for user in $(cut -f1 -d: /etc/passwd); do crontab -u $user -l; doneCategory: Scripts
Drop Sync/DDOS Attack
1. Find.. to which IP address in the server is targeted by the ddos attack
netstat -plan | grep :80 | awk ‘{print $4}’ | cut -d: -f1 |sort |uniq -c
2. Find… from which IPs, the attack is coming
netstat -plan | grep :80 | awk ‘{print $5}’ | cut -d: -f1 |sort |uniq -c
In csf:
vi /etc/csf/csf.conf
SYNFLOOD is disabled by default. If you are not receiving any sort of attack, there is no need to enable it. If you are expecting an attack, enable it and set the rules a bit strict, like
SYNFLOOD_RATE = “5/s”
SYNFLOOD_BURST = “3”
my eg:
SYNFLOOD = “1”
SYNFLOOD_RATE = “30/s”
SYNFLOOD_BURST = “10”
SYNFLOOD
SYNFLOOD is disabled by default. If you are not receiving any sort of attack, there is no need to enable it. If you are expecting an attack, enable it and set the rules a bit strict, like
SYNFLOOD = “1”
SYNFLOOD_RATE = “30/s”
SYNFLOOD_BURST = “10”
i.e. if 30 connections are received from an IP/sec for 10 times, block it. Make sure don’t keep it too strict if you are not receiving an attack else it will generate false positives and will block legit connections.
PORTFLOOD
PORTFLOOD = 80;tcp;100;5,22;tcp;5;300
ie, If an IP makes 100 connections in 5 sec to port 80 (tcp), then it will be blocked from the server and if 5 connections in 300 sec to 22 port.
In /etc/sysctl.conf
Paste the following into the file, you can overwrite the current information.
#Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.
# Disables packet forwarding
net.ipv4.ip_forward=0
# Disables IP source routing
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.eth0.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
# Enable IP spoofing protection, turn on source route verification
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.eth0.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
# Disable ICMP Redirect Acceptance
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
# Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.all.log_martians = 0
net.ipv4.conf.lo.log_martians = 0
net.ipv4.conf.eth0.log_martians = 0
# Disables IP source routing
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.eth0.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
# Enable IP spoofing protection, turn on source route verification
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.eth0.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
# Disable ICMP Redirect Acceptance
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
# Disables the magic-sysrq key
kernel.sysrq = 0
# Decrease the time default value for tcp_fin_timeout connection
net.ipv4.tcp_fin_timeout = 15
# Decrease the time default value for tcp_keepalive_time connection
net.ipv4.tcp_keepalive_time = 1800
# Turn off the tcp_window_scaling
net.ipv4.tcp_window_scaling = 0
# Turn off the tcp_sack
net.ipv4.tcp_sack = 0
# Turn off the tcp_timestamps
net.ipv4.tcp_timestamps = 0
# Enable TCP SYN Cookie Protection
net.ipv4.tcp_syncookies = 1
# Enable ignoring broadcasts request
net.ipv4.icmp_echo_ignore_broadcasts = 1
# Enable bad error message Protection
net.ipv4.icmp_ignore_bogus_error_responses = 1
# Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.all.log_martians = 1
# Increases the size of the socket queue (effectively, q0).
net.ipv4.tcp_max_syn_backlog = 1024
# Increase the tcp-time-wait buckets pool size
net.ipv4.tcp_max_tw_buckets = 1440000
# Allowed local port range
net.ipv4.ip_local_port_range = 16384 65536
Run /sbin/sysctl -p and sysctl -w net.ipv4.route.flush=1 to enable the changes without a reboot.
TCP Syncookies
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
Some IPTABLES Rules:
iptables -A INPUT -p tcp –syn -m limit –limit 1/s –limit-burst 3 -j RETURN
iptables -A INPUT -p tcp –syn -m state –state ESTABLISHED,RELATED –dport 80 -m limit –limit 1/s –limit-burst 2 -j ACCEPT
Script for replacing a string in multiple files
for y in `ls | grep .html`;
do sed “s/abc/xyz/g” $y > temp; mv -f temp $y;
done
Hiding redirect url
Create an index.html file :
<frameset rows=”100%”>
<frame src=”https://linuxstuffs.wordpress.com/”>
</frameset>
<noframes>
<body>Please follow <a href=”https://linuxstuffs.wordpress.com/”>link</a>!</body>
</noframes>
Script used to transfer account from cpanel server
#!/bin/bash
ls -1 /var/cpanel/users > /root/user_list
PORT="22"
ssh-keygen -t dsa
KEY=`cat /root/.ssh/id_dsa.pub`
ssh $1 -p$PORT "mkdir -p /root/.ssh;echo ${KEY} >> /root/.ssh/authorized_keys" 2>&1
scp /var/cpanel/packages/* $1:/var/cpanel/packages/
for user in $(cat /root/user_list);do /scripts/pkgacct $user;done
scp /home/user_list $1:/home
scp /home/cpmove* $1:/home
Script used to correct permission of files after suphp
#!/bin/bash
# For some stupid reason, cPanel screws up the directory permissions.
chmod 755 /opt/suphp
find /opt/suphp -type d -exec chmod 755 {} \;
# Ensure that the permissions are sane and won’t cause a 500 error.
for user in `/bin/ls /var/cpanel/users`; do
chown -R ${user}:${user} /home/${user}/public_html
chmod 755 /home/${user}/public_html
find /home/${user}/public_html -name “*.php” -exec chmod 644 {} \;
find /home/${user}/public_html -type d -exec chmod 755 {} \;
# Comment out Joomla-installed PHP overrides that are not compatible with suPHP.
find /home/${user}/public_html -name ‘.htaccess’ -exec sed -i -e ‘s/php_value/#php_value/’ {} \;
find /home/${user}/public_html -name ‘.htaccess’ -exec sed -i -e ‘s/php_flag/#php_flag/’ {} \;
done
# Delete former session variables due to suPHP no longer having permission to them.
rm -rf /tmp/sess_*
Script used to find vulnerable php files
#!/bin/bash
shellpattern=’r0nin|m0rtix|upl0ad|r57|c99|shellbot|phpshell|void\.ru|phpremoteview|directmail|bash_history|vulnscan|spymeta|raslan58′
for user in `/bin/ls /var/cpanel/users`
do
find /home/$user/public_html \( -name ‘*.php’ -o -name ‘*.cgi’ -o -name ‘*.inc’ \) -exec \
egrep -il “$shellpattern” {} \;
done
Stats not working in Plesk
Create the following cron:
————————————————————————————————
9,24,39,54 * * * * /usr/local/psa/admin/sbin/backupmng >/dev/null 2>&1
10 1 * * * /usr/local/psa/admin/sbin/statistics >/dev/null 2>&1
10 1 * * * /usr/local/psa/admin/sbin/statistics –calculate-one –domain-name=xxx.com
————————————————————————————————
and run the script for checking :
/usr/local/psa/admin/sbin/statistics –calculate-one –domain-name=xxx.com
where xxx.com is your domainname.com
Red5 installation
cd /root
vi red5install
copy paste the below script
echo " " echo "Hello ,Please choose the RED5 version : (1,2,3 or 4)" echo " " echo "1. RED5 0.7.0" echo "2. RED5 0.6.3" echo "3. RED5 0.5 " echo " Press Any other key to install 1. RED5 0.7.0" read ver cd /usr/src echo "" echo "" echo "Downloading and installing jpackage utils rpm......." echo "" echo "" wget -c --tries=inf http://mirrors.dotsrc.org/jpackage/1.7/generic/free/RPMS/jpackage-utils-1.7.5-1jpp.noarch.rpm rpm -Uvh jpackage-utils-1.7.5-1jpp.noarch.rpm echo "" echo "" echo "Downloading and installing JDK 1.6 update 5 ..........." echo "" echo "" wget -c --tries=inf http://69.72.132.53/jdk-6u5-linux-i586.rpm rpm -Uvh jdk-6u5-linux-i586.rpm echo "" echo "" echo "Downloading and installing Apache Ant 1.7 ..........." echo "" echo "" wget -c --tries=inf http://archive.apache.org/dist/ant/binaries/apache-ant-1.7.0-bin.tar.gz tar -xzvf apache-ant-1.7.0-bin.tar.gz mv apache-ant-1.7.0 /usr/local/ant echo "" echo "" echo "Exporting Paths and Variables for Ant ..........." echo "" echo "" echo 'export PATH=$PATH:/usr/local/ant/bin'>>/etc/profile echo 'export ANT_HOME=/usr/local/ant'>>/etc/profile export PATH=$PATH:/usr/local/ant/bin export ANT_HOME=/usr/local/ant echo "" echo "" echo "Downloading and installing RED 5 ..........." echo "" echo "" case $ver in 2) wget -c --tries=inf http://dl.fancycode.com/red5/0.6.3/src/red5-0.6.3.tar.gz tar -xzvf red5-0.6.3.tar.gz mv red5-0.6.3 /usr/local/red;; 3) wget -c --tries=inf http://dl.fancycode.com/red5/red5-0.5.tar.gz tar -xzvf red5-0.5.tar.gz mv red5-0.5 /usr/local/red;; 1|*) wget -c --tries=inf http://red5.nl/installer/red5-0.7.0.tar.gz mkdir red5 mv red5-0.7.0.tar.gz red5/ cd red5 tar -xzvf red5-0.7.0.tar.gz rm -rf red5-0.7.0.tar.gz cd .. mv red5 /usr/local/red;; esac wget -c --tries=inf http://linuxstuffs.net/red5 mv red5 /etc/init.d/ chmod 755 /etc/init.d/red5 cd /usr/local/red chmod 755 red5.sh ant -v ./red5.sh
chmod 755 red5install
./red5install
Its done !!!
—————————————————————————————————–
if http://linuxstuffs.net/red5 doesn’t work, please use the following method.
cd /etc/init.d/
touch red5
chmod 755 red5
vi red5
----------------------------------------------------------
RED5_DIR=/opt/red5
test -x $RED5_DIR/red5.sh || exit 5
case "$1" in
start)
echo -n "Starting Red5 Service"
echo -n " "
cd $RED5_DIR
su -s /bin/bash -c "$RED5_DIR/red5.sh &" red5
sleep 2
;;
stop)
echo -n "Shutting down red5"
echo -n " "
su -s /bin/bash -c "killall -q -u red5 java" red5
sleep 2
;;
restart)
$0 stop
$0 start
;;
esac
----------------------------------------------------------
Then you can simply start, stop, and restart red5 from that script by typing:
/etc/init.d/red5 start
/etc/init.d/red5 stop
/etc/init.d/red5 restart
Run CGI scripts anywhere in the server + Plesk
Server wide :
cd /etc/httpd/conf/
cp -p httpd.conf httpd.conf.bak
vi httpd.conf
uncomment AddHandler cgi-script .cgi
service httpd restart
or
1. create an .htaccess file in your cgi-bin directory, that file should have the following
AddType text/x-server-parsed-html .html
AddType application/x-httpd-cgi .cgi .pl
Make sure you upload it in ASCII format, not binary.
2 set the permissions on your scripts correctly.. usually to 755
ServerAdminz Linux Blog 