posteets

 

  • Convert human readable sizes (K,M,G) to bytes in excel
    5 years ago by spirit
    SI(SIERREUR(TROUVE("K";F107); 0); GAUCHE(F107;TROUVE("K";F107)-1)*1024;SI(SIERREUR(TROUVE("M";F107); 0); GAUCHE(F107;TROUVE("M";F107)-1)*1024*1024;SI(SIERREUR(TROUVE("G";F107); 0); GAUCHE(F107;TROUVE("G";F107)-1)*1024*1024*1024;F107)))
    Embed | Raw source | 0
  • auditd useful commands 
    5 years ago by spirit
    1. #Adding/Modifying Rules
    3. #    Watch for files
    5. auditctl –w /etc/yum.conf -p wa  -k yum_watch
    6. auditctl –w /usr/bin/nmap -p x   -k nmap_watch
    7. auditctl –w /etc/shadow   -p rwa -k shadow_watch
    9. #    Remove a rule using auditctl
    11. auditctl -W /etc/shadow -p rwa -k shadow_watch
    13. #    Watching for ptrace system call
    15. auditctl -a entry,always -F arch=b64 -S ptrace -k info_scan
    17. #    Suppress 32bit clock_gettime & fstat64 system calls
    19. -a entry,never -F arch=b32 -S clock_gettime -k clock_gettime
    20. -a entry,never -F arch=b32 -S fstat64 -k fstat64
    22. #    Audit files opened by a specific user
    24. auditctl -a exit,always -S open -F auid=2010
    25. auditctl -a exit,always -F arch=b64 -F auid=2010  -F uid=2010 -F path=/etc/hosts -S open
    27. #    Audit unsuccessful attempts for multiple system calls where user id is greater than or equal to 500
    29. auditctl -a always,exit -F arch=b32 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EACCES -F auid>=500
    30. auditctl -a always,exit -F arch=b32 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EPERM -F auid>=500
    32. #Reporting/Searching
    34. #    List all rules
    36. auditctl -l
    38. #    List status
    40. auditctl -s
    42. #    Report on watched files. Date format is local to the server’s date format.
    44. aureport -f
    45. aureport -f –start 02/18/10 17:42:00
    46. aureport -f –start 02/18/10 17:00:00 –end 02/18/10 17:10:00
    47. aureport -f -ts this-week
    48. aureport -f -ts today
    50. #    Search by system call
    52. ausearch -sc ptrace -i
    54. #    Search for user id or effective user id
    56. ausearch -ui 2010
    57. ausearch -ue 2010
    59. #    Lists all auth attempts and their result
    61. aureport -au
    63. #    List just logins
    65. aureport -l
    67. #    List account modification attempts.
    69. aureport -m
    71. #    Search events where success value is no, User id is 500 and key is nmap_watch
    73. ausearch -sv no -ua 500 -k nmap_watch
    75. #    Search by executable
    77. ausearch -x /usr/bin/nmap
    79. #    Search by terminal
    81. ausearch -tm pts/0
    83. #    Search by daemon. Stuff like cron log terminal as the daemon name
    85. ausearch -tm cron
    Embed | Raw source | 0
  • Duplicate RPM installed packages from one machine to the other
    5 years ago by spirit
    1. ssh root@remote.host “rpm -qa” | xargs yum -y install
    Embed | Raw source | 0
  • Synchronize date and time with a server over ssh
    5 years ago by spirit and saved by 1 other
    1. dateset=“$(sshuser@server date)”
    Embed | Raw source | 0
  • Run complex remote shell cmd over ssh, without escaping quotes
    5 years ago by spirit
    shell, remote, ssh, command
    1. ssh host -l user $(<cmd.txt)
    Embed | Raw source | 0
  • Copy a MySQL Database to a new Server via ssh with one command
    5 years ago by spirit
    1. mysqldump –add-drop-table –extended-insert –force –log-error=error.log -uUSER -pPASS OLD_DB_NAME | ssh -C user@newhost “mysql -uUSER -pPASS NEW_DB_NAME”
    bash
    Embed | Raw source | 0
  • Get php SSL version and if activated under Ubuntu like / Debian
    5 years ago by xarkam
    1. echo ‘<?php phpinfo(); ?>’ | php 2>&1 |grep -i ssl
    Embed | Raw source | 0
  • query que obtiene filas repetidas
    5 years ago by macks
    1. SELECT parent_id FROM cursos GROUP BY parent_id HAVING count(*) >= 2
    Embed | Raw source | 0
  • ntpd clock slewing / stepping offsets
    5 years ago by spirit
    > According to www.ntp.org in stanard Linux o.s. (adjtime(2) - http://www.ntp.org/ntpfaq/NTP-s-algo.htm#S-ALGO-BASIC) time adjusting has rate of 0.5ms per second

That's the _maximum_ slew rate. The actual slew rate depends on a number f factors.

> to slew time but because do you speak about "maximum" rate of 0.5 ms/sec. ?

The maximum slew rate is 500ppm; this is the equivalent of half a millisecond per second or 43 seconds per day.

> Does ntpd use always the same 0.5 as value or it's a variable parameter ?

500ppm is the _maximum_ slew rate that most kernels can tolerate. The actual slew rate depends on a number of factors.

> I'm confused because "Rob MacGregor" said about step method (128ms < offset < 1000s) :

1000 seconds == the default panic threshold. ntpd will abort when it sees an offset greater than the panic threshold

128ms == the default step/slew threshold. ntpd will slew offsets below this threhold and will step offsets above this threshold

>Stepping: Time changes in large units, quickly With "Step" method (settimeofday), time is gradually changed with higher rate or time is changes immediately to correct time.

step == reset the clock to the correct time in _one_ instantaneous step.

A stepped clock can "move backwards".

slew == adjust the clock by speeding it up or slowing it down. A slewed clock never "moves backwards"

> example for use step method : my local clock is 5:00 pm and real time is 5:05 pm, Ntpd set immediately local clock to 5:05 pm or it corrects time gradually ?

Slewing the clock to correct a 5 minute offset will take 6.97 days at the maximum 500ppm slew rate.

5 minutes is greater than the default 128ms step/slew threshold. In this case ntpd will _step_ the clock.
    Embed | Raw source | 0
  • Reboot blocked Linux server
    5 years ago by spirit
    alt + impr ecran r e i s u  b
    Embed | Raw source | 0