Backup and Restore permissions in Linux

You can use getfacl and setfacl to take a backup of permissions from a directory and then restore those permissions back if required at a later date.

The following directory of /perms contains these permissions:

/perms/
|-- [-rw-r--r--] permfile1.txt
|-- [-rw-r--r--] permfile2.txt
|-- [drwxr-xr-x] subperm1
| |-- [-rwxr-xr-x] permfile1.txt
| `-- [-rw-r--r--] permfile2.txt
`-- [drwxr-xr-x] subperm2
|-- [-rw-r--r--] permfile1.txt
`-- [-rwxr-xr-x] permfile2.txt

To Backup this directory and sub-directory permissions you can run:

# getfacl -R /perms > perms_bu

The contents of the perms_bu file will contain all the permission details for both directories and files. Should any file or directory permissions be changed or modified in the future, we can restore as show below with the perms_bu file

To restore the permissions:

# setfacl --restore=perms_bu

NOTE: When you restore the permissions be sure you are in the relevant path area e.g. for the above example run the restore from the root area /

Reference:
Linux Man pages or http://linux.die.net/man/1/getfacl

 

Rootcheck

Rootcheck is an open source command line tool that looks for indicators of compromise on Linux or BSD systems. It tries to find known backdoors, kernel-level rootkits, malware and insecure configuration settings. It is included as part of OSSEC, but can also be executed separately from here as needed. If you suspect your server has been compromised it will certainly help with your investigation.

Install and run details can be found here: http://dcid.me/rootcheck

Also read this blog post titled “Investigating a Compromised Server with Rootcheck

 

Colorize log files with ccze tool

This is CCZE, a fast log colorizer written in C, intended to be a
drop-in replacement for colorize (http://colorize.raszi.hu).

CCZE is a robust and modular log colorizer with plugins for apm, exim, fetchmail, httpd, postfix, procmail, squid, syslog, ulogd, vsftpd, xferlog, and more.

Installation:

# yum install ccze (Red Hat/CentOS)
# apt-get install ccze (Debian/Ubuntu)

Usage:

tail -f -n 50 /var/log/syslog | ccze

Output is really nice as shown here:

blog-cczetool

 

 

 

 

 

Reference:
https://github.com/cornet/ccze
http://freecode.com/projects/ccze/

 

Put /tmp on tmpfs

On Dustin Kirkland’s blog http://blog.dustinkirkland.com/2016/01/data-driven-analysis-tmp-on-tmpfs.html he wrote up a piece on running /tmp on tmpfs and I’m sold on it!

He writes:
– Put /tmp on tmpfs and you’ll improve your Linux system’s I/O, reduce your carbon foot print and electricity usage, stretch the battery life of your laptop, extend the longevity of your SSDs, and provide stronger security.
– In fact, we should do that by default on Ubuntu servers and cloud images.
– Having tested 502 physical and virtual servers in production at Canonical, 96.6% of them could immediately fit all of /tmp in half of the free memory available and 99.2% could fit all of /tmp in (free memory + free swap).

The benefits of /tmp on tmpfs are:

  • Performance: reads, writes, and seeks are insanely fast in a tmpfs; as fast as accessing RAM
  • Security: data leaks to disk are prevented (especially when swap is disabled), and since /tmp is its own mount point, we should add the nosuid and nodev options (and motivated sysadmins could add noexec, if they desire).
  • Energy efficiency: disk wake-ups are avoided
  • Reliability: fewer NAND writes to SSD disks

To enable it is a simple:

$ echo "tmpfs /tmp tmpfs rw,nosuid,nodev" | sudo tee -a /etc/fstab
$ sudo reboot

More info at the link above

Collecting Ubuntu Linux System Information

For new computer or Laptop or server, I need to collect the information about its hardware. This is also useful when you need to replace a disk or memory with a vendor. In order to replace hardware you need all information in advance.

Display the system’s host name:

$ hostname

Display the system’s DNS domain name:

$ dnshostname

 

Find the system serial number, manufacturer of the system and model name:

$ sudo dmidecode -s system-serial-number
$ sudo dmidecode -s system-manufacturer
$ sudo dmidecode -s system-product-name
$ sudo dmidecode | more

OR use the lshw command:

# lshw | more
$ sudo lshw -short

Display information about installed hardware

$ sudo lsdev

Find the system CPU info

$ cat /proc/cpuinfo

Find the system main memory (RAM) info. Show statistics about memory usage on the system including total installed and used RAM:

$ less /proc/meminfo

Find the Ubuntu Linux distribution version and related information:

$ lsb_release -a

Find the system kernel architecture (32 bit or 64 bit):

$ uname -m
$ getconf LONG_BIT
$ arch

Show all installed disks and size:

# fdisk -l | grep '^Disk /dev'

Display SCSI devices (or hosts) and their attributes on Linux:

$ lsscsi

Find the system PCI devices information:

$ lspci
$ lspci -vt
$ lspci | grep -i 'something'
$ lspci -vvvn| less

Find the system USB devices information:

$ lsusb
$ lsusb -vt

Find the system Wireless devices information:

$ iwconfig
$ watch -n 1 cat /proc/net/wireless
$ wavemon

Find the system audio devices information:

$ lspci | grep -i audio

Display the system drivers (modules):

$ sudo lsmod
$ sudo modinfo {driver_name}
$ sudo modinfo kvm

Display the list of running services:
### SYS V ###

$ sudo service --status-all

OR
## UPSTART ##

$ sudo initctl list

Find out if service is enabled:
## UPSTART ##

$ sudo initctl status service-name
$ sudo initctl status smbd

OR
## SYS V

$ sudo service serviceName status
$ sudo service nginx status

 

mtr utility

Traditionally the traceroute (print the route packets take to network host) and ping (send ICMP ECHO_REQUEST to network hosts) programs are used as diagnostic tool to solve and isolate networking errors. It may take some time to use both tools to diagnose network issues. However, you can use the mtr program instead of ping and traceroute. It is a network diagnostic tool and it is the combination of traceroute and ping programs (in terms of functionality) and works as a single network diagnostic tool.

Once mtr invoked it starts investigates the network connection between the hosts (workstation) mtr runs on and HOSTNAME by sending packets with purposely low TTLs (time to live). It will continue to send packets with low TTL, noting the response time of the intervening routers. This allows mtr to print the response percentage and response times of the internet route to HOSTNAME.

During this run if you notice a sudden increase in packet-loss or response time is an indication of overloaded link or a bad link.

Examples:

mtr -c 5 -r -w ausinfotech.net

http://www.cyberciti.biz/tips/finding-out-a-bad-or-simply-overloaded-network-link-with-linuxunix-oses.html

Test Internet connection speed with iperf in Linux

How do I test my Internet connection download speed from the console over the ssh session without using HTML5 or Adobe flash/Java applets based websites? How do I test my upload speed from the console?

You can use iperf utility for Linux – see https://iperf.fr/ iPerf3 is a tool for active measurements of the maximum achievable bandwidth on IP networks. It supports tuning of various parameters related to timing, buffers and protocols (TCP, UDP, SCTP with IPv4 and IPv6). For each test it reports the bandwidth, loss, and other parameters. This is a new implementation that shares no code with the original iPerf and also is not backwards compatible. iPerf was orginally developed by NLANR/DAST. iPerf3 is principally developed by ESnet / Lawrence Berkeley National Laboratory. It is released under a three-clause BSD license.

See tutorial at Nixcraft site http://www.cyberciti.biz/faq/linux-unix-test-internet-connection-download-upload-speed/