- vi editor cheat sheet
- netstat
- netcat
- View Kernel IP routing table
- tcpdump
- tcpping
- Creating users, group and assigning users to groups
- Assign Sudo Permissions
- User Accounts
- Special Variable Types in advanced bash scripting
- Viewing logs with dmesg
- Cron job
- SCP
- PATH
- Symlink
- Block IP iptables command
- CURL
- Identify Linux flavour
- LSOF
- DNS Cahce
- MAC DNS Cache Flush
- Daily usage
- network troubleshooting
- Change Source repo list
- umask
- Disk IO check
- Network
- Process Priority using Nice
- How do I measure separate CPU core usage for a process
- YAML-basics
- Print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships
-
You can use 1-65,535 ports on your system in which first 1024 are root privileged.
-
So Instead of finding the free port, you can get list of used ports using below command
netstat -tunlep | grep LISTEN | awk '{print $4}'-
Then you can use any port from 1-65535 except those ports.
-
Display the kernel routing tables, show numerical addresses instead of trying to determine symbolic host, port or user names.
netstat -rnExplanation: The -r option specifies that you want the routing table. The -n option is similar to that of the route command.
- To we can also view by using
route -nExplanation: The -n option means that you want numerical IP addresses displayed, instead of the corresponding host names.
Note: You need to be root to execute route.- You can also use the below command to see the ports used
List out all connections - netstat -a List only TCP or UDP connections - netstat -at (t = tcp) / netstat -au (u = udp) Disable reverse dns lookup for faster output - netstat -ant List out only listening connections - netstat -tnl Get process name/pid - sudo netstat -nlpt Get process username/uid - sudo netstat -ltpe Print statistics - netstat -s Display kernel routing information - netstat -rn Print network interfaces - netstat -i Print network interfaces in human friendly format - netstat -ie Get netstat output continuously - netstat -ct Display multicast group information - netstat -g Print active connections - netstat -atnp | grep ESTA To watch a continous list of active connections - watch -d -n0 "netstat -atnp | grep ESTA" Check if a service is running - sudo netstat -aple | grep ntp -
-
Show NAT iptable rules:
$ iptables -t nat -L -n -v -
Show nat table: netstat-nat command display the natted connections on a Linux iptable firewall:
$ netstat-nat -n -
Show source network address translation(SNAT):
$ netstat-nat -SThe fuser command is a very smart unix utility used to find which process is using a file, a directory or a socket. It also gives information about the user owning the process and the type of access. The fuser tool displays the process id(PID) of every process using the specified files or file systems.
# Check Processes Using TCP/UDP Sockets $ fuser 80/tcp # Kill Processes that are Using a particular Program $ fuser -k Port_Number/tcp or $ kill -9 $(fuser 80/tcp 2>/dev/null) or $ kill -s TERM <PID>
- Test if a port on a remote system is reachable (without telnet)
Single port: nc -zv 127.0.0.1 80 Multiple ports: nc -zv 127.0.0.1 22 80 8080 Range of ports: nc -zv 127.0.0.1 20-30 - Test if a port on a remote system is reachable with bash:
(echo >/dev/tcp/<hostname>/<port>) &>/dev/null && echo "Open <port>" || echo "Close <port>"
- Test if a port on a remote system is reachable with telnet:
telnet <hostname> <port>
- Capture packets from a particular ethernet interface using tcpdump -i
tcpdump -i eth0 - Capture only N number of packets using tcpdump -c
tcpdump -c 2 -i eth0 - Display Captured Packets in ASCII using tcpdump -A
tcpdump -A -i eth0 - Display Captured Packets in HEX and ASCII using tcpdump -XX
tcpdump -XX -i eth0 - Capture the packets and write into a file using tcpdump -w
tcpdump -w 08232010.pcap -i eth0 - Reading the packets from a saved file using tcpdump -r
tcpdump -tttt -r data.pcap - Capture packets with IP address using tcpdump -n
tcpdump -n -i eth0 - Capture packets with proper readable timestamp using tcpdump -tttt
tcpdump -n -tttt -i eth0 - Read packets longer than N bytes
tcpdump -w g_1024.pcap greater 1024 - Receive only the packets of a specific protocol type
tcpdump -i eth0 arp - Read packets lesser than N bytes
tcpdump -w l_1024.pcap less 1024 - Capture packets for particular destination IP and Port
tcpdump -w xpackets.pcap -i eth0 dst 10.181.140.216 and port 22 - Capture packets for particular destination IP and Port
tcpdump -w xpackets.pcap -i eth0 dst 10.181.140.216 and port 22 - Capture TCP communication packets between two hosts
tcpdump -w comm.pcap -i eth0 dst 16.181.170.246 and port 22 - tcpdump Filter Packets – Capture all the packets other than arp and rarp
tcpdump -i eth0 not arp and not rarp - tcpdump source to destination packet tracing
tcpdump '(src x.x.x.x and dst x.x.x.x)
Example:
tcpdump '(src 10.0.0.1 and dst 172.32.0.2) or (src 10.0.10.183 and dst 10.0.0.1) or (src 10.0.0.1 and dst 10.0.10.183) or (src 172.32.0.2 and dst 10.0.0.1)'
-
To install tcptraceroute on Debian/Ubuntu:
apt-get install tcptraceroute -
To install tcptraceroute on CentOS/REHL, first set up RepoForge on your system, and then:
yum install tcptraceroute -
Download tcpping from the web.
cd /usr/bin wget http://www.vdberg.org/~richard/tcpping chmod 755 tcpping -
To measure network latency by using tcpping, simply run it as follows.
tcpping <fqdn>/<ip> <portnumber> example: tcpping example.com 443
cat filename > /dev/clipboard
- Paste content from clip board to file
cat /dev/clipboard > file
cat /etc/passwd
more /etc/passwd
less /etc/passwd
awk -F':' '{ print $1}' /etc/passwd
Output of a word in a line
awk '/hello/{print $2}' -
Creating user and assigning password
useradd username passwd -
Create a User with Different Home Directory
useradd -d /apps/test test -
Change password of a different user (where user is the username for the password you are changing)
passwd <username> -
Creating a group
groupadd group_name groupadd -g 60002 schoolmates -
Attaching users to group
gpasswd -a username which_group_to_edit gpasswd --members username_1,username_2 which_group_to_edit -
Add exisisting user to group
sudo usermod -a -G group user_name -
Make a group as the primary group
# Check which group is primary sudo id <username> # Change group sudo usermod -g <group> <username> # verify if the group is primary sudo id <username>
a. Open visudo
b. Add user under below line
### Allow root to run any commands anywhere
root ALL=(ALL) ALL
user ALL=(ALL) NOPASSWD: ALL
Output:
[test@instance-1 ~]$ sudo ls
[test@instance-1 ~]$
$ visudo
## Allows people in group wheel to run all commands
# %wheel ALL=(ALL) ALL
</pre></code>
Enable wheel by uncommenting it
<pre><code>
usermod -aG wheel USERNAME
sudo whoami
a. Open visudo or /etc/sudoers
b. Add the line
# Disable "ssh hostname sudo <cmd>", because it will show the password in clear.
# You have to run "ssh -t hostname sudo <cmd>".
#
#Defaults requiretty
Defaults !requiretty
1. Add users to /etc/security/access.conf
2. Create a file for group in /etc/sudoers.d/ -- > example_group
3. Add the below content to example_group file
```
# User rules for
+example_group_users ALL=(ALL) PASSWD: ALL
+service_account_group ALL=(ALL) NOPASSWD:ALL
```
User account lock, unlock, password disable check, check expiry date of account and user shell is set to a valid shell or not
- Lock a user to login in to system
sudo passwd -l username sudo grep nagios /etc/shadow o/p: nagios:!!:17626:0:99999:7::: - Check if the password is disabled by viewing /etc/shadow file for user entry.
grep ‘username’ /etc/shadow
note: if you are able to see ! in the second field starting that indicates that password is disabled, you have to enable it back by using passwd with -u option
-
Unlock account
passwd -u username Unlocking password for user temp. passwd: Success -
Delete password
passwd -d username Example: passwd -d temp Removing password for user temp. passwd: Success- Once you are done with this change the password field in /etc/shadow field is changed to empty so that without password you can login from any machine to the local machine.
-
Check if the user expiry date is reached or not by using chage command
chage -l username Example chage -l username Last password change : Jan 05, 2012 Password expires : never Password inactive : never Account expires : Jan 01, 2012 Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7 -
To set the password to never expire.
chage <username> -
Check if the user shell is set to a valid shell or not, if it’s not set it to a valid one.
grep ‘username’ /etc/passwd Example: grep ‘surendra’ /etc/passwd If the user shell in seventh feild is set to /sbin/nologin or /bin/false set it back to /bin/bash or /bin/ksh usermod -s /bin/bash usrename usermod -s /bin/bash surendra -
Disable automatic password change after x-no.of days
chage -I -1 -m 0 -M 99999 -E -1 <username>
| Special Parameters | Description |
|---|---|
| $# | Stores the number of command-line arguments that were passed to the shell program. |
| $? | Stores the exit value of the last command that was executed. |
| $0 | Stores the first word of the entered command (the name of the shell program). |
| $* | Stores all the arguments that were entered on the command line ($1 $2 ...). |
| "$@" | Stores all the arguments that were entered on the command line, individually quoted ("$1" "$2" ...). |
Examples
$# = 3
$* = -yes -no /home/username
$@ = array: {"-yes", "-no", "/home/username"}
$0 = ./command, $1 = -yes etc.
Bash scripting operations
| Operator | Description |
|---|---|
| ! EXPRESSION | The EXPRESSION is false. |
| -n STRING | The length of STRING is greater than zero. |
| -z STRING | The lengh of STRING is zero (ie it is empty). |
| STRING1 = STRING2 | STRING1 is equal to STRING2 |
| STRING1 != STRING2 | STRING1 is not equal to STRING2 |
| INTEGER1 -eq INTEGER2 | INTEGER1 is numerically equal to INTEGER2 |
| INTEGER1 -gt INTEGER2 | INTEGER1 is numerically greater than INTEGER2 |
| INTEGER1 -lt INTEGER2 | INTEGER1 is numerically less than INTEGER2 |
| -d | FILE exists and is a directory. |
| -e | FILE exists. |
| -r | FILE exists and the read permission is granted. |
| -s | FILE exists and it's size is greater than zero (ie. it is not empty). |
| -w | FILE exists and the write permission is granted. |
| -x | FILE exists and the execute permission is granted. |
| -f | FILE exists. |
Ex:
while IFS='' read -r something_path || [[ -n "$something_path" ]]; do
something_full_name=$(basename ${something_path})
if [ -f ${DESTINATION_PATH}/${something_full_name} ];
blah
blah
fi
done < "something_list.txt"
- IFS takes the list from something_list.txt read the file until the whitespace and store it in something_path and check if the file is empty or not.
- If the file has the content it moves to the if condition
- if condition checks whether it is a file or not and then excutes the condition
The dmesg command prints the kernel ring buffer. By default, the command will display all messages from the kernel ring buffer.
As you can see there are 5 stars. The stars represent different date parts in the following order:
- minute (from 0 to 59)
- hour (from 0 to 23)
- day of month (from 1 to 31)
- month (from 1 to 12)
- day of week (from 0 to 6) (0=Sunday)
- Execute every minute
If you leave the star, or asterisk, it means every. Maybe that's a bit unclear. Let's use the the previous example again:
* * * * * /bin/execute/this/script.sh
-
For the first (minute) field, you can also put in a keyword instead of a number:
@reboot Run once, at startup @yearly Run once a year "0 0 1 1 *" @annually (same as @yearly) @monthly Run once a month "0 0 1 * *" @weekly Run once a week "0 0 * * 0" @daily Run once a day "0 0 * * *" @midnight (same as @daily) @hourly Run once an hour "0 * * * *" -
Leaving the rest of the fields empty, this would be valid:
@daily /bin/execute/this/script.sh
- Ref
- Copy the file "foobar.txt" from a remote host to the local host
$ scp your_username@remotehost.edu:foobar.txt /some/local/directory - Copy the file "foobar.txt" from the local host to a remote host
$ scp foobar.txt your_username@remotehost.edu:/some/remote/directory - Copy the directory "foo" from the local host to a remote host's directory "bar"
$ scp -r foo your_username@remotehost.edu:/some/remote/directory/bar - Copy the file "foobar.txt" from remote host "rh1.edu" to remote host "rh2.edu"
$ scp your_username@rh1.edu:/some/remote/directory/foobar.txt \ your_username@rh2.edu:/some/remote/directory/ - Copying the files "foo.txt" and "bar.txt" from the local host to your home directory on the remote host
$ scp foo.txt bar.txt your_username@remotehost.edu:~ - Copy the file "foobar.txt" from the local host to a remote host using port 2264
$ scp -P 2264 foobar.txt your_username@remotehost.edu:/some/remote/directory - Copy multiple files from the remote host to your current directory on the local host
$ scp your_username@remotehost.edu:/some/remote/directory/\{a,b,c\} . $ scp your_username@remotehost.edu:~/\{foo.txt,bar.txt\} . - scp Performance: By default scp uses the Triple-DES cipher to encrypt the data being sent. Using the Blowfish cipher has been shown to increase speed. This can be done by using option -c blowfish in the command line.
$ scp -c blowfish some_file your_username@remotehost.edu:~ - It is often suggested that the -C option for compression should also be used to increase speed. The effect of compression, however, will only significantly increase speed if your connection is very slow. Otherwise it may just be adding extra burden to the CPU. An example of using blowfish and compression:
$ scp -c blowfish -C local_file your_username@remotehost.edu:~
- Appending something to PATH, instead of overriding it
PATH="$PATH:<path>" - You may set
$PATHpermanently in 2 ways. - To set path for particular user : You may need to make the entry in .bash_profile in home directory in the user.
- Example in my case I will set java path in tomcat user profile
[tomcat]$ echo "export PATH=$PATH:/path/to/dir" >> /home/tomcat/.bash_profile - To set common path for ALL system users, you may need to set path like this :
$ echo "export PATH=$PATH:/path/to/dir" >> /etc/profile
- Create symlink
ln -s /path/to/file /destination/ - Delete symlink
unlink mySymLink
- To block an IP
# iptables -A INPUT -s 65.55.44.100 -j DROP # service iptables save-A or --append -s, --source address -j, --jump target -p, --protocol protocol -D, --delete chain rule-specification -D, --delete chain rulenum - Block an IP with port number
iptables -A INPUT -s 65.55.44.100 -p tcp --destination-port 443 -j DROP service iptables save - Unblock an IP
# iptables -D INPUT -s 65.55.44.100 -p tcp --destination-port 443 -j DROP # service iptables save
- Insecure way to pull
curl -k www.google.com - Secured way with certificate
curl --cacert localmachine.pem:<if_there_is_a_pass> https://www.google.com - Secure way with trace-time
curl -v --trace-time localmachine.pem:<if_there_is_a_pass> https://www.google.com - Secured way with total time take for the request
- Create a file curl.txt
time_namelookup: %{time_namelookup}\n
time_connect: %{time_connect}\n
time_appconnect: %{time_appconnect}\n
time_pretransfer: %{time_pretransfer}\n
time_redirect: %{time_redirect}\n
time_starttransfer: %{time_starttransfer}\n
----------\n
time_total: %{time_total}\n
- Make a request
curl -w "@curl.txt" -o /dev/null -s "http://wordpress.com/"
Or on Windows, it's...
curl -w "@curl.txt" -o NUL -s "http://wordpress.com/"
- Secured way with cert
curl -w "@curl.txt" --cacert localmachine.pem https://www.google.com"
- To see Access-Control-Allow-Origin header
curl -s -D - -H "Origin: http://example.com" https://api.example.com/my-endpoint -o /dev/null
- To test Preflighted requests, add
-Xoption
curl -s -D - -H "Origin: http://example.com" -X OPTIONS https://api.example.com/my-endpoint -o /dev/null
- Options:
- -s or --silent: Silent or quiet mode. Don't show progress meter or error messages.
- -D:
--dump-header <filename>(HTTP FTP)Write the received protocol headers to the specified file. This option is handy to use when you want to store the headers that an HTTP site sends to you. Cookies from the headers could then be read in a second curl invocation by using the-b,- -cookieoption! The -c, --cookie-jar option is a better way to store cookies. - -o or --output:
- -H or --header: Extra header to include in the request when sending HTTP to a server. You may specify any number of extra headers.
- -X or --request: Specifies a custom request method to use when communicating with the HTTP server. The specified request method will be used instead of the method otherwise used (which defaults to GET).
cat /proc/version
- Use lsb_release command To find out Linux distribution name and version - LSB (Linux Standard Base)
lsb_release -a - Once you know that you are running Red Hat for example, you can get to the point with:
cat /etc/redhat-release Debian: cat /etc/debian_version General : cat /etc/*-release - Also you could use the following command
cat /etc/issue
-
LSOF: List Open Files
# lsof bash: lsof: command not found # yum install lsof -
If you want to find out which process is using particular file you can use below command.
lsof /var/log/messages -
Open Files Under Particular Directory – lsof command
# lsof +D /etc -
specify particular command/process name to find associated open files using lsof command -c
lsof -c systemd -
List All Processes using particular Mount Point
# lsof /home # lsof +D /home/ -
See all Opened files and Processes of User
# lsof -u user -
Exclude Particular User Opened files and PIDs
lsof -u ^user -
Repeat lsof command multiple times
# lsof -u user -c sshd -a -r10 -
List All IPv4 and IPv6 Network Files
# lsof -i4 -- List All IPv4 # lsof -i6 -- List All IPv6 Network open files -
Find which program is using the particular port number, this option is mostly useful if you would like to find out what are the programs accessing port number
# lsof -i TCP:80 -a -i UDP:80 -
List Connections to a specific host
# lsof -i@IP-Address -
In real time i use below commands to kill and clear disk space. Below commands can save your life when your running out of disk space. Example is “/” Slash partition is full and i could not able to trace what are the files are using space. Using find command you can find under “/” but those files are deleted but there PID are still in process queue. Without restarting services or server you can simply clear all deleted .TMP files.
# lsof |grep deleted ##To check deleted Temp Files # lsof |grep deleted |grep ".TMP" | awk '{ print $2 }' | xargs kill -9 ##Clear Temp Files by killing PID's # lsof |grep deleted |grep ".TMP" |awk '{print $9}' | xargs rm -f ##To delete Temp Files -
lsof port check
lsof -i -P -n | grep LISTEN -
lsof command options below
-a AND selections -b avoid kernel blocks -c c cmd c ^c /c/[bix] +c w COMMAND width (9) +d s dir s files -d s select by FD set +D D dir D tree -i Select IPv[46] files -K List tasks -l List UID numbers -n No host names -N Select NFS files -o List file offset -O No overhead *RISKY* -P No port names -R list parent PID -s List file size -t Terse listing -T Disable TCP/TPI info -U Select Unix socket -v List version info -V Verbose search +|-w Warnings -X Skip TCP&UDP* files -Z SELinux Context +f|-f +filesystem or -file names -F [f] select fields; +|-M Port-map registration -p s Exclude(^)|selected PIDs -S [t] t second stat timeout (15) -s p:s exclude(^)|select protocol (p = TCP|UDP) states by name(s). -u s exclude(^)|select login|UID set s -
list open files without lsof with pid
ls -l /proc/<pid>/fd |wc -l
-
How to get the pid
ps -ef # or netstat -tnlp
lsof -p <pid> | wc -l
-
- Ubuntu doesn't cache dns records by default so unless you've installed a dns cache there isn't anything to clear. It you want Ubuntu to start caching dns I recommend installing pdnsd together with resolvconf .
Flushing DNS on Ubuntu 18.04 LTS $ systemd-resolve --statistics $ systemd-resolve --flush-caches - If the above doesnot work check if systemd has nscd.
locate systemd | grep nscd - If nscd present run the below command.
$ systemctl restart nscd
$ sudo dscacheutil -flushcache;sudo killall -HUP mDNSResponder;say cache flushed
- Start copying file to a different backup folder by appending the file name with bamboo previous release number and the date the file is moved. Remove command will only maintain recent 10 files in the backup folder.
cp -pr nohup.out /backups/nohup-${bamboo.deploy.release.previous}-$(date +%F-%H:%M).out rm -rf $(ls -1t /backups | tail -n +11) - Displaying current day Files Only
ls -al --time-style=+%D | grep $(date +%D) - If domainname doesnot match between nslookup and domainname command.
- Update the sysctl.conf file
vi /etc/sysctl.conf file - Forwarding a particular standard output to a standard input using grep
nginx -V 2>&1 | tr -- - '\n' | grep _module Output: http_addition_module http_auth_request_module http_dav_module http_flv_module http_gunzip_module http_gzip_static_module http_mp4_module http_random_index_module http_realip_module http_secure_link_module http_slice_module http_ssl_module http_stub_status_module http_sub_module http_v2_module mail_ssl_module stream_realip_module stream_ssl_module stream_ssl_preread_module
- Navigate to
/etc/aptlook for/etc/apt/sources.listor incase of docker look for/etc/apt/sources.list.ddirectory
| Octal value | Permission |
|---|---|
| 0 | read, write and execute |
| 1 | read and write |
| 2 | read and execute |
| 3 | read only |
| 4 | write and execute |
| 5 | write only |
| 6 | execute only |
| 7 | no permissions |
-
if umask is set to 077, the permission can be calculated as follows:
Bit Targeted at File permission 0 Owner read, write and execute 7 Group No permissions 7 Others No permissions -
TASK: CALCULATING THE FINAL PERMISSION FOR FILES: You can simply subtract the umask from the base permissions to determine the final permission for file as follows:
666 – 022 = 644- File base permissions : 666
- umask value : 022
- subtract to get permissions of new file (666-022) : 644 (rw-r–r–)
-
TASK: CALCULATING THE FINAL PERMISSION FOR DIRECTORIES: You can simply subtract the umask from the base permissions to determine the final permission for directory as follows:
777 – 022 = 755- Directory base permissions : 777
- umask value : 022
- Subtract to get permissions of new directory (777-022) : 755 (rwxr-xr-x)
-
Limitations of the umask
- The umask command can restricts permissions.
- The umask command cannot grant extra permissions beyond what is specified by the program that creates the file or directory. If you need to make permission changes to existing file use the chmod command.
-
umask and level of security: The umask command be used for setting different security levels as follows:
umask value Security level Effective permission (directory) 022 Permissive 755 026 Moderate 751 027 Moderate 750 077 Severe 700
-
IO stat for a mount
iostat /dev/mapper/appvg-apps_lv
# output Linux 2.6.32-754.25.1.el6.x86_64 (VA10PLVPOS322.wellpoint.com) 02/17/2020 _x86_64_ (8 CPU) avg-cpu: %user %nice %system %iowait %steal %idle 2.18 0.02 0.53 0.09 0.00 97.18 Device: tps Blk_read/s Blk_wrtn/s Blk_read Blk_wrtn dm-2 6.26 15.48 35.37 10441066 23850272 Mon Feb 17 11:47:12 EST 2020 -
ddcommand taking the usage using a single file (It is used to monitor the writing performance of a disk device on a Linux and Unix-like system) Referencedd if=/dev/zero of=diskbench bs=1M count=1024 oflag=dsync # output 1024+0 records in 1024+0 records out 1073741824 bytes (1.1 GB) copied, 6.5731 s, 163 MB/s
- if=/dev/zero (if=/dev/input.file) : The name of the input file you want dd the read from.
- of=/tmp/test1.img (of=/path/to/output.file) : The name of the output file you want dd write the input.file to.
- bs=1G (bs=block-size) : Set the size of the block you want dd to use. 1 gigabyte was written for the test. Please note that Linux will need 1GB of free space in RAM. - If your test system does not have sufficient RAM available, use a smaller parameter for bs (such as 128MB or 64MB and so on).
- count=1 (count=number-of-blocks): The number of blocks you want dd to read.
- oflag=dsync (oflag=dsync) : Use synchronized I/O for data. Do not skip this option. This option get rid of caching and gives you good and accurate results
- conv=fdatasyn: Again, this tells dd to require a complete “sync” once, right before it exits. This option is equivalent to oflag=dsync.
- Check the network usage based on ethernet interface
cat /proc/net/dev
ps -p <PID> -L -o pid,tid,psr,pcpu
# PSR is CPU id the thread is currently assigned to.
#Output
PID TID PSR %CPU
118459 118459 0 0.1
118459 118465 3 0.0
118459 118466 0 0.0
118459 118467 1 0.0
118459 118556 0 0.0
118459 118563 0 0.0
118459 118579 0 0.5
118459 118606 0 0.5
118459 118608 2 0.5
118459 118609 1 0.5