Scratchpad for : xxv

Awesome tools for sysadmin tasks:
logcheck
Pretty noisy by default, but I've been working on a quieter version of logcheck which some of the more common-to-disabled things disabled
duplicity
easy, incremental, encrypted backups
mailman
for communicating to your users by way of their external email addresses
denyhosts
block ssh scanners
libpam-cracklib
prevent your users from setting stupid passwords. As Linux's weaknesses come from getting user-level access to a machine, it's generally a good idea to prevent attackers from getting in to start.
dmidecode
Dumps tons of useful information about a machine's hardware including things like used slots, model numbers, and system capabilities.
Some tips for verifying the integrity of a Debian filesystem tree:
  • check file md5sums against known-good package md5sums

    debsums -c -r /mnt/mountpath
  • find all un-owned executable files that are in the path

    find `echo $PATH|sed -e 's/:/ /g'` -type f -perm +ogu=x |xargs dpkg -S |sed -re 's/dpkg: (.*) not found\./\1/ p; d'
  • find all unowned binaries in the whole system

    find / -type f -executable -print0 |xargs -0 dpkg -S 2>&1 |sed -re 's/dpkg: (.*) not found\./\1/ p; d'
  • find all unowned binaries in the whole system, where /mnt is your FS's mountpoint

    find /mnt -type f -perm +ogu=x |sed -e 's/\/mnt//' |xargs dpkg --root=/mnt -S 2>&1 |sed -re 's/dpkg: (.*) not found\./\1/ p; d'
  • find all files and directories writable by www-data

    find / -user www-data -perm /u+w,g+w
  • fix all htaccess or php scripts, so they can't be written by a compromised www server.

    find / -name .htaccess -or -name \*.php -user www-data -print0 | xargs -0 chown root
  • find all files writable by www-data that are potentially unsafe

    find / -type f -user www-data -perm /u+w,g+w -print0 |xargs -0 file |grep -v -E '((GIF|JPEG|PNG) image data|CSS|ASCII English text|ASCII text|PDF document|HTML document text|ASCII mail text|Macromedia Flash data|Macromedia Flash Video)'