Tag Archives: Command line

chattr and lsattr – protecting Linux Files

Lets say you have a public folder in your firm and you want everyone to edit the files in that folder except of one. how would you go about protecting that file?

Lets add to the equation the fact that you have scripts running as root on the folder and you want them not to be able to touch that file. any ideas?

That’s where chattr and lsattr step in, they manage special attributes for files under ext2 and ext3, and the one I’m referring to here is the ‘i’ setting – immutable, for a sample:

lets create a file:
echo `date` > filename

as root do:
chattr +i filename

And that’s it,you cant delete the file, move it, rename it, or save into it any changes, until you remove the ‘i’ settings from it.

So next time you find a file that you cannot modify or delete even as root, check it with lsattr, to make sure its not protected in some other way.

A short update – This will not work on NFS mounted file systems,
you will get the following error:
lsattr: Inappropriate ioctl for device While reading flags on

Technorati Tags: ,

Linux Commands – Top 20 Most Used

Installing linux on ps3

The history file is a log file of your last used commands on the Linux server,
It can be found in your home directory and is called .bash_history (with the “.” in the start).
You can either read the file itself to see its content, or use the command history which will do the same thing.

When looking at my history files on my Linux servers,
I can see maybe 20 Linux commands which I keep using over and over,
They are the most important tools of my work, and I recommend learning them well to any starting Linux sysadmin.

Files and Directories Management

  • ls – Lists files and directories content, I usually use “ls -la” to have a long listing with all the details and hidden files
  • cd – move from the current directory to a different folder
  • pwd – lists your current location
  • mv – this command can either change the name of a file, or move it to a different location.
  • locate – find any file on the Linux server, to get an updated index of files (if for example you just installed a whole bunch of RPM’s) run the command updatedb
  • ln – create a shortcut to a file or folder
  • tar – create or extract files out of a storage file. with the correct arguments it will also compress the files

Editing and Viewing

  • tail – lists the last 10 lines of a file, but you tell tell it to show any number of last lines
  • vi – the best command line editing software :)  a little hard to learn how to work this one at first, buts its worth the effort
  • cat – list the content of the file. better know how long is the file you are running this command on, or you will get a very long scrolling of lines that will fill up your screen

A Very Good Linux Administration Book

Network

  • nslookup – very important networking tool – this will show you where a DNS name is pointing – to which IP or to another DNS
  • wget – get a file from the web from the command line – if you need to download some RPM directly to the command line without a browser, this is the command you need
  • ping – I think its one of the most used commands, you can check the time it takes you to get via the network to a remote server, whether that server is available, how many packets are getting to the server, etc

Installing linux on ps3

General

  • history – lists the last used commands on your Linux server
  • make – when compiling a software from source, this command will create the binaries
  • id – who am I right now? besides the philosophical angle, this command will show you as which user you will be running commands, I use this to check what is my status, and then sudo to the user I need
  • sudo – execute a command as another user – although  usually use it to change to root
  • ps – list the running processes on the server, it give more info like the process id, the parent process id, running time and much more
  • man – displays a manual page, whenever you are not sure about a specific command or config file, you should run “man command” to get info about it. to search the man database use “whatis command” to find which man file has the info you need
  • df – report file system disk space usage, use “df -h” to get a human formatted listing

Installing linux on ps3

Technorati Tags: , , ,

Linux Hardware Info

linux hardware listing image

Finding information about the hardware installed on your Linux server is easier then you might think.
The Linux server comes installed with some very nice command line tools to help you list all the linux hardware information you need.
lets start with the basic tool: dmesg

Startup Log

you can either run the command dmesg or read the log itself at: “cat /var/log/dmesg”

this logs will show you the bootup process messages your Linux server had sent out in its last boot, and all the hardware it had recognized. a lot more info is listed – for example the network card running state:

[root@localhost /]# dmesg | grep eth
eth0: registered as PCnet/FAST III 79C973
eth0: link up, 100Mbps, full-duplex
eth0: no IPv6 routers present

this command gives you the network card status and if its in full or half duplex mode, for example.

List PCI Devices

the command lspci will list your PCI devices on your system – mainly information about which motherboard is installed, what is your network card maker and which video device.
sample output:

[root@localhost /]# lspci
00:00.0 Host bridge: Intel Corporation 440FX – 82441FX PMC [Natoma] (rev 02)
00:01.0 ISA bridge: Intel Corporation 82371SB PIIX3 ISA [Natoma/Triton II]
00:01.1 IDE interface: Intel Corporation 82371AB/EB/MB PIIX4 IDE (rev 01)
00:02.0 VGA compatible controller: InnoTek Systemberatung GmbH VirtualBox Graphics Adapter
00:03.0 Ethernet controller: Advanced Micro Devices [AMD] 79c970 [PCnet32 LANCE] (rev 40)

List Bios Info

the command dmidecode will list the SMBios info,
which should give you a lot of details on the installed Bios – but its not 100% reliable,
it wont only tell you what exactly is installed, but it might also tell you whats the fastest CPU that can be attached to the mother board, not what really is there.
a sample output:

Handle 0x0000, DMI type 0, 20 bytes.
BIOS Information
Vendor: innotek GmbH
Version: VirtualBox
Release Date: 12/01/2006
Address: 0xE0000
Runtime Size: 128 kB
ROM Size: 128 kB
Characteristics:
ISA is supported
PCI is supported
Boot from CD is supported
Selectable boot is supported
8042 keyboard services are supported (int 9h)
CGA/mono video services are supported (int 10h)
ACPI is supported

List All Your Linux Hardware Devices

a very thorough listing of all the devices attached to the computer including the Plug-n-Play devices is listed through the command lshal, for example everything you wanted to know about my mouse and more:

udi = ‘/org/freedesktop/Hal/devices/pnp_PNP0f03′
info.udi = ‘/org/freedesktop/Hal/devices/pnp_PNP0f03′  (string)
linux.subsystem = ‘pnp’  (string)
linux.hotplug_type = 1  (0x1)  (int)
info.product = ‘Microsoft PS/2-style Mouse’  (string)
pnp.description = ‘Microsoft PS/2-style Mouse’  (string)
pnp.id = ‘PNP0f03′  (string)
info.linux.driver = ‘i8042 aux’  (string)
info.parent = ‘/org/freedesktop/Hal/devices/computer’  (string)
info.bus = ‘pnp’  (string)
linux.sysfs_path_device = ‘/sys/devices/pnp0/00:04′  (string)
linux.sysfs_path = ‘/sys/devices/pnp0/00:04′  (string)

Test Harddisk Transfer Speed

this cute command line will tell you whats your hard-disk speed is, of course you need to know what hard-disks you have first:

[root@localhost /]# hdparm -t -T /dev/hda
/dev/hda:
Timing cached reads:   7680 MB in  1.99 seconds = 3868.01 MB/sec
Timing buffered disk reads:  148 MB in  3.00 seconds =  49.33 MB/sec

USB Devices

just like lspci the command lsusb will list your USB devices:

[root@localhost /]# lsusb
Bus 001 Device 001: ID 0000:0000
Bus 002 Device 001: ID 0000:0000

So these are some good command line tools to list all you Linux Hardware info, but check out my post about Linux Server Information which explains how to use cfg2html to easily extract all this information and more at once.

Image by Jeff Kubina


Technorati Tags: , ,

check smtp from commnad line

telnet smtp command line image

When working with Linux servers, you need to get mails from them,
they like to alert you on different issues like “help – im dying from lack of space” etc.

mail forwarding

you can easily setup mail forwarding in your sendmail through an external mail server.
all the sendmail config files are in /etc/mail.
edit the mailertable file and add a line like this:

domain    smtp:company_mail_server

for example – lets say you work for data.com and you want to send mails to the data.com domain from your Linux machine through the data.com mail server which is called mail.data.com, so your line in mailertable should be:

data.com    smtp:mail.data.com

test mail

to check that your company mail server will actually allow you to forward mails through it, you need to connect to the smtp service and try to send a mail, this will work from the command line:

telnet mail.data.com 25

this will try to connect to the mail server smtp port and if there is no firewall problem then you should see something like 220 localhost.localdomain ESMTP Sendmail 8.13.8/8.13.8 as a reply.

at this point you try to send a mail through the server.

send mail from command line

telnet to the machine and copy paste this text after editing it:

helo domain_name
mail from: test@email
rcpt to: test@email
data
From: test@email
Subject: subject
whatever you want the mail to have in the body.
.

(the “.” in the end will finish the mail – dont forget it).

so lets explain:
helo domain_name – change the domain_name to your domain – data.com for example
mail from: the email you want the mail to look like it was sent from – test@data.com
rcpt to: who you want to get this test mail – admin@data.com
so the new updated test text would look like:

helo data.com
mail from: test@data.com
rcpt to: admin@data.com
data
From: test@data.com
Subject: test mail from command line
this is test number 1
sent from linux box
.

if there arent any permissions issues the mail server should show you something like: 250 2.0.0 n4CNnNPG003499 Message accepted for delivery

mail queue

there is another nice command line tool to show you whats your Linux server current mail queue: mailq:

[root@centos mail]# mailq
/var/spool/mqueue (1 request)
—–Q-ID—– –Size– —–Q-Time—– ————Sender/Recipient———–
n4CNnNPG003499        0 Wed May 13 02:49 test@email
(host map: lookup (email): deferred)
test@email
Total requests: 1

Technorati Tags: , ,

disable selinux

The new selinux mechanism provides many security policies through ACL management,
it wil greatly enhance your overall security on your server, and you can read some about it on wikipedia.
but when working on a development server it can slow work down, so sometimes disabling this feature is the best and fast option.
for example when your web server or php script wont delete a file it has full permissions on, this could be caused by selinux.

first check if selinux is enabled:

/usr/sbin/getenforce

will show you the current status for selinux.
the usage for the command is:

/usr/sbin/setenforce –help
usage: /usr/sbin/setenforce [ Enforcing | Permissive | 1 | 0 ]

and to disable it you can either run:

/usr/sbin/setenforce Permissive

or edit this file:
/etc/selinux/config
to set the selinux settings on boot.

Technorati Tags: , ,

proxy settings for the command line

  

When using applications from the command line,
you will sometimes need to setup a specific proxy for them to use, if you don’t have a direct access to the Internet from the server you are working on.

in some of these application you can setup this through the app switches itself, but simpler apps just use the system network settings.

to fix this you can first check what current settings you have now with:

ENV | grep -i proxy

this should show you the current proxy settings you have.

to add your own settings do:

export http_proxy=”http://<proxy-server-ip>:<port>”
export ftp_proxy=”http://<proxy-server-ip>:<port>”

for example:

export http_proxy=”http://192.168.0.10:8080″

after that, just run your command line app, it should pick up and use these settings.

   

 

Technorati Tags: , , ,

Check apache from command line

When working with web servers we sometimes need to test them and make sure we are getting what we need to get,
and to see what the web server is sending back including headers.
The simplest and fastest way to do that is through command line.

telnet to the web server port – (usually port 80) like this:
telnet yonitg.com 80

and then just paste:
GET / HTTP/1.1
Host: yonitg.com

and press “Enter” twice.

Your output should be something like this:

HTTP/1.1 200 OK
Date: Wed, 11 Mar 2009 00:09:53 GMT
Server: Apache/2.2.11 (Win32) DAV/2 mod_ssl/2.2.11 OpenSSL/0.9.8i mod_autoindex_color PHP/5.2.8 mod_perl/2.0.4 Perl/v5.10.0
Last-Modified: Fri, 21 Dec 2007 02:01:16 GMT
ETag: “200000001d649-ca-441c240f37300″
Accept-Ranges: bytes
Content-Length: 202
Content-Type: text/html

these are standard reply headers from the Apache server on my host,
after the headers you will see the rest of the reply from the web server, in my case:

<!DOCTYPE HTML PUBLIC “-//W3C//DTD HTML 4.01 Transitional//EN”
http://www.w3.org/TR/html4/loose.dtd“>
<html>
<head>
<title></title>
</head>
<body>
<h1>It works!</h1>
</body>
</html>

This way you don’t need a sniffer installed just to check if the web server is sane.
also from the linux command line you can also test this with:
GET http://yonitg.com
or
POST http://yonitg.com

the GET and POST command line apps are good tools to test http response,
they are part of the libwww-perl package.

Technorati Tags: , ,