Linux server got hacked? To do’s for beginners.

Linux hack

Just got email from server provided complaining about spamming from your server? CPU usages is higher than expected? Some process toke all your memory? Or OS acting weird?

Example snippets are relevant to Debian/Ubuntu, try look for command for different linux distribution.

Change password for both root and your user. Follow stackoverflow.

Check what changed in /etc and /var in last 2 days:

find /etc -mtime -2
find /var -mtime -2

If you haven’t changed it, somebody did. Decide what to do with that changes.

Install ClamAV:

sudo apt-get install clamav
sudo freshclam
sudo apt install clamav-daemon

Search for infected files:

sudo clamscan --max-filesize=3999M --max-scansize=3999M --exclude-dir=/sys/* -i -r /

Checks for signs of a rootkit:

Install chkrootkit:

sudo apt-get install chkrootkit

Run chkrootkit:

sudo chkrootkit

You might get some false positive, don’t panic. Google.

Security vulnerabilities comes with negligence, update your OS:

sudo apt-get update && time sudo apt-get dist-upgrade

Some great links that I found:
StackExchange – How do you know your server has been compromised?


Manage JDKs in MacOS


Install JDK 9 in MacOS using Homebrew:

brew update
brew cask install java

All Java version get installed here: /Library/Java/JavaVirtualMachines lets take a look.
ls -la /Library/Java/JavaVirtualMachinesList installed JDKs in your OSX:

 $ /usr/libexec/java_home -V

You should get result like this:

Matching Java Virtual Machines (5):
 9.0.1, x86_64: "Java SE 9.0.1" /Library/Java/JavaVirtualMachines/jdk-9.0.1.jdk/Contents/Home
 1.8.0_121, x86_64: "Java SE 8" /Library/Java/JavaVirtualMachines/jdk1.8.0_121.jdk/Contents/Home
 1.7.0_80, x86_64: "Java SE 7" /Library/Java/JavaVirtualMachines/jdk1.7.0_80.jdk/Contents/Home
 1.6.0_65-b14-468, x86_64: "Java SE 6" /Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home
 1.6.0_65-b14-468, i386: "Java SE 6" /Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home/Library/Java/JavaVirtualMachines/jdk-9.0.1.jdk/Contents/Home

Install jenv:
brew install jenv

Set JDK by following jenv commands:


Note: Tested on macOS Sierra.

Debug HTTP calls from code using Wireshark

Wireshark Filter

Http calls from code are pretty common now a days. Sometime it is very difficult to understand when calls are failing, lot of things could go wrong. Some one them are –

  1. Server firewall might be blocking the call.
  2. My firewall could be the issue.
  3. Maybe server not accepting the call because I’m not sending right param or header.

However, one of my favourite tool to debug this kind of situation Wireshark. Install it from here. You can check this video to learn it or see tutorial online.

Once you have installed and running the application, you can separate network calls that you are making from your code using filter.

Use following filter –

ip.dst == && http

ip.dst is the ip of destination server and http is refers to calls from browser.

Happy debugging 🙂

Attach debugger in IntelliJ with Spring Boot application

intellij idea

If you run your java application inside the IntelliJ, you can do it with the green debug button. But, if you are running the application from command line, like me, it’s the way to go –

Step 1: Run your application with debug jvm arguments.

$ mvn spring-boot:run -Drun.jvmArguments="-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=5005"

Step 2: Configure IntelliJ.

  • Select menu Run -> Edit Configurations
  • Create new Remote Configuration. Default configuration works with 5005 port. Change if you see fit.
  • Connect application by running (green bug icon!) Remote Configuration created on last step.

Step 3: Happy debugging 🙂