137
edits
Changes
From SME Server
Jump to navigationJump to search→Log: missing files log parsing
Line 280:
Line 280:
| grep -nsri server-manager.jpg /etc/e-smith/ || search the file server-manager.jpg in the path directory /etc/e-smith
| grep -nsri server-manager.jpg /etc/e-smith/ || search the file server-manager.jpg in the path directory /etc/e-smith
|-
|-
−| grep -P '^www|apache' /etc/group || search after patterns which start by www and/or apache in /etc/group
+| grep -P '^www |apache' /etc/group || search after patterns which start by www and/or apache in /etc/group
|-
|-
| tail -f /var/log/<LOGFILE> || realtime viewing of your log file
| tail -f /var/log/<LOGFILE> || realtime viewing of your log file
Line 551:
Line 551:
| yum remove <packagename> || removes packagename
| yum remove <packagename> || removes packagename
|-
|-
−| yum history package-info <packagename> || Shows the installation/removal history of a package and it's Transaction ID [http://yum.baseurl.org/wiki/YumHistory see more commands]
+| yum history package-info <packagename> || Shows the installation/removal history of a package and it's Transaction ID [http://yum.baseurl.org/wiki/YumHistory see more commands]
|-
|-
−| yum history undo <Transaction ID> || Removes all packages from a specific Transaction ID [http://yum.baseurl.org/wiki/YumHistory see more commands]
+| yum history undo <Transaction ID> || Removes all packages from a specific Transaction ID [http://yum.baseurl.org/wiki/YumHistory see more commands]
|-
|-
| yum list updates || list updates to any installed package
| yum list updates || list updates to any installed package
Line 616:
Line 616:
===namingContexts===
===namingContexts===
we can conduct a simple search of the naming context to see our directory information you can display 'dn' LDAP parameters, either by the [[SME_Server:Documentation:Administration_Manual:Chapter13#Directory|server-manager]] or by the command line :
we can conduct a simple search of the naming context to see our directory information you can display 'dn' LDAP parameters, either by the [[SME_Server:Documentation:Administration_Manual:Chapter13#Directory|server-manager]] or by the command line :
− ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts
+ ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts''
or you can do
or you can do
ldapsearch -x -h localhost -s base |grep 'dn'
ldapsearch -x -h localhost -s base |grep 'dn'
Line 637:
Line 637:
===Bind with a specific user on LDAP===
===Bind with a specific user on LDAP===
−Try to connect to ldap with credentials of a specific user and see the LDAP catalogue. Find the ''''dc'''' by the chapter [[Useful_Commands#namingContexts|above]]
+Try to connect to ldap with credentials of a specific user and see the LDAP catalogue. Find the '<nowiki/>'''dc'''' by the chapter [[Useful_Commands#namingContexts|above]]
Line 646:
Line 646:
===Check a specific user in LDAP catalogue===
===Check a specific user in LDAP catalogue===
−display informations on the user requested. Find the ''''dc'''' by the chapter [[Useful_Commands#namingContexts|above]]
+display informations on the user requested. Find the '<nowiki/>'''dc'''' by the chapter [[Useful_Commands#namingContexts|above]]
'''for sme9'''
'''for sme9'''
Line 685:
Line 685:
{{Note box| you have now a tool in your hand to parse logfile : [[Audit_Tools#logcheck]]. You should be aware that tool is here to help to find errors in the development side of the SME Server and thus you could have a lot of false positive}}
{{Note box| you have now a tool in your hand to parse logfile : [[Audit_Tools#logcheck]]. You should be aware that tool is here to help to find errors in the development side of the SME Server and thus you could have a lot of false positive}}
+=== '''Parse log for hack / phishing for missing files''' ===
+<syntaxhighlight lang="bash">
+EXTIP=`curl -s ifconfig.me/ip`
+grep "File does not exist" /var/log/httpd/error_log | sed -e 's#\: /#\n#' | grep "home" | sort -u | sed -e "s#$EXTIP#\<IP\>#g" > dict_err.txt
+# grep "File does not exist" /var/log/httpd/admin_error_log | sed -e 's#\: /#\n#' | grep "home" | sort -u | sed -e "s#$EXTIP#\<IP\>#g" > dict_admin_err.txt
+</syntaxhighlight>
* verbose output
* verbose output
Line 778:
Line 784:
mysql
mysql
create database '''databasename''';
create database '''databasename''';
− grant all privileges on '''databasename'''.* to '''username''' identified by ''''password'''';
+ grant all privileges on '''databasename'''.* to '''username''' identified by '<nowiki/>'''password'''';
flush privileges;
flush privileges;
exit
exit
Line 785:
Line 791:
mysql -e "create database '''databasename''';"
mysql -e "create database '''databasename''';"
− mysql -e "grant all privileges on '''databasename'''.* to '''username''' identified by ''''password'''';"
+ mysql -e "grant all privileges on '''databasename'''.* to '''username''' identified by '<nowiki/>'''password'''';"
mysql -e "flush privileges;"
mysql -e "flush privileges;"
Line 921:
Line 927:
−===Configure <b><u>PHP Basedir</u></B> Restriction per ibay===
+===Configure <b><u>PHP Basedir</u></b> Restriction per ibay===
db accounts setprop IBAYNAME PHPBaseDir DIR1:DIR2:DIRn
db accounts setprop IBAYNAME PHPBaseDir DIR1:DIR2:DIRn
Line 990:
Line 996:
To enable audit logging for an ibay named "fileshare":
To enable audit logging for an ibay named "fileshare":
<nowiki>db accounts setprop fileshare Audit enabled
<nowiki>db accounts setprop fileshare Audit enabled
−signal-event ibay-modify fileshare</nowiki>
+ signal-event ibay-modify fileshare</nowiki>
To enable audit logging for every ibay on your server:
To enable audit logging for every ibay on your server:
<nowiki>for ibay in $(db accounts show |grep \=ibay |cut -d= -f1); do db accounts setprop $ibay Audit enabled; done
<nowiki>for ibay in $(db accounts show |grep \=ibay |cut -d= -f1); do db accounts setprop $ibay Audit enabled; done
−signal-event ibay-modify</nowiki>
+ signal-event ibay-modify</nowiki>
The details of what gets logged are controlled by /etc/e-smith/templates/etc/smb.conf/ibays/10smbaudit
The details of what gets logged are controlled by /etc/e-smith/templates/etc/smb.conf/ibays/10smbaudit
Line 1,266:
Line 1,272:
https://localhost:9443/server-manager
https://localhost:9443/server-manager
−
