divendres, 31 de maig del 2013

¿Desea continuar [S/n]? s
Configurando linux-image-2.6.32-5-amd64 (2.6.32-48squeeze3) ...
Running depmod.
Running update-initramfs.
update-initramfs: Generating /boot/initrd.img-2.6.32-5-amd64
W: Possible missing firmware /lib/firmware/rtl_nic/rtl8105e-1.fw for module r8169
W: Possible missing firmware /lib/firmware/rtl_nic/rtl8168e-2.fw for module r8169
W: Possible missing firmware /lib/firmware/rtl_nic/rtl8168e-1.fw for module r8169
W: Possible missing firmware /lib/firmware/rtl_nic/rtl8168d-2.fw for module r8169
W: Possible missing firmware /lib/firmware/rtl_nic/rtl8168d-1.fw for module r8169
Examining /etc/kernel/postinst.d.
run-parts: executing /etc/kernel/postinst.d/initramfs-tools 2.6.32-5-amd64 /boot/vmlinuz-2.6.32-5-amd64
run-parts: executing /etc/kernel/postinst.d/pm-utils 2.6.32-5-amd64 /boot/vmlinuz-2.6.32-5-amd64
run-parts: executing /etc/kernel/postinst.d/update-notifier 2.6.32-5-amd64 /boot/vmlinuz-2.6.32-5-amd64
run-parts: executing /etc/kernel/postinst.d/zz-update-grub 2.6.32-5-amd64 /boot/vmlinuz-2.6.32-5-amd64
Generating grub.cfg ...
Found background image: /usr/share/images/desktop-base/desktop-grub.png
Found linux image: /boot/vmlinuz-2.6.32-5-amd64
Found initrd image: /boot/initrd.img-2.6.32-5-amd64
Found linux image: /boot/vmlinuz-2.6.26-2-amd64
Found initrd image: /boot/initrd.img-2.6.26-2-amd64
Found linux image: /boot/vmlinuz-2.6.26-1-amd64
Found initrd image: /boot/initrd.img-2.6.26-1-amd64
/etc/grub.d/README: 2: All: not found
/etc/grub.d/README: 4: 00_*:: not found
/etc/grub.d/README: 5: 10_*:: not found
/etc/grub.d/README: 6: Syntax error: "(" unexpected
run-parts: /etc/kernel/postinst.d/zz-update-grub exited with return code 2
Failed to process /etc/kernel/postinst.d at /var/lib/dpkg/info/linux-image-2.6.32-5-amd64.postinst line 799.
dpkg: error al procesar linux-image-2.6.32-5-amd64 (--configure):
 el subproceso instalado el script post-installation devolvió el código de salida de error 2
configured to not write apport reports
                                      Se encontraron errores al procesar:
 linux-image-2.6.32-5-amd64
E: Sub-process /usr/bin/dpkg returned an error code (1)

resolució

dpkg --configure -a

Con esta simple orden, le decimos que termine la instalación pendiente. Si después de realizar este paso, seguimos teniendo los mis problemas (no desesperar), pongamos manos a la obra:

1.- Eliminar los archivos:

/var/lib/dpkg/info/"package-name".postrm

/var/lib/dpkg/info/"package-name".list

2.- apt-get clean all

3.- apt-get update

4.- apt-get upgrade
Publicat per a Cap comentari:

revisió hardware i moduls de hardware

lspci
NAME lspci - list all PCI devices

01:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller (rev 03)

05:02.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+ (rev 10)

 lshw

lshw is a small tool to extract detailed information on the hardware configuration of the machine. It can report exact memory configuration, firmware version, mainboard configuration, CPU version and speed, cache configuration, bus speed, etc. on DMI-capable x86 or IA-64 systems and on some PowerPC machines (PowerMac G4 is known to work). It currently supports DMI (x86 and IA-64 only), OpenFirmware device tree (PowerPC only), PCI/AGP, CPUID (x86), IDE/ATA/ATAPI, PCMCIA (only tested on x86), SCSI and USB.

*-network
                description: Ethernet interface
                product: RTL8111/8168B PCI Express Gigabit Ethernet controller
                vendor: Realtek Semiconductor Co., Ltd.
                physical id: 0
                bus info: pci@0000:01:00.0
                logical name: eth0
                version: 03
                serial: 20:cf:30:f4:d1:0a
                size: 1GB/s
                capacity: 1GB/s
                width: 64 bits
                clock: 33MHz
                capabilities: pm msi pciexpress msix vpd bus_master cap_list rom ethernet physical tp mii 10bt 10bt-fd 100bt 100bt-fd 1000bt 1000bt-fd autoneg
otiation
                configuration: autonegotiation=on broadcast=yes driver=r8169 driverversion=2.3LK-NAPI duplex=full firmware=N/A ip=192.168.130.2 latency=0 link
=yes multicast=yes port=MII speed=1GB/s
                resources: irq:28 ioport:d800(size=256) memory:f6fff000-f6ffffff(prefetchable) memory:f6ff8000-f6ffbfff(prefetchable) memory:f7ef0000-f7efffff
(prefetchable)


*-network description: Ethernet interface
 product: RTL-8139/8139C/8139C+
vendor: Realtek Semiconductor Co., Ltd.
physical id: 2
bus info: pci@0000:05:02.0
logical name: eth1
version: 10 serial: 00:22:2d:80:99:bf
size: 100MB/s
capacity: 100MB/s
width: 32 bits
clock: 33MHz
capabilities: pm bus_master cap_list rom ethernet physical tp mii 10bt 10bt-fd 100bt 100bt-fd autonegotiation
configuration: autonegotiation=on broadcast=yes driver=8139too driverversion=0.9.28 duplex=full ip=192.168.0.201 latency=64 link=yes maxlatenc y=64 mingnt=32 multicast=yes port=MII speed=100MB/s
resources: irq:17 ioport:e800(size=256) memory:f7fff000-f7fff0ff memory:f7fc0000-f7fdffff(prefetchable)

 lsmod

 lsmod is a trivial program which nicely formats the contents of the /proc/modules, showing what kernel modules are currently loaded. modprobe modprobe intelligently adds or removes a module from the Linux kernel: note that for convenience, there is no difference between _ and - in module names (automatic underscore conversion is performed). modprobe looks in the module directory /lib/modules/`uname -r` for all the modules and other files, except for the optional /etc/modprobe.conf configuration file and /etc/modprobe.d directory (see modprobe.conf(5)). modprobe will also use module options specified on the kernel command line in the form of .
Publicat per a Cap comentari:

divendres, 10 de maig del 2013

grub-customizer - grub -

per arreglar grub d'arrancada pero fins i tot per arreglar la part gràfica, a la tercera pestanya.

 sudo add-apt-repository ppa:danielrichter2007/grub- customizer

sudo apt-get update

sudo apt-get install grub-customizer

sudo grub-customizer

només per canviar l'ordre d'arrancada

sudo nano /etc/default/grub
GRUB_DEFAULT=4

update-grub
Publicat per a Cap comentari:

mod-evasive apache

/etc/apache2/conf.d# more mod-evasive.conf DOSHashTableSize 3097 DOSPageCount 13 DOSSiteCount 50 DOSPageInterval 1 DOSSiteInterval 1 DOSBlockingPeriod 15 DOSLogDir /tmp DOSWhitelist 127.0.0.1 aquest son els valors que menys problemes ens donen per treballar en local, i amb moodle i eines com prestashop i joomla que fan moltes peticions per web..... a2enmod mod-evasive Module mod-evasive already enabled administrator@ubuntu:~$ sudo /etc/init.d/apache2 restart * Restarting web server apache2 de fer la prova amb f5 obtenim al fitxer error.log d'apache [Fri May 10 01:38:48 2013] [error] [client 192.168.2.252] client denied by server configuration: /srv/www/moodle2/ [Fri May 10 01:38:48 2013] [error] [client 192.168.2.252] client denied by server configuration: /var/cache/munin/www/localdomain/localhost.localdomain/apache_volume-week.png, referer: http://ies-sabadell.cat/munin/localdomain/localhost.localdomain/index.html i al directori /tmp /tmp# ls -la -rw-r--r-- 1 www-data www-data 5 may 10 01:38 dos-188.77.249.218 -rw-r--r-- 1 www-data www-data 5 may 9 10:13 dos-192.168.0.228 -rw-r--r-- 1 www-data www-data 5 may 7 13:12 dos-192.168.1.240 -rw-r--r-- 1 www-data www-data 6 may 8 10:10 dos-192.168.1.244 -rw-r--r-- 1 www-data www-data 5 may 7 13:23 dos-192.168.128.239 -rw-r--r-- 1 www-data www-data 5 may 7 18:51 dos-192.168.128.89 -rw-r--r-- 1 www-data www-data 6 may 7 13:51 dos-192.168.129.181 -rw-r--r-- 1 www-data www-data 6 may 7 16:46 dos-192.168.129.208 -rw-r--r-- 1 www-data www-data 6 may 8 08:34 dos-192.168.129.222 -rw-r--r-- 1 www-data www-data 6 may 8 10:01 dos-192.168.129.53 -rw-r--r-- 1 www-data www-data 6 may 7 13:54 dos-192.168.129.78 -rw-r--r-- 1 www-data www-data 6 may 9 12:01 dos-192.168.130.34 -rw-r--r-- 1 www-data www-data 6 may 8 11:56 dos-192.168.130.41 -rw-r--r-- 1 www-data www-data 5 may 10 01:38 dos-192.168.2.252 -rw-r--r-- 1 www-data www-data 5 may 10 01:39 dos-79.151.132.218 http://www.electromech.info/linux-apache-mod-evasive-module-howto.html WHAT IS MOD_EVASIVE ? mod_evasive is an evasive maneuvers module for Apache to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack. It is also designed to be a detection tool, and can be easily configured to talk to ipchains, firewalls, routers, and etcetera. Detection is performed by creating an internal dynamic hash table of IP Addresses and URIs, and denying any single IP address from any of the following: - Requesting the same page more than a few times per second - Making more than 50 concurrent requests on the same child per second - Making any requests while temporarily blacklisted (on a blocking list) This method has worked well in both single-server script attacks as well as distributed attacks, but just like other evasive tools, is only as useful to the point of bandwidth and processor consumption (e.g. the amount of bandwidth and processor required to receive/process/respond to invalid requests), which is why it's a good idea to integrate this with your firewalls and routers. This module instantiates for each listener individually, and therefore has a built-in cleanup mechanism and scaling capabilities. Because of this, legitimate requests are rarely ever compromised, only legitimate attacks. Even a user repeatedly clicking on 'reload' should not be affected unless they do it maliciously. Three different module sources have been provided: Apache v1.3 API: mod_evasive.c Apache v2.0 API: mod_evasive20.c HOW IT WORKS A web hit request comes in. The following steps take place: - The IP address of the requestor is looked up on the temporary blacklist - The IP address of the requestor and the URI are both hashed into a "key". A lookup is performed in the listener's internal hash table to determine if the same host has requested this page more than once within the past 1 second. - The IP address of the requestor is hashed into a "key". A lookup is performed in the listerner's internal hash table to determine if the same host has requested more than 50 objects within the past second (from the same child). If any of the above are true, a 403 response is sent. This conserves bandwidth and system resources in the event of a DoS attack. Additionally, a system command and/or an email notification can also be triggered to block all the originating addresses of a DDoS attack. Once a single 403 incident occurs, mod_evasive now blocks the entire IP address for a period of 10 seconds (configurable). If the host requests a page within this period, it is forced to wait even longer. Since this is triggered from requesting the same URL multiple times per second, this again does not affect legitimate users. The blacklist can/should be configured to talk to your network's firewalls and/or routers to push the attack out to the front lines, but this is not required. mod_evasive also performs syslog reporting using daemon.alert. Messages will look like this: Aug 6 17:41:49 elijah mod_evasive[23184]: [ID 801097 daemon.alert] Blacklisting address x.x.x.x: possible attack. WHAT IS THIS TOOL USEFUL FOR? This tool is *excellent* at fending off request-based DoS attacks or scripted attacks, and brute force attacks. When integrated with firewalls or IP filters, mod_evasive can stand up to even large attacks. Its features will prevent you from wasting bandwidth or having a few thousand CGI scripts running as a result of an attack. If you do not have an infrastructure capable of fending off any other types of DoS attacks, chances are this tool will only help you to the point of your total bandwidth or server capacity for sending 403's. Without a solid infrastructure and address filtering tool in place, a heavy distributed DoS will most likely still take you offline. Howto Install on Apache 2.X [root@station100 ~]# rpm -q httpd httpd-2.2.3-31.el5 First download it from internet or given location. [root@station100 ~]# wget http://www.zdziarski.com/blog/wp-content/uploads/2010/02/mod_evasive_1.10.1.tar.gz [root@station100 ~]# cp mod_evasive_1.10.1.tar.gz /tmp/ [root@station100 ~]# cd /tmp/ [root@station100 tmp]# tar -zxf mod_evasive_1.10.1.tar.gz [root@station100 tmp]# cd mod_evasive [root@station100 mod_evasive]# ls CHANGELOG Makefile.tmpl mod_evasive.c README LICENSE mod_evasive20.c mod_evasiveNSAPI.c test.pl [root@station100 mod_evasive]# ls CHANGELOG Makefile.tmpl mod_evasive.c README LICENSE mod_evasive20.c mod_evasiveNSAPI.c test.pl [root@station100 mod_evasive]# locate apxs /usr/sbin/apxs /usr/share/man/man8/apxs.8.gz /var/www/manual/programs/apxs.html /var_old/www/manual/programs/apxs.html [root@station100 mod_evasive]# /usr/sbin/apxs -i -a -c mod_evasive20.c /usr/lib/apr-1/build/libtool --silent --mode=compile gcc -prefer-pic -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables -fno-strict-aliasing -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -D_LARGEFILE64_SOURCE -pthread -I/usr/include/httpd -I/usr/include/apr-1 -I/usr/include/apr-1 -c -o mod_evasive20.lo mod_evasive20.c && touch mod_evasive20.slo mod_evasive20.c: In function 'access_checker': mod_evasive20.c:212: warning: implicit declaration of function 'getpid' mod_evasive20.c:212: warning: format '%ld' expects type 'long int', but argument 4 has type 'int' mod_evasive20.c:229: warning: ignoring return value of 'system', declared with attribute warn_unused_result mod_evasive20.c: In function 'destroy_hit_list': mod_evasive20.c:301: warning: control reaches end of non-void function mod_evasive20.c: In function 'create_hit_list': mod_evasive20.c:118: warning: control reaches end of non-void function /usr/lib/apr-1/build/libtool --silent --mode=link gcc -o mod_evasive20.la -rpath /usr/lib/httpd/modules -module -avoid-version mod_evasive20.lo /usr/lib/httpd/build/instdso.sh SH_LIBTOOL='/usr/lib/apr-1/build/libtool' mod_evasive20.la /usr/lib/httpd/modules /usr/lib/apr-1/build/libtool --mode=install cp mod_evasive20.la /usr/lib/httpd/modules/ cp .libs/mod_evasive20.so /usr/lib/httpd/modules/mod_evasive20.so cp .libs/mod_evasive20.lai /usr/lib/httpd/modules/mod_evasive20.la cp .libs/mod_evasive20.a /usr/lib/httpd/modules/mod_evasive20.a chmod 644 /usr/lib/httpd/modules/mod_evasive20.a ranlib /usr/lib/httpd/modules/mod_evasive20.a PATH="$PATH:/sbin" ldconfig -n /usr/lib/httpd/modules ---------------------------------------------------------------------- Libraries have been installed in: /usr/lib/httpd/modules If you ever happen to want to link against installed libraries in a given directory, LIBDIR, you must either use libtool, and specify the full pathname of the library, or use the `-LLIBDIR' flag during linking and do at least one of the following: - add LIBDIR to the `LD_LIBRARY_PATH' environment variable during execution - add LIBDIR to the `LD_RUN_PATH' environment variable during linking - use the `-Wl,--rpath -Wl,LIBDIR' linker flag - have your system administrator add LIBDIR to `/etc/ld.so.conf' See any operating system documentation about shared libraries for more information, such as the ld(1) and ld.so(8) manual pages. ---------------------------------------------------------------------- chmod 755 /usr/lib/httpd/modules/mod_evasive20.so [activating module `evasive20' in /etc/httpd/conf/httpd.conf] [root@station100 mod_evasive]# [root@station100 mod_evasive]# ls /usr/lib/httpd/modules/ libmodnss.so mod_cgid.so mod_logio.so libphp5.so mod_cgi.so mod_mem_cache.so mod_actions.so mod_dav_fs.so mod_mime_magic.so mod_alias.so mod_dav.so mod_mime.so mod_asis.so mod_dbd.so mod_negotiation.so mod_auth_basic.so mod_deflate.so mod_perl.so mod_auth_digest.so mod_dir.so mod_proxy_ajp.so mod_authn_alias.so mod_disk_cache.so mod_proxy_balancer.so mod_authn_anon.so mod_dumpio.so mod_proxy_connect.so mod_authn_dbd.so mod_env.so mod_proxy_ftp.so mod_authn_dbm.so mod_evasive20.so mod_proxy_http.so mod_authn_default.so mod_expires.so mod_proxy.so mod_authn_file.so mod_ext_filter.so mod_rewrite.so mod_authnz_ldap.so mod_file_cache.so mod_setenvif.so mod_authz_dbm.so mod_filter.so mod_speling.so mod_authz_default.so mod_headers.so mod_ssl.so mod_authz_groupfile.so mod_ident.so mod_status.so mod_authz_host.so mod_imagemap.so mod_suexec.so mod_authz_owner.so mod_include.so mod_unique_id.so mod_authz_user.so mod_info.so mod_userdir.so mod_autoindex.so mod_ldap.so mod_usertrack.so mod_cache.so mod_log_config.so mod_version.so mod_cern_meta.so mod_log_forensic.so mod_vhost_alias.so [root@station100 mod_evasive]# CONFIGURATION mod_evasive has default options configured, but you may also add the following block to your httpd.conf: APACHE v1.3 ----------- DOSHashTableSize 3097 DOSPageCount 2 DOSSiteCount 50 DOSPageInterval 1 DOSSiteInterval 1 DOSBlockingPeriod 10 APACHE v2.0 ----------- DOSHashTableSize 3097 DOSPageCount 2 DOSSiteCount 50 DOSPageInterval 1 DOSSiteInterval 1 DOSBlockingPeriod 10 DOSHashTableSize ---------------- The hash table size defines the number of top-level nodes for each child's hash table. Increasing this number will provide faster performance by decreasing the number of iterations required to get to the record, but consume more memory for table space. You should increase this if you have a busy web server. The value you specify will automatically be tiered up to the next prime number in the primes list (see mod_evasive.c for a list of primes used). DOSPageCount ------------ This is the threshhold for the number of requests for the same page (or URI) per page interval. Once the threshhold for that interval has been exceeded, the IP address of the client will be added to the blocking list. DOSSiteCount ------------ This is the threshhold for the total number of requests for any object by the same client on the same listener per site interval. Once the threshhold for that interval has been exceeded, the IP address of the client will be added to the blocking list. DOSPageInterval --------------- The interval for the page count threshhold; defaults to 1 second intervals. DOSSiteInterval --------------- The interval for the site count threshhold; defaults to 1 second intervals. DOSBlockingPeriod ----------------- The blocking period is the amount of time (in seconds) that a client will be blocked for if they are added to the blocking list. During this time, all subsequent requests from the client will result in a 403 (Forbidden) and the timer being reset (e.g. another 10 seconds). Since the timer is reset for every subsequent request, it is not necessary to have a long blocking period; in the event of a DoS attack, this timer will keep getting reset. DOSEmailNotify -------------- If this value is set, an email will be sent to the address specified whenever an IP address becomes blacklisted. A locking mechanism using /tmp prevents continuous emails from being sent. NOTE: Be sure MAILER is set correctly in mod_evasive.c (or mod_evasive20.c). The default is "/bin/mail -t %s" where %s is used to denote the destination email address set in the configuration. If you are running on linux or some other operating system with a different type of mailer, you'll need to change this. DOSSystemCommand ---------------- If this value is set, the system command specified will be executed whenever an IP address becomes blacklisted. This is designed to enable system calls to ip filter or other tools. A locking mechanism using /tmp prevents continuous system calls. Use %s to denote the IP address of the blacklisted IP. DOSLogDir --------- Choose an alternative temp directory By default "/tmp" will be used for locking mechanism, which opens some security issues if your system is open to shell users. http://security.lss.hr/index.php?page=details&ID=LSS-2005-01-01 In the event you have nonprivileged shell users, you'll want to create a directory writable only to the user Apache is running as (usually root), then set this in your httpd.conf. WHITELISTING IP ADDRESSES IP addresses of trusted clients can be whitelisted to insure they are never denied. The purpose of whitelisting is to protect software, scripts, local searchbots, or other automated tools from being denied for requesting large amounts of data from the server. Whitelisting should *not* be used to add customer lists or anything of the sort, as this will open the server to abuse. This module is very difficult to trigger without performing some type of malicious attack, and for that reason it is more appropriate to allow the module to decide on its own whether or not an individual customer should be blocked. To whitelist an address (or range) add an entry to the Apache configuration in the following fashion: DOSWhitelist 127.0.0.1 DOSWhitelist 127.0.0.* Wildcards can be used on up to the last 3 octets if necessary. Multiple DOSWhitelist commands may be used in the configuration. -- So we will add our network as whitelist ip #our network is 192.168.2.0/24 DOSWhitelist 127.0.0.1 DOSWhitelist 192.168.2.* So finally our entry in httpd.conf is #mod_evasive20 configuration start here------- DOSHashTableSize 3097 DOSPageCount 2 DOSSiteCount 50 DOSPageInterval 1 DOSSiteInterval 1 DOSBlockingPeriod 10 #our network is 192.168.2.0/24 DOSWhitelist 127.0.0.1 DOSWhitelist 192.168.2.* #mod_evasive20 configuration end here-------- Let us restart the service [root@station100 ~]# /etc/init.d/httpd restart Stopping httpd: [ OK ] Starting httpd: [ OK ] [root@station100 ~]# Before running final test ... What is mod_evasive? mod_evasive is an evasive maneuvers module for Apache to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack. It is also designed to be a detection and network management tool, and can be easily configured to talk to ipchains, firewalls, routers, and etcetera. mod_evasive presently reports abuses via email and syslog facilities. Detection is performed by creating an internal dynamic hash table of IP Addresses and URIs, and denying any single IP address from any of the following: Requesting the same page more than a few times per second Making more than 50 concurrent requests on the same child per second Making any requests while temporarily blacklisted (on a blocking list) This method has worked well in both single-server script attacks as well as distributed attacks, but just like other evasive tools, is only as useful to the point of bandwidth and processor consumption (e.g. the amount of bandwidth and processor required to receive/process/respond to invalid requests), which is why it’s a good idea to integrate this with your firewalls and routers for maximum protection. This module instantiates for each listener individually, and therefore has a built-in cleanup mechanism and scaling capabilities. Because of this per-child design, legitimate requests are never compromised (even from proxies and NAT addresses) but only scripted attacks. Even a user repeatedly clicking on ‘reload’ should not be affected unless they do it maliciously. mod_evasive is fully tweakable through the Apache configuration file, easy to incorporate into your web server, and easy to use.
Publicat per a Cap comentari:

ver modulos apache cargados

/usr/sbin/apache2ctl -t -D DUMP_MODULES Loaded Modules: core_module (static) log_config_module (static) logio_module (static) mpm_prefork_module (static) http_module (static) so_module (static) actions_module (shared) alias_module (shared) auth_basic_module (shared) auth_mysql_module (shared) authn_file_module (shared) authz_default_module (shared) authz_groupfile_module (shared) authz_host_module (shared) authz_user_module (shared) autoindex_module (shared) cgi_module (shared) deflate_module (shared) dir_module (shared) env_module (shared) include_module (shared) mime_module (shared) evasive20_module (shared) security2_module (shared) negotiation_module (shared) perl_module (shared) php5_module (shared) reqtimeout_module (shared) rewrite_module (shared) setenvif_module (shared) ssl_module (shared) status_module (shared) suexec_module (shared) unique_id_module (shared) userdir_module (shared) Syntax OK todos los módulos de Apache instalados y disponibles para activar se encuentran en un directorio llamado mods-available, bajo /etc/apache2. ls mods-enabled actions.load authn_file.load autoindex.conf dir.conf mime.load perl.load rewrite.load status.conf userdir.load alias.conf authz_default.load autoindex.load dir.load mod-evasive.load php5.conf setenvif.conf status.load alias.load authz_groupfile.load cgi.load env.load mod-security.load php5.load setenvif.load suexec.load auth_basic.load authz_host.load deflate.conf include.load negotiation.conf reqtimeout.conf ssl.conf unique_id.load auth_mysql.load authz_user.load deflate.load mime.conf negotiation.load reqtimeout.load ssl.load userdir.conf ls sites-enabled 000-default 000-default.save default-ssl Habilitando y Desactivando Módulos en Apache: a2enmod y a2dismod Para activar y desactivar módulos en Apache, usamos las instrucciones a2enmod y a2dismod (del inglés "Apache 2 enable module" o "Apache 2 habilitar módulo" y "Apache 2 disable module" o "Apache 2 desactivar módulo"). Lo primero es asegurarnos de que se encuentra físicamente en el directorio /etc/apache2/mods-available. Si existe allí, basta con escribir el comando de activación seguido del nombre del módulo y luego recargar Apache. sudo a2dismod nombre-del-modulo sudo /etc/init.d/apache2 reload Por ejemplo, para desactivar PHP, hacemos: sudo a2dismod php5 sudo /etc/init.d/apache2 reload http://www.socinfo.com/ubuntu/apache/modulos/activar-e-instalar
Publicat per a Cap comentari:

Herramientas de la línea de comandos para supervisar el rendimiento de Linux

http://www.linux-party.com/index.php/15-documentacion/8709-15-herramientas-de-la-linea-de-comandos-para-supervisar-el-rendimiento-de-linux 15 Herramientas de la línea de comandos para supervisar el rendimiento de Linux Publicado el Lunes, 06 Mayo 2013 12:00 | Escrito por Super User | | Es realmente un trabajo muy duro para todo administrador Linux supervisar y depurar los problemas de rendimiento del sistema todos los días. Después de ser un administrador de Linux en la industria de TI, me enteré de que lo difícil es vigilar y mantener los sistemas en funcionamiento. Por esta razón, he compilado la lista de las 15 herramientas utilizadas para el monitoreo del sistema desde la línea de comandos que pueden ser útiles para cualquier administrador de sistemas Linux / Unix. Estos comandos están disponibles en todas las versiones de Linux y puede ser útil para controlar y encontrar las causas reales de los problemas de rendimiento. Esta lista de comandos que se muestran aquí para que pueda escoger la que sea más adecuada para su escenario de supervisión. El Comando Top Linux es un programa para la supervisión del rendimiento que utilizan con mucha frecuencia la mayoría de los administradores de sistemas para comprobar el rendimiento de Linux y está disponible en muchos sistemas Linux / Unix. El comando top se utiliza para mostrar todo el funcionamiento y los procesos en tiempo realmente activos en una lista que actualiza regularmente. Se mostrará el uso de CPU, uso de memoria, la memoria de intercambio, Cache, Tamaño de búfer, PID de proceso, usuario, Comandos y mucho más. También muestra la carga de memoria y de la CPU de un proceso en ejecución. El comando top es mucho útil para el administrador de sistema para supervisar y tomar acción correcta cuando se requiera. Vamos a ver la parte superior de comandos en acción. # top top - 13:17:44 up 3:35, 3 users, load average: 0.30, 0.61, 0.71 Tasks: 195 total, 1 running, 194 sleeping, 0 stopped, 0 zombie Cpu(s): 8.6%us, 1.5%sy, 0.0%ni, 89.4%id, 0.0%wa, 0.3%hi, 0.2%si, 0.0%st Mem: 3950228k total, 3669632k used, 280596k free, 260276k buffers Swap: 5128188k total, 0k used, 5128188k free, 1039232k cached PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 6832 javier 20 0 2594m 1.2g 44m S 11.0 31.9 4:09.29 firefox 6929 javier 20 0 746m 204m 23m S 5.6 5.3 0:26.26 plugin-containe 7023 javier 20 0 547m 27m 20m S 2.3 0.7 0:02.30 konsole 2840 root 20 0 141m 30m 15m S 0.7 0.8 6:42.59 X 684 root 20 0 7408 316 212 S 0.3 0.0 0:00.48 gpm 1250 mysql 20 0 539m 46m 3496 S 0.3 1.2 0:14.68 mysqld 4759 javier 20 0 2890m 32m 19m S 0.3 0.8 1:54.24 kwin 1 root 20 0 50164 4804 2056 S 0.0 0.1 0:01.24 systemd 2 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kthreadd 3 root 20 0 0 0 0 S 0.0 0.0 0:00.31 ksoftirqd/0 5 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kworker/0:0H 7 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kworker/u:0H 8 root RT 0 0 0 0 S 0.0 0.0 0:00.20 migration/0 9 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rcu_bh 10 root 20 0 0 0 0 S 0.0 0.0 0:03.62 rcu_sched 11 root RT 0 0 0 0 S 0.0 0.0 0:00.03 watchdog/0 12 root RT 0 0 0 0 S 0.0 0.0 0:00.04 watchdog/1 13 root 20 0 0 0 0 S 0.0 0.0 0:00.32 ksoftirqd/1 14 root RT 0 0 0 0 S 0.0 0.0 0:00.11 migration/1 16 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kworker/1:0H 17 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 cpuset 18 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 khelper 2. Vmstat - estadísticas de la memoria virtual Comando vmstat de Linux se utiliza para mostrar las estadísticas de la memoria virtual, hilos kernerl, discos, procesos de sistema, bloques de E / S, interrupciones, actividad de la CPU y mucho más. Al comando vmstat predeterminada no está disponible en los sistemas Linux es necesario instalar un paquete llamado sysstat que incluye un programa vmstat. El uso común del formato del comando es. vmstat procs -----------memory---------- ---swap-- -----io---- -system-- ----cpu---- r b swpd free buff cache si so bi bo in cs us sy id wa 2 0 49896 62100 1178240 4316436 0 0 146 131 6 49 3 0 96 1 3. Lsof - Lista de archivos abiertos Comando lsof se utiliza en muchos Linux / Unix como sistema que se utiliza para motar todos los archivos abiertos y los procesos que los utilizan. Los archivos abiertos incluidos son archivos de disco, de la red, tuberías, dispositivos y procesos. Una de las principales razones para el uso de este comando es que cuando un disco no se puede desmontar y muestra el error de que hay archivos que lo están utilizando o están. Con este comando puede identificar fácilmente qué archivos están en uso. El formato más común para este comando. ies-sabadell:~# lsof |grep /12 migration 12 root txt unknown /proc/12/exe kjournald 1234 root txt unknown /proc/1234/exe kjournald 1235 root txt unknown /proc/1235/exe kjournald 1236 root txt unknown /proc/1236/exe kjournald 1237 root txt unknown /proc/1237/exe kjournald 1238 root txt unknown /proc/1238/exe kjournald 1239 root txt unknown /proc/1239/exe kjournald 1240 root txt unknown /proc/1240/exe sftp-serv 1612 12smx2a26 cwd DIR 8,3 4096 1223729 /home/alumnes/smx2a-12/12smx2a26 mysqld 1908 mysql 14u REG 8,7 7168 317713 /var/lib/mysql/12smx2a26/ps_product.MYI mysqld 1908 mysql 15u REG 8,7 1240 317714 /var/lib/mysql/12smx2a26/ps_product.MYD mysqld 1908 mysql 16u REG 8,7 4096 317716 /var/lib/mysql/12smx2a26/ps_product_shop.MYI mysqld 1908 mysql 17u REG 8,7 700 317717 /var/lib/mysql/12smx2a26/ps_product_shop.MYD mysqld 1908 mysql 18u REG 8,7 6144 317734 /var/lib/mysql/12smx2a26/ps_product_lang.MYI mysqld 1908 mysql 19u REG 8,7 10068 317735 /var/lib/mysql/12smx2a26/ps_product_lang.MYD mysqld 1908 mysql 20u REG 8,7 5120 317567 /var/lib/mysql/12smx2a26/ps_image.MYI mysqld 1908 mysql 21u REG 8,7 312 317600 /var/lib/mysql/12smx2a26/ps_image.MYD mysqld 1908 mysql 22u REG 8,7 3072 318597 /var/lib/mysql/12smx2a26/ps_image_shop.MYI mysqld 1908 mysql 23u REG 8,7 260 318598 /var/lib/mysql/12smx2a26/ps_image_shop.MYD 4. Tcpdump - Packet Analyzer Tcpdump es el analizador de paquetes de la línea de comandos más utilizado o programa de succionador de paquetes que se utiliza tanto para la captura o el filtro de paquetes TCP/IP que recibieron o han sido transferidos en una interfaz específica a través de una red. También proporciona una opción para guardar los paquetes capturados en un archivo para su posterior análisis. tcpdump esta casi siempre disponible en las principales distribuciones de Linux. # tcpdump -i eth0 22:19:22.443542 IP 208.92.53.111.http > localhost.localdomain.33461: Flags [P.], seq 4213809828:4213810056, ack 3942125296, win 1716, options [nop,nop,TS val 1933996291 ecr 1717147], length 228 22:19:22.443634 IP localhost.localdomain.33461 > 208.92.53.111.http: Flags [.], ack 4294965856, win 1395, options [nop,nop,TS val 1717306 ecr 1933996173,nop,nop,sack 1 {0:228}], length 0 22:19:22.443669 IP 208.92.53.111.http > localhost.localdomain.33461: Flags [.], seq 4294965856:0, ack 1, win 1716, options [nop,nop,TS val 1933996291 ecr 1717147], length 1440 22:19:22.443702 IP localhost.localdomain.33461 > 208.92.53.111.http: Flags [.], ack 228, win 1395, options [nop,nop,TS val 1717306 ecr 1933996291], length 0 5. Netstat - Estadísticas de la red Netstat es una herramienta de línea de comandos para controlar los paquetes de red, estadísticas entrantes y salientes, así como estadísticas de la interfaz. Es una herramienta muy útil para todos los administradores de sistema para monitorear el desempeño de la red y solucionar problemas relacionados con la red. # netstat -a | more Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 *:https *:* LISTEN tcp 0 0 *:db-lsp *:* LISTEN tcp 0 0 localhost:atmtcp *:* LISTEN tcp 0 0 *:40643 *:* LISTEN tcp 0 0 *:24837 *:* LISTEN tcp 0 0 *:mysql *:* LISTEN tcp 0 0 *:rfb *:* LISTEN tcp 0 0 *:sunrpc *:* LISTEN tcp 0 0 *:http *:* LISTEN tcp 0 0 localhost.locald:domain *:* LISTEN tcp 0 0 *:ssh *:* LISTEN tcp 0 0 localhost:ipp *:* LISTEN tcp 0 0 *:59897 *:* LISTEN tcp 0 0 localhost:smtp *:* LISTEN tcp 0 0 localhost.localdo:60709 108.160.163.40:http ESTABLISHED tcp 0 0 localhost.localdo:58334 db3msgr5010618.gat:msnp ESTABLISHED tcp 0 0 localhost.localdo:49572 wb-in-f125.:xmpp-client ESTABLISHED tcp 0 0 localhost.localdo:39190 mad01s08-in-f21.1:https ESTABLISHED tcp 0 0 localhost.localdo:57934 195.57.81.34:http ESTABLISHED tcp 0 0 localhost.localdo:34153 ec2-23-21-236-70.c:http ESTABLISHED tcp 0 0 localhost.localdo:34152 ec2-23-21-236-70.c:http ESTABLISHED tcp 0 0 localhost.localdo:34154 ec2-23-21-236-70.c:http TIME_WAIT tcp 0 0 localhost.localdo:55572 s3-1.amazonaws.co:https ESTABLISHED netstat -antpe netstat -anpte|grep ESTABLISHED netstat -anpte|grep ESTABLISHED| wc ies-sabadell:~# netstat -tulpn Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1536/portmap tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 3050/perl tcp 0 0 0.0.0.0:113 0.0.0.0:* LISTEN 2360/inetd tcp 0 0 0.0.0.0:4949 0.0.0.0:* LISTEN 2751/munin-node tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1748/sshd tcp 0 0 0.0.0.0:901 0.0.0.0:* LISTEN 2360/inetd tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 1908/mysqld tcp6 0 0 :::80 :::* LISTEN 1054/apache2 tcp6 0 0 :::22 :::* LISTEN 1748/sshd tcp6 0 0 :::443 :::* LISTEN 1054/apache2 udp 0 0 0.0.0.0:5353 0.0.0.0:* 1735/avahi-daemon: udp 0 0 0.0.0.0:111 0.0.0.0:* 1536/portmap udp 0 0 192.168.0.201:123 0.0.0.0:* 2404/ntpd udp 0 0 192.168.130.2:123 0.0.0.0:* 2404/ntpd udp 0 0 127.0.0.1:123 0.0.0.0:* 2404/ntpd udp 0 0 0.0.0.0:123 0.0.0.0:* 2404/ntpd udp 0 0 0.0.0.0:10000 0.0.0.0:* 3050/perl udp 0 0 0.0.0.0:39320 0.0.0.0:* 1735/avahi-daemon: udp6 0 0 :::32980 :::* 1735/avahi-daemon: udp6 0 0 :::5353 :::* 1735/avahi-daemon: udp6 0 0 fe80::22cf:30ff:fef:123 :::* 2404/ntpd udp6 0 0 ::1:123 :::* 2404/ntpd udp6 0 0 fe80::222:2dff:fe80:123 :::* 2404/ntpd udp6 0 0 :::123 :::* 2404/ntpd 6. Htop - Seguimiento de procesos Linux Htop es una herramienta mucho más avanzada, interactiva y en tiempo real Linux para el seguimiento de procesos. Es similar al comando top de Linux pero tiene algunas características avanzadas como interfaz fácil de usar para la gestión de procesos, teclas de acceso directo, vista vertical y horizontal de los procesos y mucho más. Htop es una herramienta de terceros y no se incluye en los sistemas Linux, debe instalarlo utilizando YUM (o APT-GET) o el que sea su herramienta de gestión de paquetes. Para obtener más información sobre la instalación, lea nuestro artículo siguiente. Administración: Glances - herramienta de monitoreo y supervisión para Linux # htop 7. Iotop - Monitor Linux disco I / O Iotop es también muy similar a al comando top y al programa htop, pero tiene la función de contabilidad para monitorear y visualizar en tiempo real las E/S del disco y procesos. Esta herramienta es muy útil para encontrar el proceso exacto y disco utilizado alta lectura / escritura de los procesos. Total DISK READ: 18.63 M/s | Total DISK WRITE: 239.53 K/s TID PRIO USER DISK READ DISK WRITE SWAPIN IO> COMMAND 1228 be/4 root 18.60 M/s 0.00 B/s 0.00 % 7.93 % clamscan / -r -i -l resutlat-antivirus.txt 1929 be/4 mysql 31.41 K/s 3.93 K/s 0.00 % 2.45 % mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysq~ysqld.pid --socket=/var/run/mysqld/mysqld.sock --port=3306 1237 be/4 root 0.00 B/s 0.00 B/s 0.00 % 0.07 % [kjournald] 1536 be/4 daemon 0.00 B/s 0.00 B/s 0.00 % 0.00 % portmap 1 be/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % init [2] 2 be/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [kthreadd] 3 rt/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [migration/0] 4 be/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [ksoftirqd/0] 5 rt/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % [watchdog/0] 8. Iostat - Estadísticas Entrada / Salida Iostat es una herramienta sencilla que recoger y mostrar las estadísticas de entrada y salida de un dispositivo de almacenamient del sistema y. Esta herramienta se utiliza a menudo para rastrear problemas de rendimiento de los dispositivos de almacenamiento, incluyendo dispositivos, discos locales, discos remotos como NFS. iostat Linux 2.6.32-5-amd64 (ies-sabadell.xtec.net) 10/05/13 _x86_64_ (4 CPU) avg-cpu: %user %nice %system %iowait %steal %idle 2,87 0,01 0,45 1,13 0,00 95,54 Device: tps Blk_read/s Blk_wrtn/s Blk_read Blk_wrtn sda 14,63 255,34 207,11 54897797 44528426 sdc 6,90 602,27 620,46 129486752 133399232 sdb 1,98 323,02 222,52 69449840 47842056 9. IPTraf - Monitoreo en tiempo real LAN IP IPTraf es una utilidad de monitorización de código abierto basada en consola y en tiempo real de la red para Linux. (IP LAN) - Recoge una gran variedad de información como monitor de tráfico IP que pasa a través de la red, incluida la información de flags TCP, detalles ICMP, TCP / averías tráfico UDP, paquete de conexión TCP y cuenta Byne. También recoge información de estadísticas de la interfaz general y detaled de TCP, UDP,,,, errores de suma de comprobación IP no IP ICMP IP, interfaz actividad, etc 10. Psacct or Acct - Monitor de actividad del usuario La herramientas psacct o acct son muy útiles para el seguimiento de cada actividad de los usuarios en el sistema. Ambos demonios se ejecutan en segundo plano y mantienen una estrecha vigilancia sobre la actividad global de cada usuario en el sistema y también qué recursos están siendo consumidos por ellos. Estas herramientas son muy útiles para los administradores de sistemas para el seguimiento de cada actividad de los usuarios, que les gusta o que están haciendo, qué comandos ejecutan, la cantidad de recursos utilizados por ellos, el tiempo que están activos en el sistema, etc 11. Monit - Proceso de Linux y Seguimiento de Servicios Monit es una utilidad para la supervisión de procesos basado en web que monitoriza automáticamente los procesos, programas, archivos, directorios, permisos, sumas de control y sistemas de archivos. Efectuará un seguimiento de los servicios como Apache, MySQL, correo, FTP, ProFTP, Nginx, SSH, etc. El estado del sistema se puede verse desde la línea de comandos o usar la propia interfaz web. 12. NetHogs - Monitor por proceso Ancho de banda de red NetHogs es un pequeño programa agradable (similar al comando top Linux) que mantiene una ficha en cada actividad de red de proceso en el sistema. También mantiene una pista de ancho de banda de tráfico de red en tiempo real que utiliza cada programa o aplicación. 13. iftop - Control de ancho de banda de red iftop es otra utilidad basada en terminal para el control que muestra una lista actualizada con frecuencia de utilización del ancho de banda de red (hosts de origen y de destino) que pasa a través de la interfaz de red en el sistema. iftop se considera a la red, lo que 'top' hace uso de la CPU. iftop es una herramienta 'top' para monitorear una interfaz seleccionada y muestra un uso de ancho de banda actual entre dos hosts. 14. Monitorix - Sistema y Red de Monitoreo Monitorix es una ligera utilidad gratuita que está diseñado para ejecutar y supervisar los recursos del sistema y de la red con el mayor número posible de servidores Linux / Unix. Se ha incorporado un servidor web HTTP que recoge regularmente información del sistema y de la red y los muestra en los gráficos. Efectuará un seguimiento de la carga promedio del sistema y su uso, la asignación de memoria, la salud del disco, los servicios del sistema, puertos de red, estadísticas de correo (Sendmail, Postfix, Dovecot, etc), las estadísticas de MySQL y muchos más. Es diseñado para controlar el rendimiento general del sistema y ayuda en la detección de fallas, cuellos de botella, actividades anormales, etc 15. Arpwatch - Ethernet Activity Monitor Arpwatch es un programa que está diseñado para controlar de resolución de direcciones (MAC y cambios en la dirección IP) del tráfico de red Ethernet en una red Linux. Está continuamente vigilando el tráfico Ethernet y registra los cambios en las direcciones IPs y direcciones MACs, los cambios de pares junto con las marcas de tiempo en una red. También tiene una función para enviar un e-mail avisando al administrador, cuando una pareja es agregada o cambia. Es muy útil en la detección de suplantación ARP en una red.
Publicat per a Cap comentari:

cpu 0 k.o. per scannejar amb clamscan ?

avui ha estat un dia llarg......... mirant el syslog podem veure ...... May 7 10:30:29 ies-sabadell kernel: [613402.936520] BUG: soft lockup - CPU#1 stuck for 61s! [clamscan:4941] May 7 10:30:29 ies-sabadell kernel: [613402.937202] Modules linked in: binfmt_misc sco bridge stp bnep rfcomm l2cap crc16 bluetooth rfkill acpi_cpufreq cpufreq_userspace cpufreq_powersave cpufreq_stats cpufreq_conservative xt_recent ipt_LOG xt_state ts_bm xt_string iptable_filter ipt_REDIRECT xt_tcpudp iptable_nat nf_nat nf_conntrack_ipv4 nf_conntrack nf_defrag_ipv4 iptable_mangle iptable_raw ip_tables x_tables quota_v2 quota_tree fuse firewire_sbp2 firewire_core crc_itu_t loop snd_hda_codec_intelhdmi snd_hda_codec_via snd_hda_intel snd_hda_codec snd_hwdep snd_pcm_oss snd_mixer_oss snd_pcm snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq i915 drm_kms_helper snd_timer snd_seq_device i2c_i801 drm i2c_algo_bit i2c_core video output snd soundcore snd_page_alloc psmouse usb_storage serio_raw pcspkr evdev button asus_atk0110 processor ext3 jbd mbcache sd_mod crc_t10dif ata_generic 8139too ata_piix ehci_hcd r8169 8139cp mii libata scsi_mod usbcore nls_base thermal thermal_sys [last unloaded: scsi_wait_scan] May 7 10:30:29 ies-sabadell kernel: [613402.937297] CPU 1: May 7 10:30:29 ies-sabadell kernel: [613402.937299] Modules linked in: binfmt_misc sco bridge stp bnep rfcomm l2cap crc16 bluetooth rfkill acpi_cpufreq cpufreq_userspace cpufreq_powersave cpufreq_stats cpufreq_conservative xt_recent ipt_LOG xt_state ts_bm xt_string iptable_filter ipt_REDIRECT xt_tcpudp iptable_nat nf_nat nf_conntrack_ipv4 nf_conntrack nf_defrag_ipv4 iptable_mangle iptable_raw ip_tables x_tables quota_v2 quota_tree fuse firewire_sbp2 firewire_core crc_itu_t loop snd_hda_codec_intelhdmi snd_hda_codec_via snd_hda_intel snd_hda_codec snd_hwdep snd_pcm_oss snd_mixer_oss snd_pcm snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq i915 drm_kms_helper snd_timer snd_seq_device i2c_i801 drm i2c_algo_bit i2c_core video output snd soundcore snd_page_alloc psmouse usb_storage serio_raw pcspkr evdev button asus_atk0110 processor ext3 jbd mbcache sd_mod crc_t10dif ata_generic 8139too ata_piix ehci_hcd r8169 8139cp mii libata scsi_mod usbcore nls_base thermal thermal_sys [last unloaded: scsi_wait_scan] May 7 10:30:29 ies-sabadell kernel: [613402.937383] Pid: 4941, comm: clamscan Tainted: G W 2.6.32-5-amd64 #1 System Product Name May 7 10:30:29 ies-sabadell kernel: [613402.937387] RIP: 0010:[] [] intel_crt_detect+0xc1/0x226 [i915] May 7 10:30:29 ies-sabadell kernel: [613402.937407] RSP: 0018:ffff880212d3be58 EFLAGS: 00000286 May 7 10:30:29 ies-sabadell kernel: [613402.937411] RAX: 0000000083f50000 RBX: ffff88021e35a800 RCX: ffffffffa02106b1 May 7 10:30:29 ies-sabadell kernel: [613402.937415] RDX: ffffffffa0209010 RSI: ffffffffa02106c3 RDI: 0000000000000004 May 7 10:30:29 ies-sabadell kernel: [613402.937418] RBP: ffffffff8101166e R08: 0000000080f50000 R09: ffff88021f06b000 May 7 10:30:29 ies-sabadell kernel: [613402.937422] R10: ffff880212d3a000 R11: 0000000000000000 R12: ffff88021f06b000 May 7 10:30:29 ies-sabadell kernel: [613402.937426] R13: 0000000080f50000 R14: ffff880212d3bf48 R15: 0000000000000000 May 7 10:30:29 ies-sabadell kernel: [613402.937431] FS: 00007f05c1968720(0000) GS:ffff880008c20000(0000) knlGS:0000000000000000 May 7 10:30:29 ies-sabadell kernel: [613402.937435] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 May 7 10:30:29 ies-sabadell kernel: [613402.937438] CR2: 00007f05c17a7000 CR3: 00000001e73aa000 CR4: 00000000000006e0 May 7 10:30:29 ies-sabadell kernel: [613402.937442] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 May 7 10:30:29 ies-sabadell kernel: [613402.937446] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 May 7 10:30:29 ies-sabadell kernel: [613402.937449] Call Trace: May 7 10:30:29 ies-sabadell kernel: [613402.937464] [] ? intel_crt_detect+0xa7/0x226 [i915] May 7 10:30:29 ies-sabadell kernel: [613402.937480] [] ? status_show+0x12/0x36 [drm] May 7 10:30:29 ies-sabadell kernel: [613402.937488] [] ? dev_attr_show+0x1f/0x42 May 7 10:30:29 ies-sabadell kernel: [613402.937495] [] ? sysfs_read_file+0xa7/0x125 May 7 10:30:29 ies-sabadell kernel: [613402.937503] [] ? vfs_read+0xa6/0xff May 7 10:30:29 ies-sabadell kernel: [613402.937508] [] ? sys_pread64+0x57/0x77 May 7 10:30:29 ies-sabadell kernel: [613402.937515] [] ? page_fault+0x25/0x30 May 7 10:30:29 ies-sabadell kernel: [613402.937520] [] ? system_call_fastpath+0x16/0x1b ja portava tot el matí fent-lo cada 2 minuts generant el missatge per una altra banda mysql s'ha accelerat deixant el servidor inservible per rendiment i tenint que tallar la connexió de l'exterior , per garantir el servei intern AL VOLTANT DE LES 12 - 12:15 HE TINGUT QUE PARAR SERVEIS I ANALITZAR, DE REVISAR TROBO FITXER ACCESS.LOG peticions extranyes i habituals 108.54.193.165 - - [07/May/2013:08:30:26 +0200] "k\xcd\xb5`x\x8bF,\xc9\x92\xd8" 301 2 "-" "-" 109.124.194.61 - - [07/May/2013:08:33:02 +0200] "-" 408 - "-" "-" 193.159.115.1 - - [07/May/2013:08:33:13 +0200] "-" 408 - "-" "-" 96.227.71.97 - - [07/May/2013:08:39:54 +0200] "-" 408 - "-" "-" 77.78.104.50 - - [07/May/2013:08:40:05 +0200] "GET /server-status HTTP/1.0" 200 26241 "-" "-" 66.249.78.71 - - [07/May/2013:08:47:41 +0200] "GET /~12damixb7/UF2/UF2-2-P4/UF2-2-P4-hotels-Oracle.xml HTTP/1.1" 200 24180 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" 66.249.75.234 - - [07/May/2013:08:48:27 +0200] "GET /~11damixb15/UF1/imatges/UF1-2-P6-informatico.jpg HTTP/1.1" 304 - "-" "Googlebot-Image/1.0" 157.55.32.96 - - [07/May/2013:08:48:31 +0200] "GET /robots.txt HTTP/1.1" 200 68 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)" 58.173.114.220 - - [07/May/2013:08:50:06 +0200] "-" 408 - "-" "-" 31.163.166.23 - - [07/May/2013:08:50:36 +0200] "9\x16\x84O\xc5\xb1\xbbF" 301 2 "-" "-" 77.78.104.50 - - [07/May/2013:08:51:25 +0200] "GET /server-status HTTP/1.0" 200 26932 "-" "-" 24.126.94.42 - - [07/May/2013:08:52:09 +0200] "-" 408 - "-" "-" 110.174.228.195 - - [07/May/2013:08:54:52 +0200] "-" 408 - "-" "-" 72.14.199.141 - - [07/May/2013:09:02:04 +0200] "GET /~12damixc3/rss.xml HTTP/1.1" 200 1735 "-" "Feedfetcher-Google; (+http://www.google.com/feedfetcher.ht 66.249.78.71 - - [07/May/2013:07:02:23 +0000] "GET /~12damixc6/UF1/html/ProjecteSergiExtremo.html HTTP/1.1" 304 - "-" "Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_1 like Mac OS X; en-us) AppleWebKit/ 98.229.193.152 - - [07/May/2013:09:06:10 +0200] "-" 408 - "-" "-" 66.249.75.141 - - [07/May/2013:09:06:23 +0200] "GET /~12damixb5/M4-UF1/M4_UF1-2-P9-Formularis-I.html 81.88.152.225 - - [07/May/2013:09:07:52 +0200] "\xa6\x16\x86\xd1\x10\xdeb>\xb2\xbf\xc9-\xf5\x9c\xab\x13\x8eS\b\xddq\xe4\x93\x8c" 301 2 "-" "-" 115.184.219.126 - - [07/May/2013:09:08:07 +0200] "-" 408 - "-" "-" 31.103.134.62 - - [07/May/2013:09:08:22 +0200] "-" 408 - "-" "-" 95.52.218.49 - - [07/May/2013:09:11:22 +0200] "-" 408 - "-" "-" 180.75.220.154 - - [07/May/2013:09:12:10 +0200] "-" 408 - "-" "-" 5.9.112.68 - - [07/May/2013:09:19:24 +0200] "GET /robots.txt HTTP/1.1" 200 68 "-" "Mozilla/5.0 (compatible; SISTRIX Crawler; http://crawler.sistrix.net/)" 5.9.112.68 - - [07/May/2013:09:19:24 +0200] "GET / HTTP/1.1" 301 2 "-" "Mozilla/5.0 (compatible; SISTRIX Crawler; http://crawler.sistrix.net/)" 5.9.112.68 - - [07/May/2013:09:19:24 +0200] "GET /intraweb HTTP/1.1" 302 325 "-" "Mozilla/5.0 (compatible; SISTRIX Crawler; http://crawler.sistrix.net/)" 66.249.78.123 - - [07/May/2013:09:20:43 +0200] "GET /moodle/index.php?cal_m=4&cal_y=2578 HTTP/1.1" 200 8166 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" 41.108.97.207 - - [07/May/2013:09:21:44 +0200] "-" 408 - "-" "-" 188.254.175.55 - - [07/May/2013:08:14:01 +0000] "\xb4\xa4\x8d\xdcW_y\xc7\x82\x91\xae\x92\xd2\xf09\xc1jo{Fa\xa6\xc7\xbdG\x06g%\xa1V\x99@v\x16\xc2\x81Yp\xbc\x97\x07c\xdb\xe9RC\xb5\xd3\x8b\xff|\xdf\xe0\xe0@j\x8d" 301 2 "-" "-" 192.168.130.195 - - [07/May/2013:10:14:05 +0200] "POST /moodle2/login/index.php HTTP/1.1" 200 6172 "https://ies-sabadell.cat/moodle2/login/index.php" "Mozilla/5.0 (Windows NT 5.1; rv:15.0) Gecko/20100101 Firefox/15.0.1" 204.14.48.164 - - [07/May/2013:11:39:38 +0200] "\x85\xcb\xccA\xd6\x9b\xed\xa1\x82\xf7\xe3\xb7n]\xa0\xe6\xf1|\xe8\xa5\v\x8ex]c4/*w0\xb9n-" 400 312 "-" "-" 1.170.191.191 - - [07/May/2013:11:46:24 +0200] "\xbb\xa0o.\bs\xc2u\x1b\x0f\xd0gV" 301 2 "-" "-" CURIOS QUE ENCARA EL FITXER ACCESS.LOG ESTÀ CONTINUAT VA COPIANT DIFERENTS HORES ? ERROR ESCRITURA ? 62.83.218.106 - - [07/May/2013:11:07:16 +0200] "GET /~12smx2c4/Joomla_recuperacion/administrator/templates/bluestork/images/j_arrow.png HTTP/1.1" 200 239 "http://ies-sabadell.cat/~12smx2c4/Joomla_recuperacion/administrator/index.php" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31" 62.83.218.106 - - [07/May/2013:11:07:16 +0200] "GET /~12smx2c4/Joomla_recuperacion/administrator/templates/bluestork/images/menu/icon-16-checkin.png HTTP/1.1" 200 469 "http://ies-sabadell.cat/~12smx2c4/Joomla_recuperacion/administrator/index.php" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31" 62.83.218.106 - - [07/May/2013:09:07:16 +0000] "GET /~12smx2c4/Joomla_recuperacion/administrator/templates/bluestork/images/menu/icon-16-clear.png HTTP/1.1" 200 566 "http://ies-sabadell.cat/~12smx2c4/Joomla_recuperacion/administrator/index.php" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31" 62.83.218.106 - - [07/May/2013:09:07:16 +0000] "GET /~12smx2c4/Joomla_recuperacion/administrator/templates/bluestork/images/menu/icon-16-purge.png HTTP/1.1" 200 513 "http://ies-sabadell.cat/~12smx2c4/Joomla_recuperacion/administrator/index.php" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31" 62.83.218.106 - - [07/May/2013:09:07:16 +0000] "GET /~12smx2c4/Joomla_recuperacion/administrator/templates/bluestork/images/menu/icon-16-info.png HTTP/1.1" 200 590 "http://ies-sabadell.cat/~12smx2c4/Joomla_recuperacion/administrator/index.php" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31" 62.83.218.106 - - [07/May/2013:09:07:16 +0000] "GET /~12smx2c4/Joomla_recuperacion/administrator/templates/bluestork/images/menu/icon-16-newarticle.png HTTP/1.1" 200 520 "http://ies-sabadell.cat/~12smx2c4/Joomla_recuperacion/administrator/index.php" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31" 62.83.218.106 - - [07/May/2013:11:07:16 +0200] "GET /~12smx2c4/Joomla_recuperacion/administrator/templates/bluestork/images/menu/icon-16-groups.png HTTP/1.1" 200 826 "http://ies-sabadell.cat/~12smx2c4/Joomla_recuperacion/administrator/index.php" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31" 62.83.218.106 - - [07/May/2013:11:07:16 +0200] "GET /~12smx2c4/Joomla_recuperacion/administrator/templates/bluestork/images/menu/icon-16-levels.png HTTP/1.1" 200 281 "http://ies-sabadell.cat/~12smx2c4/Joomla_recuperacion/administrator/index.php" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31" 62.83.218.106 - - [07/May/2013:09:07:16 +0000] "GET /~12smx2c4/Joomla_recuperacion/administrator/templates/bluestork/images/menu/icon-16-user-note.png HTTP/1.1" 200 359 "http://ies-sabadell.cat/~12smx2c4/Joomla_recuperacion/administrator/index.php" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31" 62.83.218.106 - - [07/May/2013:09:07:16 +0000] "GET /~12smx2c4/Joomla_recuperacion/administrator/templates/bluestork/images/menu/icon-16-category.png HTTP/1.1" 200 263 "http://ies-sabadell.cat/~12smx2c4/Joomla_recuperacion/administrator/index.php" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31" 62.83.218.106 - - [07/May/2013:09:07:16 +0000] "GET /~12smx2c4/Joomla_recuperacion/administrator/templates/bluestork/images/menu/icon-16-massmail.png HTTP/1.1" 200 703 "http://ies-sabadell.cat/~12smx2c4/Joomla_recuperacion/administrator/index.php" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31" 62.83.218.106 - - [07/May/2013:09:07:16 +0000] "GET /~12smx2c4/Joomla_recuperacion/administrator/templates/bluestork/images/menu/icon-16-menumgr.png HTTP/1.1" 200 519 "http://ies-sabadell.cat/~12smx2c4/Joomla_recuperacion/administrator/index.php" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31" 62.83.218.106 - - [07/May/2013:11:07:16 +0200] "GET /~12smx2c4/Joomla_recuperacion/administrator/templates/bluestork/images/menu/icon-16-menu.png HTTP/1.1" 200 427 "http://ies-sabadell.cat/~12smx2c4/Joomla_recuperacion/administrator/index.php" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31" 62.83.218.106 - - [07/May/2013:11:07:16 +0200] "GET /~12smx2c4/Joomla_recuperacion/administrator/templates/bluestork/images/menu/icon-16-article.png HTTP/1.1" 200 523 "http://ies-sabadell.cat/~12smx2c4/Joomla_recuperacion/administrator/index.php" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31" 62.83.218.106 - - [07/May/2013:09:07:16 +0000] "GET /~12smx2c4/Joomla_recuperacion/administrator/templates/bluestork/images/menu/icon-16-featured.png HTTP/1.1" 200 552 "http://ies-sabadell.cat/~12smx2c4/Joomla_recuperacion/administrator/index.php" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31" 62.83.218.106 - - [07/May/2013:09:07:16 +0000] "GET /~12smx2c4/Joomla_recuperacion/administrator/templates/bluestork/images/menu/icon-16-media.png HTTP/1.1" 200 608 "http://ies-sabadell.cat/~12smx2c4/Joomla_recuperacion/administrator/index.php" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31" 192.168.0.1 - - [07/May/2013:08:14:06 +0000] "GET /intraweb HTTP/1.0" 302 255 "http://www.google.es/url?sa=t&rct=j&q=institut+sabadell&source=web&cd=1&ved=0CDEQFjAA&url=http%3A%2F%2Fies-sabadell.cat%2Fintraweb&ei=zLeIUY_9A8LC7Aae0YGQCQ&usg=AFQjCNHXfxEsA247aQOWHbfxhD6LvM_tZg" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31" 77.78.104.50 - - [07/May/2013:08:14:06 +0000] "GET /server-status HTTP/1.0" 200 26931 "-" "-" [Tue May 07 11:40:56 2013] [error] [client 62.83.218.106] PHP Warning: simplexml_load_file(/etc/xml/catalog): failed to open stream: Permission denied in /home/alumnes/smx2c-12/12smx2c4/public_html/Joomla_recuperacion/libraries/joomla/factory.php on line 444, referer: http://ies-sabadell.cat/~12smx2c4/Joomla_recuperacion/installation/index.php [Tue May 07 11:41:44 2013] [error] [client 78.61.25.86] Invalid URI in request \xf1k\xed\xb2L\x82\x80\xcd\xfb\x1f\x14X~\xaf\xa0z\xa1\x13\xccb\xa9\x92M\xe8et\xe7\x82\x83\x8b\x07\xd9*OX"[\xaf*L\xccF\x19\xde\x0c\xf3>t\x8c'\x9c\x1dt\xa2\x02 [Tue May 07 11:41:44 2013] [error] [client 78.61.25.86] ModSecurity: Warning. Match of "rx ModSecurity" against "WEBSERVER_ERROR_LOG" required. [file "/etc/apache2/mod-security/modsecurity_crs_21_protocol_anomalies.conf"] [line "65"] [id "960913"] [msg "Invalid request"] [severity "CRITICAL"] [hostname "ies-sabadell.xtec.net"] [uri "\\xf3>t\\x8c'\\x9c\\x1dt\\xa2\\x02"] [unique_id "UYjMWH8AAQEAAAG2CegAAAAg"] [Tue May 07 11:42:57 2013] [error] [client 62.83.218.106] File does not exist: /home/alumnes/smx2c-12/12smx2c4/public_html/Joomla_recuperacion/installation, referer: http://ies-sabadell.cat/~12smx2c4/Joomla_recuperacion/installation/index.php [Tue May 07 11:43:21 2013] [error] [client 192.168.129.209] File does not exist: /srv/www/favicon.ico [Tue May 07 11:43:22 2013] [error] [client 192.168.129.209] File does not exist: /srv/www/favicon.ico [Tue May 07 11:43:27 2013] [error] [client 62.83.218.106] File does not exist: /home/alumnes/smx2c-12/12smx2c4/public_html/Joomla_recuperacion/installation, referer: http://ies-sabadell.cat/~12smx2c4/Joomla_recuperacion/installation/index.php [Tue May 07 11:44:06 2013] [error] [client 62.83.218.106] PHP Notice: Trying to get property of non-object in /home/alumnes/smx2c-12/12smx2c4/public_html/Joomla_recuperacion/libraries/joomla/updater/adapters/collection.php on line 131, referer: http://ies-sabadell.cat/~12smx2c4/Joomla_recuperacion/administrator/index.php FITXER ERROR.LOG [Tue May 07 11:35:42 2013] [error] [client 189.176.248.154] request failed: error reading the headers [Tue May 07 11:39:38 2013] [error] [client 204.14.48.164] Invalid URI in request \x85\xcb\xccA\xd6\x9b\xed\xa1\x82\xf7\xe3\xb7n]\xa0\xe6\xf1|\xe8\xa5\v\x8ex]c4/*w0\xb9n- [Tue May 07 11:39:38 2013] [error] [client 204.14.48.164] ModSecurity: Warning. Match of "rx ModSecurity" against "WEBSERVER_ERROR_LOG" required. [file "/etc/apache2/mod-security/modsecurity_crs_21_protocol_anomalies.conf"] [line "65"] [id "960913"] [msg "Invalid request"] [severity "CRITICAL"] [hostname "ies-sabadell.xtec.net"] [uri "\\x8ex]c4/*w0\\xb9n-"] [unique_id "UYjL2n8AAQEAAAH0xjsAAAAv"] [Tue May 07 11:40:25 2013] [error] [client 62.83.218.106] File does not exist: /srv/www/favicon.ico fitxer netstat i conntrack - podem veure com el top de connexió, agafant referència cada hora és les 12 on estem a les 12:05 a 259 connexions establertes mar may 7 11:05:01 CEST 2013 ESTABLISHED 2 18 240 todo 63 567 7494 contrack 180 /proc/net/ip_conntrack mar may 7 12:05:09 CEST 2013 ESTABLISHED 259 2331 31080 todo 386 3474 46254 contrack 1191 /proc/net/ip_conntrack mar may 7 13:05:01 CEST 2013 ESTABLISHED 9 81 1080 todo 24 216 2814
Publicat per a Cap comentari:

dijous, 9 de maig del 2013

instalar clamav debian 6

Debian The Debian packages are maintained by Stephen Gran. ClamAV has been officially included in the Debian distribution starting from the sarge release. Run apt-cache search clamav to find the name of the packages available for installation. Unofficial packages are available through the Debian volatile project (AMD64 arch is also supported). They are usually more recent than official ones and they are maintained by Stephen Gran too, so they follow the same layout as the official ones. Here is a blurb from the Debian volatile project home page: ‘’Some packages aim at fast moving targets like spam filtering and virus scanning, and even via using updated virus patterns, this doesn’t really work for the full time of a stable release. The main issue of volatile is to allow system administrators to update their systems in a nice, consistent way without getting the drawbacks of using unstable, even without getting the drawback for the selected packages.’‘ If you are running Lenny, we recommend that you use one of the Debian volatile repositories to keep your ClamAV installation updated on your system. Always choose the mirror closest to you. Edit /etc/apt/sources.list and add a line like this to it: deb http://volatile.debian.org/debian-volatile lenny/volatile main contrib non-free Then run apt-get update; apt-get install clamav freshclam If you need clamd, you may also want to run apt-get install clamav-daemon If you are running squeeze (Debian 6.0) or newer use: deb http://ftp.XX.debian.org/debian squeeze-updates main contrib non-free Replace XX with your country code. finalment per actualitzar a ma: cd /var/lib/clamav wget http://db.local.clamav.net/daily.cvd wget http://db.local.clamav.net/bytecode.cvd wget http://db.local.clamav.net/safebrowsing.cvd wget http://db.local.clamav.net/main.cvd comprovar que els fitxer més nous son les dades vàlides o renombrar, també canviar el propietari i grup a clamav, Latest Stable Release http://www.clamav.net/lang/en/ Latest ClamAV® stable release is: 0.97.8 Windows Antivirus - Immunet 3.0, powered by ClamAV (Learn more) ClamAV Virus Databases: main.cvd ver. 54 released on 11 Oct 2011 10:34 :0400 (sig count: 1044387) daily.cvd ver. 17172 released on 08 May 2013 10:43 :0400 (sig count: 1229899) bytecode.cvd ver. 214 released on 13 Feb 2013 10:29 :0500 (sig count: 41) safebrowsing.cvd ver. 40564 released on 09 May 2013 16:00 :0400 (sig count: 1222588) finalment scannejar (0) Scan a single file: clamscan file (1) Scan a current working directory: clamscan (2) Scan all files (and subdirectories) in /home: clamscan -r /home (3) Load database from a file: clamscan -d /tmp/newclamdb -r /tmp clamscan / -r scannejar tot el sistema recursivament clamscan -i -l file.txt scanejar tot , sortida indicant només els infectats i -l guarden al fitxer file.txt el resultat scanejar dos directoris determinats de mail clamscan -i -l clamscan1.txt --move=virus /home/username/win/Eudora1/attach-3 ; clamscan -i -l clamscan1.txt --move=virus /home/win/Eudora1/Embedded clamscan / -r -i -l resultat-antivirus.txt DEL RESULTAT DEL PRIMER SCANNEIG wikidb.sql: PHP.Flooder-1 FOUND Other Linux AV programs include: AVG: It's a nice GUI, but I never could get the update AV database feature to work. F-Prot: F-Prot is no longer a top-ranking Linux AV product (subscriber-only). avast!: I just discovered this recently. It's not available via repository, but binaries can be found at the avast! website.
Publicat per a Cap comentari:

Apache, Linux, logs

http://www.harecoded.com/contar-veces-se-pide-url-no-esa-url-1463840 Si por ejemplo queremos saber cuántas veces se ha pedido la página /abc.html en el mes de febrero (2012_02) y tenemos los logs segmentados por día, será tan sencillo como lanzar un: grep -c "GET /abc.html" /var/log/apache/access_2012_02_* Similarmente, podemos obtener el número de peticiones que NO contienen esa petición añadiendo el parámetro -v: grep -vc "GET /abc.html" /var/log/apache/access_2012_02_* La ubicación exacta de los blogs está declarada en vuestra configuración de Apache o Virtualhosts bajo la directiva AccessLog. http://www.nosolocodigo.com/leyendo-el-fichero-access-log-de-apache-desde-linea-de-comandos-en-linux Leyendo el fichero access.log de Apache desde línea de comandos en Linux Written by David. Posted in SysAdmin Esta tarde ando aburrido y he entrado por el acceso SSH que me ofrece mi empresa de hosting a curiosear un poco. He accedido al directorio donde se encuentran los logs y he empezado a leerlos. Al final he escrito unos cuantos comandos sencillos pero que permiten encontrar información interesante en los logs y demuestran el potencial de la línea de comandos de Linux. Listado de IPs únicas que ha accedido hoy a tu web cat access.log.2011-02-24 | cut -d " " -f 1 | sort | uniq 109.230.216.XXX 110.75.164.XXX 114.80.93.XXX . . . 95.60.25.XXX 95.61.0.XXX 95.63.178.XXX Cuantas IPs han accedido hoy a tu web cat access.log.2011-02-24 | cut -d " " -f 1 | sort | uniq | wc -l 1830 #El día 24 de febrero hubieron 1830 IPs diferentes conectadas al blog. Contrastando con los datos de Google Analytics puedo ver que es bastante verídico el dato.. Contar cuantas veces accede cada IP a tu web cut -d " " -f 1 access.log.2011-02-24 | sort | uniq -c | sort 323 67.205.46.XXX 587 78.136.66.XXX 794 190.233.141.XX 962 189.155.9.XXX 1081 95.17.167.XXX El modificador -c del comando uniq hace que además de agrupar por IPs, muestre a la izquierda el número de veces que se repetía esta IP.. muy útil. finalment http://nixcraft.com/getting-started-tutorials/13554-script-count-unique-ips-apache-access-log.html Script to count unique ips in apache access log Thought this was cool. We needed a shell script to count the unique IP's in a apache access log that appeared multiple times. I came up with this script that I pieced together from the web. Worked great: PHP Code: #!/bin/bash FILE=/usr/local/apache/logs/access_log; for ip in `cat $FILE |cut -d ' ' -f 1 |sort |uniq`; do { COUNT=`grep ^$ip $FILE |wc -l`; if [[ "$COUNT" -gt "10" ]]; then echo "$COUNT: $ip"; fi }; done Here are the results on my test: Code: [root@forums1 bin]# ./ipcount.sh 4416: 66.89.97.xxx 4415: xx.72.16.18.xxx 56607: 16.187.xxx.xxx 55459: xxx.xxx.xxx.195 Hope you have fun with this!! PS: Please Move this if it should be in Shell/Scripting........ jaysunn
Publicat per a Cap comentari:
Subscriure's a: Missatges (Atom)