Notes from Fedora Linux Toolbox: 1000+ Commands for Fedora, CentOS, & Red Hat Power Users Christopher Negus 978-0470082911

richnessokahumpkaΔιακομιστές

9 Δεκ 2013 (πριν από 3 χρόνια και 6 μήνες)

194 εμφανίσεις

1

Notes from

Fedora Linux Toolbox: 1000+ Commands for Fedora, CentOS, & Red Hat Power Users

Christopher Negus 978
-
0470082911

last modification: 8/28/13

http://www.amazon.com/Fedora
-
Linux
-
Toolbox
-
Commands
-
CentOS/dp/0470082917/ref=sr_1_cc_1?ie=UTF8&qid=1283381024&sr=1
-
1
-
catcorr


Ch1: Starting with Fedora Linux


About:



Fedora
(
htt
p://fedoraproject.org
)



CentOS
(
www.centos.org
)



Yellow Dog Linux
(
www.yellowdoglinux.com
)



Backtrack
http://www.backtr
ack
-
linux.org/



DistroWatch (
http://distrowatch.com/dwres.php?resource=independence
).



Linux Timeline:
http://files.cyberciti.biz/uploads/tips/2007/06/44218
-
linuxdistrotimeline
-
7.2.png



Comparing



Fedora is the rapid
-
development, cutting edge Linux system



Novell Suse same basic dual
-
distribution



Debian a high
-
quality Linux distribut
ion




Many derivative Linux distributions
--

Ubuntu Linux, KNOPPIX live CD based on Debian.



Why command line?



GUIs are meant to be easy & intuitive



Almost any time something goes wrong



Remote systems administration



Features not supported by GUI



GUI is broken or not installed



Finding Commands



bash: anycommand: command not found




why?:





You mistyped the command name.





anycommand is not in your PATH.





Might need to be the root user for the command to be in your PATH.





anycommand
not installed on your computer.



Command and Sample Output Description



type mount

Show the first
mount
command in PATH.



whereis mount

Show binary, source, and man pages for
mount
.



locate bash.ps

Find
bash.ps
anywhere in the file system.



whic
h umount

Find the
umount
command anywhere in your PATH or aliases.



rpm
-
qal |grep umount

Find
umount
in any installed package.



yum whatprovides bzfs

find out which package provides some feature or file



yum search somefise

find any packages matching

in the description, summary & package fields



Command Reference Info



-
h
or

help



ls
--
help | less



apropos crontab



whatis cat



man find



info ls

2

Other Notes

Installing Kali (Backtrack 6 ish)

I had display resolution problems after I did all of t
his, so it is a work in progress


1. Download the correct iso from here:
http://www.kali.org/downloads/

2. Open vmware (fusion or workstation)

3. Install kali from iso


I left most stuff at the de
fault install setting except I bumped RAM to 1024


Before you do anything else copy the vmware file to a backup if possible.

4. Log in as root

5. Open terminal

6. apt
-
get update
--
fix
-
missing

7. apt
-
get install kde
-
plasma
-
desktop (from
here
)


I deviated from the video and set the display manager to kdm

8. apt
-
get install yakuake


Up to here it seems to work

9. apt
-
get install open
-
vm
-
tools (from
here
)


Ended up with 9GB used out of the 20GB I allocated to it



3

Ch2: Installing and Adding software


USB flash:



Get diskboot.img from one of the online mirrors then execute:



dd if=
/media/cdrom/diskboot.img of=/dev/sda



Choosing how install proceeds:



boot:
linux text





Other boot options (p17
--

10%):



Boot Prompt HOWTO (
www.tldp.org/HOWTO/BootPrompt
-
HOWTO.html
)



nodmraid



norobe



selinux=0



Installation screens (p18
--

11%)

Test media, Language, Keyboard, Install or upgrade, Disk partitions, boot loader, network, time zone, root
password, software packages, reboot



yum:



repos (p21
--

12%)



yum list



yum in
fo wordpress



yum search mp3



yum whatprovides ogg123



yum install wordpress



yum groupinstall XFCE



yum update



yum



yum
--
disablerepo=livna search yum
-
utils



yum
--
enablerepo=livna install mplayer



yum

exclude=somepackage update



http://www.xades.com/proj/fedora_repos.html



rpm: (14%)



rpm
-
ivh some.rpm



rpm
-
Uvh some.rpm



rpm
-
e badpackage



rpm
-
q or
-
qa or
-
ql somepackage or rpm
-
qa | grep ogg



rpm
-
qi somepackag
e or
-
ql somepackage or
-
qlp some.rpm



4

Ch 3: Using the shell


Setup:

To get use of the function keys in your virtual machine on a Macbook: in the virtual machine’s settings under
keyboard & mouse set Mac Profile


Basic use:


gnome
-
terminal
-
x als
amixer
Start terminal with alsamixer displayed


xterm


konsole


yakuake


Virtual Terminals


Ctrl
-
Alt
-
F1 to F6


ps ps a ps au ps ax ps aw


/etc/inittab & upstart



bash history


history


history 5


!!


(rum previous command)


Ctrl
-
r to search for string in history


Command line completion


tracer
<Tab>
Command completion: Completes to traceroute command


cd /home/ch
<Tab>
File completion: Completes to /home/chris directory


cd ~jo
<Tab>
User homedir completion: Completes to /home/
john


echo $PA
<Tab>
Env variable completion: Completes to $PATH


Redirecting stdin, stdout, stderr


ls /tmp /tmpp


ls /tmp /tmmp > output.txt


ls /tmp /tmmp 2> errors.txt


ls /tmp /tmmp 2> errors.txt > output.txt


ls /tmp >> output.txt


ls /tmp 2> /dev/nul
l


mail chris < /etc/hosts


ls /tmp | sort


ls /tmp/ /tmmp 2> /dev/null | sort


rpm
-
qa | grep
-
i sql | wc
-
l



Using backticks, you can
execute one section of a command line first and feed the output of that


command to the rest of the command line
. Here
are examples:



rpm
-
qf `which ps`



ls
-
l `which traceroute`

Misc



pwd, whoami

Using alias


~/.bashrc or /etc/bashrc


alias ll="ls
-
lh"


alias la="ls
-
lah"


alias cl="cd /var/log"


alias ct=”cd /usr/local/tomcat”


Others


.bashrc

5


watch cat /pro
c/loadavg


su


su bob


sudo & /etc/sudoers (
root ALL=(ALL) ALL
)


Environment variables


export PS1='
\
e[1A
\
e[s
\
e[H
\
e[37;41;1m
\
e[K
\
e[1C
\
u@
\
h
\
e[5C
\
w
\
e[5C
\
d
\
e[5C [
\
A]
\
e[0m
\
e[u
\
n
--
> '


set & env


export ABC=123


export PATH=$PATH:/home/fcaen


NEVE
R NEVER put . In your path


Simple shell scripts


java scripts



DailyQuote (~/java & ~/Dropbox/Ike/4361/Examples



/etc/crontab



/etc/cron.daily/newquote


myscript.sh


chmod u+x myscript.sh also talk about
file permissions

(table 4.1 22% loc 830)



#!/bin/bash



MYSTRING=abc


if [ $MYSTRING = abc ] ; then


echo “The variable is abc”


fi



To negate the condition




MYSTRING=abcd


if [ $MYSTRING != abc ] ; then


echo “The variab
le is not abc”


fi



Examples testing for numbers


MYNUMBER=1


if [ $MYNUMBER
-
eq 1 ] ; then echo “MYNUMBER equals 1”; fi


if [ $MYNUMBER
-
lt 2 ] ; then echo “MYNUMBER less than 2”; fi


if [ $MYNUMBER
-
le 1 ] ; then echo “MYNUMBER less than or equal to 1”;

fi


if [ $MYNUMBER
-
gt 0 ] ; then echo “MYNUMBER greater than 0”; fi


if [ $MYNUMBER
-
ge 1 ] ; then echo “MYNUMBER greater than or equal 1”; fi


Testing File names



filename=$HOME


if [
-
e $filename ] ; then echo “$filename exists”; fi


if [
-
f “$filenam
e” ] ; then



echo “$filename is a regular file”


elif [
-
d “$filename” ] ; then



echo “$filename is a directory”


else



echo “I have no idea what $filename is”


fi



Other file test operators (table 3.1 p46 20% loc 728)



case “$VAR” in

6


string1)


{ act
ion1 };;


string2)


{ action2 };;


*)


{ default action } ;;


esac




for NUMBER in 0 1 2 3 4 5 6 7 8 9


do


echo The number is $NUMBER


done



for FILE in `/bin/ls`; do echo $FILE; done




x=1


while [ $x
-
le 5 ]


do




echo "Welcome $x times"




x=$((
$x + 1 ))


done


VAR=0


until [ $VAR
-
eq 3 ]; do echo $VAR; VAR=$[$VAR+1]; done


---------------



#!/bin/bash


#simple script to show command line args and if test



echo $0


echo $1


echo $2


if [ "$1" ]; then



echo string not empty


else



echo string
empty


fi





Debugging


bash
-
x myscript.sh


Debugging on part(s) of the script



set
-
x

# activate debugging from here


w


set +x # stop debugging from here


and yes it is wierd that it is backwards


is on + is off

7


The Bash Guide for Beginners
ht
tp://tldp.org/LDP/Bash
-
Beginners
-
Guide/html/index.html

& man bash


DrJohn other useful things:



yakuake


fuse rpms


encfs ~/.data ~/data


sshfs bob@jrdoffice:/home/bob/Ike /Gandalf/RemoteSites/Ike


sudo mount
-
t cifs '//Ariel/Easy' ~/Easy
-
o credentials=
/Gandalf/configs/.what,uid=500,gid=500



subnet scans



sudo ping
-
b 10.0.1.0



sudo nmap
-
v 10.0.1.0/16



8

Ch 4: Working with Files


Everything in a Linux file system can be viewed as a file (data files, directories, devices, pipes, etc)


Regular files:

(20% loc 764)


file somefilename
--
determine type of file


touch /home/bob/newfile.ext
--

create blank file


> /home/bob/newfile.txt

--

create blank file




ls
-
l /usr/bin/apropos


file /usr/bin/whatis


file /bin/ls


directories


mkdir


x permissio
n must be on or users can not use directory as their current directory


umask umask
-
S (23% loc 852)


Symbolic & Hard Links


ln
-
s /path/somefile.txt /newpath/symlink.txt


symbolic link


own set of permissions, can exist on different pa
rtitions, new inode number



ln /path/file.txt /newpath/hardlink.txt


hard link


same permissions, cannot exist on different partitions, same inode number



ls
-
li


--
show all info and inode numbers


symlinks ./

--

show all symbolic links in current dir


symlinks
-
r ./



symlinks
-
rv ./


device files overview only (21% loc 800)

named pipes & sockets overview only (22% loc 807)


Permissions (Table 4.1 22% loc 830)


421421421
--

rwxrwxrwx
--

usergroupother






original permssions



new


chm
od 0700


any




rwx
------


chmod 0711


any




rwx

x
--
x


chmod go+r


rwx
------



rwxr

r
--


chmod 0777


any




rwxrwxrwx


chmod a=rwx


any




rwxrwxrwx


chmod a+rwx


any




rwxrwxrwx



chmod
-
R 700


recursive




first 0 in all above = set
-
UID = 4, set
-
GID = 2, sticky = 1

(


set
-
UID will now work for shell scripts



only on ext2, ext3, ext4 file systems (24% loc 900)

lsattr, chattr
---

a (appen
d only), c (compressed), d (no dump), i (immutable), j (data journaling), s (secure
deletion), t (no merging), u (undeletable), A ( no atime updates), D (synchronous directory updates), S
(synchronous updates), T (top of directory hierarchy)


chattr +
A somefile


9


good to check the attributes once in a while for security purposes

Ownership


chown bob test/


chown bob:bob


chown
-
R bob /


traversing file system


cd or cd ~
--

change to user home directory


cd
-



--

change to previous directory


cd /tmp

--

change to tmp off of root


cd tmp

--

change to tmp off of current dir


cd ..


--

change to parent dir


Copying files


cp
-
a

/var/www/html /backupdisk


cp
-
R /var/www/html /backupdisk





backup methods



dd (24% loc 879)


as root:


dd if=/dev/sdg bs=512 count=1 of=$BACKUPDIR/sdg_MBR



/sbin/fdisk /dev/hda
-
l > $BACKUPDIR/hda_partition_table.txt



Searching for files (25 % loc 917)


updatedb


/etc/updatedb.conf


locate & locate
-
i



& locate
-
r (regluar e
xpression)


which


find /
-
name e100 (25% loc 925)


Other options for files


ls
-
l, ls
-
la, ls
-
t, ls
-
i etc (26% loc 955)


alias ll="ls
-
lh"


alias la="ls
-
lah"


alias cl="cd /var/lo"



md5sum someFile.txt (26% loc 964)


sha1su
m someFile.txt


sha1sum
-
c SHA1SUM.txt




lsof


---
list open files


filelight

---
diskusage



tripwire


10

Ch 5: Manipulating Text


Regular Expressions


a*


any set of characters. a, ab, ab
c, aefopq


.


any single character. a.c matches abc adc aqc


[ ]


Matches a single character in the brackets a[bcd]e abe ace ade


[^ ]


Matches a single character not in the brackets a[^bc]e aqe ade



^a


a at the beginning of a
line


*a$


a at the end of a line


a.c


three character string starting with a and ending with c


[bcf]at


bat, cat, or fat


[a
-
d]at


aat, bat, dat ...


[A
-
D]at

Aat ...


1[3
-
5]7

137, 147, 157


\
tHello


a tab character preceding the word Hello


\
.[tT][xX][
Tt]

txt, Txt, TXt ...



http://en.wikipedia.org/wiki/Regular_expression


Editing text files


vi, vim (
http://vimdoc.sourceforge.net)
, joe, emacs,

pico, nano


Listing text files


cat myfile.txt


cat myfile.txt > newcopy.txt


cat myfile.txt >> append.txt


cat
-
s myfile.txt

display consecutive blank lines as one


cat
-
n myfile.txt

show numbers on lines


cat
-
b myfile.txt

show numbers on non blank line
s



head myfile


cat myfile | head


head
-
n 10 myfile


ps auxw | head
-
10



tail myfile


tail
-
n 25 myfile


tail
-
f /var/log/httpd/access_log

watch web server log continuously



more myfile.txt


less myfile.txt



/bob


search for a string (bob) in a file


/


repeat search



pr


quick text formatting tool


rpm
-
qa | sort | pr
-

-
column=2 | less




Searching for text


grep francois myfile.txt


grep 404 /var/log/httpd/access_log


ps auwx | grep init


ps auwx | grep “
\
[*
\
]”


grep
-
Rn xdg /etc


-

direct
ory tree with line numbers in result


11

Sorting output


rpm
-
qa | grep kernel | sort


rpm
-
qa | grep kernel | sort
-
r

reverse order


ps auxw | sort
-
k 4,4


ps auxw | sort
-
k 2,2n


Replacing text with sed


cat myfile.txt | sed s/christopher/ch
ris/


sed s/christopher/chris/ < myfile.txt > newmyfile.txt


Checking for differences between files with diff


diff /etc/named.conf.rpmnew /etc/named.conf


diff
-
u

f1.txt f2.txt


--

adds modification dates and times to output



seq 1 15 > f1.
txt


sed s/4/four/ < f1.txt > f2.txt


vimdiff f1.txt f2.txt




--

opens files side by side in vim


Using awk to process columns


ps auxw | awk '{print $1 $11}'



--
only show columns 1 & 11


ps auxw | awk '/bob/ {print $1, $11}'

--
show bob's p
rocesses


Converting text files to different Formats


unix2dos < f1.txt > f2.txt


dos2unix < f2.txt > f1.txt



Other


http://upstart.ubuntu.com/



http://upstart.ubuntu.com/wiki/UpstartOnFedora?highlight=((CategoryDistributions))



Book Excer
pt: A Practical Guide to Fedora and Red Hat Enterprise Linux

12

Ch 6: Multimedia


To split avi (or other video) files:
Online Documentation

ffmpeg
-
ss 01:09:12
-
t 01:15:23
-
i Family
-
19970512
-
19971225.avi
./19970702.avi


To join avi (or other video) files:
Online Documentation

mencoder
-
ovc copy
-
oac copy
-
o 19950326
-
BelindaTap.avi 19950326
-
BelindaTap
-
1.avi /


19950326
-
BelindaTap
-
2.avi


T
o convert between types of video (Do not use on DRM files!)

transcode
-
y xvid
-
Z 720
-
b 224
-
i VTS_03_1.VOB
-
o newfile.avi

transcode
-
y xvid
-
Z 720
-
b 224
-
i oldfile.mpg
-
o newfile.avi

works ok but you loose 5.1 surround


Handbrake


Brief Audio tools


play
-
h




play somesong.wav


play hi.au vol .6



ogg123 mysong.ogg


ogg123
-
z *.ogg


--
play in random order


ogg123
-
Z *.ogg


--

play in random order forever


ogg123 /home/bob/music

--

play music in music and subdi
rectories



mpg321 mysong.mp3


mpg321
-
@ myplaylist



alsamixer


alsamixergui



cdparanoia
-
vsQ


--

is CD drive capable of ripping music


cdparanoia
-
B



--

rip tracks as wav files by track name


cdparanoia
-
B
--

“5
-
7”

--

rip tracks 5, 6, 7 as seperate
files



oggenc mysong.wav


--

encodes mysong from wav to ogg


oggenc ab.flac
-
o ab.ogg

--

encodes flac to ogg


oggenc song.wav
-
q 9

--

raises quality level from default of 3 to 9




oggenc song.wav
-
o song.ogg
-
a Bernstein
-
G Classical
-
d 06/05/1972
-
t
“Simple Song” /

13



-
l “Album Name”
-
c info=”From Kennedy Center”



--

sox the Swiss army knife of audio manipulation (
Online Documentation
)


sox head.wav tail.wav output.wav

--

concatenate two w
av files


sox sound1.wav
-
a stat


--

display information about the file

14

Ch 7: Administering File Systems


Basic File system partitions (three basic types)


swap,

boot, root


ext3 == ext2 + journaling


linux supports
ext4
, ext3, ext2, iso9660, Jffs21, jfs, msdos, ntfs, squashfs, swap, ufs, vfat, xfs


others
nfs
, sshfs, encfs, cifs & others (
FUSE
)


Partitioning:


install: used to be called Disk Druid


fdisk or parted


fdisk


/sbin/fdisk
-
l


--

shows all partitions


(After Fedora 7 all IDE, SCSI, & SATA use /dev/sd..)


(newer Fedoras use the UUID


se
e the /etc/fstab file & /dev/disk


/sbin/fdisk
-
l /dev/sda


/sbin/fdisk /dev/sda


--
work on a particular disc



m

--
gets command listing



n

--
new partition (assumes ext3 type unless told otherwise)



d

--
delete partition



w

--
write changed info to
disc (BE CAREFUL!)



parted


newer more functionality


GUI: gparted or qtparted


1.

sudo /sbin/parted
-
l /dev/sda



Model: ATA ST31000340AS (scsi)



Disk /dev/sda: 1000GB



Sector size (logical/physical): 512B/512B



Partition Table: msdos






Number Sta
rt End Size Type File system Flags




1 32.3kB 215GB 215GB primary ext3 boot




2 215GB 429GB 215GB primary ext3



changes immediately written to disk!


man parted shows brief listing info parted much more comple
te



in parted session help shows commands, mkpart creates new partition




both following will usually destroy file systems!


resize 2 will resize linux partitions (#2)


use the ntfsresize command to resize ntfs partitions


ntfsinfo




Both tools a
bove only change parition table they do not format the partition


mkfs
-
t ext3 /dev/sda1


mkfs
-
t ext3
-
v
-
c /dev/sda1


--

more verbose output and check for bad blocks


mkfs
-
t ntfs /dev/sda2


--

always put
-
t filesystemtype first

Working with existin
g partitions

Backup / Restore

15


sudo /sbin/sfdisk
-
d /dev/sda


# partition table of /dev/sda


unit: sectors



/dev/sda1 : start= 63, size=419424957, Id=83, bootable


/dev/sda2 : start=419425020, size=419425020, Id=83


/dev/sda3 : start= 0, size
= 0, Id= 0


/dev/sda4 : start= 0, size= 0, Id= 0



--

d option above formats output for later restoration



/sbin/sfdisk /dev/sda < sda
-
part
-
table


--

restore


/sbin/sfdisk
-
d /dev/sda | /dev/sdb


--

copy to new disk


Changing par
tition label


sudo /sbin/e2label /dev/sda1 yields /


sudo /sbin/e2label /dev/sda2


yields /1



/sbin/e2label /dev/sda2 /newlable


Virtual File System


portable, liveCD, virtual OS



dd if=/dev/zero of=mydisk count=2048000


du
-
sh mydisk


&

df
-
h

(see below for more on both)



1001M mydisk


/sbin/mkfs
-
t ext3 mydisk



lots of info output


mkdir test


sudo mount
-
o loop mydisk test


mount



/home/bob/mydisk on /home/bob/test type ext3 (rw,loop=/dev/loop0)



16

Viewing & Changing file system attri
butes


sudo /sbin/tune2fs
-
l /dev/sda1 (or dumpe2fs)



lots of information


man tune2fs



-
c set maximal count before fsck



-
j turn ext2 fs into ext3 by adding journaling


swap partitions


mkswap /dev/sda3


virtual partition as swap



dd
-
if=/dev/z
ero of=/tmp/swapfile count=65536



chmod 600 /tmp/swapfile



mkswap /tmp/swapfile


swapon


swapoff


swapon
-
s


Mounting filesystems


/etc/fstab



LABEL=/

/

ext3

defaults


1 1



devpts

/dev/pt
s

devpts

gid=5,mode=620

0 0



sysfs

/sys

sysfs

defaults


0 0



proc

/proc

proc

defaults


0 0



LABEL=SWAP
-
sdc1

swap

swap defaults


0 0



/dev/sdf1

/Gandalf/WinXP

ntfs

defaults


0 0




device



mountpoint


type

options
-
o

dump checkorder




pseudo filesystems



mount
-
o options





mount



mount, mount
-
t ext3, mount | sort,

mount
-
l (labels)



mount
-
t ext3 /dev/sda1 /Gandalf/Belinda
-
o=below




ro, rw, uid=xxx, gid=xxx, noexec,




--
bind (new additional location),
--
move



mount
-
v
-
o loop
-
t iso9660 diskboot.img ~/diskimg



mount
-
v
-
o loop local.iso

~/
imgdir





/sbin/losetup
-
a


--

show loopback device status


Unmounting filesystems


umount
-
v /dev/sda1


umount
-
v /Gandalf/Belinda



device is busy



/usr/sbin/lsof | grep mountpoint


Checking file systems badblocks & fsck


/sbin/badblocks
-
v /dev
/sdc1


readonly test


/sbin/badblocks
-
vsn /dev/sdc1


non destructive read write test (slowest)


/sbin/badblocks
-
vsw /dev/sdc1


faster destructive read write test



fsck /dev/sda1


/sbin/fsck
-
TV /dev/sda1



do not display fsck version and be v
erbose


/sbin/fsck
-
TVy /dev/sda1



yes to all 'do I fix' questions

17


File system use


df
-
h


usage summary in human readable mode


df
-
hi


inode use also


df
-
hl


only display local file systems


df
-
hT


show file system type also




du
-
h /home/bob




disk use of my home directory


du
-
h /home





must be root


du
-
sh /





summarize results


du
-
sch /home /data /usr/local


multiple dirs


du
-
sh
--
exclude='*.iso' /home/bob


exclude iso files from results & summarize


18

Ch 8: Backups & Removable Media


tape archive: tar


[
-
]A

--
catenate
--
concatenate



[
-
]c

--
create



[
-
]d

--
diff
--
compare



[
-
]r

--
append



[
-
]t

--
list



[
-
]u

--
update



[
-
]x

--
extract

get


-
j

--
compress using bzip2


-
z

--
compress using gzi
p


-
v

--
verbose output



tar c *.txt | gzip
-
c > myfiles.tar.gz


--

make tar archive then gzip it


tar czvf myfiles.tar.gz *.txt



--

same thing



gunzip myfiles.tar.gz | tar x



--

unzip then extract


gunzip myfiles.tar.gz ; tar xf myfiles.tar


tar

xzvf myfiles.tar.gz



tar tvf myfiles.tar

--

list files in archive


tar
-
tzvf myfiles.tgs

--

list files in gzip compressed archive


tar
-
Af archive1.tar archive2.tar

--

adds archive2 to archive1


tar

delete file1.txt myfiles.tar

--

deletes file from

archive


compression tools


lzop, gzip, bzip2

--

in order from fastest / least compression


rar x


--

extract


rar a


--

add file



tar cjvf myfiles.tar.bz2 *.txt


tar xjvf myfiles.tar.bz2



gzip myfile


--

gzips myfile into myfile.gz


gzip
-
v myfile


--

verbose output


gzip
-
tv myfile.gz

--

tests integrity of file


gzip
-
lv myfile.gz

--

get detailed information


gzip
-
rv mydir


--

compress all files in directory




bzip2 myfile


--

myfile into myfile.bz2


bzip2
-
v myfile


bunzip2 myfile.bz2


bzip2

-
d myfile.bz2


bzip2
-
vd myfile.bz2




backing up over network with ssh


rsnapshot vie yum install rsnapshot (
http://www.rsnapshot.org/
)




mkdir mybackup ; cd mybackup



--

all files beginning with myfile a
re


ssh
bob@server1

'tar cf


myfile*' | tar xvf
-

--

copied from server into local home dir



tar cf


myfile* | ssh
bob@server1

'cd /home/bob/myfolder ; tar xvf
-


--

OUT


19


ssh
bob@server1

'tar czf


myfile*' | cat > myfiles.tgz

--

IN


tar czvf


myfile* | ssh
bob@server1

' cat > myfiles.tgz

--

OUT


backing up files over network with rsync (
Detailed rsync reference
)


rsync
-
a source/ destination/




equal to cp
-
a source/. destination/


rsync
-
a
-
e ssh source/
username@remotemachine.com
:/
path/to/destination/

--
the
-
e option specifies the remote shell to use



rsync
-
a a b



assuming there is a file a/foo this gives a file b/a/foo


rsync
-
a a/ b



gives b/foo point is backslashes matter but only on the source



rsync
-
a
--
delete source
/ destination/



any files in /destination but not in /source are deleted





create test
-
src, test
-
dest, test
-
src/somefiles



rsync

delete

backup

backup_dir=bk
-
`date +%A`
-
avz test
-
src/ test
-
dest/$(date +%F)



--
mirrors remote pics directory on loca
l system (
-
a run in archive mode,
-
v verbose,
-
z

compresses files,
--
delete
remove any local files not still on server)


rsync
-
avz

delete
bob@server1
:/home/bob/pics bobspics



--

creates /var/backups/backup
-
Monday e
tc


mkdir /var/backups


rsync

delete

backup

backup_dir=/var/backups/backup
-
`date +%A`
\



-
avz
bob@server1
:/home/bob/Personal/ /var/backups/current
-
backup/



--

create hard links instead of duplicate files (
--
link
-
d
est option)


rm
-
rf /var/backups/backup
-
old/


mv /var/backups/backup
-
current/ /var/backups/backup
-
old/


rsync

delete

link
-
dest=/var/backups/backup
-
old/
-
avz
bob@server1
:/home/bob/Personal
\



/var/backups/backup
-
curre
nt/




longer script can be found here:
http://samba.anu.edu.au/rsync/examples.html









backing up with unison


--

rsync assumes that machine being backed up in only one where data is being mod
ified


--

when have 2 (ie desktop & laptop) unison is better



yum install unison


unison /home/bob ssh://bob@server1//home/bob


unison /home/bob /mnt/backups/bob
-
home



--

to force unison to run in command line mode (
-
ui text)


unison /home/bob ssh://bob
@server1//home/bob
-
ui text



--

will prompt for y on every change. If you trust unison to find newest file use
-
auto


unison /home/bob ssh://bob@server1//home/bob
-
auto



--

no man pages


unison
-
help

20


unison
-
doc all | less

Backing up to removable media


mkisofs
-
o home.iso /home



--

all files in DOS 8.3 naming mode


mkisofs
-
o home2.iso
-
J
-
R /home

--
Add Joliet & Rock Ridge extensions


mkisofs
-
o home3.iso
-
J
-
R music/ pics/ docs/


--

multiple dirs or files


--

/var/pics becomes /home/bo
b/Pictures on cd image


mkisofs
-
o home.iso
-
J
-
R
-
graft
-
points Pictures/=/var/pics/ /home/bob




--

add more information to ISO


mkisofs
-
o home.iso
-
R
-
J
-
p
www.bob.org

-
publisher “Bob Thomas”
-
V “WebBackup”
\



-
A “mkisofs”
-
volset “1 of 4 backups, September 22, 2008” /home/bob



volname home.iso


--

display volume name


isoinfo
-
d
-
i home.iso


--

display all header information



mkdir /home/bob/test


mount
-
o loop home.iso /home/bob/test


--

mount image i
n test dir


umount /home/bob/test


Burning to CD/DVD


cdrecord

scanbus


--

shows information on CD/DVD drive(s)



cdrecord
-
dummy home.iso

--

test burn without doing anything


cdrecord
-
v home.iso


cdrecord
-
v
-
eject home.iso



--

multisession using growi
sofs


growisofs
-
z /dev/sr0
-
R
-
J /home/bob


--
Master & burn to DVD


growisofs
-
z /dev/sr0
-
R
-
J /home/belinda

--

Add to burn


growisofs
-
M /dev/sr0=/dev/zero



--

Close burn



growisofs
-
dvd
-
compat
-
z /dev/sr0=home.iso

--

burn image to DVD


21

CH 9: Checking and Managing Running Processes


Viewing active processes with ps


ps
--
help


--

brief list of options


ps
-
A

or e


--

list all processes


ps
-
x



--

list processes without controlling ttys


ps
-
u bob


--

for user bob


ps
-
auwwx


--

every

process unlimited width BSD style



ps
-
ejH



--

hierarchy with process/session ids


ps
-
axjf


--


ps
-
ef
--
forest


--


pstree



custom output with the
-
o option page 151


Active processes with top


top



--

show processes


top
-
d 5


--

change update del
ay from 3 to 5 sec


top
-
u bob


--

show for user bob


top
-
n 10


--

update 10 times then quit


top
-
b



--

run in non
-
interactive mode, good for file directed output


Finding processes using pgrep


pgrep

init


--

yeilds ... why 3?



1



3204



3205


pgrep
-
l init


--

long listing




1 init



3204 start_kdeinit



3205 kdeinit


Using fuser to find processes


sudo /sbin/fuser
-
mauv /home/bob

--

show all processes with anything in /home/bob open



--

m show processes with file in . Open, v verbose, a all proces
ses, u what user owns


sudo /sbin/fuser
-
k /boot


--

kill every process that has anything in /boot open


nice


--

sets process priority, regular user 19 (way low) to
-
20 (way high)


--

merely a suggestion


nice
-
n 12 gimp


--

launch gimp with low priority




renice +2
-
u bob


--

set bob's process to lower priority



22

Running processes in background or forground with fg, bg, & jobs


open terminal, type gimp


--

run gimp in foreground, will die if you close the terminal


type gimp &




--

run gimp in backgrou
nd, ditto




<Ctrl+z>

--
in running foreground process will stop it and put it in background


jobs


--
will list running process in that terminal


bg 1


--
will put job 1 in background


fg 1


--
will put job 1 in foreground


<Ctrl+c>

--
kills current fg pro
cess


<Ctrl+d>

--
kills terminal session



jobs
-
l


--

long listing of all fg & bg process for current terminal session


kill & killall


ps
-
aux



kill 28665

--

send SIGTERM to process with PID of 28665


kill
-
9 4985

--

send SIGKILL to process with PID of 4
985 (careful, no shutdown)


killall spamd

--

kill all spamd running



Running processes away from the current shell


nohup gimp &


--

run gimp with no ability to interrupt



Scheduling processes to run


at now +1 min


at>updatedb


at>Ctrl+d



at teatime


a
t now +5 days


at 10/05/08



atq


--

query for jobs in queue



crontab
-
e

--

create a crontab for current user and open in vi or vim


/etc/crontab

--

minute, hour, day, month, & day of week



01 * * * * root run
-
parts /etc/cron.hourly



02 4 * * * root run
-
parts /etc/cron.daily



22 4 * * 0 root run
-
parts /etc/cron.weekly



42 4 1 * * root run
-
parts /etc/cron.monthly





--

simply link or put the script you want to run in one of the directories above

23

Ch 10: Managing the System


Focus in on Monitoring Resour
ces in use


files in /proc (sudo ls
-
lah /proc)


might have to install sysstat packagel


Memory Use:


free (
-
m in megabytes,
-
g in gigabytes,
-
s 5 continuously display every 5 seconds)


free
-
m



free
-
m





total used free sha
red buffers cached



Mem: 8008 4846 3161 0 141 3793



-
/+ buffers/cache: 912 7095



Swap: 16002 0 16002



top


--

Shift M


vmstat


--

view memory use over time


vmstat 3

--

upd
ate every three seconds


man vmstat

--

field discriptions, watch for io backlog if lots memory in use, wasted CPU time

procs
-----------
memory
----------

---
swap
--

-----
io
----

--
system
--

-----
cpu
------


r b swpd free buff cache si so bi bo

in cs us sy id wa st


CPU Usage:


iostat
-
c 3


--

update every 3 seconds



Linux 2.6.25.14
-
69.fc8 (Gandalf) 10/01/2008




avg
-
cpu: %user %nice %system %iowait %steal %idle





1.94 1.23 1.04 0.88 0.00 94.91



i
ostat
-
c
-
t

--

print with time stamp


man iostat

--

for listing of fields displayed



--
> dstat
-
t
-
c 3


--

colors for different types of data



-----
time
-----

----
total
-
cpu
-
usage
----




date/time |usr sys idl wai hiq siq



01
-
10 17:08:41| 3 1 95

1 0 0



01
-
10 17:08:44| 0 1 99 0 0 0



01
-
10 17:08:47| 2 1 97 0 0 0



01
-
10 17:08:50| 0 1 99 0 0 0



01
-
10 17:08:53| 0 1 99 0 0 0



01
-
10 17:08:56| 0 1 99 0 0 0



01
-
10 17:08:58| 0 1 99 0 0 0



cat /proc/cpuinfo


--

lots

of info about processor(s)



flags line show features cpu supports



24

Storage Devices


du & df


iostat
-
d



Linux 2.6.25.14
-
69.fc8 (Gandalf) 10/01/2008




Device: tps Blk_read/s Blk_wrtn/s Blk_read Blk
_wrtn




sda 7.76 214.40 182.76 6445638 5494280



/usr/sbin/lsof


--

all open files (lots)


lsof
-
c bash


--

files open by bash shells


lsof
-
d cwd


--

all directories open as current working dir in bash


lsof /dev/sda1


--

anything open on that filesystem


lsof /Gandalf/data

--

anything open in that directory structure (and subs)


Mastering Time



system
-
config
-
date

--

date, ntpd, timezone, etc gui



cat /etc/sysconfig/clock



# The ZONE parameter is only evaluated by system
-
config
-
date.



# The time zone of the system is defined by the contents of /etc/localtime.



ZONE="America/Chicago"



UTC=false



ARC=false


/usr/share/zoneinfo/America/Chicago

--

time zone info


cp or ln
-
s above to /etc/localtime



--
> date



Wed Oct
1 17:50:55 CDT 2008


--
> date '+%A %B %d %G'



Wednesday October 01 2008


--
> date
--
date='8 months 3 days'



Thu Jun 4 17:51:50 CDT 2009


date 081215212008
--

set date to Aug 12, 2:21pm 2008


cal



--

show calendar


October 2008

Su Mo Tu We Th Fr
Sa


1 2 3 4


5 6 7 8 9 10 11

12 13 14 15 16 17 18

19 20 21 22 23 24 25

26 27 28 29 30 31











--
> cal 2009


2009



January February March

25

Su Mo Tu We Th Fr Sa Su Mo Tu

We Th Fr Sa Su Mo Tu We Th Fr Sa


1 2 3 1 2 3 4 5 6 7 1 2 3 4 5 6 7


4 5 6 7 8 9 10 8 9 10 11 12 13 14 8 9 10 11 12 13 14

11 12 13 14 15 16 17 15 16 17 18 19 20 21 15 16 17 18 19 20 21

18 19 20 21 22 23 2
4 22 23 24 25 26 27 28 22 23 24 25 26 27 28

25 26 27 28 29 30 31 29 30 31




/sbin/hwclock
-
r


--

display current CMOS hardware clock setting


/sbin/hwclock

hstosys

--

set system clock from hardware clock (root)



Using Networ
k Time Protocol


yum install ntpd


service ntpd start


chkconfig ntpd on



/etc/sysconfig/ntpd


--

main config file



SYNC_HWCLOCK=no
--

set to yes to sync


--

problem is why would you want to run a time server ?



ntpd
-
qg



--

q says quit after syncin
g, g says don't panic for way off



Managing the boot process


A detailed look at the fedora boot process


BIOS


MBR on “first” bootabl
e partition


GRUB



/boot/grub/grub.conf

--

other configs are symbolic links to this





kernel



kernel needs root file system to load modules (block devices, etc)



devices drivers are on root file system so how does kernel get them ?



a small initial

ram disk (initrd)


init process



/etc/inittab


--

runlevel, etc




/boot/grub/grub.conf


--

lots of other kernel boot options (table 2
-
1)



default=1



timeout=5



splashimage=(hd1,0)/boot/grub/splash.xpm.gz



title Fedora (2.6.26.3
-
14.fc8)




ro
ot (hd1,0)




kernel /boot/vmlinuz
-
2.6.26.3
-
14.fc8 ro root=LABEL=/ rhgb init=/sbin/bootchartd




initrd /boot/initrd
-
2.6.26.3
-
14.fc8.img




grub
-
install /dev/sda


--

reinstall grub


mkinitrd ...



--

recreate initial ram disk


Startup & Run L
evels


/sbin/runlevel


--

display current and previous


init 5 or 3 etc


--

change runlevel


init q



--

process changes in inittab (mostly for gettys)



/sbin/chkconfig

--
list, smb on,
--
add <name>,
--
level <levels> <name> <on off reset> ....



/sbin/ser
vice smb

--

show usage statement


service smb restart

--

etc

26


/etc/rc.d/rc



systemd



see /etc/systemd and /lib/systemd files



man systemctl



http://www.freedes
ktop.org/wiki/Software/systemd/FrequentlyAskedQuestions




The Kernel


uname


dmesg


lsmod


modinfo pata_acpi



/sbin/modprobe
-
l | grep c
-
qcam


modprobe c
-
qcam


modprobe
-
r c
-
qcam



/etc/sysctl.conf


--

Kernel sysctl configuration file for Red Hat Linux


/sbin/sysctl
-
a

| less


--

list all kernel parameters



sudo /sbin/dmidecode


--

list info about all hardware


sudo /sbin/hdparm /dev/sda

--

view and change information relating to hard drive

27

Ch 11: Managing Network Connections

GUI based tools


Network C
onfiguration via GUI works mostly


Gnome
-
System
--
>Administration
--
>Network

Troubleshooting


Start at bottom of TCP/IP stack


1
-

Check cables on local card and on routers/gateway etc


2
-

Check that card is properly installed and has the correct drivers


3
-

Check the settings for the card to make sure you do not have mismatches


4
-

If all else fails get a NIC that is supported in Linux

Checking Links


/sbin/ethtool


--

lots of help info


/sbin/ethtool | less

--

nothing because help output goes to stderr

(ethtool 2>&1 | less)



sudo /sbin/ethtool eth1

--

settings for eth1



Settings for eth1:




Supported ports: [ MII ]




Supported link modes: 10baseT/Half 10baseT/Full






100baseT/Half 100baseT/Full







1000baseT/Full




Supports auto
-
negotiation: Yes





Advertised link modes: 10baseT/Half 10baseT/Full






100baseT/Half 100baseT/Full






1000baseT/
Full




Advertised auto
-
negotiation: Yes




Speed: 100Mb/s




Duplex: Full




Port: MII




PHYAD: 2




Transceiver: external




Auto
-
negotiation: on




Supports Wake
-
on: g




Wake
-
on: d





Link detected: yes



sudo /sbin/ethtool
-
i eth1

--

driver information



driver: forcedeth



version: 0.61



firmware
-
version:



bus
-
info: 0000:00:12.



sudo /sbin/ethtool
-
S eth1

--

Statistics


sudo /sbin/ethtool
-
s eth1 speed 100 duplex full autoneg of
f
--

change card settings temp.


--

/etc/sysconfig/network
-
scripts/ifcfg
-
eth1 contains “permanent” settings


--

less /usr/share/doc/initscripts
-
*/sysconfig.txt



sudo netstat
-
i


--

network statistics


sudo netstat
-
nap

--

information about all netw
ork processes

Managing Network Connections


sudo /sbin/service



Usage: service < option > |
--
status
-
all | [ service_name [ command |
--
full
-
restart ] ]


/sbin/service network restart or status or stop or start



sudo /sbin/chkconfig



usage:
chkconfig
--
list [name]




chkconfig
--
add <name>

28




chkconfig
--
del <name>




chkconfig
--
override <name>




chkconfig [
--
level <levels>] <name> <on|off|reset|resetpriorities>



less /usr/share/doc/initscrip
ts
-
*/sysconfig.txt



sudo /sbin/ifdown eth1


sudo /sbin/ifup eth1


Viewing Ethernet Connection Information


/sbin/ifconfig


--

connection info for all active (add
-
a to get inactive) connections


/sbin/ip addr show eth1
--

similar information


/sbin/ip a

--

info for all interfaces


/sbin/ip help

--

(addr help, route help, tunnel help)



ipcalc
-
bmn 192.168.1.0/24



NETMASK=255.255.255.0



BROADCAST=192.168.1.255



NETWORK=192.168.1.0



Wireless Connections


Use the GUI if at all possible


wireless
-
t
ools, ndiswrapper, etc from rpm.livna.org



/sbin/lspci | grep wireless


--

to see wireless PCI cards


/sbin/iwconfig




--

same sort of info as ifconfig but for wireless


/sbin/iwconfig

help

--

essid, channel, sens, key, .....


Dial
-
Up Modems


Skipped


Checking Name Resolution


cat /etc/resolv.conf



nameserver 208.180.42.68



nameserver 208.180.42.100



dig
www.google.com

or
www.newegg.com


--

search the servers in resolv.con
f


dig
www.google.com

@4.1.2.1



--

search a specific server


dig + trace
www.google.com


--

recursively trace DNS servers


host 208.180.42.100



--

reverse DNS lookup



More Tr
oubleshooting


/sbin/ip route



--

like old route command



172.16.240.0/24 dev vmnet8 proto kernel scope link src 172.16.240.1



192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.2



172.16.140.0/24 dev vmnet1 proto kernel scope link
src 172.16.140.1





default via 192.168.1.1 dev eth1



ping gateway to see if connected



/sbin/arp
-
v


--

list ARP cache entries by name




Address HWtype HWaddress Flags Mask Iface



DirectvDvr ether

00:50:00:d4:bb:5c C eth1



home ether 00:15:6c:8c:61:44 C eth1



Gimli ether 00:17:02:bb:1e:5b C eth1

29




traceroute
www.ttu.edu


--

* * * probably means firewall


sudo traceroute
-
T 129.118.51.8

--

use TCP packets not default UDP (bypass firewall)


sudo traceroute
-
n ...



--

disable name resolution


Network Statistics


netstat
-
s


--

summary of TCP, ICMP, UDP connections


netstat
-
tanp


--

TCP connection information


netstat
-
uanp


--

UDP


Other Useful Tools


sudo /usr/sbin/tcpdump


--

(
-
v or
-
vv for more stuff)


wireshark


nmap








30

CH 12: Accessing Network Resources


Sometime even

when a GUI is available command line commands are VERY useful


Browse the web


lynx


--

old text based browser


links


--

newer command but /usr/bin/links
-
> elinks


elinks


--

the current “choice” allows mouse use & colors in terminal session




--

C
ontrol Keys Table 12
-
1 pg. 210 (Esc toggles menu on/off)



Transferring Files
--

wget



--

download files using http or ftp


wget http://rpmfind.net/linux/sourceforge/f/fe/fedorafrog/fedora_frog
-
1.0
-
8.0.3.i386.rpm


wget
ftp://rpmfind.net/linux/sourceforge/f/fe/fedorafrog/fedora_frog
-
1.0
-
8.0.3.i386.rpm


wget

user=someuser

password=passwordforuser
ftp://somedir
.com/somefile


wget
ftp://user:password@someserver.com/somefile




--

download single web page


wget
http://jdurrett.ba.ttu.edu

/3351/index.html




--

download single page along with required images, etc and use local file names


wget
-
pk
http://jdurrett.ba.ttu.edu
/3351/index.html



--

append html to downloaded file
s so .cgi or .asp etc will work locally


wget
-
E http://jdurrett.ba.ttu.edu




--

recursively mirror entire site
--

be careful!!!!


wget
-
m http://jdurrett.ba.ttu.edu



--

combining above we get


wget
-
mEkK
http://jdurrett.ba.ttu.edu



--

restart an incomplete download


wget
http://example.com/DVD.iso


--

start download


---

assume it is interrupted here

---


wget
-
c
http
://example.com/DVD.iso

--

finish











Transferring Files
--

curl


--

curl (client for URLs) is also available for single shot downloads


Transferring Files
--

lftp


lftp mirrors.kernel.org


--

anonymous connection


lftp
bob:mypasswd@server1


--

authenticated connection but bad to type pass this way


lftp
-
u bob server1



--

will ask for password


31


--

once session is open


pwd, cd, ls, get (download), put (upload), Ctl
-
z (set download to background,


m
get (get all in.), mput (put all in), bookmark, quit


Transferring Files
--

ssh

--

warning you do NOT get a warning about overwriting existing files when using some of these



scp mfile
bob@server1
:/home/bob/tmp


-
-

file up, will ask for password


scp server1:/home/bob/myfilke ./



--

file down, assumes bob is current user




scp
-
p ...


--

preserves permissions and timestamps


scp
-
P 4382 ...

--

use port 4382 not the default of 22


scp
-
r mydir
bob@server1

--

recurse mydir and copy all



--

sftp uses ssh but allows an ftp like interface ( ? for a list of commands)


sftp
bob@server1


--

then use any of the ftp commands to copy & move ar
ound


Sharing remote directories
--

NFS (Network File System)


--

works in some Windows ops too




service nfs start


--

starts service configs are /etc/sysconfig/nfs, /etc/exports


/usr/sbin/exportfs
-
v


--

shows all shared directories along with per
missions


service nfs reload


--

reload nfs with changes to /etc/export


exportnfs
-
r



--

load changes to /etc/export


exportnfs
-
vr


/usr/sbin/showmount
-
e

--

show directories available on local system


showmount
-
e client.server1.com

--

show directories

available on other system



mount server.example.com:/export/myshare /Gandalf/nfsDIR

--

mount remote (nfs3)


mount
-
q rw,hard, intr ...

--

options can also be entered on mount line


mount
-
t nfs4



--

nfs4 is more versatile but less used might not work










Sharing remote directories
--

SAMBA


--

SMB (server message block is old) cifs is current file system type


--

GUI config tools are availble (swap is a nice easy web interface)

1.

s
udo yum install samba
-
swat

2.

s
udo /sbin/chkconfig swat on

3.

s
udo /etc/
init.d/xinetd start

4.

e
links http://localhost:901/




findsmb



--

scan network for shares



*=DMB


+=LMB

32

IP ADDR NETBIOS NAME WORKGROUP/OS/VERSION

------------------------------------
---------------------------------

192.168.1.2


Gandalf [WIZARDS] [Unix] [Samba 3.0.21c]



smbtree


--

text representation of network shares



Password:



WIZARDS




\
\
ARIEL




\
\
ARIEL
\
C$ Default share




\
\
ARIEL
\
Belinda (C)




\
\
ARIEL
\
Easy (E)


sudo smbpasswd
-
a bob

--

add an existing Linux user as a samba user


smbclient
-
L Ariel


--

list services available by a server to current user or anonymous


smbclient
-
L Ariel
-
U bo
b




sbmclient //192.168.1.1/myshare
-
U bob

--

ftp style connection



--

mounting


sudo mount
-
t cifs
-
o username=bob,password=mypass //server1/myshare /where/I/mountedit



sudo mount
-
t cifs '//Ariel/Easy (E)' /Gandalf/Belinda/Easy /




-
o c
redentials=/home/bob/.cred,uid=500,gid=500



smbstatus


--

current mount and lock status



nmblookup Ariel

--

lookup IP for samba server Ariel




testparm


--

check samba configuration


testparm
-
v | less

--

show default parameters you did not set



Sharin
g remote directories
--

sshfs
--


yum install fuse
-
sshfs


sshfs bob@server1:/home/bob/myshare /Gandalf/RemoteSites/bob
--

mount will as password


sudo umount /Gandalf/RemoteSites/bob

--

unmount


33

Ch 13: Remote System Admin


Most professional linux adm
ins do not run X on production servers

Thus command line admin is a necessity


Old tools like telnet, ftp, rsh, rexec, rcp are security risks (text userid and password)

Modern tools like ssh, scp, sftp are much more secure


Legacy tools are sometimes good
for troubleshooting

telnet
www.google.com

80


GET / HTTP/1.0



---

extra carriage return here


HTTP/1.1 200 OK


Remote admin with ssh


Configuration



--

make sure sshd service is running by default



--

/etc/ssh/ssh
d_config



server configuration file




Port 1248




X11Forwarding yes




AllowTcpForwarding no



--

/etc/ssh/ssh_config




client configuration file




ForwardX11 yes

(or ssh
-
X bob@someserver each time connect)



Regular use



ssh
bob@server1



--

the 'correct' way to change users



ssh server1




--

login to remote as current user



ssh
-
p 1248
bob@server1


--

port other than default of 22



ssh tunneling (a good howto is
here

)



ssh
-
X or with configuration correctly setup kcalc etc



ssh
-
L 1234:localhost:631 remoteserver


--

tunnel CUPS server




ssh
-
l remoteuser
-
nNT
-
R 1100:129.118.49.11:22 remoteip
-
p rem
otesshport

ssh user@remotehost
-
L 24800:remotehost:25
-
N



--

use myserver to connect to internet



ssh
-
L 12345:localhost:google.com:80 myserver




--

ssh as a SOCKS Proxy



ssh
-
D 12345 myserver //look at man pages



then chang
e connection settings in firefox to match



(preferences
-
advanced
-
settings
-
manual connection SOCKS:localhost port:12345)










ssh public key login



cat ~/.ssh/known_hosts

--

existing public keys for previous connections



ssh
-
keygen


--

generate pub
lic / private keys for current user




--

leaving password prompt blank makes connections easy but is risky



copy ~/.ssh/id_rsa.pub to ~/.ssh/authorized_keys2 on remote server




34



ssh
-
agent

--

gives the ability to store keys for duration of this sessi
on



eval 'ssh
-
agent'
--

adds vars to environment



ssh
-
add


--

will add default private key (ssh
-
keygen) to


Using screen: A rich remote shell Cool!!!





ssh gives you one temporary screen at a time, if it times out or dies you loose everything


yum i
nstall screen (FC8 by default)




ssh into remote server


screen

--

you now have a screen running on remote server


screen
-
ls

--

list active screens


Ctrl
-
a, d

--

detach screen, leave it running but return to ssh terminal window


Ctrl
-
a, ?

--

help


scree
n
-
r

--

reattach to a previously detached screen (works even after quitting ssh)


screen
-
r 7089.pts
-
2.myserver
--

reattach if are multiple detached screens


screen
-
S mysession

--

name the screen session


screen
-
x or screen
-
x mysession

--

share scre
en session (same user logged on)



--

try this


ssh into some server


screen


top


Ctrl
-
a, d


exit ssh


ssh again into same server


screen
-
r


--

top will still be running



Using a Remote Windows Desktop


WinXP


Control Panel / System / Remote enable and

add users


yum install rdesktop tsclient



tsclient &

--

graphical Terminal Server Client




rdesktop Ariel


rdesktop
-
u bob
-
p password win1


rdesktop
-
f win1



--

maximize display


rdesktop
-
0
-
r sound:local win1

--

direct sound from server to clie
nt



Other remote linux apps


xhost


--

non encrypted ssh better



Sharing desktops with VNC


yum install vnc vnc
-
server


/etc/sysconfig/vncservers



VNCSERVERS=”1:bob 2:thomas”



vncpasswd



--

set current user vnc password



chkconfig vncserver on

--

se
t vnc server to run


make sure to open TCP ports 590+displaynumber in iptables



vncviewer myserver:1 or myserver:2


--

connect to vncserver from client




35


--

above is a really simple window manager so on the server


edit ~/.vnc/xstartup

and add



unset
SESSION_MANAGER



exec /etc/X11/xinit/xinitrc


and restart the vncserver



--

on untrusted networks tunnel vnc


ssh
-
L 5902:localhost:5902 vncserver



Can share a vnc desktop using Vino






36

Ch 14: Locking Down Security
(for working with user accounts s
ee also Ch10 in Fedora Bible 2011 notes)


“Securing your Linux system means first restricting access to the user accounts and services on the system. After
that, security means checking that no one has gotten around the defenses you have setup.”


Fedora i
s designed to be secure by default:

1.

no user accounts with blank passwords

2.

firewall is restrictive by default

3.

most network services are off

4.

SELinux is set to enforcing if you do not change this on the install


Working with users and groups


ALWAYS LOG IN

AS A REGULAR USER! Then use su or sudo to gain root access


/etc/ssh/sshd_config PermitRootLogin no



The GUI way for servers:



webmin: (
www.webmin.com
)

--

remember to change default port from 10000



cPanel (
www.cpanel.com
), Plesk (
www.swsoft.com/plesk
), Ensim (
www.ensim.com
)



Adding user accounts


--
> sudo /usr/sbin/useradd
-
D



--

show use
radd default values



GROUP=100




--

default group



HOME=/home



--

base home directory



INACTIVE=
-
1



--

password expiration is disabled



EXPIRE=




--

Don't set password expire date



SHELL=/bin/bash



--

default shell



SKEL=/etc/skel



--

copy defa
ult home config files from here



CREATE_MAIL_SPOOL=yes

--

create mail spool directory



--

fedora overrides the default group with a new group for each new user



--

above values in /etc/default/useradd




useradd bob


--

typed as root allows change o
f password for bob





--

root is only warned if bad password is used



--

some of the options for useradd



sudo /usr/sbin/useradd

help



-
b,
--
base
-
dir /var/users

--

base directory for the new user account



-
d,
--
home
-
dir

/home/jj

--

home directory for the new user account



-
e,
--
expiredate 2009
-
01
-
01

--

set account expiration date to 2009
-
01
-
01



-
g 700
-
u 700



--

use specific GID & UID for new user



-
G students,tomcatusers

--

list of supplementary groups for
the new user



sudo /usr/sbin/groupadd


--

before adding a user to a group the group must exist


groups

bob




--

list the groups bob belongs to



bob vboxusers





--

some of the real config files for users and groups


/etc/passwd


test:x:502:503::/home
/test:/bin/bash


/etc/shadow


test:$1$cvOBzy34DGAgHfr3XcdeAmEJ1:14134:0:99999:7:::


/etc/group


test:x:503:drjohn,bob



Changing default useradd values



edit /etc/default/useradd & /etc/login.defs to make changes permanent



user options above in us
eradd command to make temporary changes


37



add files or directories to /etc/skel to change 'startup' /home/newuser (ex public_html)



Modifying User Accounts



sudo /usr/sbin/usermod
-
c “Dr Bob” bob

--

change bob's comment field



sudo /usr/sbin/userm
od
-
s /bin/sh bob

--

change bob's default shell



sudo /usr/sbin/usermod
-
L bob


--

lock the bob user account



sudo /usr/sbin/usermod
-
U bob


--

unlock the bob user account




chsh
-
s /bin/sh


--

change current user's shell to /bin/sh






--

chang
e finger information



--

change office, home phone, office phone, full name



chfn
-
o "BA607"
-
h 806
-
687
-
9028
-
p 806
-
438
-
2049
-
f "DrJohn"




finger



Login Name Tty Idle Login Time Office Office Phone



bob DrJohn *:0 Oc
t 20 13:30 BA607 806
-
438
-
2049



--

above information is stored in the 5
th

field of the /etc/passwd file




--

ONLY edit the /etc/passwd file carefully and with vipw



Deleting User accounts



/usr/sbin/userdel bob


--
delete user bob



userdel
-
r
bob


--

delete user, home directory, and mail spool



Managing Passwords



--

modify current user password



--
> passwd




Changing password for user bob