I want to write a shell script for getting NTP(Network Time Protocol) info for debian server.
How can I write, I don't know ?
Why are you writing your own? There are lots of existing tools to do this. openntp is one example. Look in aptitude.
Is there a reason you can't use the existing tools?
You probably want to take a look at ntpdate manpage for details on how to use this command.
Related
As a pre-install i need to check if zscaler or any similar program is intercepting the traffic. Can I use tracert for this? if so , can i just run as shellexec? Please help
Using tracert is possible - you need to catch the output of the cmd (see this example: How to get an output of an Exec'ed program in Inno Setup?)
But the tricky part is how to process that ouput? (The output is simple text.)
Do you want to parse it manually directly in Inno script? Or you have some utility to do this?
This may be a really tough task as there are many possibilities and options.
I'm a starter in Linux and scripting environment. My requirement is like this:
From an asp.net application, a file will be generated and copied
to a predefined folder on a Linux server machine. (I'm assuming this
can be done by remote file sharing using samba server)
A service or script or whatever should be there in Linux machine
to track continuously whether the file is available.
Once a new file is available, just parse the file, extract some
input variables and execute a shell script based on these
parameters.
My question lies in point no:2. --> How can I write a service or script which should execute continuously and monitor whether a file is available in a particular folder?
I've searched a lot, got into a lot of links and I'm confused what is the easiest method to do this. Because I don't want to spend a lot of coding here as the script to be executed further and the asp.net app is more important and this should be a connector in between.
You are looking for something like inotify.
[cnicutar#ariel ~]$ inotifywait -m -e create ~/somedir/
Setting up watches.
Watches established.
/home/cnicutar/somedir/ CREATE somefile
For example, you could do it in a loop:
inotifywait -m -e create ~/somedir/ | while read line
do
echo $line
done
inotify is the perfect solution to your problem. It is available as a system command that can be used in a shell, or as a system call that can be used in a C/C++ program. For details see the accepted answer to this question: Inotify - how to use it? - linux
Update: you need inotify-tools for use on command line. The answer to the question above only describes C/C++ system calls. Here is the link to inotify-tools. It is also available as a packaged distribution so search your favorite install repository (yum/apt-get/rpm etc.): https://github.com/rvoicilas/inotify-tools/wiki
I am writing some webservices in Go on a linux machine, so the Go executable needs to keep running
which is the best way to do it?
should I setup the Go executable as a service on the linux machine?
many thanks
The short answer: use the system service manager if you want to keep things super-simple. CentOS currently uses Upstart, and it's well documented and can handle most Go applications without too many problems. There are some good examples of Upstart + Go here and here
The long answer: personal preference. Supervisord, Monit and Circus are good options as well, but bring differing levels of complexity. I personally like supervisord, since it has a fairly clear syntax and a good heap of options.
There's also a good run-down here: http://tech.cueup.com/blog/2013/03/08/running-daemons/
I created a server using c++ and want to run this server as daemon on linux..
How do I do this?
Thanks in advance...
There are many ways to daemonize a process. It is quite common that server implementations provides a switch to daemonize it at startup.
If you do not wish to implement such a feature, command-line tools exists such as this one : http://software.clapper.org/daemonize/.
I don't mean to sound condescending but did you try a google search, there is a heap of info on this out there, the first link I found: (http://www.enderunix.org/docs/eng/daemon.php)
You can use dup2() on Linux to make the FD's a bit easier to handle.
You may also want to look into using something like inetd to manage your server
Is there a way to execute commands using directory traversal attacks?
For instance, I access a server's etc/passwd file like this
http://server.com/..%01/..%01/..%01//etc/passwd
Is there a way to run a command instead? Like...
http://server.com/..%01/..%01/..%01//ls
..... and get an output?
To be clear here, I've found the vuln in our company's server. I'm looking to raise the risk level (or bonus points for me) by proving that it may give an attacker complete access to the system
Chroot on Linux is easily breakable (unlike FreeBSD). Better solution is to switch on SELinux and run Apache in SELinux sandbox:
run_init /etc/init.d/httpd restart
Make sure you have mod_security installed and properly configured.
If you are able to view /etc/passwd as a result of the document root or access to Directory not correctly configured on the server, then the presence of this vulnerability does not automatically mean you can execute commands of your choice.
On the other hand if you are able view entries from /etc/passwd as a result of the web application using user input (filename) in calls such as popen, exec, system, shell_exec, or variants without adequate sanitization, then you may be able to execute arbitrary commands.
Unless the web server is utterly hideously programmed by someone with no idea what they're doing, trying to access ls using that (assuming it even works) would result in you seeing the contents of the ls binary, and nothing else.
Which is probably not very useful.
Yes it is possible (the first question) if the application is really really bad (in terms of security).
http://www.owasp.org/index.php/Top_10_2007-Malicious_File_Execution
Edit#2: I have edited out my comments as they were deemed sarcastic and blunt. Ok now as more information came from gAMBOOKa about this, Apache with Fedora - which you should have put into the question - I would suggest:
Post to Apache forum, highlighting you're running latest version of Apache and running on Fedora and submit the exploit to them.
Post to Fedora's forum, again, highlighting you're running the latest version of Apache and submit the exploit to them.
It should be noted, include the httpd.conf to both of the sites when posting to their forums.
To minimize access to passwd files, look into running Apache in a sandbox/chrooted environment where any other files such as passwd are not visible outside of the sandbox/chrooted environment...have you a spare box lying around to experiment with it or even better use VMWARE to simulate the identical environment you are using for the Apache/Fedora - try get it to be IDENTICAL environment, and make the httpd server run within VMWare, and remotely access the Virtual machine to check if the exploit is still visible. Then chroot/sandbox it and re-run the exploit again...
Document the step-by-step to reproduce it and include a recommendation until a fix is found, meanwhile if there is minimal impact to the webserver running in sandbox/chrooted environment - push them to do so...
Hope this helps,
Best regards,
Tom.
If you already can view etc/passwd then the server must be poorly configured...
if you really want to execute commands then you need to know the php script running in the server whether there is any system() command so that you can pass commands through the url..
eg: url?command=ls
try to view the .htaccess files....it may do the trick..