When trying to ping as non root user you might get the following error:
ping: icmp open socket: Operation not permitted
There are several ways to fix this:
reinstall pkg (debian):
$ sudo apt-get install --reinstall iputils-ping
(sets cap)
manually set cap:
$ sudo setcap cap_net_raw+ep /bin/ping $ sudo setcap cap_net_raw+ep /bin/ping6 $ sudo getcap /bin/ping $ sudo getcap /bin/ping6
needs kernel config:
CONFIG_EXT4_FS_SECURITY=y
dont use SOCK_RAW:
socket(PF_INET, SOCK_DGRAM, PROT_ICMP)
$ cat /proc/sys/net/ipv4/ping_group_range $ sysctl net.ipv4.ping_group_range
- “1 0” default, nobody except root
- “100 100” single group
- “0 2147483647” everyone (max gid)
$ sysctl net.ipv4.ping_group_range = "0 2147483647"
/etc/sysctl.d/local.conf
net.ipv4.ping_group_range=0 2147483647
suid:
chmod +s /usr/ping chmod +s /usr/ping6
Windows Anti-Malware Software:
- ATF Cleaner
ATF-Cleaner.exe
http://www.atribune.org (OLD!) - AdwCleaner
adwcleaner_x.xxx.exe
https://www.malwarebytes.com/adwcleaner - CCleaner
ccsetupxxx.exe
https://www.piriform.com/ccleaner/builds - clean_services
http://www.techspot.com/community/topics/crawling-no-download-streaming.129008 - DDS
dds.com
(sUBs)
https://www.bleepingcomputer.com/download/dds - GMER <
random.exe>
http://www.gmer.net - HitmanPro
hitmanpro_x64.exe
(Sophos)
http://get.hitmanpro.com - Junkware Removal Tool
JRT.exe
https://downloads.malwarebytes.org/file/jrt - KCleaner
kcleaner.zip
http://www.kcsoftwares.com/?download - Microsoft Security Essentials
mseinstall.exe
https://www.microsoft.com/en-us/download/details.aspx?id=5201 - RootkitRevealer
RootkitRevealer.zip
https://download.sysinternals.com/files/RootkitRevealer.zip
First make sure “auditd” is started
add rules:
auditctl -a always,exit -S all -F path=/etc/passwd -F key=config1 auditctl -w /etc/passwd -p rwa -k config2
del rules:
auditctl -d always,exit -S all -F path=/etc/passwd -F key=config1 auditctl -W /etc/passwd -p rwa -k config2
(or restart auditd)
make permanent:
add rules to /etc/audit/rules.d/audit.rules
show results:
ausearch -ts today -k config1 aureport -k
disable audit logs:
systemctl mask systemd-journald-audit.socket
Check if a program if not already running before starting it in a Windows batch file.
Uses C:\Windows\System32\find.exe
(findstr should work equally well).
Example:
tasklist /nh /fi "imagename eq explorer.exe" | find /i "explorer.exe" > nul || ( start "" C:\WINDOWS\explorer.exe )
Function:
:func_runImageTask tasklist /nh /fi "imagename eq %~1" | find /i "%~1" > nul || ( start "" "%~2" ) GOTO :EOF
Function using window titles:
:func_runTitleTask tasklist /v | find "%~1" > nul || ( start "" "%~2" ) GOTO :EOF
Call function:
CALL :func_runImageTask "Calculator.exe" "C:\WINDOWS\System32\calc.exe" CALL :func_runTitleTask "Calculator" "C:\WINDOWS\System32\calc.exe"
From:
This batch file takes program names (IMAGENAMES
variable) or window titles (WINDOWTITLES
and starts them if they are not already running. Programs can have arguments (e.g. outlook.exe).
ReOpen.bat
:: :: ReOpens programs which are not already running 20161220 slv :: @echo off setLocal EnableDelayedExpansion :: :: Configure programs here making sure to use ,^ at eol for continuation :: SET IMAGENAMES=^ "chrome.exe,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe",^ "Xshell.exe,C:\Program Files (x86)\NetSarang\Xshell 5\Xshell.exe",^ "outlook.exe,C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE,/recycle" FOR %%x in (%IMAGENAMES%) DO ( FOR /f "tokens=1-3 delims=," %%a in (%%x) do ( CALL :func_runImageTask "%%a" "%%b" "%%c" ) ) SET WINDOWTITLES=^ "www@webserver,C:\Program Files (x86)\PuTTY\putty.exe,-load webserver",^ "user@debian,C:\Program Files (x86)\PuTTY\putty.exe,-load debian" FOR %%x in (%WINDOWTITLES%) DO ( FOR /f "tokens=1-3 delims=," %%a in (%%x) DO ( CALL :func_runTitleTask "%%a" "%%b" "%%c" ) ) GOTO :EOF :func_runImageTask tasklist /nh /fi "imagename eq %~1" | %windir%\system32\find.exe /i "%~1" > nul || ( start "" "%~2"^ %~3 ) GOTO :EOF :func_runTitleTask tasklist /v | %windir%\system32\find.exe "%~1" > nul || ( start "" "%~2"^ %~3 ) GOTO :EOF :: :: Examples: :: :: MANUAL: tasklist /nh /fi "imagename eq explorer.exe" | %windir%\system32\find.exe /i "explorer.exe" > nul || ( start "" C:\WINDOWS\explorer.exe C:\Users\%USERNAME%\Desktop ) :: FUNCTION: CALL :func_runImageTask "Calculator.exe" "C:\WINDOWS\System32\calc.exe" ::
You must be logged in to post a comment.