Home | Useful Commands | Programming | Information Security | Resources

UNIX | SQL | Perl | Windows/cmd/DOS | Wireshark |

UNIX

awk | Disk Usage | OpenSSL | free | GPG | grep | gzip | Host lookup | lscpu | lspci | hwinfo | lastlog missing | mknod (Make Node) | mount | Perl | ssh-genkeys | tar | timezone |

 

 

To set at prompt with the date and time preceding the computer name. This is usefull when you need to track the date and time that you executed commands and can be useful during investigations.

PS1="\d \t `hostname`$ "

weget

The /usr/bin/wget command is useful in requesting information from a web page. The /etc/wgetrc file is used to configure the system defaults. If your environment requires you to use a proxy server to access the internet, then you would include that information in the wgetrc file.
# You can set the default proxies for Wget to use for http, https, and ftp.
# They will override the value in the environment.
#https_proxy = http://proxy.yoyodyne.com:18023/
#http_proxy = http://proxy.yoyodyne.com:18023/
#ftp_proxy = http://proxy.yoyodyne.com:18023/

# If you do not want to use proxy at all, set this to off.
#use_proxy = on

SuSEfirewall2

The firewall configuration file is really well documented. Pretty much all the questions you want answered are contained in the comments to each of the configuration sections. The configuration file is /etc/sysconfig/SuSEfirewall2. If you were to turn on the firewall with the default configuration then you would be able to log on locally from the console but all other connections are blocked. I recommend making a backup copy of this file and then editing the original and adding the following in the appropriate section.
FW_SERVICES_EXT_TCP="ssh http https"
The FW_SERVERICE_EXT_TCP line tells the firewall which services to allow from the external interface. In the example I give you above I allow secure shell (ssh), hyper text transport protocol (http), and the secure hyper text transport protocol (https). To start the firewall you simply exectue the /sbin/SuSEfirewall2 -q start. When you start the firewall a new log file is created, /var/log/firewall and all external connection attempts are logged.

create multiple dirs

To create multiple directories at a time in a single location we can user the mkdir command with directory groupings within braces. In Example 1, we simply create three directories in the current location. In Example 2, we create three directories under the existing basedir directory. In Example 3, we use the -p flag to create all directories in the path. We are creating two sets of directories under basedir; dirA contains dir1, dir2, and dir3. Also dirB contains dir1, dir2, and dir3. This can be useful in application installation situations. In Example 4 we justmake a series of directories under basedir named test1, test2, test3, etc.

Example 1.
mkdir {dir1,dir2,dir3}

Example 2.
mkdir basedir/{dir1,dir2,dir3}

Example 3.
mkdir -p basedir/{dirA,dirB}/{dir1,dir2,dir3}

Example 4.
mkdir -p basedir/test{1..5}

Set password with encrypted password string in AIX. You would, of course, substitute the end users actual loginname and encrypted password string. The chpasswd command takes the input from the echo command here. The -c parameter clears all password flags such as expiration time, etc. The -e parameter tells the chpasswd command that we are passing an encrypted password. The -R compat command line option states that we are using compatability mode.

echo "loginname:passwd" | chpasswd -c -e -R compat

Most UNIX operating systems use the standard /etc/nswitch.conf file to control how the operating system is to handle such things as hostname lookup, password lookup and other such things. AIX, on the other hand, chooses to use /etc/control.conf instead.

Track files as they are open and closed. Restults are printed to standard out.

/usr/bin/opensnoop

Tired of system administrators telling you what your command line options should look like? Add unalias -a to your .profile.

The following command is very similar to the grep status above. Here we are executing a diff on two files. We are not concerned with the differences in the two files only that differences may exists. 0=the files are the same, 1=at least one difference in the two files, 2=at least one file does not exists.

diff index.html misc.html >/dev/null 2>&1; echo $?

The tcpdump command in Suse 10.3 truncates packet captures making them less usefull. Add the size flage to get larger, if not complete, packet captures.

/usr/sbin/tcpdump -s 65535

Trying to find a way to just report back a computer's physical interface. The following command comes pretty close but not close enough to script the results.

Using the -n option to prevent netstat from looking up computer name and the -a option to show all we can grep to see what ports are listening. In the second example given below we are looking for two non-standard ports, 8181 and 8443.

netstat -i |awk '$0 !~/(Name|lo0)/ {print $1; }'

netstat -na |egrep .8181\|.8443

A quick way to create a unique backup of your configuration file before modifying it is by appending a date string to the end of it. As we sometimes work all hours of the day and night we may not always know what day it is. Here is a quick solution to that problem. In this example I create a backup of the /etc/cofig.conf file

cp /etc/config.conf /etc/config.conf_`date +%Y%m%d`

I had an instance where I wanted to take a file that contained comma separated values and feed it into someone elses program or script that only took one value per line. So I figured out how to change commas into new-lines in vi.

vi s/,/CTRL-vCTRL-m/g

Disk usage

Tired of trying to determine how much disk space you have left? Do you get lost in all those zeroes on today's large hard disk drives? Try using human readable format.
# df -h #produces output in human readable format
# df -k /dirname #displays size of the file system in K-bytes

It is sometimes usefull to quickly find the top largest files or directories. Here is a quick command line to help do just that. The du command uses the -s, summary, and -h human readable, options. The sort command uses the -n, sort in numeric order, and -r sort in reverst or largest to smallest order. The head command gabs the first ten results though you may adjust this up or down to your liking.
# du -sh *|sort -nr |head

gunzip

Not all UNIX operating systems have the zcat script installed but no worries, the zcat script can be approximated with gzip. The -c command line option extracts fils to standard out.
# gunzip -c filename.gz

Sometimes we just want to list hte files in a gziped, tar file. This can be usefull for processing later.
# gunzip -c file.tar.gz |tar -tf -

Host lookup

How you exectue a host lookup may effect your results. Most internal UNIX commands rely on the getent to retrieve host information because there is already a function for that and it is easily compiled in. So if you are troublshooting a host lookup problem be sure to know how your application performs the host lookup. The getent hosts method uses existing functionality and system configurations to return the requested information. On the other hand, an nslookup querries the network naming services which may not be the same way the application is requesting the information.
# getent hosts #returns a single hostname and IP address
# getent hosts host1 host2 host3 #returns the hostname nad IP addresses for each hostname listed on the commandline.
# nslookup host Performs a naming services lookup of the hostname provided on the command line.

GPG

The root account on hpess-mss-backup01 is used to GPG encrypt the file so logging into the mss-backup01 computer and and then decrypting the file there should work without any problems.

It is best to first test to see whether you have a key or keys on the keyring. Use the --list-keys command. In the example I give below, there are no keys on the keyring. If there were, they would be listed.

/usr/bin/gpg --list-keys
gpg: directory `/home/geen/.gnupg' created
gpg: new configuration file `/home/geen/.gnupg/gpg.conf' created
gpg: WARNING: options in `/home/geen/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/home/geen/.gnupg/pubring.gpg' created
gpg: /home/geen/.gnupg/trustdb.gpg: trustdb created 

 

To create a public/private key pair you just need to issue the gpg --gen-key command. In my example I select an RSA only key (5). The default 2048 bits. One that does not expire (0). I then identify myself by name, email address, and a useful (to me) comment. I am then asked to provide a pass-phroase. This is not required but it is a good practice. Just remember your passphrase. If you lose it then it is gone forever and you will need to create a new key pair. All data encrypted with the old passphrase is then unretrievable. Approving the inputs, the keys are generated.

% gpg --gen-key
gpg (GnuPG) 2.0.9; Copyright (C) 2008 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: keyring `/home/geen/.gnupg/secring.gpg' created
Please select what kind of key you want:
   (1) DSA and Elgamal (default)
   (2) DSA (sign only)
   (5) RSA (sign only)
Your selection? 5
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
        = key expires in n days
      w = key expires in n weeks
      m = key expires in n months
      y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y

You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
    "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"

Real name: Glen D. Geen
Email address: glen.d.geen@hp.com
Comment: HP work keys
You selected this USER-ID:
    "Glen D. Geen (HP work keys) <glen.d.geen@hp.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.

can't connect to `/home/geen/.gnupg/S.gpg-agent': No such file or directory
gpg-agent[10595]: directory `/home/geen/.gnupg/private-keys-v1.d' created
%

 

To create a ASCII representation of the public key we use the --armor command line option. The creates an "ASCII armored" text.

% gpg --armor --output GlenDGeen.pub --export "Glen D. Geen"
% ls
GlenDGeen.pub  gpg.conf  private-keys-v1.d  pubring.gpg  pubring.gpg~  random_seed  secring.gpg  trustdb.gpg
% more GlenDGeen.pub
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.9 (GNU/Linux)

mQENBFLC8swBCADNd3UUz0WqKkgJgioyHoPBl74/FXn8Driat/DF6DJILZbwIx8k
AIYgEvtEPa30mP2AcD5K6Jpg+ouplUN97ITtFbj60tBdymmHyOk14x4tN6hZ5KE0
j7oPr5NX86bZcmzZRH+/LwLsEIaqRcP8snkk0DQnpybtVGGFCoodcnhJrAVavfoI
hDHFjJDaRmRwy8WXUHzY8xLxhy0jIkQNgHcqbx157jSWx0K882gL87/J10Sw3+og
N7DOENVxmMKPuXnPQqw1Fm8+ngAkdmVlG9BEp9ejJWK+Akbv+QlusGq7dufuZcXy
N1+7PFVIsFY0l2uweplXjz2u8UVEuzsfiBgLABEBAAG0MEdsZW4gRC4gR2VlbiAo
SFAgd29yayBrZXlzKSA8Z2xlbi5kLmdlZW5AaHAuY29tPokBNgQTAQIAIAUCUsLy
zAIbAwYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEJyX7uctizf9iUoIAIDVUzN+
dhXFNyjuECRmnbOQ4Qt0121PnEDsoISmki6cwXnnbPpBSgj/Fofgsdbi0/D8Q9/u
t9TBuiq2JoeGuFMLHvySjypc/ZqmUUX87qxmvyn94N0g3dLX6oczjBSkqXIc4Usk
zgmPOKlKy9ij1nkjgw2MfBsdjYg9GaHkopmx1QhPyLmNmQ1e1O6pSbWE/zCYvXvY
syF4+iQC/mz8gnz6iwIAZtvNdRpbUgARzqg2aPSyXBoPf91ZchXRLHTXE0Ce9Gn6
oGm6GpKySDQzWEb7TVFJl1HanC41iCz2FE5MSz3u1Of4W/gmxhl5j7NUr08kn43V
/Tuv9N3a7ElMQEs=
=g6xa
-----END PGP PUBLIC KEY BLOCK-----
% 

 

The actual command to encrypt and decrypt the file is easy.

/usr/bin/gpg --encrypt --recipent 'Glen D. Geen' input_file_name.txt
/usr/bin/gpg --output output file name --decrypt input file name.gpg

 

grep

Sometimes we are not as interested in what is returned but rather the status of our command. The following may be useful in your scripts when using the grep command. 0==match was found, 1=no match found, 2=file not found.
# grep "string" filename > /dev/null 2>&1; echo $?

I had a file in which comment lines began with a dollar sign, $. In order to properly process the file I needed to remove the comment lines. This is the quick solution that I came up with.
# grep -v ^\\$ file

awk

This next one is a bit of a cludge because the version of UNIX/Linux I was working on did not support the updates to grep that allows me to see the line I grepped and the next few lines. So I made one up on the spot. Here I use awk to find the string, then print the next three lines.
# awk '/string/{ for (x=1; x <= 3; x++) { print; getline; } }'

Awk can be used to replace a string in a text file such as a configuration file. In the example given below I use awk to replace a comment with a different string otherwise I print the existing line in the file. Redirecting the output to a new file creates an updated configuration file, in this case full of jiberish.
# awk '{ if ($0 ~ /^#.*\/etc\/nsswitch\.conf.*/ ) {print "#No Comment\n"} else print; };' nsswitch.conf

IBM's AIX operating system favors /etc/security/passwd over the UNIX standard /etc/shadow file. The format is also completely different. The following awk command extracts the encrypted password string from the /etc/security/passwd file and displays it to the screen.
# awk "/^$login:\$/,/password =/ {if (\$1 == \"password\" ) { print \$3; } }"

lscpu

lscpu gathers CPU architecture information like number of CPUs, threads, cores, sockets, NUMA nodes, information about CPU caches, CPU family, model, bogoMIPS, byte order and stepping from sysfs and /proc/cpuinfo, and prints it in a human-readable format. It supports both online and offline CPUs. It can also print out in a parsable format, including how different caches are shared by different CPUs, which can be fed to other pro-grams. lscpu also tries to detect which virtualization environment the operating system is running in (if any).

# lscpu
Architecture:          x86_64
CPU op-mode(s):        32-bit, 64-bit
Byte Order:            Little Endian
CPU(s):                1
On-line CPU(s) list:   0
Thread(s) per core:    1
Core(s) per socket:    1
CPU socket(s):         1
NUMA node(s):          1
Vendor ID:             GenuineIntel
CPU family:            6
Model:                 58
Stepping:              9
CPU MHz:               2594.189
BogoMIPS:              5188.37
Hypervisor vendor:     VMware
Virtualization type:   full
L1d cache:             32K
L1i cache:             32K
L2 cache:              256K
L3 cache:              6144K
NUMA node0 CPU(s):     0

 

lspci

The /sbin/lspci command is used to list all of the available PCI devices. The command has different options depending on the operating system and version implemented. In genereal, using the -v option displays a verbose list. Note that in some implementations the -q option is quiet and in others it indicates a DNS lookup option. Some version allow you to query specific components like --memory or -cpu.

hwinfo

Another, and probably more universal, command to read hardware information is the /usr/sbin/hwinfo command. You may probe for a particular hardware item by listing it or them on the command line like /usr/sbin/hwinfo --memory --cpu -disk. Available hardware items are:

all, bios, block, blue-tooth, braille, bridge, camera, cdrom, chipcard, cpu, disk, dsl, dvb, fingerprint, floppy, framebuffer, gfxcard, hub, ide, isapnp, isdn, joystick, keyboard, memory, modem, monitor, mouse, netcard, network, partition, pci, pcmcia, pcmcia-ctrl, pppoe, printer, scanner, scsi, smp, sound, storage-ctrl, sys, tape, tv, usb, usb-ctrl, vbe, wlan, and zip.
# /usr/sbin/hwinfo --memory --cpu --usb
01: None 00.0: 10103 CPU
  [Created at cpu.301]
  Unique ID: rdCR.j8NaKXDZtZ6
  Hardware Class: cpu
  Arch: X86-64
  Vendor: "GenuineIntel"
  Model: 6.58.9 "Intel(R) Core(TM) i7-3720QM CPU @ 2.60GHz"
  Features: fpu,vme,de,pse,tsc,msr,pae,mce,cx8,apic,sep,mtrr,pge,mca,cmov,pat,pse36,clflush,dts,mmx,fxsr,sse,s
se2,ss,syscall,nx,rdtscp,lm,constant_tsc,up,arch_perfmon,pebs,bts,nopl,xtopology,tsc_reliable,nonstop_tsc,aper
fmperf,pni,pclmulqdq,ssse3,cx16,sse4_1,sse4_2,x2apic,popcnt,aes,xsave,avx,f16c,rdrand,hypervisor,lahf_lm,ida,a
rat,epb,xsaveopt,pln,pts,dts,fsgsbase,smep
  Clock: 2594 MHz
  BogoMips: 5188.29
  Cache: 6144 kb
  Config Status: cfg=new, avail=yes, need=no, active=unknown

02: None 00.0: 10102 Main Memory
  [Created at memory.66]
  Unique ID: rdCR.CxwsZFjVASF
  Hardware Class: memory
  Model: "Main Memory"
  Memory Range: 0x00000000-0x2e093fff (rw)
  Memory Size: 768 MB
  Config Status: cfg=new, avail=yes, need=no, active=unknown

 

lastlog missing

I got the following message in my /var/log/auth.log file each time an account logged in.
Jan 15 13:02:37 hpess-us-plano-mss-backup01 sshd[30915]: lastlog_openseek: Couldn't stat /var/log/lastlog: No such file or directory
To fix the problem is to recreate the /var/log/lostlog file and set the ownership and mode.
# touch /var/log/lastlog
# chgrp utmp /var/log/lastlog
# chmod 664 /var/log/lastlog


mknod

The mode node command creates a special file of the given type. In this example I am going to give you today I will recreate the /dev/null file. The available types are (b) block, (c) character, (u) unbuffered, and (p) FIFO or pipe. If you are creating a type b, c, or u, then the major and minor number must be give. I have no idea what they are and what the mean but you may look at a working system to find what these numbers should be.

If we look at a valid /dev/null file in a couple of ways we see that it is a special character file. We may use the /usr/bin/file command and the /bin/ls commands so reveal that /dev/null is a special character file. In the example for the ls command, we see that the first character in the mode list is a "c". This indicates that the file we are investigating is a special character file. A "d" in the first space indicates a directory, a "-" indicates a regular file, a "b" is a block file like a disk or tape device, an "l" is a soft linke file, and a "p" is a pipe or FIFO file. Looking at the same file another way, with the /usr/bin/file command, we see that /dev/null returns as a special character file. Before I leave this subject, look at the ls ouput. Note that where we normally expect to see the size of a file we instead see these cryptic numbers: 1, 3. These are the major and minor numbers respecively. We need these numbers for recreating a /dev/null special character file.

% ls -l /dev/null
crw-rw-rw- 1 root root 1, 3 Jan  2 06:47 /dev/null
% file /dev/null
/dev/null: character special

The command to recreate the /dev/null file is quite simple. We just need to execute the command with a few command line parameters like this: /bin/mknod -m 666 /dev/null c 1 3. First the /bin/mknod is the mode node command. The -m 666 sets the permissions on the file. This is the same a executing the /bin/chmod 666 /dev/null command after the file is created. Might a well do it all in the same command line. The next parameter is the name of the file. In this case we are calling it /dev/null. You could actually create a NULL special character file anywhere but I am not really sure why you would want to. After the file name is the file type. In this case c for special character file. Finally we include the major and minor numbers of 1 and 3 respectively.

mount

It is sometimes useful to mount an .iso image from the hard disk drive rather than inserting a CD-ROM or DVD into the drive player. Here is a quick examplt of how to mount an .iso image.
[root@hpess-us-plano-MDS01 ~]# cd /var/tmp
[root@hpess-us-plano-MDS01 tmp]# ls
arch  Check_Point_Install_and_Upgrade_MD_R76.SecurePlatform.iso  cprid  liar  system_backup.err  system_backup.out
[root@hpess-us-plano-MDS01 tmp]# ls /mnt
[root@hpess-us-plano-MDS01 tmp]# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
[root@hpess-us-plano-MDS01 tmp]# mkdir /mnt/CPinstallCD
[root@hpess-us-plano-MDS01 tmp]# mount -o loop ./Check_Point_Install_and_Upgrade_MD_R76.SecurePlatform.iso /mnt/CPinstallCD
[root@hpess-us-plano-MDS01 tmp]# cd /mnt/CPinstallCD
[root@hpess-us-plano-MDS01 CPinstallCD]# ls
Berkeley_License.txt  boot.cat  Gnu_License.txt  isolinux.bin  LGPL.txt  License.txt  linux  obsolete  SecurePlatform  TRANS.TBL  UnixInstallScript

ssh-keygen

You may examine your public key file to determine how they were generated, the encryption method and the bit strength. A the fingerprint of the key file is also displayed.
# ssh-keygen -l -f id_rsa.pub-test
2048 1b:9c:b7:0b:12:dd:f7:19:fe:f4:0e:0c:92:16:1b:b7 id_rsa.pub-test (RSA)

To generate new host key files redirect the output as follows:

For a generic method of doing this:
ssh-keygen -q -N "" -t dsa -f /etc/ssh/ssh_host_dsa_key
ssh-keygen -q -N "" -t rsa -f /etc/ssh/ssh_host_rsa_key
ssh-keygen -q -N "" -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key

tar

To extract the contents from a tar file to standard out and then pipe them to another command can differ from one operating system to another. I found the following works in Mac OS/X and some Linux versions. The options presented here are -O (Oh) extract to standard out, -x extract, and -f filename.
# tar -Oxf file.tar ./ExtractThisFile.txt |grep "lookforthisstring"

It is sometimes neccessary to move files from one computer to another but we do not always want to leave files laying about to clean up later. Let's face it, if we wanted to clean up after ourselves we would not be system administrators. Here is a quick command line to tar files from one computer, establish a secure shell tunnel and then untar the files on to the remote computer.
# tar -cf - ./files_to_transfer | ssh computername tar -xvf - /full/path/to/new/location

Setting Timezone

Setting the time zone in Linux is a simple matter of copying in the correct time zone file to /etc/localtime. The pre-configured time zone files are found in /usr/share/zonefino. So to set the time zone to US/Central copy or link it to /etc/localtime like this.
# sudo rm /etc/localtime
# sudo ln -s /usr/share/zoneinfo/US/Central /etc/localtime

To set the time zone in your environment without changing the system time zone you may set the TZ environment variable. This is accomplishted with the command export TZ=GMT to set the time zone in the current shell to GMT. This does not affect the system time zone configuration in any way just the way the shell interprets the current date and time.

OpenSSL

From time to time it may be a good idea to send text in a format that is not readily readable. There are many reason for doing so but personal (PII) or intellectual property (IP) are two of the main reasons for doing so. One of the commands to encode a file is the openssl command. Using the encode and decode options, you may password protect a file and send the data over the network being reasonably sure the data is not readable by unintended parties.

To encode the test.txt file and write the output a file named test.enc, using AES 256 bit encryption, use the following command.
# openssl enc -aes-256-cbc -salt -in test.txt -out test.enc

To decode the encrypted file and produce the output to the screen, then execute the following command.
# openssl enc -aes-256-cbc -salt -in test.enc -d
this is a test. this is only a test. Had this been an acutal file, well, who cares.

To calculate the MD5 sum of a file, you may use openssl command with the digest command and then supply the digest type to calcluate, in our case MD5.
# openssl dgst -md5 [filename | *]
MD5(package-scp-primary-override)= 851a9c713cf27f5c7183de678f2e3a33
MD5(serial-http-primary-override)= 62ae798f69bf204eae43804a69bece7b

The /usr/bin/openssl command may also be used to generate a digest. I digest may be thought of as a kind of fingerprint of a file. A digest creates a one-way hash of the file. Any changes to the file, even very minor changes, results in a dramatically different hash or digest. Valid message digest types are: md4, md5, mdc2, rmd160, sha, and sha1. In the example below I generate a message digest on a directory listing.

$ openssl dgst -md5 `ls`
MD5([.exe)= fb213691733e81220cd4831351af348f
MD5(2to3)= 203ef1df167cebe475bc790c1e6de2a7
MD5(7z)= c7ba4d6d0b980d2ef209d061f0618446
MD5(7za)= 444065500871336c87efdb9811fe4e45
MD5(7zr)= 5b8dfefbc37e7b46bbccd7f620b544c3
MD5(a2p.exe)= c33b5729b8215fb45a1493d50f5f2214
MD5(addftinfo.exe)= a5f717107c4a59bf93df4dbee7c08543
MD5(afmtodit)= a213101e29e7a309a7192e3bec98d18d
MD5(apropos)= 1686897696e39d1f2afbf4ff1c592e3e
MD5(arc.exe)= 080f7afaf8af02d7371e91f1e9451f68
MD5(arch.exe)= ef283fd571819460ad38e36486b63506
MD5(arj.exe)= 72e034ae2f5131c005e992a7edce0254
MD5(arjdisp.exe)= 04b1c59b0923def7e73160b31fc09eae
MD5(arj-register.exe)= 11f6ed04d6a0fd85ac2755fb39127962
MD5(ash.exe)= a9deeb3577bc6701776aac3fada7fd17
MD5(attr.exe)= 504259a3a942507ff3f27a0badab0fc3
MD5(autossh.exe)= af51ba0d2e6b62dc3cc967d94d49e4cf
MD5(awk)= 3f4b942af122d5f6f6e337661d0efaa7
MD5(banner.exe)= bc3357362256fea60c6e8884ce50a94b
MD5(base64.exe)= f051caef6b1f7904c112953aed5b0098
MD5(basename.exe)= 7b117e3120cfee22b65c4470e0988089
MD5(bash.exe)= 1c65ac9a75207693798694b294620a76
MD5(bashbug)= fccba8bca994c063e872e0601dbf7b5e
MD5(bunzip2.exe)= 84b3b4cea625f7bfe6142d0b4c5195a5
MD5(bzcat.exe)= fb81f6948f5307e228991d8280ea4a1d
MD5(bzcmp)= fc15271b1df9d9e574e200d7cc625802
MD5(bzdiff)= fc15271b1df9d9e574e200d7cc625802
MD5(bzegrep)= 2b11565d85da178b3a1942a22d20c624
MD5(bzfgrep)= 2b11565d85da178b3a1942a22d20c624
MD5(bzgrep)= 2b11565d85da178b3a1942a22d20c624
MD5(bzip2.exe)= 028202251a68c1ec52a29ecd59a2f922
MD5(bzip2recover.exe)= 0c02bc65e8b84a05bbea9d1b86ae0b45
MD5(bzless)= e243255b6cf3b9403df53cb9cd6176e1
MD5(bzmore)= e243255b6cf3b9403df53cb9cd6176e1
MD5(c_rehash)= 1c632ef71efc1f1709b96f341a94728c
MD5(c2ph)= 639aa26a077cb739e75abf5495e2cd98
MD5(cal.exe)= 882217932b43d4f6b2db1d683cd1a786
MD5(cat.exe)= 671bd700b2152c484adfcc77bd7c5958
MD5(chcon.exe)= 03f37ddb80682231156bdb7b66811da3
MD5(chem)= 57c2deadc673f840ca69455f51aaa429
MD5(chgrp.exe)= 604aef6c3f4fbd09ec21023eb35d60bf
MD5(chkdupexe)= 807b080c98556f55ad8c7e1c18897824
MD5(chmod.exe)= 6b550c277919513ffe667e0979a14714
MD5(chown.exe)= 2645d25fdcfd0cdd6727878f6def70d4

free

free - Display amount of free and used memory in the system

# free
			total       used       free     shared    buffers     cached
Mem:        754256     342408     411848          0      15632     202760
-/+ buffers/cache:     124016     630240
Swap:      1131516          0    1131516

 

SQL

Select | Insert | Update | Delete | Import | Find data and log files | Full backup of database | Differential backup of database | Test Connection

The SQL command structure is in the form of instruction, field, table name, filter. Basic instructions are select, insert into, update, and delete. The select instruction is used to display information based on the cryteria provided. You may select a single field or serveral fields to display. You may also choose all fields by using the astrics (*).

select first_name from people where last_name = 'Smith';
The command above displays the first names of all the people with the last name of Smith.

select first_name,last_name,phone from people where company = 'MyBusiness';
This command displays the firt name, last name, and phone number feilds from the people database who has MyBusiness in the company field.

select * from people;
Though I do not recommend executing this command, especially on a large database, this one displays the entire contents of the people table form the selected database to the screen. It is essentially a dump of the database.

The insert into instruction is used to add records to a table in the selected database. The simplest form lists the values in order that the fields occur. I recommend this version for small tables where the data structure is well known. The more complex version lists the field names and then the vaules to be applied to the fields. This version is useful when dealing with large table structures where ald fields may not be entered. The instruction takes the form of insert into tablename values (val1,val2,val3,...); or for the more complex form, insert into tablename (col1, col2, col4, col3...) values (val1, val2, val4, val3...);

insert into people values ('Smith','John','MyBusiness','john.smith@MyBusiness.com','(214)555-1212');
This first form adds the record for John Smith, his company name, email address and phone number; assuming they occur in that order; to the people table.

insert into people (last_name,fist_name,email,business,phone) values ('Smith', 'John', 'john.smith@mybusiness.com', 'MyBusiness', '(214)555-1212');
This second form adds a record to the people table. It lists the field names and then the values that are associated with those field names. This is useful especially there may be many fields left blank.

The update instruction directs SQL to change data in selected fileds of the described table based on a filter. The command structure takes the form of
update tablename set col1=val1, col2=val2, col3=val3 where col4='val4';

update people set email='john.smith@mybusiness.com' where fist_name='John' and last_name='Smith';
In this example we update the email address in the people table if the person's fist name is John and the last name is Smith.

This is a good time to mention the filter clause, where. The where clause filters out data based on the specified criterion. We saw a good use of the where in the previous update example.

The next basic SQL instruction is delete. As you might guess this is used to remove record from the selected table. The syntax is
delete from tablename where col1=val1;

delete from people where fist_name='John' and last_name='Smith';
In this example we remove the record(s) from the people table if the first name matches John and the last name is Smith.

Now that we discussed how to get data into the database manually then let us talk about how to perform a bulk load of the database. Once of the simplest ways is to import a comma separated values (CSV) file into the database. This is a two step process after the database and tables are created. You must set your field delimiter and issue the import command. In the below example I will create a test database and table, set the field delimiter, then import the data into the database.

C:\Users\geen\bin>sqlite3 test.db
SQLite version 3.7.16.2 2013-04-12 11:52:43
Enter ".help" for instructions
Enter SQL statements terminated with a ";"
sqlite> create table test (firstname text, lastname text, loginname text, email text);
sqlite> .separator ","
sqlite> .import test.csv test
sqlite> select * from test;
firstname,lastname,loginname,email
Glen,Geen,geen,glen.d.geen@hp.com
Brett,Hornick,hornickb,brett.hornick@hp.com
Terry,Copland,capelant,terry.copeland@hp.com
sqlite>

Find data and log files

If you open the database instance in SQL Server Manager Studio you can submit a select query to return the location of the data and log files. In this example I opened the IDF database. I also did the same with the TMSM database instance. This command returns the physical locatoin where the data is stored.
select name, physical_name as current_file_location from sys.master_files
master	c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.IDF\MSSQL\DATA\master.mdf
mastlog	c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.IDF\MSSQL\DATA\mastlog.ldf
tempdev	c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.IDF\MSSQL\DATA\tempdb.mdf
templog	c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.IDF\MSSQL\DATA\templog.ldf
modeldev	c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.IDF\MSSQL\DATA\model.mdf
modellog	c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.IDF\MSSQL\DATA\modellog.ldf
MSDBData	c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.IDF\MSSQL\DATA\MSDBData.mdf
MSDBLog	c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.IDF\MSSQL\DATA\MSDBLog.ldf
IDF	c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.IDF\MSSQL\DATA\IDF.mdf
IDF_log	c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.IDF\MSSQL\DATA\IDF_log.LDF

Full backup of database

Full backup of database example. This script can be saved and run as a recurring task within SQL.
BACKUP DATABASE [IDF] TO  DISK = N'c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.IDF\MSSQL\Backup\IDF' WITH  COPY_ONLY, NOFORMAT, NOINIT,  NAME = N'IDF-Full Database Backup', SKIP, NOREWIND, NOUNLOAD,  STATS = 10, CHECKSUM, CONTINUE_AFTER_ERROR
GO
declare @backupSetId as int
select @backupSetId = position from msdb..backupset where database_name=N'IDF' and backup_set_id=(select max(backup_set_id) from msdb..backupset where database_name=N'IDF' )
if @backupSetId is null begin raiserror(N'Verify failed. Backup information for database ''IDF'' not found.', 16, 1) end
RESTORE VERIFYONLY FROM  DISK = N'c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.IDF\MSSQL\Backup\IDF' WITH  FILE = @backupSetId,  NOUNLOAD,  NOREWIND
GO

Differential Backup of a database

BACKUP DATABASE [IDF] TO  DISK = N'c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.IDF\MSSQL\Backup\IDF' WITH  DIFFERENTIAL ,  RETAINDAYS = 21, NOFORMAT, NOINIT,  NAME = N'IDF-Differential Database Backup', SKIP, NOREWIND, NOUNLOAD,  STATS = 10, CONTINUE_AFTER_ERROR
GO
declare @backupSetId as int
select @backupSetId = position from msdb..backupset where database_name=N'IDF' and backup_set_id=(select max(backup_set_id) from msdb..backupset where database_name=N'IDF' )
if @backupSetId is null begin raiserror(N'Verify failed. Backup information for database ''IDF'' not found.', 16, 1) end
RESTORE VERIFYONLY FROM  DISK = N'c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.IDF\MSSQL\Backup\IDF' WITH  FILE = @backupSetId,  NOUNLOAD,  NOREWIND
GO

Test Connection

  1. Open a command prompt on the computer
  2. Create an empty file with a .UDL extention. Example: notepade testsql.udl
  3. Double click on the .UDL file and enter the information such as SQL server name, login name, password, and table name.
  4. Click the Test Connection button

Perl

Install Perl Module | Open standard out | Help function | Psudo-case statement | Local Time | split | Win32::Exe |

Install Perl Module

How to add Perl modules to your Linux installation. As root, execute the following commands. First enter the Perl CPAN shell. Then, once in the shell install the module you want, in this example I chose Net::SMTP. Check for newer version of the CPAN and reload the CPAN. When yoa re done, quit.
# perl -MCPAN -e 'shell'
cpan[#]> install Net::SMTP
cpan[#]> install CPAN
cpan[#]> reload CPAN
cpan[#]> quit

Open standard out

Opening a file handle in Perl for standard out? Try open(FILEHNDL, ">> -");

Perl Help function

I try to add hlep output to all of my perl programs to help users who are unfamiliar with the program. To do this, I assign the help string to a global variable and then I can reference the string with the print command.

Here is how I setup the global variable:
$::help=<<EOHelp;
$0 [-o option list] {-x value1 | -y value2} -r requiredinfo
enter some descriptive text here.
EOHelp
...
print "$::help";

 

Perl case statement

There was a time when perl did not have its own case/switch statement. For that reason you will find the following type of code in most of my programs. It is a simple command line parser that seems to work well.

# If no arguments are passed to to the program then print the "HELP".
if (! @ARGV ) { print "$::help"; exit 0; }
while(@ARGV) #loop through until the ARGV array stack is empty.
{
#setup a temp variable to hold the next arguemnt on the ARGV stack.
my $cmdparm = shift(@ARGV);
ARGVSW: #create a LABEL to loop back to.
{
#test each command line parameter and then perform a task based on a successful match.
#the last statement breaks out of the internal block, ARGVSW:
if ($cmdparm eq "-f") {$firstname = shift(@ARGV); last; }
if ($cmdparm eq "-l") {$lastname = shift(@ARGV); last; }
if ($cmdparm eq "-e") {$email = shift(@ARGV); last; }
if ($cmdparm eq "-u") {$loginname = shift(@ARGV); last; }
if ($cmdparm eq "-r") {$region = shift(@ARGV); last; }
if ($cmdparm eq "-j") {$jobfunc = shift(@ARGV); last; }
if ($cmdparm eq "-c") {$contract = shift(@ARGV); last; }
if ($cmdparm eq "-h") {print "$::help"; exit 0; }
#If an invalid parameter is passed on the command line, then print the help.
print "$::help!\n"; exit 0;
} #end ARGVSW
} #end while command line parameters

 

localtime

Perl has a built in function to retrieve the system date and time. The localtime function returns an array of nine (9) values but it is rare that you are interested in all nine values. There is a simple way to just retrive the values of interest by treating them as they are, an array.

First we set up the scalar variables we need to receive the values from the localtime function. In this case we are collecting minutes, hour, day of month, month, year, and if the Daylight Saving Time bit is set. We put them in parentheses to treat them as input into, or in this case output from, an array my ($min, $hour, $mday, $mon, $year, $isdst).

Next we query the system for the time and evaluate it as local time. (localtime(time())). Since we only some of the values we only reference those values from the array [1,2,3,4,5,8]. In order to make the two sides equal, we must eclose the entire expression in parentheses ((localtime(time()))[1,2,3,4,5,8]). It may be possible to write this expression in shorthand but this is the most explicet representation.

It may be possible to drop the time() function making the local time function look like ((localtime())[1,2,3,4,5,8]) or even ((localtime)[1,2,3,4,5,8]).

#!/usr/bin/perl
my @DST = ("No", "Yes");
#get system time but just the minutes, hour, day, month, year, and Daylight Saving Time bit.
my ($min, $hour, $mday, $mon, $year, $isdst)=((localtime(time()))[1,2,3,4,5,8]);
$year+=1900;
$mon+=1;
print "It is now: $mon/$mday/$year $hour:$min DST: $DST[$isdst]\n";

geen@wwwgeen:~/dev/src/pl> ./test.pl
It is now: 11/6/2013 13:21 DST: No

split fuction

Sometimes you may want read configuration data from a file. This is fine but you cannot always control the format data is entered. It is, therefore, a good idea to provide your end user a little wiggle room. Let us assume that we have a configuration file with a key = value format. On the left side of the equal sign we have a key such as home directory. On the right side we have the value to be stored with with the key such as /home/geen. A simple way to read

Win32::Exe

To remove the Camel icon from a ParPack file and replace it with your own. Must be a 32x32 bit icon.
perl -e "use Win32::Exe; $exe = Win32::Exe->new('myapp.exe'); $exe->set_single_group_icon('myicon.ico'); $exe->write;"

Windows/cmd/DOS

CMD | Disable HP Caps Lock pop-up | PowerShell commands | Firefox trusted URIs | Microsoft Configuration | netsh | Termainal Server shortcut keys | Make Recovery Disk | Wireshark | Tail like command | Net User command

CMD commands

appwiz.cpl -- Control Panel plug-in for add/remove porgramms

certmgr.msc -- certificate manager
mmc certmgr.msc [/a | /64 | /32]

devmgmt.msc -- device manager
mmc devmgmt.msc

eventvwr.msc -- Event viewer

gpedit.msc -- Group Policy Editor

secpol.msc -- Security Policy

services.msc -- Services

taskmgr.exe [/s] -- Task Manager

wuappr.exe [/s] -- Windows Update App

driverquery /v /fo csv > textfile.csv -- list installed drivers

mstsc.exe [.RDP filename][/admin][/f] -- run remote desktop using RDP file name, in adimin mode, and /f is to force full screen mode on startup.

Test-NetConnection -- Test network connection to another computer

Create Recovery

To create a Windows7 restore point on your local hard disk drive, follow the instructions outlined here.
To create a Windows7 repair disk on a DVD, follow the instructures outline here

Terminal Server Keys

From the Microsoft&tm; Knowledge Base article 186624...
Task-switching hotkeys operate on the local computer level and are not passed through to the Terminal Server. However, some alternative hotkeys have been provided in the RDP Client: CTRL+ALT+END starts the Windows NT Security dialog box. Similar to Windows NT/2000 CTRL+ALT+DEL.
ALT+PAGE UP switches between programs from left to right. Similar to Windows ALT+TAB.
ALT+PAGE DOWN switches between programs from right to left. Similar to Windows SHIFT+ALT+TAB.
ALT+INSERT cycles through the programs in most recently used order. Similar to Windows ALT+ESC.
ALT+HOME displays the Start menu. Similar to Windows CTRL+ESC.
CTRL+ALT+BREAK switches the Client between a window and a full screen.
ALT+DELETE Displays the Windows menu.
CTRL+ALT+MINUS (Minus as in the - symbol on the numeric keypad) Places a snapshot of the active window, within the client, on the Terminal server clipboard (provides the same functionality as pressing ALT+PrintScrn on a local computer.)
CTRL+ALT+PLUS (Plus as in the + symbol on the numeric keypad) Places a snapshot of the entire client window area on the Terminal server clipboard (provides the same functionality as pressing PrintScrn on a local computer.)
Note the keyboard shortcuts listed above many not be supported on embedded devices.

 

Retrieve the registered system serial number. See Microsoft KB 558124 for more information.
C:\Users\geen>wmic bios get serialnumber
SerialNumber
5CB24128KM

 

Disable Caps Lock

In the C:\Program Files (x86)\Hewlett-Packard\Shared directory, Find the file hpCaslNotification.exe and rename it. Then open task manager and kill this process. You have to rename the file, simply killing won't work because hphotkeymonitor service runs it every time you press caps lock, scroll lock or num lock.

On the Lenovo, there is a setting in the contorl pannel. In Windows7 it is found here: Start-->Control Panel-->Display-->Change Display Settings (left menu)-->Advanced settings-->On Screen Display (tab). Then unselect the check-box next to Enable on-screen display and click the apply button. That annoying caps lock indicator will no longer show up on screen.

Firefox NTLM autentication trusted URIs

In the Firefox address bar type about:config. Then click the button in the middle of the screen promissing to be careful. In the search box type in ntlm. Look for network.automatic-ntlm-auth.trusted-uris. Double click on that line and you are presented with a dialogue box. In the text field of the dialogue box enter the list of URIs that you wish to trust. Seperate each one with a comma.

Microsoft Configuration

Run the msconfig.exe command to review the configuration of the operating system. Look at the Startup tab to see the Terminate Stay Resident (TSR) programs. Also review the Boot and Services tabs to make sure that you do not have extra services running that you do not need. This can slow your system down considerably.

netsh

The netsh command is used to configure certain aspects of the Windows server. Among those is setting a proxy server. In the example below you will see me display and set the windows proxy server.

C:\> netsh winhttp show proxy

Current WinHTTP proxy settings:

    Proxy Server(s) :  172.27.16.12:3128
	Bypass List     :  (none)

C:\> netsh winhttp set proxy proxy-server="172.27.16.12:3128"

List Processes

From a Windows command shell execute tasklist. From PowerShell the command is get-process. If you are looking for a specific process in the list and you know the exact name then you use the /fi (find) switch.

C:\>tasklist /fi "imagename eq chrome.exe"

Image Name                     PID Session Name        Session#    Mem Usage
========================= ======== ================ =========== ============
chrome.exe                    7156 Console                    1    113,040 K
chrome.exe                    5800 Console                    1    108,992 K
chrome.exe                    6936 Console                    1     28,956 K
chrome.exe                    8048 Console                    1     34,732 K
chrome.exe                    5768 Console                    1     80,632 K
chrome.exe                    8484 Console                    1     71,152 K
chrome.exe                    5240 Console                    1     38,008 K
For the PowerShell you can simply add the name of the process that you are looking for. The optoinal "-Name" flag may be used. Note that the string is not case sensitive.
PS C:\> get-process -Name ntrtscan

Handles  NPM(K)    PM(K)      WS(K) VM(M)   CPU(s)     Id ProcessName
-------  ------    -----      ----- -----   ------     -- -----------
    895      57    54924       3564   231    74.76   2524 Ntrtscan

 

Net User

There are a couple of command to list the accounts on a computer.
net user
This first command displays a simple list of accounts on the computer.
net localgroup
This second one may be a bit more useful. This command without any parameters displays a list of groups on the computer. By providing a local group name such as Administrators the command displays a list of accounts that are members of the group.

PowerShell Commands

Get file size

To find large files that are using disk space, you may use the size: search filter in Windows Explorer. In the upper right corner of the Windows Explorer, enter the size: filter and select a criteria such as >500MB then press the enter key. This searches the selected drive partition for all files that meet the criteria.

Alternatively you may perform the same task in PowerShell by executing the following command and redirecting the output to a file. Note that if you are not the Administrator on the computer you may see permission errors.

 get-childitem c:\ -recurse | where-object {$_.length -gt 500MB} > bigfilelist.txt 

tail like command

from PowerShell

PS> Get-Content myfile.log -Wait
PS> get-content myfile.log -wait |where {$_ -match "WARNING"}

Unix like find command

Sometimes you need to find a specific file or as list of file types. We can do this with the commands get-childitem and where. We use the get-childitem command with the modifiers -recurse to search all sub-directories as well. We will then pipe this command into the where command with the -match modifier. This acts much like the grep or more closely awk as the -match modifier takes patterns in REGEX.

In Unix, the command to find all .docx files in the current directory structure we would execute the find command and search for the file extensions.
# find . -name "*.docx" -print

In PowerShell we use the get-childitem with the -recurse modifier. We then pipe this through where to grep out the file names we are interested in.
PS> get-childitem . -recurse | where {$_ -match "\.docx"}

Unix like diff command

Sometimes we need to compare two files to see what changed. In the Unix world we have the diff command. In PowerShell we have compare-object command. Below is how we would do each.

In Unix we would use the diff command with the two file names like this:
# diff Encrypted.reg Decrypted.reg

In PowerShell we would issue the compare-object command and the two file names as input streams of the get-content command like this:
PS> compare-object $(get-content Encrypted.reg) $(get-content Decrypted.reg)
Alternatively, we could assign contents of each file to a variable and then just compre the two variables like this:
PS> $FileA = get-content Encrypted.reg
PS> $FileB = get-content Decrypted.reg
PS> compare-object $FileA $FileB

 

Wireshark/tshark

Wireshark is a very useful packet analysis tool that has become the industry standard. The software is available for free and is on my list of recommended software. Part of the software include the tshark.exe command. This is a text version of Wireshark and is my preferred method for performing package captures as it is not encombered by the graphical interface.

To query the list of network interfaces on your computer use the -D command line option. This returns a list of available network interfaces both physical and logical interfaces.

Example

C:\Program Files\Wireshark>tshark -D
1. \Device\NPF_{A0F24A18-4C32-4A9E-887D-B67E2DFFD3AA} (VMware Network Adapter VMnet8) 
2. \Device\NPF_{5BFDAE3B-91A0-4187-B0A4-2C1042CBA68B} (VMware Network Adapter VMnet1)
3. \Device\NPF_{BB5EFBEB-CA22-4E9A-8A92-3DF15D344CC2} (Local Area Connection)
4. \Device\NPF_{6C25E520-B632-4254-80DB-882E0081DB50} (Wireless Network Connection)
5. \Device\NPF_{DEE651A1-41F5-4D13-B19A-E4BDA74F465A} (Local Area Connection* 214)
6. \Device\NPF_{1905F85A-8799-4FFC-8AC4-9558EDC34796} (Wireless Network Connection 2)
In a Windows environment as I show here, look for the interface described as (Local Area Connection). This is your physical copper wire connection and likely the one you want to use for your packet capture. Copy the device Hex string into your buffer as the interface name, such as \Device\NPF_{BB5EFBEB-CA22-4E9A-8A92-3DF15D344CC2}, in our example.

 

Next we perform a simple capture using the information that we now know. The -i command line option is for the interface name. This is the Hex encoded device name specified above. The -n tells tshark not to perform DNS look ups. This is to increase the speed of the lookups and reduce the number of packets missed. Finally the -w option tells tshark where to write its ouput. In the second example we see the use of our first capture filter, host and the IP address. In this example the host with match bosth source and destination IP addresses.

Example. C:\Program Files\Wireshark>tshark -i \Device\NPF_{BB5EFBEB-CA22-4E9A-8A92-3DF15D344CC2} -n -w test.pcap
C:\Program Files\Wireshark>tshark -i \Device\NPF_{BB5EFBEB-CA22-4E9A-8A92-3DF15D344CC2} -n host 172.27.64.17