1. Basic Server Service Status:
# uptime - Displays the server uptime
# last - Last login users of the system
# date - Show system clock
# hostame - Displays the hostname and/or FQDN of the system
# uname -a - Displays the hostname and detailed kernel version
# cat /etc/redhat-release - Displays the version of Linux installed Example:
# cat /proc/cpuinfo - Displays information about the CPU(s)
# df -h - Displays the partitions, their sizes details, and mount points
# free - Displays detail about the system memory and usage
# lsof - Displays all open files
# lsof -nPi:22- Displays any open files which use port 22
# locate httpd.conf- Displays the full path to any file named httpd.conf
# updatedb - Rebuilds index of files for search using the locate utility
# last - Last login users of the system
# date - Show system clock
# hostame - Displays the hostname and/or FQDN of the system
# uname -a - Displays the hostname and detailed kernel version
# cat /etc/redhat-release - Displays the version of Linux installed Example:
# cat /proc/cpuinfo - Displays information about the CPU(s)
# df -h - Displays the partitions, their sizes details, and mount points
# free - Displays detail about the system memory and usage
# lsof - Displays all open files
# lsof -nPi:22- Displays any open files which use port 22
# locate httpd.conf- Displays the full path to any file named httpd.conf
# updatedb - Rebuilds index of files for search using the locate utility
2. File Copy, Move, Delete:
# cp file1.txt file2.txt - Copies file1.txt to file2.txt
# mv old.txt new.txt - Renames a file called old.txt to new.txt
# rm file1.txt - Deletes file1.txt
# mkdir httpds- Creates a new directory called httpds
# cp -R httpd httpds - Recursively copies all files from directory httpd to httpds
# cp -PR httpd httpds - Recursively copies all files from directory httpd to httpds and retains all permission settings
# rm -rf httpd- Recursively deletes folder httpd and all contents
# chkconfig --list - Displays all services and their state (start or stop) at each runlevel
# chkconfig --level 35 httpd on - Sets httpd to start on runlevels 35 when machine is booted
# service httpd start - Immediately starts Apache
# mv old.txt new.txt - Renames a file called old.txt to new.txt
# rm file1.txt - Deletes file1.txt
# mkdir httpds- Creates a new directory called httpds
# cp -R httpd httpds - Recursively copies all files from directory httpd to httpds
# cp -PR httpd httpds - Recursively copies all files from directory httpd to httpds and retains all permission settings
# rm -rf httpd- Recursively deletes folder httpd and all contents
# chkconfig --list - Displays all services and their state (start or stop) at each runlevel
# chkconfig --level 35 httpd on - Sets httpd to start on runlevels 35 when machine is booted
# service httpd start - Immediately starts Apache
3. File Attributes
#chown apache virtualhosts.txt- Changes ownership of the virtualhosts.txt file to user apache
#chgrp apache virtualhosts.txt- Changes membership of the virtualhosts.txt file to group apache
#chmod a+x sniffer.pl- Allows the sniffer.pl file to be executed
#chown apache virtualhosts.txt- Changes ownership of the virtualhosts.txt file to user apache
#chgrp apache virtualhosts.txt- Changes membership of the virtualhosts.txt file to group apache
#chmod a+x sniffer.pl- Allows the sniffer.pl file to be executed
4. File Permissoin (Chmod)
7 rwx read, write, execute 6 rw- read, write 5 r-x read, execute 4 r-- read 3 -wx write, execute 2 -w- write 1 --x execute 0 --- no permissions
# chmod 777 passwords.txt- Allows read, write, and execute on the file passwords.txt to anyone
# chmod 000 passwords.txt- Blocks read, write, and execute on the file passwords.txt to anyone
# chmod 777 passwords.txt- Allows read, write, and execute on the file passwords.txt to anyone
# chmod 000 passwords.txt- Blocks read, write, and execute on the file passwords.txt to anyone
5. Yum repository update
# yum update -y - Updates all packages without prompting
# yum install iptraf- Installs a package named iptraf
# yum whatprovides */iostat - Searches all repositories and returns RPMs that provide the program iostat
# yum update samba- updates a package named samba
# yum install iptraf- Installs a package named iptraf
# yum whatprovides */iostat - Searches all repositories and returns RPMs that provide the program iostat
# yum update samba- updates a package named samba
RPM Finding:
# rpm -q http- Displays the version of daemon http (apache)
#rpm -qa | grep bind- Displays all packages installed with the word bind. Example:
#rpm -qa | grep bind
bind-chroot-9.3.6-16.P1.el5
system-config-bind-4.0.3-4.el5.centos
bind-utils-9.3.6-16.P1.el5
bind-9.3.6-16.P1.el5
bind-libs-9.3.6-16.P1.el5
ypbind-1.19-12.el5
#rpm -ivh proftpd- Interactively installs proftpd
#rpm -Uvh proftpd- Interactive upgrades named proftpd
#rpm -e proftpd- Removes package proftpd
#rpm --rebuilddb - Rebuilds a corrupt RPM database
#rpm -qa | grep bind- Displays all packages installed with the word bind. Example:
#rpm -qa | grep bind
bind-chroot-9.3.6-16.P1.el5
system-config-bind-4.0.3-4.el5.centos
bind-utils-9.3.6-16.P1.el5
bind-9.3.6-16.P1.el5
bind-libs-9.3.6-16.P1.el5
ypbind-1.19-12.el5
#rpm -ivh proftpd- Interactively installs proftpd
#rpm -Uvh proftpd- Interactive upgrades named proftpd
#rpm -e proftpd- Removes package proftpd
#rpm --rebuilddb - Rebuilds a corrupt RPM database
6. Compressed files
#unzip package.zip- Unzips the file package.zip
#tar -zvxf stunnel.tar.gz- Decompressed a gzip file named stunnel.tar.gz
#tar -zvxf stunnel.tar.gz- Decompressed a gzip file named stunnel.tar.gz
7. LAN Configure (Networking):
#ifup eth0- Enables network interface eth0
#ifdown eth0- Disables network interface eth0
# vi /etc/sysconfig/network-scripts/ifcfg-eth0- Uses vi to edit network settings on eth0
#ifdown eth0- Disables network interface eth0
# vi /etc/sysconfig/network-scripts/ifcfg-eth0- Uses vi to edit network settings on eth0
8. IPtables Configure:
# service iptables status - Displays status of iptables (running or not)
# iptables -L - Displays ruleset of iptables
# iptables -I INPUT -p tcp -m tcp -s 192.168.15.254/26 --dport 22 -j ACCEPT - Accepts incoming SSH connections from IP range 192.168.15.254/26
# iptables -I INPUT -p tcp -m tcp -s 0.0.0.0/0 --dport 22 -j DROP - Blocks SSH connections from everywhere else
# iptables -I INPUT -s "192.168.10.121"-j DROP - Drops all traffic from IP 192.168.10.121
# iptables -D INPUT -s "192.168.10.121"-j DROP - Removes previously allied drop all from IP 192.168.10.121
# iptables -I INPUT -s "192.168.10.0/24"-j DROP - Drops all traffic from IP range 192.168.10.0/24
# iptables -A INPUT -p tcp --dport 25 -j DROP - Blocks all traffic to TCP port 25
# iptables -A INPUT -p tcp --dport 25 -j ACCEPT - Allows all traffic to TCP port 25
# iptables -A INPUT -p udp --dport 53 -j DROP - Blocks all traffic to UDP port 53
# /etc/init.d/iptables save - Saves all IPtables rules and re-applies them after a reboot
# iptables -L - Displays ruleset of iptables
# iptables -I INPUT -p tcp -m tcp -s 192.168.15.254/26 --dport 22 -j ACCEPT - Accepts incoming SSH connections from IP range 192.168.15.254/26
# iptables -I INPUT -p tcp -m tcp -s 0.0.0.0/0 --dport 22 -j DROP - Blocks SSH connections from everywhere else
# iptables -I INPUT -s "192.168.10.121"-j DROP - Drops all traffic from IP 192.168.10.121
# iptables -D INPUT -s "192.168.10.121"-j DROP - Removes previously allied drop all from IP 192.168.10.121
# iptables -I INPUT -s "192.168.10.0/24"-j DROP - Drops all traffic from IP range 192.168.10.0/24
# iptables -A INPUT -p tcp --dport 25 -j DROP - Blocks all traffic to TCP port 25
# iptables -A INPUT -p tcp --dport 25 -j ACCEPT - Allows all traffic to TCP port 25
# iptables -A INPUT -p udp --dport 53 -j DROP - Blocks all traffic to UDP port 53
# /etc/init.d/iptables save - Saves all IPtables rules and re-applies them after a reboot
# /etc/init.d/iptables restart
9. Server Processes & Logs
# ps ax - Displays all running processes
# ps aux - Displays all running processes including CPU and memory usage of each
# ps ax | wc -l - Displays the total number of processes
# top - Interactive process manager which allows sorting by criteria
# ps aux - Displays all running processes including CPU and memory usage of each
# ps ax | wc -l - Displays the total number of processes
# top - Interactive process manager which allows sorting by criteria
Logs Files:
# tail -f /var/log/messages - Displays the most current entries to the messages log in real-time
# tail -50 /var/log/messages - Displays the last 50 lines of the messages log
# head -50 /var/log/messages - Displays the first 50 lines of the messages log
# cat /var/log/messages - Displays the entire messages log
# cat /var/log/messages | grep "FTP session opened" - Displays any entries in the messages log that contain the ext FTP session opened
# cat /var/log/messages | grep "FTP session opened" > log2.txt- Writes any entries in the messages log that contain the ext FTP session opened to a file named log2.txt
10. Network IP Masks:
Short Form
|
Full Form
|
No. Machines usable IP
|
Comment
|
/8
|
255.0.0.0
|
16,777,214
|
Used to be called an `A-class'
|
/16
|
255.255.0.0
|
65,534
|
Used to be called an `B-class'
|
/17
|
255.255.128.0
|
32,766
| |
/18
|
255.255.192.0
|
16,382
| |
/19
|
255.255.224.0
|
8,190
| |
/20
|
255.255.240.0
|
4,094
| |
/21
|
255.255.248.0
|
2,047
| |
/22
|
255.255.252.0
|
1,022
| |
/23
|
255.255.254.0
|
510
| |
/24
|
255.255.255.0
|
254
|
Used to be called a `C-class'
|
/25
|
255.255.255.128
|
126
| |
/26
|
255.255.255.192
|
62
| |
/27
|
255.255.255.224
|
30
| |
/28
|
255.255.255.240
|
14
| |
/29
|
255.255.255.248
|
6
| |
/30
|
255.255.255.252
|
2
|
11. vi /vim Editor:
vi Replace
cw – Vi replace a single word from the current cursor position. To replace a whole word, you put the cursor on the the first character of the word.c$ – replace the current line but doesn’t extend to change the rest of a wrapped sentence on the screen
r – Vi Replace the character under the cursor
R – Replaced the text on the same line until Esc is pressed, but it doesn’t change text on the next line. Instead, it pushes to ahead of the current changes.
vi Delete
x – Deletes a single character under the cursorX – Deletes a single character before the cursor
dw – Deletes a single word that’s currently under the cursor, from the cursor position onward.
vi Delete Line
dd – Vi delete line, regardless of the cursors position on the lineD – Deletes all text from the cursor position to the end of the line
dL – Deletes all text from the cursor position to the end of the screen
dG – Deletes all text from the cursor to the EOF
d^ – Deletes all text from the beginning of the line to the cursor
vi Copy & Paste
Commands for Vi copy & paste:yy – Vi copy line – copies a line of text to the unnamed buffer
3yy – Copies 3 lines of text to the unnamed buffer
yw – Copies a word (under the cursor) to the unnamed buffer
3yw – Copies 3 words to the unnamed buffer
P – Pastes the contents 0f the unnamed buffer to the right of the cursor
p – Pastes the contents of the unnamed buffer to the left of the cursor
vi Page Down
Ctrl+F – Vi page down – Moves forward a pageCtrl+D – Moves forward half a page
vi Page Up
Ctrl+B – Vi page up – Moves back a pageCtrl+U – Moves backward a half-page
vi Save & Exit
:q – Vi exit – this will close Vi:wq – Vi save & exit
:w – Vi Save, write the file out to disk
: x – Vi exit, and prompts it you want to save on exit.
Shift+ZZ - Alternative way to save and exit Vi
:q! – Exits vi and discards and changes you made
:wq! – Vi Save and exit if you are root and do not have the write bit set for the file you are attempting to write.
12. MySQL Commands - Cheat Sheet
New Installation - tighten up securityChange root password to something!
shell> mysql -u root mysql
mysql> SET PASSWORD FOR 'root'@'localhost' = PASSWORD('new_password');
mysql> SET PASSWORD FOR 'root'@'host_name' = PASSWORD('new_password');
Remove annonymous accounts
shell> mysql -u root -p mysql
mysql> SELECT Host, User FROM user; -show us where they live
mysql> DELETE FROM user WHERE User = '';
mysql> FLUSH PRIVILEGES;
Also, don't forget about the .mysql_history file that gets created in your home directory!
Databases
Make new Database:
mysql> CREATE DATABASE reports;
Make sure it got created properly:
mysql>SELECT DATABASE();
View Databases:
mysql>SHOW DATABASES;
Remove a Databse:
mysql>DROP DATABASE oldatabase;
Change working database:
mysql> USE newdatabase;
Users
Add a user with full super user privileges who can connect from anywhere:
mysql>GRANT ALL PRIVILEGES ON *.* TO king@'%' IDENTIFIED BY 'some_pass' WITH GRANT OPTION;
mysql>GRANT ALL PRIVILEGES ON *.* TO king@localhost IDENTIFIED BY 'some_pass' WITH GRANT OPTION;
Add a local user to manage the reports database:
mysql> GRANT ALL ON reports.* TO reports@localhost IDENTIFIED BY 'new_password';
mysql> GRANT ALL ON reports.* TO reports@jane.plumblossom.orgIDENTIFIED BY 'new_password';
Make sure the user is setup:
mysql> SELECT * FROM user; OR
mysql> SELECT Host, User FROM user;
When connecting an older client to MySQL server version 4.1 or greater you will need to set the password to the 'Old Style' due to the change in the authentication protocol. Macintosh 10.4 server ships with PHP 4 which cannot connect to the newer MySQL server that comes installed. I wonder whose bright idea that was.
mysql> SET PASSWORD FOR 'reports'@'localhost' = OLD_PASSWORD('new_password');
Flush Privileges to activate changes:
mysql> flush privileges;
Tables
Add a Table:
mysql> CREATE TABLE test_table(id MEDIUMINT PRIMARY KEY, name VARCHAR(20));
mysql> SHOW TABLES;
Remove Table:
mysql> DROP TABLE course;
Change Fieldname or Type:
mysql> ALTER TABLE courses MODIFY course_name VARCHAR(20);
mysql> ALTER TABLE tablename CHANGE field_name new_field_name datatype;
Update a single field:
mysql> UPDATE courses SET year = '2003' WHERE course_id = '1';
mysql> UPDATE tablename SET fieldname = value WHERE fieldname = criteria;
Delete a Row:
mysql> DELETE FROM courses WHERE course_id = 0;
Delete a column:
mysql> ALTER TABLE courses DROP COLUMN course_id;
Add a new column:
mysql> ALTER TABLE tablename ADD COLUMN column-name datatype(value) AFTER existing_field;
Insert Data (row)
mysql>INSERT INTO courses VALUES('','Technology','bschonhorst','Brad','Simpson','Fall','2003',NULL,'0','0','0','0','0');
Searching
Wildcards: Use the % Symbol to find alex alexa alexia alexis
mysql> SELECT * FROM users WHERE name LIKE '%alex%';
Select some info:
mysql> SELECT course_id, rteacher FROM courses;
Get the last insert ID:
mysql> SELECT LAST_INSERT_ID();
Basic Backups
mysqldump --opt database > backup-file.sql -u reports -p
Then to import after upgrade
mysql -u user -p dbname < dbname-backup-file.sql
See also, Flush and Lock table before doing on a server
13. Packing, unpacking, and installing files:
gzip compress:
#gzip <filename.ext>
#gzip <filename.ext>
gzip extract:
#gunzip <filename.ext>
#gunzip <filename.ext>
gzip retrieve information about file:
#gzip -l <filename.ext>
#gzip -l <filename.ext>
tar archive:
#tar cfv <archive name.ext> <file/folder to archive>
#tar cfv <archive name.ext> <file/folder to archive>
tar extract:
#tar xvf <filename.ext>
#tar xvf <filename.ext>
tar retrieve information about file:
#tar tvf <filename.tar>
#tar tvf <filename.tar>
gzip and tar compress in one command:
#tar cvzf <archive name.tar.gz> <file/folder to archive>
#tar cvzf <archive name.tar.gz> <file/folder to archive>
gzip and tar extract in one command:
#tar xvzf <filename.tar.gz>
#tar xvzf <filename.tar.gz>
14. install rpm files Manually:
#rpm -ivh <rpm file name>
install rpm package even if already installed:
#rpm -ivh --replacepkgs <rpm file name>
uninstall rpm packages:
#rpm -e <rpm package name>
After uninstalling an rpm package, you will find that it still has config files and other bits strewn about. The rm -rf and rm -f commands are VERYpowerful and can easily render your linux installation unusable. Be very careful. A 'reasonably safe' way (provided you pay attention and are careful) to clean the files up is:
1) Do a find / -name "<filename>*" | more
2) Check the output and make SURE it only includes the files you want to remove.
3) Do a find / -name "<filename>*" | xargs rm -f
tar basic functions and options:
function:
c To create a new archive
x To extract files from an archive
t To list the contents of an archive
r To append files to the end of an archive
u To update files that are newer than those in the archive
d To compare files in the archive to those in the filesystem
options:
f <filename> To specify that the tar file to be read or written is named <filename>
k To keep any existing files when extracting, i.e. don't delete the origional files
v To make tar show the files it is archiving or restoring (don't use in shell scripts)
z To specify that the data to be written to the tar file should be gzipped
function:
c To create a new archive
x To extract files from an archive
t To list the contents of an archive
r To append files to the end of an archive
u To update files that are newer than those in the archive
d To compare files in the archive to those in the filesystem
options:
f <filename> To specify that the tar file to be read or written is named <filename>
k To keep any existing files when extracting, i.e. don't delete the origional files
v To make tar show the files it is archiving or restoring (don't use in shell scripts)
z To specify that the data to be written to the tar file should be gzipped
15. Miscellaneous commands:
To download a web page(s):
#wget -m -r -l5Checking open network ports:
#netstat -apn | more
#wget -m -r -l5Checking open network ports:
#netstat -apn | more
Show file attributes and permissions:
#llShow all files in a directory (including hidden .<name> files
#ls -A
#llShow all files in a directory (including hidden .<name> files
#ls -A
Show information about mounted volumes:
#df -h
#df -h
Turn off all power management:
#xset -dpms
#xset -dpms
Load StartX setup routine:
#X86configDisplay log file starting at the end:
#tail -f <file name>
Samba commands:
Add user/change password (user must have a unix account first):
#smbpasswd -a <username>
#X86configDisplay log file starting at the end:
#tail -f <file name>
Samba commands:
Add user/change password (user must have a unix account first):
#smbpasswd -a <username>
Apache commands:
.htpasswd file creation for Apache Directory security use:
To create a new .htpasswd file and add a user (will prompt for password):
#htpasswd -c /etc/httpd/conf/.htpasswd <name>
To create a new user in an existing .htpasswd file (will prompt for password):
#htpasswd /etc/httpd/conf/.htpasswd <name>
<Directory> security examples in httpd.conf (which use the .htpasswd file):
<Directory "/var/www/html/<directory>">
AuthType Basic
AuthName "Restricted Uploads"
AuthUserFile /etc/httpd/conf/.htpasswd
Require valid-user (means anyone in the .htpasswd file can access)
</Directory>
**and**
<Directory "/var/www/html/<directory>">
AuthType Basic
AuthName "Restricted file access"
AuthUserFile /etc/httpd/conf/.htpasswd
Require jjones (only jjones in the .htpasswd file has access)
</Directory>
<Directory "/var/www/html/<directory>">
AuthType Basic
AuthName "Restricted file access"
AuthUserFile /etc/httpd/conf/.htpasswd
Require jjones (only jjones in the .htpasswd file has access)
</Directory>
RedHat/Fedora account creation:
To create a new user account:
#useradd <name>
To create a new user account:
#useradd <name>
To add/change a password:
#passwd <name> (will prompt for password twice)
#passwd <name> (will prompt for password twice)
To add a user to a group:
#usermod -G <groupname> <username>
#usermod -G <groupname> <username>
Set owner of a file/folder:
#chown <user.group> <file/folder name>
#chown -R >user.group> <file/folder name> for recursive, i.e. apply changes to subfolders
Set permissions on a file/folder:
#chmod 777 <file/folder name> for full rights (dangerous!)
#chmod 775 <file/folder name> for full rights for user/group but no write/execute for 'other'
#chmod 765 <file/folder name> for full user rights, no write for 'group', and no write/execute for 'other'
Add -R for recursive, i.e. chmod -R 775 <file/folder name> to apply rights to subfolders
File permissions take the form of:
#chown <user.group> <file/folder name>
#chown -R >user.group> <file/folder name> for recursive, i.e. apply changes to subfolders
Set permissions on a file/folder:
#chmod 777 <file/folder name> for full rights (dangerous!)
#chmod 775 <file/folder name> for full rights for user/group but no write/execute for 'other'
#chmod 765 <file/folder name> for full user rights, no write for 'group', and no write/execute for 'other'
Add -R for recursive, i.e. chmod -R 775 <file/folder name> to apply rights to subfolders
File permissions take the form of:
User
|
Group
|
Other
|
-RWX
|
RWX
|
RWX
|
The leading dash in the above table is for the type of data, d would be a directory and - indicates a file.
File permissions can be set using bits, as referenced above:
User
|
Group
|
Other
| ||||||
read
|
write
|
execute
|
read
|
write
|
execute
|
read
|
write
|
execute
|
400
|
200
|
100
|
40
|
20
|
10
|
4
|
2
|
1
|
Another way to look at it would be to visualize -r--r--r-- and calculate it as:
400
|
40
|
4
|
= 444
|
~examples~
File permissions of -rwxrwxr-x would be:
400+200+100 plus 40+20+10 plus 4+1 (no write for Other) which equals 775
File permissions of -rwxr-xr-x would be:
400+200+100 plus 40+10 plus 4+1 (no write for Group or Other) which equals 755
So, chmod -R 775 /var/www/html means /html and subfolders have -rwxrwxr-x or full rights except 'Other', which doesn't have write permissions.
Making symbolic links:
#ln -s <location/filename> <name of symbolic link>
Example: ln -s /var/www/html/homesite homesite would create a link named homesite to /var/www/html/homesite which is a folder.
#ln -s <location/filename> <name of symbolic link>
Example: ln -s /var/www/html/homesite homesite would create a link named homesite to /var/www/html/homesite which is a folder.
Sending Root system messages and logs to an email address:
Edit /etc/aliases
Un-remark (remove # symbol) from 'root:' and add the email address of the recipient.
Save file.
At the command prompt, type newaliases to update the database.
Edit /etc/aliases
Un-remark (remove # symbol) from 'root:' and add the email address of the recipient.
Save file.
At the command prompt, type newaliases to update the database.
Enable daily yum updates:
Pre-FC6 setup:
# chkconfig yum on
# service yum start
Should see "Enabling nightly yum update: [OK]"
FC6 and later setup (yum-cron is a seperate package):
# yum install yum-cron
# chkconfig yum-cron on
# service yum-cron start
Should see "Enabling nightly yum update: [OK]"
Other yum features:List all available software:# yum install yum-cron
# chkconfig yum-cron on
# service yum-cron start
Should see "Enabling nightly yum update: [OK]"
#yum list
See if there are updated packages available:
#yum check-update
Update all installed packages that have a newer version available:
#yum update
Install specific package(s) (and its dependencies, if missing any):
#yum install <packagename>
Search all known packages entries (descriptions etc) for <word>
#yum search <word>
Show basic information about a package
#yum info <packagename>
Nice helpful information.
ReplyDeleteThanks
Chinmoy