2012 February

squid logrotate

/var/log/squid3/access.log {
daily
compress
delaycompress
rotate 45
missingok
nocreate
sharedscripts
dateext
compresscmd /bin/bzip2
compressext .bz2
postrotate
test ! -e /var/run/squid3.pid || /usr/sbin/squid3 -k rotate
#               /root/loguri.sh
endscript
}

/var/log/squid3/cache.log {
daily
compress
rotate 10
missingok
nocreate
dateext
compresscmd /bin/bzip2
compressext .bz2
sharedscripts
postrotate
test ! -e /var/run/squid3.pid || /usr/sbin/squid3 -k rotate
endscript
}

By WladyX on 29 February, 2012 | Uncategorized | 1 comment

Using Vim syntax highlighting on custom file types

/etc/vim/vimrc.local:

au BufNewFile,BufRead *.psql set filetype=sql

source

By WladyX on 24 February, 2012 | Uncategorized | A comment?

PSAD on Ubuntu

The first thing to do is install psad:

 

sudo apt-get install psad

Now edit the config file:

 

sudo nano /etc/psad/psad.conf

Change “ENABLE_SYSLOG_FILE Y;” to “ENABLE_SYSLOG_FILE N;”. We will not need psad to read our syslog.

Another setting to review right now depending on your environment is “EMAIL_ALERT_DANGER_LEVEL”.

Set the email at the top of the config file or leave the default, root. I have root’s mail set to forward to my real email address. To forward root (or any user’s) mail: place a file named “.forward” in their home folder. Inside the file enter the email address where the mail is to go.

Restart psad:

 

sudo /etc/init.d/psad restart

Next: configure iptables to log the non-legitimate packets. The logging rules need to go after the accept rules but before the drop. Confusing? It was for me.

For example, my default policy for INPUT and FORWARD is to DROP. After this my accept rules for specific ports are appended. Meaning our logging rules must go at the end of the file, before they are dropped because the packets were not accepted by any previous rules.

 

$IPT -A INPUT -j LOG --log-prefix "firewall1 "
$IPT -A FORWARD -j LOG --log-prefix "firewall1 "

The prefix is going to allow rsyslog to filter the messages. After applying the log rules it is possible to view the end of the syslog to see if logging is working.

 

sudo tail /var/log/syslog

The last step is for rsyslog to send the messages that contain “firewall1″ to psad’s pipe.

 

sudo nano /etc/rsyslog.d/50-default.conf

We are going to place our rules at the top of the file. That way we can stop “firewall1″ messages from making it to any other logs.

 

:msg, contains, "firewall1" |/var/lib/psad/psadfifo
:msg, contains, "firewall1" ~

Note: the ~ means to discard.

That’s it! Restart rsyslog:

 

sudo restart rsyslog

To view psad’s status:

 

sudo psad --Status

source
By WladyX on 20 February, 2012 | Security, Ubuntu | A comment?

Check bind version / hide bind version

dig @ducky.nz.freebsd.org version.bind chaos txt
source

options
{
query-source port 53;
query-source-v6 port 53;
listen-on { 174.ttt.xx.yy; };
directory “/var/named”; // the default
dump-file “data/cache_dump.db”;
statistics-file “data/named_stats.txt”;
memstatistics-file “data/named_mem_stats.txt”;
dnssec-enable yes;
recursion no;
allow-notify { 174.zzz.yy.zz; 172.xx.yy.zz; };
version “BIND”;
};

source

By WladyX on 16 February, 2012 | General | A comment?

Aix: Displaying the top 10 CPU / Memory consuming processes

Displaying the top 10 CPU-consuming processes

# ps aux | head -1; ps aux | sort -rn +2 | head -10

Displaying number of processors in the system

# lsdev -Cc processor

Displaying the top 10 CPU-consuming processes

# ps aux | head -1 ; ps aux | sort -rn +3 | head

Displaying the top 10 memory-consuming processes using SZ

# ps -ealf | head -1 ; ps -ealf | sort -rn +9 | head

Displaying the processes in order of being penalized

# ps -eakl | head -1 ; ps -eakl | sort -rn +5

Displaying the processes in order of priority

# ps -eakl | sort -n +6 | head

Displaying the processes in order of nice value

# ps -eakl | sort -n +7

Displaying the processes in order of time

# ps vx | head -1 ; ps vx | grep -v PID | sort -rn +3 | head -10

Displaying the processes in order of real memory use

# ps vx | head -1 ; ps vx | grep -v PID | sort -rn +6 | head -10

Displaying the processes in order of I/O

# ps vx | head -1 ; ps vx | grep -v PID | sort -rn +4 | head -10

Displaying WLM classes

# ps -a -o pid,user,class,pcpu,pmem,args

Determining the PID of wait processes

# ps vg | head -1 ; ps vg | grep -w wait

Wait processes bound to CPUs

# ps -mo THREAD -p 516,774,1032,1290

source

By WladyX on 15 February, 2012 | AIX | A comment?

deluge log

su - deluge
deluged -L debug -l /var/log/deluge.log

or using the init script

By WladyX on | Uncategorized | A comment?

Ubuntu server new install

Squid:
- cron sync acl
- logrotate.d for squid3

By WladyX on | Uncategorized | A comment?

davmail

contacts:

https://hostname:1080/users/email.address@domain.com/contacts/

or

https://hostname/users/email.address@domain.com/contacts/

with apache redirect

RedirectMatch (.*)$ http://hostname:1080/$1

By WladyX on | Uncategorized | A comment?

Ubuntu cron dot files problem

scripts containing . in their name do not run in /etc/cron*

By WladyX on 14 February, 2012 | Scripts, Ubuntu | A comment?

Squid clean logs

#!/bin/bash
find /var/log/squid3/ -type f -name cache.log* -mtime +7 -exec rm -rf {} \;
find /var/log/squid3/ -maxdepth 1 -type f -name access.log* -mtime +7 -exec mv {} /var/log/squid3/log_archive/ \;
find /var/log/squid3/log_archive -type f -mtime +365 -exec rm -rf {} \;

By WladyX on 10 February, 2012 | Uncategorized | A comment?
Older entries