How do I run an email alert when a specific piece of code is run?SETUP for sending Mail via postfix to GMAILPreferred mailer in UbuntuUnable to get email cache on mail clients on raring ringtailD-Link DWA-130 rev E1 RTL8191SU hard time connectingHow to run an interactive script before xserver shutdown?I would like to be able to take a screen shot every 6 hours and email it

Is there any problem with students seeing faculty naked in university gym?

Was there an autocomplete utility in MS-DOS?

What makes a character irredeemable?

Could the Queen overturn the UK Supreme Court ruling regarding prorogation of Parliament?

Was "чёрствый" ever a synonym for fresh in Russian?

Mac no longer boots

I've been fired, was allowed to announce it as if I quit and given extra notice, how to handle the questions?

Colleague's grant application resembles my PhD thesis

Are there any NP complete problems in SUB EXP TIME?

How to explain that the sums of numerators over sums of denominators isn't the same as the mean of ratios?

Did the Humans find out about Gaius Baltar's role in the sabotage of the fleet?

Manager told a colleague of mine I was getting fired soon

How dangerous are my worn rims?

What are some ways to season that don't rely on garlic and onions?

In search of a pedagogically simple example of asymmetric encryption routine?

From Art to Offices

Did Joe Biden "stop a prosecution" into his son in Ukraine? And did he brag about stopping the prosecution?

Could Boris Johnson face criminal charges for illegally proroguing Parliament?

Did S. Lang prove Kuratowski–Zorn lemma without Axiom of choice or Well-ordering theorem?

Airport Security - advanced check, 4th amendment breach

SHA3-255, one bit less

Has Boris Johnson ever referred to any of his opponents as "traitors"?

As an interviewer, how to conduct interviews with candidates you already know will be rejected?

Driving test in New Zealand?



How do I run an email alert when a specific piece of code is run?


SETUP for sending Mail via postfix to GMAILPreferred mailer in UbuntuUnable to get email cache on mail clients on raring ringtailD-Link DWA-130 rev E1 RTL8191SU hard time connectingHow to run an interactive script before xserver shutdown?I would like to be able to take a screen shot every 6 hours and email it






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty
margin-bottom:0;









0















I am looking to set up an email alert every time the dirty cow exploit is run as a type of alarm or trigger that is set off every time the code is run, but I have no idea how. I am running it on Ubuntu 14.04 as it is a vulnerable system to the attack.



Any help would be appreciated.






14.04 email







share|improve this question
































    0















    I am looking to set up an email alert every time the dirty cow exploit is run as a type of alarm or trigger that is set off every time the code is run, but I have no idea how. I am running it on Ubuntu 14.04 as it is a vulnerable system to the attack.



    Any help would be appreciated.






    14.04 email







    share|improve this question




























      0












      0








      0








      I am looking to set up an email alert every time the dirty cow exploit is run as a type of alarm or trigger that is set off every time the code is run, but I have no idea how. I am running it on Ubuntu 14.04 as it is a vulnerable system to the attack.



      Any help would be appreciated.






      14.04 email







      share|improve this question
















      I am looking to set up an email alert every time the dirty cow exploit is run as a type of alarm or trigger that is set off every time the code is run, but I have no idea how. I am running it on Ubuntu 14.04 as it is a vulnerable system to the attack.



      Any help would be appreciated.






      14.04 email




      14.04 email






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Apr 16 at 15:17









      Philippe Delteil

      1,1141 gold badge11 silver badges23 bronze badges




      1,1141 gold badge11 silver badges23 bronze badges










      asked Apr 16 at 13:47









      u Ahsinu Ahsin

      11 bronze badge




      11 bronze badge























          1 Answer
          1






          active

          oldest

          votes


















          0
















          Assuming that you are referring to the Dirty COW (CVE-2016-5195) privilege escalation vulnerability in the Linux Kernel, then per https://dirtycow.ninja/:




          Can I detect if someone has exploited this against me?



          Exploitation of this bug does not leave any trace of anything abnormal happening to the logs.




          Therefore, there is no clear way to detect if the code has been executed on your system.



          However, if you're really that concerned, you should be aware that the Ubuntu Security Team has already provided a patch for DirtyCOW in the standard linux kernels in Trusty, so if you simply do a standard apt-get update && apt-get dist-upgrade and upgrade the Linux packages on your system, you'll be patched against this vulnerability.






          share|improve this answer



























          • If im not mistaken remote exploit goes via httpd or apache, so cant we log attempts like that ?

            – Sergiy Kolodyazhnyy
            Apr 16 at 15:36











          • @SergiyKolodyazhnyy You'd need a customized plugin in Apache that would be able to pick up specific remote exploit code. That said, it'd be better to just run an IDS/IPS like Snort with the rulesets for that loaded into it to deny access and protect, AND issue the alerts, than try and set it up themselves. However, OP doesn't indicate how they would be vulnerable to the attack. Also, if they simply update their server with the repos to the latest kernel in the repos, they get patched for Dirty COW quickly (people.canonical.com/~ubuntu-security/cve/2016/…).

            – Thomas Ward
            Apr 16 at 16:28












          Your Answer








          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "89"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader:
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/4.0/"u003ecc by-sa 4.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          ,
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );














          draft saved

          draft discarded
















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1134378%2fhow-do-i-run-an-email-alert-when-a-specific-piece-of-code-is-run%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          0
















          Assuming that you are referring to the Dirty COW (CVE-2016-5195) privilege escalation vulnerability in the Linux Kernel, then per https://dirtycow.ninja/:




          Can I detect if someone has exploited this against me?



          Exploitation of this bug does not leave any trace of anything abnormal happening to the logs.




          Therefore, there is no clear way to detect if the code has been executed on your system.



          However, if you're really that concerned, you should be aware that the Ubuntu Security Team has already provided a patch for DirtyCOW in the standard linux kernels in Trusty, so if you simply do a standard apt-get update && apt-get dist-upgrade and upgrade the Linux packages on your system, you'll be patched against this vulnerability.






          share|improve this answer



























          • If im not mistaken remote exploit goes via httpd or apache, so cant we log attempts like that ?

            – Sergiy Kolodyazhnyy
            Apr 16 at 15:36











          • @SergiyKolodyazhnyy You'd need a customized plugin in Apache that would be able to pick up specific remote exploit code. That said, it'd be better to just run an IDS/IPS like Snort with the rulesets for that loaded into it to deny access and protect, AND issue the alerts, than try and set it up themselves. However, OP doesn't indicate how they would be vulnerable to the attack. Also, if they simply update their server with the repos to the latest kernel in the repos, they get patched for Dirty COW quickly (people.canonical.com/~ubuntu-security/cve/2016/…).

            – Thomas Ward
            Apr 16 at 16:28















          0
















          Assuming that you are referring to the Dirty COW (CVE-2016-5195) privilege escalation vulnerability in the Linux Kernel, then per https://dirtycow.ninja/:




          Can I detect if someone has exploited this against me?



          Exploitation of this bug does not leave any trace of anything abnormal happening to the logs.




          Therefore, there is no clear way to detect if the code has been executed on your system.



          However, if you're really that concerned, you should be aware that the Ubuntu Security Team has already provided a patch for DirtyCOW in the standard linux kernels in Trusty, so if you simply do a standard apt-get update && apt-get dist-upgrade and upgrade the Linux packages on your system, you'll be patched against this vulnerability.






          share|improve this answer



























          • If im not mistaken remote exploit goes via httpd or apache, so cant we log attempts like that ?

            – Sergiy Kolodyazhnyy
            Apr 16 at 15:36











          • @SergiyKolodyazhnyy You'd need a customized plugin in Apache that would be able to pick up specific remote exploit code. That said, it'd be better to just run an IDS/IPS like Snort with the rulesets for that loaded into it to deny access and protect, AND issue the alerts, than try and set it up themselves. However, OP doesn't indicate how they would be vulnerable to the attack. Also, if they simply update their server with the repos to the latest kernel in the repos, they get patched for Dirty COW quickly (people.canonical.com/~ubuntu-security/cve/2016/…).

            – Thomas Ward
            Apr 16 at 16:28













          0














          0










          0









          Assuming that you are referring to the Dirty COW (CVE-2016-5195) privilege escalation vulnerability in the Linux Kernel, then per https://dirtycow.ninja/:




          Can I detect if someone has exploited this against me?



          Exploitation of this bug does not leave any trace of anything abnormal happening to the logs.




          Therefore, there is no clear way to detect if the code has been executed on your system.



          However, if you're really that concerned, you should be aware that the Ubuntu Security Team has already provided a patch for DirtyCOW in the standard linux kernels in Trusty, so if you simply do a standard apt-get update && apt-get dist-upgrade and upgrade the Linux packages on your system, you'll be patched against this vulnerability.






          share|improve this answer















          Assuming that you are referring to the Dirty COW (CVE-2016-5195) privilege escalation vulnerability in the Linux Kernel, then per https://dirtycow.ninja/:




          Can I detect if someone has exploited this against me?



          Exploitation of this bug does not leave any trace of anything abnormal happening to the logs.




          Therefore, there is no clear way to detect if the code has been executed on your system.



          However, if you're really that concerned, you should be aware that the Ubuntu Security Team has already provided a patch for DirtyCOW in the standard linux kernels in Trusty, so if you simply do a standard apt-get update && apt-get dist-upgrade and upgrade the Linux packages on your system, you'll be patched against this vulnerability.







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Apr 16 at 16:29

























          answered Apr 16 at 14:01









          Thomas WardThomas Ward

          48.1k23 gold badges129 silver badges186 bronze badges




          48.1k23 gold badges129 silver badges186 bronze badges















          • If im not mistaken remote exploit goes via httpd or apache, so cant we log attempts like that ?

            – Sergiy Kolodyazhnyy
            Apr 16 at 15:36











          • @SergiyKolodyazhnyy You'd need a customized plugin in Apache that would be able to pick up specific remote exploit code. That said, it'd be better to just run an IDS/IPS like Snort with the rulesets for that loaded into it to deny access and protect, AND issue the alerts, than try and set it up themselves. However, OP doesn't indicate how they would be vulnerable to the attack. Also, if they simply update their server with the repos to the latest kernel in the repos, they get patched for Dirty COW quickly (people.canonical.com/~ubuntu-security/cve/2016/…).

            – Thomas Ward
            Apr 16 at 16:28

















          • If im not mistaken remote exploit goes via httpd or apache, so cant we log attempts like that ?

            – Sergiy Kolodyazhnyy
            Apr 16 at 15:36











          • @SergiyKolodyazhnyy You'd need a customized plugin in Apache that would be able to pick up specific remote exploit code. That said, it'd be better to just run an IDS/IPS like Snort with the rulesets for that loaded into it to deny access and protect, AND issue the alerts, than try and set it up themselves. However, OP doesn't indicate how they would be vulnerable to the attack. Also, if they simply update their server with the repos to the latest kernel in the repos, they get patched for Dirty COW quickly (people.canonical.com/~ubuntu-security/cve/2016/…).

            – Thomas Ward
            Apr 16 at 16:28
















          If im not mistaken remote exploit goes via httpd or apache, so cant we log attempts like that ?

          – Sergiy Kolodyazhnyy
          Apr 16 at 15:36





          If im not mistaken remote exploit goes via httpd or apache, so cant we log attempts like that ?

          – Sergiy Kolodyazhnyy
          Apr 16 at 15:36













          @SergiyKolodyazhnyy You'd need a customized plugin in Apache that would be able to pick up specific remote exploit code. That said, it'd be better to just run an IDS/IPS like Snort with the rulesets for that loaded into it to deny access and protect, AND issue the alerts, than try and set it up themselves. However, OP doesn't indicate how they would be vulnerable to the attack. Also, if they simply update their server with the repos to the latest kernel in the repos, they get patched for Dirty COW quickly (people.canonical.com/~ubuntu-security/cve/2016/…).

          – Thomas Ward
          Apr 16 at 16:28





          @SergiyKolodyazhnyy You'd need a customized plugin in Apache that would be able to pick up specific remote exploit code. That said, it'd be better to just run an IDS/IPS like Snort with the rulesets for that loaded into it to deny access and protect, AND issue the alerts, than try and set it up themselves. However, OP doesn't indicate how they would be vulnerable to the attack. Also, if they simply update their server with the repos to the latest kernel in the repos, they get patched for Dirty COW quickly (people.canonical.com/~ubuntu-security/cve/2016/…).

          – Thomas Ward
          Apr 16 at 16:28


















          draft saved

          draft discarded















































          Thanks for contributing an answer to Ask Ubuntu!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid


          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.

          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1134378%2fhow-do-i-run-an-email-alert-when-a-specific-piece-of-code-is-run%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          Tamil (spriik) Luke uk diar | Nawigatjuun

          Image
          Fering ArtiikelDrawiidisk Spriiken SölringÖömrangFeringHalunderHalifreeskMooringWiringhiirderKarhiirderGooshiirderDrawiidisk SpriikTamil NaduIndienSri Lanka (function()var node=document.getElementById("mw-dismissablenotice-anonplace");if(node)node.outerHTML="u003Cdiv class="mw-dismissable-notice"u003Eu003Cdiv class="mw-dismissable-notice-close"u003E[u003Ca tabindex="0" role="button"u003EFersteegu003C/au003E]u003C/divu003Eu003Cdiv class="mw-dismissable-notice-body"u003Eu003Cdiv id="localNotice" lang="frr" dir="ltr"u003Eu003Cdiv id="sitenotice"u003Enu003Ccenteru003Enu003Ctable class="rahmenfarbe4" style="border-style: solid; border-width: thin; width: 70%;"u003Ennu003Ctbodyu003Eu003Ctru003Enu003Ctd style="text-align:center;"u003Eu003Ca href="/wiki/Datei:Nordfriesischeflagge.svg" class="image"u003Eu003Cimg alt="Nordfriesische
          Read more

          Align equal signs while including text over equalitiesAMS align: left aligned text/math plus multicolumn alignmentMultiple alignmentsAligning equations in multiple placesNumbering and aligning an equation with multiple columnsHow to align one equation with another multline equationUsing \ in environments inside the begintabularxNumber equations and preserving alignment of equal signsHow can I align equations to the left and to the right?Double equation alignment problem within align enviromentAligned within align: Why are they right-aligned?

          Image
          Why didn't the Universal Translator speak whale? What is /dev/null and why can't I use hx on it? The work of mathematicians outside their professional environment Does the DOJ's declining to investigate the Trump-Zelensky call ruin the basis for impeachment? Are there any tricks to pushing a grand piano? Maintaining distance Does it require less energy to reach the Sun from Pluto's orbit than from Earth's orbit? Object Oriented Design: Where to place behavior that pertains to more than one type of object? Choice of solvent during thin layer chromatography How to catch creatures that can predict the next few minutes? Use floats or doubles when writing mobile games How come the Russian cognate for the Czech word "čerstvý" (fresh) means entirely the opposite thing (stale)? What are the limits on an impeached and not convicted president? How to calculate Limit of this sequence Bash-script as linux-service won't run, but executed
          Read more

          Training a classifier when some of the features are unknownWhy does Gradient Boosting regression predict negative values when there are no negative y-values in my training set?How to improve an existing (trained) classifier?What is effect when I set up some self defined predisctor variables?Why Matlab neural network classification returns decimal values on prediction dataset?Fitting and transforming text data in training, testing, and validation setsHow to quantify the performance of the classifier (multi-class SVM) using the test data?How do I control for some patients providing multiple samples in my training data?Training and Test setTraining a convolutional neural network for image denoising in MatlabShouldn't an autoencoder with #(neurons in hidden layer) = #(neurons in input layer) be “perfect”?

          Image
          Extremely casual way to make requests to very close friends Why are Gatwick's runways too close together? AsyncDictionary - Can you break thread safety? Different inverter (logic gate) symbols Y2K... in 2019? Withdrew when Jimmy met up with Heath Christian apologetics regarding the killing of innocent children during the Genesis flood How does 'AND' distribute over 'OR' (Set Theory)? Ex-contractor published company source code and secrets online how to differentiate when a child lwc component is called twice in parent component? Infeasibility in mathematical optimization models How is this kind of structure made? Plausibility of Ice Eaters in the Arctic Tikzpicture - finish drawing a curved line for a cake slice Why is transplanting a specific intact brain impossible if it is generally possible? How to create all combinations from a nested list while preserving the structure using R? What should I call bands of armed men in Medieval T
          Read more