su USER -c 'your_command &'
Saturday, May 5, 2012
How to run a unix command as a USER on startup?
To run a unix command on startup you may use the command below (add it to the /etc/rc.local file):
How to make stable $PATH when using sudo command?
To make your sudo commands works with the $PATH of your logged-in user you just type the following command and then close all your terminals and login again:
echo "alias sudo='sudo env PATH=$PATH'" >> ~/.bashrc
Wednesday, January 25, 2012
securing memcache
Simply iptables rules can be added to secure memcached server from the out sources.
To make it run when system restarts just add it to the /etc/rc.local file./sbin/iptables -A INPUT -m tcp -p tcp -s 127.0.0.1 --dport 11221 -j ACCEPT/sbin/iptables -A INPUT -m tcp -p tcp -s CLIENT_IP_2 --dport 11221 -j ACCEPT/sbin/iptables -A INPUT -m tcp -p tcp -s CLIENT_IP_1 --dport 11221 -j ACCEPT/sbin/iptables -A INPUT -m tcp -p tcp --dport 11221 -j DROP
Sunday, October 16, 2011
Learn path and shell of current user on unix
To find the shell type of current user:
To find the paths of current user:
echo $SHELL
To find the paths of current user:
echo $PATH
Friday, July 9, 2010
Simple SH script to monitor basic connection counts on *nix systems
I wrote near a year ago a sh script to see my traffic information which can be used to see basic connection counts like unix connection count, tcp connection count, http inbound and outgoing request counts and ftp connection count, ssh connection count.
Save as mycons.sh then run the command
Save as mycons.sh then run the command
chmod +x mycons.shFor short access run
ln mycons.sh /bin/myconsSample usage after shortcut
mycons -hlHere is the code for mycons.sh: http://pastebin.com/dBpPMGeY
#HEADER SECTION STARTS
#------------------------------------------------------------------------
#This script is written by Mustafa TURAN (HOME http://mustafaturan.net/
#BLOG http://vpslife.blogspot.com/) to monitor some basic network actions
#and display some user specific information like hd usage...
#you are feel free to distribute re-use in any of your application
#without deleting HEADER section. Also, it licensed with CC 3.0
#Also see: http://creativecommons.org/licenses/by/3.0/
#-------------------------------------------------------------------------
#HEADER SECTION ENDS
#
# Function to print help
#
print_help()
{
echo "Usage: $0 -c -h -l -i";
echo "Where -c clear screen";
echo " -h shows hd usage size";
echo " -l count of connections";
echo " -i show ip list";
return
}
#
# Function to clear the screen
#
cls()
{
clear
return
}
#
# Function to show hd space
#
print_hdspace()
{
echo -n "Total Space Used: "
/usr/bin/du -hs /home/www-data/mustafat #write here your home path
echo "-------------------------------------------------------------------------"
return
}
#
# Function to connection counts
#
print_connection_count()
{
unix_connections=`/bin/netstat -an | grep unix | grep CONNECTED | wc -l` #unix connection count
tcp_connections=`/bin/netstat -an | grep ESTABLISHED | wc -l` #tcp connection count
ftp_connections=`/bin/netstat -an | grep :21\ | grep ESTABLISHED | wc -l` #fcp connection count
ssh_connections=`/bin/netstat -an | grep :22\ | grep ESTABLISHED | wc -l` #ssh connection count
http_connections=`/bin/netstat -an | grep :80\ | grep ESTABLISHED | wc -l` #http connection count
h_out_connections=`/bin/netstat -an | grep :80\ | grep ESTABLISHED | awk '{print $5}' | grep :80 | wc -l` #http requests count (downloading file from somewhere else)
h_in_connections=`/bin/netstat -an | grep :80\ | grep ESTABLISHED | awk '{print $4}' | grep :80 | wc -l` #http response count (someone display a web page from this server)
echo "CONNECTIONS"
echo "-------------------------------------------------------------------------"
echo -e "UNIX\tTCP\tFTP\tSSH\tHTTP\tH-Input\tH-Output"
echo -e "$unix_connections\t$tcp_connections\t$ftp_connections\t$ssh_connections\t$http_connections\t$h_in_connections\t$h_out_connections\n"
return
}
#
# Function to ip list http connections
#
print_iplist()
{
echo "List of ip addresses:"
echo "-------------------------------------------------------------------------"
/bin/netstat -an | grep :80 | grep ESTABLISHED | awk '{print $5}'
return
}
#
# Main procedure start here
#
# Check for sufficent args
#
if [ $# -eq 0 ] ; then
print_help
exit 1
fi
# Now parse command line arguments
#
while getopts chlik: opt
do
case "$opt" in
c) cls;;
h) print_hdspace;;
l) print_connection_count;;
i) print_iplist;;
\?) print_help; exit 1;;
esac
done
VNSTAT: Network Traffic Monitor for *nix Systems
Vnstat is a network stats software, an opensource project for *nix systems and can be downloaded from http://humdi.net/vnstat/. For more than a year I am using Vnstat and it works silently without using too much resources and gives required stats when it is needed.
In details, it is possible to see your network adapters' traffic data based on years, months, weeks, days, hours and even real time data flow rates, running vnstat at the background with a small system resource like 1mb ram.
/etc/init.d scripts for vnStat daemon
In details, it is possible to see your network adapters' traffic data based on years, months, weeks, days, hours and even real time data flow rates, running vnstat at the background with a small system resource like 1mb ram.
Setup
cd /usr/local/srcOK configuration fineshed, now it is time to setup startup script which can be downloaded from
wget http://humdi.net/vnstat/vnstat-1.10.tar.gz
tar zxvf vnstat-1.10.tar.gz
cd vnstat-1.10
make
make all
make install
vnstat -u -i eth0 #eth0 should be replaced by your network adapter
vi /etc/vnstat.conf #change eth0 in conf file with your network adapter
/etc/init.d scripts for vnStat daemon
- Debian / Ubuntu
- RedHat / Fedora / CentOS
- Arch (/etc/rc.d)
- openSUSE
vnstat --help # I think this will be enough :)
Friday, February 26, 2010
Anti-DDOS NGINX Server Configuration includes PHP config
Here is my NGINX configuration for DDOS Attacks to PHP and my lovely NGINX server:
nginx.conf
nginx.conf
user www-data www-data;virtualhost.conf
worker_processes 10;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log;
sendfile on;
#keepalive_timeout 0;
keepalive_timeout 5;
tcp_nodelay on;
gzip on;
limit_req_zone $binary_remote_addr zone=antiddosphp:10m rate=1r/s;
limit_req_zone $binary_remote_addr zone=antiddos:10m rate=10r/s;
include /etc/nginx/mustafat/*;
}
server {
root /home/www-data/vpswatch.com;
listen 80;
server_name vpswatch.com;
access_log off;
location / {
index index.php index.html index.htm;
limit_req zone=antiddos burst=10;
}
location ~ \.php$ {
fastcgi_pass unix:/tmp/php-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_read_timeout 1800;
fastcgi_param SERVER_NAME $http_host;
fastcgi_ignore_client_abort on;
limit_req zone=antiddosphp burst=2;
}
}
Subscribe to:
Posts (Atom)