posteets

 

  • 5 years ago by spirit
    SI(SIERREUR(TROUVE("K";F107); 0); GAUCHE(F107;TROUVE("K";F107)-1)*1024;SI(SIERREUR(TROUVE("M";F107); 0); GAUCHE(F107;TROUVE("M";F107)-1)*1024*1024;SI(SIERREUR(TROUVE("G";F107); 0); GAUCHE(F107;TROUVE("G";F107)-1)*1024*1024*1024;F107)))
  • 5 years ago by spirit
    1. #Adding/Modifying Rules
    2. #    Watch for files
    3. auditctl –w /etc/yum.conf -p wa  -k yum_watch
    4. auditctl –w /usr/bin/nmap -p x   -k nmap_watch
    5. auditctl –w /etc/shadow   -p rwa -k shadow_watch
    6. #    Remove a rule using auditctl
    7. auditctl -W /etc/shadow -p rwa -k shadow_watch
    8. #    Watching for ptrace system call
    9. auditctl -a entry,always -F arch=b64 -S ptrace -k info_scan
    10. #    Suppress 32bit clock_gettime & fstat64 system calls
    11. -a entry,never -F arch=b32 -S clock_gettime -k clock_gettime
    12. -a entry,never -F arch=b32 -S fstat64 -k fstat64
    13. #    Audit files opened by a specific user
    14. auditctl -a exit,always -S open -F auid=2010
    15. auditctl -a exit,always -F arch=b64 -F auid=2010  -F uid=2010 -F path=/etc/hosts -S open
    16. #    Audit unsuccessful attempts for multiple system calls where user id is greater than or equal to 500
    17. auditctl -a always,exit -F arch=b32 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EACCES -F auid>=500
    18. auditctl -a always,exit -F arch=b32 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EPERM -F auid>=500
    19. #Reporting/Searching
    20. #    List all rules
    21. auditctl -l
    22. #    List status
    23. auditctl -s
    24. #    Report on watched files. Date format is local to the server’s date format.
    25. aureport -f
    26. aureport -f –start 02/18/10 17:42:00
    27. aureport -f –start 02/18/10 17:00:00 –end 02/18/10 17:10:00
    28. aureport -f -ts this-week
    29. aureport -f -ts today
    30. #    Search by system call
    31. ausearch -sc ptrace -i
    32. #    Search for user id or effective user id
    33. ausearch -ui 2010
    34. ausearch -ue 2010
    35. #    Lists all auth attempts and their result
    36. aureport -au
    37. #    List just logins
    38. aureport -l
    39. #    List account modification attempts.
    40. aureport -m
    41. #    Search events where success value is no, User id is 500 and key is nmap_watch
    42. ausearch -sv no -ua 500 -k nmap_watch
    43. #    Search by executable
    44. ausearch -x /usr/bin/nmap
    45. #    Search by terminal
    46. ausearch -tm pts/0
    47. #    Search by daemon. Stuff like cron log terminal as the daemon name
    48. ausearch -tm cron
  • 5 years ago by spirit
    1. ssh root@remote.host “rpm -qa” | xargs yum -y install
  • 5 years ago by spirit and saved by 1 other
    1. dateset=“$(sshuser@server date)”
  • 5 years ago by spirit
    shell, remote, ssh, command
    1. ssh host -l user $(<cmd.txt)
  • 5 years ago by spirit
    1. mysqldump –add-drop-table –extended-insert –force –log-error=error.log -uUSER -pPASS OLD_DB_NAME | ssh -C user@newhost “mysql -uUSER -pPASS NEW_DB_NAME”
  • 5 years ago by xarkam
    1. echo ‘<?php phpinfo(); ?>’ | php 2>&1 |grep -i ssl
  • 5 years ago by macks
    1. SELECT parent_id FROM cursos GROUP BY parent_id HAVING count(*) >= 2
  • 5 years ago by spirit
    > According to www.ntp.org in stanard Linux o.s. (adjtime(2) - http://www.ntp.org/ntpfaq/NTP-s-algo.htm#S-ALGO-BASIC) time adjusting has rate of 0.5ms per second
    
    That's the _maximum_ slew rate. The actual slew rate depends on a number f factors.
    
    > to slew time but because do you speak about "maximum" rate of 0.5 ms/sec. ?
    
    The maximum slew rate is 500ppm; this is the equivalent of half a millisecond per second or 43 seconds per day.
    
    > Does ntpd use always the same 0.5 as value or it's a variable parameter ?
    
    500ppm is the _maximum_ slew rate that most kernels can tolerate. The actual slew rate depends on a number of factors.
    
    > I'm confused because "Rob MacGregor" said about step method (128ms < offset < 1000s) :
    
    1000 seconds == the default panic threshold. ntpd will abort when it sees an offset greater than the panic threshold
    
    128ms == the default step/slew threshold. ntpd will slew offsets below this threhold and will step offsets above this threshold
    
    >Stepping: Time changes in large units, quickly With "Step" method (settimeofday), time is gradually changed with higher rate or time is changes immediately to correct time.
    
    step == reset the clock to the correct time in _one_ instantaneous step.
    
    A stepped clock can "move backwards".
    
    slew == adjust the clock by speeding it up or slowing it down. A slewed clock never "moves backwards"
    
    > example for use step method : my local clock is 5:00 pm and real time is 5:05 pm, Ntpd set immediately local clock to 5:05 pm or it corrects time gradually ?
    
    Slewing the clock to correct a 5 minute offset will take 6.97 days at the maximum 500ppm slew rate.
    
    5 minutes is greater than the default 128ms step/slew threshold. In this case ntpd will _step_ the clock.
  • 5 years ago by spirit
    alt + impr ecran r e i s u  b