Author: The Geek Decoder
My VM on ESXi have all different dates. Here is how toset them the same.
First, you’ll need to install NTP. For Debian or Ubuntu, that would be this command:
# sudo apt-get install ntp
For Redhat or CentOS, you’ll need to use this one:
# yum install ntp
Then you’ll want to edit the /etc/ntp.conf file, which is quite possibly already filled out for you.
# nano /etc/ntp.conf
You can get a list of server addresses at www.pool.ntp.org. Here are the North America ones:
server 0.north-america.pool.ntp.org server 1.north-america.pool.ntp.org server 2.north-america.pool.ntp.org server 3.north-america.pool.ntp.org
Set it to run at boot
# chkconfig --list ntpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
For Redhat and CentOS 6
chkconfig ntpd on
# ntpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
For Redhat 7 and CentOS 7
# systemctl enable ntpd.service
CentOS 6 restart or start the NTPD service:
# /etc/init.d/ntpd restart
CentOS 7 Restart
# /bin/systemctl start ntpd.service
If you want to update the time right now, you can stop the NTP service and then run the following command, swapping out your preferred server for pool.ntp.org.
/usr/sbin/ntpdate pool.ntp.org
Check your Site at https://drownattack.com/#test
or run the following:
http (replace IP with your server ip)
openssl s_client -connect 192.168.1.1:443 -ssl2
postfix or other email MTA
openssl s_client -connect xxxxxxxxxxxxx.com:25 -starttls smtp -ssl2
Check your version
# openssl version OpenSSL 1.0.1e-fips 11 Feb 2013
To protect against DROWN, server operators need to ensure that their private keys are not used anywhere with server software that allows SSLv2 connections. This includes web servers, SMTP servers, IMAP and POP servers, and any other software that supports SSL/TLS. You can use the form above to check whether your server appears to be exposed to the attack.
Disabling SSLv2 can be complicated and depends on the specific server software. We provide instructions here for several common products:
OpenSSL: OpenSSL is a cryptographic library used in many server products.
For users of OpenSSL, the easiest and recommended solution is to upgrade to a recent OpenSSL version. OpenSSL 1.0.2 users should upgrade to 1.0.2g. OpenSSL 1.0.1 users should upgrade to 1.0.1s. Users of older OpenSSL versions should upgrade to either one of these versions.
More details can be found in this OpenSSL blog post.
Postfix
add the following to your main.cf config file:
smtpd_tls_security_level = may smtpd_tls_auth_only = yes smtpd_tls_protocols = SSLv3, TLSv1, !SSLv2 smtpd_tls_cipherlist = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP:-eNULL
then just do a postfix reload. eg.
# /etc/init.d/postfix reload
to check it’s actually disabled use the following openssl command
openssl s_client -connect xxxxxxxxxxxxx.com:25 -starttls smtp -ssl2
which should give you something like this:
Code: CONNECTED(00000003) write:errno=104
as opposed to the SSL3 test
openssl s_client -connect xxxxxxxxxxxxx.com:25 -starttls smtp -ssl3
CONNECTED(00000003)
....
SSL-Session:
Protocol : SSLv3
Cipher : DHE-RSA-AES256-SHA
Session-ID: AB6C68095ADFA60119F4845485D840A62DEB5B519E803510692F1BBCD71199CD
Session-ID-ctx:
Master-Key: 8BA2691B5EEEA9AE6752D804F0B0700C0792E7AD6BC6D19416B819EF5014FA80FAC51E124DFFB083C70A547AF522C149
Key-Arg : None
Krb5 Principal: None
Start Time: 1292001315
Timeout : 7200 (sec)
Verify return code: 18 (self signed certificate)
---
220 mail.xxxxxxxxx.net ESMTP Postfix
# /var/lib/php/session -depth -mindepth 1 -maxdepth 1 -type f -cmin +120 -delete;
Find your drives
# fdisk -l Disk /dev/sda: 17.2 GB, 17179869184 bytes 255 heads, 63 sectors/track, 2088 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0x0007f474 Device Boot Start End Blocks Id System /dev/sda1 * 1 64 512000 83 Linux Partition 1 does not end on cylinder boundary. /dev/sda2 64 2089 16264192 8e Linux LVM Disk /dev/mapper/vg_backup-lv_root: 14.9 GB, 14935916544 bytes 255 heads, 63 sectors/track, 1815 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0x00000000 Disk /dev/mapper/vg_backup-lv_swap: 1715 MB, 1715470336 bytes 255 heads, 63 sectors/track, 208 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0x00000000
SDA is the primary
hdparm Command
Open the terminal and type the following
# hdparm -I /dev/sda
OR
$ sudo hdparm -I /dev/sda
SQL LEFT JOIN Syntax
SELECT column_name(s) FROM table1 LEFT JOIN table2 ON table1.column_name=table2.column_name;
or:
SELECT column_name(s) FROM table1 LEFT OUTER JOIN table2 ON table1.column_name=table2.column_name;
PS! In some databases LEFT JOIN is called LEFT OUTER JOIN.
Example: You have a surveys table and a services table and the id’s are both client_id
select surveys.date, surveys.client_id, surveys.score from surveys left join services on surveys.client_id=services.client_id where cpu like Xeon group by surveys.client_id;
#!/bin/bash
# ----------------------------------------------------------------------
# mikes handy rotating-filesystem-snapshot utility
# ----------------------------------------------------------------------
# this needs to be a lot more general, but the basic idea is it makes
# rotating backup-snapshots of /home whenever called
# ----------------------------------------------------------------------
unset PATH # suggestion from H. Milz: avoid accidental use of $PATH
# ------------- system commands used by this script --------------------
ID=/usr/bin/id;
ECHO=/bin/echo;
MOUNT=/bin/mount;
RM=/bin/rm;
MV=/bin/mv;
CP=/bin/cp;
TOUCH=/bin/touch;
RSYNC=/usr/bin/rsync;
# ------------- file locations -----------------------------------------
MOUNT_DEVICE=/dev/hdb1;
SNAPSHOT_RW=/root/snapshot;
EXCLUDES=/usr/local/etc/backup_exclude;
# ------------- the script itself --------------------------------------
# make sure we're running as root
if (( `$ID -u` != 0 )); then { $ECHO "Sorry, must be root. Exiting..."; exit; } fi
# attempt to remount the RW mount point as RW; else abort
$MOUNT -o remount,rw $MOUNT_DEVICE $SNAPSHOT_RW ;
if (( $? )); then
{
$ECHO "snapshot: could not remount $SNAPSHOT_RW readwrite";
exit;
}
fi;
# rotating snapshots of /home (fixme: this should be more general)
# step 1: delete the oldest snapshot, if it exists:
if [ -d $SNAPSHOT_RW/home/hourly.3 ] ; then \
$RM -rf $SNAPSHOT_RW/home/hourly.3 ; \
fi ;
# step 2: shift the middle snapshots(s) back by one, if they exist
if [ -d $SNAPSHOT_RW/home/hourly.2 ] ; then \
$MV $SNAPSHOT_RW/home/hourly.2 $SNAPSHOT_RW/home/hourly.3 ; \
fi;
if [ -d $SNAPSHOT_RW/home/hourly.1 ] ; then \
$MV $SNAPSHOT_RW/home/hourly.1 $SNAPSHOT_RW/home/hourly.2 ; \
fi;
# step 3: make a hard-link-only (except for dirs) copy of the latest snapshot,
# if that exists
if [ -d $SNAPSHOT_RW/home/hourly.0 ] ; then \
$CP -al $SNAPSHOT_RW/home/hourly.0 $SNAPSHOT_RW/home/hourly.1 ; \
fi;
# step 4: rsync from the system into the latest snapshot (notice that
# rsync behaves like cp --remove-destination by default, so the destination
# is unlinked first. If it were not so, this would copy over the other
# snapshot(s) too!
$RSYNC \
-va --delete --delete-excluded \
--exclude-from="$EXCLUDES" \
/home/ $SNAPSHOT_RW/home/hourly.0 ;
# step 5: update the mtime of hourly.0 to reflect the snapshot time
$TOUCH $SNAPSHOT_RW/home/hourly.0 ;
# and thats it for home.
# now remount the RW snapshot mountpoint as readonly
$MOUNT -o remount,ro $MOUNT_DEVICE $SNAPSHOT_RW ;
if (( $? )); then
{
$ECHO "snapshot: could not remount $SNAPSHOT_RW readonly";
exit;
} fi;
#!/bin/sh
# set -x
# Shell script to monitor or watch the disk space
# It will send an email to $ADMIN, if the (free available) percentage of space is >= 90%.
# -------------------------------------------------------------------------
# Set admin email so that you can get email.
ADMIN="root"
# set alert level 90% is default
ALERT=90
# Exclude list of unwanted monitoring, if several partions then use "|" to separate the partitions.
# An example: EXCLUDE_LIST="/dev/hdd1|/dev/hdc5"
EXCLUDE_LIST="/auto/ripper"
#
#::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
#
function main_prog() {
while read output;
do
#echo $output
usep=$(echo $output | awk '{ print $1}' | cut -d'%' -f1)
partition=$(echo $output | awk '{print $2}')
if [ $usep -ge $ALERT ] ; then
echo "Running out of space \"$partition ($usep%)\" on server $(hostname), $(date)" | \
mail -s "Alert: Almost out of disk space $usep%" $ADMIN
fi
done
}
if [ "$EXCLUDE_LIST" != "" ] ; then
df -H | grep -vE "^Filesystem|tmpfs|cdrom|${EXCLUDE_LIST}" | awk '{print $5 " " $6}' | main_prog
else
df -H | grep -vE "^Filesystem|tmpfs|cdrom" | awk '{print $5 " " $6}' | main_prog
fi
MAX=95
EMAIL=USER@domain.com
PART=sda1
USE=`df -h |grep $PART | awk '{ print $5 }' | cut -d'%' -f1`
if [ $USE -gt $MAX ]; then
echo "Percent used: $USE" | mail -s "Running out of disk space" $EMAIL
fi
Shell Scrip for Checking Server Utilization
#!/bin/bash
date;
echo "uptime:"
uptime
echo "Currently connected:"
w
echo "--------------------"
echo "Last logins:"
last -a |head -3
echo "--------------------"
echo "Disk and memory usage:"
df -h | xargs | awk '{print "Free/total disk: " $11 " / " $9}'
free -m | xargs | awk '{print "Free/total memory: " $17 " / " $8 " MB"}'
echo "--------------------"
start_log=`head -1 /var/log/messages |cut -c 1-12`
oom=`grep -ci kill /var/log/messages`
echo -n "OOM errors since $start_log :" $oom
echo ""
echo "--------------------"
echo "Utilization and most expensive processes:"
top -b |head -3
echo
top -b |head -10 |tail -4
echo "--------------------"
echo "Open TCP ports:"
nmap -p- -T4 127.0.0.1
echo "--------------------"
echo "Current connections:"
ss -s
echo "--------------------"
echo "processes:"
ps auxf --width=200
echo "--------------------"
echo "vmstat:"
vmstat 1 5