Difference between revisions of "John's Linux page"

From ProgClub
Jump to: navigation, search
(29 intermediate revisions by the same user not shown)
Line 13: Line 13:
 
  $ lsb_release
 
  $ lsb_release
  
== Determining which Unix you are running ==
+
== Determining which Linux/Unix you are running ==
  
 
  $ uname
 
  $ uname
 +
 +
Or,
 +
 +
$ uname -mrs
  
 
Or,
 
Or,
Line 70: Line 74:
 
  RAID:      Devices: 1: /dev/md1 2: /dev/md0
 
  RAID:      Devices: 1: /dev/md1 2: /dev/md0
 
  Info:      Processes: 355 Uptime: 11 days Memory: 21198.3/32043.3MB Client: Shell (bash) inxi: 2.3.5
 
  Info:      Processes: 355 Uptime: 11 days Memory: 21198.3/32043.3MB Client: Shell (bash) inxi: 2.3.5
 +
 +
= Power =
 +
 +
== Reporting on PowerShield DEFENDER UPS status ==
 +
 +
To see the status of the [https://powershield.com.au/powersheild_product/defender/ PowerShield DEFENDER] systems on John's LAN:
 +
 +
$ upsc defender
 +
 +
E.g.:
 +
 +
jj5@orac:~$ upsc defender
 +
Init SSL without certificate database
 +
battery.charge: 100
 +
battery.voltage: 27.40
 +
battery.voltage.high: 26.00
 +
battery.voltage.low: 20.80
 +
battery.voltage.nominal: 24.0
 +
device.type: ups
 +
driver.name: blazer_usb
 +
driver.parameter.pollinterval: 2
 +
driver.parameter.port: auto
 +
driver.parameter.synchronous: no
 +
driver.version: 2.7.4
 +
driver.version.internal: 0.12
 +
input.current.nominal: 5.0
 +
input.frequency: 50.1
 +
input.frequency.nominal: 50
 +
input.voltage: 242.6
 +
input.voltage.fault: 242.6
 +
input.voltage.nominal: 240
 +
output.voltage: 242.6
 +
ups.beeper.status: disabled
 +
ups.delay.shutdown: 30
 +
ups.delay.start: 180
 +
ups.load: 14
 +
ups.productid: 5161
 +
ups.status: OL
 +
ups.type: offline / line interactive
 +
ups.vendorid: 0665
 +
 +
== Run commands on PowerShield DEFENDER UPS batteries ==
 +
 +
You can run "instant commands" using the '''upscmd''' command.
 +
 +
We use the 'beeper.toggle' instant command in our Salt Stack config to disable the beeper, see e.g.:
 +
 +
diligence:/srv/salt/conf/app/defender-1200.sls
 +
 +
To see "instant commands" supported by the PowerShield DEFENDER:
 +
 +
$ upscmd -l defender
 +
 +
E.g.:
 +
 +
jj5@orac:~$ upscmd -l defender
 +
Instant commands supported on UPS [defender]:
 +
 +
beeper.toggle - Toggle the UPS beeper
 +
load.off - Turn off the load immediately
 +
load.on - Turn on the load immediately
 +
shutdown.return - Turn off the load and return when power is back
 +
shutdown.stayoff - Turn off the load and remain off
 +
shutdown.stop - Stop a shutdown in progress
 +
test.battery.start - Start a battery test
 +
test.battery.start.deep - Start a deep battery test
 +
test.battery.start.quick - Start a quick battery test
 +
test.battery.stop - Stop the battery test
  
 
= Environment =
 
= Environment =
Line 168: Line 240:
  
 
  $ sudo su -c "svn update" www-data
 
  $ sudo su -c "svn update" www-data
 +
 +
== Reporting user and group info for the current user ==
 +
 +
$ id
  
 
= Memory management =
 
= Memory management =
Line 176: Line 252:
  
 
  $ free -m
 
  $ free -m
 +
 +
== Check for swap thrashing ==
 +
 +
Check your virtual memory status with vmstat:
 +
 +
$ vmstat
  
 
= Video/display management =
 
= Video/display management =
Line 273: Line 355:
 
  # watch zpool iostat -v
 
  # watch zpool iostat -v
 
  # zpool iostat -v 2
 
  # zpool iostat -v 2
  # watch 'zfs list; echo; zpool list'
+
  # watch 'zpool list; echo; zfs list'
 
  # watch zfs get compressratio -o all
 
  # watch zfs get compressratio -o all
 
  # watch cat /proc/spl/kstat/zfs/arcstats
 
  # watch cat /proc/spl/kstat/zfs/arcstats
Line 301: Line 383:
 
  root@orac:/# find / -name '*zfs*' -or -name '*zpool*'
 
  root@orac:/# find / -name '*zfs*' -or -name '*zpool*'
  
== Measure data throughput ==
+
You can report history of a zpool:
  
Use the 'pv' command from the 'pv' package, e.g.:
+
# zpool history $poolname
  
# cat /dev/sda | pv | cat > /dev/null
+
You can get a report on the dedup tables:
  
Or for ZFS:
+
# zpool status -D $poolname
  
# zfs send data/example | pv | cat > /dev/null
+
Or more detailed dedup table info:
  
= Monitoring disk I/O =
+
# zdb -DDD $poolname
  
There's an app for that! iotop.
+
Note in the output see [https://unix.stackexchange.com/a/405700 here] for details, basically:
  
== Using iotop, top for disks ==
+
{|class="wikitable"
 +
! Abbr  !! Description
 +
|-
 +
| LSIZE  || logical size (in memory)
 +
|-
 +
| PSIZE  || physical size
 +
|-
 +
| DSIZE  || size on disk
 +
|-
 +
| refcnt || reference count
 +
|}
  
# iotop -oPa
+
== Measure data throughput ==
  
= File management =
+
Use the 'pv' command from the 'pv' package, e.g.:
  
== Listing only directories ==
+
# cat /dev/sda | pv | cat > /dev/null
  
$ ls -l | egrep '^d'
+
Or for ZFS:
  
== Listing only files ==
+
# zfs send data/example | pv | cat > /dev/null
  
$ ls -l | egrep -v '^d'
+
== Using Smartctl, Smartd and Hddtemp on Debian ==
  
== Listing hidden files ==
+
For notes on using smartctl see [https://www.lisenet.com/2014/using-smartctl-smartd-and-hddtemp-on-debian/ Using Smartctl, Smartd and Hddtemp on Debian].
  
$ ls -al .[!.]*
+
== Report hard disk usage ==
  
== Creating a symbolic link ==
+
So you might want to know how much data a process reads or writes to a hard disk. You can monitor process total disk utilisation with the 'iotop' command. Run 'iotop' and then press 'a' for --accumulated.
  
$ ln -s /path/to/target link-name
+
== Report hard disk temperatures ==
  
== Creating a hard-link ==
+
E.g.
  
  $ ln /path/to/target file-name
+
  # hddtemp /dev/sd[a-e]
  
== Changing the owner of a file ==
+
= Monitoring disk I/O =
 +
 
 +
There's an app for that! iotop.
  
$ chown user:group <files>
+
== Using iotop, top for disks ==
  
E.g.
+
# iotop -oPa
  
$ chown jj5:staff README
+
== Monitor disk I/O for performance issues ==
$ chown root:root *
 
  
To apply recursively into sub-directories use -R,
+
# watch iostat
  
$ chown -R root:root /etc/*
+
Or e.g.
  
== Changing file permissions ==
+
# watch iostat -xd /dev/sd[abc]
  
{|class="wikitable"
+
= Monitoring a system =
|+ Object codes
 
! User !! Group !! Other
 
|-
 
| u    || g    || o
 
|}
 
  
{|class="wikitable"
+
== Simple ZFS monitoring ==
|+ Permission codes
 
! Read !! Write !! Exectue
 
|-
 
| r    || w    || x
 
|-
 
| 4    || 2    || 1
 
|}
 
  
{|class="wikitable"
+
# watch iostat
|+ Numeric codes
+
# iotop
! 0
+
# zpool iostat -v 5
| None
+
# watch 'hddtemp /dev/sd[a-e]; echo; zpool list; echo; zfs list'
|-
+
# nethogs
! 1
+
# top
| Execute
 
|-
 
! 2
 
| Write
 
|-
 
! 3
 
| Write, Execute
 
|-
 
! 4
 
| Read
 
|-
 
! 5
 
| Read, Execute
 
|-
 
! 6
 
| Read, Write
 
|-
 
! 7
 
| Read, Write, Execute
 
|}
 
  
See [http://catcode.com/teachmod/numeric2.html Numeric Mode in Action].
+
= File management =
  
$ chmod <user numeric code><group numeric code><other numeric code> <files>
+
== Listing only directories ==
$ chmod <object codes>+|-<permission codes> <files>
 
  
E.g.
+
$ ls -l | egrep '^d'
  
$ chmod 600 my-private-file
+
== Listing only files ==
$ chmod go-rwx my-private-file
 
$ chmod u+rw my-private-file
 
$ chmod +x my-script
 
  
== Updating config files ==
+
$ ls -l | egrep -v '^d'
  
If you get given a new config file called new.conf and you want to integrate it with your old config file old.conf then:
+
== Listing hidden files ==
  
  $ cp old.conf updated.conf
+
  $ ls -al .[!.]*
$ merge -A updated.conf new.conf old.conf
 
  
Then go through and edit updated.conf resolving all the merge errors, picking and choosing what to update and what to keep. When you're done copy updated.conf to old.conf so it becomes the new config file.
+
== Creating a symbolic link ==
  
The merge program is a part of the RCS package. If you don't have it:
+
$ ln -s /path/to/target link-name
  
$ sudo apt-get install rcs
+
== Creating a hard-link ==
  
== Listing open files ==
+
$ ln /path/to/target file-name
  
Use lsof to list open files. E.g.:
+
== Changing the owner of a file ==
  
  # lsof
+
  $ chown user:group <files>
  
See man lsof for options.
+
E.g.
  
== List permissions on a whole directory path ==
+
$ chown jj5:staff README
 +
$ chown root:root *
  
E.g.:
+
To apply recursively into sub-directories use -R,
  
  $ namei -om /home/jj5/workspace
+
  $ chown -R root:root /etc/*
  
Outputs:
+
== Changing file permissions ==
  
f: /home/jj5/workspace/
+
{|class="wikitable"
  drwxr-xr-x root root /
+
|+ Object codes
  drwxr-xr-x root root home
+
! User !! Group !! Other
  drwxr-xr-x jj5  jj5  jj5
+
|-
  drwxr-xr-x jj5  jj5  workspace
+
| u    || g    || o
 +
|}
  
== Counting non-blank lines in a file ==
+
{|class="wikitable"
 
+
|+ Permission codes
E.g.:
+
! Read !! Write !! Exectue
 
+
|-
$ cat foo.c | sed '/^\s*$/d' | wc -l
+
| r    || w    || x
 +
|-
 +
| 4    || 2    || 1
 +
|}
  
== Cloning one directory to another with rsync ==
+
{|class="wikitable"
 
+
|+ Numeric codes
E.g.:
+
! 0
 
+
| None
rsync --acls --xattrs --stats --human-readable --recursive --del --force --times --links --hard-links --executability --numeric-ids --owner --group --perms --sparse --compress-level=0 /data/source/ hostname:/data/target/
+
|-
 
+
! 1
= Symbolic-link management =
+
| Execute
 
+
|-
== Data used by sym-linked files:
+
! 2
 
+
| Write
This will de-reference the sym-links in the current directory and tell you how much data the files pointed to by the sym-links are using:
+
|-
 
+
! 3
jj5@tact:/data/backup/unity/latest$ du -hD * | sort -h
+
| Write, Execute
 +
|-
 +
! 4
 +
| Read
 +
|-
 +
! 5
 +
| Read, Execute
 +
|-
 +
! 6
 +
| Read, Write
 +
|-
 +
! 7
 +
| Read, Write, Execute
 +
|}
  
= File searching =
+
See [http://catcode.com/teachmod/numeric2.html Numeric Mode in Action].
  
== Finding a file with a particular name ==
+
$ chmod <user numeric code><group numeric code><other numeric code> <files>
 +
$ chmod <object codes>+|-<permission codes> <files>
  
$ find -iname "*some-part-of-the-file-name*"
+
E.g.
  
Will start searching from the current directory, so maybe
+
$ chmod 600 my-private-file
 +
$ chmod go-rwx my-private-file
 +
$ chmod u+rw my-private-file
 +
$ chmod +x my-script
  
$ cd /
+
== Updating config files ==
  
first. For a case-sensitive search:
+
If you get given a new config file called new.conf and you want to integrate it with your old config file old.conf then:
  
  $ find -name "*eXaCT CaSE*"
+
  $ cp old.conf updated.conf
 +
$ merge -A updated.conf new.conf old.conf
  
== Finding a file with particular content ==
+
Then go through and edit updated.conf resolving all the merge errors, picking and choosing what to update and what to keep. When you're done copy updated.conf to old.conf so it becomes the new config file.
  
To search in /etc/ for a file with particular content:
+
The merge program is a part of the RCS package. If you don't have it:
  
  $ grep -R "search-string" /etc/*
+
  $ sudo apt-get install rcs
  
To search the current directory for *.cs files containing the word "Up":
+
== Listing open files ==
  
$ find . -name '*.cs' -exec grep --color=auto -H Up {} \;
+
Use lsof to list open files. E.g.:
  
== Finding a list of files with particular content ==
+
# lsof
  
E.g. to find all the files with the word 'creativity':
+
See man lsof for options.
  
$ grep -R creativity . | sed 's/:/ /' | awk '{ print $1 }' | sort | uniq
+
== List permissions on a whole directory path ==
  
== Using the locate command to find files ==
+
E.g.:
  
  $ locate part-of-filename
+
  $ namei -om /home/jj5/workspace
  
E.g.
+
Outputs:
  
  $ locate texvc
+
  f: /home/jj5/workspace/
 +
  drwxr-xr-x root root /
 +
  drwxr-xr-x root root home
 +
  drwxr-xr-x jj5  jj5  jj5
 +
  drwxr-xr-x jj5  jj5  workspace
  
== Updating locate command's database ==
+
== Counting non-blank lines in a file ==
  
# updatedb
+
E.g.:
  
= Job control =
+
$ cat foo.c | sed '/^\s*$/d' | wc -l
  
== Stopping a running process ==
+
== Cloning one directory to another with rsync ==
  
Press Ctrl+Z to stop a running process.
+
E.g.:
  
== Listing current jobs and their status ==
+
rsync --acls --xattrs --stats --human-readable --recursive --del --force --times --links --hard-links --executability --numeric-ids --owner --group --perms --sparse --compress-level=0 /data/source/ hostname:/data/target/
  
$ jobs
+
== Counting number of files in current directory and all subdirectories ==
  
== Resuming a stopped job in the backgroud ==
+
$ ls -AlhR . | egrep '^-' | wc -l
  
To resume a stopped process in the background
+
== Counting number of directories in current directory and all subdirectories ==
  
  $ bg %1
+
  $ ls -AlhR . | egrep '^d' | wc -l
  
where '1' is the job number reported by bash when you pressed Ctrl+Z (or ran 'jobs').
+
= Compression =
  
== Resuming a stopped job in the foreground ==
+
== How to use pigz with tar ==
  
To resume a stopped process in the foreground
+
See [https://stackoverflow.com/a/39904353 here]:
  
  $ fg %1
+
  $ tar cf - paths-to-archive | pigz --best -p 8 > archive.tgz
  
where '1' is the job number reported by bash when you pressed Ctrl+Z (or ran 'jobs').
+
== Best parallel compression with pigz ==
  
== Killing a stopped job ==
+
$ pigz --best
  
To kill a job
+
== Best parallel compression with xz ==
  
  $ kill %1
+
  $ xz -9e -T 0
  
where '1' is the job number reported by bash when you pressed Ctrl+Z (or ran 'jobs').
+
== Reporting compression ratios with xz ==
  
== Periodically run a program and watch its output ==
+
e.g.
  
  $ watch /your/command
+
  root@love:/data/image/archive# xz -l *
 +
Strms  Blocks  Compressed Uncompressed  Ratio  Check  Filename
 +
    1      3    372.2 MiB    442.3 MiB  0.841  CRC64  1999.txz
 +
    1      29  5,281.3 MiB  5,542.5 MiB  0.953  CRC64  2001.txz
 +
    1      11  1,364.3 MiB  2,084.3 MiB  0.655  CRC64  2002.txz
 +
    1      9    568.5 MiB  1,660.2 MiB  0.342  CRC64  2003.txz
 +
    1    639    66.8 GiB    119.6 GiB  0.558  CRC64  2004.txz
 +
    1    313    12.7 GiB    58.6 GiB  0.217  CRC64  2005.txz
 +
    1    414    35.0 GiB    77.4 GiB  0.452  CRC64  2006.txz
 +
    1    485    44.5 GiB    90.9 GiB  0.490  CRC64  2007.txz
 +
    1  1,690    150.0 GiB    316.8 GiB  0.473  CRC64  2008.txz
 +
    1      3    457.9 MiB    526.0 MiB  0.871  CRC64  2009.txz
 +
    1    168    27.3 GiB    31.4 GiB  0.868  CRC64  2010.txz
 +
    1      4    477.1 MiB    702.8 MiB  0.679  CRC64  2011.txz
 +
-------------------------------------------------------------------------------
 +
    12  3,768    344.6 GiB    705.5 GiB  0.488  CRC64  12 files
  
= Debian/Ubuntu package management =
+
= Symbolic-link management =
  
Also see [https://wiki.debian.org/WhereIsIt Where "is" it?] on the Debian Wiki.
+
== Data used by sym-linked files:
  
== configuring debconf ==
+
This will de-reference the sym-links in the current directory and tell you how much data the files pointed to by the sym-links are using:
  
  # dpkg-reconfigure debconf
+
  jj5@tact:/data/backup/unity/latest$ du -hD * | sort -h
  
Set priority to low to get asked detailed questions.
+
= File searching =
  
== Showing list of installed packages ==
+
== Finding a file with a particular name ==
  
  # dpkg --get-selections
+
  $ find -iname "*some-part-of-the-file-name*"
  
== Searching for installed package ==
+
Will start searching from the current directory, so maybe
  
  # dpkg --get-selections | grep package-name
+
  $ cd /
  
or
+
first. For a case-sensitive search:
  
  # aptitude search package-name
+
  $ find -name "*eXaCT CaSE*"
  
== Showing which files are installed as part of a package ==
+
== Finding a file with particular content ==
  
# dpkg -L package-name
+
To search in /etc/ for a file with particular content:
  
== Installing a package ==
+
$ grep -R "search-string" /etc/*
  
# apt-get install package-name
+
To search the current directory for *.cs files containing the word "Up":
  
== Uninstalling a package ==
+
$ find . -name '*.cs' -exec grep --color=auto -H Up {} \;
  
# apt-get remove package-name
+
== Finding a list of files with particular content ==
  
== Showing system architecture ==
+
E.g. to find all the files with the word 'creativity':
  
  $ dpkg --print-architecture
+
  $ grep -R creativity . | sed 's/:/ /' | awk '{ print $1 }' | sort | uniq
  
== Showing which package a file belongs to ==
+
== Using the locate command to find files ==
  
  $ which echo
+
  $ locate part-of-filename
/bin/echo
 
$ dpkg -S /bin/echo
 
coreutils: /bin/echo
 
$ dpkg -l | grep coreutils
 
ii  coreutils                        6.10-6                  The GNU core utilities
 
  
== Showing package information ==
+
E.g.
  
  $ apt-cache showpkg coreutils
+
  $ locate texvc
  
Or for even more information:
+
== Updating locate command's database ==
  
  $ apt-cache show coreutils
+
  # updatedb
  
== List all installed packages with package version info ==
+
= Job control =
  
dpkg-query -l
+
== Stopping a running process ==
  
== Reporting which version of a package is installed ==
+
Press Ctrl+Z to stop a running process.
  
$ dpkg -l | grep package-name
+
== Listing current jobs and their status ==
  
E.g.:
+
$ jobs
  
root@hope:~/letsencrypt# dpkg -l | grep augeas
+
== Resuming a stopped job in the backgroud ==
ii  augeas-lenses                  0.7.0-1ubuntu1                Set of lenses needed by libaugeas0 to parse
 
ii  libaugeas0                      0.7.0-1ubuntu1                The augeas configuration editing library and
 
  
== Comprehensive upgrade ==
+
To resume a stopped process in the background
  
Try the following:
+
$ bg %1
  
# apt-get update
+
where '1' is the job number reported by bash when you pressed Ctrl+Z (or ran 'jobs').
# apt-get dist-upgrade
 
# apt-get autoremove
 
# apt-get remove $(deborphan)
 
# update-flashplugin-nonfree --install
 
  
== Searching all available packages ==
+
== Resuming a stopped job in the foreground ==
  
$ apt-cache search . | sort -d | less
+
To resume a stopped process in the foreground
  
= Networking =
+
$ fg %1
  
== net-tools vs iproute2 ==
+
where '1' is the job number reported by bash when you pressed Ctrl+Z (or ran 'jobs').
  
The older 'net-tools' package has been replaced with 'iproute2' e.g. in [https://www.debian.org/releases/stretch/amd64/release-notes/ch-information.en.html#iproute2 stretch].
+
== Killing a stopped job ==
  
{|class="wikitable"
+
To kill a job
! legacy net-tools commands
 
! iproute2 replacement commands
 
|-
 
| arp      || ip n (ip neighbor)
 
|-
 
| ifconfig || ip a (ip addr), ip link, ip -s (ip -stats)
 
|-
 
| iptunnel || ip tunnel
 
|-
 
| iwconfig || iw
 
|-
 
| nameif  || ip link, ifrename
 
|-
 
| netstat  || ss, ip route (for netstat-r), ip -s link (for netstat -i), ip maddr (for netstat-g)
 
|-
 
| route    || ip r (ip route)
 
|}
 
  
== Restart networking ==
+
$ kill %1
  
For servers:
+
where '1' is the job number reported by bash when you pressed Ctrl+Z (or ran 'jobs').
  
# service networking restart
+
== Periodically run a program and watch its output ==
  
For desktops:
+
$ watch /your/command
  
# service network-manager restart
+
= Debian/Ubuntu package management =
  
== Pinging with particular packet size ==
+
Also see [https://wiki.debian.org/WhereIsIt Where "is" it?] on the Debian Wiki.
  
$ ping -M do -s <packet size in bytes> <host>
+
== configuring debconf ==
  
E.g.
+
# dpkg-reconfigure debconf
  
$ ping -M do -s 1400 charity.progclub.org
+
Set priority to low to get asked detailed questions.
  
== Setting [http://en.wikipedia.org/wiki/Maximum_segment_size MSS] for a particular IP address on a particular interface ==
+
== Showing list of installed packages ==
  
  # ip route add <host> dev <interface> advmss <packet size>
+
  # dpkg --get-selections
  
E.g.
+
== Searching for installed package ==
  
  # ip route add 10.0.0.1 dev eth0 advmss 1400
+
  # dpkg --get-selections | grep package-name
  
== Dropping configured MMS for a particular IP address ==
+
or
  
  # ip route flush <host>
+
  # aptitude search package-name
  
E.g.
+
== Showing which files are installed as part of a package ==
  
  # ip route flush 10.0.0.1
+
  # dpkg -L package-name
  
== Listing open ports and socket information ==
+
== Installing a package ==
  
Including which process is listening on which port.
+
# apt-get install package-name
  
# netstat -tulpn
+
== Uninstalling a package ==
  
Or use the 'ss' command:
+
# apt-get remove package-name
  
# ss -s
+
== Showing system architecture ==
# ss -l
 
# ss -pl
 
# ss -o state established '( dport = :smtp or sport = :smtp )'
 
  
== Listing open IPv4 connections ==
+
$ dpkg --print-architecture
  
# lsof -Pnl +M -i4
+
== Showing which package a file belongs to ==
  
You might need to install the lsof package:
+
$ which echo
 +
/bin/echo
 +
$ dpkg -S /bin/echo
 +
coreutils: /bin/echo
 +
$ dpkg -l | grep coreutils
 +
ii  coreutils                        6.10-6                  The GNU core utilities
  
# apt-get install lsof
+
== Showing package information ==
  
== Query for DNS MX record ==
+
$ apt-cache showpkg coreutils
  
$ nslookup
+
Or for even more information:
> server 127.0.0.1
 
> set q=mx
 
> mail.blackbrick.com
 
  
== Query for DNS SOA record ==
+
$ apt-cache show coreutils
  
$ dig @ns2.staticmagic.net -t SOA staticmagic.net
+
== List all installed packages with package version info ==
  
== Using nmap to list open ports on remote host ==
+
dpkg-query -l
  
To check the 1,000 most common ports:
+
== Reporting which version of a package is installed ==
  
  # nmap server.example.com
+
  $ dpkg -l | grep package-name
  
Or for a specific port range (e.g. 101 to 102):
+
E.g.:
  
  # nmap -p 101-102 server.example.com
+
  root@hope:~/letsencrypt# dpkg -l | grep augeas
 +
ii  augeas-lenses                  0.7.0-1ubuntu1                Set of lenses needed by libaugeas0 to parse
 +
ii  libaugeas0                      0.7.0-1ubuntu1                The augeas configuration editing library and
  
Or for all ports (1 to 65,535):
+
== Comprehensive upgrade ==
  
# nmap -p- server.example.com
+
Try the following:
  
== Network monitoring ==
+
# apt-get update
 +
# apt-get dist-upgrade
 +
# apt-get autoremove
 +
# apt-get remove $(deborphan)
 +
# update-flashplugin-nonfree --install
  
See [http://www.binarytides.com/linux-commands-monitor-network/ here] for details. Basically:
+
== Searching all available packages ==
  
# Overall bandwidth: nload, bmon, slurm, bwm-ng, cbm, speedometer, netload
+
$ apt-cache search . | sort -d | less
# Overall bandwidth (batch style output): vnstat, ifstat, dstat, collectl
 
# Bandwidth per socket connection: iftop, iptraf, tcptrack, pktstat, netwatch, trafshow
 
# Bandwidth per process: nethogs
 
  
== nload ==
+
= Networking =
  
You can watch network traffic in real-time with nload:
+
== net-tools vs iproute2 ==
  
# nload -u M
+
The older 'net-tools' package has been replaced with 'iproute2' e.g. in [https://www.debian.org/releases/stretch/amd64/release-notes/ch-information.en.html#iproute2 stretch].
  
== Reporting network (NIC) speed ==
+
{|class="wikitable"
 
+
! legacy net-tools commands
From [https://askubuntu.com/questions/431911/how-can-i-verify-the-speed-of-my-nic-in-ubuntu#431912 here]:
+
! iproute2 replacement commands
 
+
|-
# dmesg | grep eth0
+
| arp      || ip n (ip neighbor)
# mii-tool -v eth0
+
|-
# ethtool eth0
+
| ifconfig || ip a (ip addr), ip link, ip -s (ip -stats)
 
+
|-
Note: use ifconfig to get device name.
+
| iptunnel || ip tunnel
 +
|-
 +
| iwconfig || iw
 +
|-
 +
| nameif  || ip link, ifrename
 +
|-
 +
| netstat  || ss, ip route (for netstat-r), ip -s link (for netstat -i), ip maddr (for netstat-g)
 +
|-
 +
| route    || ip r (ip route)
 +
|}
  
== Path MTU discovery ==
+
== Restart networking ==
  
To do a [https://en.wikipedia.org/wiki/Path_MTU_Discovery Path MTU Discovery], from the iputils-tracepath package:
+
For servers:
  
  # tracepath host.example.com
+
  # service networking restart
  
== Listing available Ethernet devices ==
+
For desktops:
  
To see a list of NICs available on the host:
+
# service network-manager restart
  
$ cat /proc/net/dev
+
== Pinging with particular packet size ==
  
Also
+
$ ping -M do -s <packet size in bytes> <host>
  
$ ip link
+
E.g.
  
== Links ==
+
$ ping -M do -s 1400 charity.progclub.org
  
* [http://www.cyberciti.biz/faq/linux-unix-open-ports/ HowTo: UNIX / Linux Open TCP / UDP Ports]
+
== Setting [http://en.wikipedia.org/wiki/Maximum_segment_size MSS] for a particular IP address on a particular interface ==
  
= IPTables =
+
# ip route add <host> dev <interface> advmss <packet size>
  
== Applying firewall rules ==
+
E.g.
  
For configuration info see [http://articles.slicehost.com/2008/4/25/ubuntu-hardy-setup-page-1 this article].
+
# ip route add 10.0.0.1 dev eth0 advmss 1400
  
$ sudo vim /etc/iptables.test.rules
+
== Dropping configured MMS for a particular IP address ==
$ sudo /sbin/iptables -F
 
$ sudo /sbin/iptables-restore < /etc/iptables.test.rules
 
$ sudo iptables -L
 
$ sudo -s
 
# iptables-save > /etc/iptables.up.rules
 
# exit
 
  
= ufw =
+
# ip route flush <host>
  
== Denying hosts with ufw ==
+
E.g.
  
See [[Admin_reference#Denying_hosts_with_UFW|denying hosts with ufw]].
+
# ip route flush 10.0.0.1
  
= Bind9 =
+
== Listing open ports and socket information ==
  
== Viewing Bind9 querylog ==
+
Including which process is listening on which port.
  
  $ sudo rndc querylog
+
  # netstat -tulpn
$ tail -f /var/log/syslog
 
  
= IPSec =
+
Or use the 'ss' command:
  
== Disabling IPSec ==
+
# ss -s
 +
# ss -l
 +
# ss -pl
 +
# ss -o state established '( dport = :smtp or sport = :smtp )'
  
# setkey -FP
+
== Listing open IPv4 connections ==
  
= OpenSSL =
+
# lsof -Pnl +M -i4
  
== Debugging IMAPS with OpenSSL ==
+
You might need to install the lsof package:
  
  # openssl s_client -connect localhost:993
+
  # apt-get install lsof
> a1 LOGIN username@host password
 
> a2 LOGOUT
 
  
== Debugging HTTPS with OpenSSL ==
+
== Query for DNS MX record ==
  
  $ openssl s_client -connect www.example.com:443
+
  $ nslookup
  GET /example.html HTTP/1.1
+
  > server 127.0.0.1
  host: www.example.com
+
  > set q=mx
 +
> mail.blackbrick.com
  
== Links ==
+
== Query for DNS SOA record ==
  
* [http://www.madboa.com/geek/openssl/ OpenSSL Command-Line HOWTO]
+
$ dig @ns2.staticmagic.net -t SOA staticmagic.net
 +
 
 +
== Using nmap to list open ports on remote host ==
  
= Pluggable Authentication Modules (PAM) =
+
To check the 1,000 most common ports:
  
== Links ==
+
# nmap server.example.com
  
* [http://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-pam.html 42.4. Pluggable Authentication Modules (PAM)]
+
Or for a specific port range (e.g. 101 to 102):
  
= SSH =
+
# nmap -p 101-102 server.example.com
  
== Configuring SSH key login ==
+
Or for all ports (1 to 65,535):
  
On the client machine generate a key-pair (if necessary, check for existing ~/.ssh/id_rsa.pub):
+
# nmap -p- server.example.com
  
$ ssh-keygen -t rsa
+
== Network monitoring ==
  
Copy the public key from the client to the server:
+
See [http://www.binarytides.com/linux-commands-monitor-network/ here] for details. Basically:
  
$ scp ~/.ssh/id_rsa.pub user@example.org:
+
# Overall bandwidth: nload, bmon, slurm, bwm-ng, cbm, speedometer, netload
 +
# Overall bandwidth (batch style output): vnstat, ifstat, dstat, collectl
 +
# Bandwidth per socket connection: iftop, iptraf, tcptrack, pktstat, netwatch, trafshow
 +
# Bandwidth per process: nethogs
  
Configure the authorized keys on the server:
+
== nload ==
  
$ ssh user@example.org
+
You can watch network traffic in real-time with nload:
$ mkdir ~/.ssh
+
 
  $ chmod go-w .ssh
+
  # nload -u M
$ cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
 
$ chmod 600 ~/.ssh/authorized_keys
 
$ rm ~/id_rsa.pub
 
  
== Tunneling over SSH ==
+
== Reporting network (NIC) speed ==
  
For example, connecting a remote MySQL server to the localhost:
+
From [https://askubuntu.com/questions/431911/how-can-i-verify-the-speed-of-my-nic-in-ubuntu#431912 here]:
  
  $ ssh -L 3306:localhost:3306 jselliot@ssh.progsoc.org
+
  # dmesg | grep eth0
 +
# mii-tool -v eth0
 +
# ethtool eth0
  
If the machine you want to connect to is not the localhost of the machine you're ssh'ing to,
+
Note: use ifconfig to get device name.
  
  $ ssh -L 3306:muspell.progsoc.uts.edu.au:3306 ssh.progsoc.uts.edu.au
+
== Path MTU discovery ==
  
The -L stanza is localport:remotehost:remoteport where localport is a
+
To do a [https://en.wikipedia.org/wiki/Path_MTU_Discovery Path MTU Discovery], from the iputils-tracepath package:
port on your machine, forwarded to remoteport on remotehost.
 
  
== Tunneling over SSH with PuTTY ==
+
# tracepath host.example.com
  
See [http://www.anchor.com.au/hosting/support/MySQL/Connecting_to_mysql_remotely Connecting to the MySQL database remotely (via an SSH Tunnel)]
+
== Listing available Ethernet devices ==
  
* run putty.exe
+
To see a list of NICs available on the host:
* Connection -> SSH -> Tunnels
 
** Port forwarding: source port to 3306
 
** destination: 127.0.0.1:3306
 
** check Local
 
** click Add
 
  
== Enabling verbose SSH logging ==
+
$ cat /proc/net/dev
  
To see what's going on with your ssh connections,
+
Also
  
  $ ssh -v user@host
+
  $ ip link
  
Or
+
== 59 Linux Networking commands and scripts ==
  
$ ssh -vv user@host
+
See [https://haydenjames.io/linux-networking-commands-scripts/ 59 Linux Networking commands and scripts].
  
== Unlocking SSH key for session ==
+
== Links ==
  
jj5@orac:~/.config/autostart$ cat ssh-add.desktop
+
* [http://www.cyberciti.biz/faq/linux-unix-open-ports/ HowTo: UNIX / Linux Open TCP / UDP Ports]
[Desktop Entry]
 
Type=Application
 
Name=ssh-add
 
Comment=Adds my private key to my session.
 
Exec=/usr/bin/konsole -e 'ssh-add /home/$USER/.ssh/id_rsa'
 
  
== Links ==
+
= IPTables =
  
* [http://blogs.perl.org/users/smylers/2011/08/ssh-productivity-tips.html SSH Can Do That? Productivity Tips for Working with Remote Servers]
+
== Applying firewall rules ==
* [http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html PuTTY Download Page]
 
  
= Standard IO =
+
For configuration info see [http://articles.slicehost.com/2008/4/25/ubuntu-hardy-setup-page-1 this article].
  
== cat EOF ==
+
$ sudo vim /etc/iptables.test.rules
 
+
$ sudo /sbin/iptables -F
  $ cat > output <<EOF
+
  $ sudo /sbin/iptables-restore < /etc/iptables.test.rules
  > text
+
$ sudo iptables -L
  > EOF
+
$ sudo -s
 +
  # iptables-save > /etc/iptables.up.rules
 +
  # exit
  
$ cat output
+
= ufw =
text
 
  
= Script =
+
== Denying hosts with ufw ==
  
== Creating a session log with script ==
+
See [[Admin_reference#Denying_hosts_with_UFW|denying hosts with ufw]].
  
$ script -t 2> timing
+
= Bind9 =
  
The session log is in the file 'typescript' and the timing data is in 'timing'.
+
== Viewing Bind9 querylog ==
  
== Replaying a scripted session ==
+
$ sudo rndc querylog
 +
$ tail -f /var/log/syslog
  
$ scriptreplay timing
+
= IPSec =
  
Uses the default file 'typescript' and the 'timing' file as specified.
+
== Disabling IPSec ==
  
= Screen =
+
# setkey -FP
  
== Creating a new screen or reconnecting to a detached screen ==
+
= OpenSSL =
  
$ screen -R
+
== Debugging IMAPS with OpenSSL ==
  
== Detaching a screen ==
+
# openssl s_client -connect localhost:993
 +
> a1 LOGIN username@host password
 +
> a2 LOGOUT
  
$ screen -D
+
== Debugging HTTPS with OpenSSL ==
  
== Reconnecting to screen ==
+
$ openssl s_client -connect www.example.com:443
 +
GET /example.html HTTP/1.1
 +
host: www.example.com
  
$ screen -D
+
== Links ==
$ screen -R
 
  
I have a script in ~/bin/reconnect like so,
+
* [http://www.madboa.com/geek/openssl/ OpenSSL Command-Line HOWTO]
  
#!/bin/bash
+
= Pluggable Authentication Modules (PAM) =
screen -D
 
screen -R
 
  
This will detach your last screen, and reconnect it on the current terminal.
+
== Links ==
  
== Scrolling in screen ==
+
* [http://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-pam.html 42.4. Pluggable Authentication Modules (PAM)]
  
See [https://www.saltycrane.com/blog/2008/01/how-to-scroll-in-gnu-screen/ How to scroll in GNU Screen]. Basically press Ctrl+A ESC then use Page Up and Page Down. Press ESC again to exit copy mode. As usual you can use Ctrl+[ in place of ESC.
+
= SSH =
  
= Vim =
+
== Configuring SSH key login ==
  
== First, why Vim? ==
+
On the client machine generate a key-pair (if necessary, check for existing ~/.ssh/id_rsa.pub):
  
Read [http://www.viemu.com/a-why-vi-vim.html Why, oh WHY, do those #?@! nutheads use vi?]
+
$ ssh-keygen -t rsa
  
== Visual modes ==
+
Copy the public key from the client to the server:
  
Use 'v' for visual mode, 'V' for visual line mode and Ctrl+V for visual block mode.
+
$ scp ~/.ssh/id_rsa.pub user@example.org:
  
== Configuring spaces instead of tabs ==
+
Configure the authorized keys on the server:
  
I use two spaces instead of tabs. To configure, edit your .vimrc file:
+
$ ssh user@example.org
 +
$ mkdir ~/.ssh
 +
$ chmod go-w .ssh
 +
$ cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
 +
$ chmod 600 ~/.ssh/authorized_keys
 +
$ rm ~/id_rsa.pub
  
$ vim ~/.vimrc
+
== Tunneling over SSH ==
  
and include the following lines:
+
For example, connecting a remote MySQL server to the localhost:
  
  set tabstop=2
+
  $ ssh -L 3306:localhost:3306 jselliot@ssh.progsoc.org
set shiftwidth=2
 
set expandtab
 
  
== Configuring syntax highlighting ==
+
If the machine you want to connect to is not the localhost of the machine you're ssh'ing to,
  
See [http://www.cyberciti.biz/faq/turn-on-or-off-color-syntax-highlighting-in-vi-or-vim/ here].
+
  $ ssh -L 3306:muspell.progsoc.uts.edu.au:3306 ssh.progsoc.uts.edu.au
  
Use:
+
The -L stanza is localport:remotehost:remoteport where localport is a
 +
port on your machine, forwarded to remoteport on remotehost.
  
:syntax on
+
== Tunneling over SSH with PuTTY ==
  
to turn on syntax highlighting.
+
See [http://www.anchor.com.au/hosting/support/MySQL/Connecting_to_mysql_remotely Connecting to the MySQL database remotely (via an SSH Tunnel)]
  
Use:
+
* run putty.exe
 +
* Connection -> SSH -> Tunnels
 +
** Port forwarding: source port to 3306
 +
** destination: 127.0.0.1:3306
 +
** check Local
 +
** click Add
  
:syntax off
+
== Enabling verbose SSH logging ==
  
to turn off syntax highlighting.
+
To see what's going on with your ssh connections,
  
To always use syntax highlighting:
+
$ ssh -v user@host
  
$ vim ~/.vimrc
+
Or
  
and add:
+
$ ssh -vv user@host
  
syntax on
+
== Unlocking SSH key for session ==
  
To get a list of supported colour schemes open vim and type:
+
jj5@orac:~/.config/autostart$ cat ssh-add.desktop
 +
[Desktop Entry]
 +
Type=Application
 +
Name=ssh-add
 +
Comment=Adds my private key to my session.
 +
Exec=/usr/bin/konsole -e 'ssh-add /home/$USER/.ssh/id_rsa'
  
:colorscheme[space][Ctrl+D]
+
== Links ==
  
To always use a particular colorscheme edit ~/.vimrc and add (for example):
+
* [http://blogs.perl.org/users/smylers/2011/08/ssh-productivity-tips.html SSH Can Do That? Productivity Tips for Working with Remote Servers]
 +
* [http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html PuTTY Download Page]
  
colorscheme desert
+
= Standard IO =
  
== Inserting a TAB character when expandtab is on ==
+
== cat EOF ==
  
The problem here is that you have configured vim to insert spaces, but for a particular file (e.g. a Makefile) you need to insert a character.
+
$ cat > output <<EOF
 +
> text
 +
> EOF
  
Press Ctrl+V TAB to insert a literal tab character.
+
$ cat output
 +
text
  
Or you can disable tab expansion altogether with:
+
= Script =
  
:set expandtab!
+
== Creating a session log with script ==
  
== Changing 2 space indent to 4 space indent (e.g. for python files) ==
+
$ script -t 2> timing
  
:%s/^\s*/&&/g
+
The session log is in the file 'typescript' and the timing data is in 'timing'.
  
For more information [https://www.progclub.org/blog/2013/08/10/vim-reformat-a-python-file-to-have-4-space-indentations/ see here].
+
== Replaying a scripted session ==
  
== Recording and replaying a macro ==
+
$ scriptreplay timing
  
To record a macro press 'q' and then a number between 1 and 9. E.g. press "q1". The macro is now recording. When you've finished issuing your commands press 'q' again to finish recording. To replay a macro press '@' followed by the number of the macro. That is, if you pressed "q1" to record the macro, press "@1" to replay the macro. To replay the last macro again press "@@".
+
Uses the default file 'typescript' and the 'timing' file as specified.
  
== Deleting to end of line ==
+
= Screen =
  
d$
+
== Creating a new screen or reconnecting to a detached screen ==
  
== Deleting to beginning of line ==
+
$ screen -R
  
d^
+
== Detaching a screen ==
  
== Finding text ==
+
$ screen -D
  
To search forward for "text":
+
== Reconnecting to screen ==
  
  /text
+
  $ screen -D
 +
$ screen -R
  
To search backward for "text":
+
I have a script in ~/bin/reconnect like so,
  
  ?text
+
  #!/bin/bash
 +
screen -D
 +
screen -R
  
To repeat the last search in a forward direction press 'n', or to search again backwards press 'N'.
+
This will detach your last screen, and reconnect it on the current terminal.
  
== Finding and replacing text ==
+
== Scrolling in screen ==
  
To replace the first instance of "search" on the current line with "destroy":
+
See [https://www.saltycrane.com/blog/2008/01/how-to-scroll-in-gnu-screen/ How to scroll in GNU Screen]. Basically press Ctrl+A ESC then use Page Up and Page Down. Press ESC again to exit copy mode. As usual you can use Ctrl+[ in place of ESC.
  
:s/search/destroy/
+
= Vim =
  
To replace all instances of "search" on the current line with "destroy":
+
== First, why Vim? ==
  
:s/search/destroy/g
+
Read [http://www.viemu.com/a-why-vi-vim.html Why, oh WHY, do those #?@! nutheads use vi?]
  
To replace all instances of "search" on lines 13 to 37 with "destroy":
+
== Visual modes ==
  
:13,37 s/search/destroy/g
+
Use 'v' for visual mode, 'V' for visual line mode and Ctrl+V for visual block mode.
  
To replace all instances of "search" in the entire file with "destroy":
+
== Configuring spaces instead of tabs ==
  
:%s/search/destroy/g
+
I use two spaces instead of tabs. To configure, edit your .vimrc file:
  
== Changing DOS/Windows line-endings (CRLF) to Unix line-endings ==
+
$ vim ~/.vimrc
  
To set the line-ending to Unix line endings run the command:
+
and include the following lines:
  
  :setlocal ff=unix
+
  set tabstop=2
 +
set shiftwidth=2
 +
set expandtab
  
More information on managing file formats [http://vim.wikia.com/wiki/File_format available here].
+
== Configuring syntax highlighting ==
  
== Disabling auto-indent etc. to paste from clipboard ==
+
See [http://www.cyberciti.biz/faq/turn-on-or-off-color-syntax-highlighting-in-vi-or-vim/ here].
  
To disable smart indenting when you're going to paste in text:
+
Use:
  
  :set paste
+
  :syntax on
  
To turn it off again:
+
to turn on syntax highlighting.
  
:set nopaste
+
Use:
  
There's more info in this article: [http://vim.wikia.com/wiki/Toggle_auto-indenting_for_code_paste Toggle auto-indenting for code paste]
+
:syntax off
  
== Positioning windows ==
+
to turn off syntax highlighting.
  
Use -o for horizontal split, e.g.:
+
To always use syntax highlighting:
  
  vim -o a.txt b.txt
+
  $ vim ~/.vimrc
  
Use -O for vertical split, e.g.:
+
and add:
  
  vim -o a.txt b.txt
+
  syntax on
  
Use ^W to navigate windows then use directional keys h, j, k, l, etc.
+
To get a list of supported colour schemes open vim and type:
  
Use ^W and &lt; or &gt; to resize windows.
+
:colorscheme[space][Ctrl+D]
  
== To indent a block of text in Vim ==
+
To always use a particular colorscheme edit ~/.vimrc and add (for example):
  
Use the > command. E.g. to indent five lines:
+
colorscheme desert
  
5 > >
+
== Inserting a TAB character when expandtab is on ==
  
Press . (dot) to keep indenting.
+
The problem here is that you have configured vim to insert spaces, but for a particular file (e.g. a Makefile) you need to insert a character.
  
Or inside a block (e.g. curly brace, HTML/XML element, etc.) you can put your cursor in the element on on the curly brace and then:
+
Press Ctrl+V TAB to insert a literal tab character.
  
> %
+
Or you can disable tab expansion altogether with:
  
See [http://stackoverflow.com/questions/235839/indent-multiple-lines-quickly-in-vi#235841 here] for more.
+
:set expandtab!
  
== Open a file in a new window/tab ==
+
== Changing 2 space indent to 4 space indent (e.g. for python files) ==
  
To open a file on the left hand side:
+
:%s/^\s*/&&/g
  
:vert new filename.ext
+
For more information [https://www.progclub.org/blog/2013/08/10/vim-reformat-a-python-file-to-have-4-space-indentations/ see here].
  
Note: ':vnew filename.ext' and ':vsp filename.ext' also work.
+
== Recording and replaying a macro ==
  
To open a file at the top:
+
To record a macro press 'q' and then a number between 1 and 9. E.g. press "q1". The macro is now recording. When you've finished issuing your commands press 'q' again to finish recording. To replay a macro press '@' followed by the number of the macro. That is, if you pressed "q1" to record the macro, press "@1" to replay the macro. To replay the last macro again press "@@".
  
:new filename.ext
+
== Deleting to end of line ==
  
See [http://stackoverflow.com/questions/10760310/how-to-open-a-new-file-in-vim-in-a-new-window#10762678 here] for more.
+
d$
  
== Explore files in Vim ==
+
== Deleting to beginning of line ==
  
Enter:
+
d^
 +
 
 +
== Finding text ==
  
:Explore
+
To search forward for "text":
  
== Switch between Vim tabs ==
+
/text
  
Use gt and gT.
+
To search backward for "text":
  
== Switch between Vim windows ==
+
?text
  
To toggle between open windows use:
+
To repeat the last search in a forward direction press 'n', or to search again backwards press 'N'.
  
Ctrl+W W
+
== Finding and replacing text ==
  
To move in a direction use:
+
To replace the first instance of "search" on the current line with "destroy":
  
  Ctrl+W h/j/k/l
+
  :s/search/destroy/
  
See [http://superuser.com/questions/280500/how-does-one-switch-between-windows-on-vim#280501 here] for more.
+
To replace all instances of "search" on the current line with "destroy":
  
== Insert block comment in Vim ==
+
:s/search/destroy/g
  
See [https://stackoverflow.com/a/253391/868138 here] for line-commenting.
+
To replace all instances of "search" on lines 13 to 37 with "destroy":
  
So it's:
+
:13,37 s/search/destroy/g
  
# Ctrl+V (Note: not Shift+V!)
+
To replace all instances of "search" in the entire file with "destroy":
# Up/Down to select rows
+
 
# Shift+I
+
:%s/search/destroy/g
# Enter your text, e.g. '#' or '//'
+
 
# Ctrl+[ (or 'Esc')
+
== Changing DOS/Windows line-endings (CRLF) to Unix line-endings ==
  
== Navigate to matching tag ==
+
To set the line-ending to Unix line endings run the command:
  
To navigate to the matching beginning or end tag use '%'.
+
:setlocal ff=unix
  
You can also use e.g. '[{' to match the previous '{', or e.g. '])' to match the next ')'.
+
More information on managing file formats [http://vim.wikia.com/wiki/File_format available here].
  
== Auto-format HTML tags ==
+
== Disabling auto-indent etc. to paste from clipboard ==
  
Stolen from [https://www.quora.com/How-do-you-auto-format-HTML-in-Vim here].
+
To disable smart indenting when you're going to paste in text:
  
# first join all the lines - ggVGgJ
+
:set paste
# Now break tags to new lines - :%s/>\s*</>\r</g
 
# Now set filetype - :set ft=html (you can do this before too)
 
# Now Indent - ggVG=
 
  
== Links ==
+
To turn it off again:
  
* [http://www.vim.org/ Vim: the editor]
+
:set nopaste
* [http://yannesposito.com/Scratch/en/blog/Learn-Vim-Progressively/ Learn Vim Progressively]
 
* [http://michael.peopleofhonoronly.com/vim/ Vim cheat sheet for programmers]
 
* [http://stackoverflow.com/questions/4781070/how-to-insert-tab-character-when-expandtab-option-is-on-in-vim How to insert Tab character when expandtab option is ON in VIM]
 
* [https://www.linux.com/learn/tutorials/8255-vim-tips-the-basics-of-search-and-replace Vim tips: the basics of search and replace]
 
* [http://vim.wikia.com/wiki/File_format File format]
 
* [http://www.viemu.com/a_vi_vim_graphical_cheat_sheet_tutorial.html Graphical vi-vim Cheat Sheet and Tutorial]
 
* [http://www.angelwatt.com/coding/notes/vim-commands.html Vim Commands Cheat Sheet]
 
  
= Write =
+
There's more info in this article: [http://vim.wikia.com/wiki/Toggle_auto-indenting_for_code_paste Toggle auto-indenting for code paste]
  
== Talking to other users on the system ==
+
== Positioning windows ==
  
'''write''' is a unix command for talking to other users on the system. To use '''write''':
+
Use -o for horizontal split, e.g.:
  
1. SSH to <username>@<hostname> and login with your username and password.
+
vim -o a.txt b.txt
  
2. Issue the following command to find out who is logged onto the system:
+
Use -O for vertical split, e.g.:
  
  $ who
+
  vim -o a.txt b.txt
  
3. Issue the following command to talk to a specific user:
+
Use ^W to navigate windows then use directional keys h, j, k, l, etc.
  
$ write <username>
+
Use ^W and &lt; or &gt; to resize windows.
  
4. Enter the message you'd like to send the user, followed by Ctrl+C to send. Press Ctrl+D to cancel.
+
== To indent a block of text in Vim ==
  
= Date =
+
Use the > command. E.g. to indent five lines:
  
== Reporting the time on the server ==
+
5 > >
  
$ date
+
Press . (dot) to keep indenting.
  
== Reporting UTC time ==
+
Or inside a block (e.g. curly brace, HTML/XML element, etc.) you can put your cursor in the element on on the curly brace and then:
  
  $ date --utc
+
  > %
  
== Getting the date in yyyy-MM-dd-hhmmss format ==
+
See [http://stackoverflow.com/questions/235839/indent-multiple-lines-quickly-in-vi#235841 here] for more.
  
$ date="`date +%F-%H%M%S`"
+
== Open a file in a new window/tab ==
  
== Getting the year in four digits ==
+
To open a file on the left hand side:
  
  $ year="`date +%Y`"
+
  :vert new filename.ext
  
== Getting the month in two digits ==
+
Note: ':vnew filename.ext' and ':vsp filename.ext' also work.
  
$ month="`date +%m`"
+
To open a file at the top:
  
== Getting the day of the month in two digits ==
+
:new filename.ext
  
$ day="`date +%d`"
+
See [http://stackoverflow.com/questions/10760310/how-to-open-a-new-file-in-vim-in-a-new-window#10762678 here] for more.
  
== Getting yesterday's date ==
+
== Explore files in Vim ==
  
$ date --date='1 day ago' +%Y-%m-%d
+
Enter:
  
== Converting Unix time (seconds since epoch) ==
+
:Explore
  
For timestamp '1501370200':
+
== Switch between Vim tabs ==
  
$ date -d @1501370200 +%F-%H%M%S
+
Use gt and gT.
  
== Running timedatectl from systemd ==
+
== Switch between Vim windows ==
  
There's a new command bundled with systmed:
+
To toggle between open windows use:
  
  # timedatectl
+
  Ctrl+W W
  
It reports on (and controls) how the system time is configured.
+
To move in a direction use:
  
= MySQL =
+
Ctrl+W h/j/k/l
  
== Run mysql without authentication/authorisation ==
+
See [http://superuser.com/questions/280500/how-does-one-switch-between-windows-on-vim#280501 here] for more.
  
# service mysql stop
+
== Insert block comment in Vim ==
# mysqld_safe --skip-grant-tables &
 
  
Then you can connect without a password, e.g.:
+
See [https://stackoverflow.com/a/253391/868138 here] for line-commenting.
  
# mysql -u root mysql
+
So it's:
  
To stop the unauthenticated service:
+
# Ctrl+V (Note: not Shift+V!)
 +
# Up/Down to select rows
 +
# Shift+I
 +
# Enter your text, e.g. '#' or '//'
 +
# Ctrl+[ (or 'Esc')
  
# mysqladmin shutdown
+
== Navigate to matching tag ==
  
Then restart a normal service:
+
To navigate to the matching beginning or end tag use '%'.
  
# service mysql start
+
You can also use e.g. '[{' to match the previous '{', or e.g. '])' to match the next ')'.
  
== Logging all database queries ==
+
== Auto-format HTML tags ==
  
# vim /etc/mysql/my.cnf
+
Stolen from [https://www.quora.com/How-do-you-auto-format-HTML-in-Vim here].
  
In the [mysqld] section add:
+
# first join all the lines - ggVGgJ
 +
# Now break tags to new lines - :%s/>\s*</>\r</g
 +
# Now set filetype - :set ft=html (you can do this before too)
 +
# Now Indent - ggVG=
  
log=/tmp/mysql.log
+
== Links ==
  
Then:
+
* [http://www.vim.org/ Vim: the editor]
 +
* [http://yannesposito.com/Scratch/en/blog/Learn-Vim-Progressively/ Learn Vim Progressively]
 +
* [http://michael.peopleofhonoronly.com/vim/ Vim cheat sheet for programmers]
 +
* [http://stackoverflow.com/questions/4781070/how-to-insert-tab-character-when-expandtab-option-is-on-in-vim How to insert Tab character when expandtab option is ON in VIM]
 +
* [https://www.linux.com/learn/tutorials/8255-vim-tips-the-basics-of-search-and-replace Vim tips: the basics of search and replace]
 +
* [http://vim.wikia.com/wiki/File_format File format]
 +
* [http://www.viemu.com/a_vi_vim_graphical_cheat_sheet_tutorial.html Graphical vi-vim Cheat Sheet and Tutorial]
 +
* [http://www.angelwatt.com/coding/notes/vim-commands.html Vim Commands Cheat Sheet]
  
# service mysql restart
+
= Write =
  
Watch the log with:
+
== Talking to other users on the system ==
  
# tail -f /tmp/mysql.log
+
'''write''' is a unix command for talking to other users on the system. To use '''write''':
  
== Dumping a MySQL database ==
+
1. SSH to <username>@<hostname> and login with your username and password.
  
You can dump the database into a file using:  
+
2. Issue the following command to find out who is logged onto the system:
 
$ mysqldump -h hostname -u user --password=password databasename > filename
 
  
== Loading a MySQL database from a dump file ==
+
$ who
  
You can create a database using:
+
3. Issue the following command to talk to a specific user:
  
  $ echo create database databasename | mysql -h hostname -u user -p
+
  $ write <username>
  
You can restore a database using:
+
4. Enter the message you'd like to send the user, followed by Ctrl+C to send. Press Ctrl+D to cancel.
 
$ mysql -h hostname -u user --password=password databasename < filename
 
  
== Creating a MySQL user ==
+
= Date =
  
# mysql -h localhost -u root --password=<password>
+
== Reporting the time on the server ==
mysql> create user 'username'@'localhost' identified by '<password>';
 
  
== Granting all MySQL user permissions ==
+
$ date
  
# mysql -h localhost -u root --password=<password>
+
== Reporting UTC time ==
mysql> grant all privileges on dbname.* to user@host;
 
  
== Select domain name from email address ==
+
$ date --utc
  
SELECT SUBSTR( email, INSTR( email, '@' ) + 1 )
+
== Getting the date in yyyy-MM-dd-hhmmss format ==
  
== Check if MySQL connection is encrypted with TLS/SSL ==
+
$ date="`date +%F-%H%M%S`"
  
Check the SSL version in use:
+
== Getting the year in four digits ==
  
  show status like 'Ssl_version';
+
  $ year="`date +%Y`"
  
Or check the cipher in use:
+
== Getting the month in two digits ==
  
  show status like 'Ssl_cipher';
+
  $ month="`date +%m`"
  
= Apache =
+
== Getting the day of the month in two digits ==
  
== Maintaining .htaccess passwords ==
+
$ day="`date +%d`"
  
To add or modify the password for a user:
+
== Getting yesterday's date ==
  
  $ htpasswd /etc/apache2/passwd username
+
  $ date --date='1 day ago' +%Y-%m-%d
  
== Configuring PHP session timeout in .htaccess ==
+
== Converting Unix time (seconds since epoch) ==
  
For a session timeout of 9 hours:
+
For timestamp '1501370200':
  
  php_value session.cookie_lifetime 32400
+
  $ date -d @1501370200 +%F-%H%M%S
php_value session.gc_maxlifetime 32400
 
  
== Disabling PHP magic quotes in .htaccess ==
+
== Running timedatectl from systemd ==
  
php_flag magic_quotes_gpc Off
+
There's a new command bundled with systmed:
  
== Requiring HTTP Auth in .htaccess ==
+
# timedatectl
  
AuthType Basic
+
It reports on (and controls) how the system time is configured.
AuthName "Speak Friend And Enter"
 
AuthUserFile /home/jj5/.htpasswd
 
Require valid-user
 
  
== Restarting Apache ==
+
= MySQL =
  
The hard way
+
== Run mysql without authentication/authorisation ==
  
  $ sudo /etc/init.d/apache2 restart
+
  # service mysql stop
 +
# mysqld_safe --skip-grant-tables &
  
The graceful way (avoids dropping active connections)
+
Then you can connect without a password, e.g.:
  
  $ sudo apache2ctl graceful
+
  # mysql -u root mysql
  
== Allowing directory browsing ==
+
To stop the unauthenticated service:
  
To show directory index pages, in the apache config file:
+
# mysqladmin shutdown
  
<Directory /var/www/data>
+
Then restart a normal service:
  Options Indexes
 
</Directory>
 
  
= C =
+
# service mysql start
  
== Locating memset function ==
+
== Logging all database queries ==
  
The memset function is in &lt;string.h> as described in this article [http://www.java-samples.com/showtutorial.php?tutorialid=591 Using memset(), memcpy(), and memmove() in C]
+
# vim /etc/mysql/my.cnf
  
== Links ==
+
In the [mysqld] section add:
  
* [http://www.ibm.com/developerworks/linux/library/l-memory/ Inside memory management]
+
log=/tmp/mysql.log
  
= PHP =
+
Then:
  
== Including a file relative to the including file ==
+
# service mysql restart
  
require_once( dirname( __FILE__ ) . '/relative/path/to.php' );
+
Watch the log with:
  
== Enabling error reporting ==
+
# tail -f /tmp/mysql.log
  
error_reporting( E_ALL | E_STRICT );
+
== Dumping a MySQL database ==
ini_set( 'display_errors', 'On' );
 
  
== Setting an error handler ==
+
You can dump the database into a file using:
 +
 +
$ mysqldump -h hostname -u user --password=password databasename > filename
  
set_error_handler( "error_handler", E_ALL | E_STRICT );
+
== Loading a MySQL database from a dump file ==
  
function error_handler( $error_code, $error_message, $error_file, $error_line, $error_context ) {
+
You can create a database using:
  // ...
 
}
 
  
== Disable HTML content in var_dump ==
+
$ echo create database databasename | mysql -h hostname -u user -p
  
  ini_set( 'html_errors', 'off' );
+
You can restore a database using:
 +
   
 +
$ mysql -h hostname -u user --password=password databasename < filename
  
= BASH scripting =
+
== Creating a MySQL user ==
  
For a primer on bash scripting see [http://www.progsoc.org/tfm/tfm03/node37.html TFM: Erotic Fantasy: /bin/sh Programming].
+
# mysql -h localhost -u root --password=<password>
 +
mysql> create user 'username'@'localhost' identified by '<password>';
  
== Telling a script to run in bash ==
+
== Granting all MySQL user permissions ==
  
The first line of the file should be:
+
# mysql -h localhost -u root --password=<password>
 +
mysql> grant all privileges on dbname.* to user@host;
  
#!/bin/bash
+
== Select domain name from email address ==
  
== Checking if a command-line argument was passed in ==
+
SELECT SUBSTR( email, INSTR( email, '@' ) + 1 )
  
if [ -n "$1" ]; then
+
== Check if MySQL connection is encrypted with TLS/SSL ==
  echo "Missing parameter 1.";
 
  exit 1;
 
fi
 
  
== Checking if a command-line argument was not passed in ==
+
Check the SSL version in use:
  
  if [ "$1" = "" ]; then
+
  show status like 'Ssl_version';
  echo "Missing parameter 1.";
 
  exit 1;
 
fi
 
  
Or:
+
Or check the cipher in use:
  
  if [ -z "$1" ]; then
+
  show status like 'Ssl_cipher';
  echo "Missing parameter 1.";
 
  exit 1;
 
fi
 
  
== Checking command exit status ==
+
= Apache =
  
cd /my/path
+
== Maintaining .htaccess passwords ==
if [ "$?" -ne "0" ]; then
 
  echo "Cannot change dir.";
 
  exit 1;
 
fi
 
  
== Checking if a file does/doesn't exist ==
+
To add or modify the password for a user:
  
Check if file exists:
+
$ htpasswd /etc/apache2/passwd username
  
if [ -f "/my/file" ]; then
+
== Configuring PHP session timeout in .htaccess ==
  cat /my/file
 
fi
 
  
Check if file doesn't exist:
+
For a session timeout of 9 hours:
  
  if [ ! -f "/my/file" ]; then
+
  php_value session.cookie_lifetime 32400
  touch /my/file
+
  php_value session.gc_maxlifetime 32400
  fi
 
  
== Checking if a directory does/doesn't exist ==
+
== Disabling PHP magic quotes in .htaccess ==
  
Check if directory exists:
+
php_flag magic_quotes_gpc Off
  
if [ -d "/my/dir" ]; then
+
== Requiring HTTP Auth in .htaccess ==
  rmdir /my/dir
 
fi
 
  
Check if directory doesn't exist:
+
AuthType Basic
 +
AuthName "Speak Friend And Enter"
 +
AuthUserFile /home/jj5/.htpasswd
 +
Require valid-user
  
if [ ! -d "/my/dir" ]; then
+
== Restarting Apache ==
  mkdir /my/dir
 
fi
 
  
== Deleting old backups ==
+
The hard way
  
To keep only the latest five backups:
+
$ sudo /etc/init.d/apache2 restart
  
find . -maxdepth 1 -type f -printf '%T@ %p\0' | sort -r -z -n | awk 'BEGIN { RS="\0"; ORS="\0"; FS="" } NR > 5 { sub("^[0-9]*(.[0-9]*)? ", ""); print }' | xargs -0 rm -f
+
The graceful way (avoids dropping active connections)
  
This script stolen from [http://stackoverflow.com/questions/25785/delete-all-but-the-most-recent-x-files-in-bash stackoverflow].
+
$ sudo apache2ctl graceful
  
Requires GNU find for -printf, GNU sort for -z, GNU awk for "\0" and GNU xargs for -0, but handles files with embedded newlines or spaces.
+
== Allowing directory browsing ==
  
== Changing into the script's directory ==
+
To show directory index pages, in the apache config file:
  
  cd "`dirname $0`"
+
  <Directory /var/www/data>
 +
  Options Indexes
 +
</Directory>
  
== Getting the absolute path of a relative path ==
+
= C =
  
readlink -f ./some/path
+
== Locating memset function ==
  
== Creating a temp directory ==
+
The memset function is in &lt;string.h> as described in this article [http://www.java-samples.com/showtutorial.php?tutorialid=591 Using memset(), memcpy(), and memmove() in C]
  
dir=`mktemp -d` && cd $dir
+
== Links ==
  
== Reading secret input from stdin ==
+
* [http://www.ibm.com/developerworks/linux/library/l-memory/ Inside memory management]
  
You can read a secret, such as a password, like this:
+
= PHP =
  
echo -n "Enter passphrase: "
+
== Including a file relative to the including file ==
stty -echo
 
read passphrase;
 
stty echo
 
echo ""
 
  
After running the above the secret will be in the $passphrase environment variable.
+
require_once( dirname( __FILE__ ) . '/relative/path/to.php' );
  
== String replacements in bash ==
+
== Enabling error reporting ==
 +
 
 +
error_reporting( E_ALL | E_STRICT );
 +
ini_set( 'display_errors', 'On' );
  
See the [http://www.tldp.org/LDP/abs/html/string-manipulation.html string manipulation] doco. Basically, to replace first occurrence:
+
== Setting an error handler ==
  
  result=${var/find/replace}
+
  set_error_handler( "error_handler", E_ALL | E_STRICT );
  
To replace all occurrences:
+
function error_handler( $error_code, $error_message, $error_file, $error_line, $error_context ) {
 +
  // ...
 +
}
  
result=${var//find/replace}
+
== Disable HTML content in var_dump ==
  
A practical example, get an ISO date and turn it into a path:
+
ini_set( 'html_errors', 'off' );
  
date="$(date +%Y-%m-%d)"
+
== Report PHP modules ==
work_dir=${date//-//}
 
  
== Sending a HEREDOC to a file ==
+
$ php -m
  
cat << EOF > /tmp/yourfilehere
+
== PHP Security Best Practices For Sys Admins ==
These contents will be written to the file.
 
        This line is indented.
 
EOF
 
  
== Bash case/switch statement ==
+
See [https://www.cyberciti.biz/tips/php-security-best-practices-tutorial.html Linux 25 PHP Security Best Practices For Sys Admins].
  
See [http://tldp.org/LDP/Bash-Beginners-Guide/html/sect_07_03.html using case statements], e.g.:
+
= BASH scripting =
  
case $space in
+
For a primer on bash scripting see [http://www.progsoc.org/tfm/tfm03/node37.html TFM: Erotic Fantasy: /bin/sh Programming].
[1-6]*)
 
  Message="All is quiet."
 
  ;;
 
[7-8]*)
 
  Message="Start thinking about cleaning out some stuff. There's a partition that is $space % full."
 
  ;;
 
9[1-8])
 
  Message="Better hurry with that new disk...  One partition is $space % full."
 
  ;;
 
99)
 
  Message="I'm drowning here!  There's a partition at $space %!"
 
  ;;
 
*)
 
  Message="I seem to be running with an nonexistent amount of disk space..."
 
  ;;
 
esac
 
  
== Using dotglob shopt to match dot-files ==
+
== Telling a script to run in bash ==
  
To enable dot-file matching in globs, set the dotglob shell option:
+
The first line of the file should be:
  
  $ shopt -s dotglob
+
  #!/bin/bash
  
= Sed =
+
== Checking if a command-line argument was passed in ==
  
== Find and replace with sed ==
+
if [ -n "$1" ]; then
 +
  echo "Missing parameter 1.";
 +
  exit 1;
 +
fi
  
To update the current file use '-i'. E.g.:
+
== Checking if a command-line argument was not passed in ==
  
  sed -i 's/search-text/replace-text/' file
+
  if [ "$1" = "" ]; then
 +
  echo "Missing parameter 1.";
 +
  exit 1;
 +
fi
  
= Awk =
+
Or:
  
== Listing IP addresses in an Apache web log ==
+
if [ -z "$1" ]; then
 +
  echo "Missing parameter 1.";
 +
  exit 1;
 +
fi
  
awk '/GET \/path\/for\/url/ { print $1 }' /var/log/apache2/access.log | sort | uniq
+
== Checking command exit status ==
  
== Printing space-separated field ==
+
cd /my/path
 +
if [ "$?" -ne "0" ]; then
 +
  echo "Cannot change dir.";
 +
  exit 1;
 +
fi
  
echo 'no no yes no' | awk '{print $3}'
+
== Checking if a file does/doesn't exist ==
  
== Printing delimited field ==
+
Check if file exists:
  
  echo 'no:no:yes:no' | awk -F ':' '{print $3}'
+
  if [ -f "/my/file" ]; then
 +
  cat /my/file
 +
fi
  
= Subversion =
+
Check if file doesn't exist:
  
== Setting svn:externals from the command-line ==
+
if [ ! -f "/my/file" ]; then
 +
  touch /my/file
 +
fi
  
See [http://beerpla.net/2009/06/20/how-to-properly-set-svn-svnexternals-property-in-svn-command-line/ here].
+
== Checking if a directory does/doesn't exist ==
  
To set an svn:externals from the command-line:
+
Check if directory exists:
  
  svn propset svn:externals 'rdfind-php https://www.progclub.org/svn/pcrepo/rdfind.php/branches/0.1' .
+
  if [ -d "/my/dir" ]; then
svn ci -m 'Adding svn:externals for rdfind-php...'
+
  rmdir /my/dir
  svn up
+
  fi
  
Or to use a file:
+
Check if directory doesn't exist:
  
  svn propset svn:externals -F svn.externals .
+
  if [ ! -d "/my/dir" ]; then
 +
  mkdir /my/dir
 +
fi
  
== Setting svn:ignore from the command line ==
+
== Deleting old backups ==
  
See [http://tedone.typepad.com/blog/2010/03/setting-svnignore-from-the-command-line.html here].
+
To keep only the latest five backups:
  
  $ svn propset svn:ignore [file|folder] [path]
+
  find . -maxdepth 1 -type f -printf '%T@ %p\0' | sort -r -z -n | awk 'BEGIN { RS="\0"; ORS="\0"; FS="" } NR > 5 { sub("^[0-9]*(.[0-9]*)? ", ""); print }' | xargs -0 rm -f
  
Or use a file and apply recursively:
+
This script stolen from [http://stackoverflow.com/questions/25785/delete-all-but-the-most-recent-x-files-in-bash stackoverflow].
  
$ svn propset svn:ignore -RF ./svn-ignore-list.txt .
+
Requires GNU find for -printf, GNU sort for -z, GNU awk for "\0" and GNU xargs for -0, but handles files with embedded newlines or spaces.
  
= Git =
+
== Changing into the script's directory ==
  
== Showing status of working copy ==
+
cd "`dirname $0`"
  
git status
+
== Getting the absolute path of a relative path ==
  
== Showing repo history ==
+
readlink -f ./some/path
  
git log
+
== Creating a temp directory ==
  
== Showing remote repositories (including 'origin') ==
+
dir=`mktemp -d` && cd $dir
  
git remote -v
+
== Reading secret input from stdin ==
  
== Handy git aliases ==
+
You can read a secret, such as a password, like this:
  
Save these to your ~/.gitconfig file.
+
echo -n "Enter passphrase: "
 +
stty -echo
 +
read passphrase;
 +
stty echo
 +
echo ""
  
For a nicer view of history than standard 'git log' -- colourful, one-line-per commit, etc:
+
After running the above the secret will be in the $passphrase environment variable.
  
  graph = !git log --all --graph --color --abbrev-commit --pretty=oneline
+
== String replacements in bash ==
  
To show only the files that have changed, rather than the full line-by-line content:
+
See the [http://www.tldp.org/LDP/abs/html/string-manipulation.html string manipulation] doco. Basically, to replace first occurrence:
  
  dif  = !git diff --name-status
+
result=${var/find/replace}
  
= IRC =
+
To replace all occurrences:
  
== Instructing ChanServ to op an admin ==
+
result=${var//find/replace}
  
/msg ChanServ op #channel user
+
A practical example, get an ISO date and turn it into a path:
  
E.g.
+
date="$(date +%Y-%m-%d)"
 +
work_dir=${date//-//}
  
/msg ChanServ op #gnurc jj5
+
== Sending a HEREDOC to a file ==
  
Sub 'op' for 'deop' to remove op privilege.
+
cat << EOF > /tmp/yourfilehere
 +
These contents will be written to the file.
 +
        This line is indented.
 +
EOF
  
= C++ =
+
== Bash case/switch statement ==
  
== C++ books ==
+
See [http://tldp.org/LDP/Bash-Beginners-Guide/html/sect_07_03.html using case statements], e.g.:
  
=== Books I want ===
+
case $space in
 
+
[1-6]*)
* [http://smile.amazon.com/dp/1785283073 Boost.Asio C++ Network Programming 2ed]
+
  Message="All is quiet."
* [http://smile.amazon.com/dp/1783986549 Boost.Asio C++ Network Programming Cookbook]
+
  ;;
 +
[7-8]*)
 +
  Message="Start thinking about cleaning out some stuff.  There's a partition that is $space % full."
 +
  ;;
 +
9[1-8])
 +
  Message="Better hurry with that new disk... One partition is $space % full."
 +
  ;;
 +
99)
 +
  Message="I'm drowning here!  There's a partition at $space %!"
 +
  ;;
 +
*)
 +
  Message="I seem to be running with an nonexistent amount of disk space..."
 +
  ;;
 +
esac
  
* [http://www.amazon.com/dp/020170353X Accelerated C++] by Andrew Koening
+
== Using dotglob shopt to match dot-files ==
* [http://www.amazon.com/dp/0321334876 Effective C++] by Scott Meyers
 
* [http://www.amazon.com/dp/1491903996 Effective Modern C++] by Scott Meyers
 
* [http://www.amazon.com/dp/020163371X More Effective C++] by Scott Meyers
 
* [http://www.amazon.com/dp/0201749629 Effective STL] by Scott Meyers
 
* [http://www.amazon.com/dp/0201615622 Exceptional C++] by Herb Sutter
 
* [http://www.amazon.com/dp/020170434X More Exceptional C++] by Herb Sutter
 
* [http://www.amazon.com/dp/0201760428 Exceptional C++ Style] by Herb Sutter
 
* [http://www.amazon.com/dp/0321227255 C++ Template Metaprogramming] by David Abrahams
 
* [http://www.amazon.com/dp/059652269X 97 Things Every Software Architect Should Know] by Richard Monson-Haefel
 
* [http://www.amazon.com/dp/9491028022 Introduction to the Boost C++ Libraries; Volume II - Advanced Libraries] by Robert Demming
 
  
=== Books I own ===
+
To enable dot-file matching in globs, set the dotglob shell option:
  
* [http://www.amazon.com/dp/0321563840 The C++ Programming Language 4ed] by Bjarne Stroustrup
+
$ shopt -s dotglob
* [http://smile.amazon.com/dp/9491028022 Introduction to the Boost C++ Libraries; Volume II - Advanced Libraries]
 
* [http://smile.amazon.com/dp/1849514887 Boost C++ Application Development Cookbook]
 
* [http://smile.amazon.com/dp/1782163263 Boost.Asio C++ Network Programming]
 
* [http://www.amazon.com/dp/0321113586 C++ Coding Standards] by Herb Sutter &#x2713;
 
* [http://www.amazon.com/dp/0201704315 Modern C++ Design] by Andrei Alexandrescu &#x2713;
 
* [http://www.amazon.com/dp/0596809484 97 Things Every Programmer Should Know] by Kevlin Henney &#x2713;
 
* [http://www.amazon.com/dp/0321133544 Beyond the C++ Standard Library] by Björn Karlsson &#x2713;
 
* [http://www.amazon.com/dp/9491028014 Introduction to the Boost C++ Libraries; Volume I - Foundations] by Robert Demming &#x2713;
 
* [http://www.amazon.com/dp/0123850037 API Design for C++] by Martin Reddy &#x2713;
 
* [http://www.amazon.com/dp/B00CB23URA Advanced C++ Metaprogramming] by Davide Di Gennaro &#x2713;
 
** Note: the next version of this book is: [http://www.amazon.com/dp/1484210115 Advanced Metaprogramming in Classic C++]
 
* [http://www.amazon.com/dp/1933988770 C++ Concurrency in Action: Practical Multithreading] by Anthony Williams &#x2713;
 
  
=== Books I'm not reading ===
+
== Stopping a script from running if it previously exited due to error ==
  
* [http://www.amazon.com/dp/0321563840 The C++ Programming Language 3ed] by Bjarne Stroustrup &#x2713;
+
persistentDataDir=/var/lib/something
** Note: 3ed is obsolete. Buy 4ed (above).
+
alarm() {
 +
  touch $persistentDataDir/alarm
 +
}
 +
trap alarm ERR
 +
[ -f $persistentDataDir/alarm ] && exit 1
  
=== Books I've read ===
+
== Make sure only one instance of a script is running at a time ==
  
* [http://www.amazon.com/dp/0596004966 C++ Pocket Reference] by Kyle Loudon &#x2713;
+
ephemeralDataDir=/var/run/something
 +
unlock() {
 +
  rmdir $ephemeralDataDir/lock
 +
}
 +
mkdir $ephemeralDataDir/lock || exit 1;
 +
trap unlock EXIT
  
== C++ blogs/articles ==
+
= Sed =
  
* [http://blogs.msdn.com/b/hsutter/ Herb Sutter's MSDN blog]
+
== Find and replace with sed ==
* [http://herbsutter.com/ Herb Sutter's personal blog]
 
* [http://herbsutter.com/gotw/ Herb Sutter's Guru of the Week (GotW)] updated from [http://gotw.ca/gotw/ gotw.ca]
 
  
== C++ performance tips ==
+
To update the current file use '-i'. E.g.:
  
* ++c can be faster than c++.
+
sed -i 's/search-text/replace-text/' file
* use const for everything that you possibly can.
 
* use 'inline' when you need to define a function in a header. Typically only do that if it's small and the increase in code size from inlining is worth the cost to avoid the cost of a function call. For anything except trivially small functions you'll probably need to profile to know if it's worth it.
 
* don't use registers.
 
* const [http://www.gotw.ca/gotw/081.htm rarely affects performance].
 
* debunking a number of [http://www.open-std.org/jtc1/sc22/wg21/docs/TR18015.pdf C++ myths that won't die].
 
* std::sort<> is typically faster than qsort() because it can avoid indirection at runtime.
 
* if you've got parallelisation going on, you may be able to just replace a std::for_each with a parallel equivalent.
 
* read about [http://stackoverflow.com/questions/579887/how-expensive-is-rtti performance cost of RTTI] (Run Time Type Information) and [http://stackoverflow.com/questions/4486609/when-can-compiling-c-without-rtti-cause-problems how to disable it]
 
* don't use dynamic_cast because it is slow (typeid is faster but still relies on RTTI)
 
* prefer unique_ptr to shared_ptr when possible. unique_ptr has less overhead.
 
* [http://sunsite.uakom.sk/sunworldonline/swol-02-1996/swol-02-perf.html Which is better, static or dynamic linking?]
 
* [http://stackoverflow.com/questions/2550281/floating-point-vs-integer-calculations-on-modern-hardware Integer vs Floating-Point performance]
 
  
= systemd =
+
= Awk =
  
[https://en.wikipedia.org/wiki/Systemd systemd] is an init system used in most Linux distributions to bootstrap the user space and manage all processes subsequently.
+
== Listing IP addresses in an Apache web log ==
  
== Following a service log ==
+
awk '/GET \/path\/for\/url/ { print $1 }' /var/log/apache2/access.log | sort | uniq
  
e.g. for bind9:
+
== Printing space-separated field ==
  
  # journalctl -f -u bind9
+
  echo 'no no yes no' | awk '{print $3}'
  
or for everything:
+
== Printing delimited field ==
  
  # journalctl -f
+
  echo 'no:no:yes:no' | awk -F ':' '{print $3}'
  
== System status ==
+
= Subversion =
 +
 
 +
== Setting svn:externals from the command-line ==
 +
 
 +
See [http://beerpla.net/2009/06/20/how-to-properly-set-svn-svnexternals-property-in-svn-command-line/ here].
 +
 
 +
To set an svn:externals from the command-line:
 +
 
 +
svn propset svn:externals 'rdfind-php https://www.progclub.org/svn/pcrepo/rdfind.php/branches/0.1' .
 +
svn ci -m 'Adding svn:externals for rdfind-php...'
 +
svn up
 +
 
 +
Or to use a file:
 +
 
 +
svn propset svn:externals -F svn.externals .
 +
 
 +
== Setting svn:ignore from the command line ==
 +
 
 +
See [http://tedone.typepad.com/blog/2010/03/setting-svnignore-from-the-command-line.html here].
 +
 
 +
$ svn propset svn:ignore [file|folder] [path]
  
To see spawned services hierarchy:
+
Or use a file and apply recursively:
  
  # systemctl status
+
  $ svn propset svn:ignore -RF ./svn-ignore-list.txt .
  
Or for a specific service e.g.:
+
= Git =
  
  # systemctl status networking
+
== Showing status of working copy ==
 +
 
 +
git status
 +
 
 +
== Showing repo history ==
 +
 
 +
git log
 +
 
 +
== Showing remote repositories (including 'origin') ==
 +
 
 +
git remote -v
 +
 
 +
== Handy git aliases ==
 +
 
 +
Save these to your ~/.gitconfig file.
 +
 
 +
For a nicer view of history than standard 'git log' -- colourful, one-line-per commit, etc:
 +
 
 +
  graph = !git log --all --graph --color --abbrev-commit --pretty=oneline
 +
 
 +
To show only the files that have changed, rather than the full line-by-line content:
 +
 
 +
  dif  = !git diff --name-status
 +
 
 +
= IRC =
 +
 
 +
== Instructing ChanServ to op an admin ==
 +
 
 +
/msg ChanServ op #channel user
 +
 
 +
E.g.
 +
 
 +
/msg ChanServ op #gnurc jj5
 +
 
 +
Sub 'op' for 'deop' to remove op privilege.
 +
 
 +
= C++ =
 +
 
 +
== C++ books ==
 +
 
 +
=== Books I want ===
 +
 
 +
* [http://smile.amazon.com/dp/1785283073 Boost.Asio C++ Network Programming 2ed]
 +
* [http://smile.amazon.com/dp/1783986549 Boost.Asio C++ Network Programming Cookbook]
 +
 
 +
* [http://www.amazon.com/dp/020170353X Accelerated C++] by Andrew Koening
 +
* [http://www.amazon.com/dp/0321334876 Effective C++] by Scott Meyers
 +
* [http://www.amazon.com/dp/1491903996 Effective Modern C++] by Scott Meyers
 +
* [http://www.amazon.com/dp/020163371X More Effective C++] by Scott Meyers
 +
* [http://www.amazon.com/dp/0201749629 Effective STL] by Scott Meyers
 +
* [http://www.amazon.com/dp/0201615622 Exceptional C++] by Herb Sutter
 +
* [http://www.amazon.com/dp/020170434X More Exceptional C++] by Herb Sutter
 +
* [http://www.amazon.com/dp/0201760428 Exceptional C++ Style] by Herb Sutter
 +
* [http://www.amazon.com/dp/0321227255 C++ Template Metaprogramming] by David Abrahams
 +
* [http://www.amazon.com/dp/059652269X 97 Things Every Software Architect Should Know] by Richard Monson-Haefel
 +
* [http://www.amazon.com/dp/9491028022 Introduction to the Boost C++ Libraries; Volume II - Advanced Libraries] by Robert Demming
 +
 
 +
=== Books I own ===
 +
 
 +
* [http://www.amazon.com/dp/0321563840 The C++ Programming Language 4ed] by Bjarne Stroustrup
 +
* [http://smile.amazon.com/dp/9491028022 Introduction to the Boost C++ Libraries; Volume II - Advanced Libraries]
 +
* [http://smile.amazon.com/dp/1849514887 Boost C++ Application Development Cookbook]
 +
* [http://smile.amazon.com/dp/1782163263 Boost.Asio C++ Network Programming]
 +
* [http://www.amazon.com/dp/0321113586 C++ Coding Standards] by Herb Sutter &#x2713;
 +
* [http://www.amazon.com/dp/0201704315 Modern C++ Design] by Andrei Alexandrescu &#x2713;
 +
* [http://www.amazon.com/dp/0596809484 97 Things Every Programmer Should Know] by Kevlin Henney &#x2713;
 +
* [http://www.amazon.com/dp/0321133544 Beyond the C++ Standard Library] by Björn Karlsson &#x2713;
 +
* [http://www.amazon.com/dp/9491028014 Introduction to the Boost C++ Libraries; Volume I - Foundations] by Robert Demming &#x2713;
 +
* [http://www.amazon.com/dp/0123850037 API Design for C++] by Martin Reddy &#x2713;
 +
* [http://www.amazon.com/dp/B00CB23URA Advanced C++ Metaprogramming] by Davide Di Gennaro &#x2713;
 +
** Note: the next version of this book is: [http://www.amazon.com/dp/1484210115 Advanced Metaprogramming in Classic C++]
 +
* [http://www.amazon.com/dp/1933988770 C++ Concurrency in Action: Practical Multithreading] by Anthony Williams &#x2713;
 +
 
 +
=== Books I'm not reading ===
 +
 
 +
* [http://www.amazon.com/dp/0321563840 The C++ Programming Language 3ed] by Bjarne Stroustrup &#x2713;
 +
** Note: 3ed is obsolete. Buy 4ed (above).
 +
 
 +
=== Books I've read ===
 +
 
 +
* [http://www.amazon.com/dp/0596004966 C++ Pocket Reference] by Kyle Loudon &#x2713;
 +
 
 +
== C++ blogs/articles ==
 +
 
 +
* [http://blogs.msdn.com/b/hsutter/ Herb Sutter's MSDN blog]
 +
* [http://herbsutter.com/ Herb Sutter's personal blog]
 +
* [http://herbsutter.com/gotw/ Herb Sutter's Guru of the Week (GotW)] updated from [http://gotw.ca/gotw/ gotw.ca]
 +
 
 +
== C++ performance tips ==
 +
 
 +
* ++c can be faster than c++.
 +
* use const for everything that you possibly can.
 +
* use 'inline' when you need to define a function in a header. Typically only do that if it's small and the increase in code size from inlining is worth the cost to avoid the cost of a function call. For anything except trivially small functions you'll probably need to profile to know if it's worth it.
 +
* don't use registers.
 +
* const [http://www.gotw.ca/gotw/081.htm rarely affects performance].
 +
* debunking a number of [http://www.open-std.org/jtc1/sc22/wg21/docs/TR18015.pdf C++ myths that won't die].
 +
* std::sort<> is typically faster than qsort() because it can avoid indirection at runtime.
 +
* if you've got parallelisation going on, you may be able to just replace a std::for_each with a parallel equivalent.
 +
* read about [http://stackoverflow.com/questions/579887/how-expensive-is-rtti performance cost of RTTI] (Run Time Type Information) and [http://stackoverflow.com/questions/4486609/when-can-compiling-c-without-rtti-cause-problems how to disable it]
 +
* don't use dynamic_cast because it is slow (typeid is faster but still relies on RTTI)
 +
* prefer unique_ptr to shared_ptr when possible. unique_ptr has less overhead.
 +
* [http://sunsite.uakom.sk/sunworldonline/swol-02-1996/swol-02-perf.html Which is better, static or dynamic linking?]
 +
* [http://stackoverflow.com/questions/2550281/floating-point-vs-integer-calculations-on-modern-hardware Integer vs Floating-Point performance]
 +
 
 +
= systemd =
 +
 
 +
[https://en.wikipedia.org/wiki/Systemd systemd] is an init system used in most Linux distributions to bootstrap the user space and manage all processes subsequently.
 +
 
 +
== Following a service log ==
 +
 
 +
e.g. for bind9:
 +
 
 +
# journalctl -f -u bind9
 +
 
 +
or for everything:
 +
 
 +
# journalctl -f
 +
 
 +
== System status ==
 +
 
 +
To see spawned services hierarchy:
 +
 
 +
# systemctl status
 +
 
 +
Or for a specific service e.g.:
 +
 
 +
  # systemctl status networking
 +
 
 +
= SaltStack =
 +
 
 +
== Running a command on specified minions ==
 +
 
 +
salt 'host' cmd.run 'update-locale'
 +
 
 +
== Running a command on all minions ==
 +
 
 +
salt '*' cmd.run 'update-locale'
 +
 
 +
== Listing active jobs ==
 +
 
 +
salt-run jobs.active
 +
 
 +
== Listing available grains ==
 +
 
 +
salt 'example' grains.items
 +
 
 +
== Listing available pillar ==
 +
 
 +
salt 'example' pillar.items
 +
 
 +
== Reporting a grain value ==
 +
 
 +
e.g. for the 'mem_total' grain:
 +
 
 +
salt '*' grains.item mem_total
 +
 
 +
= KDE =
 +
 
 +
== Running user login script (X11/XOrg/XWindows) ==
 +
 
 +
A way to run user login scripts which works for KDE Plasma (and apparently other [https://en.wikipedia.org/wiki/X.Org_Server X.Org Server X Window System] environments) is to create a *.desktop file in ~/.config/autostart/. For example I have a ~/.config/autostart/ssh-add.desktop file with the following contents to register my SSH key in the SSH Agent:
 +
 
 +
[Desktop Entry]
 +
Type=Application
 +
Name=ssh-add
 +
Comment=Adds my private key to my session.
 +
Exec=/usr/bin/konsole -e 'ssh-add /home/$USER/.ssh/id_rsa'
  
= SaltStack =
+
= VirtualBox =
  
== Running a command on specified minions ==
+
See [https://askubuntu.com/questions/19430/mount-a-virtualbox-drive-image-vdi/50290#50290 here]:
  
salt 'host' cmd.run 'update-locale'
+
Install qemu if necessary:
  
== Running a command on all minions ==
+
# apt install qemu
  
salt '*' cmd.run 'update-locale'
+
Then you'll need to load the network block device module:
  
== Listing active jobs ==
+
# rmmod nbd
 +
# modprobe nbd max_part=16
  
salt-run jobs.active
+
Attach the .vdi image to one of the nbd you just created:
  
== Listing available grains ==
+
# qemu-nbd -c /dev/nbd0 drive.vdi
  
salt 'example' grains.items
+
Now you will get a /dev/nbd0 block device, along with several /dev/nbd0p* partition device nodes.
  
== Listing available pillar ==
+
# mount /dev/nbd0p1 /mnt
  
salt 'example' pillar.items
+
Once you are done, unmount everything and disconnect the device:
  
== Reporting a grain value ==
+
  # qemu-nbd -d /dev/nbd0
 
 
e.g. for the 'mem_total' grain:
 
 
 
  salt '*' grains.item mem_total
 
 
 
= KDE =
 
 
 
== Running user login script (X11/XOrg/XWindows) ==
 
 
 
A way to run user login scripts which works for KDE Plasma (and apparently other [https://en.wikipedia.org/wiki/X.Org_Server X.Org Server X Window System] environments) is to create a *.desktop file in ~/.config/autostart/. For example I have a ~/.config/autostart/ssh-add.desktop file with the following contents to register my SSH key in the SSH Agent:
 
 
 
[Desktop Entry]
 
Type=Application
 
Name=ssh-add
 
Comment=Adds my private key to my session.
 
Exec=/usr/bin/konsole -e 'ssh-add /home/$USER/.ssh/id_rsa'
 

Revision as of 16:51, 5 August 2019

Hi there, I'm John. I just wanted a page where I could document various Linux things that I bump into. This is that page. Thank you ProgClub. :)

Note: I have some other disorganised notes on UNIX, which include a few tips for MacOS. I also have some tips for OS X.

System

Determining which Debian/Ubuntu release your are running

$ lsb_release -r

Or for more information:

$ lsb_release

Determining which Linux/Unix you are running

$ uname

Or,

$ uname -mrs

Or,

$ uname -a

Configuring system swappiness

Swappiness is a number between 0 and 100 that regulates how much the system uses the swap file. I like setting this value to 0 to keep my apps as responsive as possible. Create a file /etc/sysctl.d/local.conf and add this line:

vm.swappiness = 0

If you want to set the value for the current session only:

echo 0 > /proc/sys/vm/swappiness

Hardware information

For information about the hardware attached to your system, check out:

# lshw

And for CPUs:

# lscpu

And for PCI devices:

# lspci

And for DMI info:

# dmidecode

Or the grand daddy of them all:

# hwinfo

There's also inxi, e.g.:

$ inxi -b

System:    Host: tact Kernel: 4.9.0-4-amd64 x86_64 (64 bit) Desktop: KDE Plasma 5.8.6
           Distro: Debian GNU/Linux 9 (stretch)
Machine:   Device: desktop Mobo: ASUSTeK model: STRIX Z270F GAMING v: Rev 1.xx
           UEFI [Legacy]: American Megatrends v: 0906 date: 03/22/2017
CPU:       Quad core Intel Core i7-7700K (-HT-MCP-) speed/max: 799/4600 MHz
Graphics:  Card: Intel Device 5912
           Display Server: X.Org 1.19.2 drivers: modesetting (unloaded: fbdev,vesa)
           Resolution: 1920x1080@60.00hz, 1920x1080@60.00hz
           GLX Renderer: Mesa DRI Intel Kabylake GT2 GLX Version: 3.0 Mesa 13.0.6
Network:   Card: Intel Ethernet Connection (2) I219-V driver: e1000e
Drives:    HDD Total Size: 13026.6GB (42.0% used)
RAID:      Devices: 1: /dev/md1 2: /dev/md0
Info:      Processes: 355 Uptime: 11 days Memory: 21198.3/32043.3MB Client: Shell (bash) inxi: 2.3.5

Power

Reporting on PowerShield DEFENDER UPS status

To see the status of the PowerShield DEFENDER systems on John's LAN:

$ upsc defender

E.g.:

jj5@orac:~$ upsc defender
Init SSL without certificate database
battery.charge: 100
battery.voltage: 27.40
battery.voltage.high: 26.00
battery.voltage.low: 20.80
battery.voltage.nominal: 24.0
device.type: ups
driver.name: blazer_usb
driver.parameter.pollinterval: 2
driver.parameter.port: auto
driver.parameter.synchronous: no
driver.version: 2.7.4
driver.version.internal: 0.12
input.current.nominal: 5.0
input.frequency: 50.1
input.frequency.nominal: 50
input.voltage: 242.6
input.voltage.fault: 242.6
input.voltage.nominal: 240
output.voltage: 242.6
ups.beeper.status: disabled
ups.delay.shutdown: 30
ups.delay.start: 180
ups.load: 14
ups.productid: 5161
ups.status: OL
ups.type: offline / line interactive
ups.vendorid: 0665

Run commands on PowerShield DEFENDER UPS batteries

You can run "instant commands" using the upscmd command.

We use the 'beeper.toggle' instant command in our Salt Stack config to disable the beeper, see e.g.:

diligence:/srv/salt/conf/app/defender-1200.sls

To see "instant commands" supported by the PowerShield DEFENDER:

$ upscmd -l defender

E.g.:

jj5@orac:~$ upscmd -l defender
Instant commands supported on UPS [defender]:

beeper.toggle - Toggle the UPS beeper
load.off - Turn off the load immediately
load.on - Turn on the load immediately
shutdown.return - Turn off the load and return when power is back
shutdown.stayoff - Turn off the load and remain off
shutdown.stop - Stop a shutdown in progress
test.battery.start - Start a battery test
test.battery.start.deep - Start a deep battery test
test.battery.start.quick - Start a quick battery test
test.battery.stop - Stop the battery test

Environment

Configuring vim as your editor

Sometimes all you need is:

$ export EDITOR=/usr/bin/vim

Which works for svn, for example. Add it to your ~/.profile file to have it set for all login sessions.

Other times you need to run

# update-alternatives --config editor

And then select vim from the list. This is what you do to configure your visudo editor.

Configuring your locale

$ sudo /usr/sbin/locale-gen en_AU.UTF-8
$ sudo /usr/sbin/update-locale LANG=en_AU.UTF-8

User and group management

Adding a user

To add a new user on a linux system:

# useradd username
# passwd username

To have the home directory created from '/etc/skel' use the 'adduser' script instead:

# adduser username

Adding a user to a group

To add an existing user to an existing group:

# gpasswd -a username group

e.g. to add user 'jj5' to the 'sudo' group:

# gpasswd -a jj5 sudo

Alternatively you can use adduser, passing the username and group:

# adduser username group

e.g. to add user 'sclaughl' to the 'staff' group:

# adduser sclaughl staff

Disabling a user account

You can disable a user account with:

# passwd -l user

Note: that's a lower-case L, not a one.

Enabling a disabled user account

To can re-enable a locked user account with:

# passwd -u user

Finding which user you are logged in as

To determine which user you are running as enter the command:

$ whoami

Finding which groups you are a member of

To find which groups you are a member of:

$ groups

or

$ groups username

Where 'username' is the username of the user you are querying, e.g.:

$ groups jj5

Finding who else is logged in to the system

To see who else is logged in,

$ who

Running a command as a particular user

To run "svn update" as the user www-data:

$ sudo su -c "svn update" www-data

Reporting user and group info for the current user

$ id

Memory management

Checking available memory

To report memory statistics in megabytes:

$ free -m

Check for swap thrashing

Check your virtual memory status with vmstat:

$ vmstat

Video/display management

Viewing EDID data for attached monitor

To view EDID data for an attached monitor (requires the edid-decode package):

$ cd /sys/class/drm
$ ls
$ cd card0-HDMI-A-1
$ edid-decode edid

Process management

Using 'top' for dynamic resource usage reporting

To run top:

$ top

See 15 Practical Linux Top Command Examples for some hints on usage.

To see usage for a specific user run e.g.:

$ top -u jj5

To see full command-line press 'c'.

When you're in 'top' you can:

  • press '1' (one) to toggle CPU aggregation
  • press < and > to change the sort column

Changing memory reporting in 'top'

To run top:

$ top

Press 'E' to switch between top memory units (KiB, MiB, GiB, etc.)

Press 'e' to switch between bottom memory units (KiB, MiB, GiB, etc.)

Press 'M' to sort by memory utilisation.

Press 'm' to switch between various display modes.

Disk management

Listing disk drives

# fdisk -l

(That's an L for "list")

Checking available disk space

$ df -h

Getting disk information

# lsblk

And

# cat /proc/partitions

Or the Grand Daddy of them all:

# lshw -class disk

(Requires the lshw package.)

Getting partition UUID and file-system type

# blkid

Checking for SSD vs magnetic disk

# cat /sys/block/sda/queue/rotational

Will be 0 for SSD and 1 for magnetic.

Monitoring a ZFS server

So some commands I run to keep an eye on my new ZFS servers:

# top
# iotop
# nethogs
# watch free -h
# watch slabtop -o
# slabtop
# watch cat /proc/meminfo
# perf top
# watch "df -h | grep -v -e tmpfs -e udev -e by-uuid"
# watch zpool iostat -v
# zpool iostat -v 2
# watch 'zpool list; echo; zfs list'
# watch zfs get compressratio -o all
# watch cat /proc/spl/kstat/zfs/arcstats

If you have a scrub or resilvering in progress you can report on progress with:

# watch zpool status -v

You can poke about in internals, e.g.:

# cat /proc/spl/kstat/zfs/arcstats
root@orac:/sys/module/zfs/parameters# tail *

You can report on property values with e.g.:

# zfs get all data

If you want to get funky:

# cd /tmp
# perf record -ag #(Ctrl+C after ~15 seconds)
# perf report --stdio

You can search for ZFS files like e.g. this:

root@orac:/# find / -name '*zfs*' -or -name '*zpool*'

You can report history of a zpool:

# zpool history $poolname

You can get a report on the dedup tables:

# zpool status -D $poolname

Or more detailed dedup table info:

# zdb -DDD $poolname

Note in the output see here for details, basically:

Abbr Description
LSIZE logical size (in memory)
PSIZE physical size
DSIZE size on disk
refcnt reference count

Measure data throughput

Use the 'pv' command from the 'pv' package, e.g.:

# cat /dev/sda | pv | cat > /dev/null

Or for ZFS:

# zfs send data/example | pv | cat > /dev/null

Using Smartctl, Smartd and Hddtemp on Debian

For notes on using smartctl see Using Smartctl, Smartd and Hddtemp on Debian.

Report hard disk usage

So you might want to know how much data a process reads or writes to a hard disk. You can monitor process total disk utilisation with the 'iotop' command. Run 'iotop' and then press 'a' for --accumulated.

Report hard disk temperatures

E.g.

# hddtemp /dev/sd[a-e]

Monitoring disk I/O

There's an app for that! iotop.

Using iotop, top for disks

# iotop -oPa

Monitor disk I/O for performance issues

# watch iostat

Or e.g.

# watch iostat -xd /dev/sd[abc]

Monitoring a system

Simple ZFS monitoring

# watch iostat
# iotop
# zpool iostat -v 5
# watch 'hddtemp /dev/sd[a-e]; echo; zpool list; echo; zfs list'
# nethogs
# top

File management

Listing only directories

$ ls -l | egrep '^d'

Listing only files

$ ls -l | egrep -v '^d'

Listing hidden files

$ ls -al .[!.]*

Creating a symbolic link

$ ln -s /path/to/target link-name

Creating a hard-link

$ ln /path/to/target file-name

Changing the owner of a file

$ chown user:group <files>

E.g.

$ chown jj5:staff README
$ chown root:root *

To apply recursively into sub-directories use -R,

$ chown -R root:root /etc/*

Changing file permissions

Object codes
User Group Other
u g o
Permission codes
Read Write Exectue
r w x
4 2 1
Numeric codes
0 None
1 Execute
2 Write
3 Write, Execute
4 Read
5 Read, Execute
6 Read, Write
7 Read, Write, Execute

See Numeric Mode in Action.

$ chmod <user numeric code><group numeric code><other numeric code> <files>
$ chmod <object codes>+|-<permission codes> <files>

E.g.

$ chmod 600 my-private-file
$ chmod go-rwx my-private-file
$ chmod u+rw my-private-file
$ chmod +x my-script

Updating config files

If you get given a new config file called new.conf and you want to integrate it with your old config file old.conf then:

$ cp old.conf updated.conf
$ merge -A updated.conf new.conf old.conf

Then go through and edit updated.conf resolving all the merge errors, picking and choosing what to update and what to keep. When you're done copy updated.conf to old.conf so it becomes the new config file.

The merge program is a part of the RCS package. If you don't have it:

$ sudo apt-get install rcs

Listing open files

Use lsof to list open files. E.g.:

# lsof

See man lsof for options.

List permissions on a whole directory path

E.g.:

$ namei -om /home/jj5/workspace

Outputs:

f: /home/jj5/workspace/
 drwxr-xr-x root root /
 drwxr-xr-x root root home
 drwxr-xr-x jj5  jj5  jj5
 drwxr-xr-x jj5  jj5  workspace

Counting non-blank lines in a file

E.g.:

$ cat foo.c | sed '/^\s*$/d' | wc -l

Cloning one directory to another with rsync

E.g.:

rsync --acls --xattrs --stats --human-readable --recursive --del --force --times --links --hard-links --executability --numeric-ids --owner --group --perms --sparse --compress-level=0 /data/source/ hostname:/data/target/

Counting number of files in current directory and all subdirectories

$ ls -AlhR . | egrep '^-' | wc -l

Counting number of directories in current directory and all subdirectories

$ ls -AlhR . | egrep '^d' | wc -l

Compression

How to use pigz with tar

See here:

$ tar cf - paths-to-archive | pigz --best -p 8 > archive.tgz

Best parallel compression with pigz

$ pigz --best

Best parallel compression with xz

$ xz -9e -T 0

Reporting compression ratios with xz

e.g.

root@love:/data/image/archive# xz -l *
Strms  Blocks   Compressed Uncompressed  Ratio  Check   Filename
    1       3    372.2 MiB    442.3 MiB  0.841  CRC64   1999.txz
    1      29  5,281.3 MiB  5,542.5 MiB  0.953  CRC64   2001.txz
    1      11  1,364.3 MiB  2,084.3 MiB  0.655  CRC64   2002.txz
    1       9    568.5 MiB  1,660.2 MiB  0.342  CRC64   2003.txz
    1     639     66.8 GiB    119.6 GiB  0.558  CRC64   2004.txz
    1     313     12.7 GiB     58.6 GiB  0.217  CRC64   2005.txz
    1     414     35.0 GiB     77.4 GiB  0.452  CRC64   2006.txz
    1     485     44.5 GiB     90.9 GiB  0.490  CRC64   2007.txz
    1   1,690    150.0 GiB    316.8 GiB  0.473  CRC64   2008.txz
    1       3    457.9 MiB    526.0 MiB  0.871  CRC64   2009.txz
    1     168     27.3 GiB     31.4 GiB  0.868  CRC64   2010.txz
    1       4    477.1 MiB    702.8 MiB  0.679  CRC64   2011.txz
-------------------------------------------------------------------------------
   12   3,768    344.6 GiB    705.5 GiB  0.488  CRC64   12 files

Symbolic-link management

== Data used by sym-linked files:

This will de-reference the sym-links in the current directory and tell you how much data the files pointed to by the sym-links are using:

jj5@tact:/data/backup/unity/latest$ du -hD * | sort -h

File searching

Finding a file with a particular name

$ find -iname "*some-part-of-the-file-name*"

Will start searching from the current directory, so maybe

$ cd /

first. For a case-sensitive search:

$ find -name "*eXaCT CaSE*"

Finding a file with particular content

To search in /etc/ for a file with particular content:

$ grep -R "search-string" /etc/*

To search the current directory for *.cs files containing the word "Up":

$ find . -name '*.cs' -exec grep --color=auto -H Up {} \;

Finding a list of files with particular content

E.g. to find all the files with the word 'creativity':

$ grep -R creativity . | sed 's/:/ /' | awk '{ print $1 }' | sort | uniq

Using the locate command to find files

$ locate part-of-filename

E.g.

$ locate texvc

Updating locate command's database

# updatedb

Job control

Stopping a running process

Press Ctrl+Z to stop a running process.

Listing current jobs and their status

$ jobs

Resuming a stopped job in the backgroud

To resume a stopped process in the background

$ bg %1

where '1' is the job number reported by bash when you pressed Ctrl+Z (or ran 'jobs').

Resuming a stopped job in the foreground

To resume a stopped process in the foreground

$ fg %1

where '1' is the job number reported by bash when you pressed Ctrl+Z (or ran 'jobs').

Killing a stopped job

To kill a job

$ kill %1

where '1' is the job number reported by bash when you pressed Ctrl+Z (or ran 'jobs').

Periodically run a program and watch its output

$ watch /your/command

Debian/Ubuntu package management

Also see Where "is" it? on the Debian Wiki.

configuring debconf

# dpkg-reconfigure debconf 

Set priority to low to get asked detailed questions.

Showing list of installed packages

# dpkg --get-selections

Searching for installed package

# dpkg --get-selections | grep package-name

or

# aptitude search package-name

Showing which files are installed as part of a package

# dpkg -L package-name

Installing a package

# apt-get install package-name

Uninstalling a package

# apt-get remove package-name

Showing system architecture

$ dpkg --print-architecture

Showing which package a file belongs to

$ which echo
/bin/echo
$ dpkg -S /bin/echo
coreutils: /bin/echo
$ dpkg -l | grep coreutils
ii  coreutils                         6.10-6                   The GNU core utilities

Showing package information

$ apt-cache showpkg coreutils

Or for even more information:

$ apt-cache show coreutils

List all installed packages with package version info

dpkg-query -l

Reporting which version of a package is installed

$ dpkg -l | grep package-name

E.g.:

root@hope:~/letsencrypt# dpkg -l | grep augeas
ii  augeas-lenses                   0.7.0-1ubuntu1                 Set of lenses needed by libaugeas0 to parse 
ii  libaugeas0                      0.7.0-1ubuntu1                 The augeas configuration editing library and

Comprehensive upgrade

Try the following:

# apt-get update
# apt-get dist-upgrade
# apt-get autoremove
# apt-get remove $(deborphan)
# update-flashplugin-nonfree --install

Searching all available packages

$ apt-cache search . | sort -d | less

Networking

net-tools vs iproute2

The older 'net-tools' package has been replaced with 'iproute2' e.g. in stretch.

legacy net-tools commands iproute2 replacement commands
arp ip n (ip neighbor)
ifconfig ip a (ip addr), ip link, ip -s (ip -stats)
iptunnel ip tunnel
iwconfig iw
nameif ip link, ifrename
netstat ss, ip route (for netstat-r), ip -s link (for netstat -i), ip maddr (for netstat-g)
route ip r (ip route)

Restart networking

For servers:

# service networking restart

For desktops:

# service network-manager restart

Pinging with particular packet size

$ ping -M do -s <packet size in bytes> <host>

E.g.

$ ping -M do -s 1400 charity.progclub.org

Setting MSS for a particular IP address on a particular interface

# ip route add <host> dev <interface> advmss <packet size>

E.g.

# ip route add 10.0.0.1 dev eth0 advmss 1400

Dropping configured MMS for a particular IP address

# ip route flush <host>

E.g.

# ip route flush 10.0.0.1

Listing open ports and socket information

Including which process is listening on which port.

# netstat -tulpn

Or use the 'ss' command:

# ss -s
# ss -l
# ss -pl
# ss -o state established '( dport = :smtp or sport = :smtp )'

Listing open IPv4 connections

# lsof -Pnl +M -i4

You might need to install the lsof package:

# apt-get install lsof

Query for DNS MX record

$ nslookup
> server 127.0.0.1
> set q=mx
> mail.blackbrick.com

Query for DNS SOA record

$ dig @ns2.staticmagic.net -t SOA staticmagic.net

Using nmap to list open ports on remote host

To check the 1,000 most common ports:

# nmap server.example.com

Or for a specific port range (e.g. 101 to 102):

# nmap -p 101-102 server.example.com

Or for all ports (1 to 65,535):

# nmap -p- server.example.com

Network monitoring

See here for details. Basically:

  1. Overall bandwidth: nload, bmon, slurm, bwm-ng, cbm, speedometer, netload
  2. Overall bandwidth (batch style output): vnstat, ifstat, dstat, collectl
  3. Bandwidth per socket connection: iftop, iptraf, tcptrack, pktstat, netwatch, trafshow
  4. Bandwidth per process: nethogs

nload

You can watch network traffic in real-time with nload:

# nload -u M

Reporting network (NIC) speed

From here:

# dmesg | grep eth0
# mii-tool -v eth0
# ethtool eth0

Note: use ifconfig to get device name.

Path MTU discovery

To do a Path MTU Discovery, from the iputils-tracepath package:

# tracepath host.example.com

Listing available Ethernet devices

To see a list of NICs available on the host:

$ cat /proc/net/dev

Also

$ ip link

59 Linux Networking commands and scripts

See 59 Linux Networking commands and scripts.

Links

IPTables

Applying firewall rules

For configuration info see this article.

$ sudo vim /etc/iptables.test.rules
$ sudo /sbin/iptables -F
$ sudo /sbin/iptables-restore < /etc/iptables.test.rules
$ sudo iptables -L
$ sudo -s
# iptables-save > /etc/iptables.up.rules
# exit

ufw

Denying hosts with ufw

See denying hosts with ufw.

Bind9

Viewing Bind9 querylog

$ sudo rndc querylog
$ tail -f /var/log/syslog

IPSec

Disabling IPSec

# setkey -FP

OpenSSL

Debugging IMAPS with OpenSSL

# openssl s_client -connect localhost:993
> a1 LOGIN username@host password
> a2 LOGOUT

Debugging HTTPS with OpenSSL

$ openssl s_client -connect www.example.com:443
GET /example.html HTTP/1.1
host: www.example.com

Links

Pluggable Authentication Modules (PAM)

Links

SSH

Configuring SSH key login

On the client machine generate a key-pair (if necessary, check for existing ~/.ssh/id_rsa.pub):

$ ssh-keygen -t rsa

Copy the public key from the client to the server:

$ scp ~/.ssh/id_rsa.pub user@example.org:

Configure the authorized keys on the server:

$ ssh user@example.org
$ mkdir ~/.ssh
$ chmod go-w .ssh
$ cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
$ chmod 600 ~/.ssh/authorized_keys
$ rm ~/id_rsa.pub

Tunneling over SSH

For example, connecting a remote MySQL server to the localhost:

$ ssh -L 3306:localhost:3306 jselliot@ssh.progsoc.org

If the machine you want to connect to is not the localhost of the machine you're ssh'ing to,

 $ ssh -L 3306:muspell.progsoc.uts.edu.au:3306 ssh.progsoc.uts.edu.au

The -L stanza is localport:remotehost:remoteport where localport is a port on your machine, forwarded to remoteport on remotehost.

Tunneling over SSH with PuTTY

See Connecting to the MySQL database remotely (via an SSH Tunnel)

  • run putty.exe
  • Connection -> SSH -> Tunnels
    • Port forwarding: source port to 3306
    • destination: 127.0.0.1:3306
    • check Local
    • click Add

Enabling verbose SSH logging

To see what's going on with your ssh connections,

$ ssh -v user@host

Or

$ ssh -vv user@host

Unlocking SSH key for session

jj5@orac:~/.config/autostart$ cat ssh-add.desktop 
[Desktop Entry]
Type=Application
Name=ssh-add
Comment=Adds my private key to my session.
Exec=/usr/bin/konsole -e 'ssh-add /home/$USER/.ssh/id_rsa'

Links

Standard IO

cat EOF

$ cat > output <<EOF
> text
> EOF
$ cat output
text

Script

Creating a session log with script

$ script -t 2> timing

The session log is in the file 'typescript' and the timing data is in 'timing'.

Replaying a scripted session

$ scriptreplay timing

Uses the default file 'typescript' and the 'timing' file as specified.

Screen

Creating a new screen or reconnecting to a detached screen

$ screen -R

Detaching a screen

$ screen -D

Reconnecting to screen

$ screen -D
$ screen -R

I have a script in ~/bin/reconnect like so,

#!/bin/bash
screen -D
screen -R

This will detach your last screen, and reconnect it on the current terminal.

Scrolling in screen

See How to scroll in GNU Screen. Basically press Ctrl+A ESC then use Page Up and Page Down. Press ESC again to exit copy mode. As usual you can use Ctrl+[ in place of ESC.

Vim

First, why Vim?

Read Why, oh WHY, do those #?@! nutheads use vi?

Visual modes

Use 'v' for visual mode, 'V' for visual line mode and Ctrl+V for visual block mode.

Configuring spaces instead of tabs

I use two spaces instead of tabs. To configure, edit your .vimrc file:

$ vim ~/.vimrc

and include the following lines:

set tabstop=2
set shiftwidth=2
set expandtab

Configuring syntax highlighting

See here.

Use:

:syntax on

to turn on syntax highlighting.

Use:

:syntax off

to turn off syntax highlighting.

To always use syntax highlighting:

$ vim ~/.vimrc

and add:

syntax on

To get a list of supported colour schemes open vim and type:

:colorscheme[space][Ctrl+D]

To always use a particular colorscheme edit ~/.vimrc and add (for example):

colorscheme desert

Inserting a TAB character when expandtab is on

The problem here is that you have configured vim to insert spaces, but for a particular file (e.g. a Makefile) you need to insert a character.

Press Ctrl+V TAB to insert a literal tab character.

Or you can disable tab expansion altogether with:

:set expandtab!

Changing 2 space indent to 4 space indent (e.g. for python files)

:%s/^\s*/&&/g

For more information see here.

Recording and replaying a macro

To record a macro press 'q' and then a number between 1 and 9. E.g. press "q1". The macro is now recording. When you've finished issuing your commands press 'q' again to finish recording. To replay a macro press '@' followed by the number of the macro. That is, if you pressed "q1" to record the macro, press "@1" to replay the macro. To replay the last macro again press "@@".

Deleting to end of line

d$

Deleting to beginning of line

d^

Finding text

To search forward for "text":

/text

To search backward for "text":

?text

To repeat the last search in a forward direction press 'n', or to search again backwards press 'N'.

Finding and replacing text

To replace the first instance of "search" on the current line with "destroy":

:s/search/destroy/

To replace all instances of "search" on the current line with "destroy":

:s/search/destroy/g

To replace all instances of "search" on lines 13 to 37 with "destroy":

:13,37 s/search/destroy/g

To replace all instances of "search" in the entire file with "destroy":

:%s/search/destroy/g

Changing DOS/Windows line-endings (CRLF) to Unix line-endings

To set the line-ending to Unix line endings run the command:

:setlocal ff=unix

More information on managing file formats available here.

Disabling auto-indent etc. to paste from clipboard

To disable smart indenting when you're going to paste in text:

:set paste

To turn it off again:

:set nopaste

There's more info in this article: Toggle auto-indenting for code paste

Positioning windows

Use -o for horizontal split, e.g.:

vim -o a.txt b.txt

Use -O for vertical split, e.g.:

vim -o a.txt b.txt

Use ^W to navigate windows then use directional keys h, j, k, l, etc.

Use ^W and < or > to resize windows.

To indent a block of text in Vim

Use the > command. E.g. to indent five lines:

5 > >

Press . (dot) to keep indenting.

Or inside a block (e.g. curly brace, HTML/XML element, etc.) you can put your cursor in the element on on the curly brace and then:

> %

See here for more.

Open a file in a new window/tab

To open a file on the left hand side:

:vert new filename.ext

Note: ':vnew filename.ext' and ':vsp filename.ext' also work.

To open a file at the top:

:new filename.ext

See here for more.

Explore files in Vim

Enter:

:Explore

Switch between Vim tabs

Use gt and gT.

Switch between Vim windows

To toggle between open windows use:

Ctrl+W W

To move in a direction use:

Ctrl+W h/j/k/l

See here for more.

Insert block comment in Vim

See here for line-commenting.

So it's:

  1. Ctrl+V (Note: not Shift+V!)
  2. Up/Down to select rows
  3. Shift+I
  4. Enter your text, e.g. '#' or '//'
  5. Ctrl+[ (or 'Esc')

Navigate to matching tag

To navigate to the matching beginning or end tag use '%'.

You can also use e.g. '[{' to match the previous '{', or e.g. '])' to match the next ')'.

Auto-format HTML tags

Stolen from here.

  1. first join all the lines - ggVGgJ
  2. Now break tags to new lines - :%s/>\s*</>\r</g
  3. Now set filetype - :set ft=html (you can do this before too)
  4. Now Indent - ggVG=

Links

Write

Talking to other users on the system

write is a unix command for talking to other users on the system. To use write:

1. SSH to <username>@<hostname> and login with your username and password.

2. Issue the following command to find out who is logged onto the system:

$ who

3. Issue the following command to talk to a specific user:

$ write <username>

4. Enter the message you'd like to send the user, followed by Ctrl+C to send. Press Ctrl+D to cancel.

Date

Reporting the time on the server

$ date

Reporting UTC time

$ date --utc

Getting the date in yyyy-MM-dd-hhmmss format

$ date="`date +%F-%H%M%S`"

Getting the year in four digits

$ year="`date +%Y`"

Getting the month in two digits

$ month="`date +%m`"

Getting the day of the month in two digits

$ day="`date +%d`"

Getting yesterday's date

$ date --date='1 day ago' +%Y-%m-%d

Converting Unix time (seconds since epoch)

For timestamp '1501370200':

$ date -d @1501370200 +%F-%H%M%S

Running timedatectl from systemd

There's a new command bundled with systmed:

# timedatectl

It reports on (and controls) how the system time is configured.

MySQL

Run mysql without authentication/authorisation

# service mysql stop
# mysqld_safe --skip-grant-tables &

Then you can connect without a password, e.g.:

# mysql -u root mysql

To stop the unauthenticated service:

# mysqladmin shutdown

Then restart a normal service:

# service mysql start

Logging all database queries

# vim /etc/mysql/my.cnf

In the [mysqld] section add:

log=/tmp/mysql.log

Then:

# service mysql restart

Watch the log with:

# tail -f /tmp/mysql.log

Dumping a MySQL database

You can dump the database into a file using:

$ mysqldump -h hostname -u user --password=password databasename > filename

Loading a MySQL database from a dump file

You can create a database using:

$ echo create database databasename | mysql -h hostname -u user -p

You can restore a database using:

$ mysql -h hostname -u user --password=password databasename < filename

Creating a MySQL user

# mysql -h localhost -u root --password=<password>
mysql> create user 'username'@'localhost' identified by '<password>';

Granting all MySQL user permissions

# mysql -h localhost -u root --password=<password>
mysql> grant all privileges on dbname.* to user@host;

Select domain name from email address

SELECT SUBSTR( email, INSTR( email, '@' ) + 1 )

Check if MySQL connection is encrypted with TLS/SSL

Check the SSL version in use:

show status like 'Ssl_version';

Or check the cipher in use:

show status like 'Ssl_cipher';

Apache

Maintaining .htaccess passwords

To add or modify the password for a user:

$ htpasswd /etc/apache2/passwd username

Configuring PHP session timeout in .htaccess

For a session timeout of 9 hours:

php_value session.cookie_lifetime 32400
php_value session.gc_maxlifetime 32400

Disabling PHP magic quotes in .htaccess

php_flag magic_quotes_gpc Off

Requiring HTTP Auth in .htaccess

AuthType Basic
AuthName "Speak Friend And Enter"
AuthUserFile /home/jj5/.htpasswd
Require valid-user

Restarting Apache

The hard way

$ sudo /etc/init.d/apache2 restart

The graceful way (avoids dropping active connections)

$ sudo apache2ctl graceful

Allowing directory browsing

To show directory index pages, in the apache config file:

<Directory /var/www/data>
  Options Indexes
</Directory>

C

Locating memset function

The memset function is in <string.h> as described in this article Using memset(), memcpy(), and memmove() in C

Links

PHP

Including a file relative to the including file

require_once( dirname( __FILE__ ) . '/relative/path/to.php' );

Enabling error reporting

error_reporting( E_ALL | E_STRICT );
ini_set( 'display_errors', 'On' );

Setting an error handler

set_error_handler( "error_handler", E_ALL | E_STRICT );
function error_handler( $error_code, $error_message, $error_file, $error_line, $error_context ) {
  // ...
}

Disable HTML content in var_dump

ini_set( 'html_errors', 'off' );

Report PHP modules

$ php -m

PHP Security Best Practices For Sys Admins

See Linux 25 PHP Security Best Practices For Sys Admins.

BASH scripting

For a primer on bash scripting see TFM: Erotic Fantasy: /bin/sh Programming.

Telling a script to run in bash

The first line of the file should be:

#!/bin/bash

Checking if a command-line argument was passed in

if [ -n "$1" ]; then
  echo "Missing parameter 1.";
  exit 1;
fi

Checking if a command-line argument was not passed in

if [ "$1" = "" ]; then
  echo "Missing parameter 1.";
  exit 1;
fi

Or:

if [ -z "$1" ]; then
  echo "Missing parameter 1.";
  exit 1;
fi

Checking command exit status

cd /my/path
if [ "$?" -ne "0" ]; then
  echo "Cannot change dir.";
  exit 1;
fi

Checking if a file does/doesn't exist

Check if file exists:

if [ -f "/my/file" ]; then
  cat /my/file
fi

Check if file doesn't exist:

if [ ! -f "/my/file" ]; then
  touch /my/file
fi

Checking if a directory does/doesn't exist

Check if directory exists:

if [ -d "/my/dir" ]; then
  rmdir /my/dir
fi

Check if directory doesn't exist:

if [ ! -d "/my/dir" ]; then
  mkdir /my/dir
fi

Deleting old backups

To keep only the latest five backups:

find . -maxdepth 1 -type f -printf '%T@ %p\0' | sort -r -z -n | awk 'BEGIN { RS="\0"; ORS="\0"; FS="" } NR > 5 { sub("^[0-9]*(.[0-9]*)? ", ""); print }' | xargs -0 rm -f

This script stolen from stackoverflow.

Requires GNU find for -printf, GNU sort for -z, GNU awk for "\0" and GNU xargs for -0, but handles files with embedded newlines or spaces.

Changing into the script's directory

cd "`dirname $0`"

Getting the absolute path of a relative path

readlink -f ./some/path

Creating a temp directory

dir=`mktemp -d` && cd $dir

Reading secret input from stdin

You can read a secret, such as a password, like this:

echo -n "Enter passphrase: "
stty -echo
read passphrase;
stty echo
echo ""

After running the above the secret will be in the $passphrase environment variable.

String replacements in bash

See the string manipulation doco. Basically, to replace first occurrence:

result=${var/find/replace}

To replace all occurrences:

result=${var//find/replace}

A practical example, get an ISO date and turn it into a path:

date="$(date +%Y-%m-%d)"
work_dir=${date//-//}

Sending a HEREDOC to a file

cat << EOF > /tmp/yourfilehere
These contents will be written to the file.
        This line is indented.
EOF

Bash case/switch statement

See using case statements, e.g.:

case $space in
[1-6]*)
  Message="All is quiet."
  ;;
[7-8]*)
  Message="Start thinking about cleaning out some stuff.  There's a partition that is $space % full."
  ;;
9[1-8])
  Message="Better hurry with that new disk...  One partition is $space % full."
  ;;
99)
  Message="I'm drowning here!  There's a partition at $space %!"
  ;;
*)
  Message="I seem to be running with an nonexistent amount of disk space..."
  ;;
esac

Using dotglob shopt to match dot-files

To enable dot-file matching in globs, set the dotglob shell option:

$ shopt -s dotglob

Stopping a script from running if it previously exited due to error

persistentDataDir=/var/lib/something
alarm() {
  touch $persistentDataDir/alarm
}
trap alarm ERR
[ -f $persistentDataDir/alarm ] && exit 1

Make sure only one instance of a script is running at a time

ephemeralDataDir=/var/run/something
unlock() {
  rmdir $ephemeralDataDir/lock
}
mkdir $ephemeralDataDir/lock || exit 1;
trap unlock EXIT

Sed

Find and replace with sed

To update the current file use '-i'. E.g.:

sed -i 's/search-text/replace-text/' file

Awk

Listing IP addresses in an Apache web log

awk '/GET \/path\/for\/url/ { print $1 }' /var/log/apache2/access.log | sort | uniq

Printing space-separated field

echo 'no no yes no' | awk '{print $3}'

Printing delimited field

echo 'no:no:yes:no' | awk -F ':' '{print $3}'

Subversion

Setting svn:externals from the command-line

See here.

To set an svn:externals from the command-line:

svn propset svn:externals 'rdfind-php https://www.progclub.org/svn/pcrepo/rdfind.php/branches/0.1' .
svn ci -m 'Adding svn:externals for rdfind-php...'
svn up

Or to use a file:

svn propset svn:externals -F svn.externals .

Setting svn:ignore from the command line

See here.

$ svn propset svn:ignore [file|folder] [path]

Or use a file and apply recursively:

$ svn propset svn:ignore -RF ./svn-ignore-list.txt .

Git

Showing status of working copy

git status

Showing repo history

git log

Showing remote repositories (including 'origin')

git remote -v

Handy git aliases

Save these to your ~/.gitconfig file.

For a nicer view of history than standard 'git log' -- colourful, one-line-per commit, etc:

 graph = !git log --all --graph --color --abbrev-commit --pretty=oneline

To show only the files that have changed, rather than the full line-by-line content:

 dif   = !git diff --name-status

IRC

Instructing ChanServ to op an admin

/msg ChanServ op #channel user

E.g.

/msg ChanServ op #gnurc jj5

Sub 'op' for 'deop' to remove op privilege.

C++

C++ books

Books I want

Books I own

Books I'm not reading

Books I've read

C++ blogs/articles

C++ performance tips

  • ++c can be faster than c++.
  • use const for everything that you possibly can.
  • use 'inline' when you need to define a function in a header. Typically only do that if it's small and the increase in code size from inlining is worth the cost to avoid the cost of a function call. For anything except trivially small functions you'll probably need to profile to know if it's worth it.
  • don't use registers.
  • const rarely affects performance.
  • debunking a number of C++ myths that won't die.
  • std::sort<> is typically faster than qsort() because it can avoid indirection at runtime.
  • if you've got parallelisation going on, you may be able to just replace a std::for_each with a parallel equivalent.
  • read about performance cost of RTTI (Run Time Type Information) and how to disable it
  • don't use dynamic_cast because it is slow (typeid is faster but still relies on RTTI)
  • prefer unique_ptr to shared_ptr when possible. unique_ptr has less overhead.
  • Which is better, static or dynamic linking?
  • Integer vs Floating-Point performance

systemd

systemd is an init system used in most Linux distributions to bootstrap the user space and manage all processes subsequently.

Following a service log

e.g. for bind9:

# journalctl -f -u bind9

or for everything:

# journalctl -f

System status

To see spawned services hierarchy:

# systemctl status

Or for a specific service e.g.:

# systemctl status networking

SaltStack

Running a command on specified minions

salt 'host' cmd.run 'update-locale'

Running a command on all minions

salt '*' cmd.run 'update-locale'

Listing active jobs

salt-run jobs.active

Listing available grains

salt 'example' grains.items

Listing available pillar

salt 'example' pillar.items

Reporting a grain value

e.g. for the 'mem_total' grain:

salt '*' grains.item mem_total

KDE

Running user login script (X11/XOrg/XWindows)

A way to run user login scripts which works for KDE Plasma (and apparently other X.Org Server X Window System environments) is to create a *.desktop file in ~/.config/autostart/. For example I have a ~/.config/autostart/ssh-add.desktop file with the following contents to register my SSH key in the SSH Agent:

[Desktop Entry]
Type=Application
Name=ssh-add
Comment=Adds my private key to my session.
Exec=/usr/bin/konsole -e 'ssh-add /home/$USER/.ssh/id_rsa'

VirtualBox

See here:

Install qemu if necessary:

# apt install qemu

Then you'll need to load the network block device module:

# rmmod nbd
# modprobe nbd max_part=16

Attach the .vdi image to one of the nbd you just created:

# qemu-nbd -c /dev/nbd0 drive.vdi

Now you will get a /dev/nbd0 block device, along with several /dev/nbd0p* partition device nodes.

# mount /dev/nbd0p1 /mnt

Once you are done, unmount everything and disconnect the device:

# qemu-nbd -d /dev/nbd0