|
I just set up an IDS at work using fedora, and I wanted to also set up some sort of monitoring software for the web. The best outcome would be something that has an attached web interface (im using Snort+BASE right now for the IDS) I searched google but I keep getting odd sites with little information anyone know of anything good?
|
# ¿ Mar 23, 2007 18:25 |
|
|
# ¿ Apr 27, 2024 02:02 |
|
Postal posted:I meant anything. I'll give BASE and ACID a try once I get Fedora up and running. Right now I'm working in a VM only and having some trouble with Fedora 6 (in parallels on a MBP). http://www.howtoforge.com/intrusion_detection_base_snort I was using fedora 5 however so im not sure what would need to be different. Can anyone lead me to good web logging software, linux based?
|
# ¿ Mar 31, 2007 04:00 |
|
hello everyone I'm writing a bash script but I've hit a stoping block, how would I check a directory, then drop all of the file names in this directory into a txt file?
|
# ¿ May 17, 2007 15:53 |
|
coconono posted:ls >> blarg, where blarg is the name of the file so quick thanks
|
# ¿ May 17, 2007 15:55 |
|
oh jeeze one more bash question sorry, when I copy the names into this directory, is there a way to make sure that the access dates dont chage?
|
# ¿ May 17, 2007 15:59 |
|
Now im having trouble using tar I have a file, lets say its foo.txt, and inside this file are the filenames that I would like to tar. however I can't get tar to use these file names! I know there is a way to do this with the -T flag, but I'm having some trouble using it. Thanks again !
|
# ¿ May 17, 2007 17:06 |
|
hedge77 posted:are you running tar with the verbose option? If it is telling you what the error is could you post it perhaps? here is the output i know something is off but im not sure foo.txt is in the same directory. code:
|
# ¿ May 17, 2007 17:22 |
|
CaladSigilon posted:Why don't you tell us what you're trying to do, instead of the problem you're having? alright what I'm trying to do is look at a bunch of mysql db's (not too big but large enough) i want to tar them, then send them over ftp to our backup server. I'm using bash to script this. here is my code so far: code:
using this file, then i execute the tar command (its not written yet) and then ftp to archive server. I know that there might be easer ways to do this but I want to learn some bash scripting and I thought this might be a good way to do it. I hope that made sense!
|
# ¿ May 17, 2007 18:48 |
|
Zakalwe posted:no no no no no ! You don't back up the db files directly. As you copy them they can be in an internally inconsistent state. You need to use mysqldump to dump the databases you want to a text file. You can then easily gzip this for storage and restore your databases later on in a clean and safe manner. Ah yes, after reading a bit more I've found that you're 100% correct. And I fiddled with my script accordingly.
|
# ¿ May 18, 2007 16:38 |
|
I've been bash scripting (go easy my first attempt) And after editing out the portion of code that I've gotten to work, I've discovered a new problem. I would like the text file that I've created to be emailed to myself, but I get:code:
code:
Twlight fucked around with this message at 16:55 on May 21, 2007 |
# ¿ May 21, 2007 16:00 |
|
dfn_doe posted:Seeing the headers and bounce messages would probably be more helpful than just the subjects... Sorry here is the maillog, log: May 22 10:24:06 XXXXX postfix/postfix-script: fatal: the Postfix mail system is already running May 22 10:25:10 XXXXX postfix/pickup[12562]: A35414A00F1: uid=0 from=<root> May 22 10:25:10 XXXXX postfix/cleanup[17395]: A35414A00F1: message-id=<20070522152510.A35414A00F1@XXXXX.coolsavings.com> May 22 10:25:10 magni postfix/qmgr[12563]: A35414A00F1: from=<root@magni.coolsavings.com>, size=799, nrcpt=1 (queue active) May 22 10:25:10 magni postfix/qmgr[12563]: A35414A00F1: to=<root@magni.coolsavings.com>, orig_to=<root>, relay=none, delay=0, status=deferred (delivery temporarily suspended: address resolver failure) What else should i be looking for, or really where are the bounce messages.
|
# ¿ May 22, 2007 16:29 |
|
Try using yum (fedoras version of apt-get) to install what ever dependiences you might need. Of course you can bring up the yum man page and check certin flags if you want to install things with no dependencies.
|
# ¿ May 26, 2007 22:37 |
|
.
Twlight fucked around with this message at 18:12 on May 29, 2007 |
# ¿ May 29, 2007 17:52 |
|
Hello I’m working during my internship and I’m focusing on linux administration. While I am doing other projects the position leaves me with a lot of free time to build different things with some of the old hardware. (Pentium 3’s). I’ve built an IDS as well as written some perl scripts but I’m fresh out of ideas for a new side project. Anyone have any ideas or would like to share what they’re working on? Thanks
|
# ¿ Jun 11, 2007 16:18 |
|
Whats a good way to check and see what mail has been sent. I think there is a rouge script on a server at work (not my design) and its sending mail to the admin group. Since the script is broken I want to turn it off but I'm not sure where it resides.
|
# ¿ Jun 11, 2007 17:28 |
|
At work we have alot of systems, and since these systems are referenced by ip address mostly (due to snort's web frontend) I was thinking of creating a local whois server just so BASE can interface with it. Whats the quickest way to go about this in linux.
|
# ¿ Jun 22, 2007 21:35 |
|
JoeNotCharles posted:Uh, what exactly do you need from the whois server? If you have the name and want the IP, you need DNS server. If you have the IP and want the name, you need reverse DNS. whois won't help you - it just tells you who's registered a domain name. drat, you know I knew that my question sounded odd, I guess I need reverse dns but I found some articles that allows me to do that. sorry about the mix up.
|
# ¿ Jun 22, 2007 22:00 |
|
Hello everyone, Ill admit that my knowledge of Linux and mail servers is very weak and I have a few questions that I hope you guys can answer. Here at work I have a server that I would like to send mail to our exchange server and then to my desk (all internal) But I'm not sure what I'm trying to ask. Is this mail forwarding? or something else? I've been reading and found that Sendmail is quite complex, should I use postfix? Thanks Twlight fucked around with this message at 17:55 on Jun 28, 2007 |
# ¿ Jun 28, 2007 16:34 |
|
I've got a server I've inherited and it has many running processes that don't seem to be needed (as I never use an X session) I'm having a hard time trying to figure out what many of these are and if I can safely remove them. Here is a list:code:
|
# ¿ Jul 31, 2007 17:04 |
|
ShoulderDaemon posted:Good info Thanks! this is an IDS box, and IPaudit does traffic logging and makes nice graphs. (if you wanted to know
|
# ¿ Jul 31, 2007 18:29 |
|
hey everyone! I've been having a hell of a time trying to track a script down on an older box that keeps emailing our networking department. I've pulled up the maillog and this is the entry: code:
I've searched through the cron jobs and cant find where this is coming from. I know I'm missing something but I just can't put my finger on it.
|
# ¿ Aug 7, 2007 17:30 |
|
hey everyone, I'm having a hell of a time trying to figure out Parameter expansion. What I'm trying to do is check filename patterns with substitution parameter expansion. However, I cant quite figure out how to take the array of file names I have and the parameter i want to check and make sense of it It's quite vexing. thanks!
|
# ¿ Feb 5, 2008 06:03 |
|
Hello everyone I'm running a FC5 server and I want to send email from this server to my gmail address. We already have a mail server at work but I'm not sure how to configure sendmail to work with an existing email server. I'm not really sure how to google for this type of question most results just show how to configure sendmail as a standalone email server. Thanks
|
# ¿ Mar 4, 2008 16:03 |
|
Alowishus posted:You need to configure sendmail to use a smarthost (where the smarthost is your existing mailserver): I'm going to try and do this through sendmail. I might as well get some practice with it! thanks!
|
# ¿ Mar 4, 2008 16:38 |
|
I have a poo poo load of files in my /tmp directory and I want to remove some of them. They begin with A or B have the string 406 inside and end in .txt and/or .text. I created this command code:
I'm refrencing this page regarding regex and rm. http://polishlinux.org/console/regular-expressions-and-search-patterns/
|
# ¿ Mar 5, 2008 20:39 |
|
I'm having some trouble using IPtables with CentOS 5. I'd like to use the firewall but it seems when I turn it on I can't access internal web pages. (This server is running Cacti/Nagios) so when I try and open their web interfaces I cannot establish the connection. Here are the Iptables rules code:
Edit: I figured it out, I wasn't saving the file with code:
Twlight fucked around with this message at 17:44 on Mar 24, 2008 |
# ¿ Mar 24, 2008 17:36 |
|
Hey everyone: I've wanted to create some simple mysql reports based on the database that Snort creates. When I Google for MySql reporting, it's mostly "Please buy this product" and so on. Does anyone know of a free reporting tool?
|
# ¿ Mar 28, 2008 16:21 |
|
While this is some time out, I'd figure that I should learn more about linux mail systems. I might have to build one for work at some time and having one built and running on my home pc might be something id use as well. Where should I go about learning the in/outs of a particular program? I've been reading about postfix and it seems pretty good. I'd like to get calendar integration too, but at a much lower priority, as well. Where should I begin to search?
|
# ¿ May 6, 2008 06:39 |
|
This is a question i've had mulling over my head for some time and wanted to know what everyone else thought: I would like to start keeping track of where/what/how our server config files are managed. I was looking into subversion, and was liking what I was seeing. However are there any things that I should know before using subversion for configuration file control, instead of it's "normal" use as for developing applications?
|
# ¿ Jun 4, 2008 17:48 |
|
GringoGrande posted:There are newer and better SCM's than subversion. Here's a blog entry on how to use git and a apt hook to keep track of /etc. Man, just what I was looking for, thanks!
|
# ¿ Jun 6, 2008 14:42 |
|
Hey everyone: I created a quick bash script that has a long command that I execute a lot. I've added the command name to my bashrc but what other steps do I need to allow it to be ran from all across the file system?
|
# ¿ Jun 23, 2008 16:31 |
|
SynVisions posted:I assume you mean ran across all users? Take it out of your bashrc and drop the script somewhere in your $PATH. i.e. copy/symlink the script to /usr/bin. Thanks! You're right I meant to say users
|
# ¿ Jun 23, 2008 16:48 |
|
Here is an odd question: At my new job most of our printers work off of cups. This isn't bad, the web interface is nice and I don't mind administering printers in this way. However I would like to change one thing. When a printer is locked, all users must contact me to have the printer unlocked. I feel that with the web interface there isn't much of a need to contact me. I was poking around cups and found that you can adjust what privileges users have. I just don't want a user to be able to lock and unlock printers which arn't in there location. I found this link: http://linux.derkeiler.com/Mailing-Lists/Debian/2004-08/2848.html which someone highlights the same problem, I was wondering if anyone has ran into this and how they figured it out.
|
# ¿ Jul 1, 2008 16:36 |
|
I've been given the task of setting up account management for our Linux systems. we have 4-5 CentOS 5 systems and about a 1/2 dozen Red Hat systems as well. All of our windows servers are authenticating through AD. Searching on Google really hasn't brought the kind of information I've been looking for. I'm not sure where to begin, would radius be a good idea? we have a radius server already in house handling some Cisco log in information, or should I use something else?
|
# ¿ Aug 15, 2008 16:17 |
|
chryst posted:If you can get your AD admins to add the POSIX extensions (they might be called something else) to Active Directory, then you can auth your servers via AD using LDAP and Kerberos. It's not terribly hard, and it works reasonably well. haha I am the AD admin. Ill look this up thanks.
|
# ¿ Aug 15, 2008 19:22 |
|
I have a couple hundred users that connect to our ERP solution that runs RHEL 3. Before I got here when a user left the company there user account was never removed from the system. Now I have a huge homes directory that has both inactive and active accounts. What would be a decent way to do the following? 1: get a list emailed each month with users that have been inactive for x amount of days 2: automatically disable accounts inactive between x and y 3: remove accounts that are inactive past y
|
# ¿ Aug 29, 2008 18:42 |
|
Ashex posted:I would have a list generated of users that haven't logged in within the past 90 days, then automatically disable them. Yea I just ran into this problem we had a manager that was gone for 2 months on medical, now hes leaving again for another 2 months so I can see where a holding group would make sense. how would it be best to get logged in information? just ls -al the home directories?
|
# ¿ Aug 29, 2008 19:14 |
|
Ashex posted:I would suggest using last These systems are not well maintained, cleanup isn't running so last worked out perfectly. To script this up, I'm assuming i would use awk to grab dates that i would like?
|
# ¿ Aug 29, 2008 21:15 |
|
JoeNotCharles posted:Depending on cleanup not running seems like a bad thing - if someone took over and started maintaining the system better, things would start breaking. I should have been more clear, I've started to document (because there is 0 documentation about anything) and automate how things are done. This IT department is a loving mess beyond belief, but it does give me the change to learn which has been invaluable. I'm writing scripts and using CFengine to push out changes which is a step in the right direction, we just have so many little things like automating user administration (or at least doing it a single way) that should have already been done.
|
# ¿ Aug 31, 2008 06:52 |
|
|
# ¿ Apr 27, 2024 02:02 |
|
Lucien posted:Here, try this on for size: I just did something like this. It's best to take the output of date into a variable. code:
|
# ¿ Sep 11, 2008 22:46 |