To scan a folder, run
clamscan -r /path/to/folder/-r will scan sub folders too.
To Scan a Folder (Only Show Infected)
clamscan -ri /path/to/folder/To exclude a folder from search, use
clamscan -ri --exclude-dir="^/opt/zimbra/store" /opt/zimbra/See clamav
clamav is a free open source antivirus. To install clamav on Ubuntu/Debian, run
apt install clamav -y
To update ClamAV virus definitions, run
freshclam
To scan a folder for virus/malware, see Scan a folder with clamscan
To allow SSH login as user root, edit file
vi /etc/ssh/sshd_config
Find
PermitRootLogin no
Replace with
PermitRootLogin yes
restart sshd.
systemctl restart sshd
addgroup linux commanhd allow you to create a group.
addgroup [options] [--gid ID] group
Example
root@ok:~# addgroup sokadmin Adding group `sokadmin' (GID 1004) ... Done. root@ok:~#
Add a system group (normally group id below 500, run
addgroup --system [options] [--gid ID] group
When doing PCI COMPLIANCE scan got error related to SSH Diffie-Hellman Modulus <= 1024 Bits (Logjam).
To fix the error, run
cp /etc/ssh/moduli /etc/ssh/moduli.backup awk '$5 > 2000' /etc/ssh/moduli > /etc/ssh/moduli
Edit file
vi /etc/ssh/sshd_config
Add at end of the file
KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256
Restart sshd
systemctl restart sshd
locate command find files on a linux server.
To install locate, run
On CentOS
yum install mlocate
On Debian/Ubuntu
apt install mlocate
locate searches through a static index of files. This is rebuild daily using cronjob. You can manually update it by running
updatedb
ack is a tool like grep optimized for programmers.
ack show the matched files name only
On Debian/Ubuntu, you can install it with apt
apt install ack
To install from source, run
curl https://beyondgrep.com/ack-v3.0.2 > /usr/local/bin/ack && chmod 0755 /usr/local/bin/ack
For installing for just one user, run
curl https://beyondgrep.com/ack-v3.0.2 > ~/bin/ack && chmod 0755 ~/bin/ack
On RHEL/CentOS, you may need to install dependency
yum install perl-version
For the latest version, always check
https://beyondgrep.com/install/
See grep
Logging Linux Commands for all users
Monitor Apache site traffic with Apachetop
Find IP with Most Access from Apache Log
Apache LogFormat show full domain name
Display real time statistics with Logtop
Cpanel find recently logged in users
How to get list of User-Agent from access log
Find the most requested pages
awk '{print $7}' access_log.log | sort | uniq -c | sort -nr
awk '{print $7}' access_log.log | sort | uniq -c | sort -nr | head -n 10To view the most used User Agents
cat access_log.log | awk -F\" '{print $6}' | sort | uniq -c | sort -nr | head -n 10Check if wp-login or xmlrpc attack
grep "wp-login.php" /usr/local/apache/domlogs/*/* | awk '{print $1}' | sort | uniq -c | sort -rn | head -n 10
grep "xmlrpc.php" /usr/local/apache/domlogs/*/* | awk '{print $1}' | sort | uniq -c | sort -rn | head -n 10
cpanel nginx, find IPs with most request
awk '{print $8}' /var/log/cpanel-server-traffic/web/traffic-nginx.log | sort | uniq -c | sort -nr | head -n 10apachetop is a command line tool like top, that shows traffic on a web site. It used apache access log to show th stats. This will be useful to monitor a web sites traffic in real time.
cd /usr/local/src wget https://github.com/HostOnNet/apachetop/archive/master.zip unzip master.zip cd apachetop-master ./configure --with-logfile=/var/log/httpd/access_log make make install
If you need to set path to apache log file, configure with
./configure --with-logfile=/path/to/apache/log/file.log
yum install apachetop
apt install apachetop
apachetop -f /path/to/apache/log/file.log
Imunify360 is paid version of Imunify. It provides additional protection like Web Application Firewall, Real-time protection, and automated malware cleaning.
Update license
REG_KEY=XXXXX imunify360-agent registerIf you have IP based license, use
imunify360-agent registerEnable CMS Compromise Prevention
imunify360-agent config update '{"MOD_SEC": {"cms_account_compromise_prevention": true}}'Enable admin email and malware notifications
imunify360-agent config update '{"MALWARE_SCANNING": {"notify_on_detect": true}, "ADMIN_CONTACTS": {"emails": ["your@email.com"]}}'WebShield control panel protection
imunify360-agent config update '{"WEBSHIELD": {"panel_protection": true}}'Outbound connections unrestricted Enable outbound restrictions through Imunify360’s BLOCKED_PORTS:
imunify360-agent config update '{"BLOCKED_PORTS": {"default_mode": "denied"}}'On cloud servers, once you upgrade disk, you will need to resize the filesystem. On Linux ext4 file system, you can do this with command resize2fs.
To resize filesystem on /dev/sdb, run
root@leonestage:~# resize2fs /dev/sdb resize2fs 1.44.1 (24-Mar-2018) Filesystem at /dev/sdb is mounted on /mnt/HC_Volume_2899894; on-line resizing required old_desc_blocks = 2, new_desc_blocks = 3 The filesystem on /dev/sdb is now 10485760 (4k) blocks long. root@leonestage:~#
Here the full disk is used as file system with NO partition. If you have partion, you need to specify partition number like /dev/sdb1