Recovering a Recently opended deleted files

rajeshkumar created the topic: Recovering a Recently opended deleted files
Recovering a Recently opended deleted files
By using lsof, you can recover a deleted file that was opened already. This comes very handy when attacker gain access to the systems and has executed commands or has done some configuration changes, and then removes the log file(s) to erase evidence. A sysadmin can use this method to recover the filles which has been opened by some processess to check what all the hacker has changed.

The lsof – list open file is the command used for this:

lsof | grep “syslog” (List processess which has this file opened)

rsyslog 998 root 1w REG 8,3 141400 1237857 /var/log/syslog

Here the process 990 (PID) has opened the file ‘/var/log/syslog’ with the descriptor a ‘1’(1W).

To recover the content of the file, just run the following commands…

cat /proc/990/fd/1 > syslog.safe

you will have the content of the file stored in syslog.safe
Regards,
Rajesh Kumar
Twitt me @ twitter.com/RajeshKumarIn

Tagged :

Securing a directory

rajeshkumar created the topic: Securing a directory
Securing a directory
Here is a tip that uses the sticky bit feature of Linux to secure a directory. A sticky but ensures that no user other than the owner and the super can delete files in the directory. When a sticky bit is applied to a directory, other users can not delete anything, even if they have full permission on the directory.
To apply the sticky bit feature to a directory, run the following commands…

$ chmod o+t mydir

This feature is extremly useful for group projects where multiple users are using the content from one single directory.
Regards,
Rajesh Kumar
Twitt me @ twitter.com/RajeshKumarIn

Tagged :

Changing port of ftp and ssh

rajeshkumar created the topic: Changing port of ftp and ssh
Changing port of ftp and ssh
To Change the port of ssh, edit the file /etc/ssh/sshd_config and add the following line:

port 222

Restart the services of ssh to make the changes effective. Now you need to specify the port number using option ‘-p’ whenever you want to access this system.

# ssh localhost -p 22

In order to change the port of ftp server, edit the file /etc/vsftpd/vsftpd.conf

listen_port=2100 # # Add thus line

Restart the service of ftp

Now run the following command to check if the listening ports have been changed or not;

ftp localhost 2100

you can even check the open port using the netstat or nmap commands..
Regards,
Rajesh Kumar
Twitt me @ twitter.com/RajeshKumarIn

Tagged :

Make your pendrive bootable

rajeshkumar created the topic: Make your pendrive bootable
Make your pendrive bootable
if you can not boot from the DVD/CD-ROM drive, but can boot using USB device such as a USB pen drive, the following alternative method can be used to boot Linux.

1. Check the name of your pen drive by issuing the following command:

# fdisk -1

This will show the pen drive’s name and size, e,g – /dev/sdb

2. Copy the file name diskboot.img for redhat installation dvd to root of the USB disk.

3. Take a back up of the data on the pen drive, and then execute the following command:
# dd if=/root/diskboot.img of=/dev/sdb

4. In the BIOS, set the first Boot device a USB Device,
Regards,
Rajesh Kumar
Twitt me @ twitter.com/RajeshKumarIn

Tagged :

How to check ssh is working with public key / private key

rajeshkumar created the topic: How to check ssh is working with public key / private key
Code – ssh serverhostname -o ‘BatchMode=yes’ -o ‘ConnectionAttempts=1’ true

Every time a ssh attempt fails, it rights a string “Failed” to the /var/log/secure.
Maybe you can just count that number, and if it goes above a threshold you can alert. Obviously you will need some more logic to check for the day to get your full requirement.

*** this is bash code ***
[root@jralph-linux jralph]# cat check_ssh.sh
#!/bin/bash

COUNT=$(tr -s ' ' '\n' < /var/log/secure | grep -c 'Failed') if [ $COUNT -ge "1" ] then echo "Failed SSH $COUNT" echo "We have some ssh failures" else echo "Things seem to be ok" fi

[root@jralph-linux jralph]# ./check_ssh.sh
Failed SSH 2
We have some ssh failures
Regards,
Rajesh Kumar
Twitt me @ twitter.com/RajeshKumarIn

rajeshkumar replied the topic: How to check ssh is working with public key / private key
How to check if any errors occurred during ssh?
#!/bin/bash
result=`ssh myapp 'mkdir /some/dir' 2>&1`
if -n $result; then
echo "the following error occurred: $result"
fi
Regards,
Rajesh Kumar
Twitt me @ twitter.com/RajeshKumarIn

rajeshkumar replied the topic: How to check ssh is working with public key / private key
How to check if ssh works without connecting to server?
su -c "ssh oracle@$MY_IP -o 'BatchMode=yes' -o 'ConnectionAttempts=1' true" oracle
returnCode=$?

echo "$returnCode"
if [ $returnCode != 0 ]
then
echo "Configuration is not valid"
return 1;
else
echo "Configuration is valid"
return 0;
fi
Regards,
Rajesh Kumar
Twitt me @ twitter.com/RajeshKumarIn

Must have collection of shell script for any SCM admin

rajeshkumar created the topic: Must have collection of shell script for any SCM admin
Hello Guys,
In a busy schedule of SCM jobs, everyone must have a collection of shell scripts which can be easily modifiable and make use in our daily tasks to save out time.

There are few script everyone must have such as….
A script which will login to each machine in given list and gather the Disk usage info and send a daily notification with threshold level.

A script which can be used for Incremental Backups of file systems with sending emails features.

A Script to monitor the system and send a report consisting of process which is consuming High CPU and memory.

I have few good reference url which contains very useful collection of shell scripts, you might want to add in your fav… also you can add your collection here as part of the comment section in the same thread.

www.comp.eonworks.com/scripts/scripts.html

intuitive.com/wicked/wicked-cool-shell-script-library.shtml

unix.stackexchange.com/questions/125726/…system-administrator
Regards,
Rajesh Kumar
Twitt me @ twitter.com/RajeshKumarIn

Tagged :

How to check ssh is working with public key / private key

rajeshkumar created the topic: How to check ssh is working with public key / private key
Code – ssh serverhostname -o ‘BatchMode=yes’ -o ‘ConnectionAttempts=1’ true

Every time a ssh attempt fails, it rights a string “Failed” to the /var/log/secure.
Maybe you can just count that number, and if it goes above a threshold you can alert. Obviously you will need some more logic to check for the day to get your full requirement.

*** this is bash code ***
[root@jralph-linux jralph]# cat check_ssh.sh
#!/bin/bash

COUNT=$(tr -s ' ' '\n' < /var/log/secure | grep -c 'Failed') if [ $COUNT -ge "1" ] then echo "Failed SSH $COUNT" echo "We have some ssh failures" else echo "Things seem to be ok" fi

[root@jralph-linux jralph]# ./check_ssh.sh
Failed SSH 2
We have some ssh failures
Regards,
Rajesh Kumar
Twitt me @ twitter.com/RajeshKumarIn

rajeshkumar replied the topic: How to check ssh is working with public key / private key
How to check if any errors occurred during ssh?
#!/bin/bash
result=`ssh myapp 'mkdir /some/dir' 2>&1`
if -n $result; then
echo "the following error occurred: $result"
fi
Regards,
Rajesh Kumar
Twitt me @ twitter.com/RajeshKumarIn

rajeshkumar replied the topic: How to check ssh is working with public key / private key
How to check if ssh works without connecting to server?
su -c "ssh oracle@$MY_IP -o 'BatchMode=yes' -o 'ConnectionAttempts=1' true" oracle
returnCode=$?

echo "$returnCode"
if [ $returnCode != 0 ]
then
echo "Configuration is not valid"
return 1;
else
echo "Configuration is valid"
return 0;
fi
Regards,
Rajesh Kumar
Twitt me @ twitter.com/RajeshKumarIn

Must have collection of shell script for any SCM admin

rajeshkumar created the topic: Must have collection of shell script for any SCM admin
Hello Guys,
In a busy schedule of SCM jobs, everyone must have a collection of shell scripts which can be easily modifiable and make use in our daily tasks to save out time.

There are few script everyone must have such as….
A script which will login to each machine in given list and gather the Disk usage info and send a daily notification with threshold level.

A script which can be used for Incremental Backups of file systems with sending emails features.

A Script to monitor the system and send a report consisting of process which is consuming High CPU and memory.

I have few good reference url which contains very useful collection of shell scripts, you might want to add in your fav… also you can add your collection here as part of the comment section in the same thread.

www.comp.eonworks.com/scripts/scripts.html

intuitive.com/wicked/wicked-cool-shell-script-library.shtml

unix.stackexchange.com/questions/125726/…system-administrator
Regards,
Rajesh Kumar
Twitt me @ twitter.com/RajeshKumarIn

Tagged :

Create a script haven’t been accessed for a week, then delete them

rajeshkumar created the topic: Create a script haven’t been accessed for a week, then delete them
Create a script for a cronjob that checks a special directory for files with the extension .tmp that haven’t been accessed for a week, then delete them. Also remove all empty directories.

#!/bin/bash

usage()
{
echo "Usage: $0 [-d Valid Directory] [-e Valid File extension] [-a Access time in a day]" 1>&2;
exit 1;
}

while getopts ":d:e:a:" o; do
case "${o}" in
d)
d=${OPTARG}
if [ ! -d "$d" ]; then
echo "Directory $d not found"
usage
fi
;;
e)
e=${OPTARG}
echo "Passed file extension is $e"
;;
a)
a=${OPTARG}
echo "Passed number of days for access is $a"
;;
*)
usage
;;
esac
done
shift $((OPTIND-1))

# for Debug for output
echo "Directory is $d"
echo "File extension is $e"
echo "Accessed time is $a"

# Based on Inputs, this will find the specified file and delete it found accessed according to parameters
#find $d -iname "*$e" -atime -$a -type f -print0
#find /root/raj -iname "*.txt" -atime -1 -type f -print0

find $d -iname "*$e" -atime -$a -type f -print0 | xargs -0 rm -rf

# This can be used as well but xargs would be faster for large file sets.
# find $d -iname "*$e" -atime -$e -type f | exec rm {} \;

# To Remove the empty directory
find $d -type d -empty -exec rmdir {} \;

if [ -z "${d}" ] || [ -z "${e}" ] || [ -z "${a}" ]; then
usage
fi

Regards,
Rajesh Kumar
Twitt me @ twitter.com/RajeshKumarIn

Tagged :

Questions to test your linux shell Script

rajeshkumar created the topic: Questions to test your linux shell Script

www.scmgalaxy.com/index.php?option=com_k…34&id=427&Itemid=442
www.scmgalaxy.com/index.php?option=com_k…34&id=426&Itemid=442
www.scmgalaxy.com/index.php?option=com_k…34&id=425&Itemid=442
www.scmgalaxy.com/index.php?option=com_k…34&id=424&Itemid=442
www.scmgalaxy.com/index.php?option=com_k…34&id=423&Itemid=442
www.scmgalaxy.com/index.php?option=com_k…34&id=422&Itemid=442
www.scmgalaxy.com/index.php?option=com_k…34&id=419&Itemid=442
www.scmgalaxy.com/index.php?option=com_k…34&id=421&Itemid=442
www.scmgalaxy.com/index.php?option=com_k…34&id=420&Itemid=442
www.scmgalaxy.com/index.php?option=com_k…34&id=418&Itemid=442
www.scmgalaxy.com/index.php?option=com_k…34&id=431&Itemid=442
www.scmgalaxy.com/index.php?option=com_k…34&id=430&Itemid=442
www.scmgalaxy.com/index.php?option=com_k…34&id=428&Itemid=442
Regards,
Rajesh Kumar
Twitt me @ twitter.com/RajeshKumarIn

sribhavani_u replied the topic: Questions to test your linux shell Script
#assignment question1
#You have a number of C programs that certain comment lines at the beginning of each program. The lines begin with /* followed by the first line of comment, butthe terminator line has */ as the only characters in the line. Remove these comments from all files.
for file in *.c
do
echo “file name is $file”
if [ -e $file ]
then
`sed ‘s/[/**/]//g’ $file > newfile`
mv newfile $file
fi
done
=======================================================================
#assignment question1
#You have a number of C programs that certain comment lines at the beginning of each program. The lines begin with /* followed by the first line of comment, butthe terminator line has */ as the only characters in the line. Remove these comments from all files.
for file in test123.c
do
echo “file name is $file”
nooflines=`wc -l $file | awk ‘ { print $1 } ‘`
cat $file | grep -n “^/\*” | awk -F”:” ‘ { print $1 } ‘ | while read strtlineno
do
totlines=`wc -l $file | awk ‘ { print $1 } ‘`
let taillines=$nooflines-$strtlineno
endlineno=`tail -$taillines $file | grep -n “^\*/” | awk -F”:” ‘ { print $1 } ‘ | head -1`
let endlineno=$strtlineno+$endlineno
let difflines=$nooflines-$totlines
let strtlineno=$strtlineno-$difflines
let endlineno=$endlineno-$difflines
echo “$strtlineno $endlineno”
endlineno=`echo $endlineno\d`
sed -i $strtlineno,$endlineno $file
done
done
====================================================================
# assingment question2
#Write a script that compares two direcotries bar1 and bar2 (supplied as arguments) and copies or overwrites to bar1 from bar2 every file that is (i) not present in bar1 or (ii) newer than its namespace in bar1. (HINT: Use the find command)

BAR1=/root/test/bar1/
BAR2=/root/test/bar2/
BAR1_MOD=/root/test/bar1/

cd $BAR2

find . -type f | while read filename
do

newfile=false
modified=false
if [ ! -e “$BAR1$filename” ]; then
newfile=true
echo “ADD $filename”
elif ! cmp $filename $BAR1$filename &>/dev/null; then
modified=true
echo “MOD $filename”
fi

if $newfile || $modified; then

#massage the filepath to not include leading ./
filepath=$BAR1_MOD$(echo $filename | cut -c3-)

#create folder for it if it doesnt exist
destfolder=$(echo $filepath | sed -e ‘s/\/[^\/]*$/\//’)
mkdir -p $destfolder

#copy new/modified file to the upgrade folder
cp $filename $filepath
fi
done
====================================================================
#assingment question 3
#Add the statement #inlclude at the beginning of every C source file in the current directory containing printf or fprintf, if it does not already have it included.
egrep -l “printf|fprintf” *.c > new
for filename in `cat new`
do
if [ `grep -c “#include” $filename` -eq 0 ]; then
sed ‘1i\#include\’ $filename > new1
`cat new1>$filename`
rm new1
fi
done
rm new
====================================================================
#assingment question4
#!/bin/bash
#Find out the pathname of the Korn shell on your machine and then change the interpreter line in all shell script in the current directory that show a differentpathname for ksh
dest=`which ksh`
grep -l “^#!.*ksh” *.shh | while read filename
do
cat $filename | grep “^#!.*ksh” | while read src
do
sed -i “s|$src|$dest|g” $filename
done
done
=======================================================================
# assingment question 5
#!/bin/bash
#Write a script that displays a special listing showing the (i) permission (ii) size (iii) filename (iv) last modification time (v) last access time of filenames supplied as arguments. Provide suitable headers using the printf command.
if [ $# -eq 0 ]
then
echo “pass the file name”
exit
fi

divider==================================================
divider=$divider$divider$divider$divider

header=”\n %-15s %15s %15s %40s %40s\n”

format=” %-15s %15d %15s %40s %40s \n”

width=75

printf “$header” “PERMISSION” “SIZE” “FILENAME” “LASTMODTIME” “LASTACCESSTIME”

printf “%$width.${width}s\n” “$divider”

while [ $# -ne 0 ]
do
abc=`stat –format=%A” “%s” “%n” “\”%y\”” “\”%x\” $1 `
shift
printf “$format” \
$abc
done
======================================================================
# assingment question 6
#You are moving files to handled which accepts only 8+3 type filesname. Produce a list of those files in your current directory that fail in this test
#find . -type f ! -name “????????.???”
find . -type f -printf “%f\n” | while read filename
do
bname=`echo $filename | awk -F”.” ‘ { print $1}’ | wc -m`
ename=`echo $filename | awk -F”.” ‘ { print $2}’ | wc -m`
if [ $bname != 9 ] || [ $ename != 4 ]; then
echo “$filename”
fi
done
=======================================================================
#assingment question7
#Expand the scope of the script in 16.12 (Test Your Understanding) to perform search recursively.
======================================================================
#assingment question 8
#Display a process in the system every 30 seconds five times using a(i) while loop (ii) for loop. What is the unusual feature of the for loop?

#using while loop
#i=5
#while [ $i -gt 0 ]
#do
#echo “============”
#ps
#echo “===========”
#sleep 30
#i=$i-1
#done
#using for loop
for i in 1 2 3 4 5
do
echo “*******”
ps
echo “*******”
sleep 30
done

#for loop can not check for condition
=====================================================================
#assignment question 9
#Write a script that behaves both in interactive and noninteractive mode. When no arguments are supplied, it picks up each C program from the current directory and lists the first 10 lines. it then prompts for deletion of the file. if the user supplies arguments with the script, then it works on those files only.
args=$#

if [ $args -eq 0 ]
then
for i in $(find . -name “*.shh”)
do
echo “$(sed -n ‘1,10p’ $i)”
rm -i $i
done
else
for i in $*
do
if [ ! -f $i ]
then
echo “File $i does not exist”
else
echo “$(sed -n ‘1,10p’ $i)”
rm -i $i
fi
done
fi
=====================================================================
# assingment question 10
#Write a script that lists files by modification time when called with lm and by access time when called with la. By default, the script should show the listing of all files in the current directory.

# Listing files by modification time and access time
s=$1
if test “$s” == “lm”
then
ls -lt
elif test “$s” == “la”
then
ls -lu
else
ls -l
fi
====================================================================
# assingment question 11
#Assume that you have a number of files, downloaded from the internet, in the /home/kumar/download directory. The table of contents (TOC) is available in the file TOC_Download.txt in the form filename:description. The script should check each file in the download directory that does not have a description in the TOC file and prompt the user for the description. The TOC should be updated to maintain the list in sorted condition. The script must be immune to signals.
#!/bin/ksh
trap ” INT TERM QUIT
TOC=/root/test/download/contents.txt
find /root/test/download -type f | grep -v $TOC | awk -F/ ‘{ print $NF }’ | sort -u | while read fname
do
if [ `cat $TOC | grep -c “$fname”` == 1 ]; then
echo “file description exists for $fname”
else
echo “update description for $fname: ”
read desc > $TOC
sort -o /tmp/assing11.txt $TOC
cat /tmp/assing11.txt > $TOC
rm -f /tmp/assing11.txt
fi
done
===================================================================
#assingment question 12
#Devise a script that creates a lock file which prevents more than one user from running it. The lock file must be removed before script termination or if the user presses the interrrupt key.
setEnv()
{
LOCK=/tmp/mylock
}
checkLock()
{
if [ -f $LOCK ]; then
echo “Someone is running the script, Hence exiting…”
exit 1;
fi
}
createLock()
{
echo “Creating lock $LOCK”
touch $LOCK
}
doWork()
{
echo “Working”
sleep 10
}
removeLock()
{
echo “Removing lock $LOCK”
rm -f $LOCK
}
capkill()
{
removeLock
exit 1
}
########
# MAIN #
########
trap capkill INT TERM QUIT
setEnv
checkLock
createLock
doWork
removeLock
===================================================================
# assingment qestion 13
#Write a shell script that uses find to look for a file and echo a suitable message if the file is not found. you must not store the find output in a file.
echo “give the name of the file to be searched”
read file
if [ ` find . -type f -iname $file` ];
then
echo “$file exists”
else
echo “File \””$file”\” does not exist.”
fi

chaitu137 replied the topic: Questions to test your linux shell Script
Solution to Question 01

#!/bin/sh

sed -i ‘/\*/{D}’ *.c

Tagged :