Security – Page 6

Directories with a large number of files

Once there was an interesting situation, in the same directory there were millions of files.
And some of them are necessary.

When you try to view the list of files, you will naturally get a stupor for a long time.
Alternatively, they can be viewed via FTP, which has 10,000 for the frequent standard limit on the number of displayed files, for example, the FileZilla FTP client conveniently moves files in directories, but this option is long, because time is spent on FTP requests, the load on the drive is low.

If the files are not needed, you can delete them with the command (with the confirmation request to delete)

rm -r /dir/

Or delete everything without a request along with the directory:

rm -rf /dir/

In my case, small files were unnecessary, so going to the right directory, deleted the command below with anything that is smaller than the specified size:

cd /dir/
find -size -2 -type f -print -delete

Before deleting, you can see the number of such files and the total number, but this is also a lengthy process:

find -maxdepth 1 -size -2 -type f -print | wc -l
find -maxdepth 1 -type f -print | wc -l

If, instead of -2, you specify 0, then files with zero size will be deleted, that is, empty.

If you need to sort the files by directories, go to the directory with files, create the necessary directories, for example, by dates and move the files by template (all whose names begin on 2017, -maxdepth 1 indicates that you do not need to search for files in subdirectories):

cd /dir/
mkdir 2017
find -maxdepth 1 -type f -name '2017*' -exec mv -vn -t /dir/2017 {} \+

The result of the execution can be written to the file by adding to the command “> file”, for example:

find -maxdepth 1 -type f -name '2017*' -exec mv -vn -t /dir/2017 {} \+ > /dir/dir/file.log

Shredding data with Shred

Shred – allows you to overwrite the specified file with random data in order to ensure, if necessary, the more difficult process of recovery or the impossibility of data recovery.
On some file systems, data deletion is not guaranteed and the use of shred may not be effective.

The list of possible arguments:
Help program:

--help
man shred

Continue reading “Shredding data with Shred”

Using wipe in Linux

wipe – utility for secure full erasing of information.

Install command in Linux Ubuntu/Debian:

sudo apt-get install wipe

I will describe some startup keys:
-f Disable confirmation requests.
-r Recursively Removes all subdirectories, symbolic links are not touched.
-c If the rights of the directory are read-only, then they will be changed to write.
-i Detailed information mode.
-s Quiet mode, most messages are not displayed.
-q Fast mode, directories are overwritten with random data 4 times.
-Q The number of rewrite cycles. Standard 4.
-a Stop execution on error.
-R Install a random device.
-l Specify the size of the device block, for example when using floppy disks, etc.
-D Follow symbolic links, they don’t get touched by default.
-v Displays the version of the program.
-h Display help.

Continue reading “Using wipe in Linux”

View and configure sharing of files and folders Windows from the command line

I will give an example of some commands for setting up sharing of resources.

View shared resources:

net share

Deleting a shared resource:

net share <sharename> /delete

Sharing a folder:

net share sharename=C:\dir

Example of disconnecting users from the share:

net session \\pc1 /delete

To close an open network file, use the command:

net file file_id /close

An example of granting user rights to a file (N – not set, W – write, C – change, F – full access):

cacls file.txt /G User:w

To cancel user access to a share:

cacls /R User

We allow up to 5 users to simultaneously connect to a shared resource:

net share sharename /users:5

Example of caching settings from a share (manual/BranchCache/documents/programs/none):

net share myshare /cache:manual

I want to note that when opening a share to a resource in the firewall, the following ports should be opened: TCP 139, TCP 445, UDP 137, UDP 138.

Installing and using the nbtscan network scanner

Install command in Linux Ubuntu/Debian:

sudo apt-get install nbtscan

The Windows version can be downloaded from http://www.unixwiz.net/tools/nbtscan.html

Network scan example:

nbtscan 192.168.1.0/24

I will describe the possible startup keys:
-O FILENAME (output information to file)
-v (more detailed information output)
-p (port indication)
-H (generate HTTP header)
-m (MAC address indication)
-n (do not convert names to DNS, display only IP)
-t NUMBER (response time in seconds, default 1)
-v (display version nbtscan)

Blocking third-party DHCP on Cisco via DHCP Snooping

On the test, I configure DHCP Snooping on the Cisco Catalyst 6509-E to block third-party DHCP servers, on the other Cisco switches, the configuration is basically the same.

After connecting to the device immediately go to the configuration mode:

enable
configure

Continue reading “Blocking third-party DHCP on Cisco via DHCP Snooping”

How to run MySQL server on specific IP

The appropriate solution I found for running MySQL server on specific IP addresses is to run it at all and then filter the connected clients through iptables.

For the test, I used Ubuntu Server 16.04.5 LTS, which had more than 200 external white IPs and was highly loaded.

Continue reading “How to run MySQL server on specific IP”

Configuring SSH session timeout

To configure the timeout for SSH sessions, let’s see where the SSH server configuration file is located:

sudo find / -name sshd_config

Open it in any text editor, for example nano:

sudo nano /etc/ssh/sshd_config

Continue reading “Configuring SSH session timeout”

How to disconnect SSH user

Let’s say that several users are connected through SSH.

First look at the list of online users:

Suppose the following information is displayed (where test is the user’s login):

USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
test     tty1                      11:20    1:07   0.03s  0.03s -bash
test     pts/0    192.168.1.5      11:21   13.00s  0.02s  0.02s -bash
test     pts/1    192.168.1.3      11:21    0.00s  0.02s  0.00s w

tty1 – it is a client logged in locally, that is, it is located near the computer.
pts/1 – judging for example on IP and WHAT, let’s assume that it’s us, accordingly pts/0 is the client of which we want to disconnect.

See the list of processes and their PID:

ps faux |grep sshd

At me it was displayed:

root       946  0.0  0.5  65508  5368 ?        Ss   12:00   0:00 /usr/sbin/sshd -D
root      1147  0.0  0.6  92828  6920 ?        Ss   12:01   0:00  \_ sshd: test [priv]
test      1178  0.0  0.3  92828  3384 ?        S    12:01   0:00  |   \_ sshd: test@pts/0
root      1192  0.0  0.6  92828  6592 ?        Ss   12:02   0:00  \_ sshd: test [priv]
test      1223  0.0  0.3  92828  3532 ?        S    12:02   0:00      \_ sshd: test@pts/1
test      1248  0.0  0.0  15468   956 pts/1    S+   12:25   0:00              \_ grep --color=auto sshd

We find test@pts/0 and accordingly 1178 is the required PID.

We terminate the process by specifying its ID, after which the user will immediately disconnect:

sudo kill -9 1178

Installing and using ClamAV antivirus

Clam AntiVirus — a package of antivirus software running on many operating systems.