rushipkar90

# /usr/local/apache/conf/modsec2.user.conf


# Deprecated due to security issues so it should be off: http://blog.modsecurity.org/2008/08/transformation.html
SecCacheTransformations Off

# Check Content-Length and reject all non numeric ones
SecRule REQUEST_HEADERS:Content-Length "!^\d+$" "deny,log,auditlog,msg:'Content-Length HTTP header is not numeric', severity:'2',id:'1234123444'"

# Do not accept GET or HEAD requests with bodies

rushipkar90

#/bin/bash
echo > testpasswd;
genpasswd() {

        tr -dc A-Za-z0-9_ < /dev/urandom | head -c 12 | xargs
}

cat /dev/null > mailaccounts.txt

CP_ACCOUNTS=`ls -1A /var/cpanel/users/ | grep -v "root" | grep -v "system"`

rushipkar90

#/bin/bash
echo > mailaccounts.txt;
CP_ACCOUNTS=`ls -1A /var/cpanel/users/ | grep -v "root" | grep -v "system"`

for user in `echo -n $CP_ACCOUNTS`
do
    domain=`grep -i ^dns /var/cpanel/users/$user |cut -d= -f2`;
    maindomain=`cat /etc/trueuserdomains | grep "$user" | cut -d : -f1`;
    homedir=`cat /var/cpanel/userdata/"$user"/"$maindomain" | grep homedir | cut -d / -f2`;
    for dom in `echo -n "$domain"`

rushipkar90

Reference URL: http://www.cyberciti.biz/tips/top-linux-monitoring-tools.html

top -cd2
vmstat 3  ---The command vmstat reports information about processes, memory, paging, block IO, traps, and cpu activity
vmstat -m  ---Display Memory Utilization Slabinfo
vmstat -a ---Get Information About Active / Inactive Memory Pages
mpstat  ---Display the utilization of each CPU individually using mpstat
w  ---Find Out Who Is Logged on And What They Are Doing
uptime  ---Tell How Long The System Has Been Running

rushipkar90

#/bin/bash
freshclam;
echo > /usr/local/src/mailscamsind.txt;
echo > /usr/local/src/maliciousfilesind;
echo > /usr/local/src/permissionupdatedind;
echo > /usr/local/src/scanclamfile.log;
echo > /usr/local/src/scanclam.log;
#tail -10000 /var/log/exim_mainlog | grep -w "cwd" | grep -v "exim" | grep -v "root" | grep -vw "/" | cut -d= -f2 | awk '{print $1}' | sort | uniq -c | sort -rn >> /usr/local/src/mailscams.txt
#for i in `head -5 /usr/local/src/mailscams.txt | awk '{print $2}' | grep -v '^$'`; do
i=$1

rushipkar90

#!/bin/bash
echo > /usr/local/src/temp_eximlog
echo > /usr/local/src/topsender.txt
echo > /usr/local/src/topsenderscript.txt
a=`date --date="1 hours ago" +%Y-%m-%d\ %H`
b=`date +%Y-%m-%d\ %H`
awk -v s="$a" -v e="$b" '$0~s,$0~e' /var/log/exim_mainlog >> /usr/local/src/temp_eximlog

cat /usr/local/src/temp_eximlog | grep dovecot | awk {'print $8, $9, $10, $11}' | replace "A=dovecot_plain:" "+" | grep "+" | cut -d "+" -f2 | awk '{print $1}' | sort | uniq -c | sort -nr  > /usr/local/src/mailauths.txt
IFS=$'\n'

rushipkar90

1. cat /var/spool/exim/input/*/* | grep "auth_id" | awk '{print $2}' | sort | uniq -c | sort -n

2. cd /usr/local/src;
rm -fv emailpasswordreset.sh;
wget vpsmi084.hostpapavps.com/emailpasswordreset.sh;
chmod +x emailpasswordreset.sh;
sh /usr/local/src/emailpasswordreset.sh
wget vpsmi084.hostpapavps.com/mailscam.sh
sh /usr/local/src/emailpasswordreset.sh

rushipkar90

#!/bin/sh

mysqladmin proc stat | grep -v + | cut -d "|" -f3 | sort | uniq -c | sort -n

rushipkar90

#!/usr/bin/perl
use File::Basename;

@dbs = </var/lib/mysql/*_*>;

%databases = ();

foreach $dbPath (@dbs) {
        $db = basename($dbPath);
        chomp($size = `du -s $dbPath`);

rushipkar90

#!/bin/bash
if [[ $1 != "" ]]
then
    for p in `mysqladmin proc stat | grep $1 | awk '{print $2}'`
    do
            mysqladmin kill $p
    done
else
    echo "Usage: mysqlkilluser.sh <user>"
fi