hed0rah jrelo
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| coproc cat # Start cat in background | |
| echo Hello >&${COPROC[1]} # Say "Hello" to cat | |
| read LINE <&${COPROC[0]} # Read response | |
| echo $LINE # cat replied "Hello"! |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env perl | |
| use strict; | |
| use warnings; | |
| use Zabbix::Tiny; | |
| $|++; | |
| my %hostgroups = ( | |
| 'Test' => "42", | |
| ); | |
| my $zabbix = Zabbix::Tiny->new( | |
| server => 'https://myzabbix.something.com/api_jsonrpc.php', |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| auditctl -a always,exit -F arch=x86_64 -F path=/root/.ssh/authorized_keys -F perm=wa -F key=keychange | |
| ausearch -ts today -k keychange | |
| #https://www.cyberciti.biz/tips/linux-audit-files-to-see-who-made-changes-to-a-file.html |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| writer.c | |
| #include <fcntl.h> | |
| #include <sys/stat.h> | |
| #include <sys/types.h> | |
| #include <unistd.h> | |
| int main() | |
| { | |
| int fd; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| find /proc/ -maxdepth 1 -user root -type d |egrep '[0-9]'|while read ; do head -1 $REPLY/cmdline;done | |
| egrep 'Uid:' /proc/*/status|awk '{if ($3 != '0' && $2 == '0') print $0}' | |
| egrep 'Uid:' /proc/*/status|awk '{if ($3 != '0' && $2 == '0') print $0}'|cut -d\/ -f3|while read pid;do ps -p $pid -o comm,user,pid,ppid,uid,euid,ruid,suid,lwp,nlwp,etime,time,ni,pri_foo,sgi_p,psr,stat,wchan=WIDE-WCHAN-COLUMN,min_flt,maj_flt,cls,f,pcpu,pmem,rss,vsz,sz,args;done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #from https://www.cyberciti.biz/faq/linux-which-process-is-using-swap/ | |
| # find-out-what-is-using-your-swap.sh | |
| # -- Get current swap usage for all running processes | |
| # -- | |
| SCRIPT_NAME=`basename $0`; | |
| SORT="kb"; # {pid|kB|name} as first parameter, [default: kb] | |
| [ "$1" != "" ] && { SORT="$1"; } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| lsblk -ao NAME,KNAME,MAJ:MIN,FSTYPE,MOUNTPOINT,LABEL,UUID,RA,RO,RM,MODEL,SIZE,STATE,OWNER,GROUP,MODE,ALIGNMENT,MIN-IO,OPT-IO,PHY-SEC,LOG-SEC,ROTA,SCHED,RQ-SIZE,TYPE,DISC-MAX,DISC-ZERO | |
| blockdev -v --getra --getfra --getmaxsect --getiomin --getioopt --getalignoff --getbsz --getpbsz --getsize --getsize64 --getss --getsz $device |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| autrace /bin/ls /tmp | |
| ausearch --start recent -p 2442 -i | |
| and for resource usage mode: | |
| autrace -r /bin/ls | |
| ausearch --start recent -p 2450 --raw | aureport --file --summary | |
| ausearch --start recent -p 2450 --raw | aureport --host --summary |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #execute | |
| auditctl -a exit,always -S execve | |
| #auditctl -d exit,always -S execve | |
| #auditctl -a exit,always -S execve -F subj_type=passenger_t | |
| #kills | |
| #-a entry,always -F arch=b64 -S kill -k kill_signals | |
| #ausearch -k kill_signals | |
| auditctl -l | |
| #auditctl -a exit,always -F arch=b64 -S kill -F a1=9 |
jrelo
/ itsatrap.sh
Created
November 14, 2018 17:00
sar based trap to gather info when threshold is met
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #run following in screen session: | |
| #if [ ! -d /home/itsatrap ]; then mkdir -p /home/itsatrap;fi | |
| #while true ; do sar -r 1 |unbuffer -p gawk '{print $NF}'|grep --line-buffered -oP '^[0-9]+' | while read N; do if (( N > 100 )); then bash /home/itsatrap/itsatrap.sh;date;sleep 10;fi;done; done | |
| # | |
| #(date ; ps fauxw|egrep 'httpd|php|mysql' )| tee -a /home/itsatrap/_psdata_`date +%s` | |
| #pidstat -rud|tee -a /home/itsatrap/_piddata_`date +%s` | |
| ps fauxwwwe|tee -a /home/itsatrap/_psfaux_`date +%s` | |
| mysqladmin pr|tee -a /home/itsatrap/_mydata_`date +%s` | |
| mysql INFORMATION_SCHEMA -t -e " SELECT USER,CPU_TIME,TOTAL_CONNECTIONS,BUSY_TIME,BYTES_RECEIVED,BYTES_SENT,SELECT_COMMANDS,DENIED_CONNECTIONS,LOST_CONNECTIONS FROM USER_STATISTICS WHERE USER like '%' ORDER BY BUSY_TIME DESC,TOTAL_CONNECTIONS DESC LIMIT 128;"|tee -a /home/itsatrap/_mystat_`date +%s` |