IPADDR_START=216.73.xxx.xxx
IPADDR_END=216.73.xxx.xxx
CLONENUM_START=0
NETMAST=255.255.255.0
Name file ifcfg-eth0-range0 (or whatever the nic card is)
Also The start IP address is the 2nd ip address in the list, the End is the last of them.
Yes I stole this script/borrowed from Calpop. Actually one of the most useful things I got out of there.
Saturday, August 28, 2010
Friday, August 27, 2010
Scripts that come in handy.
Server e-mail every time someone logs in as root
To have the server e-mail you every time someone logs in as root, SSH into server and login as root.
At command prompt type: vi .bash_profile
Scroll down to the end of the file and add the following line:
echo 'ALERT - Root Shell Access on:' `date` `who` | mail -s "Alert: Root Access from `who | awk '{print $6}'`" your@email.com
Save and exit.
Install chkrootkit
To install chrootkit, SSH into server and login as root.
At command prompt type: cd /root/
At command prompt type: wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
At command prompt type: tar xvzf chkrootkit.tar.gz
At command prompt type: cd chkrootkit-0.44
At command prompt type: make sense
To run chkrootkit
At command prompt type: /root/chkrootkit-0.44/chkrootkit
Make sure you run it on a regular basis, perhaps including it in a cron job.
Chkrootkit is a program that scans for root kits.
To modify LogWatch, SSH into server and login as root.
At command prompt type: vi /etc/log.d/conf/logwatch.conf
Scroll down to
MailTo = root
and change to
Mailto = your@email.com
Note: Set the e-mail address to an offsite account incase you get hacked.
Now scroll down to
Detail = Low
Change that to Medium, or High...
Detail = 5 or Detail = 10
Note: High will give you more detailed logs with all actions.
Server e-mail every time someone logs in as root
To have the server e-mail you every time someone logs in as root, SSH into server and login as root.
At command prompt type: vi .bash_profile
Scroll down to the end of the file and add the following line:
echo 'ALERT - Root Shell Access on:' `date` `who` | mail -s "Alert: Root Access from `who | awk '{print $6}'`" your@email.com
Save and exit.
Install chkrootkit
To install chrootkit, SSH into server and login as root.
At command prompt type: cd /root/
At command prompt type: wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
At command prompt type: tar xvzf chkrootkit.tar.gz
At command prompt type: cd chkrootkit-0.44
At command prompt type: make sense
To run chkrootkit
At command prompt type: /root/chkrootkit-0.44/chkrootkit
Make sure you run it on a regular basis, perhaps including it in a cron job.
Chkrootkit is a program that scans for root kits.
To modify LogWatch, SSH into server and login as root.
At command prompt type: vi /etc/log.d/conf/logwatch.conf
Scroll down to
MailTo = root
and change to
Mailto = your@email.com
Note: Set the e-mail address to an offsite account incase you get hacked.
Now scroll down to
Detail = Low
Change that to Medium, or High...
Detail = 5 or Detail = 10
Note: High will give you more detailed logs with all actions.
Subscribe to:
Posts (Atom)