expoloit-db.com contact many 0 day vlunerability and security related papers.
Systemd Journal
Systemd have its own loggin system called Systemd Journal. It keep track of logs for each service.
To see log for a service, run
|
1 |
journalctl -u SERVICE_NAME |
Example
|
1 2 3 4 5 |
root@ocp-serverok-in:~# journalctl -u myapp -- Logs begin at Wed 2020-05-27 06:43:34 UTC, end at Fri 2020-06-26 09:33:19 UTC. -- Jun 26 08:53:59 ocp-serverok-in systemd[1]: Started Sample web server. Jun 26 08:53:59 ocp-serverok-in cat[36147]: Starting web server root@ocp-serverok-in:~# |
Start an application using systemd
systemd is used to start applications on linux systems.
In this post, we will create an application and run start it on boot using systemd.
Lets create our sample application.
|
1 2 |
mkdir /root/myapp/ vi /root/myapp/web.sh |
Add following content to the file and save.
|
1 2 3 4 5 6 |
#!/bin/bash echo "Starting web server" | systemd-cat -p info cd /root/myapp python3 -m http.server 80 |
You can start the application by running
|
1 |
bash /root/myapp/web.sh |
on terminal, this will run a simple web server on port 80. If you already have a web server running on port 80, change the port to another.
To stop web server, type CTRL+C.
Create Systemd service file
To manage this application using systemd, we need to create a service file.
|
1 |
vi /etc/systemd/system/myapp.service |
Add
|
1 2 3 4 5 6 7 8 9 |
[Unit] Description=Sample web server [Service] Type=simple ExecStart=/bin/bash /root/myapp/web.sh [Install] WantedBy=multi-user.target |
Managing Systemd service
First you need to enable the service with
|
1 |
systemctl enable myapp |
To start the service, run
|
1 |
systemctl start myapp |
To stop the service, run
|
1 |
systemctl stop myapp |
To see status of the service, run
|
1 |
systemctl status myapp |
Application Performance Monitor (APM)
Application Performance Monitor (APM) is used to monitor application performance. This help you identify problems with your application. If you are developing an application, this is very helpful as you can see changes in application performance during a software upgrade, this allow you to identify perofrmance issues related to changes in your application.
Here are some useful sites that provide Application Performance Monitoring solutions.
serverpilot
serverpilot is a SAAS hosting control panel for web servers.
It use nginx as proxy with apache web server as backend. Services used by serverpilot are
|
1 2 3 4 5 6 |
systemctl status nginx-sp systemctl status apache-sp systemctl status mysql systemctl status php7.1-fpm-sp systemctl status php7.2-fpm-sp systemctl status php7.3-fpm-sp |
Config file locations
|
1 2 |
/etc/nginx-sp/ /etc/apache-sp/ |
Web site specific configuratoons stored in vhosts.d folder inside apache/nginx config folders.
Apache installed at
|
1 2 |
/opt/sp/apache/bin/apachectl start /opt/sp/apache/bin/apachectl configtest |
sysdig
sysdig is a tool like top, but more powerful, it is a combination of tools like htop, iftop, lsof.
To install sysdig on ubuntu, run
|
1 |
apt-get install sysdig |
To see files using top IO, run
|
1 |
sysdig -c topfiles_bytes |
To access top like GU, run
|
1 |
csysdig |
Monitor OpenLiteSpeed with monit
To monitor OpenLiteSpeed with monit on Ubuntu Server, create file
|
1 |
vi /etc/monit/conf-enabled/openlitespeed |
Add following content
|
1 2 3 |
check process OpenLiteSpeed with pidfile /tmp/lshttpd/lshttpd.pid start program = "/usr/bin/systemctl start lshttpd" stop program = "/usr/bin/systemctl stop lshttpd" |
Reload monit with
|
1 |
monit reload |
Now monit will monitor OpenLiteSpeed, restart if required. You can check status with
|
1 |
monit status |
If you want to monitor if web server is responding to request, you can use
|
1 2 3 4 |
check process OpenLiteSpeed with pidfile /tmp/lshttpd/lshttpd.pid start program = "/usr/bin/systemctl start lshttpd" stop program = "/usr/bin/systemctl stop lshttpd" if failed host localhost port 80 protocol http then restart |
inotifywait
inotifywait monitor changes in Linux file system. It can be used to track file changes.
Here is inotifywait command used by bitninja to detect uploaded files.
|
1 |
/bin/inotifywait --daemon --recursive --outfile /var/log/bitninja/inotify/inotify.log --fromfile /var/lib/bitninja/monitor.txt --exclude (^/var/cache/buagent/md0.cache.data$|\.MYD$|\.MYI$|\.MAD$|\.MAI$|\.yara$|^/tmp/lshttpd/*\.sock*|^/tmp/lshttpd/\.rtreport\.*|^/var/tmp/clamav-.*|^/tmp/clamav-.*|^/var/lib/bitninja|^/var/log/bitninja|^/var/cache/awstats|^/usr/local/maldetect/quarantine|\.sock$|\.log$|^.*_log$|^.*_log\.processed$|^.*_ssl_log\.webstat$|^/home/accesslog|^/home/virtfs|^/home/cagefs-skeleton/|^/usr/share/cagefs-skeleton/|^/home/.*?/mail/|^/home/cpeasyapache/src/) --timefmt %F %T --format %w%f %e %T --monitor --event create,move,modify |
redis commander
redis-commander is a GUI for redis. To install, run
|
1 2 |
npm install -g redis-commander redis-commander |