Changes

From SME Server
Jump to navigationJump to search
478 bytes added ,  02:55, 5 August 2020
→‎Log: missing files log parsing
Line 280: Line 280:  
| grep -nsri server-manager.jpg  /etc/e-smith/ || search the file server-manager.jpg in the path directory /etc/e-smith
 
| grep -nsri server-manager.jpg  /etc/e-smith/ || search the file server-manager.jpg in the path directory /etc/e-smith
 
|-
 
|-
| grep -P '^www|apache' /etc/group || search after patterns which start by www and/or apache in /etc/group
+
| grep -P '^www |apache' /etc/group || search after patterns which start by www and/or apache in /etc/group
 
|-
 
|-
 
| tail -f /var/log/<LOGFILE> || realtime viewing of your log file
 
| tail -f /var/log/<LOGFILE> || realtime viewing of your log file
Line 551: Line 551:  
| yum remove <packagename> || removes packagename
 
| yum remove <packagename> || removes packagename
 
|-
 
|-
| yum history package-info <packagename> || Shows the installation/removal history of a package and it's Transaction ID [http://yum.baseurl.org/wiki/YumHistory see more commands]
+
| yum history package-info <packagename> || Shows the installation/removal history of a package and it's Transaction ID [http://yum.baseurl.org/wiki/YumHistory see more commands]
 
|-
 
|-
| yum history undo <Transaction ID> || Removes all packages from a specific Transaction ID [http://yum.baseurl.org/wiki/YumHistory see more commands]
+
| yum history undo <Transaction ID> || Removes all packages from a specific Transaction ID [http://yum.baseurl.org/wiki/YumHistory see more commands]
 
|-
 
|-
 
| yum list updates || list updates to any installed package
 
| yum list updates || list updates to any installed package
Line 616: Line 616:  
===namingContexts===
 
===namingContexts===
 
we can conduct a simple search of the naming context to see our directory information you can display 'dn' LDAP parameters, either by the [[SME_Server:Documentation:Administration_Manual:Chapter13#Directory|server-manager]] or by the command line :
 
we can conduct a simple search of the naming context to see our directory information you can display 'dn' LDAP parameters, either by the [[SME_Server:Documentation:Administration_Manual:Chapter13#Directory|server-manager]] or by the command line :
  ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts
+
  ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts''
 
or you can do
 
or you can do
 
  ldapsearch -x -h localhost -s base |grep 'dn'
 
  ldapsearch -x -h localhost -s base |grep 'dn'
Line 637: Line 637:     
===Bind with a specific user on LDAP===
 
===Bind with a specific user on LDAP===
Try to connect to ldap with credentials of a specific user and see the LDAP catalogue. Find the ''''dc'''' by the chapter [[Useful_Commands#namingContexts|above]]
+
Try to connect to ldap with credentials of a specific user and see the LDAP catalogue. Find the '<nowiki/>'''dc'''' by the chapter [[Useful_Commands#namingContexts|above]]
      Line 646: Line 646:     
===Check a specific  user in LDAP catalogue===
 
===Check a specific  user in LDAP catalogue===
display informations on the user requested. Find the ''''dc'''' by the chapter [[Useful_Commands#namingContexts|above]]
+
display informations on the user requested. Find the '<nowiki/>'''dc'''' by the chapter [[Useful_Commands#namingContexts|above]]
    
'''for sme9'''
 
'''for sme9'''
Line 685: Line 685:  
{{Note box| you have now a tool in your hand to parse logfile : [[Audit_Tools#logcheck]]. You should be aware that tool is here to help to find errors in the development side of the SME Server and thus you could have a lot of false positive}}
 
{{Note box| you have now a tool in your hand to parse logfile : [[Audit_Tools#logcheck]]. You should be aware that tool is here to help to find errors in the development side of the SME Server and thus you could have a lot of false positive}}
    +
=== '''Parse log for hack / phishing for missing files''' ===
 +
<syntaxhighlight lang="bash">
 +
EXTIP=`curl -s ifconfig.me/ip`
 +
grep "File does not exist" /var/log/httpd/error_log | sed -e 's#\: /#\n#' | grep "home" | sort -u | sed -e "s#$EXTIP#\<IP\>#g" > dict_err.txt
 +
# grep "File does not exist" /var/log/httpd/admin_error_log | sed -e 's#\: /#\n#' | grep "home" | sort -u | sed -e "s#$EXTIP#\<IP\>#g" > dict_admin_err.txt
 +
</syntaxhighlight>
 
* verbose output
 
* verbose output
   Line 778: Line 784:  
  mysql
 
  mysql
 
  create database '''databasename''';
 
  create database '''databasename''';
  grant all privileges on '''databasename'''.* to '''username''' identified by ''''password'''';
+
  grant all privileges on '''databasename'''.* to '''username''' identified by '<nowiki/>'''password'''';
 
  flush privileges;
 
  flush privileges;
 
  exit
 
  exit
Line 785: Line 791:     
  mysql -e "create database '''databasename''';"
 
  mysql -e "create database '''databasename''';"
  mysql -e "grant all privileges on '''databasename'''.* to '''username''' identified by ''''password'''';"
+
  mysql -e "grant all privileges on '''databasename'''.* to '''username''' identified by '<nowiki/>'''password'''';"
 
  mysql -e "flush privileges;"
 
  mysql -e "flush privileges;"
   Line 921: Line 927:       −
===Configure <b><u>PHP Basedir</u></B> Restriction per ibay===
+
===Configure <b><u>PHP Basedir</u></b> Restriction per ibay===
    
  db accounts setprop IBAYNAME PHPBaseDir DIR1:DIR2:DIRn
 
  db accounts setprop IBAYNAME PHPBaseDir DIR1:DIR2:DIRn
Line 990: Line 996:  
To enable audit logging for an ibay named "fileshare":
 
To enable audit logging for an ibay named "fileshare":
 
  <nowiki>db accounts setprop fileshare Audit enabled
 
  <nowiki>db accounts setprop fileshare Audit enabled
signal-event ibay-modify fileshare</nowiki>
+
signal-event ibay-modify fileshare</nowiki>
    
To enable audit logging for every ibay on your server:
 
To enable audit logging for every ibay on your server:
 
  <nowiki>for ibay in $(db accounts show |grep \=ibay |cut -d= -f1); do db accounts setprop $ibay Audit enabled; done
 
  <nowiki>for ibay in $(db accounts show |grep \=ibay |cut -d= -f1); do db accounts setprop $ibay Audit enabled; done
signal-event ibay-modify</nowiki>
+
signal-event ibay-modify</nowiki>
    
The details of what gets logged are controlled by /etc/e-smith/templates/etc/smb.conf/ibays/10smbaudit
 
The details of what gets logged are controlled by /etc/e-smith/templates/etc/smb.conf/ibays/10smbaudit
Line 1,266: Line 1,272:     
  https://localhost:9443/server-manager
 
  https://localhost:9443/server-manager
       
137

edits

Navigation menu