Tips for linux

linux tar command and all its options to take backup

Make a backup of /home and /var/spool/mail dirs:

# tar -zcvpf /root/move/home.tar.gz /home
# tar -zcvpf /root/move/mail.tar.gz /var/spool/mail

extract home.tar.gz to new server /home

# cd /
# tar -zxvf /path/to/location/home.tar.gz

Be the first to comment - What do you think? Posted by ZACH - September 7, 2011 at 7:57 pm

Categories: Tips for linux Tags: linux extract tar, linux tar command, tar command in linux, tar linux command

netstat commad with all variant outputs

Netstat command and shell pipe feature can be used to dig out more information about particular IP address connection. You can find out total established connections, closing connection, SYN and FIN bits and much more. You can also display summary statistics for each protocol using netstat.

This is useful to find out if your server is under attack or not. You can also list abusive IP address using this method.
# netstat -nat | awk ‘{print $6}’ | sort | uniq -c | sort -n
Output:

1 CLOSE_WAIT
1 established)
1 Foreign
3 FIN_WAIT1
3 LAST_ACK
13 ESTABLISHED
17 LISTEN
154 FIN_WAIT2
327 TIME_WAIT

Dig out more information about a specific ip address:
# netstat -nat |grep {IP-address} | awk ‘{print $6}’ | sort | uniq -c | sort -n

2 LAST_ACK
2 LISTEN
4 FIN_WAIT1
14 ESTABLISHED
91 TIME_WAIT
130 FIN_WAIT2

Busy server can give out more information:
# netstat -nat |grep 202.54.1.10 | awk ‘{print $6}’ | sort | uniq -c | sort -n
Output:

15 CLOSE_WAIT
37 LAST_ACK
64 FIN_WAIT_1
65 FIN_WAIT_2
1251 TIME_WAIT
3597 SYN_SENT
5124 ESTABLISHED

Get List Of All Unique IP Address

To print list of all unique IP address connected to server, enter:
# netstat -nat | awk ‘{ print $5}’ | cut -d: -f1 | sed -e ‘/^$/d’ | uniq
To print total of all unique IP address, enter:
# netstat -nat | awk ‘{ print $5}’ | cut -d: -f1 | sed -e ‘/^$/d’ | uniq | wc -l
Output:

449

Find Out If Box is Under DoS Attack or Not

If you think your Linux box is under attack, print out a list of open connections on your box and sorts them by according to IP address, enter:
# netstat -atun | awk ‘{print $5}’ | cut -d: -f1 | sed -e ‘/^$/d’ |sort | uniq -c | sort -n
Output:

1 10.0.77.52
2 10.1.11.3
4 12.109.42.21
6 12.191.136.3
…..
…
….
13 202.155.209.202
18 208.67.222.222
28 0.0.0.0
233 127.0.0.1

You can simply block all abusive IPs using iptables or just null route them.

netstat command to find open ports

# netstat –listen

How to find out what application is using your port

#netstat -nlp

Netstat command to display apache conections per IP

#netstat -anp |grep ‘tcp\|udp’ | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n

Be the first to comment - What do you think? Posted by ZACH - August 22, 2011 at 7:52 pm

Categories: Tips for linux Tags: linux netstat command, linux netstat open ports

Block Fork Bomb Attack by limiting User Process

The Fork Bomb is a form of denial of service attack against a computer system that implements the fork operation, or equivalent functionality whereby a running process can create another running process.

Preventing Fork Bomb by limiting user process in that way can recovery red hat.

* This can be made possible by adding UserName/GroupName to /etc/security/limits.conf
* An Example is :
user hard nproc 300
@group hard nproc 200

* The user above can only have 300 processes and the group limit on group is set to 200

Be the first to comment - What do you think? Posted by ZACH - July 6, 2011 at 6:35 pm

Categories: Tips for linux Tags: denial of service attack, fork bomb

Command list network open ports your server

How do you list the network open ports on your server and the process that owns them

#lsof -i
#netstat -lptu

You must run the above command as root.

Be the first to comment - What do you think? Posted by ZACH - at 6:26 pm

Categories: Tips for linux Tags: list open ports

Advanced ping utility – sing tool

The main purpose is to replace the niceful ping command with certain enhancenments as the ability to send/read IP spoofed packets, send MAC spoofed packets, send in addition to the ECHO REQUEST type sent by default, many other ICMP types as Echo Reply, Address Mask Request, Timestamp, Information Request,Router Solicitation and Router Advertisement.

Install sing free ping tool

Type the following command at a shell prompt:
#apt-get install sing

#yum insall sing

Some example

To send broadcast ICMP echo request messages

#sing -echo 10.10.1.255

Usual ping command

# sing 192.168.1.100

Using Record Route IP Option to see the route that takes to host.example.com

# sing -R host.example.com

See if host.example.com is running which linux

# sing -mask -O host.example.com

To send ICMP timestamp request messages

# sing -tstamp 10.10.2.5

Send ICMP address mask request messages (used to find out a host network mask)

# sing -mask 10.10.2.5

Be the first to comment - What do you think? Posted by ZACH - at 6:07 pm

Categories: Tips for linux Tags: free ping tool, ping utility

Page 1 of 9
1
2
3
4
5
6
7
8
9
>