Brainfish Eat Fishbrain

Monday, October 26, 2009

Cpanel: Monitoring :2082 logins

Simple script to send you all new logins of the day. Seeing something strange would trigger further research.

#!/usr/bin/perl

chdir('/root');

$d = `date +%m/%d/%Y`;
chomp($d);

@logins = `cat /usr/local/cpanel/logs/access_log|grep $d|awk '{print \$1 " " \$3}'|sort|uniq`;

$x = "";

foreach(@logins) {
 chomp; 
 /(.*?)\ (.*)/;
 next if $2 eq "-";
 $z = `whois $1|grep addres|tail -n 1`;
 chomp($z);
 $x.="$z $1 $2\n";
}

if (not -f "./latestscan") {
 `touch ./latestscan`;
}

$y = `cat ./latestscan`;

exit if $y eq $x;

open(F, ">latestscan");
print F $x; 
close F;

 $sendmail = "/usr/sbin/sendmail -t";
 open(SENDMAIL, "|$sendmail") or die "Cannot open $sendmail: $!"; 
 print SENDMAIL "Reply-to: root\@myserver.org\n"; 
 print SENDMAIL "Subject: Login report hostf1\n"; 
 print SENDMAIL "To: alerts\@yourserver.com\n"; 
 print SENDMAIL "Content-type: text/plain\n\n"; 
 print SENDMAIL $x; 
 close(SENDMAIL);

posted by tycho at 3:07 AM

Sunday, October 25, 2009

Watching series; I don't want to touch my computer

When I watch series I don't want to touch my computer and I watch all episodes in one fell swoop; if I do something like mplayer *.mpg it crashes, so that doesn't work. This does, run like;


./play "*.mpg"


or 


./play "*.avi"


The code;


#!/usr/bin/perl

$a = "";
foreach(@ARGV) {
 $a.=" " if $a; 
 $a.=$_;
}

while(1){foreach(glob("$a")){`mplayer -fs \"$_\"`}}

posted by tycho at 12:58 AM

Saturday, October 24, 2009

Cpanel security: scanning for usage or upload of c99 shell script (or other scripts)

Sometimes users upload stuff to your server or use scripts you don't want used. To detect them fast, I wrote this script.


#!/usr/bin/perl
    
use Digest::Perl::MD5 'md5_hex';

chdir('/root/');
`touch ./scanned` if not -f "./scanned";

%h = ();
open(F, "scanned");
while() {
 chomp;
 $h{$_} = 1;
}
close F;

@x = `cd /etc/httpd/domlogs/; grep c99me *`;
open(F, ">>scanned");
$s = "";
foreach(@x) {
 chomp;
 $m = md5_hex($_);
 next if $h{$m};
 print F "$m\n";
 $s.=$_."\n";
}
close F;

if ($s) {
 $sendmail = "/usr/sbin/sendmail -t";
 open(SENDMAIL, "|$sendmail") or die "Cannot open $sendmail: $!"; 
 print SENDMAIL "Reply-to: root\@myserver.org\n"; 
 print SENDMAIL "Subject: Found some illegal stuff on server\n"; 
 print SENDMAIL "To: alerts\@somewhere.com\n"; 
 print SENDMAIL "Content-type: text/plain\n\n"; 
 print SENDMAIL $s; 
 close(SENDMAIL); 
}

posted by tycho at 5:08 AM

Cpanel security: cron update all Wordpress installations on your server

Two simple scripts. Use with caution and at your own risk. Might eat your machine and piss off all your users. 


!/usr/bin/perl

`rm -fR wordpress`;
`wget http://wordpress.org/latest.zip`;
`unzip latest.zip`;

@all = `ls -la /home/|awk '{print \$3}'|grep -v root`;

foreach(@all) {
 chomp;
 next if /^$/;
 `./updatewp $_`;
}



#!/usr/bin/perl

$host = `hostname`; 
chomp($host);

$u = $ARGV[0]; 

exit if !$u; # user as arg

exit if not -f "/home/$u/public_html/wp-config.php"; # not wp install

# you shouldn't actually have the readme.html, but if it's there it's a bit faster
$v1 = `cat /home/$u/public_html/readme.html|grep Version > dev/null`;
$v1 =~ /Version\ (\d+\.\d+\.\d+)/;
$v1 = $1; 

$v2 = `cat wordpress/readme.html|grep Version`;
$v2 =~ /Version\ (\d+\.\d+\.\d+)/;
$v2 = $1;

exit if $v1 eq $v2; # already updated

`cp -a wordpress /home/$u/wp_int`;

`cp -rpf /home/$u/public_html/wp-config.php /home/$u/wp_int`;
`cp -rpf /home/$u/public_html/wp-content/* /home/$u/wp_int/wp-content/`;
`cp -rpf /home/$u/public_html/.htaccess /home/$u/wp_int/`;

`chown $u.$u /home/$u/wp_int`;

`cp -a /home/$u/public_html /home/$u/wpback\`date +%d%m%y\``;

`cp -rpf /home/$u/wp_int/* /home/$u/public_html/`;

`rm -fR /home/$u/wp_int`;

$x = `lynx -dump http://$host/~$u/wp-admin/upgrade.php`;

if ($x =~ /Database Upgrade Required/isgm) {
 `lynx -dump http://$host/~$u/wp-admin/upgrade.php?step=1\&backto=`;
}

print "Updated $u\n";

posted by tycho at 4:21 AM

Monday, August 03, 2009

Mac OS X Firefox 3.5 intervals to 100% CPU about every 30 seconds

Yesterday suddenly my Firefox started to show the busy mouse pointer about every 30 seconds. Very annoying as it was completely unusable during about 5 seconds, and then 30 seconds later again etc.

I removed my Profile in ~/Library and checked if it was FF or something in my profile. Ofcourse it was something in my profile.

Checking my files I saw one file that looked 'odd' ; places.sqlite was rather huge (I do browser a lot), however sqlite can handle quite big databases. Anyway; I ran a

rm -f places*

and restarted FF. No more 100%. Fixed.

What is going on I don't know; it looks like FF is running some kind of really bad query on that sqlite every +/- 30 s which is messing up the whole thing.

posted by tycho at 7:37 AM

Tuesday, June 30, 2009

Checking/repairing all MySQL tables

Caution: on busy servers this will make a lot of load. Use only when you suspect/know tables are broken.


#!/usr/bin/perl

$mysql = "/var/lib/mysql";

@res = `cd $mysql; find .|grep MYD`;

foreach(@res) {
 chomp;
 /\.\/(.*?)\/(.*?).MYD/;
 $tab = $1.".".$2;
 print `mysql --execute='repair table $tab'`; 
}

posted by tycho at 1:18 AM

Friday, February 06, 2009

A simple, non bloated script for Amazon S3 backups (Linux, easy portable) - II - recurse to subdirs

To follow this, please read this post first.

We needed to backup our images from http://www.picturepush.com to S3 for our premium members so we were searching for a simple script to do that one time. As in my previous post; there is no such thing. Bloated, uninstallable shit is the only thing there is.

So I changed the code a bit and added; 


foreach($_SERVER["argv"] as $d) {
 recurse_copy($d, $d);
}
exit;

function recurse_copy($d, $org) {
 foreach(glob("$d/*") as $d1) {
  if ($d1=='..' || $d1=='.') continue;
  if (is_dir($d1)) {
   recurse_copy($d1, $org); 
  } else {
   // put on s3
   global $s3;
   global $bucket;
   $s3->putObjectFile($d1, $bucket, $d1);
   echo "Storing: ".$d1."\n";
  }
 }
}


below the last;


array_shift($_SERVER["argv"]);

posted by tycho at 3:44 AM

Saturday, January 03, 2009

A simple, non bloated script for Amazon S3 backups (Linux, easily portable)

While searching for scripts to backup files from Linux -> S3 (servers) I was surprised how difficult it was to find any nice, trim ones. There are huge java jars filled with crap to do it ofcourse;


dbserv01:~# ls -lah js3tream.jar 
-rw-r--r-- 1 root root 3.2M 2007-12-19 15:07 js3tream.jar


Come on. 3.2M... What does that include? Windows Vista?

Sure js3tream is actually nice software. Portable and it works. It's incredibly, mindbogglingly slow (but ofcourse, Java is not slow these days as many people tell me...) on my quad Xeon servers. But yeah, it has the features you would want. Except encryption of the files I upload; you arrange that in a different way please. Come to think of it; other features are missing as well.

There is S3Sync in Ruby which is actually nice and working well, but still too much hassle to get going as simple script. But no complaints about the speed or size of that.

Then there is some rsync thing in Python (I forgot the name and the HELLLLLLLLLLLLLLLLLL I went to to install it will not make me remember it any time soon).

So, as almost all things in life, if you want it done right, you just have to do it yourself. I don't find it pretty at all, but it weighs in, including comments, at 36 kbs, which is, by far the smallest possible script I could find for the purpose I needed.

I'm not counting rar or gpg as they are not included in the other ones either, but when counting them it wouldn't go over 1 mb.

Download http://undesigned.org.za/2007/10/22/amazon-s3-php-class

And install:

- rar (apt-get install rar)
- gpg (apt-get install gnupg)
- php (apt-get install php5-cli php5-curl)

Then edit the Amazon S3.php; put on top of it;


#!/usr/bin/php


if (sizeof($_SERVER["argv"])<4) {
 echo "Usage: ./s3backup bucket ident dir dir dir\n";
 exit;
}

$bucket = $_SERVER["argv"][1];
$ident = $_SERVER["argv"][2];

define('PHPARTIALS_FILE_AWS_S3_ACCESSKEY', '');
define('PHPARTIALS_FILE_AWS_S3_SECRETKEY', '');
define('PHPARTIALS_FILE_RAR_ENCRYPT', '');
define('PHPARTIALS_FILE_GPG_ENCRYPT', '');

$s3 = new S3(PHPARTIALS_FILE_AWS_S3_ACCESSKEY, PHPARTIALS_FILE_AWS_S3_SECRETKEY);

#print_r($s3->getBucket($bucket));exit;

$l = $s3->listBuckets(true);

if (!in_array($bucket, $l)) {
 $s3->putBucket($bucket, S3::ACL_PRIVATE);
}

$fn = $ident."-".strftime('%d%m%y%H%M').".rar";

array_shift($_SERVER["argv"]);
array_shift($_SERVER["argv"]);
array_shift($_SERVER["argv"]);

$f = implode(' ', $_SERVER["argv"]);

$cmd = "rar a -hp".PHPARTIALS_FILE_RAR_ENCRYPT." $fn $f";

echo `$cmd`;

$fn1=$fn.".enc";

$cmd = "gpg --batch --yes --trust-model always --encrypt --recipient '".PHPARTIALS_FILE_GPG_ENCRYPT."' -o $fn1 $fn";

echo `$cmd`;

$s3->putObjectFile($fn, $bucket, baseName($fn1));

print "Backup created!\nSize: ".filesize($fn1)." bytes\n";

unlink($fn);
unlink($fn1);

exit;
?>



Rename the S3.php to something like s3backup and chmod 700 s3backup to make it executable.

You put your 2 keys for Amazon S3 in the Amazon defines, a password for rarring in the RAR password define and the name of the user your public key is for on that system to GPG encrypt the rar.

To add a public key for GPG, just put your GPG Public key in a file, say /root/mypub.key and run;

gpg -a --import /root/mypub.key

And all will be fine.

posted by tycho at 9:01 AM