Windows Subsystem For Linux Reset

Related: Is there a way of installing Windows Subsystem for Linux on Win10 (v1709) without using the Store?

When installing a WSL distribution outside of the Microsoft Store (for example on a restricted network, see linked), many of the standard means of interacting with that distribution are not available. In my example, when I go through Settings > Apps and Features, the distro is not shown in the list and the management features are not available. If I get my manually installed linux instance into a bad state, what is the correct way to reset it and bring it back to a fresh install?

What should I use to determine the growth rate at which files are growing in Linux? [on hold]

I want to know the size of the files that are growing abnormally in my Linux environment.

For example, I have two files, file1 and file2.

Now if I know the space occupied by file1 is growing at 1MB per minute and for file2 it is at 10MB per minute.

Now if all of a sudden there is a shoot in growth rate occupied by file1 from 1MB/min to 1000MB/min, I need to catch this.

What is the best way this can be achieved?

I also don’t know the way to calculate the initial rate at which the files are growing, what should be used to do that.

Should I be looking at this as ML problem, which learns the rate at which file is growing and catches it if it deviates from normal behavior or this can be worked out using df/du command and running some kind of cron job?

Also, the number of files can be large.

Как работать с прерываниями с последовательным портом в Linux?

Нужно написать модуль ядра который выдает сообщение когда данные с последовательного порта ушли, а также выдавать сообщение, когда данные пришли. Нужно использовать прерывания так, как возможны разные интерфейсы передачи и, чтоб код ровно работал, нужно использовать прерывания. Сразу хочу оговорится обмен пакетами чтобы узнать пришли данные или нет мне ненужен нужна имена работа с прерываниями или похожая операция. Вот то, что я пытаюсь использовать для написания модуля

#include <linux/module.h> #include <linux/interrupt.h>  MODULE_LICENSE( "GPL v2" ); #define SHARED_IRQ 1 #define MAX_SHARED 9 #define NAME_SUFFIX "serial_" #define NAME_LEN   10 static int irq = SHARED_IRQ, num = 2;  module_param( irq, int, 0 ); module_param( num, int, 0 );   static irqreturn_t handler( int irq, void *id ) {    cycles_t cycles = get_cycles();    printk( KERN_INFO "%010lld : irq=%d - handler #%d\n", cycles, irq, (int)id );    return IRQ_NONE; }  static char dev[ MAX_SHARED ][ NAME_LEN ];  int init_module( void ) {    int i;    if( num > MAX_SHARED ) num = MAX_SHARED;    for( i = 0; i < num; i++ ) {       sprintf( dev[ i ], "serial_%02d", i + 1 );       if( request_irq( irq, handler, IRQF_SHARED, dev[ i ], (void*)( i + 1 ) ) ) return -1;    }    return 0; }  void cleanup_module( void ) {    int i;    for( i = 0; i < num; i++ ) {       synchronize_irq( irq );       free_irq( irq, (void*)( i + 1 ) );    } } 

Multipath routing with linux kernel 4.19

I have the following two devices tun-1 and tun-2. They have the same ip address 21.2.0.3 and the same gateway 21.2.0.1 (each gateway points to a different device/VM, they just happen to have the same IP). I am trying to set up a ECMP(equal cost multipath) so that the forwarded request can be sent out randomly from any of the tun devices.

The below command works in the kernel 4.4 with ip tool iproute2-ss130716, but it fails with RTNETLINK answers error in the kernel 4.19 with ip tool iproute2-ss170501.

$  ip route add default \     nexthop via 21.2.0.3 dev tun-1 weight 1 \     nexthop via 21.2.0.3 dev tun-2 weight 1 RTNETLINK answers: Invalid argument  
21.2.0.0/24 dev tun-1 proto kernel scope link src 21.2.0.3  21.2.0.0/24 dev tun-2 proto kernel scope link src 21.2.0.3  

I want to use kernel 4.19 so that I can use the L4 hash for the ECMP setup.

I wonder what the problem it is, and how to fix it? Is it just the ip tool version issue or it is kernel issue?

Honeypot for Linux user

Let’s consider the following scenario: You have a web -facing server, which runs software e.g. apache2 on separate Linux user www-data. An attacker finds a vulnerability and gets a remote shell on your system with privileges of www-data user.

Is it possible to have honeypot on commands run by the www-data user? For example, let’s assume that apache2 or any other process run by www-data, never runs ls command to list directory (it would most likely use other API provided by the system, rather than start new process parse output etc). Is it possible to set-up a honeypot on such command? For example, log the commands in sys.log, or add an entry to a database with only INSERT permission?

The command should still run normally on other users (or specified) accounts, without triggering the log event.

If such honeypot is possible, how could one be set up? Is there any reasons why such honeypot is bad and should not be used?

Subdomains in LAN with NGINX + Linux

I’m trying to set up a NGINX config that runs on my localhost. I want other devices in my LAN to access multiple different servers on my local machine using a local subdomain. myhostname is my hostname in my LAN.

I want other LAN devices to access NodeJS servers represented by subdomains on my localhost

-> http://server-alpha.myhostname

-> http://server-beta.myhostname

With my current NGINX configuration however, I only can access from my localhost onto itself:

-> /etc/nginx/sites-enabled/server-alpha.localhost

    server {         listen 80;         server_name server-alpha.localhost;          location / {             proxy_pass http://localhost:3045;             proxy_set_header Host $  host;         }     } 

-> /etc/nginx/sites-enabled/server-beta.localhost

    server {         listen 80;         server_name server-beta.localhost;          location / {             proxy_pass http://localhost:3046;             proxy_set_header Host $  host;         }     } 

OMS Linux Agent Configuration for Custom Logs, specifically for tomcat catalina.out log file

I wonder if anyone out there configured OMS Linux Agent to send catalina.out logs to Logs Analytics in Azure? I have config file but for some reason its not working , it could be that after tomcat upgrade from 8.5.32 -> 8.5.35 file format changed.

Here is my config which is failing to send info:

<source>   @type sudo_tail   format none   tag oms.api.tomcat.rota.out   path /var/lib/tomcat/logs/catalina.out   pos_file /var/opt/microsoft/omsagent/state/tomcat.log.rota.out.pos   read_from_head true   run_interval 30 </source> 

the error in omsagent.log I see is:

2019-05-20 13:05:31 +0000 [info]: INFO Received paths from sudo tail plugin : /var/lib/tomcat/logs/catalina.out 2019-05-20 13:05:31 +0000 [info]: INFO Following tail of /var/lib/tomcat/logs/catalina.out 2019-05-20 13:05:39 +0000 [warn]: Missing DataType or IPName field in record from tag 'oms.api.tomcat.rota.out' 2019-05-20 13:05:58 +0000 [info]: Sending OMS Heartbeat succeeded at 2019-05-20T13:05:58.645Z 

Please show me how this config should look like to succesfully send logs to Log Analytics Workspace

Regards

How can I create a backdoor on a Windows Server behind a Linux by NAT? [on hold]

I have 3 machines for penetrating test:

1. Kali Linux [attacker] (10.1.1.14) 2. Linux with 3 network interfaces (172.16.1.12, 10.1.1.7, 192.168.0.4) 3. Windows 10 Tomcat server (172.16.1.5) 

And I set a NAT so Windows 10 is behind Linux with 3 network interfaces so 172.16.1.12:80 or 10.1.1.7:80 <-> 172.16.1.5:8080

target     prot opt source               destination DNAT       tcp  --  anywhere             anywhere             tcp dpt:http to:172.16.1.5:8080                          Chain INPUT (policy ACCEPT) target     prot opt source               destination  Chain OUTPUT (policy ACCEPT) target     prot opt source               destination  Chain POSTROUTING (policy ACCEPT) target     prot opt source               destination SNAT       tcp  --  anywhere             172.16.1.5           tcp dpt:http-alt to:172.16.1.12                     

My aim is I can set a payload from the attacker to reach the Windows 10 box by passing through the Linux box.

Before, I tried:

I installed a payload.exe on Windows 10. Then, use multi\handler set LHOSTS 10.1.1.14 set LPORTS 4444 exploit 

But this failed, of course, because I realized that the attcker skipped the Linux and hacked Windows directly.

Does anyone know how I can hack the Windows 10 box by passing through the Linux like by passing through 10.1.1.7:80?