Linux Debian 7.0 - ( )

  
Comandos da instalação da versão texto do servidors Linux Debian 7.0. 


Existem varias formas de configurar um servidor linux e cada um configura de acordo com 
sua necessidade etc... Considero os passoas a seguir essenciais para deixar um servidor 
"rodando com acesso remoto".
* Página melhor visualizada no " navegador Chrome "

Como funciona?

Keep it simple my friend and just follow the steps 

As configuracoes foram testadas na versao do Linux " Debian 7.0 ", entao para fins 
didaticos use esta versao. Got it? 

Este material serve para quem está querendo aprender " Linux Debian 7.0 ".

Dizem que não há uma receita de bolo (cookbook)  para configurar um servidor Linux, 
então pesquisei bastantes e digamos que há uma configuração que penso ser mais prati-
cada então procurei definir uma ordem ( uma configuração ). 
Com o passar to tempo, voce irá adquirir mais e mais experiencia e detalhes de configu-
rações serão melhoradas, o processo da da melhora continua... :)

Didaticamente sugiro seguir os passos como orientados nos exemplos para melhor 
compreensão e quando se tornarmais conhecedor, experimentarmaneiras ( configurações ) 
diferentes.

Linux – arquivos de configuração

O Linux é baseado em arquivos de configuração e “sempre” que um arquivo de configuração 
for alterado é necessário atualizá-lo – não esqueça desta regra básica.

Exemplo: 

Digamos que algo foi alterado o arquivo do ssh. Para que esta alteração seja reconheci-
da / aceita é necessário atualizar o processo.


--------------------------------------------------


===[ Como funciona o linux? ]===

O Linux é baseado em arquivos de configuração e “sempre” que um arquivo de configuração 
for alterado é necessário atualizá-lo – não esqueça desta regra básica.

Exemplo: 

Digamos que algo foi alterado o arquivo do ssh. Para que esta alteração seja reconheci-
da / aceita é necessário atualizar o processo. 
 
--------------------------------------------------

nano /etc/ssh/sshd_config 

faca sua alteração x ...

ctrl + x + y + enter ( salvar e sair do arquivo )

--------------------------------------------------


Reinicie o ssh.

/etc/init.d/ssh restart

Restarting OpenBSD Secure Shell server: sshd.



Outra maneira de reiniciar um serviço. Os 2 passos abaixo.

ps ax | grep ssh

1417?        Ss     0:00 /usr/sbin/sshd


Atualizando.

kill -HUP 1417


---------------------------------------------------------------------------------------


===[ Instalando x desinstalando ]===

O Linux funciona com arquivos de configuração.

Sempre que um arquivo de configuração for alterado, este tera que ser reiniciado para 
atualizar o processo.  

Veja exemplos abaixo:

--------------------------------------------------

Instalando aplicativo / pacote

apt-get installaplicativox


Sempre que oaplicativox for alterado este precisará ser reiniciado para atualizar o 
processo.

service aplicativox restart

--------------------------------------------------

Instalando pacotes do tipo .deb

dpkg -i aplicativox.deb

--------------------------------------------------

Se alguma biblioteca não for instalada podemos forçar a instalação.

apt-get -f install

--------------------------------------------------

Removendo aplicativo.

apt-get remove aplicativox

ou 

dpkg --purge aplicativox

ou 

Remover pacotes que podem ter problemas.

apt-get -f remove

--------------------------------------------------

Se precisar reconfigurar o pacote.

dpkg-reconfigure aplicativox

--------------------------------------------------

Verificar se há pendências na configuração dos pacotes.

dpkg --configure -a

--------------------------------------------------

Se precisar reconfigurar algum aplicativo já instalado / configurado.

dpkg-reconfigure phpmyadmin

dpkg-reconfigure postfix


---------------------------------------------------------------------------------------


===[ Pacote .deb ]===

O que é um pacote “.deb” ?

Para entender isso você terá que conhecer uma das mais antigas e estáveis distribuições 
Linux chamada Debian ( Por isso do DEB), o debian desenvolveu um sistema de empacotame-
nto de software para facilitar a instalação de programas no Linux, esse empacotamento 
ganho o nome de DEB, assim o arquivo neste formato  tem o nome "programa.deb".

Para instalar um pacote com o dpkg, precisamos ter o pacote.deb salvo em algum lugar da 
máquina. O parâmetro para instalar é simples, porém o dpkg NÃO resolve dependências, ou 
seja, caso o pacote que você está instalando dependa de outros, eu aconselho profunda-
mente a usar o apt-get para resolver tais dependências. 

Para remover um pacote no formato 'deb' removendo também todos os arquivos de configu-
ração relacionados ao pacote.

Exemplo:

dpkg -p nome_do_pacote 

ou

dpkg --purge nome_do_pacote

dpkg -p postfixadmin

--------------------------------------------------

dpkg --list | grep postfixadmin

ii  postfixadmin      2.3.3        Virtual mail hosting interface for Postfix

--------------------------------------------------

Lista pacotes instalados.

dpkg -l

ii  initscripts         2.88dsf-13.1+squeeze1 scripts for initializing and shutting down the 
ii  insserv             1.14.0-2              Tool to organize boot sequence LSB init.d script 
ii  install-info        4.13a.dfsg.1-6        Manage installed documentation in info format
ii  installation-report 2.44                  system installation report
ii  iproute             20100519-3            networking and traffic control tools
ii  iptables            1.4.8-3               administration tools for packet filtering and NAT
ii  iputils-ping        3:20100418-3   	      Tools to test the reachability of network hosts
ii  isc-dhcp-client     4.1.1-P1-15+squeeze8  ISC DHCP client
ii  isc-dhcp-common     4.1.1-P1-15+squeeze8  common files used by all the isc-dhcp* 

--------------------------------------------------

Exibe todos os pacotes instalados que contenham em seu nome a palavra postfix ( se 
estiver instalado )

dpkg -l | grep postfix

ii  postfix            2.7.1-1+squeeze1     High-performance mail transport agent
ii  postfix-doc        2.7.1-1+squeeze1     Documentation for Postfix
ii  postfix-mysql      2.7.1-1+squeeze1     MySQL map support for Postfix
ii  postfixadmin       2.3.3                Virtual mail hosting interface for Postfix

--------------------------------------------------

Para obter uma lista de pacotes instalados no sistema:

dpkg --get-selections

initscripts                                install
insserv                                    install
install-info                               install
installation-report                        install
iproute                                    install
iptables                                   install
iputils-ping                               install
isc-dhcp-client                            install
isc-dhcp-common                            install
isc-dhcp-server                            install
kbd                                        install
keyboard-configuration                     install
klibc-utils                                install
laptop-detect                              install
libacl1                                    install

--------------------------------------------------

dpkg -p      = nome_do_pacote 

dpkg --purge = nome_do_pacote

dpkg -i      = Instala pacotes 

dpkg -r      = Desinstala pacotes 

dpkg -l      = Lista pacotes instalados

dpkg -p      = Mostra informações sobre um pacote

 
---------------------------------------------------------------------------------------


Iniciando Instalação do Linux Debian 7 


===[ Cabos + modem ]===

Configurando modem e cabos de rede.

Atenção com os cabos... Fio telefônico está conectado no modem;

Do desktop um cabo de rede se conecta diretamente no modem para configura-lo no modo 
PPPoE com nosso login e senha da conta da DSL;

 
---------------------------------------------------------------------------------------


===[ Baixar imagem do debian 7 ]===

Baixe imagem do Linux Debian 7 ( vmware )

https://drive.google.com/file/d/0B1ImZQn6JknCT25vTjF4cEl0eUU/view?usp=sharing
 

---------------------------------------------------------------------------------------

Iniciando a instlalação


Boot deve ser feito pelo cd-rom com a imagem do Debian 7   :)

Atenção:

Cabo de rede já conectado no modem e outra ponta no placa de rede do servidor ( eth0 )


Language.............................: English ( enter )

Country, territory or area...........: United States ( enter )

Keymap to use........................: American English( enter )

Configure the network................: Continue  ( enter ) Continue ( enter )


Configure network....................: eth0: Realtek Semiconductor …( enter )

Primary network interface............: ( leia abaixo )

Para tornar a instalação mais prática conecte um cabo de rede no modem ou se estiver 
usando um switch e outra ponta na placa de rede deve ser conectado no servidor, se 
houver mais placas de rede todas serão listadas, selecionet eth0 ou eth1 e pressione 
( enter )   

eth1: Realtek Semiconductor Co., Ltd. RTL8169 PCI Gigabit Ethernet Controller
Se mostrar a mensagem, “Network autoconfiguration failed “, apenas pressione enterna 
opção Continuepara prosseguir, adiante configuraremos manualmente.

Pressione enterna opção Do not configure the network at this time


Hostname.............................: debian ( enter )

Domain name..........................:        ( enter )

Root password........................: 123    ( senha – enter )

Re-enter password to verify..........: 123    ( senha – enter )

Full name for the new user...........: jura   ( senha – enter )

Username for your account............: jura   ( enter )

Choose a password for the new user...: 123    ( digite a senha e enter )

Re-enter password to verify..........: 123    ( enter )

Select your time zone................: Eastern( enter )


Guided – use entire disk.............:         ( enter )

Vamos permitir que o Debian faça as particições de disco automaticamente para facilitar 
a nossa primeira instalação. Adiante veremos como fazer o particionamento de forma 
manual, assim você pode definir o tamanho das partições de acordo com a necessidade.


---------------------------------------------------------------------------------------


===[ Particionamento guiado ]===

O particionamento pode ser confuso ou complicado no início. Para facilitar as primeiras 
instalações sugiro deixar o particionamento por conta do Debian para ser mais fácil, 
logo adiante mostro o "particionamento manual".

No exemplo a seguir usaremos um HD de apenas 160 GB

Guided Partitioning ( enter )


Select disk to partition

SCI1 (0,0,0) (sda) – 160,0 GB ATA SAMSUNG HD160JJ ( enter )

Separate /home , /usr , /var and /tmp partitions  ( enter )


Abaixo estão as partições sugeridas pelo Debian:

--------------------------------------------------

#1    primary 394.2 MB  F  ext4    /

#5    logical   9.0 GB  F ext 3    /usr

#6    logical   3.0 GB  F ext 3    /var

#7    logical   3.8 GB  F ext 3    swap

#8    logical 398.5 GB  F ext 3    /tmp

#7    logical 143.5 TB  F ext 3    /home

--------------------------------------------------


Finish partitioning and write changes to disk....:  ( enter )

Write the changes to disks ?.....................:  ( enter 

Scan another CD or DVD ?.........................:  ( enter )

Use a network mirror ?...........................: 

Debian archive mirror country....................:   Brazil ( pressione b b b b b 
                                                              para pular até Brasil )

Debian archive mirror............................:   debian.pop-sc.rnp.br

HTTP proxy information...........................:   Continue( enter ) < Go Back > 

Participate in the package usage survey?.........:  ( enter )


Choose software to install:

[ * ] SSH Server
[ * ] Standard system utilities

Continue( enter )


Install the GRUB boot loader to the master boot record ? ...:  ( enter )


---------------------------------------------------------------------------------------


===[ particionamento manual ]===

"ou" -> caso prefira optar pelo " particionamento Manual ” 


Desta forma você definirá os tamanhos das partições de acordo com sua necessidade.

No exemplo abaixo estamos usando um HD de 2 TB

--------------------------------------------------

/      = 700 gb  

home   = 900 gb

var    = 370 gb

swap   =  30 gb

--------------------------------------------------

Partição /

Pressione enter em..........................: Pri/log 2.0 TB FREE SPACE 

How to use this free space..................: Create a new partition ( enter )

New partition siz...........................: 700 GB ( enter )– Primary ( enter ) 
                                                     ( acima: digite 700gb e pressione 
                                                       enter )

Location for the new partition..............: Beginning( enter )

Mount point.................................: /

Done setting up the partition...............: ( enter )


--------------------------------------------------

Partição - home

Pressione enter em...........................: Pri/log 1.3TB  FREE SPACE ( enter )

How to use this free space...................: Create a new partition ( enter )

New partition size...........................: 900 GB ( enter ) – Logical ( enter )

Location for the new partition...............: Beginning( enter )

Mount point..................................: /home

Done setting up the partition................: ( enter )


--------------------------------------------------

Partição - var

Pressione enter em...........................: Pri/log 400,4 GB   FREE SPACE ( enter )

How to use this free space...................: Create a new partition ( enter )

New partition siz............................: 370,4 GB ( enter )– Logical ( enter )

Location for the new partition...............: Beginning  ( enter )

Mount point..................................: /usr  ( enter e seleione a opção abaixo )

Mount point for this partition...............: /var – variable data  ( enter )

Done setting up the partition................: ( enter )

--------------------------------------------------

Partição - swap

Pressione enter em...........................: Pri/log 30 GB FREE SPACE ( enter )

How to use this free space...................: Create a new partition ( enter )

New partition size...........................: 30 GB ( enter ) – Logical ( enter )

Use as.......................................: Ext3 Journaling file  system( enter )
	
Clique em....................................: Swap area ( enter )

Done setting up the partition................: ( enter )


Finish partitioning and write changes to disk( enter )

Write the changes to disks..................: yes ( enter )


Debian arquive mirror country...............: Brasil( enter ) 

Pressione na letra “b” para buscar todos os países que começam com a letra B, para 
chegar escolher rapidamente Brasilpressione 3 ou 4 a letra “b”

Debian archive mirror.......................: debian.pop-sc.rnp.br( enter )

HTTP proxy information ( blank for nome )...: ( enter )

Configurating popularity-contest............: no ( enter )


Agora vamos selecionar apenas dois softwares para serem instalados da lista. Para 
selecionar um software ou cancelar, basta pressionar na barra de espaço.

Choose software to install: 

[ * ] SSH server
[ * ] Standard system utilities

Pressione enter em[ continue ]


Install the GRUB boot loader to the master boot record? Yes ( enter )

Instalação concluída e o cd-rom será ejetado, pressione enterem [continue]

Tempo deintalação do servidor Linux Debian 7 no modo textocom um ADSL de 1 mb-30 
minutos  :)

---------------------------------------------------------------------------------------

Informações sobre as partições 

Caso tenha dúvidas nos tamanhos das partições, então selecione a opção abaixo:


Partições /home, /usr, /var e /tmp separadas

Selecionando a opção acima não precisaremos nos preocuparmos com os tamanhos das parti-
ções do disco, pois o Debian definirá os nomes e tamanhos necessários. 

Lembrando que, para situações mais robustas deveremos ter mais atenção nos tamanhos.

--------------------------------------------------

Informação dos diretórios que o Linux cria:


Diretório		Conteúdo
	
/root 			Diretório HOME do Superusuário.

/home 			Diretório HOME dos usuários comuns.

/bin 			Comandos utilizados durante o boot e por usuários comuns.

/sbin 			Como os comandos do /bin só que não são utilizados pelos usuários 
			comuns.

/proc 			Sistema de arquivos virtual (na memória) com dados do Kernel.

/boot			Arquivos utilizados durante a inicicialização do sistema e o Kernel.

/dev 			Dispositivos (modem, mouse, teclado, etc..).

/etc 			Arquivos de configurações do sistema.

/etc/skel 		Padrão de arquivos para o diretório HOME de novos usuários.

/etc/sysconfig 		Arquivos de configuração do sistema para os dispositivos.

/mnt 			Local onde são montados discos e volumes temporários (disquete, 
			outros HDs, CD-ROM, etc..).

/tmp			Arquivos temporários do sistema utilizados antes da inicialização 
			do sistema ter sido concluída. 

/var			Contém arquivos que são modificados com o decorrer do uso do sistema 
              		(e-mail, temporários, filas de impressão, manuais).

/var/lib		Bibliotecas que mudam enquanto o sistema está rodando.

/var/local 		Arquivos variáveis de programas que estão rodando.

/var/lock 		Travas para indicar que um programa está utilizando um determinado 
			dispositivo.

/var/log		Arquivos de log do sistema (erros, logins, etc..)

/var/run		Arquivos importantes ao sistema úteis até o próximo boot 
			(atualizações de softwares e kernel).

/var/spool 		Diretório de filas de impressão, e-mail e outros.

/var/tmp		Arquivos temporários dos programas.

/lib			Bibliotecas compatilhadas necessárias pelos programas do sistema.

/lib/module		Modulos externos do kernel para dispositivos e funções.

/usr			Contém arquivos de todos os programas e bilbiotecas para o uso dos 
			usuários do Linux.

/usr/bin		Executáveis em geral.

/usr/sbin		Executávies de administração do sistema não necessários pelo kernel, 
              		como por exemplo servidores.

/usr/include		Arquivos para serem utilizados em linguagens de programação.

/usr/lib 		Bibliotecas dos executávies encontrados no /usr/bin

/usr/local		Arquivos de programas instalados localmente (apenas para alguns 
             		usuários).

/usr/man 		Manuais.

/usr/info 		Documentos de Informações.

/usr/X11R6		Arquivos do X Window System e seus aplicativos.

--------------------------------------------------

A lista de considerações importantes relacionadas com diretórios e partições. Note que 
a utilização do disco varia muito com a configuração do sistema e padrões de utilização 
específicos. As recomendaçõesaqui são linhas de orientação gerais e disponibilizam um 
ponto de partida para particionar.

--------------------------------------------------

Raíz ( / )

A partição raiz / tem de conter fisicamente sempre /etc, /bin, /sbin, /lib e /dev, 
caso contrário não lhe será possível arrancar. Tipicamente são necessários 150–250MB 
para a partição raiz. 

--------------------------------------------------

/swap

Ao invés de se usar um arquivo de troca (swap file), usa-se uma partição exclusiva para 
o swap. No momento da instalação (caso ainda não exista) criamos uma partição com o 
mesmo tamanho da nossa ram, e a formatamos como tipo de dados swap. Dessa forma, caso 
seja necessário usar o swap, ele será acessado numa velocidade superior à do “arquivo” 
de troca. 

--------------------------------------------------

/var

Dados variáveis tais como artigos de news , e-mails, web sites, bases de dados, cache 
do sistema de pacotes, etc. serão guardados sob este diretório. O tamanho deste 
diretório depende muito da utilização do seu sistema, mas para a maioria das pessoas 
irá ser ditado pelo espaço utilizado gestor de pacotes. Se vai fazer uma instalação 
completa com tudo aquilo que Debian tem para oferecer, numa só sessão, coloque de parte 
uns 2 ou 3 GB de espaço para /var que deverão ser suficientes. Se vai instalar por 
partes (isto é, instalar serviços e utilitários, seguidos de materiais de texto,  
depois o X, ...), poderá safar-se com 300–500 MB. Se o espaço no disco rígido está a 
prêmio e você não planeja fazer grandes atualizações ao sistema, poderá safar-se com 
uns 30 ou 40 MB. 

--------------------------------------------------

/home

Todos os usuários irão colocar os seus dados pessoais num sub-diretório deste diretório. 
O seu tamanho depende de quantos utilizadores irão utilizar o sistema e que ficheiros 
irão ser guardados nos seus diretórios. Dependendo da utilização planeada deverá 
reservar cerca de 100 MB para cada utilizador, mas adapte este valor ás suas necessida-
des. Reserve muito mais espaço se planeia guardar muitos ficheiros multimídia 
(fotografias, MP3, filmes) no seu diretório home. 

---------------------------------------------------------------------------------------


===[ Instalação do Linux Debian 7.0 no modo texto  ]===

Após concluir o particionamento do disco e reiniciado o servidor, vamos configurar o 
Linux Debian no modo TEXTO e o modem esta em modo Router. 

Modo Router:

O modem faz a autenticação para você, basta configurar o login e senha no próprio modem.
( na verdade esta configuração é  padrão em todos os modems )


A instalação no modo texto é mais rápida comparada com o modo gráfico.

O ssh foi instalado durante a instalação do debian.Lembrando que a configuração do 
modem está no modo router. 


Após conclusão da instalação do Linux, será mostrado a tela abaixo.

--------------------------------------------------

Debian GNU/Linux 7 debian tty1

debian login: root 

root@192.168.1.4's password: senha123 

Linux debian 3.2.0-4-amd64 #1 SMP Debian 3.2.46-1+deb7u1 x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Sat Sep 28 15:39:03 2013


Antes de iniciar a instalação do linux o cabo da rede já tínhamos conectado uma ponta 
do cabo no modem e a outro na placa de rede do servidor (eth0).

Note abaixo que o ip 192.168.1.4 foi atribuído automaticamente pelo debian.

--------------------------------------------------

ifconfig

eth0      Link encap:Ethernet  HWaddr 00:e0:7d:eb:fa:6d
          inet addr:192.168.1.4  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::2e0:7dff:feeb:fa6d/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:61 errors:0 dropped:0 overruns:0 frame:0
          TX packets:57 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:6932 (6.7 KiB)  TX bytes:8538 (8.3 KiB)
          Interrupt:19 Base address:0x8c00

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

--------------------------------------------------

"Se" a placa de rede "eth0" NÃO foi levantada com sucesso.

Se for mostrado algo parecido como no exemplo abaixo teremos que atribuir um ip via 
linha de commando.

Vamos usar o comando ifconfig para ver se a placa de rede foi levantada e o ip definido 
automaticamente na instalação do servidor. 

Poderá mostrar algo como ( apenas lo ):

--------------------------------------------------

ifconfig

lo      Link encap:Local Loopback
        inet addr:127.0.0.1  Mask:255.0.0.0
        inet6 addr: ::1/128 Scope:Host
        UP LOOPBACK RUNNING  MTU:16436  Metric:1
        RX packets:8 errors:0 dropped:0 overruns:0 frame:0
        TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
        collisions:0 txqueuelen:0
        RX bytes:560 (560.0 B)  TX bytes:560 (560.0 B)


Vamos mudar os ips e levantar a placa de rede no terminal. 

Digite os 3 comandos abaixo:

--------------------------------------------------

Levantando a placa de rede eth0.

ifconfig eth0 up 

--------------------------------------------------

O ip 192.168.1.13 será o ip do servidor na rede interna.

ifconfig eth0192.168.1.13 netmask 255.255.255.0 

--------------------------------------------------

Ip do modem / roteador 

route add default gw 192.168.1.1 
 
--------------------------------------------------


Visualizando a configuração da placa de rede com o comando ifconfig.


ifconfig

eth0      Link encap:Ethernet  HWaddr 00:e0:7d:eb:fa:6d
          inet addr:192.168.1.13 Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::2e0:7dff:feeb:fa6d/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:61 errors:0 dropped:0 overruns:0 frame:0
          TX packets:57 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:6932 (6.7 KiB)  TX bytes:8538 (8.3 KiB)
          Interrupt:19 Base address:0x8c00

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)


--------------------------------------------------


===[ Configurando ip ]===

Vamos usar o editor de texto padrão do Debian “nano” e ajustar o arquivo de interfaces como 
mostra abaixo. 

nano /etc/network/interfaces

auto lo
iface lo inet loopback
allow-hotplug eth0			
iface eth0 inet static
      address 192.168.1.13	
      netmask 255.255.255.0	
      network 192.168.1.0		
      broadcast 192.168.1.255
      gateway 192.168.1.1
      # 192.168.1.1 é o ip do modem Dlink
      dns-nameservers 8.8.8.8

ctrl + x + y + enter  ( salvar e sair do arquivo ) 

--------------------------------------------------

Caso o arquivo abaixo não existir, crie-o e defina o ip abaixo:


nano /etc/resolv.conf

nameserver 8.8.8.8

ctrl + x + y + enter 

--------------------------------------------------

Reiniciando as placas de rede - se este comando travar, reinicie :)

/etc/init.d/networking restart


Se o comando acima não atualizar as placas de rede... reinicie o sever.

shutdown –r now 

--------------------------------------------------

Vamos verificar a rota.

route –n  

Kernel IP routing table
Destination     Gateway       Genmask         Flags  Metric Ref    Use Iface
0.0.0.0         192.168.1.1   0.0.0.0         UG     0      0      0 eth0
192.168.1.0     0.0.0.0       255.255.255.0   U      0      0      0 eth0

--------------------------------------------------

Testando se há comunição externa.

ping terra.com.br

PING terra.com.br (200.154.56.80) 56(84) bytes of data.
64 bytes from www.terra.com.br (200.154.56.80): icmp_req=1 ttl=56 time=40.7 ms
64 bytes from www.terra.com.br (200.154.56.80): icmp_req=2 ttl=56 time=40.6 ms
64 bytes from www.terra.com.br (200.154.56.80): icmp_req=3 ttl=56 time=41.8 ms
64 bytes from www.terra.com.br (200.154.56.80): icmp_req=4 ttl=56 time=43.6 ms

--------------------------------------------------

Deixe o arquivo abaixo apenas com as linhas abaixo. 

As primeiras 3 linhas podem ser excluídas ( “#” e “deb cdrom” )


nano /etc/apt/sources.list

deb http://debian.pop-sc.rnp.br/debian/ wheezy main
deb-src http://debian.pop-sc.rnp.br/debian/ wheezy main

deb http://security.debian.org/ wheezy/updates main
deb-src http://security.debian.org/ wheezy/updates main

# wheezy-updates, previously known as 'volatile'
deb http://debian.pop-sc.rnp.br/debian/ wheezy-updates main
deb-src http://debian.pop-sc.rnp.br/debian/ wheezy-updates main

ctrl + x + y + enter  

--------------------------------------------------


Verificando como estão as partições do disco.

df –h

Filesystem                                              Size  Used Avail Use% Mounted on
rootfs                                                  323M  156M  151M  51% /
udev                                                     10M     0   10M   0% /dev
tmpfs                                                   176M  244K  176M   1% /run
/dev/disk/by-uuid/6503dee5-b510-41da-9116-77175e51a73e  323M  156M  151M  51% /
tmpfs                                                   5.0M     0  5.0M   0% /run/lock
tmpfs                                                   1.1G     0  1.1G   0% /run/shm
/dev/sda9                                               132G  188M  125G   1% /home
/dev/sda8                                               368M   11M  339M   3% /tmp
/dev/sda5                                               8.3G  478M  7.4G   6% /usr
/dev/sda6                                               2.8G  187M  2.5G   7% /var

--------------------------------------------------

Listando espaço ocupadopelos diretórios “var” e “etc”

du -sch /var

214M    /var
214M    total


du -sch /etc

3.9M    /etc
3.9M    total


---------------------------------------------------------------------------------------

Comandos que podem ser usados...

***( exemplos - opcional )

ifconfig   


ifconfig eth1 up   

ifconfig eth1 192.168.1.13 netmask 255.255.255.0   

route add default gw 192.168.1.1   



ifconfig eth0 up   

ifconfig eth0 down  
 

ifconfig eth1 up   

ifconfig eth1 down


Verificando arquivos de log.

tail -f /var/log/syslog  
 
tail -f /var/log/auth.log
 
---------------------------------------------------------------------------------------

Meu arquivo de interfaces que uso em 3 lugares diferentes. 

nano /etc/network/interfaces   

auto lo
iface lo inet loopback
allow-hotplug eth0 			
iface eth0 inet static

#---[ Home ]----------------------

#address 192.168.10.13      	
#netmask 255.255.255.0       	
#network 192.168.10.0		
#broadcast 192.168.10.255
#gateway 192.168.10.1
#dsn-nameservers 8.8.8.8

#---[ Office 1 ]------------------

#address 192.168.1.13
#netmask 255.255.255.0
#netwotk 192.168.1.0
#broadcast 192.168.1.255
#gateway 192.168.1.1
#dns-nameservers 8.8.8.8

#---[ Office 2 ]-----------------

address 192.168.2.113
netmask 255.255.255.0
network 192.168.2.0
broadcast 192.168.2.255
gateway 192.168.2.1
dns-nameservers 8.8.8.8

ctrl + x + y + enter  ( salvar e sair do arquivo )  

---------------------------------------------------------------------------------------

apt-get clean   

apt-get autoclean  

apt-get update  &&  apt-get upgrade   

---------------------------------------------------------------------------------------


===[ Boot ]===

Criando arquivo de boot.

nano /etc/init.d/rc.begin  
 
#!/bin/bash
clear
echo ''
echo ''
echo '==================================='
echo ''
echo ''

modprobe iptable_nat

echo 1 >/proc/sys/net/ipv4/ip_forward

echo 'IP forward ........... [ ok ] '

echo ''
echo ''
echo '==================================='
echo ''

ctrl + x + y + enter 

-----

chmod +x /etc/init.d/rc.begin    

update-rc.d rc.begin defaults   

ln -s /etc/init.d/rc.begin /etc/rc2.d/    

ls -la /etc/rc2.d/ | grep rc.begin    


---------------------------------------------------------------------------------------


===[ Ajustando a hora ]===

dpkg-reconfigure tzdata     ( pressione s s s s s enter )   
-------------------------------------------------
 |
 |
 +--->  [ Volta Index ] 
	
--------------------------------------------------


Comandos que podem ser usados para visualizar algumas informações.
   
    
ps aux   

ps aux | wc -l

service --status-all   

du -sch /var   

du -sch /etc   

cat /etc/passwd   

cat /etc/passwd | cut -d":" -f1   

cat /etc/passwd | cut -d":" -f1 | wc -l   


df -h | grep home   

df -h | grep var   


df -hT /home
Filesystem     Type  Size  Used Avail Use% Mounted on
/dev/sda5      ext4  202G  413M  192G   1% /home


df -Th | grep -v "fs" | sort

/dev/disk/by-uuid/e1d1eb36-f2ba-41cd-9165-dc051 ext4   101G  1.6G   95G   2% /
/dev/sda5                                       ext4   202G  413M  192G   1% /home
/dev/sda6                                       ext4   138G  1.3G  130G   1% /var
Filesystem                                      Type   Size  Used Avail Use% Mounted on


who -uH    

kill -9 2593   

who -uH

tail -f /var/log/syslog   

tail -f /var/log/auth.log   

passwd   

---------------------------------------------------------------------------------------


===[Ip fixo com no-ip ]===

Para acessarmos o servidor fora da rede precisaremos de um ip fixo e para isto usaremos 
o no-ip.org.


apt-get install g++    

apt-get install make   

mkdir instalacoes        

cd instalacoes/   

wget http://www.no-ip.com/client/linux/noip-duc-linux.tar.gz  

tar xvf noip-duc-linux.tar.gz   

cd noip-2.1.9-1/   

make && make install  

*** linux1.noip@gmail.com  senha123

whereis noip2   

/usr/local/bin/noip2&   

ps aux | grep noip2   

ssh localhost    

--------------------------------------------------
 
Ajustando o arquivo boot.

nano /etc/init.d/rc.begin   

#!/bin/bash
clear
echo ''
echo ''
echo '============================================='
echo ''
echo ''

/usr/local/bin/noip2&

echo 'Inicializando o servico ( noip2 ).... [ ok ] '

echo ''
echo ''

echo 1 >/proc/sys/net/ipv4/ip_forward

echo 'IP forward .......................... [ ok ] '

echo ''
echo ''
echo '============================================='
echo ''

ctrl + x + y + enter  

--------------------------------------------------

sh /etc/init.d/rc.begin   

ping debian70.no-ip.org   


ssh debian70.no-ip.org -p22   

--------------------------------------------------

Se precisar reconfigurar o no-ip.

cd instalacoes/noip-2.1.9-1/   

./noip2 -c CONFIG -C   


---------------------------------------------------------------------------------------


===[ Acesso externo ]===

Modem no modo router

Precisaremos liberar algumas portas no modem para acessarmos da rede externa. 


ssh    = Porta 22 ( acesso remoto ao nosso servidor )

Apache = Porta 8080

FTP    = Porta 50000 ( padrao 21 )

Webmin = Porta 1000

 



---------------------------------------------------------------------------------------

===[ essenciais  ]===

apt-get install bzip2    

apt-get install mc vim   

apt-get install gcc make g++   

apt-get install htop   

apt-get install bwm-ng    

apt-get install jed   

apt-get install lynx   

lynx http://www.terra.com.br   

apt-get install mutt   

apt-get remove make   

apt-get remove bzip2   


---------------------------------------------------------------------------------------

===[ ssh ]===

apt-get install ssh    

apt-get install openssh openssh-clients openssh-server   

nano /etc/ssh/sshd_config   

Port 22

ctrl + x + y + enter   


/etc/init.d/ssh restart   

netstat -tulpn | grep :22   

ssh -l root 192.168.1.13 -p22   

---------------------------------------------------------------------------------------

Caso queira desinstalar os desnecessarios.

===[ softwares desnecessarios ]===

Todo Administrador de Sistemas tem, ou deveria ter ciência de que um servidor deve 
executar somente os softwares necessários, eliminando assim riscos de segurança e 
ajudando a melhorar a performance.

Para que isso seja feito, precisamos antes verifcar quais serviços de rede estão habi-
litados e aceitando conexões ( portmap ). “Se” os serviços abaixo estiverem ativos 
poderemos removê-los.

# ps aux | grep rcpbind

root  5440  0.0  0.0   7836   848 pts/1    S+   10:45   0:00 grep rcpbind


Mostrando alguns comandos para listar a porta 111 

# lsof -P -i -n | cut -f 1 -d " " | uniq | tail -n +2

rpcbind
rpc.statd
sshd
exim4
sshd

--------------------------------------------------

# netstat -tap | grep LISTEN 
 
tcp        0      0 *:52589            *:*      LISTEN      1813/rpc.statd  
tcp        0      0 *:sunrpc           *:*      LISTEN      1782/rpcbind    
tcp        0      0 *:ssh              *:*      LISTEN      2468/sshd       
tcp        0      0 localhost:smtp     *:*      LISTEN      2495/exim4      
tcp6       0      0 [::]:sunrpc        [::]:*   LISTEN      1782/rpcbind    
tcp6       0      0 [::]:ssh           [::]:*   LISTEN      2468/sshd       
tcp6       0      0 localhost:smtp     [::]:*   LISTEN      2495/exim4      
tcp6       0      0 [::]:37721         [::]:*   LISTEN      1813/rpc.statd  


--------------------------------------------------

Removendo.

# apt-get remove --purge rpcbind

Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be REMOVED:
nfs-common* rpcbind*
0 upgraded, 0 newly installed, 2 to remove and 0 not upgraded.
After this operation, 812 kB disk space will be freed.
Do you want to continue [Y/n]? y
(Reading database ... 33610 files and directories currently installed.)
Removing nfs-common ...
[ ok ] Stopping NFS common utilities: idmapd statd.
Purging configuration files for nfs-common ...
insserv: warning: script 'K01rc.begin' missing LSB tags and overrides
insserv: warning: script 'rc.begin' missing LSB tags and overrides
dpkg-statoverride: warning: no override present
Removing rpcbind ...
[ ok ] Stopping rpcbind daemon....
Purging configuration files for rpcbind ...
insserv: warning: script 'K01rc.begin' missing LSB tags and overrides
insserv: warning: script 'rc.begin' missing LSB tags and overrides
Processing triggers for man-db ...


--------------------------------------------------

Não consta na mais na lista o “rpcbind”.

# netstat -tap | grep LISTEN  

tcp        0      0 *:ssh              *:*      LISTEN      2468/sshd       
tcp        0      0 localhost:smtp     *:*      LISTEN      2495/exim4      
tcp6       0      0 [::]:ssh           [::]:*   LISTEN      2468/sshd       
tcp6       0      0 localhost:smtp     [::]:*   LISTEN      2495/exim4      


Agora vamos remover o exim4 visto que adiante instalaremos o postfix.

# netstat -tap |grep LISTEN

tcp        0      0 *:ssh              *:*      LISTEN      2468/sshd       
tcp        0      0 localhost:smtp     *:*      LISTEN      2495/exim4      
tcp6       0      0 [::]:ssh           [::]:*   LISTEN      2468/sshd       
tcp6       0      0 localhost:smtp     [::]:*   LISTEN      2495/exim4      


# apt-get remove --purge exim4

Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
  libevent-2.0-5 libgssglue1 libnfsidmap2 libtirpc1
Use 'apt-get autoremove' to remove them.
The following packages will be REMOVED:
exim4*
0 upgraded, 0 newly installed, 1 to remove and 0 not upgraded.
After this operation, 45.1 kB disk space will be freed.
Do you want to continue [Y/n]? y
(Reading database ... 33539 files and directories currently installed.)
Removing exim4 ...
Purging configuration files for exim4 ...

--------------------------------------------------

# apt-get remove --purge exim4-base 

Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
  libevent-2.0-5 libgssglue1 libnfsidmap2 libtirpc1
Use 'apt-get autoremove' to remove them.
The following packages will be REMOVED:
bsd-mailx* exim4-base* exim4-daemon-light*
0 upgraded, 0 newly installed, 3 to remove and 0 not upgraded.
After this operation, 2,901 kB disk space will be freed.
Do you want to continue [Y/n]? y
(Reading database ... 33536 files and directories currently installed.)
Removing bsd-mailx ...
Purging configuration files for bsd-mailx ...
Removing exim4-daemon-light ...
[ ok ] Stopping MTA: exim4_listener.
Purging configuration files for exim4-daemon-light ...
Removing exim4-base ...
Purging configuration files for exim4-base ...
insserv: warning: script 'K01rc.begin' missing LSB tags and overrides
insserv: warning: script 'rc.begin' missing LSB tags and overrides
Processing triggers for man-db ...

--------------------------------------------------

# apt-get remove --purge exim4-config

Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
  libevent-2.0-5 libgssglue1 liblockfile1 libnfsidmap2 libtirpc1
Use 'apt-get autoremove' to remove them.
The following packages will be REMOVED:
exim4-config*
0 upgraded, 0 newly installed, 1 to remove and 0 not upgraded.
After this operation, 1,115 kB disk space will be freed.
Do you want to continue [Y/n]? y
(Reading database ... 33422 files and directories currently installed.)
Removing exim4-config ...
Purging configuration files for exim4-config ...
dpkg-statoverride: warning: no override present
Processing triggers for man-db ...

--------------------------------------------------

Exim4 removido com sucesso.

# netstat -tap |grep LISTEN 

tcp        0      0 *:ssh              *:*      LISTEN      2468/sshd       
tcp6       0      0 [::]:ssh           [::]:*   LISTEN      2468/sshd       

--------------------------------------------------

# netstat -nap | grep LISTEN  

tcp       0         0 0.0.0.0:22           0.0.0.0:*  LISTEN       2468/sshd       
tcp6      0         0 :::22                :::*       LISTEN       2468/sshd       
unix  2   [ ACC ]   SEQPACKET  LISTENING   4916       379/udevd    /run/udev/control
unix  2   [ ACC ]   STREAM     LISTENING   1702       2181/acpid   /var/run/acpid.socket

--------------------------------------------------

# netstat -planta

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address    Foreign Address     State       PID/Program name
tcp     0      0 0.0.0.0:22          0.0.0.0:*           LISTEN      2468/sshd       
tcp     0      0 192.168.1.13:22     192.168.1.18:49685  ESTABLISHED 2531/0          
tcp6    0      0 :::22               :::*                LISTEN      2468/sshd

--------------------------------------------------

ps aux | grep rcpbind   

lsof -P -i -n | cut -f 1 -d " " | uniq | tail -n +2   

netstat -tap | grep LISTEN  

apt-get remove --purge rpcbind   

netstat -tap | grep LISTEN  

netstat -tap |grep LISTEN   

apt-get remove --purge exim4   

apt-get remove --purge exim4-base   

apt-get remove --purge exim4-config   

netstat -tap | grep LISTEN   

netstat -nap | grep LISTEN  

netstat -planta

---------------------------------------------------------------------------------------

===[ Terminal - cores no shell  ]===

nano ~/.bashrc   

PS1='\[\033[01;33m\]\t \[\033[01;32m\]\u@\h [\033[01;34m\]\w \$ \[\033[00m\]'
#PS1='\[\e[0;32m\]\u\[\e[m\] \[\e[1;34m\]\w\[\e[m\] \[\e[1;32m\]\$\[\e[m\] \[\e[1;37m\]'
alias ls="ls --color=auto --time-style=long-iso"
alias grep='grep --color'
alias c=clear
alias x=startx
alias m=mutt
alias svi='sudo vim'
alias ci='vim'
alias reboot='sudo /sbin/reboot'
alias halt='sudo /sbin/halt'
alias lock="clear && vlock -c"
alias rd='cd "`pwd -P`"'
alias tp='trash-put'
alias root='sudo bash -l'
alias kernbuild='make -j3 && make modules_install && ls -ld ../linux && date'
alias bt='aria2c --max-upload-limit=10K --seed-time=60 --listen-port=8900-8909'
alias xevs="xev | grep 'keycode\|button'"
alias daggerfall='dosbox -conf ~/.dosbox.conf.daggerfall'
function s() { eix -Fc "$1"; }     
function sd() { eix -FsSc "$1"; }  
function se() { eix -F "^$1\$"; }  
function si() { eix -FIc "$1"; }   
function cifsmount() { sudo mount -t cifs -o username=${USER},uid=${UID},gid=${GROUPS} 
$1 $2; }
function cifsumount() { sudo umount $1; }
function randpass() {
    if [ "$2" == "0" ]; then
        cat /dev/urandom | tr -cd '[:alnum:]' | head -c ${1:-32}
    else
        cat /dev/urandom | tr -cd '[:graph:]' | head -c ${1:-32}
    fi
    echo
}
function o3() { unzip -p "$1" content.xml | o3totxt | utf8tolatin1; }
function li() { locate -i "$1" | grep -i --color "$1"; }  
function l() { locate "$1" | grep --color "$1"; }         
function eview() {
    FILE=$(equery which $1)
    if [ -f "$FILE" ]; then
        view $FILE
    fi
}
function echange() {
    PACKAGE="$(eix -e --only-names $1)"
    if [ "$PACKAGE" != "" ]; then
        view /usr/portage/$PACKAGE/ChangeLog
    fi
}
function i() {
    EXT=`echo "${1##*.}" | sed 's/\(.*\)/\L\1/'`
    if [ "$EXT" == "mp3" ]; then
        id3v2 -l "$1"
        echo
        mp3gain -s c "$1"
    elif [ "$EXT" == "flac" ]; then
        metaflac --list --block-type=STREAMINFO,VORBIS_COMMENT "$1"
    else
        echo "ERRO: Tipo de arquivo n?o suportado..."
    fi
}
function cn() { for i in *.mp3; do id3v2 --TXXX "Catalog Number":"$1" "$i"; done; }

ctrl + x + y + enter  ( salvar e sair do arquivo ) 

---------------------------------------------------------------------------------------

===[ Comandos  ]=== 

apt-get update && apt-get upgrade

apt-get update && apt-get upgrade


apt-get install htop

apt-get remove htop


apt-get   

apt-get remove --purge ssh    

apt-cache search --names-only ssh    

apt-cache stats     

apt-cache search ssh   

lsb_release -a


dpkg -p nome_do_pacote 

dpkg --purge nome_do_pacote

dpkg -i = Instala pacotes 

dpkg -r = Desinstala pacotes 

dpkg -l = Lista pacotes instalados

dpkg -p = Mostra informa--es sobre um pacote

dpkg -p postfixadmin            

dpkg --list | grep postfixadmin       

dpkg -l     

dpkg -l | grep postfix          

dpkg --get-selections           

dpkg-reconfigure phpmyadmin     

dpkg-reconfigure postfix         

dpkg --purge aplicativox     

apt-get -f remove     

dpkg-reconfigure aplicativox    

dpkg --configure -a     


mkdir instalacoes  

cd instalacoes  


kill -9 nmbd

ps ax | grep nmbd

tar -zxvf jurandir.tar.gz 

tar -jxvf jurandir.tar.bz2


Lista grupos

cat /etc/group


fdisk -l | grep -iE 'mb|gb|tb'

grep -v ^# /etc/ssh/sshd_config

find . -type f -print0 | xargs -0 du -h | sort -hr | head -20

find -type f -exec du -sh {} +  | sort -rh | head

ls -F $1 | grep \/ | sed -e 's/\/$/4/g'

du -sch /var

find / -type f -print0 | xargs -0 grep -Hn -C2 "noip2"

tail -f /var/log/syslog

tail -f /var/log/messages

adduser eric

deluser eric   

userdel -r eric

apt-get install proftpd	     

apt-get remove --purge proftpd	

apt-get clean

df -h | grep '^/dev/'

df -Ph | grep '^/dev/' | sed 's/  */\t/' | expand -t32


Criando arquivo.

cat > /home/aluno/linux_class.txt

Hello

Linux class.

by Jurandir

ctrl + d   ( salvar o arquivo )


ls /home/aluno/ -l

cat /home/aluno/linux_class.txt 

Hello 

Linux class

by Jurandir


dig o-o.myaddr.l.google.com @ns1.google.com txt +short

hostname -I

ls -l /dev/disk/by-id/ | grep '/sda$' | grep -o 'ata[^ ]*'

grep 'model\|MHz' /proc/cpuinfo | tail -n 2

ifconfig | sed -n 's/.*inet addr:\([0-9.]\+\)\s.*/\1/p'

ps aux |awk '{$1}  {++P[$1]} END {for(a in P) if (a !="USER") print a,P[a]}'

du -h --time --max-depth=1 | sort -hr

du --max-depth=1 -h * | sort -h -k 1 | egrep '(M|G)\s'

du -sh /home/* | sort -rh | head -n 10

Lista todos arquivos, exceto arquivos terminados com ".txt"

# du -ah --exclude="*.txt" /home/


Lista data e hora.

# du -ha --time /home/

8.0K    2015-01-12 21:05        /home/publico_smb/.DS_Store
4.0K    2015-01-12 21:05        /home/publico_smb/._.DS_Store
16K     2015-01-12 21:05        /home/publico_smb


alias du1="du -xsm * | sort -n | awk '{ printf(\"%4s MB  ./\",\$1) ; for (i=1;i<=NF;i++) 
{ if (i>1) printf(\"%s \",\$i) } ; printf(\"\n\") }' | tail"

du1


last -a

last -d

lastlog

dmesg | grep -i cpu

grep "Jan 8 12:16*" | tail /var/log/syslog

echo -e "\e[1;34;47;01m DEBIAN \e[1;33;40;02m Linux Class - by Jurandir \e[0m"


Color:           Foreground:           Background:

black             30                       40
red               31                       41
green             32                       42
yellow            33                       43
blue              34                       44
magenta           35                       45
cyan              36                       46
white             37                       47


alias dir='dir --color=auto'


find . \( -name "*.c" -o -name "*.h" -o -name "*.sc" -o -name "*.ini" \) -print

---------------------------------------------------------------------------------------

===[ Dhcp - ips automaticos ]===

apt-get install dhcp3-server	

cp /etc/dhcp/dhcpd.conf dhcpd.conf---backup

--------------------------------------------------

nano /etc/dhcp/dhcpd.conf

authoritative;
ddns-update-style none;

option domain-name-servers 8.8.8.8 , 8.8.4.4;

default-lease-time 600;
max-lease-time 7200;
log-facility local7;
subnet 192.168.1.0 netmask 255.255.255.0 {

  range 192.168.1.14 192.168.1.120;

  # Na linha acima pegara ips automaticamente iniciando na faixa
  # ( range ) de .15 ate .119 e os que estao fixo pelo mac nao 
  # podem ficar no range o dhcp acaba emprestando o 
  # mesmo ip pra 2 computadores

  option routers 192.168.1.13;

  # Acima, ip do servidor 1.13
  option broadcast-address 192.168.1.255;
}

ctrl + x + y + enter  ( salvar e sair do arquivo ) 


--------------------------------------------------

cat /etc/network/interfaces

auto lo
iface lo inet loopback

allow-hotplug eth1

iface eth1 inet static

      address 192.168.1.13
      netmask 255.255.255.0
      network 192.168.1.0
      broadcast 192.168.1.255
      gateway 192.168.1.1
      dns-nameservers 8.8.8.8

--------------------------------------------------

nano /etc/default/dhcp3-server 

INTERFACES="eth1";    

ctrl + x + y + enter   

--------------------------------------------------

route -n 

/etc/init.d/isc-dhcp-server start

/etc/init.d/isc-dhcp-server restart    

service isc-dhcp-server restart 

ps aux | grep dhcp


cat  /etc/resolv.conf

nameserver 8.8.8.8
nameserver 8.8.4.4

--------------------------------------------------

ATENCAO 

No modem desabilite a op--o DHCP autom-tico no modem.


No windows - cmd - ipconfig

C:\> ipconfig
 
C:\> ipconfig  /all   

--------------------------------------------------

arp -a

cat /var/log/syslog | grep DHCP

cat /var/log/syslog | grep 1.14

--------------------------------------------------

Desativar no modem wifi a opcao do DHCP.

---------------------------------------------------------------------------------------

===[ Ddhcp - mac address ]===

arp -a

cat /var/log/syslog | grep DHCP

--------------------------------------------------

nano /etc/dhcp/dhcpd.conf

authoritative;
ddns-update-style none;

option domain-name-servers 8.8.8.8, 4.4.4.4;

# Apos a instalacao do servidor de dns ( bind9 ), 
# mude de:  8.8.8.8, 4.4.4.4;  para: 192.168.1.13    ( ip servidor interno )

default-lease-time 600;
max-lease-time 7200;
log-facility local7;
subnet 192.168.1.0 netmask 255.255.255.0 {
  range 192.168.1.14 192.168.1.120;

  # linha acima definira ips automaticamente da faixa .15 at- .119
  # os que est-o fixo pelo mac n-o podem ficar no range
  # o dhcp acaba emprestando o mesmo ip pra 2 computadores

  option routers 192.168.1.13;

  option broadcast-address 192.168.1.255;
}

# Adicione as linhas abaixo para amarrar os ips

# Amarrando ips com o mac address. netbook_teacher - uma vari-vel,
# poderia ser qualquer nome. Computador receber- sempre o mesmo ip via dhcp

host teacher 
{
hardware ethernet 5c:ac:4c:70:60:b9;
fixed-address 192.168.1.121;
}

host sra_marlene 
{
hardware ethernet 00:23:5a:6d:0e:5a;
fixed-address 192.168.1.122;
}

host sra_rose 
{
hardware ethernet 68:a3:c4:70:78:9c;
fixed-address 192.168.1.123 ;
}

ctrl + x + y + enter   


/etc/init.d/isc-dhcp-server restart

--------------------------------------------------

nano /etc/squid/acesso_total

# Teacher
192.168.1.121

# Sra. Marlene
192.168.1.122

# Se quiser liberar toda rede interna
# 192.168.1.0/24

# Libera ip da wi-fi
# 192.168.0.1

ctrl + x + y + enter   

--------------------------------------------------

Reiniciar o servi-o do squid.

service squid3 restart

ps aux | grep dhcpd


cat /var/log/syslog | grep DHCP

cat /var/log/syslog | grep DHCP | grep 1.123

---------------------------------------------------------------------------------------

===[ login - senha ]===

adduser ewb


Listando usuarios.

ls /home/ -l

grep -v ^# /etc/ssh/sshd_config



nano /etc/ssh/sshd_config

Port 22

# mude de: -yes-   para:  -no-

PermitRootLogin no

#---------------------

StrictModes yes

#---------------------

# digite  linha abaixo - 3 tentativas de acesso

MaxAuthTries = 3

# permitira somente os dois usu-rios do sistema abaixo acessar

AllowUsers ewb mike

ctrl + x + y + enter   



service ssh restart





cat /var/log/auth.log | grep sshd
Apr 23 19:22:40 debian sshd[2794]: Failed password for ewb from 192.168.1.101 port 49286 ssh2
Apr 23 19:22:44 debian sshd[2794]: Failed password for ewb from 192.168.1.101 port 49286 ssh2
Apr 23 19:22:48 debian sshd[2794]: PAM 2 more authentication failures; logname= uid=0 euid=0 
tty=ssh ruser= rhost=192.168.1.101  user=ewb


apt-get install awk   

cat /etc/passwd | awk -F ":" '{print $1}'

---------------------------------------------------------------------------------------

====[ editores de textos ]===

apt-get install vim

apt-get install mc

apt-get install jed


Definindo um editor de texto padrao.

update-alternatives --config editor


Para abrir o editor padr-o basta digitar:

editor  

---------------------------------------------------------------------------------------

===[ Modem - liberando portas ]===

Lembrando que estas portas devem ser liberadas no modem, já vimos
anteriormente.

FTP = Porta 50000 ate 501000

Porta padrao do FTP é 21

--------------------------------------------------

===[ Ftp - via url ]===

apt-get install proftpd

adduser ftp1	

cp /etc/proftpd/proftpd.conf proftpd.conf---backup

passwd ftp1


nano /etc/proftpd/proftpd.conf

Port                  50000

PassivePorts          50001   50100

# Ftp - Abaixo ip do servidor para acesso interno somente

MasqueradeAddress     192.168.1.13

ctrl + x + y + enter   



/etc/init.d/proftpd restart          

service proftpd restart

--------------------------------------------------


ps aux | grep proftpd

netstat -plan | grep ftp

netstat -na | grep :50000

netstat -tan localhost

netstat -anta

netstat -planta

--------------------------------------------------

telnet 192.168.1.13  50000

Trying 192.168.1.13...
Connected to 192.168.1.13.
Escape character is '^]'.
220 ProFTPD 1.3.4a Server (Debian) [192.168.1.13]
user ftp1
331 Password required for ftp1
pass 123
230 User ftp1 logged in
pwd
257 "/home/ftp1" is the current directory
quit
221 Goodbye.

--------------------------------------------------

ftp localhost

ftp: connect to address ::1: Connection refused
Trying 127.0.0.1...
ftp: connect: Connection refused
ftp> user ftp1
Not connected.
ftp> pass 123
Passive mode on.
ftp> quit

--------------------------------------------------

ftp://192.168.1.13:50000/





--------------------------------------------------

nano /home/ftp1/arq_ftp_teste.txt

Ola FTP1

Quando criamos um usuario no sistema com o comandoadduser ftp1, 
automaticamente eh criado um diretorio para o usuario ftp1
O usu-rio ftp1 j- foi adicionado anteriormente.

Jurandir

ctrl + x + y + enter 




--------------------------------------------------

Pressione F5 para atualizar a página e veja o arquivo que criamos.


ls /home/ -l

ls /home/ftp1/ -l

--------------------------------------------------

cat /home/ftp1/arq_ftp_teste.txt

Ola FTP1

Quando criamos um usuario no sistema com o comandoadduser ftp1, 
automaticamente eh criado um diretorio para o usuario ftp1
O usu-rio ftp1 já- foi adicionado anteriormente.

Jurandir

--------------------------------------------------

Verificando se o processo do proftp esta rodando.

ps aux | grep proftpd

proftpd  8066  0.0  0.1 101468  2044 ?    Ss 13:37 0:00 proftpd: (accepting connections)
root     8085  0.0  0.0   7828  852 pts/1 S+ 13:37 0:00 grep --color proftpd



Apenas listando os usuários do sistema.

ls /home/ -l

total 28
drwxr-xr-x 2 ewb  ewb   4096 2013-11-10 17:57 ewb
drwxr-xr-x 2 ftp1 ftp1  4096 2013-11-10 17:57 ftp1
drwxr-xr-x 2 jura jura  4096 2013-11-10 17:08 jura
drwx------ 2 root root 16384 2013-11-10 16:54 lost+found



Acostume-se verificar os arquivos de log, pois é somente desta maneira que saberemos 
se tudo está ok.


tail /var/log/proftpd/proftpd.log

Nov 11 10:19:25 debian proftpd[8761] debian (192.168.1.15[192.168.1.15]): 
		USER ftp1: Login successful.
Nov 11 10:19:25 debian proftpd[8761] debian (192.168.1.15[192.168.1.15]): 
  		FTP session closed.


--------------------------------------------------

nano /etc/proftpd/proftpd.conf

Port                  50000

PassivePorts          50001   50100

# Ftp - Abaixo ip do servidor para acesso externo 
# Lembando que para ter o acesso externo estou usando
# o serviço do no-ip.com para ter um ip.

MasqueradeAddress     debian70.no-ip.org

ctrl + x + y + enter   

--------------------------------------------------

ftp 192.168.1.13 50000

Connected to 192.168.1.13.
220 ProFTPD 1.3.4a Server (Debian) [201.24.112.60]
Name (192.168.1.13:root): ftp1
331 Password required for ftp1
Password: senha
230 User ftp1 logged in
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls -l
200 PORT command successful
150 Opening ASCII mode data connection for file list
-rw-r--r--   1 root   root  192 Dec 23 17:26 arq_ftp_teste.txt
226 Transfer complete
ftp>
ftp> pwd
257 "/home/ftp1" is the current directory
ftp>
ftp> mkdir ftp_teste
257 "/home/ftp1/ftp_teste" - Directory successfully created
ftp>
ftp> ls -l
200 PORT command successful
150 Opening ASCII mode data connection for file list
-rw-r--r--   1 root     root          192 Dec 23 17:26 arq_ftp_teste.txt
drwxr-xr-x   2 ftp1     ftp1         4096 Dec 24 12:32 ftp_teste
226 Transfer complete
ftp> quit
221 Goodbye.

--------------------------------------------------

ftp://debian70.no-ip.org:50000/

tail /var/log/proftpd/proftpd.log

--------------------------------------------------


===[ Ftp - proftpd - desinstalando ]===

Se precisar desinstalar o proftd.


apt-get purge proftpd-basic

apt-get purge proftpd-*

ps aux | grep proftpd

--------------------------------------------------

===[ ftp - winscp ]===

nano /home/jura/jura.txt

Ola Pessoal

Este arquivo foi criado dentro do diretorio "jura".

Obrigado

ctrl + x + y + enter   


ping debian70.no-ip.org

--------------------------------------------------

===[ ftp - filezilla ]===

Se preferir, poderemos usar o Filezilla para se conectar no servidor na porta 22, pois 
esta usa o protocolo com criptografia e é seguro ( sftp ), mesmo que já configuramos a 
porta 50000 no arquivo /etc/proftpd/proftpd.conf


tail /var/log/proftpd/proftpd.log


adduser ftp2

--------------------------------------------------

nano /home/ftp2/arq_ftp2.txt

Ola FTP2

Fazendo testes...

Jurandir

ctrl + x + y + enter   


ls /home/ftp2/ -l

--------------------------------------------------

===[ ftp - proftp + tls ]===


nano /etc/proftpd/proftpd.conf

Include /etc/proftpd/modules.conf
Include /etc/proftpd/tls.conf

Port                     50000

PassivePorts             50001   50100

# Para acesso -interno- usaremos o ip configurado

MasqueradeAddress        192.168.1.13

# Para acesso -externo- usaremos debian70.no-ip.org
# Descomentar linha abaixo para liberar rede externa

# MasqueradeAddress      debian70.no-ip.org


# Para acesso -externo- com ip fixo ( v-lido )
# Descomentar linha abaixo para liberar rede externa

# MasqueradeAddress      187.4.229.187

ctrl + x + y + enter   

--------------------------------------------------

/etc/init.d/proftpd restart


tail /var/log/proftpd/proftpd.log

--------------------------------------------------

apt-get install openssl 

ls /etc/ssl/private -l

ls /etc/ssl/ -l


Agora vamos gerar a chave ( digita em uma -nica linha )

Linha abaixo esta quebrada, mas é uma unica linha.

openssl req -x509 -newkey rsa:1024 -keyout /etc/ssl/private/proftpd.key 
-out /etc/ssl/certs/proftpd.crt -nodes -days 365

ls /etc/ssl/private/ -l

ls /etc/ssl/certs/ -l | grep proftpd

--------------------------------------------------

nano /etc/proftpd/tls.conf



TLSEngine on
TLSLog /var/log/proftpd/tls.log

# descomentar a linha abaixo

TLSProtocol SSLv23
# TLSProtocol                           SSLv3 TLSv1
TLSOptions NoCertRequest

# descomentar as duas linhas abaixo

TLSRSACertificateFile      /etc/ssl/certs/proftpd.crt
TLSRSACertificateKeyFile   /etc/ssl/private/proftpd.key
TLSVerifyClient off
TLSRequired on 


ctrl + x + y + enter   

--------------------------------------------------


addgroup ssl-cert

grep ssl /etc/group     


cat /etc/group

adduser proftpd ssl-cert


nano /etc/proftpd/proftpd.conf

Include /etc/proftpd/tls.conf

ctrl + x + y + enter   


/etc/init.d/proftpd restart

--------------------------------------------------


openssl x509 -text -in /etc/ssl/certs/proftpd.crt

openssl s_client -connect 127.0.0.1:50000 -starttls ftp

openssl x509 -noout -in /etc/ssl/certs/proftpd.crt -issuer

openssl x509 -noout -in /etc/ssl/certs/proftpd.crt -subject

openssl x509 -noout -in /etc/ssl/certs/proftpd.crt -dates

openssl x509 -noout -in /etc/ssl/certs/proftpd.crt -fingerprint

openssl verify /etc/ssl/certs/proftpd.crt

openssl s_client -connect tpa.com.br:443


Encripotografar strings, textos.

echo -n "James Bond" | openssl enc -base64
SmFtZXMgQm9uZA==


echo "SmFtZXMgQm9uZA==" | openssl enc -base64 -d
James Bond


netstat -anlp | grep ftp

tail /var/log/proftpd/proftpd.log

tail /var/log/auth.log

tail /var/log/proftpd/tls.log

--------------------------------------------------

telnet localhost 50000

Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 ProFTPD 1.3.4a Server (Debian) [192.168.1.13]
user ftp1
331 Password required for ftp1
pass 123
230 User ftp1 logged in
pwd
257 "/home/ftp1" is the current directory
quit
221 Goodbye.
Connection closed by foreign host.

--------------------------------------------------

telnet localhost 50000

Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 192.168.1.13 FTP server ready
auth tls
234 AUTH TLS successful
user ftp1


netstat -anlp | grep :50000 

netstat -anlp | grep proftp

---------------------------------------------------------------------------------------

===[ ftp - 2 usuarios ]===

adduser aluno

nano /etc/proftpd/proftpd.conf



        # Permite acesso somente para os usuario "ftp1 e ftp2"

        AllowUser ftp1 ftp2

        DenyALL



        ServerIdent off

        # no maximo 2 clientes conectados

        MaxClients 2               

        # no maxmo 3 tentativas de login

        MaxLoginAttempts 3  

        RootLogin off


ctrl + x + y + enter   


/etc/init.d/proftpd restart

--------------------------------------------------

nano /etc/proftpd/proftpd.conf


        # Permite acesso somente para os usuario "ftp1 , ftp2 e aluno"
        AllowUser ftp1 ftp2 aluno
        DenyALL


ctrl + x + y + enter   


apt-get install apache2


---------------------------------------------------------------------------------------

===[ Ftp - alias diretorio home ]===

nano /etc/apache2/sites-enabled/000-default

Alias /ftp1_alias  /home/ftp1

Alias /ftp2_alias  /home/ftp2

Alias /ftp3_alias   /home/ftp3/pasta_ftp3

Alias /ftp4_alias   /home/ftp4/pasta_ftp4



ctrl + x + y + enter   


/etc/init.d/apache2 restart

ls /home/ftp1/ -la

ls /home/ftp2/ -la


http://192.168.1.13/ftp1_alias/arq_ftp_teste.txt  

http://192.168.1.13:8080/ftp1_alias/arq_ftp_teste.txt

http://debian70.no-ip.org:8080/ftp1_alias/arq_ftp_teste.txt

---------------------------------------------------------------------------------------

===[ Ftp - sftp ]===

sftp 192.168.1.13

root@192.168.1.13's password: senha_root
Connected to 192.168.1.13.
sftp>
sftp> ls -l
-rw-r--r--    1 root     root    44906 Dec 22 10:05 book-add.txt
-rw-r--r--    1 root     root       34 Dec 24 15:55 estamos_no_root.txt
drwxr-xr-x    3 root     root     4096 Dec 20 18:14 instalacoes
sftp>
sftp>
sftp> pwd
Remote working directory: /root
sftp>
sftp> quit
root@debian:~#



sftp aluno@192.168.1.13

sftp aluno@192.168.1.13

aluno@192.168.1.13's password: senha
Connected to 192.168.1.13.
sftp>
sftp> ls -l
-rw-r--r--    1 root     root           25 Dec 23 17:39 home1.txt
-rw-r--r--    1 root     root          133 Dec 23 17:51 home2.php
-rw-r--r--    1 root     root          361 Dec 23 17:34 home_user1.html
sftp>
sftp> pwd
Remote working directory: /home/aluno
sftp>
sftp> quit

--------------------------------------------------

nano /home/aluno/teste_sftp

Ola

Arquivo gravado teste :)

Bie

ctrl + x + y + enter   

--------------------------------------------------

sftp aluno@192.168.1.13

aluno@192.168.1.13's password: senha
Connected to 192.168.1.13.
sftp>
sftp> ls -l
-rw-r--r--    1 root     root       25 Dec 23 17:39 home1.txt
-rw-r--r--    1 root     root      133 Dec 23 17:51 home2.php
-rw-r--r--    1 root     root      361 Dec 23 17:34 home_user1.html
-rw-r--r--    1 root     root       35 Dec 24 15:51 teste_sftp
sftp>
sftp> quit

---------------------------------------------------------------------------------------

===[ Ftp - via terminal - linux ]===

apt-get install ftp

ftp 192.168.1.13 50000

Connected to 192.168.1.13.
220 ProFTPD 1.3.4a Server (Debian) [201.24.112.60]
Name (192.168.1.13:root): aluno
331 Password required for aluno
Password: senha
230 User aluno logged in
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>
ftp> ls -l
200 PORT command successful
150 Opening ASCII mode data connection for file list
-rw-r--r--   1 root     root           25 Dec 23 19:39 home1.txt
-rw-r--r--   1 root     root          133 Dec 23 19:51 home2.php
-rw-r--r--   1 root     root          361 Dec 23 19:34 home_user1.html
-rw-r--r--   1 root     root           35 Dec 24 17:51 teste_sftp
226 Transfer complete
ftp>
ftp> pwd
257 "/home/aluno" is the current directory
ftp>
ftp> quit
221 Goodbye.
root@debian:~#


---------------------------------------------------------------------------------------

===[ Ftp - prompt do windows ]===

C:\Users\User>
C:\Users\User>cd\
C:\>
C:\>ftp   
ftp>
ftp> open 192.168.1.13 50000
Conectado a 192.168.1.13.
220 ProFTPD 1.3.4a Server (Debian) [201.24.112.60]
Usu-rio (192.168.1.13:(none)): ftp1
331 Password required for ftp1
Senha: senha
230 User ftp1 logged in
ftp>
ftp> dir
200 PORT command successful
150 Opening ASCII mode data connection for file list
-rw-r--r--   1 root     root     192 Dec 23 17:26 arq_ftp_teste.txt
drwxr-xr-x   2 ftp1     ftp1    4096 Dec 24 12:32 ftp_teste
226 Transfer complete
ftp: 140 bytes recebidos em 0,00Segundos 140000,00Kbytes/s.
ftp>

ftp> pwd
257 "/home/ftp1" is the current directory
ftp>
ftp> quit
221 Goodbye.
C:\>
C:\>

ftp  
open debian70.no-ip.org 50000  
ftp1 (conta do ftp ) e senha


---------------------------------------------------------------------------------------

===[ Apache2 + php5 ]===

apt-get install apache2 php5

ps aux | grep apache2

cd /etc/apache2/

cp ports.conf ports.conf---backup

--------------------------------------------------

nano /etc/apache2/ports.conf

NameVirtualHost *:80

# ou poderia ser ==> NameVirtualHost *:8080

Listen 80

# ou poderia ser ==> Listen 8080


    # SSL name based virtual hosts are not yet supported, therefore no
    # NameVirtualHost statement here
    Listen 443


ctrl + x + y + enter 

--------------------------------------------------

nano /etc/apache2/sites-enabled/000-default



       # Poder-amos mudar para ==>  

        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/

:
:

ctrl + x + y + enter 

--------------------------------------------------


service apache2 restart



http://192.168.1.13:8080/   

http://debian70.no-ip.org:8080/


tail -f /var/log/apache2/access.log

tail /var/log/apache2/access.log | grep 24/Dec | grep 22:43

tail -f /var/log/apache2/error.log

tail /var/log/apache2/access.log | awk '{print $4,$1}' | uniq -c | sort -rn

tail /var/log/apache2/access.log |  awk '{print $1}' | cut -d'=' -f2 | sort 

tail /var/log/apache2/access.log |  awk '{print $1}' | cut -d'=' -f2 | sort | uniq -c

Não repete os ips duplicados da lista acima.

tail /var/log/apache2/access.log |  awk '{print $1}' | cut -d'=' -f2 | sort | uniq 

awk '/25\/Dec/ {print $1};' /var/log/apache2/access.log | sort | uniq -c | sort -rn | head

Listando as colunas “data e ip

tail /var/log/apache2/access.log | awk '{print $4,$1}'

--------------------------------------------------

cd /var/www/

mkdir aluno1 

mkdir /var/www/aluno1

ls /var/www/ -l

chown -R root:www-data aluno1

chown -R root:www-data /var/www/aluno1

ls /var/www/ -l

chmod 750 aluno1

ls -l

--------------------------------------------------

nano /var/www/aluno1/aula.php


PHP - Linux 
 
  
 
 Debian 7.0
 
 

Obrigado - Thank you - Grazie - Merci - Danke -Muchas gracias-Domo arigato gozaimashita
 

By Jurandir
 
 
ctrl + x + y + enter 

--------------------------------------------------

http://192.168.1.13:8080/aluno1/aula.php    
 
http://192.168.1.13/aluno1/aula.php  

http://debian70.no-ip.org:8080/aluno1/aula.php   

--------------------------------------------------

tail -f /var/log/apache2/access.log 

tail /var/log/apache2/*.log 

grep -i [error] /var/log/apache2/error.log | wc -l

tail -f /var/log/apache2/error.log

tail /var/log/apache2/access.log | awk '{print $4,$1}'

tail /var/log/apache2/access.log | awk '{print $4,$1}' | uniq -c | sort -rn

tail /var/log/apache2/access.log |  awk '{print $1}' | cut -d'=' -f2 | sort 

tail /var/log/apache2/access.log |  awk '{print $1}' | cut -d'=' -f2 | sort | uniq -c

tail /var/log/apache2/access.log |  awk '{print $1}' | cut -d'=' -f2 | sort | uniq

awk '/06\/Feb/ {print $1};' /var/log/apache2/access.log | sort | uniq -c |sort -rn|head


---------------------------------------------------------------------------------------

===[ Apache2  - senha ]===

nano /etc/apache2/sites-enabled/000-default
     

        #---------------------------------------

        # o diret-rio abaixo ter- senha no apache  ou seja, ao abrir a tela
        # aula.php  ser- aberta uma tela para digitar user1 e a senha 123

        
                deny from all
                Options +ExecCGI
                AllowOverride AuthConfig
                Order allow,deny
        

        #---------------------------------------

ctrl + x + y + enter

--------------------------------------------------


nano /var/www/aluno1/.htaccess

AuthType Basic
AuthUserFile /var/www/aluno1/.htpasswd
AuthName RESTRITO
require valid-user
satisfy any

ctrl + x + y + enter   

--------------------------------------------------

chown www-data /var/www/aluno1/.htaccess

htpasswd -bc /var/www/aluno1/.htpasswd login senhadologin

chmod 644 /var/www/aluno1/.htpasswd

htpasswd -bc /var/www/aluno1/.htpasswd user1  123

cat /var/www/aluno1/.htpasswd

/etc/init.d/apache2 restart



http://192.168.1.13:8080/aluno1/aula.php    

http://192.168.1.13/aluno1/aula.php

Usu-rio: user1  -   Senha  : 123


http://debian70.no-ip.org:8080/aluno1/aula.php  

---------------------------------------------------------------------------------------

===[ Alias- para diret-rios -home- via apache ]===

nano /etc/apache2/sites-enabled/000-default

Alias /ftp1_alias  /home/ftp1

Alias /ftp2_alias  /home/ftp2

Alias /home_alias  /home/aluno



ctrl + x + y + enter   


/etc/init.d/apache2 restart

--------------------------------------------------

nano /home/aluno/home_user.html

Hello

Criando ALIAS apontando para diretorios / usuarios do home.

Este arquivo foi salvo dentro do diretorio /home/aluno e dentro deste

foi salvo o arquivo home_user1.php

Bie


ctrl + x + y + enter   

--------------------------------------------------

http://192.168.1.13:8080/home_alias/home_user.html

http://debian70.no-ip.org:8080/home_alias/home_user.html

--------------------------------------------------

cat > /home/aluno/home1.txt

Testando "alias"

Bie

ctrl + d   

--------------------------------------------------

http://192.168.1.13:8080/home_alias/home2.php

--------------------------------------------------

nano /home/aluno/home2.php

< html >
< head >
< title > My first PHP page 


< body >

< ? php

e c h o " < h 1 > Hello World!  ";

? >


ctrl + x + y + enter   

--------------------------------------------------

ls /home/aluno/ -l

http://192.168.1.13:8080/home_alias/home2.php

http://debian70.no-ip.org:8080/home_alias/home2.php


---------------------------------------------------------------------------------------

===[ Wifi - configurando modem ]===

Configurando o Access Point ( 192.168.1.254 )

Um cabo sai do Switch conectando a outra exterminado no Access Point.

Apos as alteracoes no Access Point, reinicie o modem.

---------------------------------------------------------------------------------------

===[ samba ]===

apt-get update && apt-get upgrade

apt-get install samba smbclient 

ps aux | grep smb

cp /etc/samba/smb.conf smb.conf---backup

cat /etc/samba/smb.conf  | more

--------------------------------------------------

nano /etc/samba/smb.conf

[global]
server string = Home Samba
netbios name = Home
Workgroup = SCHOOL
security = user	
encrypt passwords = yes
wins support = yes

vfs object = recycle
recycle:keeptree = yes
recycle:versions = yes
recycle:repository = /home/lixeira_smb/

log level = 1
log file = /var/log/samba.log
max log size = 1000

vfs object = full_audit recycle
recycle:keeptree = yes
recycle:versions = yes
recycle:repository = /home/lixeira_smb/%U

full_audit:success = open, opendir, write, unlink, rename, mkdir, rmdir
full_audit:prefix = %u|%I|%S
full_audit:failure = none
full_audit:facility = local5
full_audit:priority = notice
#-----------------------------------------------------------------------
[english_smb]
      path = /home/english_smb
      writeable = yes
      browseable = yes
#-----------------------------------------------------------------------
[computing_smb]
      path = /home/computing_smb
      writeable = yes
      browseable = yes
#-----------------------------------------------------------------------
[lixeira_smb]
      path = /home/lixeira_smb/
      recycle:repository = .recycle
      browseable = yes
      writeable = yes
#-----------------------------------------------------------------------
[publico_smb]
        comment = Publico
        path = /home/publico_smb
        read only = No
        create mask = 0777
        directory mask = 0777
        guest ok = Yes
#-----------------------------------------------------------------------
[aluno1_smb]
      path = /home/aluno1_smb/
      browseable = yes
      writeable = yes
#-----------------------------------------------------------------------
[aluno2_smb]
      path = /home/aluno2_smb/
      browseable = yes
      writeable = no
#-----------------------------------------------------------------------
[printers]
comment = Todas as Impressoras
path = /var/spool/samba
print ok = yes
guest ok = yes
browseable = yes

ctrl + x + y + enter 

--------------------------------------------------

mkdir /home/computing_smb
chmod 777 -R /home/computing_smb

mkdir /home/english_smb
chmod 777 -R /home/english_smb 

mkdir /home/lixeira_smb
chmod 777 -R /home/lixeira_smb 

mkdir /home/publico_smb
chmod 777 -R /home/publico_smb 

mkdir /home/aluno1_smb
chmod 777 -R /home/aluno1_smb 

mkdir /home/aluno2_smb
chmod 777 -R /home/aluno2_smb 

--------------------------------------------------

ls /etc/samba/ -l

sh /etc/samba/cria_pastas_permissoes.sh

ls /home/ -l

adduser ewb1   - senha: 123    
           
adduser ewb2   - senha: 123               

adduser aluno1 - senha: 123               

smbpasswd -a ewb1

smbpasswd -a ewb2

smbpasswd -a aluno1

smbpasswd -a pub      

pdbedit -a ewb1

--------------------------------------------------

service samba restart

--------------------------------------------------

nano /etc/rsyslog.conf

local5.notice /var/log/samba-full_audit.log

ctrl + x + y + enter 

--------------------------------------------------


service rsyslog restart

ps aux | grep smb

/etc/init.d/samba 

/etc/init.d/samba restart


dpkg -s samba| grep Status

Status: install ok installed

--------------------------------------------------

No Windows 7, clique em Iniciar - \\192.168.1.13    ( ip do servidor )

Usuario: ewb1       Senha  : 123

--------------------------------------------------

tail -f /var/log/samba-full_audit.log

tail -f /var/log/samba-full_audit.log

tail -f /var/log/samba-full_audit.log

tail -f /var/log/samba-full_audit.log | grep open

--------------------------------------------------

pdbedit -Lw

pdbedit -L  | cut -d \: -f1

smbpasswd -x ewb

pdbedit - -x --u -ewb

deluser ewb

smbclient -L localhost -U%

smbstatus

pdbedit -v ewb1

smbclient -L //192.168.1.13 -U ewb1

pdbedit -a ewb1

rm -r /home/lixeira_smb/*

--------------------------------------------------

Acessando a lixeira ( lixeira_smb )

\\192.168.1.13\lixeira_smb

testparm

--------------------------------------------------

Este usuarios nao podera acessar o ssh e nao tera diretorio no home

adduser --disabled-login --no-create-home eric

passwd eric

smbpasswd -a eric

---------------------------------------------------------------------------------------

===[ swat ]===

apt-get install swat 

http://192.168.1.13:901/             

Digite o usu-rio root e senha do root. 


http://debian70.no-ip.org:901/

netstat -anta

---------------------------------------------------------------------------------------

===[ squid ]===

Modem + Switch + AP ( wi-fi )

apt-get install squid3


ls /etc/squid3/ -l	
-rw-r--r-- 1 root root   1547 Aug 28 03:43 errorpage.css
-rw-r--r-- 1 root root    421 Aug 28 03:43 msntauth.conf
-rw-r--r-- 1 root root 206557 Aug 28 03:43 squid.conf

cat /etc/squid3/squid.conf

grep -v ^#  /etc/squid3/squid.conf | grep -v ^$

cp /etc/squid3/squid.conf /etc/squid3/squid.conf---backup

ls /etc/squid3/ -l

--------------------------------------------------

nano /etc/squid3/squid.conf

http_port 192.168.1.13:3128 transparent
# visible_hostname juralinux.com.br
visible_hostname debian70.no-ip.org

cache_mem 1300 MB
maximum_object_size_in_memory 180 KB
maximum_object_size 180386 KB
minimum_object_size 5 KB

cache_swap_low 90
cache_swap_high 95

cache_dir ufs /var/spool/squid3 15000 16 256

cache_access_log /var/log/squid3/access.log
cache_store_log /var/log/squid3/store.log
cache_log /var/log/squid3/cache.log

cache_effective_user proxy
cache_effective_group proxy

refresh_pattern ^ftp: 15 20% 2280
refresh_pattern ^gopher: 15 0% 2280
refresh_pattern . 15 20% 2280

acl snmp snmp_community public
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl SSL_ports port 443 563
acl Safe_ports port 80               	# http
acl Safe_ports port 21               	# ftp
acl Safe_ports port 443 563            # https, snews
acl Safe_ports port 70                 # gopher
acl Safe_ports port 210               	# wais
acl Safe_ports port 1025-65535  	    # unregistered ports
acl Safe_ports port 280               	# http-mgmt
acl Safe_ports port 488               	# gss-http
acl Safe_ports port 591               	# filemaker
acl Safe_ports port 777              	# multiling http
acl Safe_ports port 901               	# SWAT
acl purge method PURGE
acl CONNECT method CONNECT

acl acesso_total src "/etc/squid3/acesso_total"
acl acesso_negado src "/etc/squid3/acesso_negado"
acl sites_liberados url_regex -i "/etc/squid3/sites_liberados"
acl acesso_restrito src "/etc/squid3/acesso_restrito"
acl bloqueado url_regex -i "/etc/squid3/bloqueado"
acl acessa_youtube src "/etc/squid3/acessa_youtube"
acl libera_youtube url_regex -i "/etc/squid3/libera_youtube"

# Tudo liberado
http_access allow acesso_total
# Tudo liberado exceto os sites que estao no bloqueado
http_access allow acesso_restrito !bloqueado
# Tudo BLOQUEADO EXCETO os sites que estao no sites_liberados
http_access allow acesso_negado sites_liberados
http_access allow acessa_youtube libera_youtube

http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all

ctrl + x + y + enter 

--------------------------------------------------

ps aux | grep  squid

arp -a

--------------------------------------------------

Arquivos de regras do squid.


=== [01]================

Os ips contidos no arquivo abaixo poder-o acessar todos os sites sem restri--es.

nano /etc/squid3/acesso_total

# Abaixo libera toda a rede interna
# 192.168.1.0/24

192.168.1.16

ctrl + x + y + enter


=== [02]================

Os ips contidos no arquivo abaixo poder-o acessar somente o site do youtube.

nano /etc/squid3/acessa_youtube

192.168.1.14

ctrl + x + y + enter 


nano /etc/squid3/libera_youtube

youtube.com
i1.ytimg.com
s.ytimg.com
ad.doubleclick.net

ctrl + x + y + enter 


=== [03]================

Os ips contidos no arquivo abaixo poder-o acessar todos os sites, termos etc, 
exceto os sites e termos que estiverem no arquivo de acl bloqueado.

nano /etc/squid3/acesso_restrito

192.168.1.15

ctrl + x + y + enter 


nano /etc/squid3/bloqueado

uol.com.br
terra.com.br
playboy.com.br
porno
porn

ctrl + x + y + enter 


=== [04]================

Os ips contidos no arquivo abaixo ter-o tudo bloqueado, exceto 
o conte-do do arquivos sites_liberados

nano /etc/squid3/acesso_negado

192.168.1.17

ctrl + x + y + enter 


nano /etc/squid3/sites_liberados

google.com.br
cnn.com
edition
i.cdn.turner.com
speed.pointroll.com
gdyn.cnn.com
ads.cnn.com
Artwork/SN.png
ugdturner.com
api-img.billiger.de
msftncsi.com

# Liberamos o site da cnn.com ( pagina anterior )
# ATENCAO = sera necess-rio acompanhar no arquivo de log 
# ( tail -f /var/log/squid3/access.log ) , mas nao mostrava algumas imagens
# ent-o acompando no log observamos que a cnn tentava acessar outras paginas
# e estas tamb-m tivemos que liberar, idem com o site da foxnews abaixo.

foxnews.com
a57.foxnews.com
fncstatic.com

ctrl + x + y + enter 

--------------------------------------------------


Listando os arquivos de regras criados.

ls /etc/squid3 -l

chown proxy:proxy /var/log/squid3 /var/spool/squid3

service squid3 stop

squid3 -z

service squid3 restart

ps aux | grep squid

kill -HUP 2012


ls /var/spool/squid3/ -la

ls /var/spool/squid3/00

ls /var/spool/squid3/00 | wc -l

--------------------------------------------------

cat /etc/network/interfaces

auto lo
iface lo inet loopback

allow-hotplug eth1 	
		
iface eth1 inet static

        address 192.168.1.13       	
        netmask 255.255.255.0       	
        network 192.168.1.0		
        broadcast 192.168.1.255

        gateway 192.168.1.1

        # 192.168.1.1 - o ip do modem Dlink
        dns-nameservers 8.8.8.8
        # Acima ip dns do google

--------------------------------------------------


cat /etc/dhcp/dhcpd.conf

authoritative;
ddns-update-style none;
option domain-name-servers 8.8.8.8 , 8.8.4.4;
default-lease-time 600;
max-lease-time 7200;
log-facility local7;
subnet 192.168.1.0 netmask 255.255.255.0 {

  range 192.168.1.14 192.168.1.120;

  # Na linha acima pegara ips automaticamente iniciando na faixa
  # ( range ) de .15 ate .119 e os que estao fixo pelo mac nao 
  # podem ficar no range pois o dhcp acaba emprestando o mesmo
  # ip pra 2 computadores

  option routers 192.168.1.13;

  # Acima, ip do servidor
  option broadcast-address 192.168.1.255;
}

--------------------------------------------------

iptables -nL

route -n


iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128 

iptables -A INPUT -i eth1 -p tcp --dport 3128 -j ACCEPT 


iptables -nL

--------------------------------------------------

nano /etc/init.d/rc.begin

#!/bin/bash
clear
echo ''
echo '================================================='
echo ''

/usr/local/bin/noip2&
echo 'Inicializando o servico ( noip2 )........ [ ok ] '
echo ''

# ip forward = faz o by-pass do compartilhamento  e ativa o roteamento no kernel

modprobe iptable_nat

echo 1 >/proc/sys/net/ipv4/ip_forward

echo 'IP forward .............................. [ ok ] '

echo ''

/etc/init.d/squid3 start

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128

iptables -A INPUT -i eth1 -p tcp --dport 3128 -j ACCEPT

echo 'Iniciando squid.......................... [ ok ] '
echo ''
echo '================================================='
echo ''

ctrl + x + y + enter 

--------------------------------------------------


tail -f /var/log/squid3/access.log

date -d@1420750249.987    

tail -f /var/log/squid3/access.log

grep 'terra' /var/log/squid3/access.log  | awk '{ print $3 }' | sort | uniq -c | sort -rn

grep 'google' /var/log/squid3/access.log | awk '{ print $3 }' | sort | uniq -c | sort -rn

grep 'jurandir' /var/log/squid3/access.log 

apt-get install gawk

tail -f /var/log/squid3/access.log |gawk '{print strftime("%d/%m/%Y %H:%M:%S",$1),$3,$7}'

tail -f /var/log/squid3/access.log |gawk '{print strftime("%d/%m/%Y %H:%M:%S",$1),$3,$7}'

grep 'jurandir' /var/log/squid3/access.log | wc -l

tail -f /var/log/squid3/access.log | grep -e '\b192.168.1.16\b'

ls -lhS /var/log/squid3 | head

tail -f /var/log/squid3/access.log | perl -p -e 's/^([0-9]*)/"[".localtime($1)."]"/e'

zcat /var/log/squid3/access*.gz | awk '{print $7}' | sort |uniq -c |sort -n |tail -n 20

zcat /var/log/squid3/access.log.1.gz |awk '{print $3 "-" $7 "-" $11}' |grep face* |wc -l

zcat /var/log/squid3/access.log.1.gz | awk '{print $3 "-" $7 "-" $11}' | grep face*

find /var/log/ -name "*.gz" -exec zcat "{}" + | grep "jurandir" | wc -l

service squid3 restart

---------------------------------------------------------------------------------------

===[ Squid - desinstalando ]===

apt-get --purge remove squid3

apt-get autoremove

rm -rf /var/spool/squid3/

--------------------------------------------------

===[ Squid - limpando regras ]===

#!/bin/bash
clear
echo ''
echo ' Limpando Regras do Squid ( iptables )'
echo '======================================='
iptables -F
iptables -X
iptables -Z
iptables -t nat -F
iptables -t nat -X
iptables -t nat -Z
iptables -t mangle -F
iptables -t mangle -X
iptables -t mangle -Z

echo 'Politica adotada..............................[ ok ]'
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

echo 'Mascarando net................................[ ok ]'
modprobe iptable_nat
echo 1 >/proc/sys/net/ipv4/ip_forward
echo 'Ip Forward....................................[ ok ]'
echo ''
echo ''
iptables -nL
echo ''

ctrl + x + y + enter 

sh off_squid.sh

iptables -nL


--------------------------------------------------


===[ Squid - possivel problema 1 ]===

squid3 -k rotate

logrotate -v /etc/logrotate.d/squid3

Arquivo de log do squid esta gigante !!!

ls -lhS /var/log/squid3 | head

cd /var/log/squid3

ls -lSh

-rw-r----- 1 proxy proxy    629M 2014-04-16 10:56 access.log       <-- 629 M !!!
-rw-r----- 1 proxy proxy     54M 2014-04-15 23:00 store.log.2.gz
-rw-r----- 1 proxy proxy     38M 2014-04-12 22:12 store.log.5.gz
-rw-r----- 1 proxy proxy     34M 2014-04-13 22:12 store.log.4.gz


/etc/init.d/squid3 stop

echo -n > /var/log/squid3/access.log 

echo -n > /var/log/squid3/store.log 

echo -n > /var/log/squid3/cache.log

cd /var/log/squid3

ls -l


chown -R proxy.proxy /var/log/squid3/store.log

chown -R proxy.proxy /var/log/squid3/access.log

chown -R proxy.proxy /var/log/squid3/cache.log


service squid3 restart   

ls /var/log/squid3/ -lSh

ls -lh /var/log/squid3

ls -lh /var/log/mysql*


--------------------------------------------------


===[ Squid - possivel problema 2 ]===


df -h

Filesystem                                              Size  Used Avail Use% Mounted on
rootfs                                                  323M  161M  146M  53% /
udev                                                     10M     0   10M   0% /dev
tmpfs                                                   176M  1.3M  175M   1% /run
/dev/disk/by-uuid/6503dee5-b510-41da-9116-77175e51a73e  323M  161M  146M  53% /
tmpfs                                                   5.0M     0  5.0M   0% /run/lock
tmpfs                                                   1.1G     0  1.1G   0% /run/shm
/dev/sda9                                               132G  188M  125G   1% /home
/dev/sda8                                               368M   11M  339M   3% /tmp
/dev/sda5                                               8.3G  989M  6.9G  13% /usr
/dev/sda6                                               2.8G  2.7G     0 100% /var


ls /var/log/squid3 -l

ls -lhS /var/log/squid3 | head


cat > /var/log/squid3/cache.log

ctrl +  d  


--------------------------------------------------

===[ Squid - limpando log ]===


cat > /var/log/squid3/access.log

ctrl +  d  


cat > /var/log/squid3/store.log

ctrl +  d  


cat > /var/log/squid3/cache.log

ctrl +  d  


cd /var/spool/squid3/

ls


service squid3 stop

rm -rf /var/spool/squid/*

squid3 -z

chown -R squid.squid /var/spool/squid

squid3 &

---------------------------------------------------------------------------------------


===[ Sarg ]===

http://packages.debian.org/squeeze-backports/amd64/sarg/filelist

apt-get update  && apt-get upgrade

apt-get install sarg

sarg -v

whereis sarg

cp /etc/sarg/sarg.conf /etc/sarg/sarg.conf---backup

ls /etc/sarg/ -lsh

ls /etc/sarg/sarg-reports.conf -l

cp /etc/sarg/sarg-reports.conf /etc/sarg/sarg-reports.conf---backup

ls /etc/sarg/ -l

--------------------------------------------------

nano /etc/sarg/sarg-reports.conf

SARG=/usr/bin/sarg
CONFIG=/etc/sarg/sarg.conf
HTMLOUT=/var/www/squid-reports
PAGETITLE="Access Reports on $(hostname)"
LOGOIMG=/sarg/images/sarg.png
LOGOLINK="http://$(hostname)/"
DAILY=Daily
WEEKLY=Weekly
MONTHLY=Monthly
EXCLUDELOG1="SARG: No records found"
EXCLUDELOG2="SARG: End"

ctrl + x + y + enter 

--------------------------------------------------

grep -v ^# /etc/sarg/sarg.conf | grep -v ^$

access_log /var/log/squid/access.log
title "Squid User Access Reports"
font_face Tahoma,Verdana,Arial
header_color darkblue
header_bgcolor blanchedalmond
font_size 9px
background_color white
text_color #000000
text_bgcolor lavender
title_color green
temporary_dir /tmp
output_dir /var/lib/sarg
resolve_ip
user_ip no
topuser_sort_field BYTES reverse
user_sort_field BYTES reverse
exclude_users /etc/sarg/exclude_users
exclude_hosts /etc/sarg/exclude_hosts
date_format u
lastlog 0
remove_temp_files yes
index yes
index_tree file
overwrite_report yes
records_without_userid ip
use_comma yes
mail_utility mailx
topsites_num 100
topsites_sort_order CONNECT D
index_sort_order D
exclude_codes /etc/sarg/exclude_codes
max_elapsed 28800000
report_type topusers topsites sites_users users_sites date_time denied auth_failures 
  site_user_time_date downloads
usertab /etc/sarg/usertab
long_url no
date_time_by bytes
charset Latin1
show_successful_message no
show_read_statistics no
topuser_fields NUM DATE_TIME USERID CONNECT BYTES %BYTES IN-CACHE-OUT USED_TIME MILISEC 
%TIME TOTAL AVERAGE
user_report_fields CONNECT BYTES %BYTES IN-CACHE-OUT USED_TIME MILISEC %TIME TOTAL 
AVERAGE
topuser_num 0
download_suffix "zip,arj,bzip,gz,ace,doc,iso,adt,bin,cab,com,dot,drv$,lha,lzh,mdb,mso,
ppt,rtf,src,shs,sys,exe,dll,mp3,avi,mpg,mpeg"

--------------------------------------------------

cd /etc/sarg

grep -v ^# sarg.conf | grep -v ^$ > sarg.conf

--------------------------------------------------

nano /etc/sarg/sarg.conf

access_log /var/log/squid3/access.log

output_dir /var/www/squid-reports

date_format e

ctrl + x + y + enter 

--------------------------------------------------


mkdir /var/www/squid-reports

ls /var/www/ -l

apt-get install apache2


cd /etc/sarg

Diario

# cat /etc/cron.daily/sarg
#!/bin/sh
if [ -x /usr/sbin/sarg-reports ]; then
  /usr/sbin/sarg-reports daily
fi

Semanal

cat /etc/cron.weekly/sarg

#!/bin/sh
if [ -x /usr/sbin/sarg-reports ]; then
  /usr/sbin/sarg-reports weekly
fi

Mensal

cat /etc/cron.monthly/sarg

#!/bin/sh
if [ -x /usr/sbin/sarg-reports ]; then
  /usr/sbin/sarg-reports monthly
fi


sarg-reports  


cat /usr/sbin/sarg-reports

--------------------------------------------------

nano /usr/sbin/sarg-reports
:
:
daily ()
{
  DATA=`date +"%d/%m/%Y"`
  DAILYOUT=$HTMLOUT/$DAILY
  mkdir -p $DAILYOUT
  create_index_html

  $SARG -f $CONFIG -d $DATA -o $DAILYOUT >$ERRORS 2>&1
  exclude_from_log
}

weekly ()
{
  DATA1=`date +"%d/%m/%Y"`
  DATA2=`date -d "1 week ago" +"%d/%m/%Y"`
  WEEKLYOUT=$HTMLOUT/$WEEKLY
  mkdir -p $WEEKLYOUT
  create_index_html
  $SARG -f $CONFIG -d $DATA2-$DATA1 -o $WEEKLYOUT >$ERRORS 2>&1
  exclude_from_log
}

monthly ()
{
  DATA1=`date -d "1 day ago" +"%d/%m/%Y"`
  DATA2=`date -d "1 month ago" +"%d/%m/%Y"`
  MONTHLYOUT=$HTMLOUT/$MONTHLY
  mkdir -p $MONTHLYOUT
  create_index_html
  $SARG -f $CONFIG -d $DATA2-$DATA1 -o $MONTHLYOUT >$ERRORS 2>&1
  exclude_from_log
}

ctrl + x + y + enter

--------------------------------------------------

sarg -z


http://192.168.1.13/squid-reports/
              
http://192.168.1.13:8080/squid-reports/

--------------------------------------------------


ls /var/www/ -l

ls /var/www/squid-reports/ -l

ls /var/www/squid-reports/08Jan2015-08Jan2015/ -l

ls /var/www/squid-reports/08Jan2015-08Jan2015/192_168_1_14 -l

--------------------------------------------------

http://debian70.no-ip.org:8080/squid-reports/

sarg-reports today

sarg-reports daily

sarg-reports weekly

sarg-reports monthly

--------------------------------------------------

http://192.168.1.13:8080/squid-reports/Daily/

http://192.168.1.13/squid-reports/Daily/

http://192.168.1.13/squid-reports/Weekly/

http://192.168.1.13/squid-reports/Monthly/

--------------------------------------------------

ls /var/www/squid-reports/ -l

du -sch /var/www/squid-reports/Daily/

du -sch /var/www/squid-reports/Weekly/

du -sch /var/www/squid-reports/Monthly/

--------------------------------------------------

nano sarg_reports.sh

#!/bin/bash
clear
echo ""
echo "-------------------------------------------------"
echo "===[ Sarg Reports ]==="
echo "-------------------------------------------------"
echo ""
echo ""
echo "===[ diario ]==="
ls /var/www/squid-reports/Daily/ -lsh
echo ""
echo "===[ semanal ]==="
ls /var/www/squid-reports/Weekly/ -lsh
echo ""
echo "===[ mensal ]==="
ls /var/www/squid-reports/Monthly/ -lsh
echo ""
echo "-------------------------------------------------"
echo ""
echo "by Jurandir"
echo ""

ctrl + x + y + enter


sh sarg_reports.sh


--------------------------------------------------


===[ Sarg - realtime ]===

Visualizando log em tempo real online.

cd /var/www/squid-reports

Vamos copiar o arquivo sarg-realtime.php para /var/www/

cp /usr/share/sarg/sarg-php/sarg-realtime.php ./

ls /var/www/squid-reports -l


cat sarg-realtime.php


apt-get install sudo

--------------------------------------------------

visudo  

www-data        ALL=NOPASSWD:   /usr/bin/sarg

ctrl + x + y + enter  

--------------------------------------------------

nano /etc/sarg/sarg.conf

realtime_refresh_time 3

ctrl + x + y + enter

--------------------------------------------------

sarg -r

--------------------------------------------------

http://192.168.1.13:8080/squid-reports/sarg-realtime.php

http://debian70.no-ip.org:8080/squid-reports/sarg-realtime.php

--------------------------------------------------

crontab -e

e adicionar a linha abaixo 

*  */1 * * * /usr/local/bin/sarg -x


ctrl + x + y + enter  

--------------------------------------------------

===[ Squid - rotacionando arquivos de log ]===

nano /etc/logrotate.d/squid3

#       Logrotate fragment for squid3.
#
/var/log/squid3/*.log {
        # como na minha rede n-o h- muitos acessos ent-o vou
        # mudarei o termo daily ( di-rio ) para weekly 
        # ( semanal )
        # Poderia ser: daily (di-rio),weekly (semanal), monthly (mensal)
        weekly
        compress
        # delaycompress
        rotate 2
        missingok
        nocreate
        sharedscripts
        postrotate
                test ! -e /var/run/squid3.pid || /usr/sbin/squid3 -k rotate
        endscript
}

ctrl + x + y + enter 

--------------------------------------------------

squid3 -k rotate

logrotate -v /etc/logrotate.d/squid3


nano /etc/crontab


/etc/init.d/cron start   

service cron restart

--------------------------------------------------

===[ Sarg - instalando do codigo fonte ]===

SARG - Instala--o a partir do c-digo fonte      ( Vers-o:  sarg 2.39 )

http://sourceforge.net/projects/sarg/files/sarg/


cd instalacoes/

wget http://sourceforge.net/projects/sarg/files/sarg/sarg-2.3.9/sarg-2.3.9.tar.gz/download

tar -zxvf sarg-2.3.9.tar.gz

cd sarg-2.3.9/

./configure

make && make install

apt-get install apache2 php5


---------------------------------------------------------------------------------------


===[  Cupsd - impressora ]===

- Verifique se o cabo da impressora esta conectado corretamente ( comumente cabo USB );

- Deixe a impressora ligada;

- Cabo da fonte ( energia conectado na tomada );


apt-get install cups

ps aux | grep cupsd

service cups restart

shutdown -r now

netstat -tunva | grep 631


https://192.168.1.13:631/

http://192.168.1.13:631/


Clique em Windows Printer via SAMBA para compartilhar a impressora.


Digite: http://192.168.1.13:631/   ( ip do servidor e porta do cups )


Clique no campo Name e ir- aprecer o nome da impressora.


Podemos localizer a impressora que o servidor reconhecer- o que esta plugado na usb.

ps aux | grep cupsd

service cups restart

--------------------------------------------------

nano /etc/samba/smb.conf

[printers]
comment = Todas as Impressoras
path = /var/spool/samba
print ok = yes
guest ok = yes
browseable = yes

--------------------------------------------------


service samba restart

Ap-s reiniciar o samba o -cone da impressora aparece no Samba ( no linux )

No Windows 7, digite: \\192.168.1.13     ( ip do servidor )


Usu-rio do Samba - ewb1 - senha

Precisaremos do cd-rom de drivers destas impressora.

--------------------------------------------------

http://192.168.1.13:631/

tail /var/log/cups/

tail /var/log/cups/access_log

tail /var/log/cups/access_log | grep successful-ok

tail /var/log/cups/access_log | grep successful-ok | wc -l

--------------------------------------------------


Se houver problemas este site poder- lhe ajudar.

http://hplipopensource.com/hplip-web/install_wizard/index.html

dpkg-reconfigure cups


---------------------------------------------------------------------------------------

===[ Webmin ]===

http://www.webmin.com/download.html


O diret-rio instalacoes - o local onde deixo todos os arquivos baixados.

cd instalacoes/ 

wget -c http://prdownloads.sourceforge.net/webadmin/webmin-1.720.tar.gz

A vers-o que utilizei neste tutorial foi a vers-o 1.720, em formato ".tar.gz". 

tar -vzxf webmin-1.720.tar.gz

mv webmin-1.720 /usr

cd /usr/


ln -s webmin-1.720  webmin

Agora vamos executar o script de instala--o do Webmin. 

cd /usr/webmin-1.720/

./setup.sh     


http://192.168.1.13:10000/ 

http://debian70.no-ip.org:10000/

--------------------------------------------------

===[ Webmin - instalar - plan b - .deb ]===

http://sourceforge.net/projects/webadmin/files/


cd instalacoes
		
wget http://prdownloads.sourceforge.net/webadmin/webmin_1.730_all.deb

dpkg -i webmin_1.730_all.deb

apt-get install -f

--------------------------------------------------


===[ Webmin - esqueceu senha ]===

find / -name 'changepass.pl'

/usr/webmin-1.630/changepass.pl /etc/webmin admin 123x=

http://192.168.1.13:10000/

http://debian70.no-ip.org:10000/


---------------------------------------------------------------------------------------

===[ Mysql ]===

apt-get install mysql-server mysql-client php5-mysql

apt-get update && apt-get upgrade

php -v

mysql -V

--------------------------------------------------

mysql -u root -p      

mysql> show databases;

mysql> create database banco_dados;

mysql> use banco_dados;

mysql> create table amigos(
     codigo integer not null,
     nome varchar(50) not null,
     endereco varchar(60),
     cidade varchar(40),
     datanasc date,
     primary key(codigo));

insert into amigos values(1,'Jurandir','Rua Londres 13','Timbo','3382-3932');
insert into amigos values(2,'Mike','Rua USA 131','Timbo','3382-0000');
insert into amigos values(3,'Eric','Rua Italia 131','Blumenau','3382-0000');
insert into amigos values(4,'Isabela','Rua Italia 131','Blumenau','3382-0000');
insert into amigos values(5,'Rubia','Rua Italia 131','Blumenau','3382-0000');

mysql> show databases;

mysql> use banco_dados;

mysql> describe amigos;

mysql> SELECT * FROM amigos;

mysql> SELECT * FROM amigos WHERE nome LIKE "mi%";

mysql> SELECT * FROM amigos WHERE cidade =  "Blumenau";

mysql> SELECT * FROM amigos WHERE codigo BETWEEN 1 and 2;

mysql> UPDATE amigos SET datanasc='20101225' WHERE codigo=1;

mysql> SELECT * FROM amigos;

mysql> quit   



drop database banco_dados;   

drop table amigos;                   

No prompt do mysql (mysql> ) 

quit 

netstat -tap | grep mysql

ps aux | grep mysql

--------------------------------------------------

nano /var/www/amigos.php

ID	Nome	Cidade

ctrl + x + y + enter 

--------------------------------------------------


apt-get install lynx


http://192.168.1.13:8080/amigos.php

lynx  http://192.168.1.13:8080/amigos.php
         
--------------------------------------------------

http://192.168.1.13/amigos.php

http://192.168.1.13:8080/amigos.php

http://debian70.no-ip.org:8080/amigos.php


tail -f /var/log/apache2/access.log

nmap -sF -P0 192.168.1.13

less /var/log/apache2/error.log

mysql -V

dpkg-reconfigure mysql-server-5.5

dpkg -l mysql-server

--------------------------------------------------

===[ Mysql - backup bancos / tabelas ]===

mysql -u root -p

mysql> use banco_dados;

mysql> show tables;

mysql> select * from amigos;

mysql> quit


mysqldump -u root -p  banco_dados  >  backup_tabela_amigos.txt

ls -l

cat backup_tabela_amigos.txt

mysql -u root -p

mysql> use banco_dados;

mysql> show tables;

mysql> drop table  amigos;

mysql> drop table  posts;

mysql> show tables;


mysql -u root -p banco_dados < backup_tabela_amigos.txt

mysql -u root -p

mysql> show databases;

mysql> use banco_dados;

mysql> show tables;

mysql> quit


mysqldump --user=root -p --databases banco_dados > tabela_do_banco_dados--`date 
+%d-%m-%y--%a--%Hh-%Mm`.sql

tabela_do_banco_dados--05-01-15--Mon--21h-11m.sql


cat tabela_do_banco_dados--05-01-15--Mon--21h-11m.sql

mysqldump --user=root -p --databases banco_dados | gzip >  
          tabelas_do_banco_dados--`date +%d-%m-%y--%a--%Hh-%Mm`.gz


ls -l
-rw-r--r-- 1 root root  885 Jan 5 21:20 tabelas_do_banco_dados--05-01-15--Mon--21h-20m.gz

Arquivo: tabelas_do_banco_dados--05-01-15--Mon--21h-20m.gz


gunzip -v tabelas_do_banco_dados--05-01-15--Mon--21h-20m.gz 

tabelas_do_banco_dados--05-01-15--Mon--21h-20m.gz: 63.9% -- replaced with 
tabelas_do_banco_dados--05-01-15--Mon--21h-20m


--------------------------------------------------

nano  my.sh
 
#!/bin/sh -e

local=~/backup_banco_dados--`date +%d-%m-%y--%a--%Hh-%Mm`.sql

mysqldump -u root --password=12345 banco_dados > $local

gzip $local

ctrl + x + y + enter 

--------------------------------------------------


sh my.sh

ls -l
-rw-r--r-- 1 root root 876 Jan 5 21:45 backup_banco_dados--05-01-15--Mon--21h-45m.sql.gz



Visualizando conte-do do backup.

zcat backup_banco_dados--05-01-15--Mon--21h-45m.sql.gz 

du -sch backup_banco_dados--05-01-15--Mon--21h-45m.sql.gz 


--------------------------------------------------

===[ Mysql - esqueceu senha? ]===

service mysql stop

mysqld_safe --skip-grant-tables &

mysql -u root


mysql> use mysql;

mysql> update user set password=PASSWORD("nova_senha") where User='root';

mysql> flush privileges;

mysql> quit

service mysql stop

service mysql start

mysql -u root -p123=


mysql> show databases;

mysql> use banco_dados;

mysql> show tables;

mysql> select * from amigos;

--------------------------------------------------

===[ Mysql - desinstalando ]===

apt-get remove --purge mysql-server

apt-get autoremove-purge

apt-get autoclean

apt-get clean

service mysql stop

netstat -planta

---------------------------------------------------------------------------------------

===[ Phpmyadmin ]===

apt-get install phpmyadmin


http://192.168.1.13:8080/phpmyadmin/index.php    
	
http://192.168.1.13/phpmyadmin/index.php

http://debian70.no-ip.org:8080/phpmyadmin/index.php  


tail -f /var/log/apache2/access.log

tail -f /var/log/apache2/access.log

--------------------------------------------------


SELECT * FROM `amigos` WHERE nome = "Jurandir"

SELECT COUNT( * ) AS Total_X FROM amigos WHERE cidade =  "Blumenau"

SELECT cidade FROM amigos WHERE cidade LIKE  "Blu%"

SELECT cidade FROM amigos WHERE cidade LIKE  "Blu%" OR cidade LIKE "Tim%"


--------------------------------------------------

===[ Phpmyadmin - usuario ]===

Acessando com o usu-rio -phpmyadmin + senha deste usu-rio- com acesso restristo.

http://debian70.no-ip.org:8080/phpmyadmin/index.php

--------------------------------------------------


===[ Phpmyadmin - mudando senha ]===

nano /etc/phpmyadmin/config-db.php

##
## database access settings in php format
## automatically generated from /etc/dbconfig-common/phpmyadmin.conf
## by /usr/sbin/dbconfig-generate-include
## Fri, 02 Jan 2015 14:04:27 -0200
## by default this file is managed via ucf, so you shouldn't have to
## worry about manual changes being silently discarded.  *however*,
## you'll probably also want to edit the configuration file mentioned
## above too.
##

$dbuser='phpmyadmin';

$dbpass='senhaX';

$basepath='';

$dbname='phpmyadmin';

$dbserver='';
$dbport='';
$dbtype='mysql';

ctrl + x + y + enter 


service apache reload

--------------------------------------------------

===[ Phpmyadmin - reconfigurando ]===

dpkg-reconfigure phpmyadmin

--------------------------------------------------


===[ Phpmyadmin - desinstalando ]===

apt-get purge libapache2-mod-php5

apt-get install libapache2-mod-php5

apt-get purge phpmyadmin

apt-get install phpmyadmin

/etc/init.d/apache2 restart

---------------------------------------------------------------------------------------

apt-get install nmap

nmap -sS localhost

nmap -sSV debian70.no-ip.org -p22

nmap -sS -P0 -p 1-450 192.168.1.13

nmap -oG - -T4 -p22 -v debian70.no-ip.org

nmap -oG - -T4 -p22 -v 192.168.1.13 | grep ssh

--------------------------------------------------

apt-get install netstat


netstat -aute | grep proxy

netstat -tulpan | grep squid

netstat -tulpan | grep LISTEN

netstat -natu | grep 'ESTABLISHED'

netstat -nalp | grep -v DGRAM | grep -v STREAM | grep -v LISTEN

netstat -tulpan | grep nmbd

netstat -tulpan | grep apache2

netstat -tulpan | grep dhcpd

netstat -plantu

netstat -aute | grep root

netstat -pentl

netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 |sort |uniq -c |sort -n

netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr

netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr

netstat -vaun

netstat -tn | awk '{print $5}' | egrep -v '(localhost|\*\:\*|Address|and|servers|fff|127\.0\.0)' 
  | sed 's/:[0-99999999].*//g' | uniq

netstat -an | grep --color -i -E 'listen|listening'

netstat -tuapen | grep LISTEN

--------------------------------------------------


apt-get install lsof

lsof -P -i -n | cut -f 1 -d " " | uniq | tail -n +2

lsof -P -i -n | grep TCP

lsof -i -P +c 0 +M | grep -i "$1"

lsof -i -P |grep ESTABLISHED | awk '{printf "%15.15s \t%s\n", $1, $9}'    
 
sshd 	192.168.1.13:22->187-85-174-7.tpa.net.br:51920

lsof -P -i -n

lsof -i -n | grep ESTABLISHED

--------------------------------------------------


du -hc /home/ | sort -n | grep "[0-9]M" | tail

du -sch /var

find -type f -exec du -sh {} +  | sort -rh | head

cat /var/log/messages | grep '10:[0-3]\{2\}'

ps -f -u proxy

---------------------------------------------------------------------------------------

===[ logwatch ]===

aptitude install logwatch

nano /usr/share/logwatch/default.conf/logwatch.conf

MailTo = email1@server.com.br email2@server.com.br 

ctrl + x + y + enter 


logwatch

---------------------------------------------------------------------------------------

===[ Fail2ban ]===

apt-get install fail2ban

/etc/init.d/fail2ban start

/etc/init.d/fail2ban restart


tail /var/log/fail2ban.log

cat /etc/fail2ban/jail.conf

--------------------------------------------------

===[ Fail2ban - comandos ]===

fail2ban-client status

fail2ban-regex /var/log/apache2/error.log 

zgrep -h "Ban " /var/log/fail2ban.log* | awk '{print $5,$1}' | sort | uniq -c

grep "Ban " /var/log/fail2ban.log | awk -F[\ \:] '{print $10,$8}' |sort |uniq -c |sort -n

awk '($(NF-1) = /Ban/){print $NF}' /var/log/fail2ban.log | sort | uniq -c | sort -n

awk '($(NF-1) = /Ban/){print $NF,"("$NF")"}' /var/log/fail2ban.log |sort |logresolve |
     uniq -c | sort -n

fail2ban-regex /var/log/apache2/error.log /etc/fail2ban/filter.d/apache-auth.conf

iptables -L -v

iptables --list | grep -B5 -A5 fail
 
tail -f /var/log/fail2ban.log

awk '($(NF-1) = /Ban/){print $NF}' /var/log/fail2ban.log | sort | uniq -c | sort -n

zgrep -h "Ban " /var/log/fail2ban.log* | awk '{print $NF}' | sort | uniq -c

zgrep -h "Ban " /var/log/fail2ban.log* | awk '{print $NF}' | 
      awk -F\. '{print $1"."$2"."}' | sort | uniq -c | sort -n | tail

awk '($(NF-1) = /Ban/){print $NF,"("$NF")"}' /var/log/fail2ban.log | sort | logresolve 
    | uniq -c | sort -n

grep "Ban " /var/log/fail2ban.log |awk -F[\ \:] '{print $10,$8}' |sort |uniq -c |sort -n

fail2ban-regex /var/log/mail.log /etc/fail2ban/filter.d/sasl.conf

fail2ban-regex /var/log/mail.log /etc/fail2ban/filter.d/dovecot-pop3imap.conf

fail2ban-regex /var/log/mail.log /etc/fail2ban/filter.d/roundcube.conf

awk '($(NF-1) = /Ban/){print $NF}' /var/log/fail2ban.log | sort | uniq -c | sort -n

zgrep -h "Ban " /var/log/fail2ban.log* | awk '{print $NF}' | sort | uniq -c

grep "Ban " /var/log/fail2ban.log | awk -F[\ \:] '{print $10,$8}' | sort | uniq -c | 

zgrep -h "Ban " /var/log/fail2ban.log* | awk '{print $5,$1}' | sort | uniq -c

grep "Ban " /var/log/fail2ban.log | grep `date +%Y-%m-%d` | 
    awk -F[\ \:] '{print $10,$8,$10}' | logresolve | sort | uniq -c | sort -n

awk '($(NF-1) = /Ban/){print $NF}' /var/log/fail2ban.log | sort | uniq -c | sort -n

zgrep -h "Ban " /var/log/fail2ban.log* | awk '{print $NF}' | sort -n | uniq -c

grep "Ban " /var/log/fail2ban.log | awk -F[\ \:] '{print $10,$8}' |sort |uniq -c |sort -n

---------------------------------------------------------------------------------------

===[ Antivirus ]===

aptitude -y install clamav

ps aux | grep clamav

freshclam 

clamscan --infected --remove --recursive /home

cd /home/aluno1


wget http://www.eicar.org/download/eicar.com

clamscan --infected --remove --recursive /home

clamscan -ir /home/aluno1 -l clamscanreport

clamscan -ir / -l clamscanreport

Procura virus.

clamscan -v -i -r --detect-structured=yes 


tail /var/log/clamav/freshclam.log 

service clamav-freshclam restart 

--------------------------------------------------

crontab -e

e adicionar a linha abaixo 

00 00 * * * clamscan -r /home

ctrl + x + y + enter  

---------------------------------------------------------------------------------------

===[ Firewall ]===

nano /etc/init.d/rc.firewall

#!/bin/bash
# Por default esta tudo bloqueado
clear
echo '===[ Firewall - started ]======================================'
echo''
iptables -F
iptables -X
iptables -Z
iptables -t nat -F
iptables -t nat -X
iptables -t nat -Z
iptables -t mangle -F
iptables -t mangle -X
iptables -t mangle -Z
echo 'Limpa regras................................................[ok]'

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
echo 'Politica adotada............................................[ok]'

iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
echo 'Permissao acesso a loopback originados pelo firewall........[ok]'
	
# A linha abaixo do echo 1... esta no arquivo de boot ( /etc/init.d/rc.begin )
# remova deste arquivo e escreva-a no arquivo ( /etc/init.d/rc.firewall )

echo 1 >/proc/sys/net/ipv4/ip_forward

iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
echo 'Mascarando net..............................................[ok]'

# A linha abaixo do squid esta no arquivo de boot ( /etc/init.d/rc.begin )
# remova deste arquivo e escreva-a no arquivo ( /etc/init.d/rc.firewall )
# Porta - squid 

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128

echo 'Porta 3128 - squid externo..................................[ok]'

# Porta - ssh 
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
echo 'Porta 22 - ssh..............................................[ok]'

# Porta - open vpn 
iptables -A INPUT -p udp --dport 1194 -j ACCEPT
echo 'Porta 1194 - vpn............................................[ok]'

# Porta - apache 
iptables -A INPUT -p tcp --dport 8080 -j ACCEPT
echo 'Porta 8080 - apache.........................................[ok]'

#-----------------

# O ip 189.109.137.81 estava tentando invadir nosso servidor...

# Antes de bloquear registraremos no log com a linha abaixo:

# iptables -A INPUT -s 189.109.137.81 -j LOG --log-level 7 
  --log-prefix "Tentativa de invasao!"

# Coma a linha abaixo tudo o que vem deste ip que estava escaneando nosso servidor foi 
  bloqueado.

# iptables -A INPUT -s 189.109.137.81 -j DROP

#-----------------


# Porta - webmin 
iptables -A INPUT -p tcp --dport 10000 -j ACCEPT
echo 'Porta 10000 - webmin........................................[ok]'

# Porta - mysql 
iptables -A INPUT -p tcp --dport 3306 -j ACCEPT
echo 'Porta 3306 - mysql..........................................[ok]'

# Porta - ftp 
iptables -A INPUT -m multiport -p tcp --dport 50001:50100 -j ACCEPT
echo 'Porta 50001 - 50100 - ftp...................................[ok]'


### ACESSO INTERNO ###

iptables -A INPUT -i eth1 -p tcp --dport 3128 -j ACCEPT
echo 'Porta 3128 - squid interno..................................[ok]'

iptables -A INPUT -i eth1 -p udp --dport 63 -j ACCEPT
iptables -A INPUT -i eth1 -p tcp --dport 631 -j ACCEPT
echo 'Portas 63 e 631.............................................[ok]'

# Porta - Samba
iptables -A INPUT -m multiport -p tcp --dport 139,445 -j ACCEPT
iptables -A INPUT -m multiport -p udp --dport 137,138 -j ACCEPT
echo 'Portas 139,445, 137, 138 - samba............................[ok]'

iptables -t mangle -N NossaRede
iptables -t mangle -A NossaRede -s 127.0.0.0/8 -j RETURN
iptables -t mangle -A NossaRede -s 0/0 -j RETURN
iptables -t mangle -A NossaRede -s 192.168.1.0/24 -j RETURN
iptables -t mangle -A NossaRede -s 10.8.0.0/8 -j RETURN
iptables -t mangle -A NossaRede -j DROP
iptables -t mangle -A POSTROUTING -o ppp0 -j NossaRede
echo 'Permitando somente rede autorizada..........................[ok]'

iptables -A FORWARD -i eth1 -s 192.168.1.0/24 -j ACCEPT
echo 'Acesso total da internet para cliente rede 192.168.1.0/24...[ok]'

# below - vpn Eriton
# iptables -A FORWARD -i eth1 -s 10.0.0.1/8 -j ACCEPT

# Tratando trafego de resposta (internet--->>> rede local)
# iptables -A FORWARD -o eth1 -d 192.168.1.0/24 -m state 
# --state ESTABLISHED,RELATED -j ACCEPT

iptables -A FORWARD -o eth1 -d 192.168.1.0/24 -m state --state ESTABLISHED,RELATED 
 -j ACCEPT
echo 'Permissao para os pacotes destinados a rede local...........[ok]'

echo ''
echo '===[ Firewall - ended ]========================================='

ctrl + x + y + enter  


sh /etc/init.d/rc.firewall

--------------------------------------------------


nano /etc/init.d/rc.begin 

#!/bin/bash
clear
echo ''
echo ''
echo '===[ Boot - started ]========================'
echo ''
echo ''
/usr/local/bin/noip2&
echo ''
echo 'Inicializando o servico ( noip2)..... [ ok ] '
echo ''
echo ''
/etc/init.d/squid3 start
echo ''
echo 'Iniciando squid...................... [ ok ] '
echo ''
echo ''
sh /etc/init.d/rc.firewall 
echo ''
echo 'Iniciando firewall....................[ ok ]'
echo ''
echo '===[ Boot - ended ]========================='
echo ''

ctrl + x + y + enter  

--------------------------------------------------

iptables -nL

iptables -t filter -L INPUT

iptables -L INPUT -n --line-numbers

iptables -v -nL --line-number

iptables -t filter -D INPUT 1

iptables -t filter -L INPUT
                      
---------------------------------------------------------------------------------------

===[ Pppoe - modo bridge ]===

apt-get install pppoe ppp

whereis pppoe

pppoe-setup

Welcome to the Roaring Penguin PPPoE client setup.  First, I will run
some checks on your system to make sure the PPPoE client is installed
properly...
Looks good!  Now, please enter some information:
USER NAME

>>> Enter your PPPoE user name (default  ): linux1.noip@gmail.com <<<---  

INTERFACE
>>> Enter the Ethernet interface connected to the DSL modem
For Solaris, this is likely to be something like /dev/hme0.
For Linux, it will be ethn, where 'n' is a number.

(default eth0): pressione enter <<<---

Do you want the link to come up on demand, or stay up continuously-
If you want it to come up on demand, enter the idle time in seconds
after which the link should be dropped.  If you want the link to
stay up permanently, enter 'no' (two letters, lower-case.)
NOTE: Demand-activated links do not interact well with dynamic IP
addresses.  You may have some problems with demand-activated links.

>>> Enter the demand value (default no): pressione enter <<<---

DNS
Please enter the IP address of your ISP's primary DNS server.
If your ISP claims that 'the server will provide DNS addresses',
enter 'server' (all lower-case) here.
If you just press enter, I will assume you know what you are
doing and not modify your DNS setup.

>>> Enter the DNS information here: 8.8.8.8 <<<---

Please enter the IP address of your ISP's secondary DNS server.
If you just press enter, I will assume there is only one DNS server.

>>> Enter the secondary DNS server address here: 8.8.4.4 <<<---
PASSWORD
>>> Please enter your PPPoE password: xxxxxxx    <<<---

>>> Please re-enter your PPPoE password: xxxxxxx <<<---

FIREWALLING

Please choose the firewall rules to use.  Note that these rules are
very basic.  You are strongly encouraged to use a more sophisticated
firewall setup; however, these will provide basic security.  If you
are running any servers on your machine, you must choose 'NONE' and
set up firewalling yourself.  Otherwise, the firewall rules will deny
access to all standard servers like Web, e-mail, ftp, etc.  If you
are using SSH, the rules will block outgoing SSH connections which
allocate a privileged source port.

The firewall choices are:
0 - NONE: This script will not set any firewall rules.  You are responsible
     for ensuring the security of your machine.  You are STRONGLY
     recommended to use some kind of firewall rules.
1 - STANDALONE: Appropriate for a basic stand-alone web-surfing workstation
2 - MASQUERADE: Appropriate for a machine acting as an Internet gateway
     for a LAN

>>> Choose a type of firewall (0-2): 0

** Summary of what you entered **

Ethernet Interface:    	eth0           
User name:             	linux1.noip@gmail.com 
Activate-on-demand: 	No             
Primary DNS:           	8.8.8.8   
Secondary DNS:        	8.8.4.4     
Firewalling:           	NONE          


>>> Accept these settings and adjust configuration files (y/n)- y 

Adjusting /etc/ppp/pppoe.conf
Adjusting /etc/resolv.conf
  (But first backing it up to /etc/resolv.conf-bak)
Adjusting /etc/ppp/pap-secrets and /etc/ppp/chap-secrets
  (But first backing it up to /etc/ppp/pap-secrets-bak)
  (But first backing it up to /etc/ppp/chap-secrets-bak)

Congratulations, it should be all set up!

Type 'pppoe-start' to bring up your PPPoE link and 'pppoe-stop' to bring
it down.  Type 'pppoe-status' to see the link status.


--------------------------------------------------

cat /etc/ppp/pppoe.conf

cat /etc/ppp/pap-secrets


* eth0 = Cabo amarelo sai do modem - conectado na placa de rede no servidor ( eth0 ). 

* eth1 = O cabo azul, sai do Switch e vai para a segunda placa de rede ( eth1 );

--------------------------------------------------


nano /etc/init.d/rc.begin

#!/bin/bash
clear
echo ''
echo ''
echo '---[ rc.begin - boot - started ]--------------'
echo ''
echo 1 >/proc/sys/net/ipv4/ip_forward
echo 'IP forward ............................[ ok ] '
echo ''
echo ''
/usr/sbin/pppoe-start 
echo 'Autenticando a adsl ( pppoe )..........[ ok ] '
echo ''
echo ''
/usr/local/bin/noip2&
echo ''
echo 'Inicializando o servico ( noip2).......[ ok ] '
echo ''
echo ''
/etc/init.d/squid3 start

iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128

iptables -A INPUT -i eth1 -p tcp --dport 3128 -j ACCEPT

echo 'Regras de redimensionamento do Squid...[ ok ] '
echo ''
echo ''
echo '---[ rc.begin - boot - ended ]----------------'
echo ''

ctrl + x + y + enter 


--------------------------------------------------

/etc/init.d/rc.begin

--------------------------------------------------

nano /etc/network/interfaces	

auto lo
iface lo inet loopback

allow-hotplug eth0  
                        
# acima -  rede externa

allow-hotplug eth1 
                         
# acima - rede interna

iface eth1 inet static
        address 192.168.1.13            
        # acima - ip do servidor interno
        netmask 255.255.255.0
        network 192.168.1.0
        broadcast 192.168.1.255
        dns-nameservers 8.8.8.8

ctrl + x + y + enter

--------------------------------------------------


shutdown -r now


ifconfig

eth0      Link encap:Ethernet  HWaddr 00:e0:7d:eb:fa:6d
          inet6 addr: fe80::2e0:7dff:feeb:fa6d/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:21 errors:0 dropped:0 overruns:0 frame:0
          TX packets:39 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1642 (1.6 KiB)  TX bytes:5953 (5.8 KiB)
          Interrupt:19 Base address:0xac00

eth1      Link encap:Ethernet  HWaddr 90:e6:ba:dc:02:8b
          inet addr:192.168.1.13  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::92e6:baff:fedc:28b/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:462 errors:0 dropped:0 overruns:0 frame:0
          TX packets:97 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:32587 (31.8 KiB)  TX bytes:15396 (15.0 KiB)
          Interrupt:27 Base address:0xe000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:560 (560.0 B)  TX bytes:560 (560.0 B)

ppp0      Link encap:Point-to-Point Protocol
          inet addr:201.2.224.241  P-t-P:201.14.143.254  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1
          RX packets:4 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3
          RX bytes:158 (158.0 B)  TX bytes:90 (90.0 B)



ping  terra.com.br

ps aux | grep pppoe

ps aux | grep dhcp


cat /etc/udev/rules.d/70-persistent-net.rules

shutdown -r now

--------------------------------------------------

Limpando regras squid.

nano off_squid.sh

#!/bin/bash
clear
echo ''
echo ' Limpando Regras do Squid ( iptables )'
echo '======================================='
echo ''
iptables -F
iptables -X
iptables -Z
iptables -t nat -F
iptables -t nat -X
iptables -t nat -Z
iptables -t mangle -F
iptables -t mangle -X
iptables -t mangle -Z
echo 'Politica adotada..............................[ ok ]'
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
echo 'Mascarando net................................[ ok ]'
modprobe iptable_nat
echo 1 >/proc/sys/net/ipv4/ip_forward
echo 'Ip Forward....................................[ ok ]'
echo ''

iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128

iptables -A INPUT -i eth1 -p tcp --dport 3128 -j ACCEPT

echo 'Iniciando squid - modem bridge..............[ ok ]'

echo ''
echo ''
iptables -nL
echo ''

ctrl + x + y + enter 


sh off_squid.sh

--------------------------------------------------

===[ Squid - expressoes regulares ]===

apt-get install gawk

tail -f /var/log/squid3/access.log

date -d@1367100586.179      

tail -f /var/log/squid3/access.log |gawk '{print strftime("%d/%m/%Y %H:%M:%S",$1),$3,$7}'

tail -f /var/log/squid3/access.log |gawk '{print strftime("%d/%m/%Y %H:%M:%S",$1),$3,$7}'

grep 'terra' /var/log/squid3/access.log  | awk '{ print $3 }' | sort |uniq -c |sort -rn

grep 'google' /var/log/squid3/access.log | awk '{ print $3 }' | sort |uniq -c |sort -rn

tail -f /var/log/squid3/access.log | grep -e '\b192.168.1.15\b'

ls -lhS /var/log/squid3 | head

tail -f /var/log/squid3/access.log | perl -p -e 's/^([0-9]*)/"[".localtime($1)."]"/e'

zcat /var/log/squid3/access*.gz |awk '{print $7}' | sort | uniq -c |sort -n |tail -n 20

zcat /var/log/squid3/access.log.1.gz |awk '{print $3 "-" $7 "-" $11}' |grep face* |wc -l

zcat /var/log/squid3/access.log.1.gz |awk '{print $3 "-" $7 "-" $11}' | grep face*

find /var/log/ -name "*.gz" -exec zcat "{}" + | grep "jurandir" | wc -l


--------------------------------------------------

===[ squid - script reports ]===


cd /var/www/squid-reports

ls -l

mkdir Daily2

mkdir Monthly2

mkdir Weekly2


nano sarg_reports.sh

#!/bin/bash
TODAY=`date +"%d/%m/%Y"`
# Dias da seman, de segunda a sexta
WEEKAGO=`date -d "4 days ago" +"%d/%m/%Y"`-$TODAY

# Mes inteiro ( dias 1 ... 28, 29, 30, 31 )

MONTHAGO=`date -d "1 day ago" +"01/%m/%Y"`-`date -d "1 day ago" +"%d/%m/%Y"`

SARG=/usr/bin/sarg
OUT=/var/www/squid-reports

daily ()
{
        $SARG -d $TODAY-$TODAY -o $OUT/Daily2
}
weekly ()
{
        $SARG -d $WEEKAGO -o $OUT/Weekly2
}
monthly()
{
        $SARG -d $MONTHAGO -o  $OUT/Monthly2
}
case $1 in
        daily)
                daily
        ;;
        weekly)
                weekly
        ;;
        monthly)
                monthly
        ;;
esac

ctrl + x + y + enter 

sh report.sh daily

sh report.sh weekly

sh report.sh monthly

ls -sch /var/www/squid-reports/Daily2/ -l

--------------------------------------------------

===[ Squid - codigo fonte ]===

http://www.squid-cache.org/Versions/ 


cd instalacoes/

wget http://www.squid-cache.org/Versions/v3/3.4/squid-3.4.10.tar.gz

tar -vzxf squid-3.4.10.tar.gz
 
cd squid-3.4.10/

Comando abaixo deve ser digitado em uma unica linha.

./configure --prefix=/usr --sysconfdir=/etc/squid --libexecdir=/usr/libexec/squid 
--datadir=/usr/share/squid --enable-carp --with-pthreads 
--enable-removal-policies="heap lru" --enable-icmp --enable-useragent-log 
--enable-kill-parent-hack --enable-snmp --enable-storeio=aufs,diskd,ufs 
--disable-dependency-tracking --enable-arp-acl --disable-ident-lookups 
--enable-truncate --enable-htcp --enable-forw-via-db 
--enable-default-err-language=Portuguese --enable-err-languages=Portuguese 
--enable-poll --enable-linux-netfilter --enable-leakfinder --enable-underscores 
--enable-sysconfdir=/usr/share/sarg

:
:
iniciando instala--o...
:


make  &&  make install 
 
whereis squid

--------------------------------------------------

nano squid_users.sh

#!/bin/bash
groupadd squid
useradd -g squid -s /deb/null squid >/dev/null 2>&1
mkdir /var/log/squid
chown -R squid.squid /var/log/squid
touch /var/log/squid/store.log
chown -R squid.squid /var/log/squid/store.log
touch /var/log/squid/access.log
chown -R squid.squid /var/log/squid/access.log
touch /var/log/squid/cache.log
chown -R squid.squid /var/log/squid/cache.log
mkdir /var/spool/squid
chown -R squid.squid /var/spool/squid

ctrl + x + y + enter 

--------------------------------------------------

chmod +x squid_users.sh

sh squid_users.sh

squid -v


---------------------------------------------------------------------------------------

===[ .tar - .tar.gz - .tz  ]===

tar -cvf backup/backup-do-home--$(date +%d-%m-%Y-%a-%Hh-%Mn).tar /home/

backup-do-home--03-01-2015-Sat-21h-42n.tar

 
tar -tvf backup-do-home--03-01-2015-Sat-21h-42n.tar 

cd backup/

tar -tvf backup-do-home--03-01-2015-Sat-21h-42n.tar | wc -l

tar xvf backup-do-home--03-01-2015-Sat-21h-42n.tar home/aluno/aluno.txt 

tar xvf backup-do-home--03-01-2015-Sat-21h-42n.tar 

ls home/ -l

du -sch backup-do-home--03-01-2015-Sat-21h-42n.tar 

--------------------------------------------------

tar -xzvf arquivo.tar.gz

tar -xvzf arquivo.tar.gz -C diret-rio_destino

tar -jxvf arquivo.tar.bz2

tar -xvjf arquivo.tar.bz2 -C diret-rio_destino

tar -xzvpf arquivo.tgz

--------------------------------------------------

zip     	: gunzip nome_do_arquivo.zip    

rar     	: unrar x nome_do_arquivo.rar

tar     	: tar -xvf nome_do_arquivo.tar

tar.gz  	: tar -vzxf nome_do_arquivo.tar.gz

bz2     	: bunzip nome_do_arquivo.bz2

tar.bz2     : tar -jxvf nome_do_arquivo.
	

---------------------------------------------------------------------------------------

===[ Backup - diario ]===

Estes s-o os diret-rios que ser- feito o backup:  /etc/ + /home/ + /var/www/

mkdir backup

cd backup

cd backup/diario

--------------------------------------------------

nano diario.bkp  

#!/bin/bash
# Backup Diario --- by Jurandir - Timbo - SC - Brasil 

# Linha abaixo deve ser digitada e um -nica linha

find /etc/ /home/ /var/www/ -mtime -1 -type f -print 
     | tar -czvf backup_diario_etc_home_www--$(date +%d-%m-%Y-%a-%Hh-%Mm).tar -T -

clear
echo ""
echo ""
echo "===[ Backup Diario ]==="
echo ""
echo ""
du -sch backup_diario*
echo ""
echo ""
echo "===[ Fim do backup ]==="
echo ""
echo ""

ctrl + x + y + enter 

--------------------------------------------------

sh diario.bkp


tar -tf backup_diario_etc_home_www--04-01-2015-Sun-09h-23m.tar 

tar -tf backup_diario_etc_home_www--04-01-2015-Sun-09h-23m.tar  | wc -l

tar -xzvf backup_diario_etc_home_www--04-01-2015-Sun-09h-23m.tar  

find / -iname backup_diario_etc_home_www--04-01-2015-Sun-09h-23m.tar  
    -exec tar t -f '{}' \; | grep aluno.txt

tar -tf  backup_diario_etc_home_www--04-01-2015-Sun-09h-23m.tar | grep "aluno.txt"

gpg -c backup_diario_etc_home_www--04-01-2015-Sun-09h-23m.tar

ls -l

gpg backup_diario_etc_home_www--04-01-2015-Sun-09h-23m.tar.gpg 


---------------------------------------------------------------------------------------

===[ Backup - semanal ]===

Estes s-o os diret-rios que ser- feito o backup:  /etc/ + /home/ + /var/www/

cd backup

mkdir semanal

cd semanal/

--------------------------------------------------


nano semanal.bkp  

#!/bin/bash
# Backup Semanal --- by Jurandir - Timbo - SC - Brasil 

# Linha abaixo deve ser digitada e um -nica linha

find /etc/ /home/ /var/www/ -mtime -7 -type f -print | 
   tar -czvf backup_semanal_etc_home_www--$(date +%d-%m-%Y-%a-%Hh-%Mm).tar -T -

clear
echo ""
echo ""
echo "===[ Backup Semanal ]==="
echo ""
echo ""
du -sch backup_semanal*
echo ""
echo ""
echo "===[ Fim do backup ]==="
echo ""
echo ""

ctrl + x + y + enter 

ls -l

---------------------------------------------------------------------------------------

===[ Backup - mensal ]===

Estes s-o os diret-rios que ser- feito o backup:  /etc/ + /home/ + /var/www/

cd backup

mkdir mensal

cd mensal/

--------------------------------------------------

nano mensal.bkp  

#!/bin/bash
# Backup mensal --- by Jurandir - Timbo - SC - Brasil 
# Linha abaixo deve ser digitada e um -nica linha

find /etc/ /home/ /var/www/ -mtime -31 -type f -print | 
  tar -czvf backup_mensal_etc_home_www--$(date +%d-%m-%Y-%a-%Hh-%Mm).tar -T -

clear
echo ""
echo ""
echo "===[ Backup Mensal ]==="
echo ""
echo ""
du -sch backup_mensal*
echo ""
echo ""
echo "===[ Fim do backup ]==="
echo ""
echo ""

ctrl + x + y + enter 

--------------------------------------------------

ls -l

backup_mensal_etc_home_www--04-01-2015-Sun-10h-29m.tar


du -sch backup/diario/

du -sch backup/semanal/

du -sch backup/mensal/

---------------------------------------------------------------------------------------

===[ Bandwidthd ]===

apt-get install bandwidthd

mkdir /var/www/report_bandwidthd

cd /var/www

chmod 777 report_bandwidthd

ls /var/lib/bandwidthd/htdocs/ -l

ln -s /var/lib/bandwidthd/htdocs/ /var/www/report_bandwidthd

ls -la /var/www/report_bandwidthd

ls /var/www/report_bandwidthd/htdocs -l

find /var/www -type l -printf "%p -> %l\n"

--------------------------------------------------

nano /etc/bandwidthd/bandwidthd.conf

subnet 192.168.1.0/24

dev "eth1"

ctrl + x + y + enter 

--------------------------------------------------


find / -name "bandwidthd.conf"

cp /usr/share/doc/bandwidthd/bandwidthd.conf /etc/bandwidthd/

ls /etc/bandwidthd/ -l

/etc/init.d/bandwidthd restart

/etc/init.d/bandwidthd stort

lynx /var/lib/bandwidthd/htdocs/index.html


tail -f /var/log/apache2/access.log


http://192.168.1.13:8080/report_bandwidthd/htdocs/index.html

http://debian70.no-ip.org:8080/report_bandwidthd/htdocs/index.html

---------------------------------------------------------------------------------------

===[ Webalizer ]===

apt-get install webalizer

--------------------------------------------------

nano /etc/webalizer/webalizer.conf

# --- mudar linha abaixo ---

# LogFile /var/log/apache2/access.log.1

LogFile /var/log/apache2/access.log

ctrl + x + y + enter 

--------------------------------------------------

/usr/bin/webalizer

ls /var/www/webalizer/ -l


tail -f /var/log/apache2/access.log

http://192.168.1.13:8080/webalizer/index.html 

http://debian70.no-ip.org:8080/webalizer/index.html 

---------------------------------------------------------------------------------------

===[ Phpsysinfo ]===

aptitude install phpsysinfo    ( yes )

aptitude install hddtemp lm-sensors ( yes )

--------------------------------------------------

nano /etc/apache2/conf.d/phpsysinfo

Alias /phpsysinfo /usr/share/phpsysinfo



        AuthUserFile /etc/phpsysinfo/phpsysinfo-htpasswd
        AuthName "PhpSysInfo"
        AuthType Digest
        require valid-user



ctrl + x + y + enter 

--------------------------------------------------

htdigest -c /etc/phpsysinfo/phpsysinfo-htpasswd PhpSysInfo jura

service apache2 restart


http://192.168.1.13:8080/phpsysinfo/index.php-disp=dynamic

http://debian70.no-ip.org:8080/phpsysinfo/index.php-disp=dynamic

---------------------------------------------------------------------------------------

===[ Phpsysinfo ]===

http://sourceforge.net/projects/phpsysinfo/files/phpsysinfo/

cd instalacoes/

wget -c http://sourceforge.net/projects/phpsysinfo/files/phpsysinfo/3.1.17/
        phpsysinfo-3.1.17.tar.gz

tar -vxf phpsysinfo-3.1.17.tar.gz

cd phpsysinfo-3.1.17/

mkdir /var/www/phpsysinfo/

cp -r * /var/www/phpsysinfo/

ls /var/www/phpsysinfo/ -l

chown root:www-data -R /var/www/phpsysinfo 

cd /etc/apache2 

--------------------------------------------------

nano /etc/apache2/httpd.conf


   ServerAdmin root@localhost
   DocumentRoot /var/www/phpsysinfo
   ServerName juralinux.com.br
   ServerAlias phpsysinfo
   DirectoryIndex /var/www/phpsysinfo/index.php


ctrl + x + y + enter 

--------------------------------------------------

cd  /etc/apache2/conf.d

--------------------------------------------------

nano /phpsysinfo.conf

Alias /phpsysinfo /var/www/phpsysinfo

   Options -Indexes Includes FollowSymLinks MultiViews
   AllowOverride None
   Order allow,deny
   Allow from all
   php_admin_value open_basedir none


ctrl + x + y + enter 

--------------------------------------------------

cd /var/www/phpsysinfo/

cp config.php.new config.php

/etc/init.d/apache2 restart 


http://192.168.1.13:8080/phpsysinfo/index.php     

http://192.168.1.13/phpsysinfo/index.php

http://debian70.no-ip.org:8080/phpsysinfo/index.php    

---------------------------------------------------------------------------------------

===[ Mrtg ]===

# apt-get install mrtg

# mkdir /etc/mrtg

# nano /etc/mrtg/ppp0.cfg

WorkDir: /var/www/mrtg/ppp0/
Htmldir: /var/www/mrtg/ppp0/
icondir: images/
Refresh: 300
Interval: 5
Language: portuguese
RunAsDaemon:Yes
#-----------------------------------
# REDE LOCAL - Monitorar ppp0
#-----------------------------------
Target[ppp0]: `cat /proc/net/dev |grep ppp0 |awk -F':' '{print $2}' |awk '{print $1}'; 
   cat /proc/net/dev |grep ppp0 | awk -F':' '{print $2}' |awk '{print 

$9}'; echo -e; echo -e`
MaxBytes[ppp0]: 401000000
Title[ppp0]: ppp0 - Utiliza--o ppp0
PageTop[ppp0]: Estat-sticas das interfaces
Utiliza--o interface externa (ppp0)
Options[ppp0]: bits,growright
WithPeak[ppp0]: dwmy

ctrl + x + y + enter 

--------------------------------------------------

nano /etc/mrtg/eth1.cfg

WorkDir: /var/www/mrtg/eth1/
Htmldir: /var/www/mrtg/eth1/
icondir: images/
Refresh: 300
Interval: 5
Language: portuguese
RunAsDaemon:Yes
#----------------------------------
# REDE LOCAL - Monitorar eth1
#----------------------------------
Target[eth1]: `cat /proc/net/dev |grep eth1 |awk -F':' '{print $2}' |awk '{print $1}'; 
     cat /proc/net/dev |grep eth1 | awk -F':' '{print $2}' |awk '{print 

$9}'; echo -e; echo -e`
MaxBytes[eth1]: 401000000
Title[eth1]: eth1 - Utiliza--o eth1
PageTop[eth1]: Estat-sticas das interfaces
Utiliza--o interface externa (eth1)
Options[eth1]: bits,growright
WithPeak[eth1]: dwmy

ctrl + x + y + enter 

--------------------------------------------------

ls /etc/mrtg/ -l

mkdir /var/www/mrtg

mkdir /var/www/mrtg/ppp0

mkdir /var/www/mrtg/eth1


env LANG=C /usr/bin/mrtg /etc/mrtg/ppp0.cfg

env LANG=C /usr/bin/mrtg /etc/mrtg/eth1.cfg


ps ax | grep mrtg

http://192.168.1.13:8080/mrtg/ppp0/ppp0.html

http://192.168.1.13:8080/mrtg/eth1/eth1.html

du -sh /var/www/mrtg/ppp0

ls /var/www/mrtg/ppp0 -l

du -sh /var/www/mrtg/eth1

ls /var/www/mrtg/eth1 -l


http:// debian70.no-ip.org:8080/mrtg/ppp0/ppp0.html

http://debian70.no-ip.org:8080/mrtg/eth1/eth1.html


-------------------------------------------------------------------------------------------------------------------

===[ Open vpn ]===


http://packages.debian.org/squeeze/openvpn

http://packages.debian.org/squeeze/amd64/openvpn/filelist

apt-get install openvpn

ls /etc/openvpn -l

useradd openvpn

adduser openvpn openvpn

grep openvpn /etc/group

openvpn --genkey --secret /etc/openvpn/chave.key

cat /etc/openvpn/chave.key

#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
21ff89b3723b0f64259df546aa4aac69
502ff00f61e4d52c5009b7400faa72a8
fd8b663e086ce3fd83d86ed09b2003eb
39d41cd8dd1806795d50403934365681
d2b01a4113a2e90092a67373943867b4
95bfe699f469cb5c5c52cee1857598a6
3d2a0ed8ad7eb9644a235ef22d876b6d
8aca5e8344fa603c3a1ecf2a660eaa61
5170fee6c16d2291e8a16709686d8f5e
9a3d11366f636fb619e11a62e68ba680
b29b23225a7b60a4f4f9a835eee22fc1
0b74d3fa4a3115c8d477d02580ae31b2
22444923e0dd8a66aef505a89d749a81
57ca48548d0a5b5699ec6f48bfe043ee
a28755152e702a6747cf017a34bae6e1
cd26d51101fc25aea1efbcf9f9031528
-----END OpenVPN Static key V1-----


cd /etc/openvpn

nano cliente.ovpn

proto udp
port 1194
dev tun
ifconfig 10.0.0.2 10.0.0.1
remote debian70.no-ip.org
secret chave.key
cipher AES-256-CBC
persist-key
persist-tun
keepalive 10 60
comp-lzo
verb 3
-

ctrl + x + y + enter 


mkdir /etc/openvpn/keys_cliente_temp

cp chave.key cliente.ovpn keys_cliente_temp/

cd keys_cliente_temp/

--------------------------------------------------

nano /etc/openvpn/servidor.conf

proto udp
port 1194
dev tun
ifconfig 10.0.0.1 10.0.0.2
user openvpn
group openvpn
secret /etc/openvpn/chave.key
cipher AES-256-CBC
persist-key
persist-tun
comp-lzo
verb 3
log /var/log/openvpn-servidor.log

ctrl + x + y + enter 

--------------------------------------------------

cd /etc/openvpn/keys_cliente_temp

chmod o+r chave.key

chmod o-r chave.key

/etc/init.d/openvpn

/etc/init.d/openvpn start

service openvpn stop

service openvpn start

tail -f /var/log/openvpn-servidor.log

netstat -anlp | grep openvpn


--------------------------------------------------


ifconfig

eth0--- Link encap:Ethernet- HWaddr 90:e6:ba:dc:02:8b
--------- inet6 addr: fe80::92e6:baff:fedc:28b/64 Scope:Link
--------- UP BROADCAST RUNNING PROMISC MULTICAST- MTU:1500- Metric:1
--------- RX packets:5299756 errors:0 dropped:0 overruns:0 frame:0
--------- TX packets:4559241 errors:0 dropped:0 overruns:0 carrier:0
--------- collisions:0 txqueuelen:1000
--------- RX bytes:3447777405 (3.2 GiB)- TX bytes:778211755 (742.1 MiB)
--------- Interrupt:27 Base address:0xe000
-
eth1---   Link encap:Ethernet- HWaddr 00:e0:7d:eb:fa:6d
--------- inet addr:192.168.1.13- Bcast:192.168.1.255- Mask:255.255.255.0
--------- inet6 addr: fe80::2e0:7dff:feeb:fa6d/64 Scope:Link
--------- UP BROADCAST RUNNING MULTICAST- MTU:1500- Metric:1
--------- RX packets:8685867 errors:0 dropped:0 overruns:0 frame:0
--------- TX packets:9219449 errors:0 dropped:0 overruns:0 carrier:0
--------- collisions:0 txqueuelen:1000
--------- RX bytes:6145391541 (5.7 GiB)- TX bytes:6717174487 (6.2 GiB)
--------- Interrupt:19 Base address:0x6c00
-
lo------- Link encap:Local Loopback
--------- inet addr:127.0.0.1- Mask:255.0.0.0
--------- inet6 addr: ::1/128 Scope:Host
--------- UP LOOPBACK RUNNING- MTU:16436- Metric:1
--------- RX packets:391251 errors:0 dropped:0 overruns:0 frame:0
--------- TX packets:391251 errors:0 dropped:0 overruns:0 carrier:0
--------- collisions:0 txqueuelen:0
--------- RX bytes:53455468 (50.9 MiB)- TX bytes:53455468 (50.9 MiB)
-
ppp0--    Link encap:Point-to-Point Protocol
--------- inet addr:187.4.229.187- P-t-P:201.67.130.254- Mask:255.255.255.255
--------- UP POINTOPOINT RUNNING NOARP MULTICAST- MTU:1492- Metric:1
--------- RX packets:5221262 errors:0 dropped:0 overruns:0 frame:0
--------- TX packets:4479610 errors:0 dropped:0 overruns:0 carrier:0
--------- collisions:0 txqueuelen:3
--------- RX bytes:3324635976 (3.0 GiB)- TX bytes:654930477 (624.5 MiB)
-
tun0-     Link encap:UNSPEC- HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
--------- inet addr:10.0.0.1- P-t-P:10.0.0.2- Mask:255.255.255.255
--------- UP POINTOPOINT RUNNING NOARP MULTICAST- MTU:1500- Metric:1
--------- RX packets:0 errors:0 dropped:0 overruns:0 frame:0
--------- TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
--------- collisions:0 txqueuelen:100
--------- RX bytes:0 (0.0 B)- TX bytes:0 (0.0 B)
-

--------------------------------------------------


Instalando OpenVpn-cliente no Windows 7

Estou em casa usando um notebook e acessarei a rede interna ( que esta remota ) ou 
servidor via vpn. 

Vamos baixar o programa cliente vpn no Windows 7.

http://openvpn.se/download.html

--------------------------------------------------


Installation Package (Both 32-bit and 64-bit TAP driver included):

openvpn-2.0.9-gui-1.0.3-install.exe

Para instalar o programa acima no Windows, como a maioria, clicar next, next ... rs

Ap-s instalado o cliente vpn precisaremos copiar os dois arquivos que est-o no servidor 
Linux Debian 7 ( chave.key + cliente.ovpn ) para a -rea de trabalho do Windows 7 , usa-
remos o programa Filezilla ou poderia ser outro de sua prefer-ncia. Para acessar o 
servidor com o Filezilla precisaremos ter um usuario no sistema Linux.

--------------------------------------------------

Vamos arrastar os dois arquivos ( cliente.ovpn e chave.key ) que est-o no  servidor 
Linux para a -rea de trabalho do Windows 7.  


Vamos verificar se ha comunicaao.

No prompt do Ms-Dos do Windows 7 pingaremos para verificar se a vpn esta ok.

Clique em Iniciar , digite cmd e os dois comandos abaixo.

--------------------------------------------------

O ping respondeu, ou seja, vpn esta ok.

C:\>
C:\>ping 10.0.0.1

Disparando 10.0.0.1 com 32 bytes de dados:
Resposta de 10.0.0.1: bytes=32 tempo=64ms TTL=64
Resposta de 10.0.0.1: bytes=32 tempo=61ms TTL=64
Resposta de 10.0.0.1: bytes=32 tempo=57ms TTL=64
Resposta de 10.0.0.1: bytes=32 tempo=58ms TTL=64

--------------------------------------------------

C:\>ping 10.0.0.2

Disparando 10.0.0.2 com 32 bytes de dados:
Resposta de 10.0.0.2: bytes=32 tempo<1ms TTL=128
Resposta de 10.0.0.2: bytes=32 tempo<1ms TTL=128
Resposta de 10.0.0.2: bytes=32 tempo<1ms TTL=128
Resposta de 10.0.0.2: bytes=32 tempo<1ms TTL=128

--------------------------------------------------

Configurando o cliente vpn

Agora precisamos copiar os arquivos ( chave.key + cliente.ovpn ) para dentro da pasta 
do programa vpn cliente  que instalamos na p-gina anterior. No Windows procure o 
caminho  C:\Program Files\OpenVPN\config e cole os arquivos ( chave.key + cliente.ovpn 
para dentro da pasta config Conectando na vpn.

Na barra de tarefas do Windows 7, clique no bot-o esquerdo, posicione o ponteiro do 
mouse sobre o -cone do OpenVPN GUI, clique no bot-o direito e clique na op--o Connect 
para estabelecer a conex-o vpn.


Lembrando que estamos no Windows.  Ap-s conectado na vpn teremos a tela abaixo com o 
log da conexao.


Abaixo uma parte do log da tela acima.

Fri Oct 21 10:52:09 2014 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct  1 2006
Fri Oct 21 10:52:09 2014 Static Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Fri Oct 21 10:52:09 2014 Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Oct 21 10:52:09 2014 Static Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Fri Oct 21 10:52:09 2014 Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Oct 21 10:52:09 2014 LZO compression initialized
Fri Oct 21 10:52:09 2014 TAP-WIN32 device [Conex-o local 3] opened: \\.\Global\{A639C586-8A20-4FD0-9DDB-7C96BC70AB1D}.tap
Fri Oct 21 10:52:09 2014 TAP-Win32 Driver Version 8.4 
Fri Oct 21 10:52:09 2014 TAP-Win32 MTU=1500
Fri Oct 21 10:52:09 2014 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.0.0.2/255.255.255.252 
    on interface {A639C586-8A20-4FD0-9DDB-7C96BC70AB1D} 

[DHCP-serv: 10.0.0.1, lease-time: 31536000]
Fri Oct 21 10:52:09 2014 Successful ARP Flush on interface [39] {A639C586-8A20-4FD0-9DDB-7C96BC70AB1D}
Fri Oct 21 10:52:09 2014 Data Channel MTU parms [ L:1561 D:1450 EF:61 EB:135 ET:0 EL:0 AF:3/1 ]
Fri Oct 21 10:52:09 2014 Local Options hash (VER=V4): 'f39c9d8c'
Fri Oct 21 10:52:09 2014 Expected Remote Options hash (VER=V4): '883ce572'
Fri Oct 21 10:52:09 2014 UDPv4 link local (bound): [undef]:1194
Fri Oct 21 10:52:09 2014 UDPv4 link remote: 187.4.229.187:1194
Fri Oct 21 10:52:19 2014 Peer Connection Initiated with 187.4.229.187:1194
Fri Oct 21 10:52:20 2014 TEST ROUTES: 0/0 succeeded len=-1 ret=1 a=0 u/d=up
Fri Oct 21 10:52:20 2014 Initialization Sequence Completed
Fri Oct 21 10:53:19 2014 Inactivity timeout (--ping-restart), restarting
Fri Oct 21 10:53:19 2014 TCP/UDP: Closing socket
Fri Oct 21 10:53:19 2014 SIGUSR1[soft,ping-restart] received, process restarting
Fri Oct 21 10:53:19 2014 Restart pause, 2 second(s)
Fri Oct 21 10:53:21 2014 Re-using pre-shared static key
Fri Oct 21 10:53:21 2014 LZO compression initialized
Fri Oct 21 10:53:21 2014 Preserving previous TUN/TAP instance: Conex-o local 3


ftp://10.0.0.1:50000/

http://10.0.0.1/amigos.php


---------------------------------------------------------------------------------------


===[ Comandos Usados ]===

nano /etc/ssh/sshd_config

/etc/init.d/ssh restart

ps ax | grep ssh

kill -HUP 1417

ifconfig eth0 up 

ifconfig eth0 192.168.1.13 netmask 255.255.255.0 
 
route add default gw 192.168.1.1  
 
cat /etc/network/interfaces  

nano /etc/resolv.conf 

shutdown -r now 

ifconfig

ifconfig eth0 up

ifconfig eth0 down

route -n

ping 8.8.8.8

nano /etc/apt/sources.list  

df -h

apt-get update 

apt-get upgrade 

nano /etc/init.d/rc.begin

tail -f /var/log/syslog

tail -f /var/log/messages

apt-get remove --purge postfix

dpkg-reconfigure tzdata

http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

https://www.no-ip.com/members/dns/ 

 
apt-get install bzip2 

whereis bzip2

apt-get install mc 

apt-get install gcc make g++

apt-get install htop

apt-get install bwm-ng 

apt-get install jed

apt-get install lynx

apt-get install mutt

apt-get remove make

apt-get remove bzip2

apt-get install openssh openssh-clients openssh-server

grep -v ^# /etc/ssh/sshd_config

cat /var/log/auth.log | grep sshd

cat /etc/passwd | awk -F ":" '{print $1}'

update-alternatives --config editor

nano /etc/dhcp/dhcpd.conf

/etc/init.d/isc-dhcp-server start

/etc/init.d/isc-dhcp-server restart 

cat  /etc/resolv.conf

arp -a

cat /var/log/syslog | grep DHCP

cat /var/log/syslog | grep DHCP | grep 1.123

egrep -i --color 'err|error|warn|crit|dhcp' /var/log/syslog

tail -f /var/log/messages

egrep -i --color 'err|error|warn|crit|dhcp' /var/log/messages

tail -f /var/log/daemon.log

nano /etc/proftpd/proftpd.conf

ftp://192.168.1.13:50000/

ftp://187.4.229.187:50000/

tail /var/log/proftpd/proftpd.log

apt-get install openssl 

openssl req -x509 -newkey rsa:1024 -keyout /etc/ssl/private/proftpd.key -out 
        /etc/ssl/certs/proftpd.crt -nodes -days 365

nano /etc/proftpd/tls.conf

openssl s_client -connect 127.0.0.1:50000 -starttls ftp

netstat -anlp | grep ftp

tail /var/log/proftpd/proftpd.log

tail /var/log/auth.log

tail /var/log/proftpd/tls.log

tail -f /var/log/proftpd/tls.log

nano /etc/apache2/sites-enabled/000-default

netstat -anlp | grep :50000

sftp ewb@187.4.229.187

apt-get install ftp

ftp 187.4.229.187 50000

apt-get install apache2 php5

nano /etc/apache2/ports.conf

nano /etc/apache2/sites-enabled/000-default

/etc/init.d/apache2 restart

cat > /var/www/aluno1/.htaccess

apt-get update

apt-get install samba smbclient smbfs 

cat > /etc/samba/smb.conf

adduser ewb1   - senha: 123  
             
smbpasswd -a ewb1

ps ax | grep smb

/etc/init.d/samba restart

tail -f /var/log/samba-full_audit.log

tail -f /var/log/samba-full_audit.log | grep debian

smbpasswd -x ewb

pdbedit   -x  -u  ewb

deluser ewb

smbclient -L localhost -U%

smbclient -L //192.168.1.13 -U ewb

pdbedit -a jurandir

rm -r /home/lixeira_smb/*

\\192.168.1.13\lixeira_smb

apt-get install swat 

http://192.168.1.13:901/


apt-get install ppp

apt-get install pppoe

cat > /etc/ppp/pppoe.conf 

pppoe-setup

apt-get install squid3

grep -v ^#  /etc/squid3/squid.conf | grep -v ^$

nano /etc/squid3/squid.conf

ps ax | grep squid


Modem no modo router

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

iptables -A INPUT -i eth0 -p tcp --dport 3128 -j ACCEPT


Modem no modo brigde

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128 

iptables -A INPUT -i eth1 -p tcp --dport 3128 -j ACCEPT 


tail -f /var/log/squid3/access.log

iptables -nL

nano off_squid.sh


tail -f /var/log/squid3/access.log |gawk '{print strftime("%d/%m/%Y %H:%M:%S",$1),$3,$7}'

tail -f /var/log/squid3/access.log | grep -e '\b192.168.1.15\b'

apt-get install netstat

netstat -aute | grep proxy

netstat -tulpan | grep LISTEN

squid3 -k rotate

logrotate -v /etc/logrotate.d/squid3

ls -lhS /var/log/squid3 | head

ls -lSh

apt-get install sarg

sarg-reports daily

sarg-reports weekly

sarg-reports monthly


du -sch /var/www/squid-reports/Daily/

du -sch /var/www/squid-reports/weekly/

du -sch /var/www/squid-reports/monthly/


http://192.168.1.13/squid-reports/           

nano /etc/logrotate.d/squid3

squid3 -k rotate

logrotate -v /etc/logrotate.d/squid3

nano /etc/crontab


http://192.168.1.13/squid-reports/sarg-realtime.php

apt-get install apache2 php5

sarg -z


http://192.168.1.13/squid-reports/Daily/

apt-get install cups

ps ax | grep cupsd

/etc/init.d/cups start



https://192.168.1.13:631/

netstat -tunva | grep 631

http://www.webmin.com/download.html

http://192.168.1.13:10000/

apt-get install mysql-server mysql-client php5-mysql

mysql -u root -p

http://192.168.1.13/phpmyadmin/index.php

--------------------------------------------------

Retorna espa-o usado pelos pacotes instalados.

dpkg-query -Wf '${Installed-Size}\t${Package}\n' | grep "\-dev" | sort -n | 
     awk '{ sum+=$1} END {print sum/1024 "MB"}'

26.0625MB

--------------------------------------------------

ls -l /home/ | awk '{print $2,$NF}'

88 88
2 aluno1
2 aluno1_smb
2 aluno2_smb
1 aquota.group
1 aquota.user
5 computing_smb
5 english_smb
2 ewb1
2 ewb2
2 ftp1
2 ftp3
2 jura
5 lixeira_smb
2 lost+found
2 paulo
2 pellin
2 publico_smb

--------------------------------------------------

awk -F: '$4!="" {print $1,$4}' /etc/group

cdrom jura
floppy jura
audio jura
dip jura
video jura
plugdev jura
scanner saned
openvpn openvpn

--------------------------------------------------

ps -Ao vsz,comm --sort=vsz | awk '{printf "%.0f %s\n", $1/1024, $2}' | uniq -f1 | tail

103 proftpd
105 smbd
116 rsyslogd
120 polkitd
125 console-kit-dae
130 fail2ban-server
136 colord
220 apache2
351 colord-sane
355 mysqld

--------------------------------------------------

ps -Ao rss,comm --sort=rss | awk '{printf "%.0f %s\n", $1/1024, $2}' | tail

8 apache2
8 fail2ban-server
8 apache2
9 apache2
11 colord-sane
11 apache2
12 apache2
19 squid3
21 miniserv.pl
41 mysqld

--------------------------------------------------

ps -Ao vsz,comm --sort=vsz | awk '{printf "%.0f %s\n", $1/1024, $2}' | uniq -f1 | tail

103 proftpd
105 smbd
116 rsyslogd
120 polkitd
125 console-kit-dae
130 fail2ban-server
136 colord
220 apache2
351 colord-sane
355 mysqld

--------------------------------------------------

du -xa -BMB --max-depth=3 . 2>/dev/null | sort -nr | head -n 60

68MB    .
66MB    ./instalacoes
31MB    ./instalacoes/squid-3.4.10
23MB    ./instalacoes/webmin-1.720.tar.gz
12MB    ./instalacoes/squid-3.4.10/src
9MB     ./instalacoes/squid-3.4.10/errors
6MB     ./instalacoes/sarg-2.3.9
5MB     ./instalacoes/squid-3.4.10.tar.gz
4MB     ./instalacoes/squid-3.4.10/helpers
3MB     ./instalacoes/sarg-2.3.9/po
2MB     ./tried_to_hack_my_server.txt
2MB     ./instalacoes/squid-3.4.10/libltdl
1MB     ./up
1MB     ./tec.sh
1MB     ./.ssh/known_hosts
1MB     ./.ssh
1MB     ./scan
1MB     ./sarg_reports.sh
1MB     ./instalacoes/sarg-2.3.9/usertab.c

--------------------------------------------------

du -x --max-depth ${1:-1} ${2:-.} | awk '{printf "%07d %s\n", $1, $2}' | sort | 
   awk '{printf "%4dM %s\n", $1/1024, $2}'

0M ./.ssh
0M ./.elinks
0M ./.aptitude
0M ./.cache
0M ./.config
0M ./.gnupg
0M ./.local
0M ./.gt5-diffs
62M ./instalacoes
64M .

du -sb /var | sort -nr | head | awk '{print $2}' | xargs du -sh

1.4G    /var

--------------------------------------------------


Todo Administrador de Sistemas tem, ou deveria ter ciência de que um servidor deve 
executar somente os softwares necessários, eliminando assim riscos de segurança e 
ajudando a melhorar a performance.

Para que isso seja feito, precisamos antes verifcar quais serviços de rede estão 
habilitados e aceitando conexões.

1) Verifcando serviços de rede com netstat: 

netstat -nltup


2) Encerrando os serviços encontrados:

invoke-rc.d exim4 stop 

invoke-rc.d nfs-common stop

invoke-rc.d portmap stop

invoke-rc.d openbsd-inetd stop


3) Removendo serviços da inicialização:

update-rc.d -f exim4 remove 

update-rc.d -f nfs-common remove

update-rc.d -f portmap remove

update-rc.d -f openbsd-inetd remove

--------------------------------------------

df -h | grep home

/dev/sda5                                               202G  188M  192G   1% /home


df -h | grep var

/dev/sda6                                               138G  353M  131G   1% /var



du -sch /var

214M    /var
214M    total


du -sch /etc

3.9M    /etc
3.9M    total

---------------------------------------------

service --status-all

 [ + ]  acpid
 [ + ]  apache2
 [ + ]  atd
 [ + ]  avahi-daemon
 [ - ]  bootlogs
 [ ? ]  bootmisc.sh
 [ ? ]  checkfs.sh
 [ ? ]  checkroot-bootclean.sh
 [ - ]  checkroot.sh
 [ - ]  console-setup
 [ + ]  cron
 [ + ]  cups
 [ + ]  dbus
 [ + ]  dnsmasq
 [ - ]  exim4
 [ - ]  hostapd
 [ - ]  hostname.sh
 [ ? ]  hwclock.sh
 [ - ]  isc-dhcp-server
 [ - ]  kbd
 [ - ]  keyboard-setup
 [ ? ]  killprocs
 [ ? ]  kmod
 [ - ]  motd
 [ ? ]  mountall-bootclean.sh
 [ ? ]  mountall.sh
 [ ? ]  mountdevsubfs.sh
 [ ? ]  mountkernfs.sh
 [ ? ]  mountnfs-bootclean.sh
 [ ? ]  mountnfs.sh
 [ ? ]  mtab.sh
 [ ? ]  mysql
 [ ? ]  networking
 [ - ]  nfs-common
 [ - ]  procps
 [ + ]  proftpd
 [ ? ]  rc.begin
 [ ? ]  rc.local
 [ - ]  rmnologin
 [ + ]  rpcbind
 [ - ]  rsync
 [ + ]  rsyslog
 [ + ]  samba
 [ + ]  saned
 [ ? ]  sendsigs
 [ + ]  ssh
 [ + ]  udev
 [ ? ]  udev-mtab
 [ ? ]  umountfs
 [ ? ]  umountnfs.sh
 [ ? ]  umountroot
 [ - ]  urandom
 [ - ]  virtualbox-guest-utils
 [ - ]  x11-common

---------------------------------------------

netstat -lp

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 *:sunrpc                *:*                     LISTEN      1743/rpcbind
tcp        0      0 *:60274                 *:*                     LISTEN      1774/rpc.statd
tcp        0      0 *:ssh                   *:*                     LISTEN      2465/sshd
tcp        0      0 localhost:smtp          *:*                     LISTEN      2492/exim4
tcp6       0      0 [::]:sunrpc             [::]:*                  LISTEN      1743/rpcbind
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN      2465/sshd
tcp6       0      0 localhost:smtp          [::]:*                  LISTEN      2492/exim4
tcp6       0      0 [::]:37465              [::]:*                  LISTEN      1774/rpc.statd
udp        0      0 *:57988                 *:*                                 1774/rpc.statd
udp        0      0 *:646                   *:*                                 1743/rpcbind
udp        0      0 localhost:678           *:*                                 1774/rpc.statd
udp        0      0 *:sunrpc                *:*                                 1743/rpcbind
udp6       0      0 [::]:646                [::]:*                              1743/rpcbind
udp6       0      0 [::]:43016              [::]:*                              1774/rpc.statd
udp6       0      0 [::]:sunrpc             [::]:*                              1743/rpcbind
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node   PID/Program name    Path
unix  2      [ ACC ]     STREAM     LISTENING     24336    6740/dbus-daemon    /var/run/dbus/system_bus_socket
unix  2      [ ACC ]     SEQPACKET  LISTENING     4906     370/udevd           /run/udev/control
unix  2      [ ACC ]     STREAM     LISTENING     6523     1743/rpcbind        /var/run/rpcbind.sock
unix  2      [ ACC ]     STREAM     LISTENING     7292     2181/acpid          /var/run/acpid.socket

---------------------------------------------

Desinstalando processos desnecessarios, aqui porta 111

netstat -nat

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:60274           0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN
tcp        0     52 192.168.1.13:22         187.85.174.7:49161      ESTABLISHED
tcp6       0      0 :::111                  :::*                    LISTEN
tcp6       0      0 :::22                   :::*                    LISTEN
tcp6       0      0 ::1:25                  :::*                    LISTEN
tcp6       0      0 :::37465                :::*                    LISTEN


"rpcbind" remover

lsof -P -i -n | cut -f 1 -d " " | uniq | tail -n +2

rpcbind
rpc.statd
sshd
exim4
sshd


Listando arquivos arquivos de rede IPv4 e IPv6 abertas com comandos separados.

lsof -i 4

COMMAND     PID        USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
rpcbind    1743        root    6u  IPv4   6525      0t0  UDP *:sunrpc
rpcbind    1743        root    7u  IPv4   6528      0t0  UDP *:646
rpcbind    1743        root    8u  IPv4   6529      0t0  TCP *:sunrpc (LISTEN)
rpc.statd  1774       statd    4w  IPv4   7181      0t0  UDP localhost:678
rpc.statd  1774       statd    7u  IPv4   3558      0t0  UDP *:57988
rpc.statd  1774       statd    8u  IPv4   6554      0t0  TCP *:60274 (LISTEN)
sshd       2465        root    3u  IPv4   7356      0t0  TCP *:ssh (LISTEN)
exim4      2492 Debian-exim    3u  IPv4   1948      0t0  TCP localhost:smtp (LISTEN)
sshd      10753        root    3r  IPv4  77466      0t0  TCP 192.168.1.13:ssh->187-85-174-7.tpa.net.br:65510 (ESTABLISHED)


lsof -i | grep LISTEN

rpcbind   1748        root    8u  IPv4   6528      0t0  TCP *:sunrpc (LISTEN)
rpcbind   1748        root   11u  IPv6   6535      0t0  TCP *:sunrpc (LISTEN)
rpc.statd 1807       statd    8u  IPv4   6557      0t0  TCP *:51250 (LISTEN)
rpc.statd 1807       statd   10u  IPv6   6560      0t0  TCP *:42324 (LISTEN)
sshd      2528        root    3u  IPv4   5966      0t0  TCP *:ssh (LISTEN)
sshd      2528        root    4u  IPv6   5968      0t0  TCP *:ssh (LISTEN)
exim4     2558 Debian-exim    3u  IPv4   1833      0t0  TCP localhost:smtp (LISTEN)
exim4     2558 Debian-exim    4u  IPv6   1834      0t0  TCP localhost:smtp (LISTEN)



Para listar todos os processos em execução de arquivos abertos do protocolo TCP 
Range 1-1024.

lsof -i TCP:1-1024

COMMAND   PID        USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
rpcbind  1743        root    8u  IPv4   6529      0t0  TCP *:sunrpc (LISTEN)
rpcbind  1743        root   11u  IPv6   6536      0t0  TCP *:sunrpc (LISTEN)
sshd     2465        root    3u  IPv4   7356      0t0  TCP *:ssh (LISTEN)
sshd     2465        root    4u  IPv6   7358      0t0  TCP *:ssh (LISTEN)
exim4    2492 Debian-exim    3u  IPv4   1948      0t0  TCP localhost:smtp (LISTEN)
exim4    2492 Debian-exim    4u  IPv6   1949      0t0  TCP localhost:smtp (LISTEN)
sshd    10753        root    3r  IPv4  77466      0t0  TCP 192.168.1.13:ssh->187-85-174-7.tpa.net.br:65510 (ESTABLISHED)


netstat -ntpl

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1743/rpcbind
tcp        0      0 0.0.0.0:60274           0.0.0.0:*               LISTEN      1774/rpc.statd
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      2465/sshd
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      2492/exim4
tcp6       0      0 :::111                  :::*                    LISTEN      1743/rpcbind
tcp6       0      0 :::22                   :::*                    LISTEN      2465/sshd
tcp6       0      0 ::1:25                  :::*                    LISTEN      2492/exim4
tcp6       0      0 :::37465                :::*                    LISTEN      1774/rpc.statd


netstat -tap |grep LISTEN

tcp        0      0 *:sunrpc                *:*                     LISTEN      1743/rpcbind
tcp        0      0 *:60274                 *:*                     LISTEN      1774/rpc.statd
tcp        0      0 *:ssh                   *:*                     LISTEN      2465/sshd
tcp        0      0 localhost:smtp          *:*                     LISTEN      2492/exim4
tcp6       0      0 [::]:sunrpc             [::]:*                  LISTEN      1743/rpcbind
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN      2465/sshd
tcp6       0      0 localhost:smtp          [::]:*                  LISTEN      2492/exim4
tcp6       0      0 [::]:37465              [::]:*                  LISTEN      1774/rpc.statd


netstat -pn -l -A inet

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1748/rpcbind
tcp        0      0 0.0.0.0:51250           0.0.0.0:*               LISTEN      1807/rpc.statd
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      2528/sshd
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      2558/exim4
udp        0      0 0.0.0.0:651             0.0.0.0:*                           1748/rpcbind
udp        0      0 127.0.0.1:711           0.0.0.0:*                           1807/rpc.statd
udp        0      0 0.0.0.0:44177           0.0.0.0:*                           1807/rpc.statd
udp        0      0 0.0.0.0:111             0.0.0.0:*                           1748/rpcbind


lsof -i | grep LISTEN | cut -d " " -f 1 |sort -u

exim4
rpcbind
rpc.statd
sshd


Configuring the Exim4 Mail Transport Agent


dpkg-reconfigure exim4-config



Desinstalar apenas rpcbind

apt-get purge rpcbind


Desinstalar rpcbind e é dependências

apt-get remove --auto-remove rpcbind


---------------------------------------------

Para saber todo o processo de execução de uma porta específica, basta usar o seguinte 
comando com a opção -i. O exemplo abaixo irá listar todos os processos de execução de 
porta 22 (SSH).

lsof -i TCP:22

COMMAND   PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
sshd     2465 root    3u  IPv4   7356      0t0  TCP *:ssh (LISTEN)
sshd     2465 root    4u  IPv6   7358      0t0  TCP *:ssh (LISTEN)
sshd    10753 root    3r  IPv4  77466      0t0  TCP 192.168.1.13:ssh->187-85-174-7.tpa.net.br:65510 (ESTABLISHED)


Se alguem estranho estiver conectado voce podera "chutar" este estranho.

Identificando o invasor.

who -uH

NAME     LINE         TIME             IDLE          PID COMMENT
root     pts/0        2014-12-22 07:21   .         10290 (187.85.174.7)


Matando o processo ( pid )

kill -9 10290


Quem e o ip acima ?

whois 187.85.174.7

% Joint Whois - whois.lacnic.net
%  This server accepts single ASN, IPv4 or IPv6 queries

% Brazilian resource: whois.registro.br


% Copyright (c) Nic.br
%  The use of the data below is only permitted as described in
%  full by the terms of use (http://registro.br/termo/en.html),
%  being prohibited its distribution, comercialization or
%  reproduction, in particular, to use it for advertising or
%  any similar purpose.
%  2014-12-22 07:48:06 (BRST -02:00)

inetnum:     187.85.160/20
aut-num:     AS28343
abuse-c:     NOTTE2
owner:       TPA TELECOMUNICACOES LTDA
ownerid:     002.255.187/0001-08
responsible: TPA TELECOMUNICACOES LTDA
country:     BR
owner-c:     ALK3
tech-c:      NOTTE2
inetrev:     187.85.174/24
nserver:     dns1.tpa.com.br
nsstat:      20141222 AA
nslastaa:    20141222
nserver:     dns2.tpa.com.br
nsstat:      20141222 AA
nslastaa:    20141222
nserver:     dns3.tpa.com.br
nsstat:      20141222 AA
nslastaa:    20141222
created:     20090824
changed:     20130307

nic-hdl-br:  ALK3
person:      Fabiano Busnardo
e-mail:      registro@tpa.com.br
created:     19980109
changed:     20090219

nic-hdl-br:  NOTTE2
person:      N.O.C - TPA Telecomunicações
e-mail:      noc@tpa.com.br
created:     20121218
changed:     20121218

% Security and mail abuse issues should also be addressed to
% cert.br, http://www.cert.br/, respectivelly to cert@cert.br
% and mail-abuse@cert.br
%
% whois.registro.br accepts only direct match queries. Types
% of queries are: domain (.br), registrant (tax ID), ticket,
% provider, contact handle (ID), CIDR block, IP and ASN.


---------------------------------------------

tail -f /var/log/messages

Dec 20 18:20:28 debian kernel: [    8.841871] RPC: Registered udp transport module.
Dec 20 18:20:28 debian kernel: [    8.841877] RPC: Registered tcp transport module.
Dec 20 18:20:28 debian kernel: [    8.841882] RPC: Registered tcp NFSv4.1 backchannel transport module.
Dec 20 18:20:28 debian kernel: [    8.902581] FS-Cache: Loaded
Dec 20 18:20:28 debian kernel: [    8.951350] FS-Cache: Netfs 'nfs' registered for caching
Dec 20 18:20:28 debian kernel: [    8.967799] Installing knfsd (copyright (C) 1996 okir@monad.swb.de).
Dec 20 18:20:28 debian kernel: [   10.125635] nf_conntrack version 0.5.0 (16384 buckets, 65536 max)
Dec 20 18:20:28 debian kernel: [   10.353755] ip_tables: (C) 2000-2006 Netfilter Core Team
Dec 20 18:20:28 debian kernel: [   10.407783] r8169 0000:03:05.0: eth1: link up
Dec 20 18:20:28 debian kernel: [   10.409370] ADDRCONF(NETDEV_CHANGE): eth1: link becomes 


---------------------------------------------


O Syslog é o sistema de registro de eventos, seu objetivo é armazenar mensagens de 
eventos ocorridos no sistema, permitindo ao administrador, localizar possíveis falhas 
ou tentativas de invasão no sistema. 

Um dos motivos pelo qual, geralmente, se coloca o /var em uma partição separada, é que 
se evita que os logs cresçam tanto ao ponto de estourarem a partição, e sendo em uma 
partição separada o impacto seria menor do que se fosse na raiz.


tail -f /var/log/syslog

Dec 21 19:17:01 debian /USR/SBIN/CRON[3041]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly)
Dec 21 19:36:16 debian noip2[2203]: Read from dynupdate.no-ip.com failed (Connection reset by peer)
Dec 21 19:36:16 debian noip2[2203]: Can't get our visible IP address from ip1.dynupdate.no-ip.com
Dec 21 19:46:22 debian noip2[2203]: Can't get our visible IP address from ip1.dynupdate.no-ip.com
Dec 21 20:17:01 debian /USR/SBIN/CRON[3138]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly)
Dec 21 21:06:48 debian noip2[2203]: Read from dynupdate.no-ip.com failed (Connection reset by peer)
Dec 21 21:06:48 debian noip2[2203]: Can't get our visible IP address from ip1.dynupdate.no-ip.com
Dec 21 21:17:01 debian /USR/SBIN/CRON[3148]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly)
Dec 21 21:27:00 debian noip2[2203]: Read from dynupdate.no-ip.com failed (Connection reset by peer)
Dec 21 21:27:00 debian noip2[2203]: Can't get our visible IP address from ip1.dynupdate.no-ip.com

---------------------------------------------

Registro do uso de autorizações do sistema, como mecanismos que exigem senhas. 

Exemplo: o comando sudo ou logins SSH remotos.


tail -f /var/log/auth.log

Dec 21 22:13:40 debian sshd[3272]: Failed password for root from 122.225.97.73 port 31792 ssh2
Dec 21 22:13:40 debian sshd[3272]: Disconnecting: Too many authentication failures for root [preauth]
Dec 21 22:13:40 debian sshd[3272]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh 
    ruser= rhost=122.225.97.73  user=root
Dec 21 22:13:40 debian sshd[3272]: PAM service(sshd) ignoring max retries; 6 > 3
Dec 21 22:13:43 debian sshd[3274]: Failed password for root from 122.225.97.73 port 35365 ssh2
Dec 21 22:13:43 debian sshd[3274]: Disconnecting: Too many authentication failures for root [preauth]
Dec 21 22:13:43 debian sshd[3274]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh 
    ruser= rhost=122.225.97.73  user=root
Dec 21 22:13:43 debian sshd[3274]: PAM service(sshd) ignoring max retries; 6 > 3
Dec 21 22:13:46 debian sshd[3270]: Failed password for root from 122.225.97.73 port 31683 ssh2
Dec 21 22:13:47 debian sshd[3279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh 
    ruser= rhost=122.225.97.73  user=root
Dec 21 22:13:49 debian sshd[3279]: Failed password for root from 122.225.97.73 port 40767 ssh2
Dec 21 22:13:52 debian sshd[3279]: Failed password for root from 122.225.97.73 port 40767 ssh2
Dec 21 22:13:52 debian sshd[3270]: Failed password for root from 122.225.97.73 port 31683 ssh2
Dec 21 22:13:52 debian sshd[3270]: Disconnecting: Too many authentication failures for root [preauth]
Dec 21 22:13:52 debian sshd[3270]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh 
    ruser= rhost=122.225.97.73  user=root
Dec 21 22:13:52 debian sshd[3270]: PAM service(sshd) ignoring max retries; 6 > 3
Dec 21 22:13:53 debian sshd[3277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh 
    ruser= rhost=122.225.97.73  user=root
Dec 21 22:13:55 debian sshd[3277]: Failed password for root from 122.225.97.73 port 40033 ssh2
Dec 21 22:13:56 debian sshd[3279]: Failed password for root from 122.225.97.73 port 40767 ssh2
Dec 21 22:14:00 debian sshd[3282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh 
    ruser= rhost=122.225.97.73  user=root
Dec 21 22:14:02 debian sshd[3279]: Failed password for root from 122.225.97.73 port 40767 ssh2
Dec 21 22:14:02 debian sshd[3277]: Failed password for root from 122.225.97.73 port 40033 ssh2
Dec 21 22:14:03 debian sshd[3282]: Failed password for root from 122.225.97.73 port 42823 ssh2
Dec 21 22:14:05 debian sshd[3279]: Failed password for root from 122.225.97.73 port 40767 ssh2


---------------------------------------------

cat /var/log/daemon.log

Dec 20 14:22:16 debian acpid: starting up with netlink and the input layer
Dec 20 14:22:16 debian acpid: 1 rule loaded
Dec 20 14:22:16 debian acpid: waiting for events: event logging is off
Dec 20 14:22:23 debian dhclient: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13
Dec 20 14:22:23 debian dhclient: DHCPREQUEST on eth1 to 255.255.255.255 port 67
Dec 20 14:22:23 debian dhclient: DHCPOFFER from 192.168.1.1
Dec 20 14:22:23 debian dhclient: DHCPACK from 192.168.1.1
Dec 20 14:22:23 debian dhclient: bound to 192.168.1.4 -- renewal in 39504 seconds.
Dec 20 14:25:27 debian init: Switching to runlevel: 0
Dec 20 14:25:29 debian acpid: exiting
Dec 20 14:29:48 debian acpid: starting up with netlink and the input layer
Dec 20 14:29:48 debian acpid: 1 rule loaded
Dec 20 14:29:48 debian acpid: waiting for events: event logging is off
Dec 20 14:29:52 debian dhclient: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 13
Dec 20 14:29:52 debian dhclient: DHCPREQUEST on eth1 to 255.255.255.255 port 67
Dec 20 14:29:52 debian dhclient: DHCPOFFER from 192.168.1.1
Dec 20 14:29:52 debian dhclient: DHCPACK from 192.168.1.1
Dec 20 14:29:52 debian dhclient: bound to 192.168.1.4 -- renewal in 34322 seconds.
Dec 20 14:38:48 debian dhclient: receive_packet failed on eth1: Network is down
Dec 20 14:44:32 debian init: Switching to runlevel: 0
Dec 20 14:44:33 debian acpid: exiting

---------------------------------------------

Colors

echo ' '
echo -e "\e[1;34;47;01m EWB \e[1;33;44;02m Backup done! - by Jura \e[0m"


PS1="\[\033[2;30m\][\[\033[3;34m\]\u\[\033[1;30m\]@\[\033[0;32m\]\h\[\033[1;30m\]] "


Mostra as cores

Use escape sequences: echo -e '\E[color1;color2mYour Text.'

(color1 is the foreground, color2 the background color


echo -e '\E[30m black \E[31mred \E[32mgreen \E[33myellow \E[34mblue \E[35mmagenta 
         \E[36mcyan \E[37mwhite'

echo -e '\E[32;40mblack on red'

echo -e "${green}Welcome \e[5;32;47m $USER \n${endColor}"

echo -e "\e[1;33;42;01mThis is a blue text.\e[0m"

echo -e "\e[1;34;47;01m EWB \e[1;33;44;02m Backup done! - by Jura \e[0m"

echo -e "\e[1;37;41;01m  EWB  \e[1;33;44;02m  Linux setup    \e[0m"


Color:           Foreground:           Background:
---------------------------------------------------------
black             30                       40
red               31                       41
green             32                       42
yellow            33                       43
blue              34                       44
magenta           35                       45
cyan              36                       46
white             37                       47


Bash uses numeric codes to set attributes of the text to be displayed.


Attribute codes       : 00=none 01=bold 04=underscore 05=blink  07=reverse 08=concealed 

Text color codes      : 30=black 31=red 32=green      33=yellow 34=blue    35=magenta 36=cyan 37=white

Background color codes: 40=black 41=red 42=green      43=yellow 44=blue    45=magenta 46=cyan 47=white


---------------------------------------------

From home conected to the server

netstat --inet -a | grep 'ESTA*'

tcp        0     52 192.168.1.13:ssh        187-85-174-7.tpa.:49161 ESTABLISHED


---------------------------------------------

netstat -nat

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:60274           0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN
tcp        0     52 192.168.1.13:22         187.85.174.7:49161      ESTABLISHED
tcp6       0      0 :::111                  :::*                    LISTEN
tcp6       0      0 :::22                   :::*                    LISTEN
tcp6       0      0 ::1:25                  :::*                    LISTEN
tcp6       0      0 :::37465                :::*                    LISTEN


---------------------------------------------

netstat -tulpn

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1743/rpcbind
tcp        0      0 0.0.0.0:60274           0.0.0.0:*               LISTEN      1774/rpc.statd
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      2465/sshd
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      2492/exim4
tcp6       0      0 :::111                  :::*                    LISTEN      1743/rpcbind
tcp6       0      0 :::22                   :::*                    LISTEN      2465/sshd
tcp6       0      0 ::1:25                  :::*                    LISTEN      2492/exim4
tcp6       0      0 :::37465                :::*                    LISTEN      1774/rpc.statd
udp        0      0 0.0.0.0:57988           0.0.0.0:*                           1774/rpc.statd
udp        0      0 0.0.0.0:646             0.0.0.0:*                           1743/rpcbind
udp        0      0 127.0.0.1:678           0.0.0.0:*                           1774/rpc.statd
udp        0      0 0.0.0.0:111             0.0.0.0:*                           1743/rpcbind
udp6       0      0 :::646                  :::*                                1743/rpcbind
udp6       0      0 :::43016                :::*                                1774/rpc.statd
udp6       0      0 :::111                  :::*                                1743/rpcbind

---------------------------------------------

netstat -tulpn

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1743/rpcbind
tcp        0      0 0.0.0.0:60274           0.0.0.0:*               LISTEN      1774/rpc.statd
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      2465/sshd
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      2492/exim4
tcp6       0      0 :::111                  :::*                    LISTEN      1743/rpcbind
tcp6       0      0 :::22                   :::*                    LISTEN      2465/sshd
tcp6       0      0 ::1:25                  :::*                    LISTEN      2492/exim4
tcp6       0      0 :::37465                :::*                    LISTEN      1774/rpc.statd
udp        0      0 0.0.0.0:57988           0.0.0.0:*                           1774/rpc.statd
udp        0      0 0.0.0.0:646             0.0.0.0:*                           1743/rpcbind
udp        0      0 127.0.0.1:678           0.0.0.0:*                           1774/rpc.statd
udp        0      0 0.0.0.0:111             0.0.0.0:*                           1743/rpcbind
udp6       0      0 :::646                  :::*                                1743/rpcbind
udp6       0      0 :::43016                :::*                                1774/rpc.statd
udp6       0      0 :::111                  :::*                                1743/rpcbind


---------------------------------------------


netstat -nputa

Active Internet connections (servers and established)

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1743/rpcbind
tcp        0      0 0.0.0.0:60274           0.0.0.0:*               LISTEN      1774/rpc.statd
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      2465/sshd
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      2492/exim4
tcp        0    248 192.168.1.13:22         187.85.174.7:49161      ESTABLISHED 3180/0
tcp6       0      0 :::111                  :::*                    LISTEN      1743/rpcbind
tcp6       0      0 :::22                   :::*                    LISTEN      2465/sshd
tcp6       0      0 ::1:25                  :::*                    LISTEN      2492/exim4
tcp6       0      0 :::37465                :::*                    LISTEN      1774/rpc.statd
udp        0      0 0.0.0.0:57988           0.0.0.0:*                           1774/rpc.statd
udp        0      0 0.0.0.0:646             0.0.0.0:*                           1743/rpcbind
udp        0      0 127.0.0.1:678           0.0.0.0:*                           1774/rpc.statd
udp        0      0 0.0.0.0:111             0.0.0.0:*                           1743/rpcbind
udp6       0      0 :::646                  :::*                                1743/rpcbind
udp6       0      0 :::43016                :::*                                1774/rpc.statd
udp6       0      0 :::111                  :::*                                1743/rpcbind

---------------------------------------------

netstat -epn --tcp

Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address      Foreign Address      State       User   Inode   PID/Program name
tcp        0    316 192.168.1.13:22    187.85.174.7:49161   ESTABLISHED 0      8898    3180/0


---------------------------------------------

netstat -nap --tcp

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1743/rpcbind
tcp        0      0 0.0.0.0:60274           0.0.0.0:*               LISTEN      1774/rpc.statd
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      2465/sshd
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      2492/exim4
tcp        0    248 192.168.1.13:22         187.85.174.7:49161      ESTABLISHED 3180/0
tcp6       0      0 :::111                  :::*                    LISTEN      1743/rpcbind
tcp6       0      0 :::22                   :::*                    LISTEN      2465/sshd
tcp6       0      0 ::1:25                  :::*                    LISTEN      2492/exim4
tcp6       0      0 :::37465                :::*                    LISTEN      1774/rpc.statd

---------------------------------------------

netstat -nalp | grep ":22"

tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      2465/sshd
tcp        0      0 192.168.1.13:22         62.210.140.129:45437    SYN_RECV    -
tcp        0     52 192.168.1.13:22         187.85.174.7:65510      ESTABLISHED 10753/0
tcp        0      0 192.168.1.13:22         62.210.140.129:48733    TIME_WAIT   -
tcp        0      0 192.168.1.13:22         62.210.140.129:46806    TIME_WAIT   -
tcp        0      0 192.168.1.13:22         103.41.124.44:48684     ESTABLISHED 29841/sshd: root [p
tcp        0      1 192.168.1.13:22         62.210.140.129:48617    LAST_ACK    -
tcp6       0      0 :::22                   :::*                    LISTEN      2465/sshd

---------------------------------------------


apt-get install nmap


nmap localhost

Starting Nmap 6.00 ( http://nmap.org ) at 2014-12-22 08:00 BRST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0000080s latency).
Other addresses for localhost (not scanned): 127.0.0.1
Not shown: 997 closed ports
PORT    STATE SERVICE
22/tcp  open  ssh
25/tcp  open  smtp
111/tcp open  rpcbind



nmap -sS -p 0-65535 192.168.1.13

Starting Nmap 6.00 ( http://nmap.org ) at 2014-12-21 23:21 BRST
Nmap scan report for 192.168.1.13
Host is up (0.0000070s latency).
Not shown: 65533 closed ports
PORT      STATE SERVICE
22/tcp    open  ssh
111/tcp   open  rpcbind
60274/tcp open  unknown

Nmap done: 1 IP address (1 host up) scanned in 7.51 seconds


nmap debian70.no-ip.org

Starting Nmap 6.00 ( http://nmap.org ) at 2014-12-22 08:53 BRST
Nmap scan report for debian70.no-ip.org (201.3.233.130)
Host is up (0.0058s latency).
rDNS record for 201.3.233.130: 201-3-233-130.bnut3702.dsl.brasiltelecom.net.br
Not shown: 995 closed ports
PORT     STATE    SERVICE
21/tcp   filtered ftp
22/tcp   open     ssh
23/tcp   filtered telnet
80/tcp   open     http
5431/tcp open     park-agent


nmap -sS -T4 192.168.1.13

Starting Nmap 6.00 ( http://nmap.org ) at 2014-12-22 08:59 BRST
Nmap scan report for 192.168.1.13
Host is up (0.0000070s latency).
Not shown: 998 closed ports
PORT    STATE SERVICE
22/tcp  open  ssh
111/tcp open  rpcbind

Nmap done: 1 IP address (1 host up) scanned in 6.61 seconds

netstat -lntpe

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address     Foreign Address      State       User       Inode   PID/Program name
tcp        0      0 0.0.0.0:111       0.0.0.0:*            LISTEN      0          6529    1743/rpcbind
tcp        0      0 0.0.0.0:60274     0.0.0.0:*            LISTEN      102        6554    1774/rpc.statd
tcp        0      0 0.0.0.0:22        0.0.0.0:*            LISTEN      0          7356    2465/sshd
tcp        0      0 127.0.0.1:25      0.0.0.0:*            LISTEN      0          1948    2492/exim4
tcp6       0      0 :::111            :::*                 LISTEN      0          6536    1743/rpcbind
tcp6       0      0 :::22             :::*                 LISTEN      0          7358    2465/sshd
tcp6       0      0 ::1:25            :::*                 LISTEN      0          1949    2492/exim4
tcp6       0      0 :::37465          :::*                 LISTEN      102        3564    1774/rpc.statd


nmap -sT -O localhost

Starting Nmap 6.00 ( http://nmap.org ) at 2014-12-21 23:02 BRST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000077s latency).
Other addresses for localhost (not scanned): 127.0.0.1
Not shown: 997 closed ports

PORT    STATE SERVICE
22/tcp  open  ssh
25/tcp  open  smtp
111/tcp open  rpcbind

No exact OS matches for host (If you know what OS is running on it, 
see http://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=6.00%E=4%D=12/21%OT=22%CT=1%CU=36737%PV=N%DS=0%DC=L%G=Y%TM=54976D
OS:99%P=x86_64-unknown-linux-gnu)SEQ(SP=100%GCD=2%ISR=105%TI=Z%CI=I%II=I%TS
OS:=8)OPS(O1=M400CST11NW6%O2=M400CST11NW6%O3=M400CNNT11NW6%O4=M400CST11NW6%
OS:O5=M400CST11NW6%O6=M400CST11)WIN(W1=8000%W2=8000%W3=8000%W4=8000%W5=8000
OS:%W6=8000)ECN(R=Y%DF=Y%T=41%W=8018%O=M400CNNSNW6%CC=Y%Q=)T1(R=Y%DF=Y%T=41
OS:%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=41%W=0%S=A%A=Z%F=R%O=
OS:%RD=0%Q=)T5(R=Y%DF=Y%T=41%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=41%
OS:W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=41%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=
OS:)U1(R=Y%DF=N%T=41%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%
OS:DFI=N%T=41%CD=S)

Network Distance: 0 hops

OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 12.47 seconds

---------------------------------------------

nmap localhost  -sU

Starting Nmap 6.00 ( http://nmap.org ) at 2014-12-21 23:06 BRST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0000080s latency).
Other addresses for localhost (not scanned): 127.0.0.1
Not shown: 999 closed ports
PORT    STATE SERVICE
111/udp open  rpcbind

Nmap done: 1 IP address (1 host up) scanned in 0.16 seconds

---------------------------------------------


nmap -sS -O -p 20-25 127.0.0.1

Starting Nmap 6.00 ( http://nmap.org ) at 2014-12-21 23:11 BRST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000072s latency).
PORT   STATE  SERVICE
20/tcp closed ftp-data
21/tcp closed ftp
22/tcp open   ssh
23/tcp closed telnet
24/tcp closed priv-mail
25/tcp open   smtp
No exact OS matches for host (If you know what OS is running on it, 
see http://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=6.00%E=4%D=12/21%OT=22%CT=20%CU=33746%PV=N%DS=0%DC=L%G=Y%TM=54976
OS:FD0%P=x86_64-unknown-linux-gnu)SEQ(SP=105%GCD=1%ISR=10D%TI=Z%CI=I%II=I%T
OS:S=8)OPS(O1=M400CST11NW6%O2=M400CST11NW6%O3=M400CNNT11NW6%O4=M400CST11NW6
OS:%O5=M400CST11NW6%O6=M400CST11)WIN(W1=8000%W2=8000%W3=8000%W4=8000%W5=800
OS:0%W6=8000)ECN(R=Y%DF=Y%T=41%W=8018%O=M400CNNSNW6%CC=Y%Q=)T1(R=Y%DF=Y%T=4
OS:1%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=41%W=0%S=A%A=Z%F=R%O
OS:=%RD=0%Q=)T5(R=Y%DF=Y%T=41%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=41
OS:%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=41%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q
OS:=)U1(R=Y%DF=N%T=41%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y
OS:%DFI=N%T=41%CD=S)

Network Distance: 0 hops

OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 12.44 seconds


---------------------------------------------

nmap 192.168.1.13 -sU

Starting Nmap 6.00 ( http://nmap.org ) at 2014-12-21 23:12 BRST
Nmap scan report for 192.168.1.13
Host is up (0.0000080s latency).
Not shown: 999 closed ports
PORT    STATE SERVICE
111/udp open  rpcbind

Nmap done: 1 IP address (1 host up) scanned in 6.61 seconds



nmap -sS -O -P0 -v 192.168.1.13

Starting Nmap 6.00 ( http://nmap.org ) at 2014-12-21 23:19 BRST
Initiating Parallel DNS resolution of 1 host. at 23:19
Completed Parallel DNS resolution of 1 host. at 23:19, 6.54s elapsed
Initiating SYN Stealth Scan at 23:19
Scanning 192.168.1.13 [1000 ports]
Discovered open port 22/tcp on 192.168.1.13
Discovered open port 111/tcp on 192.168.1.13
Completed SYN Stealth Scan at 23:19, 0.02s elapsed (1000 total ports)
Initiating OS detection (try #1) against 192.168.1.13
Retrying OS detection (try #2) against 192.168.1.13
Retrying OS detection (try #3) against 192.168.1.13
Retrying OS detection (try #4) against 192.168.1.13
Retrying OS detection (try #5) against 192.168.1.13
Nmap scan report for 192.168.1.13
Host is up (0.000079s latency).
Not shown: 998 closed ports

PORT    STATE SERVICE
22/tcp  open  ssh
111/tcp open  rpcbind

No exact OS matches for host (If you know what OS is running on it, 
see http://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=6.00%E=4%D=12/21%OT=22%CT=1%CU=43979%PV=Y%DS=0%DC=L%G=Y%TM=549771
OS:A5%P=x86_64-unknown-linux-gnu)SEQ(SP=102%GCD=1%ISR=10E%TI=Z%CI=I%II=I%TS
OS:=8)OPS(O1=M400CST11NW6%O2=M400CST11NW6%O3=M400CNNT11NW6%O4=M400CST11NW6%
OS:O5=M400CST11NW6%O6=M400CST11)WIN(W1=8000%W2=8000%W3=8000%W4=8000%W5=8000
OS:%W6=8000)ECN(R=Y%DF=Y%T=41%W=8018%O=M400CNNSNW6%CC=Y%Q=)T1(R=Y%DF=Y%T=41
OS:%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=41%W=0%S=A%A=Z%F=R%O=
OS:%RD=0%Q=)T5(R=Y%DF=Y%T=41%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=41%
OS:W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=41%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=
OS:)U1(R=Y%DF=N%T=41%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%
OS:DFI=N%T=41%CD=S)

Uptime guess: 1.204 days (since Sat Dec 20 18:25:18 2014)
Network Distance: 0 hops
TCP Sequence Prediction: Difficulty=258 (Good luck!)
IP ID Sequence Generation: All zeros

Read data files from: /usr/bin/../share/nmap
OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 19.01 seconds
           Raw packets sent: 1110 (52.890KB) | Rcvd: 2212 (98.988KB)


---------------------------------------------

Lista usuarios

cat /etc/passwd

root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
Debian-exim:x:101:103::/var/spool/exim4:/bin/false
statd:x:102:65534::/var/lib/nfs:/bin/false
sshd:x:103:65534::/var/run/sshd:/usr/sbin/nologin
jura:x:1000:1000:jura,,,:/home/jura:/bin/bash
messagebus:x:104:106::/var/run/dbus:/bin/false


cat /etc/passwd | cut -d":" -f1

root
daemon
bin
sys
sync
games
man
lp
mail
news
uucp
proxy
www-data
backup
list
irc
gnats
nobody
libuuid
Debian-exim
statd
sshd
jura
messagebus


---------------------------------------------

Procurando arquivos

find . \( -name "*.c" -o -name "*.h" -o -name "*.sc" -o -name "*.ini" \) -print
./instalacoes/noip-2.1.9-1/noip2.c
./instalacoes/noip-2.1.9-1/._noip2.c

---------------------------------------------

Find Out The Top 10 Memory Consuming Process

ps -auxf | sort -nr -k 4 | head -10

warning: bad ps syntax, perhaps a bogus '-'?
See http://gitorious.org/procps/procps/blobs/master/Documentation/FAQ
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
statd     1774  0.0  0.0  23348  1304 ?        Ss   Dec20   0:00 /sbin/rpc.statd
root         8  0.0  0.0      0     0 ?        S    Dec20   0:00  \_ [migration/1]
root         7  0.0  0.0      0     0 ?        S    Dec20   0:00  \_ [watchdog/0]
root      6904  0.0  0.0   5608   644 pts/0    S+   23:32   0:00  \_ head -10
root      6903  0.0  0.0  20256   788 pts/0    S+   23:32   0:00  \_ sort -nr -k 4
root      6902  0.0  0.0  16992  1308 pts/0    R+   23:32   0:00  \_ ps -auxf
root      6901  0.0  0.0      0     0 ?        S    23:31   0:00  \_ [kworker/2:1]
root      6892  0.0  0.0      0     0 ?        S    23:25   0:00  \_ [kworker/3:2]
root      6887  0.0  0.0      0     0 ?        S    23:23   0:00  \_ [kworker/0:0]


Find Out top 10 CPU Consuming Process

ps -auxf | sort -nr -k 3 | head -10

warning: bad ps syntax, perhaps a bogus '-'?
See http://gitorious.org/procps/procps/blobs/master/Documentation/FAQ
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
statd     1774  0.0  0.0  23348  1304 ?        Ss   Dec20   0:00 /sbin/rpc.statd
root         8  0.0  0.0      0     0 ?        S    Dec20   0:00  \_ [migration/1]
root         7  0.0  0.0      0     0 ?        S    Dec20   0:00  \_ [watchdog/0]
root      6908  0.0  0.0   5608   644 pts/0    S+   23:35   0:00  \_ head -10
root      6907  0.0  0.0  20256   784 pts/0    S+   23:35   0:00  \_ sort -nr -k 3
root      6906  0.0  0.0  16992  1304 pts/0    R+   23:35   0:00  \_ ps -auxf
root      6905  0.0  0.0      0     0 ?        S    23:32   0:00  \_ [flush-8:0]
root      6901  0.0  0.0      0     0 ?        S    23:31   0:00  \_ [kworker/2:1]
root      6892  0.0  0.0      0     0 ?        S    23:25   0:00  \_ [kworker/3:2]


---------------------------------------------

lsof -P -i -n | grep TCP

rpcbind    1743        root    8u  IPv4   6529    0t0  TCP *:111 (LISTEN)
rpcbind    1743        root   11u  IPv6   6536    0t0  TCP *:111 (LISTEN)
rpc.statd  1774       statd    8u  IPv4   6554    0t0  TCP *:60274 (LISTEN)
rpc.statd  1774       statd   10u  IPv6   3564    0t0  TCP *:37465 (LISTEN)
sshd       2465        root    3u  IPv4   7356    0t0  TCP *:22 (LISTEN)
sshd       2465        root    4u  IPv6   7358    0t0  TCP *:22 (LISTEN)
exim4      2492 Debian-exim    3u  IPv4   1948    0t0  TCP 127.0.0.1:25 (LISTEN)
exim4      2492 Debian-exim    4u  IPv6   1949    0t0  TCP [::1]:25 (LISTEN)
sshd      10753        root    3r  IPv4  77466    0t0  TCP 192.168.1.13:22->187.85.174.7:65510 (ESTABLISHED)
sshd      25982        root    3r  IPv4  83050    0t0  TCP 192.168.1.13:22->103.41.124.44:39749 (ESTABLISHED)
sshd      25992        sshd    3u  IPv4  83050    0t0  TCP 192.168.1.13:22->103.41.124.44:39749 (ESTABLISHED)
sshd      29719        root    3r  IPv4  83054    0t0  TCP 192.168.1.13:22->62.210.140.129:42610 (ESTABLISHED)
sshd      29720        sshd    3u  IPv4  83054    0t0  TCP 192.168.1.13:22->62.210.140.129:42610 (ESTABLISHED)


---------------------------------------------

Visualizando processador.

grep 'model\|MHz' /proc/cpuinfo | tail -n 2

model name : AMD Sempron(tm) Processor LE-1250
cpu MHz : 1000.000


Visualizando espaço de disco.

dmesg | grep -i "blocks"

[ 2.077814] sd 2:0:0:0: [sda] 312579695 512-byte logical blocks: (160 GB/149 GiB)


---------------------------------------------

Forcando instalacao

apt-get install --force-yes -y python-dev
                                                                                                              
apt-get install --force-yes -y libcups2-dev

---------------------------------------------

Lista todos arquivos, exceto arquivos terminados com ".txt"

du -ah --exclude="*.txt" /home/

---------------------------------------------


Localiza do menor ao maior arquivo no servidor.

find . -type f -print0 | xargs -0 du | sort -n |tail -10 |cut -f2 |xargs -I{} du -sh {}

280K    ./instalacoes/squid-3.4.10/libltdl/config/ltmain.sh
284K    ./instalacoes/squid-3.4.10/libltdl/m4/libtool.m4
288K    ./instalacoes/squid-3.4.10/src/cf.data.pre
376K    ./instalacoes/squid-3.4.10/aclocal.m4
436K    ./instalacoes/squid-3.4.10/libltdl/configure
472K    ./instalacoes/sarg-2.3.9/fonts/DejaVuSans.ttf
1.1M    ./instalacoes/squid-3.4.10/configure
1.3M    ./instalacoes/sarg-2.3.9.tar.gz
4.5M    ./instalacoes/squid-3.4.10.tar.gz
22M     ./instalacoes/webmin-1.720.tar.gz

---------------------------------------------

Lista os maiores arquivos em Mb dos maiores para os menores.

find /var -type f | xargs ls -s | sort -rn | awk '{size=$1/1024; printf("%dMb %s\n", 
     size,$2);}' | head

xargs: unmatched single quote; by default quotes are special to xargs unless you use 
the -0 option
ls: cannot access /var/www/dir1/songs/0: No such file or directory
79Mb /var/lib/clamav/daily.cld
61Mb /var/lib/clamav/main.cvd
27Mb /var/lib/apt/lists/debian.pop-sc.rnp.br_debian_dists_wheezy_main_binary-amd64_Packages
24Mb /var/lib/apt/lists/debian.pop-sc.rnp.br_debian_dists_wheezy_main_source_Sources
18Mb /var/lib/mysql/ibdata1
17Mb /var/lib/apt/lists/debian.pop-sc.rnp.br_debian_dists_wheezy_main_i18n_Translation-en
5Mb /var/lib/mysql/ib_logfile1
5Mb /var/lib/mysql/ib_logfile0
4Mb /var/mail/jura
3Mb /var/lib/aptitude/pkgstates.old

---------------------------------------------

Lista arquivos editados nos ultimos 15 dias com tamanho ate 15 mb no diretorio home.

find /home/ -name '*.docx' -a -size +15M -mtime -15

/home/computing_smb/Linux/Linux - new2.docx
/home/lixeira_smb/ewb1/Linux - new.docx
/home/lixeira_smb/ewb1/_Linux - d 7 - 1 - 000 - 489.docx
/home/lixeira_smb/ewb1/Linux - new2.docx

---------------------------------------------

find /var/www -type f | grep -i "\.gif$"

/var/www/dir1/dlf/fh10.gif
/var/www/dir1/dlf/real.gif
/var/www/dir1/dlf/fla.gif
/var/www/dir1/dlf/gif.gif
/var/www/dir1/dlf/xls.gif
/var/www/dir1/dlf/video.gif
/var/www/dir1/dlf/trans.gif
/var/www/dir1/dlf/setup.gif
/var/www/dir1/dlf/video2.gif
/var/www/dir1/dlf/doc.gif
/var/www/dir1/dlf/exe.gif
/var/www/dir1/dlf/sig.gif
/var/www/dir1/dlf/jpg.gif
/var/www/dir1/dlf/bg.gif
/var/www/dir1/dlf/pdf.gif
/var/www/dir1/dlf/swf.gif

---------------------------------------------

find / -name '*.doc' -o -name '*.conf' -print

---------------------------------------------

Procura palavras com o termo "Hello" no diretorio home.

grep -r -H "Hello" /home

/home/aluno1_smb/Teste.txt:Hello

---------------------------------------------

egrep -w -R 'Hello|bie' /home

Binary file /home/computing_smb/Linux/Linux - new2.docx matches
/home/aluno1_smb/Teste.txt:Hello
Binary file /home/lixeira_smb/ewb1/Linux - new.docx matches
Binary file /home/lixeira_smb/ewb1/_Linux - d 7 - 1 - 000 - 489.docx matches

---------------------------------------------

Localizando a string "amigos" em "/var/www/"

grep -ri "amigos" /var/www/

/var/www/amigos.php:$query = "SELECT * FROM amigos ORDER BY nome";

---------------------------------------------

Verificando se alguem tentou hackear logina ftp.

grep -i "FAIL LOGIN"  /var/log/proftpd/proftpd.log | 
    grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' 
    | sort | uniq -c | sort -rn | more


grep -i "session opened" /var/log/proftpd/proftpd.log | grep 192.168.1.13
Jan 18 17:44:54 debian proftpd[23348] debian (192.168.1.13[192.168.1.13]): 
    FTP session opened.

---------------------------------------------

tail -f /var/log/syslog -f /var/log/auth.log

==> /var/log/syslog <==

Jan 18 20:33:59 debian nmbd[3099]: [2015/01/18 20:33:59.491608,  0] nmbd/nmbd_browsesync.c:351(find_domain_master_name_query_fail)
Jan 18 20:33:59 debian nmbd[3099]:   find_domain_master_name_query_fail:
Jan 18 20:33:59 debian nmbd[3099]:   Unable to find the Domain Master Browser name SCHOOL<1b> for the workgroup SCHOOL.
Jan 18 20:33:59 debian nmbd[3099]:   Unable to sync browse lists in this workgroup.
Jan 18 20:34:01 debian /USR/SBIN/CRON[27018]: (root) CMD (/usr/local/bin/sarg -x)
Jan 18 20:35:01 debian /USR/SBIN/CRON[27046]: (root) CMD (if [ -x /usr/bin/mrtg ] && [ -r /etc/mrtg.cfg ] 
  && [ -d "$(grep '^[[:space:]]*[^#]*[[:space:]]*WorkDir' /etc/mrtg.cfg | awk '{ print $NF }')" ]; 
  then mkdir -p /var/log/mrtg ; env LANG=C /usr/bin/mrtg /etc/mrtg.cfg 2>&1 | tee -a /var/log/mrtg/mrtg.log ; fi)
Jan 18 20:35:01 debian /USR/SBIN/CRON[27047]: (root) CMD (/usr/local/bin/sarg -x)
Jan 18 20:36:01 debian /USR/SBIN/CRON[27072]: (root) CMD (/usr/local/bin/sarg -x)
Jan 18 20:37:01 debian /USR/SBIN/CRON[27083]: (root) CMD (/usr/local/bin/sarg -x)
Jan 18 20:38:01 debian /USR/SBIN/CRON[27095]: (root) CMD (/usr/local/bin/sarg -x)

==> /var/log/auth.log <==

Jan 18 20:35:01 debian CRON[27044]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 18 20:35:01 debian CRON[27045]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 18 20:35:01 debian CRON[27044]: pam_unix(cron:session): session closed for user root
Jan 18 20:35:01 debian CRON[27045]: pam_unix(cron:session): session closed for user root
Jan 18 20:36:01 debian CRON[27071]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 18 20:36:01 debian CRON[27071]: pam_unix(cron:session): session closed for user root
Jan 18 20:37:01 debian CRON[27082]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 18 20:37:01 debian CRON[27082]: pam_unix(cron:session): session closed for user root
Jan 18 20:38:01 debian CRON[27094]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 18 20:38:01 debian CRON[27094]: pam_unix(cron:session): session closed for user root

---------------------------------------------

grep '^jura' /etc/passwd

jura:x:1000:1000:jura,,,:/home/jura:/bin/bash


grep '^ftp1' /etc/passwd

ftp1:x:1001:1001:,,,:/home/ftp1:/bin/bash

---------------------------------------------

Lista os 10 maiores arquivos no servidor.

find / -type f 2>/dev/null | xargs du 2>/dev/null | sort -n | tail -n 10 | cut -f 2 
     | xargs -n 1 du -h

3.5M    /var/lib/aptitude/pkgstates.old
4.6M    /var/mail/jura
5.0M    /var/lib/mysql/ib_logfile0
5.0M    /var/lib/mysql/ib_logfile1
18M     /var/lib/apt/lists/debian.pop-sc.rnp.br_debian_dists_wheezy_main_i18n_Translation-en
18M     /var/lib/mysql/ibdata1
25M     /var/lib/apt/lists/debian.pop-sc.rnp.br_debian_dists_wheezy_main_source_Sources
28M     /var/lib/apt/lists/debian.pop-sc.rnp.br_debian_dists_wheezy_main_binary-amd64_Packages
62M     /var/lib/clamav/main.cvd
80M     /var/lib/clamav/daily.cld

---------------------------------------------

Os 10 processos que estao consumindo cpu

ps auxf | sort -nr -k 3 | head

www-data  9203  0.0  0.2 200348  7844 ?        S    15:19   0:00  \_ /usr/sbin/apache2 -k start
www-data  3438  0.0  0.2 200396  8572 ?        S    13:38   0:00  \_ /usr/sbin/apache2 -k start
www-data  3437  0.0  0.2 200348  7844 ?        S    13:38   0:00  \_ /usr/sbin/apache2 -k start
www-data  3436  0.0  0.2 200396  8572 ?        S    13:38   0:00  \_ /usr/sbin/apache2 -k start
www-data  3435  0.0  0.2 200380  8340 ?        S    13:38   0:00  \_ /usr/sbin/apache2 -k start
www-data  3434  0.0  0.2 200396  8572 ?        S    13:38   0:00  \_ /usr/sbin/apache2 -k start
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root      9338  0.0  0.0   5608   628 pts/0    S+   15:24   0:00  \_ head
root      9337  0.0  0.0  20256   788 pts/0    S+   15:24   0:00  \_ sort -nr -k 3
root      9336  0.0  0.0  16988  1296 pts/0    R+   15:24   0:00  \_ ps auxf

---------------------------------------------

Procurando arquivos com as terminações entre aspas duplas na linha abaixo.

find . \( -name "*.c" -o -name "*.h" -o -name "*.sc" -o -name "*.ini" \) –print

./instalacoes/noip-2.1.9-1/noip2.c
./instalacoes/noip-2.1.9-1/._noip2.c

---------------------------------------------


Backup de todos as pastas que estao em "/var/www/" menos a pasta "/squid-reports/"

tar -czvf scripts_sh_bk.tar.gz-`date +%d-%m-%y-%a-%h`.tar *.sh

tar -czvf etc_conf_files_bk.tar.gz-`date +%d-%m-%y-%a-%h`.tar /etc/

tar --exclude 'squid-reports' -czvf www_files_bk.tar.gz-`date +%d-%m-%y-%a-%h`.tar 
    /var/www/

---------------------------------------------


Exemplo 1 ( rsync ) 

O diretório de nome "backups" é criado na linha de comando, basta definir o nome.

Note que foi copiado o diretório dir_bk e todos os arquivos e sub-diretórios .


rsync -av root@201.11.65.234:dir_bk/ backups/

---------------------------------------------


Exemplo 2 ( rsync ) 


Copiando arquivos que estão dentro do diretório book para dentro do diretório destino 
que no servidor remoto no diretório: 

arqs_copiados_do_server_remoto/

rsync -av root@201.11.65.234:/var/www/book/ arqs_copiados_do_server_remoto/

---------------------------------------------

Exemplo 3 ( scp ) 

Copiando arquivos que estão dentro do diretório book para dentro do diretório destino 
que é o servidor remoto arqs_copiados_do_server_remoto/

scp -r root@201.11.65.234:/var/www/book/ arqs_copiados_do_server_remoto_scp/

---------------------------------------------

Exemplo 4 ( rsync )

Estamos copiando o diretório origem, que está num computador remoto no diretório 
var/www/fm para meu computador que estou rodando em uma maquina virtual para dentro 
do diretório filemanager.

rsync -av root@201.11.65.234:/var/www/fm/ filemanager/

---------------------------------------------

Exemplo 5 ( scp ) 


Copiando do sevidor remoto arquivos, sub-diretórios com arquivos dentro destes com data 
e hora anexados ao nome do diretório onde o backup será armazenado.

scp -r root@ewb.no-ip.org:server1/ /home/jura/meu_backup_remoto-`date +%d.%b.%Y-%H-%M`
root@ewb.no-ip.org's password:


cd meu_backup_remoto-31.Jul.2011-21-36/

---------------------------------------------

Procurando por palavras em arquivos compactados.

zcat /var/log/squid3/access.log.1.gz |awk '{print $3 "-" $7 "-" $11}' |grep face* |wc -l

zcat /var/log/squid3/access.log.1.gz |awk '{print $3 "-" $7 "-" $11}' |grep face*

---------------------------------------------

du -hc /home/files/ *.pdf | sort-n | grep "[0-9]M" | tail
 
du -hc /home/files/*.pdf | sort-n | grep "[0-9]M" | tail -n15

du -hc /home//files/*.jpg | sort-n | grep "[0-9]K"
 
du -hc /home/filest/caza/*.jpg | sort-n

du -h /home/files/ | sort-n  | grep "[0-9]G"
 
du -h /home/files/ | sort-n  | egrep "[0-9]+G.* | [5-9][0-9][0-9]M.*"

---------------------------------------------

Kill the root

who -uH

ps aux | grep pts/1

kill -9 2104

---------------------------------------------

Achar os arquivos mais recentes.

ls -trF | grep -v \/ | tail -n 1

---------------------------------------------

Localizando os maiores arquivos.

find -type f -exec du -sh {} +  | sort -rh | head
 
11M     ./instalacoes/bWAPP.zip
132K    ./instalacoes/noip-duc-linux.tar.gz
113K    ./.mysql_history
85K     ./instalacoes/noip-2.1.9-1/binaries/noip2-x86_64
82K     ./instalacoes/noip-2.1.9-1/noip2
76K     ./instalacoes/noip-2.1.9-1/noip2.c
53K     ./instalacoes/noip-2.1.9-1/binaries/noip2-i686
18K     ./instalacoes/noip-2.1.9-1/COPYING
16K     ./instalacoes/noip-2.1.9-1/README.FIRST.JAPANESE
15K     ./instalacoes/noip-2.1.9-1/README.FIRST_PT


find . -type f -exec grep "Jurandir" {} \; -print  

find /home -type f -exec grep -Hn -A1 -B1 "rubia" {} \;

find . -type f -print0 | xargs -0 grep "marcelo"

find /home/files -name '*.psd' -size  +400M

---------------------------------------------

Contando numero de mensagens das 11 h

cat /var/log/messages | grep '11:[0-5]\{2\}'

--------------------------------------------

Logs

tail -f /var/log/squid/access.log  

tail -f /var/log/syslog

tail -f /var/log/mail.log

tail -f /var/log/mail.info

tail -f /var/log/messages
 
tail -f /var/log/apache2/access.log

tail -f /var/log/iptables/crit.log

tail -f /var/log/auth.log

tail -f /var/log/cups/error_log

tail -f /var/log/daemon.log

tail -f /var/log/squid/cache.log

tail -f /var/log/cups/access_log

tail -f /var/log/user.log

tail -f /var/log/faillog

--------------------------------------------

Netstat


netstat -atun | awk '{print $5}' | cut -d: -f1 | sed -e '/^$/d' |sort |uniq -c |sort -n

netstat -lnupe

netstat -tulpan

netstat -aute

netstat -aute | grep root

netstat -aute | grep bind

netstat -aute | grep proxy

netstat -tulpan | grep LISTEN

netstat -tulpan | grep ESTABLISHED

netstat -tulpan | grep named

netstat -tulpan | grep squid

netstat -tulpan | grep nmbd

netstat -tunva

netstat --inet -a | grep 'ESTA*'    

netstat -t -u | grep 'EST*'

tcp        0      0 192.168.2.100:smtp      121.246.232.131.s:24452  ESTABELECIDA
tcp        0      0 192.168.0.:microsoft-ds 192.168.0.112:1026       ESTABELECIDA
tcp        0      0 192.168.0.2:netbios-ssn 192.168.0.107:3292       ESTABELECIDA
tcp        0      0 192.168.0.:microsoft-ds 192.168.0.108:4737       ESTABELECIDA
tcp        0      0 192.168.0.:microsoft-ds 192.168.0.160:49164      ESTABELECIDA
tcp        0   1362 www.tipotil.com.br:3128 192.168.0.149:57394      ESTABELECIDA
tcp        0      0 192.168.0.:microsoft-ds 192.168.0.149:61811      ESTABELECIDA
tcp        0      0 192.168.2.100:2225      wldin174-07.tpa.n:49250  ESTABELECIDA
tcp        0      0 192.168.2.100:46325     977music.com:www         ESTABELECIDA
udp        0      0 192.168.2.100:40998     a.ntp.br:ntp             ESTABELECIDA
udp        0      0 192.168.2.100:42574     srv6.spbrasil.com.b:ntp  ESTABELECIDA
udp        0      0 192.168.2.100:59603     titan.cais.rnp.br:ntp    ESTABELECIDA
udp        0      0 192.168.2.100:42237     ns2.pads.ufrj.br:ntp     ESTABELECIDA
udp        0      0 192.168.2.100:42237     ns2.pads.ufrj.br:ntp     ESTABELECIDA
 
--------------------------------------------

netstat -ntu | awk '{print $5}'| cut -d: -f1 | sort | uniq -c | sort -nr | more

      9 192.168.1.14
      6 189.45.192.16
      4 127.0.0.1
      1 servers)
      1 Address
      1 192.168.1.17

--------------------------------------------

netstat -tln

netstat -atu

netstat -antu

netstat -ta

netstat -tulpan

netstat -nat

netstat -nr 

--------------------------------------------

netstat -nat

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address            Foreign Address         State
tcp        0      0 127.0.0.1:10024           0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:2121              0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:54378             0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:139             0.0.0.0:*               LISTEN
tcp        0      0 192.168.1.1:139           0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:2223              0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:111               0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:948             0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:631               0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:3128              0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:25                0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:445             0.0.0.0:*               LISTEN
tcp        0      0 192.168.1.1:445           0.0.0.0:*               LISTEN
tcp        0      0 200.193.113.111:60887     65.55.249.68:80         TIME_WAIT
tcp        0      0 192.168.1.1:3128          192.168.1.25:25046      ESTABLISHED
tcp        0      1 200.193.113.111:53151     201.10.120.3:53         SYN_SENT
tcp        0     52 192.168.1.1:2223          192.168.1.25:24934      ESTABLISHED
tcp        0      1 200.193.113.111:39191     201.10.1.2:53           SYN_SENT
tcp6       0      0 :::993                    :::*                    LISTEN
tcp6       0      0 ::1:139                   :::*                    LISTEN
tcp6       0      0 fe80::213:d4ff:fe8c:139   :::*                    LISTEN
tcp6       0      0 fe80::2e0:7dff:fefd:139   :::*                    LISTEN
tcp6       0      0 :::2223                   :::*                    LISTEN
tcp6       0      0 :::143                    :::*                    LISTEN
tcp6       0      0 :::8080                   :::*                    LISTEN
tcp6       0      0 :::631                    :::*                    LISTEN
tcp6       0      0 :::3000                   :::*                    LISTEN
tcp6       0      0 ::1:445                   :::*                    LISTEN
tcp6       0      0 fe80::213:d4ff:fe8c:445   :::*                    LISTEN
tcp6       0      0 fe80::2e0:7dff:fefd:445   :::*                    LISTEN
 
--------------------------------------------

netstat -lntpe

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address      Foreign Address  State     User       Inode       PID/Program name
tcp        0      0 127.0.0.1:10024    0.0.0.0:*        LISTEN     111       5490        2048/amavisd (maste
tcp        0      0 0.0.0.0:2121       0.0.0.0:*        LISTEN      0        6857        2413/vsftpd
tcp        0      0 0.0.0.0:54378      0.0.0.0:*        LISTEN      0        4839        1757/rpc.statd
tcp        0      0 127.0.0.1:139      0.0.0.0:*        LISTEN      0        6661        2396/smbd
tcp        0      0 192.168.1.1:139    0.0.0.0:*        LISTEN      0        6655        2396/smbd
tcp        0      0 0.0.0.0:2223       0.0.0.0:*        LISTEN      0        6838        2439/sshd
tcp        0      0 0.0.0.0:111        0.0.0.0:*        LISTEN      0        4797        1746/portmap
tcp        0      0 127.0.0.1:948      0.0.0.0:*        LISTEN      0        7015        2468/famd
tcp        0      0 0.0.0.0:631        0.0.0.0:*        LISTEN      0        5619        2101/cupsd
tcp        0      0 0.0.0.0:3128       0.0.0.0:*        LISTEN      0        6545        2321/(squid)
tcp        0      0 0.0.0.0:25         0.0.0.0:*        LISTEN      0        6005        2196/master
tcp        0      0 127.0.0.1:445      0.0.0.0:*        LISTEN      0        6660        2396/smbd
tcp        0      0 192.168.1.1:445    0.0.0.0:*        LISTEN      0        6654        2396/smbd
tcp6       0      0 :::993                  :::*        LISTEN      0        5555        2081/couriertcpd
tcp6       0      0 ::1:139                 :::*        LISTEN      0        6663        2396/smbd
tcp6       0      0 fe80::213:d4ff:fe8c:139 :::*        LISTEN      0        6659        2396/smbd
tcp6       0      0 fe80::2e0:7dff:fefd:139 :::*        LISTEN      0        6657        2396/smbd
tcp6       0      0 :::2223                 :::*        LISTEN      0        6836        2439/sshd
tcp6       0      0 :::143                  :::*        LISTEN      0        5548        2069/couriertcpd
tcp6       0      0 :::8080                 :::*        LISTEN      0        7149        2526/apache2
tcp6       0      0 :::631                  :::*        LISTEN      0        5618        2101/cupsd
tcp6       0      0 :::3000                 :::*        LISTEN      0        6577        2284/ntop
tcp6       0      0 ::1:445                 :::*        LISTEN      0        6662        2396/smbd
tcp6       0      0 fe80::213:d4ff:fe8c:445 :::*        LISTEN      0        6658        2396/smbd
tcp6       0      0 fe80::2e0:7dff:fefd:445 :::*        LISTEN      0        6656        2396/smbd

--------------------------------------------

netstat -atun | awk '{print $5}' | cut -d: -f1 | sed -e '/^$/d' |sort |uniq -c |sort -n

netstat -nat |grep 192.168.0.112 | awk '{print $6}' | sort | uniq -c | sort -n
 
netstat -an | awk '/tcp/ {print $6}' | sort | uniq -c
  7 ESTABLISHED
 25 LISTEN
  4 TIME_WAIT
 
--------------------------------------------

netstat -ltun  ( list ports )

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 127.0.0.1:10024              0.0.0.0:*          LISTEN
tcp        0      0 0.0.0.0:2121                 0.0.0.0:*          LISTEN
tcp        0      0 0.0.0.0:54378                0.0.0.0:*          LISTEN
tcp        0      0 127.0.0.1:139                0.0.0.0:*          LISTEN
tcp        0      0 192.168.1.1:139              0.0.0.0:*          LISTEN
tcp        0      0 0.0.0.0:2223                 0.0.0.0:*          LISTEN
tcp        0      0 0.0.0.0:111                  0.0.0.0:*          LISTEN
tcp        0      0 127.0.0.1:948                0.0.0.0:*          LISTEN
tcp        0      0 0.0.0.0:631                  0.0.0.0:*          LISTEN
tcp        0      0 0.0.0.0:3128                 0.0.0.0:*          LISTEN
tcp        0      0 0.0.0.0:25                   0.0.0.0:*          LISTEN
tcp        0      0 127.0.0.1:445                0.0.0.0:*          LISTEN
tcp        0      0 192.168.1.1:445              0.0.0.0:*          LISTEN
tcp6       0      0 :::993                       :::*               LISTEN
tcp6       0      0 ::1:139                      :::*               LISTEN
tcp6       0      0 fe80::213:d4ff:fe8c:139      :::*               LISTEN
tcp6       0      0 fe80::2e0:7dff:fefd:139      :::*               LISTEN
tcp6       0      0 :::2223                      :::*               LISTEN
tcp6       0      0 :::143                       :::*               LISTEN
tcp6       0      0 :::8080                      :::*               LISTEN
tcp6       0      0 :::631                       :::*               LISTEN
tcp6       0      0 :::3000                      :::*               LISTEN
tcp6       0      0 ::1:445                      :::*               LISTEN
tcp6       0      0 fe80::213:d4ff:fe8c:445 :::*                    LISTEN
tcp6       0      0 fe80::2e0:7dff:fefd:445 :::*                    LISTEN
udp        0      0 192.168.1.1:137           0.0.0.0:*
udp        0      0 0.0.0.0:137               0.0.0.0:*
udp        0      0 192.168.1.1:138           0.0.0.0:*
udp        0      0 0.0.0.0:138               0.0.0.0:*
udp        0      0 0.0.0.0:661               0.0.0.0:*
udp        0      0 0.0.0.0:34076             0.0.0.0:*
udp        0      0 127.0.0.1:161             0.0.0.0:*
udp        0      0 0.0.0.0:67                0.0.0.0:*
udp        0      0 0.0.0.0:52945             0.0.0.0:*
udp        0      0 0.0.0.0:5353              0.0.0.0:*
udp        0      0 0.0.0.0:111               0.0.0.0:*
udp      488      0 0.0.0.0:631               0.0.0.0:*
udp        0      0 0.0.0.0:56702             0.0.0.0:*
udp6       0      0 :::35791                  :::*
udp6       0      0 :::5353                   :::*
 
--------------------------------------------

netstat -nat | grep '^tcp' | sed -e 's/::ffff://gi' | sed -e 's/:::*/0.0.0.0:/gi'| 
   tr ':' ' ' | awk '{ print $6 }' | sort | uniq -c | sort -n -r -k 1
 
 
To print list of all unique IP address connected to server, enter:

netstat -nat | awk '{ print $5}' | cut -d: -f1 | sed -e '/^$/d' | uniq

watch -n 1 -d "netstat -n | grep :3128 |wc -l"
 
--------------------------------------------

This is useful to find out if your server is under attack or not. You can also list 
abusive IP address using this method.

netstat -nat | awk '{print $6}' | sort | uniq -c | sort -n
      1 Endereço
      1 estabelecidas)
      6 TIME_WAIT
     11 ESTABELECIDA
     28 OUÇA

--------------------------------------------
 
netstat -ac

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 localhost:933           *:*                      LISTEN
tcp        0      0 localhost:10024         *:*                      LISTEN
tcp        0      0 *:frox                  *:*                      LISTEN
tcp        0      0 localhost:netbios-ssn   *:*                      LISTEN
tcp        0      0 192.168.1.1:netbios-ssn *:*                      LISTEN
tcp        0      0 *:2223                  *:*                      LISTEN
tcp        0      0 *:sunrpc                *:*                      LISTEN
tcp        0      0 *:ipp                   *:*                      LISTEN
tcp        0      0 *:3128                  *:*                      LISTEN
tcp        0      0 *:smtp                  *:*                      LISTEN
tcp        0      0 localhost:microsoft-ds  *:*                      LISTEN
tcp        0      0 192.168.1.:microsoft-ds *:*                      LISTEN
tcp        0      0 *:55199                 *:*                      LISTEN
tcp        0      0 201-25-240-139.bn:44833 sn103ds.snt103.mail:www TIME_WAIT
tcp        0      0 201-25-240-139.bn:48309 bs-in-f104.1e100.ne:www ESTABLISHED
tcp        0      0 201-25-240-139.bn:50056 bs-in-f104.1e100.ne:www ESTABLISHED
 
--------------------------------------------

netstat -tunva
 
Active Internet connections (servers and established)
 
Proto Recv-Q Send-Q Local Address           Foreign Address           State
 
tcp        0      0 0.0.0.0:2223             0.0.0.0:*                LISTEN
tcp        0      0 0.0.0.0:111              0.0.0.0:*                LISTEN
tcp        0      0 0.0.0.0:631              0.0.0.0:*                LISTEN
tcp        0      0 0.0.0.0:3128             0.0.0.0:*                LISTEN
tcp        0      0 0.0.0.0:25               0.0.0.0:*                LISTEN
tcp        0      0 0.0.0.0:58590            0.0.0.0:*                LISTEN
tcp        0     52 192.168.1.1:2223    192.168.1.2:1026              ESTABLISHED
tcp6       0      0 :::2223                  :::*                     LISTEN
tcp6       0      0 :::8080                  :::*                     LISTEN
tcp6       0      0 :::21                    :::*                     LISTEN
tcp6       0      0 :::631                   :::*                     LISTEN
udp        0      0 0.0.0.0:652              0.0.0.0:*
udp        0      0 0.0.0.0:36898            0.0.0.0:*
udp        0      0 0.0.0.0:43708            0.0.0.0:*
udp        0      0 0.0.0.0:67               0.0.0.0:*
udp        0      0 0.0.0.0:43746            0.0.0.0:*
udp        0      0 0.0.0.0:5353             0.0.0.0:*
udp        0      0 0.0.0.0:111              0.0.0.0:*
udp        0      0 0.0.0.0:631              0.0.0.0:*
udp6       0      0 :::44982                 :::*
udp6       0      0 :::5353                  :::*
 
--------------------------------------------
 
netstat -pat
 
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address       Foreign Address   State       PID/Program name
tcp        0      0 *:55234                   *:*         LISTEN      1760/rpc.statd
tcp        0      0 localhost:netbios-ssn     *:*         LISTEN      2309/smbd
tcp        0      0 192.168.1.1:netbios-ssn   *:*         LISTEN      2309/smbd
tcp        0      0 *:2223                    *:*         LISTEN      2340/sshd
tcp        0      0 *:sunrpc                  *:*         LISTEN      1744/portmap
tcp        0      0 192.168.1.1:ipp           *:*         LISTEN      2047/cupsd
tcp        0      0 localhost:ipp             *:*         LISTEN      2047/cupsd
tcp        0      0 *:3128                    *:*         LISTEN      2235/(squid)
tcp        0      0 *:smtp                    *:*         LISTEN      2126/master
 
--------------------------------------------

netstat -lnp6 | grep :8080 | sed 's#^[^\/]*/\([a-z0-9]*\)#\1#'
apache2
 
netstat -lnp6 | grep :2223 | sed 's#^[^\/]*/\([a-z0-9]*\)#\1#'
sshd
 
netstat -lnp6 | grep :50000 | sed 's#^[^\/]*/\([a-z0-9]*\)#\1#'
proftpd:

--------------------------------------------

netstat -an | grep LISTEN | grep -v ^unix

tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:54059           0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:110             0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:783           0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:2223            0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:143             0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:10000           0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:2000          0.0.0.0:*               LISTEN     
tcp        0      0 187.4.229.187:53        0.0.0.0:*               LISTEN     
tcp        0      0 10.0.0.1:53             0.0.0.0:*               LISTEN     
tcp        0      0 192.168.1.13:53         0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:3128            0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:901             0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:10024         0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:10025         0.0.0.0:*               LISTEN     
tcp6       0      0 :::139                  :::*                    LISTEN     
tcp6       0      0 :::2223                 :::*                    LISTEN     
tcp6       0      0 :::80                   :::*                    LISTEN     
tcp6       0      0 :::53                   :::*                    LISTEN     
tcp6       0      0 :::443                  :::*                    LISTEN     
tcp6       0      0 :::445                  :::*                    LISTEN     

--------------------------------------------

netstat -plan | grep ":80 " | awk {'print $5'} |awk -F: {'print $1'}|sort

206.41.8.80
206.41.8.80
206.41.8.80
206.41.8.80
206.41.8.80
206.41.8.80
72.14.204.100
72.14.204.136

--------------------------------------------

netstat -plan | grep ":80 "

tcp6       0      0 :::80                   :::*                    LISTEN 1476/apache2
tcp6       0      0 187.4.229.187:39267     206.41.8.80:80          TIME_WAIT   -
tcp6       0      0 187.4.229.187:39265     206.41.8.80:80          TIME_WAIT   -
tcp6       0      0 187.4.229.187:39270     206.41.8.80:80          TIME_WAIT   -
tcp6       0      0 187.4.229.187:39266     206.41.8.80:80          TIME_WAIT   -
tcp6       0      0 187.4.229.187:34606     72.14.204.136:80        TIME_WAIT   -
tcp6       0      0 187.4.229.187:47176     72.14.204.100:80        TIME_WAIT   -
tcp6       0      0 187.4.229.187:39269     206.41.8.80:80          TIME_WAIT   -
tcp6       0      0 187.4.229.187:39268     206.41.8.80:80          TIME_WAIT   -

--------------------------------------------

cat /proc/net/ip_conntrack | grep "port=80" | wc -l
8

--------------------------------------------

netstat -alntp

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      3046/mysqld
tcp        0      0 127.0.0.1:7787          0.0.0.0:*               LISTEN      21601/ruby
tcp        0      0 0.0.0.0:110             0.0.0.0:*               LISTEN      10296/dovecot
tcp        0      0 0.0.0.0:143             0.0.0.0:*               LISTEN      10296/dovecot
tcp        0      0 127.0.0.1:783           0.0.0.0:*               LISTEN      8933/spamd.pid
tcp        0      0 0.0.0.0:2223            0.0.0.0:*               LISTEN      3437/sshd
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      2593/portmap
tcp        0      0 127.0.0.1:2000          0.0.0.0:*               LISTEN      10296/dovecot
tcp        0      0 187.4.229.187:53        0.0.0.0:*               LISTEN      2903/named
tcp        0      0 10.0.0.1:53             0.0.0.0:*               LISTEN      2903/named
tcp        0      0 192.168.1.13:53         0.0.0.0:*               LISTEN      2903/named
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      2903/named
tcp        0      0 0.0.0.0:3128            0.0.0.0:*               LISTEN      3503/(squid)
tcp        0      0 0.0.0.0:3000            0.0.0.0:*               LISTEN      21608/ruby
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      10794/master
tcp        0      0 127.0.0.1:60921         0.0.0.0:*               LISTEN      21608/ruby
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      2903/named
tcp        0      0 0.0.0.0:48283           0.0.0.0:*               LISTEN      2609/rpc.statd
tcp        0      0 0.0.0.0:901             0.0.0.0:*               LISTEN      2897/inetd
tcp        0      0 127.0.0.1:10024         0.0.0.0:*               LISTEN      3077/amavisd (maste
tcp        0      0 127.0.0.1:10025         0.0.0.0:*               LISTEN      10794/master
tcp        0      0 127.0.0.1:58445         127.0.0.1:7787          ESTABLISHED 21608/ruby
tcp        0      0 192.168.1.13:3128       192.168.1.100:52528     ESTABLISHED 3503/(squid)
tcp        0      0 127.0.0.1:3306          127.0.0.1:56180         ESTABLISHED 3046/mysqld
tcp        0     52 187.4.229.187:2223      192.168.1.123:58600     ESTABLISHED 24105/sshd: ewb [pr
tcp        0      0 127.0.0.1:56180         127.0.0.1:3306          ESTABLISHED 10303/dovecot-auth
tcp        0      0 192.168.1.13:2223       192.168.1.100:51818     ESTABLISHED 20328/sshd: ewb [pr
tcp        0      0 127.0.0.1:7787          127.0.0.1:58445         ESTABLISHED 21601/ruby
tcp6       0      0 :::139                  :::*                    LISTEN      2831/smbd
tcp6       0      0 :::2223                 :::*                    LISTEN      3437/sshd
tcp6       0      0 :::80                   :::*                    LISTEN      1476/apache2
tcp6       0      0 :::53                   :::*                    LISTEN      2903/named
tcp6       0      0 :::443                  :::*                    LISTEN      1476/apache2
tcp6       0      0 :::445                  :::*                    LISTEN      2831/smbd
tcp6       0      0 187.4.229.187:443       192.168.1.100:53199     TIME_WAIT   -


--------------------------------------------

netstat -nalp |grep -v DGRAM |grep -v STREAM |grep -v LISTEN

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:58445         127.0.0.1:7787          ESTABLISHED 21608/ruby
tcp        0      0 192.168.1.13:3128       192.168.1.100:52528     ESTABLISHED 3503/(squid)
tcp        0      0 127.0.0.1:3306          127.0.0.1:56180         ESTABLISHED 3046/mysqld
tcp        0     52 187.4.229.187:2223      192.168.1.123:58600     ESTABLISHED 24105/sshd: ewb [pr
tcp        0      0 127.0.0.1:56180         127.0.0.1:3306          ESTABLISHED 10303/dovecot-auth
tcp        0      0 192.168.1.13:2223       192.168.1.100:51818     ESTABLISHED 20328/sshd: ewb [pr
tcp        0      0 127.0.0.1:7787          127.0.0.1:58445         ESTABLISHED 21601/ruby
tcp6       0      0 187.4.229.187:443       192.168.1.100:53208     TIME_WAIT   -
udp        0      0 0.0.0.0:111             0.0.0.0:*                           2593/portmap
udp        0      0 0.0.0.0:54770           0.0.0.0:*                           2609/rpc.statd
udp        0      0 192.168.1.255:137       0.0.0.0:*                           2783/nmbd
udp        0      0 192.168.1.13:137        0.0.0.0:*                           2783/nmbd
udp        0      0 0.0.0.0:137             0.0.0.0:*                           2783/nmbd
udp        0      0 0.0.0.0:59658           0.0.0.0:*                           3503/(squid)
udp        0      0 192.168.1.255:138       0.0.0.0:*                           2783/nmbd
udp        0      0 192.168.1.13:138        0.0.0.0:*                           2783/nmbd
udp        0      0 0.0.0.0:138             0.0.0.0:*                           2783/nmbd
udp        0      0 0.0.0.0:665             0.0.0.0:*                           2609/rpc.statd
udp        0      0 0.0.0.0:1194            0.0.0.0:*                           3131/openvpn
udp        0      0 187.4.229.187:53        0.0.0.0:*                           2903/named
udp        0      0 10.0.0.1:53             0.0.0.0:*                           2903/named
udp        0      0 192.168.1.13:53         0.0.0.0:*                           2903/named
udp        0      0 127.0.0.1:53            0.0.0.0:*                           2903/named
udp        0      0 0.0.0.0:67              0.0.0.0:*                           3234/dhcpd
udp6       0      0 :::55452                :::*                                3503/(squid)
udp6       0      0 :::53                   :::*                                2903/named
raw        0      0 0.0.0.0:1               0.0.0.0:*               7           3234/dhcpd

--------------------------------------------

netstat -tln

netstat –ltun

netstat –tunva 

netstat –atu

netstat -ta

netstat –nat

netstat -nr 

netstat –nat

netstat –lntpe

netstat –antu

netstat -an | awk '/tcp/ {print $6}' | sort | uniq –c

netstat -atun | awk '{print $5}' | cut -d: -f1 | sed -e '/^$/d' |sort |uniq -c |sort -n

netstat -lnp6 | grep :8080 | sed 's#^[^\/]*/\([a-z0-9]*\)#\1#'

netstat -lnp6 | grep :2223 | sed 's#^[^\/]*/\([a-z0-9]*\)#\1#'

netstat -nat | grep '^tcp' | sed -e 's/::ffff://gi' | sed -e 's/:::*/0.0.0.0:/gi'
   | tr ':' ' ' | awk '{ print $6 }' | sort | uniq -c | sort -n -r -k 1

netstat -nat | awk '{print $6}' | sort | uniq -c | sort –n

netstat –pat

netstat –tulpan

--------------------------------------------

netstat -tn|grep :80|awk '{print $5}'|cut -d: -f1|sort|uniq -c|sort -rn|head
     12 189.45.192.16
      1 64.4.18.90

--------------------------------------------


netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

      1 176.32.98.118
      1 176.32.98.152
      1 180.48.224.210
      1 208.29.69.153
      1 66.147.242.183
      1 69.171.248.16
      1 72.21.202.183
      1 74.125.229.51
      1 74.125.229.56
      1 74.200.244.59
      1 Address
      1 servers)
      2 184.84.1.55
      2 74.200.247.59
      3 127.0.0.1
      3 192.168.1.116
      4 74.125.229.57
      5 205.251.223.233
      6 189.45.192.16
     37 192.168.1.15

--------------------------------------------

netstat -alntp | grep :80 | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

      1 0.0.0.0
      1 208.29.69.153
      1 69.171.248.16
      1 69.63.190.70
      1 74.200.244.59
      2 74.200.247.59

--------------------------------------------

netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

      1 180.48.224.210
      1 208.29.69.171
      1 208.29.69.216
      1 208.29.69.219
      1 69.171.248.16
      1 69.25.24.23
      1 69.63.190.70
      1 74.125.229.33
      1 74.125.229.35
      1 Address
      1 servers)
      2 127.0.0.1
      5 192.168.1.116
     39 192.168.1.15

--------------------------------------------

netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

      1 180.48.224.210
      1 69.171.248.16
      1 Address
      1 servers)
      3 127.0.0.1
      5 192.168.1.116
     10 192.168.1.15

--------------------------------------------

netstat -alntp | grep :80 | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

      1 0.0.0.0
      1 69.171.248.16
      1 69.63.190.70


--------------------------------------------


List the number of current connections(top 10) of port 80 (with IP):

netstat -tn|grep :80|awk '{print $5}' |cut -d: -f1|sort|uniq -c|sort -rn|head

      6 206.41.8.180
      2 74.125.130.95
      2 209.107.209.42
      1 74.125.229.55
      1 69.25.24.23
      1 69.171.248.16
      1 66.220.153.70
      1 23.33.143.144
      1 209.107.209.35
      1 127.0.0.1

--------------------------------------------

netstat -n -A  inet

Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 192.168.1.13:3128       192.168.1.15:50500      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50480      TIME_WAIT
tcp        0      0 192.168.1.13:3128       192.168.1.15:50532      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50534      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50502      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50544      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50546      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50478      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50486      TIME_WAIT
tcp        0      0 192.168.1.13:3128       192.168.1.15:50476      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50498      ESTABLISHED
tcp        0      0 127.0.0.1:46935         127.0.0.1:3306          ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50488      TIME_WAIT
tcp        0      0 192.168.1.13:3128       192.168.1.15:50530      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50539      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50548      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50503      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50535      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50523      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50492      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50473      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50475      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50511      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50516      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50528      ESTABLISHED
tcp       57      0 127.0.0.1:60396         127.0.0.1:10025         CLOSE_WAIT
tcp        0      0 192.168.1.13:3128       192.168.1.15:50541      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50543      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50519      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50485      TIME_WAIT
tcp        0      0 192.168.1.13:3128       192.168.1.15:50536      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50533      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50514      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.116:51500     ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50509      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50505      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50474      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50507      ESTABLISHED
tcp       57      0 127.0.0.1:60397         127.0.0.1:10025         CLOSE_WAIT
tcp        0      0 192.168.1.13:3128       192.168.1.15:50537      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50506      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50531      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50491      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50494      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50487      TIME_WAIT
tcp        0      0 192.168.1.13:3128       192.168.1.15:50499      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50495      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50529      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50545      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.116:51499     ESTABLISHED
tcp        0      0 192.168.1.13:2223       192.168.1.15:49514      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50527      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50521      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.116:51503     ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.116:51498     ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50510      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50520      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50540      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50481      TIME_WAIT
tcp        0      0 192.168.1.13:3128       192.168.1.15:50508      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50517      ESTABLISHED
tcp        0      0 127.0.0.1:3306          127.0.0.1:46935         ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50526      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50493      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.116:51501     ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50525      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50512      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50538      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50489      TIME_WAIT
tcp        0      0 192.168.1.13:3128       192.168.1.15:50522      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50477      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50542      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50504      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50501      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50524      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50496      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.116:51502     ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50497      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50483      TIME_WAIT
tcp        0      0 127.0.0.1:80            127.0.0.1:44350         TIME_WAIT
tcp        0      0 192.168.1.13:3128       192.168.1.116:51497     ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50515      ESTABLISHED
tcp        0      0 192.168.1.13:2223       192.168.1.116:50772     ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50482      TIME_WAIT
tcp        0      0 192.168.1.13:3128       192.168.1.15:50518      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50547      ESTABLISHED

--------------------------------------------

netstat --listen -A inet

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 localhost:mysql         *:*                     LISTEN
tcp        0      0 *:submission            *:*                     LISTEN
tcp        0      0 *:pop3                  *:*                     LISTEN
tcp        0      0 localhost:spamd         *:*                     LISTEN
tcp        0      0 *:2223                  *:*                     LISTEN
tcp        0      0 *:imap2                 *:*                     LISTEN
tcp        0      0 *:sunrpc                *:*                     LISTEN
tcp        0      0 *:webmin                *:*                     LISTEN
tcp        0      0 *:50000                 *:*                     LISTEN
tcp        0      0 localhost:cisco-sccp    *:*                     LISTEN
tcp        0      0 *:www                   *:*                     LISTEN
tcp        0      0 *:ssmtp                 *:*                     LISTEN
tcp        0      0 ns1.juralinux.co:domain *:*                     LISTEN
tcp        0      0 10.0.0.1:domain         *:*                     LISTEN
tcp        0      0 192.168.1.13:domain     *:*                     LISTEN
tcp        0      0 localhost:domain        *:*                     LISTEN
tcp        0      0 *:ipp                   *:*                     LISTEN
tcp        0      0 192.168.1.13:3128       *:*                     LISTEN
tcp        0      0 *:smtp                  *:*                     LISTEN
tcp        0      0 localhost:953           *:*                     LISTEN
tcp        0      0 *:https                 *:*                     LISTEN
tcp        0      0 *:pop3s                 *:*                     LISTEN
tcp        0      0 *:swat                  *:*                     LISTEN
tcp        0      0 *:54599                 *:*                     LISTEN
tcp        0      0 localhost:10024         *:*                     LISTEN
tcp        0      0 localhost:10025         *:*                     LISTEN
udp        0      0 *:openvpn               *:*
udp        0      0 *:42670                 *:*
udp        0      0 ns1.juralinux.co:domain *:*
udp        0      0 10.0.0.1:domain         *:*
udp        0      0 192.168.1.13:domain     *:*
udp        0      0 localhost:domain        *:*
udp        0      0 *:823                   *:*
udp        0      0 *:bootps                *:*
udp        0      0 *:45012                 *:*
udp        0      0 *:sunrpc                *:*
udp        0      0 *:ipp                   *:*
udp        0      0 192.168.1.25:netbios-ns *:*
udp        0      0 192.168.1.13:netbios-ns *:*
udp        0      0 *:netbios-ns            *:*
udp        0      0 192.168.1.2:netbios-dgm *:*
udp        0      0 192.168.1.1:netbios-dgm *:*
udp        0      0 *:netbios-dgm           *:*
udp        0      0 *:10000                 *:*
raw        0      0 *:icmp                  *:*  

--------------------------------------------

netstat -n -A inet -t

Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 192.168.1.13:3128       192.168.1.15:50500      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50532      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50534      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50502      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50478      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50476      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50498      ESTABLISHED
tcp        0      0 127.0.0.1:46935         127.0.0.1:3306          ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50530      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50548      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50503      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50492      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50473      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50475      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50551      ESTABLISHED
tcp       57      0 127.0.0.1:60396         127.0.0.1:10025         CLOSE_WAIT
tcp        0      0 192.168.1.13:3128       192.168.1.116:51505     ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50533      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50509      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50505      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50474      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50507      ESTABLISHED
tcp       57      0 127.0.0.1:60397         127.0.0.1:10025         CLOSE_WAIT
tcp        0      0 192.168.1.13:3128       192.168.1.15:50537      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50506      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50531      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50491      FIN_WAIT2
tcp        0      0 192.168.1.13:3128       192.168.1.15:50494      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50499      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50495      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50529      ESTABLISHED
tcp        0      0 192.168.1.13:2223       192.168.1.15:49514      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50510      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50540      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50508      ESTABLISHED
tcp        0      0 127.0.0.1:3306          127.0.0.1:46935         ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50493      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50552      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50477      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50504      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50501      ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.15:50496      FIN_WAIT2
tcp        0      0 192.168.1.13:3128       192.168.1.15:50497      ESTABLISHED
tcp        0      0 192.168.1.13:2223       192.168.1.116:50772     ESTABLISHED
tcp        0      0 192.168.1.13:3128       192.168.1.116:51506     ESTABLISHED

--------------------------------------------

netstat -A inet -n -p | grep 3306

tcp        0      0 127.0.0.1:46935     127.0.0.1:3306    ESTABLISHED 7353/dovecot-auth
tcp        0      0 127.0.0.1:3306      127.0.0.1:46935   ESTABLISHED 7163/mysqld

--------------------------------------------

netstat -an | grep ESTABLISHED | awk '{print $5}' |awk -F: '{print $1}' |sort |uniq -c | 
awk '{ printf("%s\t%s\t",$2,$1) ; for (i = 0; i < $1; i++) {printf("*")}; print "" }'

127.0.0.1       2       **
192.168.1.116   2       **
192.168.1.15    2       **
74.125.229.38   1       *

--------------------------------------------

netstat -l --inet

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 *:submission            *:*                     LISTEN
tcp        0      0 *:pop3                  *:*                     LISTEN
tcp        0      0 localhost:spamd         *:*                     LISTEN
tcp        0      0 *:imap2                 *:*                     LISTEN
tcp        0      0 *:sunrpc                *:*                     LISTEN
tcp        0      0 localhost:cisco-sccp    *:*                     LISTEN
tcp        0      0 *:webmin                *:*                     LISTEN
tcp        0      0 *:ssmtp                 *:*                     LISTEN
tcp        0      0 ns1.juralinux.co:domain *:*                     LISTEN
tcp        0      0 192.168.1.13:domain     *:*                     LISTEN
tcp        0      0 localhost:domain        *:*                     LISTEN
tcp        0      0 *:ssh                   *:*                     LISTEN
tcp        0      0 *:ipp                   *:*                     LISTEN
tcp        0      0 192.168.1.13:3128       *:*                     LISTEN
tcp        0      0 *:smtp                  *:*                     LISTEN
tcp        0      0 localhost:953           *:*                     LISTEN
tcp        0      0 *:swat                  *:*                     LISTEN
tcp        0      0 localhost:10024         *:*                     LISTEN
tcp        0      0 localhost:10025         *:*                     LISTEN
tcp        0      0 localhost:mysql         *:*                     LISTEN
tcp        0      0 *:60266                 *:*                     LISTEN
udp        0      0 ns1.juralinux.co:domain *:*
udp        0      0 192.168.1.13:domain     *:*
udp        0      0 localhost:domain        *:*
udp        0      0 *:bootps                *:*
udp        0      0 *:38732                 *:*
udp        0      0 *:53712                 *:*
udp        0      0 *:nqs                   *:*
udp        0      0 *:sunrpc                *:*
udp        0      0 *:ipp                   *:*
udp        0      0 192.168.1.25:netbios-ns *:*
udp        0      0 192.168.1.13:netbios-ns *:*
udp        0      0 *:netbios-ns            *:*
udp        0      0 192.168.1.2:netbios-dgm *:*
udp        0      0 192.168.1.1:netbios-dgm *:*
udp        0      0 *:netbios-dgm           *:*
udp        0      0 *:10000                 *:*
raw        0      0 *:icmp                  *:*                     

--------------------------------------------

netstat -ln --tcp

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:587             0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:110             0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:783           0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:143             0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:2000          0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:10000           0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:465             0.0.0.0:*               LISTEN
tcp        0      0 187.4.229.187:53        0.0.0.0:*               LISTEN
tcp        0      0 192.168.1.13:53         0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:631             0.0.0.0:*               LISTEN
tcp        0      0 192.168.1.13:3128       0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:901             0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:10024         0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:10025         0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:60266           0.0.0.0:*               LISTEN
tcp6       0      0 :::139                  :::*                    LISTEN
tcp6       0      0 :::80                   :::*                    LISTEN
tcp6       0      0 :::50000                :::*                    LISTEN
tcp6       0      0 :::22                   :::*                    LISTEN
tcp6       0      0 :::631                  :::*                    LISTEN
tcp6       0      0 :::445                  :::*                    LISTEN

--------------------------------------------

netstat -panel | egrep "([0-9]+:)+" | awk '{printf "%s\t%s\n", $4, $9}' |sort | uniq

0.0.0.0:10000   
0.0.0.0:10000        5503/perl
0.0.0.0:111  
0.0.0.0:111          1491/portmap
0.0.0.0:1194
0.0.0.0:1195
0.0.0.0:1            2230/dhcpd
0.0.0.0:137
0.0.0.0:138
0.0.0.0:17011
0.0.0.0:2223         4605/sshd
0.0.0.0:25           5152/master
0.0.0.0:443          2088/apache2
0.0.0.0:44936
0.0.0.0:46215
0.0.0.0:465          5152/master
0.0.0.0:50000        8915/proftpd:
0.0.0.0:56771        1778/rpc.statd
0.0.0.0:587          5152/master
0.0.0.0:631
0.0.0.0:631          2046/cupsd
0.0.0.0:67
0.0.0.0:682
0.0.0.0:80           2088/apache2
0.0.0.0:901          4734/xinetd
10.0.0.1:53
10.0.0.1:53          16670/named
127.0.0.1:10024      2070/amavisd-new
127.0.0.1:10025      5152/master
127.0.0.1:2000       29150/dovecot
127.0.0.1:3306       2407/mysqld
127.0.0.1:53
127.0.0.1:53         16670/named
127.0.0.1:56909      29162/dovecot-auth
127.0.0.1:783        19012/spamd.pid
127.0.0.1:953        16670/named
172.16.0.1:53
172.16.0.1:53        16670/named
187.4.229.187:53
187.4.229.187:53     16670/named
192.168.1.13:137
192.168.1.13:138
192.168.1.13:2223    29124/sshd:
192.168.1.13:3128    3937/(squid)
192.168.1.13:53
192.168.1.13:53      16670/named
192.168.1.255:137
192.168.1.255:138

--------------------------------------------

netstat -panel | egrep '([0-9]+:)+' | awk '{print $4, $9}' | sort | uniq

0.0.0.0:10000
0.0.0.0:10000      5503/perl
0.0.0.0:111
0.0.0.0:111        1491/portmap
0.0.0.0:1194
0.0.0.0:1195
0.0.0.0:1          2230/dhcpd
0.0.0.0:137
0.0.0.0:138
0.0.0.0:17011
0.0.0.0:2223       4605/sshd
0.0.0.0:25         5152/master
0.0.0.0:443        2088/apache2
0.0.0.0:44936
0.0.0.0:46215
0.0.0.0:465        5152/master
0.0.0.0:50000      8915/proftpd:
0.0.0.0:56771      1778/rpc.statd
0.0.0.0:587        5152/master
0.0.0.0:631
0.0.0.0:63  1      2046/cupsd
0.0.0.0:67
0.0.0.0:682
0.0.0.0:80         2088/apache2
0.0.0.0:901        4734/xinetd
10.0.0.1:53
10.0.0.1:53        16670/named
127.0.0.1:10024    2070/amavisd-new
127.0.0.1:10025    5152/master
127.0.0.1:2000     29150/dovecot
127.0.0.1:3306     2407/mysqld
127.0.0.1:53
127.0.0.1:53       16670/named
127.0.0.1:56909    29162/dovecot-auth
127.0.0.1:783      19012/spamd.pid
127.0.0.1:953      16670/named
172.16.0.1:53
172.16.0.1:53      16670/named
187.4.229.187:53
187.4.229.187:53   16670/named
192.168.1.13:137
192.168.1.13:138
192.168.1.13:2223  29124/sshd:
192.168.1.13:3128  3937/(squid)
192.168.1.13:53
192.168.1.13:53    16670/named
192.168.1.255:137
192.168.1.255:138

--------------------------------------------

netstat -panel | egrep "([0-9]+:)+" | awk '{printf "%s\t%s\n", $4, $9}' | sort | uniq

0.0.0.0:10000
0.0.0.0:10000       5503/perl
0.0.0.0:111
0.0.0.0:111         1491/portmap
0.0.0.0:1194
0.0.0.0:1195
0.0.0.0:1           2230/dhcpd
0.0.0.0:137
0.0.0.0:138
0.0.0.0:17011
0.0.0.0:2223        4605/sshd
0.0.0.0:25          5152/master
0.0.0.0:443         2088/apache2
0.0.0.0:44936
0.0.0.0:46215
0.0.0.0:465         5152/master
0.0.0.0:50000       8915/proftpd:
0.0.0.0:56771       1778/rpc.statd
0.0.0.0:587         5152/master
0.0.0.0:631
0.0.0.0:631         2046/cupsd
0.0.0.0:67
0.0.0.0:682
0.0.0.0:80          2088/apache2
0.0.0.0:901         4734/xinetd
10.0.0.1:53
10.0.0.1:53         16670/named
127.0.0.1:10024     2070/amavisd-new
127.0.0.1:10025     5152/master
127.0.0.1:2000      29150/dovecot
127.0.0.1:3306      2407/mysqld
127.0.0.1:53
127.0.0.1:53        16670/named
127.0.0.1:56909     29162/dovecot-auth
127.0.0.1:783       19012/spamd.pid
127.0.0.1:953       16670/named
172.16.0.1:53
172.16.0.1:53       16670/named
187.4.229.187:53
187.4.229.187:53    16670/named
192.168.1.13:137
192.168.1.13:138
192.168.1.13:2223   29124/sshd:
192.168.1.13:3128   3937/(squid)
192.168.1.13:53
192.168.1.13:53     16670/named
192.168.1.255:137
192.168.1.255:138

--------------------------------------------

netstat -panel | egrep "([0-9]+:)+" | awk '{printf "%s\t%s\n", $4, $9}' | sort | uniq

0.0.0.0:10000   
0.0.0.0:10000        5503/perl
0.0.0.0:111  
0.0.0.0:111          1491/portmap
0.0.0.0:1194
0.0.0.0:1195
0.0.0.0:1            2230/dhcpd
0.0.0.0:137
0.0.0.0:138
0.0.0.0:17011
0.0.0.0:2223         4605/sshd
0.0.0.0:25           5152/master
0.0.0.0:443          2088/apache2
0.0.0.0:44936
0.0.0.0:46215
0.0.0.0:465          5152/master
0.0.0.0:50000        8915/proftpd:
0.0.0.0:56771        1778/rpc.statd
0.0.0.0:587          5152/master
0.0.0.0:631
0.0.0.0:631          2046/cupsd
0.0.0.0:67
0.0.0.0:682
0.0.0.0:80           2088/apache2
0.0.0.0:901          4734/xinetd
10.0.0.1:53
10.0.0.1:53          16670/named
127.0.0.1:10024      2070/amavisd-new
127.0.0.1:10025      5152/master
127.0.0.1:2000       29150/dovecot
127.0.0.1:3306       2407/mysqld
127.0.0.1:53
127.0.0.1:53         16670/named
127.0.0.1:56909      29162/dovecot-auth
127.0.0.1:783        19012/spamd.pid
127.0.0.1:953        16670/named
172.16.0.1:53
172.16.0.1:53        16670/named
187.4.229.187:53
187.4.229.187:53     16670/named
192.168.1.13:137
192.168.1.13:138
192.168.1.13:2223    29124/sshd:
192.168.1.13:3128    3937/(squid)
192.168.1.13:53
192.168.1.13:53      16670/named
192.168.1.255:137
192.168.1.255:138

--------------------------------------------

netstat -panel | egrep '([0-9]+:)+' | awk '{print $4, $9}' | sort | uniq

0.0.0.0:10000
0.0.0.0:10000      5503/perl
0.0.0.0:111
0.0.0.0:111        1491/portmap
0.0.0.0:1194
0.0.0.0:1195
0.0.0.0:1          2230/dhcpd
0.0.0.0:137
0.0.0.0:138
0.0.0.0:17011
0.0.0.0:2223       4605/sshd
0.0.0.0:25         5152/master
0.0.0.0:443        2088/apache2
0.0.0.0:44936
0.0.0.0:46215
0.0.0.0:465        5152/master
0.0.0.0:50000      8915/proftpd:
0.0.0.0:56771      1778/rpc.statd
0.0.0.0:587        5152/master
0.0.0.0:631
0.0.0.0:63  1      2046/cupsd
0.0.0.0:67
0.0.0.0:682
0.0.0.0:80         2088/apache2
0.0.0.0:901        4734/xinetd
10.0.0.1:53
10.0.0.1:53        16670/named
127.0.0.1:10024    2070/amavisd-new
127.0.0.1:10025    5152/master
127.0.0.1:2000     29150/dovecot
127.0.0.1:3306     2407/mysqld
127.0.0.1:53
127.0.0.1:53       16670/named
127.0.0.1:56909    29162/dovecot-auth
127.0.0.1:783      19012/spamd.pid
127.0.0.1:953      16670/named
172.16.0.1:53
172.16.0.1:53      16670/named
187.4.229.187:53
187.4.229.187:53   16670/named
192.168.1.13:137
192.168.1.13:138
192.168.1.13:2223  29124/sshd:
192.168.1.13:3128  3937/(squid)
192.168.1.13:53
192.168.1.13:53    16670/named
192.168.1.255:137
192.168.1.255:138

--------------------------------------------

netstat -panel | egrep "([0-9]+:)+" | awk '{printf "%s\t%s\n", $4, $9}' | sort | uniq

0.0.0.0:10000
0.0.0.0:10000       5503/perl
0.0.0.0:111
0.0.0.0:111         1491/portmap
0.0.0.0:1194
0.0.0.0:1195
0.0.0.0:1           2230/dhcpd
0.0.0.0:137
0.0.0.0:138
0.0.0.0:17011
0.0.0.0:2223        4605/sshd
0.0.0.0:25          5152/master
0.0.0.0:443         2088/apache2
0.0.0.0:44936
0.0.0.0:46215
0.0.0.0:465         5152/master
0.0.0.0:50000       8915/proftpd:
0.0.0.0:56771       1778/rpc.statd
0.0.0.0:587         5152/master
0.0.0.0:631
0.0.0.0:631         2046/cupsd
0.0.0.0:67
0.0.0.0:682
0.0.0.0:80          2088/apache2
0.0.0.0:901         4734/xinetd
10.0.0.1:53
10.0.0.1:53         16670/named
127.0.0.1:10024     2070/amavisd-new
127.0.0.1:10025     5152/master
127.0.0.1:2000      29150/dovecot
127.0.0.1:3306      2407/mysqld
127.0.0.1:53
127.0.0.1:53        16670/named
127.0.0.1:56909     29162/dovecot-auth
127.0.0.1:783       19012/spamd.pid
127.0.0.1:953       16670/named
172.16.0.1:53
172.16.0.1:53       16670/named
187.4.229.187:53
187.4.229.187:53    16670/named
192.168.1.13:137
192.168.1.13:138
192.168.1.13:2223   29124/sshd:
192.168.1.13:3128   3937/(squid)
192.168.1.13:53
192.168.1.13:53     16670/named
192.168.1.255:137
192.168.1.255:138



"Wisdom is like a river, the deeper it is the less noise it makes"

Afim de aprender mais? Fale comigo: linux1.noip@gmail.com