +%F`.dailylog
EMAIL=btuser
 
for LOG in $LOG{1,2,3}
do
        #if file exist and is not empty then process
        if [ -e $LOG ] && [ -s $LOG ]; then
                echo $LOG BEGIN >> $OUTPUTLOG
                #only grabbing todays log out of file
                grep -E "$MYDATE" $LOG >> $OUTPUTLOG 2>/dev/null
                echo $LOG END >> $OUTPUTLOG
                echo >> $OUTPUTLOG
        fi
done
 
#email output
cat $OUTPUTLOG | mail -s "daily logs `date +%F`" $EMAIL 2>/dev/null
 
#END

Comments Off    Read More