/var/log/messages - system messages
/secure - Logging by PAM of network access attempts
/dmesg - Log of system boot. Also see command dmesg
/boot.log - Log of system init process
/xferlog.1 - File transfer log
/lastlog - Requires the use of the lastlog command to examine contents
/maillog - log from sendmail daemon
Tuesday, May 24, 2011
find commands
Search and list all files from current directory and down for the string ABC:
find ./ -name "*" -exec grep -H ABC {} \;
find ./ -type f -print | xargs grep -H "ABC" /dev/null
egrep -r ABC *
Find all files of a given type from current directory on down:
find ./ -name "*.conf" -print
Find all user files larger than 5Mb:
find /home -size +5000000c -print
Find all files owned by a user (defined by user id number. see /etc/passwd) on the system: (could take a very long time)
find / -user 501 -print
Find all files created or updated in the last five minutes: (Great for finding effects of make install)
find / -cmin -5
Find all users in group 20 and change them to group 102: (execute as root)
find / -group 20 -exec chown :102 {} \;
Find all suid and setgid executables:
find / \( -perm -4000 -o -perm -2000 \) -type f -exec ls -ldb {} \;
find / -type f -perm +6000 -ls
Note: suid executable binaries are programs which switch to root privileges to perform their tasks. These are created by applying a "sticky" bit: chmod +s. These programs should be watched as they are often the first point of entry for hackers. Thus it is prudent to run this command and remove the "sticky" bits from executables which either won't be used or are not required by users. chmod -s filename
Find all world writable directories:
find / -perm -0002 -type d -print
Find all world writable files:
find / -perm -0002 -type f -print
find / -perm -2 ! -type l -ls
Find files with no user:
find / -nouser -o -nogroup -print
Find files modified in the last two days:
find / -mtime 2 -o -ctime 2
Compare two drives to see if all files are identical:
find / -path /proc -prune -o -path /new-disk -prune -o -xtype f -exec cmp {} /new-disk{} \;
find ./ -name "*" -exec grep -H ABC {} \;
find ./ -type f -print | xargs grep -H "ABC" /dev/null
egrep -r ABC *
Find all files of a given type from current directory on down:
find ./ -name "*.conf" -print
Find all user files larger than 5Mb:
find /home -size +5000000c -print
Find all files owned by a user (defined by user id number. see /etc/passwd) on the system: (could take a very long time)
find / -user 501 -print
Find all files created or updated in the last five minutes: (Great for finding effects of make install)
find / -cmin -5
Find all users in group 20 and change them to group 102: (execute as root)
find / -group 20 -exec chown :102 {} \;
Find all suid and setgid executables:
find / \( -perm -4000 -o -perm -2000 \) -type f -exec ls -ldb {} \;
find / -type f -perm +6000 -ls
Note: suid executable binaries are programs which switch to root privileges to perform their tasks. These are created by applying a "sticky" bit: chmod +s. These programs should be watched as they are often the first point of entry for hackers. Thus it is prudent to run this command and remove the "sticky" bits from executables which either won't be used or are not required by users. chmod -s filename
Find all world writable directories:
find / -perm -0002 -type d -print
Find all world writable files:
find / -perm -0002 -type f -print
find / -perm -2 ! -type l -ls
Find files with no user:
find / -nouser -o -nogroup -print
Find files modified in the last two days:
find / -mtime 2 -o -ctime 2
Compare two drives to see if all files are identical:
find / -path /proc -prune -o -path /new-disk -prune -o -xtype f -exec cmp {} /new-disk{} \;
wordpress .htaccess file
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
log rotate.conf
/var/log/process-name.log {
rotate 12
monthly
errors root@localhost
missingok
postrotate
/usr/bin/killall -HUP process-name 2> /dev/null || true
endscript
}
rotate 12
monthly
errors root@localhost
missingok
postrotate
/usr/bin/killall -HUP process-name 2> /dev/null || true
endscript
}
Subscribe to:
Posts (Atom)