Thursday 4 October 2012

Use of lsof


lsof is one of the most useful utilities for Linux and Unix systems.It stands for "list of open files" the lsof utility can help identify which files are being used by any given application, which network ports are open, and much more.

A process would show up in top or ps aux, but the executable didn't seem to exist. Using lsof, I could hunt down the scripts or executables used to run the malware.

For example, if you want to see all the open files owned by a process, you can use the -p option (for PID) like so:

"lsof -p XXXXX"

Here, you want to replace XXXXX with the process ID (PID) of the process you want to see. Note that you want to run this as root or using sudo. The output will show the command that has the file open, the PID, the user, the file descriptor, type, size of the file and the name of the file.

You can also see what files are open by users. Running lsof -u user will show all open files by processes owned by the user. You can also substitute the user ID (UID) for the username. If you want to eliminate a user from the listing, use ^user instead. The preceding caret will negate the selection, so the user will be ignored.

If you want to see what files are open over the network, use -i. This will show you which files and sockets are open, and their respective protocols, hostnames and so on. You can narrow network parameters down by IP version (-i4 for IPv4, -i6 for IPv6), protocol (UDP or TCP), and even hostname or port. By default, lsof will look up hostnames -- but you can turn this off using the -n option. It will run faster without needing to do name lookups.

You can also "and" things using the -a option. Want to see what network sockets are owned by a particular user or process? Try lsof -u user -a -i. That will show only the open TCP and UDP sockets.

Example:

  lsof -i -n -P

That command shows


COMMAND     PID       USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
sshd        698       root    3u  IPv4    3014      0t0  TCP *:22 (LISTEN)
sshd        698       root    4u  IPv6    3016      0t0  TCP *:22 (LISTEN)
avahi-dae   726      avahi   12u  IPv4    6921      0t0  UDP *:5353
avahi-dae   726      avahi   13u  IPv6    6922      0t0  UDP *:5353
avahi-dae   726      avahi   14u  IPv4    6923      0t0  UDP *:40507
avahi-dae   726      avahi   15u  IPv6    6924      0t0  UDP *:43886
cupsd       805       root    3u  IPv4 1994244      0t0  TCP *:631 (LISTEN)
cupsd       805       root    6u  IPv6 1994245      0t0  TCP *:631 (LISTEN)
cupsd       805       root    8u  IPv4 1994248      0t0  UDP *:631
mysqld      952      mysql   12u  IPv4   10623      0t0  TCP *:3306 (LISTEN)
mysqld      952      mysql   34u  IPv4  604375      0t0  TCP 127.0.0.1:3306->127.0.0.1:35123 (ESTABLISHED)
mysqld      952      mysql   45u  IPv4 2175928      0t0  TCP 127.0.0.1:3306->127.0.0.1:38270 (ESTABLISHED)
master     1069       root   12u  IPv4    8851      0t0  TCP *:25 (LISTEN)
apache2    1208       root    4u  IPv6   10534      0t0  TCP *:80 (LISTEN)
apache2    1219   www-data    4u  IPv6   10534      0t0  TCP *:80 (LISTEN)
apache2    1220   www-data    4u  IPv6   10534      0t0  TCP *:80 (LISTEN)
apache2    1221   www-data    4u  IPv6   10534      0t0  TCP *:80 (LISTEN)
apache2    1222   www-data    4u  IPv6   10534      0t0  TCP *:80 (LISTEN)






Posted by at No comments:
Labels: ,

Resolve Applying iptables firewall rules failed


Some time we might be get error like Applying iptables firewall rules: iptables-restore: line 1 failed [FAILED].The line Number will be different.That is nothing  while editing editing iptables you may wrongly enter some extra attributes.
For example iptable rule will be like that

-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 21 -j ACCEPT

but you editing rule like

ss-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 21 -j ACCEPT

means you can get like Applying iptables firewall rules: iptables-restore: line 1[this the exact line failed] failed [FAILED].

For that you simply correct the rule and restart your iptables. And you away from that error.

If the iptable rule is correct and you getting same error means add the following line above the rules and add COMMIT statement end of the rule.Go to /etc/init.d/iptables and add

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT

-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 21 -j ACCEPT----->rule
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 25 -j ACCEPT----->rule

COMMIT
and restart your iptables .That  working fine
Posted by at No comments:
Labels: ,

Tuesday 2 October 2012

Establishing ssh key pair when “Host key verification failed”


Somtime you will get like following you try to other system via SSH

$ ssh root@192.168.1.1
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.The fingerprint for
the RSA key sent by the remote host is 3f:1b:f4:bd:c5:aa:c1:1f:bf:4e:2e:cf:53:fa:d8:59.
Please contact your system administrator.Add correct host key in
 /home/guest/.ssh/known_hosts to get rid of this message.Offending key in /home/guest/.ssh/known_hosts:3 RSA host key for 192.168.1.1has changed and you have requested strict checking.Host key verification failed.

It's simple error.Just you remove that unknown host.Then that will work fine

            "ssh-keygen -R hostname"
           
This deletes the offending key from the known_hosts or open it up and delete the entry for the offending ip/hostname

Example:

            "rm -f /home/user/.ssh/known_hosts"
Posted by at No comments:
Labels:

Restrict Root SSH Login on Linux




One of the biggest security holes you could open on your server is to allow directly logging in as root through ssh.

We can Disable Root SSH Login, we’ll need to edit the sshd_config file, which is the main configuration file for the sshd service. The location will sometimes be different, but it’s usually in /etc/ssh/. Open the file up while logged on as root.

  " vi /etc/ssh/sshd_config "

Find this section in the file, containing the line with “PermitRootLogin” in it.

    #LoginGraceTime 2m
    #PermitRootLogin no
    #StrictModes yes
    #MaxAuthTries 6

Make the line look like this to disable logging in through ssh as root.

    PermitRootLogin no

Now you’ll need to restart the sshd service:

  " /etc/init.d/sshd restart "
Posted by at No comments:
Labels:

Difference and Usage between .toString , String.valueOf() , (String)




OBJECT.toString() calls the object's toString() method. It cannot be used for primitives, and it will give NullPointerException if OBJECT is null.

String.valueOf(OBJECT) will call the object's toString() method if OBJECT is a non-null reference. If OBJECT is a null reference, it will return the string "null". If OBJECT is a primitive, it will return a String representation of that primitive, probably by calling toString on an appropriate wrapper object, or a static String.valueOf method on the appropriate wrapper class.

Both toString() and String.valueOf are just methods. There's nothing special about them. You can look at their docs and/or source code to see what they do.

(String)OBJECT will attempt to cast the reference OBJECT to a String. I doesn't change the object in any way. If OBJECT is not a reference to one of String's supertypes--Object, Comparable, etc.Then it will be a compile-time error. If OBJECT is a reference to one of String's supertypes, but points to an object at runtime that is not a String, it will be a ClassCastException.
Posted by at No comments:
Labels:

Wrapper Class in Java

Java platform  provides primitive data types has a class dedicated to it. These are known as wrapper classes, because they "wrap" the primitive data type into an object of that class. Often, the wrapping is done by the compiler-if you use a primitive where an object is expected, the compiler boxes the primitive in its wrapper class for you. Similarly, if you use a number object when a primitive is expected, the compiler unboxes the object for you.So, there is anInteger class that holds an int variable, there is a Double class that holds a double variable, and so on.


Example for primitive data types and classes



Primitive type           Wrapper class Constructor Arguments

    byte                          Byte                       byte or String
    short                         Short                      short or String
    int                             Integer                    int or String
    long                          Long                      long or String
    float                          Float                      float, double or String
    double                      Double                   double or String
    char                         Character               char
    boolean                    Boolean                 boolean or String
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)