Pages

Saturday, April 15, 2017

The whiptail tool .

This command let you deal with many display dialog boxes from shell scripts.
The command is named whiptail and you can read and see simple examples with this command here.

Note: --infobox is almost useless in an xterm, because whiptail writes to the other screen xterm makes available but you can use the --msgbox

The tutorial of this day will show you how to put the text from a text file to the screen.
First, you need a text file with a size of your shell screen and this will be used by this command.
For example, I used this text from Wikipedia into my text file named greeting.txt, see content :

The Paschal Greeting, also known as the Easter Acclamation, is an Easter custom among Eastern Orthodox, Oriental Orthodox, and Eastern Catholic Christians. Instead of "hello" or its equivalent, one is to greet another person with "Christ is Risen!" or "The Lord is Risen!", and the response is "Truly, He is Risen," "Indeed, He is Risen," or "He is Risen Indeed" - compare Matthew 27:64, Matthew 28:6 7, Mark 16:6, Luke 24:6, Luke 24:34 In some cultures, such as in Russia and Serbia, it is also customary to exchange a triple kiss of peace on the alternating cheeks after the greeting. Similar responses are also used in the liturgies of other Christian churches, but not so much as general greetings.

To use the whiptail command just use this into your shell:
[mythcat@localhost ~]$ whiptail --textbox  /dev/stdin  19 59  <<<"$(cat greeting.txt)"
The output of this command can be seen into next image:

Linux: tools to scan a Linux server for malware and rootkits.

This tools are: chkrootkit, rkhunter, fuser and ISPProtect. All of this tools can be install under Fedora 25 with dnf tool. First tool is chkrootkit is a classic rootkit scanner. It checks your server for suspicious rootkit processes and checks for a list of known rootkit files.
[root@localhost mythcat]# chkrootkit
ROOTDIR is `/'
Checking `amd'... not found
Checking `basename'... not infected
Checking `biff'... not found
Checking `chfn'... not infected
Checking `chsh'... not infected
Checking `cron'... not infected
Checking `crontab'... not infected
Checking `date'... not infected
Checking `du'... not infected
Checking `dirname'... not infected
Checking `echo'... not infected
...
The Rootkit Hunter named rkhunter is a Unix-based tool that scans for rootkits, backdoors and possible local exploits.
[root@localhost mythcat]# rkhunter --update
[ Rootkit Hunter version 1.4.2 ]

Checking rkhunter data files...
  Checking file mirrors.dat                                  [ No update ]
  Checking file programs_bad.dat                             [ No update ]
  Checking file backdoorports.dat                            [ No update ]
  Checking file suspscan.dat                                 [ No update ]
  Checking file i18n/cn                                      [ No update ]
  Checking file i18n/de                                      [ No update ]
  Checking file i18n/en                                      [ No update ]
  Checking file i18n/tr                                      [ No update ]
  Checking file i18n/tr.utf8                                 [ No update ]
  Checking file i18n/zh                                      [ No update ]
  Checking file i18n/zh.utf8                                 [ No update ]
[root@localhost mythcat]# rkhunter --propupd
[ Rootkit Hunter version 1.4.2 ]
File created: searched for 172 files, found 136
[root@localhost mythcat]# rkhunter -c --enable all --disable none
[ Rootkit Hunter version 1.4.2 ]

Checking system commands...

  Performing 'strings' command checks
    Checking 'strings' command                               [ OK ]

  Performing 'shared libraries' checks
    Checking for preloading variables                        [ None found ]
    Checking for preloaded libraries                         [ None found ]
    Checking LD_LIBRARY_PATH variable                        [ Not found ]

  Performing file properties checks
    Checking for prerequisites                               [ OK ]
    /usr/bin/awk                                             [ OK ]
    /usr/bin/basename                                        [ OK ]
    /usr/bin/bash                                            [ OK ]
    /usr/bin/cat                                             [ OK ]
    /usr/bin/chattr                                          [ OK ]
    /usr/bin/chmod                                           [ OK ]
    /usr/bin/chown                                           [ OK ]
    /usr/bin/cp                                              [ OK ]
...
Another tool is fuser
[root@localhost mythcat]# fuser -vn tcp 5222
...
The output of this command let you to see the recall of anything on your machine that should be listening on tcp port 5222.
[root@localhost mythcat]# fuser -vn tcp 19635
...
This output indicates that there is a process named "foo" running with PID number and listening on port 19635. The last tool is ISPProtect. ISPProtect is a malware scanner for web servers, it scans for malware in website files and CMS systems like Wordpress, Joomla, Drupal