New Zealand Linux

Often Iv’ve seen boxes compromised, or commands run that we have no idea who did it and at what time. Its very frustrating, especially when we have no idea if a customer did it, one of the staff, or if a box was compromised.

HISTTIMEFORMAT="%F-%R%t"

now you can run the following command

wishes@tulip:~$ history | tail -n 2
502  2009-10-15-11:26 vim .bashrc
503  2009-10-15-11:26 history | tail -n 2

If you want this permanent you can put it into /etc/profile on a line by itself. This will then be sites wide.

I came across this little gem not to long back which is handy.

It basically blocks IPs depending on the amount of connections they have. The defaults are fairly reasonable at 150 connections, and its remarkably easy to install.

wget http://www.inetbase.com/scripts/ddos/install.sh
chmod 0700 install.sh
./install.sh

Presto, now its installed! If you want to customize it then check in /usr/local/ddos/ddos.conf and edit it a bit.

Uninstall is just as easy

wget http://www.inetbase.com/scripts/ddos/uninstall.ddos
chmod 0700 uninstall.ddos
./uninstall.ddos

I found this the today http://www.safe-rm.org.nz/ , and having had the odd accident im most definitely going to be installing this on my own server!

What is safe-rm?

Safe-rm is a safety tool intended to prevent the accidental deletion of important files by replacing /bin/rm with a wrapper, which checks the given arguments against a configurable blacklist of files and directories that should never be removed.

Users who attempt to delete one of these protected files or directories will not be able to do so and will be shown a warning message instead:

$ rm -rf /usr
Skipping /usr

(Protected paths can be set both at the site and user levels.)

Recovering important files you deleted by mistake can be quite hard.

So, why not install this on your server and save yourself some hassles in case you accidentally have that shell script gone wrong problem. Now if somebody could do the same to fdisk I would be totally happy, there was this time when i accidentally repartitioned my own server HDD after puting a new one in, and got the wrong drive :/

For manual install its as simple as

wget the file http://safe-rm.googlecode.com/files/safe-rm-0.6.tar.gz

tar zvxf safe-rm-0.6.tar.gz

cd safe-rm-0.6

mv /bin/rm /bin/old-rm

mv safe-rm /bin/rm

For those running debian variants you can

apt-get install safe-rm

Points to note in the README:

Once you have installed safe-rm on your system (see INSTALL), you will need to
fill the system-wide or user-specific blacklists with the paths that you’d like
to protect against accidental deletion.

The system-wide blacklist lives in /etc/safe-rm.conf and you should probably add
paths like these:

/
/etc
/usr
/usr/lib
/var

The user-specific blacklist lives in ~/.safe-rm and could include things like:

/home/username/documents
/home/username/documents/*
/home/username/.mozilla

Here are two projects which allow you to recover recently deleted files by trapping
all unlink(), rename() and open() system calls through the LD_PRELOAD facility:

delsafe (link in the readme is dead but i googled and updated it here)
http://unix.freshmeat.net/projects/delsafe

libtrashcan
http://hpux.connect.org.uk/hppd/hpux/Development/Libraries/libtrash-0.2/readme.html

There are also projects which implement the FreeDesktop.org trashcan spec. For example:

trash-cli
http://code.google.com/p/trash-cli