-
SI(SIERREUR(TROUVE("K";F107); 0); GAUCHE(F107;TROUVE("K";F107)-1)*1024;SI(SIERREUR(TROUVE("M";F107); 0); GAUCHE(F107;TROUVE("M";F107)-1)*1024*1024;SI(SIERREUR(TROUVE("G";F107); 0); GAUCHE(F107;TROUVE("G";F107)-1)*1024*1024*1024;F107)))
-
-
#Adding/Modifying Rules
-
# Watch for files
-
auditctl –w /etc/yum.conf -p wa -k yum_watch
-
auditctl –w /usr/bin/nmap -p x -k nmap_watch
-
auditctl –w /etc/shadow -p rwa -k shadow_watch
-
# Remove a rule using auditctl
-
auditctl -W /etc/shadow -p rwa -k shadow_watch
-
# Watching for ptrace system call
-
auditctl -a entry,always -F arch=b64 -S ptrace -k info_scan
-
# Suppress 32bit clock_gettime & fstat64 system calls
-
-a entry,never -F arch=b32 -S clock_gettime -k clock_gettime
-
-a entry,never -F arch=b32 -S fstat64 -k fstat64
-
# Audit files opened by a specific user
-
auditctl -a exit,always -S open -F auid=2010
-
auditctl -a exit,always -F arch=b64 -F auid=2010 -F uid=2010 -F path=/etc/hosts -S open
-
# Audit unsuccessful attempts for multiple system calls where user id is greater than or equal to 500
-
auditctl -a always,exit -F arch=b32 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EACCES -F auid>=500
-
auditctl -a always,exit -F arch=b32 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EPERM -F auid>=500
-
#Reporting/Searching
-
# List all rules
-
auditctl -l
-
# List status
-
auditctl -s
-
# Report on watched files. Date format is local to the server’s date format.
-
aureport -f
-
aureport -f –start 02/18/10 17:42:00
-
aureport -f –start 02/18/10 17:00:00 –end 02/18/10 17:10:00
-
aureport -f -ts this-week
-
aureport -f -ts today
-
# Search by system call
-
ausearch -sc ptrace -i
-
# Search for user id or effective user id
-
ausearch -ui 2010
-
ausearch -ue 2010
-
# Lists all auth attempts and their result
-
aureport -au
-
# List just logins
-
aureport -l
-
# List account modification attempts.
-
aureport -m
-
# Search events where success value is no, User id is 500 and key is nmap_watch
-
ausearch -sv no -ua 500 -k nmap_watch
-
# Search by executable
-
ausearch -x /usr/bin/nmap
-
# Search by terminal
-
ausearch -tm pts/0
-
# Search by daemon. Stuff like cron log terminal as the daemon name
-
ausearch -tm cron
-
-
-
-
date –set=“$(sshuser@server date)”
-
-
shell, remote, ssh, command
-
ssh host -l user $(<cmd.txt)
-
-
-
mysqldump –add-drop-table –extended-insert –force –log-error=error.log -uUSER -pPASS OLD_DB_NAME | ssh -C user@newhost “mysql -uUSER -pPASS NEW_DB_NAME”
-
-
-
echo ‘<?php phpinfo(); ?>’ | php 2>&1 |grep -i ssl
-
-
-
SELECT parent_id FROM cursos GROUP BY parent_id HAVING count(*) >= 2
-
-
> According to www.ntp.org in stanard Linux o.s. (adjtime(2) - http://www.ntp.org/ntpfaq/NTP-s-algo.htm#S-ALGO-BASIC) time adjusting has rate of 0.5ms per second That's the _maximum_ slew rate. The actual slew rate depends on a number f factors. > to slew time but because do you speak about "maximum" rate of 0.5 ms/sec. ? The maximum slew rate is 500ppm; this is the equivalent of half a millisecond per second or 43 seconds per day. > Does ntpd use always the same 0.5 as value or it's a variable parameter ? 500ppm is the _maximum_ slew rate that most kernels can tolerate. The actual slew rate depends on a number of factors. > I'm confused because "Rob MacGregor" said about step method (128ms < offset < 1000s) : 1000 seconds == the default panic threshold. ntpd will abort when it sees an offset greater than the panic threshold 128ms == the default step/slew threshold. ntpd will slew offsets below this threhold and will step offsets above this threshold >Stepping: Time changes in large units, quickly With "Step" method (settimeofday), time is gradually changed with higher rate or time is changes immediately to correct time. step == reset the clock to the correct time in _one_ instantaneous step. A stepped clock can "move backwards". slew == adjust the clock by speeding it up or slowing it down. A slewed clock never "moves backwards" > example for use step method : my local clock is 5:00 pm and real time is 5:05 pm, Ntpd set immediately local clock to 5:05 pm or it corrects time gradually ? Slewing the clock to correct a 5 minute offset will take 6.97 days at the maximum 500ppm slew rate. 5 minutes is greater than the default 128ms step/slew threshold. In this case ntpd will _step_ the clock.
-
alt + impr ecran r e i s u b