DNS Diagnostic
- whois (simply displays the NS servers for the domain)
- host -v domain.com
- To query NS servers:
- dig plancake.com displays info about A records
- dig plancake.com MX displays info about MX records
- dig @ns.123-reg.co.uk plancake.com MX to query a particular server
- nslookup can be used in an interactive mode, too.
Here is an example:# nslookup
> server ns2.libero.it [I'm connected to Libero NS server]
> set q=ns [setting which kind of query to do. 'ns'=nameserver OR 'any']
> italandia.it [displays the records stored on the server ns2.libero.it concerning the domain italandia.it]
Network Diagnostic
/etc/services: list of conventional ports
netstat: says the active connections
nmap server_ip_address: says the open ports (launch it from outside the server)
Once you know an open port, in order to know the process is using it:
lsof -i | grep port_number
traceroute
Database maintenance
OPTIMIZE TABLE tablename
It performs a sort of defragmentation for the files containing the table’s data.
Examine the The Slow Query Log
Login control
* last – shows the file /var/log/wtmp
* grep -i “accepted” /var/log/auth
If you find some strange accesses:
less /root/.bash_history
[I'm not sure this file is updating very often]
If this file is empty, points to /dev/null or contains some strange commands, it means the cracker was able to do whatever he wanted.
Misc
* Checks the logs, in particular cron’s one (/var/log/cron.log)
* Keep the system update and patched
