Use the -h switch when doing an ls to get a more readable filesize value (K for kilobyte,
M for megabyte, G for gigabyte), e.g.:
[root@server backup]# ls -altrh
total 9.4G
drwxr-xr-x 2 4294967294 4294967294 4.0K Oct 6 2004 last.txt
-rw-r--r-- 1 4294967294 4294967294 4.3G Oct 6 2004 backup.tgz
-rw-r--r-- 1 4294967294 4294967294 843M Nov 23 14:31 backup_20041123.tgz
-rw-r--r-- 1 4294967294 4294967294 863M Dec 4 02:33 backup_20041204.tgz
-rw-r--r-- 1 4294967294 4294967294 5.9M Jan 17 01:55 20050117.tgz
-rw-r--r-- 1 4294967294 4294967294 928M Jan 17 02:49 backup_20050117.tgz
-rw-r--r-- 1 4294967294 4294967294 960M Feb 2 15:03 backup_20050202.tgz
drwxr-xr-x 23 root root 4.0K Feb 25 18:12 ..
drwxrwxrwx 3 root root 4.0K Apr 3 01:28 .
-rw-r--r-- 1 4294967294 4294967294 1.6G Apr 3 03:36 backup_20050403.tgz
[root@server backup]#
Tuesday, April 19, 2005
Sunday, April 17, 2005
curl Examples
curl http://curl.haxx.se
GET form:
curl "www.hotmail.com/when/junk.cgi?birthyear=1905&press=OK"
POST form:
curl -d "birthyear=1905&press=%20OK%20" www.hotmail.com/when/junk.cgi
File Upload POST:
curl -F upload=@localfilename -F press=OK [URL]
PUT:
curl -T uploadfile www.uploadhttp.com/receive.cgi
The site might require a different authentication method (check the headers
returned by the server), and then --ntlm, --digest, --negotiate or even
--anyauth might be options that suit you.
Sometimes your HTTP access is only available through the use of a HTTP
proxy. This seems to be especially common at various companies. A HTTP proxy
may require its own user and password to allow the client to get through to
the Internet. To specify those with curl, run something like:
curl -U proxyuser:proxypassword curl.haxx.se
If your proxy requires the authentication to be done using the NTLM method,
use --proxy-ntlm, if it requires Digest use --proxy-digest.
If you use any one these user+password options but leave out the password
part, curl will prompt for the password interactively.
Use curl to set the referer field with:
curl -e http://curl.haxx.se daniel.haxx.se
User Agent:
To make curl look like Internet Explorer on a Windows 2000 box:
curl -A "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)" [URL]
Or why not look like you're using Netscape 4.73 on a Linux (PIII) box:
curl -A "Mozilla/4.73 [en] (X11; U; Linux 2.2.15 i686)" [URL]
Redirects:
To tell curl to follow a Location:
curl -L www.sitethatredirects.com
If you use curl to POST to a site that immediately redirects you to another
page, you can safely use -L and -d/-F together. Curl will only use POST in
the first request, and then revert to GET in the following operations.
Cookies:
The simplest way to send a few cookies to the server when getting a page with
curl is to add them on the command line like:
curl -b "name=Daniel" www.cookiesite.com
Curl has a full blown cookie parsing engine built-in that comes to use if you
want to reconnect to a server and use cookies that were stored from a
previous connection (or handicrafted manually to fool the server into
believing you had a previous connection). To use previously stored cookies,
you run curl like:
curl -b stored_cookies_in_file www.cookiesite.com
Curl's "cookie engine" gets enabled when you use the -b option. If you only
want curl to understand received cookies, use -b with a file that doesn't
exist. Example, if you want to let curl understand cookies from a page and
follow a location (and thus possibly send back cookies it received), you can
invoke it like:
curl -b nada -L www.cookiesite.com
Curl has the ability to read and write cookie files that use the same file
format that Netscape and Mozilla do. It is a convenient way to share cookies
between browsers and automatic scripts. The -b switch automatically detects
if a given file is such a cookie file and parses it, and by using the
-c/--cookie-jar option you'll make curl write a new cookie file at the end of
an operation:
curl -b cookies.txt -c newcookies.txt www.cookiesite.com
HTTPS:
Curl supports encrypted fetches thanks to the freely available OpenSSL
libraries. To get a page from a HTTPS server, simply run curl like:
curl https://that.secure.server.com
Certificates:
Use a certificate with curl on a HTTPS server
like:
curl -E mycert.pem https://that.secure.server.com
Custom Request Elements
Doing fancy stuff, you may need to add or change elements of a single curl
request.
For example, you can change the POST request to a PROPFIND and send the data
as "Content-Type: text/xml" (instead of the default Content-Type) like this:
curl -d "" -H "Content-Type: text/xml" -X PROPFIND url.com
You can delete a default header by providing one without content. Like you
can ruin the request by chopping off the Host: header:
curl -H "Host:" http://mysite.com
You can add headers the same way. Your server may want a "Destination:"
header, and you can add it:
curl -H "Destination: http://moo.com/nowhere" http://url.com
Debug
Many times when you run curl on a site, you'll notice that the site doesn't
seem to respond the same way to your curl requests as it does to your
browser's.
Then you need to start making your curl requests more similar to your
browser's requests:
* Use the --trace-ascii option to store fully detailed logs of the requests
for easier analyzing and better understanding
* Make sure you check for and use cookies when needed (both reading with -b
and writing with -c)
* Set user-agent to one like a recent popular browser does
* Set referer like it is set by the browser
* If you use POST, make sure you send all the fields and in the same order as
the browser does it. (See chapter 4.5 above)
A very good helper to make sure you do this right, is the LiveHTTPHeader tool
that lets you view all headers you send and receive with Mozilla/Firefox
(even when using HTTPS).
GET form:
curl "www.hotmail.com/when/junk.cgi?birthyear=1905&press=OK"
POST form:
curl -d "birthyear=1905&press=%20OK%20" www.hotmail.com/when/junk.cgi
File Upload POST:
curl -F upload=@localfilename -F press=OK [URL]
PUT:
curl -T uploadfile www.uploadhttp.com/receive.cgi
The site might require a different authentication method (check the headers
returned by the server), and then --ntlm, --digest, --negotiate or even
--anyauth might be options that suit you.
Sometimes your HTTP access is only available through the use of a HTTP
proxy. This seems to be especially common at various companies. A HTTP proxy
may require its own user and password to allow the client to get through to
the Internet. To specify those with curl, run something like:
curl -U proxyuser:proxypassword curl.haxx.se
If your proxy requires the authentication to be done using the NTLM method,
use --proxy-ntlm, if it requires Digest use --proxy-digest.
If you use any one these user+password options but leave out the password
part, curl will prompt for the password interactively.
Use curl to set the referer field with:
curl -e http://curl.haxx.se daniel.haxx.se
User Agent:
To make curl look like Internet Explorer on a Windows 2000 box:
curl -A "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)" [URL]
Or why not look like you're using Netscape 4.73 on a Linux (PIII) box:
curl -A "Mozilla/4.73 [en] (X11; U; Linux 2.2.15 i686)" [URL]
Redirects:
To tell curl to follow a Location:
curl -L www.sitethatredirects.com
If you use curl to POST to a site that immediately redirects you to another
page, you can safely use -L and -d/-F together. Curl will only use POST in
the first request, and then revert to GET in the following operations.
Cookies:
The simplest way to send a few cookies to the server when getting a page with
curl is to add them on the command line like:
curl -b "name=Daniel" www.cookiesite.com
Curl has a full blown cookie parsing engine built-in that comes to use if you
want to reconnect to a server and use cookies that were stored from a
previous connection (or handicrafted manually to fool the server into
believing you had a previous connection). To use previously stored cookies,
you run curl like:
curl -b stored_cookies_in_file www.cookiesite.com
Curl's "cookie engine" gets enabled when you use the -b option. If you only
want curl to understand received cookies, use -b with a file that doesn't
exist. Example, if you want to let curl understand cookies from a page and
follow a location (and thus possibly send back cookies it received), you can
invoke it like:
curl -b nada -L www.cookiesite.com
Curl has the ability to read and write cookie files that use the same file
format that Netscape and Mozilla do. It is a convenient way to share cookies
between browsers and automatic scripts. The -b switch automatically detects
if a given file is such a cookie file and parses it, and by using the
-c/--cookie-jar option you'll make curl write a new cookie file at the end of
an operation:
curl -b cookies.txt -c newcookies.txt www.cookiesite.com
HTTPS:
Curl supports encrypted fetches thanks to the freely available OpenSSL
libraries. To get a page from a HTTPS server, simply run curl like:
curl https://that.secure.server.com
Certificates:
Use a certificate with curl on a HTTPS server
like:
curl -E mycert.pem https://that.secure.server.com
Custom Request Elements
Doing fancy stuff, you may need to add or change elements of a single curl
request.
For example, you can change the POST request to a PROPFIND and send the data
as "Content-Type: text/xml" (instead of the default Content-Type) like this:
curl -d "
You can delete a default header by providing one without content. Like you
can ruin the request by chopping off the Host: header:
curl -H "Host:" http://mysite.com
You can add headers the same way. Your server may want a "Destination:"
header, and you can add it:
curl -H "Destination: http://moo.com/nowhere" http://url.com
Debug
Many times when you run curl on a site, you'll notice that the site doesn't
seem to respond the same way to your curl requests as it does to your
browser's.
Then you need to start making your curl requests more similar to your
browser's requests:
* Use the --trace-ascii option to store fully detailed logs of the requests
for easier analyzing and better understanding
* Make sure you check for and use cookies when needed (both reading with -b
and writing with -c)
* Set user-agent to one like a recent popular browser does
* Set referer like it is set by the browser
* If you use POST, make sure you send all the fields and in the same order as
the browser does it. (See chapter 4.5 above)
A very good helper to make sure you do this right, is the LiveHTTPHeader tool
that lets you view all headers you send and receive with Mozilla/Firefox
(even when using HTTPS).
Find number of occurrences of a word
To get the number of occurrences of a word (e.g. ServerName) in a file (e.g. httpd.conf), do a:
grep -c ServerName httpd.conf
For a line occurrence frequency count report:
sort httpd.conf | uniq -c | sort -nr
For a word occurrence frequency count report:
sed -e 's/\.//g' -e 's/ //g' "httpd.conf" | tr 'A-Z' 'a-z' | sort | uniq -c | sort -nr
grep -c ServerName httpd.conf
For a line occurrence frequency count report:
sort httpd.conf | uniq -c | sort -nr
For a word occurrence frequency count report:
sed -e 's/\.//g' -e 's/ //g' "httpd.conf" | tr 'A-Z' 'a-z' | sort | uniq -c | sort -nr
ulimit example
[root@server conf]# ulimit -a
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
file size (blocks, -f) unlimited
pending signals (-i) 1024
max locked memory (kbytes, -l) 32
max memory size (kbytes, -m) unlimited
open files (-n) 1024
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
stack size (kbytes, -s) 10240
cpu time (seconds, -t) unlimited
max user processes (-u) 4095
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited
[root@server conf]# ulimit -a | grep files
open files (-n) 1024
Change (example of increasing to 5000 files):
ulimit -n 5000
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
file size (blocks, -f) unlimited
pending signals (-i) 1024
max locked memory (kbytes, -l) 32
max memory size (kbytes, -m) unlimited
open files (-n) 1024
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
stack size (kbytes, -s) 10240
cpu time (seconds, -t) unlimited
max user processes (-u) 4095
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited
[root@server conf]# ulimit -a | grep files
open files (-n) 1024
Change (example of increasing to 5000 files):
ulimit -n 5000
Rename file starting with a dash(-)
If having problem renaming a file that starts with a dash:
Since the file name begins with a '-' it looks like an option to the
command. You need to force it to not look like an option. Put a ./
in the front of it. Or give it the full file name path. Or tell the
command you are through with options by using the double dash to end
all option processing. This is common to most traditional UNIX
commands.
cp ./* /some/folder
cp -- * /some/folder
And the same for other utilities too.
mv ./-stuff differentstuff
mv -- -stuff differentstuff
Since the file name begins with a '-' it looks like an option to the
command. You need to force it to not look like an option. Put a ./
in the front of it. Or give it the full file name path. Or tell the
command you are through with options by using the double dash to end
all option processing. This is common to most traditional UNIX
commands.
cp ./* /some/folder
cp -- * /some/folder
And the same for other utilities too.
mv ./-stuff differentstuff
mv -- -stuff differentstuff
Resolve "device is busy" error when doing a umount
If get "device is busy" when doing a umount, e.g.:
[root@server/]# umount /home/data/
umount: /home/data: device is busy
To find out who's still using the share, do a, e.g.:
[root@orion /]# fuser -u -v /home/data/
USER PID ACCESS COMMAND
/home/data/ root 15376 ..c.. vim
[root@server/]# umount /home/data/
umount: /home/data: device is busy
To find out who's still using the share, do a, e.g.:
[root@orion /]# fuser -u -v /home/data/
USER PID ACCESS COMMAND
/home/data/ root 15376 ..c.. vim
Delete a range of lines in Vim example
In vim, to delete a range of lines, e.g. lines 10 through line 290, do a:
:10,290d
:10,290d
Have Vim remeber last cursor position
to have vim remeber the last cursor position of file edit, put in .vimrc:
set viminfo='10,\"100,:20,%,n~/.viminfo
au BufReadPost * if line("'\"") > 0|if line("'\"") <= line("$")|exe("norm '\"")|else|exe "norm $"|endif|endif
set viminfo='10,\"100,:20,%,n~/.viminfo
au BufReadPost * if line("'\"") > 0|if line("'\"") <= line("$")|exe("norm '\"")|else|exe "norm $"|endif|endif
Enabling syntax highlighting in Vim
add:
syntax enable
to .vimrc to enable syntax highlighting in vim (e.g. when editing php or html files)
syntax enable
to .vimrc to enable syntax highlighting in vim (e.g. when editing php or html files)
Prevent others from browsing your files
In a multiuser server environment, set diretories to these settings to prevent others from browsing your files: (read/write/execute by owner, & only execute by others, no read/write/execute by group)
e.g.
Read Write eXecute
Owner Access On On On
Group Access Off Off Off
Other Access Off Off On
chmod 711 /usr/home/USERNAME/
chmod 701 /usr/www/users/USERNAME/
e.g.
Read Write eXecute
Owner Access On On On
Group Access Off Off Off
Other Access Off Off On
chmod 711 /usr/home/USERNAME/
chmod 701 /usr/www/users/USERNAME/
Redhat/ Fedora linux set services automatically start
e.g. to set nfs to start automatically:
[root@www2 rc3.d]# chkconfig --list nfs
nfs 0:off 1:off 2:off 3:off 4:off 5:off 6:off
[root@www2 rc3.d]# chkconfig nfs on
[root@www2 rc3.d]# chkconfig --list nfs
nfs 0:off 1:off 2:on 3:on 4:on 5:on 6:off
alternatively, e.g. for mysql:
# To make the script be run on machine start up we need to create a symbolic link to it.
cd /etc/rc.d/rc3.d
ln -s ../init.d/mysql S85mysql
cd /etc/rc.d/rc5.d
ln -s ../init.d/mysql S85mysql
# Now the links to make MySQL shut down:
cd /etc/rc.d/rc0.d
ln -s ../init.d/mysql K85mysql
cd /etc/rc.d/rc6.d
ln -s ../init.d/mysql K85mysql
Runlevel Links
Some services depend on other services. The 'httpd' service (Apache web server) for example won't start correctly if the 'network' script hasn't already set up the network interfaces. How is the order in which services are started on boot determined?
Have a look at the '/etc/rc.d' directory:
$ ls /etc/rc.d
init.d/ rc0.d/ rc2.d/ rc4.d/ rc6.d/ rc.local* rc.sysinit*
rc* rc1.d/ rc3.d/ rc5.d/ rc.firewall rc.modules*
You see the 'init.d' from '/etc' here again (in fact it's the same) and then several directories and files starting with 'rc' ('rc' is short for 'runcom[mand]').
In Mandrake Linux releases 8.0 and later, these files and directories are also accessible directly from the '/etc' directory.
If you now look into one of those 'rcnumber' subdirectories, you will find a bunch of files, some of them starting with 'S' and some of them with 'K' followed by a two-digit number. 'S' is short for 'start' and 'K' stands for 'kill'. The numbers imply the order in which starting and killing services takes place. In fact all those files are just links to their appropriate counterparts in '/etc/init.d'.
'S12syslog' for example is a link to '/etc/init.d/syslog' and gets started after 'S10network' which links to '/etc/init.d/internet' but before 'S20random'.
Also for mysql:
shell> cp mysql.server /etc/init.d/mysql
shell> chmod +x /etc/init.d/mysql
Older Red Hat systems use the `/etc/rc.d/init.d' directory rather than `/etc/init.d'. Adjust the preceding commands accordingly. Alternatively, first create `/etc/init.d' as a symbolic link that points to `/etc/rc.d/init.d':
shell> cd /etc
shell> ln -s rc.d/init.d .
After installing the script, the commands needed to activate it to run at system startup depend on your operating system. On Linux, you can use chkconfig:
shell> chkconfig --add mysql
On some Linux systems, the following command also seems to be necessary to fully enable the mysql script:
shell> chkconfig --level 345 mysql on
On FreeBSD, startup scripts generally should go in `/usr/local/etc/rc.d/'. The rc(8) manual page states that scripts in this directory are executed only if their basename matches the *.sh shell filename pattern. Any other files or directories present within the directory are silently ignored. In other words, on FreeBSD, you should install the `mysql.server' script as `/usr/local/etc/rc.d/mysql.server.sh' to enable automatic startup.
As an alternative to the preceding setup, some operating systems also use `/etc/rc.local' or `/etc/init.d/boot.local' to start additional services on startup. To start up MySQL using this method, you could append a command like the one following to the appropriate startup file:
/bin/sh -c 'cd /usr/local/mysql; ./bin/mysqld_safe --user=mysql &'
[root@www2 rc3.d]# chkconfig --list nfs
nfs 0:off 1:off 2:off 3:off 4:off 5:off 6:off
[root@www2 rc3.d]# chkconfig nfs on
[root@www2 rc3.d]# chkconfig --list nfs
nfs 0:off 1:off 2:on 3:on 4:on 5:on 6:off
alternatively, e.g. for mysql:
# To make the script be run on machine start up we need to create a symbolic link to it.
cd /etc/rc.d/rc3.d
ln -s ../init.d/mysql S85mysql
cd /etc/rc.d/rc5.d
ln -s ../init.d/mysql S85mysql
# Now the links to make MySQL shut down:
cd /etc/rc.d/rc0.d
ln -s ../init.d/mysql K85mysql
cd /etc/rc.d/rc6.d
ln -s ../init.d/mysql K85mysql
Runlevel Links
Some services depend on other services. The 'httpd' service (Apache web server) for example won't start correctly if the 'network' script hasn't already set up the network interfaces. How is the order in which services are started on boot determined?
Have a look at the '/etc/rc.d' directory:
$ ls /etc/rc.d
init.d/ rc0.d/ rc2.d/ rc4.d/ rc6.d/ rc.local* rc.sysinit*
rc* rc1.d/ rc3.d/ rc5.d/ rc.firewall rc.modules*
You see the 'init.d' from '/etc' here again (in fact it's the same) and then several directories and files starting with 'rc' ('rc' is short for 'runcom[mand]').
In Mandrake Linux releases 8.0 and later, these files and directories are also accessible directly from the '/etc' directory.
If you now look into one of those 'rcnumber' subdirectories, you will find a bunch of files, some of them starting with 'S' and some of them with 'K' followed by a two-digit number. 'S' is short for 'start' and 'K' stands for 'kill'. The numbers imply the order in which starting and killing services takes place. In fact all those files are just links to their appropriate counterparts in '/etc/init.d'.
'S12syslog' for example is a link to '/etc/init.d/syslog' and gets started after 'S10network' which links to '/etc/init.d/internet' but before 'S20random'.
Also for mysql:
shell> cp mysql.server /etc/init.d/mysql
shell> chmod +x /etc/init.d/mysql
Older Red Hat systems use the `/etc/rc.d/init.d' directory rather than `/etc/init.d'. Adjust the preceding commands accordingly. Alternatively, first create `/etc/init.d' as a symbolic link that points to `/etc/rc.d/init.d':
shell> cd /etc
shell> ln -s rc.d/init.d .
After installing the script, the commands needed to activate it to run at system startup depend on your operating system. On Linux, you can use chkconfig:
shell> chkconfig --add mysql
On some Linux systems, the following command also seems to be necessary to fully enable the mysql script:
shell> chkconfig --level 345 mysql on
On FreeBSD, startup scripts generally should go in `/usr/local/etc/rc.d/'. The rc(8) manual page states that scripts in this directory are executed only if their basename matches the *.sh shell filename pattern. Any other files or directories present within the directory are silently ignored. In other words, on FreeBSD, you should install the `mysql.server' script as `/usr/local/etc/rc.d/mysql.server.sh' to enable automatic startup.
As an alternative to the preceding setup, some operating systems also use `/etc/rc.local' or `/etc/init.d/boot.local' to start additional services on startup. To start up MySQL using this method, you could append a command like the one following to the appropriate startup file:
/bin/sh -c 'cd /usr/local/mysql; ./bin/mysqld_safe --user=mysql &'
Resolve "session setup failed: ERRDOS - ERRnoaccess (Access denied.)"
In samba, if get:
session setup failed: ERRDOS - ERRnoaccess (Access denied.)
while trying mount -a after editing fstab, e.g.:
//server/dir /home/dir smb username=administrator,password=123 0 0
then
add domain, e.g.:
//server/dir /home/dir smb username=administrator/domain_name,password=123 0 0
session setup failed: ERRDOS - ERRnoaccess (Access denied.)
while trying mount -a after editing fstab, e.g.:
//server/dir /home/dir smb username=administrator,password=123 0 0
then
add domain, e.g.:
//server/dir /home/dir smb username=administrator/domain_name,password=123 0 0
Vim bookmark position and returning to bookmark
ml Mark the current position with the bookmark named l
'l Move to the beginning of the line where mark l is.
`l Move to the character where the named mark l is.
`` Return to exact position of the previous mark
'' Return to the beginning of the line where the previous mark was.
'l Move to the beginning of the line where mark l is.
`l Move to the character where the named mark l is.
`` Return to exact position of the previous mark
'' Return to the beginning of the line where the previous mark was.
Using nohup
nohup command &
Continue to execute command (which can include arguments) in the background after you logout. Technically, nohup starts command with the SIGHUP signal set to be ignored.
If standard output is the terminal then standard output is redirected to the file nohup.out. Output is appended to nohup.out if the file already exists. If standard error is the terminal then standard error is redirected to the same file as standard output.
Continue to execute command (which can include arguments) in the background after you logout. Technically, nohup starts command with the SIGHUP signal set to be ignored.
If standard output is the terminal then standard output is redirected to the file nohup.out. Output is appended to nohup.out if the file already exists. If standard error is the terminal then standard error is redirected to the same file as standard output.
Creating a Disk Array in Fedora
Create (mdadm --create) mode is used to create a new array. In this example I use mdadm to create a RAID-0 at /dev/md0 made up of /dev/sdb1 and /dev/sdc1:
# mdadm --create --verbose /dev/md0 --level=0 --raid-devices=2 /dev/sdb1 /dev/sdc1
mdadm: chunk size defaults to 64K
mdadm: array /dev/md0 started.
The --level option specifies which type of RAID to create in the same way that raidtools uses the raid-level configuration line. Valid choices are 0,1,4 and 5 for RAID-0, RAID-1, RAID-4, RAID-5 respectively. Linear (--level=linear) is also a valid choice for linear mode. The --raid-devices option works the same as the nr-raid-disks option when using /etc/raidtab and raidtools.
Use the --stop or -S command to stop running array:
# mdadm -S /dev/md0
mdadm --create --verbose /dev/md0 --level=0 --raid-devices=2 /dev/hdc1 /dev/hdd1
[root@localhost home]# mdadm --query /dev/md0
/dev/md0: 223.58GiB raid0 2 devices, 0 spares. Use mdadm --detail for more detail.
/dev/md0: No md super block found, not an md component.
[root@localhost home]# mdadm --detail /dev/md0
/dev/md0:
Version : 00.90.01
Creation Time : Thu Aug 19 14:49:32 2004
Raid Level : raid0
Array Size : 234436352 (223.58 GiB 240.06 GB)
Raid Devices : 2
Total Devices : 2
Preferred Minor : 0
Persistence : Superblock is persistent
Update Time : Thu Aug 19 14:49:32 2004
State : clean, no-errors
Active Devices : 2
Working Devices : 2
Failed Devices : 0
Spare Devices : 0
Chunk Size : 64K
Number Major Minor RaidDevice State
0 22 1 0 active sync /dev/hdc1
1 22 65 1 active sync /dev/hdd1
UUID : 2f4c1a82:92bc9ece:372b0de6:c4cc65d6
Events : 0.2
# mdadm --create --verbose /dev/md0 --level=0 --raid-devices=2 /dev/sdb1 /dev/sdc1
mdadm: chunk size defaults to 64K
mdadm: array /dev/md0 started.
The --level option specifies which type of RAID to create in the same way that raidtools uses the raid-level configuration line. Valid choices are 0,1,4 and 5 for RAID-0, RAID-1, RAID-4, RAID-5 respectively. Linear (--level=linear) is also a valid choice for linear mode. The --raid-devices option works the same as the nr-raid-disks option when using /etc/raidtab and raidtools.
Use the --stop or -S command to stop running array:
# mdadm -S /dev/md0
mdadm --create --verbose /dev/md0 --level=0 --raid-devices=2 /dev/hdc1 /dev/hdd1
[root@localhost home]# mdadm --query /dev/md0
/dev/md0: 223.58GiB raid0 2 devices, 0 spares. Use mdadm --detail for more detail.
/dev/md0: No md super block found, not an md component.
[root@localhost home]# mdadm --detail /dev/md0
/dev/md0:
Version : 00.90.01
Creation Time : Thu Aug 19 14:49:32 2004
Raid Level : raid0
Array Size : 234436352 (223.58 GiB 240.06 GB)
Raid Devices : 2
Total Devices : 2
Preferred Minor : 0
Persistence : Superblock is persistent
Update Time : Thu Aug 19 14:49:32 2004
State : clean, no-errors
Active Devices : 2
Working Devices : 2
Failed Devices : 0
Spare Devices : 0
Chunk Size : 64K
Number Major Minor RaidDevice State
0 22 1 0 active sync /dev/hdc1
1 22 65 1 active sync /dev/hdd1
UUID : 2f4c1a82:92bc9ece:372b0de6:c4cc65d6
Events : 0.2
Emacs sample commands (useful for default BASH shell and mysql console)
alt-f move forwards one word.
alt-b move backwards one word.
ctrl-e go to end of line.
ctrl-a go to beginning of line.
ctrl-k delete to end of line or delete blank line.
ctrl-_ undo last change
ESC-d delete word to the right
Readline vi Mode
While the Readline library does not have a full set of vi editing functions, it does contain enough to allow simple editing of the line. The Readline vi mode behaves as specified in the POSIX 1003.2 standard.
In order to switch interactively between emacs and vi editing modes, use the `set -o emacs' and `set -o vi' commands (see section 4.3 The Set Builtin). The Readline default is emacs mode.
alt-b move backwards one word.
ctrl-e go to end of line.
ctrl-a go to beginning of line.
ctrl-k delete to end of line or delete blank line.
ctrl-_ undo last change
ESC-d delete word to the right
Readline vi Mode
While the Readline library does not have a full set of vi editing functions, it does contain enough to allow simple editing of the line. The Readline vi mode behaves as specified in the POSIX 1003.2 standard.
In order to switch interactively between emacs and vi editing modes, use the `set -o emacs' and `set -o vi' commands (see section 4.3 The Set Builtin). The Readline default is emacs mode.
Linux Hard drive benchmarking
Linux Hard drive benchmarking (on Dell 2400 2.2 GHz 7200 RPM 40 gig HDD)
[root@server shop]# hdparm -Tt /dev/hda
/dev/hda:
Timing buffer-cache reads: 1328 MB in 2.00 seconds = 664.00 MB/sec
Timing buffered disk reads: 124 MB in 3.00 seconds = 41.33 MB/sec
[root@server home]# hdparm /dev/hda
/dev/hda:
multcount = 16 (on)
IO_support = 0 (default 16-bit)
unmaskirq = 0 (off)
using_dma = 1 (on)
keepsettings = 0 (off)
readonly = 0 (off)
readahead = 8 (on)
geometry = 4863/255/63, sectors = 78125000, start = 0
[root@server home]# hdparm -u1 -m16 -c3 -d1 -X69 /dev/hda
/dev/hda:
setting 32-bit IO_support flag to 3
setting multcount to 16
setting unmaskirq to 1 (on)
setting using_dma to 1 (on)
setting xfermode to 69 (UltraDMA mode5)
multcount = 16 (on)
IO_support = 3 (32-bit w/sync)
unmaskirq = 1 (on)
using_dma = 1 (on)
[root@server home]# hdparm /dev/hda
/dev/hda:
multcount = 16 (on)
IO_support = 3 (32-bit w/sync)
unmaskirq = 1 (on)
using_dma = 1 (on)
keepsettings = 0 (off)
readonly = 0 (off)
readahead = 8 (on)
geometry = 4863/255/63, sectors = 78125000, start = 0
[root@server home]# hdparm -Tt /dev/hda
/dev/hda:
Timing buffer-cache reads: 1340 MB in 2.00 seconds = 670.00 MB/sec
Timing buffered disk reads: 142 MB in 3.03 seconds = 46.86 MB/sec
put command in /etc/rc.d/rc.local
[root@server shop]# hdparm -Tt /dev/hda
/dev/hda:
Timing buffer-cache reads: 1328 MB in 2.00 seconds = 664.00 MB/sec
Timing buffered disk reads: 124 MB in 3.00 seconds = 41.33 MB/sec
[root@server home]# hdparm /dev/hda
/dev/hda:
multcount = 16 (on)
IO_support = 0 (default 16-bit)
unmaskirq = 0 (off)
using_dma = 1 (on)
keepsettings = 0 (off)
readonly = 0 (off)
readahead = 8 (on)
geometry = 4863/255/63, sectors = 78125000, start = 0
[root@server home]# hdparm -u1 -m16 -c3 -d1 -X69 /dev/hda
/dev/hda:
setting 32-bit IO_support flag to 3
setting multcount to 16
setting unmaskirq to 1 (on)
setting using_dma to 1 (on)
setting xfermode to 69 (UltraDMA mode5)
multcount = 16 (on)
IO_support = 3 (32-bit w/sync)
unmaskirq = 1 (on)
using_dma = 1 (on)
[root@server home]# hdparm /dev/hda
/dev/hda:
multcount = 16 (on)
IO_support = 3 (32-bit w/sync)
unmaskirq = 1 (on)
using_dma = 1 (on)
keepsettings = 0 (off)
readonly = 0 (off)
readahead = 8 (on)
geometry = 4863/255/63, sectors = 78125000, start = 0
[root@server home]# hdparm -Tt /dev/hda
/dev/hda:
Timing buffer-cache reads: 1340 MB in 2.00 seconds = 670.00 MB/sec
Timing buffered disk reads: 142 MB in 3.03 seconds = 46.86 MB/sec
put command in /etc/rc.d/rc.local
How much swap space do you have?
The free command reports information on system-memory usage:
rutabaga% free
total used free shared buffers cached
Mem: 127888 126744 1144 27640 1884 51988
-/+ buffers: 72872 55016
Swap: 130748 23916 106832
All the numbers here are reported in 1024-byte blocks. Here, we see a system with 127,888 blocks (about 127 MB) of physical RAM, with 126,744 (about 126 MB) currently in use. Note that your system actually has more physical RAM than that given in the "total" column; this number does not include the memory used by the kernel for its own sundry needs.
The "shared" column lists the amount of physical memory shared between multiple processes. Here, we see that about 27 MB of pages are being shared, which means that memory is being utilized well. The "buffers" column shows the amount of memory being used by the kernel buffer cache. The buffer cache (described briefly in the previous section) is used to speed up disk operations, by allowing disk reads and writes to be serviced directly from memory. The buffer cache size will increase or decrease as memory usage on the system changes; this memory is reclaimed if it is needed by applications. Therefore, although we see that 126 MB of system memory is in use, not all (but most) of it is being used by application programs. The "cache" column indicates how many memory pages the kernel has cached for faster access later.
Since the memory used for buffers and cache can easily be reclaimed for use by applications, the second line (-/+ buffers/cache) provides an indication of the memory actually used by applications (the "used" column) or available to applications (the "free" column). The sum of the memory used by buffers and cache reported in the first line is subtracted from the total used memory and added to the total free memory to give the two figures on the second line.
In the third line, we see the total amount of swap, 130,748 blocks (about 128 MB). In this case, only very little of the swap is being used; there is plenty of physical RAM available. If additional applications were started, larger parts of the buffer cache memory would be used to host them. Swap space is generally used as a last resort when the system can't reclaim physical memory in other ways.
Note that the amount of swap reported by free is somewhat less than the total size of your swap partitions and files. This is because several blocks of each swap area must be used to store a map of how each page in the swap area is being utilized. This overhead should be rather small; only a few kilobytes per swap area.
rutabaga% free
total used free shared buffers cached
Mem: 127888 126744 1144 27640 1884 51988
-/+ buffers: 72872 55016
Swap: 130748 23916 106832
All the numbers here are reported in 1024-byte blocks. Here, we see a system with 127,888 blocks (about 127 MB) of physical RAM, with 126,744 (about 126 MB) currently in use. Note that your system actually has more physical RAM than that given in the "total" column; this number does not include the memory used by the kernel for its own sundry needs.
The "shared" column lists the amount of physical memory shared between multiple processes. Here, we see that about 27 MB of pages are being shared, which means that memory is being utilized well. The "buffers" column shows the amount of memory being used by the kernel buffer cache. The buffer cache (described briefly in the previous section) is used to speed up disk operations, by allowing disk reads and writes to be serviced directly from memory. The buffer cache size will increase or decrease as memory usage on the system changes; this memory is reclaimed if it is needed by applications. Therefore, although we see that 126 MB of system memory is in use, not all (but most) of it is being used by application programs. The "cache" column indicates how many memory pages the kernel has cached for faster access later.
Since the memory used for buffers and cache can easily be reclaimed for use by applications, the second line (-/+ buffers/cache) provides an indication of the memory actually used by applications (the "used" column) or available to applications (the "free" column). The sum of the memory used by buffers and cache reported in the first line is subtracted from the total used memory and added to the total free memory to give the two figures on the second line.
In the third line, we see the total amount of swap, 130,748 blocks (about 128 MB). In this case, only very little of the swap is being used; there is plenty of physical RAM available. If additional applications were started, larger parts of the buffer cache memory would be used to host them. Swap space is generally used as a last resort when the system can't reclaim physical memory in other ways.
Note that the amount of swap reported by free is somewhat less than the total size of your swap partitions and files. This is because several blocks of each swap area must be used to store a map of how each page in the swap area is being utilized. This overhead should be rather small; only a few kilobytes per swap area.
Redirect standard error to standard out example:
wget --timeout=2 --tries=1 -O /tmp/test.html http://test.com/ 2>&1
The watch command
watch - execute a program periodically, showing output fullscreen
SYNOPSIS
watch [-dhv] [-n] [--differences[=cumulative]] [--help]
[--interval=] [--version]
DESCRIPTION
watch runs command repeatedly, displaying its output (the first screen-
full). This allows you to watch the program output change over time.
By default, the program is run every 2 seconds; use -n or --interval to
specify a different interval.
The -d or --differences flag will highlight the differences between
successive updates. The --cumulative option makes highlighting
"sticky", presenting a running display of all positions that have ever
changed.
watch will run until interrupted.
EXAMPLES
To watch for mail, you might do
watch -n 60 from
To watch the contents of a directory change, you could use
watch -d ls -l
SYNOPSIS
watch [-dhv] [-n
[--interval=
DESCRIPTION
watch runs command repeatedly, displaying its output (the first screen-
full). This allows you to watch the program output change over time.
By default, the program is run every 2 seconds; use -n or --interval to
specify a different interval.
The -d or --differences flag will highlight the differences between
successive updates. The --cumulative option makes highlighting
"sticky", presenting a running display of all positions that have ever
changed.
watch will run until interrupted.
EXAMPLES
To watch for mail, you might do
watch -n 60 from
To watch the contents of a directory change, you could use
watch -d ls -l
Set up Linux to sync its time with a time server
ntpdate server
should do the trick from the command line or cron job.
e.g.
[root@server root]# ntpdate time.nist.gov
17 Apr 15:53:26 ntpdate[29455]: step time server 192.43.244.18 offset -0.715067 sec
should do the trick from the command line or cron job.
e.g.
[root@server root]# ntpdate time.nist.gov
17 Apr 15:53:26 ntpdate[29455]: step time server 192.43.244.18 offset -0.715067 sec
Use the screen utility
Using the screen utility
If you quit one of the processes under screen's control (for instance, by typing q to top or typing exit at a shell prompt), that window will close. When its last window closes, screen, and its backend process, SCREEN, terminate.
If some screen windows are open, though, you can also leave screen temporarily. Here are two ways:
You can suspend screen by typing C-a z or C-a C-z from any window. You can restart it (before you log out!) by typing the shell's fg command. This uses Linux job control.
You can detach screen from your current terminal. The SCREEN backend process and the ptys it manages keep running. You can log out and log in again later -- even days or weeks later (as long as the system isn't rebooted) -- and reattach the SCREEN backend process to your new terminal. To detach screen from your terminal, type C-a d. You should see the message [detached]. Now you'll be back at a prompt from the shell where you first started (or attached) screen.
For example, if you're monitoring a long-running industrial process from a tty on your office workstation, and you're afraid that it won't finish before you have to go home, start that processes under screen control. When you leave, use C-a d to detach. Now you can turn off your display (but not your CPU!), go home, connect to your workstation by (for instance) ssh, and reattach. It's that easy!
To reattach, type the command screen r at a shell prompt. Your window should appear just as it was when you left it -- unless its contents have changed in the meantime, of course. You can see previous lines of the display by using screen's scrollback history.
If you quit one of the processes under screen's control (for instance, by typing q to top or typing exit at a shell prompt), that window will close. When its last window closes, screen, and its backend process, SCREEN, terminate.
If some screen windows are open, though, you can also leave screen temporarily. Here are two ways:
You can suspend screen by typing C-a z or C-a C-z from any window. You can restart it (before you log out!) by typing the shell's fg command. This uses Linux job control.
You can detach screen from your current terminal. The SCREEN backend process and the ptys it manages keep running. You can log out and log in again later -- even days or weeks later (as long as the system isn't rebooted) -- and reattach the SCREEN backend process to your new terminal. To detach screen from your terminal, type C-a d. You should see the message [detached]. Now you'll be back at a prompt from the shell where you first started (or attached) screen.
For example, if you're monitoring a long-running industrial process from a tty on your office workstation, and you're afraid that it won't finish before you have to go home, start that processes under screen control. When you leave, use C-a d to detach. Now you can turn off your display (but not your CPU!), go home, connect to your workstation by (for instance) ssh, and reattach. It's that easy!
To reattach, type the command screen r at a shell prompt. Your window should appear just as it was when you left it -- unless its contents have changed in the meantime, of course. You can see previous lines of the display by using screen's scrollback history.
Do replace confirmation in Vim search & replace
In vim search and replace, do a
/gc
to have it confirm replace.
/gc
to have it confirm replace.
Enable mouse positioning in Vim in text mode
put
:set mouse=a
in .vimrc
to enable mouse positioning in vim in text mode
hold down SHIFT to enable terminal copy-n-paste (e.g. putty)
:set mouse=a
in .vimrc
to enable mouse positioning in vim in text mode
hold down SHIFT to enable terminal copy-n-paste (e.g. putty)
Fix Vim syntax highlighting not working problem
put the following in your .vimrc (_vimrc on windows):
autocmd BufEnter * :syntax sync fromstart
autocmd BufEnter * :syntax sync fromstart
Configure X manually
You can try to configure X manually with:
/usr/share/redhat-config-xfree86/redhat-config-xfree86
/usr/share/redhat-config-xfree86/redhat-config-xfree86
Linux Installing & Setting up New Hard Drive (EXT3)
[root]# fdisk /dev/hdb
Command (m for help): m (Enter the letter "m" to get list of commands)
Command action
a toggle a bootable flag
b edit bsd disklabel
c toggle the dos compatibility flag
d delete a partition
l list known partition types
m print this menu
n add a new partition
o create a new empty DOS partition table
p print the partition table
q quit without saving changes
s create a new empty Sun disklabel
t change a partition's system id
u change display/entry units
v verify the partition table
w write table to disk and exit
x extra functionality (experts only)
Command (m for help): n
Command action
e extended
p primary partition (1-4)
e
Partition number (1-4): 1
First cylinder (1-2654, default 1):
Using default value 1
Last cylinder or +size or +sizeM or +sizeK (1-2654, default 2654):
Using default value 2654
Command (m for help): p
Disk /dev/hdb: 240 heads, 63 sectors, 2654 cylinders
Units = cylinders of 15120 * 512 bytes
Device Boot Start End Blocks Id System
/dev/hdb1 1 2654 20064208+ 5 Extended
Command (m for help): w (Write and save partition table)
[root]# mkfs -t ext3 /dev/hdb1
mke2fs 1.27 (8-Mar-2002)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
2508352 inodes, 5016052 blocks
250802 blocks (5.00%) reserved for the super user
First data block=0
154 block groups
32768 blocks per group, 32768 fragments per group
16288 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
4096000
Writing inode tables: done
Creating journal (8192 blocks): done
Writing superblocks and filesystem accounting information: done
This filesystem will be automatically checked every 34 mounts or
180 days, whichever comes first. Use tune2fs -c or -i to override.
[root]# mkdir /opt2
[root]# mount -t ext3 /dev/hdb1 /opt2
Enter the drive into the fstab file so that it is recognized and mounted upon system boot.
File: /etc/fstab Red Hat 8.0
LABEL=/ / ext3 defaults 1 1
LABEL=/boot /boot ext3 defaults 1 2
none /dev/pts devpts gid=5,mode=620 0 0
none /proc proc defaults 0 0
none /dev/shm tmpfs defaults 0 0
/dev/hda2 swap swap defaults 0 0
/dev/hdb1 /opt2 ext3 defaults 1 2
/dev/cdrom /mnt/cdrom iso9660 noauto,owner,kudzu,ro 0 0
/dev/fd0 /mnt/floppy auto noauto,owner,kudzu 0 0
Command (m for help): m (Enter the letter "m" to get list of commands)
Command action
a toggle a bootable flag
b edit bsd disklabel
c toggle the dos compatibility flag
d delete a partition
l list known partition types
m print this menu
n add a new partition
o create a new empty DOS partition table
p print the partition table
q quit without saving changes
s create a new empty Sun disklabel
t change a partition's system id
u change display/entry units
v verify the partition table
w write table to disk and exit
x extra functionality (experts only)
Command (m for help): n
Command action
e extended
p primary partition (1-4)
e
Partition number (1-4): 1
First cylinder (1-2654, default 1):
Using default value 1
Last cylinder or +size or +sizeM or +sizeK (1-2654, default 2654):
Using default value 2654
Command (m for help): p
Disk /dev/hdb: 240 heads, 63 sectors, 2654 cylinders
Units = cylinders of 15120 * 512 bytes
Device Boot Start End Blocks Id System
/dev/hdb1 1 2654 20064208+ 5 Extended
Command (m for help): w (Write and save partition table)
[root]# mkfs -t ext3 /dev/hdb1
mke2fs 1.27 (8-Mar-2002)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
2508352 inodes, 5016052 blocks
250802 blocks (5.00%) reserved for the super user
First data block=0
154 block groups
32768 blocks per group, 32768 fragments per group
16288 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
4096000
Writing inode tables: done
Creating journal (8192 blocks): done
Writing superblocks and filesystem accounting information: done
This filesystem will be automatically checked every 34 mounts or
180 days, whichever comes first. Use tune2fs -c or -i to override.
[root]# mkdir /opt2
[root]# mount -t ext3 /dev/hdb1 /opt2
Enter the drive into the fstab file so that it is recognized and mounted upon system boot.
File: /etc/fstab Red Hat 8.0
LABEL=/ / ext3 defaults 1 1
LABEL=/boot /boot ext3 defaults 1 2
none /dev/pts devpts gid=5,mode=620 0 0
none /proc proc defaults 0 0
none /dev/shm tmpfs defaults 0 0
/dev/hda2 swap swap defaults 0 0
/dev/hdb1 /opt2 ext3 defaults 1 2
/dev/cdrom /mnt/cdrom iso9660 noauto,owner,kudzu,ro 0 0
/dev/fd0 /mnt/floppy auto noauto,owner,kudzu 0 0
Help against DDOS attacks
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 4096 > /proc/sys/net/ipv4/tcp_max_syn_backlog
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo 1024 65535 > /proc/sys/net/ipv4/ip_local_port_range
echo 0 > /proc/sys/net/ipv4/tcp_sack
# stops anyone doing an OS finger print scan on the IP stack, 64 will show as linux, 61 will screw them up
echo 61 > /proc/sys/net/ipv4/ip_default_ttl
for device in `ls /proc/sys/net/ipv4/conf`
do
echo "2" > /proc/sys/net/ipv4/conf/$device/rp_filter
echo "0" > /proc/sys/net/ipv4/conf/$device/accept_redirects
echo "0" > /proc/sys/net/ipv4/conf/$device/send_redirects
echo "1" > /proc/sys/net/ipv4/conf/$device/secure_redirects
echo "0" > /proc/sys/net/ipv4/conf/$device/accept_source_route
echo "1" > /proc/sys/net/ipv4/conf/$device/log_martians
done
more ideas:
#Reduce DoS'ing ability by reducing timeouts
echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_time
echo 1 > /proc/sys/net/ipv4/tcp_window_scaling
echo 0 > /proc/sys/net/ipv4/tcp_sack
echo 1280 > /proc/sys/net/ipv4/tcp_max_syn_backlog
echo 4096 > /proc/sys/net/ipv4/tcp_max_syn_backlog
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo 1024 65535 > /proc/sys/net/ipv4/ip_local_port_range
echo 0 > /proc/sys/net/ipv4/tcp_sack
# stops anyone doing an OS finger print scan on the IP stack, 64 will show as linux, 61 will screw them up
echo 61 > /proc/sys/net/ipv4/ip_default_ttl
for device in `ls /proc/sys/net/ipv4/conf`
do
echo "2" > /proc/sys/net/ipv4/conf/$device/rp_filter
echo "0" > /proc/sys/net/ipv4/conf/$device/accept_redirects
echo "0" > /proc/sys/net/ipv4/conf/$device/send_redirects
echo "1" > /proc/sys/net/ipv4/conf/$device/secure_redirects
echo "0" > /proc/sys/net/ipv4/conf/$device/accept_source_route
echo "1" > /proc/sys/net/ipv4/conf/$device/log_martians
done
more ideas:
#Reduce DoS'ing ability by reducing timeouts
echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_time
echo 1 > /proc/sys/net/ipv4/tcp_window_scaling
echo 0 > /proc/sys/net/ipv4/tcp_sack
echo 1280 > /proc/sys/net/ipv4/tcp_max_syn_backlog
Resolving relaying denied message from sendmail in same domain
If getting relaying denied message from sendmail when trying to connect within same domain, add:
FEATURE(relay_entire_domain)
to:
/etc/mail/sendmail.mc
then:
make -C /etc/mail
then:
restart sendmail
for more info refer to:
http://www.sendmail.org/tips/relaying.html
[excerpt]
For more precise tuning, several FEATUREs have been added to control relaying:
FEATURE(relay_hosts_only). Normally domains are listed in /etc/mail/relay-domains; any hosts in those domains match. With this feature, each host in a domain must be listed.
FEATURE(relay_entire_domain). Setting this feature allows relaying of all hosts within your domain. For example, on the host gateway.A.COM, this feature allows mail to or from any host in the A.COM domain. More precisely, this relays any host listed in the $=m class. This is equivalent to listing the name of the domain in /etc/mail/relay-domains.
FEATURE(access_db). This enables the hash database /etc/mail/access to enable or disable access from individual domains (or hosts, if FEATURE(relay_hosts_only) is set). The database format is described below.
FEATURE(blacklist_recipients). If set, this feature looks up recipients as well as senders in the access database.
FEATURE(rbl). NOTE: Thie feature is obsolete. Use FEATURE(dnsbl) in newer versions of sendmail. Enables rejection of mail based on the Realtime Blackhole List maintained at mail-abuse.org.
FEATURE(dnsbl). Enables rejection of mail based on the Realtime Blackhole List maintained at mail-abuse.org.
FEATURE(accept_unqualified_senders). Normally, sendmail will not accept mail from a sender without a domain attached -- for example, user instead of user@B.NET. This feature allows such users.
FEATURE(accept_unresolvable_domains). Normally, sendmail will refuse to accept mail that has a return address with a domain that cannot be resolved using the regular host lookups (a technique commonly used by spammers). This feature permits acceptance of such addresses. Unresolvable domains can be selectively accepted using the access database.
FEATURE(relay_based_on_MX). Setting this feature permits relaying for any domain that is directed to your host.
FEATURE(relay_entire_domain)
to:
/etc/mail/sendmail.mc
then:
make -C /etc/mail
then:
restart sendmail
for more info refer to:
http://www.sendmail.org/tips/relaying.html
[excerpt]
For more precise tuning, several FEATUREs have been added to control relaying:
FEATURE(relay_hosts_only). Normally domains are listed in /etc/mail/relay-domains; any hosts in those domains match. With this feature, each host in a domain must be listed.
FEATURE(relay_entire_domain). Setting this feature allows relaying of all hosts within your domain. For example, on the host gateway.A.COM, this feature allows mail to or from any host in the A.COM domain. More precisely, this relays any host listed in the $=m class. This is equivalent to listing the name of the domain in /etc/mail/relay-domains.
FEATURE(access_db). This enables the hash database /etc/mail/access to enable or disable access from individual domains (or hosts, if FEATURE(relay_hosts_only) is set). The database format is described below.
FEATURE(blacklist_recipients). If set, this feature looks up recipients as well as senders in the access database.
FEATURE(rbl). NOTE: Thie feature is obsolete. Use FEATURE(dnsbl) in newer versions of sendmail. Enables rejection of mail based on the Realtime Blackhole List maintained at mail-abuse.org.
FEATURE(dnsbl). Enables rejection of mail based on the Realtime Blackhole List maintained at mail-abuse.org.
FEATURE(accept_unqualified_senders). Normally, sendmail will not accept mail from a sender without a domain attached -- for example, user instead of user@B.NET. This feature allows such users.
FEATURE(accept_unresolvable_domains). Normally, sendmail will refuse to accept mail that has a return address with a domain that cannot be resolved using the regular host lookups (a technique commonly used by spammers). This feature permits acceptance of such addresses. Unresolvable domains can be selectively accepted using the access database.
FEATURE(relay_based_on_MX). Setting this feature permits relaying for any domain that is directed to your host.
Allow only certain hosts to ssh into your Linux box
sample /etc/hosts.allow file:
# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
sshd: 192.168.100. ALLOW
sshd: 192.168.10. ALLOW
sshd: ALL: DENY
# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
sshd: 192.168.100. ALLOW
sshd: 192.168.10. ALLOW
sshd: ALL: DENY
GPG tutorial
from http://webber.dewinter.com/gnupg_howto/english/GPGMiniHowto-1.html
***Now the ***sender*** will crypt the message with the ***public key belonging to the receiver***.
Then decryption will be done with the secret key of the receiver.***
Classic methods for encryption only use one key for encryption. The sender encrypts the message
with this key. To be able to decrypt this the receiver needs to have this very same key. This key
must have been given to the receiver in a way, that others won't have had the opportunity to obtain
this key. If somebody else does have the key, this method of encryption is useless.
The use of so-called Public Keys can solve this problem. Public Keys is a concept where two keys
are involved. One key is a Public Key that can be spread through all sorts of media and may be
obtained by anyone. The other key is the Private Key. This key is secret and cannot be spread. This
key is only available to the owner. When the system is well implemented the secret key cannot be
derived from the public key. Now the sender will crypt the message with the public key belonging to
the receiver. Then decryption will be done with the secret key of the receiver.
Crucial in this concept is that the secret key remains a secret and should not be given away or
become available to anyone else but the owner of this key. YOU CANNOT SEND THIS KEY OVER THE
INTERNET. Also it is very unwise to use GnuPG over telnet (you might consider never to use telnet
based on the high security risks).
Creating a key With
gpg --gen-key
The command for exporting a key for a user is:
gpg --export [UID]
When you received someone's public key (or several public keys) you have to add them to your key database in order to be able to use them. To import into the database the command looks like this:
gpg --import [Filename]
e.g.:
C:\gnupg>
C:\gnupg>gpg --import maritz.asc
gpg: key A643961E: public key "Maritz Data Security" i
mported
gpg: Total number processed: 1
gpg: imported: 1
C:\gnupg>
4. Encrypt and decrypt
After installing everything and configuring everything in the way we want, we can start on encrypting and decrypting.
When encrypting or decrypting it is possible to have more than one private key in use. If this occurs you need to select the active key. This can be done by using the option -u UID or by using the option --local-user UID. This causes the default key to use to be replaced by wanted key.
If you want to change recipient this can be done by the option -r or by the option --recipient.
4.1 Encrypt
The command to encrypt is
gpg -e Recipient [Data]
or
gpg --encrypt Recipient [Data]
To avoid the risk that somebody else claims to be you, it is very useful to sign everything you encrypt, see signatures.
4.2 Decrypt
The command for decrypting is:
gpg [-d] [Data]
or
gpg [--decrypt] [Data]
Also here stdout is preset, but with the -o option you can redirect the output to a file.
***Now the ***sender*** will crypt the message with the ***public key belonging to the receiver***.
Then decryption will be done with the secret key of the receiver.***
Classic methods for encryption only use one key for encryption. The sender encrypts the message
with this key. To be able to decrypt this the receiver needs to have this very same key. This key
must have been given to the receiver in a way, that others won't have had the opportunity to obtain
this key. If somebody else does have the key, this method of encryption is useless.
The use of so-called Public Keys can solve this problem. Public Keys is a concept where two keys
are involved. One key is a Public Key that can be spread through all sorts of media and may be
obtained by anyone. The other key is the Private Key. This key is secret and cannot be spread. This
key is only available to the owner. When the system is well implemented the secret key cannot be
derived from the public key. Now the sender will crypt the message with the public key belonging to
the receiver. Then decryption will be done with the secret key of the receiver.
Crucial in this concept is that the secret key remains a secret and should not be given away or
become available to anyone else but the owner of this key. YOU CANNOT SEND THIS KEY OVER THE
INTERNET. Also it is very unwise to use GnuPG over telnet (you might consider never to use telnet
based on the high security risks).
Creating a key With
gpg --gen-key
The command for exporting a key for a user is:
gpg --export [UID]
When you received someone's public key (or several public keys) you have to add them to your key database in order to be able to use them. To import into the database the command looks like this:
gpg --import [Filename]
e.g.:
C:\gnupg>
C:\gnupg>gpg --import maritz.asc
gpg: key A643961E: public key "Maritz Data Security
mported
gpg: Total number processed: 1
gpg: imported: 1
C:\gnupg>
4. Encrypt and decrypt
After installing everything and configuring everything in the way we want, we can start on encrypting and decrypting.
When encrypting or decrypting it is possible to have more than one private key in use. If this occurs you need to select the active key. This can be done by using the option -u UID or by using the option --local-user UID. This causes the default key to use to be replaced by wanted key.
If you want to change recipient this can be done by the option -r or by the option --recipient.
4.1 Encrypt
The command to encrypt is
gpg -e Recipient [Data]
or
gpg --encrypt Recipient [Data]
To avoid the risk that somebody else claims to be you, it is very useful to sign everything you encrypt, see signatures.
4.2 Decrypt
The command for decrypting is:
gpg [-d] [Data]
or
gpg [--decrypt] [Data]
Also here stdout is preset, but with the -o option you can redirect the output to a file.
Check mx records of a domain
dig domain mx
e.g.:
[root@server /home]# dig socal.rr.com mx
; <<>> DiG 9.1.0 <<>> socal.rr.com mx
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21901
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 2, ADDITIONAL: 6
;; QUESTION SECTION:
;socal.rr.com. IN MX
;; ANSWER SECTION:
socal.rr.com. 3600 IN MX 20 kcmx02.mgw.rr.com.
socal.rr.com. 3600 IN MX 30 orange.mgw.rr.com.
socal.rr.com. 3600 IN MX 10 lamx01.mgw.rr.com.
socal.rr.com. 3600 IN MX 10 lamx02.mgw.rr.com.
socal.rr.com. 3600 IN MX 10 lamx03.mgw.rr.com.
socal.rr.com. 3600 IN MX 20 kcmx01.mgw.rr.com.
;; AUTHORITY SECTION:
socal.rr.com. 3600 IN NS dns-sec-01.socal.rr.com.
socal.rr.com. 3600 IN NS dns-pri-01.socal.rr.com.
;; ADDITIONAL SECTION:
lamx01.mgw.rr.com. 75198 IN A 66.75.160.12
lamx02.mgw.rr.com. 75198 IN A 66.75.160.13
lamx03.mgw.rr.com. 75198 IN A 66.75.160.11
kcmx01.mgw.rr.com. 75197 IN A 24.94.163.190
kcmx02.mgw.rr.com. 75198 IN A 24.94.165.190
dns-pri-01.socal.rr.com. 2514 IN A 66.75.160.39
;; Query time: 97 msec
;; SERVER: 192.168.100.26#53(192.168.100.26)
;; WHEN: Fri Oct 10 15:27:15 2003
;; MSG SIZE rcvd: 318
e.g.:
[root@server /home]# dig socal.rr.com mx
; <<>> DiG 9.1.0 <<>> socal.rr.com mx
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21901
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 2, ADDITIONAL: 6
;; QUESTION SECTION:
;socal.rr.com. IN MX
;; ANSWER SECTION:
socal.rr.com. 3600 IN MX 20 kcmx02.mgw.rr.com.
socal.rr.com. 3600 IN MX 30 orange.mgw.rr.com.
socal.rr.com. 3600 IN MX 10 lamx01.mgw.rr.com.
socal.rr.com. 3600 IN MX 10 lamx02.mgw.rr.com.
socal.rr.com. 3600 IN MX 10 lamx03.mgw.rr.com.
socal.rr.com. 3600 IN MX 20 kcmx01.mgw.rr.com.
;; AUTHORITY SECTION:
socal.rr.com. 3600 IN NS dns-sec-01.socal.rr.com.
socal.rr.com. 3600 IN NS dns-pri-01.socal.rr.com.
;; ADDITIONAL SECTION:
lamx01.mgw.rr.com. 75198 IN A 66.75.160.12
lamx02.mgw.rr.com. 75198 IN A 66.75.160.13
lamx03.mgw.rr.com. 75198 IN A 66.75.160.11
kcmx01.mgw.rr.com. 75197 IN A 24.94.163.190
kcmx02.mgw.rr.com. 75198 IN A 24.94.165.190
dns-pri-01.socal.rr.com. 2514 IN A 66.75.160.39
;; Query time: 97 msec
;; SERVER: 192.168.100.26#53(192.168.100.26)
;; WHEN: Fri Oct 10 15:27:15 2003
;; MSG SIZE rcvd: 318
Linux Runlevels
Before you can configure access to services, you must understand Linux runlevels. A runlevel is a state, or mode, that is defined by the services listed in the directory /etc/rc.d/rc.d, where is the number of the runlevel.
Red Hat Linux uses the following runlevels:
0 — Halt
1 — Single-user mode
2 — Not used (user-definable)
3 — Full multi-user mode
4 — Not used (user-definable)
5 — Full multi-user mode (with an X-based login screen)
6 — Reboot
If you configured the X Window System during the Red Hat Linux installation program, you had the option of choosing a graphical or text login screen. If you chose a text login screen, you are operating in runlevel 3. If you chose a graphical login screen, you are operating in runlevel 5.
The default runlevel can be changed by modifying the /etc/inittab file, which contains a line near the top of the file similar to the following:
id:3:initdefault:
Change the number in this line to the desired runlevel. The change will not take effect until you reboot the system.
To change the runlevel immediately, use the command telinit followed by the runlevel number. You must be root to use this command.
Red Hat Linux uses the following runlevels:
0 — Halt
1 — Single-user mode
2 — Not used (user-definable)
3 — Full multi-user mode
4 — Not used (user-definable)
5 — Full multi-user mode (with an X-based login screen)
6 — Reboot
If you configured the X Window System during the Red Hat Linux installation program, you had the option of choosing a graphical or text login screen. If you chose a text login screen, you are operating in runlevel 3. If you chose a graphical login screen, you are operating in runlevel 5.
The default runlevel can be changed by modifying the /etc/inittab file, which contains a line near the top of the file similar to the following:
id:3:initdefault:
Change the number in this line to the desired runlevel. The change will not take effect until you reboot the system.
To change the runlevel immediately, use the command telinit followed by the runlevel number. You must be root to use this command.
Solution for "File argument list too long" message with grep
If get "File argument list too long" message with grep:
ls -1 > filelist
awk '{ printf("grep 1a1 %s\n", $1) }' filelist > script.sh
chmod +x script.sh
./script.sh
ls -1 > filelist
awk '{ printf("grep 1a1 %s\n", $1) }' filelist > script.sh
chmod +x script.sh
./script.sh
Setting the Linux Host Name
Checking your Linux host name
First, see if your host name is set correclty using the following commands:
uname -n
hostname -a
hostname -s
hostname -d
hostname -f
hostname
If the above commands return correctly with no errors then all may be well; however, you may want to read on to verify that all settings are correct.
--------------------------------------------------------------------------------
Configuring /etc/hosts
If your IP address is assigned to you by a DHCP server, then /etc/hosts is configured as follows:
127.0.0.1 mybox.mydomain.com localhost.localdomain localhost mybox
If you have a static IP address, then /etc/hosts is configured as follows:
127.0.0.1 localhost.localdomain localhost
192.168.0.10 mybox.mydomain.com mybox
--------------------------------------------------------------------------------
Setting the Host Name using "hostname"
After updating the /etc/hosts file correctly, the "hostname" command should be run as follows to set your hostname:
hostname mybox.mydomain.com
--------------------------------------------------------------------------------Checking /etc/HOSTNAME (if present)
You may or may not have the file /etc/HOSTNAME:
mybox.mydomain.com
--------------------------------------------------------------------------------Checking /etc/sysconfig/network
If you have a static IP address, then /etc/sysconfig/network is configured as follows:
NETWORKING=yes
HOSTNAME="mybox.mydomain.com"
...
If your IP address is assigned to you by a DHCP server, and you wish to update the local DNS server through Dynamic DNS, then /etc/sysconfig/network is configured as follows:
NETWORKING=yes
HOSTNAME="mybox.mydomain.com"
DHCP_HOSTNAME="mybox.mydomain.com"
...
--------------------------------------------------------------------------------Checking /proc/sys/kernel/hostname
This is checked with the following command:
cat /proc/sys/kernel/hostname
If you need to set this file, you can either reboot or set it now with the following command:
echo mybox.mydomain.com > /proc/sys/kernel/hostname
--------------------------------------------------------------------------------Dynamic DNS - Updating the local DNS server with your host name and DHCP IP
If you receive your IP address from a DHCP server, you may update the local DNS server by adding the following line to /etc/sysconfig/network for Red Hat:
DHCP_HOSTNAME="mybox.mydomain.com"
First, see if your host name is set correclty using the following commands:
uname -n
hostname -a
hostname -s
hostname -d
hostname -f
hostname
If the above commands return correctly with no errors then all may be well; however, you may want to read on to verify that all settings are correct.
--------------------------------------------------------------------------------
Configuring /etc/hosts
If your IP address is assigned to you by a DHCP server, then /etc/hosts is configured as follows:
127.0.0.1 mybox.mydomain.com localhost.localdomain localhost mybox
If you have a static IP address, then /etc/hosts is configured as follows:
127.0.0.1 localhost.localdomain localhost
192.168.0.10 mybox.mydomain.com mybox
--------------------------------------------------------------------------------
Setting the Host Name using "hostname"
After updating the /etc/hosts file correctly, the "hostname" command should be run as follows to set your hostname:
hostname mybox.mydomain.com
--------------------------------------------------------------------------------Checking /etc/HOSTNAME (if present)
You may or may not have the file /etc/HOSTNAME:
mybox.mydomain.com
--------------------------------------------------------------------------------Checking /etc/sysconfig/network
If you have a static IP address, then /etc/sysconfig/network is configured as follows:
NETWORKING=yes
HOSTNAME="mybox.mydomain.com"
...
If your IP address is assigned to you by a DHCP server, and you wish to update the local DNS server through Dynamic DNS, then /etc/sysconfig/network is configured as follows:
NETWORKING=yes
HOSTNAME="mybox.mydomain.com"
DHCP_HOSTNAME="mybox.mydomain.com"
...
--------------------------------------------------------------------------------Checking /proc/sys/kernel/hostname
This is checked with the following command:
cat /proc/sys/kernel/hostname
If you need to set this file, you can either reboot or set it now with the following command:
echo mybox.mydomain.com > /proc/sys/kernel/hostname
--------------------------------------------------------------------------------Dynamic DNS - Updating the local DNS server with your host name and DHCP IP
If you receive your IP address from a DHCP server, you may update the local DNS server by adding the following line to /etc/sysconfig/network for Red Hat:
DHCP_HOSTNAME="mybox.mydomain.com"
Fixing error message: Domain of sender address apache@localhost.localdomain does not exist
Hey all I have this problem with sendmail. I have a website that I have made for a friend, and it has a form on it. To bundle up the form data and send it out I use a simple perl script which works, but when my server tries to send the form via sendmail it gets sent back with an error message saying:
Final-Recipient: RFC822; klintonkerber@prodigy.net
Action: failed
Status: 5.1.8
Diagnostic-Code: SMTP; 553 5.1.8... Domain of sender address apache@localhost.localdomain does not exist
Last-Attempt-Date: Sun, 27 Jul 2003 16:07:09 -0700
Anyone have any suggestions on this? Thanx guys!
edit your sendmail.cf change the Cw entry appropriately. If you still have this problem, check your DNS, resolv.conf.
Final-Recipient: RFC822; klintonkerber@prodigy.net
Action: failed
Status: 5.1.8
Diagnostic-Code: SMTP; 553 5.1.8
Last-Attempt-Date: Sun, 27 Jul 2003 16:07:09 -0700
Anyone have any suggestions on this? Thanx guys!
edit your sendmail.cf change the Cw entry appropriately. If you still have this problem, check your DNS, resolv.conf.
Sorting email in Pine
In Pine's generic configuration, messages are presented in the order in which they arrive. This default can be changed in the SETUP CONFIGURATION. You can also re-sort the folder on demand with the sort ($) command. Your sorting options are:
S Subject
A Arrival
F From
D Date
Z Size
O Ordered Subject
R Reverse
S Subject
A Arrival
F From
D Date
Z Size
O Ordered Subject
R Reverse
Linux Multiple IPs single computer
Setting Up Multiple IP Aliases In a Single File
This document will show you how to setup multiple IP aliases in a single file for use as a web server or simply a linux box that needs multiple IP's assigned to it.
1. cd /etc/sysconfig/network-scripts
2. pico ifcfg-eth0-range0
3. insert the following lines into the file
IPADDR_START=10.0.1.1
IPADDR_END=10.0.1.255
CLONENUM_START=0
the above lines will create 256 ipaddress you can use any combination of numbers as long as the numbers go from low to high.
You cannot repeat numbers for example if you created an ifcfg-eth0-range1 and tried to use
IPADDR_START=10.0.1.140 IPADDR_END=10.0.2.255 CLONENUM_START=0
THE FILE WOULD FAIL for several reasons
1. You cannot overlap ip addresses in this instance 140 had already been used.
2. The ip addresses must all be in the same class C (ie 192.168.2.0 - 192.168.2.255 192.168.99.0 - 192.168.99.255)
3. CLONENUM_START need to be sequencial since we used 256 clones in range0 we need CLONENUM_START=257 AND SO ON make sure there arent any backup coppies of the files in the /etc/sysconfig/network-scripts directory ir ~/etc/sysconfig/network-scripts or /etc/sysconfig/network-scripts~ as this will cause the startup to fail
To activate the ip aliases you need to type: > ifup ifcfg-eth0-range0 to verify that they are working type: >ping 10.0.1.111 or whatever ip address you have assigned ...
****personal note- don't just put this in ifcfg-eth0 - it will NOT work; also I've added ONBOOT=yes to the above
examples (first line of each block = filename):
ifcfg-eth0:0
DEVICE=eth0:0
BOOTPROTO=static
ONBOOT=yes
IPADDR=123.123.123.1
ifcfg-eth0:1
DEVICE=eth0:1
BOOTPROTO=static
ONBOOT=yes
IPADDR=123.123.123.2
ifcfg-eth0:2
DEVICE=eth0:2
BOOTPROTO=static
ONBOOT=yes
IPADDR=123.123.123.3
This document will show you how to setup multiple IP aliases in a single file for use as a web server or simply a linux box that needs multiple IP's assigned to it.
1. cd /etc/sysconfig/network-scripts
2. pico ifcfg-eth0-range0
3. insert the following lines into the file
IPADDR_START=10.0.1.1
IPADDR_END=10.0.1.255
CLONENUM_START=0
the above lines will create 256 ipaddress you can use any combination of numbers as long as the numbers go from low to high.
You cannot repeat numbers for example if you created an ifcfg-eth0-range1 and tried to use
IPADDR_START=10.0.1.140 IPADDR_END=10.0.2.255 CLONENUM_START=0
THE FILE WOULD FAIL for several reasons
1. You cannot overlap ip addresses in this instance 140 had already been used.
2. The ip addresses must all be in the same class C (ie 192.168.2.0 - 192.168.2.255 192.168.99.0 - 192.168.99.255)
3. CLONENUM_START need to be sequencial since we used 256 clones in range0 we need CLONENUM_START=257 AND SO ON make sure there arent any backup coppies of the files in the /etc/sysconfig/network-scripts directory ir ~/etc/sysconfig/network-scripts or /etc/sysconfig/network-scripts~ as this will cause the startup to fail
To activate the ip aliases you need to type: > ifup ifcfg-eth0-range0 to verify that they are working type: >ping 10.0.1.111 or whatever ip address you have assigned ...
****personal note- don't just put this in ifcfg-eth0 - it will NOT work; also I've added ONBOOT=yes to the above
examples (first line of each block = filename):
ifcfg-eth0:0
DEVICE=eth0:0
BOOTPROTO=static
ONBOOT=yes
IPADDR=123.123.123.1
ifcfg-eth0:1
DEVICE=eth0:1
BOOTPROTO=static
ONBOOT=yes
IPADDR=123.123.123.2
ifcfg-eth0:2
DEVICE=eth0:2
BOOTPROTO=static
ONBOOT=yes
IPADDR=123.123.123.3
Set up public-key authentication between an OpenSSH client and an OpenSSH server
Generate a key if necessary:
$ mkdir -p ~/.ssh If it doesn't already exist
$ chmod 700 ~/.ssh
$ cd ~/.ssh
$ ssh-keygen -t dsa
Copy the public key to the remote host:
$ scp -p id_dsa.pub remoteuser@remotehost:
Password: ********
Log into the remote host and install the public key:
$ ssh -l remoteuser remotehost
Password: ********
remotehost$ mkdir -p ~/.ssh If it doesn't already exist
remotehost$ chmod 700 ~/.ssh
remotehost$ cat id_dsa.pub >> ~/.ssh/authorized_keys (Appending)
remotehost$ chmod 600 ~/.ssh/authorized_keys
remotehost$ mv id_dsa.pub ~/.ssh Optional, just to be organized
remotehost$ logout
Log back in via public-key authentication:
$ ssh -l remoteuser remotehost
Enter passphrase for key '/home/smith/.ssh/id_dsa': ********
$ mkdir -p ~/.ssh If it doesn't already exist
$ chmod 700 ~/.ssh
$ cd ~/.ssh
$ ssh-keygen -t dsa
Copy the public key to the remote host:
$ scp -p id_dsa.pub remoteuser@remotehost:
Password: ********
Log into the remote host and install the public key:
$ ssh -l remoteuser remotehost
Password: ********
remotehost$ mkdir -p ~/.ssh If it doesn't already exist
remotehost$ chmod 700 ~/.ssh
remotehost$ cat id_dsa.pub >> ~/.ssh/authorized_keys (Appending)
remotehost$ chmod 600 ~/.ssh/authorized_keys
remotehost$ mv id_dsa.pub ~/.ssh Optional, just to be organized
remotehost$ logout
Log back in via public-key authentication:
$ ssh -l remoteuser remotehost
Enter passphrase for key '/home/smith/.ssh/id_dsa': ********
Get chkrootkit
Download chkrootkit from http://www.reznor.com/tools/chkrootkit.tar.gz to make sure you don't have any rootkits installed by hackers on your system.
netstat -n
Use "netstat -n" to not resolve IP addresses to host names (in case host names are truncated in output.)
Defending your Linux box against SYN flood attacks
Make sure you do not allow directed broadcast messages from the Internet.
There are two types of defense against DDoS attacks. Defending against a flood and keeping zombies off your system. Make sure your system is up-to-date with all your hardware and software. You also must employ egress anti-spoof filters on your external router or firewall. Since DoS attacks almost always involve some spoofed packets, egress anti-spoof filters help a lot.
The best defense I know of against an attack is fast detection and the ability to get the incident response forces moving at your ISP. You need to employ IDS tools that can quickly alert you when a DDOS attack starts. When you are alerted, you should immediately call a member of the incident response team of your ISP. They will be able to block the flood traffic at the points where it enters their network.
SYN flooding defense can be helped by having larger connection queues and SYN cookies. SYN cookies can be activated on a Linux machine by adding echo 1 > /proc/sys/net/ipv4/tcp_syncookies to your boot sequence. Also, a Linux machine can be configured as a proxy firewall that will add SYN cookie protection to an entire network. To do this visit www.bronzesoft.org/projects/scfw/doc.html#dl However, if a flood attack does occur, you will need to quickly redirect critical traffic through another path, so redundant communication links are required. Another good idea would be to have 2 or more different ISP's for particularly sensitive systems.
A list of different vendor approaches and patches to this can be found at www.nation-wide.net/~aleph1 .
It would also be a good idea to create static ARP tables on your most sensitive networks to make sure no one can alter IP-to-MAC address mappings on your LANS. Although this will make managing the network more difficult, it is a good idea.
If you suspect one of your systems has been compromised and is running a zombie, check out the free tool called "Find DDOS" distributed by the National Infrastucture Protection Center. This will scan your Linux and Solaris systems. www.nipc.gov/warnings/advisories/2000/00-44.htm.
Also, if you find a zombie you can put them to sleep with Zombie Zapper at razor.bindview.com/tools/ZombieZapper_form.shtml
I would also disallow ICMP Echo Replies. It is usually allowed so that inside users can ping outside of the network and receive a response. This MUST be checked.
You can test your network to see if it can/is being used as a Smurf amplifier by visiting www.powertech.no/smurf/ and use their online form to test your system.
If your network is vulnerable, you must stop directed broadcast packets at your border router or firewall.
> hi,
>
> i wanna be protected against syn flood attack ... ok ...
> but i don't really know what is the best solution :
> iptables -A FORWARD -p tcp --syn -m limit --limit 1/s ACCEPT
> or
> # Enable TCP SYN Cookie Protection
> #echo 1 > /proc/sys/net/ipv4/tcp_syncookies
>
> are there the same or not ???
Totally different. The first limits your system to an connection rate of 1
connect per second, this will affect users if you have a heavyly used
server, therwise it will prevent system overload by connects. If the main
purpose of your system is not serving connections, the rate limit does help
to limit the affect of connection flooding.
The second one is more specifically aimed towards syn floods and will not
impact normal operations, cause syn cookies are only used if ressources get
used up by a syn flood.
If you use syn cookies, make sure to observe your kernels log and make sure
that kernel is not sending syn cookies in normal load situations, cause this
will decrease the TCP performance of the clients. There are parameters to
tune, to make kernel wait longer before syn cookies are enabled. on small
sized servers you do not need to tune this setting.
There are two types of defense against DDoS attacks. Defending against a flood and keeping zombies off your system. Make sure your system is up-to-date with all your hardware and software. You also must employ egress anti-spoof filters on your external router or firewall. Since DoS attacks almost always involve some spoofed packets, egress anti-spoof filters help a lot.
The best defense I know of against an attack is fast detection and the ability to get the incident response forces moving at your ISP. You need to employ IDS tools that can quickly alert you when a DDOS attack starts. When you are alerted, you should immediately call a member of the incident response team of your ISP. They will be able to block the flood traffic at the points where it enters their network.
SYN flooding defense can be helped by having larger connection queues and SYN cookies. SYN cookies can be activated on a Linux machine by adding echo 1 > /proc/sys/net/ipv4/tcp_syncookies to your boot sequence. Also, a Linux machine can be configured as a proxy firewall that will add SYN cookie protection to an entire network. To do this visit www.bronzesoft.org/projects/scfw/doc.html#dl However, if a flood attack does occur, you will need to quickly redirect critical traffic through another path, so redundant communication links are required. Another good idea would be to have 2 or more different ISP's for particularly sensitive systems.
A list of different vendor approaches and patches to this can be found at www.nation-wide.net/~aleph1 .
It would also be a good idea to create static ARP tables on your most sensitive networks to make sure no one can alter IP-to-MAC address mappings on your LANS. Although this will make managing the network more difficult, it is a good idea.
If you suspect one of your systems has been compromised and is running a zombie, check out the free tool called "Find DDOS" distributed by the National Infrastucture Protection Center. This will scan your Linux and Solaris systems. www.nipc.gov/warnings/advisories/2000/00-44.htm.
Also, if you find a zombie you can put them to sleep with Zombie Zapper at razor.bindview.com/tools/ZombieZapper_form.shtml
I would also disallow ICMP Echo Replies. It is usually allowed so that inside users can ping outside of the network and receive a response. This MUST be checked.
You can test your network to see if it can/is being used as a Smurf amplifier by visiting www.powertech.no/smurf/ and use their online form to test your system.
If your network is vulnerable, you must stop directed broadcast packets at your border router or firewall.
> hi,
>
> i wanna be protected against syn flood attack ... ok ...
> but i don't really know what is the best solution :
> iptables -A FORWARD -p tcp --syn -m limit --limit 1/s ACCEPT
> or
> # Enable TCP SYN Cookie Protection
> #echo 1 > /proc/sys/net/ipv4/tcp_syncookies
>
> are there the same or not ???
Totally different. The first limits your system to an connection rate of 1
connect per second, this will affect users if you have a heavyly used
server, therwise it will prevent system overload by connects. If the main
purpose of your system is not serving connections, the rate limit does help
to limit the affect of connection flooding.
The second one is more specifically aimed towards syn floods and will not
impact normal operations, cause syn cookies are only used if ressources get
used up by a syn flood.
If you use syn cookies, make sure to observe your kernels log and make sure
that kernel is not sending syn cookies in normal load situations, cause this
will decrease the TCP performance of the clients. There are parameters to
tune, to make kernel wait longer before syn cookies are enabled. on small
sized servers you do not need to tune this setting.
Example fstab with samba mounts
LABEL=/ / ext3 defaults 1 1
LABEL=/boot /boot ext3 defaults 1 2
/dev/fd0 /mnt/floppy auto noauto,owner 0 0
none /proc proc defaults 0 0
none /dev/shm tmpfs defaults 0 0
none /dev/pts devpts gid=5,mode=620 0 0
/dev/hda5 swap swap defaults 0 0
/dev/cdrom /mnt/cdrom auto noauto,owner,kudzu,ro 0 0
/dev/hdb1 /home/public ext3 defaults 1 1
/dev/hdc1 /home/av ext3 defaults 1 1
/SWAP swap swap defaults 0 0
//server/linux_backup /home/linux_backup smb username=david,password= 0 0
LABEL=/boot /boot ext3 defaults 1 2
/dev/fd0 /mnt/floppy auto noauto,owner 0 0
none /proc proc defaults 0 0
none /dev/shm tmpfs defaults 0 0
none /dev/pts devpts gid=5,mode=620 0 0
/dev/hda5 swap swap defaults 0 0
/dev/cdrom /mnt/cdrom auto noauto,owner,kudzu,ro 0 0
/dev/hdb1 /home/public ext3 defaults 1 1
/dev/hdc1 /home/av ext3 defaults 1 1
/SWAP swap swap defaults 0 0
//server/linux_backup /home/linux_backup smb username=david,password= 0 0
Uninstall GRUB from the MBR (Master Boot Record)
How to uninstall GRUB from the MBR (Master Boot Record) of the hard disk.
Procedure
As GRUB does not make any backup of the MBR during the installation, it can only be uninstalled by overwriting the MBR with another boot manager. Therefore, the MBR must be rewritten using a different operating system.
Using a DOS or Windows 9x/ME Boot Floppy
In case you have DOS or Windows 9x/ME on your system, you can use fdisk for this purpose. Create a rescue disk in DOS or Windows 9x/ME, use it to boot the computer, and execute fdisk as follows:
fdisk /mbr
The MBR will be rewritten and GRUB will be uninstalled.
Using an OS/2 Boot Floppy
If you use OS/2, the corresponding command is:
fdisk /newmbr
Using Windows XP
In Windows XP, you can uninstall GRUB as follows:
Boot from the Windows XP CD and press the "R" key during the setup in order to start the Recovery Console. Select your Windows XP installation from the list and enter the administrator password. At the input prompt, enter the command "FIXMBR" and confirm the query with "y". The MBR will be rewritten and GRUB will be uninstalled. Press "exit" to reboot the computer.
Using Windows 2000
In Windows 2000, you can uninstall GRUB as follows:
Boot from the Windows 2000 CD and press the "R" key during the setup and the "K" key in the following menu in order to start the Recovery Console. Select your Windows 2000 installation from the list and enter the administrator password. At the input prompt, enter the command "FIXMBR" and confirm the query with "y". The MBR will be rewritten and GRUB will be uninstalled. Press "exit" to reboot the computer.
Procedure
As GRUB does not make any backup of the MBR during the installation, it can only be uninstalled by overwriting the MBR with another boot manager. Therefore, the MBR must be rewritten using a different operating system.
Using a DOS or Windows 9x/ME Boot Floppy
In case you have DOS or Windows 9x/ME on your system, you can use fdisk for this purpose. Create a rescue disk in DOS or Windows 9x/ME, use it to boot the computer, and execute fdisk as follows:
fdisk /mbr
The MBR will be rewritten and GRUB will be uninstalled.
Using an OS/2 Boot Floppy
If you use OS/2, the corresponding command is:
fdisk /newmbr
Using Windows XP
In Windows XP, you can uninstall GRUB as follows:
Boot from the Windows XP CD and press the "R" key during the setup in order to start the Recovery Console. Select your Windows XP installation from the list and enter the administrator password. At the input prompt, enter the command "FIXMBR" and confirm the query with "y". The MBR will be rewritten and GRUB will be uninstalled. Press "exit" to reboot the computer.
Using Windows 2000
In Windows 2000, you can uninstall GRUB as follows:
Boot from the Windows 2000 CD and press the "R" key during the setup and the "K" key in the following menu in order to start the Recovery Console. Select your Windows 2000 installation from the list and enter the administrator password. At the input prompt, enter the command "FIXMBR" and confirm the query with "y". The MBR will be rewritten and GRUB will be uninstalled. Press "exit" to reboot the computer.
Path associated to program
If you're curious to learn the path associated with a program, you can issue the which command. For instance, issuing the command:
which sort
yields the output:
/bin/sort
which sort
yields the output:
/bin/sort
BASH Environment Variable Description
BASH Path of the BASH executable file
BASH_ENV Path of the BASH environment file, which specifies BASH options
BASH_VERSION Version of BASH
COLUMNS Width, in characters, of console window
EUID Effective user ID
HISTFILE Path of the BASH command history file
HISTFILESIZE Maximum number of lines recorded in history file
HISTSIZE Maximum number of commands recorded in history file
HOME Path of user's home directory
HOSTNAME Name of the host
IFS Field separator (white space) characters
LINES Length, in lines, of console window
LOGNAME User's log in name
LS_COLORS Options for ls command
OSTYPE Operating system name ("Linux")
PATH Program path
PPID Process ID of the shell's parent process
PS1 Command prompt string
PS2 Continuation prompt string
PS4 Execution trace string
PWD Current working directory
SHELL Path of the shell executable
SHLVL Number of nested shell invocations
TERM Terminal type
UID User ID
USER User name
Typical Environment Variables and Their Values
[bmccarty@home bmccarty]$ set
BASH=/bin/bash
BASH_ENV=/home/bmccarty/.bashrc
BASH_VERSION=1.14.7(1)
COLUMNS=85
EUID=2188
HISTFILE=/home/bmccarty/.bash_history
HISTFILESIZE=1000
HISTSIZE=1000
HOME=/home/bmccarty
IFS=
INPUTRC=/etc/inputrc
LINES=49
LOGNAME=bmccarty
LS_COLORS=
OPTERR=1
OPTIND=1
OSTYPE=Linux
PATH=/usr/bin:/bin:/usr/bin:/usr/X11R6/
bin:/usr/local/bin:/home/bmccarty/bin
PPID=26420
PS1=[\u@\h \W]\$
PS2=>
PS4=+
PWD=/home/bmccarty
SHELL=/bin/bash
SHLVL=1
TERM=vt102
UID=2188
USER=bmccarty
USERNAME=
_=bash
BASH_ENV Path of the BASH environment file, which specifies BASH options
BASH_VERSION Version of BASH
COLUMNS Width, in characters, of console window
EUID Effective user ID
HISTFILE Path of the BASH command history file
HISTFILESIZE Maximum number of lines recorded in history file
HISTSIZE Maximum number of commands recorded in history file
HOME Path of user's home directory
HOSTNAME Name of the host
IFS Field separator (white space) characters
LINES Length, in lines, of console window
LOGNAME User's log in name
LS_COLORS Options for ls command
OSTYPE Operating system name ("Linux")
PATH Program path
PPID Process ID of the shell's parent process
PS1 Command prompt string
PS2 Continuation prompt string
PS4 Execution trace string
PWD Current working directory
SHELL Path of the shell executable
SHLVL Number of nested shell invocations
TERM Terminal type
UID User ID
USER User name
Typical Environment Variables and Their Values
[bmccarty@home bmccarty]$ set
BASH=/bin/bash
BASH_ENV=/home/bmccarty/.bashrc
BASH_VERSION=1.14.7(1)
COLUMNS=85
EUID=2188
HISTFILE=/home/bmccarty/.bash_history
HISTFILESIZE=1000
HISTSIZE=1000
HOME=/home/bmccarty
IFS=
INPUTRC=/etc/inputrc
LINES=49
LOGNAME=bmccarty
LS_COLORS=
OPTERR=1
OPTIND=1
OSTYPE=Linux
PATH=/usr/bin:/bin:/usr/bin:/usr/X11R6/
bin:/usr/local/bin:/home/bmccarty/bin
PPID=26420
PS1=[\u@\h \W]\$
PS2=>
PS4=+
PWD=/home/bmccarty
SHELL=/bin/bash
SHLVL=1
TERM=vt102
UID=2188
USER=bmccarty
USERNAME=
_=bash
Example NFS /etc/exports & /etc/fstab
/etc/exports:
/home/user1/www 192.168.100.0/24(ro)
/home/user2/images 192.168.100.0/24(ro)
/etc/fstab:
LABEL=/ / ext3 defaults 1 1
none /dev/pts devpts gid=5,mode=620 0 0
none /proc proc defaults 0 0
none /dev/shm tmpfs defaults 0 0
/dev/hda2 swap swap defaults 0 0
/dev/cdrom /mnt/cdrom iso9660 noauto,owner,kudzu,ro 0 0
/dev/fd0 /mnt/floppy auto noauto,owner,kudzu 0 0
ftp.server.com:/home/user2/images /home/www/web/htdocs/images nfs defaults 0 0
ftp.server.com:/home/user1/www /home/www/web/htdocs nfs defaults 0 0
/home/user1/www 192.168.100.0/24(ro)
/home/user2/images 192.168.100.0/24(ro)
/etc/fstab:
LABEL=/ / ext3 defaults 1 1
none /dev/pts devpts gid=5,mode=620 0 0
none /proc proc defaults 0 0
none /dev/shm tmpfs defaults 0 0
/dev/hda2 swap swap defaults 0 0
/dev/cdrom /mnt/cdrom iso9660 noauto,owner,kudzu,ro 0 0
/dev/fd0 /mnt/floppy auto noauto,owner,kudzu 0 0
ftp.server.com:/home/user2/images /home/www/web/htdocs/images nfs defaults 0 0
ftp.server.com:/home/user1/www /home/www/web/htdocs nfs defaults 0 0
lastcomm example
Do a:
lastcomm --debug | less
to see commands ran by people. Process account must be turned on first.
lastcomm --debug | less
to see commands ran by people. Process account must be turned on first.
Supressing error messages
./my_script 2>/dev/null
If it still outputs stuff you it's probably not an error but rather STDOUT, so suppress that like this:
./my_script 1>/dev/null
If it still outputs stuff you it's probably not an error but rather STDOUT, so suppress that like this:
./my_script 1>/dev/null
Testing the security of your Linux box
Do a portscan and look for open ports on your server:
nmap -sS -T Aggressive -p 1-10000 www.your_server | grep open
List all open local ports & program names:
lsof -P -n -i
nmap -sS -T Aggressive -p 1-10000 www.your_server | grep open
List all open local ports & program names:
lsof -P -n -i
Find all subdomains of a domain
To find out subdomains of a domain, first do:
dig domain_name.com
to find the name servers in the authority section (we'll call them ns1.foo.bar and ns2.foo.bar)
then do a:
dig @ns1.foo.bar domain_name.com axfr
or
dig @ns2.foo.bar domain_name.com axfr
dig domain_name.com
to find the name servers in the authority section (we'll call them ns1.foo.bar and ns2.foo.bar)
then do a:
dig @ns1.foo.bar domain_name.com axfr
or
dig @ns2.foo.bar domain_name.com axfr
Change default umask in WU-FTPD
To change default umask of 022 (like a chmod 644 for new files) in wu-ftpd, add the following in /etc/ftpaccess:
defumask 002
upload /home/* * yes 0664
defumask 002
upload /home/* * yes 0664
Fix CVS sticky tag is not a branch error
If getting sticky tag for file "is not a branch" error when trying to do cvs ci,
Just run cvs update -A on these files to revert your working copy to the head
revisions. If you made changes, they should be patched to the latest versions.
The update -A will clear sticky tags so you can proceed.
Just run cvs update -A on these files to revert your working copy to the head
revisions. If you made changes, they should be patched to the latest versions.
The update -A will clear sticky tags so you can proceed.
Disable IDENT/DNS slow ftp connection for wu-ftpd
Set 'timeout RFC931 0' to the /etc/ftpaccess file.
if that doesn't work, try:
In your /etc/xinetd.d/wu-ftpd file, check to see
if you have the "USERID" option set for either "log_on_success" or
"log_on_failure". If so, remove the "USERID" option. I guess having that
in there causes ident to try and figure out who is logging in regardless of
what flags or server args you are using.
if that doesn't work, try:
In your /etc/xinetd.d/wu-ftpd file, check to see
if you have the "USERID" option set for either "log_on_success" or
"log_on_failure". If so, remove the "USERID" option. I guess having that
in there causes ident to try and figure out who is logging in regardless of
what flags or server args you are using.
How to create a console application
Here's an example. The following is a code sample for a simple C program. Cut and paste it into a file named hello.c to try it out.
#include
int main(int argc, char **argv)
{
printf ("Hello\n");
return (0);
}
If you want to create a console mode executable hello.exe from a c file called hello.c, try the following:
gcc -c hello.c
This compiles hello.c into an object file, hello.o
gcc -o hello hello.o
This creates an executable hello.exe from hello.o. Alternatively, you can compile and link in one step using:
gcc -o hello hello.c
The following is a code sample for a simple C++ program. Cut and paste it into a file named hello.cpp to try it out.
#include
int main(int argc, char **argv)
{
cout << "Hello" << endl;
return (0);
}
For the C++ program, use the following to compile and link:
g++ -c hello.cpp
g++ -o hello hello.o
#include
int main(int argc, char **argv)
{
printf ("Hello\n");
return (0);
}
If you want to create a console mode executable hello.exe from a c file called hello.c, try the following:
gcc -c hello.c
This compiles hello.c into an object file, hello.o
gcc -o hello hello.o
This creates an executable hello.exe from hello.o. Alternatively, you can compile and link in one step using:
gcc -o hello hello.c
The following is a code sample for a simple C++ program. Cut and paste it into a file named hello.cpp to try it out.
#include
int main(int argc, char **argv)
{
cout << "Hello" << endl;
return (0);
}
For the C++ program, use the following to compile and link:
g++ -c hello.cpp
g++ -o hello hello.o
Delete all message in Pine
To mark and delete all messages in Pine, do:
;aad
How do I mark all messages in a newsgroup as "read" or "deleted"?
First, you need to make sure that you have access to all the commands necessary.
From the [M]AIN MENU, choose [S]etup and then [C]onfig, then make sure that there are 'X' marks next to these two options:
[X] enable-aggregate-command-set
[X] enable-flag-cmd
To mark all messages as "read" or "deleted" press and release each of the following:
; = Select
a = All
a = Apply
* = Flag
which will bring you to the FLAG MAINTENANCE screen (if you do not have enable-flag-screen-implicitly set in SETUP CONFIGURATION, select "^T To Flag Details" to reach it now):
Set desired flags for current message below. An 'X' means set it, and a ' ' means to unset it. Choose "E Exit Flags" when finished.
;aad
How do I mark all messages in a newsgroup as "read" or "deleted"?
First, you need to make sure that you have access to all the commands necessary.
From the [M]AIN MENU, choose [S]etup and then [C]onfig, then make sure that there are 'X' marks next to these two options:
[X] enable-aggregate-command-set
[X] enable-flag-cmd
To mark all messages as "read" or "deleted" press and release each of the following:
; = Select
a = All
a = Apply
* = Flag
which will bring you to the FLAG MAINTENANCE screen (if you do not have enable-flag-screen-implicitly set in SETUP CONFIGURATION, select "^T To Flag Details" to reach it now):
Set desired flags for current message below. An 'X' means set it, and a ' ' means to unset it. Choose "E Exit Flags" when finished.
Fix for "Delaying eth0 initialization" error message
> When I start up RedHat Linux 6.0!~
> and When "Bring up eth0"
> It said:
> "Delaying eth0 initialization"
>
> and when I type "ifup eth0"
>
> It also said:
> "Delaying eth0 initialization"
>
> How to fix this problem?
> THANK YOU FOR REPLY!
Check your /etc/conf.modules
Most likely, it doesn't contain an alias for your Ethernet-adapter.
That should be something like : alias eth0 hp100
In my case it's hp100 because I have a HP-networkcard.
You should also check in /var/log/dmesg whether the kernel actually
detects the networkcard.
NOTE: in later Linux versions /etc/conf.modules has been renamed to
/etc/modules.conf (contains loadable modules like NIC driver,
sound card driver, etc)
> and When "Bring up eth0"
> It said:
> "Delaying eth0 initialization"
>
> and when I type "ifup eth0"
>
> It also said:
> "Delaying eth0 initialization"
>
> How to fix this problem?
> THANK YOU FOR REPLY!
Check your /etc/conf.modules
Most likely, it doesn't contain an alias for your Ethernet-adapter.
That should be something like : alias eth0 hp100
In my case it's hp100 because I have a HP-networkcard.
You should also check in /var/log/dmesg whether the kernel actually
detects the networkcard.
NOTE: in later Linux versions /etc/conf.modules has been renamed to
/etc/modules.conf (contains loadable modules like NIC driver,
sound card driver, etc)
Fix for "Delaying eth0 initialization" error message
> When I start up RedHat Linux 6.0!~
> and When "Bring up eth0"
> It said:
> "Delaying eth0 initialization"
>
> and when I type "ifup eth0"
>
> It also said:
> "Delaying eth0 initialization"
>
> How to fix this problem?
> THANK YOU FOR REPLY!
Check your /etc/conf.modules
Most likely, it doesn't contain an alias for your Ethernet-adapter.
That should be something like : alias eth0 hp100
In my case it's hp100 because I have a HP-networkcard.
You should also check in /var/log/dmesg whether the kernel actually
detects the networkcard.
NOTE: in later Linux versions /etc/conf.modules has been renamed to
/etc/modules.conf (contains loadable modules like NIC driver,
sound card driver, etc)
> and When "Bring up eth0"
> It said:
> "Delaying eth0 initialization"
>
> and when I type "ifup eth0"
>
> It also said:
> "Delaying eth0 initialization"
>
> How to fix this problem?
> THANK YOU FOR REPLY!
Check your /etc/conf.modules
Most likely, it doesn't contain an alias for your Ethernet-adapter.
That should be something like : alias eth0 hp100
In my case it's hp100 because I have a HP-networkcard.
You should also check in /var/log/dmesg whether the kernel actually
detects the networkcard.
NOTE: in later Linux versions /etc/conf.modules has been renamed to
/etc/modules.conf (contains loadable modules like NIC driver,
sound card driver, etc)
Format floppy disk in MS-DOS format or in ext2 format
-To format floppy disk in ext2 format, just run
fdformat /dev/fd0
-then
mkfs -t ext2 /dev/fd0
fdformat /dev/fd0
-then
mkfs -t ext2 /dev/fd0
The date command - setting the date
date MMDDHHmmYYYY
example:
root# date 041511242005 <------ command entered
Fri April 15 11:24:00 EDT 2005 <------- output
This syncs the hardware and software clocks:
hwclock --set --date="`date '+%m/%d/%y %H:%M:%S'`"
example:
root# date 041511242005 <------ command entered
Fri April 15 11:24:00 EDT 2005 <------- output
This syncs the hardware and software clocks:
hwclock --set --date="`date '+%m/%d/%y %H:%M:%S'`"
Convert HTML to PostScript using html2ps - example
html2ps /tmp/temp.html /tmp/tmp.ps gs -sDEVICE=laserjet -sPAPERSIZE=letter -sOutputFile=/tmp/tmp.pcl -dNOPAUSE -q /tmp/tmp.ps -c quit
Setting up Vim (.vimrc)
vi has a large set of options that can be set to alter the behaviour of the editor. Vim expands on this set. I have listed only those that are most important to a beginning user.
Options are set by typing :set >option<>option< is the name of the option. There are two kinds of options: boolean options (those which can be either on or off) and variable options (those which take a value). In vim, :help options will provide quite a nice summary of the options.
Options may either be set on the fly while running vi, or they may be read from a configuration file called .exrc, .vimrc, or .gvimrc. :set all will show you the current setting of every option. Option name Description Example
autoindent sets autoindenting on :set autoindent
backup Causes vim to save a copy of the file with a ~ on the end without the changes you just made :set backup
tabstop Determines the width of the tab character :set tabstop=4
ruler Shows cursor position on the modeline :set ruler
wrap Determines whether a line exceeding the width of the display will wrap to the next line :set wrap
showbreak Sets which characters(if any) will appear in front of the second portion of the wrapped line :set showbreak=>
showmode Displays the mode on the modeline when not in command mode :set showmode
fileformat Sets the end of line character used when the file is saved :set fileformat=dos
sample .vimrc file:
:set tabstop=4
Options are set by typing :set >option<>option< is the name of the option. There are two kinds of options: boolean options (those which can be either on or off) and variable options (those which take a value). In vim, :help options will provide quite a nice summary of the options.
Options may either be set on the fly while running vi, or they may be read from a configuration file called .exrc, .vimrc, or .gvimrc. :set all will show you the current setting of every option. Option name Description Example
autoindent sets autoindenting on :set autoindent
backup Causes vim to save a copy of the file with a ~ on the end without the changes you just made :set backup
tabstop Determines the width of the tab character :set tabstop=4
ruler Shows cursor position on the modeline :set ruler
wrap Determines whether a line exceeding the width of the display will wrap to the next line :set wrap
showbreak Sets which characters(if any) will appear in front of the second portion of the wrapped line :set showbreak=>
showmode Displays the mode on the modeline when not in command mode :set showmode
fileformat Sets the end of line character used when the file is saved :set fileformat=dos
sample .vimrc file:
:set tabstop=4
ngrep examples
Be quiet, look only at tcp packets with either source or dest port 80 on interface eth1, look for anything matching 'www'.
ngrep -qd eth1 'www' tcp port 80
Look at all packets with either source or dest port 53 on interface le0, that match match 'in-addr'. Be quiet.
ngrep -qd server in-addr port 53
Look only at tcp packets with either source or dest port 21, look for anything resembling an FTP login.
ngrep 'USER|PASS' tcp port 21
Look at tcp packets with either source or dest port 21, that match either 'user' or 'pass' (case insensitively) as a word.
ngrep -wi 'user|pass' tcp port 21
ngrep -qd eth1 'www' tcp port 80
Look at all packets with either source or dest port 53 on interface le0, that match match 'in-addr'. Be quiet.
ngrep -qd server in-addr port 53
Look only at tcp packets with either source or dest port 21, look for anything resembling an FTP login.
ngrep 'USER|PASS' tcp port 21
Look at tcp packets with either source or dest port 21, that match either 'user' or 'pass' (case insensitively) as a word.
ngrep -wi 'user|pass' tcp port 21
Using a proxy server for CPAN.pm, Wget, & other shell utitlies
In your .bashrc, add:
export ftp_proxy="http://your_ftp_proxy:port"
export ftp_proxy="http://your_http_proxy:port"
export ftp_proxy="http://your_ftp_proxy:port"
export ftp_proxy="http://your_http_proxy:port"
Search and replace certain words in file using Perl examples
perl -e "s/old_string/new_string/g;" -pi.save $(find DirectoryName -type f)
perl -e "s/<\!--#include virtual=\".\/menu.html\" -->//g;" -pi.bak $(find . -type f)
perl -e "s/shtml/php/g;" -pi.bak $(find . -type f)
perl -e "s/<\!--#include virtual=\".\/menu.html\" -->//g;" -pi.bak $(find . -type f)
perl -e "s/shtml/php/g;" -pi.bak $(find . -type f)
Fix CVS error: cvs server: cannot open /root/.cvsignore : Permission denied
IF:
> server_args = --allow-root=/usr/local/repository pserver
> cvs server: cannot open /root/.cvsignore : Permission denied
> cvs [server aborted]: can't chdir (/root): Permission denied
THEN:
server_args = -f --allow-root=/usr/local/repository pserver
will fix it.
> server_args = --allow-root=/usr/local/repository pserver
> cvs server: cannot open /root/.cvsignore : Permission denied
> cvs [server aborted]: can't chdir (/root): Permission denied
THEN:
server_args = -f --allow-root=/usr/local/repository pserver
will fix it.
Delete all files in directroy except....
In Unix, to delete all the files in a directory except the ones that start with the letter "a", do the following:
rm [!a]*
But let's say there are many files, and you want to delete everything except a file called "my_file". Use grep's inverse matching capability here:
rm $(ls * | grep -v my_file)
Of course if there are other files with "my_file" as part of their filename, then those won't be deleted either. The following will ensure that this doesn't happen:
rm $(ls * | grep -v '^my_file$')
rm [!a]*
But let's say there are many files, and you want to delete everything except a file called "my_file". Use grep's inverse matching capability here:
rm $(ls * | grep -v my_file)
Of course if there are other files with "my_file" as part of their filename, then those won't be deleted either. The following will ensure that this doesn't happen:
rm $(ls * | grep -v '^my_file$')
ls sort files
The "ls" file/directory listing tool doesn't have built-in support for sorting files according to file size. But by piping the output to "sort", this can be done, e.g.
ls -al | sort +4n
Will sort by size from the smallest file to the largest. The following will display files from largest to smallest:
ls -al | sort +4nr
ls -al | sort +4n
Will sort by size from the smallest file to the largest. The following will display files from largest to smallest:
ls -al | sort +4nr
Setting up CVS initially
1)start a repository
cvs -d /usr/local/newrepos init
2)add group cvs
groupadd cvs
3)edit /etc/group and add any user who need to access repository to this group, e.g.
cvs:*:105:david,dahveed
4)group ownership and permissions to repository directory
cd /usr/local/newrepos
chgrp -R cvs .
chmod ug+rwx . CVSROOT
Setting up the CVS password server (pserver)
cvspserver stream tcp nowait root /usr/bin/cvs cvs --allow-root=/home/david/cvsroot --allow-root=/home/david/cvsmisc pserver
If you want to make the same work under xinetd, you save a config file in /etc/xinetd.d called cvspserver, (where the last line tells it the names of your repositories):
service cvspserver
{
socket_type = stream
protocol = tcp
wait = no
user = root
passenv =
server = /usr/bin/cvs
server_args = --allow-root=/home/pauljohn/cvsroot --allow-root=/home/pauljohn/cvsmisc pserver
}
5)
create /usr/local/newrepos/CVSROOT/passwd (for people who don't have a system account and if you want a diff password for the user)
format = username:encrypted_password:optional_system_username
use passwd to create password and paste into CVSROOT/passwd
Better- use the folowing perl script to generate the password
==========
#!/usr/bin/perl
srand (time());
my $randletter = "(int (rand (26)) + (int (rand (1) + .5) % 2 ? 65 : 97))";
my $salt = sprintf ("%c%c", eval $randletter, eval $randletter);
my $plaintext = shift;
my $crypttext = crypt ($plaintext, $salt);
print "${crypttext}\n";
=========
./cryptout.pl "password_in_plain_text"
[root@server lin]# cvs -d :pserver:david@localhost:/usr/local/repository login
(Logging in to david@localhost)
CVS password:
cvs import -m "Initial my_apps import" apps davd start
cvs -d /usr/local/newrepos init
2)add group cvs
groupadd cvs
3)edit /etc/group and add any user who need to access repository to this group, e.g.
cvs:*:105:david,dahveed
4)group ownership and permissions to repository directory
cd /usr/local/newrepos
chgrp -R cvs .
chmod ug+rwx . CVSROOT
Setting up the CVS password server (pserver)
cvspserver stream tcp nowait root /usr/bin/cvs cvs --allow-root=/home/david/cvsroot --allow-root=/home/david/cvsmisc pserver
If you want to make the same work under xinetd, you save a config file in /etc/xinetd.d called cvspserver, (where the last line tells it the names of your repositories):
service cvspserver
{
socket_type = stream
protocol = tcp
wait = no
user = root
passenv =
server = /usr/bin/cvs
server_args = --allow-root=/home/pauljohn/cvsroot --allow-root=/home/pauljohn/cvsmisc pserver
}
5)
create /usr/local/newrepos/CVSROOT/passwd (for people who don't have a system account and if you want a diff password for the user)
format = username:encrypted_password:optional_system_username
use passwd to create password and paste into CVSROOT/passwd
Better- use the folowing perl script to generate the password
==========
#!/usr/bin/perl
srand (time());
my $randletter = "(int (rand (26)) + (int (rand (1) + .5) % 2 ? 65 : 97))";
my $salt = sprintf ("%c%c", eval $randletter, eval $randletter);
my $plaintext = shift;
my $crypttext = crypt ($plaintext, $salt);
print "${crypttext}\n";
=========
./cryptout.pl "password_in_plain_text"
[root@server lin]# cvs -d :pserver:david@localhost:/usr/local/repository login
(Logging in to david@localhost)
CVS password:
cvs import -m "Initial my_apps import" apps davd start
RPM queries
To see all installed RPMs, do a:
[root@server bin]# rpm -qa
To see where e.g. /bin/mail came from do a:
[root@server bin]# rpm -qf /bin/mail
mailx-8.1.1-31.1
To see verbose info on an rpm, do a e.g.:
[root@server bin]# rpm -qi mailx
Name : mailx Relocations: (not relocateable)
Version : 8.1.1 Vendor: Red Hat, Inc.
Release : 31.1 Build Date: Fri 01 Aug 2003 01:39:48 PM PDT
Install Date: Tue 02 Dec 2003 12:26:05 AM PST Build Host: daffy.perf.redhat.com
Group : Applications/Internet Source RPM: mailx-8.1.1-31.1.src.rpm
Size : 80381 License: BSD
Signature : DSA/SHA1, Tue 28 Oct 2003 03:55:12 PM PST, Key ID b44269d04f2a6fd2
Packager : Red Hat, Inc.
Summary : The /bin/mail program for sending quick email messages.
Description :
The mailx package installs the /bin/mail program, which is used to
send quick email messages without opening up a full-featured
mail user agent. Mailx is often used in shell scripts.
Do -ql to see all files contained in the rpm:
[root@server bin]# rpm -ql !$
rpm -ql mailx
/bin/mail
/etc/mail.rc
/usr/bin/Mail
/usr/lib/mail.help
/usr/lib/mail.tildehelp
/usr/share/man/man1/Mail.1.gz
/usr/share/man/man1/mail.1.gz
[root@server bin]# rpm -qa
To see where e.g. /bin/mail came from do a:
[root@server bin]# rpm -qf /bin/mail
mailx-8.1.1-31.1
To see verbose info on an rpm, do a e.g.:
[root@server bin]# rpm -qi mailx
Name : mailx Relocations: (not relocateable)
Version : 8.1.1 Vendor: Red Hat, Inc.
Release : 31.1 Build Date: Fri 01 Aug 2003 01:39:48 PM PDT
Install Date: Tue 02 Dec 2003 12:26:05 AM PST Build Host: daffy.perf.redhat.com
Group : Applications/Internet Source RPM: mailx-8.1.1-31.1.src.rpm
Size : 80381 License: BSD
Signature : DSA/SHA1, Tue 28 Oct 2003 03:55:12 PM PST, Key ID b44269d04f2a6fd2
Packager : Red Hat, Inc.
Summary : The /bin/mail program for sending quick email messages.
Description :
The mailx package installs the /bin/mail program, which is used to
send quick email messages without opening up a full-featured
mail user agent. Mailx is often used in shell scripts.
Do -ql to see all files contained in the rpm:
[root@server bin]# rpm -ql !$
rpm -ql mailx
/bin/mail
/etc/mail.rc
/usr/bin/Mail
/usr/lib/mail.help
/usr/lib/mail.tildehelp
/usr/share/man/man1/Mail.1.gz
/usr/share/man/man1/mail.1.gz
Uninstalling RPM packages
Test it out first:
rpm -e --test my_package
Erase it, no dependencies:
rpm -e --nodeps my_package
rpm -e --test my_package
Erase it, no dependencies:
rpm -e --nodeps my_package
Subscribe to:
Posts (Atom)
