Monthly Archives: August 2021

Useful lsof Commands and Switches – Linux

lsof command in Linux:

lsof is one of the most powerful tool for all sysadmins to check and analyze processes running on your Linux server. This gives a detailed information about processes running on the server, path to the executables and other library files the process is calling. In other words, it gives a list of all opened files on server.

Basic Syntax:

lsof [Options]

Usages:

List all opened files on server using lsof:

The below command can be used to list all the opened files on a server:
lsof

List all TCP/UDP connections to the server using lsof:

sometimes we need to check the TCP/UDP connections to the server and this can be done with ease using the lsof command along with the switch ‘i’:

lsof -i

List all connections except root user:

Wow, this is an interesting command and it can help in many scenarios, please check the switch for it below:

lsof -i -u^root

The above command is very useful when trying to trace an attack on server.

List all TCP connections to server:
lsof -i tcp

List all UDP connections to server:
lsof -i udp

List all connections to the port 80:
lsof -i tcp:80

List all opened files by a user:

This is going to be a very useful command, this can be used to check the user who creates load on the server.

lsof -u root

Replace ‘root’in above command with the username your want to trace.

List all opened files by a programe (eg: apache2):

lsof -c apache2

How to use multiple options with lsof command:

You can use “-a” at the beginning of the lsof command to use two or more options.
Examples:

List all opened files by apache2 run by ‘root’:

lsof -a -c httpd -u root

List all opened files by mysql inside /var/lib/ folder:

lsof -a -c mysql +D /var/lib/

That’s all guys, please try out everything and keep some usages in mind, it can really save your neck!

Thank you for reading! Bye from nixlinux! 🙂

How to Use lsof Command in Security Analysis – Linux

Hi all,

Server security is very important when we run important applications or websites on servers. As a Linux systems administrator enhancing security or finding intruders, hackers etc and block them from taking or destroying our data is inevitable.

Security features can be added, there are many applications, tools for this which can alert us when something suspicious happens, at the same time by spending some little amount of time, we can manually check something and can find attacks, security issues etc with the server.

let’s check some simple methods we can probably use to find the same on a Linux server with the help of lsof command:

Trace malicious programs on server using lsof:

How to find which processes have highest number of opened files:
lsof | awk ‘{printf(“%s (%s)\n”, $1, $2)}’ |sort -n|uniq -c|sort -n|tail

The above command will give you the number of opened files for each processes and list 10 processes with highest number of connections. You can append “-20” at the end of the above command if you want to list 20 processes with highest number of opened files.

Locate unused open ports on your server:

– Run netstat command to check if there are any suspicious ports:

netstat -an
The output of the above command will look like:
udp 0 0 0.0.0.0:41713 0.0.0.0:*

udp 0 0 0.0.0.0:55566 0.0.0.0:*

udp 0 0 0.0.0.0:7500 0.0.0.0:*

udp 0 0 0.0.0.0:68 0.0.0.0:*

In the above example, say if you found an unknown port 41713, run the following command to locate the program using that port.

lsof -i udp:41713

Locate if any files are opened by a program which doesn’t exist in file system:

lsof | grep deleted

The output of the above command will contain some opened files used by processes and the files will not be present in the file system. You can manually kill/terminate these processes to free up the memory, otherwise the memory allotted for these files wont be freed.

That’s all, check another methods also, thanks for reading! Share and help if you felt this helpful!

Thank you!

Backup and Restore a Single Table in MySQL Database

Hello,

Taking the backup of a single table of a MySQL database and restoring it is possible via command line. You might have done this using phpmyadmin or via other applications, let’s check how this can be done using the command line tool.

I am not writing too much, let’s directly move to the steps:
NOTE: Please take necessary backups before doing the below steps
Backup a single table from MySQL Database:

Run the following command to take table backup:

# mysqldump -u <Username> -p <password> <database-name> <Table-Name> < <File-Name>

Example:

# eg: mysqldump -u root -p ROOTPASS test_db test_db_table > test_db_table.sql

That’s all about taking backup. Now let’s see how to restore it.

Restore the table to MySQL database:

Run the following command to restore the table on your destination database:
# Mysql -u <Username_of_destination_DB> -p <Password_of_destination_DB> <DB_Name> < <Backup_file_name>

Example:
# mysql -u dest_user -pDESTPASS dest_db < test_db_table.sql

That’s all guys, happy linuxing!

How to use apache as proxy server – Linux

Hi again,

In this blog I will explain how we set apache as a proxy server, this has many advantages and also this gives more security to the server.

Why use apache as proxy?

By using apache as proxy, you can forward then apache queries to a different server/port, so the end user wont know the actual IP address/Port number of the server. The server which the traffics are being passed to need not have an internet connection, but only a private network connection with proxy-apache server.

This method can be used :

1) To prevent DDOS attacks to your web server.

2) To enhance security by hiding the main server from public networks.

How to use apache as proxy server:

On proxy server compile apache with proxy options:

# ./configure –enable-proxy –enable-proxy-ftp –enable-proxy-http –enable-proxy-connect

Note: You can add additional modules along with proxy modules.

I assume you configured apache with proxy modules. Now open the VirtualHost file of your website and add the following lines.

<VirtualHost *:80>
ServerName example.com
ServerAdmin admin@example.com
ProxyPreserveHost On
ProxyPass / http://IP_ADDRESS_OF_WEBSERVER:PORT/
ProxyPassReverse / http://IP_ADDRESS_OF_WEBSERVER:PORT/
DocumentRoot /var/www
</VirtualHost>

Replace IP_ADDRESS_OF_WEBSERVER with IP address of the actual webserver and PORT with the webserver port on IP_ADDRESS_OF_WEBSERVER.

Example:

If the second server has the IP address 192.168.1.0, and webserver (eg: apache, tomcat, jboss etc) is listening on port 8080, the VirtualHost entry becomes:

<VirtualHost *:80>
ServerName example.com
ServerAdmin admin@example.com
ProxyPreserveHost On
ProxyPass / http://192.168.1.0:8080/
ProxyPassReverse / http://192.168.1.0:8080
DocumentRoot /var/www

</VirtualHost>

The same method can be used if you’re running another webserver on port 8080 and want to simply redirect traffic to port 8080. In that case you need to replace 192.168.1.0 with “localhost”. You can use this method for a load-balancing between apache-tomcat or apache-jboss combinations.

That’s all guys! Thanks !