Following assume you use Dovecot
- find all the IP's a user connects from to check dovecot mail with number of connections for each
grep 'dovecot:' /var/log/mail.log | grep 'Login:' | grep 'rip=' | cut -d',' -f3 | cut -d'=' -f2 | sort | uniq -c
- find all protocols a user connects from to check dovecot mail, with number of connections
grep 'dovecot:' /var/log/mail.log | grep 'Login:' | cut -d':' -f4 | cut -d'-' -f1 | sort | uniq -c
- Get a list of all banned sites with the jails that banned them from fail2ban with number of hits (gives you a list of IP's that are hitting you a lot)
# limit by date grep '2014-02-2' fail2ban.log | grep 'Ban' | cut -d' ' -f5,7 | sort | uniq -c | sort # dump the whole log file grep 'Ban' fail2ban.log | cut -d' ' -f5,7 | sort | uniq -c | sort
- Block all UDP traffic with IPTables
iptables -A INPUT -p udp -j DROP iptables -A OUTPUT -p udp -j DROP # to disable, issue this command iptables -D OUTPUT -p udp -j DROP
- As above, but allow DNS via port 53, see http://stackoverflow.com/questions/11064248/block-all-udp-traffic-except-dns-using-iptables
iptables -A INPUT -p udp --sport 53 -j ACCEPT iptables -A INPUT -p udp --dport 53 -j ACCEPT iptables -A OUTPUT -p udp --sport 53 -j ACCEPT iptables -A OUTPUT -p udp --dport 53 -j ACCEPT iptables -A INPUT -p udp -j DROP iptables -A OUTPUT -p udp -j DROP
- Block someone who is attacking you via iptables
iptables -A INPUT -s address.of.bad.guy -j DROP
- find all .bak files in the samba share and determine total space used by them
find samba/ -type f -iname '*\.bak' -exec du -Bk \{\} \; | cut -dK -f1| paste -sd+ - | bc - This is in three parts. First, we use find to locate all *.bak files (case insensitive), then have it run the du command on them. Using -Bk means the output will all be in kilobytes
- Then, we pass the output of that to cut, parsing only the numbers before the 'K' that du puts after the number, so we have a stream of integers, one per line.
- Now, pass that to paste, which will concatenate all ines together, separated by a delimiter (a plus sign in this case). paste normally wants a file, but using the trailing - tells it to take its input from STDIN
- At this point, we have a formula, fs1+fs2+fs3, which we simply pass to bc. It calculates the results of the formula, and prints the result on the output.
- As above, but also count the number of files. Warning: This only works in bash, zsh and ksh. Will not work in dash or sh (or bash in sh mode)
find samba/ -type f -iname '*\.bak' -exec du -Bk \{\} \; | cut -dK -f1| tee >(wc>/tmp/a) | paste -sd+ - | bc ; cat /tmp/a - Here, we've added the tee command so we can pass it to wc. Since the output of wc will not go to the output, but instead be passed to paste, we redirect the output to /tmp/a, then cat that file when done.
- NOTE: if /tmp/a exists, it is overwritten without notification.
- http://unix.stackexchange.com/questions/28503/how-can-i-send-stdout-to-multiple-commands
- Find the oldest file in a directory tree
find -type f -printf '%T+ %p\n' | sort | head -n 1 # oldest find -type f -printf '%T+ %p\n' | sort -r | head -n 1 # newest
http://superuser.com/questions/552600/how-can-i-find-the-oldest-file-in-a-directory-tree#552606
Tags: dovecot, iptables
