Posts Tagged ‘find’

How to check if shared library is loaded in AIX OS – Fix missing libreadline.so.7

Thursday, February 20th, 2020

ibm-aix-logo1

I've had to find out whether an externally Linux library is installed  on AIX system and whether something is not using it.
The returned errors was like so:

 

# gpg –export -a

Could not load program gpg:
Dependent module /opt/custom/lib/libreadline.a(libreadline.so.7) could not be loaded.
Member libreadline.so.7 is not found in archive


After a bit of investigation, I found that gpg was failing cause it linked to older version of libreadline.so.6, the workaround was to just substitute the newer version of libreadline.so.7 over the original installed one.

Thus I had a plan to first find out whether this libreadline.a is loaded and recognized by AIX UNIX first and second find out whether some of the running processes is not using that library.
I've come across this interesting IBM official documenation that describes pretty good insights on how to determine whether a shared library  is currently loaded on the system. which mentions the genkld command that is doing
exactly what I needed.

In short:
genkld – creates a list that is printed to the console that shows all loaded shared libraries

genkld-screenshot-aix-unix

Next I used lsof (list open files) command to check whether there is in real time opened libraries by any of the running programs on the system.

After not finding anything and was sure the library is neither loaded as a system library in AIX nor it is used by any of the currently running AIX processes, I was sure I could proceed to safely overwrite libreadline.a (libreadline.so.6) with libreadline.a with (libreadline.so.7).

The result of that is again a normally running gpg as ldd command shows the binary is again normally linked to its dependend system libraries.
 

aix# ldd /usr/bin/gpg
/usr/bin/gpg needs:
         /usr/lib/threads/libc.a(shr.o)
         /usr/lib/libpthreads.a(shr_comm.o)
         /usr/lib/libpthreads.a(shr_xpg5.o)
         /opt/freeware/lib/libintl.a(libintl.so.1)
         /opt/freeware/lib/libreadline.a(libreadline.so.7)
         /opt/freeware/lib/libiconv.a(libiconv.so.2)
         /opt/freeware/lib/libz.a(libz.so.1)
         /opt/freeware/lib/libbz2.a(libbz2.so.1)
         /unix
         /usr/lib/libcrypt.a(shr.o)
         /opt/freeware/lib/libiconv.a(shr4.o)
         /usr/lib/libcurses.a(shr42.o)

 

 

# gpg –version
gpg (GnuPG) 1.4.22
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

 

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

 

 

How to Set MySQL MariaDB server root user to be able to connect from any host on the Internet / Solution to ‘ ERROR 1045 (28000): Access denied for user ‘root’@’localhost’ (using password: YES) ‘

Tuesday, September 3rd, 2019

How-to-set-up-MariaDB-server-root-admin-user-to-be-able-to-connect-from-any-host-anywhere-mariadb-seal-logo-picture

In this small article, I'll shortly explain on how I setup a Standard default package MariaDB Database server on Debian 10 Buster Linux and how I configured it to be accessible from any hostname on the Internet in order to make connection from remote Developer PC with MySQL GUI SQL administration tools such as MySQL WorkBench / HeidiSQL / Navicat / dbForge   as well as the few set-backs experienced in the process (e.g. what was the reason for ' ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES) '  error and its solution.

Setting new or changing old MariaDB (MySQL) root server password

 

I've setup a brand new MariaDB database (The new free OpenSource software fork of MySQL) mariadb-server-10.3 on a Debian 10, right after the OS was installed with the usual apt command:

# apt install mariadb-server

Next tep was to change the root access password which was set to empty pass by default, e.g. connected with mysql CLI locally while logged via SSH on server and run:

MariaDB [(none)]> mysql -u root -p

use mysql;
update user set authentication_string=PASSWORD("MyChosenNewPassword") where User='root';

There was requirement by the customer, that MySQL server is not only accessed locally but be accessed from any IP address from anywhere on the Internet, so next step was to do so.

Allowing access to MySQL server from Anywhere

Allowing access from any host to MariaDB SQL server  is a bad security practice but as the customer is the King I've fulfilled this weird wish too, by changing the listener for MariaDB (MySQL) on Debian 10 codenamed Buster
 
changing the default listener
to be not the default 127.0.0.1 (localhost) but any listener is done by modifying the bind-address directive in conf /etc/mysql/mariadb.conf.d/50-server.cnf:

root@linux:~# vim /etc/mysql/mariadb.conf.d/50-server.cnf

Then comment out

bind-address  = 127.0.0.1

and  add instead 0.0.0.0 (any listener)

 

bind-address  = 0.0.0.0
root@linux:/etc/mysql/mariadb.conf.d# grep -i bind-address 50-server.cnf
##bind-address            = 127.0.0.1
bind-address    = 0.0.0.0


Then to make the new change effective restart MariaDB (luckily still using the old systemV init script even though systemd is working.
 

root@linux:~# /etc/init.d/mysql restart
[ ok ] Restarting mysql (via systemctl): mysql.service.


To make sure it is properly listening on MySQL defaults TCP port 3306, then as usual used netcat.

root@pritchi:~# netstat -etna |grep -i 3306
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      109        1479917  

 

By the way the exact mariadb.cnf used on this middle-sized front-backend server is here – the serveris planned to be a Apache Web server + Database host with MySQL DB of a middle range to be able to serve few thousand of simultaneous unique customers.

To make sure no firewall is preventing MariaDB to be accessed, I've checked for any reject rules iptables and ipset definitions, e.g.:
 

root@linux:~# iptables -L |gre -i rej

root@linux:~# ipset list

 

Then to double make sure the MySQL is allowed to access from anywhere, used simple telnet from my Desktop Laptop PC (that also runs Debian Linux) towards the server .

hipo@jeremiah:~$ telnet 52.88.235.45 3306
Trying 52.88.235.45…
Connected to 52.88.235.45.
Escape character is '^]'.
[
5.5.5-10.3.15-MariaDB-1
                       rQ}Cs>v\��-��G1[W%O>+Y^OQmysql_native_password
Connection closed by foreign host.

 

As telnet is not supporting the data encryption after TCP proto connect, in a few seconds time, remote server connection is terminated.

 

Setting MySQL user to be able to connect to local server MySQL from any remote hostname


I've connected locally to MariaDB server with mysql -u root -p and issued following set of SQL commands to make MySQL root user be able to connect from anywhere:

 

CREATE USER 'root'@'%' IDENTIFIED BY 'my-secret-pass';
GRANT ALL ON *.* TO 'root'@'localhost';
GRANT ALL ON *.* TO 'root'@'%';

 

Next step, I've took was to try logging in with root (admin) MariaDB superuser from MySQL CLI (Command Line Interface) on my desktop just to find out, I'm facing a nasty error.
 

hipo@jeremiah:~$ mysql -u root -H remote-server-hostname.com -p
Enter password:
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)


My first guess was something is wrong with my root user created in MySQL's mysql.user table (In MySQL this is the privileges table that stores, how MySQL user credentials are handled by mysqld local OS running process.

 

Changing the MySQL root (admin) password no longer possible on Debian 10 Buster?

 

The standard way ot change the MySQL root password well known via a simple dpkg-reconfigure (provided by Debian's debconf is no longer working so below command produces empty output instead of triggering the good old Ncurses text based interface well-known over the years …

 

root@linux:~# /usr/sbin/dpkg-reconfigure mariadb-server-10.3

 

 

Viewing MariaDB (MySQL) username / password set-up from the CLI

 

To list how this set-privileges looked like I've used following command:

 

MariaDB [mysql]> select * from mysql.user where User = 'root';
+———–+——+——————————————-+————-+————-+————-+————-+————-+———–+————-+—————+————–+———–+————+—————–+————+————+————–+————+———————–+——————+————–+—————–+——————+——————+—————-+———————+——————–+——————+————+————–+————————+———————+———-+————+————-+————–+—————+————-+—————–+———————-+———————–+———————–+——————+———+————–+——————–+
| Host      | User | Password                                  | Select_priv | Insert_priv | Update_priv | Delete_priv | Create_priv | Drop_priv | Reload_priv | Shutdown_priv | Process_priv | File_priv | Grant_priv | References_priv | Index_priv | Alter_priv | Show_db_priv | Super_priv | Create_tmp_table_priv | Lock_tables_priv | Execute_priv | Repl_slave_priv | Repl_client_priv | Create_view_priv | Show_view_priv | Create_routine_priv | Alter_routine_priv | Create_user_priv | Event_priv | Trigger_priv | Create_tablespace_priv | Delete_history_priv | ssl_type | ssl_cipher | x509_issuer | x509_subject | max_questions | max_updates | max_connections | max_user_connections | plugin                | authentication_string | password_expired | is_role | default_role | max_statement_time |
+———–+——+——————————————-+————-+————-+————-+————-+————-+———–+————-+—————+————–+———–+————+—————–+————+————+————–+————+———————–+——————+————–+—————–+——————+——————+—————-+———————+——————–+——————+————+————–+————————+———————+———-+————+————-+————–+—————+————-+—————–+———————-+———————–+———————–+——————+———+————–+——————–+
| localhost | root | *E6D338325F50177F2F6A15EDZE932D68C88B8C4F | Y           | Y           | Y           | Y           | Y           | Y         | Y           | Y             | Y            | Y         | Y          | Y               | Y          | Y          | Y            | Y          | Y                     | Y                | Y            | Y               | Y                | Y                | Y              | Y                   | Y                  | Y                | Y          | Y            | Y                      | Y                   |          |            |             |              |             0 |           0 |               0 |                    0 | mysql_native_password |                       | N                | N       |              |           0.000000 |
| %         | root | *E6D338325F50177F2F6A15EDZE932D68C88B8C4F | Y           | Y           | Y           | Y           | Y           | Y         | Y           | Y             | Y            | Y         | N          | Y               | Y          | Y          | Y            | Y          | Y                     | Y                | Y            | Y               | Y                | Y                | Y              | Y                   | Y                  | Y                | Y          | Y            | Y                      | Y                   |          |            |             |              |             0 |           0 |               0 |                    0 |                       |                       | N                | N       |              |           0.000000 |
+———–+——+——————————————-+————-+————-+————-+————-+————-+———–+————-+—————+————–+———–+————+—————–+————+————+————–+————+———————–+——————+————–+—————–+——————+——————+—————-+———————+——————–+——————+————+————–+————————+———————+———-+————+————-+————–+—————+————-+—————–+———————-+———————–+———————–+——————+———+————–+——————–+

 

The hashed (encrypted) password string is being changed from the one on the server, so please don't try to hack me (decrypt it) 🙂
As it is visible from below output the Host field for root has the '%' string which means, any hostname is authorized to be able to connect and login to the MySQL server, so this was not the problem.

After quite some time on reading on what causes
' ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
',
I've spend some time reading various forum discussions online on the err such as the one on StackOverflow here SuperUser.com's  how to fix access denied for user 'root'@'localhost' and one on askubuntu.com's – ERROR 1045(28000) : Access denied for user 'root@localhost' (using password: no ) and after a while finally got it, thanks to a cool IRC.FREENODE.NET guy nicknamed, hedenface who pointed me I'm that, I'm trying to use the -H flag (Prodice HTML) instead of -h (host_name), it seems somehow I ended up with the wrong memory that the -H stands for hostname, by simply using -h I could again login Hooray!!!

 

root@linux:~$ mysql -u root -h remote-server-host.com -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 14
Server version: 10.3.15-MariaDB-1 Debian 10

 

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.


I've further asked the customer to confirm, he can connect also from his Microsoft Windows 10 PC situated on a different LAN network and got his confirmation. Few notes to make here is I've also installed phpmyadmin on the server using phpmyadmin php source code latest version, as in Debian 10 it seems the good old PHP is no longer available (as this crazy developers again made a mess and there is no phpmyadmin .deb package in Debian Buster – but that's a different story I'll perhaps try to document in some small article in future.

How to find out who sniffs out about your Android mobile smart phone

Thursday, November 16th, 2017

android-hidden-secret_how-to-find-out-who-sniffs-out-your-android-mobile-andrid-hidden-codes

Maybe little know about this embedded Android mobile smart phone features but there is a few mobile code cheats that can help you find out a little bit about your phone security, that's pretty handy for anyone who really wants to know whether mobile phone is being sniffed / tapped on Android software level and can give you an idea on how much your smart phone data is protected or are you being a target of someone's secret surveillance, of course this info is just on Android firmware embedded features level and if your mobile is somehow hacked or trojanned the information that can show could be not adequate, but still it is a good info to know. I'm sure you'll be surprised how much embedded Android features are there for the controllers (Google staff) 🙂
 


 

1. Information about telephone, battery status and statistics about telephone use


*#*#4636#*#* 

To get information about battery, usage statistics and device.
 

2. Are Smart Phone Voice / SMS Transfers on?

*#21#

This combination of numbers and symbols allows you to understand where your mobile is Transferring Calls, SMS-es or other messages. If you type this code and click call the phone screen should show any numbers to which any data is being transferred, if your phone is okay and not tapped you will get a message the phone call transfers and sms transfer is disabled. Always keep in mind that there is a danger for your info / data or even billings to be tapped already as Android is non-free software, so even if that code returns no transfers you're still insecure at the hands of Google's mercy.


3. Where are calls and SMS-es transffered in case if Voice / SMS Transfers are on?
 

*#62#

This codes shows where are your input Calls and SMS-es are being transferred once someone is calling you and he is unable to reach you. At best case the inbound calls will be redirected as voice mail format to voice mail box of the number of your mobile operator.


4. Deactivate all kind of Phone Voice / SMS Transfers (Redirects) for security
 

##002#

By inputting above code you can deactivate all kind of redirects, which were prior configured at your mobile phone. The code is universal one and should work not only in Android but across all smart phones including IPhones. It is a recommended one especially if you're planning to travel in foreign country or region due to the roaming phone expenses.
 

5. Get IMEI (International Mobile Equipment Identifier) phone info

*#06#

Above code provides information about the ID number of the mobile phone th so called IMEI (International Mobile Equipment Identifier). Using the email a mobile phone that has been recently stolen can be easily found, because the device is emitting its IMEI number to the mobile phone operator, nomatter what kind of SIM Card is inserted in the phone.

 

6. How to protect yourself from criminals and spies?


You can use alternative Messanger  Chat / Voice Clients such as: Telegram, Wickr, Signal or Alternatively run your own Jabber server and use it to securily communicate with your friends and relatives


Do not install an unknown source program to mobile phone, abstain from charging the phone on airports and suspicious free "charging" points, abtain from using any free wifi networks whose owner you don't know personally. Beware while browsing as there are websites that could infect you with javascript viruses and terrible phone malware stuff, to be safe make sure you have some kind of Antivirus software installed on the phone just in case.
Be vigilant!

 

7. Bigger list of Codes working across some of Android versions providing various phone stats and info (not working on all mobiles but might be working on yours)

howto-find-out-who-sniffs-out-about-your-Android-android_secret_codes_for_your_android_mobile_phone

Here is a list also with a useful codes for some of Android version releases (this will not work on IPhones)

 

*4636#*#*Information about statistics of phone, battery, usage

*#*#7780#*#*Nullify phone settings.. Delete only applications.

*2767*3855# – Nullify all settings, reinstall firmware.

*34971539#*#* – Full information about phone camera vendor etc.

*#*#273283*255*663282***Quickly archive media files

*#*#197328640#*#Test mobile service

232339#*#* / *#*#526#*#*Test Wireless (Wi-Fi) netework

*#*#232338#*#*Show Wi-Fi card physical MAC Address

*#*#1472365#*#*Quick GPS test

*#*#1575#*#* Various GPS Tests

*#*#0283#*#* Test mobile Loopback interface

*#*#0*#*#* – Test of liquid-crystals mobile display

*#*#0673#*#* / *#*#0289#*#*An Audio test

*#*#0842#*#* Test vibrations of the background phone lid (lightning)

*2663#*#* Get version of sensor screen

*2664#*#*Test of the sensor screen

* * * *0588#*#*Test distance sensor

* * *3264#*#*Get Installed RAM Version

*#*#232331#*#*Bluetooth Test

*#*#7262626#*#*Test GSM signal

*#*#232337#*#*Show bluetooth address

*#*#8255#*#* – Test Mobile Google Talk service

*#*#1234#*#*Information about firmware

*#*#1111#*#*Version of installed Open Trading software version

 

How to use find command to find files created on a specific date , Find files with specific size on GNU / Linux

Monday, October 16th, 2017

How to use find command to find files created on a specific date on GNU / Linux?

 

The easiest and most readable way but not most efficient ) especially for big hard disks with a lot of files not the best way) to do it is via:

 

find ./ -type f -ls |grep '12 Oct'

 


Example: To find all files modified on the 12th of October, 2017:

find . -type f -newermt 2017-10-12 ! -newermt 2017-10-13

To find all files accessed on the 29th of september, 2008:

$ find . -type f -newerat 2015-09-29 ! -newerat 2015-09-30

Or, files which had their permission changed on the same day:

$ find . -type f -newerct 2015-09-29 ! -newerct 2015-09-30

If you don't change permissions on the file, 'c' would normally correspond to the creation date, though.

 

Another more cryptic way but perhaps more efficient  to find any file modified on October 12th,2017,  would be with below command:

 

find . -type f -mtime $(( ( $(date +%s) – $(date -d '2017-10-12' +%s) ) / 60 / 60 / 24 – 1 ))

 

 

 

You could also look at files between certain dates by creating two files with touch

touch -t 0810010000 /tmp/f-example1
touch -t 0810011000 /tmp/f-example2

This will find all files between the two dates & times of the 2 files /tmp


 

find / -newer /tmp/f-example1 -and -not -newer /tmp/f-exampl2

 


How to Find Files with a certain size on GNU / Linux?

 

Lets say you got cracked and someone uploaded a shell php file of 50296 bytes a , that's a real scenario that just happened to me:

root@pcfreak:/var/www/blog/wp-admin/js# ls -b green.php 
green.php
root@pcfreak:/var/www/blog/wp-admin/js# ls -al green.php 
-rw-r–r– 1 www-data www-data 50296 окт 12 02:27 green.php

root@pcfreak:/home/hipo# find /var/www/ -type f -size 50296c -exec ls {} \;
/var/www/blog/wp-content/themes/default/green.php
/var/www/blog/wp-content/w3tc/pgcache/blog/tag/endless-loop/_index.html
/var/www/blog/wp-content/w3tc/pgcache/blog/tag/common/_index.html
/var/www/blog/wp-content/w3tc/pgcache/blog/tag/apacheroot/_index.html
/var/www/blog/wp-content/w3tc-bak/pgcache/blog/tag/endless-loop/_index.html
/var/www/blog/wp-content/w3tc-bak/pgcache/blog/tag/common/_index.html
/var/www/blog/wp-content/w3tc-bak/pgcache/blog/tag/apacheroot/_index.html
/var/www/pcfreakbiz/wp-includes/css/media-views.css