Most networks rely on services to run all the time, whether it is MySQL for database, or Apache for web services, the fact of the matter is that those services need to be available all the time; therefore, admins need to make sure those services are running. So here’s a simple, yet efficient script that checks whether a service is running, and if it’s not, it tries to restart the service 3 times, if it fails to start the service; then, it proceeds to notify the user by emailing the log file. You can change the “service” variable to suit your needs depending on the service. Also, you could add more services and use a “for” loop to iterate through every single service. This script kind of creates a starting point.
#!/bin/bash #author: jorge L. Vazquez #purpose: checking running services email=root service=apache2 count=0 threshold=2 servicelog=/var/log/$service.log #checking if service is running ps -e | grep $service > /dev/null servicestat=$(echo $?) #if service not running lets try restart 3 times if [ "$servicestat" != 0 ]; then while [ "$count" -le "$threshold" ] do #attempt to start the service /etc/init.d/$service start >> $servicelog 2>&1 if [ $? != 0 ]; then ((count=count+1)) else exit 0 #if service started exit fi done #if service could not be started, notify cat $servicelog | mail -s "problem starting $service" $email 2>/dev/null fi #END
Going through different log files can be a pain, but here’s a simple script that parses today’s logs from different files into a single file, in this case we extract today’s logs from messages, auth.log, syslog. Finally, we send them through email. Don’t forget to make the file executable!… Logparser can be downloaded from here
#!/bin/bash #author jorge #purpose: extracting daily log entries from multiple log files LOG1=/var/log/messages LOG2=/var/log/auth.log LOG3=/var/log/syslog MYDATE=`date +%b\ %d` OUTPUTLOG=`date +%F`.dailylog EMAIL=btuser for LOG in $LOG{1,2,3} do #if file exist and is not empty then process if [ -e $LOG ] && [ -s $LOG ]; then echo $LOG BEGIN >> $OUTPUTLOG #only grabbing todays log out of file grep -E "$MYDATE" $LOG >> $OUTPUTLOG 2>/dev/null echo $LOG END >> $OUTPUTLOG echo >> $OUTPUTLOG fi done #email output cat $OUTPUTLOG | mail -s "daily logs `date +%F`" $EMAIL 2>/dev/null #END
Well, Backtrack 5 is out, and in this version you have the option to download your preferred desktop manager: Gnome or Kde. In my case I prefer gnome because in my opinion, it offers more flexibility when configuring X window. I have not played around much with this version, but I noticed that Nessus is back (you need to register) but it is free, and you can register as many times you want. Also, it has “Wbar” dock bar, which could be easily configure under Accessories->WbarConf. Anyway, here’s how the gnome desktop looks, well sort of, with a few minor changes.
backtrack 5
When conducting a pentest, the first thing the pentester should do is to change its computer mac address and hostname because they are recorded in the logs and dhcp server. Macxchange is a very simple script. It is meant to work with backtrack or any other linux distro. It selects a random word from john the ripper wordlist for hostname, and for the mac address uses macchanger. Once your mac and hostname have been changed remember to restart networking or get an ip “dhclient <interface> “. So if you’re using other distro than backtrack, make sure to have macchanger installed, and edit the proper varialbe for wordlist. You can also download script from here
#!/bin/bash #author: Jorge L. Vazquez #purpose: this script will change the mac address to random #and will pick a random word from password.lst in jtr for hostname #change variables "interface" and "file" to your settings #also macchanger needs to be installed INTERFACE=eth0 FILE=/pentest/passwords/jtr/password.lst WORD=$(sort -R $FILE | head -1) #changing mac address to random ifconfig $INTERFACE down > /dev/null if [ $? == 0 ]; then printf "%s\nChanging mac address...\n" macchanger -r $INTERFACE else printf "%sScript encounter an error, sorry...\n" exit 1 fi #changing hostname to random word from password.lst printf "%s\nChanging Hostname...\n" OLDHOST=$(hostname) hostname $WORD if [ $? == 0 ]; then printf "%sPrevius Hostname: $OLDHOST \n" printf "%sRandom Hostname: $WORD \n" else printf "%sScript encounter an error, sorry...\n" exit 1 fi #putting interface up ifconfig $INTERFACE up > /dev/null printf "\n" #END
If you’re like me that test pretty much any os and apps in some sort of virtual environment. In my case I use VMware Workstation, so when I decided to test Backtrack 4 final, I needed to install the vmware Tools, and here I go over the commands needed to install the vmware tools.
1- First go to VM->Install Vmware Tools (the figure shows as Reinstall VMware Tools because I had previously installed it) but yours should say “Install”
I decided to make a guide about TCP/IP configuration in Linux, and you may ask: well, what Linux distribution in specific? I know!, there are hundreds of Linux distribution, but for this guide, I’m only going to cover the two most used Linux distribution: Ubuntu and Fedora. Ubuntu is a Debian derivative, so the Ubuntu portion of TCP/IP configuration applies to any distro based on Debian. And the same goes for Fedora, which is based on RedHat Linux.
First, you want to find out what interfaces you have, and what ip address, “if any,” was assigned to your computer. For this use the “ifconfig” command:
ifconfig #will list all enabled interfaces
if you are looking for a specific interface:
ifconfig eth0 #will only display the configuration for eth0 interface
If you get no interfaces other than the loopback address, it is time to do some troubleshooting and find out whether your network card was detected by Linux or not.
sudo lspci | grep -i ethernet #displaying all your ethernet cards
if you’re troubleshooting a wireless card just change “ethernet” for “wireless.”
other useful command when troubleshooting network card and drivers is “lsmod” Read the rest of this entry »
To see which processes are currently on a system, most people use the “ps” and “top” commands. The “ps” command gives you a snapshot (in a single list) of processes running at the moment. The “top” command offers a screen oriented, constantly updated listing of running commands, sorted as you choose ( by CPU, memory, UID, etc).
ps #List processes of current user at current shell
root@ubuntu-box:~# ps PID TTY TIME CMD 2988 pts/0 00:00:00 su 2996 pts/0 00:00:00 bash 3047 pts/0 00:00:00 ps
ps -u jorge #Show all jorge’s running processes
root@ubuntu-box:~# ps -u jorge PID TTY TIME CMD 2662 ? 00:00:00 x-session-manag 2725 ? 00:00:00 VBoxClient 2730 ? 00:00:00 VBoxClient 2737 ? 00:00:00 VBoxClient 2748 ? 00:00:00 ssh-agent
ps -u jorge u #Show all running processes with CPU/MEM Read the rest of this entry »
Subscribe
Designed By :
