User Tools

Site Tools


temp
--geometry=90x50 -T $hostname -x sh -c "ssh -t user.name@bastion.com ht $server"
Important PS command:

I use the following ps commands in order to check for performance probelms:

1) Displaying top CPU_consuming processes:

ps aux | head -1; ps aux | sort -rn +2 | head -10

2) Displaying top 10 memory-consuming processes:

ps aux | head -1; ps aux | sort -rn +3 | head

3) Displaying process in order of being penalized:

ps -eakl | head -1; ps -eakl | sort -rn +5

4) Displaying process in order of priority:

ps -eakl | sort -n +6 | head

5) Displaying process in order of nice value

ps -eakl | sort -n +7

6) Displaying the process in order of time

ps vx | head -1;ps vx | grep -v PID | sort -rn +3 | head -10

7) Displaying the process in order of real memory use

ps vx | head -1; ps vx | grep -v PID | sort -rn +6 | head -10

8) Displaying the process in order of I/O

ps vx | head -1; ps vx | grep -v PID | sort -rn +4 | head -10

9) Displaying WLM classes

ps -a -o pid, user, class, pcpu, pmem, args

10) Determinimg process ID of wait processes:

ps vg | head -1; ps vg | grep -w wait

11) Wait process bound to CPU

ps -mo THREAD -p <PID>


lsof:

       To list all open files, use:
     
             # lsof

       To list all open Internet, x.25 (HP-UX), and UNIX domain files, use:

        # lsof -i -U

       To list all open IPv4 network files in use by the process whose PID is 1234, use:

             # lsof -i 4 -a -p 1234

       To list all files using any protocol on ports 513, 514, or 515 of host wonderland.cc.purdue.edu, use:

             # lsof -i @wonderland.cc.purdue.edu:513-515

       To list all files using any protocol on any port of mace.cc.purdue.edu (cc.purdue.edu is the default domain), use:

             # lsof -i @mace

       To list all open files for login name ââabeââ, or user ID 1234, or process 456, or process 123, or process 789, use:

             # lsof -p 456,123,789 -u 1234,abe

       To list all open files on device /dev/hd4, use:

             # lsof /dev/hd4


     To find the process that has /u/abe/foo open, use:

             # lsof /u/abe/foo

       To send a SIGHUP to the processes that have /u/abe/bar open, use:

             # kill -HUP âlsof -t /u/abe/barâ

       To find any open file, including an open UNIX domain socket file, with the name /dev/log, use:

             # lsof /dev/log

       To find processes with open files on the NFS file system named /nfs/mount/point whose server  is  inaccessible,  and presuming your mount table supplies the device number for /nfs/mount/point, use:

             # lsof -b /nfs/mount/point

       To do the preceding search with warning messages suppressed, use:

             # lsof -bw /nfs/mount/point

       To ignore the device cache file, use:

             # lsof -Di

       To  obtain  PID  and command name field output for each process, file descriptor, file device number, and file inode number for each file of each process, use:

             # lsof -FpcfDi

       To list the files at descriptors 1 and 3 of every process running the lsof command for login  ID  ââabeââ  every  10  seconds, use:

             # lsof -c lsof -a -d 1 -d 3 -u abe -r10

       To list the current working directory of processes running a command that is exactly four characters long and has an  âoâ or âOâ in character three, use this regular expression form of the -c c option:

             # lsof -c /^..o.$/i -a -d cwd

       To find an IP version 4 socket file by its associated numeric dot-form address, use:

             # lsof -i@128.210.15.17   

fuser:

      # fuser -km /home

kills all processes accessing the file system /home in any way.



      # if fuser -s /dev/ttyS1; then :; else something; fi

invokes something if no other process is using /dev/ttyS1.


      # fuser telnet/tcp shows all processes at the (local) TELNET port.



Some Important Command to find DDOS Attack

netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr

netstat -ntu | grep -v TIME_WAIT | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr

netstat -an | grep :80 | awk '{print $5}' | cut -f1 -d":" | sort | uniq -c | sort -n




netstat Command Example

# netstat –listen

Display open ports and established TCP connections:

# netstat -vatn

For UDP port try following command:

# netstat -vaun

If you want to see FQDN then remove -n flag:

# netstat -vat

lsof Command Examples

Display list of open ports

# lsof -i

To display all open files, use:

# lsof

To display all open IPv4 network files in use by the process whose PID is 9255, use:

# lsof -i 4 -a -p 9255


list information about TCP sessions on your server (specifically SSH in this example)
# lsof -i tcp@`hostname`:22

COMMAND  PID USER   FD   TYPE DEVICE SIZE NODE NAME
sshd2   7585 root    5u  IPv4  16105       TCP localbox:ssh->your.src.ip.here:5897 (ESTABLISHED)
sshd2   7653 root    5u  IPv4  16188       TCP localbox:ssh->your.src.ip.here:2262 (ESTABLISHED)

list information about all TCP session
# lsof -i tcp@`hostname`

list information about all sockets using port 53 (will display named information on UDP/TCP)
# lsof -i @`hostname`:53

list information about all UDP sessions
# lsof -i udp@`hostname`

will list all open files with "ssh" in them
# lsof -c ssh

list everything but with UIDs insted of the UID name from /etc/passwd
# lsof -l

list all open files with "ssh" and only the UIDs
# lsof -l -c ssh

list all open files for the /tmp dir (very slow), but good for finding that nasty process that's holding a file open (although:  fuser -m /tmp, will do the same thing)
# lsof +D /tmp 
<?php

#############################################################
#
#			Handover Lottery Tool!
#				Written by Cole
#
#############################################################

// Here are the definitions for our shifts
//
// 1st_half refers to the Sun-Wed shift
// 2nd_half refers to the Wed-Sat shift
//
// Set as $shift['part_of_week']['name'] = 'email_address';

// $shift['1st_half']['jordan'] = 'email';

$shift['1st_half']['vinny'] = 'email';
$shift['1st_half']['jon'] = 'email';

$shift['2nd_half']['david'] = 'email';
$shift['2nd_half']['james'] = 'email';
$shift['2nd_half']['cole'] = 'email';

////////////////////////////////////////
// DO NOT MODIFY BELOW THIS LINE
////////////////////////////////////////

// First, decide what day is it  (sets $day 1 for Mon.. 7 for Sun)
$day = date("N");

// We need to do a day offset of 1, since we technically do the handover after
// midnight
if(date('H') < 5) {
	if($day == 1) {
		$day = 7;
	} else {
		$day = $day-1;
	}
}


// Echo
#echo "Using day $day \n";

// Put together our choices
if($day == 1 || $day == 2 || $day == 7) {
	// Sun, Mon, Tues
	$choices = $shift['1st_half'];
} elseif($day == 4 || $day == 5 || $day == 6) {
	// Thurs, Fri, Sat
	$choices = $shift['2nd_half'];
} elseif($day == 3) {
	// Wednesday
	$choices = array_merge($shift['1st_half'], $shift['2nd_half']);
}

// Pick a random enty
$winner = array_rand($choices);

/* Grab yesterday's winner */
$last_winner =  exec("tail -1 /var/www/html/handover_lotto/handover_linux_log");
if(stristr($last_winner ,$winner) != false) {
	$winner = array_rand($choices);
}

$winner_email = $choices[$winner];

#echo "$winner was chosen with email address $winner_email \n";

// Send out an e-mail to that person!
$to = $winner_email;
$subject = "You win the Handover Lottery!";
$headers = 'From: Handover Lottery <email>'. "\r\n";
$message = 'You\'ve won tonght\'s handover lottery drawing!  Here\'s a quick link
to the handover tool:

http://wintools.rackspace.com/nick.kidd/LinuxHandover/index.php

Better luck next time!';

// Log it:
$fp = fopen("/var/www/html/handover_lotto/handover_linux_log", "a");
$text = date("D M j G:i:s T Y").":  $winner won the handover \n";
fwrite($fp, $text);
fclose($fp);

// Generate an HTML page
?>


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>HANDOVER LOTTERY</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta http-equiv="Imagetoolbar" content="no">

<style type="text/css">
/* pushes the page to the full capacity of the viewing area */
html {height:100%;}
body {height:100%; margin:0; padding:0;}
/* prepares the background image to full capacity of the viewing area */
#bg {position:fixed; top:0; left:0; width:100%; height:100%;}
/* places the content ontop of the background image */
#floater	{float:left; height:50%; margin-bottom:-120px;}
#top		{float:right; width:100%; text-align:center;}
#content {position:relative; top:25%; z-index:1; font-size:42pt; text-align:center; color:black; font-weight:bold; text-shadow: 0.1em 0.1em #333}
</style>
<!--[if IE 6]>
<style type="text/css">
/* some css fixes for IE browsers */
html {overflow-y:hidden;}
body {overflow-y:auto;}
#bg {position:absolute; z-index:-1;}
#content {position:static;}
</style>
<![endif]-->
</head>

<body>
<div id="bg"><img src="lottobg.png" width="100%" height="100%" alt=""></div>
<br /><br /><br />
<div id="content"><p> </p><p>The winner of tonight's handover is:<br/><?php echo $winner; ?></p></div>
</body>
</html>

<?php
flush();

mail($to, $subject, $message, $headers);

?>
temp.txt · Last modified: 2016/07/18 09:59 by vinny