Hammer script to get output from Job by id

This is a simple script I use to export the details from a Job run in Red Hat Satellite 6.2 using hammer from the console.

#!/bin/bash
# Redhat Satellite Job query by id using hammer

if [ $1 -eq $1 ] 2>/dev/null; then
# get hosts run by ID
JOBHOSTS=$(hammer job-invocation info –id $1 | sed ‘1,/Hosts/d’ | awk {‘print $2’} | awk ‘NF’)

# Loop hosts
for HOST in $JOBHOSTS
do
echo “================================================================================
$HOST
================================================================================”
hammer job-invocation output –id $1 –host $HOST
echo “”
done
else
echo “You need to type the Job ID”
fi

One-liner to mail when someone logs in as root

This is a short post describing how to automatically send an email every time someone logs in as root on a linux server.
Add the following line to /root/.bash_profile if you are using bash as your default shell interpreter. Refer to /etc/passwd.

(echo "Subject: ALERT: servername Root Shell Access from `who | awk '{print $5}'`"; echo "ALERT - servername Root Shell Access on:' `date` `who`")| mail -s "root access on servername" user@example.com

This will send an email to user@example.com every time someone starts using the root shell.
Quite handy and can be a way to detect if your server has been compromised.

This has been tested on ubuntu 13.10 and requires that you have access to the mail command, available in the mailutils package.

My 10 most used linux commands

This is a oneliner bash command to determine my 10 most used linux commands according to my history file

history | awk '{CMD[$2]++;count++;}END { for (a in CMD)print CMD[a] " " CMD[a]/count*100 "% " a;}' | grep -v "./" | column -c3 -s " " -t | sort -nr | nl |  head -n10

The result

     1  188  37.6%  vi
     2  38   7.6%   ls
     3  24   4.8%   cat
     4  22   4.4%   apt-get
     5  12   2.4%   date
     6  11   2.2%   tail
     7  11   2.2%   cd
     8  10   2%     rm
     9  10   2%     man
    10  9    1.8%   basename

It looks like i use vim a lot on my home server. You should try it yourself and see what commands you use the most.

Source: http://linux.byexamples.com

Apache web connections pr hour

This is a bash oneliner to show Apache web connections pr hour. It lists up the IPs that has accessed your webserver and the amount og accesses.

# cat /var/log/apache2/access_log_pario.no | grep "21/Jan/2008:.." | awk {' print $4":"$1 '} | sed 's/\[//g' | awk -F : {' print $1":"$2"\t\t"$5 '} | sort | uniq -c

Example output

37 21/Jan/2008:00          192.168.0.10

This shows that I had 37 hits from 00:00 – 01:00 in 20th February 2008.

Allow NFS through iptables

This is one way to determine the ports needed to open in your iptables rules to get NFS to work properly. First we need to determine the ports NFS uses

rpcinfo -p | awk -F " " '{print $3 ", " $4 ", " $5}' | sort | uniq

Notice!
Since portmap assigns ports on random this example is only valid as long as you don’t restart your NFS.

On my system, a RedHat Enterprise Linux WS 4, the result was

proto, port,
tcp, 111, portmapper
tcp, 2049, nfs
tcp, 32771, nlockmgr
tcp, 768, rquotad
tcp, 782, mountd
udp, 111, portmapper
udp, 2049, nfs
udp, 32768, nlockmgr
udp, 765, rquotad
udp, 779, mountd

This gave me a nice overview of protocols (tcp/udp) and ports used.

Now the rules

iptables -A RH-Firewall-1-INPUT -s 192.168.0.0/255.255.255.0 -i eth0 -p tcp -m state --state NEW -m multiport --dports 111,2049,32771,768,782 -j ACCEPT
iptables -A RH-Firewall-1-INPUT -s 192.168.0.0/255.255.255.0 -i eth0 -p udp -m state --state NEW -m multiport --dports 111,2049,32768,765,779 -j ACCEPT

You see that the multiport statement is just like the result of my rpcinfo command above.

Remember to save your new rules, othervise they will disappear the next time the iptables rules are being loaded.

In addition to this rule you should add the iptables rule for ssh access I wrote about earlier.

Another way to determine the ports

nmap -sC -p 111 localhost

Notice!
This solution won’t work after a reboot of the server since NFS changes ports. One way to overcome this problem is to follow the instructions in a newer post I’ve made about RedHat and NFS.