Tikejhya: Ashish Nepal

Knowledgebase

Category: System Administration (Page 1 of 5)

Kill zombie process

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

What’s a Zombie Process?
To understand what a zombie process is and what causes zombie processes to appear, you’ll need to understand a bit about how processes work on Linux.

When a process dies on Linux, it isn’t all removed from memory immediately — its process descriptor stays in memory (the process descriptor only takes a tiny amount of memory). The process’s status becomes EXIT_ZOMBIE and the process’s parent is notified that its child process has died with the SIGCHLD signal. The parent process is then supposed to execute the wait() system call to read the dead process’s exit status and other information. This allows the parent process to get information from the dead process. After wait() is called, the zombie process is completely removed from memory.

Find pid for master process
ps -A -ostat,ppid | awk '/[zZ]/{print $2}'

Find and kill pid of master process
kill -HUP $(ps -A -ostat,ppid | awk '/[zZ]/{print $2}')

dstat

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

Options:

dstat [-afv] [options..] [delay [count]]

Dstat allows you to view all of your system resources instantly, you can eg. compare disk usage in combination with interrupts from your IDE controller, or compare the network bandwidth numbers directly with the disk throughput (in the same interval).

Best usages
dstat -cdgilmnprstTy --socket

Integrating IDS [ossec] with custom log and skype alerting system

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

Logging is essential for all application and more log you digest more you create “error free application” …

well, ^^ above statement might not be true in all scenario 😀

First, lets get what we are trying to achieve..

1) Configure ossec to monitor application log.

1.1) configure ossec to monitor custom log [ossec client configuration]

      <localfile>
<log_format>syslog</log_format>
<location>/my/custom/logs/*/dddd-mm-yy*</location>
</localfile>

1.2) configure ossec to fire trigger if some exception caught. [i.e. if you see any error or any keyword].

<var name=”PANIC_WORDS”>error|bad|</var>

<group name=”syslogs,bidsys,”>
<rule id=”110000″ level=”2″>
<decoded_as>bidsys</decoded_as>
<description>my log alert Alert</description>
</rule>

<rule id=”110002″ level=”7″>
<if_sid>110000</if_sid>
<match>$PANIC_WORDS</match>
<description>Bad Log.</description>
</rule>

</group>

 

Note: you can always have nested triggers

1.3) create rule to complete 1.2 with decoder so that your logs are parsed correctly.

<decoder name=”mylog”>
<prematch>^dddd-dd-dd dd:dd:dd</prematch>
</decoder>

<decoder name=”php-app-alert”>
<parent>mylog</parent>
<regex>^</regex>
<order>srcip</order>
</decoder>

1.4) test with ossec-logtest.

2) Bind that with Active Response

2.1) create command for active response.

2.2) create trigger for active response.

this

 

<command>
<name>skypeMe</name>
<executable>skype.sh</executable>
<timeout_allowed>yes</timeout_allowed>
<expect />
</command>
<active-response>
<command>skypeMe</command>
<location>server2</location>
<rules_id>110002</rules_id>
</active-response>

 

2.3) write script that has to be executed.

#!/bin/sh

MAILADDRESS=”tikejhya”
ACTION=$1
USER=$2
IP=$3
ALERTID=$4
RULEID=$5

LOCAL=`dirname $0`;
cd $LOCAL
cd ../
PWD=`pwd`

ALERTTIME=`echo “$ALERTID” | cut -d “.” -f 1`
ALERTLAST=`echo “$ALERTID” | cut -d “.” -f 2`
grep -A 10 “$ALERTTIME” /var/ossec/logs/alerts/alerts.log | grep -v “.$ALERTLAST: ” -A 10 > /var/ossec/active-response/logs/next_message.log

/home/skype/sendim.sh tikejhya $(cat /var/ossec/active-response/logs/next_message.log | grep -v * )
exec “$@”

2.4 ) trigger skype messaging when certain trigger is triggered. ^^

3) Skype on linux

For this please visit my old post integrating zabbix with skype. [http://www.ashishnepal.com/installing-skype-on-linux-centos-5-6-and-sending-message-from-zabbix/]

 

 

 

 

 

ERROR 1146 (42S02): Table ‘mysql.servers’ doesn’t exist

mysql> flush privileges;
ERROR 1146 (42S02): Table ‘mysql.servers’ doesn’t exist

Solution:

CREATE TABLE `servers` (
`Server_name` char(64) NOT NULL,
`Host` char(64) NOT NULL,
`Db` char(64) NOT NULL,
`Username` char(64) NOT NULL,
`Password` char(64) NOT NULL,
`Port` int(4) DEFAULT NULL,
`Socket` char(64) DEFAULT NULL,
`Wrapper` char(64) NOT NULL,
`Owner` char(64) NOT NULL,
PRIMARY KEY (`Server_name`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8
COMMENT='MySQL Foreign Servers table';

hping

hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping(8) unix command, but hping isn’t only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features.

Usages: hping -i u1 -F -p 80 192.168.1.27

strace

The most common usage is to start a program using strace, which prints a list of system calls made by the program.

example:
ps auxw | grep httpd | awk ‘{print”-p ” $2}’ | xargs strace

straceprocessname(){ x=( $(pgrep “$@”) ); [[ ${x[@]} ]] || return 1; strace -vf ${x[@]/#/-p }; }

 

example2:

Find use of config file for php.

strace php 2>&1 | grep php.ini

Or, you might want to check only open syscall.

strace -e open php 2>&1 | grep php.ini

 

example 3:

strace -e open,access 2>&1 | grep your-filename

 

example 4: check using processid

strace -p 15427

 

example 5: check time of system call

strace -c -p 11084

 

example 6: netcat remote access

strace -e poll,select,connect,recvfrom,sendto nc www.tikejhya.com 80

MailBox

Mailbox utility

How to test if mail server is open relay

    http://www.mailradar.com/openrelay/

Testing spf (There is nice tool provided by kitterman.com)

    http://www.kitterman.com/spf/validate.html

There are various ways of check SPF records from linux command:

dig TXT ashishnepal.com
host -t txt ashishnepal.com

 

Testing mx boxes white and blacklist.

http://whatismyipaddress.com/blacklist-check
http://mxtoolbox.com/SuperTool.aspx#

Linux utility command host

Using host command to detect dns propagation, TTL, or records.

Host usages various different options.
-a is equivalent to -v -t *
-c specifies query class for non-IN data
-C compares SOA records on authoritative nameservers
-d is equivalent to -v
-l lists all hosts in a domain, using AXFR
-i IP6.INT reverse lookups
-N changes the number of dots allowed before root lookup is done
-r disables recursive processing
-R specifies number of retries for UDP packets
-t specifies the query type
-T enables TCP/IP mode
-v enables verbose output
-w specifies to wait forever for a reply
-W specifies how long to wait for a reply
-4 use IPv4 query transport only
-6 use IPv6 query transport only
-s a SERVFAIL response should stop query

However i assume general purpose would be something like this:

# Check A record of domain

 host -t A ashishnepal.com

# Check MX record of domain

 host -t mx ashishnepal.com

# Check txt records

 host -t txt ashishnepal.com

Identically you could test SPF, and other _domainkey and so on.
e.g.

host -t txt _domainkey.ashishnepal.com

Linux Command at

# at

At allows fairly complex time specifications, extending the POSIX.2 standard. It accepts times of the form HH:MM to run a job at a specific time of day.

[root@tikejhya]

at 01:05
at> cd /data/scripts/; ./run-something.sh
at> 

# control d to end of command

How to track at jobs?

at -l
atq

see job ids track at /var/spool/at

you will be seeing to-be run command around end of the file.

using kill command under Linux/UNIX

First find out what is the process running, or which process you want to kill if its causing any issue.

# ps aux | grep php

There should be output like

php 3486 0.0 0.1 4248 1432 ? S Nov1 0:00 /usr/bin/php -xxxxxxxxx
php 3492 0.0 0.5 13752 3936 ? Ss Nov1 0:00 /usr/bin/php

Now kill using pid
# kill 3486

You could also use command pidof
# pidof httpd

If you wish to kill all process running as php
# kill $(ps aux | grep 'php' | awk '{print $2}')

Killing zombie

#kill $(ps aux | awk '{ print $8 " " $2 }' | grep -w Z | awk '{ print $2 }')

How to kick user out from linux shell

# How to check user logged in Linux.
# How to kick user out from linux shell.

[root@tike ashish.nepal]# who -u
ashish.nepal pts/0 2012-10-26 08:57 02:52 16229 (10.8.0.14)
ashish.nepal pts/1 2012-10-26 11:47 . 25963 (10.8.0.14)
[root@tike ashish.nepal]# kill 16229

Page 1 of 5

Powered by WordPress & Theme by Anders Norén