Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I have a WHM server running Centos 4 (yes I know it just turned unsupported) all updates are installed, everything seems up to date.
In Dec 2011 one of the server owners, who has like 50 websites on it, got his computer infected and the virus/trojan read his FTP saved passwords then logged in by ftp and modified ALL index.php files it could find, we though we cleared all.
The problem is the following, they're somehow sending e-mails using a perl script fired by Apache I need a way to find out which is the path of the script they're firing, in "ps" it only shows as "perl", when checking the files opened by the perl script it lists ALL apache vhost logs, apache error log and /dev/null.
I NEED a way to find out the path of the script that's sending the e-mails, the server got listed into CBL at spamhaus twice by now, searching "by hand" it's not an option as there are over 200 websites there that take over 100GB of space on the server.
Server it is NOT compromised, the only problem is that I can't find the script that sends the spam.
You can try and figure it out from the /proc directory
Grab the PID of the running perl process, then check
/proc/PID/cwd which will be a symlink to the current working directory of the script
check
/proc/PID/cmdline which will contain the full command line of the running process
(in both those cases replace PID with the pid of the process)
Disclaimer: I'm working off my linux machine, so it is entirely possible that your file system layout is different
On most unix systems ps just shows the command name but
ps -ef
Will show the full path. Ps'es differ from unix to unix. If this doesn't work try
man ps
and look for "full" or "full format". Hope this helps.
ps often has a -f flag or something similar that will show you the full set of information. If that doesn't work, try using lsof for the process number you get from the ps command.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
Improve this question
This question is very weird (I'm very beginner). I want send data from Linux to Linux. For example, I have Linux server (RPI3, called 'a'), and another server called 'b'. So I want data(format : python, c, jpg, txt, ...etc) from 'a' to 'b'
What are methods do I use? Here is what I know.
using socket
using MQTT
I want know above 2 methods are available??
And another methods!!
To send files from a to b, you can use scp protocol. a and b have to be in the same network.
scp sourcedirectory/image.jpg username#IPaddressOfTheDestination:targetdirectory/
There are obviously another way to send file like the protocol ftp.
The other method that you could take is to use the scp command. For example, if you want to transfer the file from server A to B you could use the command scp file.txt username#123.456.789.000: or scp file.txt username#servername: while logged-in inside the server A.
The default destination path of the file will be that home directory of the username. If you wanted the file to be copied other than this, you could append the absolute path of the directory after the : in the above scp command.
If you wanted to copy multiple files, just place the files first in a directory. After that, you could append the -r flag on the above scp command right before the scp command following the directory name. For example, scp -r directory username#123.456.789.000:
There are also other applications that would achieve the same goals(e.g WinSCP or Filezilla) and plenty tutorials available online. Most common cases of using this application is when the user wanted to transfer files from their local machine to the servers.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
I have added some environment variable as an export path to bash shell. Unfortuanately, I did it wrong and now I can't login to my account in Ubuntu.
Is it possible to remove these export commands from .bashrc, or can we directly replace this
bashrc to the one defined by the system like default?
I can't login even after entering the correct password, but at the same time I can login through guest account.
This might give some idea about the problem. I got this using Ctrl + Alt + F1 at the login screen.
Last login: Wed Jan 22 13:17:57 CET 2014 on tty1
Welcome to Ubuntu 12.04.4 LTS (GNU/Linux 3.8.0-35-generic x86_64)
* Documentation: https://help.ubuntu.com/
-bash: export: `:': not a valid identifier
-bash: export: `usr/local/SHTOOLS2.8/modules': not a valid identifier
-bash: export: `:': not a valid identifier
-bash: export' `usr/local/SHTOOLS2.8/lib': not a valid identifier
You need to get write access to the misconfigured start script (.bashrc). Can that be achieved via the guest account? I doubt it. Otherwise just edit your file using sudo pico /home/user/.bashrc.
You can always get write access by starting a runtime system from a Ubuntu boot disk. That on-the-fly system which starts then can mount the hard disks so you can then modify the .bashrc in question. I pray you are not using a crypted home directory.
You can also try out whether you can log in to your account via ssh (you need to have an sshd installed and running for that of course). If you can connect but the login stays broken, maybe you can at least execute commands via ssh: ssh user#host date (using date just for testing purposes). If at least this functions, we can start patching your broken script file via commands.
You have two problems:
(1) You need to re-gain system access
(2) You need to fix .bashrc
Solution:
(1) Problem#1:Regaining Access
(1)(a) If there is another user with sudoers permissions (i.e. the user can execute "sudo" to execute commands as root), then have that user log in and you will have access to the system to perform the solution to Problem#2.
(1)(b) if you do not have another user account on the system, you will need to boot from an Ubuntu or other live CD and mount the file system for repair operations to Problem#2. That is outside of the scope of this specific problem, but there are plenty of docs to that effect online.
(2) Problem#2:Repairing .bashrc
(2)(a) The simplest approach is to make a backup copy of .bashrc in your home directory, calling the bad file something like myBadbashrc. Then you can replace the file with a fresh .bashrc from /etc/skel or whereever your particular system gets its new-account template from.
(2)(b) If you don't feel like replacing the above file, you can do edits and continue testing through iterations.
(3) A footnote on .bashrc or other account maintenance. Always test with a TEST account. if you can't do that, then login under another terminal WHILE you are still logged in to make sure things work right. The good news: We have ALL done what you've just done and learned this lesson the hard way. ;-)
--Sam
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this question
We’re looking to run an application as a Service/Deamon on a Linux box without manually logging in and starting it. The application is a Java one that we start with a shell (.sh).
Do you know how to run a process on a Linux distribution as a service/deamon without logging in, manually start and stopping ?
Run a command on boot
You'd need to add the command that you would run, on /etc/rc.local.
Note: That path may be dependent on your distribution or init system, so check with the distributions documentation to make sure (ie it could be /etc/init.d/local or such).
One would typically
make that file executable -- chmod +x /etc/rc.local
and append/add in the contents the command that would run to start the application
$ echo "sh myscript.sh &" >> /etc/rc.local # or just edit with your prefered editor
Again, depending on your distribution and init system, you may need to add the file as a service on the default runlevel (or the appropriate runlevel)
sudo update-rc.d local defaults 80 # ie for ubuntu
Look at this howto for Ubuntu,
or look here for Archlinux,
or here for Gentoo
Remote part ?
The remote part has lots of trouble. What do you mean by remote ? Is the machine that runs the daemon in a Lan ? do you trust your lan ? does it communicate to the Internet ? etc
I would probably set up ssh on that machine, and whenever needed, I would log in and start/stop the daemon. You'd only need to set up sshd (typically /etc/ssh/sshd_config) and add ssh to run on boot.
If the machine is on a local Lan, and you believe that logging in and manually starting/stopping the daemon is too boring and want something more automated, I would probably write up a bot that would parse the mailbox for a specific user and upon receival of "special" mail, it would start or stop or toggle the status of the daemon (note it must have the appropriate permissions). That sounds easy, but you need to trust your lan or be careful on how you parse the mail (mail spoofing etc).
Assumption I assume you mean how you would get a Java service to start and stop at different run levels.
Take a look at the Java Service Wrapper it is an application which has evolved out of a desire to solve a number of problems common to many Java applications. The features of Wrapper are as follows:
Run a Java application as a Windows Service or UNIX Daemon
Java Application Reliability
Standard, Out of the Box Scripting
On Demand Restarts
Flexible Configuration
Ease Application Installations
Logging
The above spiel is from the website but I have used it extensively and its excellent. I can't recommend it enough.
In addition to other answers, you might use a #reboot crontab(5) entry
On Debian or Ubuntu, you could create your own service script by copying /etc/init.d/skeleton into your /etc/init.d/iccubedaemon (and edit that file appropriately) then symlinking it as /etc/rc2.d/S99iccubedaemon etc...
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 12 years ago.
Improve this question
Is there a way to sandbox a linux process into a certain directory, and give this process exclusive rw access to this dir? For example, create a temporary working directory, and start e.g. python or another scripting tool in such a way that it can only write in this directory, without limiting too much of its functionality. And also that only this process can access read from this directory (except for superusers of course).
I need this to sandbox a web service that basically allows users to run arbitrary code. We currently do authorization in the software itself, but in the end all processes run as one and the same linux user. We would need a way in which a user cannot do any harm on the system, but does have a temporary private working directory to write and read files that is protected from the other users of the webservice.
File permissions are based on owner/group not process so multiple programs run by the same user are going to be able to access owned directories. However if you create a temporary directory for each process before it runs and then chroot() it then no process should be able to get out of its chroot jail to access other directories.
The basic notion is that the temp directory becomes the top of the directory tree as far the process is concerned. The process doesn't know about, nor can it change to, anything above it. Otherwise it can read/write create/delete whatever to its heart's content in its sandbox.
For instance:
/rundir
/rundir/temp1 <-- process 1 chroot jailed here, can't go above
/rundir/temp2 <-- process 2 chroot jailed here, can't go above
See also "man 8 chroot".
in such a way that it can only write
in this directory, without limiting
too much of its functionality.
Wow, this sounds almost magical. Hardly a programming question.
Sounds like you want something like the Linux equivalent of the FreeBSD Jail, or at least something quite similar. This blog posting contains the description of a tool with the same name at least.
You could use a kernel patch like Grsecurity (there are others that could do the job, I think, look for SELinux and AppArmor) to enforce RBAC (role-based access control) for a certain process.
I think using a security enhanced kernel is a must, given your usage scenario.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
Without being the person logged in at the console, how do I run an X application and have it display on that X session? Assume I am either root, or I am the same user who logged in, so in principle I have persmission to do this. But how do I convince X of this?
Some examples of situations like this:
Log in with SSH and run a program that displays on the remote computer's screen (not tunneled through SSH—that is totally different)
A cron job to take a screenshot of the X session via ImageMagick's import command
Running a keystroke logger for audit purposes
This is a simpler version of Launch OpenGL app straight from a windowless Linux Terminal
The short answer is that you have to set the DISPLAY environment variable, and then the app will run.
The long answer is that we've got Xauth, and unless you're running as the same user on the same machine that's probably not going to work unless you export the Xauth credential from the account running the X server to the account running the X client. ssh -X handles this for you, which is why it's awesome, but the manual procedure involves running xauth extract - $DISPLAY on the X server account and feeding that data into xauth merge - on the client account. (Warning: the data is binary.)
On modern Linux systems, there is one X session at :0 and the X11 authority data file is always $HOME/.Xauthority so you can most often set two environment variables, for example, in Bash:
export XAUTHORITY=/home/$your_username/.Xauthority
export DISPLAY=':0'
The upshot is that you have to know the X display (placed in the DISPLAY environment variable) and the magic cookie (placed in a file, with the filename in the XAUTHORITY environment variable).
The quick-and-dirty way
On the system running X, if you are root or you are the same user who logged in to X, just assume the most common display and cookie files (works on almost any standard desktop install of any distro).
env DISPLAY=:0 XAUTHORITY=/home/whoever/.Xauthority /path/to/my/X/program
The more surefire way
Find them from the environment of an already-running X program. Again, if you are root or the same user who is logged in, this will tell you (if the user is using GNOME):
cat /proc/`pgrep -f ^x-session-manager`/environ \
| ruby -ne 'puts $_.split("\0").select { |e| e =~ /^(DISPLAY|XAUTHORITY)=/ }'