Showing posts from November, 2013

Centos 6.4 how to check if sshd is infected with Fokirtor

Centos 6.4 how to check if sshd is infected with Fokirtor At first you need to install yum install python-psutil after that cp /sbin/pidof /bin/pidof and download and execute this script #!/bin/sh # # A simple check to see if running ssh processes contain any string that have # been designated an indication of Fokirtor by Symantec. # # More info here: # # # (c) 2013, Kumina bv, [email protected] # # You are free to use, modify and distribute this check in any way you see # fit. Just don't say you wrote it. # # This check is created for Debian Squeeze/Wheezy, no idea if it'll work in # other distros. You'll need gdb-minimal (for gcore) installed. # We need to be root if [ ` /usr/bin/id -u ` -ne 0 ] ; then

Bash: Timestamp in bash history

Bash: Timestamp in bash history The bash history is a useful thing to remember commands which were entered on a system. But it’s not only useful to help your mind – you can also keep track of the entered commands. This is especially interesting on multi user systems. You are able to check the executed commands after the user logs out. That is extra interesting when you spotted some problems like missing files on a system – you would be able to check if someone removed that file. But by default you can only track the commands entered and you won’t know when they were entered. This could be very important. Thankfully there is a way to add timestamps to the bash history since Bash version 3.0. See how to configure your bash to save the timestamp for each command execution… It is quite easy to configure. You just need to set one environment variable HISTTIMEFORMAT . The HISTTIMEFORMAT variable needs to be added to your bashrc scripts. I prefer to add it

A bunch of commands to change UIDS and GIDS

A bunch of commands to change UIDS and GIDS Here's the commands to run as root to change the UID and GID for a user.  Simply change the variables in angled brackets to match your settings:   usermod -u <NEWUID> <LOGIN> groupmod -g <NEWGID> <GROUP> find / -user <OLDUID> -exec chown -h <NEWUID> {} \; find / -group <OLDGID> -exec chgrp -h <NEWGID> {} \; usermod -g <NEWGID> <LOGIN> usermod and groupmod simply change the UID and GID for their respective named counterpart usermod also changes the UID for the files in the homedir but naturally we can't assume the only place files have been created is in the user's homedir. The find command recurses the filesystem from / and changes everything with uid of OLDUID to be owned by NEWUID and them changes the group for the files owned by the OLDGROUP The final usermod command changes the login group for the user found at :  https://muffinr

Reset “Use Secure in Front End or Admin” in Database – Magento

Reset “Use Secure in Front End or Admin” in Database – Magento by Nick Cron I ran into an issue this week where I switched on SSL on a development site and then realized the SSL cert was not installed correctly.  This is a big issue in Magento because there is no way to get back to the admin to switch it back off. If this ever happens do the following to switch back: 1. Open up your admin panel (cPanel or other) 2. Go to phpMyAdmin (if MySql) 3. Find your Magento Database 4. Find table “core_config_data” 5. Look for the columns “web/secure/use_in_frontend” and “web/secure/use_in_adminhtml” 6. Edit both values, make them equal to “0″ After this is done you will be back in action. found at