Install Logwatch in Linux CentOS

Logwatch is a Linux application that parses log files, analyses them and sends periodical reports, based on specific criteria, to one or more email addresses.
In order to install it in linux you have to issues the following command:

yum install logwatch

Edit the configuration file:

nano /usr/share/logwatch/default.conf/logwatch.conf

Check and edit the following directives in order to suit your needs:

LogDir = /var/log
MailFrom = Logwatch@mydomain.com
Range = yesterday //(or today)
Detail=Medium // (other: Low, Medium, High)
Service=all //(other examples would be httpd, sshd2, ftp)

Run logwatch manually:

logwatch --detail High --mailto myemail@domain.com --service http --range today

The output should be like this:


 ################### Logwatch 7.3.6 (05/19/07) ####################
        Processing Initiated: Tue May 19 14:21:59 2015
        Date Range Processed: today
                              ( 2015-May-19 )
                              Period is day.
      Detail Level of Output: 5
              Type of Output: unformatted
           Logfiles for Host: fcsteaua.ro
  ##################################################################

 --------------------- courier mail services Begin ------------------------

 **Unmatched Entries**
   courier-pop3d - 2 Times
      Connection, ip=[::ffff:182.118.53.150] - 1 Time
      Disconnected, ip=[::ffff:182.118.53.150] - 1 Time



 ---------------------- courier mail services End -------------------------


 --------------------- Cron Begin ------------------------

sshd:
    Authentication Failures:
       root (43.255.188.163): 4930 Time(s)
       root (43.255.188.155): 3524 Time(s)
       root (61-218-247-185.hinet-ip.hinet.net): 925 Time(s)
       unknown (61-218-247-185.hinet-ip.hinet.net): 391 Time(s)
       root (61.133.63.14): 137 Time(s)
       root (58.218.205.72): 114 Time(s)
       root (222.186.160.48): 98 Time(s)
       root (218.65.30.61): 90 Time(s)
       root (221.229.166.81): 80 Time(s)
       root (58.218.205.66): 69 Time(s)
       root (58.218.199.195): 68 Time(s)

Block failure notice emails in qmail

I have Plesk on my Linux server and I receive lots of spam emails from the root account on my server.
Here’s what happened. My forum used to send emails to non-existent email accounts around the web and I used to receive the failure notices for them.
To block failure notice emails in qmail that were forwarded to my main email I had to modify the aliases from

/var/qmail/alias

Here’s a sample email I received:

MAILER-DAEMON@nixware.net
Mar 30 (7 days ago)

to postmaster 
Hi. This is the qmail-send program at nixware.net.
I tried to deliver a bounce message to this address, but the bounce bounced!

:
2a00:1450:4013:0c01:0000:0000:0000:001a does not like recipient.
Remote host said: 550-5.1.1 The email account that you tried to reach does not exist. Please try
550-5.1.1 double-checking the recipient's email address for typos or
550-5.1.1 unnecessary spaces. Learn more at
550 5.1.1 http://support.google.com/mail/bin/answer.py?answer=6596 q5si14669450wjx.9 - gsmtp
Giving up on 2a00:1450:4013:0c01:0000:0000:0000:001a.

--- Below this line is the original bounce.

Return-Path: <>
Received: (qmail 8634 invoked for bounce); 29 Mar 2015 23:50:02 +0200
Date: 29 Mar 2015 23:50:02 +0200
From: MAILER-DAEMON@nixware.net
To: root@nixware.net
Subject: failure notice

As you can see, the postmaster account was receiving the spam from MAILER-DAEMON and MAILER-DAEMON was forwarding them to my gmail.com account. Pretty nasty…

The fix:
Go to

/var/qmail/alias

do a

ls -alh

and you will see a couple of hidden config files.

Inside each of those file I had my @gmail account. With the next script I overwrote the gmail account with a non-existent email:

Qmail alias hidden files

 

 

 

 

 

 

 

for FILE in ./.qmail-*;do echo "nonexistent@nodomain.tld" > $FILE;done

Restart/reload qmail:

service qmail reload

That’s it! You should not receive any spam from any of the root, mailman or postmaster accounts.

Batch download files from a website

I needed a quick bash script that will batch download all files from a public web server.
The files had the names like 1.gif, 2.gif, etc and were accessible via a CDN subdomain like http://images.mydomain.com.

So here it is:

for i in {1..18000}; do wget images.mydomain.com/$i.gif; sleep 5;done

Replace mydomain.com with your site and that’s it.
Alternatively you can get rid of “sleep 5″ and put the whole script in a file and execute it with:


[root@nix]# nohup ./script.sh &

This will keep your script running even if you disconnect from the shell console.

Restore mysql database from sql file

If you want to restore a mysql database from a sql file you have to issue this command:

[root@enix ~]#mysql -uroot -pxxx my-database < my-database-backup.sql

– where: my-database is your databse where you want to restore data;
– my-database-backup.sql is your sql backup file
– change root to your mysql user
– change xxx with your mysql password

And that’s it.

When dumping the database with mysqldump, use the option –no-create-db.
This will suspress the CREATE DATABASE statement in your dump file.
Then restore the database with

mysql -h <host> -u <user> -p <databasename> < dump.sql

In this way you can restore your data in whatever database you like (But that database has to exist!).

Substitution operators

Substitution operators are used for expanding parameters and variable values.

Examples:

${variablename:-some word}

-If varname exists and isn’t null, return its value; otherwise return word.

Purpose: Returning a default value if the variable is undefined.

[root@euve59329 ~]# echo ${PWDx:-non existent variable}
non existent variable

${varname:=word}
– If varname exists and isn’t null, return its value; otherwise set it to
word and then return its value. Positional and special parameters

[root@euve59329 ~]# echo ${ID:=0}
0

– ID variable does not exist. In this case, the value is set to 0.

Purpose:Setting a variable to a default value if it is undefined.


${varname:?message} 

If varname exists and isn’t null, return its value; otherwise print
varname: followed by message, and abort the current command or
script (non-interactive shells only). Omitting message produces the
default message parameter null or not set.

 

[root@euve59329 ~]# echo ${thevariable:?does not exist}
bash: thevariable: does not exist
[root@euve59329 ~]#

– Purpose: Catching errors that result from variables being undefined.


${varname:+word}

[root@euve59329 ~]# echo ${count:+1}
1
[root@euve59329 ~]# echo ${countX:+1}

Purpose: Testing for the existence of a variable.
Example: ${count:+1} returns 1 (which could mean “true”) if count is
defined.


 

${varname:offset:length}

 

Performs substring expansion.[5] It returns the substring of $varname
starting at offset and up to length characters. The first character in
$varname is position 0. If length is omitted, the substring starts at
offset and continues to the end of $varname. If offset is less than 0 then
the position is taken from the end of $varname. If varname is @, the
length is the number of positional parameters starting at parameter
offset.
Purpose: Returning parts of a string (substrings or slices).
Example:

 

[root@euve59329 ~]# count=MyCoolText
[root@euve59329 ~]# echo ${count:4}
olText
[root@euve59329 ~]# echo ${count:4:4}
olTe
[root@euve59329 ~]#

Inspired from Learning the bash Shell: Unix Shell Programming (In a Nutshell (O’Reilly))

String Manipulation and Expanding Variables

String Manipulation and Expanding Variables

For your ready references here are all your handy bash parameter substitution operators. Try them all; enhance your scripting skills like a pro:

${parameter:-defaultValue} Get default shell variables value
${parameter:=defaultValue} Set default shell variables value
${parameter:?”Error Message”} Display an error message if parameter is not set
${#var} Find the length of the string
${var%pattern} Remove from shortest rear (end) pattern
${var%%pattern} Remove from longest rear (end) pattern
${var:num1:num2} Substring
${var#pattern} Remove from shortest front pattern
${var##pattern} Remove from longest front pattern
${var/pattern/string} Find and replace (only replace first occurrence)
${var//pattern/string} Find and replace all occurrences
REFERENCES:

via http://www.cyberciti.biz/tips/bash-shell-parameter-substitution-2.html

How to empty large log files

If you want to empty large log files (aka lots of GB) without deleting the file, here’s how you can do that:

 

 

nix# > mylargelog.log

or

nix# echo " " > mylargelog.log

Tadaa!!

Search in archives

When using the linux shell daily we encounter situations when we need to search specific strings in one or more archives. If you are wondering how to search in archives for different patterns or strings, this tutorial will show you how.

You might have an archived log file and you want to search for the word “error”, here’s how you can do it.

Presenting zcat:

zcat is a linux console utility that takes as input compressed data files and send to stdout the results. Used with advanced utilities like cut, grep or awk, zcat becomes a very powerful application that helps the linux system administrator to search through archived files.

Here’s an example.

[root@nyx /]# zcat httpd-log_20140821.gz | awk -F ";" '($6~"error")

[Wed Aug 27 11:08:27 2014] [error] [client 91.196.46.169] PHP Warning: date_default_timezone_get(): It is not safe to rely on the system's timezone settings.

The explaining:

zcat parses httpd-log_20140821.gz, outputs the lines that have the word “error” in the 6th column of the log file.

Another example:

zcat logs_2014082* | awk -F ";" '($1=="Transaction timed out") | sort -u

Alert: a Transaction timed out error was received at 2014-08-20 1:33

Alert: a Transaction timed out error was received at 2014-08-21 10:03

The explanation:

zcat parses the archived files hat start with ” logs_2014082″, searches if the 1st column contains “Transaction timed out” then sorts the output and removes duplicate lines.

Introducing zgrep.
Like the similar grep command, zgrep is a linux utility that was developed for the sole purpose of matching patters or strings inside an archived file.

Example:

zgrep error httpd.log.gz

[Sat Aug 23 06:12:20 2014] [error] [client 141.8.147.29] File does not exist: /www/html/nixware.net/httpdocs/index
[Sat Aug 23 06:12:21 2014] [error] [client 37.58.100.76] File does not exist: /www/html/nixware.net/httpdocs/forum

 

The explanation: zgrep searches the httpd.log.gz file for the “error” word and sends the output to stdout.

zmore:

– allows you to filter archived or plain text files one screen a a time. As it’s name says it does basically the same thing as more but it can search.

How to run linux scripts

Scripts can be defined as a sequence of commands that are stored inside a file and are usually executed in order to automate certain tasks. In the following minutes I’m gonna show you how to run linux scripts from the shell.

In the BASH environment you can find many types of scripts. Depending on the user needs you can find BASH, Python, Perl or other type of scripts.

In some cases they might have an extension like .sh, .bsh, or .py, however this is not a rule. In Linux, files don’t need to have an extension, but they are required to have an shebang.

The shebang is the first line in a script which tells the shell what program to interpret the script with, when executed.

Here’s an example:

~ # more /root/blockip.sh
#!/bin/bash

As you can see, the first line in the script tells us that this is a BASH script.

So, how can we run a script ?

First you need to check the permissions of the script:

~ # ls -l /root/blockip.sh
-r--r--r   1 root     root          156 Jun  1 20:12 /root/blockip.sh
root@nyxware#

In order to execute a script, the user under which the script needs to be executed has to have execution permissions, and the above one doesn’t have that permissions and this is how you can fix it:

chmod + x ./blockip.sh

No check the permissions again:

~ # ls -l /root/blockip.sh
-rwxrwxrwx   1 root     root          156 Jun  1 20:12 /root/blockip.sh
root@nyxware

The permissions are ok now.

Now you can run the script by typing:

root@nyxware
~ # ./blockip.sh
OK
root@nyxware

Alternatively, you can run the same script with it’s absolute path:

root@nyxware
~ # /root/blockip.sh
OK
root@nyxware

A python script can be run like this:

~ # python test.py
Usage: test.py server [options]

Test for SSL heartbeat vulnerability (CVE-2014-0160)

Options:
  -h, --help            show this help message and exit
  -p PORT, --port=PORT  TCP port to test (default: 443)
root@nyxware

~ #

run linux script

 

 

 

 

 

 

In Perl:

root@nyxware#hello-world.pl
Hello world!

How to save iptables rules

iptables is a Linux application built for the purpose to allow a system administrator to configure and maintain specific tables/rules provided by the Linux kernel firewall module.
There are currently 3 different kernel modules build for the IPv4, IPv6 and ARP stack protocols (iptables is used for IPv4, ip6tables refferes to IPv6, arptables to Addres Resolution Protocol).

The most used and the one used in this tutorial is iptables. In order to execute iptables related commands you need root privileges or to be in the sudoers file in Debian/Ubuntu OSes.

 

The syntax used to check the iptables service status is:

service iptables status  ##CentOS, Redhat
sudo iptables -L -n -v   ##Debian, Ubuntu

 

To start iptables:

service iptables start ##CentOS, Redhat
sudo ufw enable ##Ubuntu

 

To list iptables rules:

iptables -L

 

Save iptables rules:

iptables-save  #Debian
sudo iptables-save  #Ubuntu
service iptables save #CentOS

On CentOS, for example, you would see an output like this:

iptables save

 

 

 

 

To restore iptables rules:

~ # iptables-restore &lt; /etc/sysconfig/iptables
root@nyxware
~ #