SEO

permalink · #1 (**permalink**) 03-28-2008, 04:36 AM

I am suffering from a bad case of CRS today, and don't remember
the command on OpenServer that dumps all the user and group
information from the tcb database. I seem to remember that it
requires a -g option to get the proper group information, and -4
to restore from a dump file, but don't remember the command name.

Any help?

Bill
--
INTERNET: bill@celestial.com Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way
FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676

The trouble with fighting for human freedom is that one spends most of
one's time defending scoundrels. For it is against scoundrels that
oppressive laws are first aimed, and oppression must be stopped at the
beginning if it is to be stopped at all. -- H. L. Mencken

permalink · #2 (**permalink**) 03-28-2008, 04:36 AM

On Sat, 22 Mar 2008, Bill Campbell wrote:
> I am suffering from a bad case of CRS today, and don't remember
> the command on OpenServer that dumps all the user and group
> information from the tcb database. I seem to remember that it
> requires a -g option to get the proper group information, and -4
> to restore from a dump file, but don't remember the command name.
>
> Any help?

ap

--
Boyd Gerber <gerberb@zenez.com>
ZENEZ 1042 East Fort Union #135, Midvale Utah 84047

permalink · #3 (**permalink**) 03-28-2008, 04:36 AM

Bill Campbell wrote:
> I am suffering from a bad case of CRS today, and don't remember
> the command on OpenServer that dumps all the user and group
> information from the tcb database. I seem to remember that it
> requires a -g option to get the proper group information, and -4
> to restore from a dump file, but don't remember the command name.
>
> Any help?

"pa"?

permalink · #4 (**permalink**) 03-28-2008, 04:36 AM

Bill Campbell wrote:
> I am suffering from a bad case of CRS today, and don't remember
> the command on OpenServer that dumps all the user and group
> information from the tcb database. I seem to remember that it
> requires a -g option to get the proper group information, and -4
> to restore from a dump file, but don't remember the command name.
>
> Any help?

"pa"?

permalink · #5 (**permalink**) 03-28-2008, 04:36 AM

On Sat, Mar 22, 2008, Boyd Lynn Gerber wrote:
>On Sat, 22 Mar 2008, Bill Campbell wrote:
>> I am suffering from a bad case of CRS today, and don't remember
>> the command on OpenServer that dumps all the user and group
>> information from the tcb database. I seem to remember that it
>> requires a -g option to get the proper group information, and -4
>> to restore from a dump file, but don't remember the command name.
>>
>> Any help?
>
>ap

/tcb/bin/ap -- thanks.

Bill
--
INTERNET: bill@celestial.com Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way
FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676

What's this script do?
unzip ; touch ; finger ; mount ; gasp ; yes ; umount ; sleep
Hint for the answer: not everything is computer-oriented. Sometimes you're
in a sleeping bag, camping out.
(Contributed by Frans van der Zande.)

permalink · #6 (**permalink**) 03-28-2008, 04:36 AM

Boyd Lynn Gerber typed (on Sat, Mar 22, 2008 at 05:08:59PM -0600):
| On Sat, 22 Mar 2008, Bill Campbell wrote:
| > I am suffering from a bad case of CRS today, and don't remember
| > the command on OpenServer that dumps all the user and group
| > information from the tcb database. I seem to remember that it
| > requires a -g option to get the proper group information, and -4
| > to restore from a dump file, but don't remember the command name.
| >
| > Any help?
|
| ap
|
| --
| Boyd Gerber <gerberb@zenez.com>
| ZENEZ 1042 East Fort Union #135, Midvale Utah 84047

Boyd,

Can 'ap' be used to determine if ones password has been changed?
especially root's password? .... other then grepping '/etc/shadow'
for a user and checking for a change?

TIA,
- Jeff H

permalink · #7 (**permalink**) 03-28-2008, 04:36 AM

On Mon, 24 Mar 2008, Jeff Hyman wrote:
> Boyd Lynn Gerber typed (on Sat, Mar 22, 2008 at 05:08:59PM -0600):
> | On Sat, 22 Mar 2008, Bill Campbell wrote:
> | > I am suffering from a bad case of CRS today, and don't remember
> | > the command on OpenServer that dumps all the user and group
> | > information from the tcb database. I seem to remember that it
> | > requires a -g option to get the proper group information, and -4
> | > to restore from a dump file, but don't remember the command name.
> | >
> | > Any help?
> | ap
> |
> Can 'ap' be used to determine if ones password has been changed?
> especially root's password? .... other then grepping '/etc/shadow'
> for a user and checking for a change?

yes with the right options. What I have done is a nightly shell script
that dumps everything and then does a diff on the saved know good and the
new dump. This lets me know when some makes changes. I am working on a
port of rkhunter that would be better, as it checks for a lot of other
things.

--
Boyd Gerber <gerberb@zenez.com>
ZENEZ 1042 East Fort Union #135, Midvale Utah 84047

permalink · #8 (**permalink**) 03-28-2008, 04:36 AM

Jeff Hyman typed (on Mon, Mar 24, 2008 at 01:25:25PM -0400):
|
| Can 'ap' be used to determine if ones password has been changed?
| especially root's password? .... other then grepping '/etc/shadow'
| for a user and checking for a change?

Not at all. 'ap' just takes a snapshot of current parameters.

Just what would you grep for in /etc/shadow to tell you that a password
had changed? The file's mtime would be more relevant, but that would
just indicate some change somewhere in, and not *which* change.

You might want to check the times recorded in /tcb/files/auth/r/root.

--
JP

permalink · #9 (**permalink**) 03-28-2008, 04:36 AM

Jean-Pierre Radley wrote:
> Jeff Hyman typed (on Mon, Mar 24, 2008 at 01:25:25PM -0400):
> |
> | Can 'ap' be used to determine if ones password has been changed?
> | especially root's password? .... other then grepping '/etc/shadow'
> | for a user and checking for a change?
>
> Not at all. 'ap' just takes a snapshot of current parameters.
>
> Just what would you grep for in /etc/shadow to tell you that a password
> had changed? The file's mtime would be more relevant, but that would
> just indicate some change somewhere in, and not *which* change.
>
> You might want to check the times recorded in /tcb/files/auth/r/root.
>

You'd compare it to the previous night's /etc/shadow snapshot.

permalink · #10 (**permalink**) 03-28-2008, 04:36 AM

On Mon, Mar 24, 2008, Boyd Lynn Gerber wrote:
>On Mon, 24 Mar 2008, Jeff Hyman wrote:
>> Boyd Lynn Gerber typed (on Sat, Mar 22, 2008 at 05:08:59PM -0600):
>> | On Sat, 22 Mar 2008, Bill Campbell wrote:
>> | > I am suffering from a bad case of CRS today, and don't remember
>> | > the command on OpenServer that dumps all the user and group
>> | > information from the tcb database. I seem to remember that it
>> | > requires a -g option to get the proper group information, and -4
>> | > to restore from a dump file, but don't remember the command name.
>> | >
>> | > Any help?
>> | ap
>> |
>> Can 'ap' be used to determine if ones password has been changed?
>> especially root's password? .... other then grepping '/etc/shadow'
>> for a user and checking for a change?
>
>yes with the right options. What I have done is a nightly shell script
>that dumps everything and then does a diff on the saved know good and the
>new dump. This lets me know when some makes changes. I am working on a
>port of rkhunter that would be better, as it checks for a lot of other
>things.

One could use ap, but that's kinda like my father's old saying, ``anything
is possible, even intercourse in a hammock standing up''.

You're probably better off using software designed to maintain a
database of system information, and look for changes in critical
files. Aide and tripwire are often used for this.

Bill
--
INTERNET: bill@celestial.com Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way
FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676

Rights is a fictional abstraction. No one has ``Rights'', neither
machines nor flesh-and-blood. Persons... have opportunities, not rights,
which they use or do not use.
-- Lazarus Long

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

SEO

Command to dump/restore user info OSR5