Category Archives: OS

clamscan

Updated script to scan linux servers for viruses.

#!/bin/bash

### Test log with Infected files
#LOGFILE=”/var/log/clamav/malware_detected.log”;

LOGFILE=”/var/log/clamav/clamav-$(/bin/date +’%Y-%m-%d’).log”;

EMAIL_TO=”you@yourdomain.com”;

# Need to build an email header to know which system is scanned.
# Gmail gateway is overwriting from line when it forwards the email.

HEADER_OS_LEVEL=”$(/bin/uname -a)”;
HEADER_DATE=”$(/bin/date)”;

> /var/log/clamav/freshclam.log
/usr/bin/freshclam

### Test clamscan
#/usr/bin/clamscan -ri /root/* > “$LOGFILE”;

/usr/bin/clamscan -ri –exclude-dir=/sys/* / > “$LOGFILE”;

# get the value of “Infected lines”
MALWARE=$(/bin/cat “$LOGFILE” | /bin/grep Infected | /usr/bin/cut -d” ” -f3);

# if the value is not equal to zero, send an email with the log file attached
if [ “$MALWARE” -ne “0” ];then

/bin/echo ” ” > /var/log/clamav/EMAIL.MSG;
/bin/echo “OS: $HEADER_OS_LEVEL” >> /var/log/clamav/EMAIL.MSG;
/bin/echo “Date: $HEADER_DATE” >> /var/log/clamav/EMAIL.MSG;
/bin/echo ” ” >> /var/log/clamav/EMAIL.MSG;
/bin/echo “Freshclam Status:” >> /var/log/clamav/EMAIL.MSG;
/bin/cat /var/log/clamav/freshclam.log >> /var/log/clamav/EMAIL.MSG;
/bin/echo ” ” >> /var/log/clamav/EMAIL.MSG;
/bin/echo “Log File: $LOGFILE” >> /var/log/clamav/EMAIL.MSG;
/bin/cat “$LOGFILE” >> /var/log/clamav/EMAIL.MSG;

/bin/cat /var/log/clamav/EMAIL.MSG | /usr/bin/mail -s “ClamAV Alert” “$EMAIL_TO”;
fi

exit 0

Building GPS Clock on Pi w/ Debian Stretch

Start with Raspbian Stretch Lite

Install most current packages:
apt-get update
apt-get upgrade
apt-get dist-upgrade

Clean up packages:
aptitude search ‘~o’
apt-get autoremove

reboot

Test GPS Sentences:
cat /dev/ttyAMA0

Limit GPS Sentences:
#GPZDA
/bin/echo -e ‘$PMTK314,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0*29\r\n’ > /dev/ttyAMA0

#GPRMC
/bin/echo -e ‘$PMTK314,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0*29\r\n’ > /dev/ttyAMA0

Configure Pi:
raspi-config
configure local >> [*] en_US.UTF-8 UTF-8
timezone >> Chicago
advanced >> Expand filesystem

reboot

Get and Unpack NTP source:
wget http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-4.2.8p12.tar.gz
tar -zxvf ntp-4.2.8p12.tar.gz

Compile NTP:
apt-get install libcap-dev

./configure –disable-all-clocks –disable-parse-clocks –without-lineeditlibs –enable-NMEA –enable-LOCAL-CLOCK –enable-SHM –enable-linuxcaps –enable-ATOM –enable-pps –with-sntp=no –prefix=/usr

make
make install

Boot and Kernel Configuration:
Disable TTY on /dev/AMA0 in /boot/cmdline.txt:
dwc_otg.lpm_enable=0 console=tty1 root=/dev/mmcblk0p2 rootfstype=ext4 elevator=deadline rootwait

Configure /boot/config.txt:
init_uart_baud=9600
disable_pvt=1
dtoverlay=pps-gpio,gpiopin=24

/etc/modules:
echo pps-gpio >> /etc/modules

Add udev rules for gps:
root@GPS2 /etc/udev/rules.d # cat 09.gps.rules
KERNEL==”ttyAMA0″, SYMLINK+=”gps0″
KERNEL==”pps0″, OWNER=”root”, GROUP=”tty”, MODE=”0777″, SYMLINK+=”gpspps0″

reboot

Test pulse per second:
apt-get install pps-tools
ppstest /dev/pps0
ppstest /dev/gpspps0

ntp.conf:
driftfile /var/log/ntpstats/ntp.drift
statsdir /var/log/ntpstats/

statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable

restrict default nomodify noquery
restrict 127.0.0.1
restrict 10.1.1.0 mask 255.255.255.0 nomodify

# NMEA serial port, 16 = 9600 baud, 8 = $GPZDA or $GPZDG
server 127.127.20.0 mode 24 minpoll 3 maxpoll 3 prefer iburst
fudge 127.127.20.0 flag1 1 flag3 1 time2 0.350 refid GPS

peer gps2.lan.side

Debian Upgrade 8 to 9

Note: Disable Network Bonding at switch and OS


# aptitude search '~o'

# apt-get update
# apt-get upgrade
# apt-get dist-upgrade

# dpkg -C

# apt-mark showhold

/etc/apt/sources.list
STRETCH:
deb http://httpredir.debian.org/debian stretch main
deb http://httpredir.debian.org/debian stretch-updates main
deb http://security.debian.org stretch/updates main

# apt-get update

# apt list --upgradable

# apt-get upgrade
# apt-get dist-upgrade

# aptitude search '~o'
# aptitude purge ~o (removes obsolete packages)

# apt-get autoremove

Remove ^rc packages
# dpkg --list |grep "^rc" | cut -d " " -f 3 | xargs sudo dpkg --purge

# reboot

GPS Time Server:
root@GPS2 /etc/udev/rules.d # cat 09.gps.rules
KERNEL==”ttyAMA0″, SYMLINK+=”gps0″
KERNEL==”pps0″, OWNER=”root”, GROUP=”tty”, MODE=”0777″, SYMLINK+=”gpspps0″

root@GPS2 /etc/udev/rules.d # /usr/sbin/ntpd –help
ntpd – NTP daemon program – Ver. 4.2.6p5

rc.local
# NTP Boot Config
/etc/init.d/ntp stop
/usr/sbin/ntpdate 0.pool.ntp.org
/bin/echo -e ‘$PMTK314,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0*29\r\n’ > /dev/ttyAMA0
/bin/sleep 30
/etc/init.d/ntp restart

/boot/config.txt
# for more options see http://elinux.org/RPi_config.txt
disable_pvt=1
dtoverlay=pps-gpio,gpiopin=24

root@GPS2 /common/home/cak/workntp # cat /etc/modules
# /etc/modules: kernel modules to load at boot time.
#
# This file contains the names of kernel modules that should be loaded
# at boot time, one per line. Lines beginning with “#” are ignored.

snd-bcm2835
pps-gpio

driftfile /var/log/ntpstats/ntp.drift
statsdir /var/log/ntpstats/

statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable
filegen protostats file protostats type day enable
filegen sysstats file sysstats type day enable

server 127.127.1.0
fudge 127.127.1.0 stratum 10
server 127.127.20.0 mode 17 minpoll 3 maxpoll 3 prefer
fudge 127.127.20.0 flag1 1 refid GPS2 time2 0.400

peer gps1.lan.side

# By default, exchange time with everybody, but don’t allow configuration.
restrict default nomodify noquery kod notrap

# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1

root@hcst001:/etc/init.d# systemctl –failed –all
UNIT LOAD ACTIVE SUB DESCRIPTION
● apache2.service loaded failed failed The Apache HTTP Server
● atd.service loaded failed failed Deferred execution scheduler
● cron.service loaded failed failed Regular background program processing daemon
● ipmievd.service loaded failed failed IPMI event daemon
● rpcbind.service loaded failed failed RPC bind portmap service
● rsyslog.service loaded failed failed System Logging Service
● ssh.service loaded failed failed OpenBSD Secure Shell server
● systemd-modules-load.service loaded failed failed Load Kernel Modules
● rpcbind.socket loaded failed failed RPCbind Server Activation Socket
● syslog.socket loaded failed failed Syslog Socket

LOAD = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB = The low-level unit activation state, values depend on unit type.

10 loaded units listed.
To show all installed unit files use ‘systemctl list-unit-files’.

root@hcst001:/etc/init.d# systemctl list-unit-files
UNIT FILE STATE
proc-sys-fs-binfmt_misc.automount static
-.mount generated
boot.mount generated
dev-hugepages.mount static
dev-mqueue.mount static
media-cdrom0.mount generated
media-usb0.mount generated
media-usb1.mount generated
media-usb2.mount generated
NAS-backup.mount generated
NAS-log.mount generated
proc-fs-nfsd.mount static
proc-sys-fs-binfmt_misc.mount static
run-rpc_pipefs.mount static
sys-fs-fuse-connections.mount static
sys-kernel-config.mount static
sys-kernel-debug.mount static
acpid.path enabled
systemd-ask-password-console.path static
systemd-ask-password-wall.path static
acpid.service disabled
apache-htcacheclean.service disabled
apache-htcacheclean@.service disabled
apache2.service enabled
apache2@.service disabled
apt-daily-upgrade.service static
apt-daily.service static
atd.service enabled
auth-rpcgss-module.service static
autovt@.service enabled
bind9-pkcs11.service disabled
bind9-resolvconf.service disabled
bind9.service enabled
bootlogd.service masked
bootlogs.service masked
bootmisc.service masked
checkfs.service masked
checkroot-bootclean.service masked
checkroot.service masked
console-getty.service disabled
console-setup.service enabled
container-getty@.service static
cron.service enabled
cryptdisks-early.service masked
cryptdisks.service masked
dbus-org.freedesktop.hostname1.service static
dbus-org.freedesktop.locale1.service static
dbus-org.freedesktop.login1.service static
dbus-org.freedesktop.network1.service disabled
dbus-org.freedesktop.resolve1.service disabled
dbus-org.freedesktop.timedate1.service static
dbus.service static
debug-shell.service disabled
dm-event.service disabled
emergency.service static
fail2ban.service enabled
fancontrol.service enabled
fuse.service masked
getty-static.service static
getty@.service enabled
halt.service masked
hddtemp.service generated
hostname.service masked
hwclock.service masked
ifup@.service static
inetd.service generated
initrd-cleanup.service static
initrd-parse-etc.service static
initrd-switch-root.service static
initrd-udevadm-cleanup-db.service static
ipmidrv.service generated
ipmievd.service disabled
irqbalance.service enabled
keyboard-setup.service enabled
killprocs.service masked
kmod-static-nodes.service static
kmod.service static
lm-sensors.service enabled
lvm2-lvmetad.service disabled
lvm2-lvmpolld.service disabled
lvm2-monitor.service enabled
lvm2-pvscan@.service static
lvm2.service masked
mdadm-raid.service generated
mdadm.service generated
memcached.service generated
module-init-tools.service static
motd.service masked
mountall-bootclean.service masked
mountall.service masked
mountdevsubfs.service masked
mountkernfs.service masked
mountnfs-bootclean.service masked
mountnfs.service masked
networking.service enabled
nfs-blkmap.service disabled
nfs-common.service masked
nfs-config.service static
nfs-idmapd.service static
nfs-kernel-server.service enabled
nfs-mountd.service static
nfs-server.service enabled
nfs-utils.service static
nmbd.service enabled
ntp.service generated
openipmi.service generated
phpsessionclean.service static
portmap.service enabled
postfix.service enabled
postfix@.service disabled
procps.service static
quotaon.service static
rc-local.service static
rc.local.service static
rc.service masked
rcS.service masked
reboot.service masked
rescue.service static
rmnologin.service masked
rpc-gssd.service static
rpc-statd-notify.service disabled
rpc-statd.service disabled
rpc-svcgssd.service static
rpcbind.service enabled
rsync.service enabled
rsyslog.service enabled
samba-ad-dc.service masked
samba.service masked
screen-cleanup.service masked
sendsigs.service masked
serial-getty@.service disabled
single.service masked
smartd.service enabled
smartmontools.service enabled
smbd.service enabled
snmpd.service enabled
ssh.service enabled
ssh@.service static
sshd.service enabled
stop-bootlogd-single.service masked
stop-bootlogd.service masked
sudo.service disabled
syslog.service enabled
systemd-ask-password-console.service static
systemd-ask-password-wall.service static
systemd-backlight@.service static
systemd-binfmt.service static
systemd-exit.service static
systemd-fsck-root.service static
systemd-fsck@.service static
systemd-fsckd.service static
systemd-halt.service static
systemd-hibernate-resume@.service static
systemd-hibernate.service static
systemd-hostnamed.service static
systemd-hwdb-update.service static
systemd-hybrid-sleep.service static
systemd-initctl.service static
systemd-journal-flush.service static
systemd-journald.service static
systemd-kexec.service static
systemd-localed.service static
systemd-logind.service static
systemd-machine-id-commit.service static
systemd-modules-load.service static
systemd-networkd-wait-online.service disabled
systemd-networkd.service disabled
systemd-poweroff.service static
systemd-quotacheck.service static
systemd-random-seed.service static
systemd-reboot.service static
systemd-remount-fs.service static
systemd-resolved.service disabled
systemd-rfkill.service static
systemd-suspend.service static
systemd-sysctl.service static
systemd-timedated.service static
systemd-timesyncd.service enabled
systemd-tmpfiles-clean.service static
systemd-tmpfiles-setup-dev.service static
systemd-tmpfiles-setup.service static
systemd-udev-settle.service static
systemd-udev-trigger.service static
systemd-udevd.service static
systemd-update-utmp-runlevel.service static
systemd-update-utmp.service static
systemd-user-sessions.service static
udev.service static
umountfs.service masked
umountnfs.service masked
umountroot.service masked
urandom.service static
user@.service static
x11-common.service masked
xinetd.service generated
machine.slice static
system.slice static
user.slice static
acpid.socket enabled
dbus.socket static
dm-event.socket enabled
lvm2-lvmetad.socket enabled
lvm2-lvmpolld.socket enabled
rpcbind.socket enabled
ssh.socket disabled
syslog.socket static
systemd-fsckd.socket static
systemd-initctl.socket static
systemd-journald-audit.socket static
systemd-journald-dev-log.socket static
systemd-journald.socket static
systemd-networkd.socket disabled
systemd-rfkill.socket static
systemd-udevd-control.socket static
systemd-udevd-kernel.socket static
dev-disk-by\x2duuid-ec862752\x2d373a\x2d475f\x2da7de\x2debc8e0941802.swap generated
basic.target static
bluetooth.target static
busnames.target static
cryptsetup-pre.target static
cryptsetup.target static
ctrl-alt-del.target disabled
default.target static
emergency.target static
exit.target disabled
final.target static
getty.target static
graphical.target static
halt.target disabled
hibernate.target static
hybrid-sleep.target static
initrd-fs.target static
initrd-root-device.target static
initrd-root-fs.target static
initrd-switch-root.target static
initrd.target static
kexec.target disabled
local-fs-pre.target static
local-fs.target static
multi-user.target static
network-online.target static
network-pre.target static
network.target static
nfs-client.target enabled
nss-lookup.target static
nss-user-lookup.target static
paths.target static
poweroff.target disabled
printer.target static
reboot.target disabled
remote-fs-pre.target static
remote-fs.target enabled
rescue.target disabled
rpcbind.target static
runlevel0.target disabled
runlevel1.target disabled
runlevel2.target static
runlevel3.target static
runlevel4.target static
runlevel5.target static
runlevel6.target disabled
shutdown.target static
sigpwr.target static
sleep.target static
slices.target static
smartcard.target static
sockets.target static
sound.target static
suspend.target static
swap.target static
sysinit.target static
system-update.target static
time-sync.target static
timers.target static
umount.target static
apt-daily-upgrade.timer enabled
apt-daily.timer enabled
phpsessionclean.timer enabled
systemd-tmpfiles-clean.timer static

279 unit files listed.

Passbox

usage: passbox [action]

Passbox – command line password manager utility

ACTIONS

add-field Update an existing entry to add additional fields to
delete Remove an entry from the password database
get Get a particular password entry by it’s name
generate Generate a new random password
new Prompt to create a new passbox entry
remove-field Update an existing entry to remove additional fields
search Search the password database for a particular string, returns all matching entries
update Update an existing entry in the password database