MYNITOR.COM

HotSSH has been around for sometime but I recently found out that it exists.  It’s basically an gui interface to SSH Secure Shell in GNOME and brings some ease in managing ssh connections and etc.

HotSSH is an interface to Secure Shell, for GNOME and OpenSSH. It intends to be a better experience than simply invoking “ssh” from an existing terminal window.

• Fast search-based interface for new connections
• Also display and search of local (Avahi) SSH servers
• Tabbed display with automatic session saving (Firefox style)
• Status bar with information like latency to server and output of remote uptime
• Close integration with OpenSSH features like connection sharing (near-instant new tabs)
• NetworkManager integration to easily reconnect after a network change, great for laptops

You can download it here.

Sometimes when your website receives an unexpected flow of traffic, it’s a great feeling of joy but it can also cause virtual indigestion to servers that aren’t able to keep up with the demand.  For this reason, numerous caching methods are available to serve dynamic pages as static only content so the load relieves all stress from the database and application servers.  However, since all files get served as static files, you’re now putting all the stress on your file system and hard drives.

Depending on the i/o and TPS capability of your storage devices, it could determine whether your server can withstand the load.  If i/o is not able to withstand, you’d then start experiencing CPU performance degrade and system load averages hike up.  The result is a system hang and unresponsiveness and most importantly loss of all that nice traffic surge you were expecting.

So how do you get around these issues?  There are several ways and usually people just tend to scale up their hardware resources horizontally by adding more servers.  This is obviously an expensive solution for a short-term so you should try all caching and software based alternatives rather than jumping to hardware solutions.

Here is a method that has helped us greatly in the past.  Say you have a server that has 16GB of physical memory and your primary website size is around 2GB total.  You can create a TMPFS and mount it to be perceived as local files system and copy all your website content to it, then make adjustments in your web config to point to the new docroot.

To create a file system with 2GB borrowed from physical memory:

# mkdir /www/mywebsite.com

# mount -t tmpfs -o size=2G,nr_inodes=10k,mode=0775,noatime,nodiratime tmpfs /www/mywebsite.com

# rsync -v -a /home/myoldwebsitepath/mywebsite.com/ /www/mywebsite.com

# service httpd restart

Now your entire website will run from memory and you should notice considerable boost in performance and system load dropping like a rock and staying down.  This method only works until your system gets rebooted and then you’d have to follow the above steps once again.  To automate, simply copy and paste the above lines into a script.

Awesome tools that simply breaks your Linux server and puts you in a box to go ahead and figure out what went wrong.  This is a great method to even use on interviews or simply test your own ability of recovering a Linux operating system when it’s bad.  Perhaps you’re studying for a certification, test your ability by running these tools, not knowing how it’ll break your system but you’re job will be to fix it back to normal.

Trouble Maker

There are a lot of tools out there to make the system administrator’s life easier. However, no tool is a replacement for properly understanding the system and experience in troubleshooting unknown situations. This is where Trouble-Maker comes in. Unlike other projects, we do not attempt to solve problems — we cause them.

When installed and run, this project will randomly select a problem from its set of issues and make it happen on your system. This can give you experience dealing with:

• Dealing with partially accurate user reporting of problems
• Troubleshooting boot problems
• Troubleshooting service configuration problems
• Troubleshooting (simulated) hardware problems

By reading around on such tools, trouble-maker seem to be among the first ones that are mentioned by people.

• Download Trouble-Maker.

Damn Vulnerable Linux

This one is not exactly a tool that you can run on your existing environment.  DVL is a Linux distro and it comes packaged with everything that could have gone wrong with a Linux system.

Damn Vulnerable Linux (DVL) is everything a good Linux distribution isn’t. Its developers have spent hours stuffing it with broken, ill-configured, outdated, and exploitable software that makes it vulnerable to attacks. DVL isn’t built to run on your desktop – it’s a learning tool for security students.

The main idea behind DVL was to build up a training system that I could use for my university lectures. My goal was to design a Linux system that was as vulnerable as possible, to teach topics such as reverse code engineering, buffer overflows, shellcode development, Web exploitation, and SQL injection.

• Download DVL.

I’m sure there are others out there, so submit a link in comments area.

A nice post on IBM.com on an introduction to bash shell.

Summary: Get an introduction to the Bash shell, which you can use on nearly any UNIX®-based operating system. Bash is a mature, powerful, yet easy-to-use shell that is freely available. This tutorial provides a brief history of Bash, which indicates how the Bash shell is different than some of the other popular UNIX shells, and also provides an overview of the major features available within Bash. Next, you’ll learn more about the UNIX file system, how to work with both directories and files, and several methods for customizing the appearance and behavior of Bash. Finally, the tutorial concludes with a discussion of the job control functionality of Bash.

Read the entire article.

We’re seeing Linux platforms implementing anti-virus software mainly to scan email messages going in and out for viruses.  Claim AntiVirus is one of them that is free and is widely used.  In this article, we will list several free tools that can be used to make the management of Clam AntiVirus software easier for users and system administrators.

Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and advanced tool for automatic database updates. The core of the package is an anti-virus engine available in a form of shared library.

Here is a list of the main features:

• command-line scanner
• fast, multi-threaded daemon with support for on-access scanning
• milter interface for sendmail
• advanced database updater with support for scripted updates and digital signatures
• virus scanner C library
• on-access scanning (Linux® and FreeBSD®)
• virus database updated multiple times per day (see home page for total number of signatures)
• built-in support for various archive formats, including Zip, RAR, Tar, Gzip, Bzip2, OLE2, Cabinet, CHM, BinHex, SIS and others
• built-in support for almost all mail file formats
• built-in support for ELF executables and Portable Executable files compressed with UPX, FSG, Petite, NsPack, wwpack32, MEW, Upack and obfuscated with SUE, Y0da Cryptor and others

First if you don’t know where to get it from, download Clam AntiVirus from here.  Now use the following tools to make it’s management a piece of cake.

1. ClamTk – a graphical frontend for Clam Antivirus. It is designed to be a lightweight, easy-to-use, point-and-click virus scanner.
2. wbmclamav – a webmin module to manage Clam Antivirus (ClamAV).
3. ClamCour – a multi-threaded Courier filter that allows Clam Antivirus to scan incoming mail for viruses, and rejects it if the check is positive. Attachments can be “quarantined”, and custom domain-based email reports can be sent.
4. lclamav-milter – a small and lightweight Sendmail Clam AntiVirus mail filter (milter). lclamav-milter scans messages for viruses and worms, accepts clean messages, rejects the bad, and helps stop the spread of email viruses and worms.
5. clamaktion – a little utility that allows users of KDE 3.1 and newer to run clamscan (part of the Clam AntiVirus package) from Konqueror’s right-click menu for files and folders. clamaktion finds viruses in RPM packages too.
6. mod_clamav – a virus scanning module which uses the Clam Antivirus (clamav) package to scan Web traffic for viruses.  For Apache!

Recently one of my servers was hacked and my first reaction was to freak out and panic.  After I calmed myself down, I immediately stopped the front door the attackers had gotten to the server by shutting down the apache server.

After that, I had no idea where to start looking for backdoors that maybe installed on the system.  So i downloaded highly recommended rootkits for exactly these types of situations.  The following rootkits helped me identify the issues on my system and figure out what to do.

1. Rootkit Hunter – scans files and systems for known and unknown rootkits, backdoors, sniffers, and malware. The application consists of the main shell script, a few text-based databases, and optional Perl scripts. It can recognise and run external applications like ‘skdet’ and ‘unhide’. It should run on almost every Unix clone.
2. chkrootkit – a tool to locally check for signs of a rootkit. It contains a chkrootkit: shell script that checks system binaries for rootkit modification. The following tests are made: aliens, asp, bindshell, lkm, rexedcs, sniffer, wted, z2, amd, basename, biff, chfn, chsh, cron, date, du, dirname, echo, egrep, env, find, fingerd, gpm, grep, hdparm, su, ifconfig, inetd, inetdconf, identd, killall, login, ls, mail, mingetty, netstat, named, passwd, pidof, pop2, pop3, ps, pstree, rpcinfo, rlogind, rshd, slogin, sendmail, sshd, syslogd, tar, tcpd, top, telnetd, timed, traceroute, and write.
3. OSSEC HIDS – a host-based intrusion detection system. It performs log analysis, integrity checking, rootkit detection, time-based alerting, and active response.
4. Zeppoo – allows you to detect rootkits on the i386 architecture under Linux by using /dev/kmem and /dev/mem. It can also detect hidden tasks, modules, syscalls, some corrupted symbols, and hidden connections. Anti-Rootkits which don’t use these methods can be fooled easily.
5. Rkdet – a small daemon intended to catch someone installing a rootkit or running a packet sniffer. It takes a snapshot of processes and network connections, then disconnects from the network. It may be built to watch arbitrary files such as Web pages.

There are times when tcpdump more convenient to use than wireshark such as on a remote server where wireshark is not installed on.  Also, tcpdump is installed on many default Linux installation and is widely used for network troubleshooting.

On the other hand Wireshark has a great gui interface that is flexible and can be customized to narrow down and view network captures easily.  As a result, simply use tcpdump to capture data and bring it over to wireshark for processing.

The command to capture all data and not just the default packet size in tcpdump, type the following on your command line:

# tcpdump -i eth0 -s 65535 -w capture.out

Where…

• eth0 – Network interface
• capture.out - The file name tcpdump is capturing data in.

So I just found out there is a command line binary called watch on Linux and well it’s surprisingly helpful, especially if you’re looking to run a command at regular intervals.

Normally, when I want to check a status of a directory or periodically check the netstat table, I write something like the following:

$ while true; do netstat -an | grep ; done

Now that I know about the watch command, I can simply do this instead:

$ watch netstat -an | grep

The above command runs every 2 seconds, refreshing your screen.

Type man watch to see more examples and what else you can use it for.

If you’re on a Mac OS using Cisco VPN, more than likely you have seen this error.  In order to fix that error, simply type this command:

sudo /System/Library/StartupItems/CiscoVPN/CiscoVPN restart

And you’re set! Restart the VPN client and you should be set to use it again.

In this week’s edition of tool of the week, we’re impressed enough to showcase ps-watcher as it’s a useful tool for any user or system administrator working on a Linux server to provide process level details.

This program runs the ps command periodically and triggers commands on matches. The match patterns are Perl regular expressions which can refer to the process information via variables.

For example it can be used to ensure that a daemon is running, or is not running too many times. It can also be used to determine when a process has consumed too many resources, perhaps due to a memory leak.

• Download ps-watcher here.