Posts Tagged ‘Quick’

How to Build a Linux Port Scan Honeypot with iptables and test with nmap

Wednesday, October 8th, 2025

buiild-own-honeypot-with-iptables-and-test-with-nmap-linux-howto

Let’s build a simple, practical Linux port‑scan honeypot that uses iptables to capture/redirect incoming connection attempts and simple listeners that log interaction, and use nmap to test it. I’ll give runnable commands, a small Python honeypot listener, iptables rules (with rate‑limited logging), how to test with nmap, and notes on analysis, hardening, and safety.

Important safety notes (read first)

  • Only deploy this on machines/networks you own or are explicitly authorized to test. Scanning other people’s systems or letting an exposed honeypot be used to attack others is illegal and unethical.
  • Run the honeypot inside an isolated VM or protected network segment (use separate host or VLAN), and don't forward traffic from other networks unless you understand the risks.
  • Keep logs rotated and watch disk usage — honeypots can attract high traffic.

Overview

  1. Prepare an isolated Linux VM.
  2. Add iptables rules to log and optionally redirect connection attempts to local listeners.
  3. Run simple service emulators (Python) to accept connections and log data.
  4. Use nmap to test and validate behavior.
  5. Collect, parse, and analyze logs; optionally integrate with syslog/ELK.

Setup assumptions

  • Ubuntu/Debian or similar Linux.
  • Root (sudo) access.
  • iptables, python3, nmap, and socat/netcat available (I’ll show alternatives).

1) Create a safe environment

  • Use a VM (VirtualBox/QEMU/KVM) or container with no sensitive data.
  • Give it a fixed private IP on an isolated network.
  • Optionally place the VM behind another firewall (so you can control exposure).

2) Simple iptables logging rules (filter table)

We want to log connection attempts but avoid log flooding by using limit. Put these commands in a root shell:

# create a honeypot chain

# iptables -N HONEY

# rate-limited LOG then return so traffic continues to normal behavior

# iptables -A HONEY -m limit –limit 5/min –limit-burst 10 -j LOG \
–log-prefix "HPOT_CONN: " –log-level 4

# record raw packets to kernel log (optional NFLOG/ulogd is better for high volume)

# allow the packet to continue (or drop if you want it to appear closed)

# iptables -A HONEY -j ACCEPT

 

# Apply HONEY chain to incoming TCP attempts to all ports (or a subset)

# iptables -A INPUT -p tcp -j HONEY

Notes:

  • This logs packets hitting INPUT. If your VM is behind NAT or you want to catch forwarded packets, apply to FORWARD too.
  • Using -j LOG writes to kernel log, often /var/log/kern.log or via rsyslog to /var/log/messages.
  • Use NFLOG (-j NFLOG) with ulogd if you want structured logging and higher throughput.

If you prefer to log only SYNs (new connection attempts) to reduce noise:

# iptables -A HONEY -p tcp –syn -m limit –limit 5/min –limit-burst 10 \
-j LOG –log-prefix "HPOT_SYN: " –log-level 4

If you want to redirect certain destination ports into local port listeners (so local fake services can accept connections), use the nat table PREROUTING:

# Example redirect incoming port 80 to local port 8080

# iptables -t nat -A PREROUTING -p tcp –dport 80 -j REDIRECT –to-ports 8080

# For ports other than 80/443, add other rules

# iptables -t nat -A PREROUTING -p tcp –dport 22 -j REDIRECT –to-ports 2222

Notes:

  • -t nat -A PREROUTING catches traffic before routing. Use OUTPUT if traffic originates on host itself.
  • REDIRECT only works for local listeners.

3) Simple Python multi‑port honeypot listener

This script will bind multiple ports and log incoming connections and first bytes (banner or payload). Save as simple_honeypot.py:

#!/usr/bin/env python3

# simple_honeypot.py

import socket, threading, logging, time

 

LISTEN_PORTS = [22, 80, 443, 8080, 2222]   # customize

BANNER = b"HTTP/1.1 200 OK\r\nContent-Length: 2\r\n\r\nOK"

 

logging.basicConfig(

    filename="/var/log/honeypot.log",

    level=logging.INFO,

    format="%(asctime)s %(message)s"

)

 

def handle_client(conn, addr, port):

    try:

        conn.settimeout(5.0)

        data = conn.recv(4096)

        logged = data[:100].decode('utf-8', errors='replace')

        logging.info("CONNECT %s:%s -> port=%d first=%s", addr[0], addr[1], port, logged)

        # Send a small believable banner depending on port

        if port in (80, 8080):

            conn.sendall(BANNER)

        elif port in (22, 2222):

            conn.sendall(b"SSH-2.0-OpenSSH_7.4p1\r\n")

        else:

            conn.sendall(b"220 smtp.example.com ESMTP\r\n")

    except Exception as e:

        logging.info("ERROR %s", e)

    finally:

        try:

            conn.close()

        except:

            pass

 

def start_listener(port):

    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

    s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)

    s.bind(('0.0.0.0', port))

    s.listen(50)

    logging.info("Listening on %d", port)

    while True:

        conn, addr = s.accept()

        t = threading.Thread(target=handle_client, args=(conn, addr, port), daemon=True)

        t.start()

 

if __name__ == "__main__":

    for p in LISTEN_PORTS:

        t = threading.Thread(target=start_listener, args=(p,), daemon=True)

        t.start()

    # keep alive

    while True:

        time.sleep(3600)

Run it as root (or with capability binding) so it can listen on low ports:
 

# python3 simple_honeypot.py


# check logs

# tail -F /var/log/honeypot.log

Alternatives:

  • Use socat to spawn a logger for individual ports.
  • Use cowrie, glastopf, honeyd, sshpot etc. if you want full featured honeypots.

4) Using nmap to test the honeypot

Only scan your honeypot IP. Example commands:

Basic TCP port scan:

# nmap -sS -p- -T4 -oN scan_ports.txt <HONEYPOT_IP>

Service/version detection:

# nmap -sV -sC -p 22,80,443,2222 -oN scan_svcs.txt <HONEYPOT_IP>

Scan while avoiding ping (if your VM blocks ICMP):

# nmap -Pn -sS -p1-2000 <HONEYPOT_IP>

Aggressive scan + scripts (use on your own host only):

# nmap -A -T4 <HONEYPOT_IP>

Watch your honeypot logs while scanning to confirm entries.

5) Log collection & analysis

  • Kernel log: sudo tail -F /var/log/kern.log or sudo journalctl -f
  • Python listener log: /var/log/honeypot.log
  • For structured logging and higher throughput: configure ulogd (NFLOG) or forward logs to syslog/rsyslog and ELK/Graylog.
  • Example simple grep: grep HPOT_CONN /var/log/kern.log | tail -n 200

6) Hardening & operational tips

  • Isolate honeypot inside a VM and snapshot it so you can revert.
  • Use rate limits in iptables to avoid log flooding: -m limit –limit 5/min.
  • Rotate logs: configure logrotate for /var/log/honeypot.log.
  • Do not allow outbound traffic from the honeypot unless needed – attackers may use it to pivot. Use egress firewall rules to restrict outbound connections.
  • Consider running the honeypot under an unprivileged user wherever possible.
  • If expecting a lot of traffic, use NFLOG + ulogd or suricata/zeek for more scalable capture.

7) Optional: Richer visibility with NFLOG / ulogd

If you anticipate higher volume or want structured logs, use:

# example: mark packets from all TCP and send to NFLOG group 1

# iptables -I INPUT -p tcp -m limit –limit 10/min -j NFLOG –nflog-group 1

# run ulogd to write NFLOG to a file or DB (configure /etc/ulogd.conf)

8) Example scenario — bring it all together

  1. Start VM and ensure IP 192.168.56.101.
  2. Add iptables logging and redirect HTTP->8080.
  3. Run simple_honeypot.py with ports [22,80,2222,8080].
  4. From your scanner machine: nmap -sS -sV -p22,80,2222,8080 192.168.56.101
  5. Watch /var/log/honeypot.log and kernel logs for HPOT_* prefixes to see connections and payloads.

Quick reference for commands used:

  • Create honeypot chain and log SYNs:

# iptables -N HONEY

# iptables -A HONEY -p tcp –syn -m limit –limit 5/min –limit-burst 10 \
-j LOG –log-prefix "HPOT_SYN: "

# iptables -A INPUT -p tcp -j HONEY

  • Redirect port 80 -> 8080

# iptables -t nat -A PREROUTING -p tcp –dport 80 -j REDIRECT –to-ports 8080

  • Run listener:

# python3 simple_honeypot.py

  • Test with nmap:

# nmap -sS -sV -p22,80,2222,8080 -Pn <IP>

Conclusion

Building a simple Linux port‑scan honeypot with iptables and lightweight listeners gives you practical, immediate visibility into who’s probing your network and how they probe. With a few well‑scoped iptables rules you can capture and rate‑limit connection attempts, redirect selected ports to local emulators, and keep tidy, analysable logs. The small Python listener shown is enough to collect banners and initial payloads; for higher volume or more fidelity you can step up to NFLOG / ulogd, Zeek / Suricata, or production honeypots like Cowrie.

Remember the two rules that keep a honeypot useful and safe: isolate it (VMs, VLANs, strict egress rules) and log thoughtfully (rate limits, rotation, structured formats). That protects your environment and makes the data you collect far more valuable. Over time, turn raw logs into indicators (IP reputations, patterns of ports/probes, common payloads) and feed them into alerts or dashboards to turn passive observation into active defense.

Tags: , , , , , , , , , , ,
Posted in Computer Security, Linux, Security, System Administration, Various | No Comments »

How to Install and use FreeIPA forcentralized SSO authention on Linux computer domain

Wednesday, October 1st, 2025

freeipa-gnu-linux-free-sso-solution-logo

FreeIPA is a popular open-source identity management solution that centralizes user, host, and service authentication for Linux environments. It combines LDAP, Kerberos, DNS, and certificate management into a single platform, making it easier to manage large Linux deployments securely.

In this article, we’ll cover how to install FreeIPA on a Linux server, perform initial configuration, and start using it for basic user management.

Prerequisites

  • A clean Linux server (CentOS, RHEL, Fedora, or similar)
  • Root or sudo access
  • A fully qualified domain name (FQDN) for your server (e.g., ipa.example.com)
  • Proper DNS setup (recommended but can be configured during installation)
     

1. Update system to the latest

Start by updating your system to ensure all packages are current.
 

# dnf update -y


2. Install FreeIPA Server Packages

Install the FreeIPA server and its dependencies:

# dnf install -y ipa-server ipa-server-dns

  • ipa-server-dns is optional but recommended if you want FreeIPA to manage DNS for your domain.

3. Configure FreeIPA server

Run the FreeIPA installation script to configure the server. Replace ipa.example.com with your actual server hostname.

sudo ipa-server-install

You will be prompted for:

  • Realm name: Usually uppercase of your domain, e.g., EXAMPLE.COM
  • Directory Manager password: LDAP admin password
  • IPA admin password: FreeIPA admin user password
  • DNS configuration: Enable if you want FreeIPA to manage DNS

Sample configuration flow:

Realm name: EXAMPLE.COM

DNS domain name: example.com

Server host name: ipa.example.com

Directory Manager password: [choose a strong password]

IPA admin password: [choose a strong password]

Do you want to configure integrated DNS (BIND)? [yes/no]: yes

The installer will set up Kerberos, LDAP, the CA, DNS (if chosen), and the Web UI.

4. Start and Enable FreeIPA Services

The installer usually starts services automatically, but you can verify with:

# systemctl status ipa

Enable the service to start on boot:
 

# systemctl enable ipa


5. Access FreeIPA Web Interface

Open your browser and navigate to:

https://ipa.example.com/ipa/ui/

Log in using the admin username and the password you set during installation.

6. Add Users and Groups

You can manage users and groups either via the Web UI or the CLI.

Using the CLI:

Add a new user:

# ipa user-add johndoe –first=John –last=Doe –email=johndoe@example.com

Set a password for the new user:

# ipa passwd johndoe


Add a new group:

# ipa group-add developers –desc="Development Team"


Add user to the group:

# ipa group-add-member developers –users=johndoe


7. Join Client Machines to the FreeIPA Domain
 

On a client machine, install the client packages:

# dnf install -y ipa-client

Run the client setup:

# ipa-client-install –mkhomedir

Follow the prompts to join the client to the FreeIPA domain.

8. Test Authentication
 

Try logging into the client machine with the FreeIPA user you created:
 

# ssh username@client-machine-host.com

You should be able to authenticate using the FreeIPA credentials.
 

Conclusion


You now have a basic FreeIPA server up and running, managing users and authentication across your Linux network. FreeIPA simplifies identity management by providing a centralized, secure, and integrated solution. From here, you can explore advanced features like role-based access control, host-based access control, and certificate management.

 

Here's a practical example of how FreeIPA can be used in a real-world Linux environment.

Scenario: Centralized Authentication in a DevOps Environment
 

Tech Problem

Lets say you are managing a growing team of DevOps engineers and developers across multiple Linux servers (e.g., for CI/CD, staging, and production). Manually creating and maintaining user accounts, SSH keys, and sudo permissions on each server is:

  • Time-consuming
  • Error-prone
  • A security risk (inconsistent policies, orphaned accounts)

Solution: Use FreeIPA to Centralize Identity & Access Management

By deploying FreeIPA, you can:

  • Create user accounts once and manage them centrally
  • Enforce SSO across servers using Kerberos
  • Automatically apply sudo rules, group permissions, and access control policies
  • Easily revoke access for offboarded employees
  • Use host-based access control (HBAC) to control who can log in to what
     

Solution Walkthrough
 

1. Set up FreeIPA server

  • Installed on: ipa.internal.example.com
  • Domain: internal.example.com
  • Realm: INTERNAL.EXAMPLE.COM


2. Add User Accounts

Let's add two users: alice (developer) and bob (DevOps).
 

# ipa user-add alice –first=Alice –last=Smith –email=alice@internal.example.com

# ipa user-add bob –first=Bob –last=Jones –email=bob@internal.example.com

# ipa passwd alice

# ipa passwd bob


3. Create Groups and Roles necessery

Create functional groups for managing permissions.
 

# ipa group-add developers –desc="Developers Team"

# ipa group-add devops –desc="DevOps Team"

# ipa group-add-member developers –users=alice

# ipa group-add-member devops –users=bob

4. Configure Sudo Rules

Let’s allow DevOps team members to use sudo on all servers:
 

# ipa sudorule-add devops-sudo –cmdcat=all

# ipa sudorule-add-user devops-sudo –groups=devops

# ipa sudorule-add-host devops-sudo –hostgroups=all

5. Control Access with HBAC Rules

Let’s say:

  • Developers can access dev and staging servers
  • DevOps can access all servers

# Create host groups
 

# ipa hostgroup-add dev-servers –desc="Development Servers"

# ipa hostgroup-add staging-servers –desc="Staging Servers"

 

# Add hosts to groups
 

# ipa hostgroup-add-member dev-servers –hosts=dev1.internal.example.com

# ipa hostgroup-add-member staging-servers –hosts=staging1.internal.example.com

 

# HBAC rule for developers

# ipa hbacrule-add allow-developers

# ipa hbacrule-add-user allow-developers –groups=developers

# ipa hbacrule-add-host allow-developers –hostgroups=dev-servers

# ipa hbacrule-add-host allow-developers –hostgroups=staging-servers

# ipa hbacrule-add-service allow-developers –hbacsvcs=sshd

 

# HBAC rule for DevOps (all access)

# ipa hbacrule-add allow-devops

# ipa hbacrule-add-user allow-devops –groups=devops

# ipa hbacrule-add-host allow-devops –hostgroups=all

# ipa hbacrule-add-service allow-devops –hbacsvcs=sshd


6. Join Client Servers to FreeIPA

On each Linux server (e.g., dev1, staging1, prod1), run:

 

# ipa-client-install –mkhomedir –server=ipa.internal.example.com –domain=internal.example.com

 

Now, user alice can log in to dev1 and staging1, but not prod1. bob can log in to all servers and use sudo.

7. What Happens When Alice Leaves the Company?

Just disable the user in FreeIPA:

# ipa user-disable alice

This immediately revokes her access across all servers — no need to touch individual machines.

Benefits in This Example

Feature

Outcome

Centralized user management

No need to manually create accounts on every server

Group-based sudo

DevOps has privileged access, others don’t

Access control

Developers only access dev/staging, not prod

Kerberos SSO

Secure, passwordless SSH with ticketing

Auditing

Central logs of who accessed what and when

Quick offboarding

Instant account disablement from a single location

Summary

FreeIPA is not just a replacement for LDAP — it's a full-blown identity and access management solution tailored for Linux systems. In this practical example, it brings enterprise-grade access control, authentication, and user management to a DevOps workflow with minimal friction.

Tags: , , , , , , , , , , , , , , , , ,
Posted in Computer Security, Linux, System Administration, Various | No Comments »

Quick way to access remotely your GNU / Linux Desktop – Access Linux Desktop from Mac and Windows 7

Tuesday, August 5th, 2014

how-to-access-linux-host-from-microsoft-windows-or-mac-client-xrdp-tightvnc-native-way-logo
For M$ Windows users its always handy to have remote access to your home PC or notebook via Remote Desktop (RDP) protocol.

However in GNU / Linux, there is no native implementation of RDP protocol. So if you're using Linux as your Desktop like me you will probably want to be able to access the Linux system remotely not only via terminal with SSH using (Putty) or MobaXTerm all in one tabbed Windows terminal program but also be able to use your Linux GNOME / KDE Graphical environment from anywhere on the Internet.

This will make you ponder – Is it possible to access Linux Desktop via proprietary RDP protocol and if not how you can achieve remote GUI access to Linux?

1. Using Linux Xorg and Xming Xserver for Windows

Most people should already know of Linux ability to start multiple Xserver sessions remotely which is the native way to access between two Linux hosts or access remotely Linux from other Linux UNIX like OS. It is also possible to use xinit / startx / xhost commands to establish remotely connection to new or running Linux (Xorg) Xserver by using them in combination with XMing – XServer for Windows running on the Windows host and Debian package (x11-xserver-utils) – providing xhost cmd, however this method is a bit complicated and not so convenient.

I used to be using this method XMing (whose mirror is here), earlier in my university years to use remotely my Debian Linux from  Windows 98 and this works perfectly fine.

2. Using RDP emulation with XRDP server

in order to be able to access your desk from any friend or computer club in the world using standard available in MS Windows Remote Desktop client (mstsc.exe).
There is also another alternative way by using Windows Desktop sharing RDP experimental server xrdp:
 

apt-cache show xrdp |grep -i descr -A 3
Description: Remote Desktop Protocol (RDP) server
 Based on research work by the rdesktop project, xrdp uses the Remote
 Desktop Protocol to present a graphical login to a remote client.
 xrdp can connect to a VNC server or another RDP server.

To make your Linux host accessible via RDP:

On Debian / Ubuntu etc. deb based Linux:

 

apt-get update
apt-get install xrdp
 
$ /etc/init.d/xrdp status
Checking status of Remote Desktop Protocol server xrdp                                             [ OK ]
Checking status of RDP Session Manager sesman

/etc/init.d/xrdp start

On  Fedora Linux:
 

yum -y install xrdp
systemctl enable xrdp.service
systemctl start xrdp.service
systemctl enable xrdp-sesman.service
systemctl start xrdp-sesman.service


It is possible to access remote Linux host using xrdp RDP server, but this will only work in older releases of mstsc.exe (Windows XP / Vista / 2003) and will not work on Windows 7 / 8, because in MS Windows 7 and onwards RDP proto version has changed and the client no longer has compatability with older mstsc releases. There is a work around for this for anyone who stubbornly want to use RDP protocol to access Linux host. If you want to connect to xrdp from Windows 7 you have to copy the old RDP client (mstsc.exe and mstscax.dll) from a WinXP install to the Windows 7 box and run it independently, from the default installed ones, anyways this method is time consuming and not really worthy …

3. Using the VNC withTightVNC server / client

 

Taking above in consideration, for me personally best way to access Linux host from Windows and Mac is to use simply the good old VNC protocol with TightVNC.

TightVNC is cross-platform free and open source remote Desktop client it uses RFB protocol to control another computer screen remotely.

To use tightvnc to access remote Debian / Ubuntu – deb based Linux screen, tightvncserver package has to be installed:

apt-cache show tightvncserver|grep -i desc -A 7
Description-en: virtual network computing server software
 VNC stands for Virtual Network Computing. It is, in essence, a remote
 display system which allows you to view a computing `desktop' environment
 not only on the machine where it is running, but from anywhere on the
 Internet and from a wide variety of machine architectures.
 .
 This package provides a server to which X clients can connect and the
 server generates a display that can be viewed with a vncviewer.

 

apt-get –yes install tightvncserver


TightVNCserver package is also available in default repositories of Fedora / CentOS / RHEL and most other RPM based distros, to install there:
 

yum -y install tightvnc-server


Once it is installed to make tightvncserver running you have to start it (preferrably with non-root user), usually this is the user with which you're using the system:

tightvncserver

You will require a password to access your desktops.

Password:
Verify:   
Would you like to enter a view-only password (y/n)? n

New 'X' desktop is rublev:4

Creating default startup script /home/hipo/.vnc/xstartup
Starting applications specified in /home/hipo/.vnc/xstartup
Log file is /home/hipo/.vnc/rublev:4.log

 

tightvncserver-running-in-gnome-terminal-debian-gnu-linux-wheezy-screenshot

To access now TightVncserver on the Linux host Download and Install TightVNC Viewer client

note that you need to download TightVNC Java Viewer JAR in ZIP archive – don't install 32 / 64 bit installer for Windows, as this will install and setup TightVNCServer on your Windows – and you probably don't want that (and – yes you will need to have Oracle Java VM installed) …
 

tightvnc-viewer-java-client-running-on-microsoft-windows-7-screenshot

Once unzipped run tightvnc-jviewer.jar and type in the IP address of remote Linux host and screen, where TightVNC is listening, as you can see in prior screenshot my screen is :4, because I run tightvnc to listen for connections in multiple X sessions. once you're connected you will be prompted for password, asker earlier when you run  tightvncserver cmd on Linux host.

If you happen to be on a Windows PC without Java installed or Java use is prohibited you can use TightVNC Viewer Portable Binary (mirrored here)

/images/tightvnc-viewer-portable-windows-7-desktop-screenshot

If you have troubles with connection, on Linux host check the exact port on which TightVncServer is running:
 

ps ax |grep -i Tightvnc

 8630 pts/8    S      0:02 Xtightvnc :4 -desktop X -auth /var/run/gdm3/auth-for-hipo-7dpscj/database -geometry 1024×768 -depth 24 -rfbwait 120000 -rfbauth /home/hipo/.vnc/passwd -rfbport 5904 -fp /usr/share/fonts/X11/misc/,/usr/share/fonts/X11/Type1/,/usr/share/fonts/X11/75dpi/,/usr/share/fonts/X11/100dpi/ -co /etc/X11/rgb

Then to check, whether the machine you're trying to connect from doesn't have firewall rules preventing the connection use (telnet) – if installed on the Windows host:
 

telnet www.pc-ferak.net 5904
Trying 192.168.56.101…
Connected to 192.168.56.101.
Escape character is '^]'.
RFB 003.008

telnet> quit
Connection closed.

remote-connection-via-tightvnc-to-linux-host-from-windows-7-using-tightvnc-java-client-screenshot
 

Tags: , , , , , , , , , , , , , , , ,
Posted in Everyday Life, Linux and FreeBSD Desktop, Remote System Administration, System Administration | 3 Comments »

Monitoring CPU load and memory usage on Mac OS X command line (Terminal)

Thursday, July 3rd, 2014

macosx-server-screenshot-server-assistant-apple-tool
You might be stunned to find out Mac OS X has a server variant called Mac OS X server. For the usual admin having to administer a Mac OS X based server is something rarely to do, however it might happen some day, and besides that nowadays Mac OS X has about 10% percentage share of PC desktop and laptops used on the Internet (data collected from w3cschools log files). Thus cause it is among popular OSes, it very possible sooner or later as a sysadmin you will have to troubleshoot issues on at least Mac OS X notebook. Mac has plenty of instruments to debug OS issues as it is UNIX (BSD) based

Mac OS X has already a GUI tool called Activity Monitor (existing in Mac OS 10.3 onwards) in earlier verions, there was tool called Process Viewer and CPU Monitor.

To start Activity Monitor open Finder and launch it via:

Applications -> Utilities -> Activity Monitor

As a Linux guy, I like to use command line and there Mac OS X is equipped with a good arsenal of tools to check CPU load and Memory. Mac OS X comes with sar – (system activity reporter), top (process monitor) and vm_stat (virtual memory statistics) command – these ones are equivalent of Linux's sar (from sysstats package), top and Linux vmstat (report virtual memory statistics).

1. Check out Mac OS X HDD Input / Output statistics
 

$ sar -d -f ~/output.sar

20:43:18   device    r+w/s    blks/s
New Disk: [disk0] IODeviceTree:/PCI0@0/RP06@1C,5/SSD0@0/PRT0@0/PMP@0/@0:0
New Disk: [disk1] IOService:/IOResources/IOHDIXController/IOHDIXHDDriveOutKernel@1/IODiskImageBlockStorageDeviceOutKernel/IOBlockStorageDriver/Apple UDIF, только для чтения, сжатый (zlib)
New Disk: [disk2] IOService:/IOResources/IOHDIXController/IOHDIXHDDriveOutKernel@3/IODiskImageBlockStorageDeviceOutKernel/IOBlockStorageDriver/Apple UDIF, только для чтения, сжатый (bzip2)
New Disk: [disk3] IOService:/IOResources/IOHDIXController/IOHDIXHDDriveOutKernel@4/IODiskImageBlockStorageDeviceOutKernel/IOBlockStorageDriver/Apple UDIF, только для чтения, сжатый (bzip2)
New Disk: [disk4] IOService:/IOResources/IOHDIXController/IOHDIXHDDriveOutKernel@6/IODiskImageBlockStorageDeviceOutKernel/IOBlockStorageDriver/Apple UDIF, только для чтения, сжатый (zlib)
20:43:28   disk0        7        312
20:43:28   disk1        0          0
20:43:28   disk2        0          0
20:43:28   disk3        0          0
20:43:28   disk4        0          0
20:43:38   disk0       12        251
20:43:38   disk1        0          

2. Checking Mac OS X CPU Load from terminal

To check Load from Mac OS command line use:
 

$ sar -o ~/output.sar 10 10

That gathers 10 sets of metrics at 10 second intervals. You can then extract useful information from the output file (even while it's still running), this will get you cpu load on Mac OS system spitting stats every 10 seconds.

 

21:22:33  %usr  %nice   %sys   %idle
21:22:43    7      0      2     90
21:22:53    8      0      3     89
21:23:03   11      0      4     85
21:23:13    9      0      3     88
21:23:23    9      0      3     88
21:23:33    7      0      3     90
21:23:43   10      0      3     87
21:23:53   10      0      4     85
21:24:03   10      0      5     85
21:24:13    8      0      3     88
Average:      8      0      3     87   


3. Checking Free memory on  Mac OS X

Use this obscure one liner to free -m Linux memory command like output from Mac terminal

$ vm_stat | perl -ne '/page size of (d+)/ and $size=$1; /Pagess+([^:]+)[^d]+(d+)/ and printf("%-16s % 16.2f Min", "$1:", $2 * $size / 1048576);'
 

free: 43.38 Mi
active: 1762.00 Mi
inactive: 1676.91 Mi
speculative: 3.29 Mi
wired down: 609.38 Mi
copy-on-write: 29431.01 Mi
zero filled: 4687689.80 Mi
reactivated: 30288.86 Mi


To show inactive memory in Gigabytes every 10 seconds

$ vm_stat 10 | awk 'NR>2 {gsub("K","000");print ($1+$4)/256000}'

1.70532
1.70455
1.70389
1.6904

 

It is also possible to get memory statistics on Mac PC running top in non-interactive mode and grepping it from output:

$ top -l 1 | head -n 10 | grep PhysMem | sed 's/, /n /g'

 

PhysMem: 599M wired, 1735M active, 1712M inactive, 4046M used, 47M free.

 

4. Quick command to get Kernel / how many CPUs, available memory and load avarage on Mac OS X

From y. 2003 onwards of Mac OS have hostinfo(host information) command, providing admin with quick way to get System Info on Mac OS

$ hostinfo

 

Mach kernel version:
Darwin Kernel Version 12.5.0: Sun Sep 29 13:33:47 PDT 2013; root:xnu-2050.48.12~1/RELEASE_X86_64
Kernel configured for up to 4 processors.
2 processors are physically available.
4 processors are logically available.
Processor type: i486 (Intel 80486)
Processors active: 0 1 2 3
Primary memory available: 4.00 gigabytes
Default processor set: 98 tasks, 621 threads, 4 processors
Load average: 1.63, Mach factor: 2.54

 


If you need more verbose information on system hardware and resources, check out system_profiler. As the manual describes it, system_profiler(reports system hardware and software configuration.) cmd:

$ system_profiler Here is a link to output file generated by system_prifler

 

 

Tags: , , , , , , , , ,
Posted in Everyday Life, Monitoring, System Administration, Various | 1 Comment »

Quick shortcut to lock your Linux computer desktop (Few words on Linux screensavers)

Thursday, November 20th, 2014

quick-way-to-lock-desktop-linux-howto-key
Locking the PC while going for a coffee break, Lunch or toilet is longly used to secure physically your PC display from spying eyes or prevent you from  someone to install a spying software or leak private data from PC HDD to an USB drive.
People who are coming from the wonderful MS Windows OS   are certainly used to quick shortcut key combination to lock PC screen with:
 

Windows key + L

 

So how to do Lock Screen on Linux?

On Linux locking your Screen the Quick Shortcut is:
 

CTRL + ALT + L.


Locking the screen is done (depending on the Linux distribution) by using by either using historically famous XScreenSaver if non-gnome / KDE graphical environemnt is used or if in Linux Gnome GUI with  gnome-screensaver and on KDE desktop manager with kscreenlocker.

 

Exact command executed on CTRL + ALT + L keypress on GNOME is:
 

gnome-screensaver-command -l


On KDE to manually lock screen command is:

kscreenlocker

Nomatter whether with GNOME or KDE its worthy mention that xscreensaver is more Screensaver rich than kscreenlocker and gnome-screensaver as it includes about 200 different Screensavers making screen nice to watch when you come back from a lunch.

For people with Windows key keyboard who are too used to using Windows XP / 7 lockreen WIN + L key shortcut to make Windows (key) + L keys combination work on Linux with GNOME desktop:
 

System -> Preferences -> Keyboard Shortcuts

Make Win + L keys combination work on Linux with KDE desktop
 

  1.  "System Settings" (KDE menu).
  2. Choose "Keyboard & mouse" (on "General" tab).
  3. Choose "Global Keyboard Shortcuts" on the left.
  4. Choose "Run Command Interface" from "KDE component" dropdown list.
  5. Choose "Lock session".
  6. Select "Custom".
  7. Click on "None" (button changes to "Input…").
  8. Compose your desired sequence by pressing appropriate buttons on your keyboard.
  9. Click "Apply".

 


For other desktop environments like Window Maker you can use xmodmap command to bind Win + L keys

Tags: , , , , , , , , , , , , ,
Posted in Linux, Linux and FreeBSD Desktop, Linux Audio & Video, Windows | No Comments »

Sys Admin VIM Quick Cheat Sheet ! ;)

Wednesday, July 20th, 2011

Have you, ever thought of refreshing your VIM knowledge obtained back in the days reading the vimtutorial available straight in vim via the:
vimtutor comand?

I asked few vim related question today in #vim in irc freenode and I was referred to one mate to the following picture:

Vi VIM Tutorial Quick Cheat Sheet

VIM QUICK Tutorial Sheet Picture ! 😉 Nice ! Aint’t it? 🙂

Tags: , , , , , , , , , , , , , , , , , , ,
Posted in Everyday Life, Linux, Programming, System Administration, Various | No Comments »

Quick way to install mod_qos on Debian Lenny to protect from Slowloris

Thursday, February 18th, 2010

I’m gonna do a fast walk through on installing and enabling mod_qos on Debian, original article is available in Bulgarian on mpetrov’s blog .
So let’s go…
1. Install required development files and tools to be able to proper compile:

debian-server# apt-get install apache2-threaded-dev gcc

2. Download the mod_qos latest archive from sourceforge

debian-server# cd /usr/local/srcdebian-server# wget http://freefr.dl.sourceforge.net/project/mod-qos/mod-qos/9.7/mod_qos-9.8.tar.gz

3. Unarchive (Untar) the mod_qos archive and compile the module

debian-server# tar zxvf mod_qos-9.8.tar.gz
debian-server# cd mod_qos-9.8/apache2/
debian-server# apxs2 -i -c mod_qos.c

You can see from the compile output module is installed to; usr/lib/apache2/modules

4. Now let us create mod_qos configuration files

debian-server# cd /etc/apache2/mods-available/
debian-server# echo "LoadModule qos_module /usr/lib/apache2/modules/mod_qos.so" > qos.load

debian-server# vim /etc/apache2/mods-available/qos.conf

## QoS module Settings
<IfModule mod_qos.c>
# handles connections from up to 100000 different IPs
QS_ClientEntries 100000
# will allow only 50 connections per IP
QS_SrvMaxConnPerIP 50
# maximum number of active TCP connections is limited to 256
MaxClients 256
# disables keep-alive when 70% of the TCP connections are occupied:
QS_SrvMaxConnClose 180
# minimum request/response speed (deny slow clients blocking the server,
# ie. slowloris keeping connections open without requesting anything):
QS_SrvMinDataRate 150 1200
# and limit request header and body (carefull, that limits uploads and post requests too):
# LimitRequestFields 30
# QS_LimitRequestBody 102400
</IfModule>

5. All left is to load the mod_qos module into Apache and restart the webserver

debian-server# a2enmod qos
debian-server# /etc/init.d/apache2 restart

Congratulations, Now slowloris and many other Apache DoS techniques won’t bother you anymore!

Tags: , , , , ,
Posted in Computer Security, System Administration | 2 Comments »

A quick way to change picture background with the Gimp

Wednesday, September 23rd, 2009

I wanted to change the background of a picture of a Russian Orthodox Cross I’ve downloaded from the net. After some time spend experimenting and reading a couple of articles online I did it :).
Here is how:
1. Open an Image in Gimp through the File -> Open as Layers menu.2. Use Fuzzy Select tool to select regions based on color of the image you'd like to change the background.3. Open a new File in Gimp via New -> File menus.4. Select again the window containing the image you selected with the Fuzzy Tool and press Ctrl+X.5. Now go again to the newly opened picture and use the: Bucket Fill Tool with some selected color to select thenew background for the future image.6. Now after having a background color already selected use Ctrl+V to paste your previous selectionWell congrats, you should now be having the good old image on a shiny new background.END—–

Tags: , , ,
Posted in Linux and FreeBSD Desktop | No Comments »