revlis.nl
Blog & Notes about OSS, OSes, devops, virtualization, programming (hobby) projects, security and tech news
March 4, 2017 — 16:01
Author: silver Category: linux Comments: Off
When trying to ping as non root user you might get the following error:
ping: icmp open socket: Operation not permitted
There are several ways to fix this:
reinstall pkg (debian):
$ sudo apt-get install --reinstall iputils-ping
(sets cap)
manually set cap:
$ sudo setcap cap_net_raw+ep /bin/ping $ sudo setcap cap_net_raw+ep /bin/ping6 $ sudo getcap /bin/ping $ sudo getcap /bin/ping6
needs kernel config:
CONFIG_EXT4_FS_SECURITY=y
dont use SOCK_RAW:
socket(PF_INET, SOCK_DGRAM, PROT_ICMP)
$ cat /proc/sys/net/ipv4/ping_group_range $ sysctl net.ipv4.ping_group_range
- “1 0” default, nobody except root
- “100 100” single group
- “0 2147483647” everyone (max gid)
$ sysctl net.ipv4.ping_group_range = "0 2147483647"
/etc/sysctl.d/local.conf
net.ipv4.ping_group_range=0 2147483647
suid:
chmod +s /usr/ping chmod +s /usr/ping6
March 4, 2017 — 15:55
Author: silver Category: windows Comments: Off
Windows Anti-Malware Software:
- ATF Cleaner
ATF-Cleaner.exe
http://www.atribune.org (OLD!) - AdwCleaner
adwcleaner_x.xxx.exe
https://www.malwarebytes.com/adwcleaner - CCleaner
ccsetupxxx.exe
https://www.piriform.com/ccleaner/builds - clean_services
http://www.techspot.com/community/topics/crawling-no-download-streaming.129008 - DDS
dds.com(sUBs)
https://www.bleepingcomputer.com/download/dds - GMER <
random.exe>
http://www.gmer.net - HitmanPro
hitmanpro_x64.exe(Sophos)
http://get.hitmanpro.com - Junkware Removal Tool
JRT.exe
https://downloads.malwarebytes.org/file/jrt - KCleaner
kcleaner.zip
http://www.kcsoftwares.com/?download - Microsoft Security Essentials
mseinstall.exe
https://www.microsoft.com/en-us/download/details.aspx?id=5201 - RootkitRevealer
RootkitRevealer.zip
https://download.sysinternals.com/files/RootkitRevealer.zip
March 4, 2017 — 15:43
Author: silver Category: linux Comments: Off
First make sure “auditd” is started
add rules:
auditctl -a always,exit -S all -F path=/etc/passwd -F key=config1 auditctl -w /etc/passwd -p rwa -k config2
del rules:
auditctl -d always,exit -S all -F path=/etc/passwd -F key=config1 auditctl -W /etc/passwd -p rwa -k config2
(or restart auditd)
make permanent:
add rules to /etc/audit/rules.d/audit.rules
show results:
ausearch -ts today -k config1 aureport -k
disable audit logs:
systemctl mask systemd-journald-audit.socket
March 3, 2017 — 12:55
Author: silver Category: windows Comments: Off
Check if a program if not already running before starting it in a Windows batch file.
Uses C:\Windows\System32\find.exe (findstr should work equally well).
Example:
tasklist /nh /fi "imagename eq explorer.exe" | find /i "explorer.exe" > nul || ( start "" C:\WINDOWS\explorer.exe )
Function:
:func_runImageTask tasklist /nh /fi "imagename eq %~1" | find /i "%~1" > nul || ( start "" "%~2" ) GOTO :EOF
Function using window titles:
:func_runTitleTask tasklist /v | find "%~1" > nul || ( start "" "%~2" ) GOTO :EOF
Call function:
CALL :func_runImageTask "Calculator.exe" "C:\WINDOWS\System32\calc.exe" CALL :func_runTitleTask "Calculator" "C:\WINDOWS\System32\calc.exe"
From:
This batch file takes program names (IMAGENAMES variable) or window titles (WINDOWTITLES and starts them if they are not already running. Programs can have arguments (e.g. outlook.exe).
ReOpen.bat
::
:: ReOpens programs which are not already running 20161220 slv
::
@echo off
setLocal EnableDelayedExpansion
::
:: Configure programs here making sure to use ,^ at eol for continuation
::
SET IMAGENAMES=^
"chrome.exe,C:\Program Files (x86)\Google\Chrome\Application\chrome.exe",^
"Xshell.exe,C:\Program Files (x86)\NetSarang\Xshell 5\Xshell.exe",^
"outlook.exe,C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE,/recycle"
FOR %%x in (%IMAGENAMES%) DO (
FOR /f "tokens=1-3 delims=," %%a in (%%x) do (
CALL :func_runImageTask "%%a" "%%b" "%%c"
)
)
SET WINDOWTITLES=^
"www@webserver,C:\Program Files (x86)\PuTTY\putty.exe,-load webserver",^
"user@debian,C:\Program Files (x86)\PuTTY\putty.exe,-load debian"
FOR %%x in (%WINDOWTITLES%) DO (
FOR /f "tokens=1-3 delims=," %%a in (%%x) DO (
CALL :func_runTitleTask "%%a" "%%b" "%%c"
)
)
GOTO :EOF
:func_runImageTask
tasklist /nh /fi "imagename eq %~1" | %windir%\system32\find.exe /i "%~1" > nul || ( start "" "%~2"^ %~3 )
GOTO :EOF
:func_runTitleTask
tasklist /v | %windir%\system32\find.exe "%~1" > nul || ( start "" "%~2"^ %~3 )
GOTO :EOF
::
:: Examples:
::
:: MANUAL: tasklist /nh /fi "imagename eq explorer.exe" | %windir%\system32\find.exe /i "explorer.exe" > nul || ( start "" C:\WINDOWS\explorer.exe C:\Users\%USERNAME%\Desktop )
:: FUNCTION: CALL :func_runImageTask "Calculator.exe" "C:\WINDOWS\System32\calc.exe"
::
You must be logged in to post a comment.