16
Aug

sendmail log subject

   Posted by: admin   in Mẹo vặt của hiếu râu

LOCAL_CONFIG
Klog syslog
HSubject: $>+CheckSubject
LOCAL_RULESETS
SCheckSubject
R$*{TAB}$: $(log Subject: $1 $) $1

6
Jul

apache mod_security

   Posted by: admin   in Mẹo vặt của hiếu râu

SecRule SCRIPT_BASENAME “\.php$” “id:999,chain,deny,msg:’%{TIME_YEAR}/%{TIME_MON}/%{TIME_DAY} %{TIME_HOUR}:%{TIME_MIN}:%{TIME_SEC} %{SCRIPT_FILENAME} %{REQUEST_BODY} BLOCKIP= %{REMOTE_ADDR} ‘”

SecRule SCRIPT_UID “^48$” log

SecRule REQUEST_FILENAME “^/phpadmin/” “id:990,noauditlog,allow”

SecRule ARGS “@containsWord select” “id:998,log,pass,t:lowercase”

SecRule ARGS “@containsWord union” “id:997,log,pass,t:lowercase”

SecRule ARGS “@containsWord outfile” “id:996,log,pass,t:lowercase”

SecRule ARGS “@containsWord load_file” “id:995,log,pass,t:lowercase”

#SecRule REQUEST_HEADERS:User-Agent “MJ12bot”    ”id:972,deny,log”

#SecRule REQUEST_HEADERS:User-Agent “bingbot”    ”id:973,deny,log”

SecRule ARGS “login” “id:980,pass,msg:’%{TIME_YEAR}/%{TIME_MON}/%{TIME_DAY} %{TIME_HOUR}:%{TIME_MIN}:%{TIME_SEC} %{SCRIPT_FILENAME} %{REQUEST_BODY} LOGINIP= %{REMOTE_ADDR} ‘”

[modsec-php48]

enabled  = true

filter   = modsec-php48

action   = iptables-multiport[name=modsecPHP48, port="80,443", protocol=tcp]

modsec-php48-whois[name="ModSecBackdoor", dest="xxx@yahoo.com", sender=xxx@vixxxave.vn, sendername="Fail2Ban"]

logpath  = /var/log/httpd/modsec_audit.log

maxretry = 1

findtime = 3600

bantime  = 864000

vi modsec-php48.conf
[INCLUDES]
# Read common prefixes. If any customizations available — read them from
# common.local
before = common.conf
[Definition]
failregex = BLOCKIP= <HOST> “\]
ignoreregex =
vi whois-modsec-php48
actionban = printf %%b “Subject: [Fail2Ban] <name>: banned <ip> from `uname -n`
Date: `LC_TIME=C date -u +”%%a, %%d %%h %%Y %%T +0000″`
From: <sendername> <<sender>>
To: <dest>\n
Hi,\n
The IP <ip> has just been banned by Fail2Ban after
<failures> attempts against <name>.\n\n
Here is more information about <ip>:\n
`tail -n 1000 /var/log/httpd/modsec_audit.log | grep <ip> | grep BLOCKIP`\n
`/usr/bin/whois <ip> || echo missing whois program`\n
Regards,\n
Fail2Ban” | /usr/sbin/sendmail -f <sender> <dest>
8
Jun

apache renew SSL Cert

   Posted by: admin   in Mẹo vặt của hiếu râu

grep SSLCertificate /etc/httpd/conf.d/ssl.conf
openssl req -new -days 3650 -x509 -nodes -newkey rsa:2048 \
-out /etc/pki/tls/certs/server.crt -keyout /etc/pki/tls/private/server.key
chmod 600 /etc/pki/tls/certs/server.crt
chmod 600 /etc/pki/tls/private/server.key
19
May

sendmail authid counter

   Posted by: admin   in Mẹo vặt của hiếu râu

cat /var/log/maillog-20170514 | grep authid | cut -d ‘=’ -f 4 | sort | uniq -c | sort -nr

17
Mar

mysql clustering

   Posted by: admin   in Mẹo vặt của hiếu râu

wget http://dev.mysql.com/get/Downloads/MySQL-Cluster-7.3/MySQL-Cluster-gpl-7.3.5-1.el6.x86_64.rpm-bundle.tar

tar -xvf MySQL-Cluster-gpl-7.3.5-1.el6.x86_64.rpm-bundle.tar

yum groupinstall 'Development Tools'
yum remove mysql-libs
yum install libaio-devel
rpm -Uhv MySQL-Cluster-server-gpl-7.3.5-1.el6.x86_64.rpm
vi config.ini
#####################################
[NDBD DEFAULT]
NoOfReplicas=1
DataDir= /opt/mysql-cluster

[MYSQLD DEFAULT]

[NDB_MGMD DEFAULT]

[TCP DEFAULT]

# Section for the cluster management node
[NDB_MGMD]
# IP address of the management node (this system)
HostName=10.10.255.175

# Section for the storage nodes
[NDBD]
# IP address of the first storage node
HostName=10.10.255.176

[NDBD]
# IP address of the second storage node
HostName=10.10.255.177

# one [MYSQLD] per storage node
[MYSQLD]
HostName=10.10.255.176

[MYSQLD]
HostName=10.10.255.177
~
################################################
ndb_mgmd -f /opt/mysql-cluster/config.ini
ndb_mgm
>show
>shutdown
datanote
vi /etc/my.cnf
[mysqld]
ndbcluster
# IP address of the cluster management node
ndb-connectstring=10.10.255.175:1186
default-storage-engine=ndbcluster
[mysql_cluster]
# IP address of the cluster management node
ndb-connectstring=10.10.255.175:1186
/etc/init.d/mysql start
cat /root/.mysql_secret
ndbd –initial
http://skillachie.com/2014/06/30/mysql-cluster-getting-started-redhatcentos-6/
https://www.howtoforge.com/loadbalanced_mysql_cluster_debian
3
Feb

KDE mouse buttons script

   Posted by: admin   in Mẹo vặt của hiếu râu

bash-4.3$ cat .xbindkeysrc

“qdbus org.kde.screensaver /ScreenSaver org.freedesktop.ScreenSaver.Lock”

b:9

“xte ‘keydown Escape’ ‘keyup Escape’”

b:8

bash-4.3$

6
Dec

httpd conf exclude subdir

   Posted by: admin   in Mẹo vặt của hiếu râu

AuthType Basic
AuthName "Auth Required"
AuthUserFile /path/to/.htpasswd
Require valid-user

Now adding the following below this will allow you to exclude directories and files

# Allow access to excluded diretories
SetEnvIf Request_URI "path/to/excluded/directory/" allow
SetEnvIf Request_URI "path/to/excluded/file"  allow
Order allow,deny
Allow from env=allow
Satisfy any
22
Nov

tcpdump

   Posted by: admin   in Mẹo vặt của hiếu râu

tcpdump -i eth0 -nnn -w pcap-%Y-%m-%d-%H-%M-%S.pcap -G 60

-C MB , -W num files, -G second

incomming TCP syn group by port

tcpdump -tttt -nn -r pcap-2016-11-22_10:42:32.pcap ‘tcp and dst 127.0.0.1 and tcp[13]=2′ | cut -f 6 -d ‘ ‘ | cut -f 5 -d ‘.’ | sort | uniq -c

incoming http syn group by source ip

tcpdump -tttt -nn -r pcap-2016-11-22_10:43:32.pcap ‘tcp and dst 127.0.0.1 and tcp[13]=2 and port 80′ | cut -f 4 -d ‘ ‘ | cut -f 1-4 -d ‘.’ | sort | uniq -c | sort -nr

Fin = 1

Syn = 2

Rst = 4

Psh = 8

Ack = 16

Ugent = 32

19
Oct

GSM modem linux

   Posted by: admin   in Mẹo vặt của hiếu râu

#dmesg

usb 2-2.1: new full speed USB device number 6 using uhci_hcd

usb 2-2.1: New USB device found, idVendor=067b, idProduct=2303

usb 2-2.1: New USB device strings: Mfr=1, Product=2, SerialNumber=0

usb 2-2.1: Product: USB-Serial Controller

usb 2-2.1: Manufacturer: Prolific Technology Inc.

usb 2-2.1: configuration #1 chosen from 1 choice

pl2303 2-2.1:1.0: pl2303 converter detected

usb 2-2.1: pl2303 converter now attached to ttyUSB0

#stty -F /dev/ttyUSB0
speed 115200 baud; line = 0;
min = 1; time = 5;
ignbrk -brkint -icrnl -imaxbel
-opost -onlcr
-isig -icanon -iexten -echo -echoe -echok -echoctl -echoke
# stty -F /dev/ttyUSB0 115200
# setserial -a /dev/ttyUSB0
18
Sep

freeradius - OTP

   Posted by: admin   in Mẹo vặt của hiếu râu

# vi /var/www/html/OTP/pam.php

<?php

echo “:-(”;    // :-)

file_put_contents(’/tmp/pam.txt’,date(’Y-m-d D H:i:s ‘).json_encode($_GET).”\n”,FILE_APPEND);

?>

#yum install freeradius freeradius-utils freeradius-perl
#radius -X
#radtest  hieu 2234 127.0.0.1 123 testing123
    Create a new file ‘/etc/freeradius/sites-available/linotp’ with the following content:

    authorize {
    
    #normalizes maleformed client request before handed on to other modules (see '/etc/freeradius/modules/preprocess')
            preprocess
    
            #  If you are using multiple kinds of realms, you probably
            #  want to set "ignore_null = yes" for all of them.
            #  Otherwise, when the first style of realm doesn't match,
            #  the other styles won't be checked.
    
    #allows a list of realm (see '/etc/freeradius/modules/realm')
            IPASS
    
    #understands something like USER@REALM and can tell the components apart (see '/etc/freeradius/modules/realm')
            suffix
    
    #understands USER\REALM and can tell the components apart (see '/etc/freeradius/modules/realm')
            ntdomain
    
            #  Read the 'users' file to learn about special configuration which should be applied for
            # certain users (see '/etc/freeradius/modules/files')
            files
    
            # allows to let authentification to expire (see '/etc/freeradius/modules/expiration')
            expiration
    
            # allows to define valid service-times (see '/etc/freeradius/modules/logintime')
            logintime
    
            # We got no radius_shortname_map!
            pap
    }
    
    #here the linotp perl module is called for further processing
    authenticate {
            perl
    }
  • and activate the configuration by softlinking it in to ‘/etc/freeradius/sites-enabled’
  • ln -s ../sites-available/linotp /etc/freeradius/sites-enabled'
#less example.pl
#
# If you are using DBI and do some queries to DB, please be sure to
# use the CLONE function to initialize the DBI connection to DB.
#
use strict;
use LWP;
# use …
# This is very important ! Without this script will not get the filled hashesh from main.
use vars qw(%RAD_REQUEST %RAD_REPLY %RAD_CHECK);
use Data::Dumper;
# This is hash wich hold original request from radius
#my %RAD_REQUEST;
# In this hash you add values that will be returned to NAS.
#my %RAD_REPLY;
#This is for check items
#my %RAD_CHECK;
sub authenticate {
# For debugging purposes only
#       &log_request_attributes;
my $ua = LWP::UserAgent->new();
my $req = HTTP::Request->new(GET =>  ”http://localhost/OTP/pam.php?user=” .
$RAD_REQUEST{’User-Name’} . “&pass=” .
$RAD_REQUEST{’User-Password’} . “&client=” . $RAD_REQUEST{’NAS-IP-Address’} );
my $response = $ua->request( $req );
die “Error at $URL\n “, $response->status_line, “\n Aborting”
unless $response->is_success;
if($response->content =~ m/:\-\)/i) {
return RLM_MODULE_OK;
} else {
$RAD_REPLY{’Reply-Message’} = “Wrong OTP - access denied !”;
return RLM_MODULE_REJECT;
}
}