Klingon Warrior . Com

This is useful to find out if your server is under attack or not. You can also list abusive IP address using this method.

netstat -nat | awk ‘{print $6}’ | sort | uniq -c | sort -n

Dig out more information about a specific ip address:

netstat -nat |grep {IP-address} | awk ‘{print $6}’ | sort | uniq -c | sort -n

Busy server can give out more information:

netstat -nat |grep 202.54.1.10 | awk ‘{print $6}’ | sort | uniq -c | sort -n

To print list of all unique IP address connected to server, enter:

netstat -nat | awk ‘{ print $5}’ | cut -d: -f1 | sed -e ‘/^$/d’ | uniq

To print total of all unique IP address, enter:

netstat -nat | awk ‘{ print $5}’ | cut -d: -f1 | sed -e ‘/^$/d’ | uniq | wc -l

If you think your Linux box is under attack, print out a list of open connections on your box and sorts them by according to IP address, enter:

netstat -atun | awk ‘{print $5}’ | cut -d: -f1 | sed -e ‘/^$/d’ |sort | uniq -c | sort -n

Display Summary Statistics for Each Protocol

Simply use netstat -s:

netstat -s | less

netstat -t -s | less

netstat -u -s | less

netstat -w -s | less

netstat -s

You can easily display dropped and total transmitted packets with netstat for eth0:

netstat –interfaces=eth0

Step-by-Step Procedure
Follow the below.

Attach a terminal or PC with terminal emulation (for example, Hyper Terminal) to the console port of the switch.

Use the following terminal settings:

Bits per second (baud): 9600

Data bits: 8

Parity: None

Stop bits: 1

Flow Control: Xon/Xoff

Note: For additional information on cabling and connecting a terminal to the console port, refer to Connecting a Terminal to the Console Port on Catalyst Switches.

Unplug the power cable.

Power the switch and bring it to the switch: prompt:

For 2900XL, 3500XL, 2940, 2950, 2960, 2970, 3550, 3560, and 3750 series switches, do this:

Hold down the mode button located on the left side of the front panel, while you reconnect the power cable to the switch.

Catalyst Switch Series
LED Behavior and Mode Button Release Action

2900XL, 3500XL, 3550
Release the Mode button when the LED above Port1x goes out.

2940, 2950
Release the Mode button after approximately 5 seconds when the Status (STAT) LED goes out. When you release the Mode button, the SYST LED blinks amber.

2960, 2970
Release the Mode button when the SYST LED blinks amber and then turns solid green. When you release the Mode button, the SYST LED blinks green.

3560, 3750
Release the Mode button after approximately 15 seconds when the SYST LED turns solid green. When you release the Mode button, the SYST LED blinks green.

Note: LED position may vary slightly depending on the model.

Catalyst 3524XL

Catalyst 2950-24

For 2955 series switches only:

The Catalyst 2955 series switches do not use an external mode button for password recovery. Instead the switch boot loader uses the break-key detection to stop the automatic boot sequence for the password recovery purposes. The break sequence is determined by the terminal application and operating system used. Hyperterm running on Windows 2000 uses Ctrl + Break. On a workstation running UNIX, Ctrl-C is the break key. For more information, refer to Standard Break Key Sequence Combinations During Password Recovery.

The example below uses Hyperterm to break into switch: mode on a 2955.

C2955 Boot Loader (C2955-HBOOT-M) Version 12.1(0.0.514), CISCO DEVELOPMENT TEST
VERSION
Compiled Fri 13-Dec-02 17:38 by madison
WS-C2955T-12 starting…
Base ethernet MAC Address: 00:0b:be:b6:ee:00
Xmodem file system is available.
Initializing Flash…
flashfs[0]: 19 files, 2 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 7741440
flashfs[0]: Bytes used: 4510720
flashfs[0]: Bytes available: 3230720
flashfs[0]: flashfs fsck took 7 seconds.
…done initializing flash.
Boot Sector Filesystem (bs:) installed, fsid: 3
Parameter Block Filesystem (pb:) installed, fsid: 4

*** The system will autoboot in 15 seconds ***
Send break character to prevent autobooting.

!— Wait until you see this message before
!— you issue the break sequence.
!— Ctrl+Break is entered using Hyperterm.

The system has been interrupted prior to initializing the flash file system to finish
loading the operating system software:

flash_init
load_helper
boot
switch:Issue the flash_init command.

switch: flash_init
Initializing Flash…
flashfs[0]: 143 files, 4 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 3612672
flashfs[0]: Bytes used: 2729472
flashfs[0]: Bytes available: 883200
flashfs[0]: flashfs fsck took 86 seconds
….done Initializing Flash.
Boot Sector Filesystem (bs:) installed, fsid: 3
Parameter Block Filesystem (pb:) installed, fsid: 4
switch:

!— This output is from a 2900XL switch. Output from
!— other switches will vary slightly.

Issue the load_helper command.

switch: load_helper
switch:Issue the dir flash: command.

Note: Make sure to type a colon “:” after the dir flash.

The switch file system is displayed:

switch: dir flash:
Directory of flash:/
2 -rwx 1803357 c3500xl-c3h2s-mz.120-5.WC7.bin

!— This is the current version of software.

4 -rwx 1131 config.text

!— This is the configuration file.

5 -rwx 109 info
6 -rwx 389 env_vars
7 drwx 640 html
18 -rwx 109 info.ver
403968 bytes available (3208704 bytes used)
switch:

!— This output is from a 3500XL switch. Output from
!— other switches will vary slightly.

Type rename flash:config.text flash:config.old to rename the configuration file.

switch: rename flash:config.text flash:config.old
switch:

!— The config.text file contains the password
!— definition.

Issue the boot command to boot the system.

switch: boot
Loading “flash:c3500xl-c3h2s-mz.120-5.WC7.bin”…###############################
################################################################################
######################################################################
File “flash:c3500xl-c3h2s-mz.120-5.WC7.bin” uncompressed and installed, entry po
int: 0×3000
executing…

!— Output suppressed.
!— This output is from a 3500XL switch. Output from other switches
!— will vary slightly.

Enter “n” at the prompt to abort the initial configuration dialog.

— System Configuration Dialog —
At any point you may enter a question mark ‘?’ for help.
Use ctrl-c to abort configuration dialog at any prompt.
Default settings are in square brackets ‘[]‘.
Continue with configuration dialog? [yes/no]: n

!— Type “n” for no.

Press RETURN to get started.

!— Press Return or Enter.

Switch>

!— The Switch> prompt is displayed.

At the switch prompt, type en to enter enable mode.

Switch>en
Switch#Type rename flash:config.old flash:config.text to rename the configuration file with its original name.

Switch#rename flash:config.old flash:config.text
Destination filename [config.text]

!— Press Return or Enter.

Switch#Copy the configuration file into memory.

Switch#copy flash:config.text system:running-config
Destination filename [running-config]?

!— Press Return or Enter.

1131 bytes copied in 0.760 secs
Sw1#The configuration file is now reloaded.

Overwrite the current passwords that you do not know. Choose a strong password with at least one capital letter, one number, and one special character.

Note: Overwrite the passwords which are necessary. You need not overwrite all of the mentioned passwords.

Sw1# conf t

!— To overwrite existing secret password

Sw1(config)#enable secret

!— To overwrite existing enable password

Sw1(config)#enable password

!— To overwrite existing vty password

Sw1(config)#line vty 0 15
Sw1(config-line)#password

Sw1(config-line)#login

!— To overwrite existing console password

Sw1(config-line)#line con 0
Sw1(config-line)#password

Write the running configuration to the configuration file with the write memory command.

Sw1#write memory
Building configuration…
[OK]
Sw1#

First create a file which contains all the user name. Something like this:

nurealam
nayeem
mrahman
farid
rubi
sankar

Save the file as userlist.txt.
Now create the following bash file:

#!/bin/sh
for i in `more userlist.txt `
do
echo $i
adduser $i
doneSave the file and exit.

chmod 755 userlist.txt

Now run the file:

./userlist.txt

This will add all the users to the system. Now we have to change the passwords. Let’s say we want username123 as password. So for user nayeem the password will be nayeem123, rubi123 for user rubi and so on.

Create another bash file as follows:

#!/bin/sh
for i in `more userlist.txt `
do
echo $i
echo $i”123″ | passwd –-stdin “$i”
echo; echo “User $username’s password changed!”
done

Run the file.
All the passwords are changed.

The svc program
svc controls services monitored by supervise.
Interface
svc opts services

opts is a series of getopt-style options. services consists of any number of arguments, each argument naming a directory used by supervise.

svc applies all the options to each service in turn. Here are the options:

-u: Up. If the service is not running, start it. If the service stops, restart it.
-d: Down. If the service is running, send it a TERM signal and then a CONT signal. After it stops, do not restart it.
-o: Once. If the service is not running, start it. Do not restart it if it stops.
-p: Pause. Send the service a STOP signal.
-c: Continue. Send the service a CONT signal.
-h: Hangup. Send the service a HUP signal.
-a: Alarm. Send the service an ALRM signal.
-i: Interrupt. Send the service an INT signal.
-t: Terminate. Send the service a TERM signal.
-k: Kill. Send the service a KILL signal.
-x: Exit. supervise will exit as soon as the service is down. If you use this option on a stable system, you’re doing something wrong; supervise is designed to run forever.

255.255.255.255 11111111.11111111.11111111.11111111 /32 Host (single address)

255.255.255.254 11111111.11111111.11111111.11111110 /31 Unuseable
255.255.255.252 11111111.11111111.11111111.11111100 /30 2 useable
255.255.255.248 11111111.11111111.11111111.11111000 /29 6 useable
255.255.255.240 11111111.11111111.11111111.11110000 /28 14 useable
255.255.255.224 11111111.11111111.11111111.11100000 /27 30 useable
255.255.255.192 11111111.11111111.11111111.11000000 /26 62 useable
255.255.255.128 11111111.11111111.11111111.10000000 /25 126 useable
255.255.255.0 11111111.11111111.11111111.00000000 /24 “Class C” 254 useable

255.255.254.0 11111111.11111111.11111110.00000000 /23 2 Class C
255.255.252.0 11111111.11111111.11111100.00000000 /22 4 Class C
255.255.248.0 11111111.11111111.11111000.00000000 /21 8 Class C
255.255.240.0 11111111.11111111.11110000.00000000 /20 16 Class C
255.255.224.0 11111111.11111111.11100000.00000000 /19 32 Class C
255.255.192.0 11111111.11111111.11000000.00000000 /18 64 Class C
255.255.128.0 11111111.11111111.10000000.00000000 /17 128 Class C
255.255.0.0 11111111.11111111.00000000.00000000 /16 “Class B”

255.254.0.0 11111111.11111110.00000000.00000000 /15
255.252.0.0 11111111.11111100.00000000.00000000 /14
255.248.0.0 11111111.11111000.00000000.00000000 /13
255.240.0.0 11111111.11110000.00000000.00000000 /12
255.224.0.0 11111111.11100000.00000000.00000000 /11
255.192.0.0 11111111.11000000.00000000.00000000 /10
255.128.0.0 11111111.10000000.00000000.00000000 /9
255.0.0.0 11111111.00000000.00000000.00000000 /8 “Class A”

254.0.0.0 11111110.00000000.00000000.00000000 /7
252.0.0.0 11111100.00000000.00000000.00000000 /6
248.0.0.0 11111000.00000000.00000000.00000000 /5
240.0.0.0 11110000.00000000.00000000.00000000 /4
224.0.0.0 11100000.00000000.00000000.00000000 /3
192.0.0.0 11000000.00000000.00000000.00000000 /2
128.0.0.0 10000000.00000000.00000000.00000000 /1
0.0.0.0 00000000.00000000.00000000.00000000 /0 IP space

# 255.255.255.0 1 Class C
# 255.255.254.0 2 Class Cs
# 255.255.252.0 4 Class Cs
# 255.255.248.0 8 Class Cs
# 255.255.240.0 16 Class Cs
# 255.255.224.0 32 Class Cs
# 255.255.192.0 64 Class Cs
# 255.255.128.0 128 Class Cs
# 255.255.0.0 1 Class B

setup your dd as normal:

dd if=whatever.dd of=/dev/sda &

pkill -USR1 ^dd$

or watch it

watch -n5 — pkill -USR1 ^dd$

The svc program
svc controls services monitored by supervise.
Interface

svc opts services

opts is a series of getopt-style options. services consists of any number of arguments, each argument naming a directory used by supervise.

svc applies all the options to each service in turn. Here are the options:

* -u: Up. If the service is not running, start it. If the service stops, restart it.
* -d: Down. If the service is running, send it a TERM signal and then a CONT signal. After it stops, do not restart it.
* -o: Once. If the service is not running, start it. Do not restart it if it stops.
* -p: Pause. Send the service a STOP signal.
* -c: Continue. Send the service a CONT signal.
* -h: Hangup. Send the service a HUP signal.
* -a: Alarm. Send the service an ALRM signal.
* -i: Interrupt. Send the service an INT signal.
* -t: Terminate. Send the service a TERM signal.
* -k: Kill. Send the service a KILL signal.
* -x: Exit. supervise will exit as soon as the service is down. If you use this option on a stable system, you’re doing something wrong; supervise is designed to run forever.

The svscan program
svscan starts and monitors a collection of services.
Interface
svscan starts one supervise process for each subdirectory of the current directory, up to a limit of 1000 subdirectories. svscan skips subdirectory names starting with dots. supervise must be in svscan’s path.

svscan optionally starts a pair of supervise processes, one for a subdirectory s, one for s/log, with a pipe between them. It does this if the name s is at most 255 bytes long and s/log exists. (In versions 0.70 and below, it does this if s is sticky.) svscan needs two free descriptors for each pipe.

Every five seconds, svscan checks for subdirectories again. If it sees a new subdirectory, it starts a new supervise process. If it sees an old subdirectory where a supervise process has exited, it restarts the supervise process. In the log case it reuses the same pipe so that no data is lost.

svscan is designed to run forever. If it has trouble creating a pipe or running supervise, it prints a message to stderr; it will try again five seconds later.

If svscan is given a command-line argument, it switches to that directory when it starts.

The svstat program
svstat prints the status of services monitored by supervise.
Interface

svstat services

services consists of any number of arguments, each argument naming a directory. svstat prints one human-readable line for each directory, saying whether supervise is successfully running in that directory, and reporting the status information maintained by supervise.

The supervise program
supervise starts and monitors a service.
Interface

supervise s

supervise switches to the directory named s and starts ./run. It restarts ./run if ./run exits. It pauses for a second after starting ./run, so that it does not loop too quickly if ./run exits immediately.

If the file s/down exists, supervise does not start ./run immediately. You can use svc to start ./run and to give other commands to supervise.

supervise maintains status information in a binary format inside the directory s/supervise, which must be writable to supervise. The status information can be read by svstat.

supervise may exit immediately after startup if it cannot find the files it needs in s or if another copy of supervise is already running in s. Once supervise is successfully running, it will not exit unless it is killed or specifically asked to exit. You can use svok to check whether supervise is successfully running. You can use svscan to reliably start a collection of supervise processes.

By default after a kernel panic Linux just sits there and waits for a user to hit the restart button.

That can be a bad thing if it’s a remote server.

To check if its enabled try this:
Code: cat /proc/sys/kernel/panic

0

The returned 0 is the time the kernel will wait before it reboots. If it is 0 or lower, it won’t reboot by itself.

To set the kernel to reboot do this command:

# echo “5″ > /proc/sys/kernel/panic

Where 5 is replaced with the number of seconds to wait till reboot after a kernel panic.

To check the time was set right do this:
Code: cat /proc/sys/kernel/panic

5

To make it more permanent do this:

# echo “kernel.panic=5″ >> /etc/sysctl.conf

Adding the following to your kernel parameters in your bootloaders configuration might also help:

panic=5

NOTE: Substitute 5 with the number of seconds to wait till reboot after a kernel panic.

Retrieved from “http://gentoo-wiki.com/TIP_Kernel_Panic_Reboot”

#!/bin/sh
# System + MySQL backup script
# ———————————————————————

### System Setup ###
DIRS=”/etc /home”
DAY=$(date +”%a”)
BACKUP=/dir.backup
EMAILID=yabba@dabba.com

### MySQL Setup ###
MUSER=”username”
MPASS=”password”
MHOST=”localhost”

### FTP server Setup ###
FTPU=”FTPusername”
FTPP=”FTPpassword”
FTPS=”IP.IP.IP.IP”

# Make that them there directory.
if [ ! -d $BACKUP ] ; then
mkdir $BACKUP
fi

### Start MySQL Backup ###
FILE=$BACKUP/drj_all_db.sql.$DAY.gz
mysqldump -u $MUSER -h $MHOST -p$MPASS –all-databases | gzip -9 > $FILE

### Dump backup using FTP ###
lftp -u “$FTPU”,”$FTPP” $FTPS< lcd $BACKUP
put $FILE
quit
EOF
# Comment this out. It will overwrite $? when run and not allow checking
# on the next if statement.
#echo "$?"
### Find out if ftp backup failed or not ###
T=/tmp/backup.fail
if [ "$?" != "0" ]; then
echo "Date: $(date)">$T
echo “Hostname: $(hostname)” >>$T
echo “Remote backup failed! Please investigate! Thank you!” >>$T
mail -s “Backup Failed: Ugg ” “$EMAILID” <$T
rm -f $T
fi