security

lsof lite (III/III)

 code, ipmi, security, tech  Comments Off on lsof lite (III/III)
Sep 252012
 

Finally one that looks at a process and tells you what ports its listening to. WPCM450 /tmp]$ ps |grep ssh  1263 root       4532 S   /sbin/sshd -g 60  9730 root       9412 S   sshd: root@pts/0     10571 root       3556 R   grep ssh [WPCM450 /tmp]$ ./lsof-net-pid.sh 1263 PID 1263 is listening on tcp6:22 PID 1263 is listening on tcp:22 […]

lsof lite (II/III)

 code, ipmi, security, tech  Comments Off on lsof lite (II/III)
Sep 252012
 

Here’s one that looks up processes that have a file open… well, actually, more like a file expression; “foo” would match “/bar/foo” and “/foo/bar” (by intent), so use full paths if you’re not feeling frisky. And yes… busybox really does have that many duplicate processes with that file open…. [WPCM450 /tmp]$ ./lsof-pid-on-file.sh NVRAM_PrivateStorage00.dat /bin/fullfw      /flash/data0/BMC_Data/NVRAM_PrivateStorage00.dat /bin/fullfw      /flash/data0/BMC_Data/NVRAM_PrivateStorage00.dat /bin/fullfw      /flash/data0/BMC_Data/NVRAM_PrivateStorage00.dat /bin/fullfw      /flash/data0/BMC_Data/NVRAM_PrivateStorage00.dat […]

lsof lite I/III

 code, ipmi, security, tech  Comments Off on lsof lite I/III
Sep 252012
 

After beating on some really anemic linux installations that had… well, just about nothing installed (one didn’t have “tr”, one didn’t have “df”, etc… come on, that’s pretty sad ;)), I decided to start writing some shell scripts in very, very basic shell (you can do a lot with shell, awk, and sed!) Here’s one that while not perfect, at least seems to work (so far!) – I

waxing nostalgic

 dinosaur, dinosaurs, security, tech  Comments Off on waxing nostalgic
Sep 112012
 
waxing nostalgic

Got an HP server to play with, a Proliant ML 150 G6 (what’s the deal with HP’s wacko URLs?); not too expensive, and is big with really loud fans. When setting up IPMI the man advises you to “use Telnet to log in to the remote management CLP” – I haven’t used telnet in sometime, I had to try. telnet 192.168.0.46 Trying 192.168.0.46… Connected to 192.168.0.46. Escape character is […]

 Posted by at 11:51 pm on September 11, 2012  Tagged with:

reading wtmp

 code, perl, security, tech  Comments Off on reading wtmp
Sep 102012
 

Have a wtmp file you need read? A nice perl one liner to do so: perl -we ‘@type=("Empty","Run Lvl","Boot","New Time","Old Time","Init","Login","Normal","Term","Account");$recs = ""; while (<>) {$recs .= $_};foreach (split(/(.{384})/s,$recs)) {next if length($_) == 0;my ($type,$pid,$line,$inittab,$user,$host,$t1,$t2,$t3,$t4,$t5) = $_ =~/(.{4})(.{4})(.{32})(.{4})(.{32})(.{256})(.{4})(.{4})(.{4})(.{4})(.{4})/s;if (defined $line && $line =~ /\w/) {$line =~ s/\x00+//g;$host =~ s/\x00+//g;$user =~ s/\x00+//g;printf("%s %-8s %-12s %10s %-45s\n",scalar(gmtime(unpack("I4",$t3))),$type[unpack("I4",$type)],$user,$line,$host)}}print"\n"’ < /var/log/wtmp Thanks to: http://www.hcidata.info/wtmp.htm

 Posted by at 6:27 pm on September 10, 2012  Tagged with: , ,
 Older Entries  Newer Entries