Pages

Friday, February 15, 2013

Special permissions on files and directories: SetUID, SetGID and Sticky bit.

Special Permissions

























Special permissions on files and directories: SetUID, SetGID and Sticky bit.
Special Permissionson a Fileon a Directory
SUID or Set User IDA program is executed with the file owner's permissions (rather than with the permissions of the user who executes it).Files created in the directory inherit its UID.
SGID or Set Group IDThe effective group of an executing program is the file owner group.Files created in the directory inherit its GID.
Sticky (bit)A program sticks in memory after execution.Any user can create files, but only the owner of a file can delete it.


































Permissions as output in columns 2 to 10 of
ls -l and their meaning.
PermissionsMeaning
--S------SUID is set, but user (owner) execute is not set.
--s------SUID and user execute are both set.
-----S---SGID is set, but group execute is not set.
-----s---SGID and group execute are both set.
--------TSticky bit is set, bot other execute is not set.
--------tSticky bit and other execute are both set.
Posted by at No comments:
Labels:

Thursday, February 14, 2013

Disabling Mod-Security for a single account

Disabling Mod-Security for a single account

To disable the mod_security for a particular account, just add the following in the users .htaccess file

SecFilterEngine Off

SecFilterScanPOST Off
Posted by at No comments:
Labels: ,

Wednesday, February 13, 2013

lsof--List all Open Files with lsof Command

1. List all Open Files with lsof Command

In the below example, it will show long listing of open files some of them are extracted for better understanding which displays the columns like Command, PID, USER, FD, TYPE etc.

# lsof

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
init 1 root cwd DIR 253,0 4096 2 /

Sections and it’s values are self-explanatory. However, we’ll review FD & TYPE columns more precisely.

FD – stands for File descriptor and may seen some of the values as:

cwd current working directory
rtd root directory
txt program text (code and data)
mem memory-mapped file

Also in FD column numbers like 1u is actual file descriptor and followed by u,r,w of it’s mode as:

r for read access.
w for write access.
u for read and write access.

TYPE – of files and it’s identification.

DIR – Directory
REG – Regular file
CHR – Character special file.
FIFO – First In First Out

2. List User Specific Opened Files

# lsof -u user

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 1838 user cwd DIR 253,0 4096 2 /
sshd 1838 user rtd DIR 253,0 4096 2 /

3. Find Processes running on Specific Port

To find out all the running process of specific port, just use the following command with option -i. The below example will list all running process of port 22.

# lsof -i TCP:22

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 1471 root 3u IPv4 12683 0t0 TCP *:ssh (LISTEN)
sshd 1471 root 4u IPv6 12685 0t0 TCP *:ssh (LISTEN)

4. List Only IPv4 & IPv6 Open Files

In below example shows only IPv4 and IPv6 network files open with separate commands.

# lsof -i 4

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
rpcbind 1203 rpc 6u IPv4 11326 0t0 UDP *:sunrpc
rpcbind 1203 rpc 7u IPv4 11330 0t0 UDP *:954

# lsof -i 6

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
rpcbind 1203 rpc 9u IPv6 11333 0t0 UDP *:sunrpc
rpcbind 1203 rpc 10u IPv6 11335 0t0 UDP *:954

5. List Open Files of TCP Port ranges 1-1024

To list all the running process of open files of TCP Port ranges from 1-1024.

# lsof -i TCP:1-1024

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
rpcbind 1203 rpc 11u IPv6 11336 0t0 TCP *:sunrpc (LISTEN)

6. Exclude User with ‘^’ Character

Here, we have excluded root user. You can exclude a particular user using ‘^’ with command as shown above.

# lsof -i -u^root

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
rpcbind 1203 rpc 6u IPv4 11326 0t0 UDP *:sunrpc
rpcbind 1203 rpc 7u IPv4 11330 0t0 UDP *:954
rpcbind 1203 rpc 8u IPv4 11331 0t0 TCP *:sunrpc (LISTEN)

7. Find Out who’s Looking What Files and Commands?

Below example shows user user is using command like ping and /etc directory .

# lsof -i -u user

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
bash 1839 user cwd DIR 253,0 12288 15 /etc
ping 2525 user cwd DIR 253,0 12288 15 /etc

8. List all Network Connections

The following command with option ‘-i’ shows the list of all network connections ‘LISTENING & ESTABLISHED’.

# lsof -i

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
rpcbind 1203 rpc 6u IPv4 11326 0t0 UDP *:sunrpc
rpcbind 1203 rpc 7u IPv4 11330 0t0 UDP *:954

9. Search by PID

The below example only shows whose PID is 1 [One].

# lsof -p 1

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
init 1 root cwd DIR 253,0 4096 2 /
init 1 root rtd DIR 253,0 4096 2 /

10. Kill all Activity of Particular User

Sometimes you may have to kill all the processes for a specific user. Below command will kills all the processes of user user.

# kill -9 `lsof -t -u user`
Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)