Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Unix Toolbox
UNIX T OOLBOX
ThisdocumentisacollectionofUnix/Linux/BSDcommandsandtaskswhichareusefulforITworkorfor advancedusers.Thisisapracticalguidewithconciseexplanations,howeverthereaderissupposedto knowwhats/heisdoing.
1. System 2. Processes 3. FileSystem 4. Network 5. SSHSCP 6. VPNwithSSH 7. RSYNC 8. SUDO 9. EncryptFiles 10. EncryptPartitions 11. SSLCertificates 12. CVS 13. SVN 14. UsefulCommands 15. InstallSoftware 16. ConvertMedia 17. Printing 18. Databases 19. DiskQuota 20. Shells 21. Scripting 22. Programming 23. OnlineHelp
cb.vu/unixtoolbox.xhtml#loadstats
1/49
11/20/13
Unix Toolbox
1 S YS T E M
Hardware|Statistics|Users|Limits|Runlevels|rootpassword|Compilekernel|Repairgrub|Misc Runningkernelandsysteminformation
#u n a m ea #l s b _ r e l e a s ea #c a t/ e t c / S u S E r e l e a s e #c a t/ e t c / d e b i a n _ v e r s i o n #G e tt h ek e r n e lv e r s i o n( a n dB S Dv e r s i o n ) #F u l lr e l e a s ei n f oo fa n yL S Bd i s t r i b u t i o n #G e tS u S Ev e r s i o n #G e tD e b i a nv e r s i o n
Use/etc/D I S T R releasewith D I S T R = lsb (Ubuntu), redhat, gentoo, mandrake, sun (Solaris), and so on. Seealso/ e t c / i s s u e .
#u p t i m e #h o s t n a m e #h o s t n a m ei #m a nh i e r #l a s tr e b o o t #S h o wh o wl o n gt h es y s t e mh a sb e e nr u n n i n g+l o a d #s y s t e m ' sh o s tn a m e #D i s p l a yt h eI Pa d d r e s so ft h eh o s t .( L i n u xo n l y ) #D e s c r i p t i o no ft h ef i l es y s t e mh i e r a r c h y #S h o ws y s t e mr e b o o th i s t o r y
Linux
#c a t/ p r o c / c p u i n f o #c a t/ p r o c / m e m i n f o #g r e pM e m T o t a l/ p r o c / m e m i n f o #w a t c hn 1' c a t/ p r o c / i n t e r r u p t s ' #f r e em #c a t/ p r o c / d e v i c e s #l s p c it v #l s u s bt v #l s h a l #d m i d e c o d e #C P Um o d e l #H a r d w a r em e m o r y #D i s p l a yt h ep h y s i c a lm e m o r y #W a t c hc h a n g e a b l ei n t e r r u p t sc o n t i n u o u s l y #U s e da n df r e em e m o r y( mf o rM B ) #C o n f i g u r e dd e v i c e s #S h o wP C Id e v i c e s #S h o wU S Bd e v i c e s #S h o wal i s to fa l ld e v i c e sw i t ht h e i rp r o p e r t i e s #S h o wD M I / S M B I O S :h wi n f of r o mt h eB I O S
Fr e e BSD
#s y s c t lh w . m o d e l #s y s c t lh w #s y s c t lh w . n c p u #s y s c t lv m #s y s c t lh w . r e a l m e m #s y s c t la|g r e pm e m #s y s c t ld e v #p c i c o n flc v #u s b d e v sv #a t a c o n t r o ll i s t #c a m c o n t r o ld e v l i s tv #C P Um o d e l #G i v e sal o to fh a r d w a r ei n f o r m a t i o n #n u m b e ro fa c t i v eC P U si n s t a l l e d #M e m o r yu s a g e #H a r d w a r em e m o r y #K e r n e lm e m o r ys e t t i n g sa n di n f o #C o n f i g u r e dd e v i c e s #S h o wP C Id e v i c e s #S h o wU S Bd e v i c e s #S h o wA T Ad e v i c e s #S h o wS C S Id e v i c e s
1. 3 User s
#i d #S h o wt h ea c t i v eu s e ri dw i t hl o g i na n dg r o u p #l a s t #S h o wl a s tl o g i n so nt h es y s t e m #w h o #S h o ww h oi sl o g g e do nt h es y s t e m #g r o u p a d da d m i n #A d dg r o u p" a d m i n "a n du s e rc o l i n( L i n u x / S o l a r i s ) #u s e r a d dc" C o l i nB a r s c h e l "ga d m i nmc o l i n #u s e r m o daG< g r o u p >< u s e r > #A d de x i s t i n gu s e rt og r o u p( D e b i a n ) #g r o u p m o dA< u s e r >< g r o u p > #A d de x i s t i n gu s e rt og r o u p( S u S E ) #u s e r d e lc o l i n #D e l e t eu s e rc o l i n( L i n u x / S o l a r i s )
cb.vu/unixtoolbox.xhtml#loadstats 2/49
11/20/13
Unix Toolbox
Encrypted passwords are stored in /etc/shadow for Linux and Solaris and /etc/master.passwd on FreeBSD. If the master.passwd is modified manually (say to delete a password), run # p w d _ m k d bp m a s t e r . p a s s w d torebuildthedatabase. Totemporarilypreventloginssystemwide(forallusersbutroot)usenologin.Themessageinnologin willbedisplayed(mightnotworkwithsshpresharedkeys).
#e c h o" S o r r yn ol o g i nn o w ">/ e t c / n o l o g i n #e c h o" S o r r yn ol o g i nn o w ">/ v a r / r u n / n o l o g i n #( L i n u x ) #( F r e e B S D )
1. 4 Limit s
Some application require higher limits on open files and sockets (like a proxy web server, database). Thedefaultlimitsareusuallytoolow. Linux Pershell/script Theshelllimitsaregovernedby u l i m i t .Thestatusischeckedwith u l i m i ta .Forexampletochange theopenfileslimitfrom1024to10240do:
#u l i m i tn1 0 2 4 0 #T h i si so n l yv a l i dw i t h i nt h es h e l l
Systemwide Kernellimitsaresetwithsysctl.Permanentlimitsaresetin/ e t c / s y s c t l . c o n f .
#s y s c t la #V i e wa l ls y s t e ml i m i t s #s y s c t lf s . f i l e m a x #V i e wm a xo p e nf i l e sl i m i t #s y s c t lf s . f i l e m a x = 1 0 2 4 0 0 #C h a n g em a xo p e nf i l e sl i m i t #e c h o" 1 0 2 45 0 0 0 0 ">/ p r o c / s y s / n e t / i p v 4 / i p _ l o c a l _ p o r t _ r a n g e #p o r tr a n g e #c a t/ e t c / s y s c t l . c o n f f s . f i l e m a x = 1 0 2 4 0 0 #P e r m a n e n te n t r yi ns y s c t l . c o n f #c a t/ p r o c / s y s / f s / f i l e n r #H o wm a n yf i l ed e s c r i p t o r sa r ei nu s e
Fr e e BSD Pershell/script Usethecommandl i m i t s incshortcshorasinLinux,useu l i m i t inanshorbashshell. Peruser/process Thedefaultlimitsonloginaresetin / e t c / l o g i n . c o n f . An unlimited value is still limited by the system maximalvalue. Systemwide Kernel limits are also set with sysctl. Permanent limits are set in / e t c / s y s c t l . c o n f or / b o o t / l o a d e r . c o n f .ThesyntaxisthesameasLinuxbutthekeysaredifferent.
#s y s c t la #V i e wa l ls y s t e ml i m i t s #s y s c t lk e r n . m a x f i l e s = X X X X #m a x i m u mn u m b e ro ff i l ed e s c r i p t o r s k e r n . i p c . n m b c l u s t e r s = 3 2 7 6 8 #P e r m a n e n te n t r yi n/ e t c / s y s c t l . c o n f k e r n . m a x f i l e s = 6 5 5 3 6 #T y p i c a lv a l u e sf o rS q u i d k e r n . m a x f i l e s p e r p r o c = 3 2 7 6 8 k e r n . i p c . s o m a x c o n n = 8 1 9 2 #T C Pq u e u e .B e t t e rf o ra p a c h e / s e n d m a i l #s y s c t lk e r n . o p e n f i l e s #H o wm a n yf i l ed e s c r i p t o r sa r ei nu s e #s y s c t lk e r n . i p c . n u m o p e n s o c k e t s #H o wm a n yo p e ns o c k e t sa r ei nu s e #s y s c t ln e t . i n e t . i p . p o r t r a n g e . l a s t = 5 0 0 0 0#D e f a u l ti s1 0 2 4 5 0 0 0 #n e t s t a tm #n e t w o r km e m o r yb u f f e r ss t a t i s t i c s
cb.vu/unixtoolbox.xhtml#loadstats
3/49
11/20/13
Unix Toolbox
See The FreeBSD handbook Chapter 11http://www.f reebsd.org/handbook/conf igtuningkernellimits.html for details. And alsoFreeBSDperformancetuninghttp://serv erf ault.com/questions/64356/f reebsdperf ormancetuningsy sctlsloaderconf kernel Solar is Thefollowingvaluesin/ e t c / s y s t e m willincreasethemaximumfiledescriptorsperproc:
s e tr l i m _ f d _ m a x=4 0 9 6 s e tr l i m _ f d _ c u r=1 0 2 4 #H a r dl i m i to nf i l ed e s c r i p t o r sf o ras i n g l ep r o c #S o f tl i m i to nf i l ed e s c r i p t o r sf o ras i n g l ep r o c
1. 5 Runlevels
Linux Oncebooted,thekernelstartsi n i t whichthenstartsr c whichstartsallscriptsbelongingtoarunlevel. Thescriptsarestoredin/etc/init.dandarelinkedinto/etc/rc.d/rcN.dwithNtherunlevelnumber. Thedefaultrunlevelisconfiguredin/etc/inittab.Itisusually3or5:
#g r e pd e f a u l t :/ e t c / i n i t t a b i d : 3 : i n i t d e f a u l t :
Theactualrunlevelcanbechangedwithi n i t .Forexampletogofrom3to5:
#i n i t5 #E n t e r sr u n l e v e l5
Debian and Debian based distributions like Ubuntu or Knoppix use the command u p d a t e r c . d to managetherunlevelsscripts.Defaultistostartin2,3,4and5andshutdownin0,1and6.
#u p d a t e r c . ds s h dd e f a u l t s #A c t i v a t es s h dw i t ht h ed e f a u l tr u n l e v e l s #u p d a t e r c . ds s h ds t a r t2 02345.s t o p2 0016. #W i t he x p l i c i ta r g u m e n t s #u p d a t e r c . dfs s h dr e m o v e #D i s a b l es s h df o ra l lr u n l e v e l s #s h u t d o w nhn o w( o r#p o w e r o f f ) #S h u t d o w na n dh a l tt h es y s t e m
Fr e e BSD TheBSDbootapproachisdifferentfromtheSysV,therearenorunlevels.Thefinalbootstate(single user, with or without X) is configured in / e t c / t t y s . All OS scripts are located in / e t c / r c . d / and in / u s r / l o c a l / e t c / r c . d / for thirdparty applications. The activation of the service is configured in / e t c / r c . c o n f and / e t c / r c . c o n f . l o c a l . The default behavior is configured in / e t c / d e f a u l t s / r c . c o n f . Thescriptsrespondsatleasttostart|stop|status.
#/ e t c / r c . d / s s h ds t a t u s s s h di sr u n n i n ga sp i d5 5 2 . #s h u t d o w nn o w #e x i t #s h u t d o w npn o w #s h u t d o w nrn o w #G oi n t os i n g l e u s e rm o d e #G ob a c kt om u l t i u s e rm o d e #S h u t d o w na n dh a l tt h es y s t e m #R e b o o t
Theprocessi n i t canalsobeusedtoreachoneofthefollowingstateslevel.Forexample# i n i t6 for reboot. 0Haltandturnthepoweroff(signalU S R 2 ) 1Gotosingleusermode(signalT E R M ) 6Rebootthemachine(signalI N T ) cBlockfurtherlogins(signalT S T P ) qRescanthettys(5)file(signalH U P ) Windows Startandstopaservicewitheitherthe s e r v i c en a m e or" s e r v i c ed e s c r i p t i o n " (shownintheServices ControlPanel)asfollows:
cb.vu/unixtoolbox.xhtml#loadstats 4/49
11/20/13
Unix Toolbox
#s t a r ts e a r c hs e r v i c e #s a m ea sa b o v eu s i n gd e s c r .
The kernel will mount the root partition and i n i t will start the bourne shell instead of r c and then a runlevel.Usethecommand p a s s w d attheprompttochangethepasswordandthenreboot.Forgetthe singleusermodeasyouneedthepasswordforthat. If,afterbooting,therootpartitionismountedreadonly,remountitrw:
#m o u n tor e m o u n t , r w/ #p a s s w d #s y n c ;m o u n tor e m o u n t , r o/ #r e b o o t #o rd e l e t et h er o o tp a s s w o r d( / e t c / s h a d o w ) #s y n cb e f o r et or e m o u n tr e a do n l y
Unixe sandFr e e BSDandLinuxme thod2 Other Unixes might not let you go away with the simple init trick. The solution is to mount the root partitionfromanotherOS(likearescueCD)andchangethepasswordonthedisk. BootaliveCDorinstallationCDintoarescuemodewhichwillgiveyouashell. Findtherootpartitionwithfdiske.g.fdisk/dev/sda Mountitandusechroot:
#m o u n tor w/ d e v / a d 4 s 3 a/ m n t #c h r o o t/ m n t #p a s s w d #r e b o o t #c h r o o ti n t o/ m n t
Fr e e BSD
#k l d s t a t #k l d l o a dc r y p t o #L i s ta l lm o d u l e sl o a d e di nt h ek e r n e l #T ol o a dam o d u l e( h e r ec r y p t o )
11/20/13
Unix Toolbox
Iusethefollowingsupfile:
* d e f a u l th o s t = c v s u p 5 . F r e e B S D . o r g #w w w . f r e e b s d . o r g / h a n d b o o k / c v s u p . h t m l # C V S U P M I R R O R S * d e f a u l tp r e f i x = / u s r * d e f a u l tb a s e = / v a r / d b * d e f a u l tr e l e a s e = c v sd e l e t et a g = R E L E N G _ 7 s r c a l l
To modify and rebuild the kernel, copy the generic configuration file to a new name and edit it as needed(youcanalsoeditthefile G E N E R I C directly).Torestartthebuildafteraninterruption,addthe optionN O _ C L E A N = Y E S tothemakecommandtoavoidcleaningtheobjectsalreadybuild.
#c d/ u s r / s r c / s y s / i 3 8 6 / c o n f / #c pG E N E R I CM Y K E R N E L #c d/ u s r / s r c #m a k eb u i l d k e r n e lK E R N C O N F = M Y K E R N E L #m a k ei n s t a l l k e r n e lK E R N C O N F = M Y K E R N E L
TorebuildthefullOS:
#m a k eb u i l d w o r l d #m a k eb u i l d k e r n e l #m a k ei n s t a l l k e r n e l #r e b o o t #m e r g e m a s t e rp #m a k ei n s t a l l w o r l d #m e r g e m a s t e riU #r e b o o t #B u i l dt h ef u l lO Sb u tn o tt h ek e r n e l #U s eK E R N C O N Fa sa b o v ei fa p p r o p r i a t e #C o m p a r e so n l yf i l e sk n o w nt ob ee s s e n t i a l #U p d a t ea l lc o n f i g u r a t i o n sa n do t h e rf i l e s
ForsmallchangesinthesourceyoucanuseNO_CLEAN=yestoavoidrebuildingthewholetree.
#m a k eb u i l d w o r l dN O _ C L E A N = y e s #D o n ' td e l e t et h eo l do b j e c t s #m a k eb u i l d k e r n e lK E R N C O N F = M Y K E R N E LN O _ C L E A N = y e s
1. 9 Repair gr ub
Soyoubrokegrub?Bootfromalivecd,[findyourlinuxpartitionunder / d e v anduse f d i s k tofindthe linux partion] mount the linux partition, add /proc and /dev and use g r u b i n s t a l l/ d e v / x y z . Suppose linuxlieson/ d e v / s d a 6 :
#m o u n t/ d e v / s d a 6/ m n t #m o u n tb i n d/ p r o c/ m n t / p r o c #m o u n tb i n d/ d e v/ m n t / d e v #c h r o o t/ m n t #g r u b i n s t a l l/ d e v / s d a #m o u n tt h el i n u xp a r t i t i o no n/ m n t #m o u n tt h ep r o cs u b s y s t e mi n t o/ m n t #m o u n tt h ed e v i c e si n t o/ m n t #c h a n g er o o tt ot h el i n u xp a r t i t i o n #r e i n s t a l lg r u bw i t hy o u ro l ds e t t i n g s
1. 10 Misc
DisableOSXvirtualmemory(repeatwithl o a d toreenable).Fastersystem,butalittlerisky.
#s u d ol a u n c h c t lu n l o a dw/ S y s t e m / L i b r a r y / L a u n c h D a e m o n s / c o m . a p p l e . d y n a m i c _ p a g e r . p l i s t #s l e e p3 6 0 0 ;p m s e ts l e e p n o w #g ot os t a n d b yi no n eh o u r( O S X ) #d e f a u l t sw r i t egc o m . a p p l e . m o u s e . s c a l i n gf l o a t8 #O S Xm o u s ea c c e l e r a t i o n( u s e1t or e v e r s e )
2PROCESSES
Listing|Priority|Background/Foreground|Top|Kill
2. 2 Pr ior it y
cb.vu/unixtoolbox.xhtml#loadstats
6/49
11/20/13
Unix Toolbox
Start the process with a defined priority with n i c e . Positive is "nice" or weak, negative is strong scheduling priority. Make sure you know if / u s r / b i n / n i c e or the shell builtin is used (check with # w h i c hn i c e ).
#n i c en5t o p #n i c en5t o p #n i c e+ 5t o p #S t r o n g e rp r i o r i t y( / u s r / b i n / n i c e ) #W e a k e rp r i o r i t y( / u s r / b i n / n i c e ) #t c s hb u i l t i nn i c e( s a m ea sa b o v e ! )
2. 4 Top
The program t o p displays running information of processes. See also the program h t o p from htop.sourceforge.net (a more powerful version of top) which runs on Linux and FreeBSD (p o r t s / s y s u t i l s / h t o p / ).Whiletopisrunningpressthekeyhforahelpoverview.Usefulkeysare: u[username]Todisplayonlytheprocessesbelongingtotheuser.Use+orblanktoseeall users k[pid]Killtheprocesswithpid. 1Todisplayallprocessorsstatistics(Linuxonly) RTogglenormal/reversesort.
2. 5 Signals/ Kill
Terminateorsendasignalwithk i l l ork i l l a l l .
#p i n gi6 0c b . v u>p i n g . l o g& [ 1 ]4 7 1 2 #k i l lsT E R M4 7 1 2 #k i l l a l l1h t t p d #p k i l l9h t t p #p k i l lT E R Muw w w #f u s e rkT E R Mm/ h o m e #s a m ea sk i l l1 54 7 1 2 #K i l lH U Pp r o c e s s e sb ye x a c tn a m e #K i l lT E R Mp r o c e s s e sb y( p a r to f )n a m e #K i l lT E R Mp r o c e s s e so w n e db yw w w #K i l le v e r yp r o c e s sa c c e s s i n g/ h o m e( t ou m o u n t )
Importantsignalsare:
cb.vu/unixtoolbox.xhtml#loadstats 7/49
11/20/13
Unix Toolbox
3 F I L E S YS T E M
Diskinfo|Boot|Diskusage|Openedfiles | Mount/remount | MountSMB | Mountimage | Burn ISO | Createimage|Memorydisk|Diskperformance
3. 1 Per missions
Change permission and ownership with c h m o d and c h o w n . The default umask can be changed for all users in /etc/profile for Linux or /etc/login.conf for FreeBSD. The default umask is usually 022. The umaskissubtractedfrom777,thusumask022resultsinapermission0f755.
1xe x e c u t e 2w -w r i t e 4r -r e a d u g o = a #M o d e7 6 4=e x e c / r e a d / w r i t e|r e a d / w r i t e|r e a d #F o r : | - O w n e r | | -G r o u p | | O t h | u = u s e r ,g = g r o u p ,o = o t h e r s ,a = e v e r y o n e
3. 3 Boot
Fr e e BSD Tobootanoldkernelifthenewkerneldoesn'tboot,stopthebootatduringthecountdown.
#u n l o a d #l o a dk e r n e l . o l d #b o o t
Diskusage
#d us h* #d uc s h #d uk s*|s o r tnr #l sl S r #D i r e c t o r ys i z e sa sl i s t i n g #T o t a ld i r e c t o r ys i z eo ft h ec u r r e n td i r e c t o r y #S o r te v e r y t h i n gb ys i z ei nk i l o b y t e s #S h o wf i l e s ,b i g g e s tl a s t
Fr e e BSDandmostUnixe s
#f s t a tf/ h o m e #f s t a tpP I D
cb.vu/unixtoolbox.xhtml#loadstats
#f o ram o u n tp o i n t #f o ra na p p l i c a t i o nw i t hP I D
8/49
11/20/13
Unix Toolbox
#f s t a tuu s e r
#f o rau s e rn a m e
Findopenedlogfile(orotheropenedfiles),sayforXorg:
#p sa x|g r e pX o r g|a w k' { p r i n t$ 1 } ' 1 2 5 2 #f s t a tp1 2 5 2 U S E R C M D P I D F DM O U N T I N U MM O D E S Z | D VR / W r o o t X o r g 1 2 5 2r o o t/ 2d r w x r x r x 5 1 2 r r o o t X o r g 1 2 5 2t e x t/ u s r 2 1 6 0 1 6r w s x x 1 6 7 9 8 4 8r r o o t X o r g 1 2 5 2 0/ v a r 2 1 2 0 4 2r w r r - 5 6 9 8 7 w
Thefilewithinum212042istheonlyfilein/var:
#f i n dx/ v a ri n u m2 1 2 0 4 2 / v a r / l o g / X o r g . 0 . l o g
Aboutanapplication:
p sa x|g r e pX o r g|a w k' { p r i n t$ 1 } ' 3 3 2 4 #l s o fp3 3 2 4 C O M M A N D P I D U S E R F D T Y P ED E V I C E X o r g 3 3 2 4r o o t 0 w R E G 8 , 6
S I Z E 5 6 2 9 6
N O D EN A M E 1 2 4 9 2/ v a r / l o g / X o r g . 0 . l o g
Aboutasinglefile:
#l s o f/ v a r / l o g / X o r g . 0 . l o g C O M M A N D P I DU S E R F D T Y P ED E V I C E S I Z E N O D EN A M E X o r g 3 3 2 4r o o t 0 w R E G 8 , 65 6 2 9 61 2 4 9 2/ v a r / l o g / X o r g . 0 . l o g
Orfindthedevicein/dev/orwithdmesg Fr e e BSD
#m o u n tvtc d 9 6 6 0/ d e v / c d 0 c/ m n t #c d r o m #m o u n t _ c d 9 6 6 0/ d e v / w c d 0 c/ c d r o m #o t h e rm e t h o d #m o u n tvtm s d o s/ d e v / f d 0 c/ m n t #f l o p p y
Entryin/etc/fstab:
#D e v i c e / d e v / a c d 0 M o u n t p o i n t / c d r o m F S t y p e O p t i o n s c d 9 6 6 0 r o , n o a u t o D u m p 0 P a s s # 0
Toletusersdoit:
#s y s c t lv f s . u s e r m o u n t = 1 #O ri n s e r tt h el i n e" v f s . u s e r m o u n t = 1 "i n/ e t c / s y s c t l . c o n f
Linux
#m o u n tta u t o/ d e v / c d r o m/ m n t / c d r o m #m o u n t/ d e v / h d cti s o 9 6 6 0r/ c d r o m #m o u n t/ d e v / s c d 0ti s o 9 6 6 0r/ c d r o m #m o u n t/ d e v / s d c 0tn t f s 3 g/ w i n d o w s #t y p i c a lc d r o mm o u n tc o m m a n d #t y p i c a lI D E #t y p i c a lS C S Ic d r o m #t y p i c a lS C S I
Entryin/etc/fstab:
/ d e v / c d r o m / m e d i a / c d r o m s u b f sn o a u t o , f s = c d f s s , r o , p r o c u i d , n o s u i d , n o d e v , e x e c00
Re mount
cb.vu/unixtoolbox.xhtml#loadstats
9/49
11/20/13
Unix Toolbox
Remountadevicewithoutunmountingit.Necessaryforfsckforexample
#m o u n tor e m o u n t , r o/ #m o u n tor ou/ #L i n u x #F r e e B S D
Copytherawdatafromacdromintoanisoimage(default512blocksizemightcauseproblems):
#d di f = / d e v / c d 0 co f = f i l e . i s ob s = 2 0 4 8
Mountshareonguest(linux,FreeBSD)
#s u d om o u n ttv b o x s fs h a r e/ h o m e / v b o x s h a r e#ou i d = 1 0 0 0 , g i d = 1 0 0 0( a sa p p r o p r i a t e ) s h a r e/ h o m e / c o l i n / s h a r ev b o x s fd e f a u l t s , u i d = c o l i n00#f s t a be n t r y
OSX
#d i s k u t i ll i s t #L i s tt h ep a r t i t i o n so fad i s k #d i s k u t i lu n m o u n t D i s k/ d e v / d i s k 1 #U n m o u n ta ne n t i r ed i s k( a l lv o l u m e s ) #c h f l a g sh i d d e n~ / D o c u m e n t s / f o l d e r #H i d ef o l d e r( r e v e r s ew i t hu n h i d d e n )
MoundSambasharethroughsshtunnel
#s s hCfNp2 0 0 2 2L4 4 5 : 1 2 7 . 0 . 0 . 1 : 4 4 5m e @ s e r v e r #c o n n e c to n2 0 0 2 2 ,t u n n e l4 4 5 #m o u n tts m b f s/ / c o l i n @ l o c a l h o s t / c o l i n~ / m n t #m o u n t _ s m b f s/ / c o l i n : m y p a s s w o r d @ 1 2 7 . 0 . 0 . 1 / p r i v a t e/ V o l u m e s / p r i v a t e#Iu s et h i so nO S X+s s h
Additionally with the package mount.cifs it is possible to store the credentials in a file, for example / h o m e / u s e r / . s m b :
u s e r n a m e = w i n u s e r p a s s w o r d = w i n p w d
Andmountasfollow:
#m o u n ttc i f soc r e d e n t i a l s = / h o m e / u s e r / . s m b/ / 1 9 2 . 1 6 8 . 1 6 . 2 2 9 / m y s h a r e/ m n t / s m b s h a r e
Fr e e BSD UseItogivetheIP(orDNSname)smbserveristheWindowsname.
#s m b u t i lv i e wI1 9 2 . 1 6 8 . 1 6 . 2 2 9/ / w i n u s e r @ s m b s e r v e r #L i s tt h es h a r e s #m o u n t _ s m b f sI1 9 2 . 1 6 8 . 1 6 . 2 2 9/ / w i n u s e r @ s m b s e r v e r / m y s h a r e/ m n t / s m b s h a r e
3. 9 Mount an image
#h d i u t i lm o u n ti m a g e . i s o #O SX
Linuxloopback
#m o u n tti s o 9 6 6 0ol o o pf i l e . i s o/ m n t #m o u n tte x t 3ol o o pf i l e . i m g/ m n t #M o u n taC Di m a g e #M o u n ta ni m a g ew i t he x t 3f s
Fr e e BSD Withmemorydevice(do#kldloadmd.koifnecessary):
cb.vu/unixtoolbox.xhtml#loadstats 10/49
11/20/13
Unix Toolbox
#C l e a n u pt h em dd e v i c e
Orwithvirtualnode:
#v n c o n f i g/ d e v / v n 0 cf i l e . i s o ;m o u n ttc d 9 6 6 0/ d e v / v n 0 c/ m n t #u m o u n t/ m n t ;v n c o n f i gu/ d e v / v n 0 c #C l e a n u pt h ev nd e v i c e
Use mkisofs to create a CD/DVD image from files in a directory. To overcome the file names restrictions: r enables the Rock Ridge extensions common to UNIX systems, J enables Joliet extensionsusedbyMicrosoftsystems.LallowsISO9660filenamestobeginwithaperiod.
#m k i s o f sJLrVT I T L Eoi m a g e f i l e . i s o/ p a t h / t o / d i r #h d i u t i lm a k e h y b r i di s oj o l i e tod i r . i s od i r / #O SX
Linux Also use c d r e c o r d with Linux as described above. Additionally it is possible to use the native ATAPI interfacewhichisfoundwith:
#c d r e c o r dd e v = A T A P Is c a n b u s
AndburntheCD/DVDasabove. dvd+rwtools Thedvd+rwtoolspackage(FreeBSD:ports/sysutils/dvd+rwtools)candoitallandincludes g r o w i s o f s toburnCDsorDVDs.Theexamplesrefertothedvddeviceas / d e v / d v d whichcouldbeasymlinkto / d e v / s c d 0 (typical scsi on Linux) or / d e v / c d 0 (typical FreeBSD) or / d e v / r c d 0 c (typical NetBSD/OpenBSDcharacterSCSI)or / d e v / r d s k / c 0 t 1 d 0 s 2 (SolarisexampleofacharacterSCSI/ATAPI CDROM device). There is a nice documentation with examples on the FreeBSD handbook chapter 18.7http://www.f reebsd.org/handbook/creatingdv ds.html.
#d v d c o m p a tc l o s e st h ed i s k #g r o w i s o f sd v d c o m p a tZ/ d e v / d v d = i m a g e f i l e . i s o #B u r ne x i s t i n gi s oi m a g e #g r o w i s o f sd v d c o m p a tZ/ d e v / d v dJR/ p / t o / d a t a #B u r nd i r e c t l y
Conv e r tabin/cue image to.iso The little b c h u n k programhttp://f reshmeat.net/projects/bchunk/ can do this. It is in the FreeBSD ports in
cb.vu/unixtoolbox.xhtml#loadstats 11/49
11/20/13
Unix Toolbox
sysutils/bchunk.
#b c h u n ki m a g e f i l e . b i ni m a g e f i l e . c u ei m a g e f i l e . i s o
The file based image can be automatically mounted during boot with an entry in /etc/rc.conf and /etc/fstab. Test your setup with # / e t c / r c . d / m d c o n f i g s t a r t (first delete the md0 device with # m d c o n f i gdu0 ). NotehoweverthatthisautomaticsetupwillonlyworkifthefileimageisNOTontherootpartition.The reasonisthatthe/etc/rc.d/mdconfigscriptisexecutedveryearlyduringbootandtherootpartitionis still readonly. Images located outside the root partition will be mounted later with the script /etc/rc.d/mdconfig2. /boot/loader.conf:
m d _ l o a d = " Y E S "
/etc/rc.conf:
#m d c o n f i g _ m d 0 = " tv n o d ef/ u s r / v d i s k . i m g " #/ u s ri sn o to nt h er o o tp a r t i t i o n
/etc/fstab:(The00attheendisimportant,ittellfscktoignorethisdevice,asisdoesnotexistyet)
/ d e v / m d 0 / u s r / v d i s k u f s r w 0 0
Itisalsopossibletoincreasethesizeoftheimageafterward,sayforexample300MBlarger.
#u m o u n t/ m n t ;m d c o n f i gdu0 #d di f = / d e v / z e r ob s = 1 mc o u n t = 3 0 0> >/ u s r / v d i s k . i m g #m d c o n f i gatv n o d ef/ u s r / v d i s k . i m gu0 #g r o w f s/ d e v / m d 0 #m o u n t/ d e v / m d 0 c/ m n t
#F i l ep a r t i t i o ni sn o w3 0 0M Bl a r g e r
Linux
#d di f = / d e v / z e r oo f = / u s r / v d i s k . i m gb s = 1 0 2 4 kc o u n t = 1 0 2 4 #m k f s . e x t 3/ u s r / v d i s k . i m g #m o u n tol o o p/ u s r / v d i s k . i m g/ m n t #u m o u n t/ m n t ;r m/ u s r / v d i s k . i m g #C l e a n u p
Linux
#m o u n ttt m p f so s i z e = 6 4 mt m p f s/ m e m d i s k
cb.vu/unixtoolbox.xhtml#loadstats
12/49
11/20/13
Unix Toolbox
4 NE T W O R K
Routing|AdditionalIP|ChangeMAC|Ports|Firewall|IPForward|NAT|DNS|DHCP|Traffic|QoS| NIS|Netcat
Othe r OSe s
#i f c o n f i gf x p 0 #C h e c kt h e" m e d i a "f i e l do nF r e e B S D #a r pa #C h e c kt h er o u t e r( o rh o s t )A R Pe n t r y( a l lO S ) #p i n gc b . v u #T h ef i r s tt h i n gt ot r y . . . #t r a c e r o u t ec b . v u #P r i n tt h er o u t ep a t ht od e s t i n a t i o n #i f c o n f i gf x p 0m e d i a1 0 0 b a s e T Xm e d i a o p tf u l l d u p l e x#1 0 0 M b i tf u l ld u p l e x( F r e e B S D ) #n e t s t a ts #S y s t e m w i d es t a t i s t i c sf o re a c hn e t w o r kp r o t o c o l
Additionalcommandswhicharenotalwaysinstalledperdefaultbuteasytofind:
#a r p i n g1 9 2 . 1 6 8 . 1 6 . 2 5 4 #P i n go ne t h e r n e tl a y e r #t c p t r a c e r o u t ef5c b . v u #u s e st c pi n s t e a do fi c m pt ot r a c et h r o u g hf i r e w a l l s
4. 2 Rout ing
Pr intr outingtable
#r o u t en #n e t s t a tr n #r o u t ep r i n t #L i n u xo ru s e" i pr o u t e " #L i n u x ,B S Da n dU N I X #W i n d o w s
Addtheroutepermanentlyin/etc/rc.conf
s t a t i c _ r o u t e s = " m y r o u t e " r o u t e _ m y r o u t e = " n e t2 1 2 . 1 1 7 . 0 . 0 / 1 61 9 2 . 1 6 8 . 1 . 1 "
Linux
#r o u t ea d dn e t1 9 2 . 1 6 8 . 2 0 . 0n e t m a s k2 5 5 . 2 5 5 . 2 5 5 . 0g w1 9 2 . 1 6 8 . 1 6 . 2 5 4 #i pr o u t ea d d1 9 2 . 1 6 8 . 2 0 . 0 / 2 4v i a1 9 2 . 1 6 8 . 1 6 . 2 5 4 #s a m ea sa b o v ew i t hi pr o u t e #r o u t ea d dn e t1 9 2 . 1 6 8 . 2 0 . 0n e t m a s k2 5 5 . 2 5 5 . 2 5 5 . 0d e ve t h 0 #r o u t ea d dd e f a u l tg w1 9 2 . 1 6 8 . 5 1 . 2 5 4 #i pr o u t ea d dd e f a u l tv i a1 9 2 . 1 6 8 . 5 1 . 2 5 4d e ve t h 0 #s a m ea sa b o v ew i t hi pr o u t e #r o u t ed e l e t en e t1 9 2 . 1 6 8 . 2 0 . 0n e t m a s k2 5 5 . 2 5 5 . 2 5 5 . 0
Solaris
#r o u t ea d dn e t1 9 2 . 1 6 8 . 2 0 . 0n e t m a s k2 5 5 . 2 5 5 . 2 5 5 . 01 9 2 . 1 6 8 . 1 6 . 2 5 4 #r o u t ea d dd e f a u l t1 9 2 . 1 6 8 . 5 1 . 2 5 41 #1=h o p st ot h en e x tg a t e w a y #r o u t ec h a n g ed e f a u l t1 9 2 . 1 6 8 . 5 0 . 2 5 41
Permanententriesaresetinentryin/ e t c / d e f a u l t r o u t e r . W indows
#R o u t ea d d1 9 2 . 1 6 8 . 5 0 . 0m a s k2 5 5 . 2 5 5 . 2 5 5 . 01 9 2 . 1 6 8 . 5 1 . 2 5 3
cb.vu/unixtoolbox.xhtml#loadstats
13/49
11/20/13
Unix Toolbox
#R o u t ea d d0 . 0 . 0 . 0m a s k0 . 0 . 0 . 01 9 2 . 1 6 8 . 5 1 . 2 5 4
Useaddptomaketheroutepersistent.
Fr e e BSD
#i f c o n f i gf x p 0i n e t1 9 2 . 1 6 8 . 5 0 . 2 5 4 / 2 4 #F i r s tI P #i f c o n f i gf x p 0a l i a s1 9 2 . 1 6 8 . 5 1 . 2 5 4n e t m a s k2 5 5 . 2 5 5 . 2 5 5 . 0#S e c o n dI P #i f c o n f i gf x p 0a l i a s1 9 2 . 1 6 8 . 5 1 . 2 5 4 #R e m o v es e c o n dI Pa l i a s
Permanententriesin/etc/rc.conf
i f c o n f i g _ f x p 0 = " i n e t1 9 2 . 1 6 8 . 5 0 . 2 5 4 n e t m a s k2 5 5 . 2 5 5 . 2 5 5 . 0 " i f c o n f i g _ f x p 0 _ a l i a s 0 = " 1 9 2 . 1 6 8 . 5 1 . 2 5 4n e t m a s k2 5 5 . 2 5 5 . 2 5 5 . 0 "
Solar is Checkthesettingswithi f c o n f i ga
#i f c o n f i gh m e 0p l u m b #E n a b l et h en e t w o r kc a r d #i f c o n f i gh m e 01 9 2 . 1 6 8 . 5 0 . 2 5 4n e t m a s k2 5 5 . 2 5 5 . 2 5 5 . 0u p #F i r s tI P #i f c o n f i gh m e 0 : 11 9 2 . 1 6 8 . 5 1 . 2 5 4n e t m a s k2 5 5 . 2 5 5 . 2 5 5 . 0u p #S e c o n dI P
*Typicalwirelessinterfaceise n 1 andneedsdodisassociatefromanynetworkfirst(osxdailyhowto).
#e c h o" a l i a sa i r p o r t = ' / S y s t e m / L i b r a r y / P r i v a t e F r a m e w o r k s / A p p l e 8 0 2 1 1 . f r a m e w o r k / V e r s i o n s / C u r r e n t / R e s o u r c e s / a i r p o r t ' " \ > >~ / . b a s h _ p r o f i l e #o rs y m l i n kt o/ u s r / s b i n #a i r p o r tz #D i s a s s o c i a t ef r o mw i r e l e s sn e t w o r k s #a i r p o r tI #G e ti n f of r o mw i r e l e s sn e t w o r k
Many tools exist for Windows. For example etherchangehttp://ntsecurity .nu/toolbox/etherchange. Or look for "Mac Makeup","smac".
4. 5 Por t s in use
Listeningopenports:
#n e t s t a ta n|g r e pL I S T E N #l s o fi #L i n u xl i s ta l lI n t e r n e tc o n n e c t i o n s #s o c k l i s t #L i n u xd i s p l a yl i s to fo p e ns o c k e t s #s o c k s t a t4 #F r e e B S Da p p l i c a t i o nl i s t i n g #n e t s t a ta n pu d pt c p|g r e pL I S T E N #L i n u x #n e t s t a tt u p #L i s ta c t i v ec o n n e c t i o n st o / f r o ms y s t e m( L i n u x ) #n e t s t a tt u p l #L i s tl i s t e n i n gp o r t sf r o ms y s t e m( L i n u x ) #n e t s t a ta n o #W i n d o w s
4. 6 Fir ewall
Checkifafirewallisrunning(typicalconfigurationonly): Linux
#i p t a b l e sLnv O p e nt h ei p t a b l e sf i r e w a l l #i p t a b l e sPI N P U T A C C E P T #i p t a b l e sPF O R W A R D A C C E P T #i p t a b l e sPO U T P U T A C C E P T #i p t a b l e sZ #i p t a b l e sF #i p t a b l e sX #F o rs t a t u s #O p e ne v e r y t h i n g #Z e r ot h ep a c k e ta n db y t ec o u n t e r si na l lc h a i n s #F l u s ha l lc h a i n s #D e l e t ea l lc h a i n s
cb.vu/unixtoolbox.xhtml#loadstats
14/49
11/20/13
Unix Toolbox
Fr e e BSD
#i p f ws h o w #F o rs t a t u s #i p f wl i s t6 5 5 3 5#i fa n s w e ri s" 6 5 5 3 5d e n yi pf r o ma n yt oa n y "t h ef wi sd i s a b l e d #s y s c t ln e t . i n e t . i p . f w . e n a b l e = 0 #D i s a b l e #s y s c t ln e t . i n e t . i p . f w . e n a b l e = 1 #E n a b l e
oredit/etc/sysctl.confwith:
n e t . i p v 4 . i p _ f o r w a r d=1
Fr e e BSD Checkandenablewith:
#s y s c t ln e t . i n e t . i p . f o r w a r d i n g #C h e c kI Pf o r w a r d0 = o f f ,1 = o n #s y s c t ln e t . i n e t . i p . f o r w a r d i n g = 1 #s y s c t ln e t . i n e t . i p . f a s t f o r w a r d i n g = 1 #F o rd e d i c a t e dr o u t e ro rf i r e w a l l P e r m a n e n tw i t he n t r yi n/ e t c / r c . c o n f : g a t e w a y _ e n a b l e = " Y E S " #S e tt oY E Si ft h i sh o s tw i l lb eag a t e w a y .
Solar is
#n d ds e t/ d e v / i pi p _ f o r w a r d i n g1 #S e tI Pf o r w a r d0 = o f f ,1 = o n
Delete the port forward with D instead of A. The program netstatnathttp://tweegy .nl/projects/netstatnat is very usefultotrackconnections(ituses/ p r o c / n e t / i p _ c o n n t r a c k or/ p r o c / n e t / n f _ c o n n t r a c k ).
#n e t s t a t n a tn #s h o wa l lc o n n e c t i o n sw i t hI P s
Fr e e BSD
#n a t dsmud y n a m i cf/ e t c / n a t d . c o n fnf x p 0 O re d i t/ e t c / r c . c o n fw i t h : f i r e w a l l _ e n a b l e = " Y E S " #S e tt oY E St oe n a b l ef i r e w a l lf u n c t i o n a l i t y f i r e w a l l _ t y p e = " o p e n " #F i r e w a l lt y p e( s e e/ e t c / r c . f i r e w a l l ) n a t d _ e n a b l e = " Y E S " #E n a b l en a t d( i ff i r e w a l l _ e n a b l e= =Y E S ) . n a t d _ i n t e r f a c e = " t u n 0 " #P u b l i ci n t e r f a c eo rI Pa d d r e s st ou s e . n a t d _ f l a g s = " smud y n a m i cf/ e t c / n a t d . c o n f "
Portforwardwith:
#c a t/ e t c / n a t d . c o n f s a m e _ p o r t sy e s u s e _ s o c k e t sy e s u n r e g i s t e r e d _ o n l y #r e d i r e c t _ p o r tt c pi n s i d e I P : 2 3 0 0 2 3 9 93 3 0 0 3 3 9 9 #p o r tr a n g e r e d i r e c t _ p o r tu d p1 9 2 . 1 6 8 . 5 1 . 1 0 3 : 7 7 7 77 7 7 7
4. 9 DNS
On Unix the DNS entries are valid for all interfaces and are stored in /etc/resolv.conf. The domain to whichthehostbelongsisalsostoredinthisfile.Aminimalconfigurationis:
n a m e s e r v e r7 8 . 3 1 . 7 0 . 2 3 8 s e a r c hs l e e p y o w l . n e ti n t e r n . l a b d o m a i ns l e e p y o w l . n e t
Checkthesystemdomainnamewith:
#h o s t n a m ed #S a m ea sd n s d o m a i n n a m e
cb.vu/unixtoolbox.xhtml#loadstats
15/49
11/20/13
Unix Toolbox
FlushDNS FlushtheOSDNScache,someapplicationusingtheirowncache(e.g.Firefox)andwillbeunaffected.
#/ e t c / i n i t . d / n s c dr e s t a r t #l o o k u p df l u s h c a c h e #d s c a c h e u t i lf l u s h c a c h e #i p c o n f i g/ f l u s h d n s #R e s t a r tn s c di fu s e d-L i n u x / B S D / S o l a r i s #O SXT i g e r #O SXL e o p a r da n dn e w e r #W i n d o w s
For war dque r ie s Dig is you friend to test the DNS settings. For example the public DNS server 2 1 3 . 1 3 3 . 1 0 5 . 2 n s . s e c o n d n s . d e can be used for testing. See from which server the client receives the answer (simplifiedanswer).
#d i gs l e e p y o w l . n e t s l e e p y o w l . n e t . 6 0 0 I N A ; ;S E R V E R :1 9 2 . 1 6 8 . 5 1 . 2 5 4 # 5 3 ( 1 9 2 . 1 6 8 . 5 1 . 2 5 4 ) 7 8 . 3 1 . 7 0 . 2 3 8
Therouter192.168.51.254answeredandtheresponseistheAentry.Anyentrycanbequeriedand theDNSservercanbeselectedwith@:
#d i gM Xg o o g l e . c o m #d i g@ 1 2 7 . 0 . 0 . 1N Ss u n . c o m #T ot e s tt h el o c a ls e r v e r #d i g@ 2 0 4 . 9 7 . 2 1 2 . 1 0N SM Xh e i s e . d e #Q u e r ya ne x t e r n a ls e r v e r #d i gA X F R@ n s 1 . x n a m e . o r gc b . v u #G e tt h ef u l lz o n e( z o n et r a n s f e r )
Theprogramhostisalsopowerful.
#h o s ttM Xc b . v u #h o s ttN STs u n . c o m #h o s tas l e e p y o w l . n e t #G e tt h em a i lM Xe n t r y #G e tt h eN Sr e c o r do v e raT C Pc o n n e c t i o n #G e te v e r y t h i n g
Re v e r se que r ie s Find the name belonging to an IP address (inaddr.arpa.). This can be done with d i g , h o s t and n s l o o k u p :
#d i gx7 8 . 3 1 . 7 0 . 2 3 8 #h o s t7 8 . 3 1 . 7 0 . 2 3 8 #n s l o o k u p7 8 . 3 1 . 7 0 . 2 3 8
/e tc/hosts Single hosts can be configured in the file /etc/hosts instead of running n a m e d locally to resolve the hostnamequeries.Theformatissimple,forexample:
7 8 . 3 1 . 7 0 . 2 3 8 s l e e p y o w l . n e t s l e e p y o w l
The priority between hosts and a dns query, that is the name resolution order, can be configured in / e t c / n s s w i t c h . c o n f AND/etc/host.conf.ThefilealsoexistsonWindows,itisusuallyin:
C : \ W I N D O W S \ S Y S T E M 3 2 \ D R I V E R S \ E T C
4. 10 DHCP
Linux Somedistributions(SuSE)usedhcpcdasclient.Thedefaultinterfaceiseth0.
#d h c p c dne t h 0 #d h c p c dke t h 0 #T r i g g e rar e n e w( d o e sn o ta l w a y sw o r k ) #r e l e a s ea n ds h u t d o w n
Theleasewiththefullinformationisstoredin:
/ v a r / l i b / d h c p c d / d h c p c d e t h 0 . i n f o
Fr e e BSD FreeBSD(andDebian)usesdhclient.Toconfigureaninterface(forexamplebge0)run:
#d h c l i e n tb g e 0
Theleasewiththefullinformationisstoredin:
/ v a r / d b / d h c l i e n t . l e a s e s . b g e 0
Use
cb.vu/unixtoolbox.xhtml#loadstats 16/49
11/20/13
Unix Toolbox
/ e t c / d h c l i e n t . c o n f
toprependoptionsorforcedifferentoptions:
#c a t/ e t c / d h c l i e n t . c o n f i n t e r f a c e" r l 0 "{ p r e p e n dd o m a i n n a m e s e r v e r s1 2 7 . 0 . 0 . 1 ; d e f a u l td o m a i n n a m e" s l e e p y o w l . n e t " ; s u p e r s e d ed o m a i n n a m e" s l e e p y o w l . n e t " ; }
Windows Thedhcpleasecanberenewedwithi p c o n f i g :
#i p c o n f i g/ r e n e w #i p c o n f i g/ r e n e wL A N #i p c o n f i g/ r e l e a s eW L A N #r e n e wa l la d a p t e r s #r e n e wt h ea d a p t e rn a m e d" L A N " #r e l e a s et h ea d a p t e rn a m e d" W L A N "
Yesitisagoodideatorenameyouadapterwithsimplenames!
4. 11 Tr affic analysis
Bmonhttp://people.suug.ch/~tgr/bmon/ isasmallconsolebandwidthmonitorandcandisplaytheflowondifferent interfaces. Sniffwithtcpdump
#t c p d u m pn lib g e 0n o tp o r ts s ha n ds r c\ ( 1 9 2 . 1 6 8 . 1 6 . 1 2 1o r1 9 2 . 1 6 8 . 1 6 . 5 4 \ ) #t c p d u m pnie t h 1n e t1 9 2 . 1 6 8 . 1 6 . 1 2 1 #s e l e c tt o / f r o mas i n g l eI P #t c p d u m pnie t h 1n e t1 9 2 . 1 6 8 . 1 6 . 0 / 2 4 #s e l e c tt r a f f i ct o / f r o man e t w o r k #t c p d u m pl>d u m p& &t a i lfd u m p #B u f f e r e do u t p u t #t c p d u m pir l 0wt r a f f i c . r l 0 #W r i t et r a f f i ch e a d e r si nb i n a r yf i l e #t c p d u m pir l 0s0wt r a f f i c . r l 0 #W r i t et r a f f i c+p a y l o a di nb i n a r yf i l e #t c p d u m prt r a f f i c . r l 0 #R e a df r o mf i l e( a l s of o re t h e r e a l #t c p d u m pp o r t8 0 #T h et w oc l a s s i cc o m m a n d s #t c p d u m ph o s tg o o g l e . c o m #t c p d u m pie t h 0Xp o r t\ ( 1 1 0o r1 4 3 \ ) #C h e c ki fp o po ri m a pi ss e c u r e #t c p d u m pnie t h 0i c m p #O n l yc a t c hp i n g s #t c p d u m pie t h 0s0Ap o r t8 0|g r e pG E T #s0f o rf u l lp a c k e tAf o rA S C I I
Additionalimportantoptions:
A Printeachpacketsincleartext(withoutheader) X PrintpacketsinhexandASCII l Makestdoutlinebuffered D Printallinterfacesavailable
Other non standard but useful tools are h p i n g (www.hping.org) an IP packet assembler/analyzer and f p i n g (fping.sourceforge.net).fpingcancheckmultiplehostsinaroundrobinfashion.
11/20/13
Unix Toolbox
the device upload rate to match the physical capacity of the modem, this should greatly improve the interactivity.Settoabout90%ofthemodemmaximal(cable)speed. Linux Fora512Kbituploadmodem.
#t cq d i s ca d dd e ve t h 0r o o tt b fr a t e4 8 0 k b i tl a t e n c y5 0 m sb u r s t1 5 4 0 #t csq d i s cl sd e ve t h 0 #S t a t u s #t cq d i s cd e ld e ve t h 0r o o t #D e l e t et h eq u e u e #t cq d i s cc h a n g ed e ve t h 0r o o tt b fr a t e2 2 0 k b i tl a t e n c y5 0 m sb u r s t1 5 4 0
Qualityofse r v ice Linux Priorityqueuingwitht c tooptimizeVoIP.Seethefullexampleonvoipinfo.orgorwww.howtoforge.com. Suppose VoIP uses udp on ports 10000:11024 and device eth0 (could also be ppp0 or so). The following commands define the QoS to three queues and force the VoIP traffic to queue 1 with QoS 0 x 1 e (allbitsset).Thedefaulttrafficflowsintoqueue3andQoSMinimizeDelayflowsintoqueue2.
#t cq d i s ca d dd e ve t h 0r o o th a n d l e1 :p r i op r i o m a p2222222211111110 #t cq d i s ca d dd e ve t h 0p a r e n t1 : 1h a n d l e1 0 :s f q #t cq d i s ca d dd e ve t h 0p a r e n t1 : 2h a n d l e2 0 :s f q #t cq d i s ca d dd e ve t h 0p a r e n t1 : 3h a n d l e3 0 :s f q #t cf i l t e ra d dd e ve t h 0p r o t o c o li pp a r e n t1 :p r i o1u 3 2\ m a t c hi pd p o r t1 0 0 0 00 x 3 C 0 0f l o w i d1 : 1 #u s es e r v e rp o r tr a n g e m a t c hi pd s t1 2 3 . 2 3 . 0 . 1f l o w i d1 : 1 #o r / a n du s es e r v e rI P
Statusandremovewith
#t csq d i s cl sd e ve t h 0 #t cq d i s cd e ld e ve t h 0r o o t #q u e u es t a t u s #d e l e t ea l lQ o S
Calculateportrangeandmask Thetcfilterdefinestheportrangewithportandmaskwhichyouhavetocalculate.Findthe2^Nending of the port range, deduce the range and convert to HEX. This is your mask. Example for 10000 > 11024,therangeis1024.
#2 ^ 1 3( 8 1 9 2 )<1 0 0 0 0<2 ^ 1 4( 1 6 3 8 4 ) #e c h o" o b a s e = 1 6 ; ( 2 ^ 1 4 ) 1 0 2 4 "|b c #e n d i n gi s2 ^ 1 4=1 6 3 8 4 #m a s ki s0 x 3 C 0 0
Statusandremovewith
#i p f wl i s t #i p f wp i p el i s t #i p f wf l u s h #r u l e ss t a t u s #p i p es t a t u s #d e l e t e sa l lr u l e sb u td e f a u l t
4. 13 NIS Debugging
SomecommandswhichshouldworkonawellconfiguredNISclient:
#y p w h i c h #d o m a i n n a m e #y p c a tg r o u p #c d/ v a r / y p& &m a k e #g e tt h ec o n n e c t e dN I Ss e r v e rn a m e #T h eN I Sd o m a i nn a m ea sc o n f i g u r e d #s h o u l dd i s p l a yt h eg r o u pf r o mt h eN I Ss e r v e r #R e b u i l dt h ey pd a t a b a s e
18/49
cb.vu/unixtoolbox.xhtml#loadstats
11/20/13
Unix Toolbox
#r p c i n f ops e r v e r n a m e
#R e p o r tR P Cs e r v i c e so ft h es e r v e r
Isypbindrunning?
#p sa u x w w|g r e py p b i n d / u s r / s b i n / y p b i n dsmSs e r v e r n a m e 1 , s e r v e r n a m e 2 #F r e e B S D / u s r / s b i n / y p b i n d #L i n u x #y p p o l lp a s s w d . b y n a m e M a pp a s s w d . b y n a m eh a so r d e rn u m b e r1 1 9 0 6 3 5 0 4 1 .M o nS e p2 41 3 : 5 7 : 2 12 0 0 7 T h em a s t e rs e r v e ri ss e r v e r n a m e . d o m a i n . n e t .
Linux
#c a t/ e t c / y p . c o n f y p s e r v e rs e r v e r n a m e d o m a i nd o m a i n . n e tb r o a d c a s t
4. 14 Net cat
Netcathttp://netcat.sourcef orge.net (nc) is better known as the "network Swiss Army Knife", it can manipulate, createorread/writeTCP/IPconnections.Heresomeusefulexamples,therearemanymoreonthenet, for example gloaded.eu[...]http://www.gloaded.eu/2006/11/06/netcatacoupleof usef ulexamples and herehttp://www.terminally incoherent.com/blog/2007/08/07/f ewusef ulnetcattricks . Youmightneedtousethecommandn e t c a t insteadofn c .Alsoseethesimilarcommandsocat. File tr ansfe r Copyalargefolderoverarawtcpconnection.Thetransferisveryquick(noprotocoloverhead)and youdon'tneedtomessupwithNFSorSMBorFTPorso,simplymakethefileavailableontheserver, andgetitfromtheclient.Here192.168.1.1istheserverIPaddress.
s e r v e r #t a rc f-CV I D E O _ T S.|n clp4 4 4 4 c l i e n t #n c1 9 2 . 1 6 8 . 1 . 14 4 4 4|t a rx p f-CV I D E O _ T S s e r v e r #c a tl a r g e f i l e|n cl5 6 7 8 c l i e n t #n c1 9 2 . 1 6 8 . 1 . 15 6 7 8>l a r g e f i l e s e r v e r #d di f = / d e v / d a 0|n cl4 4 4 4 c l i e n t #n c1 9 2 . 1 6 8 . 1 . 14 4 4 4|d do f = / d e v / d a 0 c l i e n t #n c1 9 2 . 1 6 8 . 1 . 14 4 4 4|d do f = d a 0 . i m g #S e r v et a rf o l d e ro np o r t4 4 4 4 #P u l lt h ef i l eo np o r t4 4 4 4 #S e r v e ras i n g l ef i l e #P u l lt h es i n g l ef i l e #S e r v e rp a r t i t i o ni m a g e #P u l lp a r t i t i o nt oc l o n e #P u l lp a r t i t i o nt of i l e
Emergencywebserver Serveasinglefileonport80inaloop.
#w h i l et r u e ;d on clp8 0<u n i x t o o l b o x . x h t m l ;d o n e
Chat AliceandBobcanchatoverasimpleTCPsocket.Thetextistransferredwiththeenterkey.
a l i c e #n cl p4 4 4 4 b o b #n c1 9 2 . 1 6 8 . 1 . 14 4 4 4
5 S S H S C P
Publickey|Fingerprint|SCP|Tunneling Seeothertricks25sshcmdhttp://blog.urf ix.com/25sshcommandstricks/
11/20/13
Unix Toolbox
Usingthe Windowsclie ntfr omssh.com The non commercial version of the ssh.com client can be downloaded the main ftp site: ftp.ssh.com/pub/ssh/. Keys generated by the ssh.com client need to be converted for the OpenSSH server.Thiscanbedonewiththesshkeygencommand. Createakeypairwiththessh.comclient:SettingsUserAuthenticationGenerateNew.... IuseKeytypeDSAkeylength2048. Copythepublickeygeneratedbythessh.comclienttotheserverintothe~/.sshfolder. ThekeysareinC:\DocumentsandSettings\%USERNAME%\ApplicationData\SSH\UserKeys. Usethesshkeygencommandontheservertoconvertthekey:
#c d~ / . s s h #s s h k e y g e nifk e y f i l e n a m e . p u b> >a u t h o r i z e d _ k e y s 2
Notice:WeusedaDSAkey,RSAisalsopossible.Thekeyisnotprotectedbyapassword. Usingputtyfor Windows Puttyhttp://www.chiark.greenend.org.uk/~sgtatham/putty /download.htmlisasimpleandfreesshclientforWindows. CreateakeypairwiththepuTTYgenprogram. Save the public and private keys (for example Settings\%USERNAME%\.ssh). Copythepublickeytotheserverintothe~/.sshfolder:
#s c p. s s h / p u t t y k e y . p u br o o t @ 1 9 2 . 1 6 8 . 5 1 . 2 5 4 : . s s h /
into
C:\Documents
and
UsethesshkeygencommandontheservertoconvertthekeyforOpenSSH:
#c d~ / . s s h #s s h k e y g e nifp u t t y k e y . p u b> >a u t h o r i z e d _ k e y s 2
Pointtheprivatekeylocationintheputtysettings:ConnectionSSHAuth
Nowtheclientconnectingtothisservercanverifythatheisconnectingtotherightserver:
#s s hl i n d a T h ea u t h e n t i c i t yo fh o s t' l i n d a( 1 9 2 . 1 6 8 . 1 6 . 5 4 ) 'c a n ' tb ee s t a b l i s h e d . D S Ak e yf i n g e r p r i n ti s1 4 : 4 a : a a : d 9 : 7 3 : 2 5 : 4 6 : 6 d : 0 a : 4 8 : 3 5 : c 7 : f 4 : 1 6 : d 4 : e e . A r ey o us u r ey o uw a n tt oc o n t i n u ec o n n e c t i n g( y e s / n o ) ?y e s
In Konqueror or Midnight Commander it is possible to access a remote file system with the address fish://user@gate .Howevertheimplementationisveryslow. Furthermoreitispossibletomountaremotefolderwith sshfsafilesystemclientbasedonSCP.See fusesshfshttp://f use.sourcef orge.net/sshf s.html.
s s h _ e x c h a n g e _ i d e n t i f i c a t i o n :C o n n e c t i o nc l o s e db yr e m o t eh o s t
cb.vu/unixtoolbox.xhtml#loadstats
20/49
11/20/13
Unix Toolbox
Withthiserrortrythefollowingontheserver:
e c h o' S S H D :A L L '> >/ e t c / h o s t s . a l l o w / e t c / i n i t . d / s s h dr e s t a r t
5. 4 Tunneling
SSHtunnelingallowstoforwardorreverseforwardaportovertheSSHconnection,thussecuringthe trafficandaccessingportswhichwouldotherwisebeblocked.ThisonlyworkswithTCP.Thegeneral nomenclatureforforwardandreverseis(seealsosshandNATexample):
#s s hLl o c a l p o r t : d e s t h o s t : d e s t p o r tu s e r @ g a t e #d e s t h o s ta ss e e nf r o mt h eg a t e #s s hRd e s t p o r t : d e s t h o s t : l o c a l p o r tu s e r @ g a t e #f o r w a r d sy o u rl o c a l p o r tt od e s t i n a t i o n #d e s t h o s t : l o c a l p o r ta ss e e nf r o mt h ec l i e n ti n i t i a t i n gt h et u n n e l #s s hXu s e r @ g a t e #T of o r c eXf o r w a r d i n g
Thiswillconnecttogateandforwardthelocalporttothehostdesthost:destport.Notedesthostisthe destination host as seen by the gate, so if the connection is to the gate, then desthost is localhost. Morethanoneportforwardispossible. Dir e ctfor war donthe gate LetsaywewanttoaccesstheCVS(port2401)andhttp(port80)whicharerunningonthegate.This isthesimplestexample,desthostisthuslocalhost,andweusetheport8080locallyinsteadof80sowe don'tneedtoberoot.Oncethesshsessionisopen,bothservicesareaccessibleonthelocalports.
#s s hL2 4 0 1 : l o c a l h o s t : 2 4 0 1L8 0 8 0 : l o c a l h o s t : 8 0u s e r @ g a t e
Thesmbsharecannowbeaccessedwith\\127.0.0.1\,butonlyifthelocalshareisdisabled,because thelocalshareislisteningonport139. Itispossibletokeepthelocalshareenabled,forthisweneedtocreateanewvirtualdevicewithanew IP address for the tunnel, the smb share will be connected over this address. Furthermore the local RDPisalreadylisteningon3389,sowechoose3388.Forthisexamplelet'suseavirtualIPof10.1.1.1. With putty use Source port=10.1.1.1:139. It is possible to create multiple loop devices and tunnel.OnWindows2000,onlyputtyworkedforme.OnWindowsVistaalsoforwardtheport445 in addition to the port 139. Also on Vista the patch KB942624 prevents the port 445 to be forwarded,soIhadtouninstallthispathinVista. With the ssh.com client, disable "Allow local connections only". Since ssh.com will bind to all addresses,onlyasinglesharecanbeconnected. NowcreatetheloopbackinterfacewithIP10.1.1.1: # System>Control Panel>Add Hardware # Yes, Hardware is already connected # Add a new hardwaredevice(atbottom). #InstallthehardwarethatImanuallyselect#Networkadapters#Microsoft,MicrosoftLoopback Adapter. ConfiguretheIPaddressofthefakedeviceto10.1.1.1mask255.255.255.0,nogateway. advanced>WINS,EnableLMHostsLookupDisableNetBIOSoverTCP/IP. #EnableClientforMicrosoftNetworks.#DisableFileandPrinterSharingforMicrosoftNetworks. IHADtorebootforthistowork.Nowconnecttothesmbsharewith\\10.1.1.1andremotedesktopto 10.1.1.1:3388. Debug Ifitisnotworking: Aretheportsforwarded:netstatan?Lookat0.0.0.0:139or10.1.1.1:139 Doestelnet10.1.1.1139connect? Youneedthecheckbox"Localportsacceptconnectionsfromotherhosts". Is"FileandPrinterSharingforMicrosoftNetworks"disabledontheloopbackinterface?
cb.vu/unixtoolbox.xhtml#loadstats
21/49
11/20/13
Unix Toolbox
Onclientcliadmin(fromhosttogate):
#s s hL3 0 2 2 : l o c a l h o s t : 2 0 2 2a d m i n @ g a t e #s s hp3 0 2 2a d m i n @ l o c a l h o s t #f o r w a r d sc l i e n t3 0 2 2t og a t e : 2 0 2 2 #l o c a l : 3 0 2 2>g a t e : 2 0 2 2>c l i e n t : 2 2
Onclientcliadmin(fromhosttogate):
#s s hL5 9 0 0 : l o c a l h o s t : 1 5 9 0 0a d m i n @ g a t e
NowtheadmincanconnectdirectlytotheclientVNCwith:
#v n c c o n n e c td i s p l a y: 0l o c a l h o s t
Digamultihopsshtunne l Suppose you can not reach a server directly with ssh, but only via multiple intermediate hosts (for example because of routing issues). Sometimes it is still necessary to get a direct client server connection,forexampletocopyfileswithscp,orforwardotherportslikesmborvnc.Onewaytodo thisistochaintunnelstogethertoforwardaporttotheserveralongthehops.This"carrier"portonly reachesitsfinaldestinationonthelastconnectiontotheserver. Supposewewanttoforwardthesshportfromaclienttoaserverovertwohops.Oncethetunnelis build,itispossibletoconnecttotheserverdirectlyfromtheclient(andalsoaddanotherportforward). Createtunnelinoneshell client>host1>host2>serveranddigtunnel5678
c l i e n t > #s s hL 5 6 7 8 : l o c a l h o s t : 5 6 7 8h o s t 1 h o s t _ 1 > #s s hL 5 6 7 8 : l o c a l h o s t : 5 6 7 8h o s t 2 h o s t _ 2 > #s s hL 5 6 7 8 : l o c a l h o s t : 2 2s e r v e r #5 6 7 8i sa na r b i t r a r yp o r tf o rt h et u n n e l #c h a i n5 6 7 8f r o mh o s t 1t oh o s t 2 #e n dt h et u n n e lo np o r t2 2o nt h es e r v e r
Usetunnelwithanothershell client>serverusingtunnel5678
#s s hp5 6 7 8l o c a l h o s t #c o n n e c td i r e c t l yf r o mc l i e n tt o s e r v e r #s c pP5 6 7 8m y f i l el o c a l h o s t : / t m p / #o rc o p yaf i l ed i r e c t l yu s i n gt h et u n n e l #r s y n ce' s s hp5 6 7 8 'm y f i l el o c a l h o s t : / t m p /#o rr s y n caf i l ed i r e c t l yt ot h es e r v e r
Autoconne ctandke e paliv e scr ipt I use variations of the following script to keep a machine reacheable over a reverse ssh tunnel. The connectionisautomaticallyrebuiltifclosed.YoucanaddmultipleL orR tunnelsononeline.
# ! / b i n / s h C O M M A N D = " s s hNfgR3 0 2 2 : l o c a l h o s t : 2 2c o l i n @ c b . v u " p g r e pfx" $ C O M M A N D ">/ d e v / n u l l2 > & 1| |$ C O M M A N D e x i t0 1****c o l i n/ h o m e / c o l i n / p o r t _ f o r w a r d . s h #c r o n t a be n t r y( h e r eh o u r l y )
6 VP N W I T H S S H
Asofversion4.3,OpenSSHcanusethetun/tapdevicetoencryptatunnel.Thisisverysimilartoother TLSbasedVPNsolutionslikeOpenVPN.OneadvantagewithSSHisthatthereisnoneedtoinstalland configureadditionalsoftware.AdditionallythetunnelusestheSSHauthenticationlikepresharedkeys. ThedrawbackisthattheencapsulationisdoneoverTCPwhichmightresultinpoorperformanceona slowlink.Alsothetunnelisrelyingonasingle(fragile)TCPconnection.Thistechniqueisveryuseful foraquickIPbasedVPNsetup.ThereisnolimitationaswiththesingleTCPportforward,alllayer3/4
cb.vu/unixtoolbox.xhtml#loadstats 22/49
11/20/13
Unix Toolbox
protocolslikeICMP,TCP/UDP,etc.areforwardedovertheVPN.Inanycase,thefollowingoptionsare neededinthesshd_conffile:
P e r m i t R o o t L o g i ny e s P e r m i t T u n n e ly e s
ServerisonFreeBSD
c l i > #s s hw 5 : 5r o o t @ h s e r v e r s r v > #i f c o n f i gt u n 51 0 . 0 . 1 . 11 0 . 0 . 1 . 2 #E x e c u t e do nt h es e r v e rs h e l l
Thetwohostsarenowconnectedandcantransparentlycommunicatewithanylayer3/4protocolusing thetunnelIPaddresses.
gateBisonFreeBSD
g a t e A > #s s hw 5 : 5r o o t @ g a t e B g a t e B > #i f c o n f i gt u n 51 0 . 0 . 1 . 11 0 . 0 . 1 . 2 g a t e B > #r o u t ea d d1 9 2 . 1 6 8 . 5 1 . 0 / 2 41 0 . 0 . 1 . 2 g a t e B > #s y s c t ln e t . i n e t . i p . f o r w a r d i n g = 1 g a t e B > #n a t dsmud y n a m i cnf x p 0 #C r e a t e st h et u n 5d e v i c e s #E x e c u t e do nt h eg a t e Bs h e l l #O n l yn e e d e di fn o td e f a u l tg w #s e eN A T
cb.vu/unixtoolbox.xhtml#loadstats
23/49
11/20/13
Unix Toolbox
g a t e A > #s y s c t ln e t . i n e t . i p . f w . e n a b l e = 1
gateAisonFreeBSD
g a t e A > #i f c o n f i gt u n 51 0 . 0 . 1 . 21 0 . 0 . 1 . 1 g a t e A > #r o u t ea d d1 9 2 . 1 6 8 . 1 6 . 0 / 2 41 0 . 0 . 1 . 2 g a t e A > #s y s c t ln e t . i n e t . i p . f o r w a r d i n g = 1 g a t e A > #n a t dsmud y n a m i cnf x p 0 g a t e A > #s y s c t ln e t . i n e t . i p . f w . e n a b l e = 1
#s e eN A T
7 R S YNC
Rsync can almost completely replace cp and scp, furthermore interrupted transfers are efficiently restarted.Atrailingslash(andtheabsencethereof)hasdifferentmeanings,themanpageisgood... Heresomeexamples: Copythedirectorieswithfullcontent:
#r s y n ca/ h o m e / c o l i n // b a c k u p / c o l i n / #" a r c h i v e "m o d e .e . gk e e pt h es a m e #r s y n ca/ v a r // v a r _ b a k / #r s y n ca Rd e l e t e d u r i n g/ h o m e / u s e r // b a c k u p / #u s er e l a t i v e( s e eb e l o w ) #/ o p t / l o c a l / b i n / r s y n ca z vi c o n v = U T F 8 M A C , U T F 8~ / M u s i c / f l a c /m e @ s e r v e r : / d s t / #c o n v e r tf i l e n a m e sO S XU T F 8t oW i n d o w sU T F 8
Same as before but over the network and with compression. Rsync uses SSH for the transport per defaultandwillusethesshkeyiftheyareset.Use":"aswithSCP.Atypicalremotecopy:
#r s y n ca x S R z v/ h o m e / u s e r /u s e r @ s e r v e r : / b a c k u p / u s e r /#C o p yt or e m o t e #r s y n ca' u s e r @ s e r v e r : M y \D o c u m e n t s 'M y \D o c u m e n t s #Q u o t eA N De s c a p es p a c e sf o rt h er e m o t es h e l l
Excludeanydirectorytmpwithin/home/user/andkeeptherelativefoldershierarchy,thatistheremote directorywillhavethestructure/backup/home/user/.Thisistypicallyusedforbackups.
#r s y n ca z Re x c l u d e = t m p // h o m e / u s e r /u s e r @ s e r v e r : / b a c k u p /
Useport20022forthesshconnection:
#r s y n ca ze' s s hp2 0 0 2 2 '/ h o m e / c o l i n /u s e r @ s e r v e r : / b a c k u p / c o l i n /
Using the rsync daemon (used with "::") is much faster, but not encrypted over ssh. The location of /backupisdefinedbytheconfigurationin/etc/rsyncd.conf.ThevariableRSYNC_PASSWORDcanbe settoavoidtheneedtoenterthepasswordmanually.
#r s y n ca x S R z/ h o m e /r u s e r @ h o s t n a m e : : r m o d u l e / b a c k u p / #r s y n ca x S R zr u s e r @ h o s t n a m e : : r m o d u l e / b a c k u p // h o m e / #T oc o p yb a c k
Someimportantoptions:
a ,a r c h i v e archivemodesameasrlptgoD(noH) r ,r e c u r s i v e recurseintodirectories R ,r e l a t i v e userelativepathnames H ,h a r d l i n k s preservehardlinks S ,s p a r s e handlesparsefilesefficiently x ,o n e f i l e s y s t e m don'tcrossfilesystemboundaries e x c l u d e = P A T T E R N excludefilesmatchingPATTERN d e l e t e d u r i n g receiverdeletesduringxfer,notbefore d e l e t e a f t e r receiverdeletesaftertransfer,notbefore
7. 1 Rsync on W indows
Rsync is available for Windows through cygwin or as standalone packaged in cwrsynchttp://sourcef orge.net/projects/sereds . This is very convenient for automated backups. Install one of them
cb.vu/unixtoolbox.xhtml#loadstats 24/49
11/20/13
Unix Toolbox
(not both) and add the path to the Windows system variables: # Control Panel > System > tab Advanced,buttonEnvironmentVariables.Editthe"Path"systemvariableandaddthefullpathtothe installedrsync,e.g.C:\ProgramFiles\cwRsync\binorC:\cygwin\bin.Thiswaythecommands r s y n c and s s h areavailableinaWindowscommandshell. Publicke yauthe ntication Rsync is automatically tunneled over SSH and thus uses the SSH authentication on the server. Automaticbackupshavetoavoidauserinteraction,forthistheSSHpublickeyauthenticationcanbe usedandthersynccommandwillrunwithoutapassword. AllthefollowingcommandsareexecutedwithinaWindowsconsole.Inaconsole(Start>Run>cmd) createanduploadthekeyasdescribedinSSH,change"user"and"server"asappropriate.Ifthefile authorized_keys2doesnotexistyet,simplycopyid_dsa.pubtoauthorized_keys2anduploadit.
#s s h k e y g e ntd s aN' ' #C r e a t e sap u b l i ca n dap r i v a t ek e y #r s y n cu s e r @ s e r v e r : . s s h / a u t h o r i z e d _ k e y s 2.#C o p yt h ef i l el o c a l l yf r o mt h es e r v e r #c a ti d _ d s a . p u b> >a u t h o r i z e d _ k e y s 2 #O ru s ea ne d i t o rt oa d dt h ek e y #r s y n ca u t h o r i z e d _ k e y s 2u s e r @ s e r v e r : . s s h / #C o p yt h ef i l eb a c kt ot h es e r v e r #d e la u t h o r i z e d _ k e y s 2 #R e m o v et h el o c a lc o p y
Nowtestitwith(inoneline):
r s y n cr v" / c y g d r i v e / c / D o c u m e n t sa n dS e t t i n g s / % U S E R N A M E % / M yD o c u m e n t s / "\ ' u s e r @ s e r v e r : M y \D o c u m e n t s / '
Automaticbackup Use a batch file to automate the backup and add the file in the scheduled tasks (Programs > Accessories>SystemTools>ScheduledTasks).Forexamplecreatethefilebackup.batandreplace user@server.
@ E C H OO F F R E Mr s y n ct h ed i r e c t o r yM yD o c u m e n t s S E T L O C A L S E TC W R S Y N C H O M E = C : \ P R O G R A MF I L E S \ C W R S Y N C S E TC Y G W I N = n o n t s e c S E TC W O L D P A T H = % P A T H % R E Mu n c o m m e n tt h en e x tl i n ew h e nu s i n gc y g w i n S E TP A T H = % C W R S Y N C H O M E % \ B I N ; % P A T H % e c h oP r e s sC o n t r o l Ct oa b o r t r s y n ca v" / c y g d r i v e / c / D o c u m e n t sa n dS e t t i n g s / % U S E R N A M E % / M yD o c u m e n t s / "\ ' u s e r @ s e r v e r : M y \D o c u m e n t s / ' p a u s e
8 S UD O
Sudoisastandardwaytogiveuserssomeadministrativerightswithoutgivingouttherootpassword. Sudo is very useful in a multi user environment with a mix of server and workstations. Simply call the commandwithsudo:
#s u d o/ e t c / i n i t . d / d h c p dr e s t a r t #s u d ous y s a d m i nw h o a m i #R u nt h er cs c r i p ta sr o o t #R u nc m da sa no t h e ru s e r
8. 1 Configur at ion
Sudoisconfiguredin / e t c / s u d o e r s andmustonlybeeditedwith v i s u d o .Thebasicsyntaxis(thelists arecommaseparated):
u s e rh o s t s=( r u n a s )c o m m a n d s #I n/ e t c / s u d o e r s
Additionally those keywords can be defined as alias, they are called User_Alias, Host_Alias, Runas_AliasandCmnd_Alias.Thisisusefulforlargersetups.Hereasudoersexample:
#c a t/ e t c / s u d o e r s #H o s ta l i a s e sa r es u b n e t so rh o s t n a m e s . H o s t _ A l i a s D M Z =2 1 2 . 1 1 8 . 8 1 . 4 0 / 2 8 H o s t _ A l i a s D E S K T O P=w o r k 1 ,w o r k 2 #U s e ra l i a s e sa r eal i s to fu s e r sw h i c hc a nh a v et h es a m er i g h t s U s e r _ A l i a s A D M I N S =c o l i n ,l u c a ,a d m i n
cb.vu/unixtoolbox.xhtml#loadstats
25/49
11/20/13
Unix Toolbox
U s e r _ A l i a s D E V E L R u n a s _ A l i a s D B A
=j o e ,j a c k ,j u l i a =o r a c l e , p g s q l
9 E NC R YP T F I L E S
9. 1 OpenSSL
Asingle file Encryptanddecrypt:
#o p e n s s la e s 1 2 8 c b cs a l ti nf i l eo u tf i l e . a e s #o p e n s s la e s 1 2 8 c b cds a l ti nf i l e . a e so u tf i l e
9. 2 GPG
GnuPGiswellknowntoencryptandsignemailsoranydata.Furthermoregpgandalsoprovidesan advancedkeymanagementsystem.Thissectiononlycoversfilesencryption,notemailusage,signing ortheWebOfTrust. The simplest encryption is with a symmetric cipher. In this case the file is encrypted with a password and anyone who knows the password can decrypt it, thus the keys are not needed. Gpg adds an extention".gpg"totheencryptedfilenames.
#g p gcf i l e #g p gf i l e . g p g #E n c r y p tf i l ew i t hp a s s w o r d #D e c r y p tf i l e( o p t i o n a l l yoo t h e r f i l e )
Usingke ys For more details see GPG Quick Starthttp://www.madboa.com/geek/gpgquickstart and GPG/PGP Basicshttp://aplawrence.com/Basics/gpg.htmlandthegnupgdocumentationhttp://gnupg.org/documentationamongothers. Theprivateandpublickeysaretheheartofasymmetriccryptography.Whatisimportanttoremember: Yourpublickeyisusedby otherstoencryptfilesthatonlyyouasthereceivercandecrypt(not even the one who encrypted the file can decrypt it). The public key is thus meant to be distributed. Your private key is encrypted with your passphrase and is used to decrypt files which were encrypted with your public key. The private key must be kept secure . Also if the key or passphraseislost,soareallthefilesencryptedwithyourpublickey. Thekeyfilesarecalledkeyringsastheycancontainmorethanonekey.
cb.vu/unixtoolbox.xhtml#loadstats 26/49
11/20/13
Unix Toolbox
Thekeysarestoredin~/.gnupg/onUnix,onWindowstheyaretypicallystoredin C:/DocumentsandSettings/%USERNAME%/ApplicationData/gnupg/.
~ / . g n u p g / p u b r i n g . g p g ~ / . g n u p g / s e c r i n g . g p g #C o n t a i n sy o u rp u b l i ck e y sa n da l lo t h e r si m p o r t e d #C a nc o n t a i nm o r et h a no n ep r i v a t ek e y
Shortreminderonmostusedoptions: e encryptdata ddecryptdata r NAMEencryptforrecipientNAME(or'FullName'or'email@domain') acreateasciiarmoredoutputofakey ouseasoutputfile The examples use 'Your Name' and 'Alice' as the keys are referred to by the email or full name or partialname.ForexampleIcanuse'Colin'or'c@cb.vu'formykey[ColinBarschel(cb.vu)<c@cb.vu>]. Encr yptfor pe r sonaluse only Noneedtoexport/importanykeyforthis.Youhavebothalready.
#g p ger' Y o u rN a m e 'f i l e #g p gof i l edf i l e . g p g #E n c r y p tw i t hy o u rp u b l i ck e y #D e c r y p t .U s eoo ri tg o e st os t d o u t
Encr yptDe cr yptwithke ys Firstyouneedtoexportyourpublickeyforsomeoneelsetouseit.Andyouneedtoimportthepublic say from Alice to encrypt a file for her. You can either handle the keys in simple ascii files or use a publickeyserver. ForexampleAliceexportherpublickeyandyouimportit,youcanthenencryptafileforher.Thatis onlyAlicewillbeabletodecryptit.
#g p gaoa l i c e k e y . a s ce x p o r t' A l i c e ' #A l i c ee x p o r t e dh e rk e yi na s c i if i l e . #g p gs e n d k e y sk e y s e r v e rs u b k e y s . p g p . n e tK E Y I D #A l i c ep u th e rk e yo nas e r v e r . #g p gi m p o r ta l i c e k e y . a s c #Y o ui m p o r th e rk e yi n t oy o u rp u b r i n g . #g p gs e a r c h k e y sk e y s e r v e rs u b k e y s . p g p . n e t' A l i c e '#o rg e th e rk e yf r o mas e r v e r .
Oncethekeysareimporteditisveryeasytoencryptordecryptafile:
#g p ger' A l i c e 'f i l e #g p gdf i l e . g p gof i l e #E n c r y p tt h ef i l ef o rA l i c e . #D e c r y p taf i l ee n c r y p t e db yA l i c ef o ry o u .
Ke yadministr ation
#g p gl i s t k e y s T h eK E Y I Df o l l o w st h e' / 'e . g .f o r :p u b #g p gg e n r e v o k e' Y o u rN a m e ' #g p gl i s t s e c r e t k e y s #g p gd e l e t e k e y sN A M E #g p gd e l e t e s e c r e t k e yN A M E #g p gf i n g e r p r i n tK E Y I D #g p ge d i t k e yK E Y I D #l i s tp u b l i ck e y sa n ds e et h eK E Y I D S 1 0 2 4 D / D 1 2 B 7 7 C Et h eK E Y I Di sD 1 2 B 7 7 C E #g e n e r a t er e v o c a t i o nc e r t i f i c a t e #l i s tp r i v a t ek e y s #d e l e t eap u b l i ck e yf r o ml o c a lk e yr i n g #d e l e t eas e c r e tk e yf r o ml o c a lk e yr i n g #S h o wt h ef i n g e r p r i n to ft h ek e y #E d i tk e y( e . gs i g no ra d d / d e le m a i l )
1 0 E NC R YP T P A R T I T I O NS
LinuxwithLUKS|Linuxdmcryptonly|FreeBSDGELI|FBSDpwdonly|OSXimage Thereare(many)otheralternativemethodstoencryptdisks,IonlyshowherethemethodsIknowand use. Keep in mind that the security is only good as long the OS has not been tempered with. An intruder could easily record the password from the keyboard events. Furthermore the data is freely accessible when the partition is attached and will not prevent an intruder to have access to it in this state.
10. 1 Linux
ThoseinstructionsusetheLinux d m c r y p t (devicemapper) facility available on the 2.6 kernel. In this example,letsencryptthepartition / d e v / s d c 1 ,itcouldbehoweveranyotherpartitionordisk,orUSBor a file based partition created with l o s e t u p . In this case we would use / d e v / l o o p 0 . See file image
cb.vu/unixtoolbox.xhtml#loadstats 27/49
11/20/13
Unix Toolbox
partition.Thedevicemapperuseslabelstoidentifyapartition.Weuses d c 1 inthisexample,butitcould beanystring. dmcr yptwithLUKS LUKS with dmcrypt has better encryption and makes it possible to have multiple passphrase for the samepartitionortochangethepasswordeasily.TotestifLUKSisavailable,simplytype # c r y p t s e t u p h e l p , if nothing about LUKS shows up, use the instructions below Without LUKS. First create a partitionifnecessary:f d i s k/ d e v / s d c . Createencryptedpartition
#d di f = / d e v / u r a n d o mo f = / d e v / s d c 1 #c r y p t s e t u pyl u k s F o r m a t/ d e v / s d c 1 #c r y p t s e t u pl u k s O p e n/ d e v / s d c 1s d c 1 #m k f s . e x t 3/ d e v / m a p p e r / s d c 1 #m o u n tte x t 3/ d e v / m a p p e r / s d c 1/ m n t #u m o u n t/ m n t #c r y p t s e t u pl u k s C l o s es d c 1 #O p t i o n a l .F o rp a r a n o i d so n l y( t a k e sd a y s ) #T h i sd e s t r o y sa n yd a t ao ns d c 1 #c r e a t ee x t 3f i l es y s t e m #D e t a c ht h ee n c r y p t e dp a r t i t i o n
Attach
#c r y p t s e t u pl u k s O p e n/ d e v / s d c 1s d c 1 #m o u n tte x t 3/ d e v / m a p p e r / s d c 1/ m n t
Detach
#u m o u n t/ m n t #c r y p t s e t u pl u k s C l o s es d c 1
dmcr yptwithoutLUKS
#c r y p t s e t u pyc r e a t es d c 1/ d e v / s d c 1 #d m s e t u pl s #m k f s . e x t 3/ d e v / m a p p e r / s d c 1 #m o u n tte x t 3/ d e v / m a p p e r / s d c 1/ m n t #u m o u n t/ m n t / #c r y p t s e t u pr e m o v es d c 1 #o ra n yo t h e rp a r t i t i o nl i k e/ d e v / l o o p 0 #c h e c ki t ,w i l ld i s p l a y :s d c 1( 2 5 4 ,0 ) #T h i si sd o n eo n l yt h ef i r s tt i m e ! #D e t a c ht h ee n c r y p t e dp a r t i t i o n
10. 2 Fr eeBSD
The two popular FreeBSD disk encryption modules are g b d e and g e l i . I now use geli because it is faster and also uses the crypto device for hardware acceleration. See The FreeBSD handbook Chapter18.6http://www.f reebsd.org/handbook/disksencry pting.htmlforallthedetails.Thegelimodulemustbeloadedor compiledintothekernel:
o p t i o n sG E O M _ E L I d e v i c ec r y p t o #e c h o' g e o m _ e l i _ l o a d = " Y E S " '> >/ b o o t / l o a d e r . c o n f #o ra sm o d u l e : #o rd o :k l d l o a dg e o m _ e l i
Attach
#g e l ia t t a c hk/ r o o t / a d 1 . k e y/ d e v / a d 1 #f s c kn ytf f s/ d e v / a d 1 . e l i #m o u n t/ d e v / a d 1 . e l i/ m n t #I nd o u b tc h e c kt h ef i l es y s t e m
cb.vu/unixtoolbox.xhtml#loadstats
28/49
11/20/13
Unix Toolbox
Detach Thedetachprocedureisdoneautomaticallyonshutdown.
#u m o u n t/ m n t #g e l id e t a c h/ d e v / a d 1 . e l i
/etc/fstab The encrypted partition can be configured to be mounted with /etc/fstab. The password will be promptedwhenbooting.Thefollowingsettingsarerequiredforthisexample:
#g r e pg e l i/ e t c / r c . c o n f g e l i _ d e v i c e s = " a d 1 " g e l i _ a d 1 _ f l a g s = " k/ r o o t / a d 1 . k e y " #g r e pg e l i/ e t c / f s t a b / d e v / a d 1 . e l i / h o m e / p r i v a t e
u f s
r w
Use passwor donly ItismoreconvenienttoencryptaUSBstickorfilebasedimagewithapassphraseonlyandnokey.In this case it is not necessary to carry the additional key file around. The procedure is very much the sameasabove,simplywithoutthekeyfile.Let'sencryptafilebasedimage/ c r y p t e d f i l e of1GB.
#d di f = / d e v / z e r oo f = / c r y p t e d f i l eb s = 1 Mc o u n t = 1 0 0 0 #1G Bf i l e #m d c o n f i ga tv n o d ef/ c r y p t e d f i l e #g e l ii n i t/ d e v / m d 0 #e n c r y p t sw i t hp a s s w o r do n l y #g e l ia t t a c h/ d e v / m d 0 #n e w f sUm0/ d e v / m d 0 . e l i #m o u n t/ d e v / m d 0 . e l i/ m n t #u m o u n t/ d e v / m d 0 . e l i #g e l id e t a c hm d 0 . e l i
Itisnowpossibletomountthisimageonanothersystemwiththepasswordonly.
#m d c o n f i ga tv n o d ef/ c r y p t e d f i l e #g e l ia t t a c h/ d e v / m d 0 #m o u n t/ d e v / m d 0 . e l i/ m n t
1 1 S S L CE RT IF ICAT E S
SocalledSSL/TLScertificatesarecryptographicpublickeycertificatesandarecomposedofapublic andaprivatekey.Thecertificatesareusedtoauthenticatetheendpointsandencryptthedata.They areusedforexampleonawebserver(https)ormailserver(imaps).
11. 1 Pr ocedur e
Weneedacertificateauthoritytosignourcertificate.Thisstepisusuallyprovidedbyavendor likeThawte,Verisign,etc.,howeverwecanalsocreateourown. Createacertificatesigningrequest.Thisrequestislikeanunsignedcertificate(thepublicpart) and already contains all necessary information. The certificate request is normally sent to the authorityvendorforsigning.Thisstepalsocreatestheprivatekeyonthelocalmachine. Signthecertificatewiththecertificateauthority. If necessary join the certificate and the key in a single file to be used by the application (web server,mailserveretc.).
Makesurethedirectoriesexistorcreatethem
cb.vu/unixtoolbox.xhtml#loadstats 29/49
11/20/13
Unix Toolbox
#O n l yi fs e r i a ld o e sn o te x i s t
If you intend to get a signed certificate from a vendor, you only need a certificate signing request (CSR).ThisCSRwillthenbesignedbythevendorforalimitedtime(e.g.1year).
Nowservernamekey.pemistheprivatekeyandservernamecert.pemistheservercertificate.
cb.vu/unixtoolbox.xhtml#loadstats
30/49
11/20/13
Unix Toolbox
1 2 C VS
Serversetup|CVStest|SSHtunneling|CVSusage
#C r e a t eaw r i t e r sf i l e( o p t i o n a l l ya l s or e a d e r s ) #U s e[ C o n t r o l ] [ D ]t oq u i tt h ee d i t #A d dt h ef i l ew r i t e r si n t ot h er e p o s i t o r y
#U s e[ C o n t r o l ] [ D ]t oq u i tt h ee d i t #C o m m i ta l lt h ec o n f i g u r a t i o nc h a n g e s
Adda readersfileifyouwanttodifferentiatereadandwritepermissions Note:Donot(ever)editfiles directlyintothemaincvs,butrathercheckoutthefile,modifyitandcheckitin.Wedidthiswiththefile writerstodefinethewriteaccess. There are three popular ways to access the CVS at this point. The first two don't need any further configuration.SeetheexamplesonCVSROOTbelowforhowtousethem: Direct local access to the file system. The user(s) need sufficient file permission to access the CSdirectlyandthereisnofurtherauthenticationinadditiontotheOSlogin.Howeverthisisonly usefuliftherepositoryislocal. Remoteaccesswithsshwiththeextprotocol.Anyusewithansshshellaccountandread/write permissions on the CVS server can access the CVS directly with ext over ssh without any additionaltunnel.ThereisnoserverprocessrunningontheCVSforthistowork.Thesshlogin doestheauthentication. Remote access with pserver (default port: 2401/tcp). This is the preferred use for larger user baseastheusersareauthenticatedbytheCVSpserverwithadedicatedpassworddatabase, thereisthereforenoneedforlocalusersaccounts.Thissetupisexplainedbelow. Ne twor kse tupwithine td TheCVScanberunlocallyonlyifanetworkaccessisnotneeded.Foraremoteaccess,thedaemon inetdcanstartthepserverwiththefollowinglinein/etc/inetd.conf(/etc/xinetd.d/cvsonSuSE):
c v s p s e r v e r s t r e a m t c p n o w a i t c v s / u s r / b i n / c v s a l l o w r o o t = / u s r / l o c a l / c v sp s e r v e r c v s\
ItisagoodideatoblockthecvsportfromtheInternetwiththefirewallanduseansshtunneltoaccess therepositoryremotely. Se par ate authe ntication ItispossibletohavecvsuserswhicharenotpartoftheOS(nolocalusers).Thisisactuallyprobably wanted too from the security point of view. Simply add a file named passwd (in the CVSROOT directory) containing the users login and password in the crypt format. This is can be done with the apachehtpasswdtool. Note:ThispasswdfileistheonlyfilewhichhastobeediteddirectlyintheCVSROOTdirectory.Alsoit won'tbecheckedout.Moreinfowithhtpasswdhelp
#h t p a s s w dc bp a s s w du s e r 1p a s s w o r d 1 #cc r e a t e st h ef i l e #h t p a s s w dbp a s s w du s e r 2p a s s w o r d 2
cb.vu/unixtoolbox.xhtml#loadstats 31/49
11/20/13
Unix Toolbox
12. 2 Test it
Testtheloginasnormaluser(forexamplehereme)
#c v sd: p s e r v e r : c o l i n @ 1 9 2 . 1 6 8 . 5 0 . 2 5 4 : / u s r / l o c a l / c v sl o g i n L o g g i n gi nt o: p s e r v e r : c o l i n @ 1 9 2 . 1 6 8 . 5 0 . 2 5 4 : 2 4 0 1 / u s r / l o c a l / c v s C V Sp a s s w o r d :
CVSROOTv ar iable This is an environment variable used to specify the location of the repository we're doing operations on. For local use, it can be just set to the directory of the repository. For use over the network, the transportprotocolmustbespecified.SettheCVSROOTvariablewiths e t e n vC V S R O O Ts t r i n g onacsh, tcshshell,orwithe x p o r tC V S R O O T = s t r i n g onash,bashshell.
#s e t e n vC V S R O O T: p s e r v e r : < u s e r n a m e > @ < h o s t > : / c v s d i r e c t o r y F o re x a m p l e : #s e t e n vC V S R O O T/ u s r / l o c a l / c v s #s e t e n vC V S R O O T: l o c a l : / u s r / l o c a l / c v s #s e t e n vC V S R O O T: e x t : u s e r @ c v s s e r v e r : / u s r / l o c a l / c v s #s e t e n vC V S _ R S Hs s h #s e t e n vC V S R O O T: p s e r v e r : u s e r @ c v s s e r v e r . 2 5 4 : / u s r / l o c a l / c v s #U s e dl o c a l l yo n l y #S a m ea sa b o v e #D i r e c ta c c e s sw i t hS S H #f o rt h ee x ta c c e s s #n e t w o r kw i t hp s e r v e r
Where MyProject is the name of the new project in the repository (used later to checkout). Cvs will importthecurrentdirectorycontentintothenewproject. Tocheckout:
#c v sd: p s e r v e r : c o l i n @ 1 9 2 . 1 6 8 . 5 0 . 2 5 4 : / u s r / l o c a l / c v sc h e c k o u tM y P r o j e c t o r #s e t e n vC V S R O O T: p s e r v e r : c o l i n @ 1 9 2 . 1 6 8 . 5 0 . 2 5 4 : / u s r / l o c a l / c v s #c v sc h e c k o u tM y P r o j e c t
onshell2:
#s e t e n vC V S R O O T: p s e r v e r : c o l i n @ l o c a l h o s t : / u s r / l o c a l / c v s #c v sl o g i n L o g g i n gi nt o: p s e r v e r : c o l i n @ l o c a l h o s t : 2 4 0 1 / u s r / l o c a l / c v s C V Sp a s s w o r d : #c v sc h e c k o u tM y P r o j e c t / s r c
Afterawhileanewdirectory"/devel/tools/"wasaddedandithastobeimportedtoo.
#c d/ d e v e l / t o o l s #c v si m p o r tm y a p p / t o o l sC o m p a n yR 1 _ 0
cb.vu/unixtoolbox.xhtml#loadstats
32/49
11/20/13
Unix Toolbox
Applyapatch Sometimes it is necessary to strip a directory level from the patch, depending how it was created. In caseofdifficulties,simplylookatthefirstlinesofthepatchandtryp0,p1orp2.
#c d/ d e v e l / p r o j e c t #p a t c hd r y r u np 0<p a t c h f i l e #p a t c hp 0<p a t c h f i l e #p a t c hp 1<p a t c h f i l e #T e s tt h ep a t hw i t h o u ta p p l y i n gi t #s t r i po f ft h e1 s tl e v e lf r o mt h ep a t h
1 3 S VN
Serversetup|SVN+SSH|SVNoverhttp|SVNusage Subversion(SVN)http://subv ersion.tigris.org/ isaversioncontrolsystemdesignedtobethesuccessorofCVS (ConcurrentVersionsSystem).TheconceptissimilartoCVS,butmanyshortcomingswhereimproved. SeealsotheSVNbookhttp://sv nbook.redbean.com/en/1.4/ .
Nowtheaccesstotherepositoryismadepossiblewith:
f i l e : / / Directfilesystemaccesswiththesvnclientwith.Thisrequireslocalpermissionsonthe
filesystem. s v n : / / or s v n + s s h : / / Remote access with the svnserve server (also over SSH). This requires localpermissionsonthefilesystem(defaultport:2690/tcp). h t t p : / / Remote access with webdav using apache. No local users are necessary for this method. Using the local file system, it is now possible to import and then check out an existing project. Unlike withCVSitisnotnecessarytocdintotheprojectdirectory,simplygivethefullpath:
#s v ni m p o r t/ p r o j e c t 1 /f i l e : / / / h o m e / s v n / p r o j e c t 1 / t r u n km' I n i t i a li m p o r t ' #s v nc h e c k o u tf i l e : / / / h o m e / s v n / p r o j e c t 1
Thenewdirectory"trunk"isonlyaconvention,thisisnotrequired. Re mote acce sswithssh No special setup is required to access the repository via ssh, simply replace f i l e : / / with s v n + s s h / h o s t n a m e .Forexample:
#s v nc h e c k o u ts v n + s s h : / / h o s t n a m e / h o m e / s v n / p r o j e c t 1
Aswiththelocalfileaccess,everyuserneedsansshaccesstotheserver(withalocalaccount)and also read/write access. This method might be suitable for a small group. All users could belong to a subversiongroupwhichownstherepository,forexample:
#g r o u p a d ds u b v e r s i o n #g r o u p m o dAu s e r 1s u b v e r s i o n #c h o w nRr o o t : s u b v e r s i o n/ h o m e / s v n #c h m o dR7 7 0/ h o m e / s v n
cb.vu/unixtoolbox.xhtml#loadstats
33/49
11/20/13
Unix Toolbox
Theapacheserverneedsfullaccesstotherepository:
#c h o w nRw w w : w w w/ h o m e / s v n
Createauserwithhtpasswd2:
#h t p a s s w dc/ e t c / s v n p a s s w du s e r 1 #cc r e a t e st h ef i l e
Accesscontrolsvn.aclexample
#D e f a u l ti tr e a da c c e s s ." *= "w o u l db ed e f a u l tn oa c c e s s [ / ] *=r [ g r o u p s ] p r o j e c t 1 d e v e l o p e r s=j o e ,j a c k ,j a n e #G i v ew r i t ea c c e s st ot h ed e v e l o p e r s [ p r o j e c t 1 : ] @ p r o j e c t 1 d e v e l o p e r s=r w
TypicalSVNcommands
#s v nc oh t t p : / / h o s t . u r l / s v n / p r o j e c t 1 / t r u n k #C h e c k o u tt h em o s tr e c e n tv e r s i o n #T a g sa n db r a n c h e sa r ec r e a t e db yc o p y i n g #s v nm k d i rh t t p : / / h o s t . u r l / s v n / p r o j e c t 1 / t a g s / #C r e a t et h et a g sd i r e c t o r y #s v nc o p ym" T a gr c 1r e l . "h t t p : / / h o s t . u r l / s v n / p r o j e c t 1 / t r u n k\ h t t p : / / h o s t . u r l / s v n / p r o j e c t 1 / t a g s / 1 . 0 r c 1 #s v ns t a t u s[ v e r b o s e ] #C h e c kf i l e ss t a t u si n t ow o r k i n gd i r #s v na d ds r c / f i l e . hs r c / f i l e . c p p #A d dt w of i l e s #s v nc o m m i tm' A d d e dn e wc l a s sf i l e ' #C o m m i tt h ec h a n g e sw i t ham e s s a g e #s v nl sh t t p : / / h o s t . u r l / s v n / p r o j e c t 1 / t a g s / #L i s ta l lt a g s #s v nm o v ef o o . cb a r . c #M o v e( r e n a m e )f i l e s #s v nd e l e t es o m e _ o l d _ f i l e #D e l e t ef i l e s
1 4 US E F UL C O M M A ND S
less|vi|mail|tar|zip|dd|screen|find|Miscellaneous
14. 1 less
Thel e s s commanddisplaysatextdocumentontheconsole.Itispresentonmostinstallation.
#l e s su n i x t o o l b o x . x h t m l
11/20/13
Unix Toolbox
14. 2 vi
ViispresentonANYLinux/Unixinstallation(notgentoo?)anditisthereforeusefultoknowsomebasic commands. There are two modes: command mode and insertion mode. The commands mode is accessedwith[ESC],theinsertionmodewithi.Use: h e l p ifyouarelost. Theeditorsn a n o andp i c o areusuallyavailabletooandareeasier(IMHO)touse. Quit :wnewfilenamesavethefiletonewfilename :wqor:xsaveandquit :q!quitwithoutsaving Se ar chandmov e /stringSearchforwardforstring ?stringSearchbackforstring nSearchfornextinstanceofstring NSearchforpreviousinstanceofstring {Moveaparagraphback }Moveaparagraphforward 1GMovetothefirstlineofthefile nGMovetothenthlineofthefile GMovetothelastlineofthefile :%s/OLD/NEW/gSearchandreplaceeveryoccurrence De le te copypaste te xt dd(dw)Cutcurrentline(word) DCuttotheendoftheline xDelete(cut)character yy(yw)Copyline(word)aftercursor PPasteaftercursor uUndolastmodification UUndoallchangestocurrentline
14. 3 mail
The m a i l command is a basic application to read and send email, it is usually installed. To send an email simply type "mail user@domain". The first line is the subject, then the mail content. Terminate andsendtheemailwithasingledot(.)inanewline.Example:
#m a i lc @ c b . v u S u b j e c t :Y o u rt e x ti sf u l lo ft y p o s " F o ram o m e n t ,n o t h i n gh a p p e n e d .T h e n ,a f t e ras e c o n do rs o , n o t h i n gc o n t i n u e dt oh a p p e n . " . E O T #
Thisisalsoworkingwithapipe:
#e c h o" T h i si st h em a i lb o d y "|m a i lc @ c b . v u
Thisisalsoasimplewaytotestthemailserver.
14. 4 t ar
Thecommand t a r (tapearchive)createsandextractsarchivesoffileanddirectories.Thearchive.tar is uncompressed, a compressed archive has the extension .tgz or .tar.gz (zip) or .tbz (bzip2). Do not
cb.vu/unixtoolbox.xhtml#loadstats 35/49
11/20/13
Unix Toolbox
use absolute path when creating an archive, you probably want to unpack it somewhere else. Some typicalcommandsare: Cr e ate
#c d/ #t a rc fh o m e . t a rh o m e / #t a rc z fh o m e . t g zh o m e / #t a rc j fh o m e . t b zh o m e / #a r c h i v et h ew h o l e/ h o m ed i r e c t o r y( cf o rc r e a t e ) #s a m ew i t hz i pc o m p r e s s i o n #s a m ew i t hb z i p 2c o m p r e s s i o n
Onlyincludeone(ortwo)directoriesfromatree,butkeeptherelativestructure.Forexamplearchive /usr/local/etcand/usr/local/wwwandthefirstdirectoryinthearchiveshouldbelocal/.
#t a rC/ u s rc z fl o c a l . t g zl o c a l / e t cl o c a l / w w w #t a rC/ u s rx z fl o c a l . t g z #T ou n t a rt h el o c a ld i ri n t o/ u s r #c d/ u s r ;t a rx z fl o c a l . t g z #I st h es a m ea sa b o v e
Extr act
#t a rt z fh o m e . t g z #t a rx fh o m e . t a r #t a rx z fh o m e . t g z #l o o ki n s i d et h ea r c h i v ew i t h o u te x t r a c t i n g( l i s t ) #e x t r a c tt h ea r c h i v eh e r e( xf o re x t r a c t ) #s a m ew i t hz i pc o m p r e s s i o n( x j ff o rb z i p 2c o m p r e s s i o n ) #r e m o v el e a d i n gp a t hg a l l e r y 2a n de x t r a c ti n t og a l l e r y #t a rs t r i p c o m p o n e n t s1z x v fg a l l e r y 2 . t g zCg a l l e r y / #t a rx j fh o m e . t b zh o m e / c o l i n / f i l e . t x t #R e s t o r eas i n g l ef i l e #t a rx O fh o m e . t b zh o m e / c o l i n / f i l e . t x t #P r i n tf i l et os t d o u t( n oe x t r a c t i o n )
M or e adv ance d
#t a rcd i r /|g z i p|s s hu s e r @ r e m o t e' d do f = d i r . t g z '#a r c hd i r /a n ds t o r er e m o t e l y . #t a rc v f-` f i n d.p r i n t `>b a c k u p . t a r #a r c ht h ec u r r e n td i r e c t o r y . #t a rc f-C/ e t c.|t a rx p f-C/ b a c k u p / e t c #C o p yd i r e c t o r i e s #t a rc f-C/ e t c.|s s hu s e r @ r e m o t et a rx p f-C/ b a c k u p / e t c #R e m o t ec o p y . #t a rc z fh o m e . t g ze x c l u d e' * . o 'e x c l u d e' t m p / 'h o m e /
14. 6 dd
Theprogram d d (diskdumpordestroydiskorseethe meaning of dd) is used to copy partitions and disksandforothercopytricks.Typicalusage:
#d di f = < s o u r c e >o f = < t a r g e t >b s = < b y t es i z e >c o n v = < c o n v e r s i o n > #k i l lI N F OP I D #V i e wd dp r o g r e s s( F r e e B S D ,O S X )
Importantconvoptions:
n o t r u n c donottruncatetheoutputfile,allzeroswillbewrittenaszeros. n o e r r o r continueafterreaderrors(e.g.badblocks) s y n c padeveryinputblockwithNullstoibssize
Re cov e r
cb.vu/unixtoolbox.xhtml#loadstats 36/49
11/20/13
Unix Toolbox
Thecommand d d willreadeverysingleblock ofthepartition.Incaseofproblemsitisbettertousethe optionc o n v = s y n c , n o e r r o r soddwillskipthebadblockandwritezerosatthedestination.Accordinglyit isimportanttosettheblocksizeequalorsmallerthanthediskblocksize.A1ksizeseemssafe,setit with b s = 1 k . If a disk has bad sectors and the data should be recovered from a partition, create an imagefilewithdd,mounttheimageandcopythecontenttoanewdisk.Withtheoptionn o e r r o r ,ddwill skip the bad sectors and write zeros instead, thus only the data contained in the bad sectors will be lost.
#d di f = / d e v / h d ao f = / d e v / n u l lb s = 1 m #C h e c kf o rb a db l o c k s #d db s = 1 ki f = / d e v / h d a 1c o n v = s y n c , n o e r r o r , n o t r u n c|g z i p|s s h\#S e n dt or e m o t e r o o t @ f r y' d do f = h d a 1 . g zb s = 1 k ' #d db s = 1 ki f = / d e v / h d a 1c o n v = s y n c , n o e r r o r , n o t r u n co f = h d a 1 . i m g #S t o r ei n t oa ni m a g e #m o u n tol o o p/ h d a 1 . i m g/ m n t #M o u n tt h ei m a g e #r s y n ca x/ m n t // n e w d i s k / #C o p yo nan e wd i s k #d di f = / d e v / h d ao f = / d e v / h d a #R e f r e s ht h em a g n e t i cs t a t e #T h ea b o v ei su s e f u lt or e f r e s had i s k .I ti sp e r f e c t l ys a f e ,b u tm u s tb eu n m o u n t e d .
De le te
#d di f = / d e v / z e r oo f = / d e v / h d c #d di f = / d e v / u r a n d o mo f = / d e v / h d c #k i l lU S R 1P I D #k i l lI N F OP I D #D e l e t ef u l ld i s k #D e l e t ef u l ld i s kb e t t e r #V i e wd dp r o g r e s s( L i n u x ) #V i e wd dp r o g r e s s( F r e e B S D )
Withinthescreensessionwecanstartalonglastingprogram(liketop).
#t o p
NowdetachwithCtrlaCtrld.Reattachtheterminalwith:
#s c r e e nRD
Indetailthismeans:Ifasessionisrunning,thenreattach.Ifnecessarydetachandlogoutremotelyfirst. Ifitwasnotrunningcreateitandnotifytheuser.Or:
#s c r e e nx
Attachtoarunningscreeninamultidisplaymode.Theconsoleisthussharedamongmultipleusers. Veryusefulforteamwork/debug! Scr e e ncommands(withinscr e e n) AllscreencommandsstartwithCtrla. Ctrla?helpandsummaryoffunctions Ctrlaccreateannewwindow(terminal) CtrlaCtrlnandCtrlaCtrlptoswitchtothenextorpreviouswindowinthelist,bynumber. CtrlaCtrlNwhereNisanumberfrom0to9,toswitchtothecorrespondingwindow. Ctrla"togetanavigablelistofrunningwindows CtrlaatoclearamissedCtrla CtrlaCtrldtodisconnectandleavethesessionrunninginthebackground Ctrlaxlockthescreenterminalwithapassword
cb.vu/unixtoolbox.xhtml#loadstats 37/49
11/20/13
Unix Toolbox
Ctrla[enterintoscrollbackmode,exitwithesc. Usee c h o" d e f s c r o l l b a c k5 0 0 0 ">~ / . s c r e e n r c toincreasebuffer(defaultis100) CuScrollsahalfpageup CbScrollafullpageup CdScrollahalfpagedown CfScrollafullpagedown /Searchforward ?Searchbackward The screen session is terminated when the program within the running terminal is closed and you logoutfromtheterminal.
14. 8 Find
Someimportantoptions:
x (onBSD)x d e v (onLinux)Stayonthesamefilesystem(devinfstab). e x e cc m d{ }\ ; Executethecommandandreplace{}withthefullpath i n a m e Likenamebutiscaseinsensitive l s Displayinformationaboutthefile(likelsla) s i z en nis+n(kMGTP) c m i nn File'sstatuswaslastchangednminutesago.
#f i n d.t y p ef!p e r m4 4 4 #F i n df i l e sn o tr e a d a b l eb ya l l #f i n d.t y p ed!p e r m1 1 1 #F i n dd i r sn o ta c c e s s i b l eb ya l l #f i n d/ h o m e / u s e r /c m i n1 0p r i n t #F i l e sc r e a t e do rm o d i f i e di nt h el a s t1 0m i n . #f i n d.n a m e' * . [ c h ] '|x a r g sg r e pE' e x p r '#S e a r c h' e x p r 'i nt h i sd i ra n db e l o w . #f i n d/n a m e" * . c o r e "|x a r g sr m #F i n dc o r ed u m p sa n dd e l e t et h e m( a l s ot r yc o r e . * ) #f i n d/n a m e" * . c o r e "p r i n te x e cr m{ }\ ; #O t h e rs y n t a x #F i n di m a g e sa n dc r e a t ea na r c h i v e ,i n a m ei sn o tc a s es e n s i t i v e .rf o ra p p e n d #f i n d.\ (i n a m e" * . p n g "oi n a m e" * . j p g "\ )p r i n te x e ct a rr fi m a g e s . t a r{ }\ ; #f i n d.t y p efn a m e" * . t x t "!n a m eR E A D M E . t x tp r i n t #E x c l u d eR E A D M E . t x tf i l e s #f i n d/ v a r /s i z e+ 1 0 Me x e cl sl h{ }\ ; #F i n dl a r g ef i l e s>1 0M B #f i n d/ v a r /s i z e+ 1 0 Ml s #T h i si ss i m p l e r #f i n d.s i z e+ 1 0 Ms i z e5 0 Mp r i n t #f i n d/ u s r / p o r t s /n a m ew o r kt y p edp r i n te x e cr mr f{ }\ ; #C l e a nt h ep o r t s #F i n df i l e sw i t hS U I D ;t h o s ef i l ea r ev u l n e r a b l ea n dm u s tb ek e p ts e c u r e #f i n d/t y p efu s e rr o o tp e r m4 0 0 0e x e cl sl{ }\ ; #f i n df l a c /i n a m e* . f l a cp r i n ts i z e+ 5 0 0 ke x e c/ A p p l i c a t i o n s / F l u k e . a p p / C o n t e n t s / M a c O S / F l u k e{ }\ ; #Iu s ea b o v et oa d df l a cf i l e st oi T u n e so nO S X
Becarefulwithxargorexecasitmightormightnothonorquotingsandcanreturnwrongresultswhen files or directories contain spaces. In doubt use "print0 | xargs 0" instead of "| xargs". The option print0 must be the last in the find command. See this nice mini tutorial for findhttp://www.hccf l.edu/pollock/Unix/FindCmd.htm .
#f i n d.t y p ef|x a r g sl sl #W i l ln o tw o r kw i t hs p a c e si nn a m e s #f i n d.t y p efp r i n t 0|x a r g s0l sl #W i l lw o r kw i t hs p a c e si nn a m e s #f i n d.t y p efe x e cl sl' { } '\ ;#O ru s eq u o t e s' { } 'w i t he x e c
Duplicatedirectorytree:
#f i n d.t y p ede x e cm k d i rp/ t m p / n e w _ d e s t / { }\ ;
14. 9 Miscellaneous
#w h i c hc o m m a n d #S h o wf u l lp a t hn a m eo fc o m m a n d #t i m ec o m m a n d #S e eh o wl o n gac o m m a n dt a k e st oe x e c u t e #t i m ec a t #U s et i m ea ss t o p w a t c h .C t r l ct os t o p #s e t|g r e p$ U S E R #L i s tt h ec u r r e n te n v i r o n m e n t #c a l3 #D i s p l a yat h r e em o n t hc a l e n d a r #d a t e[ u | u t c | u n i v e r s a l ][ M M D D h h m m [ [ C C ] Y Y ] [ . s s ] ] #d a t e1 0 0 2 2 1 5 5 #S e td a t ea n dt i m e #w h a t i sg r e p #D i s p l a yas h o r ti n f oo nt h ec o m m a n do rw o r d #w h e r e i sj a v a #S e a r c hp a t ha n ds t a n d a r dd i r e c t o r i e sf o rw o r d #s e t e n vv a r n a m ev a l u e #S e te n v .v a r i a b l ev a r n a m et ov a l u e( c s h / t c s h ) #e x p o r tv a r n a m e = " v a l u e " #s e te n v .v a r i a b l ev a r n a m et ov a l u e( s h / k s h / b a s h ) #p w d #P r i n tw o r k i n gd i r e c t o r y #m k d i rp/ p a t h / t o / d i r #n oe r r o ri fe x i s t i n g ,m a k ep a r e n td i r sa sn e e d e d #m k d i rpp r o j e c t / { b i n , s r c , o b j , d o c / { h t m l , m a n , p d f } , d e b u g / s o m e / m o r e / d i r s } #r m d i r/ p a t h / t o / d i r #R e m o v ed i r e c t o r y #r mr f/ p a t h / t o / d i r #R e m o v ed i r e c t o r ya n di t sc o n t e n t( f o r c e ) #r m-b a d c h a r . t x t #R e m o v ef i l ew h i t c hs t a r t sw i t had a s h( ) #c pl a/ d i r 1/ d i r 2 #A r c h i v ea n dh a r dl i n kf i l e si n s t e a do fc o p y #c pl p R/ d i r 1/ d i r 2 #S a m ef o rF r e e B S D #c pu n i x t o o l b o x . x h t m l { , . b a k } #S h o r tw a yt oc o p yt h ef i l ew i t han e we x t e n s i o n
cb.vu/unixtoolbox.xhtml#loadstats 38/49
11/20/13
Unix Toolbox
1 5 I NS T A L L S O F T W A R E
Usuallythepackagemanagerusestheproxyvariableforhttp/ftprequests.In.bashrc:
e x p o r th t t p _ p r o x y = h t t p : / / p r o x y _ s e r v e r : 3 1 2 8 e x p o r tf t p _ p r o x y = h t t p : / / p r o x y _ s e r v e r : 3 1 2 8
De bian
#a p t g e tu p d a t e #a p t g e ti n s t a l le m a c s #d p k gr e m o v ee m a c s #d p k gSf i l e #F i r s tu p d a t et h ep a c k a g el i s t s #I n s t a l lt h ep a c k a g ee m a c s #R e m o v et h ep a c k a g ee m a c s #f i n dw h a tp a c k a g eaf i l eb e l o n g st o
Ge ntoo Gentoousesemergeastheheartofits"Portage"packagemanagementsystem.
#e m e r g es y n c #e m e r g eup a c k a g e n a m e #e m e r g eCp a c k a g e n a m e #r e v d e p r e b u i l d #F i r s ts y n ct h el o c a lp o r t a g et r e e #I n s t a l lo ru p g r a d eap a c k a g e #R e m o v et h ep a c k a g e #R e p a i rd e p e n d e n c i e s
Solar is The<cdrom>pathisusually/ c d r o m / c d r o m 0 .
#p k g a d dd< c d r o m > / S o l a r i s _ 9 / P r o d u c tS U N W g t a r #p k g a d ddS U N W g t a r #A d dd o w n l o a d e dp a c k a g e( b u n z i p 2f i r s t ) #p k g r mS U N W g t a r #R e m o v et h ep a c k a g e
Fr e e BSD
#p k g _ a d drr s y n c #p k g _ d e l e t e/ v a r / d b / p k g / r s y n c x x #F e t c ha n di n s t a l lr s y n c . #D e l e t et h er s y n cp a c k a g e
SetwherethepackagesarefetchedfromwiththeP A C K A G E S I T E variable.Forexample:
#e x p o r tP A C K A G E S I T E = f t p : / / f t p . f r e e b s d . o r g / p u b / F r e e B S D / p o r t s / i 3 8 6 / p a c k a g e s / L a t e s t / #o rf t p : / / f t p . f r e e b s d . o r g / p u b / F r e e B S D / p o r t s / i 3 8 6 / p a c k a g e s 6 s t a b l e / L a t e s t /
11/20/13
Unix Toolbox
#p o r t s n a pf e t c he x t r a c t #p o r t s n a pf e t c hu p d a t e #c d/ u s r / p o r t s / n e t / r s y n c / #m a k ei n s t a l ld i s t c l e a n #m a k ep a c k a g e #p k g d bF #p o r t s c l e a nCD D
#C r e a t et h et r e ew h e nr u n n i n gt h ef i r s tt i m e #U p d a t et h ep o r tt r e e #S e l e c tt h ep a c k a g et oi n s t a l l #I n s t a l la n dc l e a n u p( a l s os e em a np o r t s ) #M a k eab i n a r yp a c k a g eo ft h i sp o r t #F i xt h ep a c k a g er e g i s t r yd a t a b a s e #C l e a nw o r k d i ra n dd i s t d i r( p a r to fp o r t u p g r a d e )
1 6 C O NVE R T M E D I A
Sometimesonesimplyneedtoconvertavideo,audiofileordocumenttoanotherformat.
Withoutthefoption,iconvwillusethelocalcharset,whichisusuallyfineifthedocumentdisplayswell. Convert filenames from one encoding to another (not file content). Works also if only some files are alreadyutf8
#c o n v m vrfu t f 8n f dtu t f 8n f c/ d i r / *n o t e s t
Convert Unix to DOS newlines within a Windows environment. Use sed or awk from mingw or cygwin.
#s e dnpu n i x f i l e . t x t>d o s f i l e . t x t #a w k1u n i x f i l e . t x t>d o s f i l e . t x t #U N I Xt oD O S( w i t hac y g w i ns h e l l )
cb.vu/unixtoolbox.xhtml#loadstats
40/49
11/20/13
Unix Toolbox
d M a x S t r i p S i z e = 8 1 9 2s O u t p u t F i l e = u n i x t o o l b o x _ % d . j p gu n i x t o o l b o x . p d f #c o n v e r tu n i x t o o l b o x . p d fu n i x t o o l b o x % 0 3 d . p n g #c o n v e r t* . j p e gi m a g e s . p d f #C r e a t eas i m p l eP D Fw i t ha l lp i c t u r e s #c o n v e r ti m a g e 0 0 0 *r e s a m p l e1 2 0 x 1 2 0c o m p r e s sJ P E Gq u a l i t y8 0i m a g e s . p d f #m o g r i f yf o r m a tp n g* . p p m #c o n v e r ta l lp p mi m a g e st op n gf o r m a t
Ghostscript can also concatenate multiple pdf files into a single one. This only works well if the PDF filesare"wellbehaved".
#g sqs P A P E R S I Z E = a 4d N O P A U S Ed B A T C Hs D E V I C E = p d f w r i t es O u t p u t F i l e = a l l . p d f\ f i l e 1 . p d ff i l e 2 . p d f. . . #O nW i n d o w su s e' # 'i n s t e a do f' = '
http://f oolabs.com/xpdf /download.html Extractimagesfrompdfdocumentusingp d f i m a g e s frompopplerorx p d f
#p d f i m a g e sd o c u m e n t . p d fd s t / #y u mi n s t a l lp o p p l e r u t i l s #a p t g e ti n s t a l lp o p p l e r u t i l s
#e x t r a c ta l li m a g e sa n dp u ti nd s t #i n s t a l lp o p p l e r u t i l si fn e e d e d .o r :
Seesoxforsoundprocessing.
1 7 P R I NT I NG
17. 1 Pr int wit h lpr
#l p ru n i x t o o l b o x . p s #P r i n to nd e f a u l tp r i n t e r #e x p o r tP R I N T E R = h p 4 6 0 0 #C h a n g et h ed e f a u l tp r i n t e r #l p rP h p 4 5 0 0# 2u n i x t o o l b o x . p s #U s ep r i n t e rh p 4 5 0 0a n dp r i n t2c o p i e s #l p roD u p l e x = D u p l e x N o T u m b l e. . . #P r i n td u p l e xa l o n gt h el o n gs i d e #l p roP a g e S i z e = A 4 , D u p l e x = D u p l e x N o T u m b l e. . . #l p q #l p qlP h p 4 5 0 0 #l p r m#l p r mP h p 4 5 0 03 1 8 6 #l p cs t a t u s #l p cs t a t u sh p 4 5 0 0 #C h e c kt h eq u e u eo nd e f a u l tp r i n t e r #Q u e u eo np r i n t e rh p 4 5 0 0w i t hv e r b o s e #R e m o v ea l lu s e r sj o b so nd e f a u l tp r i n t e r #R e m o v ej o b3 1 8 6 .F i n dj o bn b rw i t hl p q #L i s ta l la v a i l a b l ep r i n t e r s #C h e c ki fp r i n t e ri so n l i n ea n dq u e u el e n g t h
Some devices are not postscript and will print garbage when fed with a pdf file. This might be solved with:
#g sd S A F E Rd N O P A U S Es D E V I C E = d e s k j e ts O u t p u t F i l e = \ | l p rf i l e . p d f
PrinttoaPDFfileeveniftheapplicationdoesnotsupportit.Use g s ontheprintcommandinsteadof l p r .
#g sqs P A P E R S I Z E = a 4d N O P A U S Ed B A T C Hs D E V I C E = p d f w r i t es O u t p u t F i l e = / p a t h / f i l e . p d f
18DATABASES
18. 1 Post gr eSQL
Change r ootor ause r name passwor d
#p s q ldt e m p l a t e 1Up g s q l >a l t e ru s e rp g s q lw i t hp a s s w o r d' p g s q l _ p a s s w o r d ' ; #U s eu s e r n a m ei n s t e a do f" p g s q l "
11/20/13
Unix Toolbox
#Pw i l la s kf o rp a s s w o r d #n e wb o b d bi so w n e db yb o b #D e l e t ed a t a b a s eb o b d b #D e l e t eu s e rb o b
Thegeneraldatabaseauthenticationmechanismisconfiguredinpg_hba.conf Gr antr e mote acce ss Thefile$ P G S Q L _ D A T A _ D / p o s t g r e s q l . c o n f specifiestheaddresstobindto.Typicallyl i s t e n _ a d d r e s s e s= ' * ' forPostgres8.x. Thefile$ P G S Q L _ D A T A _ D / p g _ h b a . c o n f definestheaccesscontrol.Examples:
#T Y P E D A T A B A S E h o s t b o b d b h o s t a l l U S E R b o b a l l I P A D D R E S S 2 1 2 . 1 1 7 . 8 1 . 4 2 0 . 0 . 0 . 0 / 0 I P M A S K 2 5 5 . 2 5 5 . 2 5 5 . 2 5 5 M E T H O D p a s s w o r d p a s s w o r d
Backupandr e stor e The backups and restore are done with the user pgsql or postgres. Backup and restore a single database:
#p g _ d u m pc l e a nd b n a m e>d b n a m e _ s q l . d u m p #p s q ld b n a m e<d b n a m e _ s q l . d u m p
Backupandrestorealldatabases(includingusers):
#p g _ d u m p a l lc l e a n>f u l l . d u m p #p s q lff u l l . d u m pp o s t g r e s
Inthiscasetherestoreisstartedwiththedatabasepostgreswhichisbetterwhenreloadinganempty cluster.
18. 2 MySQL
Change mysqlr ootor use r name passwor d Method1
#/ e t c / i n i t . d / m y s q ls t o p o r #k i l l a l lm y s q l d #m y s q l ds k i p g r a n t t a b l e s #m y s q l a d m i nur o o tp a s s w o r d' n e w p a s s w d ' #/ e t c / i n i t . d / m y s q ls t a r t
Method2
#m y s q lur o o tm y s q l m y s q l >U P D A T EU S E RS E TP A S S W O R D = P A S S W O R D ( " n e w p a s s w o r d " )w h e r eu s e r = ' r o o t ' ; m y s q l >F L U S HP R I V I L E G E S ; #U s eu s e r n a m ei n s t e a do f" r o o t " m y s q l >q u i t
Gr antr e mote acce ss Remote access is typically permitted for a database, and not all databases. The file / e t c / m y . c n f contains the IP address to bind to. (On FreeBSD m y . c n f not created per fedault, copy one . c n f file from / u s r / l o c a l / s h a r e / m y s q l to / u s r / l o c a l / e t c / m y . c n f ) Typically comment the line b i n d a d d r e s s = out.
#m y s q lur o o tm y s q l m y s q l >G R A N TA L LO Nb o b d b . *T Ob o b @ ' x x x . x x x . x x x . x x x 'I D E N T I F I E DB Y' P A S S W O R D ' ; m y s q l >R E V O K EG R A N TO P T I O NO Nf o o . *F R O Mb a r @ ' x x x . x x x . x x x . x x x ' ; m y s q l >F L U S HP R I V I L E G E S ; #U s e' h o s t n a m e 'o ra l s o' % 'f o rf u l la c c e s s
11/20/13
Unix Toolbox
Backupandrestorealldatabases:
#m y s q l d u m pur o o tp s e c r e ta d d d r o p d a t a b a s ea l l d a t a b a s e s>f u l l . d u m p #m y s q lur o o tp s e c r e t<f u l l . d u m p
Hereis"secret"themysqlrootpassword,thereisnospaceafterp.Whenthepoptionisusedalone (w/opassword),thepasswordisaskedatthecommandprompt.
18. 3 SQLit e
SQLitehttp://www.sqlite.orgisasmallpowerfulselfcontained,serverless,zeroconfigurationSQLdatabase. Dumpandr e stor e ItcanbeusefultodumpandrestoreanSQLitedatabase.Forexampleyoucaneditthedumpfileto changeacolumnattributeortypeandthenrestorethedatabase.ThisiseasierthanmessingwithSQL commands.Usethecommands q l i t e 3 fora3.xdatabase.
#s q l i t ed a t a b a s e . d b. d u m p>d u m p . s q l #s q l i t ed a t a b a s e . d b<d u m p . s q l #d u m p #r e s t o r e
Conv e r t2.xto3.xdatabase
s q l i t ed a t a b a s e _ v 2 . d b. d u m p|s q l i t e 3d a t a b a s e _ v 3 . d b
1 9 D I S K Q UO T A
Adiskquotaallowstolimittheamountofdiskspaceand/orthenumberoffilesauseror(ormemberof group)canuse.Thequotasareallocatedonaperfilesystembasisandareenforcedbythekernel.
Initializethequota.userfilewithq u o t a c h e c k .
#T ol e tt h eu s e r sc h e c kt h e i ro w nq u o t a
Activatethequotaeitherwiththeprovidedscript(e.g./etc/init.d/quotadonSuSE)orwithq u o t a o n : Checkthatthequotaisactivewith:
q u o t av
AswithLinux,addthequotatothefstaboptions(userquota,notusrquota):
/ d e v / a d 0 s 1 d / h o m e #m o u n t/ h o m e u f s r w , n o a t i m e , u s e r q u o t a 2 2 #T or e m o u n tt h ep a r t i t i o n
Enablediskquotasin/etc/rc.confandstartthequota.
#g r e pq u o t a s/ e t c / r c . c o n f e n a b l e _ q u o t a s = " Y E S " c h e c k _ q u o t a s = " Y E S " #/ e t c / r c . d / q u o t as t a r t #t u r no nq u o t a so ns t a r t u p( o rN O ) . #C h e c kq u o t a so ns t a r t u p( o rN O ) .
11/20/13
Unix Toolbox
implementations, but the principle is the same: the values of blocks and inodes can be limited. Only change the values of soft and hard. If not specified, the blocks are 1k. The grace period is set with e d q u o t at .Forexample:
#e d q u o t auc o l i n
Linux
D i s kq u o t a sf o ru s e rc o l i n( u i d1 0 0 7 ) : F i l e s y s t e m b l o c k s s o f t / d e v / s d a 8 1 0 8 1 0 0 0 h a r d 2 0 0 0 i n o d e s 1 s o f t 0 h a r d 0
Fr e e BSD
Q u o t a sf o ru s e rc o l i n : / h o m e :k b y t e si nu s e :5 0 4 1 8 4 ,l i m i t s( s o f t=7 0 0 0 0 0 ,h a r d=8 0 0 0 0 0 ) i n o d e si nu s e :1 7 9 2 ,l i m i t s( s o f t=0 ,h a r d=0 )
For manyuse r s The command e d q u o t ap is used to duplicate a quota to other users. For example to duplicate a referencequotatoallusers:
#e d q u o t apr e f u s e r` a w kF :' $ 3>4 9 9{ p r i n t$ 1 } '/ e t c / p a s s w d ` #e d q u o t apr e f u s e ru s e r 1u s e r 2 #D u p l i c a t et o2u s e r s
Che cks Users can check their quota by simply typing q u o t a (the file quota.user must be readable). Root can checkallquotas.
#q u o t auc o l i n #r e p q u o t a/ h o m e #C h e c kq u o t af o rau s e r #F u l lr e p o r tf o rt h ep a r t i t i o nf o ra l lu s e r s
2 0 S HE L L S
MostLinuxdistributionsusethebashshellwhiletheBSDsusetcsh,thebourneshellisonlyusedfor scripts.Filtersareveryusefulandcanbepiped:
g r e p Patternmatching s e d SearchandReplacestringsorcharacters c u t Printspecificcolumnsfromamarker s o r t Sortalphabeticallyornumerically u n i q Removeduplicatelinesfromafile
Forexampleusedallatonce:
#i f c o n f i g|s e d' s / // g '|c u td ""f 1|u n i q|g r e pE" [ a z 0 9 ] + "|s o r tr #i f c o n f i g|s e d' / . * i n e ta d d r : / ! d ; s / / / ; s /. * / / ' | s o r tt .k 1 , 1 nk 2 , 2 nk 3 , 3 nk 4 , 4 n
Thefirstcharacterinthesedpatternisatab.Towriteatabontheconsole,usectrlvctrltab.
20. 1 bash
Redirectsandpipesforbashandsh:
#c m d1 >f i l e #c m d2 >f i l e #c m d1 > >f i l e #c m d& >f i l e #c m d> f i l e2 > & 1 #c m d 1|c m d 2 #c m d 12 > & 1|c m d 2 #R e d i r e c ts t d o u tt of i l e . #R e d i r e c ts t d e r rt of i l e . #R e d i r e c ta n da p p e n ds t d o u tt of i l e . #R e d i r e c tb o t hs t d o u ta n ds t d e r rt of i l e . #R e d i r e c t ss t d e r rt os t d o u ta n dt h e nt of i l e . #p i p es t d o u tt oc m d 2 #p i p es t d o u ta n ds t d e r rt oc m d 2
Modifyyourconfigurationin~/.bashrc(itcanalsobe~/.bash_profile).Thefollowingentriesareuseful, reloadwith"..bashrc".Withcygwinuse~/.bash_profilewithrxvtpastwithshift+leftclick.
#i n. b a s h r c b i n d' " \ e [ A " ' : h i s t o r y s e a r c h b a c k w a r d#U s eu pa n dd o w na r r o wt os e a r c h b i n d' " \ e [ B " ' : h i s t o r y s e a r c h f o r w a r d #t h eh i s t o r y .I n v a l u a b l e ! s e toe m a c s #S e te m a c sm o d ei nb a s h( s e eb e l o w ) s e tb e l l s t y l ev i s i b l e #D on o tb e e p ,i n v e r s ec o l o r s #S e tan i c ep r o m p tl i k e[ u s e r @ h o s t ] / p a t h / t o d i r > P S 1 = " \ [ \ 0 3 3 [ 1 ; 3 0 m \ ] [ \ [ \ 0 3 3 [ 1 ; 3 4 m \ ] \ u \ [ \ 0 3 3 [ 1 ; 3 0 m \ ] " P S 1 = " $ P S 1 @ \ [ \ 0 3 3 [ 0 ; 3 3 m \ ] \ h \ [ \ 0 3 3 [ 1 ; 3 0 m \ ] ] \ [ \ 0 3 3 [ 0 ; 3 7 m \ ] " P S 1 = " $ P S 1 \ w \ [ \ 0 3 3 [ 1 ; 3 0 m \ ] > \ [ \ 0 3 3 [ 0 m \ ] " #T oc h e c kt h ec u r r e n t l ya c t i v ea l i a s e s ,s i m p l yt y p ea l i a s a l i a s l s = ' l sa F ' #A p p e n di n d i c a t o r( o n eo f* / = > @ | )
cb.vu/unixtoolbox.xhtml#loadstats 44/49
11/20/13
Unix Toolbox
20. 2 t csh
Redirectsandpipesfortcshandcsh(simple>and>>arethesameassh):
#c m d> &f i l e #c m d> > &f i l e #c m d 1|c m d 2 #c m d 1| &c m d 2 #R e d i r e c tb o t hs t d o u ta n ds t d e r rt of i l e . #A p p e n db o t hs t d o u ta n ds t d e r rt of i l e . #p i p es t d o u tt oc m d 2 #p i p es t d o u ta n ds t d e r rt oc m d 2
Thesettingsforcsh/tcsharesetin~ / . c s h r c ,reloadwith"source.cshrc".Examples:
#i n. c s h r c a l i a s l s ' l sa F ' a l i a s l l ' l sa F l s ' a l i a s l a ' l sa l l ' a l i a s . . ' c d. . ' a l i a s . . . ' c d. . / . . ' s e t p r o m p t =" % B % n % b @ % B % m % b % / >"#l i k eu s e r @ h o s t / p a t h / t o d i r > s e t h i s t o r y = 5 0 0 0 s e t s a v e h i s t =(6 0 0 0m e r g e) s e t a u t o l i s t #R e p o r tp o s s i b l ec o m p l e t i o n sw i t ht a b s e t v i s i b l e b e l l #D on o tb e e p ,i n v e r s ec o l o r s #B i n d k e ya n dc o l o r s b i n d k e ye S e l e c tE m a c sb i n d i n g s #U s ee m a c sk e y st oe d i tt h ec o m m a n dp r o m p t b i n d k e yku ph i s t o r y s e a r c h b a c k w a r d#U s eu pa n dd o w na r r o wt os e a r c h b i n d k e ykd o w nh i s t o r y s e a r c h f o r w a r d s e t e n vC L I C O L O R1 #U s ec o l o r s( i fp o s s i b l e ) s e t e n vL S C O L O R SE x G x F x d x C x D x D x B x B x E x E x
Theemacsmodeenablestousetheemacskeysshortcutstomodifythecommandpromptline.Thisis extremelyuseful(notonlyforemacsusers).Themostusedcommandsare: CaMovecursortobeginningofline CeMovecursortoendofline MbMovecursorbackoneword MfMovecursorforwardoneword MdCutthenextword CwCutthelastword CuCuteverythingbeforethecursor CkCuteverythingafterthecursor(restoftheline) CyPastethelastthingtobecut(simplypaste) C_Undo Note:C=holdcontrol,M=holdmeta(whichisusuallythealtorescapekey).
2 1 S C R I P T I NG
Basics|Scriptexample|awk|sed|RegularExpressions|usefulcommands The Bourne shell (/bin/sh) is present on all Unix installations and scripts written in this language are (quite)portablem a n1s h isagoodreference.
21. 1 Basics
Var iable sandar gume nts Assignwithvariable=valueandgetcontentwith$variable
M E S S A G E = " H e l l oW o r l d " P I = 3 . 1 4 1 5 N = 8 T W O N = ` e x p r$ N*2 ` T W O N = $ ( ( $ N*2 ) ) T W O P I = ` e c h o" $ P I*2 "|b cl ` Z E R O = ` e c h o" c ( $ P I / 4 ) s q r t ( 2 ) / 2 "|b cl ` #A s s i g nas t r i n g #A s s i g nad e c i m a ln u m b e r #A r i t h m e t i ce x p r e s s i o n( o n l yi n t e g e r s ) #O t h e rs y n t a x #U s eb cf o rf l o a t i n gp o i n to p e r a t i o n s
Thecommandlineargumentsare
$ 0 ,$ 1 ,$ 2 ,. . .
cb.vu/unixtoolbox.xhtml#loadstats
#$ 0i st h ec o m m a n di t s e l f
45/49
11/20/13
Unix Toolbox
$ # $ *
#T h en u m b e ro fa r g u m e n t s #A l la r g u m e n t s( a l s o$ @ )
#D i s p l a yt h ef i l e n a m eo n l y #F u l lp a t hw i t h o u te x t e n t i o n #F u l lp a t hw i t h o u te x t e n t i o n #U s ev a ri fs e t ,o t h e r w i s eu s es t r i n g #a s s i g ns t r i n gt ov a ra n dt h e nt ov a r 2 . #g e tf i l es i z ei nb o u r n es c r i p t
Constr ucts
f o rf i l ei n` l s ` d o e c h o$ f i l e d o n e c o u n t = 0 w h i l e[$ c o u n tl t5] ;d o e c h o$ c o u n t s l e e p1 c o u n t = $ ( ( $ c o u n t+1 ) ) d o n e m y f u n c t i o n ( ){ f i n d.t y p efn a m e" * . $ 1 "p r i n t } m y f u n c t i o n" t x t " #$ 1i sf i r s ta r g u m e n to ft h ef u n c t i o n
Generateafile
M Y H O M E = / h o m e / c o l i n c a t>t e s t h o m e . s h< <_ E O F #A l lo ft h i sg o e si n t ot h ef i l et e s t h o m e . s h i f[d" $ M Y H O M E "];t h e n e c h o$ M Y H O M Ee x i s t s e l s e e c h o$ M Y H O M Ed o e sn o te x i s t f i _ E O F s ht e s t h o m e . s h
cb.vu/unixtoolbox.xhtml#loadstats
46/49
11/20/13
Unix Toolbox
a w k' { p r i n t f ( " % 5 d:% s \ n " ,N R , $ 0 ) } 'f i l e a w k' { p r i n tF N R" \ t "$ 0 } 'f i l e s a w kN Ft e s t . t x t a w k' l e n g t h>8 0 '
#A d dl i n en u m b e rl e f ta l i g n e d #A d dl i n en u m b e rr i g h ta l i g n e d #r e m o v eb l a n kl i n e s( s a m ea sg r e p' . ' ) #p r i n tl i n el o n g e rt h a n8 0c h a r )
2 2 P R O G R A M M I NG
22. 1 C basics
s t r c p y ( n e w s t r , s t r ) e x p r 1?e x p r 2:e x p r 3 x=( y>z )?y:z ; i n ta [ ] = { 0 , 1 , 2 } ; i n ta [ 2 ] [ 3 ] = { { 1 , 2 , 3 } , { 4 , 5 , 6 } } ; i n ti=1 2 3 4 5 ; c h a rs t r [ 1 0 ] ; s p r i n t f ( s t r ," % d " ,i ) ; / *c o p ys t rt on e w s t r* / / *i f( e x p r 1 )e x p r 2e l s ee x p r 3* / / *i f( y>z )x=y ;e l s ex=z ;* / / *I n i t i a l i z e da r r a y( o ra [ 3 ] = { 0 , 1 , 2 } ;* / / *A r r a yo fa r r a yo fi n t s* / / *C o n v e r ti nit oc h a rs t r* /
cb.vu/unixtoolbox.xhtml#loadstats
47/49
11/20/13
Unix Toolbox
22. 2 C example
Aminimalcprogramsimple.c:
# i n c l u d e< s t d i o . h > m a i n ( ){ i n tn u m b e r = 4 2 ; p r i n t f ( " T h ea n s w e ri s% i \ n " ,n u m b e r ) ; }
Compilewith:
#g c cs i m p l e . cos i m p l e #. / s i m p l e T h ea n s w e ri s4 2
22. 3 C+ + basics
* p o i n t e r & o b j o b j . x p o b j > x / /O b j e c tp o i n t e dt ob yp o i n t e r / /A d d r e s so fo b j e c to b j / /M e m b e rxo fc l a s so b j( o b j e c to b j ) / /M e m b e rxo fc l a s sp o i n t e dt ob yp o b j / /( * p o b j ) . xa n dp o b j > xa r et h es a m e
22. 4 C+ + example
As a slightly more realistic program in C++: a class in its own header (IPv4.h) and implementation (IPv4.cpp) and a program which uses the class functionality. The class converts an IP address in integerformattotheknownquadformat. IPv 4class IPv4.h:
# i f n d e fI P V 4 _ H # d e f i n eI P V 4 _ H # i n c l u d e< s t r i n g > n a m e s p a c eG e n e r i c U t i l s{ / /c r e a t ean a m e s p a c e c l a s sI P v 4{ / /c l a s sd e f i n i t i o n p u b l i c : I P v 4 ( ) ;~ I P v 4 ( ) ; s t d : : s t r i n gI P i n t _ t o _ I P q u a d ( u n s i g n e dl o n gi p ) ; / /m e m b e ri n t e r f a c e } ; }/ / n a m e s p a c eG e n e r i c U t i l s # e n d i f/ /I P V 4 _ H
IPv4.cpp:
# i n c l u d e" I P v 4 . h " # i n c l u d e< s t r i n g > # i n c l u d e< s s t r e a m > u s i n gn a m e s p a c es t d ; u s i n gn a m e s p a c eG e n e r i c U t i l s ; I P v 4 : : I P v 4 ( ){ } I P v 4 : : ~ I P v 4 ( ){ } s t r i n gI P v 4 : : I P i n t _ t o _ I P q u a d ( u n s i g n e dl o n gi p ){ o s t r i n g s t r e a mi p s t r ; i p s t r< <( ( i p& 0 x f f 0 0 0 0 0 0 )> >2 4 ) < <" . "< <( ( i p& 0 x 0 0 f f 0 0 0 0 )> >1 6 ) < <" . "< <( ( i p& 0 x 0 0 0 0 f f 0 0 )> >8 ) < <" . "< <( ( i p& 0 x 0 0 0 0 0 0 f f ) ) ; r e t u r ni p s t r . s t r ( ) ; }
/ /u s et h en a m e s p a c e s / /d e f a u l tc o n s t r u c t o r / d e s t r u c t o r / /m e m b e ri m p l e m e n t a t i o n / /u s eas t r i n g s t r e a m / /B i t w i s er i g h ts h i f t
/ /d e f i n ev a r i a b l e s / /T h eI Pi ni n t e g e rf o r m / /c r e a t ea no b j e c to ft h ec l a s s / /c a l lt h ec l a s sm e m b e r / /p r i n tt h er e s u l t
cb.vu/unixtoolbox.xhtml#loadstats
48/49
11/20/13
Unix Toolbox
Compileandexecutewith:
#g + +cI P v 4 . c p ps i m p l e c p p . c p p #g + +I P v 4 . os i m p l e c p p . oos i m p l e c p p . e x e #. / s i m p l e c p p . e x e 1 3 4 7 8 6 1 4 8 6=8 0 . 8 6 . 1 8 7 . 2 3 8 #C o m p i l ei no b j e c t s #L i n kt h eo b j e c t st of i n a le x e c u t a b l e
2 3 O NL I NE HE L P
23. 1 Document at ion
LinuxDocumentation en.tldp.org LinuxManPages www.linuxmanpages.com Linuxcommandsdirectory www.oreillynet.com/linux/cmd Linuxdocmanhowtos linux.die.net FreeBSDHandbook www.freebsd.org/handbook FreeBSDManPages www.freebsd.org/cgi/man.cgi FreeBSDuserwiki www.freebsdwiki.net SolarisManPages docs.sun.com/app/docs/coll/40.10
cb.vu/unixtoolbox.xhtml#loadstats
49/49