Tag Archives: linux

Bitcoin Miner – Malware

Malwarebytes

Dalam beberapa bulan ini, issue yang mengganggu ritme kerja saya ‘hanyalah’ masalah virus. Sedikit bercerita, mengapa virus ?.. bukankah linux jauh dari kata virus (kecuali threats yang datang dari para peretas). Tidak, karena faktanya dalam pekerjaan sehari-hari pun saya tidak jauh juga dari environment windows. Membuat dokumen, timeplan, mengirim email, presentasi dsb (kecuali pekerjaan yang sifatnya coding (semua saya lakukan dengan customization vim dan byobu untuk membuatn session), troubleshooting, tuning, dan maintaining server mutlak semuanya saya lakukan via console).

Singkat cerita, sudah 2 kali laptop saya terjangkit virus bitcoin mining malware ini. Seluruh sumber daya CPU, terutama memori habis dilahap X( . Cara kerja virus ini sebenarnya masuk dari trojan sebagai trigger yang terinstall di komputer tanpa sepengetahuan kita.

These infections steal your computer’s CPU resources, GPU resources, and your electricity in order to generate profit.

Solusi

Akhirnya saya menggunakan malwarebytes antimalware (mbam) versi trial sebagai solusi. Mengapa mbam ?.. bukan yg lain ?.. 
Seriously, ini bukan promosi. Hanya saja mbam ini merupakan solusi tercepat saya yang sudah-sudah.

Advertisements

Extends Storage – Performing an online resize

RedhatThis is a dangerous & thrilling step because we do it on production server directly. I presumed you have read the following posts : LVM Subject  so we are focusing on How to Extends our Linux Storage – Performing an online resize (on the fly). It means without disturbing our traffic or other realtime activities.

STEP 1 : Check logical volume information after check filesystems disk space to ensure  which partition that we have to extends.
#####################################
root@svr-2:~# lvs
File descriptor 3 (pipe:[1244115786]) leaked on lvs invocation. Parent PID 16940: -bash
LV VG Attr LSize Origin Snap% Move Log Copy% Convert
root ubuntu -wi-ao 398.75g
swap_1 ubuntu -wi-ao 1.00g

STEP 2 : Get the information about newly added hard drive using fdisk -l command
#####################################
Disk /dev/sdd: 214.7 GB, 214748364800 bytes
255 heads, 63 sectors/track, 26108 cylinders, total 419430400 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00000000

Disk /dev/sdd doesn’t contain a valid partition table

STEP 3 : Continue to create the partition on the newly added harddrive, type n , p (primary), 1 (partition number), t (filesystems type), 8e (for Linux LVM), w (write changes), then the partition table will be altered
#####################################
root@svr-2:/# fdisk /dev/sdd
Device contains neither a valid DOS partition table, nor Sun, SGI or OSF disklabel
Building a new DOS disklabel with disk identifier 0x3d67c672.
Changes will remain in memory only, until you decide to write them.
After that, of course, the previous content won’t be recoverable.

Warning: invalid flag 0x0000 of partition table 4 will be corrected by w(rite)

STEP 4 : identify the already mounted lvm filesystems type (ext4 will be global filesystems we used)
#####################################
root@svr-2:/# df -T
Filesystem Type 1K-blocks Used Available Use% Mounted on
/dev/mapper/ubuntu-root ext4 412097132 316081888 75145552 81% /
udev devtmpfs 8208612 4 8208608 1% /dev
tmpfs tmpfs 1643540 300 1643240 1% /run
none tmpfs 5120 0 5120 0% /run/lock
none tmpfs 8217700 0 8217700 0% /run/shm
/dev/sda1 ext2 233191 27519 193231 13% /boot

Continue reading

Tips and Tricks AWK – Sed (Stream editor)

One day, we want to remove specific line or row from our files such as .txt, .csv, or even it has come from .sql files. Just using these params :
~# sed -e ‘5,10d;12d’ <your_files> #delete lines 5 through 10 and 12 temporarily ( options -e or permanently with -i )
In another case of awk, we want to parse data or word between delimiter of double quote which is containing two commas like : “hary”,”hary,harysmatta”,”nda”
Just use these params. Simply the best :

awk -vFPAT='([^,]*)|(“[^”]+”)’ -vOFS=, ‘{print $2}’

SSLS Procedure

In order to utilize the service from ssls for their certificate, first you have to make sure that the order status is in progress. It means that domain type, either you have order single or multiple domain are ready to use.
Next you have to choose activation method for domain. Manually upload by putting of comodo activation file *.txt to <DOCUMENT_ROOT>/.well-known/pki-validation/ then access it.
OR you contact the support to activated by email. They will sent you archive as requirement ssl like these : AddTrustExternalCARoot.crt , COMODORSAAddTrustCA.crt , COMODORSADomainValidationSecureServerCA.crt , and STAR_<domain_name>.crt .

Next just put it on these web service config :
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/<domain_directory>/STAR_<domain_name>.crt
SSLCertificateKeyFile /etc/apache2/ssl/<domain_directory>/<domain_name>.key
SSLProtocol All -SSLv2 -SSLv3

But do not forget to initiate <domain_name>.key first with these params:
openssl genrsa -des3 -out myupointid.key 2048
And generate first *.csr code on your server with this params:
openssl req -new -newkey rsa:2048 -nodes -keyout example.key -out example.csr <==== put it on SSLS.com dashboard activation

Done

 

Noted :

Create a self-signed (wildcard) SSL certificate

mkdir /usr/share/ssl/certs/hostname.domain.com
cd /usr/share/ssl/certs/hostname.domain.com
(umask 077 && touch host.key host.cert host.info host.pem)
openssl genrsa 2048 > host.key
openssl req -new -x509 -nodes -sha1 -days 3650 -key host.key > host.cert
…[enter *.domain.com for the Common Name]…
openssl x509 -noout -fingerprint -text < host.cert > host.info
cat host.cert host.key > host.pem
chmod 400 host.key host.pem

Create a self-signed (wildcard) SSL certificate
1) If you received and uploaded the intermediate and root certificates separately, please use this method:

cat your_domain.crt intermediate.crt root.crt >> ssl-bundle.crt

For example, this particular command is applicable for PositiveSSL certificate:

cat example_com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt >> ssl-bundle.crt

2) If you received the intermediate certificates in one bundle file or downloaded the certificate files in your account with us, you can use this command:

cat example_com.crt bundle.crt >> ssl-bundle.crt

Check Domain Issue on Nagios – Solved

If we got result like these lines :
/usr/local/nagios/libexec# /usr/local/nagios/libexec/check_domain -d <blabla>.id
UNKNOWN – WHOIS exited with error <whatever number 😀 >

do not waste your time to add following codes on number 215 after setup_whois:

if [ -z $server ]
then
if echo “$domain” | grep -q -e “.com$” -e “.net$” -e “.edu$”
then
server=”whois.verisign-grs.com”
fi
fi

Just add this param and specifiy your whois server referring domain that you are using: /usr/local/nagios/libexec/check_domain -d <your_domain> -s <whois_server>

In case you want to look for expired status from domain .id , just put on whois.id after options -s (source) . Another whois server like whois.verisign-grs.com are allowed to search expire status for .com .net .edu .org . Then what do we do for .tv etc ?  this is not that sort of things. You have to search another whois server for .tv etc 🙂

Regards

Expect on GNU/ Linux

There’s no hope for me if i didn’t expect on linux. How can we get the output from the outside into socket or something else without loged in. Herewith the option that we can use with expect :
– send : to send the strings to the process (like send_user etc)
– expect : wait for the specific string from the process
– spawn : to start the command

Here is the example for you. Making the expect with .sh

#!/usr/bin/expect
#
# Hary HarysMatta
#

set timeout 10
set ip [lindex $argv 0]
set port [lindex $argv 1]

spawn telnet $ip $port
set timeout 5
#expect “Escape character is ‘^]’.”
#send “^]\n”;
#send “q\n”;

expect {
“Escape character is ‘^]’.”
{
send “^]\n”;
send “q\n”;
send_user “OK – Telnet success : x.x.x.x 1234\n”
exit 0
}
“host: Connection refused”
{
send_user “CRITICAL – telnet Kibana Refused!\n”
exit 2
}
}

Mencegah Berkas dan Direktori Terhapus dan Dihapus

Bagaimana Mencegah Berkas dan Direktori Terhapus dan Dihapus. Berikut capture untuk cara sederhana yang dapat kita lakukan pada data yang ingin kita proteksi. Menyinggung tulisan saya akan bahaya dari makin banyaknya variant virus yang muncul : http://usmile.id/2017/10/30/waspadai-virus-baru-dan-jahat-di-komputer-kamu/

Untuk merubah atribut secara rekursif, tinggal kita tambahkan parameter -R . Silahkan lakukan eksplorasi parameter lain yang bisa digunakan dengan parameter manual (man) chattr atau chattr –help