Unix Toolbox

11/20/13
Unix Toolbox
UNIX T OOLBOX
ThisdocumentisacollectionofUnix/Linux/BSDcommandsandtaskswhichareusefulforITworkorfor advancedusers.Thisisapracticalguidewithconciseexplanations,howeverthereaderissupposedto knowwhats/heisdoing.
1. System 2. Processes 3. FileSystem 4. Network 5. SSHSCP 6. VPNwithSSH 7. RSYNC 8. SUDO 9. EncryptFiles 10. EncryptPartitions 11. SSLCertificates 12. CVS 13. SVN 14. UsefulCommands 15. InstallSoftware 16. ConvertMedia 17. Printing 18. Databases 19. DiskQuota 20. Shells 21. Scripting 22. Programming 23. OnlineHelp
cb.vu/unixtoolbox.xhtml#loadstats
1/49
11/20/13
Unix Toolbox
1 S YS T E M
Hardware|Statistics|Users|Limits|Runlevels|rootpassword|Compilekernel|Repairgrub|Misc Runningkernelandsysteminformation
#u n a m ea #l s b _ r e l e a s ea #c a t/ e t c / S u S E r e l e a s e #c a t/ e t c / d e b i a n _ v e r s i o n #G e tt h ek e r n e lv e r s i o n( a n dB S Dv e r s i o n ) #F u l lr e l e a s ei n f oo fa n yL S Bd i s t r i b u t i o n #G e tS u S Ev e r s i o n #G e tD e b i a nv e r s i o n
Use/etc/D I S T R releasewith D I S T R = lsb (Ubuntu), redhat, gentoo, mandrake, sun (Solaris), and so on. Seealso/ e t c / i s s u e .
#u p t i m e #h o s t n a m e #h o s t n a m ei #m a nh i e r #l a s tr e b o o t #S h o wh o wl o n gt h es y s t e mh a sb e e nr u n n i n g+l o a d #s y s t e m ' sh o s tn a m e #D i s p l a yt h eI Pa d d r e s so ft h eh o s t .( L i n u xo n l y ) #D e s c r i p t i o no ft h ef i l es y s t e mh i e r a r c h y #S h o ws y s t e mr e b o o th i s t o r y
1. 1 Har dwar e Infor mat ions

Kerneldetectedhardware
#d m e s g #D e t e c t e dh a r d w a r ea n db o o tm e s s a g e s #l s d e v #i n f o r m a t i o na b o u ti n s t a l l e dh a r d w a r e #d di f = / d e v / m e mb s = 1 ks k i p = 7 6 8c o u n t = 2 5 62 > / d e v / n u l l|s t r i n g sn8#R e a dB I O S
Linux
#c a t/ p r o c / c p u i n f o #c a t/ p r o c / m e m i n f o #g r e pM e m T o t a l/ p r o c / m e m i n f o #w a t c hn 1' c a t/ p r o c / i n t e r r u p t s ' #f r e em #c a t/ p r o c / d e v i c e s #l s p c it v #l s u s bt v #l s h a l #d m i d e c o d e #C P Um o d e l #H a r d w a r em e m o r y #D i s p l a yt h ep h y s i c a lm e m o r y #W a t c hc h a n g e a b l ei n t e r r u p t sc o n t i n u o u s l y #U s e da n df r e em e m o r y( mf o rM B ) #C o n f i g u r e dd e v i c e s #S h o wP C Id e v i c e s #S h o wU S Bd e v i c e s #S h o wal i s to fa l ld e v i c e sw i t ht h e i rp r o p e r t i e s #S h o wD M I / S M B I O S :h wi n f of r o mt h eB I O S
Fr e e BSD
#s y s c t lh w . m o d e l #s y s c t lh w #s y s c t lh w . n c p u #s y s c t lv m #s y s c t lh w . r e a l m e m #s y s c t la|g r e pm e m #s y s c t ld e v #p c i c o n flc v #u s b d e v sv #a t a c o n t r o ll i s t #c a m c o n t r o ld e v l i s tv #C P Um o d e l #G i v e sal o to fh a r d w a r ei n f o r m a t i o n #n u m b e ro fa c t i v eC P U si n s t a l l e d #M e m o r yu s a g e #H a r d w a r em e m o r y #K e r n e lm e m o r ys e t t i n g sa n di n f o #C o n f i g u r e dd e v i c e s #S h o wP C Id e v i c e s #S h o wU S Bd e v i c e s #S h o wA T Ad e v i c e s #S h o wS C S Id e v i c e s
1. 2 Load, st at ist ics and messages

Thefollowingcommandsareusefultofindoutwhatisgoingononthesystem.
#t o p #m p s t a t1 #v m s t a t2 #i o s t a t2 #s y s t a tv m s t a t1 #s y s t a tt c p1 #s y s t a tn e t s t a t1 #s y s t a ti f s t a t1 #s y s t a ti o s t a t1 #i p c sa #t a i ln5 0 0/ v a r / l o g / m e s s a g e s #t a i l/ v a r / l o g / w a r n #d i s p l a ya n du p d a t et h et o pc p up r o c e s s e s #d i s p l a yp r o c e s s o r sr e l a t e ds t a t i s t i c s #d i s p l a yv i r t u a lm e m o r ys t a t i s t i c s #d i s p l a yI / Os t a t i s t i c s( 2si n t e r v a l s ) #B S Ds u m m a r yo fs y s t e ms t a t i s t i c s( 1si n t e r v a l s ) #B S Dt c pc o n n e c t i o n s( t r ya l s oi p ) #B S Da c t i v en e t w o r kc o n n e c t i o n s #B S Dn e t w o r kt r a f f i ct h r o u g ha c t i v ei n t e r f a c e s #B S DC P Ua n da n dd i s kt h r o u g h p u t #i n f o r m a t i o no nS y s t e mVi n t e r p r o c e s s #L a s t5 0 0k e r n e l / s y s l o gm e s s a g e s #S y s t e mw a r n i n g sm e s s a g e ss e es y s l o g . c o n f
1. 3 User s
#i d #S h o wt h ea c t i v eu s e ri dw i t hl o g i na n dg r o u p #l a s t #S h o wl a s tl o g i n so nt h es y s t e m #w h o #S h o ww h oi sl o g g e do nt h es y s t e m #g r o u p a d da d m i n #A d dg r o u p" a d m i n "a n du s e rc o l i n( L i n u x / S o l a r i s ) #u s e r a d dc" C o l i nB a r s c h e l "ga d m i nmc o l i n #u s e r m o daG< g r o u p > #A d de x i s t i n gu s e rt og r o u p( D e b i a n ) #g r o u p m o dA< g r o u p > #A d de x i s t i n gu s e rt og r o u p( S u S E ) #u s e r d e lc o l i n #D e l e t eu s e rc o l i n( L i n u x / S o l a r i s )
cb.vu/unixtoolbox.xhtml#loadstats 2/49
11/20/13
Unix Toolbox
#a d d u s e rj o e #F r e e B S Da d du s e rj o e( i n t e r a c t i v e ) #r m u s e rj o e #F r e e B S Dd e l e t eu s e rj o e( i n t e r a c t i v e ) #p wg r o u p a d da d m i n #U s ep wo nF r e e B S D #p wg r o u p m o da d m i nmn e w m e m b e r #A d dan e wm e m b e rt oag r o u p #p wu s e r a d dc o l i nc" C o l i nB a r s c h e l "ga d m i nms/ b i n / t c s h #p wu s e r d e lc o l i n ;p wg r o u p d e la d m i n
Encrypted passwords are stored in /etc/shadow for Linux and Solaris and /etc/master.passwd on FreeBSD. If the master.passwd is modified manually (say to delete a password), run # p w d _ m k d bp m a s t e r . p a s s w d torebuildthedatabase. Totemporarilypreventloginssystemwide(forallusersbutroot)usenologin.Themessageinnologin willbedisplayed(mightnotworkwithsshpresharedkeys).
#e c h o" S o r r yn ol o g i nn o w ">/ e t c / n o l o g i n #e c h o" S o r r yn ol o g i nn o w ">/ v a r / r u n / n o l o g i n #( L i n u x ) #( F r e e B S D )
1. 4 Limit s
Some application require higher limits on open files and sockets (like a proxy web server, database). Thedefaultlimitsareusuallytoolow. Linux Pershell/script Theshelllimitsaregovernedby u l i m i t .Thestatusischeckedwith u l i m i ta .Forexampletochange theopenfileslimitfrom1024to10240do:
#u l i m i tn1 0 2 4 0 #T h i si so n l yv a l i dw i t h i nt h es h e l l
Theu l i m i t commandcanbeusedinascripttochangethelimitsforthescriptonly. Peruser/process Loginusersandapplicationscanbeconfiguredin/ e t c / s e c u r i t y / l i m i t s . c o n f .Forexample:

#c a t/ e t c / s e c u r i t y / l i m i t s . c o n f * h a r d n p r o c 2 5 0 a s t e r i s kh a r dn o f i l e4 0 9 6 0 0 #L i m i tu s e rp r o c e s s e s #L i m i ta p p l i c a t i o no p e nf i l e s
Systemwide Kernellimitsaresetwithsysctl.Permanentlimitsaresetin/ e t c / s y s c t l . c o n f .
#s y s c t la #V i e wa l ls y s t e ml i m i t s #s y s c t lf s . f i l e m a x #V i e wm a xo p e nf i l e sl i m i t #s y s c t lf s . f i l e m a x = 1 0 2 4 0 0 #C h a n g em a xo p e nf i l e sl i m i t #e c h o" 1 0 2 45 0 0 0 0 ">/ p r o c / s y s / n e t / i p v 4 / i p _ l o c a l _ p o r t _ r a n g e #p o r tr a n g e #c a t/ e t c / s y s c t l . c o n f f s . f i l e m a x = 1 0 2 4 0 0 #P e r m a n e n te n t r yi ns y s c t l . c o n f #c a t/ p r o c / s y s / f s / f i l e n r #H o wm a n yf i l ed e s c r i p t o r sa r ei nu s e
Fr e e BSD Pershell/script Usethecommandl i m i t s incshortcshorasinLinux,useu l i m i t inanshorbashshell. Peruser/process Thedefaultlimitsonloginaresetin / e t c / l o g i n . c o n f . An unlimited value is still limited by the system maximalvalue. Systemwide Kernel limits are also set with sysctl. Permanent limits are set in / e t c / s y s c t l . c o n f or / b o o t / l o a d e r . c o n f .ThesyntaxisthesameasLinuxbutthekeysaredifferent.
#s y s c t la #V i e wa l ls y s t e ml i m i t s #s y s c t lk e r n . m a x f i l e s = X X X X #m a x i m u mn u m b e ro ff i l ed e s c r i p t o r s k e r n . i p c . n m b c l u s t e r s = 3 2 7 6 8 #P e r m a n e n te n t r yi n/ e t c / s y s c t l . c o n f k e r n . m a x f i l e s = 6 5 5 3 6 #T y p i c a lv a l u e sf o rS q u i d k e r n . m a x f i l e s p e r p r o c = 3 2 7 6 8 k e r n . i p c . s o m a x c o n n = 8 1 9 2 #T C Pq u e u e .B e t t e rf o ra p a c h e / s e n d m a i l #s y s c t lk e r n . o p e n f i l e s #H o wm a n yf i l ed e s c r i p t o r sa r ei nu s e #s y s c t lk e r n . i p c . n u m o p e n s o c k e t s #H o wm a n yo p e ns o c k e t sa r ei nu s e #s y s c t ln e t . i n e t . i p . p o r t r a n g e . l a s t = 5 0 0 0 0#D e f a u l ti s1 0 2 4 5 0 0 0 #n e t s t a tm #n e t w o r km e m o r yb u f f e r ss t a t i s t i c s
3/49
11/20/13
Unix Toolbox
See The FreeBSD handbook Chapter 11http://www.f reebsd.org/handbook/conf igtuningkernellimits.html for details. And alsoFreeBSDperformancetuninghttp://serv erf ault.com/questions/64356/f reebsdperf ormancetuningsy sctlsloaderconf kernel Solar is Thefollowingvaluesin/ e t c / s y s t e m willincreasethemaximumfiledescriptorsperproc:
s e tr l i m _ f d _ m a x=4 0 9 6 s e tr l i m _ f d _ c u r=1 0 2 4 #H a r dl i m i to nf i l ed e s c r i p t o r sf o ras i n g l ep r o c #S o f tl i m i to nf i l ed e s c r i p t o r sf o ras i n g l ep r o c
1. 5 Runlevels
Linux Oncebooted,thekernelstartsi n i t whichthenstartsr c whichstartsallscriptsbelongingtoarunlevel. Thescriptsarestoredin/etc/init.dandarelinkedinto/etc/rc.d/rcN.dwithNtherunlevelnumber. Thedefaultrunlevelisconfiguredin/etc/inittab.Itisusually3or5:
#g r e pd e f a u l t :/ e t c / i n i t t a b i d : 3 : i n i t d e f a u l t :
Theactualrunlevelcanbechangedwithi n i t .Forexampletogofrom3to5:
#i n i t5 #E n t e r sr u n l e v e l5
0Shutdownandhalt 1SingleUsermode(alsoS) 2Multiuserwithoutnetwork 3Multiuserwithnetwork 5MultiuserwithX 6Reboot Usec h k c o n f i g toconfiguretheprogramsthatwillbestartedatbootinarunlevel.

#c h k c o n f i gl i s t #c h k c o n f i gl i s ts s h d #c h k c o n f i gs s h dl e v e l3 5o n #c h k c o n f i gs s h do f f #L i s ta l li n i ts c r i p t s #R e p o r tt h es t a t u so fs s h d #C o n f i g u r es s h df o rl e v e l s3a n d5 #D i s a b l es s h df o ra l lr u n l e v e l s
Debian and Debian based distributions like Ubuntu or Knoppix use the command u p d a t e r c . d to managetherunlevelsscripts.Defaultistostartin2,3,4and5andshutdownin0,1and6.
#u p d a t e r c . ds s h dd e f a u l t s #A c t i v a t es s h dw i t ht h ed e f a u l tr u n l e v e l s #u p d a t e r c . ds s h ds t a r t2 02345.s t o p2 0016. #W i t he x p l i c i ta r g u m e n t s #u p d a t e r c . dfs s h dr e m o v e #D i s a b l es s h df o ra l lr u n l e v e l s #s h u t d o w nhn o w( o r#p o w e r o f f ) #S h u t d o w na n dh a l tt h es y s t e m
Fr e e BSD TheBSDbootapproachisdifferentfromtheSysV,therearenorunlevels.Thefinalbootstate(single user, with or without X) is configured in / e t c / t t y s . All OS scripts are located in / e t c / r c . d / and in / u s r / l o c a l / e t c / r c . d / for thirdparty applications. The activation of the service is configured in / e t c / r c . c o n f and / e t c / r c . c o n f . l o c a l . The default behavior is configured in / e t c / d e f a u l t s / r c . c o n f . Thescriptsrespondsatleasttostart|stop|status.
#/ e t c / r c . d / s s h ds t a t u s s s h di sr u n n i n ga sp i d5 5 2 . #s h u t d o w nn o w #e x i t #s h u t d o w npn o w #s h u t d o w nrn o w #G oi n t os i n g l e u s e rm o d e #G ob a c kt om u l t i u s e rm o d e #S h u t d o w na n dh a l tt h es y s t e m #R e b o o t
Theprocessi n i t canalsobeusedtoreachoneofthefollowingstateslevel.Forexample# i n i t6 for reboot. 0Haltandturnthepoweroff(signalU S R 2 ) 1Gotosingleusermode(signalT E R M ) 6Rebootthemachine(signalI N T ) cBlockfurtherlogins(signalT S T P ) qRescanthettys(5)file(signalH U P ) Windows Startandstopaservicewitheitherthe s e r v i c en a m e or" s e r v i c ed e s c r i p t i o n " (shownintheServices ControlPanel)asfollows:
11/20/13
Unix Toolbox
n e ts t o pW S e a r c h n e ts t a r tW S e a r c h n e ts t o p" W i n d o w sS e a r c h " n e ts t a r t" W i n d o w sS e a r c h "
#s t a r ts e a r c hs e r v i c e #s a m ea sa b o v eu s i n gd e s c r .
1. 6 Reset r oot passwor d

Linuxme thod1 Atthebootloader(liloorgrub),enterthefollowingbootoption:
i n i t = / b i n / s h
The kernel will mount the root partition and i n i t will start the bourne shell instead of r c and then a runlevel.Usethecommand p a s s w d attheprompttochangethepasswordandthenreboot.Forgetthe singleusermodeasyouneedthepasswordforthat. If,afterbooting,therootpartitionismountedreadonly,remountitrw:
#m o u n tor e m o u n t , r w/ #p a s s w d #s y n c ;m o u n tor e m o u n t , r o/ #r e b o o t #o rd e l e t et h er o o tp a s s w o r d( / e t c / s h a d o w ) #s y n cb e f o r et or e m o u n tr e a do n l y
Fr e e BSDme thod1 OnFreeBSD,bootinsingleusermode,remount/rwandusepasswd.Youcanselectthesingleuser modeonthebootmenu(option4)whichisdisplayedfor10secondsatstartup.Thesingleusermode willgiveyouarootshellonthe/partition.

#m o u n tu/ ;m o u n ta #p a s s w d #r e b o o t #w i l lm o u n t/r w
Unixe sandFr e e BSDandLinuxme thod2 Other Unixes might not let you go away with the simple init trick. The solution is to mount the root partitionfromanotherOS(likearescueCD)andchangethepasswordonthedisk. BootaliveCDorinstallationCDintoarescuemodewhichwillgiveyouashell. Findtherootpartitionwithfdiske.g.fdisk/dev/sda Mountitandusechroot:
#m o u n tor w/ d e v / a d 4 s 3 a/ m n t #c h r o o t/ m n t #p a s s w d #r e b o o t #c h r o o ti n t o/ m n t
1. 7 Ker nel modules

Linux
#l s m o d #m o d p r o b ei s d n #L i s ta l lm o d u l e sl o a d e di nt h ek e r n e l #T ol o a dam o d u l e( h e r ei s d n )
Fr e e BSD
#k l d s t a t #k l d l o a dc r y p t o #L i s ta l lm o d u l e sl o a d e di nt h ek e r n e l #T ol o a dam o d u l e( h e r ec r y p t o )
1. 8 Compile Ker nel

Linux
#c d/ u s r / s r c / l i n u x #m a k em r p r o p e r #m a k eo l d c o n f i g #m a k em e n u c o n f i g #m a k e #m a k em o d u l e s #m a k em o d u l e s _ i n s t a l l #m a k ei n s t a l l #r e b o o t #C l e a ne v e r y t h i n g ,i n c l u d i n gc o n f i gf i l e s #R e u s et h eo l d. c o n f i gi fe x i s t e n t #o rx c o n f i g( Q t )o rg c o n f i g( G T K ) #C r e a t eac o m p r e s s e dk e r n e li m a g e #C o m p i l et h em o d u l e s #I n s t a l lt h em o d u l e s #I n s t a l lt h ek e r n e l
Fr e e BSD Optionallyupdatethesourcetree(in/ u s r / s r c )withcsup(asofFreeBSD6.2orlater):

#c s u p< s u p f i l e >
11/20/13
Unix Toolbox
Iusethefollowingsupfile:
* d e f a u l th o s t = c v s u p 5 . F r e e B S D . o r g #w w w . f r e e b s d . o r g / h a n d b o o k / c v s u p . h t m l # C V S U P M I R R O R S * d e f a u l tp r e f i x = / u s r * d e f a u l tb a s e = / v a r / d b * d e f a u l tr e l e a s e = c v sd e l e t et a g = R E L E N G _ 7 s r c a l l
To modify and rebuild the kernel, copy the generic configuration file to a new name and edit it as needed(youcanalsoeditthefile G E N E R I C directly).Torestartthebuildafteraninterruption,addthe optionN O _ C L E A N = Y E S tothemakecommandtoavoidcleaningtheobjectsalreadybuild.
#c d/ u s r / s r c / s y s / i 3 8 6 / c o n f / #c pG E N E R I CM Y K E R N E L #c d/ u s r / s r c #m a k eb u i l d k e r n e lK E R N C O N F = M Y K E R N E L #m a k ei n s t a l l k e r n e lK E R N C O N F = M Y K E R N E L
TorebuildthefullOS:
#m a k eb u i l d w o r l d #m a k eb u i l d k e r n e l #m a k ei n s t a l l k e r n e l #r e b o o t #m e r g e m a s t e rp #m a k ei n s t a l l w o r l d #m e r g e m a s t e riU #r e b o o t #B u i l dt h ef u l lO Sb u tn o tt h ek e r n e l #U s eK E R N C O N Fa sa b o v ei fa p p r o p r i a t e #C o m p a r e so n l yf i l e sk n o w nt ob ee s s e n t i a l #U p d a t ea l lc o n f i g u r a t i o n sa n do t h e rf i l e s
ForsmallchangesinthesourceyoucanuseNO_CLEAN=yestoavoidrebuildingthewholetree.
#m a k eb u i l d w o r l dN O _ C L E A N = y e s #D o n ' td e l e t et h eo l do b j e c t s #m a k eb u i l d k e r n e lK E R N C O N F = M Y K E R N E LN O _ C L E A N = y e s
1. 9 Repair gr ub
Soyoubrokegrub?Bootfromalivecd,[findyourlinuxpartitionunder / d e v anduse f d i s k tofindthe linux partion] mount the linux partition, add /proc and /dev and use g r u b i n s t a l l/ d e v / x y z . Suppose linuxlieson/ d e v / s d a 6 :
#m o u n t/ d e v / s d a 6/ m n t #m o u n tb i n d/ p r o c/ m n t / p r o c #m o u n tb i n d/ d e v/ m n t / d e v #c h r o o t/ m n t #g r u b i n s t a l l/ d e v / s d a #m o u n tt h el i n u xp a r t i t i o no n/ m n t #m o u n tt h ep r o cs u b s y s t e mi n t o/ m n t #m o u n tt h ed e v i c e si n t o/ m n t #c h a n g er o o tt ot h el i n u xp a r t i t i o n #r e i n s t a l lg r u bw i t hy o u ro l ds e t t i n g s
1. 10 Misc
DisableOSXvirtualmemory(repeatwithl o a d toreenable).Fastersystem,butalittlerisky.
#s u d ol a u n c h c t lu n l o a dw/ S y s t e m / L i b r a r y / L a u n c h D a e m o n s / c o m . a p p l e . d y n a m i c _ p a g e r . p l i s t #s l e e p3 6 0 0 ;p m s e ts l e e p n o w #g ot os t a n d b yi no n eh o u r( O S X ) #d e f a u l t sw r i t egc o m . a p p l e . m o u s e . s c a l i n gf l o a t8 #O S Xm o u s ea c c e l e r a t i o n( u s e1t or e v e r s e )
2PROCESSES
Listing|Priority|Background/Foreground|Top|Kill
2. 1 List ing and PIDs

Eachprocesshasauniquenumber,thePID.Alistofallrunningprocessisretrievedwithp s .
#p sa u x e f w #E x t e n s i v el i s to fa l lr u n n i n gp r o c e s s
Howevermoretypicalusageiswithapipeorwithp g r e p (forOSXinstallp r o c t o o l s fromMacPorts):

#p sa x w w|g r e pc r o n 5 8 6 ? ? I s 0 : 0 1 . 4 8/ u s r / s b i n / c r o ns #p sa x j f #A l lp r o c e s s e si nat r e ef o r m a t( L i n u x ) #p sa u x|g r e p' s s [ h ] ' #F i n da l ls s hp i d sw i t h o u tt h eg r e pp i d #p g r e pls s h d #F i n dt h eP I D so fp r o c e s s e sb y( p a r to f )n a m e #e c h o$ $ #T h eP I Do fy o u rs h e l l #f u s e rv a2 2 / t c p #L i s tp r o c e s s e su s i n gp o r t2 2( L i n u x ) #p m a pP I D #M e m o r ym a po fp r o c e s s( h u n tm e m o r yl e a k s )( L i n u x ) #f u s e rv a/ h o m e #L i s tp r o c e s s e sa c c e s s i n gt h e/ h o m ep a r t i t i o n #s t r a c ed f #T r a c es y s t e mc a l l sa n ds i g n a l s #t r u s sd f #s a m ea sa b o v eo nF r e e B S D / S o l a r i s / U n i x w a r e
2. 2 Pr ior it y
6/49
11/20/13
Unix Toolbox
Changethepriorityofarunningprocesswithr e n i c e .Negativenumbershaveahigherpriority,the lowestis20and"nice"haveapositivevalue.

#r e n i c e55 8 6 #S t r o n g e rp r i o r i t y 5 8 6 :o l dp r i o r i t y0 ,n e wp r i o r i t y5
Start the process with a defined priority with n i c e . Positive is "nice" or weak, negative is strong scheduling priority. Make sure you know if / u s r / b i n / n i c e or the shell builtin is used (check with # w h i c hn i c e ).
#n i c en5t o p #n i c en5t o p #n i c e+ 5t o p #S t r o n g e rp r i o r i t y( / u s r / b i n / n i c e ) #W e a k e rp r i o r i t y( / u s r / b i n / n i c e ) #t c s hb u i l t i nn i c e( s a m ea sa b o v e ! )
WhilenicechangestheCPUscheduler,anotherusefulcommandi o n i c e willschedulethediskIO.This isveryusefulforintensiveIOapplication(e.g.compiling).Youcanselectaclass(idlebesteffortreal time),themanpageisshortandwellexplained.

#i o n i c ec 3p 1 2 3 #i o n i c ec 2n 0f i r e f o x #i o n i c ec 3p $ $ #s e ti d l ec l a s sf o rp i d1 2 3( L i n u xo n l y ) #R u nf i r e f o xw i t hb e s te f f o r ta n dh i g hp r i o r i t y #S e tt h ea c t u a ls h e l lt oi d l ep r i o r i t y
Thelastcommandisveryusefultocompile(ordebug)alargeproject.Everycommandlaunchedfrom thisshellwillhavealoverpriority.$ $ isyourshellpid(tryecho$$). FreeBSDusesi d p r i o / r t p r i o (0=maxpriority,31=mostidle):

#i d p r i o3 1m a k e #i d p r i o3 11 2 3 4 #i d p r i ot1 2 3 4 #c o m p i l ei nt h el o w e s tp r i o r i t y #s e tP I D1 2 3 4w i t hl o w e s tp r i o r i t y #tr e m o v e sa n yr e a lt i m e / i d l ep r i o r i t y
2. 3 Backgr ound/ For egr ound

Whenstartedfromashell,processescanbebroughtinthebackgroundandbacktotheforeground with[Ctrl][Z](^Z),b g and f g .Listtheprocesseswith j o b s .Whenneededdetachfromtheterminalwith d i s o w n .
#p i n gc b . v u>p i n g . l o g ^ Z #b g #j o b sl [ 1 ] -3 6 2 3 2R u n n i n g [ 2 ] +3 6 2 3 3S u s p e n d e d( t t yo u t p u t ) #f g% 2 #m a k e ^ Z #b g #d i s o w nh% 1 #p i n gi ss u s p e n d e d( s t o p p e d )w i t h[ C t r l ] [ Z ] #p u ti nb a c k g r o u n da n dc o n t i n u e sr u n n i n g #L i s tp r o c e s s e si nb a c k g r o u n d p i n gc b . v u>p i n g . l o g t o p #B r i n gp r o c e s s2b a c ki nf o r e g r o u n d #s t a r tal o n gc o m p i l ej o bb u tn e e dt ol e a v et h et e r m i n a l #s u s p e n d e d( s t o p p e d )w i t h[ C t r l ] [ Z ] #p u ti nb a c k g r o u n da n dc o n t i n u e sr u n n i n g #d e t a t c hp r o c e s sf r o mt e r m i n a l ,w o n ' tb ek i l l e da tl o g o u t
Nostraightforwardwaytoreattachtheprocesstoanewterminal,tryreptyr(Linux). Usen o h u p tostartaprocesswhichhastokeeprunningwhentheshellisclosed(immunetohangups).

#n o h u pp i n gi6 0>p i n g . l o g&
2. 4 Top
The program t o p displays running information of processes. See also the program h t o p from htop.sourceforge.net (a more powerful version of top) which runs on Linux and FreeBSD (p o r t s / s y s u t i l s / h t o p / ).Whiletopisrunningpressthekeyhforahelpoverview.Usefulkeysare: u[username]Todisplayonlytheprocessesbelongingtotheuser.Use+orblanktoseeall users k[pid]Killtheprocesswithpid. 1Todisplayallprocessorsstatistics(Linuxonly) RTogglenormal/reversesort.
2. 5 Signals/ Kill
Terminateorsendasignalwithk i l l ork i l l a l l .
#p i n gi6 0c b . v u>p i n g . l o g& [ 1 ]4 7 1 2 #k i l lsT E R M4 7 1 2 #k i l l a l l1h t t p d #p k i l l9h t t p #p k i l lT E R Muw w w #f u s e rkT E R Mm/ h o m e #s a m ea sk i l l1 54 7 1 2 #K i l lH U Pp r o c e s s e sb ye x a c tn a m e #K i l lT E R Mp r o c e s s e sb y( p a r to f )n a m e #K i l lT E R Mp r o c e s s e so w n e db yw w w #K i l le v e r yp r o c e s sa c c e s s i n g/ h o m e( t ou m o u n t )
Importantsignalsare:
11/20/13
Unix Toolbox
1H U P (hangup) 2I N T (interrupt) 3Q U I T (quit) 9K I L L (noncatchable,nonignorablekill) 15T E R M (softwareterminationsignal)
3 F I L E S YS T E M
Diskinfo|Boot|Diskusage|Openedfiles | Mount/remount | MountSMB | Mountimage | Burn ISO | Createimage|Memorydisk|Diskperformance
3. 1 Per missions
Change permission and ownership with c h m o d and c h o w n . The default umask can be changed for all users in /etc/profile for Linux or /etc/login.conf for FreeBSD. The default umask is usually 022. The umaskissubtractedfrom777,thusumask022resultsinapermission0f755.
1xe x e c u t e 2w -w r i t e 4r -r e a d u g o = a #M o d e7 6 4=e x e c / r e a d / w r i t e|r e a d / w r i t e|r e a d #F o r : | - O w n e r | | -G r o u p | | O t h | u = u s e r ,g = g r o u p ,o = o t h e r s ,a = e v e r y o n e
#c h m o d[ O P T I O N ]M O D E [ , M O D E ]F I L E #M O D Ei so ft h ef o r m[ u g o a ] * ( [ + = ] ( [ r w x X s t ] ) ) #c h m o d6 4 0/ v a r / l o g / m a i l l o g #R e s t r i c tt h el o gr w r #c h m o du = r w , g = r , o =/ v a r / l o g / m a i l l o g#S a m ea sa b o v e #c h m o dRo r/ h o m e / * #R e c u r s i v er e m o v eo t h e rr e a d a b l ef o ra l lu s e r s #c h m o du + s/ p a t h / t o / p r o g #S e tS U I Db i to ne x e c u t a b l e( k n o ww h a ty o ud o ! ) #f i n d/p e r mu + sp r i n t #F i n da l lp r o g r a m sw i t ht h eS U I Db i t #c h o w nu s e r : g r o u p/ p a t h / t o / f i l e #C h a n g et h eu s e ra n dg r o u po w n e r s h i po faf i l e #c h g r pg r o u p/ p a t h / t o / f i l e #C h a n g et h eg r o u po w n e r s h i po faf i l e #c h m o d6 4 0` f i n d. /t y p efp r i n t `#C h a n g ep e r m i s s i o n st o6 4 0f o ra l lf i l e s #c h m o d7 5 1` f i n d. /t y p edp r i n t `#C h a n g ep e r m i s s i o n st o7 5 1f o ra l ld i r e c t o r i e s
3. 2 Disk infor mat ion

#d i s k i n f ov/ d e v / a d 2 #h d p a r mI/ d e v / s d a #f d i s k/ d e v / a d 2 #s m a r t c t la/ d e v / a d 2 #i n f o r m a t i o na b o u td i s k( s e c t o r / s i z e )F r e e B S D #i n f o r m a t i o na b o u tt h eI D E / A T Ad i s k( L i n u x ) #D i s p l a ya n dm a n i p u l a t et h ep a r t i t i o nt a b l e #D i s p l a yt h ed i s kS M A R Ti n f o
3. 3 Boot
Fr e e BSD Tobootanoldkernelifthenewkerneldoesn'tboot,stopthebootatduringthecountdown.
#u n l o a d #l o a dk e r n e l . o l d #b o o t
3. 4 Syst em mount point s/ Disk usage

#m o u n t|c o l u m nt #d f #c a t/ p r o c / p a r t i t i o n s #S h o wm o u n t e df i l e s y s t e m so nt h es y s t e m #d i s p l a yf r e ed i s ks p a c ea n dm o u n t e dd e v i c e s #S h o wa l lr e g i s t e r e dp a r t i t i o n s( L i n u x )
Diskusage
#d us h* #d uc s h #d uk s*|s o r tnr #l sl S r #D i r e c t o r ys i z e sa sl i s t i n g #T o t a ld i r e c t o r ys i z eo ft h ec u r r e n td i r e c t o r y #S o r te v e r y t h i n gb ys i z ei nk i l o b y t e s #S h o wf i l e s ,b i g g e s tl a s t
3. 5 W ho has which files opened

Thisisusefultofindoutwhichfileisblockingapartitionwhichhastobeunmountedandgivesatypical errorof:
#u m o u n t/ h o m e / u m o u n t :u n m o u n to f/ h o m e f a i l e d :D e v i c eb u s y #u m o u n ti m p o s s i b l eb e c a u s eaf i l ei sl o c k i n gh o m e
Fr e e BSDandmostUnixe s
#f s t a tf/ h o m e #f s t a tpP I D
#f o ram o u n tp o i n t #f o ra na p p l i c a t i o nw i t hP I D
8/49
11/20/13
Unix Toolbox
#f s t a tuu s e r
#f o rau s e rn a m e
Findopenedlogfile(orotheropenedfiles),sayforXorg:
#p sa x|g r e pX o r g|a w k' { p r i n t$ 1 } ' 1 2 5 2 #f s t a tp1 2 5 2 U S E R C M D P I D F DM O U N T I N U MM O D E S Z | D VR / W r o o t X o r g 1 2 5 2r o o t/ 2d r w x r x r x 5 1 2 r r o o t X o r g 1 2 5 2t e x t/ u s r 2 1 6 0 1 6r w s x x 1 6 7 9 8 4 8r r o o t X o r g 1 2 5 2 0/ v a r 2 1 2 0 4 2r w r r - 5 6 9 8 7 w
Thefilewithinum212042istheonlyfilein/var:
#f i n dx/ v a ri n u m2 1 2 0 4 2 / v a r / l o g / X o r g . 0 . l o g
Linux Findopenedfilesonamountpointwithf u s e r orl s o f :

#f u s e rm/ h o m e #l s o f/ h o m e C O M M A N D P I D U S E R F D t c s h 2 9 0 2 9e e d c o b a c w d l s o f 2 9 1 4 0e e d c o b a c w d #L i s tp r o c e s s e sa c c e s s i n g/ h o m e T Y P ED E V I C E D I R 0 , 1 8 D I R 0 , 1 8 S I Z E N O D EN A M E 1 2 2 8 8 1 0 4 8 5 8 7/ h o m e / e e d c o b a( g u a m : / h o m e ) 1 2 2 8 8 1 0 4 8 5 8 7/ h o m e / e e d c o b a( g u a m : / h o m e )
Aboutanapplication:
p sa x|g r e pX o r g|a w k' { p r i n t$ 1 } ' 3 3 2 4 #l s o fp3 3 2 4 C O M M A N D P I D U S E R F D T Y P ED E V I C E X o r g 3 3 2 4r o o t 0 w R E G 8 , 6
S I Z E 5 6 2 9 6
N O D EN A M E 1 2 4 9 2/ v a r / l o g / X o r g . 0 . l o g
Aboutasinglefile:
#l s o f/ v a r / l o g / X o r g . 0 . l o g C O M M A N D P I DU S E R F D T Y P ED E V I C E S I Z E N O D EN A M E X o r g 3 3 2 4r o o t 0 w R E G 8 , 65 6 2 9 61 2 4 9 2/ v a r / l o g / X o r g . 0 . l o g
3. 6 Mount / r emount a file syst em

Forexamplethecdrom.Iflistedin/etc/fstab:
#m o u n t/ c d r o m
Orfindthedevicein/dev/orwithdmesg Fr e e BSD
#m o u n tvtc d 9 6 6 0/ d e v / c d 0 c/ m n t #c d r o m #m o u n t _ c d 9 6 6 0/ d e v / w c d 0 c/ c d r o m #o t h e rm e t h o d #m o u n tvtm s d o s/ d e v / f d 0 c/ m n t #f l o p p y
Entryin/etc/fstab:
#D e v i c e / d e v / a c d 0 M o u n t p o i n t / c d r o m F S t y p e O p t i o n s c d 9 6 6 0 r o , n o a u t o D u m p 0 P a s s # 0
Toletusersdoit:
#s y s c t lv f s . u s e r m o u n t = 1 #O ri n s e r tt h el i n e" v f s . u s e r m o u n t = 1 "i n/ e t c / s y s c t l . c o n f
Linux
#m o u n tta u t o/ d e v / c d r o m/ m n t / c d r o m #m o u n t/ d e v / h d cti s o 9 6 6 0r/ c d r o m #m o u n t/ d e v / s c d 0ti s o 9 6 6 0r/ c d r o m #m o u n t/ d e v / s d c 0tn t f s 3 g/ w i n d o w s #t y p i c a lc d r o mm o u n tc o m m a n d #t y p i c a lI D E #t y p i c a lS C S Ic d r o m #t y p i c a lS C S I
Entryin/etc/fstab:
/ d e v / c d r o m / m e d i a / c d r o m s u b f sn o a u t o , f s = c d f s s , r o , p r o c u i d , n o s u i d , n o d e v , e x e c00
MountaFreeBSDpartitionwithLinux Findthepartitionnumbercontainingwithfdisk,thisisusuallytherootpartition,butitcouldbeanother BSDslicetoo.IftheFreeBSDhasmanyslices,theyaretheonenotlistedinthefdisktable,butvisible in/dev/sda*or/dev/hda*.

#f d i s k/ d e v / s d a #F i n dt h eF r e e B S Dp a r t i t i o n / d e v / s d a 3 * 5 3 5 7 7 9 0 5 2 0 4 7 4 8 4 2 + a 5 F r e e B S D #m o u n ttu f sou f s t y p e = u f s 2 , r o/ d e v / s d a 3/ m n t / d e v / s d a 1 0=/ t m p ;/ d e v / s d a 1 1/ u s r #T h eo t h e rs l i c e s
Re mount
9/49
11/20/13
Unix Toolbox
Remountadevicewithoutunmountingit.Necessaryforfsckforexample
#m o u n tor e m o u n t , r o/ #m o u n tor ou/ #L i n u x #F r e e B S D
Copytherawdatafromacdromintoanisoimage(default512blocksizemightcauseproblems):
#d di f = / d e v / c d 0 co f = f i l e . i s ob s = 2 0 4 8
Vir tualbox Allowashareonthehost:

#V B o x M a n a g es h a r e d f o l d e ra d d" G u e s t N a m e "n a m e" s h a r e "h o s t p a t h" C : \ h o s t s h a r e "
Mountshareonguest(linux,FreeBSD)
#s u d om o u n ttv b o x s fs h a r e/ h o m e / v b o x s h a r e#ou i d = 1 0 0 0 , g i d = 1 0 0 0( a sa p p r o p r i a t e ) s h a r e/ h o m e / c o l i n / s h a r ev b o x s fd e f a u l t s , u i d = c o l i n00#f s t a be n t r y
OSX
#d i s k u t i ll i s t #L i s tt h ep a r t i t i o n so fad i s k #d i s k u t i lu n m o u n t D i s k/ d e v / d i s k 1 #U n m o u n ta ne n t i r ed i s k( a l lv o l u m e s ) #c h f l a g sh i d d e n~ / D o c u m e n t s / f o l d e r #H i d ef o l d e r( r e v e r s ew i t hu n h i d d e n )
3. 7 Add swap on t he fly

Supposeyouneedmoreswap(rightnow),saya2GBfile/swap2gb(Linuxonly).
#d di f = / d e v / z e r oo f = / s w a p 2 g bb s = 1 0 2 4 kc o u n t = 2 0 0 0 #m k s w a p/ s w a p 2 g b #c r e a t et h es w a pa r e a #s w a p o n/ s w a p 2 g b #a c t i v a t et h es w a p .I tn o wi nu s e #s w a p o f f/ s w a p 2 g b #w h e nd o n ed e a c t i v a t et h es w a p #r m/ s w a p 2 g b
3. 8 Mount an SMB shar e

SupposewewanttoaccesstheSMBsharemyshareonthecomputersmbserver,theaddressastyped onaWindowsPCis\\smbserver\myshare\.Wemounton/mnt/smbshare.Warning>cifswantsanIPor DNSname,notaWindowsname. Linux/OSX
#s m b c l i e n tUu s e rI1 9 2 . 1 6 8 . 1 6 . 2 2 9L/ / s m b s h a r e / #L i s tt h es h a r e s #m o u n tts m b f sou s e r n a m e = w i n u s e r/ / s m b s e r v e r / m y s h a r e/ m n t / s m b s h a r e #m o u n ttc i f sou s e r n a m e = w i n u s e r , p a s s w o r d = w i n p w d/ / 1 9 2 . 1 6 8 . 1 6 . 2 2 9 / m y s h a r e/ m n t / s h a r e
MoundSambasharethroughsshtunnel
#s s hCfNp2 0 0 2 2L4 4 5 : 1 2 7 . 0 . 0 . 1 : 4 4 5m e @ s e r v e r #c o n n e c to n2 0 0 2 2 ,t u n n e l4 4 5 #m o u n tts m b f s/ / c o l i n @ l o c a l h o s t / c o l i n~ / m n t #m o u n t _ s m b f s/ / c o l i n : m y p a s s w o r d @ 1 2 7 . 0 . 0 . 1 / p r i v a t e/ V o l u m e s / p r i v a t e#Iu s et h i so nO S X+s s h
Additionally with the package mount.cifs it is possible to store the credentials in a file, for example / h o m e / u s e r / . s m b :
u s e r n a m e = w i n u s e r p a s s w o r d = w i n p w d
Andmountasfollow:
#m o u n ttc i f soc r e d e n t i a l s = / h o m e / u s e r / . s m b/ / 1 9 2 . 1 6 8 . 1 6 . 2 2 9 / m y s h a r e/ m n t / s m b s h a r e
Fr e e BSD UseItogivetheIP(orDNSname)smbserveristheWindowsname.
#s m b u t i lv i e wI1 9 2 . 1 6 8 . 1 6 . 2 2 9/ / w i n u s e r @ s m b s e r v e r #L i s tt h es h a r e s #m o u n t _ s m b f sI1 9 2 . 1 6 8 . 1 6 . 2 2 9/ / w i n u s e r @ s m b s e r v e r / m y s h a r e/ m n t / s m b s h a r e
3. 9 Mount an image
#h d i u t i lm o u n ti m a g e . i s o #O SX
Linuxloopback
#m o u n tti s o 9 6 6 0ol o o pf i l e . i s o/ m n t #m o u n tte x t 3ol o o pf i l e . i m g/ m n t #M o u n taC Di m a g e #M o u n ta ni m a g ew i t he x t 3f s
Fr e e BSD Withmemorydevice(do#kldloadmd.koifnecessary):
11/20/13
Unix Toolbox
#m d c o n f i gatv n o d eff i l e . i s ou0 #m o u n ttc d 9 6 6 0/ d e v / m d 0/ m n t #u m o u n t/ m n t ;m d c o n f i gdu0
#C l e a n u pt h em dd e v i c e
Orwithvirtualnode:
#v n c o n f i g/ d e v / v n 0 cf i l e . i s o ;m o u n ttc d 9 6 6 0/ d e v / v n 0 c/ m n t #u m o u n t/ m n t ;v n c o n f i gu/ d e v / v n 0 c #C l e a n u pt h ev nd e v i c e
Solar isandFr e e BSD withloopbackfileinterfaceorlofi:

#l o f i a d maf i l e . i s o #m o u n tFh s f sor o/ d e v / l o f i / 1/ m n t #u m o u n t/ m n t ;l o f i a d md/ d e v / l o f i / 1 #C l e a n u pt h el o f id e v i c e
3. 10 Cr eat e and bur n an ISO image

ThiswillcopythecdorDVDsectorforsector.Withoutc o n v = n o t r u n c ,theimagewillbesmallerifthereis lesscontentonthecd.Seebelowandtheddexamples.
#d di f = / d e v / h d co f = / t m p / m y c d . i s ob s = 2 0 4 8c o n v = n o t r u n c
Use mkisofs to create a CD/DVD image from files in a directory. To overcome the file names restrictions: r enables the Rock Ridge extensions common to UNIX systems, J enables Joliet extensionsusedbyMicrosoftsystems.LallowsISO9660filenamestobeginwithaperiod.
#m k i s o f sJLrVT I T L Eoi m a g e f i l e . i s o/ p a t h / t o / d i r #h d i u t i lm a k e h y b r i di s oj o l i e tod i r . i s od i r / #O SX
OnFreeBSD,mkisofsisfoundintheportsinsysutils/cdrtools. Bur naCD/DVDISOimage FreeBSD FreeBSDdoesnotenableDMAonATAPIdrivesbydefault.DMAisenabledwiththesysctlcommand andtheargumentsbelow,orwith/boot/loader.confwiththefollowingentries:

h w . a t a . a t a _ d m a = " 1 " h w . a t a . a t a p i _ d m a = " 1 "
Useb u r n c d withanATAPIdevice(b u r n c d ispartofthebasesystem)and c d r e c o r d (insysutils/cdrtools) withaSCSIdrive.

#b u r n c df/ d e v / a c d 0d a t ai m a g e f i l e . i s of i x a t e #F o rA T A P Id r i v e #c d r e c o r ds c a n b u s #T of i n dt h eb u r n e rd e v i c e( l i k e1 , 0 , 0 ) #c d r e c o r dd e v = 1 , 0 , 0i m a g e f i l e . i s o
Linux Also use c d r e c o r d with Linux as described above. Additionally it is possible to use the native ATAPI interfacewhichisfoundwith:
#c d r e c o r dd e v = A T A P Is c a n b u s
AndburntheCD/DVDasabove. dvd+rwtools Thedvd+rwtoolspackage(FreeBSD:ports/sysutils/dvd+rwtools)candoitallandincludes g r o w i s o f s toburnCDsorDVDs.Theexamplesrefertothedvddeviceas / d e v / d v d whichcouldbeasymlinkto / d e v / s c d 0 (typical scsi on Linux) or / d e v / c d 0 (typical FreeBSD) or / d e v / r c d 0 c (typical NetBSD/OpenBSDcharacterSCSI)or / d e v / r d s k / c 0 t 1 d 0 s 2 (SolarisexampleofacharacterSCSI/ATAPI CDROM device). There is a nice documentation with examples on the FreeBSD handbook chapter 18.7http://www.f reebsd.org/handbook/creatingdv ds.html.
#d v d c o m p a tc l o s e st h ed i s k #g r o w i s o f sd v d c o m p a tZ/ d e v / d v d = i m a g e f i l e . i s o #B u r ne x i s t i n gi s oi m a g e #g r o w i s o f sd v d c o m p a tZ/ d e v / d v dJR/ p / t o / d a t a #B u r nd i r e c t l y
Conv e r taNe r o.nr gfile to.iso Nerosimplyaddsa300Kbheadertoanormalisoimage.Thiscanbetrimmedwithdd.

#d db s = 1 ki f = i m a g e f i l e . n r go f = i m a g e f i l e . i s os k i p = 3 0 0
Conv e r tabin/cue image to.iso The little b c h u n k programhttp://f reshmeat.net/projects/bchunk/ can do this. It is in the FreeBSD ports in
11/20/13
Unix Toolbox
sysutils/bchunk.
#b c h u n ki m a g e f i l e . b i ni m a g e f i l e . c u ei m a g e f i l e . i s o
3. 11 Cr eat e a file based image

Forexampleapartitionof1GBusingthefile/usr/vdisk.img.Hereweusethevnode0,butitcouldalso be1. Fr e e BSD
#d di f = / d e v / r a n d o mo f = / u s r / v d i s k . i m gb s = 1 Kc o u n t = 1 M #m d c o n f i gatv n o d ef/ u s r / v d i s k . i m gu0 #C r e a t e sd e v i c e/ d e v / m d 1 #b s d l a b e lw/ d e v / m d 0 #n e w f s/ d e v / m d 0 c #m o u n t/ d e v / m d 0 c/ m n t #u m o u n t/ m n t ;m d c o n f i gdu0 ;r m/ u s r / v d i s k . i m g #C l e a n u pt h em dd e v i c e
The file based image can be automatically mounted during boot with an entry in /etc/rc.conf and /etc/fstab. Test your setup with # / e t c / r c . d / m d c o n f i g s t a r t (first delete the md0 device with # m d c o n f i gdu0 ). NotehoweverthatthisautomaticsetupwillonlyworkifthefileimageisNOTontherootpartition.The reasonisthatthe/etc/rc.d/mdconfigscriptisexecutedveryearlyduringbootandtherootpartitionis still readonly. Images located outside the root partition will be mounted later with the script /etc/rc.d/mdconfig2. /boot/loader.conf:
m d _ l o a d = " Y E S "
/etc/rc.conf:
#m d c o n f i g _ m d 0 = " tv n o d ef/ u s r / v d i s k . i m g " #/ u s ri sn o to nt h er o o tp a r t i t i o n
/etc/fstab:(The00attheendisimportant,ittellfscktoignorethisdevice,asisdoesnotexistyet)
/ d e v / m d 0 / u s r / v d i s k u f s r w 0 0
Itisalsopossibletoincreasethesizeoftheimageafterward,sayforexample300MBlarger.
#u m o u n t/ m n t ;m d c o n f i gdu0 #d di f = / d e v / z e r ob s = 1 mc o u n t = 3 0 0> >/ u s r / v d i s k . i m g #m d c o n f i gatv n o d ef/ u s r / v d i s k . i m gu0 #g r o w f s/ d e v / m d 0 #m o u n t/ d e v / m d 0 c/ m n t
#F i l ep a r t i t i o ni sn o w3 0 0M Bl a r g e r
Linux
#d di f = / d e v / z e r oo f = / u s r / v d i s k . i m gb s = 1 0 2 4 kc o u n t = 1 0 2 4 #m k f s . e x t 3/ u s r / v d i s k . i m g #m o u n tol o o p/ u s r / v d i s k . i m g/ m n t #u m o u n t/ m n t ;r m/ u s r / v d i s k . i m g #C l e a n u p
Linuxwithlose tup / d e v / z e r o ismuchfasterthanu r a n d o m ,butlesssecureforencryption.

#d di f = / d e v / u r a n d o mo f = / u s r / v d i s k . i m gb s = 1 0 2 4 kc o u n t = 1 0 2 4 #l o s e t u p/ d e v / l o o p 0/ u s r / v d i s k . i m g #C r e a t e sa n da s s o c i a t e s/ d e v / l o o p 0 #m k f s . e x t 3/ d e v / l o o p 0 #m o u n t/ d e v / l o o p 0/ m n t #l o s e t u pa #C h e c ku s e dl o o p s #u m o u n t/ m n t #l o s e t u pd/ d e v / l o o p 0 #D e t a c h #r m/ u s r / v d i s k . i m g
3. 12 Cr eat e a memor y file syst em

A memory based file system is very fast for heavy IO application. How to create a 64 MB partition mountedon/memdisk: Fr e e BSD
#m o u n t _ m f sor ws6 4 Mm d/ m e m d i s k #u m o u n t/ m e m d i s k ;m d c o n f i gdu0 m d / m e m d i s k m f s r w , s 6 4 M 0 0 #C l e a n u pt h em dd e v i c e #/ e t c / f s t a be n t r y
Linux
#m o u n ttt m p f so s i z e = 6 4 mt m p f s/ m e m d i s k
12/49
11/20/13
Unix Toolbox
3. 13 Disk per for mance

Readandwritea1GBfileonpartitionad4s3c(/home)
#t i m ed di f = / d e v / a d 4 s 3 co f = / d e v / n u l lb s = 1 0 2 4 kc o u n t = 1 0 0 0 #t i m ed di f = / d e v / z e r ob s = 1 0 2 4 kc o u n t = 1 0 0 0o f = / h o m e / 1 G b . f i l e #h d p a r mt T/ d e v / h d a #L i n u xo n l y
4 NE T W O R K
Routing|AdditionalIP|ChangeMAC|Ports|Firewall|IPForward|NAT|DNS|DHCP|Traffic|QoS| NIS|Netcat
4. 1 Debugging ( See also Tr affic analysis)

Linux
#e t h t o o le t h 0 #S h o wt h ee t h e r n e ts t a t u s( r e p l a c e sm i i d i a g ) #e t h t o o lse t h 0s p e e d1 0 0d u p l e xf u l l#F o r c e1 0 0 M b i tF u l ld u p l e x #e t h t o o lse t h 0a u t o n e go f f#D i s a b l ea u t on e g o t i a t i o n #e t h t o o lpe t h 1 #B l i n kt h ee t h e r n e tl e d-v e r yu s e f u lw h e ns u p p o r t e d #i pl i n ks h o w #D i s p l a ya l li n t e r f a c e so nL i n u x( s i m i l a rt oi f c o n f i g ) #i pl i n ks e te t h 0u p #B r i n gd e v i c eu p( o rd o w n ) .S a m ea s" i f c o n f i ge t h 0u p " #i pa d d rs h o w #D i s p l a ya l lI Pa d d r e s s e so nL i n u x( s i m i l a rt oi f c o n f i g ) #i pn e i g hs h o w #S i m i l a rt oa r pa
Othe r OSe s
#i f c o n f i gf x p 0 #C h e c kt h e" m e d i a "f i e l do nF r e e B S D #a r pa #C h e c kt h er o u t e r( o rh o s t )A R Pe n t r y( a l lO S ) #p i n gc b . v u #T h ef i r s tt h i n gt ot r y . . . #t r a c e r o u t ec b . v u #P r i n tt h er o u t ep a t ht od e s t i n a t i o n #i f c o n f i gf x p 0m e d i a1 0 0 b a s e T Xm e d i a o p tf u l l d u p l e x#1 0 0 M b i tf u l ld u p l e x( F r e e B S D ) #n e t s t a ts #S y s t e m w i d es t a t i s t i c sf o re a c hn e t w o r kp r o t o c o l
Additionalcommandswhicharenotalwaysinstalledperdefaultbuteasytofind:
#a r p i n g1 9 2 . 1 6 8 . 1 6 . 2 5 4 #P i n go ne t h e r n e tl a y e r #t c p t r a c e r o u t ef5c b . v u #u s e st c pi n s t e a do fi c m pt ot r a c et h r o u g hf i r e w a l l s
4. 2 Rout ing
Pr intr outingtable
#r o u t en #n e t s t a tr n #r o u t ep r i n t #L i n u xo ru s e" i pr o u t e " #L i n u x ,B S Da n dU N I X #W i n d o w s
Addandde le te ar oute FreeBSD

#r o u t ea d d2 1 2 . 1 1 7 . 0 . 0 / 1 61 9 2 . 1 6 8 . 1 . 1 #r o u t ed e l e t e2 1 2 . 1 1 7 . 0 . 0 / 1 6 #r o u t ea d dd e f a u l t1 9 2 . 1 6 8 . 1 . 1
Addtheroutepermanentlyin/etc/rc.conf
s t a t i c _ r o u t e s = " m y r o u t e " r o u t e _ m y r o u t e = " n e t2 1 2 . 1 1 7 . 0 . 0 / 1 61 9 2 . 1 6 8 . 1 . 1 "
Linux
#r o u t ea d dn e t1 9 2 . 1 6 8 . 2 0 . 0n e t m a s k2 5 5 . 2 5 5 . 2 5 5 . 0g w1 9 2 . 1 6 8 . 1 6 . 2 5 4 #i pr o u t ea d d1 9 2 . 1 6 8 . 2 0 . 0 / 2 4v i a1 9 2 . 1 6 8 . 1 6 . 2 5 4 #s a m ea sa b o v ew i t hi pr o u t e #r o u t ea d dn e t1 9 2 . 1 6 8 . 2 0 . 0n e t m a s k2 5 5 . 2 5 5 . 2 5 5 . 0d e ve t h 0 #r o u t ea d dd e f a u l tg w1 9 2 . 1 6 8 . 5 1 . 2 5 4 #i pr o u t ea d dd e f a u l tv i a1 9 2 . 1 6 8 . 5 1 . 2 5 4d e ve t h 0 #s a m ea sa b o v ew i t hi pr o u t e #r o u t ed e l e t en e t1 9 2 . 1 6 8 . 2 0 . 0n e t m a s k2 5 5 . 2 5 5 . 2 5 5 . 0
Solaris
#r o u t ea d dn e t1 9 2 . 1 6 8 . 2 0 . 0n e t m a s k2 5 5 . 2 5 5 . 2 5 5 . 01 9 2 . 1 6 8 . 1 6 . 2 5 4 #r o u t ea d dd e f a u l t1 9 2 . 1 6 8 . 5 1 . 2 5 41 #1=h o p st ot h en e x tg a t e w a y #r o u t ec h a n g ed e f a u l t1 9 2 . 1 6 8 . 5 0 . 2 5 41
Permanententriesaresetinentryin/ e t c / d e f a u l t r o u t e r . W indows
#R o u t ea d d1 9 2 . 1 6 8 . 5 0 . 0m a s k2 5 5 . 2 5 5 . 2 5 5 . 01 9 2 . 1 6 8 . 5 1 . 2 5 3
13/49
11/20/13
Unix Toolbox
#R o u t ea d d0 . 0 . 0 . 0m a s k0 . 0 . 0 . 01 9 2 . 1 6 8 . 5 1 . 2 5 4
Useaddptomaketheroutepersistent.
4. 3 Configur e addit ional IP addr esses

Linux
#i f c o n f i ge t h 01 9 2 . 1 6 8 . 5 0 . 2 5 4n e t m a s k2 5 5 . 2 5 5 . 2 5 5 . 0 #i f c o n f i ge t h 0 : 01 9 2 . 1 6 8 . 5 1 . 2 5 4n e t m a s k2 5 5 . 2 5 5 . 2 5 5 . 0 #i pa d d ra d d1 9 2 . 1 6 8 . 5 0 . 2 5 4 / 2 4d e ve t h 0 #i pa d d ra d d1 9 2 . 1 6 8 . 5 1 . 2 5 4 / 2 4d e ve t h 0l a b e le t h 0 : 1 #F i r s tI P #S e c o n dI P #E q u i v a l e n ti pc o m m a n d s
Fr e e BSD
#i f c o n f i gf x p 0i n e t1 9 2 . 1 6 8 . 5 0 . 2 5 4 / 2 4 #F i r s tI P #i f c o n f i gf x p 0a l i a s1 9 2 . 1 6 8 . 5 1 . 2 5 4n e t m a s k2 5 5 . 2 5 5 . 2 5 5 . 0#S e c o n dI P #i f c o n f i gf x p 0a l i a s1 9 2 . 1 6 8 . 5 1 . 2 5 4 #R e m o v es e c o n dI Pa l i a s
Permanententriesin/etc/rc.conf
i f c o n f i g _ f x p 0 = " i n e t1 9 2 . 1 6 8 . 5 0 . 2 5 4 n e t m a s k2 5 5 . 2 5 5 . 2 5 5 . 0 " i f c o n f i g _ f x p 0 _ a l i a s 0 = " 1 9 2 . 1 6 8 . 5 1 . 2 5 4n e t m a s k2 5 5 . 2 5 5 . 2 5 5 . 0 "
Solar is Checkthesettingswithi f c o n f i ga
#i f c o n f i gh m e 0p l u m b #E n a b l et h en e t w o r kc a r d #i f c o n f i gh m e 01 9 2 . 1 6 8 . 5 0 . 2 5 4n e t m a s k2 5 5 . 2 5 5 . 2 5 5 . 0u p #F i r s tI P #i f c o n f i gh m e 0 : 11 9 2 . 1 6 8 . 5 1 . 2 5 4n e t m a s k2 5 5 . 2 5 5 . 2 5 5 . 0u p #S e c o n dI P
4. 4 Change MAC addr ess

Normallyyouhavetobringtheinterfacedownbeforethechange.Don'ttellmewhyyouwanttochange theMACaddress...
#i f c o n f i ge t h 0d o w n #i f c o n f i ge t h 0h we t h e r0 0 : 0 1 : 0 2 : 0 3 : 0 4 : 0 5 #i f c o n f i gf x p 0l i n k0 0 : 0 1 : 0 2 : 0 3 : 0 4 : 0 5 #i f c o n f i gh m e 0e t h e r0 0 : 0 1 : 0 2 : 0 3 : 0 4 : 0 5 #s u d oi f c o n f i ge n 0e t h e r0 0 : 0 1 : 0 2 : 0 3 : 0 4 : 0 5 #s u d oi f c o n f i ge n 0l l a d d r0 0 : 0 1 : 0 2 : 0 3 : 0 4 : 0 5 #L i n u x #F r e e B S D #S o l a r i s #O SXT i g e r ,S n o wL e o p a r dL A N * #O SXL e o p a r d
*Typicalwirelessinterfaceise n 1 andneedsdodisassociatefromanynetworkfirst(osxdailyhowto).
#e c h o" a l i a sa i r p o r t = ' / S y s t e m / L i b r a r y / P r i v a t e F r a m e w o r k s / A p p l e 8 0 2 1 1 . f r a m e w o r k / V e r s i o n s / C u r r e n t / R e s o u r c e s / a i r p o r t ' " \ > >~ / . b a s h _ p r o f i l e #o rs y m l i n kt o/ u s r / s b i n #a i r p o r tz #D i s a s s o c i a t ef r o mw i r e l e s sn e t w o r k s #a i r p o r tI #G e ti n f of r o mw i r e l e s sn e t w o r k
Many tools exist for Windows. For example etherchangehttp://ntsecurity .nu/toolbox/etherchange. Or look for "Mac Makeup","smac".
4. 5 Por t s in use
Listeningopenports:
#n e t s t a ta n|g r e pL I S T E N #l s o fi #L i n u xl i s ta l lI n t e r n e tc o n n e c t i o n s #s o c k l i s t #L i n u xd i s p l a yl i s to fo p e ns o c k e t s #s o c k s t a t4 #F r e e B S Da p p l i c a t i o nl i s t i n g #n e t s t a ta n pu d pt c p|g r e pL I S T E N #L i n u x #n e t s t a tt u p #L i s ta c t i v ec o n n e c t i o n st o / f r o ms y s t e m( L i n u x ) #n e t s t a tt u p l #L i s tl i s t e n i n gp o r t sf r o ms y s t e m( L i n u x ) #n e t s t a ta n o #W i n d o w s
4. 6 Fir ewall
Checkifafirewallisrunning(typicalconfigurationonly): Linux
#i p t a b l e sLnv O p e nt h ei p t a b l e sf i r e w a l l #i p t a b l e sPI N P U T A C C E P T #i p t a b l e sPF O R W A R D A C C E P T #i p t a b l e sPO U T P U T A C C E P T #i p t a b l e sZ #i p t a b l e sF #i p t a b l e sX #F o rs t a t u s #O p e ne v e r y t h i n g #Z e r ot h ep a c k e ta n db y t ec o u n t e r si na l lc h a i n s #F l u s ha l lc h a i n s #D e l e t ea l lc h a i n s
14/49
11/20/13
Unix Toolbox
Fr e e BSD
#i p f ws h o w #F o rs t a t u s #i p f wl i s t6 5 5 3 5#i fa n s w e ri s" 6 5 5 3 5d e n yi pf r o ma n yt oa n y "t h ef wi sd i s a b l e d #s y s c t ln e t . i n e t . i p . f w . e n a b l e = 0 #D i s a b l e #s y s c t ln e t . i n e t . i p . f w . e n a b l e = 1 #E n a b l e
4. 7 IP For war d for r out ing

Linux CheckandthenenableIPforwardwith:
#c a t/ p r o c / s y s / n e t / i p v 4 / i p _ f o r w a r d #C h e c kI Pf o r w a r d0 = o f f ,1 = o n #e c h o1>/ p r o c / s y s / n e t / i p v 4 / i p _ f o r w a r d
oredit/etc/sysctl.confwith:
n e t . i p v 4 . i p _ f o r w a r d=1
Fr e e BSD Checkandenablewith:
#s y s c t ln e t . i n e t . i p . f o r w a r d i n g #C h e c kI Pf o r w a r d0 = o f f ,1 = o n #s y s c t ln e t . i n e t . i p . f o r w a r d i n g = 1 #s y s c t ln e t . i n e t . i p . f a s t f o r w a r d i n g = 1 #F o rd e d i c a t e dr o u t e ro rf i r e w a l l P e r m a n e n tw i t he n t r yi n/ e t c / r c . c o n f : g a t e w a y _ e n a b l e = " Y E S " #S e tt oY E Si ft h i sh o s tw i l lb eag a t e w a y .
Solar is
#n d ds e t/ d e v / i pi p _ f o r w a r d i n g1 #S e tI Pf o r w a r d0 = o f f ,1 = o n
4. 8 NAT Net wor k Addr ess Tr anslat ion

Linux
#i p t a b l e stn a tAP O S T R O U T I N Goe t h 0jM A S Q U E R A D E #t oa c t i v a t eN A T #i p t a b l e stn a tAP R E R O U T I N Gpt c pd7 8 . 3 1 . 7 0 . 2 3 8d p o r t2 0 0 2 2jD N A T\ t o1 9 2 . 1 6 8 . 1 6 . 4 4 : 2 2 #P o r tf o r w a r d2 0 0 2 2t oi n t e r n a lI Pp o r ts s h #i p t a b l e stn a tAP R E R O U T I N Gpt c pd7 8 . 3 1 . 7 0 . 2 3 8d p o r t9 9 3 : 9 9 5jD N A T\ t o1 9 2 . 1 6 8 . 1 6 . 2 5 4 : 9 9 3 9 9 5 #P o r tf o r w a r do fr a n g e9 9 3 9 9 5 #i pr o u t ef l u s hc a c h e #i p t a b l e sLtn a t #C h e c kN A Ts t a t u s
Delete the port forward with D instead of A. The program netstatnathttp://tweegy .nl/projects/netstatnat is very usefultotrackconnections(ituses/ p r o c / n e t / i p _ c o n n t r a c k or/ p r o c / n e t / n f _ c o n n t r a c k ).
#n e t s t a t n a tn #s h o wa l lc o n n e c t i o n sw i t hI P s
Fr e e BSD
#n a t dsmud y n a m i cf/ e t c / n a t d . c o n fnf x p 0 O re d i t/ e t c / r c . c o n fw i t h : f i r e w a l l _ e n a b l e = " Y E S " #S e tt oY E St oe n a b l ef i r e w a l lf u n c t i o n a l i t y f i r e w a l l _ t y p e = " o p e n " #F i r e w a l lt y p e( s e e/ e t c / r c . f i r e w a l l ) n a t d _ e n a b l e = " Y E S " #E n a b l en a t d( i ff i r e w a l l _ e n a b l e= =Y E S ) . n a t d _ i n t e r f a c e = " t u n 0 " #P u b l i ci n t e r f a c eo rI Pa d d r e s st ou s e . n a t d _ f l a g s = " smud y n a m i cf/ e t c / n a t d . c o n f "
Portforwardwith:
#c a t/ e t c / n a t d . c o n f s a m e _ p o r t sy e s u s e _ s o c k e t sy e s u n r e g i s t e r e d _ o n l y #r e d i r e c t _ p o r tt c pi n s i d e I P : 2 3 0 0 2 3 9 93 3 0 0 3 3 9 9 #p o r tr a n g e r e d i r e c t _ p o r tu d p1 9 2 . 1 6 8 . 5 1 . 1 0 3 : 7 7 7 77 7 7 7
4. 9 DNS
On Unix the DNS entries are valid for all interfaces and are stored in /etc/resolv.conf. The domain to whichthehostbelongsisalsostoredinthisfile.Aminimalconfigurationis:
n a m e s e r v e r7 8 . 3 1 . 7 0 . 2 3 8 s e a r c hs l e e p y o w l . n e ti n t e r n . l a b d o m a i ns l e e p y o w l . n e t
Checkthesystemdomainnamewith:
#h o s t n a m ed #S a m ea sd n s d o m a i n n a m e
15/49
11/20/13
Unix Toolbox
Windows OnWindowstheDNSareconfiguredperinterface.TodisplaytheconfiguredDNSandtoflushtheDNS cacheuse:

#i p c o n f i g/ ? #i p c o n f i g/ a l l #D i s p l a yh e l p #S e ea l li n f o r m a t i o ni n c l u d i n gD N S
FlushDNS FlushtheOSDNScache,someapplicationusingtheirowncache(e.g.Firefox)andwillbeunaffected.
#/ e t c / i n i t . d / n s c dr e s t a r t #l o o k u p df l u s h c a c h e #d s c a c h e u t i lf l u s h c a c h e #i p c o n f i g/ f l u s h d n s #R e s t a r tn s c di fu s e d-L i n u x / B S D / S o l a r i s #O SXT i g e r #O SXL e o p a r da n dn e w e r #W i n d o w s
For war dque r ie s Dig is you friend to test the DNS settings. For example the public DNS server 2 1 3 . 1 3 3 . 1 0 5 . 2 n s . s e c o n d n s . d e can be used for testing. See from which server the client receives the answer (simplifiedanswer).
#d i gs l e e p y o w l . n e t s l e e p y o w l . n e t . 6 0 0 I N A ; ;S E R V E R :1 9 2 . 1 6 8 . 5 1 . 2 5 4 # 5 3 ( 1 9 2 . 1 6 8 . 5 1 . 2 5 4 ) 7 8 . 3 1 . 7 0 . 2 3 8
Therouter192.168.51.254answeredandtheresponseistheAentry.Anyentrycanbequeriedand theDNSservercanbeselectedwith@:
#d i gM Xg o o g l e . c o m #d i g@ 1 2 7 . 0 . 0 . 1N Ss u n . c o m #T ot e s tt h el o c a ls e r v e r #d i g@ 2 0 4 . 9 7 . 2 1 2 . 1 0N SM Xh e i s e . d e #Q u e r ya ne x t e r n a ls e r v e r #d i gA X F R@ n s 1 . x n a m e . o r gc b . v u #G e tt h ef u l lz o n e( z o n et r a n s f e r )
Theprogramhostisalsopowerful.
#h o s ttM Xc b . v u #h o s ttN STs u n . c o m #h o s tas l e e p y o w l . n e t #G e tt h em a i lM Xe n t r y #G e tt h eN Sr e c o r do v e raT C Pc o n n e c t i o n #G e te v e r y t h i n g
Re v e r se que r ie s Find the name belonging to an IP address (inaddr.arpa.). This can be done with d i g , h o s t and n s l o o k u p :
#d i gx7 8 . 3 1 . 7 0 . 2 3 8 #h o s t7 8 . 3 1 . 7 0 . 2 3 8 #n s l o o k u p7 8 . 3 1 . 7 0 . 2 3 8
/e tc/hosts Single hosts can be configured in the file /etc/hosts instead of running n a m e d locally to resolve the hostnamequeries.Theformatissimple,forexample:
7 8 . 3 1 . 7 0 . 2 3 8 s l e e p y o w l . n e t s l e e p y o w l
The priority between hosts and a dns query, that is the name resolution order, can be configured in / e t c / n s s w i t c h . c o n f AND/etc/host.conf.ThefilealsoexistsonWindows,itisusuallyin:
C : \ W I N D O W S \ S Y S T E M 3 2 \ D R I V E R S \ E T C
4. 10 DHCP
Linux Somedistributions(SuSE)usedhcpcdasclient.Thedefaultinterfaceiseth0.
#d h c p c dne t h 0 #d h c p c dke t h 0 #T r i g g e rar e n e w( d o e sn o ta l w a y sw o r k ) #r e l e a s ea n ds h u t d o w n
Theleasewiththefullinformationisstoredin:
/ v a r / l i b / d h c p c d / d h c p c d e t h 0 . i n f o
Fr e e BSD FreeBSD(andDebian)usesdhclient.Toconfigureaninterface(forexamplebge0)run:
#d h c l i e n tb g e 0
Theleasewiththefullinformationisstoredin:
/ v a r / d b / d h c l i e n t . l e a s e s . b g e 0
Use
11/20/13
Unix Toolbox
/ e t c / d h c l i e n t . c o n f
toprependoptionsorforcedifferentoptions:
#c a t/ e t c / d h c l i e n t . c o n f i n t e r f a c e" r l 0 "{ p r e p e n dd o m a i n n a m e s e r v e r s1 2 7 . 0 . 0 . 1 ; d e f a u l td o m a i n n a m e" s l e e p y o w l . n e t " ; s u p e r s e d ed o m a i n n a m e" s l e e p y o w l . n e t " ; }
Windows Thedhcpleasecanberenewedwithi p c o n f i g :
#i p c o n f i g/ r e n e w #i p c o n f i g/ r e n e wL A N #i p c o n f i g/ r e l e a s eW L A N #r e n e wa l la d a p t e r s #r e n e wt h ea d a p t e rn a m e d" L A N " #r e l e a s et h ea d a p t e rn a m e d" W L A N "
Yesitisagoodideatorenameyouadapterwithsimplenames!
4. 11 Tr affic analysis
Bmonhttp://people.suug.ch/~tgr/bmon/ isasmallconsolebandwidthmonitorandcandisplaytheflowondifferent interfaces. Sniffwithtcpdump
#t c p d u m pn lib g e 0n o tp o r ts s ha n ds r c\ ( 1 9 2 . 1 6 8 . 1 6 . 1 2 1o r1 9 2 . 1 6 8 . 1 6 . 5 4 \ ) #t c p d u m pnie t h 1n e t1 9 2 . 1 6 8 . 1 6 . 1 2 1 #s e l e c tt o / f r o mas i n g l eI P #t c p d u m pnie t h 1n e t1 9 2 . 1 6 8 . 1 6 . 0 / 2 4 #s e l e c tt r a f f i ct o / f r o man e t w o r k #t c p d u m pl>d u m p& &t a i lfd u m p #B u f f e r e do u t p u t #t c p d u m pir l 0wt r a f f i c . r l 0 #W r i t et r a f f i ch e a d e r si nb i n a r yf i l e #t c p d u m pir l 0s0wt r a f f i c . r l 0 #W r i t et r a f f i c+p a y l o a di nb i n a r yf i l e #t c p d u m prt r a f f i c . r l 0 #R e a df r o mf i l e( a l s of o re t h e r e a l #t c p d u m pp o r t8 0 #T h et w oc l a s s i cc o m m a n d s #t c p d u m ph o s tg o o g l e . c o m #t c p d u m pie t h 0Xp o r t\ ( 1 1 0o r1 4 3 \ ) #C h e c ki fp o po ri m a pi ss e c u r e #t c p d u m pnie t h 0i c m p #O n l yc a t c hp i n g s #t c p d u m pie t h 0s0Ap o r t8 0|g r e pG E T #s0f o rf u l lp a c k e tAf o rA S C I I
Additionalimportantoptions:
A Printeachpacketsincleartext(withoutheader) X PrintpacketsinhexandASCII l Makestdoutlinebuffered D Printallinterfacesavailable
OnWindowsusewindumpfromwww.winpcap.org.UsewindumpDtolisttheinterfaces. Scanwithnmap Nmaphttp://insecure.org/nmap/ isaportscannerwithOSdetection,itisusuallyinstalledonmostdistributions andisalsoavailableforWindows.Ifyoudon'tscanyourservers,hackersdoitforyou...

#n m a pc b . v u #s c a n sa l lr e s e r v e dT C Pp o r t so nt h eh o s t #n m a ps P1 9 2 . 1 6 8 . 1 6 . 0 / 2 4#F i n do u tw h i c hI Pa r eu s e da n db yw h i c hh o s to n0 / 2 4 #n m a ps Ss VOc b . v u #D oas t e a l t hS Y Ns c a nw i t hv e r s i o na n dO Sd e t e c t i o n P O R T S T A T E S E R V I C E V E R S I O N 2 2 / t c p o p e n s s h O p e n S S H3 . 8 . 1 p 1F r e e B S D 2 0 0 6 0 9 3 0( p r o t o c o l2 . 0 ) 2 5 / t c p o p e n s m t p S e n d m a i ls m t p d8 . 1 3 . 6 / 8 . 1 3 . 6 8 0 / t c p o p e n h t t p A p a c h eh t t p d2 . 0 . 5 9( ( F r e e B S D )D A V / 2P H P / 4 . [ . . . ] R u n n i n g :F r e e B S D5 . X U p t i m e3 3 . 1 2 0d a y s( s i n c eF r iA u g3 11 1 : 4 1 : 0 42 0 0 7 )
Other non standard but useful tools are h p i n g (www.hping.org) an IP packet assembler/analyzer and f p i n g (fping.sourceforge.net).fpingcancheckmultiplehostsinaroundrobinfashion.
4. 12 Tr affic cont r ol ( QoS)

Trafficcontrolmanagesthequeuing,policing,scheduling,andothertrafficparametersforanetwork. ThefollowingexamplesaresimplepracticalusesoftheLinuxandFreeBSDcapabilitiestobetteruse theavailablebandwidth. Limitupload DSLorcablemodemshavealongqueuetoimprovetheuploadthroughput.Howeverfillingthequeue withafastdevice(e.g.ethernet)willdramaticallydecreasetheinteractivity.Itisthereforeusefultolimit
11/20/13
Unix Toolbox
the device upload rate to match the physical capacity of the modem, this should greatly improve the interactivity.Settoabout90%ofthemodemmaximal(cable)speed. Linux Fora512Kbituploadmodem.
#t cq d i s ca d dd e ve t h 0r o o tt b fr a t e4 8 0 k b i tl a t e n c y5 0 m sb u r s t1 5 4 0 #t csq d i s cl sd e ve t h 0 #S t a t u s #t cq d i s cd e ld e ve t h 0r o o t #D e l e t et h eq u e u e #t cq d i s cc h a n g ed e ve t h 0r o o tt b fr a t e2 2 0 k b i tl a t e n c y5 0 m sb u r s t1 5 4 0
FreeBSD FreeBSDusesthed u m m y n e t trafficshaperwhichisconfiguredwithipfw.Pipesareusedtosetlimitsthe bandwidthinunitsof[K|M]{bit/s|Byte/s},0meansunlimitedbandwidth.Usingthesamepipenumberwill reconfigureit.Forexamplelimittheuploadbandwidthto500Kbit.

#k l d l o a dd u m m y n e t #i p f wp i p e1c o n f i gb w5 0 0 K b i t / s #i p f wa d dp i p e1i pf r o mm et oa n y #l o a dt h em o d u l ei fn e c e s s a r y #c r e a t eap i p ew i t hl i m i t e db a n d w i d t h #d i v e r tt h ef u l lu p l o a di n t ot h ep i p e
Qualityofse r v ice Linux Priorityqueuingwitht c tooptimizeVoIP.Seethefullexampleonvoipinfo.orgorwww.howtoforge.com. Suppose VoIP uses udp on ports 10000:11024 and device eth0 (could also be ppp0 or so). The following commands define the QoS to three queues and force the VoIP traffic to queue 1 with QoS 0 x 1 e (allbitsset).Thedefaulttrafficflowsintoqueue3andQoSMinimizeDelayflowsintoqueue2.
#t cq d i s ca d dd e ve t h 0r o o th a n d l e1 :p r i op r i o m a p2222222211111110 #t cq d i s ca d dd e ve t h 0p a r e n t1 : 1h a n d l e1 0 :s f q #t cq d i s ca d dd e ve t h 0p a r e n t1 : 2h a n d l e2 0 :s f q #t cq d i s ca d dd e ve t h 0p a r e n t1 : 3h a n d l e3 0 :s f q #t cf i l t e ra d dd e ve t h 0p r o t o c o li pp a r e n t1 :p r i o1u 3 2\ m a t c hi pd p o r t1 0 0 0 00 x 3 C 0 0f l o w i d1 : 1 #u s es e r v e rp o r tr a n g e m a t c hi pd s t1 2 3 . 2 3 . 0 . 1f l o w i d1 : 1 #o r / a n du s es e r v e rI P
Statusandremovewith
#t csq d i s cl sd e ve t h 0 #t cq d i s cd e ld e ve t h 0r o o t #q u e u es t a t u s #d e l e t ea l lQ o S
Calculateportrangeandmask Thetcfilterdefinestheportrangewithportandmaskwhichyouhavetocalculate.Findthe2^Nending of the port range, deduce the range and convert to HEX. This is your mask. Example for 10000 > 11024,therangeis1024.
#2 ^ 1 3( 8 1 9 2 )<1 0 0 0 0<2 ^ 1 4( 1 6 3 8 4 ) #e c h o" o b a s e = 1 6 ; ( 2 ^ 1 4 ) 1 0 2 4 "|b c #e n d i n gi s2 ^ 1 4=1 6 3 8 4 #m a s ki s0 x 3 C 0 0
FreeBSD Themaxlinkbandwidthis500Kbit/sandwedefine3queueswithpriority100:10:1forVoIP:ssh:allthe rest.

#i p f wp i p e1c o n f i gb w5 0 0 K b i t / s #i p f wq u e u e1c o n f i gp i p e1w e i g h t1 0 0 #i p f wq u e u e2c o n f i gp i p e1w e i g h t1 0 #i p f wq u e u e3c o n f i gp i p e1w e i g h t1 #i p f wa d d1 0q u e u e1p r o t ou d pd s t p o r t1 0 0 0 0 1 1 0 2 4 #i p f wa d d1 1q u e u e1p r o t ou d pd s t i p1 2 3 . 2 3 . 0 . 1#o r / a n du s es e r v e rI P #i p f wa d d2 0q u e u e2d s p p o r ts s h #i p f wa d d3 0q u e u e3f r o mm et oa n y #a l lt h er e s t
Statusandremovewith
#i p f wl i s t #i p f wp i p el i s t #i p f wf l u s h #r u l e ss t a t u s #p i p es t a t u s #d e l e t e sa l lr u l e sb u td e f a u l t
4. 13 NIS Debugging
SomecommandswhichshouldworkonawellconfiguredNISclient:
#y p w h i c h #d o m a i n n a m e #y p c a tg r o u p #c d/ v a r / y p& &m a k e #g e tt h ec o n n e c t e dN I Ss e r v e rn a m e #T h eN I Sd o m a i nn a m ea sc o n f i g u r e d #s h o u l dd i s p l a yt h eg r o u pf r o mt h eN I Ss e r v e r #R e b u i l dt h ey pd a t a b a s e
18/49
11/20/13
Unix Toolbox
#r p c i n f ops e r v e r n a m e
#R e p o r tR P Cs e r v i c e so ft h es e r v e r
Isypbindrunning?
#p sa u x w w|g r e py p b i n d / u s r / s b i n / y p b i n dsmSs e r v e r n a m e 1 , s e r v e r n a m e 2 #F r e e B S D / u s r / s b i n / y p b i n d #L i n u x #y p p o l lp a s s w d . b y n a m e M a pp a s s w d . b y n a m eh a so r d e rn u m b e r1 1 9 0 6 3 5 0 4 1 .M o nS e p2 41 3 : 5 7 : 2 12 0 0 7 T h em a s t e rs e r v e ri ss e r v e r n a m e . d o m a i n . n e t .
Linux
#c a t/ e t c / y p . c o n f y p s e r v e rs e r v e r n a m e d o m a i nd o m a i n . n e tb r o a d c a s t
4. 14 Net cat
Netcathttp://netcat.sourcef orge.net (nc) is better known as the "network Swiss Army Knife", it can manipulate, createorread/writeTCP/IPconnections.Heresomeusefulexamples,therearemanymoreonthenet, for example gloaded.eu[...]http://www.gloaded.eu/2006/11/06/netcatacoupleof usef ulexamples and herehttp://www.terminally incoherent.com/blog/2007/08/07/f ewusef ulnetcattricks . Youmightneedtousethecommandn e t c a t insteadofn c .Alsoseethesimilarcommandsocat. File tr ansfe r Copyalargefolderoverarawtcpconnection.Thetransferisveryquick(noprotocoloverhead)and youdon'tneedtomessupwithNFSorSMBorFTPorso,simplymakethefileavailableontheserver, andgetitfromtheclient.Here192.168.1.1istheserverIPaddress.
s e r v e r #t a rc f-CV I D E O _ T S.|n clp4 4 4 4 c l i e n t #n c1 9 2 . 1 6 8 . 1 . 14 4 4 4|t a rx p f-CV I D E O _ T S s e r v e r #c a tl a r g e f i l e|n cl5 6 7 8 c l i e n t #n c1 9 2 . 1 6 8 . 1 . 15 6 7 8>l a r g e f i l e s e r v e r #d di f = / d e v / d a 0|n cl4 4 4 4 c l i e n t #n c1 9 2 . 1 6 8 . 1 . 14 4 4 4|d do f = / d e v / d a 0 c l i e n t #n c1 9 2 . 1 6 8 . 1 . 14 4 4 4|d do f = d a 0 . i m g #S e r v et a rf o l d e ro np o r t4 4 4 4 #P u l lt h ef i l eo np o r t4 4 4 4 #S e r v e ras i n g l ef i l e #P u l lt h es i n g l ef i l e #S e r v e rp a r t i t i o ni m a g e #P u l lp a r t i t i o nt oc l o n e #P u l lp a r t i t i o nt of i l e
Othe r hacks Speciallyhere,youmustknowwhatyouaredoing. Remoteshell OptioneonlyontheWindowsversion?Orusenc1.10.

#n cl p4 4 4 4e/ b i n / b a s h #n cl p4 4 4 4ec m d . e x e #P r o v i d ear e m o t es h e l l( s e r v e rb a c k d o o r ) #r e m o t es h e l lf o rW i n d o w s
Emergencywebserver Serveasinglefileonport80inaloop.
#w h i l et r u e ;d on clp8 0<u n i x t o o l b o x . x h t m l ;d o n e
Chat AliceandBobcanchatoverasimpleTCPsocket.Thetextistransferredwiththeenterkey.
a l i c e #n cl p4 4 4 4 b o b #n c1 9 2 . 1 6 8 . 1 . 14 4 4 4
5 S S H S C P
Publickey|Fingerprint|SCP|Tunneling Seeothertricks25sshcmdhttp://blog.urf ix.com/25sshcommandstricks/
5. 1 Public key aut hent icat ion

Connecttoahostwithoutpasswordusingpublickeyauthentication.Theideaistoappendyourpublic key to the authorized_keys2 file on the remote host. For this example let's connect hostclient to hostserver , the key is generated on the client. With cygwin you might have to create your home directoyandthe.sshdirectorywith# m k d i rp/ h o m e / U S E R / . s s h Usesshkeygentogenerateakeypair. ~ / . s s h / i d _ d s a istheprivatekey, ~ / . s s h / i d _ d s a . p u b is
11/20/13
Unix Toolbox
thepublickey. Copyonlythepublickeytotheserverandappendittothefile~ / . s s h / a u t h o r i z e d _ k e y s 2 onyour homeontheserver.

#s s h k e y g e ntd s aN' ' #c a t~ / . s s h / i d _ d s a . p u b|s s hy o u @ h o s t s e r v e r" c a t-> >~ / . s s h / a u t h o r i z e d _ k e y s 2 "
Usingthe Windowsclie ntfr omssh.com The non commercial version of the ssh.com client can be downloaded the main ftp site: ftp.ssh.com/pub/ssh/. Keys generated by the ssh.com client need to be converted for the OpenSSH server.Thiscanbedonewiththesshkeygencommand. Createakeypairwiththessh.comclient:SettingsUserAuthenticationGenerateNew.... IuseKeytypeDSAkeylength2048. Copythepublickeygeneratedbythessh.comclienttotheserverintothe~/.sshfolder. ThekeysareinC:\DocumentsandSettings\%USERNAME%\ApplicationData\SSH\UserKeys. Usethesshkeygencommandontheservertoconvertthekey:
#c d~ / . s s h #s s h k e y g e nifk e y f i l e n a m e . p u b> >a u t h o r i z e d _ k e y s 2
Notice:WeusedaDSAkey,RSAisalsopossible.Thekeyisnotprotectedbyapassword. Usingputtyfor Windows Puttyhttp://www.chiark.greenend.org.uk/~sgtatham/putty /download.htmlisasimpleandfreesshclientforWindows. CreateakeypairwiththepuTTYgenprogram. Save the public and private keys (for example Settings\%USERNAME%\.ssh). Copythepublickeytotheserverintothe~/.sshfolder:
#s c p. s s h / p u t t y k e y . p u br o o t @ 1 9 2 . 1 6 8 . 5 1 . 2 5 4 : . s s h /
into
C:\Documents
and
UsethesshkeygencommandontheservertoconvertthekeyforOpenSSH:
#c d~ / . s s h #s s h k e y g e nifp u t t y k e y . p u b> >a u t h o r i z e d _ k e y s 2
Pointtheprivatekeylocationintheputtysettings:ConnectionSSHAuth
5. 2 Check finger pr int

At the first login, ssh will ask if the unknown host with the fingerprint has to be stored in the known hosts. To avoid a maninthemiddle attack the administrator of the server can send you the server fingerprintwhichisthencomparedonthefirstlogin.Use s s h k e y g e nl to get the fingerprint (on the server):
#s s h k e y g e nlf/ e t c / s s h / s s h _ h o s t _ r s a _ k e y . p u b #F o rR S Ak e y 2 0 4 86 1 : 3 3 : b e : 9 b : a e : 6 c : 3 6 : 3 1 : f d : 8 3 : 9 8 : b 7 : 9 9 : 2 d : 9 f : c d/ e t c / s s h / s s h _ h o s t _ r s a _ k e y . p u b #s s h k e y g e nlf/ e t c / s s h / s s h _ h o s t _ d s a _ k e y . p u b #F o rD S Ak e y( d e f a u l t ) 2 0 4 81 4 : 4 a : a a : d 9 : 7 3 : 2 5 : 4 6 : 6 d : 0 a : 4 8 : 3 5 : c 7 : f 4 : 1 6 : d 4 : e e/ e t c / s s h / s s h _ h o s t _ d s a _ k e y . p u b
Nowtheclientconnectingtothisservercanverifythatheisconnectingtotherightserver:
#s s hl i n d a T h ea u t h e n t i c i t yo fh o s t' l i n d a( 1 9 2 . 1 6 8 . 1 6 . 5 4 ) 'c a n ' tb ee s t a b l i s h e d . D S Ak e yf i n g e r p r i n ti s1 4 : 4 a : a a : d 9 : 7 3 : 2 5 : 4 6 : 6 d : 0 a : 4 8 : 3 5 : c 7 : f 4 : 1 6 : d 4 : e e . A r ey o us u r ey o uw a n tt oc o n t i n u ec o n n e c t i n g( y e s / n o ) ?y e s
5. 3 Secur e file t r ansfer

Somesimplecommands:
#s c pf i l e . t x th o s t t w o : / t m p #s c pj o e @ h o s t t w o : / w w w / * . h t m l/ w w w / t m p #s c prj o e @ h o s t t w o : / w w w/ w w w / t m p
In Konqueror or Midnight Commander it is possible to access a remote file system with the address fish://user@gate .Howevertheimplementationisveryslow. Furthermoreitispossibletomountaremotefolderwith sshfsafilesystemclientbasedonSCP.See fusesshfshttp://f use.sourcef orge.net/sshf s.html.
s s h _ e x c h a n g e _ i d e n t i f i c a t i o n :C o n n e c t i o nc l o s e db yr e m o t eh o s t
20/49
11/20/13
Unix Toolbox
Withthiserrortrythefollowingontheserver:
e c h o' S S H D :A L L '> >/ e t c / h o s t s . a l l o w / e t c / i n i t . d / s s h dr e s t a r t
5. 4 Tunneling
SSHtunnelingallowstoforwardorreverseforwardaportovertheSSHconnection,thussecuringthe trafficandaccessingportswhichwouldotherwisebeblocked.ThisonlyworkswithTCP.Thegeneral nomenclatureforforwardandreverseis(seealsosshandNATexample):
#s s hLl o c a l p o r t : d e s t h o s t : d e s t p o r tu s e r @ g a t e #d e s t h o s ta ss e e nf r o mt h eg a t e #s s hRd e s t p o r t : d e s t h o s t : l o c a l p o r tu s e r @ g a t e #f o r w a r d sy o u rl o c a l p o r tt od e s t i n a t i o n #d e s t h o s t : l o c a l p o r ta ss e e nf r o mt h ec l i e n ti n i t i a t i n gt h et u n n e l #s s hXu s e r @ g a t e #T of o r c eXf o r w a r d i n g
Thiswillconnecttogateandforwardthelocalporttothehostdesthost:destport.Notedesthostisthe destination host as seen by the gate, so if the connection is to the gate, then desthost is localhost. Morethanoneportforwardispossible. Dir e ctfor war donthe gate LetsaywewanttoaccesstheCVS(port2401)andhttp(port80)whicharerunningonthegate.This isthesimplestexample,desthostisthuslocalhost,andweusetheport8080locallyinsteadof80sowe don'tneedtoberoot.Oncethesshsessionisopen,bothservicesareaccessibleonthelocalports.
#s s hL2 4 0 1 : l o c a l h o s t : 2 4 0 1L8 0 8 0 : l o c a l h o s t : 8 0u s e r @ g a t e
Ne tbiosandr e mote de sktopfor war dtoase condse r v e r LetsayaWindowssmbserverisbehindthegateandisnotrunningssh.Weneedaccesstothesmb shareandalsoremotedesktoptotheserver.

#s s hL1 3 9 : s m b s e r v e r : 1 3 9L3 3 8 8 : s m b s e r v e r : 3 3 8 9u s e r @ g a t e
Thesmbsharecannowbeaccessedwith\\127.0.0.1\,butonlyifthelocalshareisdisabled,because thelocalshareislisteningonport139. Itispossibletokeepthelocalshareenabled,forthisweneedtocreateanewvirtualdevicewithanew IP address for the tunnel, the smb share will be connected over this address. Furthermore the local RDPisalreadylisteningon3389,sowechoose3388.Forthisexamplelet'suseavirtualIPof10.1.1.1. With putty use Source port=10.1.1.1:139. It is possible to create multiple loop devices and tunnel.OnWindows2000,onlyputtyworkedforme.OnWindowsVistaalsoforwardtheport445 in addition to the port 139. Also on Vista the patch KB942624 prevents the port 445 to be forwarded,soIhadtouninstallthispathinVista. With the ssh.com client, disable "Allow local connections only". Since ssh.com will bind to all addresses,onlyasinglesharecanbeconnected. NowcreatetheloopbackinterfacewithIP10.1.1.1: # System>Control Panel>Add Hardware # Yes, Hardware is already connected # Add a new hardwaredevice(atbottom). #InstallthehardwarethatImanuallyselect#Networkadapters#Microsoft,MicrosoftLoopback Adapter. ConfiguretheIPaddressofthefakedeviceto10.1.1.1mask255.255.255.0,nogateway. advanced>WINS,EnableLMHostsLookupDisableNetBIOSoverTCP/IP. #EnableClientforMicrosoftNetworks.#DisableFileandPrinterSharingforMicrosoftNetworks. IHADtorebootforthistowork.Nowconnecttothesmbsharewith\\10.1.1.1andremotedesktopto 10.1.1.1:3388. Debug Ifitisnotworking: Aretheportsforwarded:netstatan?Lookat0.0.0.0:139or10.1.1.1:139 Doestelnet10.1.1.1139connect? Youneedthecheckbox"Localportsacceptconnectionsfromotherhosts". Is"FileandPrinterSharingforMicrosoftNetworks"disabledontheloopbackinterface?
21/49
11/20/13
Unix Toolbox
Conne cttwoclie ntsbe hindNAT SupposetwoclientsarebehindaNATgatewayandclientcliadminhastoconnecttoclientcliuser(the destination),bothcanlogintothegatewithsshandarerunningLinuxwithsshd.Youdon'tneedroot accessanywhereaslongastheportsongateareabove1024.Weuse2022ongate.Alsosincethe gateisusedlocally,theoptionGatewayPortsisnotnecessary. Onclientcliuser(fromdestinationtogate):

#s s hR2 0 2 2 : l o c a l h o s t : 2 2u s e r @ g a t e #f o r w a r d sc l i e n t2 2t og a t e : 2 0 2 2
Onclientcliadmin(fromhosttogate):
#s s hL3 0 2 2 : l o c a l h o s t : 2 0 2 2a d m i n @ g a t e #s s hp3 0 2 2a d m i n @ l o c a l h o s t #f o r w a r d sc l i e n t3 0 2 2t og a t e : 2 0 2 2 #l o c a l : 3 0 2 2>g a t e : 2 0 2 2>c l i e n t : 2 2
Nowtheadmincanconnectdirectlytotheclientcliuserwith: Conne cttoVNCbe hindNAT SupposeaWindowsclientwithVNClisteningonport5900hastobeaccessedfrombehindNAT.On clientcliwintogate:

#s s hR1 5 9 0 0 : l o c a l h o s t : 5 9 0 0u s e r @ g a t e
Onclientcliadmin(fromhosttogate):
#s s hL5 9 0 0 : l o c a l h o s t : 1 5 9 0 0a d m i n @ g a t e
NowtheadmincanconnectdirectlytotheclientVNCwith:
#v n c c o n n e c td i s p l a y: 0l o c a l h o s t
Digamultihopsshtunne l Suppose you can not reach a server directly with ssh, but only via multiple intermediate hosts (for example because of routing issues). Sometimes it is still necessary to get a direct client server connection,forexampletocopyfileswithscp,orforwardotherportslikesmborvnc.Onewaytodo thisistochaintunnelstogethertoforwardaporttotheserveralongthehops.This"carrier"portonly reachesitsfinaldestinationonthelastconnectiontotheserver. Supposewewanttoforwardthesshportfromaclienttoaserverovertwohops.Oncethetunnelis build,itispossibletoconnecttotheserverdirectlyfromtheclient(andalsoaddanotherportforward). Createtunnelinoneshell client>host1>host2>serveranddigtunnel5678
c l i e n t > #s s hL 5 6 7 8 : l o c a l h o s t : 5 6 7 8h o s t 1 h o s t _ 1 > #s s hL 5 6 7 8 : l o c a l h o s t : 5 6 7 8h o s t 2 h o s t _ 2 > #s s hL 5 6 7 8 : l o c a l h o s t : 2 2s e r v e r #5 6 7 8i sa na r b i t r a r yp o r tf o rt h et u n n e l #c h a i n5 6 7 8f r o mh o s t 1t oh o s t 2 #e n dt h et u n n e lo np o r t2 2o nt h es e r v e r
Usetunnelwithanothershell client>serverusingtunnel5678
#s s hp5 6 7 8l o c a l h o s t #c o n n e c td i r e c t l yf r o mc l i e n tt o s e r v e r #s c pP5 6 7 8m y f i l el o c a l h o s t : / t m p / #o rc o p yaf i l ed i r e c t l yu s i n gt h et u n n e l #r s y n ce' s s hp5 6 7 8 'm y f i l el o c a l h o s t : / t m p /#o rr s y n caf i l ed i r e c t l yt ot h es e r v e r
Autoconne ctandke e paliv e scr ipt I use variations of the following script to keep a machine reacheable over a reverse ssh tunnel. The connectionisautomaticallyrebuiltifclosed.YoucanaddmultipleL orR tunnelsononeline.
# ! / b i n / s h C O M M A N D = " s s hNfgR3 0 2 2 : l o c a l h o s t : 2 2c o l i n @ c b . v u " p g r e pfx" $ C O M M A N D ">/ d e v / n u l l2 > & 1| |$ C O M M A N D e x i t0 1****c o l i n/ h o m e / c o l i n / p o r t _ f o r w a r d . s h #c r o n t a be n t r y( h e r eh o u r l y )
6 VP N W I T H S S H
Asofversion4.3,OpenSSHcanusethetun/tapdevicetoencryptatunnel.Thisisverysimilartoother TLSbasedVPNsolutionslikeOpenVPN.OneadvantagewithSSHisthatthereisnoneedtoinstalland configureadditionalsoftware.AdditionallythetunnelusestheSSHauthenticationlikepresharedkeys. ThedrawbackisthattheencapsulationisdoneoverTCPwhichmightresultinpoorperformanceona slowlink.Alsothetunnelisrelyingonasingle(fragile)TCPconnection.Thistechniqueisveryuseful foraquickIPbasedVPNsetup.ThereisnolimitationaswiththesingleTCPportforward,alllayer3/4
11/20/13
Unix Toolbox
protocolslikeICMP,TCP/UDP,etc.areforwardedovertheVPN.Inanycase,thefollowingoptionsare neededinthesshd_conffile:
P e r m i t R o o t L o g i ny e s P e r m i t T u n n e ly e s
6. 1 Single P2P connect ion

Here we are connecting two hosts, hclient and hserver with a peer to peer tunnel. The connection is started from hclient to hserver and is done as root. The tunnel end points are 10.0.1.1 (server) and 10.0.1.2(client)andwecreateadevicetun5(thiscouldalsobeanothernumber).Theprocedureis verysimple: ConnectwithSSHusingthetunneloptionw ConfiguretheIPaddressesofthetunnel.Onceontheserverandonceontheclient. Conne cttothe se r v e r Connectionstartedontheclientandcommandsareexecutedontheserver. ServerisonLinux
c l i > #s s hw 5 : 5r o o t @ h s e r v e r s r v > #i f c o n f i gt u n 51 0 . 0 . 1 . 1n e t m a s k2 5 5 . 2 5 5 . 2 5 5 . 2 5 2 #E x e c u t e do nt h es e r v e rs h e l l
ServerisonFreeBSD
c l i > #s s hw 5 : 5r o o t @ h s e r v e r s r v > #i f c o n f i gt u n 51 0 . 0 . 1 . 11 0 . 0 . 1 . 2 #E x e c u t e do nt h es e r v e rs h e l l
Configur e the clie nt Commandsexecutedontheclient:

c l i > #i f c o n f i gt u n 51 0 . 0 . 1 . 2n e t m a s k2 5 5 . 2 5 5 . 2 5 5 . 2 5 2 c l i > #i f c o n f i gt u n 51 0 . 0 . 1 . 21 0 . 0 . 1 . 1 #C l i e n ti so nL i n u x #C l i e n ti so nF r e e B S D
Thetwohostsarenowconnectedandcantransparentlycommunicatewithanylayer3/4protocolusing thetunnelIPaddresses.
6. 2 Connect t wo net wor ks

Inadditiontothep2psetupabove,itismoreusefultoconnecttwoprivatenetworkswithanSSHVPN using two gates. Suppose for the example, netA is 192.168.51.0/24 and netB 192.168.16.0/24. The procedureissimilarasabove,weonlyneedtoaddtherouting.NATmustbeactivatedontheprivate interfaceonlyifthegatesarenotthesameasthedefaultgatewayoftheirnetwork. 192.168.51.0/24(netA)|gateA<>gateB|192.168.16.0/24(netB) ConnectwithSSHusingthetunneloptionw. ConfiguretheIPaddressesofthetunnel.Onceontheserverandonceontheclient. Addtheroutingforthetwonetworks. Ifnecessary,activateNATontheprivateinterfaceofthegate. ThesetupisstartedfromgateAinnetA. Conne ctfr omgate Atogate B ConnectionisstartedfromgateAandcommandsareexecutedongateB. gateBisonLinux
g a t e A > #s s hw 5 : 5r o o t @ g a t e B g a t e B > #i f c o n f i gt u n 51 0 . 0 . 1 . 1n e t m a s k2 5 5 . 2 5 5 . 2 5 5 . 2 5 2#E x e c u t e do nt h eg a t e Bs h e l l g a t e B > #r o u t ea d dn e t1 9 2 . 1 6 8 . 5 1 . 0n e t m a s k2 5 5 . 2 5 5 . 2 5 5 . 0d e vt u n 5 g a t e B > #e c h o1>/ p r o c / s y s / n e t / i p v 4 / i p _ f o r w a r d #O n l yn e e d e di fn o td e f a u l tg w g a t e B > #i p t a b l e stn a tAP O S T R O U T I N Goe t h 0jM A S Q U E R A D E
gateBisonFreeBSD
g a t e A > #s s hw 5 : 5r o o t @ g a t e B g a t e B > #i f c o n f i gt u n 51 0 . 0 . 1 . 11 0 . 0 . 1 . 2 g a t e B > #r o u t ea d d1 9 2 . 1 6 8 . 5 1 . 0 / 2 41 0 . 0 . 1 . 2 g a t e B > #s y s c t ln e t . i n e t . i p . f o r w a r d i n g = 1 g a t e B > #n a t dsmud y n a m i cnf x p 0 #C r e a t e st h et u n 5d e v i c e s #E x e c u t e do nt h eg a t e Bs h e l l #O n l yn e e d e di fn o td e f a u l tg w #s e eN A T
23/49
11/20/13
Unix Toolbox
g a t e A > #s y s c t ln e t . i n e t . i p . f w . e n a b l e = 1
Configur e gate A CommandsexecutedongateA: gateAisonLinux

g a t e A > #i f c o n f i gt u n 51 0 . 0 . 1 . 2n e t m a s k2 5 5 . 2 5 5 . 2 5 5 . 2 5 2 g a t e A > #r o u t ea d dn e t1 9 2 . 1 6 8 . 1 6 . 0n e t m a s k2 5 5 . 2 5 5 . 2 5 5 . 0d e vt u n 5 g a t e A > #e c h o1>/ p r o c / s y s / n e t / i p v 4 / i p _ f o r w a r d g a t e A > #i p t a b l e stn a tAP O S T R O U T I N Goe t h 0jM A S Q U E R A D E
gateAisonFreeBSD
g a t e A > #i f c o n f i gt u n 51 0 . 0 . 1 . 21 0 . 0 . 1 . 1 g a t e A > #r o u t ea d d1 9 2 . 1 6 8 . 1 6 . 0 / 2 41 0 . 0 . 1 . 2 g a t e A > #s y s c t ln e t . i n e t . i p . f o r w a r d i n g = 1 g a t e A > #n a t dsmud y n a m i cnf x p 0 g a t e A > #s y s c t ln e t . i n e t . i p . f w . e n a b l e = 1
#s e eN A T
ThetwoprivatenetworksarenowtransparentlyconnectedviatheSSHVPN.TheIPforwardandNAT settingsareonlynecessaryifthegatesarenotthedefaultgateways.Inthiscasetheclientswouldnot knowwheretoforwardtheresponse,andnatmustbeactivated.
7 R S YNC
Rsync can almost completely replace cp and scp, furthermore interrupted transfers are efficiently restarted.Atrailingslash(andtheabsencethereof)hasdifferentmeanings,themanpageisgood... Heresomeexamples: Copythedirectorieswithfullcontent:
#r s y n ca/ h o m e / c o l i n // b a c k u p / c o l i n / #" a r c h i v e "m o d e .e . gk e e pt h es a m e #r s y n ca/ v a r // v a r _ b a k / #r s y n ca Rd e l e t e d u r i n g/ h o m e / u s e r // b a c k u p / #u s er e l a t i v e( s e eb e l o w ) #/ o p t / l o c a l / b i n / r s y n ca z vi c o n v = U T F 8 M A C , U T F 8~ / M u s i c / f l a c /m e @ s e r v e r : / d s t / #c o n v e r tf i l e n a m e sO S XU T F 8t oW i n d o w sU T F 8
Same as before but over the network and with compression. Rsync uses SSH for the transport per defaultandwillusethesshkeyiftheyareset.Use":"aswithSCP.Atypicalremotecopy:
#r s y n ca x S R z v/ h o m e / u s e r /u s e r @ s e r v e r : / b a c k u p / u s e r /#C o p yt or e m o t e #r s y n ca' u s e r @ s e r v e r : M y \D o c u m e n t s 'M y \D o c u m e n t s #Q u o t eA N De s c a p es p a c e sf o rt h er e m o t es h e l l
Excludeanydirectorytmpwithin/home/user/andkeeptherelativefoldershierarchy,thatistheremote directorywillhavethestructure/backup/home/user/.Thisistypicallyusedforbackups.
#r s y n ca z Re x c l u d e = t m p // h o m e / u s e r /u s e r @ s e r v e r : / b a c k u p /
Useport20022forthesshconnection:
#r s y n ca ze' s s hp2 0 0 2 2 '/ h o m e / c o l i n /u s e r @ s e r v e r : / b a c k u p / c o l i n /
Using the rsync daemon (used with "::") is much faster, but not encrypted over ssh. The location of /backupisdefinedbytheconfigurationin/etc/rsyncd.conf.ThevariableRSYNC_PASSWORDcanbe settoavoidtheneedtoenterthepasswordmanually.
#r s y n ca x S R z/ h o m e /r u s e r @ h o s t n a m e : : r m o d u l e / b a c k u p / #r s y n ca x S R zr u s e r @ h o s t n a m e : : r m o d u l e / b a c k u p // h o m e / #T oc o p yb a c k
Someimportantoptions:
a ,a r c h i v e archivemodesameasrlptgoD(noH) r ,r e c u r s i v e recurseintodirectories R ,r e l a t i v e userelativepathnames H ,h a r d l i n k s preservehardlinks S ,s p a r s e handlesparsefilesefficiently x ,o n e f i l e s y s t e m don'tcrossfilesystemboundaries e x c l u d e = P A T T E R N excludefilesmatchingPATTERN d e l e t e d u r i n g receiverdeletesduringxfer,notbefore d e l e t e a f t e r receiverdeletesaftertransfer,notbefore
7. 1 Rsync on W indows
Rsync is available for Windows through cygwin or as standalone packaged in cwrsynchttp://sourcef orge.net/projects/sereds . This is very convenient for automated backups. Install one of them
11/20/13
Unix Toolbox
(not both) and add the path to the Windows system variables: # Control Panel > System > tab Advanced,buttonEnvironmentVariables.Editthe"Path"systemvariableandaddthefullpathtothe installedrsync,e.g.C:\ProgramFiles\cwRsync\binorC:\cygwin\bin.Thiswaythecommands r s y n c and s s h areavailableinaWindowscommandshell. Publicke yauthe ntication Rsync is automatically tunneled over SSH and thus uses the SSH authentication on the server. Automaticbackupshavetoavoidauserinteraction,forthistheSSHpublickeyauthenticationcanbe usedandthersynccommandwillrunwithoutapassword. AllthefollowingcommandsareexecutedwithinaWindowsconsole.Inaconsole(Start>Run>cmd) createanduploadthekeyasdescribedinSSH,change"user"and"server"asappropriate.Ifthefile authorized_keys2doesnotexistyet,simplycopyid_dsa.pubtoauthorized_keys2anduploadit.
#s s h k e y g e ntd s aN' ' #C r e a t e sap u b l i ca n dap r i v a t ek e y #r s y n cu s e r @ s e r v e r : . s s h / a u t h o r i z e d _ k e y s 2.#C o p yt h ef i l el o c a l l yf r o mt h es e r v e r #c a ti d _ d s a . p u b> >a u t h o r i z e d _ k e y s 2 #O ru s ea ne d i t o rt oa d dt h ek e y #r s y n ca u t h o r i z e d _ k e y s 2u s e r @ s e r v e r : . s s h / #C o p yt h ef i l eb a c kt ot h es e r v e r #d e la u t h o r i z e d _ k e y s 2 #R e m o v et h el o c a lc o p y
Nowtestitwith(inoneline):
r s y n cr v" / c y g d r i v e / c / D o c u m e n t sa n dS e t t i n g s / % U S E R N A M E % / M yD o c u m e n t s / "\ ' u s e r @ s e r v e r : M y \D o c u m e n t s / '
Automaticbackup Use a batch file to automate the backup and add the file in the scheduled tasks (Programs > Accessories>SystemTools>ScheduledTasks).Forexamplecreatethefilebackup.batandreplace user@server.
@ E C H OO F F R E Mr s y n ct h ed i r e c t o r yM yD o c u m e n t s S E T L O C A L S E TC W R S Y N C H O M E = C : \ P R O G R A MF I L E S \ C W R S Y N C S E TC Y G W I N = n o n t s e c S E TC W O L D P A T H = % P A T H % R E Mu n c o m m e n tt h en e x tl i n ew h e nu s i n gc y g w i n S E TP A T H = % C W R S Y N C H O M E % \ B I N ; % P A T H % e c h oP r e s sC o n t r o l Ct oa b o r t r s y n ca v" / c y g d r i v e / c / D o c u m e n t sa n dS e t t i n g s / % U S E R N A M E % / M yD o c u m e n t s / "\ ' u s e r @ s e r v e r : M y \D o c u m e n t s / ' p a u s e
8 S UD O
Sudoisastandardwaytogiveuserssomeadministrativerightswithoutgivingouttherootpassword. Sudo is very useful in a multi user environment with a mix of server and workstations. Simply call the commandwithsudo:
#s u d o/ e t c / i n i t . d / d h c p dr e s t a r t #s u d ous y s a d m i nw h o a m i #R u nt h er cs c r i p ta sr o o t #R u nc m da sa no t h e ru s e r
8. 1 Configur at ion
Sudoisconfiguredin / e t c / s u d o e r s andmustonlybeeditedwith v i s u d o .Thebasicsyntaxis(thelists arecommaseparated):
u s e rh o s t s=( r u n a s )c o m m a n d s #I n/ e t c / s u d o e r s
u s e r s oneormoreusersor%group(like%wheel)togaintherights h o s t s listofhosts(orALL) r u n a s listofusers(orALL)thatthecommandrulecanberunas.Itisenclosedin()! c o m m a n d s listofcommands(orALL)thatwillberunasrootoras(runas)
Additionally those keywords can be defined as alias, they are called User_Alias, Host_Alias, Runas_AliasandCmnd_Alias.Thisisusefulforlargersetups.Hereasudoersexample:
#c a t/ e t c / s u d o e r s #H o s ta l i a s e sa r es u b n e t so rh o s t n a m e s . H o s t _ A l i a s D M Z =2 1 2 . 1 1 8 . 8 1 . 4 0 / 2 8 H o s t _ A l i a s D E S K T O P=w o r k 1 ,w o r k 2 #U s e ra l i a s e sa r eal i s to fu s e r sw h i c hc a nh a v et h es a m er i g h t s U s e r _ A l i a s A D M I N S =c o l i n ,l u c a ,a d m i n
25/49
11/20/13
Unix Toolbox
U s e r _ A l i a s D E V E L R u n a s _ A l i a s D B A
=j o e ,j a c k ,j u l i a =o r a c l e , p g s q l
#C o m m a n da l i a s e sd e f i n et h ef u l lp a t ho fal i s to fc o m m a n d s C m n d _ A l i a s S Y S T E M =/ s b i n / r e b o o t , / u s r / b i n / k i l l , / s b i n / h a l t , / s b i n / s h u t d o w n , / e t c / i n i t . d / C m n d _ A l i a s P W =/ u s r / b i n / p a s s w d[ A z ] * ,! / u s r / b i n / p a s s w dr o o t#N o tr o o tp w d ! C m n d _ A l i a s D E B U G =/ u s r / s b i n / t c p d u m p , / u s r / b i n / w i r e s h a r k , / u s r / b i n / n m a p #T h ea c t u a lr u l e s r o o t , A D M I N S A L L =( A L L )N O P A S S W D :A L L #A D M I N Sc a nd oa n y t h i n gw / oap a s s w o r d . D E V E L D E S K T O P=( A L L )N O P A S S W D :A L L #D e v e l o p e r sh a v ef u l lr i g h to nd e s k t o p s D E V E L D M Z =( A L L )N O P A S S W D :D E B U G #D e v e l o p e r sc a nd e b u gt h eD M Zs e r v e r s . #U s e rs y s a d m i nc a nm e s sa r o u n di nt h eD M Zs e r v e r sw i t hs o m ec o m m a n d s . s y s a d m i n D M Z =( A L L )N O P A S S W D :S Y S T E M , P W , D E B U G s y s a d m i n A L L , ! D M Z=( A L L )N O P A S S W D :A L L #C a nd oa n y t h i n go u t s i d et h eD M Z . % d b a A L L =( D B A )A L L #G r o u pd b ac a nr u na sd a t a b a s eu s e r . #a n y o n ec a nm o u n t / u n m o u n tac d r o mo nt h ed e s k t o pm a c h i n e s A L L D E S K T O P=N O P A S S W D :/ s b i n / m o u n t/ c d r o m , / s b i n / u m o u n t/ c d r o m
9 E NC R YP T F I L E S
9. 1 OpenSSL
Asingle file Encryptanddecrypt:
#o p e n s s la e s 1 2 8 c b cs a l ti nf i l eo u tf i l e . a e s #o p e n s s la e s 1 2 8 c b cds a l ti nf i l e . a e so u tf i l e
Notethatthefilecanofcoursebeatararchive. tar ande ncr yptawhole dir e ctor y

#t a rc f-d i r e c t o r y|o p e n s s la e s 1 2 8 c b cs a l to u td i r e c t o r y . t a r . a e s #o p e n s s la e s 1 2 8 c b cds a l ti nd i r e c t o r y . t a r . a e s|t a rxf#E n c r y p t #D e c r y p t
tar zipande ncr yptawhole dir e ctor y

#t a rz c f-d i r e c t o r y|o p e n s s la e s 1 2 8 c b cs a l to u td i r e c t o r y . t a r . g z . a e s #E n c r y p t #o p e n s s la e s 1 2 8 c b cds a l ti nd i r e c t o r y . t a r . g z . a e s|t a rx zf#D e c r y p t
Usekmysecretpasswordafteraes128cbctoavoidtheinteractivepasswordrequest.However notethatthisishighlyinsecure. Useaes256cbcinsteadofaes128cbctogetevenstrongerencryption.Thisusesalsomore CPU.
9. 2 GPG
GnuPGiswellknowntoencryptandsignemailsoranydata.Furthermoregpgandalsoprovidesan advancedkeymanagementsystem.Thissectiononlycoversfilesencryption,notemailusage,signing ortheWebOfTrust. The simplest encryption is with a symmetric cipher. In this case the file is encrypted with a password and anyone who knows the password can decrypt it, thus the keys are not needed. Gpg adds an extention".gpg"totheencryptedfilenames.
#g p gcf i l e #g p gf i l e . g p g #E n c r y p tf i l ew i t hp a s s w o r d #D e c r y p tf i l e( o p t i o n a l l yoo t h e r f i l e )
Usingke ys For more details see GPG Quick Starthttp://www.madboa.com/geek/gpgquickstart and GPG/PGP Basicshttp://aplawrence.com/Basics/gpg.htmlandthegnupgdocumentationhttp://gnupg.org/documentationamongothers. Theprivateandpublickeysaretheheartofasymmetriccryptography.Whatisimportanttoremember: Yourpublickeyisusedby otherstoencryptfilesthatonlyyouasthereceivercandecrypt(not even the one who encrypted the file can decrypt it). The public key is thus meant to be distributed. Your private key is encrypted with your passphrase and is used to decrypt files which were encrypted with your public key. The private key must be kept secure . Also if the key or passphraseislost,soareallthefilesencryptedwithyourpublickey. Thekeyfilesarecalledkeyringsastheycancontainmorethanonekey.
11/20/13
Unix Toolbox
Firstgenerateakeypair.Thedefaultsarefine,howeveryouwillhavetoenteratleastyourfullname andemailandoptionallyacomment.Thecommentisusefultocreatemorethanonekeywiththesame nameandemail.Alsoyoushouldusea"passphrase",notasimplepassword.

#g p gg e n k e y #T h i sc a nt a k eal o n gt i m e
Thekeysarestoredin~/.gnupg/onUnix,onWindowstheyaretypicallystoredin C:/DocumentsandSettings/%USERNAME%/ApplicationData/gnupg/.
~ / . g n u p g / p u b r i n g . g p g ~ / . g n u p g / s e c r i n g . g p g #C o n t a i n sy o u rp u b l i ck e y sa n da l lo t h e r si m p o r t e d #C a nc o n t a i nm o r et h a no n ep r i v a t ek e y
Shortreminderonmostusedoptions: e encryptdata ddecryptdata r NAMEencryptforrecipientNAME(or'FullName'or'email@domain') acreateasciiarmoredoutputofakey ouseasoutputfile The examples use 'Your Name' and 'Alice' as the keys are referred to by the email or full name or partialname.ForexampleIcanuse'Colin'or'c@cb.vu'formykey[ColinBarschel(cb.vu)<c@cb.vu>]. Encr yptfor pe r sonaluse only Noneedtoexport/importanykeyforthis.Youhavebothalready.
#g p ger' Y o u rN a m e 'f i l e #g p gof i l edf i l e . g p g #E n c r y p tw i t hy o u rp u b l i ck e y #D e c r y p t .U s eoo ri tg o e st os t d o u t
Encr yptDe cr yptwithke ys Firstyouneedtoexportyourpublickeyforsomeoneelsetouseit.Andyouneedtoimportthepublic say from Alice to encrypt a file for her. You can either handle the keys in simple ascii files or use a publickeyserver. ForexampleAliceexportherpublickeyandyouimportit,youcanthenencryptafileforher.Thatis onlyAlicewillbeabletodecryptit.
#g p gaoa l i c e k e y . a s ce x p o r t' A l i c e ' #A l i c ee x p o r t e dh e rk e yi na s c i if i l e . #g p gs e n d k e y sk e y s e r v e rs u b k e y s . p g p . n e tK E Y I D #A l i c ep u th e rk e yo nas e r v e r . #g p gi m p o r ta l i c e k e y . a s c #Y o ui m p o r th e rk e yi n t oy o u rp u b r i n g . #g p gs e a r c h k e y sk e y s e r v e rs u b k e y s . p g p . n e t' A l i c e '#o rg e th e rk e yf r o mas e r v e r .
Oncethekeysareimporteditisveryeasytoencryptordecryptafile:
#g p ger' A l i c e 'f i l e #g p gdf i l e . g p gof i l e #E n c r y p tt h ef i l ef o rA l i c e . #D e c r y p taf i l ee n c r y p t e db yA l i c ef o ry o u .
Ke yadministr ation
#g p gl i s t k e y s T h eK E Y I Df o l l o w st h e' / 'e . g .f o r :p u b #g p gg e n r e v o k e' Y o u rN a m e ' #g p gl i s t s e c r e t k e y s #g p gd e l e t e k e y sN A M E #g p gd e l e t e s e c r e t k e yN A M E #g p gf i n g e r p r i n tK E Y I D #g p ge d i t k e yK E Y I D #l i s tp u b l i ck e y sa n ds e et h eK E Y I D S 1 0 2 4 D / D 1 2 B 7 7 C Et h eK E Y I Di sD 1 2 B 7 7 C E #g e n e r a t er e v o c a t i o nc e r t i f i c a t e #l i s tp r i v a t ek e y s #d e l e t eap u b l i ck e yf r o ml o c a lk e yr i n g #d e l e t eas e c r e tk e yf r o ml o c a lk e yr i n g #S h o wt h ef i n g e r p r i n to ft h ek e y #E d i tk e y( e . gs i g no ra d d / d e le m a i l )
1 0 E NC R YP T P A R T I T I O NS
LinuxwithLUKS|Linuxdmcryptonly|FreeBSDGELI|FBSDpwdonly|OSXimage Thereare(many)otheralternativemethodstoencryptdisks,IonlyshowherethemethodsIknowand use. Keep in mind that the security is only good as long the OS has not been tempered with. An intruder could easily record the password from the keyboard events. Furthermore the data is freely accessible when the partition is attached and will not prevent an intruder to have access to it in this state.
10. 1 Linux
ThoseinstructionsusetheLinux d m c r y p t (devicemapper) facility available on the 2.6 kernel. In this example,letsencryptthepartition / d e v / s d c 1 ,itcouldbehoweveranyotherpartitionordisk,orUSBor a file based partition created with l o s e t u p . In this case we would use / d e v / l o o p 0 . See file image
11/20/13
Unix Toolbox
partition.Thedevicemapperuseslabelstoidentifyapartition.Weuses d c 1 inthisexample,butitcould beanystring. dmcr yptwithLUKS LUKS with dmcrypt has better encryption and makes it possible to have multiple passphrase for the samepartitionortochangethepasswordeasily.TotestifLUKSisavailable,simplytype # c r y p t s e t u p h e l p , if nothing about LUKS shows up, use the instructions below Without LUKS. First create a partitionifnecessary:f d i s k/ d e v / s d c . Createencryptedpartition
#d di f = / d e v / u r a n d o mo f = / d e v / s d c 1 #c r y p t s e t u pyl u k s F o r m a t/ d e v / s d c 1 #c r y p t s e t u pl u k s O p e n/ d e v / s d c 1s d c 1 #m k f s . e x t 3/ d e v / m a p p e r / s d c 1 #m o u n tte x t 3/ d e v / m a p p e r / s d c 1/ m n t #u m o u n t/ m n t #c r y p t s e t u pl u k s C l o s es d c 1 #O p t i o n a l .F o rp a r a n o i d so n l y( t a k e sd a y s ) #T h i sd e s t r o y sa n yd a t ao ns d c 1 #c r e a t ee x t 3f i l es y s t e m #D e t a c ht h ee n c r y p t e dp a r t i t i o n
Attach
#c r y p t s e t u pl u k s O p e n/ d e v / s d c 1s d c 1 #m o u n tte x t 3/ d e v / m a p p e r / s d c 1/ m n t
Detach
#u m o u n t/ m n t #c r y p t s e t u pl u k s C l o s es d c 1
dmcr yptwithoutLUKS
#c r y p t s e t u pyc r e a t es d c 1/ d e v / s d c 1 #d m s e t u pl s #m k f s . e x t 3/ d e v / m a p p e r / s d c 1 #m o u n tte x t 3/ d e v / m a p p e r / s d c 1/ m n t #u m o u n t/ m n t / #c r y p t s e t u pr e m o v es d c 1 #o ra n yo t h e rp a r t i t i o nl i k e/ d e v / l o o p 0 #c h e c ki t ,w i l ld i s p l a y :s d c 1( 2 5 4 ,0 ) #T h i si sd o n eo n l yt h ef i r s tt i m e ! #D e t a c ht h ee n c r y p t e dp a r t i t i o n
Doexactlythesame(withoutthemkfspart!)toreattachthepartition.Ifthepasswordisnotcorrect,the mountcommandwillfail.Inthiscasesimplyremovethemapsdc1(c r y p t s e t u pr e m o v es d c 1 )andcreate itagain.
10. 2 Fr eeBSD
The two popular FreeBSD disk encryption modules are g b d e and g e l i . I now use geli because it is faster and also uses the crypto device for hardware acceleration. See The FreeBSD handbook Chapter18.6http://www.f reebsd.org/handbook/disksencry pting.htmlforallthedetails.Thegelimodulemustbeloadedor compiledintothekernel:
o p t i o n sG E O M _ E L I d e v i c ec r y p t o #e c h o' g e o m _ e l i _ l o a d = " Y E S " '> >/ b o o t / l o a d e r . c o n f #o ra sm o d u l e : #o rd o :k l d l o a dg e o m _ e l i
Use passwor dandke y Iusethosesettingsforatypicaldiskencryption,itusesapassphraseANDakeytoencryptthemaster key.Thatisyouneedboththepasswordandthegeneratedkey / r o o t / a d 1 . k e y toattachthepartition. Themasterkeyisstoredinsidethepartitionandisnotvisible.SeebelowfortypicalUSBorfilebased image. Createencryptedpartition

#d di f = / d e v / r a n d o mo f = / r o o t / a d 1 . k e yb s = 6 4c o u n t = 1 #g e l ii n i ts4 0 9 6K/ r o o t / a d 1 . k e y/ d e v / a d 1 #g e l ia t t a c hk/ r o o t / a d 1 . k e y/ d e v / a d 1 #d di f = / d e v / r a n d o mo f = / d e v / a d 1 . e l ib s = 1 m #n e w f s/ d e v / a d 1 . e l i #m o u n t/ d e v / a d 1 . e l i/ m n t #t h i sk e ye n c r y p t st h em a t e rk e y #s8 1 9 2i sa l s oO Kf o rd i s k s #D Om a k eab a c k u po f/ r o o t / a d 1 . k e y #O p t i o n a la n dt a k e sal o n gt i m e #C r e a t ef i l es y s t e m
Attach
#g e l ia t t a c hk/ r o o t / a d 1 . k e y/ d e v / a d 1 #f s c kn ytf f s/ d e v / a d 1 . e l i #m o u n t/ d e v / a d 1 . e l i/ m n t #I nd o u b tc h e c kt h ef i l es y s t e m
28/49
11/20/13
Unix Toolbox
Detach Thedetachprocedureisdoneautomaticallyonshutdown.
#u m o u n t/ m n t #g e l id e t a c h/ d e v / a d 1 . e l i
/etc/fstab The encrypted partition can be configured to be mounted with /etc/fstab. The password will be promptedwhenbooting.Thefollowingsettingsarerequiredforthisexample:
#g r e pg e l i/ e t c / r c . c o n f g e l i _ d e v i c e s = " a d 1 " g e l i _ a d 1 _ f l a g s = " k/ r o o t / a d 1 . k e y " #g r e pg e l i/ e t c / f s t a b / d e v / a d 1 . e l i / h o m e / p r i v a t e
u f s
r w
Use passwor donly ItismoreconvenienttoencryptaUSBstickorfilebasedimagewithapassphraseonlyandnokey.In this case it is not necessary to carry the additional key file around. The procedure is very much the sameasabove,simplywithoutthekeyfile.Let'sencryptafilebasedimage/ c r y p t e d f i l e of1GB.
#d di f = / d e v / z e r oo f = / c r y p t e d f i l eb s = 1 Mc o u n t = 1 0 0 0 #1G Bf i l e #m d c o n f i ga tv n o d ef/ c r y p t e d f i l e #g e l ii n i t/ d e v / m d 0 #e n c r y p t sw i t hp a s s w o r do n l y #g e l ia t t a c h/ d e v / m d 0 #n e w f sUm0/ d e v / m d 0 . e l i #m o u n t/ d e v / m d 0 . e l i/ m n t #u m o u n t/ d e v / m d 0 . e l i #g e l id e t a c hm d 0 . e l i
Itisnowpossibletomountthisimageonanothersystemwiththepasswordonly.
#m d c o n f i ga tv n o d ef/ c r y p t e d f i l e #g e l ia t t a c h/ d e v / m d 0 #m o u n t/ d e v / m d 0 . e l i/ m n t
10. 1 OS X Encr ypt ed Disk Image

Don'tknowbycommandlineonly.SeeOSXEncryptedDisk Imagehttps://wiki.thay er.dartmouth.edu/display /computing/Creating+a+Mac+OS+X+Encry pted+Disk+ImageandApple supporthttp://support.apple.com/kb/ht1578
1 1 S S L CE RT IF ICAT E S
SocalledSSL/TLScertificatesarecryptographicpublickeycertificatesandarecomposedofapublic andaprivatekey.Thecertificatesareusedtoauthenticatetheendpointsandencryptthedata.They areusedforexampleonawebserver(https)ormailserver(imaps).
11. 1 Pr ocedur e
Weneedacertificateauthoritytosignourcertificate.Thisstepisusuallyprovidedbyavendor likeThawte,Verisign,etc.,howeverwecanalsocreateourown. Createacertificatesigningrequest.Thisrequestislikeanunsignedcertificate(thepublicpart) and already contains all necessary information. The certificate request is normally sent to the authorityvendorforsigning.Thisstepalsocreatestheprivatekeyonthelocalmachine. Signthecertificatewiththecertificateauthority. If necessary join the certificate and the key in a single file to be used by the application (web server,mailserveretc.).
11. 2 Configur e OpenSSL

We use /usr/local/certs as directory for this example check or edit /etc/ssl/openssl.cnf accordingly to yoursettingssoyouknowwherethefileswillbecreated.Herearetherelevantpartofopenssl.cnf:
[C A _ d e f a u l t] d i r c e r t s c r l _ d i r d a t a b a s e =/ u s r / l o c a l / c e r t s / C A =$ d i r / c e r t s =$ d i r / c r l =$ d i r / i n d e x . t x t #W h e r ee v e r y t h i n gi sk e p t #W h e r et h ei s s u e dc e r t sa r ek e p t #W h e r et h ei s s u e dc r la r ek e p t #d a t a b a s ei n d e xf i l e .
Makesurethedirectoriesexistorcreatethem
11/20/13
Unix Toolbox
#m k d i rp/ u s r / l o c a l / c e r t s / C A #c d/ u s r / l o c a l / c e r t s / C A #m k d i rc e r t sc r ln e w c e r t sp r i v a t e #e c h o" 0 1 ">s e r i a l #t o u c hi n d e x . t x t
#O n l yi fs e r i a ld o e sn o te x i s t
If you intend to get a signed certificate from a vendor, you only need a certificate signing request (CSR).ThisCSRwillthenbesignedbythevendorforalimitedtime(e.g.1year).
11. 3 Cr eat e a cer t ificat e aut hor it y

Ifyoudonothaveacertificateauthorityfromavendor,you'llhavetocreateyourown.Thisstepisnot necessaryifoneintendtouseavendortosigntherequest.Tomakeacertificateauthority(CA):
#o p e n s s lr e qn e wx 5 0 9d a y s7 3 0c o n f i g/ e t c / s s l / o p e n s s l . c n f\ k e y o u tC A / p r i v a t e / c a k e y . p e mo u tC A / c a c e r t . p e m
11. 4 Cr eat e a cer t ificat e signing r equest

Tomakeanewcertificate(formailserverorwebserverforexample),firstcreatearequestcertificate withitsprivatekey.Ifyourapplicationdonotsupportencryptedprivatekey(forexampleUWIMAPdoes not),thendisableencryptionwithn o d e s .
#o p e n s s lr e qn e wk e y o u tn e w k e y . p e mo u tn e w r e q . p e m\ c o n f i g/ e t c / s s l / o p e n s s l . c n f #o p e n s s lr e qn o d e sn e wk e y o u tn e w k e y . p e mo u tn e w r e q . p e m\ c o n f i g/ e t c / s s l / o p e n s s l . c n f #N oe n c r y p t i o nf o rt h ek e y
KeepthiscreatedCSR(n e w r e q . p e m )asitcanbesignedagainatthenextrenewal,thesignatureonlt willlimitthevalidityofthecertificate.Thisprocessalsocreatedtheprivatekeyn e w k e y . p e m .
11. 5 Sign t he cer t ificat e

ThecertificaterequesthastobesignedbytheCAtobevalid,thisstepisusuallydonebythevendor. Note:replace"servername"withthenameofyourserverinthenextcommands.
#c a tn e w r e q . p e mn e w k e y . p e m>n e w . p e m #o p e n s s lc ap o l i c yp o l i c y _ a n y t h i n go u ts e r v e r n a m e c e r t . p e m\ c o n f i g/ e t c / s s l / o p e n s s l . c n fi n f i l e sn e w . p e m #m vn e w k e y . p e ms e r v e r n a m e k e y . p e m
Nowservernamekey.pemistheprivatekeyandservernamecert.pemistheservercertificate.
11. 6 Cr eat e unit ed cer t ificat e

TheIMAPserverwantstohavebothprivatekeyandservercertificateinthesamefile.Andingeneral, this is also easier to handle, but the file has to be kept securely!. Apache also can deal with it well. Createafileservername.pemcontainingboththecertificateandkey. Open the private key (servernamekey.pem) with a text editor and copy the private key into the "servername.pem"file. Dothesamewiththeservercertificate(servernamecert.pem). Thefinalservername.pemfileshouldlooklikethis:
B E G I NR S AP R I V A T EK E Y M I I C X Q I B A A K B g Q D u t W y + o / X Z / [ . . . ] q K 5 L q Q g T 3 c 9 d U 6 f c R + W u S s 6 a e j d E D D q B R Q E N DR S AP R I V A T EK E Y B E G I NC E R T I F I C A T E M I I E R z C C A 7 C g A w I B A g I B B D A N B [ . . . ] i G 9 w 0 B A Q Q F A D C B x T E L M A k G A 1 U E B h M C R E U x E N DC E R T I F I C A T E -
Whatwehavenowinthedirectory/usr/local/certs/: CA/private/cakey.pem(CAserverprivatekey) CA/cacert.pem(CAserverpublickey) certs/servernamekey.pem(serverprivatekey) certs/servernamecert.pem(serversignedcertificate) certs/servername.pem(servercertificatewithprivatekey) Keeptheprivatekeysecure!
30/49
11/20/13
Unix Toolbox
11. 7 View cer t ificat e infor mat ion

Toviewthecertificateinformationsimplydo:
#o p e n s s lx 5 0 9t e x ti ns e r v e r n a m e c e r t . p e m #o p e n s s lr e qn o o u tt e x ti ns e r v e r . c s r #o p e n s s ls _ c l i e n tc o n n e c tc b . v u : 4 4 3 #V i e wt h ec e r t i f i c a t ei n f o #V i e wt h er e q u e s ti n f o #C h e c kaw e bs e r v e rc e r t i f i c a t e
1 2 C VS
Serversetup|CVStest|SSHtunneling|CVSusage
12. 1 Ser ver set up

Initiate the CVS Decidewherethemainrepositorywillrestandcreatearootcvs.Forexample/usr/local/cvs(asroot):
#m k d i rp/ u s r / l o c a l / c v s #s e t e n vC V S R O O T/ u s r / l o c a l / c v s #c v si n i t #c d/ r o o t #c v sc h e c k o u tC V S R O O T #c dC V S R O O T e d i tc o n f i g(f i n ea si ti s ) #c v sc o m m i tc o n f i g c a t> >w r i t e r s c o l i n ^ D #c v sa d dw r i t e r s #c v se d i tc h e c k o u t l i s t #c a t> >c h e c k o u t l i s t w r i t e r s ^ D #c v sc o m m i t #S e tC V S R O O Tt ot h en e wl o c a t i o n( l o c a l ) #C r e a t e sa l li n t e r n a lC V Sc o n f i gf i l e s #C h e c k o u tt h ec o n f i gf i l e st om o d i f yt h e m
#C r e a t eaw r i t e r sf i l e( o p t i o n a l l ya l s or e a d e r s ) #U s e[ C o n t r o l ] [ D ]t oq u i tt h ee d i t #A d dt h ef i l ew r i t e r si n t ot h er e p o s i t o r y
#U s e[ C o n t r o l ] [ D ]t oq u i tt h ee d i t #C o m m i ta l lt h ec o n f i g u r a t i o nc h a n g e s
Adda readersfileifyouwanttodifferentiatereadandwritepermissions Note:Donot(ever)editfiles directlyintothemaincvs,butrathercheckoutthefile,modifyitandcheckitin.Wedidthiswiththefile writerstodefinethewriteaccess. There are three popular ways to access the CVS at this point. The first two don't need any further configuration.SeetheexamplesonCVSROOTbelowforhowtousethem: Direct local access to the file system. The user(s) need sufficient file permission to access the CSdirectlyandthereisnofurtherauthenticationinadditiontotheOSlogin.Howeverthisisonly usefuliftherepositoryislocal. Remoteaccesswithsshwiththeextprotocol.Anyusewithansshshellaccountandread/write permissions on the CVS server can access the CVS directly with ext over ssh without any additionaltunnel.ThereisnoserverprocessrunningontheCVSforthistowork.Thesshlogin doestheauthentication. Remote access with pserver (default port: 2401/tcp). This is the preferred use for larger user baseastheusersareauthenticatedbytheCVSpserverwithadedicatedpassworddatabase, thereisthereforenoneedforlocalusersaccounts.Thissetupisexplainedbelow. Ne twor kse tupwithine td TheCVScanberunlocallyonlyifanetworkaccessisnotneeded.Foraremoteaccess,thedaemon inetdcanstartthepserverwiththefollowinglinein/etc/inetd.conf(/etc/xinetd.d/cvsonSuSE):
c v s p s e r v e r s t r e a m t c p n o w a i t c v s / u s r / b i n / c v s a l l o w r o o t = / u s r / l o c a l / c v sp s e r v e r c v s\
ItisagoodideatoblockthecvsportfromtheInternetwiththefirewallanduseansshtunneltoaccess therepositoryremotely. Se par ate authe ntication ItispossibletohavecvsuserswhicharenotpartoftheOS(nolocalusers).Thisisactuallyprobably wanted too from the security point of view. Simply add a file named passwd (in the CVSROOT directory) containing the users login and password in the crypt format. This is can be done with the apachehtpasswdtool. Note:ThispasswdfileistheonlyfilewhichhastobeediteddirectlyintheCVSROOTdirectory.Alsoit won'tbecheckedout.Moreinfowithhtpasswdhelp
#h t p a s s w dc bp a s s w du s e r 1p a s s w o r d 1 #cc r e a t e st h ef i l e #h t p a s s w dbp a s s w du s e r 2p a s s w o r d 2
11/20/13
Unix Toolbox
Nowadd: c v s attheendofeachlinetotellthecvsservertochangetheusertocvs(orwhateveryour cvsserverisrunningunder).Itlookslikethis:

#c a tp a s s w d u s e r 1 : x s F j h U 2 2 u 8 F u o : c v s u s e r 2 : v n e f J O s n n v T o M : c v s
12. 2 Test it
Testtheloginasnormaluser(forexamplehereme)
#c v sd: p s e r v e r : c o l i n @ 1 9 2 . 1 6 8 . 5 0 . 2 5 4 : / u s r / l o c a l / c v sl o g i n L o g g i n gi nt o: p s e r v e r : c o l i n @ 1 9 2 . 1 6 8 . 5 0 . 2 5 4 : 2 4 0 1 / u s r / l o c a l / c v s C V Sp a s s w o r d :
CVSROOTv ar iable This is an environment variable used to specify the location of the repository we're doing operations on. For local use, it can be just set to the directory of the repository. For use over the network, the transportprotocolmustbespecified.SettheCVSROOTvariablewiths e t e n vC V S R O O Ts t r i n g onacsh, tcshshell,orwithe x p o r tC V S R O O T = s t r i n g onash,bashshell.
#s e t e n vC V S R O O T: p s e r v e r : @ < h o s t > : / c v s d i r e c t o r y F o re x a m p l e : #s e t e n vC V S R O O T/ u s r / l o c a l / c v s #s e t e n vC V S R O O T: l o c a l : / u s r / l o c a l / c v s #s e t e n vC V S R O O T: e x t : u s e r @ c v s s e r v e r : / u s r / l o c a l / c v s #s e t e n vC V S _ R S Hs s h #s e t e n vC V S R O O T: p s e r v e r : u s e r @ c v s s e r v e r . 2 5 4 : / u s r / l o c a l / c v s #U s e dl o c a l l yo n l y #S a m ea sa b o v e #D i r e c ta c c e s sw i t hS S H #f o rt h ee x ta c c e s s #n e t w o r kw i t hp s e r v e r
Whentheloginsucceededonecanimportanewprojectintotherepository: cdintoyourprojectroot directory

c v si m p o r t< m o d u l en a m e >< v e n d o rt a g > c v sd: p s e r v e r : c o l i n @ 1 9 2 . 1 6 8 . 5 0 . 2 5 4 : / u s r / l o c a l / c v si m p o r tM y P r o j e c tM y C o m p a n yS T A R T
Where MyProject is the name of the new project in the repository (used later to checkout). Cvs will importthecurrentdirectorycontentintothenewproject. Tocheckout:
#c v sd: p s e r v e r : c o l i n @ 1 9 2 . 1 6 8 . 5 0 . 2 5 4 : / u s r / l o c a l / c v sc h e c k o u tM y P r o j e c t o r #s e t e n vC V S R O O T: p s e r v e r : c o l i n @ 1 9 2 . 1 6 8 . 5 0 . 2 5 4 : / u s r / l o c a l / c v s #c v sc h e c k o u tM y P r o j e c t
12. 3 SSH t unneling for CVS

Weneed2shellsforthis.Onthefirstshellweconnecttothecvsserverwithsshandportforwardthe cvsconnection.Onthesecondshellweusethecvsnormallyasifitwhererunninglocally. onshell1:
#s s hL 2 4 0 1 : l o c a l h o s t : 2 4 0 1c o l i n @ c v s _ s e r v e r #s s hL 2 4 0 1 : c v s _ s e r v e r : 2 4 0 1c o l i n @ g a t e w a y #C o n n e c td i r e c t l yt ot h eC V Ss e r v e r .O r : #U s eag a t e w a yt or e a c ht h eC V S
onshell2:
#s e t e n vC V S R O O T: p s e r v e r : c o l i n @ l o c a l h o s t : / u s r / l o c a l / c v s #c v sl o g i n L o g g i n gi nt o: p s e r v e r : c o l i n @ l o c a l h o s t : 2 4 0 1 / u s r / l o c a l / c v s C V Sp a s s w o r d : #c v sc h e c k o u tM y P r o j e c t / s r c
12. 4 CVS commands and usage

Impor t The import command is used to add a whole directory, it must be run from within the directory to be imported. Say the directory /devel/ contains all files and subdirectories to be imported. The directory nameontheCVS(themodule)willbecalled"myapp".
#c v si m p o r t[ o p t i o n s ]d i r e c t o r y n a m ev e n d o r t a gr e l e a s e t a g #c d/ d e v e l #M u s tb ei n s i d et h ep r o j e c tt oi m p o r ti t #c v si m p o r tm y a p pC o m p a n yR 1 _ 0 #R e l e a s et a gc a nb ea n y t h i n gi no n ew o r d
Afterawhileanewdirectory"/devel/tools/"wasaddedandithastobeimportedtoo.
#c d/ d e v e l / t o o l s #c v si m p o r tm y a p p / t o o l sC o m p a n yR 1 _ 0
32/49
11/20/13
Unix Toolbox
Che ckoutupdate addcommit

#c v sc om y a p p / t o o l s #c v sc orR 1 _ 1m y a p p #c v sqdu p d a t eP #c v su p d a t eA #c v sa d dn e w f i l e #c v sa d dk bn e w f i l e #c v sc o m m i tf i l e 1f i l e 2 #c v sc o m m i tm" m e s s a g e " #W i l lo n l yc h e c k o u tt h ed i r e c t o r yt o o l s #C h e c k o u tm y a p pa tr e l e a s eR 1 _ 1( i ss t i c k y ) #At y p i c a lC V Su p d a t e #R e s e ta n ys t i c k yt a g( o rd a t e ,o p t i o n ) #A d dan e wf i l e #A d dan e wb i n a r yf i l e #C o m m i tt h et w of i l e so n l y #C o m m i ta l lc h a n g e sd o n ew i t ham e s s a g e
Cr e ate apatch Itisbesttocreateandapplyapatchfromtheworkingdevelopmentdirectoryrelatedtotheproject,or fromwithinthesourcedirectory.

#c d/ d e v e l / p r o j e c t #d i f fN a u ro l d d i rn e w d i r>p a t c h f i l e#C r e a t eap a t c hf r o mad i r e c t o r yo raf i l e #d i f fN a u ro l d f i l en e w f i l e>p a t c h f i l e
Applyapatch Sometimes it is necessary to strip a directory level from the patch, depending how it was created. In caseofdifficulties,simplylookatthefirstlinesofthepatchandtryp0,p1orp2.
#c d/ d e v e l / p r o j e c t #p a t c hd r y r u np 0<p a t c h f i l e #p a t c hp 0<p a t c h f i l e #p a t c hp 1<p a t c h f i l e #T e s tt h ep a t hw i t h o u ta p p l y i n gi t #s t r i po f ft h e1 s tl e v e lf r o mt h ep a t h
1 3 S VN
Serversetup|SVN+SSH|SVNoverhttp|SVNusage Subversion(SVN)http://subv ersion.tigris.org/ isaversioncontrolsystemdesignedtobethesuccessorofCVS (ConcurrentVersionsSystem).TheconceptissimilartoCVS,butmanyshortcomingswhereimproved. SeealsotheSVNbookhttp://sv nbook.redbean.com/en/1.4/ .
13. 1 Ser ver set up

Theinitiationoftherepositoryisfairlysimple(hereforexample/ h o m e / s v n / mustexist):
#s v n a d m i nc r e a t ef s t y p ef s f s/ h o m e / s v n / p r o j e c t 1
Nowtheaccesstotherepositoryismadepossiblewith:
f i l e : / / Directfilesystemaccesswiththesvnclientwith.Thisrequireslocalpermissionsonthe
filesystem. s v n : / / or s v n + s s h : / / Remote access with the svnserve server (also over SSH). This requires localpermissionsonthefilesystem(defaultport:2690/tcp). h t t p : / / Remote access with webdav using apache. No local users are necessary for this method. Using the local file system, it is now possible to import and then check out an existing project. Unlike withCVSitisnotnecessarytocdintotheprojectdirectory,simplygivethefullpath:
#s v ni m p o r t/ p r o j e c t 1 /f i l e : / / / h o m e / s v n / p r o j e c t 1 / t r u n km' I n i t i a li m p o r t ' #s v nc h e c k o u tf i l e : / / / h o m e / s v n / p r o j e c t 1
Thenewdirectory"trunk"isonlyaconvention,thisisnotrequired. Re mote acce sswithssh No special setup is required to access the repository via ssh, simply replace f i l e : / / with s v n + s s h / h o s t n a m e .Forexample:
#s v nc h e c k o u ts v n + s s h : / / h o s t n a m e / h o m e / s v n / p r o j e c t 1
Aswiththelocalfileaccess,everyuserneedsansshaccesstotheserver(withalocalaccount)and also read/write access. This method might be suitable for a small group. All users could belong to a subversiongroupwhichownstherepository,forexample:
#g r o u p a d ds u b v e r s i o n #g r o u p m o dAu s e r 1s u b v e r s i o n #c h o w nRr o o t : s u b v e r s i o n/ h o m e / s v n #c h m o dR7 7 0/ h o m e / s v n
33/49
11/20/13
Unix Toolbox
Re mote acce sswithhttp(apache ) Remoteaccessoverhttp(https)istheonlygoodsolutionforalargerusergroup.Thismethodusesthe apacheauthentication,notthelocalaccounts.Thisisatypicalbutsmallapacheconfiguration:

L o a d M o d u l ed a v _ m o d u l e L o a d M o d u l ed a v _ s v n _ m o d u l e L o a d M o d u l ea u t h z _ s v n _ m o d u l e m o d u l e s / m o d _ d a v . s o m o d u l e s / m o d _ d a v _ s v n . s o m o d u l e s / m o d _ a u t h z _ s v n . s o #O n l yf o ra c c e s sc o n t r o l
< L o c a t i o n/ s v n > D A Vs v n #a n y" / s v n / f o o "U R Lw i l lm a pt oar e p o s i t o r y/ h o m e / s v n / f o o S V N P a r e n t P a t h/ h o m e / s v n A u t h T y p eB a s i c A u t h N a m e" S u b v e r s i o nr e p o s i t o r y " A u t h z S V N A c c e s s F i l e/ e t c / a p a c h e 2 / s v n . a c l A u t h U s e r F i l e/ e t c / a p a c h e 2 / s v n p a s s w d R e q u i r ev a l i d u s e r < / L o c a t i o n >
Theapacheserverneedsfullaccesstotherepository:
#c h o w nRw w w : w w w/ h o m e / s v n
Createauserwithhtpasswd2:
#h t p a s s w dc/ e t c / s v n p a s s w du s e r 1 #cc r e a t e st h ef i l e
Accesscontrolsvn.aclexample
#D e f a u l ti tr e a da c c e s s ." *= "w o u l db ed e f a u l tn oa c c e s s [ / ] *=r [ g r o u p s ] p r o j e c t 1 d e v e l o p e r s=j o e ,j a c k ,j a n e #G i v ew r i t ea c c e s st ot h ed e v e l o p e r s [ p r o j e c t 1 : ] @ p r o j e c t 1 d e v e l o p e r s=r w
13. 2 SVN commands and usage

See also the Subversion Quick Reference Cardhttp://www.cs.put.poznan.pl/csobaniec/Papers/sv nref card.pdf . Tortoise SVNhttp://tortoisesv n.tigris.orgisaniceWindowsinterface. Impor t A new project, that is a directory with some files, is imported into the repository with the i m p o r t command.Importisalsousedtoaddadirectorywithitscontenttoanexistingproject.
#s v nh e l pi m p o r t #G e th e l pf o ra n yc o m m a n d #A d dan e wd i r e c t o r y( w i t hc o n t e n t )i n t ot h es r cd i ro np r o j e c t 1 #s v ni m p o r t/ p r o j e c t 1 / n e w d i rh t t p : / / h o s t . u r l / s v n / p r o j e c t 1 / t r u n k / s r cm' a d dn e w d i r '
TypicalSVNcommands
#s v nc oh t t p : / / h o s t . u r l / s v n / p r o j e c t 1 / t r u n k #C h e c k o u tt h em o s tr e c e n tv e r s i o n #T a g sa n db r a n c h e sa r ec r e a t e db yc o p y i n g #s v nm k d i rh t t p : / / h o s t . u r l / s v n / p r o j e c t 1 / t a g s / #C r e a t et h et a g sd i r e c t o r y #s v nc o p ym" T a gr c 1r e l . "h t t p : / / h o s t . u r l / s v n / p r o j e c t 1 / t r u n k\ h t t p : / / h o s t . u r l / s v n / p r o j e c t 1 / t a g s / 1 . 0 r c 1 #s v ns t a t u s[ v e r b o s e ] #C h e c kf i l e ss t a t u si n t ow o r k i n gd i r #s v na d ds r c / f i l e . hs r c / f i l e . c p p #A d dt w of i l e s #s v nc o m m i tm' A d d e dn e wc l a s sf i l e ' #C o m m i tt h ec h a n g e sw i t ham e s s a g e #s v nl sh t t p : / / h o s t . u r l / s v n / p r o j e c t 1 / t a g s / #L i s ta l lt a g s #s v nm o v ef o o . cb a r . c #M o v e( r e n a m e )f i l e s #s v nd e l e t es o m e _ o l d _ f i l e #D e l e t ef i l e s
1 4 US E F UL C O M M A ND S
less|vi|mail|tar|zip|dd|screen|find|Miscellaneous
14. 1 less
Thel e s s commanddisplaysatextdocumentontheconsole.Itispresentonmostinstallation.
#l e s su n i x t o o l b o x . x h t m l
Someimportantcommandsare(^Nstandsfor[control][N]): hHgoodhelpondisplay f^F^VSPACEForwardonewindow(orNlines). b^BESCv Backwardonewindow(orNlines).

11/20/13
Unix Toolbox
FForwardforeverlike"tailf". /patternSearchforwardfor(Nth)matchingline. ?patternSearchbackwardfor(Nth)matchingline. nRepeatprevioussearch(forNthoccurrence). NRepeatprevioussearchinreversedirection. qquit
14. 2 vi
ViispresentonANYLinux/Unixinstallation(notgentoo?)anditisthereforeusefultoknowsomebasic commands. There are two modes: command mode and insertion mode. The commands mode is accessedwith[ESC],theinsertionmodewithi.Use: h e l p ifyouarelost. Theeditorsn a n o andp i c o areusuallyavailabletooandareeasier(IMHO)touse. Quit :wnewfilenamesavethefiletonewfilename :wqor:xsaveandquit :q!quitwithoutsaving Se ar chandmov e /stringSearchforwardforstring ?stringSearchbackforstring nSearchfornextinstanceofstring NSearchforpreviousinstanceofstring {Moveaparagraphback }Moveaparagraphforward 1GMovetothefirstlineofthefile nGMovetothenthlineofthefile GMovetothelastlineofthefile :%s/OLD/NEW/gSearchandreplaceeveryoccurrence De le te copypaste te xt dd(dw)Cutcurrentline(word) DCuttotheendoftheline xDelete(cut)character yy(yw)Copyline(word)aftercursor PPasteaftercursor uUndolastmodification UUndoallchangestocurrentline
14. 3 mail
The m a i l command is a basic application to read and send email, it is usually installed. To send an email simply type "mail user@domain". The first line is the subject, then the mail content. Terminate andsendtheemailwithasingledot(.)inanewline.Example:
#m a i lc @ c b . v u S u b j e c t :Y o u rt e x ti sf u l lo ft y p o s " F o ram o m e n t ,n o t h i n gh a p p e n e d .T h e n ,a f t e ras e c o n do rs o , n o t h i n gc o n t i n u e dt oh a p p e n . " . E O T #
Thisisalsoworkingwithapipe:
#e c h o" T h i si st h em a i lb o d y "|m a i lc @ c b . v u
Thisisalsoasimplewaytotestthemailserver.
14. 4 t ar
Thecommand t a r (tapearchive)createsandextractsarchivesoffileanddirectories.Thearchive.tar is uncompressed, a compressed archive has the extension .tgz or .tar.gz (zip) or .tbz (bzip2). Do not
11/20/13
Unix Toolbox
use absolute path when creating an archive, you probably want to unpack it somewhere else. Some typicalcommandsare: Cr e ate
#c d/ #t a rc fh o m e . t a rh o m e / #t a rc z fh o m e . t g zh o m e / #t a rc j fh o m e . t b zh o m e / #a r c h i v et h ew h o l e/ h o m ed i r e c t o r y( cf o rc r e a t e ) #s a m ew i t hz i pc o m p r e s s i o n #s a m ew i t hb z i p 2c o m p r e s s i o n
Onlyincludeone(ortwo)directoriesfromatree,butkeeptherelativestructure.Forexamplearchive /usr/local/etcand/usr/local/wwwandthefirstdirectoryinthearchiveshouldbelocal/.
#t a rC/ u s rc z fl o c a l . t g zl o c a l / e t cl o c a l / w w w #t a rC/ u s rx z fl o c a l . t g z #T ou n t a rt h el o c a ld i ri n t o/ u s r #c d/ u s r ;t a rx z fl o c a l . t g z #I st h es a m ea sa b o v e
Extr act
#t a rt z fh o m e . t g z #t a rx fh o m e . t a r #t a rx z fh o m e . t g z #l o o ki n s i d et h ea r c h i v ew i t h o u te x t r a c t i n g( l i s t ) #e x t r a c tt h ea r c h i v eh e r e( xf o re x t r a c t ) #s a m ew i t hz i pc o m p r e s s i o n( x j ff o rb z i p 2c o m p r e s s i o n ) #r e m o v el e a d i n gp a t hg a l l e r y 2a n de x t r a c ti n t og a l l e r y #t a rs t r i p c o m p o n e n t s1z x v fg a l l e r y 2 . t g zCg a l l e r y / #t a rx j fh o m e . t b zh o m e / c o l i n / f i l e . t x t #R e s t o r eas i n g l ef i l e #t a rx O fh o m e . t b zh o m e / c o l i n / f i l e . t x t #P r i n tf i l et os t d o u t( n oe x t r a c t i o n )
M or e adv ance d
#t a rcd i r /|g z i p|s s hu s e r @ r e m o t e' d do f = d i r . t g z '#a r c hd i r /a n ds t o r er e m o t e l y . #t a rc v f-` f i n d.p r i n t `>b a c k u p . t a r #a r c ht h ec u r r e n td i r e c t o r y . #t a rc f-C/ e t c.|t a rx p f-C/ b a c k u p / e t c #C o p yd i r e c t o r i e s #t a rc f-C/ e t c.|s s hu s e r @ r e m o t et a rx p f-C/ b a c k u p / e t c #R e m o t ec o p y . #t a rc z fh o m e . t g ze x c l u d e' * . o 'e x c l u d e' t m p / 'h o m e /
14. 5 z ip/ unz ip

ZipfilescanbeeasiertosharewithWindows.
#z i prf i l e N a m e . z i p/ p a t h / t o / d i r #u n z i pf i l e N a m e . z i p #u n z i plf i l e N a m e . z i p #u n z i pcf i l e N a m e . z i pf i l e i n s i d e . t x t #u n z i pf i l e N a m e . z i pf i l e i n s i d e . t x t #z i pd i ri n t of i l ef i l e N a m e . z i p #u n c o m p r e s sz i pf i l e #l i s tf i l e si n s i d ea r c h i v e #p r i n to n ef i l et os t d o u t( n oe x t r a c t i o n ) #e x t r a c to n ef i l eo n l y
14. 6 dd
Theprogram d d (diskdumpordestroydiskorseethe meaning of dd) is used to copy partitions and disksandforothercopytricks.Typicalusage:
#d di f = < s o u r c e >o f = < t a r g e t >b s = c o n v = < c o n v e r s i o n > #k i l lI N F OP I D #V i e wd dp r o g r e s s( F r e e B S D ,O S X )
Importantconvoptions:
n o t r u n c donottruncatetheoutputfile,allzeroswillbewrittenaszeros. n o e r r o r continueafterreaderrors(e.g.badblocks) s y n c padeveryinputblockwithNullstoibssize
Thedefaultbytesizeis512(oneblock).TheMBR,wherethepartitiontableislocated,isonthefirst block,thefirst63blocksofadiskareempty.Largerbytesizesarefastertocopybutrequirealsomore memory. Backupandr e stor e

#d di f = / d e v / h d ao f = / d e v / h d cb s = 1 6 0 6 5 b #C o p yd i s kt od i s k( s a m es i z e ) #d di f = / d e v / s d a 7o f = / h o m e / r o o t . i m gb s = 4 0 9 6c o n v = n o t r u n c , n o e r r o r#B a c k u p/ #d di f = / h o m e / r o o t . i m go f = / d e v / s d a 7b s = 4 0 9 6c o n v = n o t r u n c , n o e r r o r#R e s t o r e/ #d db s = 1 Mi f = / d e v / a d 4 s 3 e|g z i pc>a d 4 s 3 e . g z #Z i pt h eb a c k u p #g u n z i pd ca d 4 s 3 e . g z|d do f = / d e v / a d 0 s 3 eb s = 1 M #R e s t o r et h ez i p #d db s = 1 Mi f = / d e v / a d 4 s 3 e|g z i p|s s he e d c o b a @ f r y' d do f = a d 4 s 3 e . g z '#a l s or e m o t e #g u n z i pd ca d 4 s 3 e . g z|s s he e d c o b a @ h o s t' d do f = / d e v / a d 0 s 3 eb s = 1 M ' #d di f = / d e v / a d 0o f = / d e v / a d 2s k i p = 1s e e k = 1b s = 4 kc o n v = n o e r r o r #S k i pM B R #T h i si sn e c e s s a r yi ft h ed e s t i n a t i o n( a d 2 )i ss m a l l e r . #d di f = / v m / F r e e B S D 8 . 2 R E L E A S E a m d 6 4 m e m s t i c k . i m go f = / d e v / d i s k 1b s = 1 0 2 4 0c o n v = s y n c #C o p yF r e e B S Di m a g et oU S Bm e m o r ys t i c k
Re cov e r
11/20/13
Unix Toolbox
Thecommand d d willreadeverysingleblock ofthepartition.Incaseofproblemsitisbettertousethe optionc o n v = s y n c , n o e r r o r soddwillskipthebadblockandwritezerosatthedestination.Accordinglyit isimportanttosettheblocksizeequalorsmallerthanthediskblocksize.A1ksizeseemssafe,setit with b s = 1 k . If a disk has bad sectors and the data should be recovered from a partition, create an imagefilewithdd,mounttheimageandcopythecontenttoanewdisk.Withtheoptionn o e r r o r ,ddwill skip the bad sectors and write zeros instead, thus only the data contained in the bad sectors will be lost.
#d di f = / d e v / h d ao f = / d e v / n u l lb s = 1 m #C h e c kf o rb a db l o c k s #d db s = 1 ki f = / d e v / h d a 1c o n v = s y n c , n o e r r o r , n o t r u n c|g z i p|s s h\#S e n dt or e m o t e r o o t @ f r y' d do f = h d a 1 . g zb s = 1 k ' #d db s = 1 ki f = / d e v / h d a 1c o n v = s y n c , n o e r r o r , n o t r u n co f = h d a 1 . i m g #S t o r ei n t oa ni m a g e #m o u n tol o o p/ h d a 1 . i m g/ m n t #M o u n tt h ei m a g e #r s y n ca x/ m n t // n e w d i s k / #C o p yo nan e wd i s k #d di f = / d e v / h d ao f = / d e v / h d a #R e f r e s ht h em a g n e t i cs t a t e #T h ea b o v ei su s e f u lt or e f r e s had i s k .I ti sp e r f e c t l ys a f e ,b u tm u s tb eu n m o u n t e d .
De le te
#d di f = / d e v / z e r oo f = / d e v / h d c #d di f = / d e v / u r a n d o mo f = / d e v / h d c #k i l lU S R 1P I D #k i l lI N F OP I D #D e l e t ef u l ld i s k #D e l e t ef u l ld i s kb e t t e r #V i e wd dp r o g r e s s( L i n u x ) #V i e wd dp r o g r e s s( F r e e B S D )
M BRtr icks TheMBRcontainsthebootloaderandthepartitiontableandis512bytessmall.Thefirst446arefor thebootloader,thebytes446to512areforthepartitiontable.

#d di f = / d e v / s d ao f = / m b r _ s d a . b a kb s = 5 1 2c o u n t = 1 #B a c k u pt h ef u l lM B R #d di f = / d e v / z e r oo f = / d e v / s d ab s = 5 1 2c o u n t = 1 #D e l e t eM B Ra n dp a r t i t i o nt a b l e #d di f = / m b r _ s d a . b a ko f = / d e v / s d ab s = 5 1 2c o u n t = 1 #R e s t o r et h ef u l lM B R #d di f = / m b r _ s d a . b a ko f = / d e v / s d ab s = 4 4 6c o u n t = 1 #R e s t o r eo n l yt h eb o o tl o a d e r #d di f = / m b r _ s d a . b a ko f = / d e v / s d ab s = 1c o u n t = 6 4s k i p = 4 4 6s e e k = 4 4 6#R e s t o r ep a r t i t i o nt a b l e
14. 7 scr een

Screen(amusthave)hastwomainfunctionalities: Runmultipleterminalsessionwithinasingleterminal. Astartedprogramisdecoupledfromtherealterminalandcanthusruninthebackground.The realterminalcanbeclosedandreattachedlater. Shor tstar te xample startscreenwith:
#s c r e e n
Withinthescreensessionwecanstartalonglastingprogram(liketop).
#t o p
NowdetachwithCtrlaCtrld.Reattachtheterminalwith:
#s c r e e nRD
Indetailthismeans:Ifasessionisrunning,thenreattach.Ifnecessarydetachandlogoutremotelyfirst. Ifitwasnotrunningcreateitandnotifytheuser.Or:
#s c r e e nx
Attachtoarunningscreeninamultidisplaymode.Theconsoleisthussharedamongmultipleusers. Veryusefulforteamwork/debug! Scr e e ncommands(withinscr e e n) AllscreencommandsstartwithCtrla. Ctrla?helpandsummaryoffunctions Ctrlaccreateannewwindow(terminal) CtrlaCtrlnandCtrlaCtrlptoswitchtothenextorpreviouswindowinthelist,bynumber. CtrlaCtrlNwhereNisanumberfrom0to9,toswitchtothecorrespondingwindow. Ctrla"togetanavigablelistofrunningwindows CtrlaatoclearamissedCtrla CtrlaCtrldtodisconnectandleavethesessionrunninginthebackground Ctrlaxlockthescreenterminalwithapassword
11/20/13
Unix Toolbox
Ctrla[enterintoscrollbackmode,exitwithesc. Usee c h o" d e f s c r o l l b a c k5 0 0 0 ">~ / . s c r e e n r c toincreasebuffer(defaultis100) CuScrollsahalfpageup CbScrollafullpageup CdScrollahalfpagedown CfScrollafullpagedown /Searchforward ?Searchbackward The screen session is terminated when the program within the running terminal is closed and you logoutfromtheterminal.
14. 8 Find
Someimportantoptions:
x (onBSD)x d e v (onLinux)Stayonthesamefilesystem(devinfstab). e x e cc m d{ }\ ; Executethecommandandreplace{}withthefullpath i n a m e Likenamebutiscaseinsensitive l s Displayinformationaboutthefile(likelsla) s i z en nis+n(kMGTP) c m i nn File'sstatuswaslastchangednminutesago.
#f i n d.t y p ef!p e r m4 4 4 #F i n df i l e sn o tr e a d a b l eb ya l l #f i n d.t y p ed!p e r m1 1 1 #F i n dd i r sn o ta c c e s s i b l eb ya l l #f i n d/ h o m e / u s e r /c m i n1 0p r i n t #F i l e sc r e a t e do rm o d i f i e di nt h el a s t1 0m i n . #f i n d.n a m e' * . [ c h ] '|x a r g sg r e pE' e x p r '#S e a r c h' e x p r 'i nt h i sd i ra n db e l o w . #f i n d/n a m e" * . c o r e "|x a r g sr m #F i n dc o r ed u m p sa n dd e l e t et h e m( a l s ot r yc o r e . * ) #f i n d/n a m e" * . c o r e "p r i n te x e cr m{ }\ ; #O t h e rs y n t a x #F i n di m a g e sa n dc r e a t ea na r c h i v e ,i n a m ei sn o tc a s es e n s i t i v e .rf o ra p p e n d #f i n d.\ (i n a m e" * . p n g "oi n a m e" * . j p g "\ )p r i n te x e ct a rr fi m a g e s . t a r{ }\ ; #f i n d.t y p efn a m e" * . t x t "!n a m eR E A D M E . t x tp r i n t #E x c l u d eR E A D M E . t x tf i l e s #f i n d/ v a r /s i z e+ 1 0 Me x e cl sl h{ }\ ; #F i n dl a r g ef i l e s>1 0M B #f i n d/ v a r /s i z e+ 1 0 Ml s #T h i si ss i m p l e r #f i n d.s i z e+ 1 0 Ms i z e5 0 Mp r i n t #f i n d/ u s r / p o r t s /n a m ew o r kt y p edp r i n te x e cr mr f{ }\ ; #C l e a nt h ep o r t s #F i n df i l e sw i t hS U I D ;t h o s ef i l ea r ev u l n e r a b l ea n dm u s tb ek e p ts e c u r e #f i n d/t y p efu s e rr o o tp e r m4 0 0 0e x e cl sl{ }\ ; #f i n df l a c /i n a m e* . f l a cp r i n ts i z e+ 5 0 0 ke x e c/ A p p l i c a t i o n s / F l u k e . a p p / C o n t e n t s / M a c O S / F l u k e{ }\ ; #Iu s ea b o v et oa d df l a cf i l e st oi T u n e so nO S X
Becarefulwithxargorexecasitmightormightnothonorquotingsandcanreturnwrongresultswhen files or directories contain spaces. In doubt use "print0 | xargs 0" instead of "| xargs". The option print0 must be the last in the find command. See this nice mini tutorial for findhttp://www.hccf l.edu/pollock/Unix/FindCmd.htm .
#f i n d.t y p ef|x a r g sl sl #W i l ln o tw o r kw i t hs p a c e si nn a m e s #f i n d.t y p efp r i n t 0|x a r g s0l sl #W i l lw o r kw i t hs p a c e si nn a m e s #f i n d.t y p efe x e cl sl' { } '\ ;#O ru s eq u o t e s' { } 'w i t he x e c
Duplicatedirectorytree:
#f i n d.t y p ede x e cm k d i rp/ t m p / n e w _ d e s t / { }\ ;
14. 9 Miscellaneous
#w h i c hc o m m a n d #S h o wf u l lp a t hn a m eo fc o m m a n d #t i m ec o m m a n d #S e eh o wl o n gac o m m a n dt a k e st oe x e c u t e #t i m ec a t #U s et i m ea ss t o p w a t c h .C t r l ct os t o p #s e t|g r e p$ U S E R #L i s tt h ec u r r e n te n v i r o n m e n t #c a l3 #D i s p l a yat h r e em o n t hc a l e n d a r #d a t e[ u | u t c | u n i v e r s a l ][ M M D D h h m m [ [ C C ] Y Y ] [ . s s ] ] #d a t e1 0 0 2 2 1 5 5 #S e td a t ea n dt i m e #w h a t i sg r e p #D i s p l a yas h o r ti n f oo nt h ec o m m a n do rw o r d #w h e r e i sj a v a #S e a r c hp a t ha n ds t a n d a r dd i r e c t o r i e sf o rw o r d #s e t e n vv a r n a m ev a l u e #S e te n v .v a r i a b l ev a r n a m et ov a l u e( c s h / t c s h ) #e x p o r tv a r n a m e = " v a l u e " #s e te n v .v a r i a b l ev a r n a m et ov a l u e( s h / k s h / b a s h ) #p w d #P r i n tw o r k i n gd i r e c t o r y #m k d i rp/ p a t h / t o / d i r #n oe r r o ri fe x i s t i n g ,m a k ep a r e n td i r sa sn e e d e d #m k d i rpp r o j e c t / { b i n , s r c , o b j , d o c / { h t m l , m a n , p d f } , d e b u g / s o m e / m o r e / d i r s } #r m d i r/ p a t h / t o / d i r #R e m o v ed i r e c t o r y #r mr f/ p a t h / t o / d i r #R e m o v ed i r e c t o r ya n di t sc o n t e n t( f o r c e ) #r m-b a d c h a r . t x t #R e m o v ef i l ew h i t c hs t a r t sw i t had a s h( ) #c pl a/ d i r 1/ d i r 2 #A r c h i v ea n dh a r dl i n kf i l e si n s t e a do fc o p y #c pl p R/ d i r 1/ d i r 2 #S a m ef o rF r e e B S D #c pu n i x t o o l b o x . x h t m l { , . b a k } #S h o r tw a yt oc o p yt h ef i l ew i t han e we x t e n s i o n
11/20/13
Unix Toolbox
#m v/ d i r 1/ d i r 2 #R e n a m ead i r e c t o r y #l s1 #l i s to n ef i l ep e rl i n e #h i s t o r y|t a i l5 0 #D i s p l a yt h el a s t5 0u s e dc o m m a n d s #c d#c dt op r e v i o u s( $ O L D P W D )d i r e c t o r y #/ b i n / l s |g r e pv. p y|x a r g sr mr#p i p ef i l en a m e st or mw i t hx a r g s
Checkfilehasheswithopenssl.Thisisanicealternativetothecommandsm d 5 s u m ors h a 1 s u m (FreeBSD usesm d 5 ands h a 1 )whicharenotalwaysinstalled.

#o p e n s s lm d 5f i l e . t a r . g z #o p e n s s ls h a 1f i l e . t a r . g z #o p e n s s lr m d 1 6 0f i l e . t a r . g z #G e n e r a t ea nm d 5c h e c k s u mf r o mf i l e #G e n e r a t ea ns h a 1c h e c k s u mf r o mf i l e #G e n e r a t eaR I P E M D 1 6 0c h e c k s u mf r o mf i l e
1 5 I NS T A L L S O F T W A R E
Usuallythepackagemanagerusestheproxyvariableforhttp/ftprequests.In.bashrc:
e x p o r th t t p _ p r o x y = h t t p : / / p r o x y _ s e r v e r : 3 1 2 8 e x p o r tf t p _ p r o x y = h t t p : / / p r o x y _ s e r v e r : 3 1 2 8
15. 1 List inst alled packages

#r p mq a #d p k gl #p k g _ i n f o #p k g _ i n f oWs m b d #p k g i n f o #L i s ti n s t a l l e dp a c k a g e s( R H ,S u S E ,R P Mb a s e d ) #D e b i a n ,U b u n t u #F r e e B S Dl i s ta l li n s t a l l e dp a c k a g e s #F r e e B S Ds h o ww h i c hp a c k a g es m b db e l o n g st o #S o l a r i s
15. 2 Add/ r emove soft war e

Frontends:yast2/yastforSuSE,redhatconfigpackagesforRedHat.
#r p mip k g n a m e . r p m #r p mep k g n a m e #i n s t a l lt h ep a c k a g e( R H ,S u S E ,R P Mb a s e d ) #R e m o v ep a c k a g e
SuSEzyppe r (se e docandche e tshe e t) http://en.opensuse.org/SDB:Zy pper_usage

#z y p p e rr e f r e s h #z y p p e ri n s t a l lv i m #z y p p e rr e m o v ev i m #z y p p e rs e a r c hv i m #z y p p e ru p d a t ev i m #R e f r e s hr e p o s i t o r i e #I n s t a l lt h ep a c k a g ev i m #R e m o v et h ep a c k a g ev i m #S e a r c hp a c k a g e sw i t hv i m #S e a r c hp a c k a g e sw i t hv i m
De bian
#a p t g e tu p d a t e #a p t g e ti n s t a l le m a c s #d p k gr e m o v ee m a c s #d p k gSf i l e #F i r s tu p d a t et h ep a c k a g el i s t s #I n s t a l lt h ep a c k a g ee m a c s #R e m o v et h ep a c k a g ee m a c s #f i n dw h a tp a c k a g eaf i l eb e l o n g st o
Ge ntoo Gentoousesemergeastheheartofits"Portage"packagemanagementsystem.
#e m e r g es y n c #e m e r g eup a c k a g e n a m e #e m e r g eCp a c k a g e n a m e #r e v d e p r e b u i l d #F i r s ts y n ct h el o c a lp o r t a g et r e e #I n s t a l lo ru p g r a d eap a c k a g e #R e m o v et h ep a c k a g e #R e p a i rd e p e n d e n c i e s
Solar is The<cdrom>pathisusually/ c d r o m / c d r o m 0 .
#p k g a d dd< c d r o m > / S o l a r i s _ 9 / P r o d u c tS U N W g t a r #p k g a d ddS U N W g t a r #A d dd o w n l o a d e dp a c k a g e( b u n z i p 2f i r s t ) #p k g r mS U N W g t a r #R e m o v et h ep a c k a g e
Fr e e BSD
#p k g _ a d drr s y n c #p k g _ d e l e t e/ v a r / d b / p k g / r s y n c x x #F e t c ha n di n s t a l lr s y n c . #D e l e t et h er s y n cp a c k a g e
SetwherethepackagesarefetchedfromwiththeP A C K A G E S I T E variable.Forexample:
#e x p o r tP A C K A G E S I T E = f t p : / / f t p . f r e e b s d . o r g / p u b / F r e e B S D / p o r t s / i 3 8 6 / p a c k a g e s / L a t e s t / #o rf t p : / / f t p . f r e e b s d . o r g / p u b / F r e e B S D / p o r t s / i 3 8 6 / p a c k a g e s 6 s t a b l e / L a t e s t /
Fr e e BSDpor ts http://www.f reebsd.org/handbook/ports.html Theporttree/ u s r / p o r t s / isacollectionofsoftwarereadytocompileandinstall(seemanports).The portsareupdatedwiththeprogramp o r t s n a p .

11/20/13
Unix Toolbox
#p o r t s n a pf e t c he x t r a c t #p o r t s n a pf e t c hu p d a t e #c d/ u s r / p o r t s / n e t / r s y n c / #m a k ei n s t a l ld i s t c l e a n #m a k ep a c k a g e #p k g d bF #p o r t s c l e a nCD D
#C r e a t et h et r e ew h e nr u n n i n gt h ef i r s tt i m e #U p d a t et h ep o r tt r e e #S e l e c tt h ep a c k a g et oi n s t a l l #I n s t a l la n dc l e a n u p( a l s os e em a np o r t s ) #M a k eab i n a r yp a c k a g eo ft h i sp o r t #F i xt h ep a c k a g er e g i s t r yd a t a b a s e #C l e a nw o r k d i ra n dd i s t d i r( p a r to fp o r t u p g r a d e )
OSXM acPor ts http://guide.macports.org/ (use sudofor allcommands)

#p o r ts e l f u p d a t e #U p d a t et h ep o r tt r e e( s a f e ) #p o r ti n s t a l l e d #L i s ti n s t a l l e dp o r t s #p o r td e p sa p a c h e 2 #L i s td e p e n d e n c i e sf o rt h i sp o r t #p o r ts e a r c hp g r e p #S e a r c hf o rs t r i n g #p o r ti n s t a l lp r o c t o o l s #I n s t a l lt h i sp a c k a g e #p o r tv a r i a n t sg h o s t s c r i p t #L i s tv a r i a n t so ft h i sp o r t #p o r tvi n s t a l lg h o s t s c r i p t+ n o _ x 1 1 #n o _ x 1 1f o rn e g a t i v ev a l u e #p o r tc l e a na l lg h o s t s c r i p t #C l e a nw o r k d i ro fp o r t #p o r tu p g r a d eg h o s t s c r i p t #U p g r a d et h i sp o r t #p o r tu n i n s t a l lg h o s t s c r i p t #U n i n s t a l lt h i sp o r t #p o r tfu n i n s t a l li n s t a l l e d #U n i n s t a l le v e r y t h i n g
15. 3 Libr ar y pat h

Duetocomplexdependenciesandruntimelinking,programsaredifficulttocopytoanothersystemor distribution. However for small programs with little dependencies, the missing libraries can be copied over.Theruntimelibraries(andthemissingone)arecheckedwithl d d andmanagedwithl d c o n f i g .
#l d d/ u s r / b i n / r s y n c #o t o o lL/ u s r / b i n / r s y n c #l d c o n f i gn/ p a t h / t o / l i b s / #l d c o n f i gm/ p a t h / t o / l i b s / #L D _ L I B R A R Y _ P A T H #L i s ta l ln e e d e dr u n t i m el i b r a r i e s #O SXe q u i v a l e n tt ol d d #A d dap a t ht ot h es h a r e dl i b r a r i e sd i r e c t o r i e s #F r e e B S D #T h ev a r i a b l es e tt h el i n kl i b r a r yp a t h
1 6 C O NVE R T M E D I A
Sometimesonesimplyneedtoconvertavideo,audiofileordocumenttoanotherformat.
16. 1 Text encoding

Textencodingcangettotallywrong,speciallywhenthelanguagerequiresspecialcharacterslike. Thecommandi c o n v canconvertfromoneencodingtoanother.
#i c o n vf< f r o m _ e n c o d i n g >t< t o _ e n c o d i n g > #i c o n vfI S O 8 8 5 9 1tU T F 8of i l e . i n p u t>f i l e _ u t f 8 #i c o n vl #L i s tk n o w nc o d e dc h a r a c t e rs e t s
Withoutthefoption,iconvwillusethelocalcharset,whichisusuallyfineifthedocumentdisplayswell. Convert filenames from one encoding to another (not file content). Works also if only some files are alreadyutf8
#c o n v m vrfu t f 8n f dtu t f 8n f c/ d i r / *n o t e s t
16. 2 Unix DOS newlines

Convert DOS (CR/LF) to Unix (LF) newlines and back within a Unix shell. See also d o s 2 u n i x and u n i x 2 d o s ifyouhavethem.
#s e d' s / . $ / / 'd o s f i l e . t x t>u n i x f i l e . t x t #a w k' { s u b ( / \ r $ / , " " ) ; p r i n t } 'd o s f i l e . t x t>u n i x f i l e . t x t #a w k' { s u b ( / $ / , " \ r " ) ; p r i n t } 'u n i x f i l e . t x t>d o s f i l e . t x t #D O St oU N I X #D O St oU N I X #U N I Xt oD O S
Convert Unix to DOS newlines within a Windows environment. Use sed or awk from mingw or cygwin.
#s e dnpu n i x f i l e . t x t>d o s f i l e . t x t #a w k1u n i x f i l e . t x t>d o s f i l e . t x t #U N I Xt oD O S( w i t hac y g w i ns h e l l )
Remove^ M macnewlineandreplacewithunixnewline.Togeta^ M useCTLVthenCTLM

#t r' ^ M '' \ n '<m a c f i l e . t x t
16. 3 PDF t o Jpeg and concat enat e PDF files

Convert a PDF document with g s (GhostScript) to jpeg (or png) images for each page. Also much shorterwithc o n v e r t andm o g r i f y (fromImageMagickorGraphicsMagick).
#g sd B A T C Hd N O P A U S Es D E V I C E = j p e gr 1 5 0d T e x t A l p h a B i t s = 4d G r a p h i c s A l p h a B i t s = 4\
40/49
11/20/13
Unix Toolbox
d M a x S t r i p S i z e = 8 1 9 2s O u t p u t F i l e = u n i x t o o l b o x _ % d . j p gu n i x t o o l b o x . p d f #c o n v e r tu n i x t o o l b o x . p d fu n i x t o o l b o x % 0 3 d . p n g #c o n v e r t* . j p e gi m a g e s . p d f #C r e a t eas i m p l eP D Fw i t ha l lp i c t u r e s #c o n v e r ti m a g e 0 0 0 *r e s a m p l e1 2 0 x 1 2 0c o m p r e s sJ P E Gq u a l i t y8 0i m a g e s . p d f #m o g r i f yf o r m a tp n g* . p p m #c o n v e r ta l lp p mi m a g e st op n gf o r m a t
Ghostscript can also concatenate multiple pdf files into a single one. This only works well if the PDF filesare"wellbehaved".
#g sqs P A P E R S I Z E = a 4d N O P A U S Ed B A T C Hs D E V I C E = p d f w r i t es O u t p u t F i l e = a l l . p d f\ f i l e 1 . p d ff i l e 2 . p d f. . . #O nW i n d o w su s e' # 'i n s t e a do f' = '
http://f oolabs.com/xpdf /download.html Extractimagesfrompdfdocumentusingp d f i m a g e s frompopplerorx p d f
#p d f i m a g e sd o c u m e n t . p d fd s t / #y u mi n s t a l lp o p p l e r u t i l s #a p t g e ti n s t a l lp o p p l e r u t i l s
#e x t r a c ta l li m a g e sa n dp u ti nd s t #i n s t a l lp o p p l e r u t i l si fn e e d e d .o r :
16. 4 Conver t video

CompresstheCanondigicamvideowithanmpeg4codecandrepairthecrappysound.
#m e n c o d e rov i d e o o u t . a v io a cm p 3 l a m eo v cl a v cs r a t e1 1 0 2 5\ c h a n n e l s1a f a d vf o r c e = 1l a m e o p t sp r e s e t = m e d i u ml a v c o p t s\ v c o d e c = m s m p e g 4 v 2 : v b i t r a t e = 6 0 0m c0v i d o e i n . A V I
Seesoxforsoundprocessing.
16. 5 Copy an audio cd

http://xiph.org/paranoia/ The program c d p a r a n o i a can save the audio tracks (FreeBSD port in audio/cdparanoia/),o g g e n c canencodeinOggVorbisformat,l a m e convertstomp3.
#c d p a r a n o i aB #C o p yt h et r a c k st ow a vf i l e si nc u r r e n td i r #l a m eb2 5 6i n . w a vo u t . m p 3 #E n c o d ei nm p 32 5 6k b / s #f o rii n* . w a v ;d ol a m eb2 5 6$ i` b a s e n a m e$ i. w a v ` . m p 3 ;d o n e #o g g e n ci n . w a vb2 5 6o u t . o g g #E n c o d ei nO g gV o r b i s2 5 6k b / s
1 7 P R I NT I NG
17. 1 Pr int wit h lpr
#l p ru n i x t o o l b o x . p s #P r i n to nd e f a u l tp r i n t e r #e x p o r tP R I N T E R = h p 4 6 0 0 #C h a n g et h ed e f a u l tp r i n t e r #l p rP h p 4 5 0 0# 2u n i x t o o l b o x . p s #U s ep r i n t e rh p 4 5 0 0a n dp r i n t2c o p i e s #l p roD u p l e x = D u p l e x N o T u m b l e. . . #P r i n td u p l e xa l o n gt h el o n gs i d e #l p roP a g e S i z e = A 4 , D u p l e x = D u p l e x N o T u m b l e. . . #l p q #l p qlP h p 4 5 0 0 #l p r m#l p r mP h p 4 5 0 03 1 8 6 #l p cs t a t u s #l p cs t a t u sh p 4 5 0 0 #C h e c kt h eq u e u eo nd e f a u l tp r i n t e r #Q u e u eo np r i n t e rh p 4 5 0 0w i t hv e r b o s e #R e m o v ea l lu s e r sj o b so nd e f a u l tp r i n t e r #R e m o v ej o b3 1 8 6 .F i n dj o bn b rw i t hl p q #L i s ta l la v a i l a b l ep r i n t e r s #C h e c ki fp r i n t e ri so n l i n ea n dq u e u el e n g t h
Some devices are not postscript and will print garbage when fed with a pdf file. This might be solved with:
#g sd S A F E Rd N O P A U S Es D E V I C E = d e s k j e ts O u t p u t F i l e = \ | l p rf i l e . p d f
PrinttoaPDFfileeveniftheapplicationdoesnotsupportit.Use g s ontheprintcommandinsteadof l p r .
#g sqs P A P E R S I Z E = a 4d N O P A U S Ed B A T C Hs D E V I C E = p d f w r i t es O u t p u t F i l e = / p a t h / f i l e . p d f
18DATABASES
18. 1 Post gr eSQL
Change r ootor ause r name passwor d
#p s q ldt e m p l a t e 1Up g s q l >a l t e ru s e rp g s q lw i t hp a s s w o r d' p g s q l _ p a s s w o r d ' ; #U s eu s e r n a m ei n s t e a do f" p g s q l "
Cr e ate use r anddatabase Thecommands c r e a t e u s e r ,d r o p u s e r ,c r e a t e d b and d r o p d b areconvenientshortcutsequivalenttothe SQLcommands.Thenewuserisbobwithdatabasebobdbuseasrootwithpgsqlthedatabasesuper user:

11/20/13
Unix Toolbox
#c r e a t e u s e rUp g s q lPb o b #c r e a t e d bUp g s q lOb o bb o b d b #d r o p d bb o b d b #d r o p u s e rb o b
#Pw i l la s kf o rp a s s w o r d #n e wb o b d bi so w n e db yb o b #D e l e t ed a t a b a s eb o b d b #D e l e t eu s e rb o b
Thegeneraldatabaseauthenticationmechanismisconfiguredinpg_hba.conf Gr antr e mote acce ss Thefile$ P G S Q L _ D A T A _ D / p o s t g r e s q l . c o n f specifiestheaddresstobindto.Typicallyl i s t e n _ a d d r e s s e s= ' * ' forPostgres8.x. Thefile$ P G S Q L _ D A T A _ D / p g _ h b a . c o n f definestheaccesscontrol.Examples:
#T Y P E D A T A B A S E h o s t b o b d b h o s t a l l U S E R b o b a l l I P A D D R E S S 2 1 2 . 1 1 7 . 8 1 . 4 2 0 . 0 . 0 . 0 / 0 I P M A S K 2 5 5 . 2 5 5 . 2 5 5 . 2 5 5 M E T H O D p a s s w o r d p a s s w o r d
Backupandr e stor e The backups and restore are done with the user pgsql or postgres. Backup and restore a single database:
#p g _ d u m pc l e a nd b n a m e>d b n a m e _ s q l . d u m p #p s q ld b n a m e<d b n a m e _ s q l . d u m p
Backupandrestorealldatabases(includingusers):
#p g _ d u m p a l lc l e a n>f u l l . d u m p #p s q lff u l l . d u m pp o s t g r e s
Inthiscasetherestoreisstartedwiththedatabasepostgreswhichisbetterwhenreloadinganempty cluster.
18. 2 MySQL
Change mysqlr ootor use r name passwor d Method1
#/ e t c / i n i t . d / m y s q ls t o p o r #k i l l a l lm y s q l d #m y s q l ds k i p g r a n t t a b l e s #m y s q l a d m i nur o o tp a s s w o r d' n e w p a s s w d ' #/ e t c / i n i t . d / m y s q ls t a r t
Method2
#m y s q lur o o tm y s q l m y s q l >U P D A T EU S E RS E TP A S S W O R D = P A S S W O R D ( " n e w p a s s w o r d " )w h e r eu s e r = ' r o o t ' ; m y s q l >F L U S HP R I V I L E G E S ; #U s eu s e r n a m ei n s t e a do f" r o o t " m y s q l >q u i t
Cr e ate use r anddatabase (se e M ySQLdoc http://dev .my sql.com/doc/ref man/5.1/en/addingusers.html)

#m y s q lur o o tm y s q l m y s q l >C R E A T EU S E R' b o b ' @ ' l o c a l h o s t 'I D E N T I F I E DB Y' p w d ' ;#c r e a t eo n l yau s e r m y s q l >C R E A T ED A T A B A S Eb o b d b ; m y s q l >G R A N TA L LO N* . *T O' b o b ' @ ' % 'I D E N T I F I E DB Y' p w d ' ;#U s el o c a l h o s ti n s t e a do f% #t or e s t r i c tt h en e t w o r ka c c e s s m y s q l >D R O PD A T A B A S Eb o b d b ; #D e l e t ed a t a b a s e m y s q l >D R O PU S E Rb o b ; #D e l e t eu s e r m y s q l >D E L E T EF R O Mm y s q l . u s e rW H E R Eu s e r = ' b o ba n dh o s t = ' h o s t n a m e ' ;#A l t .c o m m a n d m y s q l >F L U S HP R I V I L E G E S ;
Gr antr e mote acce ss Remote access is typically permitted for a database, and not all databases. The file / e t c / m y . c n f contains the IP address to bind to. (On FreeBSD m y . c n f not created per fedault, copy one . c n f file from / u s r / l o c a l / s h a r e / m y s q l to / u s r / l o c a l / e t c / m y . c n f ) Typically comment the line b i n d a d d r e s s = out.
#m y s q lur o o tm y s q l m y s q l >G R A N TA L LO Nb o b d b . *T Ob o b @ ' x x x . x x x . x x x . x x x 'I D E N T I F I E DB Y' P A S S W O R D ' ; m y s q l >R E V O K EG R A N TO P T I O NO Nf o o . *F R O Mb a r @ ' x x x . x x x . x x x . x x x ' ; m y s q l >F L U S HP R I V I L E G E S ; #U s e' h o s t n a m e 'o ra l s o' % 'f o rf u l la c c e s s
Backupandr e stor e Backupandrestoreasingledatabase:

#m y s q l d u m pur o o tp s e c r e ta d d d r o p d a t a b a s ed b n a m e>d b n a m e _ s q l . d u m p
11/20/13
Unix Toolbox
#m y s q lur o o tp s e c r e tDd b n a m e<d b n a m e _ s q l . d u m p
Backupandrestorealldatabases:
#m y s q l d u m pur o o tp s e c r e ta d d d r o p d a t a b a s ea l l d a t a b a s e s>f u l l . d u m p #m y s q lur o o tp s e c r e t<f u l l . d u m p
Hereis"secret"themysqlrootpassword,thereisnospaceafterp.Whenthepoptionisusedalone (w/opassword),thepasswordisaskedatthecommandprompt.
18. 3 SQLit e
SQLitehttp://www.sqlite.orgisasmallpowerfulselfcontained,serverless,zeroconfigurationSQLdatabase. Dumpandr e stor e ItcanbeusefultodumpandrestoreanSQLitedatabase.Forexampleyoucaneditthedumpfileto changeacolumnattributeortypeandthenrestorethedatabase.ThisiseasierthanmessingwithSQL commands.Usethecommands q l i t e 3 fora3.xdatabase.
#s q l i t ed a t a b a s e . d b. d u m p>d u m p . s q l #s q l i t ed a t a b a s e . d b<d u m p . s q l #d u m p #r e s t o r e
Conv e r t2.xto3.xdatabase
s q l i t ed a t a b a s e _ v 2 . d b. d u m p|s q l i t e 3d a t a b a s e _ v 3 . d b
1 9 D I S K Q UO T A
Adiskquotaallowstolimittheamountofdiskspaceand/orthenumberoffilesauseror(ormemberof group)canuse.Thequotasareallocatedonaperfilesystembasisandareenforcedbythekernel.
19. 1 Linux set up

Thequotatoolspackageusuallyneedstobeinstalled,itcontainsthecommandlinetools. Activatetheuserquotainthefstabandremountthepartition.Ifthepartitionisbusy,eitheralllocked files must be closed, or the system must be rebooted. Add u s r q u o t a to the fstab mount options, for example:
/ d e v / s d a 2 / h o m e r e i s e r f s #m o u n tor e m o u n t/ h o m e #m o u n t #q u o t a c h e c kv u m/ h o m e #c h m o d6 4 4/ h o m e / a q u o t a . u s e r q u o t a o nv u/ h o m e r w , a c l , u s e r _ x a t t r , u s r q u o t a11 #C h e c ki fu s r q u o t ai sa c t i v e ,o t h e r w i s er e b o o t
Initializethequota.userfilewithq u o t a c h e c k .
#T ol e tt h eu s e r sc h e c kt h e i ro w nq u o t a
Activatethequotaeitherwiththeprovidedscript(e.g./etc/init.d/quotadonSuSE)orwithq u o t a o n : Checkthatthequotaisactivewith:
q u o t av
19. 2 Fr eeBSD set up

The quota tools are part of the base system, however the kernel needs the option quota. If it is not there,additandrecompilethekernel.
o p t i o n sQ U O T A
AswithLinux,addthequotatothefstaboptions(userquota,notusrquota):
/ d e v / a d 0 s 1 d / h o m e #m o u n t/ h o m e u f s r w , n o a t i m e , u s e r q u o t a 2 2 #T or e m o u n tt h ep a r t i t i o n
Enablediskquotasin/etc/rc.confandstartthequota.
#g r e pq u o t a s/ e t c / r c . c o n f e n a b l e _ q u o t a s = " Y E S " c h e c k _ q u o t a s = " Y E S " #/ e t c / r c . d / q u o t as t a r t #t u r no nq u o t a so ns t a r t u p( o rN O ) . #C h e c kq u o t a so ns t a r t u p( o rN O ) .
19. 3 Assign quot a limit s

The quotas are not limited per default (set to 0). The limits are set with e d q u o t a for single users. A quota can be also duplicated to many users. The file structure is different between the quota
11/20/13
Unix Toolbox
implementations, but the principle is the same: the values of blocks and inodes can be limited. Only change the values of soft and hard. If not specified, the blocks are 1k. The grace period is set with e d q u o t at .Forexample:
#e d q u o t auc o l i n
Linux
D i s kq u o t a sf o ru s e rc o l i n( u i d1 0 0 7 ) : F i l e s y s t e m b l o c k s s o f t / d e v / s d a 8 1 0 8 1 0 0 0 h a r d 2 0 0 0 i n o d e s 1 s o f t 0 h a r d 0
Fr e e BSD
Q u o t a sf o ru s e rc o l i n : / h o m e :k b y t e si nu s e :5 0 4 1 8 4 ,l i m i t s( s o f t=7 0 0 0 0 0 ,h a r d=8 0 0 0 0 0 ) i n o d e si nu s e :1 7 9 2 ,l i m i t s( s o f t=0 ,h a r d=0 )
For manyuse r s The command e d q u o t ap is used to duplicate a quota to other users. For example to duplicate a referencequotatoallusers:
#e d q u o t apr e f u s e r` a w kF :' $ 3>4 9 9{ p r i n t$ 1 } '/ e t c / p a s s w d ` #e d q u o t apr e f u s e ru s e r 1u s e r 2 #D u p l i c a t et o2u s e r s
Che cks Users can check their quota by simply typing q u o t a (the file quota.user must be readable). Root can checkallquotas.
#q u o t auc o l i n #r e p q u o t a/ h o m e #C h e c kq u o t af o rau s e r #F u l lr e p o r tf o rt h ep a r t i t i o nf o ra l lu s e r s
2 0 S HE L L S
MostLinuxdistributionsusethebashshellwhiletheBSDsusetcsh,thebourneshellisonlyusedfor scripts.Filtersareveryusefulandcanbepiped:
g r e p Patternmatching s e d SearchandReplacestringsorcharacters c u t Printspecificcolumnsfromamarker s o r t Sortalphabeticallyornumerically u n i q Removeduplicatelinesfromafile
Forexampleusedallatonce:
#i f c o n f i g|s e d' s / // g '|c u td ""f 1|u n i q|g r e pE" [ a z 0 9 ] + "|s o r tr #i f c o n f i g|s e d' / . * i n e ta d d r : / ! d ; s / / / ; s /. * / / ' | s o r tt .k 1 , 1 nk 2 , 2 nk 3 , 3 nk 4 , 4 n
Thefirstcharacterinthesedpatternisatab.Towriteatabontheconsole,usectrlvctrltab.
20. 1 bash
Redirectsandpipesforbashandsh:
#c m d1 >f i l e #c m d2 >f i l e #c m d1 > >f i l e #c m d& >f i l e #c m d> f i l e2 > & 1 #c m d 1|c m d 2 #c m d 12 > & 1|c m d 2 #R e d i r e c ts t d o u tt of i l e . #R e d i r e c ts t d e r rt of i l e . #R e d i r e c ta n da p p e n ds t d o u tt of i l e . #R e d i r e c tb o t hs t d o u ta n ds t d e r rt of i l e . #R e d i r e c t ss t d e r rt os t d o u ta n dt h e nt of i l e . #p i p es t d o u tt oc m d 2 #p i p es t d o u ta n ds t d e r rt oc m d 2
Modifyyourconfigurationin~/.bashrc(itcanalsobe~/.bash_profile).Thefollowingentriesareuseful, reloadwith"..bashrc".Withcygwinuse~/.bash_profilewithrxvtpastwithshift+leftclick.
#i n. b a s h r c b i n d' " \ e [ A " ' : h i s t o r y s e a r c h b a c k w a r d#U s eu pa n dd o w na r r o wt os e a r c h b i n d' " \ e [ B " ' : h i s t o r y s e a r c h f o r w a r d #t h eh i s t o r y .I n v a l u a b l e ! s e toe m a c s #S e te m a c sm o d ei nb a s h( s e eb e l o w ) s e tb e l l s t y l ev i s i b l e #D on o tb e e p ,i n v e r s ec o l o r s #S e tan i c ep r o m p tl i k e[ u s e r @ h o s t ] / p a t h / t o d i r > P S 1 = " \ [ \ 0 3 3 [ 1 ; 3 0 m \ ] [ \ [ \ 0 3 3 [ 1 ; 3 4 m \ ] \ u \ [ \ 0 3 3 [ 1 ; 3 0 m \ ] " P S 1 = " $ P S 1 @ \ [ \ 0 3 3 [ 0 ; 3 3 m \ ] \ h \ [ \ 0 3 3 [ 1 ; 3 0 m \ ] ] \ [ \ 0 3 3 [ 0 ; 3 7 m \ ] " P S 1 = " $ P S 1 \ w \ [ \ 0 3 3 [ 1 ; 3 0 m \ ] > \ [ \ 0 3 3 [ 0 m \ ] " #T oc h e c kt h ec u r r e n t l ya c t i v ea l i a s e s ,s i m p l yt y p ea l i a s a l i a s l s = ' l sa F ' #A p p e n di n d i c a t o r( o n eo f* / = > @ | )
11/20/13
Unix Toolbox
a l i a s l l = ' l sa F l s ' #L i s t i n g a l i a s l a = ' l sa l l ' a l i a s. . = ' c d. . ' a l i a s. . . = ' c d. . / . . ' e x p o r tH I S T F I L E S I Z E = 5 0 0 0 #L a r g e rh i s t o r y e x p o r tC L I C O L O R = 1 #U s ec o l o r s( i fp o s s i b l e ) e x p o r tL S C O L O R S = E x G x F x d x C x D x D x B x B x E x E x
20. 2 t csh
Redirectsandpipesfortcshandcsh(simple>and>>arethesameassh):
#c m d> &f i l e #c m d> > &f i l e #c m d 1|c m d 2 #c m d 1| &c m d 2 #R e d i r e c tb o t hs t d o u ta n ds t d e r rt of i l e . #A p p e n db o t hs t d o u ta n ds t d e r rt of i l e . #p i p es t d o u tt oc m d 2 #p i p es t d o u ta n ds t d e r rt oc m d 2
Thesettingsforcsh/tcsharesetin~ / . c s h r c ,reloadwith"source.cshrc".Examples:
#i n. c s h r c a l i a s l s ' l sa F ' a l i a s l l ' l sa F l s ' a l i a s l a ' l sa l l ' a l i a s . . ' c d. . ' a l i a s . . . ' c d. . / . . ' s e t p r o m p t =" % B % n % b @ % B % m % b % / >"#l i k eu s e r @ h o s t / p a t h / t o d i r > s e t h i s t o r y = 5 0 0 0 s e t s a v e h i s t =(6 0 0 0m e r g e) s e t a u t o l i s t #R e p o r tp o s s i b l ec o m p l e t i o n sw i t ht a b s e t v i s i b l e b e l l #D on o tb e e p ,i n v e r s ec o l o r s #B i n d k e ya n dc o l o r s b i n d k e ye S e l e c tE m a c sb i n d i n g s #U s ee m a c sk e y st oe d i tt h ec o m m a n dp r o m p t b i n d k e yku ph i s t o r y s e a r c h b a c k w a r d#U s eu pa n dd o w na r r o wt os e a r c h b i n d k e ykd o w nh i s t o r y s e a r c h f o r w a r d s e t e n vC L I C O L O R1 #U s ec o l o r s( i fp o s s i b l e ) s e t e n vL S C O L O R SE x G x F x d x C x D x D x B x B x E x E x
Theemacsmodeenablestousetheemacskeysshortcutstomodifythecommandpromptline.Thisis extremelyuseful(notonlyforemacsusers).Themostusedcommandsare: CaMovecursortobeginningofline CeMovecursortoendofline MbMovecursorbackoneword MfMovecursorforwardoneword MdCutthenextword CwCutthelastword CuCuteverythingbeforethecursor CkCuteverythingafterthecursor(restoftheline) CyPastethelastthingtobecut(simplypaste) C_Undo Note:C=holdcontrol,M=holdmeta(whichisusuallythealtorescapekey).
2 1 S C R I P T I NG
Basics|Scriptexample|awk|sed|RegularExpressions|usefulcommands The Bourne shell (/bin/sh) is present on all Unix installations and scripts written in this language are (quite)portablem a n1s h isagoodreference.
21. 1 Basics
Var iable sandar gume nts Assignwithvariable=valueandgetcontentwith$variable
M E S S A G E = " H e l l oW o r l d " P I = 3 . 1 4 1 5 N = 8 T W O N = ` e x p r$ N*2 ` T W O N = $ ( ( $ N*2 ) ) T W O P I = ` e c h o" $ P I*2 "|b cl ` Z E R O = ` e c h o" c ( $ P I / 4 ) s q r t ( 2 ) / 2 "|b cl ` #A s s i g nas t r i n g #A s s i g nad e c i m a ln u m b e r #A r i t h m e t i ce x p r e s s i o n( o n l yi n t e g e r s ) #O t h e rs y n t a x #U s eb cf o rf l o a t i n gp o i n to p e r a t i o n s
Thecommandlineargumentsare
$ 0 ,$ 1 ,$ 2 ,. . .
#$ 0i st h ec o m m a n di t s e l f
45/49
11/20/13
Unix Toolbox
$ # $ *
#T h en u m b e ro fa r g u m e n t s #A l la r g u m e n t s( a l s o$ @ )
Spe cialVar iable s

$ $ $ ? c o m m a n d i f[$ ?! =0] ;t h e n e c h o" c o m m a n df a i l e d " f i m y p a t h = ` p w d ` m y p a t h = $ { m y p a t h } / f i l e . t x t e c h o$ { m y p a t h # # * / } e c h o$ { m y p a t h % % . * } f o o = / t m p / m y . d i r / f i l e n a m e . t a r . g z p a t h=$ { f o o % / * } v a r 2 = $ { v a r : = s t r i n g } s i z e = $ ( s t a tc % s" $ f i l e " ) f i l e s i z e = $ { s i z e : = 1 } #T h ec u r r e n tp r o c e s sI D #e x i ts t a t u so fl a s tc o m m a n d
#D i s p l a yt h ef i l e n a m eo n l y #F u l lp a t hw i t h o u te x t e n t i o n #F u l lp a t hw i t h o u te x t e n t i o n #U s ev a ri fs e t ,o t h e r w i s eu s es t r i n g #a s s i g ns t r i n gt ov a ra n dt h e nt ov a r 2 . #g e tf i l es i z ei nb o u r n es c r i p t
Constr ucts
f o rf i l ei n` l s ` d o e c h o$ f i l e d o n e c o u n t = 0 w h i l e[$ c o u n tl t5] ;d o e c h o$ c o u n t s l e e p1 c o u n t = $ ( ( $ c o u n t+1 ) ) d o n e m y f u n c t i o n ( ){ f i n d.t y p efn a m e" * . $ 1 "p r i n t } m y f u n c t i o n" t x t " #$ 1i sf i r s ta r g u m e n to ft h ef u n c t i o n
Generateafile
M Y H O M E = / h o m e / c o l i n c a t>t e s t h o m e . s h< <_ E O F #A l lo ft h i sg o e si n t ot h ef i l et e s t h o m e . s h i f[d" $ M Y H O M E "];t h e n e c h o$ M Y H O M Ee x i s t s e l s e e c h o$ M Y H O M Ed o e sn o te x i s t f i _ E O F s ht e s t h o m e . s h
21. 2 Bour ne scr ipt example

Asasmallexample,thescriptusedtocreateaPDFbookletfromthisxhtmldocument:
# ! / b i n / s h #T h i ss c r i p tc r e a t e sab o o ki np d ff o r m a tr e a d yt op r i n to nad u p l e xp r i n t e r i f[$ #n e1] ;t h e n #C h e c kt h ea r g u m e n t e c h o1 > & 2" U s a g e :$ 0H t m l F i l e " e x i t1 #n o nz e r oe x i ti fe r r o r f i f i l e = $ 1 f n a m e = $ { f i l e % . * } f e x t = $ { f i l e # * . } #A s s i g nt h ef i l e n a m e #G e tt h en a m eo ft h ef i l eo n l y #G e tt h ee x t e n s i o no ft h ef i l e
p r i n c e$ f i l eo$ f n a m e . p d f #f r o mw w w . p r i n c e x m l . c o m p d f t o p sp a p e rA 4n o s h r i n k$ f n a m e . p d f$ f n a m e . p s#c r e a t ep o s t s c r i p tb o o k l e t c a t$ f n a m e . p s| p s b o o k | p s n u pP a 42| p s t o p sb" 2 : 0 , 1 U ( 2 1 c m , 2 9 . 7 c m ) ">$ f n a m e . b o o k . p s p s 2 p d f 1 3s P A P E R S I Z E = a 4s A u t o R o t a t e P a g e s = N o n e$ f n a m e . b o o k . p s$ f n a m e . b o o k . p d f #u s e# a 4a n d# N o n eo nW i n d o w s ! e x i t0 #e x i t0m e a n ss u c c e s s f u l
21. 3 Some awk commands

Awk is useful for field stripping, like cut in a more powerful way. Search this document for other examples.Seeforexamplegnulamp.comandonelinersforawkforsomeniceexamples.
a w k' {p r i n t$ 2 ,$ 1} 'f i l e #P r i n ta n di n v e r s ef i r s tt w oc o l u m n s
46/49
11/20/13
Unix Toolbox
a w k' { p r i n t f ( " % 5 d:% s \ n " ,N R , $ 0 ) } 'f i l e a w k' { p r i n tF N R" \ t "$ 0 } 'f i l e s a w kN Ft e s t . t x t a w k' l e n g t h>8 0 '
#A d dl i n en u m b e rl e f ta l i g n e d #A d dl i n en u m b e rr i g h ta l i g n e d #r e m o v eb l a n kl i n e s( s a m ea sg r e p' . ' ) #p r i n tl i n el o n g e rt h a n8 0c h a r )
21. 4 Some sed commands

Hereistheonelinergoldminehttp://student.northpark.edu/pemente/sed/sed1line.txt .Andagoodintroductionandtutorial tosedhttp://www.gry moire.com/Unix/Sed.html.
s e d' s / s t r i n g 1 / s t r i n g 2 / g ' s e di' s / w r o o n g / w r o n g / g '* . t x t s e d' s / \ ( . * \ ) 1 / \ 1 2 / g ' s e d' / / , / < \ / p > / d 't . x h t m l s e d' /* # / d ;/ ^* $ / d ' s e d' s / [\ t ] * $ / / ' s e d' s / ^ [\ t ] * / / ; s / [\ t ] * $ / / ' s e d' s / [ ^ * ] / [ & ] / ' s e d=f i l e|s e d' N ; s / \ n / \ t / '>f i l e . n u m #R e p l a c es t r i n g 1w i t hs t r i n g 2 #R e p l a c ear e c u r r i n gw o r dw i t hg #M o d i f ya n y s t r i n g 1t oa n y s t r i n g 2 #D e l e t el i n e st h a ts t a r tw i t h #a n de n dw i t h #R e m o v ec o m m e n t sa n db l a n kl i n e s #R e m o v et r a i l i n gs p a c e s( u s et a ba s\ t ) #R e m o v el e a d i n ga n dt r a i l i n gs p a c e s #E n c l o s ef i r s tc h a rw i t h[ ]t o p > [ t ] o p #N u m b e rl i n e so naf i l e
21. 5 Regular Expr essions

Some basic regular expression useful for sed too. See Basic Regex Syntaxhttp://www.regular expressions.inf o/ref erence.html foragoodprimer.
[ \ ^ $ . | ? * + ( ) \ * . . * ^ $ . $ ^$ [ ^ A Z ] #s p e c i a lc h a r a c t e r sa n yo t h e rw i l lm a t c ht h e m s e l v e s #e s c a p e ss p e c i a lc h a r a c t e r sa n dt r e a ta sl i t e r a l #r e p e a tt h ep r e v i o u si t e mz e r oo rm o r et i m e s #s i n g l ec h a r a c t e re x c e p tl i n eb r e a kc h a r a c t e r s #m a t c hz e r oo rm o r ec h a r a c t e r s #m a t c ha tt h es t a r to fal i n e / s t r i n g #m a t c ha tt h ee n do fal i n e / s t r i n g #m a t c has i n g l ec h a r a c t e ra tt h ee n do fl i n e / s t r i n g #m a t c hl i n ew i t has i n g l es p a c e #m a t c ha n yl i n eb e g i n n i n gw i t ha n yc h a rf r o mAt oZ
21. 6 Some useful commands

Thefollowingcommandsareusefultoincludeinascriptorasoneliners.
s o r tt .k 1 , 1 nk 2 , 2 nk 3 , 3 nk 4 , 4 n #S o r tI P v 4i pa d d r e s s e s e c h o' T e s t '|t r' [ : l o w e r : ] '' [ : u p p e r : ] ' #C a s ec o n v e r s i o n e c h of o o . b a r|c u td.f1 #R e t u r n sf o o P I D = $ ( p s|g r e ps c r i p t . s h|g r e pb i n|a w k' { p r i n t$ 1 } ' ) #P I Do far u n n i n gs c r i p t P I D = $ ( p sa x w w|g r e p[ p ] i n g|a w k' { p r i n t$ 1 } ' ) #P I Do fp i n g( w / og r e pp i d ) I P = $ ( i f c o n f i g$ I N T E R F A C E|s e d' / . * i n e ta d d r : / ! d ; s / / / ; s /. * / / ' ) #L i n u x I P = $ ( i f c o n f i g$ I N T E R F A C E|s e d' / . * i n e t/ ! d ; s / / / ; s /. * / / ' ) #F r e e B S D i f[` d i f ff i l e 1f i l e 2|w cl `! =0] ;t h e n[ . . . ]f i #F i l ec h a n g e d ? c a t/ e t c / m a s t e r . p a s s w d|g r e pvr o o t|g r e pv\ * :|a w kF " : "\#C r e a t eh t t pp a s s w d ' {p r i n t f ( " % s : % s \ n " ,$ 1 ,$ 2 )} '>/ u s r / l o c a l / e t c / a p a c h e 2 / p a s s w d t e s t u s e r = $ ( c a t/ u s r / l o c a l / e t c / a p a c h e 2 / p a s s w d|g r e pv\ #C h e c ku s e ri np a s s w d r o o t|g r e pv\ * :|a w kF " : "' {p r i n t f ( " % s \ n " ,$ 1 )} '|g r e p^ u s e r $ ) : ( ) {: | : &} ; : #b a s hf o r kb o m b .W i l lk i l ly o u rm a c h i n e t a i l+ 2f i l e>f i l e 2 #r e m o v et h ef i r s tl i n ef r o mf i l e
Iusethislittletricktochangethefileextensionformanyfilesatonce.Forexamplefrom.cxxto.cpp. Testitfirstwithoutthe | s h attheend.Youcanalsodothiswiththecommand r e n a m e if installed. Or withbashbuiltins.

#l s* . c x x|a w kF .' { p r i n t" m v" $ 0 "" $ 1 " . c p p " } '|s h #l s* . c|s e d" s / . * / c p&& . $ ( d a t e" + % Y % m % d " ) / "|s h#e . g .c o p y* . ct o* . c . 2 0 0 8 0 4 0 1 #r e n a m e. c x x. c p p* . c x x #R e n a m ea l l. c x xt oc p p #f o rii n* . c x x ;d om v$ i$ { i % % . c x x } . c p p ;d o n e #w i t hb a s hb u i l t i n s
2 2 P R O G R A M M I NG
22. 1 C basics
s t r c p y ( n e w s t r , s t r ) e x p r 1?e x p r 2:e x p r 3 x=( y>z )?y:z ; i n ta [ ] = { 0 , 1 , 2 } ; i n ta [ 2 ] [ 3 ] = { { 1 , 2 , 3 } , { 4 , 5 , 6 } } ; i n ti=1 2 3 4 5 ; c h a rs t r [ 1 0 ] ; s p r i n t f ( s t r ," % d " ,i ) ; / *c o p ys t rt on e w s t r* / / *i f( e x p r 1 )e x p r 2e l s ee x p r 3* / / *i f( y>z )x=y ;e l s ex=z ;* / / *I n i t i a l i z e da r r a y( o ra [ 3 ] = { 0 , 1 , 2 } ;* / / *A r r a yo fa r r a yo fi n t s* / / *C o n v e r ti nit oc h a rs t r* /
47/49
11/20/13
Unix Toolbox
22. 2 C example
Aminimalcprogramsimple.c:
# i n c l u d e< s t d i o . h > m a i n ( ){ i n tn u m b e r = 4 2 ; p r i n t f ( " T h ea n s w e ri s% i \ n " ,n u m b e r ) ; }
Compilewith:
#g c cs i m p l e . cos i m p l e #. / s i m p l e T h ea n s w e ri s4 2
22. 3 C+ + basics
* p o i n t e r & o b j o b j . x p o b j > x / /O b j e c tp o i n t e dt ob yp o i n t e r / /A d d r e s so fo b j e c to b j / /M e m b e rxo fc l a s so b j( o b j e c to b j ) / /M e m b e rxo fc l a s sp o i n t e dt ob yp o b j / /( * p o b j ) . xa n dp o b j > xa r et h es a m e
22. 4 C+ + example
As a slightly more realistic program in C++: a class in its own header (IPv4.h) and implementation (IPv4.cpp) and a program which uses the class functionality. The class converts an IP address in integerformattotheknownquadformat. IPv 4class IPv4.h:
# i f n d e fI P V 4 _ H # d e f i n eI P V 4 _ H # i n c l u d e< s t r i n g > n a m e s p a c eG e n e r i c U t i l s{ / /c r e a t ean a m e s p a c e c l a s sI P v 4{ / /c l a s sd e f i n i t i o n p u b l i c : I P v 4 ( ) ;~ I P v 4 ( ) ; s t d : : s t r i n gI P i n t _ t o _ I P q u a d ( u n s i g n e dl o n gi p ) ; / /m e m b e ri n t e r f a c e } ; }/ / n a m e s p a c eG e n e r i c U t i l s # e n d i f/ /I P V 4 _ H
IPv4.cpp:
# i n c l u d e" I P v 4 . h " # i n c l u d e< s t r i n g > # i n c l u d e< s s t r e a m > u s i n gn a m e s p a c es t d ; u s i n gn a m e s p a c eG e n e r i c U t i l s ; I P v 4 : : I P v 4 ( ){ } I P v 4 : : ~ I P v 4 ( ){ } s t r i n gI P v 4 : : I P i n t _ t o _ I P q u a d ( u n s i g n e dl o n gi p ){ o s t r i n g s t r e a mi p s t r ; i p s t r< <( ( i p& 0 x f f 0 0 0 0 0 0 )> >2 4 ) < <" . "< <( ( i p& 0 x 0 0 f f 0 0 0 0 )> >1 6 ) < <" . "< <( ( i p& 0 x 0 0 0 0 f f 0 0 )> >8 ) < <" . "< <( ( i p& 0 x 0 0 0 0 0 0 f f ) ) ; r e t u r ni p s t r . s t r ( ) ; }
/ /u s et h en a m e s p a c e s / /d e f a u l tc o n s t r u c t o r / d e s t r u c t o r / /m e m b e ri m p l e m e n t a t i o n / /u s eas t r i n g s t r e a m / /B i t w i s er i g h ts h i f t
The pr ogr amsimple cpp.cpp

# i n c l u d e" I P v 4 . h " # i n c l u d e # i n c l u d e< s t r i n g > u s i n gn a m e s p a c es t d ; i n tm a i n( i n ta r g c ,c h a r *a r g v [ ] ){ s t r i n gi p s t r ; u n s i g n e dl o n gi p i n t=1 3 4 7 8 6 1 4 8 6 ; G e n e r i c U t i l s : : I P v 4i p u t i l s ; i p s t r=i p u t i l s . I P i n t _ t o _ I P q u a d ( i p i n t ) ; c o u t< <i p i n t< <"="< <i p s t r< <e n d l ; } r e t u r n0 ;
/ /d e f i n ev a r i a b l e s / /T h eI Pi ni n t e g e rf o r m / /c r e a t ea no b j e c to ft h ec l a s s / /c a l lt h ec l a s sm e m b e r / /p r i n tt h er e s u l t
48/49
11/20/13
Unix Toolbox
Compileandexecutewith:
#g + +cI P v 4 . c p ps i m p l e c p p . c p p #g + +I P v 4 . os i m p l e c p p . oos i m p l e c p p . e x e #. / s i m p l e c p p . e x e 1 3 4 7 8 6 1 4 8 6=8 0 . 8 6 . 1 8 7 . 2 3 8 #C o m p i l ei no b j e c t s #L i n kt h eo b j e c t st of i n a le x e c u t a b l e
Usel d d tocheckwhichlibrariesareusedbytheexecutableandwheretheyarelocated.Alsousedto checkifasharedlibraryismissingoriftheexecutableisstatic.

#l d d/ s b i n / i f c o n f i g #a rr c ss t a t i c l i b . a* . o #a rts t a t i c l i b . a #a rx/ u s r / l i b / l i b c . av e r s i o n . o #n mv e r s i o n . o #l i s td y n a m i co b j e c td e p e n d e n c i e s #c r e a t es t a t i ca r c h i v e #p r i n tt h eo b j e c t sl i s tf r o mt h ea r c h i v e #e x t r a c ta no b j e c tf i l ef r o mt h ea r c h i v e #s h o wf u n c t i o nm e m b e r sp r o v i d e db yo b j e c t
22. 5 Simple Makefile

The minimal Makefile for the multisource program is shown below. The lines with instructions must beginwithatab!Thebackslash"\"canbeusedtocutlonglines.
C C=g + + C F L A G S=O O B J S=I P v 4 . os i m p l e c p p . o s i m p l e c p p :$ { O B J S } $ { C C }os i m p l e c p p$ { C F L A G S }$ { O B J S } c l e a n : r mf$ { T A R G E T }$ { O B J S }
2 3 O NL I NE HE L P
23. 1 Document at ion
LinuxDocumentation en.tldp.org LinuxManPages www.linuxmanpages.com Linuxcommandsdirectory www.oreillynet.com/linux/cmd Linuxdocmanhowtos linux.die.net FreeBSDHandbook www.freebsd.org/handbook FreeBSDManPages www.freebsd.org/cgi/man.cgi FreeBSDuserwiki www.freebsdwiki.net SolarisManPages docs.sun.com/app/docs/coll/40.10
23. 2 Ot her Unix/ Linux r efer ences

RosettaStoneforUnix bhami.com/rosetta.html(aUnixcommandtranslator) Unixguidecrossreference unixguide.net/unixguide.shtml Linuxcommandslinelist www.linuxcmd.org ShortLinuxreference www.pixelbeat.org/cmdline.html Littlecommandlinegoodies www.shellfu.org UnixToolboxrevision14.4 Thelatestversionofthisdocumentcanbefoundathttp://cb.vu/unixtoolbox.xhtml.Replace.xhtmlonthe link with .pdf for the PDF version and with .book.pdf for the booklet version. On a duplex printer the bookletwillcreateasmallbookreadytobind.Seealsotheaboutpage. Thisdocument:"UnixToolboxrevision14.4"islicensedunderaCreativeCommonsLicence[Attribution That'sallfolks! Errorreportsandcommentsaremostwelcomec@cb.vuColinBarschel. ShareAlike].ColinBarschel20072012.Somerightsreserved.
49/49

Unix Toolbox

Caricato da

Informazioni sul documento

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Unix Toolbox

Caricato da

Copyright:

Formati disponibili

11/20/13

1. 1 Har dwar e Infor mat ions

1. 2 Load, st at ist ics and messages

Theu l i m i t commandcanbeusedinascripttochangethelimitsforthescriptonly. Peruser/process Loginusersandapplicationscanbeconfiguredin/ e t c / s e c u r i t y / l i m i t s . c o n f .Forexample:

0Shutdownandhalt 1SingleUsermode(alsoS) 2Multiuserwithoutnetwork 3Multiuserwithnetwork 5MultiuserwithX 6Reboot Usec h k c o n f i g toconfiguretheprogramsthatwillbestartedatbootinarunlevel.

n e ts t o pW S e a r c h n e ts t a r tW S e a r c h n e ts t o p" W i n d o w sS e a r c h " n e ts t a r t" W i n d o w sS e a r c h "

1. 6 Reset r oot passwor d

Fr e e BSDme thod1 OnFreeBSD,bootinsingleusermode,remount/rwandusepasswd.Youcanselectthesingleuser modeonthebootmenu(option4)whichisdisplayedfor10secondsatstartup.Thesingleusermode willgiveyouarootshellonthe/partition.

1. 7 Ker nel modules

1. 8 Compile Ker nel

Fr e e BSD Optionallyupdatethesourcetree(in/ u s r / s r c )withcsup(asofFreeBSD6.2orlater):

2. 1 List ing and PIDs

Howevermoretypicalusageiswithapipeorwithp g r e p (forOSXinstallp r o c t o o l s fromMacPorts):

Changethepriorityofarunningprocesswithr e n i c e .Negativenumbershaveahigherpriority,the lowestis20and"nice"haveapositivevalue.

WhilenicechangestheCPUscheduler,anotherusefulcommandi o n i c e willschedulethediskIO.This isveryusefulforintensiveIOapplication(e.g.compiling).Youcanselectaclass(idlebesteffortreal time),themanpageisshortandwellexplained.

Thelastcommandisveryusefultocompile(ordebug)alargeproject.Everycommandlaunchedfrom thisshellwillhavealoverpriority.$ $ isyourshellpid(tryecho$$). FreeBSDusesi d p r i o / r t p r i o (0=maxpriority,31=mostidle):

2. 3 Backgr ound/ For egr ound

Nostraightforwardwaytoreattachtheprocesstoanewterminal,tryreptyr(Linux). Usen o h u p tostartaprocesswhichhastokeeprunningwhentheshellisclosed(immunetohangups).

1H U P (hangup) 2I N T (interrupt) 3Q U I T (quit) 9K I L L (noncatchable,nonignorablekill) 15T E R M (softwareterminationsignal)

3. 2 Disk infor mat ion

3. 4 Syst em mount point s/ Disk usage

3. 5 W ho has which files opened

Linux Findopenedfilesonamountpointwithf u s e r orl s o f :

3. 6 Mount / r emount a file syst em

MountaFreeBSDpartitionwithLinux Findthepartitionnumbercontainingwithfdisk,thisisusuallytherootpartition,butitcouldbeanother BSDslicetoo.IftheFreeBSDhasmanyslices,theyaretheonenotlistedinthefdisktable,butvisible in/dev/sda*or/dev/hda*.

Vir tualbox Allowashareonthehost:

3. 7 Add swap on t he fly

3. 8 Mount an SMB shar e

#m d c o n f i gatv n o d eff i l e . i s ou0 #m o u n ttc d 9 6 6 0/ d e v / m d 0/ m n t #u m o u n t/ m n t ;m d c o n f i gdu0

Solar isandFr e e BSD withloopbackfileinterfaceorlofi:

3. 10 Cr eat e and bur n an ISO image

OnFreeBSD,mkisofsisfoundintheportsinsysutils/cdrtools. Bur naCD/DVDISOimage FreeBSD FreeBSDdoesnotenableDMAonATAPIdrivesbydefault.DMAisenabledwiththesysctlcommand andtheargumentsbelow,orwith/boot/loader.confwiththefollowingentries:

Useb u r n c d withanATAPIdevice(b u r n c d ispartofthebasesystem)and c d r e c o r d (insysutils/cdrtools) withaSCSIdrive.

Conv e r taNe r o.nr gfile to.iso Nerosimplyaddsa300Kbheadertoanormalisoimage.Thiscanbetrimmedwithdd.

3. 11 Cr eat e a file based image

Linuxwithlose tup / d e v / z e r o ismuchfasterthanu r a n d o m ,butlesssecureforencryption.

3. 12 Cr eat e a memor y file syst em

3. 13 Disk per for mance

4. 1 Debugging ( See also Tr affic analysis)

Addandde le te ar oute FreeBSD

4. 3 Configur e addit ional IP addr esses

4. 4 Change MAC addr ess

4. 7 IP For war d for r out ing

4. 8 NAT Net wor k Addr ess Tr anslat ion

Windows OnWindowstheDNSareconfiguredperinterface.TodisplaytheconfiguredDNSandtoflushtheDNS cacheuse:

OnWindowsusewindumpfromwww.winpcap.org.UsewindumpDtolisttheinterfaces. Scanwithnmap Nmaphttp://insecure.org/nmap/ isaportscannerwithOSdetection,itisusuallyinstalledonmostdistributions andisalsoavailableforWindows.Ifyoudon'tscanyourservers,hackersdoitforyou...

4. 12 Tr affic cont r ol ( QoS)

FreeBSD FreeBSDusesthed u m m y n e t trafficshaperwhichisconfiguredwithipfw.Pipesareusedtosetlimitsthe bandwidthinunitsof[K|M]{bit/s|Byte/s},0meansunlimitedbandwidth.Usingthesamepipenumberwill reconfigureit.Forexamplelimittheuploadbandwidthto500Kbit.

FreeBSD Themaxlinkbandwidthis500Kbit/sandwedefine3queueswithpriority100:10:1forVoIP:ssh:allthe rest.

Othe r hacks Speciallyhere,youmustknowwhatyouaredoing. Remoteshell OptioneonlyontheWindowsversion?Orusenc1.10.

5. 1 Public key aut hent icat ion

thepublickey. Copyonlythepublickeytotheserverandappendittothefile~ / . s s h / a u t h o r i z e d _ k e y s 2 onyour homeontheserver.

5. 2 Check finger pr int

5. 3 Secur e file t r ansfer

Ne tbiosandr e mote de sktopfor war dtoase condse r v e r LetsayaWindowssmbserverisbehindthegateandisnotrunningssh.Weneedaccesstothesmb shareandalsoremotedesktoptotheserver.

Nowtheadmincanconnectdirectlytotheclientcliuserwith: Conne cttoVNCbe hindNAT SupposeaWindowsclientwithVNClisteningonport5900hastobeaccessedfrombehindNAT.On clientcliwintogate:

6. 1 Single P2P connect ion

Configur e the clie nt Commandsexecutedontheclient:

6. 2 Connect t wo net wor ks

Configur e gate A CommandsexecutedongateA: gateAisonLinux

ThetwoprivatenetworksarenowtransparentlyconnectedviatheSSHVPN.TheIPforwardandNAT settingsareonlynecessaryifthegatesarenotthedefaultgateways.Inthiscasetheclientswouldnot knowwheretoforwardtheresponse,andnatmustbeactivated.

u s e r s oneormoreusersor%group(like%wheel)togaintherights h o s t s listofhosts(orALL) r u n a s listofusers(orALL)thatthecommandrulecanberunas.Itisenclosedin()! c o m m a n d s listofcommands(orALL)thatwillberunasrootoras(runas)

Notethatthefilecanofcoursebeatararchive. tar ande ncr yptawhole dir e ctor y

tar zipande ncr yptawhole dir e ctor y

MountaFreeBSDpartitionwithLinux Findthepartitionnumbercontainingwithfdisk,thisisusuallytherootpartition,butitcouldbeanother BSDslicetoo.IftheFreeBSDhasmanyslices,theyaretheonenotlistedinthefdisktable,butvisible in/dev/sdaor/dev/hda.