I use a couple of different methods on a day to day basis to figure out what process has opened a port on my Linux machines. The first one works well in Linux, but doesn’t work in most Solaris versions I’ve sat down at
netstat -plate
This one is a bit more cross platform and uses lsof
lsof -Pani
Solaris tends to not install common tools like lsof, instead you have to go searching for them an install them yourself. Linux will spoil you, but Solaris is a necessary evil.
To force a user to change passwords at next login, use the chage command
chage -d 0 $USER
Only downside is that this doesn’t seem to work with older versions of ssh (pre 4.0 I believe) that are using privilege separation. You’ll have to edit the sshd_config file and turn privilege separation off or, a much better solution, upgrade openssh.
This was borrowed from Sebastien Wains website and then paraphrased.
To upgrade a linux kernel when you don’t have physical access to the machine, it’s important to give yourself a backout plan. Should the box panic and die, it’ll just sit there and wait for a user to come and start pressing buttons by default. Kinda sucks. So here is a way to upgrade to that new kernel and revert automatically to old faithful should the box puke. Keep in mind, if you do something brain dead like forgetting to compile in your NIC drivers into the new kernel, this method isn’t going to help you out. This will only protect you in the event of a hard panic.
First thing to go under the knife is the grub menu.lst file
default saved
timeout 5
# new kernel, not tested
title Untested Kernel
root (hd0,0)
kernel /boot/vmlinuz-2.6.18-6-686 root=/dev/sda1 ro panic=5
initrd /boot/initrd.img-2.6.18-6-686
savedefault 1# tested and working kernel
title Old Faithful
root (hd0,0)
kernel /boot/vmlinuz-2.6.18-5-686 root=/dev/sda1 ro
initrd /boot/initrd.img-2.6.18-5-686
savedefault
Now tell grub to use the new kernel on the next boot, but not subsequent boots. e.g., boot the new kernel now, but not next time.
grub-set-default 0
Boot away! We’ve really done two things here. The first is telling grub to boot a different kernel then the configured default and the second is telling Linux to reboot if it should kernel panic instead of just sitting there. Neat trick and props to Sebastien Wains.
Another little gem I found on the web. I’ve come across a few files that show up as base64_decode files when you look at them, but after php has had it’s way, they output text. Come to find out, it’s a not so clever way to obfuscate code. Other folks have had need to view these files too and have posted handy little tools to aid in that effort. Here’s one of them. Just create files called decode.php, decoded.txt and coded.txt . Put the obfuscated code in coded.txt, put this program code into decode.php and run it. The output will show up in decoded.txt . Note that this is a PHP program and requires PHP to run.
<?php
echo “\nDECODE nested eval(gzinflate()) by DEBO Jurgen <jurgen@person.be>\n\n”;
echo “1. Reading coded.txt\n”;
$fp1 = fopen (“coded.txt”, “r”);
$contents = fread ($fp1, filesize (“coded.txt”));
fclose($fp1);
echo “2. Decoding\n”;
while (preg_match(“/eval\(gzinflate/”,$contents)) {
$contents=preg_replace(“/<\?|\?>/”, “”, $contents); eval(preg_replace(“/eval/”, “\$contents=”, $contents)); } echo “3. Writing decoded.txt\n”; $fp2 = fopen(“decoded.txt”,”w”); fwrite($fp2, trim($contents)); fclose($fp2);
?>
