spirit  [ Profile ]

Sort by: Date / Title /

  1. 3 years ago
    Dots denote echo request without echo reply. The more points you have the more the connection is unreliable
    ping –f –i 0.0001 –s 10000 192.168.0.1
    Paste this in your website: <script type="text/javascript" src="http://www.posteet.com/embed/2173"></script>
  2. 3 years ago
    SI(SIERREUR(TROUVE("K";F107); 0); GAUCHE(F107;TROUVE("K";F107)-1)*1024;SI(SIERREUR(TROUVE("M";F107); 0); GAUCHE(F107;TROUVE("M";F107)-1)*1024*1024;SI(SIERREUR(TROUVE("G";F107); 0); GAUCHE(F107;TROUVE("G";F107)-1)*1024*1024*1024;F107)))
    Paste this in your website: <script type="text/javascript" src="http://www.posteet.com/embed/2172"></script>
  3. 4 years ago
    1. #Adding/Modifying Rules
    2.  
    3. #    Watch for files
    4.  
    5. auditctl -w /etc/yum.conf -p wa  -k yum_watch
    6. auditctl -w /usr/bin/nmap -p x   -k nmap_watch
    7. auditctl -w /etc/shadow   -p rwa -k shadow_watch
    8.  
    9. #    Remove a rule using auditctl
    10.  
    11. auditctl -W /etc/shadow -p rwa -k shadow_watch
    12.  
    13. #    Watching for ptrace system call
    14.  
    15. auditctl -a entry,always -F arch=b64 -S ptrace -k info_scan
    16.  
    17. #    Suppress 32bit clock_gettime & fstat64 system calls
    18.  
    19. -a entry,never -F arch=b32 -S clock_gettime -k clock_gettime
    20. -a entry,never -F arch=b32 -S fstat64 -k fstat64
    21.  
    22. #    Audit files opened by a specific user
    23.  
    24. auditctl -a exit,always -S open -F auid=2010
    25. auditctl -a exit,always -F arch=b64 -F auid=2010  -F uid=2010 -F path=/etc/hosts -S open
    26.  
    27. #    Audit unsuccessful attempts for multiple system calls where user id is greater than or equal to 500
    28.  
    29. auditctl -a always,exit -F arch=b32 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EACCES -F auid>=500
    30. auditctl -a always,exit -F arch=b32 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EPERM -F auid>=500
    31.  
    32. #Reporting/Searching
    33.  
    34. #    List all rules
    35.  
    36. auditctl -l
    37.  
    38. #    List status
    39.  
    40. auditctl -s
    41.  
    42. #    Report on watched files. Date format is local to the server's date format.
    43.  
    44. aureport -f
    45. aureport -f --start 02/18/10 17:42:00
    46. aureport -f --start 02/18/10 17:00:00 --end 02/18/10 17:10:00
    47. aureport -f -ts this-week
    48. aureport -f -ts today
    49.  
    50. #    Search by system call
    51.  
    52. ausearch -sc ptrace -i
    53.  
    54. #    Search for user id or effective user id
    55.  
    56. ausearch -ui 2010
    57. ausearch -ue 2010
    58.  
    59. #    Lists all auth attempts and their result
    60.  
    61. aureport -au
    62.  
    63. #    List just logins
    64.  
    65. aureport -l
    66.  
    67. #    List account modification attempts.
    68.  
    69. aureport -m
    70.  
    71. #    Search events where success value is no, User id is 500 and key is nmap_watch
    72.  
    73. ausearch -sv no -ua 500 -k nmap_watch
    74.  
    75. #    Search by executable
    76.  
    77. ausearch -x /usr/bin/nmap
    78.  
    79. #    Search by terminal
    80.  
    81. ausearch -tm pts/0
    82.  
    83. #    Search by daemon. Stuff like cron log terminal as the daemon name
    84.  
    85. ausearch -tm cron
    Paste this in your website: <script type="text/javascript" src="http://www.posteet.com/embed/2171"></script>
  4. sponsorised links
  5. 4 years ago
    1. ssh root@remote.host "rpm -qa" | xargs yum -y install
    Paste this in your website: <script type="text/javascript" src="http://www.posteet.com/embed/2170"></script>
  6. 4 years ago and saved by 1 other
    1. dateset="$(sshuser@server date)"
    Paste this in your website: <script type="text/javascript" src="http://www.posteet.com/embed/2169"></script>
  7. 4 years ago
    shell, remote, ssh, command
    1. ssh host -l user $(<cmd.txt)
    Paste this in your website: <script type="text/javascript" src="http://www.posteet.com/embed/2168"></script>
  8. 4 years ago
    1. mysqldump –add-drop-table –extended-insert –force –log-error=error.log -uUSER -pPASS OLD_DB_NAME | ssh -C user@newhost "mysql -uUSER -pPASS NEW_DB_NAME"
    Paste this in your website: <script type="text/javascript" src="http://www.posteet.com/embed/2167"></script>
  9. 4 years ago
    > According to www.ntp.org in stanard Linux o.s. (adjtime(2) - http://www.ntp.org/ntpfaq/NTP-s-algo.htm#S-ALGO-BASIC) time adjusting has rate of 0.5ms per second
    
    That's the _maximum_ slew rate. The actual slew rate depends on a number f factors.
    
    > to slew time but because do you speak about "maximum" rate of 0.5 ms/sec. ?
    
    The maximum slew rate is 500ppm; this is the equivalent of half a millisecond per second or 43 seconds per day.
    
    > Does ntpd use always the same 0.5 as value or it's a variable parameter ?
    
    500ppm is the _maximum_ slew rate that most kernels can tolerate. The actual slew rate depends on a number of factors.
    
    > I'm confused because "Rob MacGregor" said about step method (128ms < offset < 1000s) :
    
    1000 seconds == the default panic threshold. ntpd will abort when it sees an offset greater than the panic threshold
    
    128ms == the default step/slew threshold. ntpd will slew offsets below this threhold and will step offsets above this threshold
    
    >Stepping: Time changes in large units, quickly With "Step" method (settimeofday), time is gradually changed with higher rate or time is changes immediately to correct time.
    
    step == reset the clock to the correct time in _one_ instantaneous step.
    
    A stepped clock can "move backwards".
    
    slew == adjust the clock by speeding it up or slowing it down. A slewed clock never "moves backwards"
    
    > example for use step method : my local clock is 5:00 pm and real time is 5:05 pm, Ntpd set immediately local clock to 5:05 pm or it corrects time gradually ?
    
    Slewing the clock to correct a 5 minute offset will take 6.97 days at the maximum 500ppm slew rate.
    
    5 minutes is greater than the default 128ms step/slew threshold. In this case ntpd will _step_ the clock.
    Paste this in your website: <script type="text/javascript" src="http://www.posteet.com/embed/2164"></script>
  10. 4 years ago
    alt + impr ecran r e i s u  b
    Paste this in your website: <script type="text/javascript" src="http://www.posteet.com/embed/2163"></script>
  11. 4 years ago
    iptraf
    jnettop
    iftop
    Paste this in your website: <script type="text/javascript" src="http://www.posteet.com/embed/2162"></script>

First / Previous / Next / Last / Page 1 of 22 (211 posteets)