What Does Ps Aux | Egrep......mean?

Hey guys well, i killed a user that was ssh into my machine and a googled how to do it, however the command that I used to find he PID was

ps aux | egrep "sshd: [a-zA-Z]+@"

why not just use ps aux | grep sshd?

also can someone decipher what ps aux | egrep "sshd: [a-zA-Z]+@" means? I am not that advanced to understand what I googled on that? Also, is there a good tutorial to teach you those commands in depth like that? And what are they called? the (egrep "sshd: [a-zA-Z]+@") part.


Similar Content



How Can I Grep Variable?

I want to And search grep shell

but It's hard to grep variable


---------------------------------------------------------------
#!/bin/bash


if [ $# -eq 0 ]
then
echo "Ussage: phone searchfor [...searchfor]"
echo "(You didn't tell me what you want to search for )"

else

pass=0
find=""

for idx in $*
do
if [ -n "$idx" ]
then
if [ $pass -eq 0 ]
then
find=$(egrep "$idx" mydata)
pass=1

else

find=$("$find" | grep "$idx")

echo $find
fi
fi

done

if [ -z "$find" ]
then
echo "There is no such thing"
else

echo $find | awk -f display.awk

fi

fi

-----------------------------------------------------

there is one error : command not found

in find=$("$find" | grep "$idx")

how can I grep variable and store it into variable?

How To Search What Is Returned By Grep For Multiple Patterns?

Hi, I am new to Linux and the full capabilities of grep, so I'm having some difficulty figuring out how to obtain the information I want. I'm using grep to search if specific servers are listed in my local nameserver like this:

chknsv NSV | egrep 'box1|box2|box3'

Where chknsv is a function to list all items in the nameserver that include substring NSV in the line.

Ideally, what is returned from egrep is a list like this:
$NSV - box1 - 40000 - tcp
$NSV - box2 - 40000 - tcp
$NSV - box3 - 40000 - tcp

(The first column represents Service name, the second Host name, the third Port, and the fourth Protocol)

What I am wondering is how to check what is returned from egrep to make sure that all of the server names I searched for are included? The exit status of the egrep command returns 0 when anything is returned regardless of how many server names I was searching for. So, it would return 0 even if only one or two of the three servers I'm searching for are listed. This kind of scenario is what I'm trying to detect to verify whether or not all of the server names I searched for are active in the nameserver.

I know it can be done with multiple calls to egrep, but that seems really clunky to me - I'm hoping there's a more elegant solution that I'm just unaware of.

Any advice/suggestions would be greatly appreciated! Thanks!

Grep Is Not Working In RHEL5.3

Hi,

I have Redhat 5.3 running on my machine. But when I am login through putty it gives me below error.
Without running any grep command I get this error on login and the grep command doesn't work.

login as: root
root@IP's password:
Last login: Mon Feb 16 15:27:55 2015 from IP
-bash: /bin/egrep: cannot execute binary file
-bash: /bin/egrep: cannot execute binary file
-bash: /bin/egrep: cannot execute binary file
-bash: /bin/grep: cannot execute binary file
-bash: /bin/grep: cannot execute binary file
[root@bkpdrill ~]# grep MemTotal /proc/meminfo
-bash: /bin/grep: cannot execute binary file

Output Of "netstat -s | Egrep '(active|passive)'"?

If you run this command on your computer, how many active and passive connections openings are you typically supposed to have? Specifically, for a firewalled home PC behind a wifi router/cable modem combination. Can someone explain the purpose of this command?

Limit SSH User Based On Local IP Address?

I suspect this is not possible but I'll ask.

For machine where SSHd is listening on multiple IP addresses, is it possible to block certain users logging in based on the IP address they are connecting to?

Example:
Listening on 1.2.3.4 and 5.6.7.8
User amir should be allowed to log in on 1.2.3.4 but NOT 5.6.7.8
User mary is allowed on 5.6.7.8 but not on 1.2.3.4

Again, these are the IP addresses the user is connecting TO not FROM.

I think I could do this by running multiple sshd instances but can I do it with a single one?

Wrong Incoming Ssh Ports In /var/log/auth.log ?

Hello,
I am using my raspberry pi with Linux 3.18+ installed. I changed the default ssh port from 22 to 16022. This is my sshd_config file:
Code:
# Package generated configuration file
# See the sshd_config(5) manpage for details

# What ports, IPs and protocols we listen for
#Port 22
Port 16022
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2

PAM auth is disabled and I only login using password. Now, I checked the authentication log file: /var/log/auth.log. This is a snippet of what it contains:
Quote:
Apr 23 23:44:55 raspberrypi sshd[6473]: Accepted password for pi from 50.252.93.50 port 51978 ssh2
Apr 23 23:52:22 raspberrypi sshd[6477]: Received disconnect from 50.252.93.50: 11: Normal Shutdown
May 5 01:51:02 raspberrypi sshd[4551]: Accepted password for pi from 50.153.109.28 port 30222 ssh
May 5 09:43:47 raspberrypi sshd[6033]: Accepted password for pi from 50.153.110.150 port 21551 ssh2
May 5 09:43:53 raspberrypi sshd[6039]: Received disconnect from 50.153.110.150: 11: Normal Shutdown
May 5 14:09:23 raspberrypi sshd[6783]: Accepted password for pi from 50.153.109.23 port 28684 ssh
May 5 14:32:43 raspberrypi sshd[7008]: Accepted password for pi from 50.153.109.23 port 28689 ssh
May 5 14:37:21 raspberrypi sshd[7014]: Received disconnect from 50.153.109.23: 11: Normal Shutdow
May 8 02:01:41 raspberrypi sshd[24468]: Accepted password for pi from 50.153.110.150 port 30862 ssh2
How is this possible? Why is it showing these random ports for ssh?

This is what 'sudo netstat -nlp' gives:
Code:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:6010          0.0.0.0:*               LISTEN      7923/0
tcp        0      0 0.0.0.0:16022           0.0.0.0:*               LISTEN      2501/sshd
udp        0      0 0.0.0.0:37851           0.0.0.0:*                           2019/dhclient
udp        0      0 0.0.0.0:68              0.0.0.0:*                           2192/dhclient
udp        0      0 0.0.0.0:68              0.0.0.0:*                           2019/dhclient
udp        0      0 192.168.1.82:123        0.0.0.0:*                           2419/ntpd
udp        0      0 192.168.1.78:123        0.0.0.0:*                           2419/ntpd
udp        0      0 127.0.0.1:123           0.0.0.0:*                           2419/ntpd
udp        0      0 0.0.0.0:123             0.0.0.0:*                           2419/ntpd
udp        0      0 0.0.0.0:44953           0.0.0.0:*                           2192/dhclient
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node   PID/Program name    Path
unix  2      [ ACC ]     SEQPACKET  LISTENING     3880     168/udevd           /run/udev/control
unix  2      [ ACC ]     STREAM     LISTENING     8018     2341/dbus-daemon    /var/run/dbus/system_bus_socket

Plus, I am accessing my machine from outside my home network. My router is configured to block all ports, except 16022, whose tcp traffic is forwarded to my raspberry pi. So I don't understand why the log file has these weird ports listed.

Cannot SSH After Changing Permissions In Root Folder

Hello Guys,

Im fairly new to linux and was mucking around with permissions on root the other day and lost my connection via ssh. Now when i try to connect via ssh I get an error 'connection refused'. My system logs show the following:

Starting sshd: /var/empty/sshd must be owned by root and not group or world-writable.
[FAILED]

I gather this is because I changed some permissions on root. Thing is, as Im unable to connect via ssh, how else can I correct this issue? Im desperate as I have some data on there that I dont want to lose.

Thanks
Mark

Selinux On Ubuntu Server

Hi All,

Please can someone assist me on this, I enabled Selinux on Ubuntu 14.04 server and it's disabling ssh remote login for all users including root.

From the ssh terminal I get the following error:

ssh root@192.168.x.x
Last login: Wed Mar 25 12:39:02 2015 from 192.168.x.x
/bin/bash: Permission denied
Connection to 192.168.211.135 closed.


tail /var/log/auth.log

ubuntu sshd[1640]: Accepted password for root from 192.168.x.x port 51082 ssh2

ubuntu sshd[1642]: Accepted password for root from 192.168.x.x port 51089 ssh2

ubunt sshd[1640]: Received disconnect from 192.168.x.x: disconnected by user

audit2allow --all

sshd_t

This avc is a constraint violation. you would need to modify the attribute of either the source or target types to allow this access.

possible cause is the source user (system_u) and target user (unconfined_u) are different.

possible cause is the source role (system_r) and target role (unconfined_r) are different.

possible cause is the source level (s0) and target level (s0-s0:c0.c255) are different.

allow sshd_t unconfined_trocess transition.

Please how can I make this changes to take effect.

Thanks in advance.

Using Xargs And Grep In Find Command

I've been using this a lot:

find <directory to start search at> -name "<files to search in>" -type f | xargs grep "<string to search for>"

e.g.

find /usr/include -name "*.h" -type f | xargs grep "#define UINT"

now what if I wanted to output the results to a file?

Grep: Find Files That Do Not Have Multiple Different Strings

Hi all,

I'm trying to identify files that do not have matches for certain strings. FYI, these are files of DNA sequences and I'm trying to find those that are NOT sampled for any species by my group of interest (e.g., genes that are specific to that group of organisms).

I tried this code but it's actually yielding a list of files that DO match for my regexp.
Code:
for FILENAME in *.fas
do
grep -q -L ">PBAH" $FILENAME && grep -q -L ">SKOW" $FILENAME && grep -q -L ">CGRA" $FILENAME && echo $FILENAME
done

Basically I want to somehow go through and file files that do not contain ">PBAH" ">SKOW" or ">CGRA". Any assistance would be greatly appreciated!

Best,
Kevin