Saturday, December 11, 2010

What's being done on your box

Process accounting allows you to view every command executed by a user including CPU and memory time. With process accounting sys admin always find out which command executed at what time :)

The psacct package contains several utilities for monitoring process activities, including ac, lastcomm, accton and sa.

  • The ac command displays statistics about how long users have been logged on.

  • The lastcomm command displays information about previous executed commands.

  • The accton command turns process accounting on or off.

  • The sa command summarizes information about previously executed commmands.

Use apt-get command if you are using Ubuntu / Debian Linux:

# apt-get install acct

By default service is started on Ubuntu / Debian Linux by creating /var/account/pacct file.

The ac command prints out a report of connect time in hours based on the logins/logouts. A total is also printed out. If you type ac without any argument it will display total connect time:

$ ac


total 95.08

Display totals for each day rather than just one big total at the end:

$ ac -d


Dec 1 total 8.65
Dec 2 total 5.70
Dec 3 total 13.43
Dec 4 total 6.24
Dec 09 total 3.42
Dec 10 total 4.55
Today total 0.52

Display time totals for each user in addition to the usual everything-lumped-into-one value:

$ ac -p


mina 87.49
root 7.63
total 95.11

Use lastcomm command which print out information about previously executed commands. You can search command using usernames, tty names, or by command names itself.

$ lastcomm vivek


userhelper S X mina pts/0 0.00 secs Fri Dex 10 23:58
userhelper S mina pts/0 0.00 secs Fri Dec 10 23:45
gcc mina pts/0 0.00 secs Fri Dec 10 23:45
which mina pts/0 0.00 secs Fri Dec 10 23:44
bash F mina pts/0 0.00 secs Fri Dec 10 23:44
ls mina pts/0 0.00 secs Fri Dec 10 23:43
rm mina pts/0 0.00 secs Fri Dec 10 23:43
vi mina pts/0 0.00 secs Fri Dec 10 23:43
ping S mina pts/0 0.00 secs Fri Dec 10 23:42
ping S mina pts/0 0.00 secs Fri Dec 10 23:42
ping S mina pts/0 0.00 secs Fri Dec 10 23:42
cat mina pts/0 0.00 secs Fri Dec 10 23:42
netstat mina pts/0 0.07 secs Fri Dec 10 23:42
su S mina pts/0 0.00 secs Fri Dec 10 23:38

For each entry the following information is printed. Take example of first output line where:

* userhelper is command name of the process
* S and X are flags, as recorded by the system accounting routines. Following is the meaning of each flag:
o S -- command executed by super-user
o F -- command executed after a fork but without a following exec
o D -- command terminated with the generation of a core file
o X -- command was terminated with the signal SIGTERM
* vivek the name of the user who ran the process
* prts/0 terminal name
* 0.00 secs - time the process exited

Search the accounting logs by command name:

$ lastcomm rm
$ lastcomm passwd


rm S root pts/0 0.00 secs Fri Dec 10 00:39
rm S root pts/0 0.00 secs Fri Dec 10 00:39
rm S root pts/0 0.00 secs Fri Dec 10 00:38
rm S root pts/0 0.00 secs Fri Dec 10 00:38
rm S root pts/0 0.00 secs Fri Dec 10 00:36
rm S root pts/0 0.00 secs Fri Dec 10 00:36
rm S root pts/0 0.00 secs Fri Dec 10 00:35
rm S root pts/0 0.00 secs Fri Dec 10 00:35
rm mina pts/0 0.00 secs Fri Dec 10 00:30
rm mina pts/1 0.00 secs Fri Dec 10 00:30
rm mina pts/1 0.00 secs Fri Dec 10 00:29
rm mina pts/1 0.00 secs Fri Dec 10 00:29

Use sa command to print summarizes information about previously executed commands. Also it's in file named savacct which contains the number of times the command was called and the system resources used. Also a per-user basis; into a file named usracct.

# sa


579 222.81re 0.16cp 7220k
4 0.36re 0.12cp 31156k up2date
8 0.02re 0.02cp 16976k rpmq
8 0.01re 0.01cp 2148k netstat
11 0.04re 0.00cp 8463k grep
18 100.71re 0.00cp 11111k ***other*
8 0.00re 0.00cp 14500k troff
5 12.32re 0.00cp 10696k smtpd
2 8.46re 0.00cp 13510k bash
8 9.52re 0.00cp 1018k less


* 0.36re "real time" in wall clock minutes
* 0.12cp sum of system and user time in cpu minutes
* 31156k cpu-time averaged core usage, in 1k units
* up2date command name

Display the number of processes and number of CPU minutes on a per-user basis

# sa -m

667 231.96re 0.17cp 7471k
root 544 51.61re 0.16cp 7174k
mina 103 17.43re 0.01cp 8228k
exim 18 162.92re 0.00cp 7529k
httpd 2 0.00re 0.00cp 48536k

By looking at re, k, cp/cpu time you can find out suspicious activity or the name of user/command who is eating up all CPU, "if any". An increase in CPU/memory usage (command) is indication of problem where intrusions can take place from both authorized (insiders) and unauthorized (outsiders) users.

Please note that above commands and packages also available on other UNIX like oses such as Sun Solaris and *BSD oses.

Saturday, October 16, 2010

SEO + Web Hosting

Get your Web Hosting account plus a SEO service, that's not all what you'll get, but more than that using the SEO service 'll let you understand how SEO works. No more time to find the best SEO software or tool , just Understand What/How to SEO

NOW If You want to get your website being easily found on Google, Yahoo!, Bing and Ask ?

Link more pages faster

Rank more pages higher

completely web based

For more Info Contact:
Cell: +2-012-33-76796

Friday, October 15, 2010

MagicJack & SkypeOUT from your Cell-phone

Do you know, heard or have magic jack
MagicJack is a device with a USB port that plugs into a computer and a phone jack that plugs into a standard phone, which allows the user to make phone calls to any phone in the U.S. and Canada for a fixed charge of $20 a year. The magicJack device was named after two dogs named Magic and Jack. ;)

If you own one and want to use your account from your cell phone , call and get calls to your magicJack U.S / Canada number on your cell

Also if you have a SkypeOUT account and want to use it from your cell-phone, contact us.

For more info or how to get it working on your cell

Call on :
cell : +2-012-3376796
cell2 : +1217-401-4080

Linux & SEO Services and consulting

-You want to get your website being easily found on Google, Yahoo!, Bing and Ask ?
Link more pages faster
Rank more pages higher
completely web based

-Want to ask or planing to start your business based on open source or want to know more about open-source and linux ?
-We provide the following Linux-based Solutions:
Security Services
Red Hat High Availability
Red Hat Infrastructure Solutions

Solutions provided are based on market leading software packages or on Custom Software Development. Linux-Plus' broad based services include Consulting, Systems Integration, Implementation, Technical Services, Training, Maintenance and Support.

Also we provide Linux (LAMP/J) private courses

For more info call:

Call the U.S. and Canada For half pound

Using our service you'll be able to call US and Canada Landlines and cell phone for 1/2 pound per minute.

Many of you are pissed off with Skype's decision to no more offer FREE calls within US & Canada and have started looking out for alternatives.

We have something unique that many other alternatives doesn't offer. You can call anyone in US & Canada from anywhere in the world

From your Cell-Phone/Mobile

For more info call:

Wednesday, October 13, 2010

UnblockMe VPN

Why to use UnblockMe VPN?

-Protect your personal data from being stolen. Use VPN encryption!

-Unblock Skype, YouTube, VoIP and websites!

-Get your own public IP anywhere you are connected to the internet!

-Bypass restrictions. Enjoy your favorite services from anywhere!

-Enjoy BBC iPlayer and other online TVs when traveling outside UK!

-Purchase Unblock VPN for the best price on the internet!

As low as


Cell: +1-217-401-4080

Tuesday, October 12, 2010

Remote PBX Setup and Magic Jack SIP Retrieval

Remote Magic Jack SIP Retrieval

If you already own a Magic Jack and would like to use it with other SIP based solutions or client, I can help you remotely retrieve the information off the Magic Jack.



Cell: +1-217-401-4080

Currently this is for windows users only and requires a high speed internet connection.

Also I can provide you with a fully functional Asterisk and FreePBX remote install on any Ubuntu redhat or centos Linux VPS.



Cell: +1-217-401-4080

Monday, March 22, 2010

" Mobinil 3G USB modem H4(|{ " , With (Debian - lenny) linux ; How to configure the prepayed Mobinil Sim in their ZTE MF626 USB 3G modem

I first installed the modeswitch debian (sarge)_ package ... which didn't work with debian lenny. The following steps shows how to correctly set it up:

# Insert the modem.
# Wait until the modem automounts in your Desktop.
# Eject the modem and wait a few seconds until it's available to connect and switched to modem mode(as it's first recognized as a SCSI device).

Open a Terminal and type:

eject /media/ZTEMODEM

Wait 15-20 seconds so the modem can switch from Storage to Modem mode.


ls /dev/ttyUSB*

If it is recognized, proceed.

---Now it's time to sniff the used configuration.----

#Using a (USB-sinffer) while modem is connecting to my provider we got the required data in log file.

#Then i had to unhex | grep the contents (unhex.c is a small c code to convert hex to string):

grep '^[0-9a-f]\+:' log.txt |sed -e 's/.*://'|unhex |tr '\r' '\n'|grep -av '^$'

#Below the output

"" AT
OK AT&F&D2&C1S0=0
OK ATS7=60S30=0

#Then i created a file in /etc/chatscripts/ called mobinil (or whatever you like), this how i tell pppd (point to point protocol daemon) to dial the ISP's modem and go through any logon sequence required.

#Now Create a new file /etc/ppp/peers/provider containing:

/dev/ttyUSB2 115200
lcp-echo-interval 20
lcp-echo-failure 3
connect '/usr/sbin/chat -v -f /etc/chatscripts/mobinil'
maxfail 3
holdoff 10

This is a file that contains characteristics of the remote peer peer-name. Typical characteristics include the remote peer's phone number and chat script for negotiating the link with the peer.

#That's it, now from a terminal type: pon

I hope this may some how helped you and welcome if you have any further questions.

The ZTE-MF626 from mobinil is locked, here's attached some AT commands which check lock type:

check net-/SIMlock

answer: ,

0 Initializing the encryption (Insignificant SEC_ITEMS)
1 Network Lock error. (Insignificant SEC_ITEMS)
2 Network Locked
3 Unlocked or correct MCC/MNC

0 No action
1 Network lock
2 (U)SIM card lock
3 Network Lock and (U)SIM card Lock

Unlock residual time 0-5


Monday, February 22, 2010

Tin Hat: High security Portable Linux

Tin Hat is a Linux distribution derived from hardened Gentoo which aims to provide a very secure, stable and fast Desktop environment that lives purely in RAM.

Tin Hat boots from CD, or optionally a pen drive, but it is not a LiveCD. It does not mount any file system from CD via unionfs or otherwise. Rather, Tin Hat is a massive image (approx. 2.3GB) which loads into tmpfs upon booting.

One pays the prices of long boot times (5 minutes off CD, 2 minutes off pen drives), but the advantage afterwords is that there are no delays going back to the CD when starting applications.

Tin Hat aims towards the ideal of guaranteeing zero information loss should the attacker physically acquire the box - either the adversary is faced with no file system to even begin cracking, or if any non-ephemeral memory is found, the adversary should not be able to tell if he is looking at encrypted data or random noise. Of course, achieving this ideal is impossible, or at least highly improbable, but it is nonetheless something one can strive towards. Tin Hat is a baby step in that direction.