Posts Tagged ‘mainstream’

How to keep track of All User accounts executed commands, highest CPU consumers and user times on Linux

Tuesday, February 5th, 2013

Linux accounting keeping an eye on all user run commands time accounting find cpu eaters

For people interested into statistics of how Linux existing users are spending, there log in times and what kind of commands each of users is executing, take a look at acct
acct is existing on all mainstream Linux distributions is a great sysadmin tool. acct is a great tool whether you have a system where a multitude of users you don't trust has to be monitored. It is an absolutely must have for anyone willing to run, lets say  experimental honeypot or  free shell host. acct is useful for paranoid sysadmins who like to always knows what there users are running as well as in situation where some of users is suspected to be a potential cracker trying to root the host.

Below is description of acct package on Debian:

# apt-cache show acct| grep -i description -A 8
Description: The GNU Accounting utilities for process and login accounting
 GNU Accounting Utilities is a set of utilities which reports and summarizes
 data about user connect times and process execution statistics.
 .
 "Login accounting" provides summaries of system resource usage based on connect
 time, and "process accounting" provides summaries based on the commands
 executed on the system.
 .
 The 'last' command is provided by the sysvinit package and not included here.

To start using acct, just install it with usual:

# apt-get install --yes acct

(Whether on Debian / Ubuntu Linux);

On Fedora, CentOS and RHEL and other RPM based Linuxes issue;

yum --y install psacct

On deb based Linux distributions, whether acct collects statistics is controlled via:

/etc/default/acct

# cat /etc/default/acct
# Defaults for acct

# If you want to keep acct installed, but not started automatically, set this
# variable to 0. Because /etc/cron.daily/acct calls the initscript daily, it is
# not sufficient to stop acct once after booting if your machine remains up.
ACCT_ENABLE="1"

# Amount of days that the logs are kept.
ACCT_LOGGING="30"

After installed to start collecting user "process accounting" data run acct via init script;

# /etc/init.d/acct start
Turning on process accounting, file set to '/var/log/account/pacct'.
Done..

The file gathering info on system usage, CPU load, user ran commands /var/log/account/psacct is a binary and unreadable tailing it with tail -f .

On CentOS / Fedora Linux to Enable acct account statistics gathering in future boot and from present moment on do;

# chkconfig psacct on
# /etc/init.d/psacct start

1. Find out all commands executed by Linux user account (lastcomm)

Once user accounting is running to get information of every command ever executed on user shell use lastcomm cmd. For example:

# lastcomm hipo

bash              F    hipo     pts/1      0.00 secs Tue Feb  5 00:20
bash              F    hipo     pts/1      0.03 secs Tue Feb  5 00:20
sed                    hipo     pts/1      0.00 secs Tue Feb  5 00:20
bash              F    hipo     pts/1      0.00 secs Tue Feb  5 00:20
uname                  hipo     pts/1      0.00 secs Tue Feb  5 00:20
bash              F    hipo     pts/1      0.00 secs Tue Feb  5 00:20
dircolors              hipo     pts/1      0.00 secs Tue Feb  5 00:20
bash              F    hipo     pts/1      0.00 secs Tue Feb  5 00:20
bash              F    hipo     pts/1      0.00 secs Tue Feb  5 00:20
bash              F    hipo     pts/1      0.00 secs Tue Feb  5 00:20
uname                  hipo     pts/1      0.00 secs Tue Feb  5 00:20
bash              F    hipo     pts/1      0.00 secs Tue Feb  5 00:20
bash              F    hipo     pts/1      0.00 secs Tue Feb  5 00:20
ls                     hipo     pts/1      0.00 secs Tue Feb  5 00:20
bash              F    hipo     pts/1      0.00 secs Tue Feb  5 00:20
bash              F    hipo     pts/1      0.03 secs Tue Feb  5 00:20
sed                    hipo     pts/1      0.00 secs Tue Feb  5 00:20
bash              F    hipo     pts/1      0.00 secs Tue Feb  5 00:20
uname                  hipo     pts/1      0.00 secs Tue Feb  5 00:20
bash              F    hipo     pts/1      0.00 secs Tue Feb  5 00:20
id                     hipo     pts/1      0.00 secs Tue Feb  5 00:20
mesg                   hipo     pts/1      0.00 secs Tue Feb  5 00:20
verse                  hipo     pts/1      0.00 secs Tue Feb  5 00:20
cowrand                hipo     pts/1      0.00 secs Tue Feb  5 00:20
cowsay                 hipo     pts/1      0.03 secs Tue Feb  5 00:20
cowrand           F    hipo     pts/1      0.00 secs Tue Feb  5 00:20
head                   hipo     pts/1      0.00 secs Tue Feb  5 00:20
tail                   hipo     pts/1      0.00 secs Tue Feb  5 00:20
head                   hipo     pts/1      0.00 secs Tue Feb  5 00:20
ls                     hipo     pts/1      0.00 secs Tue Feb  5 00:20
cowrand           F    hipo     pts/1      0.00 secs Tue Feb  5 00:20
awk                    hipo     pts/1      0.00 secs Tue Feb  5 00:20
wc                     hipo     pts/1      0.00 secs Tue Feb  5 00:20
ls                     hipo     pts/1      0.00 secs Tue Feb  5 00:20

A lot of the initial commands shown to run on pts/1 is not actual commands, by the user but are just stuff run on user login time via /etc/bash.bashrc, /etc/profile, ~/.bashrc. ~/.bash_profile.

lastcomm displayed output from 2nd column is a special flag giving more information on how and for what purpose command was executed. In above output
F
– indicates the command run after a fork.
X – is returned if a command exit with SIGTERM (kill signal)
D – in case of generated command core dump (D is good one to look for whether checking a suspicious user profile, as it is so common exploits use core dumping to get root superuser access)
S – means the command is run with superuser privileges (this one you will see usually whether inspecting user profile of a cracker who run exploit using core dump – a lot of Ds followed by some shell code to run as superuser)

2. Get statistics on CPU use time of services (daemons) and user accounts

psacct is very handy, whether you have CPU server overloads and you have difficulty finding out what are the "CPU hungry processes". To get those use summarized accounting information tool;

# sa -m
                                     2619      31.06re       0.54cp         0avio      2907k
root                                 2448      30.19re       0.52cp         0avio      2817k
www-data                               33       0.06re       0.02cp         0avio      3687k
hipo                                   72       0.15re       0.01cp         0avio      6217k
qscand                                 11       0.36re       0.00cp         0avio      5326k
vpopmail                               48       0.25re       0.00cp         0avio      1486k
qmails                                  6       0.00re       0.00cp         0avio       968k
sshd                                    1       0.04re       0.00cp         0avio     12632k

-m (prints user summary).

3. Find all system users running certain commands

Another good use of lastcomm command is to grep over all users executed command for precise commands of interest. One very good use case is if you catch a system abuser running certain exploit or DoS tool on the host and you want to make sure no-one else on the system doesn't try running it.

# lastcomm ls
ls                     www-data __         0.00 secs Tue Feb  5 00:40
ls                     www-data __         0.00 secs Tue Feb  5 00:30
ls                     hipo     pts/7      0.00 secs Tue Feb  5 00:20
ls                     hipo     pts/1      0.00 secs Tue Feb  5 00:20
ls                     hipo     pts/1      0.00 secs Tue Feb  5 00:20
ls                     hipo     pts/1      0.00 secs Tue Feb  5 00:20
ls                     hipo     pts/1      0.00 secs Tue Feb  5 00:20
ls                     hipo     pts/1      0.00 secs Tue Feb  5 00:20
ls                     www-data __         0.00 secs Tue Feb  5 00:20
ls                     root     pts/0      0.00 secs Tue Feb  5 00:10
ls                     root     pts/0      0.00 secs Tue Feb  5 00:10
ls                     www-data __         0.00 secs Tue Feb  5 00:10
 

4. Get statistics of most active system users in hours

There is one tool called ac, which is similar in what it does to last command, just like last it uses /var/log/wtmp binary log file to get its user login times stats . The difference is ac provides more and better structured user login time length info.

Its very useful if you want to have idea, which user spends most time connected to host.

$ ac -p
    sic                                  4.86
    hipo                                 4.80
    root                                25.80
    play                                 0.02

To get general info on how much overall hours all existing users spend doing stuff on node;

$ ac total 35.61

To know which days from the month users were most active:

$ ac -d
Feb 1 total 14.54
Feb 2 total 0.97
Feb 3 total 12.47
Feb 4 total 5.96
Today total 1.73

What is the Pirate Party / Interview with Peter Sunde – The co-founder of ThePirateBay on CeBIT 2011

Monday, February 20th, 2012

The Piratebay website logo

Many people are using ThePiratebay to get all kind of data and share Movies, Games, Programs etc.)

ThePirateBay has become like a standard media for file sharing and still not many people are aware of who is behind ThePirateBay.
This is why I thought, by posting this article I can "rant" on the existence of the Swedish Pirate Party
The Pirate Party – Is a party fighting on behalf of information sharing freedom (or in other words a party fighting for our freedom as individuals in the digital era).

Swedish Pirate Party Official Party mascot
Pirate Party (Sweden) party official mascot

The Pirate party are swedish political party established in 2006, its members are activists lobbying on freedom of information as well as pointing at threats to our human freedoms imposed by new legislations and anti-freedom agreements like the recent ACTA treaty.

Since there creation in 2006, they have grown from a local Swedish party to an international party, locally existing in 33 countries arount the world.The ideology behind the Swedish PirateParty as well as the rest of existing Pirate Parties international is as I prior said Freedom of Information on the internet. PP is a party phenomenon, as they are neither a left or a right oriented party (on the traditional left-right scale). PP are independent bloc pursuing their political agenda colabborating with all mainstream parties, which stand behind the ideologies the party fights for.

After last European Parliament elections, PP received 7% of all Swedish votes for a country EU representative.
As of today according to Wikipedia , the party holds 2 EU deputee seats in EU parliament.

I've a friend who is taking membership in the Pirate Party and from him I know the PP party are big supporters of Free Software.

One major key figure part of Pirate Party is the swedish Peter Sunde. He is a front person who is behind ThePirateBay project as well as holds a very interesting revolutionary ideas. Many of his ideas are close to "the father of all free software" – Richard Mathew Stallman (RMS). Therefore the PP would be probably of interest to anyone who is interested in Free Software. Here is an interview with Peter Sunde's taken in Cebit 2011:

As long as I know the Pirate Party are along the only few organizations in the whole world, who are trying to fight on behalf of human freedom.I'll be glad to hear if someone know about other ornigazations apart from Pirate Party the Free Software Foundation – (FSF) lobbying on present worsening conditions of invidual human freedom.

Here is few curious facts proving how BIG and important thepiratebay.org is, the text below is again quote from Wikipedia

Currently ThePirateBay.org is ranked as the 80th most visited website in the world and 20th in Sweden by Alexa Internet, has over 5.5 million registered users and, as of February 2012, hosts more than 4 million torrent files.

According to the Los Angeles Times, The Pirate Bay is "one of the world's largest facilitators of illegal downloading" and "the most visible member of a burgeoning international anti-copyright or pro-piracy movement"

If you want to further check on what is today the Pirate Party standing for be sure to check ThePirateParty.Com – PP’s official website .

Installing Linux on old hardware PC. Few thoughs on Puppy and Xubuntu Linux

Tuesday, January 24th, 2012

I needed a G/Linux distribution that will work fine on an old PC with hardware configuration:

guest@xubuntu-desktop:~$ grep -i cpu /proc/cpuinfo; free -m; df -h
cpu family : 6
cpu MHz : 797.613cpuid level : 2
total used free shared buffers cachedMem: 497 470 26 0 35 259-/+ buffers/cache: 176 321Swap: 1454 10 1444File System Size Used Free % Mounted on
/dev/sda1 37G 4,3G 31G 13% /

I've read a lot on the internet and come to the conclusion I have basicly two popular Linux distros as option to install on archaic x86 hardware:

1. Puppy Linux
2. Xubuntu Linux

I first give Puppy Linux a try. It worked quite nice, but the interface was too old school and the desktop felt like a bit out-dated.
Besides that many of the Puppy Linux shipped programs were not a mainstream programs available across most of the other Linux distributions.

Many of the programs shipped with Puppy are great, but more suitable for a computer geek than for a Windows accustomed GUI user.
Puppy Linux Screenshot

My opinion on Puppy (from what I've seen) is that its great distro for old school hardcore Linux users.
Anyways its not suitable for absolutely "uniniated" users who encounter Linux for a first time.

Secondly I installed Xubuntu. Most of the archaic hardware on the PC was detected during install time (a pleasently surprise).
Xubunto works fast and Xfce menus opens "light fast" as on the old 800Mhz pc with 512 mem of ram. Generally the GUI worked quick and responsive.
To conclude I liked Xubuntu a lot and I strongly recommend it to anyone who want to quickly roll on Linux on an old PC.
Xubuntu GNU / Linux theme

What impressed me most is the minimalistic look & feel and simplicity.

I'm sure Debian will be working great on old hardware as well, however configuring it will be hell a lot of work. Thus I think Xubuntu is a good choice for people who want save some time in obscure configurations and easily have a neat Linux ready for desktop use.