6 27/06/19 14:04:40 ll 7 27/06/19 14:04:40 chmod -R 777 global/ 8 27/06/19 14:04:40 cd global/ 9 27/06/19 14:04:40 ll 10 27/06/19 14:04:40 exit 11 27/06/19 14:04:40 crontab -l 12 27/06/19 14:04:40 cat /root/script/backupToSTORAGESVR.sh 13 27/06/19 14:04:40 find / -name vm.jar 14 27/06/19 14:04:40 crontab -l 15 27/06/19 14:04:40 cat /root/script/backupToSTORAGESVR.sh 16 27/06/19 14:04:40 crontab -l 17 27/06/19 14:04:40 cat /root/script/backupToSTORAGESVR.sh 18 27/06/19 14:04:40 crontab -l 19 27/06/19 14:04:40 cat /root/script/backupToSTORAGESVR.sh 20 27/06/19 14:04:40 cat /root/script/backupToSTORAGESVR.sh | grep RSY 21 27/06/19 14:04:40 cd /etc 22 27/06/19 14:04:40 cd httpd/ 23 27/06/19 14:04:40 cd conf 24 27/06/19 14:04:40 ls 25 27/06/19 14:04:40 vi httpd.conf 26 27/06/19 14:04:40 cd /srv/images/live/hotel/mikiNet/image/v1.0 27 27/06/19 14:04:40 ls -ltr 28 27/06/19 14:04:40 find . -type d -user root ! -perm 777 29 27/06/19 14:04:40 ctontab -l 30 27/06/19 14:04:40 crontab -l 31 27/06/19 14:04:40 yum -y update 32 27/06/19 14:04:40 ls -al /srv/images/live/hotel/mikiNet/image/v1.0/White_Label/global/css/print.css 33 27/06/19 14:04:40 lspci 34 27/06/19 14:04:40 ip a 35 27/06/19 14:04:40 df -h 36 27/06/19 14:04:40 yum -y update 37 27/06/19 14:04:40 crontab -l 38 27/06/19 14:04:40 cat /root/script/backupToSTORAGESVR.sh 39 27/06/19 14:04:40 crontab -l 40 27/06/19 14:04:40 cat /root/script/backupToSTORAGESVR.sh 41 27/06/19 14:04:40 cd /srv/images/live/hotel/mikiNet/image/v1.0 42 27/06/19 14:04:40 find . -type d -user root ! -perm 777 43 27/06/19 14:04:40 ll -ld ./AE/97001/1411 44 27/06/19 14:04:40 ll AE/97001/|tail 45 27/06/19 14:04:40 chown images:images ./AE/97001/1411; chmod 755 ./AE/97001/1411;ls -ld ./AE/97001/1411 46 27/06/19 14:04:40 date 47 27/06/19 14:04:40 ll -ld ./AE/97001/1411 48 27/06/19 14:04:40 cd /srv/images/live/hotel/mikiNet/image/v1.0 49 27/06/19 14:04:40 find . -user root -type d ! -perm 777 50 27/06/19 14:04:40 cd /etc/yum 51 27/06/19 14:04:40 ll 52 27/06/19 14:04:40 cd /etc/yum.repos.d/ 53 27/06/19 14:04:40 ll 54 27/06/19 14:04:40 less redhat.repo 55 27/06/19 14:04:40 yum -y update 56 27/06/19 14:04:40 yum clean all 57 27/06/19 14:04:40 yum -y update 58 27/06/19 14:04:40 yum clean all 59 27/06/19 14:04:40 yum -y update 60 27/06/19 14:04:40 cd /etc 61 27/06/19 14:04:40 cd yum.repos.d/ 62 27/06/19 14:04:40 ls 63 27/06/19 14:04:40 cat influxdb.repo 64 27/06/19 14:04:40 wget http://10.100.1.72/repos/influxdb/influxdb.key 65 27/06/19 14:04:40 rm -f influxdb.key 66 27/06/19 14:04:40 ls 67 27/06/19 14:04:40 yum -y update 68 27/06/19 14:04:40 cd /etc 69 27/06/19 14:04:40 cd yum.repos.d/ 70 27/06/19 14:04:40 vi influxdb.repo 71 27/06/19 14:04:40 yum -y update 72 27/06/19 14:04:40 service telegraf restart 73 27/06/19 14:04:40 tail -f /var/log/telegraf/telegraf.log 74 27/06/19 14:04:40 yum -y update 75 27/06/19 14:04:40 df 76 27/06/19 14:04:40 vi test4.sh 77 27/06/19 14:04:40 chmod +x test4.sh 78 27/06/19 14:04:40 ./test4.sh 79 27/06/19 14:04:40 touch /root/netstat.txt 80 27/06/19 14:04:40 ./test4.sh 81 27/06/19 14:04:40 vi ./test4.sh 82 27/06/19 14:04:40 netstat 83 27/06/19 14:04:40 netstat -np 84 27/06/19 14:04:40 vi ./test4.sh 85 27/06/19 14:04:40 ./test4.sh 86 27/06/19 14:04:40 netstat -np 87 27/06/19 14:04:40 vi ./test4.sh 88 27/06/19 14:04:40 netstat -anp | egrep -i 'est' | awk -F ':' '{print $4, $5, $8, $9}' | awk '{print $1, $2, $3, $4}' | grep '10\.100\.' | grep -v '^127' 89 27/06/19 14:04:40 netstat -anp | egrep -i 'est' | awk -F ':' '{print $4, $5, $8, $9}' | awk '{print $1, $2, $3, $4}' | grep '10\.100\.' 90 27/06/19 14:04:40 netstat -anp | egrep -i 'est' | awk -F ':' '{print $4, $5, $8, $9}' | awk '{print $1, $2, $3, $4}' 91 27/06/19 14:04:40 netstat -anp | egrep -i 'est' | awk -F ':' '{print $4, $5, $8, $9}' 92 27/06/19 14:04:40 netstat -np 93 27/06/19 14:04:40 cd /srv/images/live/hotel/mikiNet/image/v1.0 94 27/06/19 14:04:40 find . -type d -user root ! -perm 777 95 27/06/19 14:04:40 ll -ld ./CN/26711 96 27/06/19 14:04:40 ll ./CN/26711 97 27/06/19 14:04:40 cd ./CN/26711 98 27/06/19 14:04:40 ll 99 27/06/19 14:04:40 cd 1/ 100 27/06/19 14:04:40 ll 101 27/06/19 14:04:40 cd .. 102 27/06/19 14:04:40 chown images:images ./CN/26711; 103 27/06/19 14:04:40 cd .. 104 27/06/19 14:04:40 chown images:images ./CN/26711; 105 27/06/19 14:04:40 ll -ld ./CN/26711 106 27/06/19 14:04:40 chmod 755 ./CN/26711 107 27/06/19 14:04:40 ll -ld ./CN/26711 108 27/06/19 14:04:40 cd /srv/images/live/hotel/mikiNet/image/v.10 109 27/06/19 14:04:40 cd /srv/images/live/hotel/mikiNet/image/v1.0 110 27/06/19 14:04:40 find . -type d -user root ! -perm 777 111 27/06/19 14:04:40 yum -y install packetbeat 112 27/06/19 14:04:40 cd /etc 113 27/06/19 14:04:40 cd yum.repos.d/ 114 27/06/19 14:04:40 ls 115 27/06/19 14:04:40 vi influxdb.repo 116 27/06/19 14:04:40 cd 117 27/06/19 14:04:40 wget https://artifacts.elastic.co/downloads/beats/packetbeat/packetbeat-6.3.0-x86_64.rpm 118 27/06/19 14:04:40 yum -y localinstall packetbeat-6.3.0-x86_64.rpm 119 27/06/19 14:04:40 df 120 27/06/19 14:04:40 cd /usr 121 27/06/19 14:04:40 du | sort -n 122 27/06/19 14:04:40 rm -f ./share/openscap 123 27/06/19 14:04:40 rm -fr ./share/openscap 124 27/06/19 14:04:40 cd 125 27/06/19 14:04:40 yum -y localinstall packetbeat-6.3.0-x86_64.rpm 126 27/06/19 14:04:40 ls /etc/packetbeat/ 127 27/06/19 14:04:40 ip a 128 27/06/19 14:04:40 systemctl restart packetbeat 129 27/06/19 14:04:40 service packetbeat restart 130 27/06/19 14:04:40 service packetbeat status 131 27/06/19 14:04:40 cd /etc 132 27/06/19 14:04:40 cd packetbeat/ 133 27/06/19 14:04:40 ls 134 27/06/19 14:04:40 gep log * 135 27/06/19 14:04:40 grep log * 136 27/06/19 14:04:40 cat /var/log/packetbeat 137 27/06/19 14:04:40 ssh 10.100.1.169 138 27/06/19 14:04:40 ip a 139 27/06/19 14:04:40 vi /etc/resolv.conf 140 27/06/19 14:04:40 df 141 27/06/19 14:04:40 yum -y update 142 27/06/19 14:04:40 df 143 27/06/19 14:04:40 yum -y update 144 27/06/19 14:04:40 cd /etc 145 27/06/19 14:04:40 cat named.conf 146 27/06/19 14:04:40 vi /etc/named/named.conf.local 147 27/06/19 14:04:40 vi /etc/named/zones/db.1.100.10 148 27/06/19 14:04:40 route 149 27/06/19 14:04:40 ssh 10.100.1.19 150 27/06/19 14:04:40 pwd 151 27/06/19 14:04:40 ls -ltr 152 27/06/19 14:04:40 less checkHotelNet.sh 153 27/06/19 14:04:40 ./checkHotelNet.sh 154 27/06/19 14:04:40 scp checkHotelNet.sh 10.100.1.19: 155 27/06/19 14:04:40 vi checkHotelNet.sh 156 27/06/19 14:04:40 df -h 157 27/06/19 14:04:40 df -i 158 27/06/19 14:04:40 vgdisplay 159 27/06/19 14:04:40 man lvextend 160 27/06/19 14:04:40 df -h /usr 161 27/06/19 14:04:40 df -i /usr 162 27/06/19 14:04:40 lvextend -L +2G /dev/mapper/VolGroup-lv_usr 163 27/06/19 14:04:40 df -i /usr 164 27/06/19 14:04:40 resize2fs /dev/mapper/VolGroup-lv_usr 165 27/06/19 14:04:40 df -h /usr 166 27/06/19 14:04:40 df -i /usr 167 27/06/19 14:04:40 man df 168 27/06/19 14:04:40 less /proc/diskstats 169 27/06/19 14:04:40 vmstat 2 5 170 27/06/19 14:04:40 iostat 2 5 171 27/06/19 14:04:40 netstat 172 27/06/19 14:04:40 netstat 2 5 173 27/06/19 14:04:40 df -k /usr 174 27/06/19 14:04:40 df -i /usr 175 27/06/19 14:04:40 man ba 176 27/06/19 14:04:40 man bc 177 27/06/19 14:04:40 echo "5095040 / 327680"|bc 178 27/06/19 14:04:40 less dmesg 179 27/06/19 14:04:40 dmesg 180 27/06/19 14:04:40 dmesg|less 181 27/06/19 14:04:40 ./checkHotelNet.sh 182 27/06/19 14:04:40 top 183 27/06/19 14:04:40 nmon 184 27/06/19 14:04:40 ps -ef|grep -i packetbeat 185 27/06/19 14:04:40 cd /etc/packetbeat/ 186 27/06/19 14:04:40 ll 187 27/06/19 14:04:40 less packetbeat.yml 188 27/06/19 14:04:40 netstat -nr 189 27/06/19 14:04:40 netstat -antp 190 27/06/19 14:04:40 netstat -antp | grep -v teleg 191 27/06/19 14:04:40 cd /etc 192 27/06/19 14:04:40 cd sysconfig 193 27/06/19 14:04:40 cd network-scripts 194 27/06/19 14:04:40 yum -y update 195 27/06/19 14:04:40 df -h 196 27/06/19 14:04:40 df -i 197 27/06/19 14:04:40 find /usr -xdev -printf '%h\n' | sort | uniq -c | sort -k 1 -n 198 27/06/19 14:04:40 rm -fr /usr/local/maldetect.bk31713/sess 199 27/06/19 14:04:40 rm -fr /usr/local/maldetect.bk3109/sess 200 27/06/19 14:04:40 yum -y update 201 27/06/19 14:04:40 crontab -l 202 27/06/19 14:04:40 rpm -qa | grep hunter 203 27/06/19 14:04:40 cat /root/rkhunter.sh 204 27/06/19 14:04:40 vi /root/rkhunter.sh 205 27/06/19 14:04:40 chmod 777 /root/rkhunter.sh 206 27/06/19 14:04:40 cat /root/rkhunter.sh 207 27/06/19 14:04:40 rpm -qa | grep maldet 208 27/06/19 14:04:40 cat /usr/local/maldetect/conf.maldet 209 27/06/19 14:04:40 scp /usr/local/maldetect/conf.maldet root@10.100.1.140:/usr/local/maldetect 210 27/06/19 14:04:40 crontab -l 211 27/06/19 14:04:40 cd /root/script 212 27/06/19 14:04:40 ls 213 27/06/19 14:04:40 scp *.sh root@10.100.1.72:/root/script 214 27/06/19 14:04:40 ip a 215 27/06/19 14:04:40 crontab -l 216 27/06/19 14:04:40 yum -y update 217 27/06/19 14:04:40 ntpstat 218 27/06/19 14:04:40 ntpq -p 219 27/06/19 14:04:40 ntpstat 220 27/06/19 14:04:40 echo $? 221 27/06/19 14:04:40 ntpq -p 222 27/06/19 14:04:40 ntpq -pn 223 27/06/19 14:04:40 timedatectl status 224 27/06/19 14:04:40 ntpdate -d 10.100.1.36 225 27/06/19 14:04:40 ntpq -p 226 27/06/19 14:04:40 ntpdate -d 10.100.1.36 227 27/06/19 14:04:40 yum -y update 228 27/06/19 14:04:40 cd /etc/sysconfig/network-scripts/ 229 27/06/19 14:04:40 ls -lart 230 27/06/19 14:04:40 vi route-bond0 231 27/06/19 14:04:40 ssh 10.100.1.113 232 27/06/19 14:04:40 ls -al /srv/images/live/hotel/mikiNet/image/v1.0/White_Label/global/css/print.css 233 27/06/19 14:04:40 less /srv/images/live/hotel/mikiNet/image/v1.0/White_Label/global/css/print.css 234 27/06/19 14:04:40 df 235 27/06/19 14:04:40 ps -ef | grep fileb 236 27/06/19 14:04:40 cd /var/log 237 27/06/19 14:04:40 ls -ltr 238 27/06/19 14:04:40 less filescans.log 239 27/06/19 14:04:40 less xfilescans.log 240 27/06/19 14:04:40 cat xferlog.4 241 27/06/19 14:04:40 less maillog 242 27/06/19 14:04:40 less messages 243 27/06/19 14:04:40 ls | grep http 244 27/06/19 14:04:40 cd httpd/ 245 27/06/19 14:04:40 ls 246 27/06/19 14:04:40 ls -ltr 247 27/06/19 14:04:40 less error_log 248 27/06/19 14:04:40 ls -al /var/www/html/live/hotel/mikiNet/image/v1.0/MA/17003/128/lr/rest.jpg 249 27/06/19 14:04:40 ls -al /var/www/html/live/hotel/mikiNet/image/v1.0/MA/17003/128/lr 250 27/06/19 14:04:40 ls -ltr 251 27/06/19 14:04:40 cat ssl_error_log 252 27/06/19 14:04:40 ls -ltr 253 27/06/19 14:04:40 less access_log 254 27/06/19 14:04:40 pwd 255 27/06/19 14:04:40 systemctl -l status filebeat 256 27/06/19 14:04:40 service status filebeat 257 27/06/19 14:04:40 service filebeat status 258 27/06/19 14:04:40 tail -f /var/log/filebeat/filebeat 259 27/06/19 14:04:40 vi /etc/filebeat/filebeat.yml 260 27/06/19 14:04:40 ls -ltr 261 27/06/19 14:04:40 tail error_log 262 27/06/19 14:04:40 tail -f /var/log/filebeat/filebeat 263 27/06/19 14:04:40 systemctl restart filebeat 264 27/06/19 14:04:40 service filebeat restart 265 27/06/19 14:04:40 tail -f /var/log/filebeat/filebeat 266 27/06/19 14:04:40 ls -ltr 267 27/06/19 14:04:40 less error_log 268 27/06/19 14:04:40 cd /var/log 269 27/06/19 14:04:40 ls -ltr 270 27/06/19 14:04:40 cat xferlog 271 27/06/19 14:04:40 pwd 272 27/06/19 14:04:40 service filebeat restart 273 27/06/19 14:04:40 pwd 274 27/06/19 14:04:40 grep vsftp messages 275 27/06/19 14:04:40 ./checkHotelNet.sh 276 27/06/19 14:04:40 yum -y update 277 27/06/19 14:04:40 df 278 27/06/19 14:04:40 history | grep ino 279 27/06/19 14:04:40 df -i /usr 280 27/06/19 14:04:40 for i in /usr*; do echo $i; find $i |wc -l; done 281 27/06/19 14:04:40 cd /usr 282 27/06/19 14:04:40 ls -ltr 283 27/06/19 14:04:40 rpm -qa | grep kern 284 27/06/19 14:04:40 du | sort -n 285 27/06/19 14:04:40 rm -fr ./local/maldetect.bk16141 286 27/06/19 14:04:40 rm -fr ./local/maldetect.bk28454 287 27/06/19 14:04:40 for i in /usr*; do echo $i; find $i |wc -l; done 288 27/06/19 14:04:40 rm -fr ./local/maldetect.bk12210 289 27/06/19 14:04:40 tyn -y update 290 27/06/19 14:04:40 yum -y update 291 27/06/19 14:04:40 systemctl show packetbeat 292 27/06/19 14:04:40 service packetbeat restart 293 27/06/19 14:04:40 service packetbeat status 294 27/06/19 14:04:40 service packetbeat start 295 27/06/19 14:04:40 service packetbeat status 296 27/06/19 14:04:40 tail -f /var/log/packetbeat/packetbeat 297 27/06/19 14:04:40 cd /etc 298 27/06/19 14:04:40 cd packetbeat/ 299 27/06/19 14:04:40 ls 300 27/06/19 14:04:40 vi packetbeat.yml 301 27/06/19 14:04:40 service packetbeat start 302 27/06/19 14:04:40 service packetbeat status 303 27/06/19 14:04:40 tail -f /var/log/packetbeat/packetbeat 304 27/06/19 14:04:40 df 305 27/06/19 14:04:40 ps ef | grep named 306 27/06/19 14:04:40 systemctl status named 307 27/06/19 14:04:40 service named status 308 27/06/19 14:04:40 cd /etc 309 27/06/19 14:04:40 cd named 310 27/06/19 14:04:40 ls 311 27/06/19 14:04:40 cd zones/ 312 27/06/19 14:04:40 ls 313 27/06/19 14:04:40 vi db.miki.co.uk 314 27/06/19 14:04:40 vi db.1.100.10 315 27/06/19 14:04:40 rndc reload 316 27/06/19 14:04:40 ip a 317 27/06/19 14:04:40 yum -y update 318 27/06/19 14:04:40 cd /etc 319 27/06/19 14:04:40 cd named 320 27/06/19 14:04:40 ls 321 27/06/19 14:04:40 cd zones/ 322 27/06/19 14:04:40 ls 323 27/06/19 14:04:40 vi db.miki.co.uk 324 27/06/19 14:04:40 rndc reload 325 27/06/19 14:04:40 cd /etc/named 326 27/06/19 14:04:40 ls 327 27/06/19 14:04:40 cd zones/ 328 27/06/19 14:04:40 ls 329 27/06/19 14:04:40 vi db.miki.co.uk 330 27/06/19 14:04:40 rndc reload 331 27/06/19 14:04:40 cd /etc/named 332 27/06/19 14:04:40 ls 333 27/06/19 14:04:40 cd zones/ 334 27/06/19 14:04:40 ls 335 27/06/19 14:04:40 vi db.miki.co.uk 336 27/06/19 14:04:40 ./checkHotelNet.sh 337 27/06/19 14:04:40 exit 338 27/06/19 14:04:40 ./checkHotelNet.sh 339 27/06/19 14:04:40 ll -ld /srv/images/live/hotel/mikiNet/image/v1.0/US/33941 340 27/06/19 14:04:40 chmod 755 /srv/images/live/hotel/mikiNet/image/v1.0/US/33941 341 27/06/19 14:04:40 chown images:images /srv/images/live/hotel/mikiNet/image/v1.0/US/33941 342 27/06/19 14:04:40 ll -ld /srv/images/live/hotel/mikiNet/image/v1.0/US/33941 343 27/06/19 14:04:40 ssh 10.100.1.10 344 27/06/19 14:04:40 ssh 10.100.1.19 345 27/06/19 14:04:40 df 346 27/06/19 14:04:40 /srv/images/live/hotel/mikiNet/image/v1.0/FR/34457/1/lr/un1111.jpg: HTML document text 347 27/06/19 14:04:40 file /srv/images/live/hotel/mikiNet/image/v1.0/FR/34457/1/lr/un1111.jpg 348 27/06/19 14:04:40 less /srv/images/live/hotel/mikiNet/image/v1.0/FR/34457/1/lr/un1111.jpg 349 27/06/19 14:04:40 ls -al /srv/images/live/hotel/mikiNet/image/v1.0/FR/34457/1/lr/un1111.jpg 350 27/06/19 14:04:40 netstat -antp 351 27/06/19 14:04:40 monit summary 352 27/06/19 14:04:40 cd /etc 353 27/06/19 14:04:40 cd monit.d 354 27/06/19 14:04:40 ls 355 27/06/19 14:04:40 cat ntp 356 27/06/19 14:04:40 cd /etc 357 27/06/19 14:04:40 ls | grep ntp 358 27/06/19 14:04:40 vi ntp.conf 359 27/06/19 14:04:40 ntpq -p 360 27/06/19 14:04:40 ntpstat 361 27/06/19 14:04:40 ntpq -pn 362 27/06/19 14:04:40 cd /etc 363 27/06/19 14:04:40 cd monit.d 364 27/06/19 14:04:40 ls 365 27/06/19 14:04:40 cp -p postfix-res02 monit-prlamlopsb01 366 27/06/19 14:04:40 vi monit-prlamlopsb01 367 27/06/19 14:04:40 systemctl restart monit 368 27/06/19 14:04:40 service monit restart 369 27/06/19 14:04:40 monit summary 370 27/06/19 14:04:40 cd /etc 371 27/06/19 14:04:40 cd monit.d 372 27/06/19 14:04:40 ls 373 27/06/19 14:04:40 cat monit-prlamlopsb01 374 27/06/19 14:04:40 netstat -antp | grep monit 375 27/06/19 14:04:40 yum -y update 376 27/06/19 14:04:40 vi checkHotelNet.sh 377 27/06/19 14:04:40 cat checkHotelNet.sh 378 27/06/19 14:04:40 cd /srv/images/live/hotel/mikiNet/image/v1.0 379 27/06/19 14:04:40 ls -ltr 380 27/06/19 14:04:40 rmdir testdir1 381 27/06/19 14:04:40 ls -ltr 382 27/06/19 14:04:40 cd - 383 27/06/19 14:04:40 ls -ltr 384 27/06/19 14:04:40 scp checkHotelNet.sh 10.100.1.19: 385 27/06/19 14:04:40 pwd 386 27/06/19 14:04:40 ll checkHotelNet.sh 387 27/06/19 14:04:40 crontab -e 388 27/06/19 14:04:40 vi checkHotelNet.sh 389 27/06/19 14:04:40 cd /srv/images/live/hotel/mikiNet/image/v1.0 390 27/06/19 14:04:40 ls -ltr 391 27/06/19 14:04:40 mkdir testdir123 testdir456 392 27/06/19 14:04:40 ls -ltr 393 27/06/19 14:04:40 cd - 394 27/06/19 14:04:40 ./checkHotelNet.sh 395 27/06/19 14:04:40 cd - 396 27/06/19 14:04:40 ls -ltr |tail 397 27/06/19 14:04:40 cd - 398 27/06/19 14:04:40 less /var/log/checkHotelNet.log 399 27/06/19 14:04:40 vi checkHotelNet.sh 400 27/06/19 14:04:40 cd - 401 27/06/19 14:04:40 mkdir testdir678 402 27/06/19 14:04:40 testdir 910 403 27/06/19 14:04:40 mkdir testdir910 404 27/06/19 14:04:40 ls -ltr 405 27/06/19 14:04:40 crontab -l 406 27/06/19 14:04:40 ps -ef|grep -i rsync 407 27/06/19 14:04:40 ls -ltr|tail 408 27/06/19 14:04:40 cd - 409 27/06/19 14:04:40 ls -ltr|tail 410 27/06/19 14:04:40 ~/checkHotelNet.sh 411 27/06/19 14:04:40 ls -ltr|tail 412 27/06/19 14:04:40 less /var/log/checkHotelNet.log 413 27/06/19 14:04:40 ls -ltr|tail 414 27/06/19 14:04:40 ~/checkHotelNet.sh 415 27/06/19 14:04:40 less /var/log/checkHotelNet.log 416 27/06/19 14:04:40 vi ~/checkHotelNet.sh 417 27/06/19 14:04:40 less /var/log/checkHotelNet.log 418 27/06/19 14:04:40 cd - 419 27/06/19 14:04:40 ls -ltr 420 27/06/19 14:04:40 rmdir testdir2 testdir1 testdir3 testdir 4 testdir456 testdir123 testdir678 testdir910 421 27/06/19 14:04:40 ls -ltr 422 27/06/19 14:04:40 cd - 423 27/06/19 14:04:40 ls -ltr 424 27/06/19 14:04:40 scp checkHotelNet.sh 10.100.1.19: 425 27/06/19 14:04:40 pwd 426 27/06/19 14:04:40 crontab -e 427 27/06/19 14:04:40 crontab -l 428 27/06/19 14:04:40 cd /etc/httpd/ 429 27/06/19 14:04:40 ls -ltr 430 27/06/19 14:04:40 cd conf 431 27/06/19 14:04:40 ls -ltr 432 27/06/19 14:04:40 less httpd.conf 433 27/06/19 14:04:40 systemctl start filebeat 434 27/06/19 14:04:40 service filebeat start 435 27/06/19 14:04:40 service filebeat status 436 05/11/18 09:54:34 .. 437 05/11/18 09:54:37 ls 438 05/11/18 09:55:08 cd static 439 05/11/18 09:55:09 ls 440 05/11/18 09:55:11 ls -ltr 441 05/11/18 09:56:19 cd imagedir_link 442 05/11/18 09:56:20 ls 443 05/11/18 09:56:31 ls -ltr 444 05/11/18 09:57:54 cd .. 445 05/11/18 09:57:55 ls 446 05/11/18 09:58:01 ls -ltr 447 05/11/18 09:58:25 cd /srv/images/live/ 448 05/11/18 09:58:26 ls 449 05/11/18 09:58:40 cd hotel 450 05/11/18 09:58:41 ls 451 05/11/18 09:58:45 cd . 452 05/11/18 09:58:48 cd /srv 453 05/11/18 09:58:49 ls 454 05/11/18 09:59:02 cd images/ 455 05/11/18 09:59:03 ls 456 05/11/18 09:59:16 cd live 457 05/11/18 09:59:17 ls 458 05/11/18 09:59:42 cd hotel 459 05/11/18 09:59:43 ls 460 05/11/18 09:59:46 cd mikiNet/ 461 05/11/18 09:59:47 ls 462 05/11/18 09:59:59 cd image 463 05/11/18 10:00:00 ls 464 05/11/18 10:00:03 ls -ltr 465 05/11/18 10:00:19 cd .. 466 05/11/18 10:00:20 ls 467 05/11/18 10:00:25 cd static_data/ 468 05/11/18 10:00:26 ls 469 05/11/18 10:00:31 cd v1.0/ 470 05/11/18 10:00:32 ls 471 05/11/18 10:00:51 exit 472 07/11/18 09:56:40 yum -y update 473 07/11/18 09:57:38 service filebeat restart 474 07/11/18 09:57:47 service packetbeat restart 475 07/11/18 09:57:57 service clamd restart 476 07/11/18 09:58:21 service clamd status 477 07/11/18 10:46:58 cd 478 07/11/18 10:47:12 vi phantom.sh 479 07/11/18 10:51:31 chmod 777 phantom.sh 480 07/11/18 10:51:37 ./phantom.sh 481 07/11/18 10:51:43 vi phantom.sh 482 07/11/18 10:54:46 ./phantom.sh 483 07/11/18 10:54:54 vi phantom.sh 484 07/11/18 11:23:31 ./phantom.sh 485 07/11/18 11:23:35 vi phantom.sh 486 07/11/18 11:24:41 ./phantom.sh 487 07/11/18 11:24:49 echo $? 488 07/11/18 11:29:21 cd /var/log 489 07/11/18 11:29:23 ls 490 07/11/18 11:29:30 ls -ltr 491 07/11/18 11:29:47 cat filescans.log 492 07/11/18 11:29:58 ls -ltr 493 07/11/18 11:30:11 cat xferlog 494 07/11/18 11:30:26 ls -ltr 495 07/11/18 11:30:54 cd clamav/ 496 07/11/18 11:30:57 ls 497 07/11/18 11:31:22 cat clamd.log 498 07/11/18 11:32:03 ls -ltr 499 07/11/18 11:32:08 cat clamd.log 500 07/11/18 11:32:14 ls -ltr 501 07/11/18 11:33:27 cat freshclam.log-20180325 502 07/11/18 11:34:38 crontab -l 503 07/11/18 11:35:05 cat /root/script/daily-scan.sh 504 07/11/18 11:35:48 cat /var/log/filescans.log 505 07/11/18 11:36:09 cat /root/script/daily-scan.sh 506 07/11/18 11:37:31 grep 'file scanning started' /var/log/filescans.log 507 07/11/18 11:37:49 cat /root/script/daily-scan.sh 508 07/11/18 11:38:41 ls /usr/local/maldetect/sess 509 07/11/18 11:38:58 ls -lt /usr/local/maldetect/sess 510 14/11/18 09:30:52 cd script/ 511 14/11/18 09:30:54 ls 512 14/11/18 09:31:12 cat rkhunter.sh 513 14/11/18 09:50:34 cd /etc 514 14/11/18 09:50:38 cd yum.repos.d/ 515 14/11/18 09:50:41 ls 516 14/11/18 09:51:17 cat epel.repo po 517 14/11/18 09:52:54 cat /etc/redhat-release 518 26/11/18 12:08:00 ps -ef | grep http 519 26/11/18 12:08:09 cd /var/log 520 26/11/18 12:08:12 cd httpd/ 521 26/11/18 12:08:15 ls -ltr 522 26/11/18 12:08:33 tail -f access_log 523 26/11/18 12:08:50 pwd 524 26/11/18 12:06:55 cd script/ 525 26/11/18 12:07:21 vi test.sh 526 26/11/18 12:12:21 chmpd +x test.sh 527 26/11/18 12:12:26 chmod +x test.sh 528 26/11/18 12:12:31 ./test.sh 529 26/11/18 12:14:33 vi test.sh 530 26/11/18 12:14:58 nohup ./test.sh & 531 26/11/18 12:15:58 nohup cat ./test.sh 532 26/11/18 12:16:06 cat test.sh 533 27/11/18 14:44:30 yum -y update 534 04/12/18 14:53:49 cd /var/log 535 04/12/18 14:53:54 cd httpd/ 536 04/12/18 14:53:55 ls 537 04/12/18 14:54:26 pwd 538 04/12/18 14:55:54 tail -f access_log 539 04/12/18 14:59:05 tail -F access_log | grep --line-buffered HTTP | grep GET | grep -v 'server-status' | grep ' [0-9][1-9][1-9] ' 540 04/12/18 14:59:41 tail -F access_log | grep --line-buffered HTTP | grep GET | grep -v 'server-status' | grep ' [0-9][0-9][0-9] ' 541 04/12/18 15:00:52 tail -F access_log | grep --line-buffered HTTP | grep GET | grep -v 'server-status' | grep ' [0-9][0-9][0-9] ' | awk '{print $9}' 542 04/12/18 15:01:15 tail -100 access_log | grep --line-buffered HTTP | grep GET | grep -v 'server-status' | grep ' [0-9][0-9][0-9] ' | awk '{print $9}' 543 04/12/18 15:18:25 cd 544 04/12/18 15:18:29 ls -ltr 545 04/12/18 15:19:13 cd /var/log/httpd 546 04/12/18 15:19:40 tail -100 access_log | grep --line-buffered HTTP | grep GET | grep -v 'server-status' | grep ' [0-9][0-9][0-9] ' | awk '{print $9}' 547 04/12/18 15:20:17 cat /root/imageres.txt 548 04/12/18 15:20:54 expr 549 04/12/18 15:20:58 expr 100 -90 550 04/12/18 15:21:03 expr 100 - 90 551 04/12/18 15:22:56 ls -ltr /root 552 04/12/18 15:26:26 tail -F access_log | grep --line-buffered HTTP | grep GET | grep -v 'server-status' | grep ' [0-9][0-9][0-9] ' | awk '{print $9}' 553 04/12/18 15:29:35 ls -ltr /root 554 04/12/18 15:30:10 tail -f /root/res01-HTTP-log.txt 555 04/12/18 15:31:27 ps -ef | grep http.sh 556 04/12/18 15:31:45 lsof -f /root/res01-HTTP-log.txt 557 04/12/18 15:31:51 lsof /root/res01-HTTP-log.txt 558 04/12/18 15:31:56 tail -f /root/res01-HTTP-log.txt 559 04/12/18 15:32:30 rm -f /root/res01-HTTP-log.txt 560 04/12/18 15:32:32 tail -f /root/res01-HTTP-log.txt 561 04/12/18 15:32:56 lsof /root/res01-HTTP-log.txt 562 04/12/18 15:33:19 kill -9 5307 563 04/12/18 15:33:21 lsof /root/res01-HTTP-log.txt 564 04/12/18 15:34:42 ls -ltr /root 565 04/12/18 15:35:11 cat /root/res-count.txt 566 04/12/18 15:37:42 tail -F access_log | grep --line-buffered HTTP | grep GET | grep -v 'server-status' | grep ' [0-9][0-9][0-9] ' | awk '{print $9}' 567 04/12/18 15:40:23 ps ef | grep tail 568 04/12/18 15:40:29 ps -ef | grep tail 569 04/12/18 15:40:57 ps -ef | grep tail | awk '{print $2}' 570 04/12/18 15:41:06 ps -ef | grep tail | awk '{print $2}' | while read LINE; do kill -9 $LINE; done 571 04/12/18 15:41:26 ps -ef | grep tail 572 04/12/18 15:41:58 ps -ef 573 04/12/18 15:42:28 ps -ef | grep tail 574 04/12/18 15:42:40 cat /root/res-count.txt 575 04/12/18 15:43:03 ls -ltr /root 576 04/12/18 15:43:25 ps -ef | grep res01 577 04/12/18 15:43:36 ls -ltr /root 578 04/12/18 15:50:39 tail -F access_log | grep GET | grep -v 'server-status' | grep ' [0-9][0-9][0-9] ' | awk '{print $9}' 579 04/12/18 15:51:06 tail -f access_log | grep GET | grep -v 'server-status' | grep ' [0-9][0-9][0-9] ' | awk '{print $9}' 580 04/12/18 15:51:39 tail -f access_log 581 04/12/18 15:52:00 tail -f access_log | grep GET 582 04/12/18 15:53:17 ps -ef | grep tail 583 04/12/18 15:53:34 ps -ef | grep tail | awk '{print $2}' | while read LINE; do kill -9 $LINE; done 584 04/12/18 15:53:37 ps -ef | grep tail 585 04/12/18 15:55:39 df 586 04/12/18 14:26:27 cd /etc 587 04/12/18 14:26:31 cd yum.repos.d/ 588 04/12/18 14:26:33 ls 589 04/12/18 14:27:30 vi centos7.repo 590 04/12/18 14:27:59 vi epel7.repo 591 04/12/18 14:28:36 yum -y update 592 04/12/18 14:30:53 cat /etc/redhat-release 593 04/12/18 14:30:57 ls 594 04/12/18 14:31:09 vi centos7.repo 595 04/12/18 14:31:42 mv centos7.repo centos6.repo 596 04/12/18 14:31:58 mv epel7.repo epel6.repo 597 04/12/18 14:32:05 vi epel6.repo 598 04/12/18 14:32:24 yum clean all 599 04/12/18 14:32:42 rm -f /var/run/yum.pid 600 04/12/18 14:32:48 ps -ef | grep yum 601 04/12/18 14:33:05 kill -9 6349 6349 602 04/12/18 14:33:08 yum clean all 603 04/12/18 14:33:15 yum -y update 604 04/12/18 14:47:20 ps -ef | grep http 605 04/12/18 14:47:33 service httpd status 606 04/12/18 14:47:40 service httpd restart 607 04/12/18 14:47:45 service httpd status 608 04/12/18 14:47:52 cd /var/log 609 04/12/18 14:47:55 cd httpd/ 610 04/12/18 14:47:59 ls -ltr 611 04/12/18 14:48:12 tail -f access_log 612 04/12/18 14:48:58 ls -ltr 613 04/12/18 14:49:12 tail -f error_log 614 04/12/18 14:51:40 cd 615 04/12/18 14:51:55 df 616 04/12/18 14:52:08 df -h 617 04/12/18 14:52:32 cd /srv 618 04/12/18 14:52:39 vi http.sh 619 04/12/18 15:14:00 chmod 777 http.sh 620 04/12/18 15:14:06 ./http.sh 621 04/12/18 15:14:16 vi http.sh 622 04/12/18 15:15:34 ./http.sh 623 04/12/18 15:16:32 vi http.sh 624 04/12/18 15:17:12 ./http.sh 625 04/12/18 15:18:51 vi http.sh 626 04/12/18 15:21:54 ./http.sh 627 04/12/18 15:25:44 vi http.sh 628 04/12/18 15:27:21 ./http.sh 629 04/12/18 15:30:35 vi http.sh 630 04/12/18 15:33:53 ./http.sh 631 04/12/18 15:35:31 vi http.sh 632 04/12/18 15:39:21 ./http.sh 633 04/12/18 15:39:47 vi http.sh 634 04/12/18 15:40:05 ./http.sh 635 04/12/18 15:44:35 vi http.sh 636 04/12/18 15:46:30 ./http.sh 637 04/12/18 15:49:24 vi http.sh 638 04/12/18 15:50:08 ./http.sh 639 05/12/18 15:25:52 crontab -l 640 05/12/18 15:26:37 cat /root/script/backupToSTORAGESVR.sh 641 05/12/18 15:27:17 ls -al /var/log/script/bkupToSTORAGESVRSync-backuplog.txt 642 05/12/18 15:27:30 tail /var/log/script/bkupToSTORAGESVRSync-backuplog.txt 643 05/12/18 15:27:58 tail -100 /var/log/script/bkupToSTORAGESVRSync-backuplog.txt 644 07/12/18 10:15:39 yum -y update 645 07/12/18 10:16:05 cd /etc 646 07/12/18 10:16:09 cd yum.repos.d/ 647 07/12/18 10:16:11 ls 648 07/12/18 10:16:29 grep cdn.redhat.com * 649 07/12/18 10:16:46 mv redhat.repo /root 650 07/12/18 10:16:52 yum -y update 651 07/12/18 10:18:05 df 652 07/12/18 10:18:22 du + / 653 07/12/18 10:18:34 du + / | sort -n 654 07/12/18 10:19:15 du -x / | sort -n 655 07/12/18 10:19:33 cd 656 07/12/18 10:19:35 pwd 657 07/12/18 10:19:39 ls -ltr 658 07/12/18 10:20:04 rm -f phantomjs-1.9.8-linux-x86_64.tar 659 07/12/18 10:20:08 ls -ltr 660 07/12/18 10:20:28 du | sort -n 661 07/12/18 10:20:46 ls -al ./Maildir/new 662 07/12/18 10:21:07 rm -f ./Maildir/new/*.RES01 663 07/12/18 10:21:52 df 664 07/12/18 10:54:29 rpm -e packetbeat 665 07/12/18 10:54:46 ps -ef | grep packet 666 07/12/18 10:54:58 kill -9 13642 667 07/12/18 10:55:03 ps -ef | grep packet 668 07/12/18 13:29:22 cd /etc/filebeat/ 669 07/12/18 13:29:25 ls 670 07/12/18 13:29:35 vi filebeat.yml 671 07/12/18 13:30:39 tail -f /var/log/filebeat/filebeat 672 07/12/18 13:59:53 ps -ef | grep ftp 673 07/12/18 14:00:24 vi /etc/vsftpd/vsftpd.conf 674 07/12/18 14:01:37 tail /var/log/vsftpd.log 675 07/12/18 14:01:53 ls -al /var/log 676 07/12/18 14:02:47 ls -ltr /var/log 677 07/12/18 14:03:33 cat /var/log/xferlog 678 07/12/18 14:04:52 ls -al /srv/images/live/client/mikiNet/logo/YLE043.gif 679 07/12/18 14:05:49 ls -al /srv/images/live/hotel/mikiNet/image/v1.0/CZ/33014/844/lr/miki_twin_red_03_2018.jpg 680 07/12/18 14:50:32 ls -al /var/log/xferlog 681 07/12/18 14:50:35 ls -al /var/log/xferlog* 682 07/12/18 14:51:55 tail -f /var/log/filebeat/filebeat 683 07/12/18 14:53:25 ls -ltr /var/log 684 07/12/18 14:53:51 cat /var/log/phantomjs.log 685 07/12/18 14:54:10 cat /var/log/phantomjs.log | grep status 686 07/12/18 14:54:23 ls -ltr /var/log 687 07/12/18 14:54:45 cat /var/log/filescans.log 688 07/12/18 14:55:17 ls -ltr /var/log 689 07/12/18 14:55:52 cat /var/log/maillog 690 18/12/18 13:32:51 crontab -l 691 18/12/18 13:36:07 yum -y update 692 18/12/18 13:37:27 ip a 693 18/12/18 13:38:51 cd /var/log 694 18/12/18 13:38:53 cd httpd/ 695 18/12/18 13:38:57 ls -ltr 696 18/12/18 13:39:08 cat access_log 697 31/12/18 14:25:10 yum -y update 698 31/12/18 14:25:37 cd /etc 699 31/12/18 14:25:44 vi yum.conf 700 31/12/18 14:26:04 yum -y update 701 31/12/18 14:26:14 df 702 10/01/19 09:08:42 cd script/ 703 10/01/19 09:11:37 vi test.sh 704 10/01/19 09:19:12 ls /tmp 705 10/01/19 09:19:22 cat netflow.sh 706 10/01/19 09:19:48 cat /root/netstat.txt 707 10/01/19 09:23:04 netstat -antp | grep -v '127.0.0.1' | grep -v LISTEN | grep '[0-9][0-9]\.' | sed 's/:/ /g' | awk '{print $4, $5, $6, $8, $7}' 708 10/01/19 09:32:06 netstat -antp | grep -v '127.0.0.1' | grep -v LISTEN | 709 10/01/19 09:33:06 netstat -antp | grep -v '127.0.0.1' | grep -v LISTEN | sed 's/::ffff://g' | grep '[0-9][0-9]\.' | sed 's/:/ /g' | awk '{print $4, $5, $6, $8, $7}' 710 10/01/19 09:36:22 ls -ltr /root 711 10/01/19 09:36:51 ls -ltr /root/nets* 712 10/01/19 09:40:01 vi netflow.sh 713 10/01/19 09:03:46 ps -ef | grep res01 714 10/01/19 09:04:48 cd script/ 715 10/01/19 09:05:02 grep res01 *.sh 716 10/01/19 09:05:10 vi test.sh 717 10/01/19 09:05:40 ./test.sh 718 10/01/19 09:13:23 nohup ./test.sh & 719 10/01/19 09:15:01 vi netflow.sh 720 10/01/19 09:15:56 chmod +x netflow.sh 721 10/01/19 09:16:03 ./netflow.sh 722 10/01/19 09:16:27 vi netflow.sh 723 10/01/19 09:16:33 ./netflow.sh 724 10/01/19 09:22:35 vi ./netflow.sh 725 10/01/19 09:34:34 ./netflow.sh 726 10/01/19 09:39:10 vi ./netflow.sh 727 10/01/19 09:39:34 nohup ./netflow.sh & 728 10/01/19 09:40:28 cat netflow.sh 729 10/01/19 09:48:46 ps -ef | grep netstat 730 10/01/19 09:48:50 ps -ef | grep netf 731 10/01/19 09:49:03 kill -9 28447 732 10/01/19 10:14:40 cd script/ 733 10/01/19 10:14:43 ls -ltr 734 10/01/19 10:14:56 ls -ltr /root/net* 735 10/01/19 09:50:31 cd script/ 736 10/01/19 09:50:36 cat netflow.sh 737 10/01/19 09:51:02 netstat -antp | grep -v '127.0.0.1' | grep -v LISTEN | sed 's/::ffff://g' | grep '[0-9][0-9]\.' | sed 's/:/ /g' | awk '{print $4, $5, $6, $8, $7}' 738 10/01/19 09:52:53 vi netflow.sh 739 10/01/19 09:53:11 ./netflow.sh 740 10/01/19 09:59:46 vi netflow.sh 741 10/01/19 10:01:48 ./netflow.sh 742 10/01/19 10:07:54 vi ./netflow.sh 743 10/01/19 10:08:18 ./netflow.sh 744 10/01/19 10:21:06 cat /root/netstat.txt 745 10/01/19 10:40:33 vi netflow.sh 746 10/01/19 10:41:39 ./netflow.sh 747 10/01/19 10:43:22 ps -ef | grep netfl 748 10/01/19 10:43:32 kill -9 28645 749 10/01/19 10:43:35 ps -ef | grep netfl 750 10/01/19 10:43:39 ./netflow.sh 751 10/01/19 13:44:00 ps -ef | grep netfl 752 10/01/19 13:44:10 nohup ./netflow.sh & 753 11/01/19 16:57:41 netstat -antp 754 11/01/19 16:59:12 cd 755 11/01/19 16:59:15 cd script/ 756 11/01/19 16:59:24 cat netflow.sh 757 11/01/19 17:00:10 vi netflow.sh 758 11/01/19 17:01:53 cat netflow.sh 759 11/01/19 17:04:09 vi netflow.sh 760 11/01/19 17:04:32 ps -ef | grep netflow.sh 761 11/01/19 17:04:43 kill -9 31956 762 11/01/19 17:04:44 ps -ef | grep netflow.sh 763 11/01/19 17:05:00 nohup ./netflow.sh & 764 16/01/19 02:34:26 df -h 765 16/01/19 02:34:47 du -sm *|sort -n 766 16/01/19 02:35:02 du -sm /*|sort -n 767 16/01/19 10:30:35 exit 768 16/01/19 13:59:02 cd script/ 769 16/01/19 13:59:06 ls -lrt 770 16/01/19 13:59:19 vi netflow.sh 771 16/01/19 14:00:26 ps -ef | grep netflow.sh 772 16/01/19 14:01:06 kill -9 20459 773 16/01/19 14:01:07 ps -ef | grep netflow.sh 774 16/01/19 14:01:23 nohup ./netflow.sh & 775 16/01/19 14:01:32 cat netflow.sh 776 16/01/19 17:25:59 cd /etc 777 16/01/19 17:26:05 ls *.conf 778 16/01/19 17:26:25 cat rsyslog.conf 779 29/01/19 08:58:59 yum -y update 780 29/01/19 08:59:16 fg 781 29/01/19 08:59:18 df 782 29/01/19 15:15:32 yum -y install openscap-scanner scap-security-guide scap-workbench 783 29/01/19 15:16:00 cd 784 29/01/19 15:16:03 cd script/ 785 29/01/19 15:16:10 vi scan.sh 786 29/01/19 15:18:07 ls /usr/share/xml/scap/ssg/content/ssg-centos6-ds.xm 787 29/01/19 15:18:12 ls /usr/share/xml/scap/ssg/content 788 29/01/19 15:18:47 vi scan.sh 789 29/01/19 15:19:49 scap-workbench 790 29/01/19 15:20:19 ls /usr/share/xml/scap/ssg/content 791 04/02/19 10:28:50 yum -y update 792 15/02/19 09:50:51 df -h 793 18/02/19 10:53:39 yum -y update 794 18/02/19 10:54:13 cat /proc/cpuinfo 795 18/02/19 10:54:36 cat /proc/meminfo 796 18/02/19 10:55:10 fdisk -l 797 20/02/19 15:07:34 cd ~mbadley 798 20/02/19 15:07:54 rpm -ivh netwatch-1.0c-1.el7.rf.x86_64.rpm 799 20/02/19 15:08:13 yum -y localinstall netwatch-1.0c-1.el7.rf.x86_64.rpm 800 20/02/19 15:08:52 cat /etc/redhat-release 801 20/02/19 15:09:09 wget http://ftp.tu-chemnitz.de/pub/linux/dag/redhat/el6/en/i386/rpmforge/RPMS/netwatch-1.0c-1.el6.rf.i686.rpm 802 20/02/19 15:09:32 yum -y localinstall netwatch-1.0c-1.el6.rf.i686.rpm 803 20/02/19 15:09:45 man netwatch 804 20/02/19 15:09:58 ip a 805 20/02/19 15:10:16 netwatch -e bond0 806 20/02/19 15:22:24 cat /proc/cpuinfo 807 20/02/19 15:22:30 df -h 808 20/02/19 15:22:43 cat /proc/meminfo 809 20/02/19 15:25:51 ps -ef | grep http 810 20/02/19 15:25:57 cd /var/log 811 20/02/19 15:26:03 cd httpd/ 812 20/02/19 15:26:06 ls 813 20/02/19 15:26:10 ls -ltr 814 20/02/19 15:26:23 tail access_log 815 20/02/19 15:27:30 grep '20/Feb/2019:1[4-9]' access_log 816 20/02/19 15:27:38 grep '20/Feb/2019:1[4-9]' access_log | wc -l 817 20/02/19 15:28:37 df -h 818 20/02/19 15:53:47 df 819 20/02/19 15:55:04 yum -y update 820 02/05/19 09:05:03 df -h 821 02/05/19 09:05:09 yum -y update 822 02/05/19 09:05:30 df -i 823 02/05/19 09:05:37 cd /usr 824 02/05/19 09:05:40 ls 825 02/05/19 09:05:50 du | sort -n 826 02/05/19 09:06:14 ls -al ./local/maldetect.bk14299 827 02/05/19 09:06:27 rm -fr ./local/maldetect.bk14299 828 02/05/19 09:15:39 cd ./local/maldetect.bk14299 829 02/05/19 09:15:41 ls 830 02/05/19 09:15:54 crontab -l 831 02/05/19 09:16:15 cat /root/script/daily-scan.sh 832 02/05/19 09:16:36 crontab -e 833 02/05/19 09:16:55 yum -y update 834 02/05/19 09:17:50 cd 835 02/05/19 09:17:56 rm -fr ./local/maldetect.bk14299 836 02/05/19 09:18:01 df -i 837 02/05/19 09:18:18 df -icd /usr 838 02/05/19 09:18:23 cd /usr 839 02/05/19 09:18:32 du | sort -n 840 02/05/19 09:18:50 rm -fr ./local/maldetect.bk14299 841 02/05/19 09:22:16 df 842 02/05/19 09:22:28 rm -fr ./local/maldetect.bk15749 843 02/05/19 09:23:58 df 844 02/05/19 09:24:07 rpm -qa | grep mald 845 02/05/19 09:24:24 yum -y upate 846 02/05/19 09:24:32 yum -y update 847 02/05/19 09:24:35 df 848 02/05/19 09:25:13 ls -al /srv/images/live/hotel/mikiNet/image/v1.0/IT/7135/3501/lr/cmd.php 849 02/05/19 09:25:30 less /srv/images/live/hotel/mikiNet/image/v1.0/IT/7135/3501/lr/cmd.php 850 02/05/19 09:25:53 cd /var/log 851 02/05/19 09:25:56 ls -ltr 852 02/05/19 09:26:24 ps -ef | grep http 853 02/05/19 09:26:35 cd /etc 854 02/05/19 09:26:42 cd httpd/ 855 02/05/19 09:26:44 ls 856 02/05/19 09:26:52 cd logs 857 02/05/19 09:26:55 ls -ltr 858 02/05/19 09:27:09 cat error_log 859 02/05/19 09:27:45 cat error_log | wc -l 860 02/05/19 09:27:55 less error_log 861 02/05/19 09:28:25 cd ../conf 862 02/05/19 09:28:32 grep -r mald * 863 02/05/19 09:28:38 grep -r mal * 864 02/05/19 09:28:55 cd ../conf.d 865 02/05/19 09:28:56 ls 866 02/05/19 09:29:06 grep -r mal * 867 02/05/19 09:30:52 cd ../logs/ 868 02/05/19 09:30:55 ls -ltr 869 02/05/19 09:31:06 tail -f access_log 870 02/05/19 09:31:49 ls -ltr 871 02/05/19 09:32:00 tail -f error_log 872 02/05/19 09:33:35 crontab -l 873 02/05/19 09:33:57 cat /root/checkHotelNet.sh 874 02/05/19 10:05:32 ls -al /var/www/html/live/hotel/mikiNet/image/v1.0/AU/67001/100/lr/3lobby.jpg 875 02/05/19 10:05:37 ls -al /var/www/html/live/hotel/mikiNet/image/v1.0/AU/67001/100/lr 876 02/05/19 10:06:41 ls -al /var/www/html/live/hotel/mikiNet/image/v1.0/AU/14322/101/lr/7cf.jpg 877 02/05/19 10:06:44 ls -al /var/www/html/live/hotel/mikiNet/image/v1.0/AU/14322/101/lr 878 02/05/19 10:07:55 crontab -l 879 02/05/19 10:08:12 /root/script/backupToSTORAGESVR.sh 880 02/05/19 10:12:03 vi /root/script/backupToSTORAGESVR.sh 881 02/05/19 10:12:40 tail /var/log/script/bkupToSTORAGESVRSync-backuplog.txt 882 02/05/19 10:12:58 ls -ash /var/log/script/bkupToSTORAGESVRSync-backuplog.txt 883 02/05/19 10:13:06 less /var/log/script/bkupToSTORAGESVRSync-backuplog.txt 884 02/05/19 10:13:20 df 885 02/05/19 10:13:33 df -h 886 16/05/19 16:23:41 yum -y update 887 16/05/19 16:23:55 cd /usr 888 16/05/19 16:24:01 crontab -l 889 16/05/19 16:24:19 du | sort -n 890 16/05/19 16:24:45 rm -fr ./local/maldetect.bk24686/sess 891 16/05/19 16:25:53 df 892 16/05/19 16:25:58 yum -y update 893 16/05/19 16:27:12 rpm -qa | grep valg 894 16/05/19 16:27:27 rpm -e valgrind 895 16/05/19 16:27:41 rm -fr ./local/maldetect.bk24686/sess 896 16/05/19 16:30:11 crontab -l 897 17/05/19 15:57:39 phantomjs netsniff.js https://www.mikinet.co.uk 898 21/05/19 13:50:40 df -h 899 21/05/19 13:50:50 cd /srv 900 21/05/19 13:51:03 cd ./WASBINARIES_EBZService 901 21/05/19 13:51:14 crontab -l 902 21/05/19 14:07:32 df -h 903 21/05/19 14:08:09 cd /srv 904 21/05/19 14:08:44 du | sort -n | egrep -i 'old|bak|backup' 905 21/05/19 14:14:04 df -h 906 21/05/19 14:16:15 lspci 907 21/05/19 14:16:26 lshw 908 21/05/19 14:16:32 dmidecode 909 21/05/19 14:18:25 du | sort -n | egrep -i 'old|bak|backup' 910 21/05/19 14:19:54 cd ./images/live/hotel/mikiNet/ImageBackup 911 21/05/19 14:19:58 du -sh 912 21/05/19 14:22:37 ls -ald ./images/live/hotel/mikiNet/ImageBackup 913 21/05/19 14:22:52 ls -ald /srv/images/live/hotel/mikiNet/ImageBackup 914 21/05/19 14:24:35 ls -lt 915 21/05/19 14:24:40 cd v1.0/ 916 21/05/19 14:24:42 ls -lt 917 21/05/19 14:24:50 pwd 918 21/05/19 14:35:53 crontab -e 919 21/05/19 14:36:20 cd /srv/images/live/hotel/mikiNet 920 21/05/19 14:36:23 ls -al 921 21/05/19 14:36:38 rm -fr ImageBackup 922 21/05/19 14:43:38 df -k 923 21/05/19 14:43:41 df -h 924 21/05/19 14:43:52 ls ImageBackup 925 21/05/19 14:43:57 ls ImageBackup/v1.0/ 926 21/05/19 14:44:03 rm -fr ImageBackup 927 21/05/19 14:47:21 ls ImageBackup/v1.0/ 928 21/05/19 14:47:27 rm -fr ImageBackup 929 21/05/19 14:48:50 ls ImageBackup/v1.0/ 930 21/05/19 14:48:52 rm -fr ImageBackup 931 21/05/19 14:53:56 df -h 932 21/05/19 14:54:01 df 933 21/05/19 14:54:04 rm -fr ImageBackup 934 21/05/19 14:54:27 df 935 21/05/19 14:54:38 rm -fr ImageBackup 936 21/05/19 15:00:07 df 937 21/05/19 15:00:25 rm -fr ImageBackup 938 21/05/19 15:03:38 pwd 939 21/05/19 15:03:42 ls 940 21/05/19 15:03:49 crontab -e 941 21/05/19 15:05:16 cd /srv/images/live/hotel/mikiNet/ 942 21/05/19 15:05:28 rm -fr ImageBackup 943 21/05/19 15:09:56 df -h 944 21/05/19 15:10:11 ls ImageBackup 945 21/05/19 15:10:14 ls ImageBackup/v1.0/ 946 21/05/19 15:10:22 ls ImageBackup/v1.0/KH/ 947 21/05/19 15:10:29 rm -fr ImageBackup/v1.0/KH/ 948 21/05/19 15:10:35 rm -fr ImageBackup/v1.0/HO 949 21/05/19 15:10:39 rm -fr ImageBackup 950 21/05/19 15:11:05 lsof ImageBackup 951 21/05/19 15:11:13 man lsof 952 21/05/19 15:12:09 crontab -e 953 21/05/19 15:12:18 crontab -l 954 21/05/19 15:12:27 /root/script/backupToSTORAGESVR.sh 955 21/05/19 15:13:02 crontab -e 956 21/05/19 15:13:11 rm -fr ImageBackup 957 21/05/19 15:13:47 ls ImageBackup/v1.0/null/20252 958 21/05/19 15:13:52 ls -al ImageBackup/v1.0/null/20252 959 21/05/19 15:14:01 rm -fr ImageBackup/v1.0/null/20252 960 21/05/19 15:14:21 ls -al ImageBackup/v1.0/null 961 21/05/19 15:14:33 rm -fr ImageBackup/v1.0/null 962 21/05/19 15:14:50 rm -fr ImageBackup 963 21/05/19 15:25:34 cd ImageBackup 964 21/05/19 15:25:41 du | sort -n 965 21/05/19 15:25:57 rm -fr ./v1.0/TH 966 21/05/19 15:29:12 rm -fr ./v1.0/IT 967 21/05/19 15:30:11 crontab -e 968 21/05/19 15:30:18 crontab -l 969 21/05/19 15:30:26 /root/script/backupToSTORAGESVR.sh 970 21/05/19 15:33:56 cd /var/www 971 21/05/19 15:33:59 cd html 972 21/05/19 15:34:04 cd logs 973 21/05/19 15:34:11 ls -al 974 21/05/19 15:34:29 pwd 975 21/05/19 15:34:37 ps -ef | grep http 976 21/05/19 15:34:49 cd /etc/httpd/ 977 21/05/19 15:34:54 cd logs/ 978 21/05/19 15:34:59 ls -lrt 979 21/05/19 15:35:25 less error_log-20190521 980 21/05/19 15:37:37 tail -f error_log 981 21/05/19 15:38:24 tail -f access_log 982 29/05/19 11:07:00 exit 983 29/05/19 11:07:12 cd /opt/iAM/product/ 984 29/05/19 11:07:13 ls -ltr 985 29/05/19 11:07:18 vi iAM_startup 986 29/05/19 11:07:38 ./iAM_shutdown 987 29/05/19 11:07:43 ./iAM_startup 988 29/05/19 11:07:49 ps -ef |grep iAM 989 29/05/19 11:08:00 tail iAM_startup 990 29/05/19 13:51:34 ps -ef |grep iAM 991 29/05/19 13:51:38 iAM -v 992 29/05/19 13:51:41 exit 993 29/05/19 11:06:58 sudo su - 994 29/05/19 11:07:03 sudo -s 995 29/05/19 13:51:43 exit 996 30/05/19 09:01:22 yum -y update 997 30/05/19 09:01:31 cd /usr 998 30/05/19 09:01:37 du | sort -n 999 30/05/19 09:01:58 rm -fr ./local/maldetect.bk14299 1000 21/06/19 14:34:23 service filebeat stop 1001 27/06/19 14:04:49 history 1002 27/06/19 14:05:35 netwatch -e bond0 1003 27/06/19 14:05:56 history | grep netwatch 1004 27/06/19 14:09:03 cd 1005 27/06/19 14:09:13 history > history.txt