Unix/Linux shell


To set at prompt with the date and time preceding the computer name. This is usefull when you need to track the date and time that you executed commands and can be useful during investigations.

$ PS1="\d \t `hostname`$ "


The /usr/bin/wget command is useful in requesting information from a web page. The /etc/wgetrc file is used to configure the system defaults. If your environment requires you to use a proxy server to access the internet, then you would include that information in the wgetrc file.
# You can set the default proxies for Wget to use for http, https, and ftp.
# They will override the value in the environment.
#https_proxy = http://proxy.yoyodyne.com:18023/
#http_proxy = http://proxy.yoyodyne.com:18023/
#ftp_proxy = http://proxy.yoyodyne.com:18023/

# If you do not want to use proxy at all, set this to off.
#use_proxy = on


The firewall configuration file is really well documented. Pretty much all the questions you want answered are contained in the comments to each of the configuration sections. The configuration file is /etc/sysconfig/SuSEfirewall2. If you were to turn on the firewall with the default configuration then you would be able to log on locally from the console but all other connections are blocked. I recommend making a backup copy of this file and then editing the original and adding the following in the appropriate section.

FW_SERVICES_EXT_TCP="ssh http https"

The FW_SERVERICE_EXT_TCP line tells the firewall which services to allow from the external interface. In the example I give you above I allow secure shell (ssh), hyper text transport protocol (http), and the secure hyper text transport protocol (https). To start the firewall you simply exectue the /sbin/SuSEfirewall2 -q start. When you start the firewall a new log file is created, /var/log/firewall and all external connection attempts are logged.

create multiple dirs

To create multiple directories at a time in a single location we can user the mkdir command with directory groupings within braces. In Example 1, we simply create three directories in the current location. In Example 2, we create three directories under the existing basedir directory. In Example 3, we use the -p flag to create all directories in the path. We are creating two sets of directories under basedir; dirA contains dir1, dir2, and dir3. Also dirB contains dir1, dir2, and dir3. This can be useful in application installation situations. In Example 4 we justmake a series of directories under basedir named test1, test2, test3, etc.

Example 1.
mkdir {dir1,dir2,dir3}

Example 2.
mkdir -p basedir/{dir1,dir2,dir3}

Example 3.
mkdir -p basedir/{dirA,dirB}/{dir1,dir2,dir3}

Example 4.
mkdir -p basedir/test{1..5}

Set password with encrypted password string in AIX. You would, of course, substitute the end users actual loginname and encrypted password string. The chpasswd command takes the input from the echo command here. The -c parameter clears all password flags such as expiration time, etc. The -e parameter tells the chpasswd command that we are passing an encrypted password. The -R compat command line option states that we are using compatability mode.

echo "loginname:passwd" | chpasswd -c -e -R compat

Most UNIX operating systems use the standard /etc/nswitch.conf file to control how the operating system is to handle such things as hostname lookup, password lookup and other such things. AIX, on the other hand, chooses to use /etc/control.conf instead.

Tired of system administrators telling you what your command line options should look like? Add unalias -a to your .profile.


The following command is very similar to the grep status above. Here we are executing a diff on two files. We are not concerned with the differences in the two files only that differences may exists.

  1. =the files are the same,
  2. =at least one difference in the two files,
  3. =at least one file does not exists.

diff index.html misc.html >/dev/null 2>&1; echo $?

The tcpdump command in Suse 10.3 truncates packet captures making them less usefull. Add the size flage to get larger, if not complete, packet captures.

usr/sbin/tcpdump -s 65535

Trying to find a way to just report back a computer's physical interface. The following command comes pretty close but not close enough to script the results.

Using the -n option to prevent netstat from looking up computer name and the -a option to show all we can grep to see what ports are listening. In the second example given below we are looking for two non-standard ports, 8181 and 8443.

netstat -i |awk `$0 !~/(Name|lo0)/ {print $1; }`

netstat -na |egrep .8181\|.8443

A quick way to create a unique backup of your configuration file before modifying it is by appending a date string to the end of it. As we sometimes work all hours of the day and night we may not always know what day it is. Here is a quick solution to that problem. In this example I create a backup of the /etc/cofig.conf file

cp /etc/config.conf /etc/config.conf_`date +%Y%m%d`

I had an instance where I wanted to take a file that contained comma separated values and feed it into someone elses program or script that only took one value per line. So I figured out how to change commas into new-lines in vi.

$ vi s/,/CTRL-vCTRL-m/g

Disk usage

Tired of trying to determine how much disk space you have left? Do you get lost in all those zeroes on today's large hard disk drives? Try using human readable format.

# df -h #produces output in human readable format
# df -k /dirname #displays size of the file system in K-bytes

It is sometimes usefull to quickly find the top largest files or directories. Here is a quick command line to help do just that. The du command uses the -s, summary, and -h human readable, options. The sort command uses the -n, sort in numeric order, and -r sort in reverst or largest to smallest order. The head command gabs the first ten results though you may adjust this up or down to your liking.
# du -sh *|sort -nr |head


Not all UNIX operating systems have the zcat script installed but no worries, the zcat script can be approximated with gzip. The -c command line option extracts fils to standard out.
# gunzip -c filename.gz

Sometimes we just want to list hte files in a gziped, tar file. This can be usefull for processing later.
# gunzip -c file.tar.gz |tar -tf -

Host lookup

How you exectue a host lookup may affects your results. Most internal UNIX commands rely on the getent to retrieve host information because there is already a function for that and it is easily compiled in. So if you are troublshooting a host lookup problem be sure to know how your application performs the host lookup. The getent hosts method uses existing functionality and system configurations to return the requested information. On the other hand, an nslookup querries the network naming services which may not be the same way the application is requesting the information.

# getent hosts #returns a single hostname and IP address
# getent hosts host1 host2 host3 #returns the hostname and IP addresses for each hostname listed on the commandline.
# nslookup host Performs a naming services lookup of the hostname provided on the command line.


The root account on hpess-mss-backup01 is used to GPG encrypt the file so logging into the mss-backup01 computer and and then decrypting the file there should work without any problems.

It is best to first test to see whether you have a key or keys on the keyring. Use the --list-keys command. In the example I give below, there are no keys on the keyring. If there were, they would be listed.

/usr/bin/gpg --list-keys
gpg: directory `/home/geen/.gnupg' created
gpg: new configuration file `/home/geen/.gnupg/gpg.conf' created
gpg: WARNING: options in `/home/geen/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/home/geen/.gnupg/pubring.gpg' created
gpg: /home/geen/.gnupg/trustdb.gpg: trustdb created 

To create a public/private key pair you just need to issue the gpg --gen-key command. In my example I select an RSA only key (5). The default 2048 bits. One that does not expire (0). I then identify myself by name, email address, and a useful (to me) comment. I am then asked to provide a pass-phroase. This is not required but it is a good practice. Just remember your passphrase. If you lose it then it is gone forever and you will need to create a new key pair. All data encrypted with the old passphrase is then unretrievable. Approving the inputs, the keys are generated.

% gpg --gen-key
gpg (GnuPG) 2.0.9; Copyright (C) 2008 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: keyring `/home/geen/.gnupg/secring.gpg' created
Please select what kind of key you want:
   (1) DSA and Elgamal (default)
   (2) DSA (sign only)
   (5) RSA (sign only)
Your selection? 5
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
        = key expires in n days
      w = key expires in n weeks
      m = key expires in n months
      y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y

You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
    "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"

Real name: Glen D. Geen
Email address: glen.d.geen@hp.com
Comment: HP work keys
You selected this USER-ID:
    "Glen D. Geen (HP work keys) <glen.d.geen@hp.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.

can't connect to `/home/geen/.gnupg/S.gpg-agent': No such file or directory
gpg-agent[10595]: directory `/home/geen/.gnupg/private-keys-v1.d' created

To create a ASCII representation of the public key we use the --armor command line option. The creates an "ASCII armored" text.

% gpg --armor --output GlenDGeen.pub --export "Glen D. Geen"
% ls
GlenDGeen.pub  gpg.conf  private-keys-v1.d  pubring.gpg  pubring.gpg~  random_seed  secring.gpg  trustdb.gpg
% more GlenDGeen.pub
Version: GnuPG v2.0.9 (GNU/Linux)


The actual command to encrypt and decrypt the file is easy.

/usr/bin/gpg --encrypt --recipent 'Glen D. Geen' input_file_name.txt
/usr/bin/gpg --output output file name --decrypt input file name.gpg


Sometimes we are not as interested in what is returned but rather the status of our command. The following may be useful in your scripts when using the grep command.

  1. ==match was found,
  2. ==no match found,
  3. ==file not found.
# grep "string" filename > /dev/null 2>&1; echo $?

I had a file in which comment lines began with a dollar sign, $. In order to properly process the file I needed to remove the comment lines. This is the quick solution that I came up with.
# grep -v ^\\$ file


This next one is a bit of a cludge because the version of UNIX/Linux I was working on did not support the updates to grep that allows me to see the line I grepped and the next few lines. So I made one up on the spot. Here I use awk to find the string, then print the next three lines.
awk '/string/{ for (x=1; x <= 3; x++) { print; getline; } }'

Awk can be used to replace a string in a text file such as a configuration file. In the example given below I use awk to replace a comment with a different string otherwise I print the existing line in the file. Redirecting the output to a new file creates an updated configuration file, in this case full of jiberish.
# awk '{ if ($0 ~ /^#.*\/etc\/nsswitch\.conf.*/ ) {print "#No Comment\n"} else print; };' nsswitch.conf

IBM's AIX operating system favors /etc/security/passwd over the UNIX standard /etc/shadow file. The format is also completely different. The following awk command extracts the encrypted password string from the /etc/security/passwd file and displays it to the screen.
# awk "/^$login:\$/,/password =/ {if (\$1 == \"password\" ) { print \$3; } }"


lscpu gathers CPU architecture information like number of CPUs, threads, cores, sockets, NUMA nodes, information about CPU caches, CPU family, model, bogoMIPS, byte order and stepping from sysfs and /proc/cpuinfo, and prints it in a human-readable format. It supports both online and offline CPUs. It can also print out in a parsable format, including how different caches are shared by different CPUs, which can be fed to other pro-grams. lscpu also tries to detect which virtualization environment the operating system is running in (if any).

# lscpu
Architecture:          x86_64
CPU op-mode(s):        32-bit, 64-bit
Byte Order:            Little Endian
CPU(s):                1
On-line CPU(s) list:   0
Thread(s) per core:    1
Core(s) per socket:    1
CPU socket(s):         1
NUMA node(s):          1
Vendor ID:             GenuineIntel
CPU family:            6
Model:                 58
Stepping:              9
CPU MHz:               2594.189
BogoMIPS:              5188.37
Hypervisor vendor:     VMware
Virtualization type:   full
L1d cache:             32K
L1i cache:             32K
L2 cache:              256K
L3 cache:              6144K
NUMA node0 CPU(s):     0


The /sbin/lspci command is used to list all of the available PCI devices. The command has different options depending on the operating system and version implemented. In genereal, using the -v option displays a verbose list. Note that in some implementations the -q option is quiet and in others it indicates a DNS lookup option. Some version allow you to query specific components like --memory or -cpu.


Another, and probably more universal, command to read hardware information is the /usr/sbin/hwinfo command. You may probe for a particular hardware item by listing it or them on the command line like /usr/sbin/hwinfo --memory --cpu -disk. Available hardware items are:

all, bios, block, blue-tooth, braille, bridge, camera, cdrom, chipcard, cpu, disk, dsl, dvb, fingerprint, floppy, framebuffer, gfxcard, hub, ide, isapnp, isdn, joystick, keyboard, memory, modem, monitor, mouse, netcard, network, partition, pci, pcmcia, pcmcia-ctrl, pppoe, printer, scanner, scsi, smp, sound, storage-ctrl, sys, tape, tv, usb, usb-ctrl, vbe, wlan, and zip.
# /usr/sbin/hwinfo --memory --cpu --usb
01: None 00.0: 10103 CPU
  [Created at cpu.301]
  Unique ID: rdCR.j8NaKXDZtZ6
  Hardware Class: cpu
  Arch: X86-64
  Vendor: "GenuineIntel"
  Model: 6.58.9 "Intel(R) Core(TM) i7-3720QM CPU @ 2.60GHz"
  Features: fpu,vme,de,pse,tsc,msr,pae,mce,cx8,apic,sep,mtrr,pge,mca,cmov,pat,pse36,clflush,dts,mmx,fxsr,sse,s
  Clock: 2594 MHz
  BogoMips: 5188.29
  Cache: 6144 kb
  Config Status: cfg=new, avail=yes, need=no, active=unknown

02: None 00.0: 10102 Main Memory
  [Created at memory.66]
  Unique ID: rdCR.CxwsZFjVASF
  Hardware Class: memory
  Model: "Main Memory"
  Memory Range: 0x00000000-0x2e093fff (rw)
  Memory Size: 768 MB
  Config Status: cfg=new, avail=yes, need=no, active=unknown

lastlog missing

I got the following message in my /var/log/auth.log file each time an account logged in.
Jan 15 13:02:37 hpess-us-plano-mss-backup01 sshd[30915]: lastlog_openseek: Couldn't stat /var/log/lastlog: No such file or directory
To fix to the problem is to recreate the /var/log/lostlog file and set the ownership and mode.

# touch /var/log/lastlog
# chgrp utmp /var/log/lastlog
# chmod 664 /var/log/lastlog


The mode node command creates a special file of the given type. In this example I am going to give you today I will recreate the /dev/null file. The available types are (b) block, (c) character, (u) unbuffered, and (p) FIFO or pipe. If you are creating a type b, c, or u, then the major and minor number must be give. I have no idea what they are and what the mean but you may look at a working system to find what these numbers should be.

If we look at a valid /dev/null file in a couple of ways we see that it is a special character file. We may use the /usr/bin/file command and the /bin/ls commands so reveal that /dev/null is a special character file. In the example for the ls command, we see that the first character in the mode list is a "c". This indicates that the file we are investigating is a special character file. A "d" in the first space indicates a directory, a "-" indicates a regular file, a "b" is a block file like a disk or tape device, an "l" is a soft linke file, and a "p" is a pipe or FIFO file. Looking at the same file another way, with the /usr/bin/file command, we see that /dev/null returns as a special character file. Before I leave this subject, look at the ls ouput. Note that where we normally expect to see the size of a file we instead see these cryptic numbers: 1, 3. These are the major and minor numbers respecively. We need these numbers for recreating a /dev/null special character file.

% ls -l /dev/null
crw-rw-rw- 1 root root 1, 3 Jan  2 06:47 /dev/null
% file /dev/null
/dev/null: character special

The command to recreate the /dev/null file is quite simple. We just need to execute the command with a few command line parameters like this: /bin/mknod -m 666 /dev/null c 1 3. First the /bin/mknod is the mode node command. The -m 666 sets the permissions on the file. This is the same a executing the /bin/chmod 666 /dev/null command after the file is created. Might a well do it all in the same command line. The next parameter is the name of the file. In this case we are calling it /dev/null. You could actually create a NULL special character file anywhere but I am not really sure why you would want to. After the file name is the file type. In this case c for special character file. Finally we include the major and minor numbers of 1 and 3 respectively.


It is sometimes useful to mount an .iso image from the hard disk drive rather than inserting a CD-ROM or DVD into the drive player. Here is a quick examplt of how to mount an .iso image.
[root@hpess-us-plano-MDS01 ~]# cd /var/tmp
[root@hpess-us-plano-MDS01 tmp]# ls
arch  Check_Point_Install_and_Upgrade_MD_R76.SecurePlatform.iso  cprid  liar  system_backup.err  system_backup.out
[root@hpess-us-plano-MDS01 tmp]# ls /mnt
[root@hpess-us-plano-MDS01 tmp]# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
[root@hpess-us-plano-MDS01 tmp]# mkdir /mnt/CPinstallCD
[root@hpess-us-plano-MDS01 tmp]# mount -o loop ./Check_Point_Install_and_Upgrade_MD_R76.SecurePlatform.iso /mnt/CPinstallCD
[root@hpess-us-plano-MDS01 tmp]# cd /mnt/CPinstallCD
[root@hpess-us-plano-MDS01 CPinstallCD]# ls
Berkeley_License.txt  boot.cat  Gnu_License.txt  isolinux.bin  LGPL.txt  License.txt  linux  obsolete  SecurePlatform  TRANS.TBL  UnixInstallScript


You may examine your public key file to determine how they were generated, the encryption method and the bit strength. A the fingerprint of the key file is also displayed.
# ssh-keygen -l -f id_rsa.pub-test
2048 1b:9c:b7:0b:12:dd:f7:19:fe:f4:0e:0c:92:16:1b:b7 id_rsa.pub-test (RSA)

To generate new host key files redirect the output as follows:

For a generic method of doing this:
ssh-keygen -q -N "" -t dsa -f /etc/ssh/ssh_host_dsa_key
ssh-keygen -q -N "" -t rsa -f /etc/ssh/ssh_host_rsa_key
ssh-keygen -q -N "" -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key


To extract the contents from a tar file to standard out and then pipe them to another command can differ from one operating system to another. I found the following works in Mac OS/X and some Linux versions. The options presented here are -O (Oh) extract to standard out, -x extract, and -f filename.
# tar -Oxf file.tar ./ExtractThisFile.txt |grep "lookforthisstring"

It is sometimes neccessary to move files from one computer to another but we do not always want to leave files laying about to clean up later. Let's face it, if we wanted to clean up after ourselves we would not be system administrators. Here is a quick command line to tar files from one computer, establish a secure shell tunnel and then untar the files on to the remote computer.
# tar -cf - ./files_to_transfer | ssh computername tar -xvf - /full/path/to/new/location

Setting Timezone

Setting the time zone in Linux is a simple matter of copying in the correct time zone file to /etc/localtime. The pre-configured time zone files are found in /usr/share/zonefino. So to set the time zone to US/Central copy or link it to /etc/localtime like this.
# sudo rm /etc/localtime
# sudo ln -s /usr/share/zoneinfo/US/Central /etc/localtime

To set the time zone in your environment without changing the system time zone you may set the TZ environment variable. This is accomplishted with the command export TZ=GMT to set the time zone in the current shell to GMT. This does not affect the system time zone configuration in any way just the way the shell interprets the current date and time.


From time to time it may be a good idea to send text in a format that is not readily readable. There are many reason for doing so but personal (PII) or intellectual property (IP) are two of the main reasons for doing so. One of the commands to encode a file is the openssl command. Using the encode and decode options, you may password protect a file and send the data over the network being reasonably sure the data is not readable by unintended parties.

To encode the test.txt file and write the output a file named test.enc, using AES 256 bit encryption, use the following command.
# openssl enc -aes-256-cbc -salt -in test.txt -out test.enc

To decode the encrypted file and produce the output to the screen, then execute the following command.
# openssl enc -aes-256-cbc -salt -in test.enc -d
this is a test. this is only a test. Had this been an acutal file, well, who cares.

To calculate the MD5 sum of a file, you may use openssl command with the digest command and then supply the digest type to calcluate, in our case MD5.

# openssl dgst -md5 [filename | *]
MD5(package-scp-primary-override)= 851a9c713cf27f5c7183de678f2e3a33
MD5(serial-http-primary-override)= 62ae798f69bf204eae43804a69bece7b

The /usr/bin/openssl command may also be used to generate a digest. A digest may be thought of as a kind of fingerprint of a file. A digest creates a one-way hash of the file. Any changes to the file, even very minor changes, results in a dramatically different hash or digest. Valid message digest types are: md4, md5, mdc2, rmd160, sha, and sha1. In the example below I generate a message digest on a directory listing.

$ openssl dgst -md5 `ls`
MD5([.exe)= fb213691733e81220cd4831351af348f
MD5(2to3)= 203ef1df167cebe475bc790c1e6de2a7
MD5(7z)= c7ba4d6d0b980d2ef209d061f0618446
MD5(7za)= 444065500871336c87efdb9811fe4e45
MD5(7zr)= 5b8dfefbc37e7b46bbccd7f620b544c3
MD5(a2p.exe)= c33b5729b8215fb45a1493d50f5f2214
MD5(addftinfo.exe)= a5f717107c4a59bf93df4dbee7c08543
MD5(afmtodit)= a213101e29e7a309a7192e3bec98d18d
MD5(apropos)= 1686897696e39d1f2afbf4ff1c592e3e
MD5(arc.exe)= 080f7afaf8af02d7371e91f1e9451f68
MD5(arch.exe)= ef283fd571819460ad38e36486b63506
MD5(arj.exe)= 72e034ae2f5131c005e992a7edce0254
MD5(arjdisp.exe)= 04b1c59b0923def7e73160b31fc09eae
MD5(arj-register.exe)= 11f6ed04d6a0fd85ac2755fb39127962
MD5(ash.exe)= a9deeb3577bc6701776aac3fada7fd17
MD5(attr.exe)= 504259a3a942507ff3f27a0badab0fc3
MD5(autossh.exe)= af51ba0d2e6b62dc3cc967d94d49e4cf
MD5(awk)= 3f4b942af122d5f6f6e337661d0efaa7
MD5(banner.exe)= bc3357362256fea60c6e8884ce50a94b
MD5(base64.exe)= f051caef6b1f7904c112953aed5b0098
MD5(basename.exe)= 7b117e3120cfee22b65c4470e0988089
MD5(bash.exe)= 1c65ac9a75207693798694b294620a76
MD5(bashbug)= fccba8bca994c063e872e0601dbf7b5e
MD5(bunzip2.exe)= 84b3b4cea625f7bfe6142d0b4c5195a5
MD5(bzcat.exe)= fb81f6948f5307e228991d8280ea4a1d
MD5(bzcmp)= fc15271b1df9d9e574e200d7cc625802
MD5(bzdiff)= fc15271b1df9d9e574e200d7cc625802
MD5(bzegrep)= 2b11565d85da178b3a1942a22d20c624
MD5(bzfgrep)= 2b11565d85da178b3a1942a22d20c624
MD5(bzgrep)= 2b11565d85da178b3a1942a22d20c624
MD5(bzip2.exe)= 028202251a68c1ec52a29ecd59a2f922
MD5(bzip2recover.exe)= 0c02bc65e8b84a05bbea9d1b86ae0b45
MD5(bzless)= e243255b6cf3b9403df53cb9cd6176e1
MD5(bzmore)= e243255b6cf3b9403df53cb9cd6176e1
MD5(c_rehash)= 1c632ef71efc1f1709b96f341a94728c
MD5(c2ph)= 639aa26a077cb739e75abf5495e2cd98
MD5(cal.exe)= 882217932b43d4f6b2db1d683cd1a786
MD5(cat.exe)= 671bd700b2152c484adfcc77bd7c5958
MD5(chcon.exe)= 03f37ddb80682231156bdb7b66811da3
MD5(chem)= 57c2deadc673f840ca69455f51aaa429
MD5(chgrp.exe)= 604aef6c3f4fbd09ec21023eb35d60bf
MD5(chkdupexe)= 807b080c98556f55ad8c7e1c18897824
MD5(chmod.exe)= 6b550c277919513ffe667e0979a14714
MD5(chown.exe)= 2645d25fdcfd0cdd6727878f6def70d4


free - Display amount of free and used memory in the system

# free
	    total       used       free     shared    buffers     cached
Mem:        754256     342408     411848          0      15632     202760
-/+ buffers/cache:     124016     630240
Swap:      1131516          0    1131516