Вы находитесь на странице: 1из 545

Copyright 2019, FUOC.

. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the section entitled "GNU Free Documentation License"

smbmount//host/carpeta/mnt/windows /mnt/windows smbumount/mnt/windows smbclient-Lhost


workgroup=GROUP serverstring=%hserver(Samba%v) hostsallow=192.168.1

printcapname=/etc/printcap guestaccount=nobody logfile=/var/log/samba/log.%m encryptpasswords=true [homes]


/etc/init.d/sambarestart

mancommand manncommand

commandopfile

command1|command2|command3

echo$SHELL

$env SSH_AGENT_PID=598 MM_CHARSET=ISO-8859-15 TERM=xterm DESKTOP_STARTUP_ID= SHELL=/bin/bash

WINDOWID=20975847 LC_ALL=es_ES@euro USER=juan LS_COLORS=no=00:fi=00:di=01;34:ln=01; SSH_AUTH_SOCK=/tmp/ssh-wJzVY570/agent.570 SESSION_MANAGER=local/aopcjj:/tmp/.ICE-unix/570 USERNAME=juan PATH=/soft/jdk/bin:/usr/local/bin:/usr/bin:/bin:/usr/bin/ X11:/usr/games MAIL=/var/mail/juan PWD=/etc/skel JAVA_HOME=/soft/jdk LANG=es_ES@euro GDMSESSION=Gnome JDK_HOME=/soft/jdk SHLVL=1 HOME=/home/juan GNOME_DESKTOP_SESSION_ID=Default LOGNAME=juan DISPLAY=:0.0 COLORTERM=gnome-terminal XAUTHORITY=/home/juan/.Xauthority _=/usr/bin/env OLDPWD=/etc #!/bin/bash

variable=value echo$variable

var=value exportvar

exportvar=value


if[expresion] then commands

fi


if[expresion] then commands1 else commands2 fi

if[expresion] then commands elif[expresion2] then commands else commands fi


casestring1in str1) commands;; str2) commands;; *) commands;; esac

forvar1inlist do commands done

while[expresion]

do commands done

until[expression] do commands done

fname(){ commands }

fname2(arg1,arg2...argN){ commands }

mozilla-i686-pc-linux-gnu-1.4-installer.tar.gz mozilla-source-1.4.tar.gz

tar-zxvffile.tar.gz(or.tgzfile) gunzipfile.tar.gz tar-xvffile.tar

tar-cvfdir.tardir gzip dir.tar tar-cvzfdir.tgzdir

package-version-rev.arq.rpm

noarch "architectureis

rpm-ql rpm-qi rpm-qR

rpm-ipackage.rpm --force--nodeps rpm

rpm-Upackage.rpm

rpm -Vpackage rpm-Va

$rpmimportGPG-KEY-FILE $rpm-qa|grep^gpg-pubkey

$rpm-qigpg-key-xxxxx-yyyyy $rpmchecksig-v<package>.rpm $rpm-K<package.rpm>


/etc/apt /etc/apt/sources.list debhttp://http.us.debian.org/debianstablemaincontribnonfree

debsrc http://http.us.debian.org/debian stable main contrib non-free deb http://security.debian.org stable/updates main contrib non-free

apt-getinstallpackage apt-getremovepackage apt-getupdate apt-getupdate apt-getupgrade


apt-getdist-upgrade apt-spy unstable apt-get cleanapt-get autoclean #apt-keylist #apt-getinstalldebian-archive-keyring #gpgimportfile.key #gpgexportarmorXXXXXXXX|apt-keyadd-


apt-cachesearchname apt-cacheshowpackage apt-cachedependspackage

dpkg-Lpackage dpkg-l dpkg-Sfile

gcc gdbxxgdbddd

Linux

possibilities the kernel


offers us for adapting our requirements and

/usr/src bzip2-dclinux-2.4.0.tar.bz2|tarxvf

makedep makebzImage makemodules

makemodules_install cparch/i386/boot/bzImage/boot/vmlinuz-2.4.0 cpSystem.map/boot/System.map-2.4.0


image=/boot/vmlinuz-2.4.0 label=2.4.0

/sbin/lilo-v

#makecleanmrproper #makemenuconfig #makedep #makebzImage #makemodules

#makemodules_install #cparch/i386/boot/bzimage/boot/vmlinuz-2.6.x.img #makeinstall #update-initramfs-c-k'version'

#apt-getinstalllinux-source-2.6.x $tar-xvjf/usr/src/linux-source-2.6.x.tar.bz2 #apt-getinstallbuild-essentialfakeroot #apt-getbuild-deplinux-source-2.6.x $cdlinux-source-2.6.x $fakerootdebian/rulesbinary #apt-getinstalllinux-source-2.6.x $tarxjf/usr/src/linux-source-2.6.x.tar.bz2 $cdlinux-source-2.6.x $makemenuconfig

$make-kpkgclean $fakerootmake-kpkg--revision=custom.1.0kernel_image $make-kpkgclean


$ f akeroot make-kpkg - -initrd - -revision=custom.1.0 k e r n e l _ i ma g e

#dpkg-i../linux-image-2.6.x_custom.1.0_i386.deb #m-aprepare #m-aauto-installmodule_name

patchxxxx-2.6.21-pversion.bz2 cd/usr/src/linux(or/usr/src/linux-2.6.21oranyotherversion).

bunzip2patch-xxxxx-2.6.21-version.bz2 patch-p1<patch-xxxxx-2.6.21-version

/lib/modules/version_kernel/modules.dep

Module agpgart apm parport_pc lp parport snd af_packet NVIDIA es1371 soundcore ac97_codec gameport 3c59x Size 37.344 10.024 23.304 6.816 25.992 30.884 13.448 1.539.872 27.116 3.972 10.9640 1.676 26.960 Usedby 3 1 1 0 1 0 1 10 1 4 0 0 1 [sndes1371] [es1371] [es1371] (autoclean) Tainted:P (autoclean) (autoclean) (autoclean) (autoclean) [parport_pclp]

insmodsoundxio=0x320irq=5

Tutor i al : c

#apt-getupdate

#apt-cachesearchlinux-image #apt-getinstalllinux-image-version #apt-getinstallxxxx-modules-version(ifsomemodulesare necessary) #apt-getinstalllinux-source-version-generic #apt-getinstalllinux-headers-version

default=Linux

image=/vmlinuz label=Linux initrd=/initrd.img #restricted #alias=1 image=/vmlinuz.old label=LinuxOLD initrd=/initrd.img.old #restricted #alias=2

#yuminstallkernelkernel-source #filegrub.conf default=1 timeout=10 splashimage=(hd0,1)/boot/grub/splash.xpm.gz titleLinux(2.6.20-2945) root(hd0,1) kernel/boot/vmlinuz-2.6.20-2945roroot=LABEL=/ initrd/boot/initrd-2.6.20-18.9.img titleLinuxOLD(2.6.20-2933) root(hd0,1) kernel/boot/vmlinuz-2.4.20-2933roroot=LABEL=/ initrd/boot/initrd-2.4.20-2933.img

makecleanmrproper

makedep cd/lib/modules tar-cvzfold_modules.tgzversionkernel-old/

makemodulesinstall #cd/usr/src/directory-sources/arch/i386/boot #cpbzImage/boot/vmlinuz-versionkernel #cpSystem.map/boot/System.map-versionkernel #ln-s/boot/vmlinuz-versionkernel/boot/vmlinuz #ln-s/boot/System.map-versionkernel/boot/System.map

telnetlocalhost

ifconfig-a


more/etc/services more/etc/hosts more/etc/hostname

netstat-r


arptoNameNode more/etc/defaultdomain more/etc/resolv.conf

manifconfig

Gateway leading out to Internet

hostnamenew-name service network restart init3 init5


aptgetinstallmodule-assistant(installthepackage) m-a-tupdate m-a-t-fgetipw2200 m-a-t-buildipw2200 m-a-tinstallipw2200 tarxzvfipw2200fw2.4.tgzC/tmp/fwr/ cp/tmp/fwr/*.fw/usr/lib/hotplug/firmware/

ipw2200:Intel(R)PRO/Wireless2200/2915NetworkDriver,git1.0.8 ipw2200:DetectedIntelPRO/Wireless2200BGNetworkConnection ...

eth1IEEE802.11bESSID:"Name-of-the-Wifi" Mode:ManagedFrequency:2.437GHz AccessPoint:00:0E:38:84:C8:72 BitRate=11Mb/sTxPower=20dBm Securitymode:open ...


ifaceeth1inetdhcp pre-upiwconfigeth1essid"NameoftheWifi" pre-upiwconfigeth1keyopenXXXXXXXXXX

address192.168.1.132 netmask255.255.255.0 network192.168.0.0 broadcast192.168.0.255 gateway192.168.1.1


ifaceeth1inetdhcp wireless-essid"NameoftheWifi" wireless-key123456789e


domainremix.com searchremix.compiru.com nameserver192.168.110.1 nameserver192.168.110.65

pppd dhclientresolv.conf resolvconf resolvconf


orderhosts,bind multion

127.0.0.1localhostloopback 192.168.1.2pirulo.remix.compirulo

telnet127.0.0.1
ifconfiglo127.0.0.1 routeaddhost127.0.0.1lo

hosts:xfnnisplusdns[NOTFOUND=return]files hostsdns[!UNAVAIL=return]files


route-n netstat-r

ifconfig eth0 inet down disable the interface ifconfig lo Link encap:Local Loopback route
ifconfigeth0inetup192.168.0.111\ netmask255.255.0.0broadcast192.168.255.255 routeadd-net10.0.0.0netmask255.0.0.0\ gw192.168.0.1deveth0


ifconfig eth0Linkencap:EthernetHWaddr08:00:46:7A:02:B0 inetaddr:192.168.0.111Bcast:192.168.255.255Mask:255.255.0.0 UPBROADCASTRUNNINGMULTICASTMTU:1500Metric:1 ... loLinkencap:LocalLoopback inetaddr:127.0.0.1Mask:255.0.0.0 ... route KernelIProutingtable DestinationGatewayGenmaskFlagsMetricRefUseIface 192.168.0.0*255.255.0.0U000eth0 10.0.0.0192.168.0.1255.0.0.0UG000eth0

/etc/services /etc/ inetd.conf nameport/protocolaliases

/etc/xinetd.conf /etc/rcX.d directories/etc/ init.d/inetd.realstart /etc/ssh/ssh_config /etc/ssh/ sshd_config /etc/ exim/exim.conf /etc/mailname /etc/aliases /etc/email-addresses / etc/fetchmailrc /etc/hosts.allow /etc/ hosts.deny /etc/ dhcp3/dhclient.conf /etc/default/dhcp3-server /etc/dhcp3/dhcpd.conf

/etc/cvs-cron.conf /etc/cvs-pserver.conf

/etc/printcap

/etc/apache/*/etc/apache2/ *

/etc/squid/*

/etc/hosts.allow/etc/host.deny /usr/sbin/tcpd/usr/sbin/in.ftpd /etc/hosts.deny /etc/hosts.allow /etc/hosts.equiv

/proc/sys/ net/ipv4/

ifconfig cat/proc/pci cat/proc/interrupts dmesg|more

pinguoc.edu#verifiestheInternetconnection tracerouteuoc.edu#scansIPpackets ifconfig#verifiesthehostconfiguration route-n#verifiestheroutingconfiguration dig[@dns.uoc.edu]www.uoc.edu#verifiestheregistriesin #onthedns.uoc.eduserver. iptables-L-n|less#verifiespacketfiltering(kernel>=2.4) netstat-a#showsalltheopenports

netstat-l--inet#showsallthelisteningports netstat-ln--tcp#shoosthelisteningtcpports(number)

dhcp3-client
#Exampleof/etc/dhcpd.conf: default-lease-time1200; max-lease-time9200; optiondomain-name"remix.com"; denyunknown-clients; denybootp; optionbroadcast-address192.168.11.255; optionrouters192.168.11.254; optiondomain-name-servers192.168.11.1,192.168.168.11.2; subnet192.168.11.0netmask255.255.255.0 {notauthoritative; range192.168.11.1192.168.11.254 hostmarte{ hardwareethernet00:00:95:C7:06:4C;

fixedaddress192.168.11.146; optionhost-name"marte"; } hostsaturno{ hardwareethernet00:00:95:C7:06:44; fixedaddress192.168.11.147; optionhost-name"saturno"; } }

/var/state/dhcp/ dhcpd.leases/var/ state/dhcp/dhcpd.leases /usr/sbin/dhcpd-d-f notauthoritative

routeadd-net192.168.1.0netmask255.255.255.0eth0 routeadddefaultppp0 ipchains-Aforward-s192.168.1.0/24-jMASQ iptables-tnat-APOSTROUTING-oppp0-jMASQUERADE

iprouteaddnat<extaddr>[/<masklen>]via<intaddr>

/etc/hotplug//etc/hotplug.d/ /etc/ hotplug/net.agent /etc/hotplug/net.agent

/etc/network/ interfaces /etc/network/interfaces


/etc/hotplug.d/net/ ifplugd.hotplug

openvpn--genkey--secretstatic.key

devtun ifconfig10.8.0.110.8.0.2 secretstatic.key remotemyremote.mydomain devtun ifconfig10.8.0.210.8.0.1 secretstatic.key openvpn[serverconfigfile] SunFeb620:46:382005OpenVPN2.0_rc12i686-suse-linux[SSL] [LZO][EPOLL]builtonFeb52005 SunFeb620:46:382005Diffie-Hellmaninitializedwith1024 bitkey Sun Feb 6 20:46:38 2005 TLS-Auth MTU parms [ L:1542 D:138 EF:38EB:0ET:0EL:0] SunFeb620:46:382005TUN/TAPdevicetun1opened SunFeb620:46:382005/sbin/ifconfigtun110.8.0.1pointopoint10.8.0.2mtu1500 SunFeb620:46:382005/sbin/routeadd-net10.8.0.0netmask 255.255.255.0gw10.8.0.2 Sun Feb 6 20:46:38 2005 Data Channel MTU parms [ L:1542 D:1450EF:42EB:23ET:0EL:0AF:3/1] Sun Feb 20:46:38 6 2005 UDPv4 link local (bound): [undef]:1194 SunFeb620:46:382005UDPv4linkremote:[undef] SunFeb620:46:382005MULTI:multi_initcalled,r=256v=256 SunFeb620:46:382005IFCONFIGPOOL:base=10.8.0.4size=62 SunFeb620:46:382005IFCONFIGPOOLLIST

SunFeb620:46:382005InitializationSequenceCompleted openvpn[clientconfigfile] ping10.8.0.1 comp-lzo keng-timer-rem persist-tun peepalive1060 pirsist-key usernobody groupnobody Daemon

iptables-AType-iInterface-pprotocol-sSourceIP-source-portPort-dDestinationIP--destination-portPort -jAction gpg--gen-key gpg--export-aoUID gpg --import filename gpg--signkeyUIDgpg--verifyfile/data

/etc/xinetd.conf/etc/rc.d/ init.d/xinetd

/etc/init.d/xinetd chmod700/etc/init.d/xinetd;chown0.0/etc/init.d/ xconfig; chmod 400 /etc/xinetd.conf; chattr +i /etc/ xinetd.conf

apt-getinstallnetwork-manager-xx addusercurrent_usernetdev /etc/init.d/net-

workingrestart

cat /etc/inittab | grep :initdefault: /sbin/chkconfig /sbin/chkconfig --level 35 crond on service crondstopservicecrondrestart

createdbnteumdb /usr/local/pgsql/bin/createdbnteumdb

dropdbnteumdb us to edit and executenqoj l r skb` o psqlnteumdb


AccesstheDBnteumdb: psqlnteumdb[enter] nteumdb=>

cd InstallationDirectory/ src/tutorialpsql -s nteumdb


CREATETABLEweather( cityvarchar(80), min_tempint, max_tempint, realrain, daydate );

CREATETABLEcity( namevarchar(80), place point );

gunzippostgresql-x.x.x.tar.gz tarxfpostgresql-7.3.tar ./configure gmake check gmake install

initdb -D /usr/local/pgsql/data mkdir/usr/local/pgsql/data

chownpostgres/usr/local/pgsql/data supostgres initdb-D/usr/local/pgsql/data postmaster-D/usr/local/pgsql/data postmaster-D/usr/local/pgsql/data<logfile2>&1&. /usr/local/pgsql/bin/pg_ctlstart-llogfile\ -D/usr/local/pgsql/data kill-INT'head-1/usr/local/pgsql/data/postmaster.pid'

psql-Upostgres

pg_ctlstart|logrotate pg_dumpDBFile>BackupFile psqlDBFile<BackupFile pg_dumpall>TotalBackupFile tar-cfbackup.tar/usr/local/pgsql/data


./configure gmake su gmakeinstall adduserpostgres mkdir/usr/local/pgsql/data chownpostgres/usr/local/pgsql/data su-postgres /usr/local/pgsql/bin/initdb-D/usr/local/pgsql/data /usr/local/pgsql/bin/postgres-D/usr/local/pgsql/data< logfile2>&1& /usr/local/pgsql/bin/createdbtest /usr/local/pgsql/bin/psqltest

pgaccess [DBName] xhost+ supostgres pgaccess[DBName]&

/etc/init.d/mysqlstart|stop groupaddmysql useradd-gmysqlmysql cd/usr/local gunzip</path/to/mysql-VERSION-OS.tar.gz|tarxvfln-sfull-path-to-mysql-VERSION-OSmysql cdmysql scripts/mysql_install_db--user=mysql chown-Rroot. chown-Rmysqldata chgrp-Rmysql.

bin/mysqld_safe--user=mysql& groupaddmysql useradd-gmysqlmysql gunzip<mysql-VERSION.tar.gz|tar-xvfcdmysql-VERSION ./configure--prefix=/usr/local/mysql make makeinstall cpsupport-files/my-medium.cnf/etc/my.cnf cd/usr/local/mysql bin/mysql_install_db--user=mysql chown-Rroot. chown-Rmysqlvar chgrp-Rmysql. bin/mysqld_safe--user=mysql& prefix= /usr/ local/mysql

/etc/init.d/mysqlstart mysqladminversion mysqladminvariables mysqladmin-urootshutdown mysqlshow mysqlshowmysql

./scripts/mysql_install_db cdInstallationDirectoryMysql

./bin/mysqld_safe--user=mysql& cdInstallationDirectoryMysql ./scripts/mysql_install_db ./bin/mysqld_safeuser=mysql& mysql_install_dbmysqlmysqld_safe cdsql-bench run-all-tests mysql--help mysql-hlocalhost-umysql-pDBName


mysql-uroot mysql-urootmysql mysql> UPDATE user SET Password = PASSWORD('new_password') ->WHEREuser='root'; mysql>FLUSHPRIVILEGES; mysql-uroot-pmysql mysqldump--tab=/DestinationDirectory\ --optDBName

mysqlhotcopyDBName/DestinationDirectory

rcs cico identrcsclean rcsdiff rcsmerge rlog co ci diffdiff3 rcs manmkdir rcs ciname_files_sources ./RCS/file_name coRCS/file_name rcs-Lworkfile_name rcs-Uworkfile_name rlogfile_name

exportEDITOR=/bin/vi exportCVSROOT=/usr/local/cvsroot exportCVSROOT=/usr/local/cvsroot groupaddcvs useradd-gcvs-d$CVSROOTcvs mkdir$CVSROOT chgrp-Rcvs$CVSROOT chmodo-rwx$CVSROOT chmodug+rwx$CVSROOT cvs-d/usr/local/cvsrootinit usermod-Gcvs,nteum exportEDITOR=/bin/vi exportCVSROOT=/usr/local/cvsroot exportCVSREAD=yes cddirectory_of_originals cvsimportRepositoryNamevendor_1_0rev_1_0 cddir_org

cvsimport-m\ \primer_cvs/projuserXvers0 cd.. cvscheckoutprimer_cvs/proj diff-rdir_orgprimer_cvs/proj rm-rdir_org

exportCVSROOT=":ext:user@CVS.server.com:/home/cvsroot"

exportCVS_RSH="ssh" cvsupdate cvsaddfile... cvsimport cvsremovefile... cvsdifffile... cvstag-R"version" cvs checkout -r 'version' cvstag-brel-1-0-patches cvs update-j

cvscheckoutgccrep cd gccrepls cvscommita.c. cvs release -d gccrep cvsdiffb.c

cvs commit b.c

cvsadmin-lcommand

apt-getinstallsubversion apt-getinstallApache2-common apt-getinstalllibApache2- mkdir-p/usr/local/svn addgroupsvgroup chown-Rroot.svgroup/usr/local/svn chmod2775/usr/local/svn addgroupsvusersvggroup

svnadmincreate/usr/local/svn/tests mkdir-p$HOME/svndirsvnadmin create$HOME/svndir/tests.

mkdir-p$HOME/svntmp/tests echoFirstFileSvn'date'>file1.txt.

svnimportfile:///home/svuser/svndir/tests-m"View.Initial"/usr/local/svn/tests file:// rm-rf$HOME/svntmp/tests

mkdir$HOME/svm-work cd$HOME/svn-work svncheckoutfile:///home/svuser/svndir/tests cd/home/kikov/svn-work/tests echoSecondFileSvn'date'>file2.txt svnaddfile2.txt svncommit-m"Newfile"

echo'date'>>file1.txt svncommit-m"Newline" echo'date'>>file1.txt

svncommit-m"Newline2" svnlogfile1.txt mkdir/subversinchmodwww-data:www-data svnadmincreate/subversion ls-s/subversion -rw-r--r--1www-datawww-data376May1120:27README.txt drwxr-xr-x2www-datawww-data4096May1120:27conf drwxr-xr-x2www-datawww-data4096May1120:27dav drwxr-xr-x2www-datawww-data4096May1120:28db -rw-r--r--1www-datawww-data2May1120:27format drwxr-xr-x2www-datawww-data4096May1120:27hooks drwxr-xr-x2www-datawww-data4096May1120:27locks

htpasswd2-c-m/subversion/.dav_svn.passwduser <location/svn> DAVsvn SVNPath/subversion AuthTypeBasic AuthName"SubversionRepository" AuthUserFile/subversion/.dav_svn.passwd Requirevalid-user </location> svnimportfile1.txthttp://url-server.org/svn\ -m"ImportInitial"

password--md5sum-md5-calculated password=<selectedpassword> image=/boot/vmlinuz-version password=<selectedpassword> restricted

ca:12345:ctrlaltdel:/sbin/shutdown-t1-a-rnow user:sndb565sadsd:...

module-typecontrol-flagmodule-patharguments @includeservice

auth

requisitepam_securetty.so

auth auth auth account session session session session password required required optional optional optional required

requisitepam_nologin.so requiredpam_env.so requiredpam_unix.sonullok pam_unix.so pam_unix.so pam_lastlog.so pam_motd.so pam_mail.sostandardnoenv pam_unix.sonullokobscuremin=4max=8md5

LABEL system_u:system_r:init_t system_u:system_r:kernel_t system_u:system_r:kernel_t system_u:system_r:kernel_t system_u:system_r:kernel_t system_u:system_r:kernel_t

PID 1 2 3 4 5 6

TTY ? ? ? ? ? ?

STAT Ss S S S S SN

TIME 0:00 0:00 0:00 0:00 0:00 0:00

COMMAND init [migration/0] [ksoftirqd/0] [watchdog/0] [migration/1] [migration/1]

LABEL system_u:system_r:kernel_t system_u:system_r:syslogd_t system_u:system_r:klogd_t system_u:system_r:irqbalance_t system_u:system_r:portmap_t system_u:system_r:rpcd_t user_u:system_r:unconfined_t user_u:system_r:unconfined_t user_u:system_r:unconfined_t user_u:system_r:unconfined_t user_u:system_r:unconfined_t system_u:system_r:rpcd_t system_u:system_r:gpm_t user_u:system_r:unconfined_t user_u:system_r:unconfined_t

PID 7 2564 2567 2579 2608 2629 4812 4858 4861 4862 4920 4984 5029 5184 5185

TTY ? ? ? ? ? ? ? ? ? pts/0 pts/0 ? ? pts/0 pts/0

STAT S Ss Ss Ss Ss Ss Ss Sl S Ss S Ss Ss R+ D+

TIME 0:00 0:00 0:00 0:00 0:00 0:00 0:00 0:00 0:00 0:00 0:00 0:00 0:00 0:00 0:00

COMMAND [watchdog/1] syslogd-m0 klogd-x irqbalance portmap rpc.statd /usr/libexec/gconfd-25 gnome-terminal gnome-pty-helper bash gedit rpc.idmapd gpm-m/dev/input/mice-texps2 psax-Z Bash

#ls-Z drwxr-xr-xjosepjosepuser_u:object_r:user_home_tDesktop drwxrwxr-xjosepjosepuser_u:object_r:user_home_tproves -rw-r--r--josepjosepuser_u:object_r:user_home_tyum.conf $id-Z user_u:system_r:unconfined_t

0permissive1enforcing.

finger stream tcp nowait nobody /usr/etc/in.fingerd

in.fingerd fingerstreamtcpnowaitnobody/usr/sbin/tcpdin.fingerd

iptables-Achain-jtarget

iptables-IINPUT3-s10.0.0.0/8-jACCEPT iptables-DINPUT1 iptables-DINPUT-s10.0.0.0/8-jACCEPT iptables-PINPUTDENY iptables-POUTPUTREJECT iptables-PFORWARDREJECT 1)iptables-AINPUT-s10.0.0.0/8-d192.168.1.2-jDROP 2)iptables-AINPUT-ptcp--dport113-jREJECT--reject-with tcp-reset 3)iptables-IINPUT-ptcp--dport113-s10.0.0.0/8-jACCEPT

/etc/init.d/iptablessave /etc/sysconfig/iptables /etc/init.d/iptablessavename-rules

nmap-sTU-Olocalhost root@machine:#nmap-sUT-Olocalhost starting nmap 3.27 (www.insecure.org/nmap/) at 2003-09-17 11:31CESTInterestingportsonlocalhost(127.0.0.1):

Port 9/tcp 9/udp 13/tcp 22/tcp 25/tcp 37/tcp 37/udp 80/tcp 111/tcp 111/udp 113/tcp 631/tcp 728/udp 731/udp 734/tcp

Remoteoperatingsystemguess:Linuxkernel2.4.0-2.5.20

Uptime2.011days(sinceMonSep1511:14:572003) Nmap run completed --1 IP address (1 host up) scanned in 9.404seconds discardstreamtcpnowaitrootinternal smtpstreamtcpnowaitmail/usr/sbin/eximeximbs

22/tcp 80/tcp 111/tcp 111/udp

113/tcp 631/tcp 728/udp 734/tcp

/etc/init.d/apachestop
root@machine:#grep631/etc/services ipp631/tcp#InternetPrintingProtocol ipp631/udp#InternetPrintingProtocol

root@machine:#netstat-anp|grep728 udp000.0.0.0:7280.0.0.0:*552/rpc.statd

root@machine:#rpcinfo-p

programmevers 1000002tcp 1000002udp 1000241udp 1000241tcp 3910021tcp 3910022tcp

/etc/init.d/nfs-common /etc/init.d/nfs-kernel-server /etc/init.d/portmap ALL:ALL:spawn(/usr/sbin/safe_finger-l@%h\ |/usr/bin/mail-s"%cFAILEDACCESSTO%d!!"root)&

sshd:1.2.3.4 root@machine:#tcpdmatchsshd1.2.3.4 warning:sshd:nosuchprocessnamein/etc/inetd.confclient: hostnamemachine.domain.es client:address1.2.3.4 server:processsshd matched:/etc/hosts.allowline13 access:grantedv


root@aopcjj:&#732;#iptables-L

ChainINPUT(policyACCEPT) targetprotoptsourcedestination ChainFORWARD(policyACCEPT) targetprotoptsourcedestination ChainOUTPUT(policyACCEPT) targetprotoptsourcedestination

/proc/1: /proc/cpuinfo: /proc/dma: /proc/interrupts: /proc/ioports: /proc/kcore:

/proc/kmsg: /proc/ksyms: /proc/loadavg: /proc/meminfo: /proc/modules: /proc/net: /proc/stat: /proc/uptime: /proc/version: sarsadc atsar atsadc atsaroptionst[n]n atsar-options-stime-etime-isec-ffile-nday# @rebootroottest-x/usr/lib/atsadc&&/usr/lib/atsar/atsadc /var/log/atsar/atsa'date+\%d'

10,20,30,40,50****roottest-x/usr/lib/atsar/atsa1&& /usr/lib/atsar/atsa1 atsarsar

atsar

atsarsar

sar-u45 Linux2.6.19-prep(localhost.localdomain)24/03/07

idle=100 idle=10 sar-I45 Linux2.6.19-prep(localhost.localdomain)24/03/07 08:24:01INTRintr/s 08:24:0640.00 Media:40.00

sar-r45 Linux2.6.19-prep(localhost.localdomain)24/03/07

totalusedfreesharedbufferscached Mem:1026216729716296500024324459980 -/+buffers/cache:245412780804 Swap:9638600963860 vmstat sar -r vmstat110


procs-----------memory-------------swap-------io------system-------cpu-----rbswpdfreebuffcachesisobiboincsussyidwast 00029589624384459984003215612497241128150 00029589624384459984000281179383109900 00029589624384460012000012604980010000 0002958962438446001200001175342001000 00029589624384460012000012755260010000 10029589624392460004000721176356009910 00029589624392460012000012184200010000

00029589624392460012000012164360010000 00029589624392460012000011743610010000 10029589624392460012000012604920010000

sar-v45

Linux2.6.19-prep(localhost.localdomain)24/03/07 08:24:48 dentunusd file-sz inodesz 15153 15153 15153 15153 15153 15153 supersz 0 0 0 0 0 0 %super-sz dquotsz 0.00 0.00 0.00 0.00 0.00 0.00 0 0 0 0 0 0 %dquot-sz rtsigsz %rtsig-sz

08:24:52 19177 08:24:56 19177 08:25:00 19177 08:25:04 19177 08:25:08 19177 Media: 19177

3904 3904 3904 3904 3904 3904

0.000 0.000 0.000 0.000 0.000 0.000

0.00 0.00 0.00 0.00 0.00 0.00

ps -edaflmtop psedaflm

UID

PID

PPID C

PRI NI

AD- SZ DR 0 508 0 424 444 472 1232

WCHANSTIMETTY

TIME

CMD

4 1 1 5 5 5 5 1

S -

root 1

0 0 0 0 78 0 0 1

0 81 0

08:01? 08:02? 08:02? 08:02? 08:0208:02? 08:0208:02?

00:00:00 00:00:00 00:00:00 00:00:00 00:00:00 00:00:00 00:00:00 00:00:00

init[5] [kondemand/0] syslogd-m0 portmap rpc.statd rpc.idmapd

root 1927 7 rpc rpc 2523 1 2566 1 0

root -

root 2587 1 S root root 2620 -

1 5 5 5 5 4 4

S S S -

root -

0 0 0 0 0 0 0

75 84 84 0 0 -

0 -

1294 551 407 21636

defaul 08:0208:02? 08:0208:02? 08:02-

00:00:00 00:00:00 00:00:00 00:00:00 00:00:00

/usr/sbin/sshd /usr/sbin/atd /sbin/mingettytty1 nautilus--no-default-window--smclient-iddefault3 bash

root 2804 1 root -

root 2910 1 root -

root 3066 1 root 3305 1

08:02tty1 00:00:00 08:03? 00:00:01

4 0

root 3305 1

21636 1123

08:03?

00:00:01

root 3643 3541 0

08:17pts/ 00:00:00 1 08:27pts/ 00:00:00 1

root 3701 3643 0

1054

ps-edaflm

top-08:26:52up25min,2users,loadaverage:0.21,0.25, 0.33 Tasks: 124 total, running, 1 123 sleeping, stopped, zombie 0 0 Cpu(s): 10.8%us, 2.1%sy, 0.0%ni, 82.0%id, 4.9%wa, 0.1%hi, 0.1%si,0.0%st Mem: 1026216k total, 731056k used, 295160k free, 24464k buffers Swap:963860ktotal,0kused,963860kfree,460208kcached

PID 3541 3695 1

USER root root root

PR 15 15 RT

NI 0 0 0

VIRT 42148 260 2032

RES 14m 944 680

SHR 981 1650 580

S S R S

%CPU 1.9 1.9 0.0

%MEM 1.5 0.1 0.1

TIME+ 0:00.76 0:00.02 0:00.85

COMMAND gnome-terminal top init

PID 2 3 4 5 6 7 53 54 177 178 181 183 203 204

USER root root root root root root root root root root root root root root

PR 34 RT 10 16 10 10 11 15 18 18 10 10 23 15

NI 0 19 0 -5 -5 -5 -5 -5 -5 -5 -5 -5 0 0

VIRT 0 0 0 0 0 0 0 0 0 0 0 0 0 0

RES 0 0 0 0 0 0 0 0 0 0 0 0 0 0

SHR 0 0 0 0 0 0 0 0 0 0 0 0 0 0

S S S S S S S S S S S S S S S

%CPU 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0

%MEM 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0

TIME+ 0:00.00 0:00.04 0:00.00 0:00.00 0:00.00 0:00.00 0:00.01 0:00.00 0:00.00 0:00.00 0:00.00 0:00.01 0:00.00 0:00.03

COMMAND migration/0 ksoftirqd/0 watchdog/0 events/0 khelper kthread kblockd/0 kacpid cqueue/0 ksuspend_usbd khubd kseriod pdflush pdflush

vmstatiostatuptime

pstop systune dump > /tmp/sysfile systune-c/tmp/sysfile


atsar-I atsar-u atsar-d atsar-diostat

dumpe2fs -h /dev/hd tune2fs/dev/hd netstat-i netstat-s|more echo600>/proc/sys/net/core/netdevmaxbacklog(300bydefault).

gpowertweak

hdparm manhdparm hdparm-vtT/dev/hdX

/etc/init.d/networkingstop ifdown eth0ifup eth0

Format: permission:users:origins +o-:users:fromwhere -:ALLEXCEPTroot:tty1 -:ALLEXCEPTuser1user2user3:console Disableaccesstoallno-rootovertty1. preventsaccessexceptforusers1,2,3butthelattermayonlyaccessfromtheconsole.

-:user1:ALLEXCEPTLOCAL.uoc.edu'group.conf':

su -

chattr+i/etc/lilo.conf ca:12345:ctrlaltdel:/sbin/shutdown-t1-a-rnow Activatethechangeswithtelinitq. sysadmsu

chattr +i file /tmp/tmpext2defaults,nosuid,noexec00 chmoda-sfile find/-typef-perm-4000or-perm-2000print find/-name".*"-print|cat-v find/name".."-print find/-nouser-nogroup

apt-get install muninmunin-node dbdir/var/lib/munin htmldir/var/www/www.pirulo.org/web/monitoring logdir/var/log/munin rundir/var/run/munin tmpldir/etc/munin/templates [pirulo.org] address127.0.0.1 use_node_nameyes mkdir-p/var/www/pirulo.org/web/monitoring chownmunin:munin/var/www/pirulo.org/web/monitoring /etc/init.d/munin-noderestart

AuthTypeBasic AuthName"MembersOnly" AuthUserFile/var/www/pirulo.org/.htpasswd <limitGETPUTPOST> requirevalid-user </limit> htpasswd-c/var/www/pirulo.org/.htpasswdadmin

apt-get install monit setdaemon60 setlogfilesyslogfacilitylog_daemon setmailserverlocalhost setmail-format{from:monit@pirulo.org} setalertroot@localhost sethttpdport3333and allowadmin:test checkprocessproftpdwithpidfile/var/run/proftpd.pid startprogram="/etc/init.d/proftpdstart" stopprogram="/etc/init.d/proftpdstop" iffailedport21protocolftpthenrestart if5restartswithin5cyclesthentimeout checkprocesssshdwithpidfile/var/run/sshd.pid startprogram"/etc/init.d/sshstart" stopprogram"/etc/init.d/sshstop" iffailedport22protocolsshthenrestart if5restartswithin5cyclesthentimeout check process mysql with pidfile /var/run/mysqld/ mysqld.pid groupdatabase startprogram="/etc/init.d/mysqlstart" stopprogram="/etc/init.d/mysqlstop" iffailedhost127.0.0.1port3306thenrestart if5restartswithin5cyclesthentimeout checkprocessapachewithpidfile/var/run/apache2.pid groupwww startprogram="/etc/init.d/apache2start" stopprogram="/etc/init.d/apache2stop" iffailedhostwww.pirulo.orgport80protocolhttp andrequest"/monit/token"thenrestart ifcpuisgreaterthan60%for2cyclesthenalert ifcpu>80%for5cyclesthenrestart iftotalmem>500MBfor5cyclesthenrestart

ifchildren>250thenrestart ifloadavg(5min)greaterthan10for8cyclesthenstop if3restartswithin5cyclesthentimeout check process postfix with pidfile /var/spool/postfix/ pid/master.pid groupmail startprogram="/etc/init.d/postfixstart" stopprogram="/etc/init.d/postfixstop" iffailedport25protocolsmtpthenrestart if5restartswithin5cyclesthentimeout mkdir /var/www/pirulo.org/web/monit; echo "pirulo" > /var/www/pirulo.org/web/monit/token /etc/init.d/monit start

WorkDir:/var/www/mrtg Target[average]:'/usr/local/bin/cpu-load/average' MaxBytes[average]:1000 Options[average]:gauge,nopercent,growright,integer YLegend[average]:Loadaverage kMG[average]:,, ShortLegend[average]: Legend1[average]:Loadaveragex100 LegendI[average]:load: LegendO[average]: Title[average]:Loadaveragex100forpirulo.org PageTop[average]:<H1>Loadaveragex100forpirulo.org</ H1> <TABLE> <TR><TD>System:</TD> <TD>pirulo.org</TD></TR> <TR><TD>Maintainer:</TD> TD></TR> <TR><TD>Maxused:</TD><TD>1000</TD></TR> </TABLE> atsar #!/bin/sh load='/usr/bin/atsar-u1|tail-n1|awk-F""'{print $10}'' echo"$load*100"|bc|awk-F"."'{print$1}' <TD>webmaster@pirulo.org</

first node on theleft receives a piece of data, processes it and sends it to the