How to Scan process capabilities - linux-capabilities

I would like to see the linux capabilities of running processes.

ps -ef |awk {'print $2'} | xargs getpcaps

Related

How do i redirect a list of IP addresses to a command line function?

I want to see what countries are trying to access my VPS. I have installed a tool called "goiplookup", which was forked from another effort called "geoiplookup". If I type this at the command line:
goiplookup 8.8.8.8
It returns this:
US, United States
So I figured out how to get a list of IPs that are trying to access my server by using this:
sudo grep "disconnect" /var/log/auth.log | grep -v COMMAND | awk '{print $9}'
Which gives a long list of IPs like this:
1.1.1.1
2.2.2.2
3.3.3.3
I cannot figure out how to get this list of IPs to be processed by the "goiplookup" tool. I tried this:
sudo grep "disconnect" /var/log/auth.log | grep -v COMMAND | awk '{print $9}' | goiplookup
but that did not work. I also tried with no luck:
sudo grep "disconnect" /var/log/auth.log | grep -v COMMAND | awk '{print $9}' | xargs -0 goiplookup
Try this:
sudo grep "disconnect" /var/log/auth.log | grep -v COMMAND | awk '{print $9}' | sort | uniq | xargs -n 1 goiplookup
I added | sort | uniq to ensure each IP only appears once
and xargs -n 1 so that each found IP is processes by goiplookup
I would put it into a file and make a small utility to parse it:
sudo grep "disconnect" /var/log/auth.log | grep -v COMMAND | awk '{print $9}' | sort -u > ./file.txt
cat ./file.txt | while read -r line; do
temp$(echo $line)
goiplookup $temp
done
This will read through the file one line at a time and execute the goiplookup with each IP.
sudo grep disconnect /var/log/auth.log | awk '!/COMMAND/ && !seen[$0]++ {system("geoiplookup \""$9"\""}
Note that geoiplookup only allows one IP per invocation.
The whole thing can be done in awk, but using grep allows the rest to be run unprivileged.
Consider whether grep -w (match whole word) is appropriate, and in awk you can do a similar thing with !/(^|[^[:alnum:]_])COMMAND($|[^[:alnum:]_])/.
I just made a shell script, which works.
#!/bin/bash
readarray -t array < <(sudo grep "disconnect" /var/log/auth.log | grep -v COMMAND | awk '{print $9}' | sort | uniq)
for ip in "${array[#]}"
do
:
country=$(/usr/local/bin/goiplookup -c $ip)
echo "$ip $country"
done

Not able to run piped shell scripts in jenkins

I am trying to kill all the existing processes before checkout the code and build it, in order to do, I am using the below command.
sudo ps -ef | grep 'dotnet' | grep -v grep | awk '{print $2}' | xargs -r kill -9;
This is working fine when I run it in the server manually. whereas, using in the jenkins pipeline as Execute Shell script, its not working.
Here is the jenkin's output
**-----------
[CICD] $ /bin/sh -xe /tmp/jenkins6283168714008394634.sh
+ ps -ef
+ grep dotnet
+ grep -v grep
+ + awk {print $2}xargs
-r kill -9
Failed build for hudson.tasks.Shell#178f47d3
**------------
Can someone please help?

Command run via xargs fails but runs manually

I'm trying to create a command that will automatically attach to my existing python docker container, and trying to chain a bunch of commands together.
docker ps | grep "mypythoncontainer" | awk '{print $1}' | xargs docker attach
If I run
docker ps | grep "mypythoncontainer" | awk '{print $1}' | xargs echo
I get back a docker id string, as expected. And if I do docker attach {id string} (copied from the return of the statement right above this), it works. But when I run the full command at top, I get an error (the input device is not a TTY).
So docker ps | grep "mypythoncontainer" | awk '{print $1}' | xargs echo would echo out abc, but docker ps | grep "mypythoncontainer" | awk '{print $1}' | xargs docker attach would fail, while docker attach abc works. Not sure what about xargs I don't understand.
Try:
docker attach $(docker ps | grep "mypythoncontainer" | awk '{print $1}')
or simplier:
docker attach $(docker ps | awk '/mypythoncontainer/{print $1}')
Not sure what about xargs I don't understand.
Running: ...| ... docker ... will redirect docker's standard input to ... the ouput of awk, wich was already read by xargs. So docker abc will r
un with a broken (already closed) STDIN, then fail.

bash script to kill process on remote machines

I want to kill process on remote machines via ssh but its not working
VAR=$(ssh ${HOSTS} ps -ef | grep $SERVICE | grep -v grep | awk '{print $2}' | xargs kill -9)
ssh ${HOSTS} ps ef < /dev/null > /dev/null 2> /dev/null
The problem is that your pipe process get execute on your local host rather than on the server.
A solution is to quote protect the command:
VAR=$(ssh ${HOSTS} "ps -ef | grep $SERVICE | grep -v grep | awk '{print \$2}' | xargs kill -9")
ssh ${HOSTS} "ps ef" < /dev/null > /dev/null 2> /dev/null
Below command worked well for me to kill processes on remove server.
I'm able to kill tail command running on remote server.
ssh -tty ${Host}" ps -efwww | grep tail |grep -v grep |cut -c 10-15|xargs kill -9 "

Trying to kill process by shell scripting

I want to kill process through shell scripting it is giving me error. Here is what i tried so far:
When i try to kill memcache it give me error like "kill: No such process" , i used below command:
ps -ef | grep "memcache" | awk '{print $2}' | xargs kill;
or if try like below:
kill -9 $(pidof memcache)
i get error like below:": arguments must be process or job IDs"
When i run directly on command prompt process is running:
ring#ubuntu:~/parasol$ ps aux | grep memcache
memcache 873 0.0 0.0 323220 1188 ? Sl 22:56 0:00 /usr/bin/memcached -m 64 -p 11211 -u memcache -l 127.0.0.1
ring 1714 0.0 0.0 9384 920 pts/0 S+ 23:45 0:00 grep --color=auto memcache
I reff to https://askubuntu.com/questions/239923/shell-script-to-9-kill-based-on-name
AND
Shell script to capture Process ID and kill it if exist
My Ubuntu Version:
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=12.04
DISTRIB_CODENAME=precise
DISTRIB_DESCRIPTION="Ubuntu 12.04.2 LTS"
NAME="Ubuntu"
VERSION="12.04.2 LTS, Precise Pangolin"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu precise (12.04.2 LTS)"
VERSION_ID="12.04"
Acutally
ps -ef | grep memcache
will give two lines..
so you can go this way
ps -ef | grep memcache | grep -v "grep" | awk '{print $2}' | xargs kill;
This can get you exact one PID
if I has to do I would break it in 2 lines in start
#!/bin/bash
PID=`ps -ef | grep memcache | grep -v "grep" | awk '{print $2}'`
echo $PID
#to check PID is right
kill -9 $PID
save it in scrip files say test.sh
then on terminal
chmod +x test.sh
then
./test.sh
You can use these commands:
pkill memcached
or
pgrep memcached | xargs kill -9
or
killall memcached.
pgrep, pkill - look up or signal processes based on name and other attributes.
Your first command might be killing itself before having chance to kill the target processes.
For a reliable way, run pkill /usr/bin/memcached or pkill -9 /usr/bin/memcached although the latter is a bad practice.
For the first command, you see that there are two processes that matches the pattern you grep for. The actual memcached process and your grep process. That is probably the reason for the error of the first command line.
Try narrowing the search down, for example by grepping for e.g. "^memcache.*/usr/bin/memcached".
The problem with the second error is that you're calling pidof with the username instead of the process name, so the command is essentially kill -9 without any process id. Try instead e.g. pidof memcached to get the process id of the correct process.
ps -ef | grep "memcache" | awk '{print $2}' | xargs kill;
PID=`ps -ef | grep memcache | grep -v "grep" | awk '{print $2}'`
#...
First, you could use cut instead of awk in this case. No need to use a tank to kill a fly ;)
Then, why is it necessary to brutally kill memcache? You have a daemon to stop it :
/etc/init.d/memcached stop
service memcached stop

Resources