Linux Server & System Monitoring

There are many Linux Server and System Monitoring packages out there for the Linux Platform that will also monitor other OS and devices (hardware) – here is a short list:

Munin And Monit:
http://www.howtoforge.com/server_monitoring_monit_munin

GroundWork:
http://www.groundworkopensource.com/community/community-edition.html

Centreon:
http://www.centreon.com/

Nagios:
http://www.nagios.org

Zabbix:
http://www.zabbix.com

OpenNMS:
http://www.opennms.org/wiki/Main_Page
http://www.spiceworks.com/
http://www.alienvault.com/community.php?section=Home
http://www.aanval.com/
http://www.howtoforge.com/network-monitoring-appliance

Upgrade VMWare VC3.5 and ESXi 3.5 to vsphere 4 & ESXi4

References and detailed instructions at these links:

http://blogs.vmware.com/esxi/2009/06/upgrading-from-esxi-35-to-esxi-40.html
http://vmwaretips.com/presentations/vc4upgrade/
http://vmwaretips.com/wp/2009/06/07/upgrade-esxi-3x-to-40-video/
http://searchservervirtualization.techtarget.com/news/article/0,289142,sid94_gci1376405,00.html?track=NL-1429&ad;=738699&asrc;=EM_NLN_10266977&uid;=5050482

Unix Toolbox

Unix Toolbox http://cb.vu/unixtoolbox.xhtml is a collection of Unix/Linux/BSD commands and tasks which are useful for IT work or for advanced users. This is a practical guide with concise explanations, however the reader is supposed to know what s/he is doing.

You can download the PDF version which is a must have for any IT Pro on the road!

How to check if a website has been serving up malware

References and info at these sites:
http://seo.site-reference.com/how-to-check-if-a-website-has-been-serving-up-malware

Google safe browsing, enter the site name at the end:
http://google.com/safebrowsing/diagnostic?site=entersitename
http://google.com/safebrowsing/diagnostic?site=google.com

McAfee Site Advisor:
http://www.siteadvisor.com

Sucuri Site Check:
http://sitecheck.sucuri.net/scanner/

 

 

 

 

PowerShell script to delete files & folders

I needed a script to check the date of files and folders in a sub folder on a Windows server and could not find the right solution with a command or VB script, however a Powershell script did exactly what I needed.

I’m sure there is a VB script out there to do this, but I couldn’t really find one and I just don’t have the time or skills to create one – so this PS script works perfectly for my needs:
__________________________________________________________
$filelocation = “I:DataBUBackupVMs”
gci -path $filelocation -r | where-object {$_.PsIsContainer -eq “True”} |
?{$_.creationtime -lt (get-date).adddays(-7)} | %{del $_.fullname -r -force}
__________________________________________________________

The location of my folders and data is on a I: drive under the DataBU folder and anything older than 7 days will be deleted e.g. (get-date).adddays(-7). The -r will perform a recursive delete and the -force will ensure the data is deleted regardless of it’s access rights (assuming the script operator has enough permission).

IPTABLES Connection Tracker Feature

I needed to setup an internal FTP server on a Debian server, so I used VSFTPD which is an excellent FTP server – see http://vsftpd.beasts.org

Anyway, it didn’t work all that well for me because I had a custom IPTABLES script running and of course needed to allow for FTP traffic. After fixing that it worked but something was still not right.
What I needed was an IPTABLES Module called connection tracking for FTP or ip_conntrack_ftp

In my IPTABLES configuration I added the following:
#Modules
/sbin/modprobe ip_conntrack_ftp

The the actual rule with a helper:
iptables -A INPUT -m helper –helper ftp -j ACCEPT

On the VSFTPD configuration side of things I added the following:
pasv_enable=YES
pasv_min_port=9950
pasv_max_port=9960

Now it works like a gem!!

More info on IPTABLES Connection tracking:
http://www.cyberciti.biz/tips/how-do-i-use-iptables-connection-tracking-feature.html
http://www.sns.ias.edu/~jns/wp/2006/01/12/iptables-connection-tracking-ftp

Linux Rootkit Hunter and Unhide Utility (scanners)

Found this “Linux Rootkit Hunter” and gave it a go – works well enough and worth running on some systems.

Rootkit scanner is scanning tool to ensure you for about 99.9%* you’re clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like:

– MD5 hash compare
– Look for default files used by rootkits
– Wrong file permissions for binaries
– Look for suspected strings in LKM and KLD modules
– Look for hidden files
– Optional scan within plaintext and binary files

Rootkit Hunter is released as GPL licensed project and free for everyone to use.

See the website for more info and download:
http://www.rootkit.nl/projects/rootkit_hunter.html

This site runs through the install and operation:
http://linuxserverguide.wordpress.com/2009/09/06/rkhunter-installation

Linux Detecting / Checking Rootkits with Chkrootkit and rkhunter Software:
http://www.cyberciti.biz/faq/howto-check-linux-rootkist-with-detectors-software/

Unhide:

Unhide is a forensic tool to find hidden processes and TCP/UDP ports by rootkits / LKMs or by another hidden technique.
You can install it from most repos, with Debian/Ubuntu you can install with an apt-get install unhide

To use the tool:

sudo unhide-linux26 proc
sudo unhide-linux26 sys
sudo unhide-linux26 brute

It also has a TCP/UDP port scanner to check for hidden listening ports etc.

sudo unhide-tcp

More info see the developers website http://www.unhide-forensics.info