Major vulnerability in bash

Hello Guys,

I read some blogs and according to it bash susceptible to environment variables code injection attack.
I think we should update our bash with latest patch of bash available.
my old bash version for centos 6.5 is 
[root@centos-test ~]# rpm -q bash
bash-4.1.2-15.el6_4.x86_64
[root@centos-test ~]# env x='() { :;}; echo problem' bash -c /bin/true
problem
if you gets output as a problem that means your bash version needs to be updated with latest patch.

Then I updated it and now its
[root@centos-test ~]# rpm -q bash
bash-4.1.2-15.el6_5.1.x86_64
[root@centos-test ~]# env x='() { :;}; echo problem' bash -c /bin/true
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'

if you gets output as above that means your bash version is fine.

For more information read below blog.
http://www.linuxbsdos.com/2014/09/25/bash-susceptible-to-environment-variables-code-injection-attack/

PNP4Nagios installation and integration with Nagios @CIGNEX Datamatics

Hello guys,

I would like to share how to install PNP4Nagios and integrate with nagios to see graphs.
With nagios if you want to configure graphs for your any of the services you need performance data as part in output.

Performance Data: Plugins can return optional performance data in their output by sending the normal, human-readable text string that they usually would, followed by a pipe character (|), and then a string containing one or more performance data metrics. Let's take the check_ping plugin as an example and assume that it has been enhanced to return percent packet loss and average round trip time as performance data metrics. 

Sample output from the plugin might look like this:

PING ok - Packet loss = 0%, RTA = 0.80 ms | percent_packet_loss=0, rta=0.80

If you are new to performance data see below link for more information:
Performance Data

Installation and configuration of PNP4Nagios:

Step1: Install pnp4nagios and rrdtool-perl package

yum install pnp4nagios* rrdtool-perl

Step2: Change some parameters in nagios Configuration file 

Edit the performance data section of /usr/local/nagios/etc/nagios.cfg:

Enable performance data by adding following line
process_performance_data=1 

Define path where performance data files should be stored.
host_perfdata_file=/var/perfdatanagios/host-perfdata
service_perfdata_file=/var/perfdatanagios/service-perfdata

Create /var/perfdatanagios/ direcrtory and change permission.

mkdir /var/perfdatanagios/

chown nagios:apache /var/perfdatanagios/

chmod 775 /var/perfdatanagios 

Now add below performance data templates lines

host_perfdata_file_template=DATATYPE::HOSTPERFDATA\tTIMET::$TIMET$\tHOSTNAME::$HOSTNAME$\tHOSTPERFDATA::$HOSTPERFDATA$\tHOSTCHECKCOMMAND::$HOSTCHECKCOMMAND$\tHOSTSTATE::$HOSTSTATE$\tHOSTSTATETYPE::$HOSTSTATETYPE$\tHOSTOUTPUT::$HOSTOUTPUT$

service_perfdata_file_template=DATATYPE::SERVICEPERFDATA\tTIMET::$TIMET$\tHOSTNAME::$HOSTNAME$\tSERVICEDESC::$SERVICEDESC$\tSERVICEPERFDATA::$SERVICEPERFDATA$\tSERVICECHECKCOMMAND::$SERVICECHECKCOMMAND$\tHOSTSTATE::$HOSTSTATE$\tHOSTSTATETYPE::$HOSTSTATETYPE$\tSERVICESTATE::$SERVICESTATE$\tSERVICESTATETYPE::$SERVICESTATETYPE$\tSERVICEOUTPUT::$SERVICEOUTPUT$

Change below parameters
host_perfdata_file_mode=a 
service_perfdata_file_mode=a 

Change interval to process perfdata 
host_perfdata_file_processing_interval=15 
service_perfdata_file_processing_interval=15 

Add commands to check perfdata 
host_perfdata_file_processing_command=process-host-perfdata-file 
service_perfdata_file_processing_command=process-service-perfdata-file

Now create commands in commands.cfg file to process performance data as below:

define command {
        command_name    process-service-perfdata-file
        command_line    /usr/local/nagios/libexec/plugins/process_perfdata.pl --bulk=/var/perfdatanagios/service-perfdata
}
define command {
        command_name    process-host-perfdata-file
        command_line    /usr/local/nagios/libexec/plugins/process_perfdata.pl --bulk=/var/perfdatanagios/host-perfdata
}
Note: use your plugin directory path.

Download process_perfdata.pl
wget https://raw.github.com/willixix/WL-NagiosPlugins/master/graphing_templates/pnp4nagios/process_perfdata.pl

Change ownership and permissions as below.
chown nagios:nagios process_perfdata.pl
chmod +x  process_perfdata.pl

change conf array in process_perfdata.pl plugin according to your configuration in /etc/pnp4nagios/process_perfdata.cfg and /etc/pnp4nagios/config.php.

Change below parameters /etc/pnp4nagios/config.php

$conf['rrdtool'] = "/usr/bin/rrdtool";

$conf['rrdbase'] = "/var/perfdatanagios/";

$conf['page_dir'] = "/etc/pnp4nagios/pages/";

find below strings in process_perfdata.pl file and change its value according to your environment.

RRDPATH            => "/var/perfdatanagios/", 

RRA_CFG            => "/etc/pnp4nagios/rra.cfg",

STATS_DIR          => "/var/log/pnp4nagios/stats",

LOG_FILE           => "/var/log/pnp4nagios/perfdata.log",

ENCRYPTION         => 0,   

find below strings in process_perfdata.cfg file and change its value according to your environment.

RRDPATH = /var/perfdatanagios/ ## [ path of perfdata directory ]

RRA_CFG = /etc/pnp4nagios/rra.cfg ## [ path of rra.cfg file]

STATS_DIR = /var/log/pnp4nagios/stats ## [ create directory /var/log/pnp4nagios/stats ]

LOG_FILE = /var/log/pnp4nagios/pnp4nagios.log

Add below line 

ENCRYPTION=0

Move process_perfdata.pl plugin to you your plugin directory

mv process_perfdata.pl /usr/local/nagios/libexec/plugins/

Add below line in generic-host template in /etc/nagios/lconf/default-templates.cfg 
action_url /pnp4nagios/graph?host=$HOSTNAME$

Add below line in generic-service template in /etc/nagios/lconf/default-templates.cfg file
action_url /pnp4nagios/graph?host=$HOSTNAME$&srv=$SERVICEDESC$

Now Restart Nagios and Httpd service.

service nagios restart

service httpd restart

Now you can see new graph icon before service name in Nagios UI.

How to Ban SSH attackers ip

Most servers that allow SSH over known ports get hammered from time to time as they are reveled by scans or simple misconfiguration. 

The following how-to is stitched together from advice gleaned online.

	Count the number per day of failed SSH login attempts For Ubuntu: [Root@Box]#cat ./auth.log* | grep 'Failed password' | grep sshd | awk '{print $1,$2}' | sort | uniq -c [Root@Box]#grep "Failed" ./auth.log |awk '{print $NF}' | sort|uniq -c|sort -nr|head -n 25 For CentOS: [Root@Box]#cat ./secure* | grep 'Failed password' | grep sshd | awk '{print $1,$2}' | sort | uniq -c [Root@Box]#grep "Failed" ./secure |awk '{print $NF}' | sort|uniq -c|sort -nr|head -n 25
	Add rules to IPTABLES [Root@Box]#iptables -I INPUT -p tcp --dport <YOUR PORT HERE> -i eth0 -m state --state NEW -m recent --set [Root@Box]#iptables -I INPUT -p tcp --dport <YOUR PORT HERE> -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP The first line basically creates a rule that only applies to packets used for new connection attempts on the ssh port. The second line says that if there are more than 4 attempts from an IP within 60 seconds, then any traffic from that IP should be blackholed. This solution doesn't care whether or not the attempts on different user accounts.

Standalone Monitoring of Linux Server

I was surfing and suddenly I came across a software which can monitor on which we install it. I found it very useful for those guys who don't wants OR can't configure (Because of some access restrictions) Nagios kind of application for monitoring linux servers. It is like dashboard which can show you all useful information about your server. 

Advantage: If you can write some php code then you can add your own custom monitoring block.

I am going to demonstrate installation of linux-dash installation on centos-6.3.

You need below packages installed on that host.

httpd, mysql, mysql-server, php5, php5-json subversion

Also you have to add iptables rule to allow request on 80 port from outside of network.

Download code in to your webroot directory.

[root@monitoringhost html]# svn co https://github.com/afaqurk/linux-dash/trunk

[root@monitoringhost html]# mv trunk linux-dash

[root@monitoringhost html]# chown apache:apache linux-dash/ -R

Thats it.

Now you can browse url of your host in browser and can see host status any time.

You will see below screen in browser.

Per-filehandle Special Variables

Per-filehandle Special Variables
These variables never need to be mentioned in a local()because they always refer to some value pertaining to the currently selected output filehandle - each filehandle keeps its own set of values.
Variable	Contents	Mnemonic
$|	If set to nonzero, forces a flush after every write or print	When you want your pipes to be piping hot
$%	Current page number	% is page number in nroff
$=	Current page length	#NAME?
$-	Number of lines left on the page	lines_on_page - lines_printed
$~	Name of the current report format	Closely related to $^
$^	Name of the current top-of-page format	Points to top of page
Local Special Variables
These variables that are always local to the current block, so you never need to mention them in a local(). All of them are associated with the last successful pattern match.
Variable	Contents	Mnemonic
$1..$9	Contains the subpattern from the corresponding set of parentheses in the last pattern matched	like \1..\9
$&	Contains the string matched by the last pattern match	like & in some editors
$`	The string preceding whatever was matched by the last pattern match, not counting patterns matched in nested blocks that have been exited already.	` often precedes a quoted string in normal text
$'	The string following whatever was matched by the last pattern match, not counting patterns matched in nested blockes that have been exited already. For example:	' often follows a quoted string in normal text
	$_ = 'abcdefghi';
	/def/;
	print "$`:$&:$'\n";    # prints abc:def:ghi
$+	the last bracket matched by the last search pattern. This is useful if you don't know which of a set of alternative patterns matched. For example:	be positive and forward looking
	/Version: (.*)|Revision: (.*)/ && ($rev = $+);
Global Special Variables
There are quite a few variables that are global in the fullest sense -- they mean the same thing in every package. If you want a private copy of one of them, you must localize it in the current block.
Variable	Contents	Mnemonic
$_	The default input and pattern-searching space.	underline is understood to be underlying certain undertakings
$.	The current input line number of the last filehandle that was read. Rember that only an explicit close on the filehandle resets the line number.	many programs use . to mean the current line number
$/	The input record separator, newline by default. $/ may be set to a value longer than one character in order to match a multi-character delimiter. If $/ is undefined, no record separator is matched, and <FILEHANDLE>will read everything to the end of the current file.	/ is used to delimit line boundries when quoting poetry. Or, if you prefer, think of mad slashers cutting things to ribbons.
$\	The output record separator for the print operator.	You set $\ instead of adding \n at the end of the print.
$,	The output field separator for the print operator.	What is printed when there is a , in your printstatement
$"	This is similar to $, except that it applies to array values interpolated into a double-quoted string (or similar interpreted string). Default is space.	Obvious, I think
$#	The output format for numbers display via the printoperator	# is the number sign
$$	The process number of the Perl running this script	Same as shells
$?	The status returned by the last pipe close, backtick(``) command or system operator. Note that this is the status word returned by the wait() system call, so the exit value of the subprocess is actually ($? >>*). $? & 255 gives which signal, if any, the process died from, and whether there was a core dump.	Similar to sh and ksh
$*	Set to 1 to do multi-line matching within a string, 0 to tell Perl that it can assume that strings contain a single line, for the purpose of optimizing pattern matches. Default is 0	* matches multiple things
$0	Contains the name of the file containing the Perl script being executed. Depending on your OS, it may or may not include the full pathname.	Same as sh and ksh
$[	The index of the first element in an array, and of the first character in a substring.	[ begins subscripts
$]	The first part of the string printed out when you say perl -v. It can be used to determine at the beginning of a script whether the Perl interpreter executing the script is in the right range of versions. If used in a numeric context, $] returns version + patchlevel /1000.	Is this version of Perl in the "rightbracket"?
$;	The subscript separator for multi-dimensional array emulation. If you refer to an associative array element as:	Comma (the syntactic subscript separator) is a semi-semicolon. Yeah, it's pretty lame, but $, is already taken for something more important.
	$foo{$a,$b,$c}
	it really means:
	$foo{join($;, $a, $b, $c)}
	but don't put
	@foo{$a,$b,$c}
	which means
	($foo{$a},$foo{$b},$foo{$c})
$!	If used in a numeric context, yields the current value oferrno, with all the usual caveats. (This means that you shouldn't depend on the value of $! to be anything in particular unless you've gotten a specific error return indicating a system error.) If used in a string context, yields the corresponding sysem error string.	What just went bang?
$@	The Perl syntax error or routine error message from the last eval, do-FILE, or require command. If set, either the compilation failed, or the die function was executed within the code of the eval.	Where was the syntax error at?