04 Jun 2007 Shell script for search for no password entries and lock all accounts
Shell script for search for no password entries and lock all accounts
find-account-no-password.sh
#!/bin/bash # Shell script for search for no password entries and lock all accounts # ------------------------------------------------------------------------- # Copyright (c) 2005 nixCraft project# This script is licensed under GNU GPL version 2.0 or above # ------------------------------------------------------------------------- # This script is part of nixCraft shell script collection (NSSC) # Visit http://bash.cyberciti.biz/ for more information. # ------------------------------------------------------------------------- # Set your email ADMINEMAIL="admin@somewhere.com" ### Do not change anything below ### #LOG File LOG="/root/nopassword.lock.log" STATUS=0 TMPFILE="/tmp/null.mail.$$" echo "-------------------------------------------------------" >>$LOG echo "Host: $(hostname), Run date: $(date)" >> $LOG echo "-------------------------------------------------------" >>$LOG # get all user names USERS="$(cut -d: -f 1 /etc/passwd)" # display message echo "Searching for null password..." for u in $USERS do # find out if password is set or not (null password) passwd -S $u | grep -Ew "NP" >/dev/null if [ $? -eq 0 ]; then # if so echo "$u" >> $LOG passwd -l $u #lock account STATUS=1 #update status so that we can send an email fi done echo "========================================================" >>$LOG if [ $STATUS -eq 1 ]; then echo "Please see $LOG file and all account with no password are locked!" >$TMPFILE echo "-- $(basename $0) script" >>$TMPFILE mail -s "Account with no password found and locked" "$ADMINEMAIL" < $TMPFILE # rm -f $TMPFILE fi
Posted by Hans-Henry Jakobsen
24 May 2007 Tunneling ports with SSH
Using -L on the command line with SSh will bind a remote port to a local one. For instance, if you wanted to tunnel the port for a remote desktop (usually 5901) to a local machine, you would type the following
ssh -L 5901:localhost:5901 remote_ip
You could then access your remote desktop by connecting your VNC client to port 5901 on the local machine, and the data for the remote desktop would be tunneled through the SSH connection.
Posted by Hans-Henry Jakobsen
09 May 2007 Script to unmount Busy Devices
First the script tries to umount the drive normally. If that fails, it tries to restart famd which is the most common problem. If that fails it tries to restart xinetd. If that fails it uses the command fuser -ki
#!/bin/bash
if [ `whoami` != "root" ]; then
echo "You must run this as root"
exit
fi
# testing args
if [ $# -ne 1 ]; then
echo "usage : $0 "
exit
fi
dir=$1
# first try unmounting it without doing anything special
testumount=`umount $dir 2>&1`
if [ `echo $testumount | grep "not mounted" | wc -l` -gt 0 ]; then
echo "$1 isn't mounted, exiting"
exit
fi
if [ `echo $testumount | grep "not found" | wc -l` -gt 0 ]; then
echo "$1 does not exists, exiting"
exit
fi
if [ `echo $testumount | grep busy | wc -l` -gt 0 ]; then
echo "Having trouble, checking famd..."
else
echo "unmounted $dir without any trouble..."
exit
fi
# check famd
if [ `ps -e |grep famd|wc -l` -gt 0 ]; then
/etc/init.d/famd restart
# try unmounting again
if [ `umount $dir 2>&1 | wc -l` -gt 0 ]; then
echo "I tried restarting famd, but that didn't work. checking xinetd"
else
echo "Unmounted $dir by restarting famd"
exit
fi
else
echo "famd isn't running so it couldn't be that.."
fi
# check xinetd
if [ `ps -e | grep xinetd | wc -l` -gt 0 ]; then
/etc/init.d/xinetd stop
# try unmounting again
if [ `umount $dir 2>&1 | wc -l` -lt 1 ]; then
/etc/init.d/xinetd start
echo "Unmounted $1 by restarting xinetd"
exit
fi
/etc/init.d/xinetd start
echo "I tried stopping xinetd, but that didn't work."
else
echo "xinetd isn't running so it couldn't be that.."
fi
echo
echo "I'm going to list processes that are using the folder you are
trying to umount. Answer whether you'd like to kill them or not.
You should look up each process before you answer. use the
following command in a separate shell:"
echo
echo " ps -e | grep
"
echo
echo "where
is the number of the process."
echo
fuser -ki $dir
echo
if [ `echo $testumount | grep busy | wc -l` -gt 0 ]; then
echo "OK, this is the last resort. Do you want to umount the volume using "
echo "the -l option? According to the umount man page -l means:"
echo
echo " Lazy unmount. Detach the filesystem from the filesystem
hierarchy now, and cleanup all references to the filesystem as
soon as it is not busy anymore. (Requires kernel 2.4.11 or later.)"
echo
echo "Use -l option? (y\n)"
read yn
if [ $yn == "y" ]; then
umount -l $dir
else
echo "OK. Sorry I couldn't help"
fi
else
echo "You're all good :)"
fi
exit
Tags: bash, fuser, grep, mount, wc, xinetd
Posted by Hans-Henry Jakobsen
08 May 2007 SSH Dictionary Attack Prevention with iptables
It is ideal to slow down the SSH dictionary attack when the infested host started to brute force the SSH authentication. There are many scripts/user-land daemons that perform monitoring and blocking. I prefer to use something that has less demand in memory/CPU usage. IPTables module provides a kernel level solution with little overhead.
(more…)
Tags: firewall, iptables, ssh, syslog
Posted by Hans-Henry Jakobsen
08 May 2007 Rule-based DoS attacks prevention shell script
Dette scriptet er ikke testet samt DoS bør hindres på kernel nivå!
A simple rule-based DoS attack-prevention shell script. However, the proposed shell script is not a perfect tool for preventing DoS attacks, but a powerful tool for alleviating DoS attacks overheads of the Linux servers significantly.
(more…)
Tags: awk, bash, grep, iptables, script, sed
Posted by Hans-Henry Jakobsen
