How to Find Server is Under DDOS

A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person or persons to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers.

netstat -anp | grep "tcp\|udp" | awk {'print $5'} | cut -d: -f1 | uniq -c | sort -n


So what will be the output ?

1 0.0.0.0
1 208.80.152.2
1 208.80.152.2
1 208.80.152.3
1 209.85.135.103
1 209.85.135.113
1 74.125.43.113
2 208.80.152.2
2 208.80.152.3
2 208.80.152.3
3 0.0.0.0
3 208.80.152.2

Left column indicates the number of connection,from the IP address which shown in right column. This was taken from my local test machine. If you are under an attack,this number may vary. The number will be any number.

Manage your Server Farm with CapistranO

Capistrano is an open source tool for running scripts on multiple servers; its main use is deploying web applications. It automates the process of making a new version of an application available on one or more web servers, including supporting tasks such as changing databases. Capistrano is written in the Ruby language and is distributed using the RubyGems distribution channel. It is an outgrowth of the Ruby on Rails web application framework, but has also been used to deploy web applications written using other frameworks, including ones written in PHP. The usage on the bash command line is easy to learn. When used with the Ruby on Rails Framework many default Capistrano recipes can be used, e.g. to deploy current changes to the web application or roll back to the previous deployment state.

Installation

#apt-get install ruby1.8 ruby1.8-dev rubygems1.8 libruby-extras libruby1.8-extras
(Ubuntu / Debian)

#yum install ruby1.8 ruby1.8-dev rubygems1.8 libruby-extras libruby1.8-extras
(Centos / Redhat)

Check the Ruby Details

#ruby -v
ruby 1.8.7

OK,Lets move to install Capistrano Boy

#gem install -y capistrano echoe

Capistrano makes a few assumptions about your servers. In order to use Capistrano, you will need to comply with these assumptions:

• You are using SSH to access your remote machines. Telnet and FTP are not supported.
• Your remote servers have a POSIX-compatible shell installed. The shell must be called “sh” and must reside in the default system path.
• If you are using passwords to access your servers, they must all have the same password. Because this is not generally a good idea, the preferred way of accessing your
• servers is with a public key. Make sure you’ve got a good passphrase on your key.

We are going to trigger some examples here. So my remote servers are 192.168.1.12 and 192.168.1.13 (You can Add any number here).

In the following example we are going to check the uptime of above servers.

Copy paste the following code into a text editor (Vim,Emacs).

task :health, :hosts => "192.168.1.12" , "192.168.1.13" do
run "uptime"
end

Save the file with name "capfile" without any extension.

Wakeup the code

#cap health

I found that some times while you apply this command shell returned an error "Command not found",then do the following

#vi ~/.bashrc

Copy paste the following at the end of the File

export PATH=$PATH:/var/lib/gems/1.8/bin

Then rebuild the bashrc

# source ~/.bashrc


Then Re-run the command,If you are against a password access server,it will ask for the password,enter it,other wise the result will be like following

[192.168.1.12] executing command
[192.168.1.13] executing command
** [out :: 192.168.1.12] 11:30:55 up 27 days, 22:40, 0 users, load average: 0.01, 0.01, 0.00
** [out :: 192.168.1.12] 11:30:55 up 37 days, 08:40, 0 users, load average: 0.05, 0.01, 0.08
command finished

We Can Do any command by the above said method,I hope you will be happy if you have a critical update on all of your 100 servers ...
Is int it ?

Monitoring Disk Usage In Linux

One of the routine job of a Linux administrator to monitor the Disk space continuously. Normal people will write a simple script to check the disk space and report to system administrator through email. Good Idea,but here i am telling a new one which will continuously monitor your Disk and report if it cross a preset value. This will run as a cronjob.

#!/bin/bash
#Script for monitoring Disk Usage
#Author BipinDas,Arab Open University.
ADMIN="yourname@yourdomain.com"
# set alert level 80% is default
ALERT=80
df -H | grep -vE '^Filesystem|tmpfs|cdrom' | awk '{ print $5 " " $1 }' | while read output;
do
#echo $output
usep=$(echo $output | awk '{ print $1}' | cut -d'%' -f1 )
partition=$(echo $output | awk '{ print $2 }' )
if [ $usep -ge $ALERT ]; then
echo "Running out of space \"$partition ($usep%)\" on $(hostname) $(hostname -i) as on $(date)" |
mail -s "Alert: Almost out of disk space $usep " $ADMIN
fi
done

Save it as disk_monitor.sh in your scripts folder.

Open Crontab Editor

vi /etc/crontab

*/5 * * * * root /path/to/script/disk_monitor.sh

Perfect,This will frequently check your Disk and inform once it cross the limit.