Linux under the Emergency tool

Source: Internet
Author: User
Tags domain name registration icann git clone icann whois

The emergency tools under Linux

Under Linux, the emergency point of view is nothing more than that, one is to see the performance (downtime, high CPU, high memory, high IO, high network communication), two look at the connection, three look at the process, four look at the log, five look at the file (Linux all files), and then combine to see. So I wrote two gadgets for a common emergency operation. Currently support for CentOS and Redhat, in fact, because of Python-based, basically cross-platform, the vast majority of features support other releases of Linux and even windows.

Installation of tools
#要求root权限git clone LinuxEmergencysh ./
Use the tool to view operating system information:
[[email protected] emergency]# python -o        内核版本 : Linux-3.10.0-514.26.2.el7.v7.4.qihoo.x86_64-x86_64-with-centos-7.2.1511-Core        CORE数量 : 16        CPU数量 : 16        CPU使用率 : scputimes(user=1.0, nice=0.0, system=0.0, idle=15.0, iowait=0.0, irq=0.0, softirq=0.0, steal=0.0, guest=0.0, guest_nice=0.0)        内存总量  : 33736994816        内存使用率 : 5.1[[email protected] emergency]#
To view kernel module information:
[[email protected] emergency]# python -k内核模块 : nfnetlink_queue  来源  :内核模块 : nfnetlink_log  来源  :内核模块 : nfnetlink  来源  :  nfnetlink_log,nfnetlink_queue内核模块 : bluetooth  来源  :
To view the IP addresses for which all logins failed successfully:
[[email protected] emergency]# python -l192.168.100.35  失败192.168.100.31  失败127.0.0.1  失败192.168.100.20  成功
View login success and Failure logs
#  成功的 -s[[email protected] emergency]# python -s | more账户 : emergency    时间 : 2017-08-09-11:20  来源 : (账户 : emergency    时间 : 2017-08-09-14:34  来源 : (账户 : root    时间 : 2017-09-28-12:38  来源 : (账户 : root    时间 : 2017-09-28-12:46  来源 : (账户 : root    时间 : 2017-09-28-13:13  来源 : ( 失败的 -f[[email protected] emergency]# python -f | more账户 : emergency    时间 :  来源 : Jul-6-21:27---21:27账户 : emergency    时间 :  来源 : Jul-6-21:25---21:25账户 : admin    时间 :  来源 : Jul-5-15:32---15:32#  如果需要指定IP 加-i参数 ,例如 -i;
View a list of processes and more information
# list information [[email protected] emergency]# python*************************************************** Process ID Number: 2 process name: Kthreadd process User: Root startup time: 2018-06-16 07 : 40:48cpu%: 0% memory ratio: 0% network connection: ******************************************************************************** *************************************************************************************************************** Process ID Number: 3 process name: ksoftirqd/0 process User: Root start time: 2018-06-16 07:40:48cpu ratio: 0% memory ratio: 0. 0% Network Connections: ******************************************************************************************************* ... # # more information [[email protected] emergency]# python 28344**************************************     Process ID Number: 28344 process Name: Screen process User: Emergency Start time: 2018-06-22 13:25:30 work path:/home/emergency/process command: Screen parents enterPath: 1 Parent-child process: [28345]CPU ratio: 0% memory ratio: 0.0046135703802% network connection: Process Environment: Terminal session:/bin/bash Security session: Login account : Emergency work account: Emergency permission path:/usr/lib64/ccache:/usr/local/bin:/usr/bin:/usr/local/sbin:/ usr/sbin:/home/emergency/tools:/usr/local/bin:/usr/local/sbin:/usr/local/python3/bin:/home/emergency/.local/ Bin:/home/emergency/bin User directory:/home/emergency***************************************************************** ******************************************
Add VirusTotal Basic Query function
# 检查样本[[email protected] emergency]# python -f ./LICENSE******************************************检测时间: 2018-07-09 07:31:04报毒数量: 0报毒引擎: []引擎总数: 59******************************************# 检查URL[[email protected] emergency]# python -u******************************************检测时间: 2018-07-09 16:33:29关联样本: 0关联连接: 0关联域名: 0******************************************# 检查域名[[email protected] emergency]# python -d******************************************检测时间: 2018-07-09 16:33:35关联样本: 202关联连接: 100关联域名: 8******************************************# 检查IP[[email protected] emergency]# python -a******************************************检测时间: 2018-07-09 16:34:05关联样本: 135关联连接: 93关联域名: 592******************************************
Increase the ability to view whois information
[[email protected] emergency]# python baidu.comdomain Name:baidu.comRegistry Domain id:11181110_ Domain_com-vrsnregistrar WHOIS Server:whois.markmonitor.comRegistrar url:http://www.markmonitor.comupdated Date: 2017-07-27t19:36:28-0700creation Date:1999-10-11t04:05:17-0700registrar Registration Expiration date:2026-10-11t00 : 00:00-0700registrar:markmonitor, Inc.registrar IANA id:292registrar abuse contact email:abusecomplain[email  Protected]registrar abuse Contact Phone: +1.2083895740domain status:clientupdateprohibited ( epp#clientupdateprohibited) Domain status:clienttransferprohibited ( clienttransferprohibited) Domain status:clientdeleteprohibited ( Domain status:serverupdateprohibited ( domain Status: Servertransferprohibited ( Domain Status:serverdeleteprohibited ( registrant organization:beijing Baidu Netcom Science Technology Co., ltd.registrant state/province:beijingregistrant country:cnadmin organization:beijing Baidu Netcom Scie NCE technology Co., ltd.admin state/province:beijingadmin Country:cntech organization:beijing Baidu Netcom Science Tech Nology Co., state/province:beijingtech country:cnname Serv of the ICANN WHOIS Data problem R Eporting system:>>> last update of WHOIS database:2018-07-09t02:21:59-0700 <  <<if Certain contact information isn't shown for a registrant, administrative,or Technical contact, and your wish to Send a message to these contacts, pleasesend your message to [email protected] and specify the domain name inthe sub Ject Line. We'll forward that message to the underlying contact. If you had a legitimate interest in viewing the non-public WHOIS details, Sendyour request and the reasons for your Reque St to [Email protected]and specify the domain name ' in the ' subject line. We'll review this request Andmay ask for supporting documentation and explanation.  The Data in's WHOIS database is provided by forinformation purposes, and to assist persons  In obtaining information for orrelated to a domain name registration record. does not guaranteeits accuracy. By submitting a WHOIS to query, you agree that would use the this dataonly for lawful purposes and that, under no circumstance s Would you use this Data to: (1) Allow, enable, or otherwise support the transmission of mass unsolicited, commercial Advertising or solicitations via e-mail (spam); or (2) enable high volume, automated, electronic processes, and apply to (or its systems). reserves the right to ModiFY these terms at any time. By submitting this query, you agree to abide by the this policy. MarkMonitor is the Global Leader in Online brand Protection.markmonitor Domain Management (TM) MarkMonitor brand Protection ( TM) MarkMonitor Antipiracy (tm) MarkMonitor AntiFraud (tm) Professional and Managed servicesvisit markmonitor at/http Www.markmonitor.comContact us at +1.8007459229in Europe, at +44.02032062220for + information on Whois status codes, ple ASE Visit
About the Web attack log detection program download:
git clone
About using:
  parser.add_option ("-F", "--floder", dest= "filepath", help= "Access log file path") D_option ("-T", "--time", dest= "Accesstime", help= "set search Time") parser.add_option ("-D", "--date", dest= "accessdate ", help=" set search Date ") parser.add_option ("-C ","--count ", action= ' store_true ', dest=" Count ", help=" show count Information ") parser.add_option ("-P ","--payload ", dest=" payload ", help=" set search payload ") parser.add_option ("-A ", "--address", dest= "IPAddress", help= "set search IPAddress") parser.add_option ("-V", "--version", action= ' store_true ', Dest= "Version", help= "show Document") Parser.add_option ("-I", "--detail", action= ' store_true ', dest= "detail", help= " Show Detail ") parser.add_option ("-S ","--shell ", action= ' store_true ', dest=" Webshell ", help=" show suspicious Webshell " ) Parser.add_option ("-G", "--ipflag", dest= "Ipposition", help= "IP position in logfile") parser.add_option ("-N", "--name ", dest=" filename ", help=" FileName flag ")  

Emergency tools under Linux

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.