Wednesday, August 19, 2009
compare directory trees
ssh server1 "find /usr/local/apache2/sites/htdocs/ -type f -exec basename {} \; | sort" > server1.txt; ssh server2 "find /usr/local/apache2/sites/htdocs/ -type f -exec basename {} \; | sort" > server2; comm -3 ./server1 ./server2
Friday, August 14, 2009
slowloris ddos aversion
use Nginx and openBSD/pf to protect Apache.
http://nginx.net/
here's some configuration help.
https://calomel.org/nginx.html
http://nginx.net/
here's some configuration help.
https://calomel.org/nginx.html
Thursday, August 13, 2009
rpm packages by name only
rpm -qa --qf "%{NAME}\n" > hostname.rpm.txt
then you can compare to see what is missing.
comm -3 host1.rpm.txt host2.rpm.txt
then you can compare to see what is missing.
comm -3 host1.rpm.txt host2.rpm.txt
Tuesday, August 11, 2009
Slowloris DDOS prevention
#!/bin/sh
LIMIT=100
COMMAND='netstat -n | egrep '\''tcp.*[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*:(80|443)[ ]*[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*:[0-9]*[ ]*ESTABLISHED
'\'' | awk -F'\''[ \t:]+'\'' '\''{ print $6 }'\'''
eval $COMMAND | sort | uniq -c | while read numconn ip
do
if [ $numconn -gt $LIMIT ]
then
echo "Check ASAP and renable this cron." | mail -s "IP $ip - ($numconn) went over $LIMIT connections on `hostname`" me@someemailaddress.com
sed -i 's/\(^\*.*this_script.sh*\)/#\1/g' /etc/crontab
# /sbin/iptables -I INPUT -s $ip -j DROP
fi
done
LIMIT=100
COMMAND='netstat -n | egrep '\''tcp.*[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*:(80|443)[ ]*[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*:[0-9]*[ ]*ESTABLISHED
'\'' | awk -F'\''[ \t:]+'\'' '\''{ print $6 }'\'''
eval $COMMAND | sort | uniq -c | while read numconn ip
do
if [ $numconn -gt $LIMIT ]
then
echo "Check ASAP and renable this cron." | mail -s "IP $ip - ($numconn) went over $LIMIT connections on `hostname`" me@someemailaddress.com
sed -i 's/\(^\*.*this_script.sh*\)/#\1/g' /etc/crontab
# /sbin/iptables -I INPUT -s $ip -j DROP
fi
done
Subscribe to:
Posts (Atom)