Create sudo.log on Ubuntu server

Create log file:

touch /var/log/sudo.log

Edit the file /etc/sudoers

visudo

Paste
Defaults logfile="/var/log/sudo.log"

Restart rsyslog
sudo systemctl restart rsyslog

View log
tail -f /var/log/sudo.log

How to View HTTP Headers Live From Command-Line in Raw Tcpdump Command

 

CONTENTS

You need to troubleshoot raw and plain HTTP connections to your Mule app. You would like a way to visualize the HTTP information in the command-line without using Wireshark.

STEPS TO FOLLOW

Please note that the following only works for unencrypted HTTP traffic.

1) Run the following command (change 8091 to the port that is receiving the unencrypted HTTP traffic):

tcpdump -A -s 10240 'tcp port 8091 and (((ip[2:
2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | egrep --line-buffered "^
........(GET |HTTP\/|POST |HEAD )|^[A-Za-z0-9-]+: " | sed -r 's/^........(GET |
HTTP\/|POST |HEAD )/\n\1/g'

2) Then make the request. You should output such as this for the header of your HTTP request:

GET /api/files/file/name/History%20EX-Guide.docx/properties?aewgaweg.com&siteName=asgsd.com&folderName=1231212 HTTP/1.1
Host: mydlb.lb.anypointdns.net
X-Real-IP: 1.1.1.1
X-Forwarded-For: 1.1.1.1
User-Agent: curl/7.64.1
Accept: */*
Authorization: bearer 23423

Disconnect Inactive or Idle SSH Connections in Linux

Identifying Inactive or Idle SSH Connections

Before disconnecting inactive or idle SSH connections, it is important to first identify them. In Linux, there are several commands that can be used to list active users and their sessions, display information about logged-in users and their processes, and view a log of previous logins and sessions.
Using the 'who' command to list active users and their sessions

The 'who' command is used to display a list of currently logged-in users along with their login name, terminal line number (tty), login time, and remote hostname or IP address. To specifically view only SSH connections, the '-u' option can be added to the command. This will display only active SSH connections with the corresponding user information.

who -u

If you have identified an inactive or idle SSH connection and want to terminate it manually, there are several commands that you can use to do so. These commands specifically target the processes associated with the SSH connection, allowing you to end them without affecting any other processes on your system.
Using the 'kill' command to terminate a specific session ID

The 'kill' command is used to send a signal to a particular process (or multiple processes) in order to terminate them. When it comes to disconnecting an inactive or idle SSH connection, you can use 'kill' with the session ID associated with that particular connection.

To determine the session ID of an inactive or idle SSH connection, you can use any of the methods mentioned in section two of this article. Once you have determined the session ID, simply run the following command −

kill [sessionID]

This will immediately terminate that specific SSH connection and log out any user associated with it.
Using the 'pkill' command to kill all processes associated with a specific user

If you want to disconnect all inactive or idle SSH connections for a particular user at once, then you can use the 'pkill' command. This command sends a signal not only to a specific process but also kills all other related processes as well. To terminate all connections for one particular user, run this command −

pkill -U [username]

This will send signals and end all ssh connections opened by [username].
Using the 'skill' command to send a signal to terminate specific processes

Sometimes using kill or pkill methods may terminate other associated processes also with an active session. It is not always easy to determine which of these processes are associated with the active SSH connection, so you can use the 'skill' command instead. The 'skill' command allows you to target specific processes by name, user or group.

You can use it to send a signal that will terminate any process that matches a particular pattern. To kill a particular ssh session run this command −

skill -KILL -u [username] --tty=[terminal] 

 This will send a signal to end all ssh connections opened by [username] on the specified terminal. The skill command could terminate additional processes also running in the terminal.