Most networks rely on services to run all the time, whether it is MySQL for database, or Apache for web services, the fact of the matter is that those services need to be available all the time; therefore, admins need to make sure those services are running. So here’s a simple, yet efficient script that checks whether a service is running, and if it’s not, it tries to restart the service 3 times, if it fails to start the service; then, it proceeds to notify the user by emailing the log file. You can change the “service” variable to suit your needs depending on the service. Also, you could add more services and use a “for” loop to iterate through every single service. This script kind of creates a starting point.
#!/bin/bash #author: jorge L. Vazquez #purpose: checking running services email=root service=apache2 count=0 threshold=2 servicelog=/var/log/$service.log #checking if service is running ps -e | grep $service > /dev/null servicestat=$(echo $?) #if service not running lets try restart 3 times if [ "$servicestat" != 0 ]; then while [ "$count" -le "$threshold" ] do #attempt to start the service /etc/init.d/$service start >> $servicelog 2>&1 if [ $? != 0 ]; then ((count=count+1)) else exit 0 #if service started exit fi done #if service could not be started, notify cat $servicelog | mail -s "problem starting $service" $email 2>/dev/null fi #END
Going through different log files can be a pain, but here’s a simple script that parses today’s logs from different files into a single file, in this case we extract today’s logs from messages, auth.log, syslog. Finally, we send them through email. Don’t forget to make the file executable!… Logparser can be downloaded from here
#!/bin/bash #author jorge #purpose: extracting daily log entries from multiple log files LOG1=/var/log/messages LOG2=/var/log/auth.log LOG3=/var/log/syslog MYDATE=`date +%b\ %d` OUTPUTLOG=`date +%F`.dailylog EMAIL=btuser for LOG in $LOG{1,2,3} do #if file exist and is not empty then process if [ -e $LOG ] && [ -s $LOG ]; then echo $LOG BEGIN >> $OUTPUTLOG #only grabbing todays log out of file grep -E "$MYDATE" $LOG >> $OUTPUTLOG 2>/dev/null echo $LOG END >> $OUTPUTLOG echo >> $OUTPUTLOG fi done #email output cat $OUTPUTLOG | mail -s "daily logs `date +%F`" $EMAIL 2>/dev/null #END
When conducting a pentest, the first thing the pentester should do is to change its computer mac address and hostname because they are recorded in the logs and dhcp server. Macxchange is a very simple script. It is meant to work with backtrack or any other linux distro. It selects a random word from john the ripper wordlist for hostname, and for the mac address uses macchanger. Once your mac and hostname have been changed remember to restart networking or get an ip “dhclient <interface> “. So if you’re using other distro than backtrack, make sure to have macchanger installed, and edit the proper varialbe for wordlist. You can also download script from here
#!/bin/bash #author: Jorge L. Vazquez #purpose: this script will change the mac address to random #and will pick a random word from password.lst in jtr for hostname #change variables "interface" and "file" to your settings #also macchanger needs to be installed INTERFACE=eth0 FILE=/pentest/passwords/jtr/password.lst WORD=$(sort -R $FILE | head -1) #changing mac address to random ifconfig $INTERFACE down > /dev/null if [ $? == 0 ]; then printf "%s\nChanging mac address...\n" macchanger -r $INTERFACE else printf "%sScript encounter an error, sorry...\n" exit 1 fi #changing hostname to random word from password.lst printf "%s\nChanging Hostname...\n" OLDHOST=$(hostname) hostname $WORD if [ $? == 0 ]; then printf "%sPrevius Hostname: $OLDHOST \n" printf "%sRandom Hostname: $WORD \n" else printf "%sScript encounter an error, sorry...\n" exit 1 fi #putting interface up ifconfig $INTERFACE up > /dev/null printf "\n" #END
Subscribe
Designed By :
