Example 1.
mkdir {dir1,dir2,dir3}
Example 2.
mkdir -p basedir/{dir1,dir2,dir3}
Example 3.
mkdir -p basedir/{dirA,dirB}/{dir1,dir2,dir3}
Example 4.
mkdir -p basedir/test{1..5}
To set at prompt with the date and time preceding the computer name. This is usefull when you need to track the date and time that you executed commands and can be useful during investigations.
$ PS1="\d \t `hostname`$ "FW_SERVICES_EXT_TCP="ssh http https"
The FW_SERVERICE_EXT_TCP line tells the firewall which services to allow from the external interface. In the example I give you above I allow secure shell (ssh), hyper text transport protocol (http), and the secure hyper text transport protocol (https). To start the firewall you simply exectue the /sbin/SuSEfirewall2 -q start. When you start the firewall a new log file is created, /var/log/firewall and all external connection attempts are logged.Example 1.
mkdir {dir1,dir2,dir3}
Example 2.
mkdir -p basedir/{dir1,dir2,dir3}
Example 3.
mkdir -p basedir/{dirA,dirB}/{dir1,dir2,dir3}
Example 4.
mkdir -p basedir/test{1..5}
Set password with encrypted password string in AIX. You would, of course, substitute the end users actual loginname and encrypted password string. The chpasswd command takes the input from the echo command here. The -c parameter clears all password flags such as expiration time, etc. The -e parameter tells the chpasswd command that we are passing an encrypted password. The -R compat command line option states that we are using compatability mode.
echo "loginname:passwd" | chpasswd -c -e -R compatMost UNIX operating systems use the standard /etc/nswitch.conf file to control how the operating system is to handle such things as hostname lookup, password lookup and other such things. AIX, on the other hand, chooses to use /etc/control.conf instead.
Tired of system administrators telling you what your command line options should look like? Add unalias -a to your .profile.
The following command is very similar to the grep status above. Here we are executing a diff on two files. We are not concerned with the differences in the two files only that differences may exists.
The tcpdump command in Suse 10.3 truncates packet captures making them less usefull. Add the size flage to get larger, if not complete, packet captures.
usr/sbin/tcpdump -s 65535Trying to find a way to just report back a computer's physical interface. The following command comes pretty close but not close enough to script the results.
Using the -n option to prevent netstat from looking up computer name and the -a option to show all we can grep to see what ports are listening. In the second example given below we are looking for two non-standard ports, 8181 and 8443.
netstat -i |awk `$0 !~/(Name|lo0)/ {print $1; }`
netstat -na |egrep .8181\|.8443
A quick way to create a unique backup of your configuration file before modifying it is by appending a date string to the end of it. As we sometimes work all hours of the day and night we may not always know what day it is. Here is a quick solution to that problem. In this example I create a backup of the /etc/cofig.conf file
cp /etc/config.conf /etc/config.conf_`date +%Y%m%d`I had an instance where I wanted to take a file that contained comma separated values and feed it into someone elses program or script that only took one value per line. So I figured out how to change commas into new-lines in vi.
$ vi s/,/CTRL-vCTRL-m/gTired of trying to determine how much disk space you have left? Do you get lost in all those zeroes on today's large hard disk drives? Try using human readable format.
# df -k /dirname #displays size of the file system in K-bytes
It is sometimes usefull to quickly find the top largest files or directories. Here is a quick command line to help do just that. The du command uses the -s, summary, and -h human readable, options. The sort command uses the -n, sort in numeric order, and -r sort in reverst or largest to smallest order. The head command gabs the first ten results though you may adjust this up or down to your liking.
# du -sh *|sort -nr |head
Not all UNIX operating systems have the zcat script installed but no worries, the zcat script can be approximated with gzip. The -c command line option extracts fils to standard out.
# gunzip -c filename.gz
Sometimes we just want to list hte files in a gziped, tar file. This can be usefull for processing later.
# gunzip -c file.tar.gz |tar -tf -
How you exectue a host lookup may affects your results. Most internal UNIX commands rely on the getent to retrieve host information because there is already a function for that and it is easily compiled in. So if you are troublshooting a host lookup problem be sure to know how your application performs the host lookup. The getent hosts method uses existing functionality and system configurations to return the requested information. On the other hand, an nslookup querries the network naming services which may not be the same way the application is requesting the information.
# getent hosts host1 host2 host3 #returns the hostname and IP addresses for each hostname listed on the commandline.
# nslookup host Performs a naming services lookup of the hostname provided on the command line.
The root account on hpess-mss-backup01 is used to GPG encrypt the file so logging into the mss-backup01 computer and and then decrypting the file there should work without any problems.
It is best to first test to see whether you have a key or keys on the keyring. Use the --list-keys command. In the example I give below, there are no keys on the keyring. If there were, they would be listed.
/usr/bin/gpg --list-keys gpg: directory `/home/geen/.gnupg' created gpg: new configuration file `/home/geen/.gnupg/gpg.conf' created gpg: WARNING: options in `/home/geen/.gnupg/gpg.conf' are not yet active during this run gpg: keyring `/home/geen/.gnupg/pubring.gpg' created gpg: /home/geen/.gnupg/trustdb.gpg: trustdb created
To create a public/private key pair you just need to issue the gpg --gen-key command. In my example I select an RSA only key (5). The default 2048 bits. One that does not expire (0). I then identify myself by name, email address, and a useful (to me) comment. I am then asked to provide a pass-phroase. This is not required but it is a good practice. Just remember your passphrase. If you lose it then it is gone forever and you will need to create a new key pair. All data encrypted with the old passphrase is then unretrievable. Approving the inputs, the keys are generated.
% gpg --gen-key
gpg (GnuPG) 2.0.9; Copyright (C) 2008 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
gpg: keyring `/home/geen/.gnupg/secring.gpg' created
Please select what kind of key you want:
(1) DSA and Elgamal (default)
(2) DSA (sign only)
(5) RSA (sign only)
Your selection? 5
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
= key expires in n days
w = key expires in n weeks
m = key expires in n months
y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
Real name: Glen D. Geen
Email address: glen.d.geen@hp.com
Comment: HP work keys
You selected this USER-ID:
"Glen D. Geen (HP work keys) <glen.d.geen@hp.com>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.
can't connect to `/home/geen/.gnupg/S.gpg-agent': No such file or directory
gpg-agent[10595]: directory `/home/geen/.gnupg/private-keys-v1.d' created
%
To create a ASCII representation of the public key we use the --armor command line option. The creates an "ASCII armored" text.
% gpg --armor --output GlenDGeen.pub --export "Glen D. Geen" % ls GlenDGeen.pub gpg.conf private-keys-v1.d pubring.gpg pubring.gpg~ random_seed secring.gpg trustdb.gpg % more GlenDGeen.pub -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v2.0.9 (GNU/Linux) mQENBFLC8swBCADNd3UUz0WqKkgJgioyHoPBl74/FXn8Driat/DF6DJILZbwIx8k AIYgEvtEPa30mP2AcD5K6Jpg+ouplUN97ITtFbj60tBdymmHyOk14x4tN6hZ5KE0 j7oPr5NX86bZcmzZRH+/LwLsEIaqRcP8snkk0DQnpybtVGGFCoodcnhJrAVavfoI hDHFjJDaRmRwy8WXUHzY8xLxhy0jIkQNgHcqbx157jSWx0K882gL87/J10Sw3+og N7DOENVxmMKPuXnPQqw1Fm8+ngAkdmVlG9BEp9ejJWK+Akbv+QlusGq7dufuZcXy N1+7PFVIsFY0l2uweplXjz2u8UVEuzsfiBgLABEBAAG0MEdsZW4gRC4gR2VlbiAo SFAgd29yayBrZXlzKSA8Z2xlbi5kLmdlZW5AaHAuY29tPokBNgQTAQIAIAUCUsLy zAIbAwYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEJyX7uctizf9iUoIAIDVUzN+ dhXFNyjuECRmnbOQ4Qt0121PnEDsoISmki6cwXnnbPpBSgj/Fofgsdbi0/D8Q9/u t9TBuiq2JoeGuFMLHvySjypc/ZqmUUX87qxmvyn94N0g3dLX6oczjBSkqXIc4Usk zgmPOKlKy9ij1nkjgw2MfBsdjYg9GaHkopmx1QhPyLmNmQ1e1O6pSbWE/zCYvXvY syF4+iQC/mz8gnz6iwIAZtvNdRpbUgARzqg2aPSyXBoPf91ZchXRLHTXE0Ce9Gn6 oGm6GpKySDQzWEb7TVFJl1HanC41iCz2FE5MSz3u1Of4W/gmxhl5j7NUr08kn43V /Tuv9N3a7ElMQEs= =g6xa -----END PGP PUBLIC KEY BLOCK----- %
The actual command to encrypt and decrypt the file is easy.
Sometimes we are not as interested in what is returned but rather the status of our command. The following may be useful in your scripts when using the grep command.
I had a file in which comment lines began with a dollar sign, $. In order to properly process the file I needed to remove the comment lines. This is the quick solution that I came up with.
# grep -v ^\\$ file
This next one is a bit of a cludge because the version of UNIX/Linux I was working on did not support the updates to grep that allows me to see the line I grepped and the next few lines. So I made one up on the spot. Here I use awk to find the string, then print the next three lines.
awk '/string/{ for (x=1; x <= 3; x++) { print; getline; } }'
Awk can be used to replace a string in a text file such as a configuration file. In the example given below I use awk to replace a comment with a different string otherwise I print the existing line in the file. Redirecting the output to a new file creates an updated configuration file, in this case full of jiberish.
# awk '{ if ($0 ~ /^#.*\/etc\/nsswitch\.conf.*/ ) {print "#No Comment\n"} else print; };' nsswitch.conf
IBM's AIX operating system favors /etc/security/passwd over the UNIX standard /etc/shadow file. The format is also completely different. The following awk command extracts the encrypted password string from the /etc/security/passwd file and displays it to the screen.
# awk "/^$login:\$/,/password =/ {if (\$1 == \"password\" ) { print \$3; } }"
lscpu gathers CPU architecture information like number of CPUs, threads, cores, sockets, NUMA nodes, information about CPU caches, CPU family, model, bogoMIPS, byte order and stepping from sysfs and /proc/cpuinfo, and prints it in a human-readable format. It supports both online and offline CPUs. It can also print out in a parsable format, including how different caches are shared by different CPUs, which can be fed to other pro-grams. lscpu also tries to detect which virtualization environment the operating system is running in (if any).
# lscpu Architecture: x86_64 CPU op-mode(s): 32-bit, 64-bit Byte Order: Little Endian CPU(s): 1 On-line CPU(s) list: 0 Thread(s) per core: 1 Core(s) per socket: 1 CPU socket(s): 1 NUMA node(s): 1 Vendor ID: GenuineIntel CPU family: 6 Model: 58 Stepping: 9 CPU MHz: 2594.189 BogoMIPS: 5188.37 Hypervisor vendor: VMware Virtualization type: full L1d cache: 32K L1i cache: 32K L2 cache: 256K L3 cache: 6144K NUMA node0 CPU(s): 0
The /sbin/lspci command is used to list all of the available PCI devices. The command has different options depending on the operating system and version implemented. In genereal, using the -v option displays a verbose list. Note that in some implementations the -q option is quiet and in others it indicates a DNS lookup option. Some version allow you to query specific components like --memory or -cpu.
Another, and probably more universal, command to read hardware information is the /usr/sbin/hwinfo command. You may probe for a particular hardware item by listing it or them on the command line like /usr/sbin/hwinfo --memory --cpu -disk. Available hardware items are:
all, bios, block, blue-tooth, braille, bridge, camera, cdrom, chipcard, cpu, disk, dsl, dvb, fingerprint, floppy, framebuffer, gfxcard, hub, ide, isapnp, isdn, joystick, keyboard, memory, modem, monitor, mouse, netcard, network, partition, pci, pcmcia, pcmcia-ctrl, pppoe, printer, scanner, scsi, smp, sound, storage-ctrl, sys, tape, tv, usb, usb-ctrl, vbe, wlan, and zip.
# /usr/sbin/hwinfo --memory --cpu --usb 01: None 00.0: 10103 CPU [Created at cpu.301] Unique ID: rdCR.j8NaKXDZtZ6 Hardware Class: cpu Arch: X86-64 Vendor: "GenuineIntel" Model: 6.58.9 "Intel(R) Core(TM) i7-3720QM CPU @ 2.60GHz" Features: fpu,vme,de,pse,tsc,msr,pae,mce,cx8,apic,sep,mtrr,pge,mca,cmov,pat,pse36,clflush,dts,mmx,fxsr,sse,s se2,ss,syscall,nx,rdtscp,lm,constant_tsc,up,arch_perfmon,pebs,bts,nopl,xtopology,tsc_reliable,nonstop_tsc,aper fmperf,pni,pclmulqdq,ssse3,cx16,sse4_1,sse4_2,x2apic,popcnt,aes,xsave,avx,f16c,rdrand,hypervisor,lahf_lm,ida,a rat,epb,xsaveopt,pln,pts,dts,fsgsbase,smep Clock: 2594 MHz BogoMips: 5188.29 Cache: 6144 kb Config Status: cfg=new, avail=yes, need=no, active=unknown 02: None 00.0: 10102 Main Memory [Created at memory.66] Unique ID: rdCR.CxwsZFjVASF Hardware Class: memory Model: "Main Memory" Memory Range: 0x00000000-0x2e093fff (rw) Memory Size: 768 MB Config Status: cfg=new, avail=yes, need=no, active=unknown
I got the following message in my /var/log/auth.log file each time an account logged in.
Jan 15 13:02:37 hpess-us-plano-mss-backup01 sshd[30915]: lastlog_openseek: Couldn't stat /var/log/lastlog: No such file or directory
To fix to the problem is to recreate the /var/log/lostlog file and set the ownership and mode.
The mode node command creates a special file of the given type. In this example I am going to give you today I will recreate the /dev/null file. The available types are (b) block, (c) character, (u) unbuffered, and (p) FIFO or pipe. If you are creating a type b, c, or u, then the major and minor number must be give. I have no idea what they are and what the mean but you may look at a working system to find what these numbers should be.
If we look at a valid /dev/null file in a couple of ways we see that it is a special character file. We may use the /usr/bin/file command and the /bin/ls commands so reveal that /dev/null is a special character file. In the example for the ls command, we see that the first character in the mode list is a "c". This indicates that the file we are investigating is a special character file. A "d" in the first space indicates a directory, a "-" indicates a regular file, a "b" is a block file like a disk or tape device, an "l" is a soft linke file, and a "p" is a pipe or FIFO file. Looking at the same file another way, with the /usr/bin/file command, we see that /dev/null returns as a special character file. Before I leave this subject, look at the ls ouput. Note that where we normally expect to see the size of a file we instead see these cryptic numbers: 1, 3. These are the major and minor numbers respecively. We need these numbers for recreating a /dev/null special character file.
% ls -l /dev/null crw-rw-rw- 1 root root 1, 3 Jan 2 06:47 /dev/null % file /dev/null /dev/null: character special
The command to recreate the /dev/null file is quite simple. We just need to execute the command with a few command line parameters like this: /bin/mknod -m 666 /dev/null c 1 3. First the /bin/mknod is the mode node command. The -m 666 sets the permissions on the file. This is the same a executing the /bin/chmod 666 /dev/null command after the file is created. Might a well do it all in the same command line. The next parameter is the name of the file. In this case we are calling it /dev/null. You could actually create a NULL special character file anywhere but I am not really sure why you would want to. After the file name is the file type. In this case c for special character file. Finally we include the major and minor numbers of 1 and 3 respectively.
[root@hpess-us-plano-MDS01 ~]# cd /var/tmp [root@hpess-us-plano-MDS01 tmp]# ls arch Check_Point_Install_and_Upgrade_MD_R76.SecurePlatform.iso cprid liar system_backup.err system_backup.out [root@hpess-us-plano-MDS01 tmp]# ls /mnt [root@hpess-us-plano-MDS01 tmp]# id uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) [root@hpess-us-plano-MDS01 tmp]# mkdir /mnt/CPinstallCD [root@hpess-us-plano-MDS01 tmp]# mount -o loop ./Check_Point_Install_and_Upgrade_MD_R76.SecurePlatform.iso /mnt/CPinstallCD [root@hpess-us-plano-MDS01 tmp]# cd /mnt/CPinstallCD [root@hpess-us-plano-MDS01 CPinstallCD]# ls Berkeley_License.txt boot.cat Gnu_License.txt isolinux.bin LGPL.txt License.txt linux obsolete SecurePlatform TRANS.TBL UnixInstallScript
# ssh-keygen -l -f id_rsa.pub-test 2048 1b:9c:b7:0b:12:dd:f7:19:fe:f4:0e:0c:92:16:1b:b7 id_rsa.pub-test (RSA)
To generate new host key files redirect the output as follows:
For a generic method of doing this: ssh-keygen -q -N "" -t dsa -f /etc/ssh/ssh_host_dsa_key ssh-keygen -q -N "" -t rsa -f /etc/ssh/ssh_host_rsa_key ssh-keygen -q -N "" -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key
To extract the contents from a tar file to standard out and then pipe them to another command can differ from one operating system to another. I found the following works in Mac OS/X and some Linux versions. The options presented here are -O (Oh) extract to standard out, -x extract, and -f filename.
# tar -Oxf file.tar ./ExtractThisFile.txt |grep "lookforthisstring"
It is sometimes neccessary to move files from one computer to another but we do not always want to leave files laying about to clean up later. Let's face it, if we wanted to clean up after ourselves we would not be system administrators. Here is a quick command line to tar files from one computer, establish a secure shell tunnel and then untar the files on to the remote computer.
# tar -cf - ./files_to_transfer | ssh computername tar -xvf - /full/path/to/new/location
To set the time zone in your environment without changing the system time zone you may set the TZ environment variable. This is accomplishted with the command export TZ=GMT to set the time zone in the current shell to GMT. This does not affect the system time zone configuration in any way just the way the shell interprets the current date and time.
From time to time it may be a good idea to send text in a format that is not readily readable. There are many reason for doing so but personal (PII) or intellectual property (IP) are two of the main reasons for doing so. One of the commands to encode a file is the openssl command. Using the encode and decode options, you may password protect a file and send the data over the network being reasonably sure the data is not readable by unintended parties.
To encode the test.txt file and write the output a file named test.enc, using AES 256 bit encryption, use the following command.
# openssl enc -aes-256-cbc -salt -in test.txt -out test.enc
To decode the encrypted file and produce the output to the screen, then execute the following command.
# openssl enc -aes-256-cbc -salt -in test.enc -d
this is a test. this is only a test. Had this been an acutal file, well, who cares.
To calculate the MD5 sum of a file, you may use openssl command with the digest command and then supply the digest type to calcluate, in our case MD5.
MD5(package-scp-primary-override)= 851a9c713cf27f5c7183de678f2e3a33
MD5(serial-http-primary-override)= 62ae798f69bf204eae43804a69bece7b
The /usr/bin/openssl command may also be used to generate a digest. A digest may be thought of as a kind of fingerprint of a file. A digest creates a one-way hash of the file. Any changes to the file, even very minor changes, results in a dramatically different hash or digest. Valid message digest types are: md4, md5, mdc2, rmd160, sha, and sha1. In the example below I generate a message digest on a directory listing.
$ openssl dgst -md5 `ls` MD5([.exe)= fb213691733e81220cd4831351af348f MD5(2to3)= 203ef1df167cebe475bc790c1e6de2a7 MD5(7z)= c7ba4d6d0b980d2ef209d061f0618446 MD5(7za)= 444065500871336c87efdb9811fe4e45 MD5(7zr)= 5b8dfefbc37e7b46bbccd7f620b544c3 MD5(a2p.exe)= c33b5729b8215fb45a1493d50f5f2214 MD5(addftinfo.exe)= a5f717107c4a59bf93df4dbee7c08543 MD5(afmtodit)= a213101e29e7a309a7192e3bec98d18d MD5(apropos)= 1686897696e39d1f2afbf4ff1c592e3e MD5(arc.exe)= 080f7afaf8af02d7371e91f1e9451f68 MD5(arch.exe)= ef283fd571819460ad38e36486b63506 MD5(arj.exe)= 72e034ae2f5131c005e992a7edce0254 MD5(arjdisp.exe)= 04b1c59b0923def7e73160b31fc09eae MD5(arj-register.exe)= 11f6ed04d6a0fd85ac2755fb39127962 MD5(ash.exe)= a9deeb3577bc6701776aac3fada7fd17 MD5(attr.exe)= 504259a3a942507ff3f27a0badab0fc3 MD5(autossh.exe)= af51ba0d2e6b62dc3cc967d94d49e4cf MD5(awk)= 3f4b942af122d5f6f6e337661d0efaa7 MD5(banner.exe)= bc3357362256fea60c6e8884ce50a94b MD5(base64.exe)= f051caef6b1f7904c112953aed5b0098 MD5(basename.exe)= 7b117e3120cfee22b65c4470e0988089 MD5(bash.exe)= 1c65ac9a75207693798694b294620a76 MD5(bashbug)= fccba8bca994c063e872e0601dbf7b5e MD5(bunzip2.exe)= 84b3b4cea625f7bfe6142d0b4c5195a5 MD5(bzcat.exe)= fb81f6948f5307e228991d8280ea4a1d MD5(bzcmp)= fc15271b1df9d9e574e200d7cc625802 MD5(bzdiff)= fc15271b1df9d9e574e200d7cc625802 MD5(bzegrep)= 2b11565d85da178b3a1942a22d20c624 MD5(bzfgrep)= 2b11565d85da178b3a1942a22d20c624 MD5(bzgrep)= 2b11565d85da178b3a1942a22d20c624 MD5(bzip2.exe)= 028202251a68c1ec52a29ecd59a2f922 MD5(bzip2recover.exe)= 0c02bc65e8b84a05bbea9d1b86ae0b45 MD5(bzless)= e243255b6cf3b9403df53cb9cd6176e1 MD5(bzmore)= e243255b6cf3b9403df53cb9cd6176e1 MD5(c_rehash)= 1c632ef71efc1f1709b96f341a94728c MD5(c2ph)= 639aa26a077cb739e75abf5495e2cd98 MD5(cal.exe)= 882217932b43d4f6b2db1d683cd1a786 MD5(cat.exe)= 671bd700b2152c484adfcc77bd7c5958 MD5(chcon.exe)= 03f37ddb80682231156bdb7b66811da3 MD5(chem)= 57c2deadc673f840ca69455f51aaa429 MD5(chgrp.exe)= 604aef6c3f4fbd09ec21023eb35d60bf MD5(chkdupexe)= 807b080c98556f55ad8c7e1c18897824 MD5(chmod.exe)= 6b550c277919513ffe667e0979a14714 MD5(chown.exe)= 2645d25fdcfd0cdd6727878f6def70d4
free - Display amount of free and used memory in the system
# free total used free shared buffers cached Mem: 754256 342408 411848 0 15632 202760 -/+ buffers/cache: 124016 630240 Swap: 1131516 0 1131516