Kill all procs owned by a user.
kill -9 `ps -u
% HEAD -USe http://www.asdf1234.com
You'll see the 302 redirect to http://qwerty.asdf1234.com
BUT, there are no response headers (even though there's some content:
"welcome to the information superhighway. please exit here."
When in doubt, Telnet (to port 80) and the HEAD/GET commands are your friends.
» dig @ns1.pairnic.com domainname.tld ANY
to see all the records associated with the domain (substitute A, MX, NS, etc. for ANY if you'd like).
You can also query the root servers directly, for example,
dig @A.GTLD-SERVERS.NET ableminds.com ANY
dig @B.GTLD-SERVERS.NET ableminds.com ANY
dig @M.GTLD-SERVERS.NET ableminds.com ANY
The caps aren't necessary for the root server host name.
batch convert .tiff files into .jpg files using linux tool "convert". very handy:
find . -name '*.tiff' | sed 's/.tiff$//' | while read x
do
echo working on $x
convert "$x.tiff" "$x.jpg"
done
If you want to see which subdirectory of your home directory is the largest, go to your home directory and enter,
du -sk *
dmidecode
should give you all your BIOS information and under "Base Board Information" should give you the manufacturer and other info
» vim scp://user@host/path/to/file
» nc localhost 8577
RFB 003.003
The server process responded with the RFB line. That's what you get
when you connect to a VNC server, just like you'd expect
"SSH-1.99-OpenSSH...." for an SSH server that supports v1 and v2.
Most network daemons will say something when you connect. You can
usually match the output (aka the banner) to a protocol or process.
» Proc tools «/usr/proc/bin» «tools for checking process activity»
pstack pid
pmap pid
pgrep pid
plimit pid
«plimit -n will change the file descriptor number to n number of file descriptors»
ptree pid
pfiles pid
» truss
truss -p «process number» «trace the output of the process»
truss -p -t open «process number»
truss -t!lwp_cond_wait -fp «pid»
truss -f -o steve.out bin/startDynamo -eight -l &
«-f = fork»
truss -c -p «process» «Counts traced system calls, faults, and signals rather
than displaying the trace line-by-line.»
truss -d -x all -v all -r all -w all -f -l -o tmp2.out -p 3341
» strings «binary file name»
«The strings utility looks for ASCII strings in a binary
file. A string is any sequence of 4 or more printing charac-
ters ending with a newline or a null character.»
» snoop «snoop the traffic on a port»
snoop -vV «port number»
snoop port 80
» ps «prints information about active processes.»
ps -efl | grep http
ps -ef | grep http
01000000 temporary file
02000000 compressed file
4000 Hidden file (setuid bit)
2000 System file (setgid bit)
1000 Archive bit (sticky bit)
0400 Individual read
0200 Individual write
0100 Individual execute (or list directory)
0040 Group read
0020 Group write
0010 Group execute
0004 Other read
0002 Other write
0001 Other execute
» find
find . -type f |xargs chmod g+w
find . -type d |xargs chmod g+rwx
The first finds all files under the cwd and adds group write. The 2nd
adds group read, write and execute, that being needed for group write
actually to work.
find . -name "pr*.htm" | wc -l
> exclude a directory (or two?), like, say, "logs/" ?
find . ! -name NameOfDirectoryToExclude | xargs grep -r '«pattern»' *
find / -type f > files.txt 2 > /dev/null
or
find / -type f |grep -v ~094~/proc/ > files.txt
or
find / -path '/proc' -prune -o -type f > files.txt
find . -type «ldf» «link,directory,file»
find . -type file -exec ls -la {} \;| cut -c31- | sort -k 5 >> out.log
find . -name *.cfg -exec grep www2 {} \;
find . -type f -name "*.pyc" -exec rm -fv {} \
find / -name " " -exec ls -aldQ {} ;
find . -type l -ls | more
find . -name "dnsurvey2.pl" -print «find file»
b Block special file
c Character special file
d Directory
f Plain file
p Named Pipe File
l Symbolic link
s Socket
It can be difficult to keep track of all of the symbolic links in a directory. The next command will find all of the symbolic links in your home directory, and print the files your symbolic links point to.
find . -type l -print | xargs ls -ld | awk '{print $10}'
This next example lists all files that are greater than 10,000 bytes, but less than 32,000 bytes:
find . -size +10000c -size -32000c -print
find / -type f -size +100000000 -print
If you want to find a file that is 7 days old, use the -mtime option:
find . -mtime 7 -print
An alternate way is to specify a range of times:
find . -mtime +6 -mtime -8 -print
Mtime is the last modified time of a file. You can also think of this as the creation time of the file, as Unix does not distinguish between creation and modification. If you want to look for files that have not been used, check the access time with the -atime argument. A command to list all files that have not be read in thirty days or more is
find . -type f -atime +30 -print
To delete all files over 30 days old:
find . -mtime +30 -exec rm {} \;
find /path/to/start/from -type f |xargs perl -pi -e 's/bad text/good text/g'
find /start/path -type f -iname '*htm*' |xargs perl -pi.bak -e 's/bad/good/g'
The above example only hits files with htm (or htM or HTM, etc.) in the name. It also keeps a copy of the old file with .bak appended to its name, just in case you outsmart yourself with the perl piece.
The first command is "find":
find /path/to/start/from -type f
The first parameter is the path name which is the directory where you want to start search for files that are candidates for substituion. The second paramater, "-type f" is selecting the "plain" files in the directory hierarchy specified by the first param. Plain files are most always the filetype you want to specify here (e.g. text files, as opposed to binary files or other special files in the Unix world).
The output of the find command is a list.
That output would normally appear on your terminal but instead Ian sent it to another command with the pipe operator ("|" symbol) which redirects the output to the next command...
which is "xargs":
xargs takes every line of output from that "find" command and invokes another command with each line (which is a pathname to a file) from that list . In this case, the perl program is being invoked:
perl -pi -e 's/bad text/good text/g'
The perl call involves a little bit of executable code as it's main parameter (discussed below). The first parameter is "-pi" which is actually two switches to enable options in the program. The first "p" creates hidden program code for you that performs a loop on the parameters you send to the perl program and embeds the code following the "-e" in this loop. IOW, the code following the "-e" is the thing you are trying to accomplish (find&replace). The "i" part of "-pi" makes a back up file with a standard name, which I believe is ".bak", however this backup extension can be customized, specified by you, too.
In this case, the perl program is only being handed one file name at a time, so the hidden loop is only executing one time, I believe.
The code that performs the substitution is marked with the preceding "-e":
s/bad text/good text/g
This is the "substitution" operator in Perl. Now, you can have the "bad text" and "good text" as a static strings however this is where the power of Perl and regexs really shine through. Grab your sunglasses. :) This is some dope shit. :) It has the capability of using Regular Expressions which are a programming language all to themselves. That way you can have a single "bad text" term perform advanced pattern-matching/-selecting patterns on the text stream. (as well as the replacement text too)
» ssh
ssh -L15521:212.111.43.24:1521 gruntle.com -l steve
ssh -L 2401:estratagema.com:2401 steve@estratagema.com
«port forwarding»
ssh -L 110:localhost:110 stephen@mail.bbemedia.com
ssh -L 110:localhost:110 -l stephen -N mail.bbemedia.com
you will have to be root on your machine to forward 110,
which is a priviledged port, but you can login to bbemedia
using your username and password. -N means, no command
prompt.
» mount / share
mount -F ufs /dev/dsk/c0t1d0s7 /export/home
mount -F nfs momar:/d1/vss/Rd/Godzilla/website/docs /d2/docs
share -F nfs -o ro /d1/vss/Rd/Godzilla/website/docs
rw=client«:client»...
pathname is shared read/write only to the listed
clients. No other systems can access pathname.
ro=client«:client»...
pathname is shared read-only only to the listed
clients. No other systems can access pathname.
«see /etc/vfstab for mount directives at boot time»
«see /etc/dfs/dfstab for share directives at boot time»
«also see dmesg | more for mount info»
dfshares «provides information about resources available to the host
through a distributed file system of type FSType»
dfmounts «shows the local resources shared through a distributed
file system FSType along with a list of clients that have
the resource mounted»
share «alone displays all current shares»
unshare «unshare a resource»
shareall «share all resources listed in /etc/dfs/dfstab»
unshareall «unshare all resources listed in /etc/dfs/dfstab»
showmount -a «lists all the clients that have remotely mounted a
filesystem from host»
» fuser - identify processes using a file or file structure
fuser displays the process IDs of the processes that are
using the files specified as arguments.
«useful with lsof»
fuser -n tcp «port»
«linux only»
netstat --inet -a -c|grep irc
» lsof «list open files»
lsof -iTCP:80 «what is using port 80»
lsof | grep 2003
lsof -p «pid» see it's open files
» at «xecute commands at a later time»
at -s now
at> sh -x /etc/init.d/dynamo start > /tmp/out.log 2>&1
» tcpflow
tcpflow -csv dst port 1521
tcpflow -csv dst port 80 and src 62.22.91.2
» rpcinfo - report RPC information «works for linux too»
» scp
scp classes-www2down.tar.gz mega:/d2
scp -r -p /d2/ATG mega:/d2
» top «provides system resource info»
» ifconfig «/usr/sbin/»
ifconfig -a «get IP info»
ifconfig hme0:1 down
ifconfig hme0 down
ifconfig hme0 192.168.150.70 up
ifconfig hme0:1 192.168.149.9 netmask 255.255.255.0 up
«see man pages for plumb/unplumb»
» netconfig
netconfig eth0
/etc/sysconfig/network-scripts/ifcfg-eth0 = config file for eth0 interface.
just change it and restart network daemon or use netconfig (recommended).
also check (just to be certain):
/etc/sysconfig/networking/devices/ifcfg-eth0
/etc/sysconfig/networking/profiles/default/ifcfg-eth0
in
/etc/sysconfig/network
you will also find things like
NETWORKING=yes
HOSTNAME=bbemedia
GATEWAY=69.43.154.1
» wget «URL» «ftp like deal to see what's coming down the pipe from HTTP etc»
also try
telnet localhost 80
GET /index.html
» nslookup -type=MX ableminds.com 140.174.41.20
«dns server to use»
nslookup
> server ns.sun.com
Default Server: ns.sun.com
Address: 192.9.9.3
> set type=mx
> arachna.com
> exit
» host -t MX arachna.com
» pwconv «password conversion--used after creating a user by
manually editing the passwd file. it puts an entry in shadow.»
» w / whodo «check what everyone's up to»
» uname «prints information about the current system»
uname -a «tell me everything about this machine»
uname -n «server name»
uname -r «OS release level»
» uptime «server status»
» whoami
» netstat «-i» «-rn»
netstat -ap
netstat -tap «ports in use»
«netstat displays the contents of various network-related
data structures in various formats, depending on the options
you select.»
netstat -rn «Routing Table»
netstat -an | grep 1521 | more «check connections to this server on port 1521»
netstat -fn inet «check the connections to this server IP and port»
netstat -i
netstat -a | grep smtp
» df «the df command displays the amount of disk space occupied by
mounted or unmounted file systems, the amount of used and
available space, and how much of the file system's total
capacity has been used»
df -ak
df -k
df -b «print the total number of kilobytes free.»
» du «writes to standard output the size of the
file space allocated to, and the size of the file space
allocated to each subdirectory of, the file hierarchy rooted
in each of the specified files»
du -sk «file name(s) or directory» «instead of the default output,
report only the total sum for each of the specified files»
» top «check processing load»
Sort by "P" will list by cpu usage
Sort by "M" will list by memory usage
» sh -x ./ > /tmp/log.out 2>&1 &
«-x will run a shell script in "debug mode" and print commands and
their arguments as they are executed.»
» vmstat - report virtual memory statistics
vmstat 5 «report every five seconds»
» sysinfo «sysinfo - get and set system information strings»
» dmesg | grep cpu «display processor speed»
«on solaris» dmesg is made obsolete by syslogd(1M) for maintenance
of the system error log.
dmesg looks in a system buffer for recently printed diagnos-
tic messages and prints them on the standard output.
tail -f /var/log/messages «location of main system log»
» sar «system activity reporter»
» Tar
if you specify a - for the
which would be handy for piping it through something like openssl to
encrypt it (not sure if openssl will actually encrypt stdin, but it's
worth a shot). once you have it encrypted, you could put that tar file
into another tar file that goes onto a tape or something...
if you're looking to tar up the stuff that's changed in the past day,
you could do something like:
tar cf
if you want to tar up files listed in another file:
tar cvf almazara.tar --files-from=deploy.txt
more handy stuff:
tar tvf htd1115.tar | grep college2
tar tvf docs.tar | grep ^d «display only directory names»
tar tvf /dev/rmt/1m «0m» «for tape archive»
tar xvpf ~duncan/archives/htd1115.tar htdocs/cybercash/college2
tar cvf - ns-home | (cd /fsys2 ; tar xvpf -)
get slackware.tar «where 'slackware' is the name of a directory'»
» zcat schema.tar.Z | tar -xvf -
«compress, uncompress, zcat» - compress, uncompress files or
display expanded files
» perldoc perldoc «Look up Perl documentation in pod format»
» installpatch . « install "this" patch » «2.5.x»
ftp://sunsolve.sun.com/pub
» patchadd «2.6 and above»
» pkgrm «remove packages from system»
» pkgadd -d «add packages to system»
» showrev -p «show the patches installed on the system»
» source custom.cshrc «see also . ./.kshrc for kshell and posix»
» clear «clear desktop»
» !«history number» repeats that command
» wall - write to all users. wall reads its standard input until an
end-of-file. It then sends this message to all currently logged-in
users preceded by: Broadcast Message from ...
» kill -HUP `cat httpd.pid` «restart server, soft»
kill -9 `ps -ef | grep python | awk '{print $2}'`
» kill -9 `cat logs/httpd.pid` «shut down server»
» killall «killall is used by shutdown(1M) to kill all active processes
not directly related to the shutdown procedure.»
» /usr/sbin/shutdown -y -g 600 -i 0 "--message--"
» se «SE Toolkit»
/opt/RICHPse/bin/
File maneuvers:
» chmod «change permissions»
chmod -R +x `find docs -type d -print` «put executable on
«664» «dir» «t» all directories»
01000000 temporary file
02000000 compressed file
4000 Hidden file (setuid bit)
2000 System file (setgid bit)
1000 Archive bit (sticky bit)
0400 Individual read
0200 Individual write
0100 Individual execute (or list directory)
0040 Group read
0020 Group write
0010 Group execute
0004 Other read
0002 Other write
0001 Other execute
chmod 0000 chmod o=s
chmod 2000 chmod g=s chmod =s
chmod 4000 chmod u=s chmod =h
chmod 6000 chmod a=s chmod ug=s chmod =hs
» chown -R skirk:staff home «works for chgrp and chmod»
» ./fixcgi4.csh `find /fsys2/ns-home/cgi-bin -name "*" -print`
«shell script» «on directory» «all files»
» dos2unix «convert text file from DOS format to ISO format»
» ls
ls -1 | wc -l «number of files in directory»
» tail -f «file» | grep -v 131
«grep for everything except lines
with 131 in them»
» tail -f dynamo.log | cut -c53-
» diff -r localconfig ../seven/localconfig
» cat configuration.properties | sed "s/88/78/g"
«in vi use :1g$s/88/78/gy»
:s/larger/largest
replaces the string "larger" on the current line with the string "largest".
:1,.s/Section/Chapter/g
replaces every occurrence of the string "Section" with the string "Chapter" from line 1 in the file through the current line. The "/g" indicates that "Section" should be replaced by "Chapter" every time on a line.
.,$s/apache-1.3.27/apache/g «same thing as below»
%s/apache-1.3.27/apache/g
«replaces every occurance in the file, not just on the line»
» grep MAPP `find cybercash -name "*.html" -print` «find MAPP in directory
'cybercash' and look in all .html files»
» grep -Rwn "setting*" *
This works well for long lists of files, as the grep with find will often fail with "argument list too long" error
Delete Manoeuvres
find . -name "*.tmp" -exec echo rm -i {} ";" (echo the command to be sure)
find /path/to/folder -name '*.DS_Store' |xargs rm -Rf
be careful. there is an rm -Rf in there.
for practice:
find /path -name '*.DS_Store' | xargs ls -sal
find . -name .DS_Store -print
will print out a list of matching files. If you run this first, then see that the filelist is what you expect (versus you keyed something wrong and it's EVERYTHING on your system), you can then re-run it, using it as input to rm:
rm `find . -name .DS_Store -print`
or execute rm directly:
find . -name .DS_Store -exec -rm () \;
or with an interactive prompt:
find . -name .DS_Store -exec -rm -i () \;
or two stage it:
find . -name .DS_Store -print > file
(view/edit file) then: rm `cat file`
(rm doesn't take arguments on stdin, so you can't redirect to it)
(note that if you use wildcards in the filespec expression, you should quote them, otherwise your shell is likely to try to expand them before executing the program)
Going the two stage route is safest since you have an intermediate point where you can go "OH NO, that file shouldn't be there!"
You could instead purge the tree (rm -r somepath/), then re-extract the tarball with an exclusion argument.
» rm `find etrade_newsstand -name "*.bak" -print`
» rm -f `find temp -type l -print`
«remove all symbolic links»
rm -rf `find . -type d -name "CVS" -print`
remove all CVS directories
» How to remove a file called -C
Solution
rm ./-C
rm ./--exclude
also works:
ls -i (note the inode number, say, 12345)
find . -inum 12345 | xargs rm
» grep -v 'Callback called exit,.*TowerBabel.jpg> chunk 1322.' your_error_log > new_error_log
«creates a new log file with the lines stripped out which match the pattern»
» cat walletreg-970318 walletreg-970324 walletreg_log.thor > walletreg_log.all
«combines all three files into one»
» grep -c @ wallet_log «print only a count of matched lines»
» grep jobs.html `find . -name "*.html" -print`
» grep /var/www `find . -name "*.pl" -print`
» grep mallennium shopping*.html
» wc -l billingreg_log «wc = wordcount | -l = lines»
» cat «filename» | mail skirk@gruntle.com «send contents of file to whomever»
» 30 11 * * * cat mail.txt | Mail -s "this is a test"
cat /insight/local/status/bridge-warn-000920.140349|cut -d"'" -f 2
head -986 bridge.dat|sort -n > bridge.dat.new
grep /edreams/mondo /ATG/d4/logs/dynamo.log|cut -d" " -f 3,4,5|sort -u
(for var in `cat text.txt`
do
echo $var
done) > text2.txt
FreeBSD notes:
» ps -x «list all processes»
ps -lax
ps -lx
ps -aux |grep 20277 |grep -v grep
that will list all processes associated with that thread
Slackware:
» locate «list files in databases that match a pattern»
updatedb «updates file name databases used by GNU locate»
» strace - trace system calls and signals
«see truss under solaris»
strace -p «pid»
» ltrace -p «pid» trace library calls
» gdb
GNU debugger
» mount -t nfs momar:/export/home/classes.eight /fsys1/classes
« -t = file system type»
» pidof «find the process ID of a running program (see pgrep for solaris)»
» /proc/«pid»/status
«info about running programs»
» ps aux «top like ps maneuver»
» module stuff «in /sbin» «module name»
insmod - install a loadable module
rmmod - remove modules
ksyms - show symbols
lsmod - show installed modules
genksyms - version generator for module symbols
depmod - generate dependencies for modprobe
modprobe - load modules, controlled by a makefile and configuration file
» ipfwadm «IP firewall and accounting administration»
» free «show memory stats»
» fuser -v -n tcp «port»
it returns the PID of any process using that port in TCP.
This also works for UDP, and files, and possibly more options.
look at the man page for more cool tricks with this command.
» netstat -ltnp |grep «port»
» netstat -lnp
«Which will list all listen sockets by port number, and display the name and
PID of the process(es) that are listening on them.»
» ps -u root f «show process tree»'
» killall «process description»
i.e. killall java
killall http
«killall on solaris is quite different. it's a tool which kills all
processes regardless of who they are.»
» du «du reports the amount of disk space used by the specified files, and by each directory
in the hierarchiesrooted at the specified files. Here `disk space used' meansspace
used for the entire file hierarchy below the specified file.»
du -x -h / | less
» timeconfig «set the timezone»
» date -s "Fri Oct 26 12:23:09"
clock -w «if you want to set the hardware(BIOS) clock so the system will keep the time when it reboots»
» pstree - display a tree of processes
» tcpdump -v -x -X -i eth0 port 80
Redhat:
» free -m «display memory usage and available»
» /usr/bin/gpasswd -a loginname groupname
«will add a user loginname to groupname»
» usermod «modify user settings in /etc/passwd»
Edit /etc/sysconfig/i18n file for freaky characters problem under redhat8
LANG="en_US"
SUPPORTED="en_US"
SYSFONT="lat-sun16"
SYSFONTACM="iso15"
----------------------------------------------
GENERAL MANEUVERS AND RESOURCES
/usr/platform/sun4u
./prtdiag|more
bin/logutil rmlog.log|more
mailx:
Usage: mailx -eiIUdFntBNHvV~ -T FILE -u USER -h hops -r address
-s SUBJECT -f FILE users
ok > devalias «shows device alias for installed hardware»
ok > format «format drives»
/etc/mail/aliases «local mail aliases»
newaliases «build after changing aliases file»
to create an FTP user in WUFTPD, cd /opt/ftp, edit etc/passwd and
add the user, edit /etc/passwd and /etc/ftpaccess and add the user,
pwconv, passwd {username}, create the home directory in /opt/ftp.
permissions at will.
/usr/bin/useradd --> add new user login and password
«check /etc if not there»
«or use the Ed Reed method: in super user mode,
1. edit the /etc/passwd file to include the new user
(copy the parameters from an existing user)
sara:x:1054:10:Sara Brown:/home/sara:/bin/csh
for 1054 he put a number right after mine, and said
the number doesn't matter as long as it's not in use.
for 10, he used the same number as mine.
2. edit /etc/shadow to include the password
(again copy the parameters from an existing user. ed
put in a number at the end which matched the accounts of
other users
sara:0cOt6Kzpbu1mQ:10178::::::
but when he used the passwd command logged in as sara to
change her password, the number changed to the one above.)
3. ed went into the /exports/home directory and created a dir
called sara. copied /etc/skel to sara, took off local from
.cshrc and .login
maneuvers for automount: «key file is auto_master»
1) add user
2) add user to /etc/auto_home
3) cd /var/yp
4) /usr/local/bin/make
/var/spool/mail --> empty your spool to increase performance
-----------------------------------------------
solaris install on sparc/ultra
1) login
2) hit "stop" key and "a" key at the same time
which brings you to 'ok' prompt
3) type boot /cdrom
» /usr/local/bin/dig www.cybercash.com «shows where you will
go for a certain url»
dig -x ip_address
If all else fails, given address a.b.c.d, say
nslookup d.c.b.a.in-addr.arpa.
The final "." is important.
change ip for solaris 2.6:
edit in /etc
resolv.conf
hosts
hostname.le0 «le0=ethernet card»
defaultdomain
defaultrouter
netmasks «?»
nodename
# ifconfig le0 208.241.29.85 netmask 255.255.255.0 broadcast 208.241.29.255
# ifconfig le0 up
# route -n add default 208.241.29.254
# netstat -rn
# ifconfig hme0:2 0.0.0.0 down
«to delete an interface»
Root stuff
/etc/default/su «here you'll find where the su log is kept»
/etc/default/login «among other things allow root to login remotely»
«also handy is setting UMASK=002»
Emergency maneuvers:
tcpflow -csv dst port 80|grep User-Agent|grep -v MSIE
Using a
Win98 boot disk
a:\fdisk /mbr
to reformat the master boot record
"Thanks to TV and for the convenience of TV, you can only be one of two kinds of human beings, either a liberal or a conservative."
Kurt Vonnegut