##Commands are in random order; execute at your own risk
Prozesse die mit D markiert sind finden, um Performanceprobleme zu finden
while true; do date; ps auxf | awk '{if($8=="D") print $0;}'; sleep 1; done
welchen dateien werden von welchen Prozess genutzt
lsof -p 16528
Wird ein unlinked file von einem Prozess offen gehalten?
lsof -a +L1 /dev/file
oder per User
lsof -u www-data
grep -r -i somethingtosearchfor ./
grep -rn $'\xFEFE' * #utf8 BOM finden auch mit FEFF suchen
find /var/ -name '*.jpg'
Pakete suchen mit apt-get
apt-cache search Suchbegriff1 [Suchbegriff2]
Infos zum Paket anzeigen
apt-cache show Paketname
Version eines Pakets anzeigen dpkg -s
PPA hinzufügen und Paket daraus installieren
sudo add-apt-repository ppa:tuxpoldo/btsync
sudo apt-get update
sudo apt-get install btsync
falls add-apt-repository fehlt muss python-software-properties installiert werden
sudo apt-get install python-software-properties
sudo cp /etc/apt/sources.list /etc/apt/security.sources.list
Edit the latter to contain only security repositories, then:
sudo apt-get upgrade -o Dir::Etc::SourceList=/etc/apt/security.sources.list
source nach /tmp downloaden
auspacken meist mit tar xfv source.tar.gz
./configure
make
checkinstall -D make install ##checkinstall muss ggfs. per apt-get installiert werden und erzeugt ein Paket für das auch eine spätere Deinstallation möglich ist.
dpkg -i <paketname> ## installiert das Paket
source aus tmp wieder löschen!
useradd -m USERNAME -g sudo -s /bin/bash #mit Homeverzeichnis und gleich in die Gruppe sudo
groups USERNAME #grp eines users anzeigen
adduser USERNAME GROUP#user in grp adden
addgroup GROUP #neu Gruppe
usermod username -G sudo # user der gruppe Sudu hinzufügen
userdel -r username # User mit seinem Homeverzeichnis löschen
usermod -d /path/to/new/home -m username #ändert das Homeverzeichnis und kopiert ggfs die Daten aus dem alten
###Dateien verschieben
scp file to host scp SourceFile user@host:directory/TargetFile
scp folder FROM host scp -r user@host:directory/SourceFolder TargetFolder
#netstat
offen port mit zugehöriger application netstat -lnptu routen anzeigen netstat -r
###packen tar cvf backup.tar directory bzip2 -9 backup.tar ###auspacken bunzip backup.tar.bz2 tar xfv backup.tar
cat /etc/*release
cat /etc/*version
cat /etc/issue
cat /proc/version
getconf LONG_BIT #64 oder 32 bit
###cert request openssl req -nodes -newkey rsa:2048 -keyout domainname.key -out domainname.csr
das Keyfile anschließend sofort mit chmod 600 domainname.key schützen und den Inhalt des csr unter https://caserver/certsrv in eine cer umwandeln
###Ordnergröße sortiert anzeigen im aktuellen Dir du -hs * | sort -r
Ordnergröße aller Unterordner summieren und anzeigen
du -cksh * |sort -g
Alle großen Dateien über 20MB finden und anzeigen
find / -type f -size +20000k -exec ls -lh {} \; | awk '{ print $9 ": " $5 }'
###symlink ln -s quelle ziel
traffic from 10.5.2.3 destined for port 3389 tcpdump -nnvvS and src 10.5.2.3 and dst port 80 and dst 172.20.1.8 -w caputurefile
sudo tcpdump -nnvvS src 172.20.0.24 -w caputurefile
sudo tcpdump -nnvvS port 5353
sudo tcpdump -nnvvS -n arp
-s 0 #für vollständige packete anhängen.
###mysql User anlegen
mysql -u root -p #einloggen mit dem root user
neuen User anlegen der auf alle Datenbanken zugreifen kann: GRANT ALL PRIVILEGES ON . TO 'username'@'localhost' IDENTIFIED BY 'some_pass';
neuen User anlegen der auf eine bestimmte Datenbanke zugreifen kann: GRANT ALL PRIVILEGES ON dbname.* TO 'username'@'localhost' IDENTIFIED BY 'some_pass';
Ausgabe umleiten 2>&1 (hinter Snagview Checkcommands sehr praktisch)
###iptables iptables speichern: sudo sh -c "iptables-save > /etc/iptables.rules"
iptables laden: iptables-restore -c < /etc/iptables.rules
Basic Rules: (iptables.rules)
Generated by iptables-save v1.4.12 on Sun Nov 18 21:17:25 2012
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -j DROP
-A FORWARD -j DROP
-A OUTPUT -m conntrack --ctstate NEW,RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -j DROP
COMMIT
# Completed on Sun Nov 18 21:17:25 2012
to apply iptables on startup: insert this into /etc/network/interfaces
pre-up iptables-restore < /etc/iptables.rules
script zum iptables sichern
#!/bin/sh sudo sh -c "iptables-save > /etc/iptables.rules" STATE=0 if [ $? -eq 0 ] ;then echo "IPTABLES saved" STATE=1 else echo "something went wrong" fi exit $STATE
erzeugen
ssh-keygen -t rsa
ssh key ohne ssh-copy-id deployen
cat ~/.ssh/id_rsa.pub | ssh username@host "cat – >> ~/.ssh/authorized_keys"
alternativ mit ssh-copy-id
ssh-copy-id -i ~/.ssh/id_rsa.pub remote-host
exitcode des letzten Befehls echo $?
*aufrufen mit:
perl -MCPAN -e 'shell'
*Module suchen
i /Net::SNMP/
*suchen nach dem richtigen Modulnamen und installieren
install Net::SNMP
show installed packages dpkg -l
to prevent rsyslog from spamming the syslog change /etc/rsyslog.d/50-default.conf
*.*;auth,authpriv.none,cron.none,mail.none -/var/log/syslog
cron.* /var/log/cron.log
mail.* -/var/log/mail.log
for syslog-ng uncomment this in /etc/syslog-ng/syslog-ng.conf
destination cron { file("/var/log/cron"); };
log { source(src); filter(f_cron); destination(cron); };
and change this line (add cron)
filter f_messages { not facility(news, mail,cron) and not filter(f_iptables); };
Don't forget logrotate (/etc/logrotate.d/syslog) or things get ugly
to forward syslog messages to another syslog-ng insert this into the /etc/syslog-ng/syslog-ng.conf
destination d_udp514 {udp("loghost" port (514));}; log { source(src); filter(f_messages); destination(messages); destination(d_udp514);};
for rsyslogd and syslogd add this in /etc/rsyslog.d/50-default.conf or /etc/syslog.conf
. @loggingserverip_or_hostname:514
Install lvm2: $ sudo apt-get install lvm2 Load the necessary module(s): $ sudo modprobe dm-mod Scan your system for LVM volumes and identify in the output the volume group name that has your Fedora volume (mine proved to be VolGroup00): $ sudo vgscan Activate the volume: $ sudo vgchange -ay VolGroup00 Find the logical volume that has your Fedora root filesystem (mine proved to be LogVol00): $ sudo lvs Create a mount point for that volume: $ sudo mkdir /mnt/fcroot Mount it: $ sudo mount /dev/VolGroup00/LogVol00 /mnt/fcroot -o ro,user
###mit chroot auf andere Platten zugreifen
Systen z.B. unter /mount/point einbinden
# mount -o bind /proc /mount/point/proc
# mount -o bind /dev /mount/point/dev
# mount -o bind /dev/pts /mount/point/dev/pts
# mount -o bind /sys /mount/point/sys
für DNS Auflösung
# cp /etc/resolv.conf /mount/point/etc/resolv.conf
Shell aufmachen
# chroot /mount/point /bin/bash
change configs in /etc/hostname /etc/hosts /etc/network/interfaces restart the interfaces /etc/init.d/networking restart
check the drives sudo cat /proc/scsi/scsi
to rescan the drives install
apt-get install scsitools
rescan rescan-scsi-bus.sh
recheck the drives sudo cat /proc/scsi/scsi
list all hdds fdisk -l oder fdisk -l /dev/sdb
Disk /dev/sdb: 1073 MB, 1073741824 bytes 255 heads, 63 sectors/track, 130 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes
Disk /dev/sdb doesn't contain a valid partition table
partion mit fdisk anlegen
alle Partitionen auf sdb anzeigen fdisk /dev/sdb dann p
neue Partition anlegen
I start fdisk from the shell prompt: fdisk /dev/hdb which indicates that I am using the second drive on my IDE controller. (See Section 2.1.) When I print the (empty) partition table, I just get configuration information.
Command (m for help): p
Disk /dev/hdb: 64 heads, 63 sectors, 621 cylinders
Units = cylinders of 4032 * 512 bytes
I knew that I had a 1.2Gb drive, but now I really know: 64 * 63 * 512 * 621 = 1281982464 bytes. I decide to reserve 128Mb of that space for swap, leaving 1153982464. If I use one of my primary partitions for swap, that means I have three left for ext2 partitions. Divided equally, that makes for 384Mb per partition. Now I get to work.
Command (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-621, default 1):<RETURN>
Using default value 1
Last cylinder or +size or +sizeM or +sizeK (1-621, default 621): +384M
Next, I set up the partition I want to use for swap:
Command (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 2
First cylinder (197-621, default 197):<RETURN>
Using default value 197
Last cylinder or +size or +sizeM or +sizeK (197-621, default 621): +128M
Now the partition table looks like this:
Device Boot Start End Blocks Id System
/dev/hdb1 1 196 395104 83 Linux
/dev/hdb2 197 262 133056 83 Linux
I set up the remaining two partitions the same way I did the first. Finally, I make the first partition bootable:
Command (m for help): a
Partition number (1-4): 1
And I make the second partition of type swap:
Command (m for help): t
Partition number (1-4): 2
Hex code (type L to list codes): 82
Changed system type of partition 2 to 82 (Linux swap)
Command (m for help): p
The end result:
Disk /dev/hdb: 64 heads, 63 sectors, 621 cylinders
Units = cylinders of 4032 * 512 bytes
Device Boot Start End Blocks Id System
/dev/hdb1 * 1 196 395104+ 83 Linux
/dev/hdb2 197 262 133056 82 Linux swap
/dev/hdb3 263 458 395136 83 Linux
/dev/hdb4 459 621 328608 83 Linux
Finally, I issue the write command (w) to write the table on the disk.
Platten formatieren z.b. mit
mkfs.ext3 /dev/sdb1
Eintrag in /etc/fstab machen
/dev/sdb1 /mountpoint ext3 defaults 0 2
Owner muss root sein chown root:wheel program
setuid bit setzen chmod u+s program
sudo apt-get install cifs-utils
On older systems:
sudo apt-get install smbfs
First, let's create the mount directory. You will need a separate directory for each mount.
sudo mkdir /media/windowsshare Then edit your /etc/fstab file (with root privileges) to add this line:
//servername/sharename /media/windowsshare cifs guest,uid=1000,iocharset=utf8 0 0 Where
guest indicates you don't need a password to access the share, uid=1000 makes the Linux user specified by the id the owner of the mounted share, allowing them to rename files, iocharset=utf8 allows access to files with names in non-English languages. This doesn't work with shares of devices like the Buffalo Tera Station, or Windows machines that export their shares using ISO8895-15. After you add the entry to /etc/fstab type:
sudo mount -a This will (re)mount all entries listed in /etc/fstab.
The quickest way to auto-mounting a password-protected share is to edit /etc/fstab (with root privileges), to add this line:
//servername/sharename /media/windowsshare cifs username=msusername,password=mspassword,iocharset=utf8,sec=ntlm 0 0 This is not a good idea however: /etc/fstab is readable by everyone and so is your Windows password in it. The way around this is to use a credentials file. This is a file that contains just the username and password.
Using a text editor, create a file for your remote servers logon credential:
gedit ~/.smbcredentials Enter your Windows username and password in the file:
username=msusername password=mspassword Save the file, exit the editor.
Change the permissions of the file to prevent unwanted access to your credentials:
chmod 600 ~/.smbcredentials Then edit your /etc/fstab file (with root privileges) to add this line (replacing the insecure line in the example above, if you added it):
//servername/sharename /media/windowsshare cifs credentials=/home/ubuntuusername/.smbcredentials,iocharset=utf8,sec=ntlm 0 0 Save the file, exit the editor.
Finally, test the fstab entry by issuing:
sudo mount -a If there are no errors, you should test how it works after a reboot. Your remote share should mount automatically.
sudo mount -t nfs host:/share /mountpoint
host:/share /mountpoint nfs rsize=8192,wsize=8192,timeo=14,intr
4 - read 2 - write 1 - execute
/home 755 ./ssh 700 authorised_key 600 startupscripte in /etc/init.d/ 755
###installing likewise-open
apt-get install likewise-open
domainjoin-cli join domainname.local domainadmin
lwconfig homedirtemplate %H/%U
lwconfig AssumeDefaultDomain true
lwconfig RequireMembershipOf domain\\group^name
lwconfig CacheEntryExpiry 30
Add the following line to /etc/sudoers:
%group^name ALL=(ALL) ALL
alias ls='ls -lahn'
Damit werden alle Prozesse des Users administator beendet und er wird damit natürlich auch ausgelogt pkill -KILL -u administrator
Damit ein User sich nicht mehr einloggen kann sperrt man ihn mit passwd
passwd -l username
in /etc/network/interfaces für DCHP
auto eth0
iface eth0 inet dhcp
für statische IP
iface eth0 inet static
address 192.168.1.2
netmask 255.255.255.0
gateway 192.168.1.1
dns-search domain.local
dns-nameservers 8.8.8.8 8.8.8.8
#!/bin/zsh
STATE=0
target=/var/www/sandmann
newfilename=sandmann-date +%d-%m-%Y.wmv
logger starte mplayer capture
mplayer -dumpstream -dumpfile $target/$newfilename mmsh://85.239.122.162/mk3w-3faw-3rqf-enc0-kika?MSWMExt=.asf &
sleep 722
killall mplayer
exit $STATE
Open a database
sqlite3 tablename
Show Tables in this database
.tables
Show a specific tableschema
.schema tablename
Show the content of a table
SELECT * FROM table;
Shows the help
.help