Saturday, July 23, 2016

mancinglog.sh

berguna untuk mencari korelasi antara ip address / file di access.log
------------------------------------------------------------------------------------
start script
------------------------------------------------------------------------------------

#!/bin/bash
logpath=/var/log/nginx/access.log
ARRAY=()
getip=()
getfile=()

function getfiles {
        echo "getfiles param " ${getip[@]}
        pat=$(echo ${getip[@]}|tr " " "|")
        getfile+=($(grep -Ew $pat $logpath| cut -f 7 -d " " | sort | uniq))
        uniqf=($(printf "%s\n" "${getfile[@]}" | sort | uniq -c | sort -rnk1 | awk '{ print $2 }'))
        unset getfile
        getfile=("${uniqf[@]}")
        printf "%s\n" "${getfile[@]}" > files.txt
        echo "getfiles result " ${getfile[@]}
        getips
}



function getips {
        echo "getips param " ${getfile[@]}
        pat=$(echo ${getfile[@]}|tr " " "|")
        getip+=($(grep -Ew $pat $logpath| cut -f 1 -d " " | sort | uniq))
        uniqi=($(printf "%s\n" "${getip[@]}" | sort | uniq -c | sort -rnk1 | awk '{ print $2 }'))
        unset getip
        getip=("${uniqi[@]}")
        printf "%s\n" "${getip[@]}" > ips.txt
        echo "getips result "${getip[@]}
        getfiles
}

getfile=( `cat "files.txt"` )
getip=( `cat "ips.txt"` )
#getips $1
getfile+=($1)
getips

Thursday, July 30, 2015

install solaris openstack on virtualbox

Jadi begini.. ternyata gak support
setelah lihat di web:
http://docs.oracle.com/cd/E36784_01/html/E37629/gnwoi.html#scrolltoc

Oracle Solaris Kernel Zones can run in guests on Oracle VM Server for SPARC. Each Oracle VM Server for SPARC domain has an independent limit for the number of kernel zones that you can run. The limit is 768 for SPARC T4 or SPARC T5 systems, and 512 for SPARC M5 or SPARC M6 systems.
Kernel zones cannot run in Oracle VM Server for x86 guests or on Oracle VM VirtualBox.

Gemblung right?

Tuesday, June 23, 2015

fix locale

fix locale on some python or another script that locale-sensitive
export LANGUAGE=en_US.UTF-8
export LANG=en_US.UTF-8
export LC_ALL=en_US.UTF-8
locale-gen en_US.UTF-8
sudo dpkg-reconfigure locales
 taken from:
http://askubuntu.com/questions/205378/unsupported-locale-setting-fault-by-command-not-found

Saturday, January 31, 2015

sha512sum

to generate recursively:
find . -type f -exec sha512sum {} \; > sha512sum-${PWD##*/}

to check:
sha512sum -c sha512sum-${PWD##*/} | grep -i fail

ps.: "${PWD##*/}" is only the directory name, like: "pwd | rev | cut -d / -f1 | rev"

from:
http://www.shell-fu.org/lister.php?id=850

Monday, January 26, 2015

Remedial for hacked incident

 sudo grep '/alias.php\|/Association.php\|/blog.php\|/buffer.php\|/cache.php\|/class.wpcom-json-api-get-media-endpoint.php\|/db.php\|/dirs.php\|/file.php\|/footer.php\|/functions.php\|/global.php\|/idna_convert.class.php\|/info.php\|/menu.php\|/options.php\|/patError.php\|/PlainHTTPFetcher.php\|/shortcodes.php\|/twentyten.php\|/twentythirteen.php\|/utf.php\|/vs3xmo1.php\|/vs3xmo1.php' /var/log/xxx/xx-xx.com_access_log | cut -f 1 -d " " | sort |


find /home/ -type f -iname "*.php" -print0 | xargs -0 grep -i "qV="

https://gist.github.com/facelordgists/5761101

http://houseoflaudanum.com/navigate/snippets/removing-spam-from-postfix-queues/

This command does several things.
  1. Read in the mailqueue
  2. Look for sender address that end with `example.com`
  3. Ignore senders with valid addresses (`david` and `john`)
  4. Deletes all those messages from the queue
$ mailq | tail +2 | grep -v '^ *(' | awk 'BEGIN { RS = "" } { if ($7 ~ "example.com$" && $7 !~ "^david|^john" && $9 == "" ) print $1 } ' | tr -d '*!' | sudo postsuper -d -
http://www.cyberciti.biz/faq/searching-multiple-words-string-using-grep/

http://www.cyberciti.biz/tips/howto-postfix-flush-mail-queue.html


To remove all mail from the queue, enter:
# postsuper -d ALL
To remove all mails in the deferred queue, enter:
# postsuper -d ALL deferred

Tuesday, August 12, 2014

enable ssh on mac os x

SSH access by users is controlled by the local copy of Directory Services. (Controlled using dscl)
First off run dscl . list /Groups | grep 'access_ssh'. If the returned value says com.apple.access_ssh-disabled then all users have SSH access. If not, then we need to give the user access.
To add the user you need to run:
sudo dscl . append /Groups/com.apple.access_ssh user USERNAME
(replace USERNAME with the short username of the user) as well as:
sudo dscl . append /Groups/com.apple.access_ssh groupmembers `dscl . read /Users/USERNAME GeneratedUID | cut -d " " -f 2`
(replace USERNAME with short username as well)

taken from:
http://superuser.com/questions/166179/how-to-enable-remote-access-for-another-account-on-mac-remotely-via-ssh

Tuesday, June 17, 2014

InnoDB: Completed initialization of buffer pool InnoDB: Error: checksum mismatch in data file ./ibdata1

untuk menangani:
131104 11:17:16 InnoDB: Completed initialization of buffer pool InnoDB: Error: checksum mismatch in data file ./ibdata1 131104 11:17:16 InnoDB: Could not open or create data files
maka dilakukan
mysqld_safe  --innodb_force_recovery 4
diambil dari 
http://lifeandshell.com/mysql-innodb-error-checksum-mismatch/