What's being done on your box

Process accounting allows you to view every command executed by a user including CPU and memory time. With process accounting sys admin always find out which command executed at what time :)

The psacct package contains several utilities for monitoring process activities, including ac, lastcomm, accton and sa.

• The ac command displays statistics about how long users have been logged on.


• The lastcomm command displays information about previous executed commands.


• The accton command turns process accounting on or off.


• The sa command summarizes information about previously executed commmands.

Use apt-get command if you are using Ubuntu / Debian Linux:

# apt-get install acct

By default service is started on Ubuntu / Debian Linux by creating /var/account/pacct file.


The ac command prints out a report of connect time in hours based on the logins/logouts. A total is also printed out. If you type ac without any argument it will display total connect time:

$ ac

Output:

total       95.08

Display totals for each day rather than just one big total at the end:

$ ac -d

Output:

Dec  1  total        8.65
Dec  2  total        5.70
Dec  3  total       13.43
Dec  4  total        6.24
.....
..
...
Dec 09  total        3.42
Dec 10  total        4.55
Today   total        0.52

Display time totals for each user in addition to the usual everything-lumped-into-one value:

$ ac -p

Output:

        mina                             87.49
        root                              7.63
        total                            95.11

Use lastcomm command which print out information about previously executed commands. You can search command using usernames, tty names, or by command names itself.

$ lastcomm vivek

Output:

userhelper        S   X mina  pts/0      0.00 secs Fri Dex 10 23:58
userhelper        S     mina  pts/0      0.00 secs Fri Dec 10 23:45
gcc                     mina  pts/0      0.00 secs Fri Dec 10 23:45
which                   mina  pts/0      0.00 secs Fri Dec 10 23:44
bash               F    mina  pts/0      0.00 secs Fri Dec 10 23:44
ls                      mina  pts/0      0.00 secs Fri Dec 10 23:43
rm                      mina  pts/0      0.00 secs Fri Dec 10 23:43
vi                      mina  pts/0      0.00 secs Fri Dec 10 23:43
ping              S     mina  pts/0      0.00 secs Fri Dec 10 23:42
ping              S     mina  pts/0      0.00 secs Fri Dec 10 23:42
ping              S     mina  pts/0      0.00 secs Fri Dec 10 23:42
cat                     mina  pts/0      0.00 secs Fri Dec 10 23:42
netstat                 mina  pts/0      0.07 secs Fri Dec 10 23:42
su                S     mina  pts/0      0.00 secs Fri Dec 10 23:38

For each entry the following information is printed. Take example of first output line where:

* userhelper is command name of the process
* S and X are flags, as recorded by the system accounting routines. Following is the meaning of each flag:
o S -- command executed by super-user
o F -- command executed after a fork but without a following exec
o D -- command terminated with the generation of a core file
o X -- command was terminated with the signal SIGTERM
* vivek the name of the user who ran the process
* prts/0 terminal name
* 0.00 secs - time the process exited


Search the accounting logs by command name:

$ lastcomm rm
$ lastcomm passwd

Output:

rm                S     root     pts/0      0.00 secs Fri Dec 10 00:39
rm                S     root     pts/0      0.00 secs Fri Dec 10 00:39
rm                S     root     pts/0      0.00 secs Fri Dec 10 00:38
rm                S     root     pts/0      0.00 secs Fri Dec 10 00:38
rm                S     root     pts/0      0.00 secs Fri Dec 10 00:36
rm                S     root     pts/0      0.00 secs Fri Dec 10 00:36
rm                S     root     pts/0      0.00 secs Fri Dec 10 00:35
rm                S     root     pts/0      0.00 secs Fri Dec 10 00:35
rm                      mina     pts/0      0.00 secs Fri Dec 10 00:30
rm                      mina     pts/1      0.00 secs Fri Dec 10 00:30
rm                      mina     pts/1      0.00 secs Fri Dec 10 00:29
rm                      mina     pts/1      0.00 secs Fri Dec 10 00:29

Use sa command to print summarizes information about previously executed commands. Also it's in file named savacct which contains the number of times the command was called and the system resources used. Also a per-user basis; into a file named usracct.

# sa

Output:

     579     222.81re       0.16cp     7220k
       4       0.36re       0.12cp    31156k   up2date
       8       0.02re       0.02cp    16976k   rpmq
       8       0.01re       0.01cp     2148k   netstat
      11       0.04re       0.00cp     8463k   grep
      18     100.71re       0.00cp    11111k   ***other*
       8       0.00re       0.00cp    14500k   troff
       5      12.32re       0.00cp    10696k   smtpd
       2       8.46re       0.00cp    13510k   bash
       8       9.52re       0.00cp     1018k   less

Where,

* 0.36re "real time" in wall clock minutes
* 0.12cp sum of system and user time in cpu minutes
* 31156k cpu-time averaged core usage, in 1k units
* up2date command name


Display the number of processes and number of CPU minutes on a per-user basis

# sa -m

                                      667     231.96re       0.17cp     7471k
root                                  544      51.61re       0.16cp     7174k
mina                                  103      17.43re       0.01cp     8228k
exim                                   18     162.92re       0.00cp     7529k
httpd                                   2       0.00re       0.00cp    48536k

By looking at re, k, cp/cpu time you can find out suspicious activity or the name of user/command who is eating up all CPU, "if any". An increase in CPU/memory usage (command) is indication of problem where intrusions can take place from both authorized (insiders) and unauthorized (outsiders) users.




Please note that above commands and packages also available on other UNIX like oses such as Sun Solaris and *BSD oses.

SEO + Web Hosting

Get your Web Hosting account plus a SEO service, that's not all what you'll get, but more than that using the SEO service 'll let you understand how SEO works. No more time to find the best SEO software or tool , just Understand What/How to SEO

NOW If You want to get your website being easily found on Google, Yahoo!, Bing and Ask ?

Link more pages faster

Rank more pages higher

completely web based

For more Info Contact:
Cell: +2-012-33-76796

MagicJack & SkypeOUT from your Cell-phone

Do you know, heard or have magic jack
MagicJack is a device with a USB port that plugs into a computer and a phone jack that plugs into a standard phone, which allows the user to make phone calls to any phone in the U.S. and Canada for a fixed charge of $20 a year. The magicJack device was named after two dogs named Magic and Jack. ;)


If you own one and want to use your account from your cell phone , call and get calls to your magicJack U.S / Canada number on your cell

Also if you have a SkypeOUT account and want to use it from your cell-phone, contact us.

For more info or how to get it working on your cell

Call on :
cell : +2-012-3376796
cell2 : +1217-401-4080

Linux & SEO Services and consulting

-You want to get your website being easily found on Google, Yahoo!, Bing and Ask ?
Link more pages faster
Rank more pages higher
completely web based


-Want to ask or planing to start your business based on open source or want to know more about open-source and linux ?
-We provide the following Linux-based Solutions:
Security Services
Red Hat High Availability
Red Hat Infrastructure Solutions

Solutions provided are based on market leading software packages or on Custom Software Development. Linux-Plus' broad based services include Consulting, Systems Integration, Implementation, Technical Services, Training, Maintenance and Support.

Also we provide Linux (LAMP/J) private courses

For more info call:
012-33-76796
1217-401-4080

Call the U.S. and Canada For half pound

Using our service you'll be able to call US and Canada Landlines and cell phone for 1/2 pound per minute.


Many of you are pissed off with Skype's decision to no more offer FREE calls within US & Canada and have started looking out for alternatives.

We have something unique that many other alternatives doesn't offer. You can call anyone in US & Canada from anywhere in the world

From your Cell-Phone/Mobile

For more info call:
012-3376796
1217-401-4080

UnblockMe VPN

Why to use UnblockMe VPN?

-Protect your personal data from being stolen. Use VPN encryption!

-Unblock Skype, YouTube, VoIP and websites!

-Get your own public IP anywhere you are connected to the internet!

-Bypass restrictions. Enjoy your favorite services from anywhere!

-Enjoy BBC iPlayer and other online TVs when traveling outside UK!

-Purchase Unblock VPN for the best price on the internet!

As low as

$4

Contact:
Email:PG1pbmEucmFtc2VzQGdtYWlsLmNvbT4=
Cell: +1-217-401-4080

Remote PBX Setup and Magic Jack SIP Retrieval

Remote Magic Jack SIP Retrieval

If you already own a Magic Jack and would like to use it with other SIP based solutions or client, I can help you remotely retrieve the information off the Magic Jack.
for

$9.99

Email:PG1pbmEucmFtc2VzQGdtYWlsLmNvbT4=

Cell: +1-217-401-4080

Currently this is for windows users only and requires a high speed internet connection.


Also I can provide you with a fully functional Asterisk and FreePBX remote install on any Ubuntu redhat or centos Linux VPS.

for

$99.99

Email:PG1pbmEucmFtc2VzQGdtYWlsLmNvbT4=
Cell: +1-217-401-4080

" Mobinil 3G USB modem H4(|{ " , With (Debian - lenny) linux ; How to configure the prepayed Mobinil Sim in their ZTE MF626 USB 3G modem

I first installed the modeswitch debian (sarge)_ package ... which didn't work with debian lenny. The following steps shows how to correctly set it up:

# Insert the modem.
# Wait until the modem automounts in your Desktop.
# Eject the modem and wait a few seconds until it's available to connect and switched to modem mode(as it's first recognized as a SCSI device).

Open a Terminal and type:

eject /media/ZTEMODEM

Wait 15-20 seconds so the modem can switch from Storage to Modem mode.

--

ls /dev/ttyUSB*

If it is recognized, proceed.


---Now it's time to sniff the used configuration.----

#Using a (USB-sinffer) while modem is connecting to my provider we got the required data in log file.

#Then i had to unhex | grep the contents (unhex.c is a small c code to convert hex to string):

grep '^[0-9a-f]\+:' log.txt |sed -e 's/.*://'|unhex |tr '\r' '\n'|grep -av '^$'

#Below the output

ABORT BUSY
ABORT VOICE
ABORT "NO CARRIER"
ABORT "NO DIALTONE"
ABORT "NO DIAL TONE"
"" AT
OK ATV1
OK ATE0
OK AT&F&D2&C1S0=0
OK ATS7=60S30=0
OK ATS0=0
OK ATDT*99#
CONNECT ""

#Then i created a file in /etc/chatscripts/ called mobinil (or whatever you like), this how i tell pppd (point to point protocol daemon) to dial the ISP's modem and go through any logon sequence required.

#Now Create a new file /etc/ppp/peers/provider containing:

/dev/ttyUSB2 115200
debug
noipdefault
usepeerdns
defaultroute
hide-password
lcp-echo-interval 20
lcp-echo-failure 3
connect '/usr/sbin/chat -v -f /etc/chatscripts/mobinil'
noauth
noaccomp
default-asyncmap
maxfail 3
holdoff 10

This is a file that contains characteristics of the remote peer peer-name. Typical characteristics include the remote peer's phone number and chat script for negotiating the link with the peer.

#That's it, now from a terminal type: pon

I hope this may some how helped you and welcome if you have any further questions.

The ZTE-MF626 from mobinil is locked, here's attached some AT commands which check lock type:

check net-/SIMlock

AT+ZSEC?
answer: ,

< SEC_STATUE >:
0 Initializing the encryption (Insignificant SEC_ITEMS)
1 Network Lock error. (Insignificant SEC_ITEMS)
2 Network Locked
3 Unlocked or correct MCC/MNC

:
0 No action
1 Network lock
2 (U)SIM card lock
3 Network Lock and (U)SIM card Lock

Unlock
+ZNCK="unlock-code"
+ZNCK?
Unlock residual time 0-5

Weblinks:

http://www.zte.com.au/downloads/USB_Modem_Config_Procedure.pdf

Tin Hat: High security Portable Linux

Tin Hat is a Linux distribution derived from hardened Gentoo which aims to provide a very secure, stable and fast Desktop environment that lives purely in RAM.

Tin Hat boots from CD, or optionally a pen drive, but it is not a LiveCD. It does not mount any file system from CD via unionfs or otherwise. Rather, Tin Hat is a massive image (approx. 2.3GB) which loads into tmpfs upon booting.

One pays the prices of long boot times (5 minutes off CD, 2 minutes off pen drives), but the advantage afterwords is that there are no delays going back to the CD when starting applications.

Tin Hat aims towards the ideal of guaranteeing zero information loss should the attacker physically acquire the box - either the adversary is faced with no file system to even begin cracking, or if any non-ephemeral memory is found, the adversary should not be able to tell if he is looking at encrypted data or random noise. Of course, achieving this ideal is impossible, or at least highly improbable, but it is nonetheless something one can strive towards. Tin Hat is a baby step in that direction.