Unixtoolbox Book

UNIX TOOLBOX
4GHR CNBTLDMS HR @ BNKKDBSHNM NE 5MHW ,HMTW "3$ BNLL@MCR @MC S@RJR VGHBG @QD TRDETK ENQ )4 VNQJ
NQ ENQ @CU@MBDC TRDQR 4GHR HR @ OQ@BSHB@K FTHCD VHSG BNMBHRD DWOK@M@SHNMR GNVDUDQ SGD QD@CDQ HR
RTOONRDC SN JMNV VG@S R GD HR CNHMF
3XRSDL
0QNBDRRDR
&HKD 3XRSDL
.DSVNQJ
33( 3#0
60. VHSG 33(
239.#
35$/
%MBQXOS &HKDR
%MBQXOS 0@QSHSHNMR
33, #DQSHEHB@SDR
#63
36.
5RDETK #NLL@MCR
)MRS@KK 3NESV@QD
#NMUDQS -DCH@
0QHMSHMF
$@S@A@RDR
$HRJ 1TNS@
3GDKKR
3BQHOSHMF
0QNFQ@LLHMF
/MKHMD (DKO
5MHW 4NNKANW QDUHRHNM

4GD K@SDRS UDQRHNM NE SGHR CNBTLDMS B@M AD ENTMC @S GSSO BA UT TMHWSNNKANW WGSLK 2DOK@BD WGSLK
NM SGD KHMJ VHSG OCE ENQ SGD 0$& UDQRHNM @MC VHSG ANNJ OCE ENQ SGD ANNJKDS UDQRHNM /M @ CTOKDW
OQHMSDQ SGD ANNJKDS VHKK BQD@SD @ RL@KK ANNJ QD@CX SN AHMC 3DD @KRN SGD @ANTS O@FD
%QQNQ QDONQSR @MC BNLLDMSR @QD LNRS VDKBNLD B BA UT #NKHM "@QRBGDK
c 3XRSDL c c /MKHMD (DKO c
1 SYSTEM 3GNQS ,HMTW QDEDQDMBD VVV OHWDKAD@S NQF BLCKHMD GSLK
,HSSKD BNLL@MC KHMD FNNCHDR VVV RGDKK ET NQF
(@QCV@QD O [ 3S@SHRSHBR O [ 5RDQR O [ ,HLHSR O [ 2TMKDUDKR O [ QNNS O@RRVNQC O [
#NLOHKD JDQMDK O [ 2DO@HQ FQTA O [ -HRB O
2TMMHMF JDQMDK @MC RXRSDL HMENQL@SHNM 4G@S R @KK ENKJR
# uname -a # Get the kernel version (and BSD version)
# lsb_release -a # Full release info of any LSB distribution
# cat /etc/SuSE-release # Get SuSE version
# cat /etc/debian_version # Get Debian version
5RD DSB DISTR QDKD@RD VHSG DISTR= KRA 5ATMST QDCG@S FDMSNN L@MCQ@JD RTM 3NK@QHR @MC RN
NM 3DD @KRN /etc/issue
# uptime # Show how long the system has been running + load
# hostname # system's host name
# hostname -i # Display the IP address of the host. (Linux only)
# man hier # Description of the file system hierarchy
# last reboot # Show system reboot history
1.1 Hardware Informations
+DQMDK CDSDBSDC G@QCV@QD
# dmesg # Detected hardware and boot messages
# lsdev # information about installed hardware
# dd if=/dev/mem bs=1k skip=768 count=256 2>/dev/null | strings -n 8 # Read BIOS
Linux
# cat /proc/cpuinfo # CPU model
# cat /proc/meminfo # Hardware memory
# grep MemTotal /proc/meminfo # Display the physical memory
# watch -n1 'cat /proc/interrupts' # Watch changeable interrupts continuously
# free -m # Used and free memory (-m for MB)
# cat /proc/devices # Configured devices
# lspci -tv # Show PCI devices
# lsusb -tv # Show USB devices
# lshal # Show a list of all devices with their properties
# dmidecode # Show DMI/SMBIOS: hw info from the BIOS
FreeBSD
# sysctl hw.model # CPU model
# sysctl hw # Gives a lot of hardware information
# sysctl hw.ncpu # number of active CPUs installed
# sysctl vm # Memory usage
# sysctl hw.realmem # Hardware memory
# sysctl -a | grep mem # Kernel memory settings and info
# sysctl dev # Configured devices
# pciconf -l -cv # Show PCI devices
# usbdevs -v # Show USB devices
# atacontrol list # Show ATA devices
# camcontrol devlist -v # Show SCSI devices
1.2 Load, statistics and messages
4GD ENKKNVHMF BNLL@MCR @QD TRDETK SN EHMC NTS VG@S HR FNHMF NM NM SGD RXRSDL
# top # display and update the top cpu processes
# mpstat 1 # display processors related statistics
# vmstat 2 # display virtual memory statistics
# iostat 2 # display I/O statistics (2 s intervals)
# systat -vmstat 1 # BSD summary of system statistics (1 s intervals)
# systat -tcp 1 # BSD tcp connections (try also -ip)
# systat -netstat 1 # BSD active network connections 4GHR CNBTLDMS 5MHW 4NNKANW QDUHRHNM HR KHBDMRDC TMCDQ @ #QD@SHUD #NLLNMR ,HBDMBD
# systat -ifstat 1 # BSD network traffic through active interfaces ;!SSQHATSHNM 3G@QD !KHJD= b #NKHM "@QRBGDK 3NLD QHFGSR QDRDQUDC
c /MKHMD (DKO c c 3XRSDL c
The program simplecpp.cpp # systat -iostat 1 # BSD CPU and and disk throughput
#include "IPv4.h" # ipcs -a # information on System V interprocess
#include <iostream> # tail -n 500 /var/log/messages # Last 500 kernel/syslog messages
#include <string> # tail /var/log/warn # System warnings messages see syslog.conf
using namespace std;
int main (int argc, char* argv[]) {
string ipstr; // define variables 1.3 Users
unsigned long ipint = 1347861486; // The IP in integer form
# id # Show the active user id with login and group
GenericUtils::IPv4 iputils; // create an object of the class
# last # Show last logins on the system
ipstr = iputils.IPint_to_IPquad(ipint); // call the class member
# who # Show who is logged on the system
cout << ipint << " = " << ipstr << endl; // print the result
# groupadd admin # Add group "admin" and user colin (Linux/Solaris)
# useradd -c "Colin Barschel" -g admin -m colin
return 0;
# usermod -a -G <group> <user> # Add existing user to group (Debian)
}
# groupmod -A <user> <group> # Add existing user to group (SuSE)
#NLOHKD @MC DWDBTSD VHSG # userdel colin # Delete user colin (Linux/Solaris)
# adduser joe # FreeBSD add user joe (interactive)
# g++ -c IPv4.cpp simplecpp.cpp # Compile in objects # rmuser joe # FreeBSD delete user joe (interactive)
# g++ IPv4.o simplecpp.o -o simplecpp.exe # Link the objects to final executable # pw groupadd admin # Use pw on FreeBSD
# ./simplecpp.exe # pw groupmod admin -m newmember # Add a new member to a group
1347861486 = 80.86.187.238 # pw useradd colin -c "Colin Barschel" -g admin -m -s /bin/tcsh
5RD ldd SN BGDBJ VGHBG KHAQ@QHDR @QD TRDC AX SGD DWDBTS@AKD @MC VGDQD SGDX @QD KNB@SDC !KRN TRDC # pw userdel colin; pw groupdel admin
SN BGDBJ HE @ RG@QDC KHAQ@QX HR LHRRHMF NQ HE SGD DWDBTS@AKD HR RS@SHB %MBQXOSDC O@RRVNQCR @QD RSNQDC HM DSB RG@CNV ENQ ,HMTW @MC 3NK@QHR @MC DSB L@RSDQ O@RRVC NM
# ldd /sbin/ifconfig # list dynamic object dependencies &QDD"3$ )E SGD L@RSDQ O@RRVC HR LNCHEHDC L@MT@KKX R@X SN CDKDSD @ O@RRVNQC QTM # pwd_mkdb
# ar rcs staticlib.a *.o # create static archive -p master.passwd SN QDATHKC SGD C@S@A@RD
# ar t staticlib.a # print the objects list from the archive
# ar x /usr/lib/libc.a version.o # extract an object file from the archive
# nm version.o # show function members provided by object 4N SDLONQ@QHKX OQDUDMS KNFHMR RXRSDL VHCD ENQ @KK TRDQR ATS QNNS TRD MNKNFHM 4GD LDRR@FD HM
MNKNFHM VHKK AD CHROK@XDC LHFGS MNS VNQJ VHSG RRG OQD RG@QDC JDXR
# echo "Sorry no login now" > /etc/nologin # (Linux)
22.5 Simple Makefile # echo "Sorry no login now" > /var/run/nologin # (FreeBSD)
4GD LHMHL@K -@JDEHKD ENQ SGD LTKSH RNTQBD OQNFQ@L HR RGNVM ADKNV 4GD KHMDR VHSG HMRSQTBSHNMR must
begin with a tab 4GD A@BJ RK@RG < B@M AD TRDC SN BTS KNMF KHMDR 1.4 Limits
CC = g++
CFLAGS = -O 3NLD @OOKHB@SHNM QDPTHQD GHFGDQ KHLHSR NM NODM EHKDR @MC RNBJDSR KHJD @ OQNWX VDA RDQUDQ
OBJS = IPv4.o simplecpp.o C@S@A@RD 4GD CDE@TKS KHLHSR @QD TRT@KKX SNN KNV
simplecpp: ${OBJS} Linux

${CC} -o simplecpp ${CFLAGS} ${OBJS}
clean: Per shell/script
rm -f ${TARGET} ${OBJS}
4GD RGDKK KHLHSR @QD FNUDQMDC AX ulimit 4GD RS@STR HR BGDBJDC VHSG ulimit -a &NQ DW@LOKD SN
BG@MFD SGD NODM EHKDR KHLHS EQNL SN CN
23 ONLINE HELP # ulimit -n 10240 # This is only valid within the shell
4GD ulimit BNLL@MC B@M AD TRDC HM @ RBQHOS SN BG@MFD SGD KHLHSR ENQ SGD RBQHOS NMKX
23.1 Documentation
Per user/process
,HMTW $NBTLDMS@SHNM DM SKCO NQF ,NFHM TRDQR @MC @OOKHB@SHNMR B@M AD BNMEHFTQDC HM /etc/security/limits.conf &NQ DW@LOKD
,HMTW -@M 0@FDR VVV KHMTWL@MO@FDR BNL # cat /etc/security/limits.conf
,HMTW BNLL@MCR CHQDBSNQX VVV NQDHKKXMDS BNL KHMTW BLC * hard nproc 250 # Limit user processes
,HMTW CNB L@M GNVSNR KHMTW CHD MDS asterisk hard nofile 409600 # Limit application open files
&QDD"3$ (@MCANNJ VVV EQDDARC NQF G@MCANNJ
System wide
&QDD"3$ -@M 0@FDR VVV EQDDARC NQF BFH L@M BFH
+DQMDK KHLHSR @QD RDS VHSG RXRBSK 0DQL@MDMS KHLHSR @QD RDS HM /etc/sysctl.conf
&QDD"3$ TRDQ VHJH VVV EQDDARCVHJH MDS
3NK@QHR -@M 0@FDR CNBR RTM BNL @OO CNBR BNKK # sysctl -a # View all system limits
# sysctl fs.file-max # View max open files limit
# sysctl fs.file-max=102400 # Change max open files limit
23.2 Other Unix/Linux references # echo "1024 50000" > /proc/sys/net/ipv4/ip_local_port_range # port range
# cat /etc/sysctl.conf
2NRDSS@ 3SNMD ENQ 5MHW AG@LH BNL QNRDSS@ GSLK @ 5MHW BNLL@MC SQ@MRK@SNQ fs.file-max=102400 # Permanent entry in sysctl.conf
# cat /proc/sys/fs/file-nr # How many file descriptors are in use
5MHW FTHCD BQNRR QDEDQDMBD TMHWFTHCD MDS TMHWFTHCD RGSLK
,HMTW BNLL@MCR KHMD KHRS VVV KHMTWBLC NQF
c 3XRSDL c c 0QNFQ@LLHMF c
FreeBSD # gcc simple.c -o simple
# ./simple
Per shell/script The answer is 42
5RD SGD BNLL@MC limits HM BRG NQ SBRG NQ @R HM ,HMTW TRD ulimit HM @M RG NQ A@RG RGDKK
Per user/process 22.3 C++ basics
4GD CDE@TKS KHLHSR NM KNFHM @QD RDS HM /etc/login.conf !M TMKHLHSDC U@KTD HR RSHKK KHLHSDC AX SGD *pointer // Object pointed to by pointer
RXRSDL L@WHL@K U@KTD &obj // Address of object obj
obj.x // Member x of class obj (object obj)
System wide pobj->x // Member x of class pointed to by pobj
// (*pobj).x and pobj->x are the same
+DQMDK KHLHSR @QD @KRN RDS VHSG RXRBSK 0DQL@MDMS KHLHSR @QD RDS HM /etc/sysctl.conf NQ /boot/
loader.conf 4GD RXMS@W HR SGD R@LD @R ,HMTW ATS SGD JDXR @QD CHEEDQDMS
# sysctl -a # View all system limits
22.4 C++ example
# sysctl kern.maxfiles=XXXX # maximum number of file descriptors !R @ RKHFGSKX LNQD QD@KHRSHB OQNFQ@L HM # @ BK@RR HM HSR NVM GD@CDQ )0U G @MC HLOKDLDMS@SHNM
kern.ipc.nmbclusters=32768 # Permanent entry in /etc/sysctl.conf )0U BOO @MC @ OQNFQ@L VGHBG TRDR SGD BK@RR ETMBSHNM@KHSX 4GD BK@RR BNMUDQSR @M )0 @CCQDRR HM
kern.maxfiles=65536 # Typical values for Squid
kern.maxfilesperproc=32768
HMSDFDQ ENQL@S SN SGD JMNVM PT@C ENQL@S
kern.ipc.somaxconn=8192 # TCP queue. Better for apache/sendmail
# sysctl kern.openfiles # How many file descriptors are in use IPv4 class
# sysctl kern.ipc.numopensockets # How many open sockets are in use
# sysctl net.inet.ip.portrange.last=50000 # Default is 1024-5000 IPv4.h:
# netstat -m # network memory buffers statistics #ifndef IPV4_H
#define IPV4_H
3DD 4GD &QDD"3$ G@MCANNJ #G@OSDQ ENQ CDS@HKR !MC @KRN &QDD"3$ ODQENQL@MBD STMHMF #include <string>
Solaris namespace GenericUtils { // create a namespace
4GD ENKKNVHMF U@KTDR HM /etc/system VHKK HMBQD@RD SGD L@WHLTL EHKD CDRBQHOSNQR ODQ OQNB class IPv4 { // class definition
public:
set rlim_fd_max = 4096 # Hard limit on file descriptors for a single proc IPv4(); ~IPv4();
set rlim_fd_cur = 1024 # Soft limit on file descriptors for a single proc std::string IPint_to_IPquad(unsigned long ip);// member interface
};
} //namespace GenericUtils
1.5 Runlevels #endif // IPV4_H
Linux IPv4.cpp:
/MBD ANNSDC SGD JDQMDK RS@QSR init VGHBG SGDM RS@QSR rc VGHBG RS@QSR @KK RBQHOSR ADKNMFHMF SN @ #include "IPv4.h"
QTMKDUDK 4GD RBQHOSR @QD RSNQDC HM DSB HMHS C @MC @QD KHMJDC HMSN DSB QB C QB. C VHSG . SGD QTMKDUDK #include <string>
MTLADQ #include <sstream>
using namespace std; // use the namespaces
4GD CDE@TKS QTMKDUDK HR BNMEHFTQDC HM DSB HMHSS@A )S HR TRT@KKX NQ
using namespace GenericUtils;
# grep default: /etc/inittab
id:3:initdefault: IPv4::IPv4() {} // default constructor/destructor
IPv4::~IPv4() {}
4GD @BST@K QTMKDUDK B@M AD BG@MFDC VHSG init &NQ DW@LOKD SN FN EQNL SN
string IPv4::IPint_to_IPquad(unsigned long ip) { // member implementation
# init 5 # Enters runlevel 5 ostringstream ipstr; // use a stringstream
ipstr << ((ip &0xff000000) >> 24) // Bitwise right shift
<< "." << ((ip &0x00ff0000) >> 16)
3GTSCNVM @MC G@KS
<< "." << ((ip &0x0000ff00) >> 8)
3HMFKD 5RDQ LNCD @KRN 3 << "." << ((ip &0x000000ff));
-TKSH TRDQ VHSGNTS MDSVNQJ return ipstr.str();
-TKSH TRDQ VHSG MDSVNQJ }
-TKSH TRDQ VHSG 8
2DANNS
5RD chkconfig SN BNMEHFTQD SGD OQNFQ@LR SG@S VHKK AD RS@QSDC @S ANNS HM @ QTMKDUDK
# chkconfig --list # List all init scripts
# chkconfig --list sshd # Report the status of sshd
# chkconfig sshd --level 35 on # Configure sshd for levels 3 and 5
# chkconfig sshd off # Disable sshd for all runlevels
$DAH@M @MC $DAH@M A@RDC CHRSQHATSHNMR KHJD 5ATMST NQ +MNOOHW TRD SGD BNLL@MC update-rc.d SN
L@M@FD SGD QTMKDUDKR RBQHOSR $DE@TKS HR SN RS@QS HM @MC @MC RGTSCNVM HM @MC
GSSO VVV EQDDARC NQF G@MCANNJ BNMEHFSTMHMF JDQMDK KHLHSR GSLK
GSSO RDQUDQE@TKS BNL PTDRSHNMR EQDDARC ODQENQL@MBD STMHMF RXRBSKR KN@CDQ BNME JDQMDK
c 0QNFQ@LLHMF c c 3XRSDL c
[\^$.|?*+() # special characters any other will match themselves # update-rc.d sshd defaults # Activate sshd with the default runlevels
\ # escapes special characters and treat as literal # update-rc.d sshd start 20 2 3 4 5 . stop 20 0 1 6 . # With explicit arguments
* # repeat the previous item zero or more times # update-rc.d -f sshd remove # Disable sshd for all runlevels
. # single character except line break characters # shutdown -h now (or # poweroff) # Shutdown and halt the system
.* # match zero or more characters
^ # match at the start of a line/string
$ # match at the end of a line/string FreeBSD
.$ # match a single character at the end of line/string 4GD "3$ ANNS @OOQN@BG HR CHEEDQDMS EQNL SGD 3XR6 SGDQD @QD MN QTMKDUDKR 4GD EHM@K ANNS RS@SD
^ $ # match line with a single space RHMFKD TRDQ VHSG NQ VHSGNTS 8 HR BNMEHFTQDC HM /etc/ttys !KK /3 RBQHOSR @QD KNB@SDC HM /etc/
^[A-Z] # match any line beginning with any char from A to Z rc.d/ @MC HM /usr/local/etc/rc.d/ ENQ SGHQC O@QSX @OOKHB@SHNMR 4GD @BSHU@SHNM NE SGD RDQUHBD HR
BNMEHFTQDC HM /etc/rc.conf @MC /etc/rc.conf.local 4GD CDE@TKS ADG@UHNQ HR BNMEHFTQDC HM /etc/
21.6 Some useful commands defaults/rc.conf 4GD RBQHOSR QDRONMCR @S KD@RS SN RS@QS[RSNO[RS@STR
4GD ENKKNVHMF BNLL@MCR @QD TRDETK SN HMBKTCD HM @ RBQHOS NQ @R NMD KHMDQR # /etc/rc.d/sshd status
sshd is running as pid 552.
sort -t. -k1,1n -k2,2n -k3,3n -k4,4n # Sort IPv4 ip addresses # shutdown now # Go into single-user mode
echo 'Test' | tr '[:lower:]' '[:upper:]' # Case conversion # exit # Go back to multi-user mode
echo foo.bar | cut -d . -f 1 # Returns foo # shutdown -p now # Shutdown and halt the system
PID=$(ps | grep script.sh | grep bin | awk '{print $1}') # PID of a running script # shutdown -r now # Reboot
PID=$(ps axww | grep [p]ing | awk '{print $1}') # PID of ping (w/o grep pid)
IP=$(ifconfig $INTERFACE | sed '/.*inet addr:/!d;s///;s/ .*//') # Linux 4GD OQNBDRR init B@M @KRN AD TRDC SN QD@BG NMD NE SGD ENKKNVHMF RS@SDR KDUDK &NQ DW@LOKD # init
IP=$(ifconfig $INTERFACE | sed '/.*inet /!d;s///;s/ .*//') # FreeBSD 6 ENQ QDANNS
if [ `diff file1 file2 | wc -l` != 0 ]; then [...] fi # File changed?
cat /etc/master.passwd | grep -v root | grep -v \*: | awk -F":" \ # Create http passwd
'{ printf("%s:%s\n", $1, $2) }' > /usr/local/etc/apache2/passwd (@KS @MC STQM SGD ONVDQ NEE RHFM@K USR2
'N SN RHMFKD TRDQ LNCD RHFM@K TERM
testuser=$(cat /usr/local/etc/apache2/passwd | grep -v \ # Check user in passwd 2DANNS SGD L@BGHMD RHFM@K INT
root | grep -v \*: | awk -F":" '{ printf("%s\n", $1) }' | grep ûser$)
:(){ :|:& };: # bash fork bomb. Will kill your machine
B "KNBJ ETQSGDQ KNFHMR RHFM@K TSTP
tail +2 file > file2 # remove the first line from file P 2DRB@M SGD SSXR EHKD RHFM@K HUP
) TRD SGHR KHSSKD SQHBJ SN BG@MFD SGD EHKD DWSDMRHNM ENQ L@MX EHKDR @S NMBD &NQ DW@LOKD EQNL BWW SN
Windows
BOO 4DRS HS EHQRS VHSGNTS SGD | sh @S SGD DMC 9NT B@M @KRN CN SGHR VHSG SGD BNLL@MC rename HE
HMRS@KKDC /Q VHSG A@RG ATHKSHMR 3S@QS @MC RSNO @ RDQUHBD VHSG DHSGDQ SGD service name NQ "service description" RGNVM HM SGD
3DQUHBDR #NMSQNK 0@MDK @R ENKKNVR
# ls *.cxx | awk -F. '{print "mv "$0" "$1".cpp"}' | sh
# ls *.c | sed "s/.*/cp & &.$(date "+%Y%m%d")/" | sh # e.g. copy *.c to *.c.20080401 net stop WSearch
# rename .cxx .cpp *.cxx # Rename all .cxx to cpp net start WSearch # start search service
# for i in *.cxx; do mv $i ${i%%.cxx}.cpp; done # with bash builtins net stop "Windows Search"
net start "Windows Search" # same as above using descr.
22 PROGRAMMING 1.6 Reset root password
22.1 C basics Linux method 1

strcpy(newstr,str) /* copy str to newstr */
!S SGD ANNS KN@CDQ KHKN NQ FQTA DMSDQ SGD ENKKNVHMF ANNS NOSHNM
expr1 ? expr2 : expr3 /* if (expr1) expr2 else expr3 */ init=/bin/sh
x = (y > z) ? y : z; /* if (y > z) x = y; else x = z; */
int a[]={0,1,2}; /* Initialized array (or a[3]={0,1,2}; */
4GD JDQMDK VHKK LNTMS SGD QNNS O@QSHSHNM @MC init VHKK RS@QS SGD ANTQMD RGDKK HMRSD@C NE rc @MC SGDM @
int a[2][3]={{1,2,3},{4,5,6}}; /* Array of array of ints */ QTMKDUDK 5RD SGD BNLL@MC passwd @S SGD OQNLOS SN BG@MFD SGD O@RRVNQC @MC SGDM QDANNS &NQFDS
int i = 12345; /* Convert in i to char str */ SGD RHMFKD TRDQ LNCD @R XNT MDDC SGD O@RRVNQC ENQ SG@S
char str[10]; )E @ESDQ ANNSHMF SGD QNNS O@QSHSHNM HR LNTMSDC QD@C NMKX QDLNTMS HS QV
sprintf(str, "%d", i);
# mount -o remount,rw /
# passwd # or delete the root password (/etc/shadow)
22.2 C example # sync; mount -o remount,ro / # sync before to remount read only
# reboot
! LHMHL@K B OQNFQ@L RHLOKD B
#include <stdio.h> FreeBSD method 1
main() {
/M &QDD"3$ ANNS HM RHMFKD TRDQ LNCD QDLNTMS QV @MC TRD O@RRVC 9NT B@M RDKDBS SGD RHMFKD
int number=42;
printf("The answer is %i\n", number); TRDQ LNCD NM SGD ANNS LDMT NOSHNM VGHBG HR CHROK@XDC ENQ RDBNMCR @S RS@QSTO 4GD RHMFKD
} TRDQ LNCD VHKK FHUD XNT @ QNNS RGDKK NM SGD O@QSHSHNM
# mount -u /; mount -a # will mount / rw
#NLOHKD VHSG
# passwd
# reboot
c 3XRSDL c c 3BQHOSHMF c
Unixes and FreeBSD and Linux method 2 Generate a file
/SGDQ 5MHWDR LHFGS MNS KDS XNT FN @V@X VHSG SGD RHLOKD HMHS SQHBJ 4GD RNKTSHNM HR SN LNTMS SGD QNNS MYHOME=/home/colin
O@QSHSHNM EQNL @M NSGDQ /3 KHJD @ QDRBTD #$ @MC BG@MFD SGD O@RRVNQC NM SGD CHRJ cat > testhome.sh << _EOF
# All of this goes into the file testhome.sh
if [ -d "$MYHOME" ] ; then
a "NNS @ KHUD #$ NQ HMRS@KK@SHNM #$ HMSN @ QDRBTD LNCD VGHBG VHKK FHUD XNT @ RGDKK
echo $MYHOME exists
a &HMC SGD QNNS O@QSHSHNM VHSG ECHRJ D F ECHRJ CDU RC@ else
a -NTMS HS @MC TRD BGQNNS echo $MYHOME does not exist
fi
# mount -o rw /dev/ad4s3a /mnt _EOF
# chroot /mnt # chroot into /mnt sh testhome.sh
# passwd
# reboot
21.2 Bourne script example
1.7 Kernel modules !R @ RL@KK DW@LOKD SGD RBQHOS TRDC SN BQD@SD @ 0$& ANNJKDS EQNL SGHR WGSLK CNBTLDMS
#!/bin/sh
Linux # This script creates a book in pdf format ready to print on a duplex printer
if [ $# -ne 1 ]; then # Check the argument
# lsmod # List all modules loaded in the kernel
echo 1>&2 "Usage: $0 HtmlFile"
# modprobe isdn # To load a module (here isdn)
exit 1 # non zero exit if error
fi
FreeBSD
# kldstat # List all modules loaded in the kernel file=$1 # Assign the filename
# kldload crypto # To load a module (here crypto) fname=${file%.*} # Get the name of the file only
fext=${file#*.} # Get the extension of the file
1.8 Compile Kernel prince $file -o $fname.pdf # from www.princexml.com
pdftops -paper A4 -noshrink $fname.pdf $fname.ps # create postscript booklet
cat $fname.ps |psbook|psnup -Pa4 -2 |pstops -b "2:0,1U(21cm,29.7cm)" > $fname.book.ps
Linux
# cd /usr/src/linux ps2pdf13 -sPAPERSIZE=a4 -sAutoRotatePages=None $fname.book.ps $fname.book.pdf
# make mrproper # Clean everything, including config files # use #a4 and #None on Windows!
# make oldconfig # Reuse the old .config if existent exit 0 # exit 0 means successful
# make menuconfig # or xconfig (Qt) or gconfig (GTK)
# make # Create a compressed kernel image
# make modules # Compile the modules 21.3 Some awk commands
# make modules_install # Install the modules
# make install # Install the kernel !VJ HR TRDETK ENQ EHDKC RSQHOOHMF KHJD BTS HM @ LNQD ONVDQETK V@X 3D@QBG SGHR CNBTLDMS ENQ NSGDQ
# reboot DW@LOKDR 3DD ENQ DW@LOKD FMTK@LO BNL @MC NMD KHMDQR ENQ @VJ ENQ RNLD MHBD DW@LOKDR
awk '{ print $2, $1 }' file # Print and inverse first two columns
FreeBSD awk '{printf("%5d : %s\n", NR,$0)}' file # Add line number left aligned
awk '{print FNR "\t" $0}' files # Add line number right aligned
/OSHNM@KKX TOC@SD SGD RNTQBD SQDD HM /usr/src VHSG BRTO @R NE &QDD"3$ NQ K@SDQ awk NF test.txt # remove blank lines (same as grep '.')
# csup <supfile> awk 'length > 80' # print line longer than 80 char)
) TRD SGD ENKKNVHMF RTOEHKD
*default host=cvsup5.FreeBSD.org # www.freebsd.org/handbook/cvsup.html#CVSUP-MIRRORS 21.4 Some sed commands
*default prefix=/usr
*default base=/var/db
(DQD HR SGD NMD KHMDQ FNKC LHMD !MC @ FNNC HMSQNCTBSHNM @MC STSNQH@K SN RDC
*default release=cvs delete tag=RELENG_7 sed 's/string1/string2/g' # Replace string1 with string2
src-all sed -i 's/wroong/wrong/g' *.txt # Replace a recurring word with g
sed 's/$.*$1/\12/g' # Modify anystring1 to anystring2
4N LNCHEX @MC QDATHKC SGD JDQMDK BNOX SGD FDMDQHB BNMEHFTQ@SHNM EHKD SN @ MDV M@LD @MC DCHS HS @R sed '/<p>/,/<\/p>/d' t.xhtml # Delete lines that start with <p>
MDDCDC XNT B@M @KRN DCHS SGD EHKD GENERIC CHQDBSKX 4N QDRS@QS SGD ATHKC @ESDQ @M HMSDQQTOSHNM @CC # and end with </p>
SGD NOSHNM NO_CLEAN=YES SN SGD L@JD BNLL@MC SN @UNHC BKD@MHMF SGD NAIDBSR @KQD@CX ATHKC sed '/ *#/d; /^ *$/d' # Remove comments and blank lines
sed 's/[ \t]*$//' # Remove trailing spaces (use tab as \t)
# cd /usr/src/sys/i386/conf/ sed 's/^[ \t]*//;s/[ \t]*$//' # Remove leading and trailing spaces
# cp GENERIC MYKERNEL sed 's/[^*]/[&]/' # Enclose first char with [] top->[t]op
# cd /usr/src sed = file | sed 'N;s/\n/\t/' > file.num # Number lines on a file
# make buildkernel KERNCONF=MYKERNEL
# make installkernel KERNCONF=MYKERNEL
4N QDATHKC SGD ETKK /3 21.5 Regular Expressions
# make buildworld # Build the full OS but not the kernel 3NLD A@RHB QDFTK@Q DWOQDRRHNM TRDETK ENQ RDC SNN 3DD "@RHB 2DFDW 3XMS@W ENQ @ FNNC OQHLDQ
# make buildkernel # Use KERNCONF as above if appropriate GSSO RSTCDMS MNQSGO@QJ DCT ODLDMSD RDC RDC KHMD SWS
# make installkernel GSSO VVV FQXLNHQD BNL 5MHW 3DC GSLK
GSSO VVV QDFTK@Q DWOQDRRHNMR HMEN QDEDQDMBD GSLK
c 3BQHOSHMF c c 0QNBDRRDR c
# reboot
21 SCRIPTING # mergemaster -p # Compares only files known to be essential
"@RHBR O [ 3BQHOS DW@LOKD O [ @VJ O [ RDC O [ 2DFTK@Q %WOQDRRHNMR O [ TRDETK # make installworld
# mergemaster -i -U # Update all configurations and other files
BNLL@MCR O
# reboot
4GD "NTQMD RGDKK AHM RG HR OQDRDMS NM @KK 5MHW HMRS@KK@SHNMR @MC RBQHOSR VQHSSDM HM SGHR K@MFT@FD &NQ RL@KK BG@MFDR HM SGD RNTQBD XNT B@M TRD ./?#,%!. XDR SN @UNHC QDATHKCHMF SGD VGNKD SQDD
@QD PTHSD ONQS@AKD man 1 sh HR @ FNNC QDEDQDMBD # make buildworld NO_CLEAN=yes # Don't delete the old objects
# make buildkernel KERNCONF=MYKERNEL NO_CLEAN=yes
21.1 Basics
1.9 Repair grub
Variables and arguments
3N XNT AQNJD FQTA "NNS EQNL @ KHUD BC ;EHMC XNTQ KHMTW O@QSHSHNM TMCDQ /dev @MC TRD fdisk SN EHMC
!RRHFM VHSG U@QH@AKD U@KTD @MC FDS BNMSDMS VHSG U@QH@AKD SGD KHMTW O@QSHNM= LNTMS SGD KHMTW O@QSHSHNM @CC OQNB @MC CDU @MC TRD grub-install /dev/xyz
MESSAGE="Hello World" # Assign a string 3TOONRD KHMTW KHDR NM /dev/sda6
PI=3.1415 # Assign a decimal number
N=8 # mount /dev/sda6 /mnt # mount the linux partition on /mnt
TWON=èxpr $N * 2` # Arithmetic expression (only integers) # mount --bind /proc /mnt/proc # mount the proc subsystem into /mnt
TWON=$(($N * 2)) # Other syntax # mount --bind /dev /mnt/dev # mount the devices into /mnt
TWOPI=ècho "$PI * 2" | bc -l` # Use bc for floating point operations # chroot /mnt # change root to the linux partition
ZERO=ècho "c($PI/4)-sqrt(2)/2" | bc -l` # grub-install /dev/sda # reinstall grub with your old settings
4GD BNLL@MC KHMD @QFTLDMSR @QD

$0, $1, $2, ... # $0 is the command itself 1.10 Misc
$# # The number of arguments
$* # All arguments (also $@) $HR@AKD /38 UHQST@K LDLNQX QDOD@S VHSG load SN QD DM@AKD &@RSDQ RXRSDL ATS @ KHSSKD QHRJX
# sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.dynamic_pager.plist
# sleep 3600; pmset sleepnow # go to standby in one hour (OSX)
Special Variables # defaults write -g com.apple.mouse.scaling -float 8
$$ # The current process ID # OSX mouse acceleration (use -1 to reverse)
$? # exit status of last command
command
if [ $? != 0 ]; then
echo "command failed"
2 PROCESSES
fi ,HRSHMF O [ 0QHNQHSX O [ "@BJFQNTMC &NQDFQNTMC O [ 4NO O [ +HKK O
mypath=`pwd`
mypath=${mypath}/file.txt
echo ${mypath##*/} # Display the filename only 2.1 Listing and PIDs
echo ${mypath%%.*} # Full path without extention
foo=/tmp/my.dir/filename.tar.gz %@BG OQNBDRR G@R @ TMHPTD MTLADQ SGD 0)$ ! KHRS NE @KK QTMMHMF OQNBDRR HR QDSQHDUDC VHSG ps
path = ${foo%/*} # Full path without extention # ps -auxefw # Extensive list of all running process
var2=${var:=string} # Use var if set, otherwise use string
# assign string to var and then to var2. (NVDUDQ LNQD SXOHB@K TR@FD HR VHSG @ OHOD NQ VHSG pgrep ENQ /3 8 HMRS@KK proctools EQNL -@B0NQSR
size=$(stat -c%s "$file") # get file size in bourne script O@FD
filesize=${size:=-1}
# ps axww | grep cron
586 ?? Is 0:01.48 /usr/sbin/cron -s
Constructs # ps axjf # All processes in a tree format (Linux)
for file in `ls` # ps aux | grep 'ss[h]' # Find all ssh pids without the grep pid
do # pgrep -l sshd # Find the PIDs of processes by (part of) name
echo $file # echo $$ # The PID of your shell
done # fuser -va 22/tcp # List processes using port 22 (Linux)
# pmap PID # Memory map of process (hunt memory leaks) (Linux)
count=0 # fuser -va /home # List processes accessing the /home partition
while [ $count -lt 5 ]; do # strace df # Trace system calls and signals
echo $count # truss df # same as above on FreeBSD/Solaris/Unixware
sleep 1
count=$(($count + 1))
done 2.2 Priority
#G@MFD SGD OQHNQHSX NE @ QTMMHMF OQNBDRR VHSG renice Negative numbers have a higher priority
myfunction() {
find . -type f -name "*.$1" -print # $1 is first argument of the function SGD KNVDRS HR @MC MHBD G@UD @ ONRHSHUD U@KTD
} # renice -5 586 # Stronger priority
myfunction "txt" 586: old priority 0, new priority -5
c 0QNBDRRDR c c 3GDKKR c
3S@QS SGD OQNBDRR VHSG @ CDEHMDC OQHNQHSX VHSG nice 0NRHSHUD HR MHBD NQ VD@J MDF@SHUD HR RSQNMF # in .bashrc
RBGDCTKHMF OQHNQHSX -@JD RTQD XNT JMNV HE /usr/bin/nice NQ SGD RGDKK ATHKS HM HR TRDC BGDBJ VHSG bind '"\e[A"':history-search-backward # Use up and down arrow to search
bind '"\e[B"':history-search-forward # the history. Invaluable!
# which nice set -o emacs # Set emacs mode in bash (see below)
# nice -n -5 top # Stronger priority (/usr/bin/nice) set bell-style visible # Do not beep, inverse colors
# nice -n 5 top # Weaker priority (/usr/bin/nice) # Set a nice prompt like [user@host]/path/todir>
# nice +5 top # tcsh builtin nice (same as above!) PS1="\[\033[1;30m\][\[\033[1;34m\]\u\[\033[1;30m\]"
PS1="$PS1@\[\033[0;33m\]\h\[\033[1;30m\]]\[\033[0;37m\]"
7GHKD MHBD BG@MFDR SGD #05 RBGDCTKDQ @M NSGDQ TRDETK BNLL@MC ionice VHKK RBGDCTKD SGD CHRJ )/ PS1="$PS1\w\[\033[1;30m\]>\[\033[0m\]"
4GHR HR UDQX TRDETK ENQ HMSDMRHUD )/ @OOKHB@SHNM D F BNLOHKHMF 9NT B@M RDKDBS @ BK@RR HCKD ADRS
# To check the currently active aliases, simply type alias
DEENQS QD@K SHLD SGD L@M O@FD HR RGNQS @MC VDKK DWOK@HMDC alias ls='ls -aF' # Append indicator (one of */=>@|)
# ionice c3 -p123 # set idle class for pid 123 (Linux only) alias ll='ls -aFls' # Listing
# ionice -c2 -n0 firefox # Run firefox with best effort and high priority alias la='ls -all'
# ionice -c3 -p$$ # Set the actual shell to idle priority alias ..='cd ..'
alias ...='cd ../..'
4GD K@RS BNLL@MC HR UDQX TRDETK SN BNLOHKD NQ CDATF @ K@QFD OQNIDBS %UDQX BNLL@MC K@TMBGDC export HISTFILESIZE=5000 # Larger history
EQNL SGHR RGDKK VHKK G@UD @ KNUDQ OQHNQHSX $$ HR XNTQ RGDKK OHC SQX DBGN export CLICOLOR=1 # Use colors (if possible)
&QDD"3$ TRDR idprio/rtprio L@W OQHNQHSX LNRS HCKD export LSCOLORS=ExGxFxdxCxDxDxBxBxExEx
# idprio 31 make # compile in the lowest priority
# idprio 31 -1234 # set PID 1234 with lowest priority 20.2 tcsh
# idprio -t -1234 # -t removes any real time/idle priority
2DCHQDBSR @MC OHODR ENQ SBRG @MC BRG RHLOKD @MC @QD SGD R@LD @R RG
# cmd >& file # Redirect both stdout and stderr to file.
2.3 Background/Foreground # cmd >>& file # Append both stdout and stderr to file.
7GDM RS@QSDC EQNL @ RGDKK OQNBDRRDR B@M AD AQNTFGS HM SGD A@BJFQNTMC @MC A@BJ SN SGD ENQDFQNTMC # cmd1 | cmd2 # pipe stdout to cmd2
VHSG ;#SQK= ;:= >: bg @MC fg ,HRS SGD OQNBDRRDR VHSG jobs 7GDM MDDCDC CDS@BG EQNL SGD # cmd1 |& cmd2 # pipe stdout and stderr to cmd2
SDQLHM@K VHSG disown 4GD RDSSHMFR ENQ BRG SBRG @QD RDS HM ~/.cshrc QDKN@C VHSG RNTQBD BRGQB %W@LOKDR
# ping cb.vu > ping.log # in .cshrc
^Z # ping is suspended (stopped) with [Ctrl]-[Z] alias ls 'ls -aF'
# bg # put in background and continues running alias ll 'ls -aFls'
# jobs -l # List processes in background alias la 'ls -all'
[1] - 36232 Running ping cb.vu > ping.log alias .. 'cd ..'
[2] + 36233 Suspended (tty output) top alias ... 'cd ../..'
# fg %2 # Bring process 2 back in foreground set prompt = "%B%n%b@%B%m%b%/> " # like user@host/path/todir>
set history = 5000
# make # start a long compile job but need to leave the terminal set savehist = ( 6000 merge )
^Z # suspended (stopped) with [Ctrl]-[Z] set autolist # Report possible completions with tab
# bg # put in background and continues running set visiblebell # Do not beep, inverse colors
# disown -h %1 # detatch process from terminal, won't be killed at logout
# Bindkey and colors
.N RSQ@HFGS ENQV@QC V@X SN QD @SS@BG SGD OQNBDRR SN @ MDV SDQLHM@K SQX QDOSXQ ,HMTW bindkey -e Select Emacs bindings # Use emacs keys to edit the command prompt
5RD nohup SN RS@QS @ OQNBDRR VGHBG G@R SN JDDO QTMMHMF VGDM SGD RGDKK HR BKNRDC HLLTMD SN bindkey -k up history-search-backward # Use up and down arrow to search
G@MFTOR bindkey -k down history-search-forward
setenv CLICOLOR 1 # Use colors (if possible)
# nohup ping -i 60 > ping.log &
setenv LSCOLORS ExGxFxdxCxDxDxBxBxExEx
4GD DL@BR LNCD DM@AKDR SN TRD SGD DL@BR JDXR RGNQSBTSR SN LNCHEX SGD BNLL@MC OQNLOS KHMD
2.4 Top 4GHR HR DWSQDLDKX TRDETK MNS NMKX ENQ DL@BR TRDQR 4GD LNRS TRDC BNLL@MCR @QD
4GD OQNFQ@L top CHROK@XR QTMMHMF HMENQL@SHNM NE OQNBDRRDR 3DD @KRN SGD OQNFQ@L htop EQNL
GSNO RNTQBDENQFD MDS @ LNQD ONVDQETK UDQRHNM NE SNO VGHBG QTMR NM ,HMTW @MC &QDD"3$ ports/ # @ -NUD BTQRNQ SN ADFHMMHMF NE KHMD
# D -NUD BTQRNQ SN DMC NE KHMD
sysutils/htop/ 7GHKD SNO HR QTMMHMF OQDRR SGD JDX G ENQ @ GDKO NUDQUHDV 5RDETK JDXR @QD
- A -NUD BTQRNQ A@BJ NMD VNQC
- E -NUD BTQRNQ ENQV@QC NMD VNQC
a u [user name] 4N CHROK@X NMKX SGD OQNBDRRDR ADKNMFHMF SN SGD TRDQ 5RD NQ AK@MJ SN RDD
- C #TS SGD MDWS VNQC
@KK TRDQR
# V #TS SGD K@RS VNQC
a k [pid] +HKK SGD OQNBDRR VHSG OHC
# T #TS DUDQXSGHMF ADENQD SGD BTQRNQ
a 1 4N CHROK@X @KK OQNBDRRNQR RS@SHRSHBR ,HMTW NMKX
# J #TS DUDQXSGHMF @ESDQ SGD BTQRNQ QDRS NE SGD KHMD
a R 4NFFKD MNQL@K QDUDQRD RNQS
# X 0@RSD SGD K@RS SGHMF SN AD BTS RHLOKX O@RSD
# ? 5MCN
2.5 Signals/Kill
Note: # GNKC BNMSQNK - GNKC LDS@ VGHBG HR TRT@KKX SGD @KS NQ DRB@OD JDX
4DQLHM@SD NQ RDMC @ RHFM@K VHSG kill NQ killall
c 3GDKKR c c &HKD 3XRSDL c
change the values of soft and hard )E MNS RODBHEHDC SGD AKNBJR @QD J 4GD FQ@BD ODQHNC HR RDS VHSG # ping -i 60 cb.vu > ping.log &
edquota -t &NQ DW@LOKD [1] 4712
# kill -s TERM 4712 # same as kill -15 4712
# edquota -u colin # killall -1 httpd # Kill HUP processes by exact name
# pkill -9 http # Kill TERM processes by (part of) name
Linux # pkill -TERM -u www # Kill TERM processes owned by www
# fuser -k -TERM -m /home # Kill every process accessing /home (to umount)
Disk quotas for user colin (uid 1007):
Filesystem blocks soft hard inodes soft hard )LONQS@MS RHFM@KR @QD
/dev/sda8 108 1000 2000 1 0 0
HUP G@MF TO
FreeBSD INT HMSDQQTOS
Quotas for user colin: QUIT PTHS
/home: kbytes in use: 504184, limits (soft = 700000, hard = 800000) KILL MNM B@SBG@AKD MNM HFMNQ@AKD JHKK
inodes in use: 1792, limits (soft = 0, hard = 0)
TERM RNESV@QD SDQLHM@SHNM RHFM@K
For many users

4GD BNLL@MC edquota -p HR TRDC SN CTOKHB@SD @ PTNS@ SN NSGDQ TRDQR &NQ DW@LOKD SN CTOKHB@SD @ 3 FILE SYSTEM
QDEDQDMBD PTNS@ SN @KK TRDQR $HRJ HMEN O [ "NNS O [ $HRJ TR@FD O [ /ODMDC EHKDR O [ -NTMS QDLNTMS O [ -NTMS
# edquota -p refuser àwk -F: '$3 > 499 {print $1}' /etc/passwd` 3-" O [ -NTMS HL@FD O [ "TQM )3/ O [ #QD@SD HL@FD O [ -DLNQX CHRJ O [ $HRJ
# edquota -p refuser user1 user2 # Duplicate to 2 users ODQENQL@MBD O
Checks 3.1 Permissions

5RDQR B@M BGDBJ SGDHQ PTNS@ AX RHLOKX SXOHMF quota SGD EHKD PTNS@ TRDQ LTRS AD QD@C@AKD 2NNS
B@M BGDBJ @KK PTNS@R #G@MFD ODQLHRRHNM @MC NVMDQRGHO VHSG chmod @MC chown 4GD CDE@TKS TL@RJ B@M AD BG@MFDC ENQ @KK
TRDQR HM DSB OQNEHKD ENQ ,HMTW NQ DSB KNFHM BNME ENQ &QDD"3$ 4GD CDE@TKS TL@RJ HR TRT@KKX 4GD
# quota -u colin # Check quota for a user
# repquota /home # Full report for the partition for all users TL@RJ HR RTASQ@BSDC EQNL SGTR TL@RJ QDRTKSR HM @ ODQLHRRHNM E
1 --x execute # Mode 764 = exec/read/write | read/write | read
2 -w- write # For: |-- Owner --| |- Group-| |Oth|
20 SHELLS 4 r-- read
ugo=a u=user, g=group, o=others, a=everyone
# chmod [OPTION] MODE[,MODE] FILE # MODE is of the form [ugoa]*([-+=]([rwxXst]))
-NRS ,HMTW CHRSQHATSHNMR TRD SGD A@RG RGDKK VGHKD SGD "3$R TRD SBRG SGD ANTQMD RGDKK HR NMKX TRDC
# chmod 640 /var/log/maillog # Restrict the log -rw-r-----
ENQ RBQHOSR &HKSDQR @QD UDQX TRDETK @MC B@M AD OHODC # chmod u=rw,g=r,o= /var/log/maillog # Same as above
# chmod -R o-r /home/* # Recursive remove other readable for all users
grep 0@SSDQM L@SBGHMF # chmod u+s /path/to/prog # Set SUID bit on executable (know what you do!)
sed 3D@QBG @MC 2DOK@BD RSQHMFR NQ BG@Q@BSDQR # find / -perm -u+s -print # Find all programs with the SUID bit
cut 0QHMS RODBHEHB BNKTLMR EQNL @ L@QJDQ # chown user:group /path/to/file # Change the user and group ownership of a file
# chgrp group /path/to/file # Change the group ownership of a file
sort 3NQS @KOG@ADSHB@KKX NQ MTLDQHB@KKX # chmod 640 `find ./ -type f -print` # Change permissions to 640 for all files
uniq 2DLNUD CTOKHB@SD KHMDR EQNL @ EHKD # chmod 751 `find ./ -type d -print` # Change permissions to 751 for all directories
&NQ DW@LOKD TRDC @KK @S NMBD

3.2 Disk information
# ifconfig | sed 's/ / /g' | cut -d" " -f1 | uniq | grep -E "[a-z0-9]+" | sort -r
# ifconfig | sed '/.*inet addr:/!d;s///;s/ .*//'|sort -t. -k1,1n -k2,2n -k3,3n -k4,4n # diskinfo -v /dev/ad2 # information about disk (sector/size) FreeBSD
# hdparm -I /dev/sda # information about the IDE/ATA disk (Linux)
4GD EHQRS BG@Q@BSDQ HM SGD RDC O@SSDQM HR @ S@A 4N VQHSD @ S@A NM SGD BNMRNKD TRD BSQK U BSQK S@A # fdisk /dev/ad2 # Display and manipulate the partition table
# smartctl -a /dev/ad2 # Display the disk SMART info
20.1 bash
2DCHQDBSR @MC OHODR ENQ A@RG @MC RG 3.3 Boot
# cmd 1> file # Redirect stdout to file.
# cmd 2> file # Redirect stderr to file. FreeBSD
# cmd 1>> file # Redirect and append stdout to file. 4N ANNS @M NKC JDQMDK HE SGD MDV JDQMDK CNDRM S ANNS RSNO SGD ANNS @S CTQHMF SGD BNTMS CNVM
# cmd &> file # Redirect both stdout and stderr to file.
# unload
# cmd >file 2>&1 # Redirects stderr to stdout and then to file.
# load kernel.old
# cmd1 | cmd2 # pipe stdout to cmd2
# boot
# cmd1 2>&1 | cmd2 # pipe stdout and stderr to cmd2
-NCHEX XNTQ BNMEHFTQ@SHNM HM ] A@RGQB HS B@M @KRN AD ] A@RG?OQNEHKD 4GD ENKKNVHMF DMSQHDR @QD
TRDETK QDKN@C VHSG A@RGQB 7HSG BXFVHM TRD ] A@RG?OQNEHKD VHSG QWUS O@RS VHSG RGHES KDES
BKHBJ
c &HKD 3XRSDL c c $HRJ 1TNS@ c
3.4 System mount points/Disk usage Dump and restore
)S B@M AD TRDETK SN CTLO @MC QDRSNQD @M 31,HSD C@S@A@RD &NQ DW@LOKD XNT B@M DCHS SGD CTLO EHKD
# mount | column -t # Show mounted file-systems on the system
SN BG@MFD @ BNKTLM @SSQHATSD NQ SXOD @MC SGDM QDRSNQD SGD C@S@A@RD 4GHR HR D@RHDQ SG@M LDRRHMF
# df # display free disk space and mounted devices
# cat /proc/partitions # Show all registered partitions (Linux) VHSG 31, BNLL@MCR 5RD SGD BNLL@MC sqlite3 ENQ @ W C@S@A@RD
# sqlite database.db .dump > dump.sql # dump
# sqlite database.db < dump.sql # restore
Disk usage
# du -sh * # Directory sizes as listing
# du -csh # Total directory size of the current directory Convert 2.x to 3.x database
# du -ks * | sort -n -r # Sort everything by size in kilobytes sqlite database_v2.db .dump | sqlite3 database_v3.db
# ls -lSr # Show files, biggest last
3.5 Who has which files opened 19 DISK QUOTA
4GHR HR TRDETK SN EHMC NTS VGHBG EHKD HR AKNBJHMF @ O@QSHSHNM VGHBG G@R SN AD TMLNTMSDC @MC FHUDR @ ! CHRJ PTNS@ @KKNVR SN KHLHS SGD @LNTMS NE CHRJ RO@BD @MC NQ SGD MTLADQ NE EHKDR @ TRDQ NQ NQ
SXOHB@K DQQNQ NE LDLADQ NE FQNTO B@M TRD 4GD PTNS@R @QD @KKNB@SDC NM @ ODQ EHKD RXRSDL A@RHR @MC @QD DMENQBDC AX
# umount /home/ SGD JDQMDK
umount: unmount of /home # umount impossible because a file is locking home
failed: Device busy
19.1 Linux setup
FreeBSD and most Unixes 4GD PTNS@ SNNKR O@BJ@FD TRT@KKX MDDCR SN AD HMRS@KKDC HS BNMS@HMR SGD BNLL@MC KHMD SNNKR
# fstat -f /home # for a mount point !BSHU@SD SGD TRDQ PTNS@ HM SGD ERS@A @MC QDLNTMS SGD O@QSHSHNM )E SGD O@QSHSHNM HR ATRX DHSGDQ @KK
# fstat -p PID # for an application with PID KNBJDC EHKDR LTRS AD BKNRDC NQ SGD RXRSDL LTRS AD QDANNSDC !CC usrquota SN SGD ERS@A LNTMS
# fstat -u user # for a user name
NOSHNMR ENQ DW@LOKD
&HMC NODMDC KNF EHKD NQ NSGDQ NODMDC EHKDR R@X ENQ 8NQF /dev/sda2 /home reiserfs rw,acl,user_xattr,usrquota 1 1
# ps ax | grep Xorg | awk '{print $1}' # mount -o remount /home
1252 # mount # Check if usrquota is active, otherwise reboot
# fstat -p 1252
)MHSH@KHYD SGD PTNS@ TRDQ EHKD VHSG quotacheck
USER CMD PID FD MOUNT INUM MODE SZ|DV R/W
root Xorg 1252 root / 2 drwxr-xr-x 512 r # quotacheck -vum /home
root Xorg 1252 text /usr 216016 -rws--x--x 1679848 r # chmod 644 /home/aquota.user # To let the users check their own quota
root Xorg 1252 0 /var 212042 -rw-r--r-- 56987 w
!BSHU@SD SGD PTNS@ DHSGDQ VHSG SGD OQNUHCDC RBQHOS D F DSB HMHS C PTNS@C NM 3T3% NQ VHSG quotaon
4GD EHKD VHSG HMTL HR SGD NMKX EHKD HM U@Q quotaon -vu /home
# find -x /var -inum 212042
/var/log/Xorg.0.log #GDBJ SG@S SGD PTNS@ HR @BSHUD VHSG
quota -v
Linux
&HMC NODMDC EHKDR NM @ LNTMS ONHMS VHSG fuser NQ lsof 19.2 FreeBSD setup
# fuser -m /home # List processes accessing /home
4GD PTNS@ SNNKR @QD O@QS NE SGD A@RD RXRSDL GNVDUDQ SGD JDQMDK MDDCR SGD NOSHNM PTNS@ )E HS HR MNS
# lsof /home
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME SGDQD @CC HS @MC QDBNLOHKD SGD JDQMDK
tcsh 29029 eedcoba cwd DIR 0,18 12288 1048587 /home/eedcoba (guam:/home) options QUOTA
lsof 29140 eedcoba cwd DIR 0,18 12288 1048587 /home/eedcoba (guam:/home)
!R VHSG ,HMTW @CC SGD PTNS@ SN SGD ERS@A NOSHNMR TRDQPTNS@ MNS TRQPTNS@
!ANTS @M @OOKHB@SHNM /dev/ad0s1d /home ufs rw,noatime,userquota 2 2
ps ax | grep Xorg | awk '{print $1}' # mount /home # To remount the partition
3324
# lsof -p 3324 %M@AKD CHRJ PTNS@R HM DSB QB BNME @MC RS@QS SGD PTNS@
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME # grep quotas /etc/rc.conf
Xorg 3324 root 0w REG 8,6 56296 12492 /var/log/Xorg.0.log enable_quotas="YES" # turn on quotas on startup (or NO).
check_quotas="YES" # Check quotas on startup (or NO).
!ANTS @ RHMFKD EHKD # /etc/rc.d/quota start
# lsof /var/log/Xorg.0.log
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
Xorg 3324 root 0w REG 8,6 56296 12492 /var/log/Xorg.0.log 19.3 Assign quota limits
4GD PTNS@R @QD MNS KHLHSDC ODQ CDE@TKS RDS SN 4GD KHLHSR @QD RDS VHSG edquota ENQ RHMFKD TRDQR
3.6 Mount/remount a file system ! PTNS@ B@M AD @KRN CTOKHB@SDC SN L@MX TRDQR 4GD EHKD RSQTBSTQD HR CHEEDQDMS ADSVDDM SGD PTNS@
HLOKDLDMS@SHNMR ATS SGD OQHMBHOKD HR SGD R@LD SGD U@KTDR NE AKNBJR @MC HMNCDR B@M AD KHLHSDC Only
&NQ DW@LOKD SGD BCQNL )E KHRSDC HM DSB ERS@A
# mount /cdrom
GSSO VVV RPKHSD NQF
c $@S@A@RDR c c &HKD 3XRSDL c
# pg_dumpall --clean > full.dump /Q EHMC SGD CDUHBD HM CDU NQ VHSG CLDRF
# psql -f full.dump postgres
)M SGHR B@RD SGD QDRSNQD HR RS@QSDC VHSG SGD C@S@A@RD ONRSFQDR VGHBG HR ADSSDQ VGDM QDKN@CHMF @M FreeBSD
DLOSX BKTRSDQ # mount -v -t cd9660 /dev/cd0c /mnt # cdrom
# mount_cd9660 /dev/wcd0c /cdrom # other method
# mount -v -t msdos /dev/fd0c /mnt # floppy
18.2 MySQL
%MSQX HM DSB ERS@A
Change mysql root or username password # Device Mountpoint FStype Options Dump Pass#
/dev/acd0 /cdrom cd9660 ro,noauto 0 0
Method 1
4N KDS TRDQR CN HS
# /etc/init.d/mysql stop
or # sysctl vfs.usermount=1 # Or insert the line "vfs.usermount=1" in /etc/sysctl.conf
# killall mysqld
# mysqld --skip-grant-tables Linux
# mysqladmin -u root password 'newpasswd'
# mount -t auto /dev/cdrom /mnt/cdrom # typical cdrom mount command
# /etc/init.d/mysql start
# mount /dev/hdc -t iso9660 -r /cdrom # typical IDE
# mount /dev/scd0 -t iso9660 -r /cdrom # typical SCSI cdrom
Method 2 # mount /dev/sdc0 -t ntfs-3g /windows # typical SCSI
# mysql -u root mysql
mysql> UPDATE USER SET PASSWORD=PASSWORD("newpassword") where user='root'; %MSQX HM DSB ERS@A
mysql> FLUSH PRIVILEGES; # Use username instead of "root" /dev/cdrom /media/cdrom subfs noauto,fs=cdfss,ro,procuid,nosuid,nodev,exec 0 0
mysql> quit
Mount a FreeBSD partition with Linux
Create user and database (see MySQL doc ) &HMC SGD O@QSHSHNM MTLADQ BNMS@HMHMF VHSG ECHRJ SGHR HR TRT@KKX SGD QNNS O@QSHSHNM ATS HS BNTKC AD @M
# mysql -u root mysql NSGDQ "3$ RKHBD SNN )E SGD &QDD"3$ G@R L@MX RKHBDR SGDX @QD SGD NMD MNS KHRSDC HM SGD ECHRJ S@AKD
mysql> CREATE USER 'bob'@'localhost' IDENTIFIED BY 'pwd'; # create only a user ATS UHRHAKD HM CDU RC@ NQ CDU GC@
mysql> CREATE DATABASE bobdb; # fdisk /dev/sda # Find the FreeBSD partition
mysql> GRANT ALL ON *.* TO 'bob'@'%' IDENTIFIED BY 'pwd'; # Use localhost instead of % /dev/sda3 * 5357 7905 20474842+ a5 FreeBSD
# to restrict the network access # mount -t ufs -o ufstype=ufs2,ro /dev/sda3 /mnt
mysql> DROP DATABASE bobdb; # Delete database /dev/sda10 = /tmp; /dev/sda11 /usr # The other slices
mysql> DROP USER bob; # Delete user
mysql> DELETE FROM mysql.user WHERE user='bob and host='hostname'; # Alt. command
mysql> FLUSH PRIVILEGES; Remount
2DLNTMS @ CDUHBD VHSGNTS TMLNTMSHMF HS .DBDRR@QX ENQ ERBJ ENQ DW@LOKD
Grant remote access # mount -o remount,ro / # Linux
2DLNSD @BBDRR HR SXOHB@KKX ODQLHSSDC ENQ @ C@S@A@RD @MC MNS @KK C@S@A@RDR 4GD EHKD /etc/my.cnf # mount -o ro -u / # FreeBSD
BNMS@HMR SGD )0 @CCQDRR SN AHMC SN /M &QDD"3$ my.cnf MNS BQD@SDC ODQ EDC@TKS BNOX NMD .cnf #NOX SGD Q@V C@S@ EQNL @ BCQNL HMSN @M HRN HL@FD CDE@TKS AKNBJRHYD LHFGS B@TRD OQNAKDLR
EHKD EQNL /usr/local/share/mysql SN /usr/local/etc/my.cnf 4XOHB@KKX BNLLDMS SGD KHMD bind- # dd if=/dev/cd0c of=file.iso bs=2048
address = NTS
# mysql -u root mysql Virtualbox
mysql> GRANT ALL ON bobdb.* TO bob@'xxx.xxx.xxx.xxx' IDENTIFIED BY 'PASSWORD'; !KKNV @ RG@QD NM SGD GNRS
mysql> REVOKE GRANT OPTION ON foo.* FROM bar@'xxx.xxx.xxx.xxx';
mysql> FLUSH PRIVILEGES; # Use 'hostname' or also '%' for full access # VBoxManage sharedfolder add "GuestName" --name "share" --hostpath "C:\hostshare"
-NTMS RG@QD NM FTDRS KHMTW &QDD"3$
Backup and restore # sudo mount -t vboxsf share /home/vboxshare # -o uid=1000,gid=1000 (as appropriate)
"@BJTO @MC QDRSNQD @ RHMFKD C@S@A@RD share /home/colin/share vboxsf defaults,uid=colin 0 0 # fstab entry
# mysqldump -u root -psecret --add-drop-database dbname > dbname_sql.dump
# mysql -u root -psecret -D dbname < dbname_sql.dump OSX
"@BJTO @MC QDRSNQD @KK C@S@A@RDR # diskutil list # List the partitions of a disk
# diskutil unmountDisk /dev/disk1 # Unmount an entire disk (all volumes)
# mysqldump -u root -psecret --add-drop-database --all-databases > full.dump # chflags hidden ~/Documents/folder # Hide folder (reverse with unhidden)
# mysql -u root -psecret < full.dump
(DQD HR RDBQDS SGD LXRPK QNNS O@RRVNQC SGDQD HR MN RO@BD @ESDQ O 7GDM SGD O NOSHNM HR TRDC
@KNMD V N O@RRVNQC SGD O@RRVNQC HR @RJDC @S SGD BNLL@MC OQNLOS
3.7 Add swap on-the-fly
3TOONRD XNT MDDC LNQD RV@O QHFGS MNV R@X @ '" EHKD RV@O FA ,HMTW NMKX
18.3 SQLite # dd if=/dev/zero of=/swap2gb bs=1024k count=2000
# mkswap /swap2gb # create the swap area
31,HSD HR @ RL@KK ONVDQETK RDKE BNMS@HMDC RDQUDQKDRR YDQN BNMEHFTQ@SHNM 31, C@S@A@RD # swapon /swap2gb # activate the swap. It now in use
GSSO CDU LXRPK BNL CNB QDEL@M DM @CCHMF TRDQR GSLK
c &HKD 3XRSDL c c 0QHMSHMF c
# swapoff /swap2gb # when done deactivate the swap
# rm /swap2gb
17 PRINTING
3.8 Mount an SMB share 17.1 Print with lpr
# lpr unixtoolbox.ps # Print on default printer
3TOONRD VD V@MS SN @BBDRR SGD 3-" RG@QD LXRG@QD NM SGD BNLOTSDQ RLARDQUDQ SGD @CCQDRR @R # export PRINTER=hp4600 # Change the default printer
SXODC NM @ 7HMCNVR 0# HR <<RLARDQUDQ<LXRG@QD< 7D LNTMS NM LMS RLARG@QD 7@QMHMF BHER # lpr -Php4500 #2 unixtoolbox.ps # Use printer hp4500 and print 2 copies
V@MSR @M )0 NQ $.3 M@LD MNS @ 7HMCNVR M@LD # lpr -o Duplex=DuplexNoTumble ... # Print duplex along the long side
# lpr -o PageSize=A4,Duplex=DuplexNoTumble ...
Linux/OSX # lpq # Check the queue on default printer
# smbclient -U user -I 192.168.16.229 -L //smbshare/ # List the shares # lpq -l -Php4500 # Queue on printer hp4500 with verbose
# mount -t smbfs -o username=winuser //smbserver/myshare /mnt/smbshare # lprm - # Remove all users jobs on default printer
# mount -t cifs -o username=winuser,password=winpwd //192.168.16.229/myshare /mnt/share # lprm -Php4500 3186 # Remove job 3186. Find job nbr with lpq
# lpc status # List all available printers
-NTMS 3@LA@ RG@QD SGQNTFG RRG STMMDK # lpc status hp4500 # Check if printer is online and queue length
# ssh -C -f -N -p 20022 -L 445:127.0.0.1:445 me@server # connect on 20022, tunnel 445
# mount -t smbfs //colin@localhost/colin ~/mnt 3NLD CDUHBDR @QD MNS ONRSRBQHOS @MC VHKK OQHMS F@QA@FD VGDM EDC VHSG @ OCE EHKD 4GHR LHFGS AD RNKUDC
# mount_smbfs //colin:mypassword@127.0.0.1/private /Volumes/private # I use this on OSX + ssh VHSG
!CCHSHNM@KKX VHSG SGD O@BJ@FD LNTMS BHER HS HR ONRRHAKD SN RSNQD SGD BQDCDMSH@KR HM @ EHKD ENQ DW@LOKD # gs -dSAFER -dNOPAUSE -sDEVICE=deskjet -sOutputFile=\|lpr file.pdf
/home/user/.smb 0QHMS SN @ 0$& EHKD DUDM HE SGD @OOKHB@SHNM CNDR MNS RTOONQS HS 5RD gs NM SGD OQHMS BNLL@MC HMRSD@C
username=winuser NE lpr
password=winpwd # gs -q -sPAPERSIZE=a4 -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -sOutputFile=/path/file.pdf
!MC LNTMS @R ENKKNV
# mount -t cifs -o credentials=/home/user/.smb //192.168.16.229/myshare /mnt/smbshare
18 DATABASES
FreeBSD
5RD ) SN FHUD SGD )0 NQ $.3 M@LD RLARDQUDQ HR SGD 7HMCNVR M@LD 18.1 PostgreSQL
# smbutil view -I 192.168.16.229 //winuser@smbserver # List the shares
# mount_smbfs -I 192.168.16.229 //winuser@smbserver/myshare /mnt/smbshare Change root or a username password
# psql -d template1 -U pgsql
> alter user pgsql with password 'pgsql_password'; # Use username instead of "pgsql"
3.9 Mount an image
# hdiutil mount image.iso # OS X Create user and database
4GD BNLL@MCR createuser dropuser createdb @MC dropdb @QD BNMUDMHDMS RGNQSBTSR DPTHU@KDMS
Linux loop-back SN SGD 31, BNLL@MCR 4GD MDV TRDQ HR ANA VHSG C@S@A@RD ANACA TRD @R QNNS VHSG OFRPK SGD
# mount -t iso9660 -o loop file.iso /mnt # Mount a CD image C@S@A@RD RTODQ TRDQ
# mount -t ext3 -o loop file.img /mnt # Mount an image with ext3 fs # createuser -U pgsql -P bob # -P will ask for password
# createdb -U pgsql -O bob bobdb # new bobdb is owned by bob
# dropdb bobdb # Delete database bobdb
FreeBSD
# dropuser bob # Delete user bob
7HSG LDLNQX CDUHBD CN JKCKN@C LC JN HE MDBDRR@QX
4GD FDMDQ@K C@S@A@RD @TSGDMSHB@SHNM LDBG@MHRL HR BNMEHFTQDC HM OF?GA@ BNME
# mdconfig -a -t vnode -f file.iso -u 0
# mount -t cd9660 /dev/md0 /mnt
# umount /mnt; mdconfig -d -u 0 # Cleanup the md device Grant remote access
/Q VHSG UHQST@K MNCD 4GD EHKD $PGSQL_DATA_D/postgresql.conf RODBHEHDR SGD @CCQDRR SN AHMC SN 4XOHB@KKX
listen_addresses = '*' ENQ 0NRSFQDR W
# vnconfig /dev/vn0c file.iso; mount -t cd9660 /dev/vn0c /mnt
# umount /mnt; vnconfig -u /dev/vn0c # Cleanup the vn device 4GD EHKD $PGSQL_DATA_D/pg_hba.conf CDEHMDR SGD @BBDRR BNMSQNK %W@LOKDR
# TYPE DATABASE USER IP-ADDRESS IP-MASK METHOD
Solaris and FreeBSD host bobdb bob 212.117.81.42 255.255.255.255 password
host all all 0.0.0.0/0 password
VHSG KNNO A@BJ EHKD HMSDQE@BD NQ KNEH
# lofiadm -a file.iso
# mount -F hsfs -o ro /dev/lofi/1 /mnt
Backup and restore
# umount /mnt; lofiadm -d /dev/lofi/1 # Cleanup the lofi device 4GD A@BJTOR @MC QDRSNQD @QD CNMD VHSG SGD TRDQ OFRPK NQ ONRSFQDR "@BJTO @MC QDRSNQD @ RHMFKD
C@S@A@RD
# pg_dump --clean dbname > dbname_sql.dump
# psql dbname < dbname_sql.dump
"@BJTO @MC QDRSNQD @KK C@S@A@RDR HMBKTCHMF TRDQR
c #NMUDQS -DCH@ c c &HKD 3XRSDL c
16.2 Unix - DOS newlines 3.10 Create and burn an ISO image
#NMUDQS $/3 #2 ,& SN 5MHW ,& MDVKHMDR @MC A@BJ within a Unix shell 3DD @KRN dos2unix @MC 4GHR VHKK BNOX SGD BC NQ $6$ RDBSNQ ENQ RDBSNQ 7HSGNTS conv=notrunc SGD HL@FD VHKK AD RL@KKDQ HE
unix2dos HE XNT G@UD SGDL SGDQD HR KDRR BNMSDMS NM SGD BC 3DD ADKNV @MC SGD CC DW@LOKDR O@FD
# sed 's/.$//' dosfile.txt > unixfile.txt # DOS to UNIX # dd if=/dev/hdc of=/tmp/mycd.iso bs=2048 conv=notrunc
# awk '{sub(/\r$/,"");print}' dosfile.txt > unixfile.txt # DOS to UNIX
# awk '{sub(/$/,"\r");print}' unixfile.txt > dosfile.txt # UNIX to DOS
5RD LJHRNER SN BQD@SD @ #$ $6$ HL@FD EQNL EHKDR HM @ CHQDBSNQX 4N NUDQBNLD SGD EHKD M@LDR
QDRSQHBSHNMR Q DM@AKDR SGD 2NBJ 2HCFD DWSDMRHNMR BNLLNM SN 5.)8 RXRSDLR * DM@AKDR *NKHDS
#NMUDQS 5MHW SN $/3 MDVKHMDR within a Windows environment 5RD RDC NQ @VJ EQNL LHMFV NQ DWSDMRHNMR TRDC AX -HBQNRNES RXRSDLR , @KKNVR )3/ EHKDM@LDR SN ADFHM VHSG @ ODQHNC
BXFVHM # mkisofs -J -L -r -V TITLE -o imagefile.iso /path/to/dir
# sed -n p unixfile.txt > dosfile.txt # hdiutil makehybrid -iso -joliet -o dir.iso dir/ # OS X
# awk 1 unixfile.txt > dosfile.txt # UNIX to DOS (with a cygwin shell)
/M &QDD"3$ LJHRNER HR ENTMC HM SGD ONQSR HM RXRTSHKR BCQSNNKR
2DLNUD ^M L@B MDVKHMD @MC QDOK@BD VHSG TMHW MDV KHMD 4N FDS @ ^M TRD #4, 6 SGDM #4, -
# tr '^M' '\n' < macfile.txt Burn a CD/DVD ISO image
FreeBSD
16.3 PDF images and concatenate PDF files &QDD"3$ CNDR MNS DM@AKD $-! NM !4!0) CQHUDR AX CDE@TKS $-! HR DM@AKDC VHSG SGD RXRBSK BNLL@MC
#NMUDQS @ 0$& CNBTLDMS VHSG gs 'GNRS3BQHOS SN IODF NQ OMF HL@FDR ENQ D@BG O@FD !KRN LTBG @MC SGD @QFTLDMSR ADKNV NQ VHSG ANNS KN@CDQ BNME VHSG SGD ENKKNVHMF DMSQHDR
RGNQSDQ VHSG convert @MC mogrify EQNL )L@FD-@FHBJ NQ 'Q@OGHBR-@FHBJ hw.ata.ata_dma="1"
hw.ata.atapi_dma="1"
# gs -dBATCH -dNOPAUSE -sDEVICE=jpeg -r150 -dTextAlphaBits=4 -dGraphicsAlphaBits=4 \
-dMaxStripSize=8192 -sOutputFile=unixtoolbox_%d.jpg unixtoolbox.pdf 5RD burncd VHSG @M !4!0) CDUHBD burncd HR O@QS NE SGD A@RD RXRSDL @MC cdrecord HM RXRTSHKR
# convert unixtoolbox.pdf unixtoolbox-%03d.png BCQSNNKR VHSG @ 3#3) CQHUD
# convert *.jpeg images.pdf # Create a simple PDF with all pictures
# burncd -f /dev/acd0 data imagefile.iso fixate # For ATAPI drive
# convert image000* -resample 120x120 -compress JPEG -quality 80 images.pdf
# cdrecord -scanbus # To find the burner device (like 1,0,0)
# mogrify -format png *.ppm # convert all ppm images to png format
# cdrecord dev=1,0,0 imagefile.iso
'GNRSRBQHOS B@M @KRN BNMB@SDM@SD LTKSHOKD OCE EHKDR HMSN @ RHMFKD NMD 4GHR NMKX VNQJR VDKK HE SGD 0$&
EHKDR @QD VDKK ADG@UDC Linux
# gs -q -sPAPERSIZE=a4 -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -sOutputFile=all.pdf \ !KRN TRD cdrecord VHSG ,HMTW @R CDRBQHADC @ANUD !CCHSHNM@KKX HS HR ONRRHAKD SN TRD SGD M@SHUD !4!0)
file1.pdf file2.pdf ... # On Windows use '#' instead of '=' HMSDQE@BD VGHBG HR ENTMC VHSG
#QD@SD 0$& EHKD EQNL HL@FDR # cdrecord dev=ATAPI -scanbus
# convert 20140416-DSCF1915.jpg 20140416-DSCF1920.jpg all.pdf !MC ATQM SGD #$ $6$ @R @ANUD
convert 20140416-DSCF1915.jpg 20140416-DSCF1920.jpg -resize 1240x1753 -units PixelsPerInch \
-density 150x150 all.pdf # force A4 dvd+rw-tools
%WSQ@BS HL@FDR EQNL OCE CNBTLDMS TRHMF pdfimages EQNL ONOOKDQ NQ xpdf 4GD CUC QV SNNKR O@BJ@FD &QDD"3$ ONQSR RXRTSHKR CUC QV SNNKR B@M CN HS @KK @MC HMBKTCDR
# pdfimages document.pdf dst/ # extract all images and put in dst growisofs SN ATQM #$R NQ $6$R 4GD DW@LOKDR QDEDQ SN SGD CUC CDUHBD @R /dev/dvd VGHBG BNTKC
# yum install poppler-utils # install poppler-utils if needed. or: AD @ RXLKHMJ SN /dev/scd0 SXOHB@K RBRH NM ,HMTW NQ /dev/cd0 SXOHB@K &QDD"3$ NQ /dev/rcd0c
# apt-get install poppler-utils SXOHB@K .DS"3$ /ODM"3$ BG@Q@BSDQ 3#3) NQ /dev/rdsk/c0t1d0s2 3NK@QHR DW@LOKD NE @ BG@Q@BSDQ
3#3) !4!0) #$ 2/- CDUHBD 4GDQD HR @ MHBD CNBTLDMS@SHNM VHSG DW@LOKDR NM SGD &QDD"3$
16.4 Convert video G@MCANNJ BG@OSDQ
# -dvd-compat closes the disk
#NLOQDRR SGD #@MNM CHFHB@L UHCDN VHSG @M LODF BNCDB @MC QDO@HQ SGD BQ@OOX RNTMC # growisofs -dvd-compat -Z /dev/dvd=imagefile.iso # Burn existing iso image
# mencoder -o videoout.avi -oac mp3lame -ovc lavc -srate 11025 \ # growisofs -dvd-compat -Z /dev/dvd -J -R /p/to/data # Burn directly
-channels 1 -af-adv force=1 -lameopts preset=medium -lavcopts \
vcodec=msmpeg4v2:vbitrate=600 -mc 0 vidoein.AVI
Convert a Nero .nrg file to .iso
3DD RNW ENQ RNTMC OQNBDRRHMF .DQN RHLOKX @CCR @ +A GD@CDQ SN @ MNQL@K HRN HL@FD 4GHR B@M AD SQHLLDC VHSG CC
# dd bs=1k if=imagefile.nrg of=imagefile.iso skip=300
16.5 Copy an audio cd
4GD OQNFQ@L cdparanoia B@M R@UD SGD @TCHN SQ@BJR &QDD"3$ ONQS HM @TCHN BCO@Q@MNH@ oggenc Convert a bin/cue image to .iso
B@M DMBNCD HM /FF 6NQAHR ENQL@S lame BNMUDQSR SN LO 4GD KHSSKD bchunk OQNFQ@L B@M CN SGHR )S HR HM SGD &QDD"3$ ONQSR HM RXRTSHKR ABGTMJ
# cdparanoia -B # Copy the tracks to wav files in current dir # bchunk imagefile.bin imagefile.cue imagefile.iso
# lame -b 256 in.wav out.mp3 # Encode in mp3 256 kb/s
# for i in *.wav; do lame -b 256 $i `basename $i .wav`.mp3; done
# oggenc in.wav -b 256 out.ogg # Encode in Ogg Vorbis 256 kb/s
GSSO ENNK@AR BNL WOCE CNVMKN@C GSLK GSSO VVV EQDDARC NQF G@MCANNJ BQD@SHMF CUCR GSLK
GSSO WHOG NQF O@Q@MNH@ GSSO EQDRGLD@S MDS OQNIDBSR ABGTMJ
c &HKD 3XRSDL c c #NMUDQS -DCH@ c
3.11 Create a file based image FreeBSD ports
4GD ONQS SQDD /usr/ports/ HR @ BNKKDBSHNM NE RNESV@QD QD@CX SN BNLOHKD @MC HMRS@KK RDD L@M ONQSR
&NQ DW@LOKD @ O@QSHSHNM NE '" TRHMF SGD EHKD TRQ UCHRJ HLF (DQD VD TRD SGD UMNCD ATS HS BNTKC
4GD ONQSR @QD TOC@SDC VHSG SGD OQNFQ@L portsnap
@KRN AD
# portsnap fetch extract # Create the tree when running the first time
# portsnap fetch update # Update the port tree
FreeBSD
# cd /usr/ports/net/rsync/ # Select the package to install
# dd if=/dev/random of=/usr/vdisk.img bs=1K count=1M # make install distclean # Install and cleanup (also see man ports)
# mdconfig -a -t vnode -f /usr/vdisk.img -u 0 # Creates device /dev/md1 # make package # Make a binary package of this port
# bsdlabel -w /dev/md0 # pkgdb -F # Fix the package registry database
# newfs /dev/md0c # portsclean -C -DD # Clean workdir and distdir (part of portupgrade)
# mount /dev/md0c /mnt
# umount /mnt; mdconfig -d -u 0; rm /usr/vdisk.img # Cleanup the md device
OS X MacPorts (use sudo for all commands)
4GD EHKD A@RDC HL@FD B@M AD @TSNL@SHB@KKX LNTMSDC CTQHMF ANNS VHSG @M DMSQX HM DSB QB BNME @MC # port selfupdate # Update the port tree (safe)
DSB ERS@A 4DRS XNTQ RDSTO VHSG # /etc/rc.d/mdconfig start EHQRS CDKDSD SGD LC CDUHBD VHSG # # port installed # List installed ports
mdconfig -d -u 0 # port deps apache2 # List dependencies for this port
.NSD GNVDUDQ SG@S SGHR @TSNL@SHB RDSTO VHKK NMKX VNQJ HE SGD EHKD HL@FD HR ./4 NM SGD QNNS O@QSHSHNM # port search pgrep # Search for string
4GD QD@RNM HR SG@S SGD DSB QB C LCBNMEHF RBQHOS HR DWDBTSDC UDQX D@QKX CTQHMF ANNS @MC SGD QNNS # port install proctools # Install this package
# port variants ghostscript # List variants of this port
O@QSHSHNM HR RSHKK QD@C NMKX )L@FDR KNB@SDC NTSRHCD SGD QNNS O@QSHSHNM VHKK AD LNTMSDC K@SDQ VHSG SGD # port -v install ghostscript +no_x11# -no_x11 for negative value
RBQHOS DSB QB C LCBNMEHF # port clean --all ghostscript # Clean workdir of port
ANNS KN@CDQ BNME # port upgrade ghostscript # Upgrade this port
md_load="YES" # port uninstall ghostscript # Uninstall this port
# port -f uninstall installed # Uninstall everything
DSB QB BNME
# mdconfig_md0="-t vnode -f /usr/vdisk.img" # /usr is not on the root partition
15.3 Library path
DSB ERS@A 4GD @S SGD DMC HR HLONQS@MS HS SDKK ERBJ SN HFMNQD SGHR CDUHBD @R HR CNDR MNS DWHRS
XDS $TD SN BNLOKDW CDODMCDMBHDR @MC QTMSHLD KHMJHMF OQNFQ@LR @QD CHEEHBTKS SN BNOX SN @M NSGDQ RXRSDL
NQ CHRSQHATSHNM (NVDUDQ ENQ RL@KK OQNFQ@LR VHSG KHSSKD CDODMCDMBHDR SGD LHRRHMF KHAQ@QHDR B@M AD
/dev/md0 /usr/vdisk ufs rw 0 0
BNOHDC NUDQ 4GD QTMSHLD KHAQ@QHDR @MC SGD LHRRHMF NMD @QD BGDBJDC VHSG ldd @MC L@M@FDC VHSG
)S HR @KRN ONRRHAKD SN HMBQD@RD SGD RHYD NE SGD HL@FD @ESDQV@QC R@X ENQ DW@LOKD -" K@QFDQ ldconfig
# umount /mnt; mdconfig -d -u 0 # ldd /usr/bin/rsync # List all needed runtime libraries
# dd if=/dev/zero bs=1m count=300 >> /usr/vdisk.img # otool -L /usr/bin/rsync # OS X equivalent to ldd
# mdconfig -a -t vnode -f /usr/vdisk.img -u 0 # ldconfig -n /path/to/libs/ # Add a path to the shared libraries directories
# growfs /dev/md0 # ldconfig -m /path/to/libs/ # FreeBSD
# mount /dev/md0c /mnt # File partition is now 300 MB larger # LD_LIBRARY_PATH # The variable set the link library path
Linux
# dd if=/dev/zero of=/usr/vdisk.img bs=1024k count=1024 16 CONVERT MEDIA
# mkfs.ext3 /usr/vdisk.img
# mount -o loop /usr/vdisk.img /mnt
# umount /mnt; rm /usr/vdisk.img # Cleanup
3NLDSHLDR NMD RHLOKX MDDC SN BNMUDQS @ UHCDN @TCHN EHKD NQ CNBTLDMS SN @MNSGDQ ENQL@S
Linux with losetup 16.1 Text encoding
/dev/zero HR LTBG E@RSDQ SG@M urandom ATS KDRR RDBTQD ENQ DMBQXOSHNM 4DWS DMBNCHMF B@M FDS SNS@KKX VQNMF RODBH@KKX VGDM SGD K@MFT@FD QDPTHQDR RODBH@K BG@Q@BSDQR KHJD
# dd if=/dev/urandom of=/usr/vdisk.img bs=1024k count=1024 ^_` 4GD BNLL@MC iconv B@M BNMUDQS EQNL NMD DMBNCHMF SN @M NSGDQ
# losetup /dev/loop0 /usr/vdisk.img # Creates and associates /dev/loop0 # iconv -f <from_encoding> -t <to_encoding> <input_file>
# mkfs.ext3 /dev/loop0 # iconv -f ISO8859-1 -t UTF-8 -o file.input > file_utf8
# mount /dev/loop0 /mnt # iconv -l # List known coded character sets
# losetup -a # Check used loops
# umount /mnt 7HSGNTS SGD E NOSHNM HBNMU VHKK TRD SGD KNB@K BG@Q RDS VGHBG HR TRT@KKX EHMD HE SGD CNBTLDMS CHROK@XR
# losetup -d /dev/loop0 # Detach VDKK
# rm /usr/vdisk.img #NMUDQS EHKDM@LDR EQNL NMD DMBNCHMF SN @MNSGDQ MNS EHKD BNMSDMS 7NQJR @KRN HE NMKX RNLD EHKDR @QD
@KQD@CX TSE
3.12 Create a memory file system # convmv -r -f utf8 --nfd -t utf8 --nfc /dir/* --notest
! LDLNQX A@RDC EHKD RXRSDL HR UDQX E@RS ENQ GD@UX )/ @OOKHB@SHNM (NV SN BQD@SD @ -" O@QSHSHNM
LNTMSDC NM LDLCHRJ
GSSO VVV EQDDARC NQF G@MCANNJ ONQSR GSLK
GSSO FTHCD L@BONQSR NQF
c )MRS@KK 3NESV@QD c c .DSVNQJ c
export http_proxy=http://proxy_server:3128 FreeBSD
export ftp_proxy=http://proxy_server:3128 # mount_mfs -o rw -s 64M md /memdisk
# umount /memdisk; mdconfig -d -u 0 # Cleanup the md device
md /memdisk mfs rw,-s64M 0 0 # /etc/fstab entry
15.1 List installed packages
# rpm -qa # List installed packages (RH, SuSE, RPM based) Linux
# dpkg -l # Debian, Ubuntu
# mount -t tmpfs -osize=64m tmpfs /memdisk
# pkg_info # FreeBSD list all installed packages
# pkg_info -W smbd # FreeBSD show which package smbd belongs to
# pkginfo # Solaris 3.13 Disk performance
-NQD NM 20-
2D@C @MC VQHSD @ '" EHKD NM O@QSHSHNM @C R B GNLD
# rpm -ql package-name # list the files for INSTALLED package
# time dd if=/dev/ad4s3c of=/dev/null bs=1024k count=1000
# rpm -qlp package.rpm # list the files inside package
# time dd if=/dev/zero bs=1024k count=1000 of=/home/1Gb.file
# hdparm -tT /dev/hda # Linux only
15.2 Add/remove software
&QNMS DMCR X@RS X@RS ENQ 3T3% QDCG@S BNMEHF O@BJ@FDR ENQ 2DC (@S 4 NETWORK
# rpm -i pkgname.rpm # install the package (RH, SuSE, RPM based)
# rpm -e pkgname # Remove package
2NTSHMF O [ !CCHSHNM@K )0 O [ #G@MFD -!# O [ 0NQSR O [ &HQDV@KK O [ )0 &NQV@QC
O [ .!4 O [ $.3 O [ $(#0 O [ 4Q@EEHB O [ 1N3 O [ .)3 O [ .DSB@S O
SuSE zypper (see doc and cheet sheet)
# zypper refresh # Refresh repositorie
4.1 Debugging (See also Traffic analysis) (page 20)
# zypper install vim # Install the package vim
# zypper remove vim # Remove the package vim Linux
# zypper search vim # Search packages with vim # ethtool eth0 # Show the ethernet status (replaces mii-diag)
# zypper update vim # Search packages with vim # ethtool -s eth0 speed 100 duplex full # Force 100Mbit Full duplex
# ethtool -s eth0 autoneg off # Disable auto negotiation
Debian # ethtool -p eth1 # Blink the ethernet led - very useful when supported
# ip link show # Display all interfaces on Linux (similar to ifconfig)
# apt-get update # First update the package lists # ip link set eth0 up # Bring device up (or down). Same as "ifconfig eth0 up"
# apt-get install emacs # Install the package emacs # ip addr show # Display all IP addresses on Linux (similar to ifconfig)
# dpkg --remove emacs # Remove the package emacs # ip neigh show # Similar to arp -a
# dpkg -S file # find what package a file belongs to
Other OSes
Gentoo
# ifconfig fxp0 # Check the "media" field on FreeBSD
'DMSNN TRDR DLDQFD @R SGD GD@QS NE HSR 0NQS@FD O@BJ@FD L@M@FDLDMS RXRSDL # arp -a # Check the router (or host) ARP entry (all OS)
# emerge --sync # First sync the local portage tree # ping cb.vu # The first thing to try...
# emerge -u packagename # Install or upgrade a package # traceroute cb.vu # Print the route path to destination
# emerge -C packagename # Remove the package # ifconfig fxp0 media 100baseTX mediaopt full-duplex # 100Mbit full duplex (FreeBSD)
# revdep-rebuild # Repair dependencies # netstat -s # System-wide statistics for each network protocol
!CCHSHNM@K BNLL@MCR VGHBG @QD MNS @KV@XR HMRS@KKDC ODQ CDE@TKS ATS D@RX SN EHMC
Solaris # arping 192.168.16.254 # Ping on ethernet layer
4GD BCQNL O@SG HR TRT@KKX /cdrom/cdrom0 # tcptraceroute -f 5 cb.vu # uses tcp instead of icmp to trace through firewalls
# pkgadd -d <cdrom>/Solaris_9/Product SUNWgtar
# pkgadd -d SUNWgtar # Add downloaded package (bunzip2 first)
# pkgrm SUNWgtar # Remove the package
4.2 Routing
Print routing table

FreeBSD
# route -n # Linux or use "ip route"
# pkg_add -r rsync # Fetch and install rsync. # netstat -rn # Linux, BSD and UNIX
# pkg_delete /var/db/pkg/rsync-xx # Delete the rsync package # route print # Windows
3DS VGDQD SGD O@BJ@FDR @QD EDSBGDC EQNL VHSG SGD PACKAGESITE U@QH@AKD &NQ DW@LOKD
# export PACKAGESITE=ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages/Latest/ Add and delete a route
# or ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6-stable/Latest/
FreeBSD
# route add 212.117.0.0/16 192.168.1.1
# route delete 212.117.0.0/16
# route add default 192.168.1.1
!CC SGD QNTSD ODQL@MDMSKX HM DSB QB BNME
GSSO DM NODMRTRD NQF 3$" :XOODQ?TR@FD
c .DSVNQJ c c )MRS@KK 3NESV@QD c
static_routes="myroute" # find / -name "*.core" | xargs rm # Find core dumps and delete them (also try core.*)
route_myroute="-net 212.117.0.0/16 192.168.1.1" # find / -name "*.core" -print -exec rm {} \; # Other syntax
# Find images and create an archive, iname is not case sensitive. -r for append
OS X # find . $ -iname "*.png" -o -iname "*.jpg" $ -print -exec tar -rf images.tar {} \;
# find . -type f -name "*.txt" ! -name README.txt -print # Exclude README.txt files
# sudo route -n add 192.168.0.0/27 192.168.0.62 # add a route # find /var/ -size +10M -exec ls -lh {} \; # Find large files > 10 MB
# netstat -nr # routing table # find /var/ -size +10M -ls # This is simpler
# find . -size +10M -size -50M -print
Linux # find /usr/ports/ -name work -type d -print -exec rm -rf {} \; # Clean the ports
# route add -net 192.168.20.0 netmask 255.255.255.0 gw 192.168.16.254 # Find files with SUID; those file are vulnerable and must be kept secure
# ip route add 192.168.20.0/24 via 192.168.16.254 # same as above with ip route # find / -type f -user root -perm -4000 -exec ls -l {} \;
# route add -net 192.168.20.0 netmask 255.255.255.0 dev eth0 # find flac/ -iname *.flac -print -size +500k -exec /Applications/Fluke.app/Contents/MacOS/Fluke {} \;
# route add default gw 192.168.51.254 # I use above to add flac files to iTunes on OSX
# ip route add default via 192.168.51.254 dev eth0 # same as above with ip route
# route delete -net 192.168.20.0 netmask 255.255.255.0
"D B@QDETK VHSG W@QF NQ DWDB @R HS LHFGS NQ LHFGS MNS GNMNQ PTNSHMFR @MC B@M QDSTQM VQNMF QDRTKSR
VGDM EHKDR NQ CHQDBSNQHDR BNMS@HM RO@BDR )M CNTAS TRD OQHMS [ W@QFR HMRSD@C NE [ W@QFR 4GD
Solaris NOSHNM OQHMS LTRS AD SGD K@RS HM SGD EHMC BNLL@MC 3DD SGHR MHBD LHMH STSNQH@K ENQ EHMC
# route add -net 192.168.20.0 -netmask 255.255.255.0 192.168.16.254 # find . -type f | xargs ls -l # Will not work with spaces in names
# route add default 192.168.51.254 1 # 1 = hops to the next gateway # find . -type f -print0 | xargs -0 ls -l # Will work with spaces in names
# route change default 192.168.50.254 1 # find . -type f -exec ls -l '{}' \; # Or use quotes '{}' with -exec
0DQL@MDMS DMSQHDR @QD RDS HM DMSQX HM /etc/defaultrouter $TOKHB@SD CHQDBSNQX SQDD
# find . -type d -exec mkdir -p /tmp/new_dest/{} \;
Windows
# Route add 192.168.50.0 mask 255.255.255.0 192.168.51.253
# Route add 0.0.0.0 mask 0.0.0.0 192.168.51.254
14.9 Miscellaneous
5RD @CC O SN L@JD SGD QNTSD ODQRHRSDMS # which command # Show full path name of command
# time command # See how long a command takes to execute
# time cat # Use time as stopwatch. Ctrl-c to stop
4.3 Configure additional IP addresses # set | grep $USER # List the current environment
# cal -3 # Display a three month calendar
# date [-u|--utc|--universal] [MMDDhhmm[[CC]YY][.ss]]
Linux # date 10022155 # Set date and time
# ifconfig eth0 192.168.50.254 netmask 255.255.255.0 # First IP # whatis grep # Display a short info on the command or word
# ifconfig eth0:0 192.168.51.254 netmask 255.255.255.0 # Second IP # whereis java # Search path and standard directories for word
# ip addr add 192.168.50.254/24 dev eth0 # Equivalent ip commands # setenv varname value # Set env. variable varname to value (csh/tcsh)
# ip link set dev eth0 up # Activate eth0 network interface # export varname="value" # set env. variable varname to value (sh/ksh/bash)
# ip addr add 192.168.51.254/24 dev eth0 label eth0:1 # pwd # Print working directory
# ip link ls dev eth0 # Get info on eth0 # mkdir -p /path/to/dir # no error if existing, make parent dirs as needed
# ip addr del 1.2.3.4/32 dev eth0 # Remove an IP # mkdir -p project/{bin,src,obj,doc/{html,man,pdf},debug/some/more/dirs}
# ip addr flush dev eth0 # Remove all addresses # rmdir /path/to/dir # Remove directory
# rm -rf /path/to/dir # Remove directory and its content (force)
FreeBSD # rm -- -badchar.txt # Remove file whitch starts with a dash (-)
# cp -la /dir1 /dir2 # Archive and hard link files instead of copy
# ifconfig fxp0 inet 192.168.50.254/24 # First IP # cp -lpR /dir1 /dir2 # Same for FreeBSD
# ifconfig fxp0 alias 192.168.51.254 netmask 255.255.255.0 # Second IP # cp unixtoolbox.xhtml{,.bak} # Short way to copy the file with a new extension
# ifconfig fxp0 -alias 192.168.51.254 # Remove second IP alias # mv /dir1 /dir2 # Rename a directory
0DQL@MDMS DMSQHDR HM DSB QB BNME # ls -1 # list one file per line
# history | tail -50 # Display the last 50 used commands
ifconfig_fxp0="inet 192.168.50.254 netmask 255.255.255.0" # cd - # cd to previous ($OLDPWD) directory
ifconfig_fxp0_alias0="192.168.51.254 netmask 255.255.255.0" # /bin/ls| grep -v .py | xargs rm -r # pipe file names to rm with xargs
#GDBJ EHKD G@RGDR VHSG NODMRRK 4GHR HR @ MHBD @KSDQM@SHUD SN SGD BNLL@MCR md5sum NQ sha1sum
OS X
&QDD"3$ TRDR md5 @MC sha1 VGHBG @QD MNS @KV@XR HMRS@KKDC
# sudo ifconfig en3 10.10.10.201/24 # First IP
# ifconfig en3 delete 10.10.10.201 # Delete IP # openssl md5 file.tar.gz # Generate an md5 checksum from file
# sudo ifconfig en1 down ; sudo ifconfig en1 up # openssl sha1 file.tar.gz # Generate an sha1 checksum from file
# ipconfig getifaddr en1 # current IP address # openssl rmd160 file.tar.gz # Generate a RIPEMD-160 checksum from file
Solaris
15 INSTALL SOFTWARE
#GDBJ SGD RDSSHMFR VHSG ifconfig -a
# ifconfig hme0 plumb # Enable the network card
5RT@KKX SGD O@BJ@FD L@M@FDQ TRDR SGD OQNWX U@QH@AKD ENQ GSSO ESO QDPTDRSR )M A@RGQB
# ifconfig hme0 192.168.50.254 netmask 255.255.255.0 up # First IP
# ifconfig hme0:1 192.168.51.254 netmask 255.255.255.0 up # Second IP
GSSO VVV GBBEK DCT ONKKNBJ 5MHW &HMC#LC GSL
c 5RDETK #NLL@MCR c c .DSVNQJ c
Short start example 4.4 Change MAC address
RS@QS RBQDDM VHSG
.NQL@KKX XNT G@UD SN AQHMF SGD HMSDQE@BD CNVM ADENQD SGD BG@MFD $NM S SDKK LD VGX XNT V@MS SN
# screen
BG@MFD SGD -!# @CCQDRR
7HSGHM SGD RBQDDM RDRRHNM VD B@M RS@QS @ KNMF K@RSHMF OQNFQ@L KHJD SNO # ifconfig eth0 down
# top # ifconfig eth0 hw ether 00:01:02:03:04:05 # Linux
# ifconfig fxp0 link 00:01:02:03:04:05 # FreeBSD
.NV CDS@BG VHSG Ctrl-a Ctrl-d 2D@SS@BG SGD SDQLHM@K VHSG # ifconfig hme0 ether 00:01:02:03:04:05 # Solaris
# screen -R -D # sudo ifconfig en0 ether 00:01:02:03:04:05 # OS X Tiger, Snow Leopard LAN*
# sudo ifconfig en0 lladdr 00:01:02:03:04:05 # OS X Leopard
)M CDS@HK SGHR LD@MR )E @ RDRRHNM HR QTMMHMF SGDM QD@SS@BG )E MDBDRR@QX CDS@BG @MC KNFNTS QDLNSDKX
EHQRS )E HS V@R MNS QTMMHMF BQD@SD HS @MC MNSHEX SGD TRDQ /Q 4XOHB@K VHQDKDRR HMSDQE@BD HR en1 @MC MDDCR CN CHR@RRNBH@SD EQNL @MX MDSVNQJ EHQRS NRWC@HKX
# screen -x GNVSN
# echo "alias airport='/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resourc
!SS@BG SN @ QTMMHMF RBQDDM HM @ LTKSH CHROK@X LNCD 4GD BNMRNKD HR SGTR RG@QDC @LNMF LTKSHOKD >> ~/.bash_profile # or symlink to /usr/sbin
TRDQR 6DQX TRDETK ENQ SD@L VNQJ CDATF # airport -z # Disassociate from wireless networks
# airport -I # Get info from wireless network
Screen commands (within screen) -@MX SNNKR DWHRS ENQ 7HMCNVR &NQ DW@LOKD DSGDQBG@MFD /Q KNNJ ENQ -@B -@JDTO RL@B
!KK RBQDDM BNLL@MCR RS@QS VHSG Ctrl-a
a Ctrl-a ? GDKO @MC RTLL@QX NE ETMBSHNMR 4.5 Ports in use

a Ctrl-a c BQD@SD @M MDV VHMCNV SDQLHM@K ,HRSDMHMF NODM ONQSR
a Ctrl-a Ctrl-n and Ctrl-a Ctrl-p SN RVHSBG SN SGD MDWS NQ OQDUHNTR VHMCNV HM SGD KHRS AX # netstat -an | grep LISTEN
MTLADQ # lsof -i # Linux list all Internet connections
a Ctrl-a Ctrl-N VGDQD . HR @ MTLADQ EQNL SN SN RVHSBG SN SGD BNQQDRONMCHMF VHMCNV # socklist # Linux display list of open sockets
a Ctrl-a " SN FDS @ M@UHF@AKD KHRS NE QTMMHMF VHMCNVR # sockstat -4 # FreeBSD application listing
a Ctrl-a a SN BKD@Q @ LHRRDC #SQK @ # netstat -anp --udp --tcp | grep LISTEN # Linux
a Ctrl-a Ctrl-d SN CHRBNMMDBS @MC KD@UD SGD RDRRHNM QTMMHMF HM SGD A@BJFQNTMC # netstat -tup # List active connections to/from system (Linux)
# netstat -tupl # List listening ports from system (Linux)
a Ctrl-a x KNBJ SGD RBQDDM SDQLHM@K VHSG @ O@RRVNQC # netstat -ano # Windows
a Ctrl-a [ DMSDQ HMSN scrollback LNCD DWHS VHSG esc
5RD echo "defscrollback 5000" > ~/.screenrc SN HMBQD@RD ATEEDQ CDE@TKS HR
d C-u 3BQNKKR @ G@KE O@FD TO 4.6 Firewall
d C-b 3BQNKK @ ETKK O@FD TO #GDBJ HE @ EHQDV@KK HR QTMMHMF SXOHB@K BNMEHFTQ@SHNM NMKX
d C-d 3BQNKK @ G@KE O@FD CNVM
d C-f 3BQNKK @ ETKK O@FD CNVM Linux
d / 3D@QBG ENQV@QC
# iptables -L -n -v # For status
d ? 3D@QBG A@BJV@QC Open the iptables firewall
# iptables -P INPUT ACCEPT # Open everything
#NMEHFTQ@SHNM HM ] RBQDDMQB # iptables -P FORWARD ACCEPT
defscrollback 100000 # increase scrollback buffer (default is 100) # iptables -P OUTPUT ACCEPT
termcapinfo xterm* ti@:te@ # avoid alternate text buffer to allow scrolling # iptables -Z # Zero the packet and byte counters in all chains
# iptables -F # Flush all chains
4GD RBQDDM RDRRHNM HR SDQLHM@SDC VGDM SGD OQNFQ@L VHSGHM SGD QTMMHMF SDQLHM@K HR BKNRDC @MC XNT # iptables -X # Delete all chains
KNFNTS EQNL SGD SDQLHM@K
FreeBSD
14.8 Find # ipfw show # For status
# ipfw list 65535 # if answer is "65535 deny ip from any to any" the fw is disabled
3NLD HLONQS@MS NOSHNMR # sysctl net.inet.ip.fw.enable=0 # Disable
# sysctl net.inet.ip.fw.enable=1 # Enable
-x NM "3$ -xdev NM ,HMTW 3S@X NM SGD R@LD EHKD RXRSDL CDU HM ERS@A
-exec cmd {} \; %WDBTSD SGD BNLL@MC @MC QDOK@BD Z\ VHSG SGD ETKK O@SG
-iname ,HJD M@LD ATS HR B@RD HMRDMRHSHUD 4.7 IP Forward for routing
-ls $HROK@X HMENQL@SHNM @ANTS SGD EHKD KHJD KR K@
Linux
-size n M HR M J-'40
#GDBJ @MC SGDM DM@AKD )0 ENQV@QC VHSG
-cmin n &HKD R RS@STR V@R K@RS BG@MFDC M LHMTSDR @FN
# cat /proc/sys/net/ipv4/ip_forward # Check IP forward 0=off, 1=on
# echo 1 > /proc/sys/net/ipv4/ip_forward
# find . -type f ! -perm -444 # Find files not readable by all
# find . -type d ! -perm -111 # Find dirs not accessible by all NQ DCHS DSB RXRBSK BNME VHSG
# find /home/user/ -cmin 10 -print # Files created or modified in the last 10 min.
net.ipv4.ip_forward = 1
# find . -name '*.[ch]' | xargs grep -E 'expr' # Search 'expr' in this dir and below.
GSSO MSRDBTQHSX MT SNNKANW DSGDQBG@MFD
c .DSVNQJ c c 5RDETK #NLL@MCR c
FreeBSD noerror BNMSHMTD @ESDQ QD@C DQQNQR D F A@C AKNBJR
#GDBJ @MC DM@AKD VHSG sync O@C DUDQX HMOTS AKNBJ VHSG .TKKR SN HAR RHYD
# sysctl net.inet.ip.forwarding # Check IP forward 0=off, 1=on
# sysctl net.inet.ip.forwarding=1 4GD CDE@TKS AXSD RHYD HR NMD AKNBJ 4GD -"2 VGDQD SGD O@QSHSHNM S@AKD HR KNB@SDC HR NM SGD
# sysctl net.inet.ip.fastforwarding=1 # For dedicated router or firewall EHQRS AKNBJ SGD EHQRS AKNBJR NE @ CHRJ @QD DLOSX ,@QFDQ AXSD RHYDR @QD E@RSDQ SN BNOX ATS QDPTHQD
Permanent with entry in /etc/rc.conf: @KRN LNQD LDLNQX
gateway_enable="YES" # Set to YES if this host will be a gateway.
Backup and restore
Solaris # dd if=/dev/hda of=/dev/hdc bs=16065b # Copy disk to disk (same size)
# ndd -set /dev/ip ip_forwarding 1 # Set IP forward 0=off, 1=on # dd if=/dev/sda7 of=/home/root.img bs=4096 conv=notrunc,noerror # Backup /
# dd if=/home/root.img of=/dev/sda7 bs=4096 conv=notrunc,noerror # Restore /
# dd bs=1M if=/dev/ad4s3e | gzip -c > ad4s3e.gz # Zip the backup
4.8 NAT Network Address Translation # gunzip -dc ad4s3e.gz | dd of=/dev/ad0s3e bs=1M # Restore the zip
# dd bs=1M if=/dev/ad4s3e | gzip | ssh eedcoba@fry 'dd of=ad4s3e.gz' # also remote
Linux # gunzip -dc ad4s3e.gz | ssh eedcoba@host 'dd of=/dev/ad0s3e bs=1M'
# dd if=/dev/ad0 of=/dev/ad2 skip=1 seek=1 bs=4k conv=noerror # Skip MBR
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE # to activate NAT
# This is necessary if the destination (ad2) is smaller.
# iptables -t nat -A PREROUTING -p tcp -d 78.31.70.238 --dport 20022 -j DNAT \
# dd if=/vm/FreeBSD-8.2-RELEASE-amd64-memstick.img of=/dev/disk1 bs=10240 conv=sync
--to 192.168.16.44:22 # Port forward 20022 to internal IP port ssh
# Copy FreeBSD image to USB memory stick
# iptables -t nat -A PREROUTING -p tcp -d 78.31.70.238 --dport 993:995 -j DNAT \
--to 192.168.16.254:993-995 # Port forward of range 993-995
# ip route flush cache Recover
# iptables -L -t nat # Check NAT status 4GD BNLL@MC dd VHKK QD@C every single block NE SGD O@QSHSHNM )M B@RD NE OQNAKDLR HS HR ADSSDQ SN
$DKDSD SGD ONQS ENQV@QC VHSG $ HMRSD@C NE ! 4GD OQNFQ@L MDSRS@S M@S HR UDQX TRDETK SN SQ@BJ TRD SGD NOSHNM conv=sync,noerror RN CC VHKK RJHO SGD A@C AKNBJ @MC VQHSD YDQNR @S SGD CDRSHM@SHNM
BNMMDBSHNMR HS TRDR /proc/net/ip_conntrack NQ /proc/net/nf_conntrack !BBNQCHMFKX HS HR HLONQS@MS SN RDS SGD AKNBJ RHYD DPT@K NQ RL@KKDQ SG@M SGD CHRJ AKNBJ RHYD ! J RHYD
# netstat-nat -n # show all connections with IPs RDDLR R@ED RDS HS VHSG bs=1k )E @ CHRJ G@R A@C RDBSNQR @MC SGD C@S@ RGNTKC AD QDBNUDQDC EQNL
@ O@QSHSHNM BQD@SD @M HL@FD EHKD VHSG CC LNTMS SGD HL@FD @MC BNOX SGD BNMSDMS SN @ MDV CHRJ
FreeBSD 7HSG SGD NOSHNM noerror CC VHKK RJHO SGD A@C RDBSNQR @MC VQHSD YDQNR HMRSD@C SGTR NMKX SGD C@S@
# natd -s -m -u -dynamic -f /etc/natd.conf -n fxp0 BNMS@HMDC HM SGD A@C RDBSNQR VHKK AD KNRS
Or edit /etc/rc.conf with: # dd if=/dev/hda of=/dev/null bs=1m # Check for bad blocks
firewall_enable="YES" # Set to YES to enable firewall functionality # dd bs=1k if=/dev/hda1 conv=sync,noerror,notrunc | gzip | ssh \ # Send to remote
firewall_type="open" # Firewall type (see /etc/rc.firewall) root@fry 'dd of=hda1.gz bs=1k'
natd_enable="YES" # Enable natd (if firewall_enable == YES). # dd bs=1k if=/dev/hda1 conv=sync,noerror,notrunc of=hda1.img # Store into an image
natd_interface="tun0" # Public interface or IP address to use. # mount -o loop /hda1.img /mnt # Mount the image (page 14)
natd_flags="-s -m -u -dynamic -f /etc/natd.conf" # rsync -ax /mnt/ /newdisk/ # Copy on a new disk
# dd if=/dev/hda of=/dev/hda # Refresh the magnetic state
0NQS ENQV@QC VHSG # The above is useful to refresh a disk. It is perfectly safe, but must be unmounted.
# cat /etc/natd.conf
same_ports yes
use_sockets yes Delete
unregistered_only # dd if=/dev/zero of=/dev/hdc # Delete full disk
# redirect_port tcp insideIP:2300-2399 3300-3399 # port range # dd if=/dev/urandom of=/dev/hdc # Delete full disk better
redirect_port udp 192.168.51.103:7777 7777 # kill -USR1 PID # View dd progress (Linux)
# kill -INFO PID # View dd progress (FreeBSD)
4.9 DNS MBR tricks
/M 5MHW SGD $.3 DMSQHDR @QD U@KHC ENQ @KK HMSDQE@BDR @MC @QD RSNQDC HM DSB QDRNKU BNME 4GD CNL@HM 4GD -"2 BNMS@HMR SGD ANNS KN@CDQ @MC SGD O@QSHSHNM S@AKD @MC HR AXSDR RL@KK 4GD EHQRS @QD
SN VGHBG SGD GNRS ADKNMFR HR @KRN RSNQDC HM SGHR EHKD ! LHMHL@K BNMEHFTQ@SHNM HR ENQ SGD ANNS KN@CDQ SGD AXSDR SN @QD ENQ SGD O@QSHSHNM S@AKD
nameserver 78.31.70.238 # dd if=/dev/sda of=/mbr_sda.bak bs=512 count=1 # Backup the full MBR
search sleepyowl.net intern.lab # dd if=/dev/zero of=/dev/sda bs=512 count=1 # Delete MBR and partition table
domain sleepyowl.net # dd if=/mbr_sda.bak of=/dev/sda bs=512 count=1 # Restore the full MBR
# dd if=/mbr_sda.bak of=/dev/sda bs=446 count=1 # Restore only the boot loader
#GDBJ SGD RXRSDL CNL@HM M@LD VHSG # dd if=/mbr_sda.bak of=/dev/sda bs=1 count=64 skip=446 seek=446 # Restore partition table
# hostname -d # Same as dnsdomainname
Windows
14.7 screen
/M 7HMCNVR SGD $.3 @QD BNMEHFTQDC ODQ HMSDQE@BD 4N CHROK@X SGD BNMEHFTQDC $.3 @MC SN EKTRG SGD 3BQDDM @ LTRS G@UD G@R SVN L@HM ETMBSHNM@KHSHDR
$.3 B@BGD TRD
# ipconfig /? # Display help a 2TM LTKSHOKD SDQLHM@K RDRRHNM VHSGHM @ RHMFKD SDQLHM@K
# ipconfig /all # See all information including DNS a ! RS@QSDC OQNFQ@L HR CDBNTOKDC EQNL SGD QD@K SDQLHM@K @MC B@M SGTR QTM HM SGD A@BJFQNTMC
4GD QD@K SDQLHM@K B@M AD BKNRDC @MC QD@SS@BGDC K@SDQ
GSSO SVDDFX MK OQNIDBSR MDSRS@S M@S
EOT Flush DNS
# &KTRG SGD /3 $.3 B@BGD RNLD @OOKHB@SHNM TRHMF SGDHQ NVM B@BGD DF &HQDENW @MC VHKK AD
4GHR HR @KRN VNQJHMF VHSG @ OHOD TM@EEDBSDC
# echo "This is the mail body" | mail c@cb.vu # /etc/init.d/nscd restart # Restart nscd if used - Linux/BSD/Solaris
# lookupd -flushcache # OS X Tiger
4GHR HR @KRN @ RHLOKD V@X SN SDRS SGD L@HK RDQUDQ # dscacheutil -flushcache # OS X Leopard and newer
# ipconfig /flushdns # Windows
14.4 tar
Forward queries
4GD BNLL@MC tar S@OD @QBGHUD BQD@SDR @MC DWSQ@BSR @QBGHUDR NE EHKD @MC CHQDBSNQHDR 4GD @QBGHUD
$HF HR XNT EQHDMC SN SDRS SGD $.3 RDSSHMFR &NQ DW@LOKD SGD OTAKHB $.3 RDQUDQ 213.133.105.2
S@Q HR TMBNLOQDRRDC @ BNLOQDRRDC @QBGHUD G@R SGD DWSDMRHNM SFY NQ S@Q FY YHO NQ SAY AYHO
ns.second-ns.de B@M AD TRDC ENQ SDRSHMF 3DD EQNL VGHBG RDQUDQ SGD BKHDMS QDBDHUDR SGD @MRVDQ
$N MNS TRD @ARNKTSD O@SG VGDM BQD@SHMF @M @QBGHUD XNT OQNA@AKX V@MS SN TMO@BJ HS RNLDVGDQD
DKRD 3NLD SXOHB@K BNLL@MCR @QD RHLOKHEHDC @MRVDQ
# dig sleepyowl.net
Create sleepyowl.net. 600 IN A 78.31.70.238
;; SERVER: 192.168.51.254#53(192.168.51.254)
# cd /
# tar -cf home.tar home/ # archive the whole /home directory (c for create) 4GD QNTSDQ @MRVDQDC @MC SGD QDRONMRD HR SGD ! DMSQX !MX DMSQX B@M AD PTDQHDC
# tar -czf home.tgz home/ # same with zip compression @MC SGD $.3 RDQUDQ B@M AD RDKDBSDC VHSG
# tar -cjf home.tbz home/ # same with bzip2 compression
# dig MX google.com
/MKX HMBKTCD NMD NQ SVN CHQDBSNQHDR EQNL @ SQDD ATS JDDO SGD QDK@SHUD RSQTBSTQD &NQ DW@LOKD # dig @127.0.0.1 NS sun.com # To test the local server
@QBGHUD TRQ KNB@K DSB @MC TRQ KNB@K VVV @MC SGD EHQRS CHQDBSNQX HM SGD @QBGHUD RGNTKC AD KNB@K # dig @204.97.212.10 NS MX heise.de # Query an external server
# dig AXFR @ns1.xname.org cb.vu # Get the full zone (zone transfer)
# tar -C /usr -czf local.tgz local/etc local/www
# tar -C /usr -xzf local.tgz # To untar the local dir into /usr 4GD OQNFQ@L GNRS HR @KRN ONVDQETK
# cd /usr; tar -xzf local.tgz # Is the same as above # host -t MX cb.vu # Get the mail MX entry
# host -t NS -T sun.com # Get the NS record over a TCP connection
Extract # host -a sleepyowl.net # Get everything
# tar -tzf home.tgz # look inside the archive without extracting (list)
# tar -xf home.tar # extract the archive here (x for extract) Reverse queries
# tar -xzf home.tgz # same with zip compression (-xjf for bzip2 compression) &HMC SGD M@LD ADKNMFHMF SN @M )0 @CCQDRR HM @CCQ @QO@ 4GHR B@M AD CNMD VHSG dig host @MC
# remove leading path gallery2 and extract into gallery
# tar --strip-components 1 -zxvf gallery2.tgz -C gallery/ nslookup
# tar -xjf home.tbz home/colin/file.txt # Restore a single file # dig -x 78.31.70.238
# tar -xOf home.tbz home/colin/file.txt # Print file to stdout (no extraction) # host 78.31.70.238
# nslookup 78.31.70.238
More advanced
# tar c dir/ | gzip | ssh user@remote 'dd of=dir.tgz' # arch dir/ and store remotely. /etc/hosts
# tar cvf - `find . -print` > backup.tar # arch the current directory. 3HMFKD GNRSR B@M AD BNMEHFTQDC HM SGD EHKD DSB GNRSR HMRSD@C NE QTMMHMF named KNB@KKX SN QDRNKUD SGD
# tar -cf - -C /etc . | tar xpf - -C /backup/etc # Copy directories
GNRSM@LD PTDQHDR 4GD ENQL@S HR RHLOKD ENQ DW@LOKD
# tar -cf - -C /etc . | ssh user@remote tar xpf - -C /backup/etc # Remote copy.
# tar -czf home.tgz --exclude '*.o' --exclude 'tmp/' home/ 78.31.70.238 sleepyowl.net sleepyowl
4GD OQHNQHSX ADSVDDM GNRSR @MC @ CMR PTDQX SG@S HR SGD M@LD QDRNKTSHNM NQCDQ B@M AD BNMEHFTQDC HM
14.5 zip/unzip /etc/nsswitch.conf !.$ DSB GNRS BNME 4GD EHKD @KRN DWHRSR NM 7HMCNVR HS HR TRT@KKX HM
C:\WINDOWS\SYSTEM32\DRIVERS\ETC
:HO EHKDR B@M AD D@RHDQ SN RG@QD VHSG 7HMCNVR
# zip -r fileName.zip /path/to/dir # zip dir into file fileName.zip
# unzip fileName.zip # uncompress zip file 4.10 DHCP
# unzip -l fileName.zip # list files inside archive
# unzip -c fileName.zip fileinside.txt # print one file to stdout (no extraction) Linux
# unzip fileName.zip fileinside.txt # extract one file only
3NLD CHRSQHATSHNMR 3T3% TRD CGBOBC @R BKHDMS 4GD CDE@TKS HMSDQE@BD HR DSG
# dhcpcd -n eth0 # Trigger a renew (does not always work)
14.6 dd # dhcpcd -k eth0 # release and shutdown
4GD OQNFQ@L dd CHRJ CTLO NQ CDRSQNX CHRJ NQ RDD SGD LD@MHMF NE CC HR TRDC SN BNOX O@QSHSHNMR 4GD KD@RD VHSG SGD ETKK HMENQL@SHNM HR RSNQDC HM
@MC CHRJR @MC ENQ NSGDQ BNOX SQHBJR 4XOHB@K TR@FD /var/lib/dhcpcd/dhcpcd-eth0.info
# dd if=<source> of=<target> bs=<byte size> conv=<conversion>
# kill -INFO PID # View dd progress (FreeBSD, OSX) FreeBSD
)LONQS@MS BNMU NOSHNMR &QDD"3$ @MC $DAH@M TRDR CGBKHDMS 4N BNMEHFTQD @M HMSDQE@BD ENQ DW@LOKD AFD QTM
# dhclient bge0
notrunc CN MNS SQTMB@SD SGD NTSOTS EHKD @KK YDQNR VHKK AD VQHSSDM @R YDQNR
c .DSVNQJ c c 5RDETK #NLL@MCR c
4GD KD@RD VHSG SGD ETKK HMENQL@SHNM HR RSNQDC HM 3NLD HLONQS@MS BNLL@MCR @QD >. RS@MCR ENQ ;BNMSQNK= ;.=
/var/db/dhclient.leases.bge0
hH FNNC GDKO NM CHROK@X
5RD f ^F ^V SPACE &NQV@QC NMD VHMCNV NQ . KHMDR
/etc/dhclient.conf b ^B ESC-v "@BJV@QC NMD VHMCNV NQ . KHMDR
SN OQDODMC NOSHNMR NQ ENQBD CHEEDQDMS NOSHNMR F &NQV@QC ENQDUDQ KHJD S@HK E
/pattern 3D@QBG ENQV@QC ENQ . SG L@SBGHMF KHMD
# cat /etc/dhclient.conf
interface "rl0" { ?pattern 3D@QBG A@BJV@QC ENQ . SG L@SBGHMF KHMD
prepend domain-name-servers 127.0.0.1; n 2DOD@S OQDUHNTR RD@QBG ENQ . SG NBBTQQDMBD
default domain-name "sleepyowl.net"; N 2DOD@S OQDUHNTR RD@QBG HM QDUDQRD CHQDBSHNM
supersede domain-name "sleepyowl.net"; q PTHS
}
14.2 vi
Windows
4GD CGBO KD@RD B@M AD QDMDVDC VHSG ipconfig 6H HR OQDRDMS NM !.9 ,HMTW 5MHW HMRS@KK@SHNM MNS FDMSNN @MC HS HR SGDQDENQD TRDETK SN JMNV RNLD
A@RHB BNLL@MCR 4GDQD @QD SVN LNCDR BNLL@MC LNCD @MC HMRDQSHNM LNCD 4GD BNLL@MCR LNCD
# ipconfig /renew # renew all adapters
HR @BBDRRDC VHSG [ESC] SGD HMRDQSHNM LNCD VHSG i 5RD : help HE XNT @QD KNRS
# ipconfig /renew LAN # renew the adapter named "LAN"
# ipconfig /release WLAN # release the adapter named "WLAN" 4GD DCHSNQR nano @MC pico @QD TRT@KKX @U@HK@AKD SNN @MC @QD D@RHDQ )-(/ SN TRD
9DR HS HR @ FNNC HCD@ SN QDM@LD XNT @C@OSDQ VHSG RHLOKD M@LDR
Quit
4.11 Traffic analysis :w MDVEHKDM@LD R@UD SGD EHKD SN MDVEHKDM@LD
:wq or :x R@UD @MC PTHS
"LNM HR @ RL@KK BNMRNKD A@MCVHCSG LNMHSNQ @MC B@M CHROK@X SGD EKNV NM CHEEDQDMS HMSDQE@BDR
:q! PTHS VHSGNTS R@UHMF
Sniff with tcpdump
Search and move
# tcpdump -nl -i bge0 not port ssh and src $192.168.16.121 or 192.168.16.54$
# tcpdump -n -i eth1 net 192.168.16.121 # select to/from a single IP /string 3D@QBG ENQV@QC ENQ RSQHMF
# tcpdump -n -i eth1 net 192.168.16.0/24 # select traffic to/from a network
# tcpdump -l > dump && tail -f dump # Buffered output
?string 3D@QBG A@BJ ENQ RSQHMF
# tcpdump -i rl0 -w traffic.rl0 # Write traffic headers in binary file n 3D@QBG ENQ MDWS HMRS@MBD NE RSQHMF
# tcpdump -i rl0 -s 0 -w traffic.rl0 # Write traffic + payload in binary file N 3D@QBG ENQ OQDUHNTR HMRS@MBD NE RSQHMF
# tcpdump -r traffic.rl0 # Read from file (also for ethereal { -NUD @ O@Q@FQ@OG A@BJ
# tcpdump port 80 # The two classic commands } -NUD @ O@Q@FQ@OG ENQV@QC
# tcpdump host google.com 1G -NUD SN SGD EHQRS KHMD NE SGD EHKD
# tcpdump -i eth0 -X port $110 or 143$ # Check if pop or imap is secure
nG -NUD SN SGD M SG KHMD NE SGD EHKD
# tcpdump -n -i eth0 icmp # Only catch pings
# tcpdump -i eth0 -s 0 -A port 80 | grep GET # -s 0 for full packet -A for ASCII G -NUD SN SGD K@RS KHMD NE SGD EHKD
:%s/OLD/NEW/g 3D@QBG @MC QDOK@BD DUDQX NBBTQQDMBD
!CCHSHNM@K HLONQS@MS NOSHNMR
Delete copy paste text
-A 0QHMS D@BG O@BJDSR HM BKD@Q SDWS VHSGNTS GD@CDQ
-X 0QHMS O@BJDSR HM GDW @MC !3#)) dd (dw) #TS BTQQDMS KHMD VNQC
-l -@JD RSCNTS KHMD ATEEDQDC D #TS SN SGD DMC NE SGD KHMD
-D 0QHMS @KK HMSDQE@BDR @U@HK@AKD x $DKDSD BTS BG@Q@BSDQ
yy (yw) #NOX KHMD VNQC @ESDQ BTQRNQ
/M 7HMCNVR TRD VHMCTLO EQNL VVV VHMOB@O NQF 5RD VHMCTLO $ SN KHRS SGD HMSDQE@BDR P 0@RSD @ESDQ BTQRNQ
u 5MCN K@RS LNCHEHB@SHNM
Scan with nmap U 5MCN @KK BG@MFDR SN BTQQDMS KHMD
.L@O HR @ ONQS RB@MMDQ VHSG /3 CDSDBSHNM HS HR TRT@KKX HMRS@KKDC NM LNRS CHRSQHATSHNMR @MC HR @KRN
@U@HK@AKD ENQ 7HMCNVR )E XNT CNM S RB@M XNTQ RDQUDQR G@BJDQR CN HS ENQ XNT 14.3 mail
# nmap cb.vu # scans all reserved TCP ports on the host 4GD mail BNLL@MC HR @ A@RHB @OOKHB@SHNM SN QD@C @MC RDMC DL@HK HS HR TRT@KKX HMRS@KKDC 4N RDMC
# nmap -sP 192.168.16.0/24 # Find out which IP are used and by which host on 0/24
# nmap -sS -sV -O cb.vu # Do a stealth SYN scan with version and OS detection @M DL@HK RHLOKX SXOD L@HK TRDQ CNL@HM 4GD EHQRS KHMD HR SGD RTAIDBS SGDM SGD L@HK BNMSDMS
PORT STATE SERVICE VERSION 4DQLHM@SD @MC RDMC SGD DL@HK VHSG @ RHMFKD CNS HM @ MDV KHMD %W@LOKD
22/tcp open ssh OpenSSH 3.8.1p1 FreeBSD-20060930 (protocol 2.0) # mail c@cb.vu
25/tcp open smtp Sendmail smtpd 8.13.6/8.13.6 Subject: Your text is full of typos
80/tcp open http Apache httpd 2.0.59 ((FreeBSD) DAV/2 PHP/4. "For a moment, nothing happened. Then, after a second or so,
[...] nothing continued to happen."
.
GSSO ODNOKD RTTF BG ]SFQ ALNM
GSSO HMRDBTQD NQF ML@O
<Location /svn> Running: FreeBSD 5.X
DAV svn Uptime 33.120 days (since Fri Aug 31 11:41:04 2007)
# any "/svn/foo" URL will map to a repository /home/svn/foo
SVNParentPath /home/svn /SGDQ MNM RS@MC@QC ATS TRDETK SNNKR @QD hping VVV GOHMF NQF @M )0 O@BJDS @RRDLAKDQ @M@KXYDQ
AuthType Basic @MC fping EOHMF RNTQBDENQFD MDS EOHMF B@M BGDBJ LTKSHOKD GNRSR HM @ QNTMC QNAHM E@RGHNM
AuthName "Subversion repository"
AuthzSVNAccessFile /etc/apache2/svn.acl
AuthUserFile /etc/apache2/svn-passwd 4.12 Traffic control (QoS)
Require valid-user
</Location> 4Q@EEHB BNMSQNK L@M@FDR SGD PTDTHMF ONKHBHMF RBGDCTKHMF @MC NSGDQ SQ@EEHB O@Q@LDSDQR ENQ @
MDSVNQJ 4GD ENKKNVHMF DW@LOKDR @QD RHLOKD OQ@BSHB@K TRDR NE SGD ,HMTW @MC &QDD"3$ B@O@AHKHSHDR SN
4GD @O@BGD RDQUDQ MDDCR ETKK @BBDRR SN SGD QDONRHSNQX ADSSDQ TRD SGD @U@HK@AKD A@MCVHCSG
# chown -R www:www /home/svn
#QD@SD @ TRDQ VHSG GSO@RRVC Limit upload
# htpasswd -c /etc/svn-passwd user1 # -c creates the file
$3, NQ B@AKD LNCDLR G@UD @ KNMF PTDTD SN HLOQNUD SGD TOKN@C SGQNTFGOTS (NVDUDQ EHKKHMF SGD
PTDTD VHSG @ E@RS CDUHBD D F DSGDQMDS VHKK CQ@L@SHB@KKX CDBQD@RD SGD HMSDQ@BSHUHSX )S HR SGDQDENQD
Access control svn.acl example TRDETK SN KHLHS SGD CDUHBD TOKN@C Q@SD SN L@SBG SGD OGXRHB@K B@O@BHSX NE SGD LNCDL SGHR RGNTKC
FQD@SKX HLOQNUD SGD HMSDQ@BSHUHSX 3DS SN @ANTS NE SGD LNCDL L@WHL@K B@AKD RODDC
# Default it read access. "* =" would be default no access
[/]
Linux
* = r
[groups] &NQ @ +AHS TOKN@C LNCDL
project1-developers = joe, jack, jane # tc qdisc add dev eth0 root tbf rate 480kbit latency 50ms burst 1540
# Give write access to the developers # tc -s qdisc ls dev eth0 # Status
[project1:] # tc qdisc del dev eth0 root # Delete the queue
@project1-developers = rw # tc qdisc change dev eth0 root tbf rate 220kbit latency 50ms burst 1540
FreeBSD
13.2 SVN commands and usage
&QDD"3$ TRDR SGD dummynet SQ@EEHB RG@ODQ VGHBG HR BNMEHFTQDC VHSG HOEV 0HODR @QD TRDC SN RDS KHLHSR
3DD @KRN SGD 3TAUDQRHNM 1THBJ 2DEDQDMBD #@QC 4NQSNHRD 36. HR @ MHBD 7HMCNVR HMSDQE@BD SGD A@MCVHCSG HM TMHSR NE ;+[-=ZAHS R["XSD R\ LD@MR TMKHLHSDC A@MCVHCSG 5RHMF SGD R@LD OHOD
MTLADQ VHKK QDBNMEHFTQD HS &NQ DW@LOKD KHLHS SGD TOKN@C A@MCVHCSG SN +AHS
Import
# kldload dummynet # load the module if necessary
! MDV OQNIDBS SG@S HR @ CHQDBSNQX VHSG RNLD EHKDR HR HLONQSDC HMSN SGD QDONRHSNQX VHSG SGD import # ipfw pipe 1 config bw 500Kbit/s # create a pipe with limited bandwidth
BNLL@MC )LONQS HR @KRN TRDC SN @CC @ CHQDBSNQX VHSG HSR BNMSDMS SN @M DWHRSHMF OQNIDBS # ipfw add pipe 1 ip from me to any # divert the full upload into the pipe
# svn help import # Get help for any command
# Add a new directory (with content) into the src dir on project1 Quality of service
# svn import /project1/newdir http://host.url/svn/project1/trunk/src -m 'add newdir'
Linux
Typical SVN commands 0QHNQHSX PTDTHMF VHSG tc SN NOSHLHYD 6N)0 3DD SGD ETKK DW@LOKD NM UNHO HMEN NQF NQ
# svn co http://host.url/svn/project1/trunk # Checkout the most recent version VVV GNVSNENQFD BNL 3TOONRD 6N)0 TRDR TCO NM ONQSR @MC CDUHBD DSG BNTKC @KRN
# Tags and branches are created by copying AD OOO NQ RN 4GD ENKKNVHMF BNLL@MCR CDEHMD SGD 1N3 SN SGQDD PTDTDR @MC ENQBD SGD 6N)0 SQ@EEHB
# svn mkdir http://host.url/svn/project1/tags/ # Create the tags directory SN PTDTD VHSG 1N3 0x1e @KK AHSR RDS 4GD CDE@TKS SQ@EEHB EKNVR HMSN PTDTD @MC 1N3 Minimize-
# svn copy -m "Tag rc1 rel." http://host.url/svn/project1/trunk \ Delay EKNVR HMSN PTDTD
http://host.url/svn/project1/tags/1.0rc1
# svn status [--verbose] # Check files status into working dir # tc qdisc add dev eth0 root handle 1: prio priomap 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 0
# svn add src/file.h src/file.cpp # Add two files # tc qdisc add dev eth0 parent 1:1 handle 10: sfq
# svn commit -m 'Added new class file' # Commit the changes with a message # tc qdisc add dev eth0 parent 1:2 handle 20: sfq
# svn ls http://host.url/svn/project1/tags/ # List all tags # tc qdisc add dev eth0 parent 1:3 handle 30: sfq
# svn move foo.c bar.c # Move (rename) files # tc filter add dev eth0 protocol ip parent 1: prio 1 u32 \
# svn delete some_old_file # Delete files match ip dport 10000 0x3C00 flowid 1:1 # use server port range
match ip dst 123.23.0.1 flowid 1:1 # or/and use server IP
3S@STR @MC QDLNUD VHSG
14 USEFUL COMMANDS # tc -s qdisc ls dev eth0 # queue status
KDRR O [ UH O [ L@HK O [ S@Q O [ YHO O [ CC O [ RBQDDM O [ EHMC O [ # tc qdisc del dev eth0 root # delete all QoS
-HRBDKK@MDNTR O
Calculate port range and mask
4GD SB EHKSDQ CDEHMDR SGD ONQS Q@MFD VHSG ONQS @MC L@RJ VGHBG XNT G@UD SN B@KBTK@SD &HMC SGD >.
14.1 less
ending NE SGD ONQS Q@MFD CDCTBD SGD Q@MFD @MC BNMUDQS SN (%8 4GHR HR XNTQ L@RJ %W@LOKD ENQ
4GD less BNLL@MC CHROK@XR @ SDWS CNBTLDMS NM SGD BNMRNKD )S HR OQDRDMS NM LNRS HMRS@KK@SHNM SGD Q@MFD HR
# less unixtoolbox.xhtml # 2^13 (8192) < 10000 < 2^14 (16384) # ending is 2^14 = 16384
# echo "obase=16;(2^14)-1024" | bc # mask is 0x3C00
GSSO VVV BR OTS ONYM@M OK BRNA@MHDB 0@ODQR RUM QDEB@QC OCE
GSSO SNQSNHRDRUM SHFQHR NQF
c .DSVNQJ c c 36. c
FreeBSD Apply a patch
4GD L@W KHMJ A@MCVHCSG HR +AHS R @MC VD CDEHMD PTDTDR VHSG OQHNQHSX ENQ 6N)0 RRG @KK 3NLDSHLDR HS HR MDBDRR@QX SN RSQHO @ CHQDBSNQX KDUDK EQNL SGD O@SBG CDODMCHMF GNV HS V@R BQD@SDC
SGD QDRS )M B@RD NE CHEEHBTKSHDR RHLOKX KNNJ @S SGD EHQRS KHMDR NE SGD O@SBG @MC SQX O O NQ O
# ipfw pipe 1 config bw 500Kbit/s # cd /devel/project
# ipfw queue 1 config pipe 1 weight 100 # patch --dry-run -p0 < patchfile # Test the path without applying it
# ipfw queue 2 config pipe 1 weight 10 # patch -p0 < patchfile
# ipfw queue 3 config pipe 1 weight 1 # patch -p1 < patchfile # strip off the 1st level from the path
# ipfw add 10 queue 1 proto udp dst-port 10000-11024
# ipfw add 11 queue 1 proto udp dst-ip 123.23.0.1 # or/and use server IP
#
#
ipfw
ipfw
add 20 queue 2 dsp-port ssh
add 30 queue 3 from me to any # all the rest
13 SVN
3DQUDQ RDSTO O [ 36. 33( O [ 36. NUDQ GSSO O [ 36. TR@FD O
3S@STR @MC QDLNUD VHSG
# ipfw list # rules status
3TAUDQRHNM 36. HR @ UDQRHNM BNMSQNK RXRSDL CDRHFMDC SN AD SGD RTBBDRRNQ NE #63 #NMBTQQDMS
# ipfw pipe list # pipe status
# ipfw flush # deletes all rules but default 6DQRHNMR 3XRSDL 4GD BNMBDOS HR RHLHK@Q SN #63 ATS L@MX RGNQSBNLHMFR VGDQD HLOQNUDC 3DD @KRN
SGD 36. ANNJ
4.13 NIS Debugging 13.1 Server setup
3NLD BNLL@MCR VGHBG RGNTKC VNQJ NM @ VDKK BNMEHFTQDC .)3 BKHDMS
4GD HMHSH@SHNM NE SGD QDONRHSNQX HR E@HQKX RHLOKD GDQD ENQ DW@LOKD /home/svn/ LTRS DWHRS
# ypwhich # get the connected NIS server name
# domainname # The NIS domain name as configured # svnadmin create --fs-type fsfs /home/svn/project1
# ypcat group # should display the group from the NIS server .NV SGD @BBDRR SN SGD QDONRHSNQX HR L@CD ONRRHAKD VHSG
# cd /var/yp && make # Rebuild the yp database
# rpcinfo -p servername # Report RPC services of the server
a file:// $HQDBS EHKD RXRSDL @BBDRR VHSG SGD RUM BKHDMS VHSG 4GHR QDPTHQDR KNB@K ODQLHRRHNMR
)R XOAHMC QTMMHMF NM SGD EHKD RXRSDL
# ps auxww | grep ypbind a svn:// NQ svn+ssh:// 2DLNSD @BBDRR VHSG SGD RUMRDQUD RDQUDQ @KRN NUDQ 33( 4GHR
/usr/sbin/ypbind -s -m -S servername1,servername2 # FreeBSD QDPTHQDR KNB@K ODQLHRRHNMR NM SGD EHKD RXRSDL CDE@TKS ONQS SBO
/usr/sbin/ypbind # Linux
a http:// 2DLNSD @BBDRR VHSG VDAC@U TRHMF @O@BGD .N KNB@K TRDQR @QD MDBDRR@QX ENQ SGHR
# yppoll passwd.byname
Map passwd.byname has order number 1190635041. Mon Sep 24 13:57:21 2007 LDSGNC
The master server is servername.domain.net.
5RHMF SGD KNB@K EHKD RXRSDL HS HR MNV ONRRHAKD SN HLONQS @MC SGDM BGDBJ NTS @M DWHRSHMF OQNIDBS
Linux 5MKHJD VHSG #63 HS HR MNS MDBDRR@QX SN BC HMSN SGD OQNIDBS CHQDBSNQX RHLOKX FHUD SGD ETKK O@SG
# cat /etc/yp.conf # svn import /project1/ file:///home/svn/project1/trunk -m 'Initial import'
ypserver servername # svn checkout file:///home/svn/project1
domain domain.net broadcast 4GD MDV CHQDBSNQX SQTMJ HR NMKX @ BNMUDMSHNM SGHR HR MNS QDPTHQDC
4.14 Netcat Remote access with ssh
.N RODBH@K RDSTO HR QDPTHQDC SN @BBDRR SGD QDONRHSNQX UH@ RRG RHLOKX QDOK@BD file:// VHSG svn+ssh/
.DSB@S MB HR ADSSDQ JMNVM @R SGD MDSVNQJ 3VHRR !QLX +MHED HS B@M L@MHOTK@SD BQD@SD NQ
hostname &NQ DW@LOKD
QD@C VQHSD 4#0 )0 BNMMDBSHNMR (DQD RNLD TRDETK DW@LOKDR SGDQD @QD L@MX LNQD NM SGD MDS ENQ
DW@LOKD F KN@CDC DT; = @MC GDQD # svn checkout svn+ssh://hostname/home/svn/project1
9NT LHFGS MDDC SN TRD SGD BNLL@MC netcat HMRSD@C NE nc !KRN RDD SGD RHLHK@Q BNLL@MC RNB@S !R VHSG SGD KNB@K EHKD @BBDRR DUDQX TRDQ MDDCR @M RRG @BBDRR SN SGD RDQUDQ VHSG @ KNB@K @BBNTMS
@MC @KRN QD@C VQHSD @BBDRR 4GHR LDSGNC LHFGS AD RTHS@AKD ENQ @ RL@KK FQNTO !KK TRDQR BNTKC ADKNMF
File transfer SN @ RTAUDQRHNM FQNTO VGHBG NVMR SGD QDONRHSNQX ENQ DW@LOKD
#NOX @ K@QFD ENKCDQ NUDQ @ Q@V SBO BNMMDBSHNM 4GD SQ@MREDQ HR UDQX PTHBJ MN OQNSNBNK NUDQGD@C # groupadd subversion
@MC XNT CNM S MDDC SN LDRR TO VHSG .&3 NQ 3-" NQ &40 NQ RN RHLOKX L@JD SGD EHKD @U@HK@AKD NM SGD # groupmod -A user1 subversion
RDQUDQ @MC FDS HS EQNL SGD BKHDMS (DQD HR SGD RDQUDQ )0 @CCQDRR # chown -R root:subversion /home/svn
# chmod -R 770 /home/svn
server# tar -cf - -C VIDEO_TS . | nc -l -p 4444 # Serve tar folder on port 4444
client# nc 192.168.1.1 4444 | tar xpf - -C VIDEO_TS # Pull the file on port 4444
server# cat largefile | nc -l 5678 # Server a single file Remote access with http (apache)
client# nc 192.168.1.1 5678 > largefile # Pull the single file 2DLNSD @BBDRR NUDQ GSSO GSSOR HR SGD NMKX FNNC RNKTSHNM ENQ @ K@QFDQ TRDQ FQNTO 4GHR LDSGNC TRDR
server# dd if=/dev/da0 | nc -l 4444 # Server partition image
SGD @O@BGD @TSGDMSHB@SHNM MNS SGD KNB@K @BBNTMSR 4GHR HR @ SXOHB@K ATS RL@KK @O@BGD BNMEHFTQ@SHNM
client# nc 192.168.1.1 4444 | dd of=/dev/da0 # Pull partition to clone
client# nc 192.168.1.1 4444 | dd of=da0.img # Pull partition to file LoadModule dav_module modules/mod_dav.so
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so # Only for access control
GSSO MDSB@S RNTQBDENQFD MDS
GSSO VVV F KN@CDC DT MDSB@S @ BNTOKD NE TRDETK DW@LOKDR GSSO RTAUDQRHNM SHFQHR NQF
GSSO VVV SDQLHM@KKX HMBNGDQDMS BNL AKNF EDV TRDETK MDSB@S SQHBJR GSSO RUMANNJ QDC AD@M BNL DM
c #63 c c 33( 3#0 c
7GDM SGD KNFHM RTBBDDCDC NMD B@M HLONQS @ MDV OQNIDBS HMSN SGD QDONRHSNQX cd into XNTQ OQNIDBS Other hacks
QNNS CHQDBSNQX 3ODBH@KKX GDQD XNT LTRS JMNV VG@S XNT @QD CNHMF
cvs import <module name> <vendor tag> <initial tag>
cvs -d :pserver:colin@192.168.50.254:/usr/local/cvs import MyProject MyCompany START Remote shell
/OSHNM D NMKX NM SGD 7HMCNVR UDQRHNM /Q TRD MB
7GDQD -X0QNIDBS HR SGD M@LD NE SGD MDV OQNIDBS HM SGD QDONRHSNQX TRDC K@SDQ SN BGDBJNTS #UR VHKK
HLONQS SGD BTQQDMS CHQDBSNQX BNMSDMS HMSN SGD MDV OQNIDBS # nc -lp 4444 -e /bin/bash # Provide a remote shell (server backdoor)
# nc -lp 4444 -e cmd.exe # remote shell for Windows
4N BGDBJNTS
Emergency web server
# cvs -d :pserver:colin@192.168.50.254:/usr/local/cvs checkout MyProject
or 3DQUD @ RHMFKD EHKD NM ONQS HM @ KNNO
# setenv CVSROOT :pserver:colin@192.168.50.254:/usr/local/cvs # while true; do nc -l -p 80 < unixtoolbox.xhtml; done
# cvs checkout MyProject
Chat
12.3 SSH tunneling for CVS !KHBD @MC "NA B@M BG@S NUDQ @ RHLOKD 4#0 RNBJDS 4GD SDWS HR SQ@MREDQQDC VHSG SGD DMSDQ JDX
alice# nc -lp 4444
7D MDDC RGDKKR ENQ SGHR /M SGD EHQRS RGDKK VD BNMMDBS SN SGD BUR RDQUDQ VHSG RRG @MC ONQS ENQV@QC bob # nc 192.168.1.1 4444
SGD BUR BNMMDBSHNM /M SGD RDBNMC RGDKK VD TRD SGD BUR MNQL@KKX @R HE HS VGDQD QTMMHMF KNB@KKX
NM RGDKK
# ssh -L2401:localhost:2401 colin@cvs_server # Connect directly to the CVS server. Or: 5 SSH SCP
# ssh -L2401:cvs_server:2401 colin@gateway # Use a gateway to reach the CVS
0TAKHB JDX O [ &HMFDQOQHMS O [ 3#0 O [ 4TMMDKHMF O [ 33(&3 O
NM RGDKK
# setenv CVSROOT :pserver:colin@localhost:/usr/local/cvs 3DD NSGDQ SQHBJR RRG BLC
# cvs login
Logging in to :pserver:colin@localhost:2401/usr/local/cvs
CVS password: 5.1 Public key authentication
# cvs checkout MyProject/src
#NMMDBS SN @ GNRS VHSGNTS O@RRVNQC TRHMF OTAKHB JDX @TSGDMSHB@SHNM 4GD HCD@ HR SN @OODMC XNTQ
OTAKHB JDX SN SGD @TSGNQHYDC?JDXR EHKD NM SGD QDLNSD GNRS &NQ SGHR DW@LOKD KDS R connect host-
12.4 CVS commands and usage client to host-server SGD JDX HR FDMDQ@SDC NM SGD BKHDMS 7HSG BXFVHM XNT LHFGS G@UD SN BQD@SD
XNTQ GNLD CHQDBSNX @MC SGD RRG CHQDBSNQX VHSG # mkdir -p /home/USER/.ssh
Import
4GD HLONQS BNLL@MC HR TRDC SN @CC @ VGNKD CHQDBSNQX HS LTRS AD QTM EQNL VHSGHM SGD CHQDBSNQX a 5RD RRG JDXFDM SN FDMDQ@SD @ JDX O@HQ ~/.ssh/id_dsa HR SGD OQHU@SD JDX ~/.ssh/
SN AD HLONQSDC 3@X SGD CHQDBSNQX CDUDK BNMS@HMR @KK EHKDR @MC RTACHQDBSNQHDR SN AD HLONQSDC 4GD id_dsa.pub HR SGD OTAKHB JDX
CHQDBSNQX M@LD NM SGD #63 SGD LNCTKD VHKK AD B@KKDC LX@OO a #NOX NMKX SGD OTAKHB JDX SN SGD RDQUDQ @MC @OODMC HS SN SGD EHKD ~/.ssh/authorized_keys2
# cvs import [options] directory-name vendor-tag release-tag NM XNTQ GNLD NM SGD RDQUDQ
# cd /devel # Must be inside the project to import it
# cvs import myapp Company R1_0 # Release tag can be anything in one word # ssh-keygen -t dsa -N ''
# cat ~/.ssh/id_dsa.pub | ssh you@host-server "cat - >> ~/.ssh/authorized_keys2"
!ESDQ @ VGHKD @ MDV CHQDBSNQX CDUDK SNNKR V@R @CCDC @MC HS G@R SN AD HLONQSDC SNN
# cd /devel/tools
# cvs import myapp/tools Company R1_0 Using the Windows client from ssh.com
4GD MNM BNLLDQBH@K UDQRHNM NE SGD RRG BNL BKHDMS B@M AD CNVMKN@CDC SGD L@HM ESO RHSD
ESO RRG BNL OTA RRG +DXR FDMDQ@SDC AX SGD RRG BNL BKHDMS MDDC SN AD BNMUDQSDC ENQ SGD /ODM33(
Checkout update add commit
RDQUDQ 4GHR B@M AD CNMD VHSG SGD RRG JDXFDM BNLL@MC
# cvs co myapp/tools # Will only checkout the directory tools
# cvs co -r R1_1 myapp # Checkout myapp at release R1_1 (is sticky)
# cvs -q -d update -P # A typical CVS update a #QD@SD @ JDX O@HQ VHSG SGD RRG BNL BKHDMS 3DSSHMFR 5RDQ !TSGDMSHB@SHNM 'DMDQ@SD .DV
# cvs update -A # Reset any sticky tag (or date, option) a ) TRD +DX SXOD $3! JDX KDMFSG
# cvs add newfile # Add a new file a #NOX SGD OTAKHB JDX FDMDQ@SDC AX SGD RRG BNL BKHDMS SN SGD RDQUDQ HMSN SGD ] RRG ENKCDQ
# cvs add -kb newfile # Add a new binary file a 4GD JDXR @QD HM # <$NBTLDMSR @MC 3DSSHMFR< 53%2.!-% <!OOKHB@SHNM $@S@<33(<
# cvs commit file1 file2 # Commit the two files only 5RDQ+DXR
# cvs commit -m "message" # Commit all changes done with a message a 5RD SGD RRG JDXFDM BNLL@MC NM SGD RDQUDQ SN BNMUDQS SGD JDX
# cd ~/.ssh
Create a patch # ssh-keygen -i -f keyfilename.pub >> authorized_keys2
)S HR ADRS SN BQD@SD @MC @OOKX @ O@SBG EQNL SGD VNQJHMF CDUDKNOLDMS CHQDBSNQX QDK@SDC SN SGD OQNIDBS
NQ EQNL VHSGHM SGD RNTQBD CHQDBSNQX Notice: 7D TRDC @ $3! JDX 23! HR @KRN ONRRHAKD 4GD JDX HR MNS OQNSDBSDC AX @ O@RRVNQC
# cd /devel/project
# diff -Naur olddir newdir > patchfile # Create a patch from a directory or a file Using putty for Windows
# diff -Naur oldfile newfile > patchfile
0TSSX HR @ RHLOKD @MC EQDD RRG BKHDMS ENQ 7HMCNVR
GSSO AKNF TQEHW BNL RRG BNLL@MCR SQHBJR
c 33( 3#0 c c #63 c
a #QD@SD @ JDX O@HQ VHSG SGD OT449FDM OQNFQ@L 4GDQD @QD SGQDD ONOTK@Q V@XR SN @BBDRR SGD #63 @S SGHR ONHMS 4GD EHQRS SVN CNM S MDDC @MX ETQSGDQ
a 3@UD SGD OTAKHB @MC OQHU@SD JDXR ENQ DW@LOKD HMSN # <$NBTLDMSR @MC BNMEHFTQ@SHNM 3DD SGD DW@LOKDR NM #632//4 ADKNV ENQ GNV SN TRD SGDL
3DSSHMFR< 53%2.!-% < RRG
a #NOX SGD OTAKHB JDX SN SGD RDQUDQ HMSN SGD ] RRG ENKCDQ a $HQDBS KNB@K @BBDRR SN SGD EHKD RXRSDL 4GD TRDQ R MDDC RTEEHBHDMS EHKD ODQLHRRHNM SN @BBDRR
# scp .ssh/puttykey.pub root@192.168.51.254:.ssh/ SGD #3 CHQDBSKX @MC SGDQD HR MN ETQSGDQ @TSGDMSHB@SHNM HM @CCHSHNM SN SGD /3 KNFHM (NVDUDQ
SGHR HR NMKX TRDETK HE SGD QDONRHSNQX HR KNB@K
a 5RD SGD RRG JDXFDM BNLL@MC NM SGD RDQUDQ SN BNMUDQS SGD JDX ENQ /ODM33( a 2DLNSD @BBDRR VHSG RRG VHSG SGD DWS OQNSNBNK !MX TRD VHSG @M RRG RGDKK @BBNTMS @MC QD@C
# cd ~/.ssh VQHSD ODQLHRRHNMR NM SGD #63 RDQUDQ B@M @BBDRR SGD #63 CHQDBSKX VHSG DWS NUDQ RRG VHSGNTS
# ssh-keygen -i -f puttykey.pub >> authorized_keys2 @MX @CCHSHNM@K STMMDK 4GDQD HR MN RDQUDQ OQNBDRR QTMMHMF NM SGD #63 ENQ SGHR SN VNQJ 4GD
a 0NHMS SGD OQHU@SD JDX KNB@SHNM HM SGD OTSSX RDSSHMFR #NMMDBSHNM 33( !TSG RRG KNFHM CNDR SGD @TSGDMSHB@SHNM
a 2DLNSD @BBDRR VHSG ORDQUDQ CDE@TKS ONQS SBO 4GHR HR SGD OQDEDQQDC TRD ENQ K@QFDQ
TRDQ A@RD @R SGD TRDQR @QD @TSGDMSHB@SDC AX SGD #63 ORDQUDQ VHSG @ CDCHB@SDC O@RRVNQC
5.2 Check fingerprint C@S@A@RD SGDQD HR SGDQDENQD MN MDDC ENQ KNB@K TRDQR @BBNTMSR 4GHR RDSTO HR DWOK@HMDC ADKNV
!S SGD EHQRS KNFHM RRG VHKK @RJ HE SGD TMJMNVM GNRS VHSG SGD EHMFDQOQHMS G@R SN AD RSNQDC HM SGD JMNVM
GNRSR 4N @UNHC @ L@M HM SGD LHCCKD @SS@BJ SGD @CLHMHRSQ@SNQ NE SGD RDQUDQ B@M RDMC XNT SGD RDQUDQ Network setup with inetd
EHMFDQOQHMS VGHBG HR SGDM BNLO@QDC NM SGD EHQRS KNFHM 5RD ssh-keygen -l SN FDS SGD EHMFDQOQHMS NM 4GD #63 B@M AD QTM KNB@KKX NMKX HE @ MDSVNQJ @BBDRR HR MNS MDDCDC &NQ @ QDLNSD @BBDRR SGD C@DLNM
SGD RDQUDQ HMDSC B@M RS@QS SGD ORDQUDQ VHSG SGD ENKKNVHMF KHMD HM DSB HMDSC BNME DSB WHMDSC C BUR NM 3T3%
# ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub # For RSA key cvspserver stream tcp nowait cvs /usr/bin/cvs cvs \
2048 61:33:be:9b:ae:6c:36:31:fd:83:98:b7:99:2d:9f:cd /etc/ssh/ssh_host_rsa_key.pub --allow-root=/usr/local/cvs pserver
# ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key.pub # For DSA key (default)
2048 14:4a:aa:d9:73:25:46:6d:0a:48:35:c7:f4:16:d4:ee /etc/ssh/ssh_host_dsa_key.pub )S HR @ FNNC HCD@ SN AKNBJ SGD BUR ONQS EQNL SGD )MSDQMDS VHSG SGD EHQDV@KK @MC TRD @M RRG STMMDK SN
@BBDRR SGD QDONRHSNQX QDLNSDKX
.NV SGD BKHDMS BNMMDBSHMF SN SGHR RDQUDQ B@M UDQHEX SG@S GD HR BNMMDBSHMF SN SGD QHFGS RDQUDQ
# ssh linda Separate authentication
The authenticity of host 'linda (192.168.16.54)' can't be established.
DSA key fingerprint is 14:4a:aa:d9:73:25:46:6d:0a:48:35:c7:f4:16:d4:ee.
)S HR ONRRHAKD SN G@UD BUR TRDQR VGHBG @QD MNS O@QS NE SGD /3 MN KNB@K TRDQR 4GHR HR @BST@KKX
Are you sure you want to continue connecting (yes/no)? yes OQNA@AKX V@MSDC SNN EQNL SGD RDBTQHSX ONHMS NE UHDV 3HLOKX @CC @ EHKD M@LDC passwd HM SGD
#632//4 CHQDBSNQX BNMS@HMHMF SGD TRDQR KNFHM @MC O@RRVNQC HM SGD BQXOS ENQL@S 4GHR HR B@M AD
CNMD VHSG SGD @O@BGD GSO@RRVC SNNK
5.3 Secure file transfer Note: 4GHR O@RRVC EHKD HR SGD NMKX EHKD VGHBG G@R SN AD DCHSDC CHQDBSKX HM SGD #632//4 CHQDBSNQX !KRN
3NLD RHLOKD BNLL@MCR HS VNM S AD BGDBJDC NTS -NQD HMEN VHSG GSO@RRVC GDKO
# scp file.txt host-two:/tmp # htpasswd -cb passwd user1 password1 # -c creates the file
# scp joe@host-two:/www/*.html /www/tmp # htpasswd -b passwd user2 password2
# scp -r joe@host-two:/www /www/tmp .NV @CC :cvs @S SGD DMC NE D@BG KHMD SN SDKK SGD BUR RDQUDQ SN BG@MFD SGD TRDQ SN BUR NQ VG@SDUDQ
# scp -P 20022 cb@cb.vu:unixtoolbox.xhtml . # connect on port 20022
XNTQ BUR RDQUDQ HR QTMMHMF TMCDQ )S KNNJR KHJD SGHR
)M +NMPTDQNQ NQ -HCMHFGS #NLL@MCDQ HS HR ONRRHAKD SN @BBDRR @ QDLNSD EHKD RXRSDL VHSG SGD @CCQDRR # cat passwd
fish://user@gate (NVDUDQ SGD HLOKDLDMS@SHNM HR UDQX RKNV user1:xsFjhU22u8Fuo:cvs
&TQSGDQLNQD HS HR ONRRHAKD SN LNTMS @ QDLNSD ENKCDQ VHSG sshfs @ EHKD RXRSDL BKHDMS A@RDC NM 3#0 user2:vnefJOsnnvToM:cvs
3DD ETRD RRGER
ssh_exchange_identification: Connection closed by remote host 12.2 Test it
7HSG SGHR DQQNQ SQX SGD ENKKNVHMF NM SGD RDQUDQ 4DRS SGD KNFHM @R MNQL@K TRDQ ENQ DW@LOKD GDQD LD
echo 'SSHD: ALL' >> /etc/hosts.allow
# cvs -d :pserver:colin@192.168.50.254:/usr/local/cvs login
/etc/init.d/sshd restart
Logging in to :pserver:colin@192.168.50.254:2401/usr/local/cvs
CVS password:
5.4 Tunneling
33( STMMDKHMF @KKNVR SN ENQV@QC NQ QDUDQRD ENQV@QC @ ONQS NUDQ SGD 33( BNMMDBSHNM SGTR RDBTQHMF CVSROOT variable
SGD SQ@EEHB @MC @BBDRRHMF ONQSR VGHBG VNTKC NSGDQVHRD AD AKNBJDC 4GHR NMKX VNQJR VHSG 4#0 4GD
4GHR HR @M DMUHQNMLDMS U@QH@AKD TRDC SN RODBHEX SGD KNB@SHNM NE SGD QDONRHSNQX VD QD CNHMF NODQ@SHNMR
FDMDQ@K MNLDMBK@STQD ENQ ENQV@QC @MC QDUDQRD HR RDD @KRN RRG @MC .!4 DW@LOKD
NM &NQ KNB@K TRD HS B@M AD ITRS RDS SN SGD CHQDBSNQX NE SGD QDONRHSNQX &NQ TRD NUDQ SGD MDSVNQJ SGD
# ssh -L localport:desthost:destport user@gate # desthost as seen from the gate SQ@MRONQS OQNSNBNK LTRS AD RODBHEHDC 3DS SGD #632//4 U@QH@AKD VHSG setenv CVSROOT string NM
# ssh -R destport:desthost:localport user@gate # forwards your localport to destination
# desthost:localport as seen from the client initiating the tunnel @ BRG SBRG RGDKK NQ VHSG export CVSROOT=string NM @ RG A@RG RGDKK
# ssh -X user@gate # To force X forwarding # setenv CVSROOT :pserver:<username>@<host>:/cvsdirectory
For example:
4GHR VHKK BNMMDBS SN F@SD @MC ENQV@QC SGD KNB@K ONQS SN SGD GNRS CDRSGNRS CDRSONQS .NSD CDRSGNRS # setenv CVSROOT /usr/local/cvs # Used locally only
HR SGD CDRSHM@SHNM GNRS as seen by the gate RN HE SGD BNMMDBSHNM HR SN SGD F@SD SGDM CDRSGNRS HR # setenv CVSROOT :local:/usr/local/cvs # Same as above
KNB@KGNRS -NQD SG@M NMD ONQS ENQV@QC HR ONRRHAKD # setenv CVSROOT :ext:user@cvsserver:/usr/local/cvs # Direct access with SSH
# setenv CVS_RSH ssh # for the ext access
GSSO VVV BGH@QJ FQDDMDMC NQF TJ ]RFS@SG@L OTSSX CNVMKN@C GSLK # setenv CVSROOT :pserver:user@cvsserver.254:/usr/local/cvs # network with pserver
GSSO ETRD RNTQBDENQFD MDS RRGER GSLK
c #63 c c 33( 3#0 c
a /ODM SGD OQHU@SD JDX RDQUDQM@LDJDX ODL VHSG @ SDWS DCHSNQ @MC BNOX SGD OQHU@SD JDX HMSN Direct forward on the gate
SGD RDQUDQM@LD ODL EHKD ,DS R@X VD V@MS SN @BBDRR SGD #63 ONQS @MC GSSO ONQS VGHBG @QD QTMMHMF NM SGD F@SD
a $N SGD R@LD VHSG SGD RDQUDQ BDQSHEHB@SD RDQUDQM@LDBDQS ODL 4GHR HR SGD RHLOKDRS DW@LOKD CDRSGNRS HR SGTR KNB@KGNRS @MC VD TRD SGD ONQS KNB@KKX HMRSD@C NE
RN VD CNM S MDDC SN AD QNNS /MBD SGD RRG RDRRHNM HR NODM ANSG RDQUHBDR @QD @BBDRRHAKD NM SGD
4GD EHM@K RDQUDQM@LD ODL EHKD RGNTKC KNNJ KHJD SGHR KNB@K ONQSR
# ssh -L 2401:localhost:2401 -L 8080:localhost:80 user@gate
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDutWy+o/XZ/[...]qK5LqQgT3c9dU6fcR+WuSs6aejdEDDqBRQ
-----END RSA PRIVATE KEY----- Netbios and remote desktop forward to a second server
-----BEGIN CERTIFICATE----- ,DS R@X @ 7HMCNVR RLA RDQUDQ HR ADGHMC SGD F@SD @MC HR MNS QTMMHMF RRG 7D MDDC @BBDRR SN SGD
MIIERzCCA7CgAwIBAgIBBDANB[...]iG9w0BAQQFADCBxTELMAkGA1UEBhMCREUx RLA RG@QD @MC @KRN QDLNSD CDRJSNO SN SGD RDQUDQ
-----END CERTIFICATE-----
# ssh -L 139:smbserver:139 -L 3388:smbserver:3389 user@gate
7G@S VD G@UD MNV HM SGD CHQDBSNQX TRQ KNB@K BDQSR 4GD RLA RG@QD B@M MNV AD @BBDRRDC VHSG << < ATS NMKX HE SGD KNB@K RG@QD HR CHR@AKDC
ADB@TRD the local share is listening on port 139
#! OQHU@SD B@JDX ODL (CA server private key)
)S HR ONRRHAKD SN JDDO SGD KNB@K RG@QD DM@AKDC ENQ SGHR VD MDDC SN BQD@SD @ MDV UHQST@K CDUHBD VHSG @
#! B@BDQS ODL (CA server public key)
MDV )0 @CCQDRR ENQ SGD STMMDK SGD RLA RG@QD VHKK AD BNMMDBSDC NUDQ SGHR @CCQDRR &TQSGDQLNQD the
BDQSR RDQUDQM@LDJDX ODL (server private key)
local RDP is already listening on 3389 RN VD BGNNRD &NQ SGHR DW@LOKD KDS R TRD @ UHQST@K )0 NE
BDQSR RDQUDQM@LDBDQS ODL (server signed certificate)
BDQSR RDQUDQM@LD ODL (server certificate with private key)
a 7HSG OTSSX TRD 3NTQBD ONQS )S HR ONRRHAKD SN BQD@SD LTKSHOKD KNNO CDUHBDR @MC
+DDO SGD OQHU@SD JDX RDBTQD
STMMDK /M 7HMCNVR NMKX OTSSX VNQJDC ENQ LD /M 7HMCNVR 6HRS@ @KRN ENQV@QC SGD
ONQS HM @CCHSHNM SN SGD ONQS !KRN NM 6HRS@ SGD O@SBG +" OQDUDMSR SGD ONQS
11.7 View certificate information SN AD ENQV@QCDC RN ) G@C SN TMHMRS@KK SGHR O@SG HM 6HRS@
4N UHDV SGD BDQSHEHB@SD HMENQL@SHNM RHLOKX CN a 7HSG SGD RRG BNL BKHDMS CHR@AKD !KKNV KNB@K BNMMDBSHNMR NMKX 3HMBD RRG BNL VHKK AHMC SN
@KK @CCQDRRDR NMKX @ RHMFKD RG@QD B@M AD BNMMDBSDC
# openssl x509 -text -in servernamecert.pem # View the certificate info
# openssl req -noout -text -in server.csr # View the request info
# openssl s_client -connect cb.vu:443 # Check a web server certificate .NV BQD@SD SGD KNNOA@BJ HMSDQE@BD VHSG )0
a 3XRSDL #NMSQNK 0@MDK !CC (@QCV@QD 9DR (@QCV@QD HR @KQD@CX BNMMDBSDC !CC @
12 CVS MDV G@QCV@QD CDUHBD @S ANSSNL
a )MRS@KK SGD G@QCV@QD SG@S ) L@MT@KKX RDKDBS .DSVNQJ @C@OSDQR -HBQNRNES -HBQNRNES
3DQUDQ RDSTO O [ #63 SDRS O [ 33( STMMDKHMF O [ #63 TR@FD O ,NNOA@BJ !C@OSDQ
a #NMEHFTQD SGD )0 @CCQDRR NE SGD E@JD CDUHBD SN L@RJ MN F@SDV@X
12.1 Server setup a @CU@MBDC 7).3 %M@AKD ,-(NRSR ,NNJTO $HR@AKD .DS")/3 NUDQ 4#0 )0
a %M@AKD #KHDMS ENQ -HBQNRNES .DSVNQJR $HR@AKD &HKD @MC 0QHMSDQ 3G@QHMF ENQ -HBQNRNES
Initiate the CVS .DSVNQJR
$DBHCD VGDQD SGD L@HM QDONRHSNQX VHKK QDRS @MC BQD@SD @ QNNS BUR &NQ DW@LOKD TRQ KNB@K BUR @R
) (!$ SN QDANNS ENQ SGHR SN VNQJ .NV BNMMDBS SN SGD RLA RG@QD VHSG << @MC QDLNSD CDRJSNO
QNNS
SN
# mkdir -p /usr/local/cvs
# setenv CVSROOT /usr/local/cvs # Set CVSROOT to the new location (local) Debug
# cvs init # Creates all internal CVS config files
# cd /root )E HS HR MNS VNQJHMF
# cvs checkout CVSROOT # Checkout the config files to modify them
# cd CVSROOT a !QD SGD ONQSR ENQV@QCDC MDSRS@S @M ,NNJ @S NQ
edit config ( fine as it is) a $NDR SDKMDS BNMMDBS
# cvs commit config a 9NT MDDC SGD BGDBJANW ,NB@K ONQSR @BBDOS BNMMDBSHNMR EQNL NSGDQ GNRSR
cat >> writers # Create a writers file (optionally also readers) a )R &HKD @MC 0QHMSDQ 3G@QHMF ENQ -HBQNRNES .DSVNQJR CHR@AKDC NM SGD KNNOA@BJ HMSDQE@BD
colin
^D # Use [Control][D] to quit the edit
# cvs add writers # Add the file writers into the repository Connect two clients behind NAT
# cvs edit checkoutlist 3TOONRD SVN BKHDMSR @QD ADGHMC @ .!4 F@SDV@X @MC BKHDMS BKH@CLHM G@R SN BNMMDBS SN BKHDMS BKHTRDQ
# cat >> checkoutlist SGD CDRSHM@SHNM ANSG B@M KNFHM SN SGD F@SD VHSG RRG @MC @QD QTMMHMF ,HMTW VHSG RRGC 9NT CNM S
writers MDDC QNNS @BBDRR @MXVGDQD @R KNMF @R SGD ONQSR NM F@SD @QD @ANUD 7D TRD NM F@SD
^D # Use [Control][D] to quit the edit
# cvs commit # Commit all the configuration changes
!KRN RHMBD SGD F@SD HR TRDC KNB@KKX SGD NOSHNM '@SDV@X0NQSR HR MNS MDBDRR@QX
/M BKHDMS BKHTRDQ EQNL CDRSHM@SHNM SN F@SD
!CC @ readers EHKD HE XNT V@MS SN CHEEDQDMSH@SD QD@C @MC VQHSD ODQLHRRHNMR Note: $N MNS DUDQ DCHS # ssh -R 2022:localhost:22 user@gate # forwards client 22 to gate:2022
EHKDR CHQDBSKX HMSN SGD L@HM BUR ATS Q@SGDQ BGDBJNTS SGD EHKD LNCHEX HS @MC BGDBJ HS HM 7D CHC SGHR
VHSG SGD EHKD writers SN CDEHMD SGD VQHSD @BBDRR /M BKHDMS BKH@CLHM EQNL GNRS SN F@SD
# ssh -L 3022:localhost:2022 admin@gate # forwards client 3022 to gate:2022
c 33( 3#0 c c 33, #DQSHEHB@SDR c
.NV SGD @CLHM B@M BNMMDBS CHQDBSKX SN SGD BKHDMS BKHTRDQ VHSG a )E MDBDRR@QX INHM SGD BDQSHEHB@SD @MC SGD JDX HM @ RHMFKD EHKD SN AD TRDC AX SGD @OOKHB@SHNM
# ssh -p 3022 admin@localhost # local:3022 -> gate:2022 -> client:22 VDA RDQUDQ L@HK RDQUDQ DSB
Connect to VNC behind NAT 11.2 Configure OpenSSL
3TOONRD @ 7HMCNVR BKHDMS VHSG 6.# KHRSDMHMF NM ONQS G@R SN AD @BBDRRDC EQNL ADGHMC .!4 /M 7D TRD TRQ KNB@K BDQSR @R CHQDBSNQX ENQ SGHR DW@LOKD BGDBJ NQ DCHS DSB RRK NODMRRK BME @BBNQCHMFKX
BKHDMS BKHVHM SN F@SD SN XNTQ RDSSHMFR RN XNT JMNV VGDQD SGD EHKDR VHKK AD BQD@SDC (DQD @QD SGD QDKDU@MS O@QS NE
# ssh -R 15900:localhost:5900 user@gate NODMRRK BME
/M BKHDMS BKH@CLHM EQNL GNRS SN F@SD [ CA_default ]
dir = /usr/local/certs/CA # Where everything is kept
# ssh -L 5900:localhost:15900 admin@gate
certs = $dir/certs # Where the issued certs are kept
.NV SGD @CLHM B@M BNMMDBS CHQDBSKX SN SGD BKHDMS 6.# VHSG crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
# vncconnect -display :0 localhost
-@JD RTQD SGD CHQDBSNQHDR DWHRS NQ BQD@SD SGDL
Dig a multi-hop ssh tunnel # mkdir -p /usr/local/certs/CA
# cd /usr/local/certs/CA
3TOONRD XNT B@M MNS QD@BG @ RDQUDQ CHQDBSKX VHSG RRG ATS NMKX UH@ LTKSHOKD HMSDQLDCH@SD GNRSR ENQ
# mkdir certs crl newcerts private
DW@LOKD ADB@TRD NE QNTSHMF HRRTDR 3NLDSHLDR HS HR RSHKK MDBDRR@QX SN FDS @ CHQDBS BKHDMS RDQUDQ # echo "01" > serial # Only if serial does not exist
BNMMDBSHNM ENQ DW@LOKD SN BNOX EHKDR VHSG RBO NQ ENQV@QC NSGDQ ONQSR KHJD RLA NQ UMB /MD V@X SN # touch index.txt
CN SGHR HR SN BG@HM STMMDKR SNFDSGDQ SN ENQV@QC @ ONQS SN SGD RDQUDQ @KNMF SGD GNOR 4GHR B@QQHDQ
ONQS NMKX QD@BGDR HSR EHM@K CDRSHM@SHNM NM SGD K@RS BNMMDBSHNM SN SGD RDQUDQ )E XNT HMSDMC SN FDS @ RHFMDC BDQSHEHB@SD EQNL @ UDMCNQ XNT NMKX MDDC @ BDQSHEHB@SD RHFMHMF QDPTDRS
3TOONRD VD V@MS SN ENQV@QC SGD RRG ONQS EQNL @ BKHDMS SN @ RDQUDQ NUDQ SVN GNOR /MBD SGD STMMDK #32 4GHR #32 VHKK SGDM AD RHFMDC AX SGD UDMCNQ ENQ @ KHLHSDC SHLD D F XD@Q
HR ATHKC HS HR ONRRHAKD SN BNMMDBS SN SGD RDQUDQ CHQDBSKX EQNL SGD BKHDMS @MC @KRN @CC @M NSGDQ ONQS
ENQV@QC 11.3 Create a certificate authority
Create tunnel in one shell )E XNT CN MNS G@UD @ BDQSHEHB@SD @TSGNQHSX EQNL @ UDMCNQ XNT KK G@UD SN BQD@SD XNTQ NVM 4GHR RSDO
BKHDMS GNRS GNRS RDQUDQ @MC CHF STMMDK HR MNS MDBDRR@QX HE NMD HMSDMC SN TRD @ UDMCNQ SN RHFM SGD QDPTDRS 4N L@JD @ BDQSHEHB@SD @TSGNQHSX
#!
client># ssh -L5678:localhost:5678 host1 # 5678 is an arbitrary port for the tunnel
host_1># ssh -L5678:localhost:5678 host2 # chain 5678 from host1 to host2 # openssl req -new -x509 -days 730 -config /etc/ssl/openssl.cnf \
host_2># ssh -L5678:localhost:22 server # end the tunnel on port 22 on the server -keyout CA/private/cakey.pem -out CA/cacert.pem
Use tunnel with an other shell 11.4 Create a certificate signing request
BKHDMS RDQUDQ TRHMF STMMDK
4N L@JD @ MDV BDQSHEHB@SD ENQ L@HK RDQUDQ NQ VDA RDQUDQ ENQ DW@LOKD EHQRS BQD@SD @ QDPTDRS
# ssh -p 5678 localhost # connect directly from client to server
# scp -P 5678 myfile localhost:/tmp/ # or copy a file directly using the tunnel BDQSHEHB@SD VHSG HSR OQHU@SD JDX )E XNTQ @OOKHB@SHNM CN MNS RTOONQS DMBQXOSDC OQHU@SD JDX ENQ DW@LOKD
# rsync -e 'ssh -p 5678' myfile localhost:/tmp/ # or rsync a file directly to the server 57 )-!0 CNDR MNS SGDM CHR@AKD DMBQXOSHNM VHSG -nodes
# openssl req -new -keyout newkey.pem -out newreq.pem \
Autoconnect and keep alive script -config /etc/ssl/openssl.cnf
# openssl req -nodes -new -keyout newkey.pem -out newreq.pem \
) TRD U@QH@SHNMR NE SGD ENKKNVHMF RBQHOS SN JDDO @ L@BGHMD QD@BGD@AKD NUDQ @ QDUDQRD RRG STMMDK 4GD -config /etc/ssl/openssl.cnf # No encryption for the key
BNMMDBSHNM HR @TSNL@SHB@KKX QDATHKS HE BKNRDC 9NT B@M @CC LTKSHOKD -L NQ -R STMMDKR NM NMD KHMD
+DDO SGHR BQD@SDC #32 newreq.pem @R HS B@M AD RHFMDC @F@HM @S SGD MDWS QDMDV@K SGD RHFM@STQD
#!/bin/sh
COMMAND="ssh -N -f -g -R 3022:localhost:22 colin@cb.vu" NMKS VHKK KHLHS SGD U@KHCHSX NE SGD BDQSHEHB@SD 4GHR OQNBDRR @KRN BQD@SDC SGD OQHU@SD JDX newkey.pem
pgrep -f -x "$COMMAND" > /dev/null 2>&1 || $COMMAND
exit 0
11.5 Sign the certificate
1 * * * * colin /home/colin/port_forward.sh # crontab entry (here hourly)
4GD BDQSHEHB@SD QDPTDRS G@R SN AD RHFMDC AX SGD #! SN AD U@KHC SGHR RSDO HR TRT@KKX CNMD AX SGD
UDMCNQ Note: replace "servername" with the name of your server in the next commands
5.1 sshfs # cat newreq.pem newkey.pem > new.pem
# openssl ca -policy policy_anything -out servernamecert.pem \
-NTMS @ EHKDRXRSDL VHSG RRG -config /etc/ssl/openssl.cnf -infiles new.pem
# sshfs cb@cb.vu:/ /Users/barschel/cbvu -oauto_cache,reconnect,defer_permissions \ # mv newkey.pem servernamekey.pem
,noappledouble,negative_vncache,volname=cbvu
.NV RDQUDQM@LDJDX ODL HR SGD OQHU@SD JDX @MC RDQUDQM@LDBDQS ODL HR SGD RDQUDQ BDQSHEHB@SD
/Q UH@ @ SVN GNOR STMMDK
# ssh -Y -A -t -L20022:127.0.0.1:20022 cbarsche@lbgw ssh -Y -A -t -L20022:127.0.0.1:22 rootbgv@bgvctrl 11.6 Create united certificate
# sshfs -p 20022 cb@cb.vu:/ /Users/barschel/cbvu -oauto_cache,reconnect,defer_permissions \
,noappledouble,negative_vncache,volname=cbvu 4GD )-!0 RDQUDQ V@MSR SN G@UD ANSG OQHU@SD JDX @MC RDQUDQ BDQSHEHB@SD HM SGD R@LD EHKD !MC HM
FDMDQ@K SGHR HR @KRN D@RHDQ SN G@MCKD ATS SGD EHKD G@R SN AD JDOS RDBTQDKX !O@BGD @KRN B@M CD@K
VHSG HS VDKK #QD@SD @ EHKD RDQUDQM@LD ODL BNMS@HMHMF ANSG SGD BDQSHEHB@SD @MC JDX
c 33, #DQSHEHB@SDR c c 60. VHSG 33( c
Attach
# geli attach -k /root/ad1.key /dev/ad1
6 VPN WITH SSH
# fsck -ny -t ffs /dev/ad1.eli # In doubt check the file system
# mount /dev/ad1.eli /mnt !R NE UDQRHNM /ODM33( B@M TRD SGD STM S@O CDUHBD SN DMBQXOS @ STMMDK 4GHR HR UDQX RHLHK@Q SN
NSGDQ 4,3 A@RDC 60. RNKTSHNMR KHJD /ODM60. /MD @CU@MS@FD VHSG 33( HR SG@S SGDQD HR MN MDDC SN
Detach HMRS@KK @MC BNMEHFTQD @CCHSHNM@K RNESV@QD !CCHSHNM@KKX SGD STMMDK TRDR SGD 33( @TSGDMSHB@SHNM KHJD
4GD CDS@BG OQNBDCTQD HR CNMD @TSNL@SHB@KKX NM RGTSCNVM OQD RG@QDC JDXR 4GD CQ@VA@BJ HR SG@S SGD DMB@ORTK@SHNM HR CNMD NUDQ 4#0 VGHBG LHFGS QDRTKS HM
# umount /mnt ONNQ ODQENQL@MBD NM @ RKNV KHMJ !KRN SGD STMMDK HR QDKXHMF NM @ RHMFKD EQ@FHKD 4#0 BNMMDBSHNM 4GHR
# geli detach /dev/ad1.eli SDBGMHPTD HR UDQX TRDETK ENQ @ PTHBJ )0 A@RDC 60. RDSTO 4GDQD HR MN KHLHS@SHNM @R VHSG SGD RHMFKD
4#0 ONQS ENQV@QC @KK K@XDQ OQNSNBNKR KHJD )#-0 4#0 5$0 DSB @QD ENQV@QCDC NUDQ SGD 60. )M
/etc/fstab @MX B@RD SGD ENKKNVHMF NOSHNMR @QD MDDCDC HM SGD RRGC?BNME EHKD
4GD DMBQXOSDC O@QSHSHNM B@M AD BNMEHFTQDC SN AD LNTMSDC VHSG DSB ERS@A 4GD O@RRVNQC VHKK AD PermitRootLogin yes
OQNLOSDC VGDM ANNSHMF 4GD ENKKNVHMF RDSSHMFR @QD QDPTHQDC ENQ SGHR DW@LOKD PermitTunnel yes
# grep geli /etc/rc.conf
geli_devices="ad1" 6.1 Single P2P connection
geli_ad1_flags="-k /root/ad1.key"
# grep geli /etc/fstab (DQD VD @QD BNMMDBSHMF SVN GNRSR GBKHDMS @MC GRDQUDQ VHSG @ ODDQ SN ODDQ STMMDK 4GD BNMMDBSHNM HR
/dev/ad1.eli /home/private ufs rw 0 0 started from hclient SN GRDQUDQ @MC HR CNMD @R QNNS 4GD STMMDK DMC ONHMSR @QD RDQUDQ @MC
BKHDMS @MC VD BQD@SD @ CDUHBD STM SGHR BNTKC @KRN AD @M NSGDQ MTLADQ 4GD OQNBDCTQD
Use password only HR UDQX RHLOKD
)S HR LNQD BNMUDMHDMS SN DMBQXOS @ 53" RSHBJ NQ EHKD A@RDC HL@FD VHSG @ O@RROGQ@RD NMKX @MC MN JDX
)M SGHR B@RD HS HR MNS MDBDRR@QX SN B@QQX SGD @CCHSHNM@K JDX EHKD @QNTMC 4GD OQNBDCTQD HR UDQX LTBG a #NMMDBS VHSG 33( TRHMF SGD STMMDK NOSHNM V
SGD R@LD @R @ANUD RHLOKX VHSGNTS SGD JDX EHKD ,DS R DMBQXOS @ EHKD A@RDC HL@FD /cryptedfile NE a #NMEHFTQD SGD )0 @CCQDRRDR NE SGD STMMDK /MBD NM SGD RDQUDQ @MC NMBD NM SGD BKHDMS
'"
Connect to the server
# dd if=/dev/zero of=/cryptedfile bs=1M count=1000 # 1 GB file
# mdconfig -at vnode -f /cryptedfile #NMMDBSHNM RS@QSDC NM SGD BKHDMS @MC BNLL@MCR @QD DWDBTSDC NM SGD RDQUDQ
# geli init /dev/md0 # encrypts with password only
# geli attach /dev/md0 Server is on Linux
# newfs -U -m 0 /dev/md0.eli cli># ssh -w5:5 root@hserver
# mount /dev/md0.eli /mnt srv># ifconfig tun5 10.0.1.1 netmask 255.255.255.252 # Executed on the server shell
# umount /dev/md0.eli
# geli detach md0.eli Server is on FreeBSD
)S HR MNV ONRRHAKD SN LNTMS SGHR HL@FD NM @M NSGDQ RXRSDL VHSG SGD O@RRVNQC NMKX cli># ssh -w5:5 root@hserver
# mdconfig -at vnode -f /cryptedfile srv># ifconfig tun5 10.0.1.1 10.0.1.2 # Executed on the server shell
# geli attach /dev/md0
# mount /dev/md0.eli /mnt Configure the client
#NLL@MCR DWDBTSDC NM SGD BKHDMS
10.2 OS X Encrypted Disk Image cli># ifconfig tun5 10.0.1.2 netmask 255.255.255.252 # Client is on Linux
cli># ifconfig tun5 10.0.1.2 10.0.1.1 # Client is on FreeBSD
$NM S JMNV AX BNLL@MC KHMD NMKX 3DD /3 8 %MBQXOSDC $HRJ )L@FD @MC !OOKD RTOONQS
4GD SVN GNRSR @QD MNV BNMMDBSDC @MC B@M SQ@MRO@QDMSKX BNLLTMHB@SD VHSG @MX K@XDQ OQNSNBNK
TRHMF SGD STMMDK )0 @CCQDRRDR
11 SSL CERTIFICATES
6.2 Connect two networks
3N B@KKDC 33, 4,3 BDQSHEHB@SDR @QD BQXOSNFQ@OGHB OTAKHB JDX BDQSHEHB@SDR @MC @QD BNLONRDC NE @ OTAKHB
@MC @ OQHU@SD JDX 4GD BDQSHEHB@SDR @QD TRDC SN @TSGDMSHB@SD SGD DMCONHMSR @MC DMBQXOS SGD C@S@ )M @CCHSHNM SN SGD O O RDSTO @ANUD HS HR LNQD TRDETK SN BNMMDBS SVN OQHU@SD MDSVNQJR VHSG @M 33(
4GDX @QD TRDC ENQ DW@LOKD NM @ VDA RDQUDQ GSSOR NQ L@HK RDQUDQ HL@OR 60. TRHMF SVN F@SDR 3TOONRD ENQ SGD DW@LOKD MDS! HR @MC MDS"
4GD OQNBDCTQD HR RHLHK@Q @R @ANUD VD NMKX MDDC SN @CC SGD QNTSHMF .!4 LTRS AD @BSHU@SDC NM
SGD OQHU@SD HMSDQE@BD NMKX HE SGD F@SDR @QD MNS SGD R@LD @R SGD CDE@TKS F@SDV@X NE SGDHQ MDSVNQJ
11.1 Procedure MDS! [F@SD! F@SD"[ MDS"
a 7D MDDC @ BDQSHEHB@SD @TSGNQHSX SN RHFM NTQ BDQSHEHB@SD 4GHR RSDO HR TRT@KKX OQNUHCDC AX @ a #NMMDBS VHSG 33( TRHMF SGD STMMDK NOSHNM V
UDMCNQ KHJD 4G@VSD 6DQHRHFM DSB GNVDUDQ VD B@M @KRN BQD@SD NTQ NVM a #NMEHFTQD SGD )0 @CCQDRRDR NE SGD STMMDK /MBD NM SGD RDQUDQ @MC NMBD NM SGD BKHDMS
a #QD@SD @ BDQSHEHB@SD RHFMHMF QDPTDRS 4GHR QDPTDRS HR KHJD @M TMRHFMDC BDQSHEHB@SD SGD OTAKHB a !CC SGD QNTSHMF ENQ SGD SVN MDSVNQJR
O@QS @MC @KQD@CX BNMS@HMR @KK MDBDRR@QX HMENQL@SHNM 4GD BDQSHEHB@SD QDPTDRS HR MNQL@KKX a )E MDBDRR@QX @BSHU@SD .!4 NM SGD OQHU@SD HMSDQE@BD NE SGD F@SD
RDMS SN SGD @TSGNQHSX UDMCNQ ENQ RHFMHMF 4GHR RSDO @KRN BQD@SDR SGD OQHU@SD JDX NM SGD KNB@K
L@BGHMD 4GD RDSTO HR started from gateA in netA
a 3HFM SGD BDQSHEHB@SD VHSG SGD BDQSHEHB@SD @TSGNQHSX
GSSOR VHJH SG@XDQ C@QSLNTSG DCT CHROK@X BNLOTSHMF #QD@SHMF @ -@B /3 8 %MBQXOSDC $HRJ )L@FD
GSSO RTOONQS @OOKD BNL JA GS
c 239.# c c %MBQXOS 0@QSHSHNMR c
Connect from gateA to gateB dm-crypt with LUKS
#NMMDBSHNM HR RS@QSDC EQNL F@SD! @MC BNLL@MCR @QD DWDBTSDC NM F@SD" ,5+3 VHSG CL BQXOS G@R ADSSDQ DMBQXOSHNM @MC L@JDR HS ONRRHAKD SN G@UD LTKSHOKD O@RROGQ@RD ENQ
SGD R@LD O@QSHSHNM NQ SN BG@MFD SGD O@RRVNQC D@RHKX 4N SDRS HE ,5+3 HR @U@HK@AKD RHLOKX SXOD #
gateB is on Linux cryptsetup --help HE MNSGHMF @ANTS ,5+3 RGNVR TO TRD SGD HMRSQTBSHNMR ADKNV 7HSGNTS ,5+3
gateA># ssh -w5:5 root@gateB &HQRS BQD@SD @ O@QSHSHNM HE MDBDRR@QX fdisk /dev/sdc
gateB># ifconfig tun5 10.0.1.1 netmask 255.255.255.252 # Executed on the gateB shell
gateB># route add -net 192.168.51.0 netmask 255.255.255.0 dev tun5
gateB># echo 1 > /proc/sys/net/ipv4/ip_forward # Only needed if not default gw Create encrypted partition
gateB># iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE # dd if=/dev/urandom of=/dev/sdc1 # Optional. For paranoids only (takes days)
# cryptsetup -y luksFormat /dev/sdc1 # This destroys any data on sdc1
gateB is on FreeBSD # cryptsetup luksOpen /dev/sdc1 sdc1
# mkfs.ext3 /dev/mapper/sdc1 # create ext3 file system
gateA># ssh -w5:5 root@gateB # Creates the tun5 devices # mount -t ext3 /dev/mapper/sdc1 /mnt
gateB># ifconfig tun5 10.0.1.1 10.0.1.2 # Executed on the gateB shell # umount /mnt
gateB># route add 192.168.51.0/24 10.0.1.2 # cryptsetup luksClose sdc1 # Detach the encrypted partition
gateB># sysctl net.inet.ip.forwarding=1 # Only needed if not default gw
gateB># natd -s -m -u -dynamic -n fxp0 # see NAT (page 18)
gateA># sysctl net.inet.ip.fw.enable=1 Attach
# cryptsetup luksOpen /dev/sdc1 sdc1
# mount -t ext3 /dev/mapper/sdc1 /mnt
Configure gateA
#NLL@MCR DWDBTSDC NM F@SD! Detach
# umount /mnt
gateA is on Linux # cryptsetup luksClose sdc1
gateA># ifconfig tun5 10.0.1.2 netmask 255.255.255.252
gateA># route add -net 192.168.16.0 netmask 255.255.255.0 dev tun5
gateA># echo 1 > /proc/sys/net/ipv4/ip_forward dm-crypt without LUKS
gateA># iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE # cryptsetup -y create sdc1 /dev/sdc1 # or any other partition like /dev/loop0
# dmsetup ls # check it, will display: sdc1 (254, 0)
gateA is on FreeBSD # mkfs.ext3 /dev/mapper/sdc1 # This is done only the first time!
# mount -t ext3 /dev/mapper/sdc1 /mnt
gateA># ifconfig tun5 10.0.1.2 10.0.1.1
# umount /mnt/
gateA># route add 192.168.16.0/24 10.0.1.2
# cryptsetup remove sdc1 # Detach the encrypted partition
gateA># sysctl net.inet.ip.forwarding=1
gateA># natd -s -m -u -dynamic -n fxp0 # see NAT (page 18) $N DW@BSKX SGD R@LD VHSGNTS SGD LJER O@QS SN QD @SS@BG SGD O@QSHSHNM )E SGD O@RRVNQC HR MNS
gateA># sysctl net.inet.ip.fw.enable=1 BNQQDBS SGD LNTMS BNLL@MC VHKK E@HK )M SGHR B@RD RHLOKX QDLNUD SGD L@O RCB cryptsetup
4GD SVN OQHU@SD MDSVNQJR @QD MNV SQ@MRO@QDMSKX BNMMDBSDC UH@ SGD 33( 60. 4GD )0 ENQV@QC @MC remove sdc1 @MC BQD@SD HS @F@HM
.!4 RDSSHMFR @QD NMKX MDBDRR@QX HE SGD F@SDR @QD MNS SGD CDE@TKS F@SDV@XR )M SGHR B@RD SGD BKHDMSR
VNTKC MNS JMNV VGDQD SN ENQV@QC SGD QDRONMRD @MC M@S LTRS AD @BSHU@SDC 10.2 FreeBSD
4GD SVN ONOTK@Q &QDD"3$ CHRJ DMBQXOSHNM LNCTKDR @QD gbde @MC geli ) MNV TRD FDKH ADB@TRD HS
7 RSYNC HR E@RSDQ @MC @KRN TRDR SGD BQXOSN CDUHBD ENQ G@QCV@QD @BBDKDQ@SHNM 3DD 4GD &QDD"3$ G@MCANNJ
#G@OSDQ ENQ @KK SGD CDS@HKR 4GD FDKH LNCTKD LTRS AD KN@CDC NQ BNLOHKDC HMSN SGD JDQMDK
2RXMB B@M @KLNRS BNLOKDSDKX QDOK@BD BO @MC RBO ETQSGDQLNQD HMSDQQTOSDC SQ@MREDQR @QD DEEHBHDMSKX options GEOM_ELI
QDRS@QSDC ! SQ@HKHMF RK@RG @MC SGD @ARDMBD SGDQDNE G@R CHEEDQDMS LD@MHMFR SGD L@M O@FD HR device crypto # or as module:
FNNC (DQD RNLD DW@LOKDR # echo 'geom_eli_load="YES"' >> /boot/loader.conf # or do: kldload geom_eli
#NOX SGD CHQDBSNQHDR VHSG ETKK BNMSDMS
# rsync -a /home/colin/ /backup/colin/ # "archive" mode. e.g keep the same Use password and key
# rsync -a /var/ /var_bak/ ) TRD SGNRD RDSSHMFR ENQ @ SXOHB@K CHRJ DMBQXOSHNM HS TRDR @ O@RROGQ@RD !.$ @ JDX SN DMBQXOS SGD
# rsync -aR --delete-during /home/user/ /backup/ # use relative (see below)
L@RSDQ JDX 4G@S HR XNT MDDC ANSG SGD O@RRVNQC @MC SGD FDMDQ@SDC JDX /root/ad1.key SN @SS@BG
# /opt/local/bin/rsync -azv --iconv=UTF-8-MAC,UTF-8 ~/Music/flac/ me@server:/dst/
# convert filenames OSX UTF8 to Windows UTF8 SGD O@QSHSHNM 4GD L@RSDQ JDX HR RSNQDC HMRHCD SGD O@QSHSHNM @MC HR MNS UHRHAKD 3DD ADKNV ENQ SXOHB@K
53" NQ EHKD A@RDC HL@FD
3@LD @R ADENQD ATS NUDQ SGD MDSVNQJ @MC VHSG BNLOQDRRHNM 2RXMB TRDR 33( ENQ SGD SQ@MRONQS ODQ
CDE@TKS @MC VHKK TRD SGD RRG JDX HE SGDX @QD RDS 5RD @R VHSG 3#0 ! SXOHB@K QDLNSD BNOX Create encrypted partition
# rsync -axSRzv /home/user/ user@server:/backup/user/ # Copy to remote # dd if=/dev/random of=/root/ad1.key bs=64 count=1 # this key encrypts the mater key
# rsync -a 'user@server:My\ Documents' My\ Documents # Quote AND escape spaces for the remote shell # geli init -s 4096 -K /root/ad1.key /dev/ad1 # -s 8192 is also OK for disks
# geli attach -k /root/ad1.key /dev/ad1 # DO make a backup of /root/ad1.key
%WBKTCD @MX CHQDBSNQX SLO VHSGHM GNLD TRDQ @MC JDDO SGD QDK@SHUD ENKCDQR GHDQ@QBGX SG@S HR SGD # dd if=/dev/random of=/dev/ad1.eli bs=1m # Optional and takes a long time
QDLNSD CHQDBSNQX VHKK G@UD SGD RSQTBSTQD A@BJTO GNLD TRDQ 4GHR HR SXOHB@KKX TRDC ENQ A@BJTOR # newfs /dev/ad1.eli # Create file system
# rsync -azR --exclude=tmp/ /home/user/ user@server:/backup/ # mount /dev/ad1.eli /mnt
5RD ONQS ENQ SGD RRG BNMMDBSHNM
# rsync -az -e 'ssh -p 20022' /home/colin/ user@server:/backup/colin/
GSSO VVV EQDDARC NQF G@MCANNJ CHRJR DMBQXOSHMF GSLK
c %MBQXOS 0@QSHSHNMR c c 239.# c
-e DMBQXOS C@S@ 5RHMF SGD QRXMB C@DLNM TRDC VHSG HR LTBG E@RSDQ ATS MNS DMBQXOSDC NUDQ RRG 4GD KNB@SHNM
-d CDBQXOS C@S@ NE A@BJTO HR CDEHMDC AX SGD BNMEHFTQ@SHNM HM DSB QRXMBC BNME 4GD U@QH@AKD 239.#?0!337/2$ B@M
-r .!-% DMBQXOS ENQ QDBHOHDMS .!-% NQ &TKK .@LD NQ DL@HK CNL@HM AD RDS SN @UNHC SGD MDDC SN DMSDQ SGD O@RRVNQC L@MT@KKX
-a BQD@SD @RBHH @QLNQDC NTSOTS NE @ JDX # rsync -axSRz /home/ ruser@hostname::rmodule/backup/
-o TRD @R NTSOTS EHKD # rsync -axSRz ruser@hostname::rmodule/backup/ /home/ # To copy back
3NLD HLONQS@MS NOSHNMR
4GD DW@LOKDR TRD 9NTQ .@LD @MC !KHBD @R SGD JDXR @QD QDEDQQDC SN AX SGD DL@HK NQ ETKK M@LD
NQ O@QSH@K M@LD &NQ DW@LOKD ) B@M TRD #NKHM NQ B BA UT ENQ LX JDX ;#NKHM "@QRBGDK BA UT
-a, --archive @QBGHUD LNCD R@LD @R QKOSFN$ MN (
B BA UT =
-r, --recursive QDBTQRD HMSN CHQDBSNQHDR
Encrypt for personal use only -R, --relative TRD QDK@SHUD O@SG M@LDR
.N MDDC SN DWONQS HLONQS @MX JDX ENQ SGHR 9NT G@UD ANSG @KQD@CX -H, --hard-links OQDRDQUD G@QC KHMJR
-S, --sparse G@MCKD RO@QRD EHKDR DEEHBHDMSKX
# gpg -e -r 'Your Name' file # Encrypt with your public key
# gpg -o file -d file.gpg # Decrypt. Use -o or it goes to stdout -x, --one-file-system CNM S BQNRR EHKD RXRSDL ANTMC@QHDR
--exclude=PATTERN DWBKTCD EHKDR L@SBGHMF 0!44%2.
Encrypt - Decrypt with keys --delete-during QDBDHUDQ CDKDSDR CTQHMF WEDQ MNS ADENQD
&HQRS XNT MDDC SN DWONQS XNTQ OTAKHB JDX ENQ RNLDNMD DKRD SN TRD HS !MC XNT MDDC SN HLONQS SGD --delete-after QDBDHUDQ CDKDSDR @ESDQ SQ@MREDQ MNS ADENQD
OTAKHB R@X EQNL !KHBD SN DMBQXOS @ EHKD ENQ GDQ 9NT B@M DHSGDQ G@MCKD SGD JDXR HM RHLOKD @RBHH EHKDR NQ
TRD @ OTAKHB JDX RDQUDQ 7.1 Rsync on Windows
&NQ DW@LOKD !KHBD DWONQS GDQ OTAKHB JDX @MC XNT HLONQS HS XNT B@M SGDM DMBQXOS @ EHKD ENQ GDQ 4G@S
HR NMKX !KHBD VHKK AD @AKD SN CDBQXOS HS 2RXMB HR @U@HK@AKD ENQ 7HMCNVR SGQNTFG BXFVHM NQ @R RS@MC @KNMD O@BJ@FDC HM BVQRXMB 4GHR HR UDQX
BNMUDMHDMS ENQ @TSNL@SDC A@BJTOR )MRS@KK NMD NE SGDL not both @MC @CC SGD O@SG SN SGD 7HMCNVR
# gpg -a -o alicekey.asc --export 'Alice' # Alice exported her key in ascii file.
# gpg --send-keys --keyserver subkeys.pgp.net KEYID # Alice put her key on a server. RXRSDL U@QH@AKDR #NMSQNK 0@MDK 3XRSDL S@A !CU@MBDC ATSSNM %MUHQNMLDMS 6@QH@AKDR
# gpg --import alicekey.asc # You import her key into your pubring. %CHS SGD 0@SG RXRSDL U@QH@AKD @MC @CC SGD ETKK O@SG SN SGD HMRS@KKDC QRXMB D F # <0QNFQ@L &HKDR<
# gpg --search-keys --keyserver subkeys.pgp.net 'Alice' # or get her key from a server. BV2RXMB<AHM NQ # <BXFVHM<AHM 4GHR V@X SGD BNLL@MCR rsync @MC ssh @QD @U@HK@AKD HM @ 7HMCNVR
/MBD SGD JDXR @QD HLONQSDC HS HR UDQX D@RX SN DMBQXOS NQ CDBQXOS @ EHKD BNLL@MC RGDKK
# gpg -e -r 'Alice' file # Encrypt the file for Alice.
# gpg -d file.gpg -o file # Decrypt a file encrypted by Alice for you.
Public key authentication
2RXMB HR @TSNL@SHB@KKX STMMDKDC NUDQ 33( @MC SGTR TRDR SGD 33( @TSGDMSHB@SHNM NM SGD RDQUDQ
!TSNL@SHB A@BJTOR G@UD SN @UNHC @ TRDQ HMSDQ@BSHNM ENQ SGHR SGD 33( OTAKHB JDX @TSGDMSHB@SHNM B@M
Key administration
AD TRDC @MC SGD QRXMB BNLL@MC VHKK QTM VHSGNTS @ O@RRVNQC
# gpg --list-keys # list public keys and see the KEYIDS
!KK SGD ENKKNVHMF BNLL@MCR @QD DWDBTSDC VHSGHM @ 7HMCNVR BNMRNKD )M @ BNMRNKD 3S@QS 2TM
The KEYID follows the '/' e.g. for: pub 1024D/D12B77CE the KEYID is D12B77CE
# gpg --gen-revoke 'Your Name' # generate revocation certificate BLC BQD@SD @MC TOKN@C SGD JDX @R CDRBQHADC HM 33( BG@MFD TRDQ @MC RDQUDQ @R @OOQNOQH@SD
# gpg --list-secret-keys # list private keys )E SGD EHKD @TSGNQHYDC?JDXR CNDR MNS DWHRS XDS RHLOKX BNOX HC?CR@ OTA SN @TSGNQHYDC?JDXR @MC
# gpg --delete-keys NAME # delete a public key from local key ring TOKN@C HS
# gpg --delete-secret-key NAME # delete a secret key from local key ring # ssh-keygen -t dsa -N '' # Creates a public and a private key
# gpg --fingerprint KEYID # Show the fingerprint of the key # rsync user@server:.ssh/authorized_keys2 . # Copy the file locally from the server
# gpg --edit-key KEYID # Edit key (e.g sign or add/del email) # cat id_dsa.pub >> authorized_keys2 # Or use an editor to add the key
# rsync authorized_keys2 user@server:.ssh/ # Copy the file back to the server
# del authorized_keys2 # Remove the local copy
10 ENCRYPT PARTITIONS .NV SDRS HS VHSG HM NMD KHMD
,HMTW VHSG ,5+3 O [ ,HMTW CL BQXOS NMKX O [ &QDD"3$ '%,) O [ &"3$ OVC NMKX O [ rsync -rv "/cygdrive/c/Documents and Settings/%USERNAME%/My Documents/" \
/3 8 HL@FD O 'user@server:My\ Documents/'
4GDQD @QD L@MX NSGDQ @KSDQM@SHUD LDSGNCR SN DMBQXOS CHRJR ) NMKX RGNV GDQD SGD LDSGNCR ) JMNV Automatic backup
@MC TRD +DDO HM LHMC SG@S SGD RDBTQHSX HR NMKX FNNC @R KNMF SGD /3 G@R MNS ADDM SDLODQDC VHSG 5RD @ A@SBG EHKD SN @TSNL@SD SGD A@BJTO @MC @CC SGD EHKD HM SGD RBGDCTKDC S@RJR 0QNFQ@LR
!M HMSQTCDQ BNTKC D@RHKX QDBNQC SGD O@RRVNQC EQNL SGD JDXAN@QC DUDMSR &TQSGDQLNQD SGD C@S@ HR !BBDRRNQHDR 3XRSDL 4NNKR 3BGDCTKDC 4@RJR &NQ DW@LOKD BQD@SD SGD EHKD A@BJTO A@S @MC
EQDDKX @BBDRRHAKD VGDM SGD O@QSHSHNM HR attached @MC VHKK MNS OQDUDMS @M HMSQTCDQ SN G@UD @BBDRR SN HS QDOK@BD TRDQ RDQUDQ
HM SGHR RS@SD
@ECHO OFF
REM rsync the directory My Documents
10.1 Linux SETLOCAL
SET CWRSYNCHOME=C:\PROGRAM FILES\CWRSYNC
4GNRD HMRSQTBSHNMR TRD SGD ,HMTW dm-crypt CDUHBD L@OODQ E@BHKHSX @U@HK@AKD NM SGD JDQMDK SET CYGWIN=nontsec
)M SGHR DW@LOKD KDSR DMBQXOS SGD O@QSHSHNM /dev/sdc1 HS BNTKC AD GNVDUDQ @MX NSGDQ O@QSHSHNM NQ SET CWOLDPATH=%PATH%
CHRJ NQ 53" NQ @ EHKD A@RDC O@QSHSHNM BQD@SDC VHSG losetup )M SGHR B@RD VD VNTKC TRD /dev/loop0 REM uncomment the next line when using cygwin
SET PATH=%CWRSYNCHOME%\BIN;%PATH%
3DD EHKD HL@FD O@QSHSHNM 4GD CDUHBD L@OODQ TRDR K@ADKR SN HCDMSHEX @ O@QSHSHNM 7D TRD sdc1 HM SGHR echo Press Control-C to abort
DW@LOKD ATS HS BNTKC AD @MX RSQHMF
GSSO RNTQBDENQFD MDS OQNIDBSR RDQDCR
c 35$/ c c %MBQXOS &HKDR c
rsync -av "/cygdrive/c/Documents and Settings/%USERNAME%/My Documents/" \ # openssl aes-128-cbc -salt -in file -out file.aes
'user@server:My\ Documents/' # openssl aes-128-cbc -d -salt -in file.aes -out file
pause
.NSD SG@S SGD EHKD B@M NE BNTQRD AD @ S@Q @QBGHUD
8 SUDO tar and encrypt a whole directory
# tar -cf - directory | openssl aes-128-cbc -salt -out directory.tar.aes # Encrypt
# openssl aes-128-cbc -d -salt -in directory.tar.aes | tar -x -f - # Decrypt
3TCN HR @ RS@MC@QC V@X SN FHUD TRDQR RNLD @CLHMHRSQ@SHUD QHFGSR VHSGNTS FHUHMF NTS SGD QNNS
O@RRVNQC 3TCN HR UDQX TRDETK HM @ LTKSH TRDQ DMUHQNMLDMS VHSG @ LHW NE RDQUDQ @MC VNQJRS@SHNMR
tar zip and encrypt a whole directory
3HLOKX B@KK SGD BNLL@MC VHSG RTCN
# tar -zcf - directory | openssl aes-128-cbc -salt -out directory.tar.gz.aes # Encrypt
# sudo /etc/init.d/dhcpd restart # Run the rc script as root
# openssl aes-128-cbc -d -salt -in directory.tar.gz.aes | tar -xz -f - # Decrypt
# sudo -u sysadmin whoami # Run cmd as an other user
a 5RD J LXRDBQDSO@RRVNQC @ESDQ @DR BAB SN @UNHC SGD HMSDQ@BSHUD O@RRVNQC QDPTDRS
8.1 Configuration (NVDUDQ MNSD SG@S SGHR HR GHFGKX HMRDBTQD
a 5RD aes-256-cbc HMRSD@C NE aes-128-cbc SN FDS DUDM RSQNMFDQ DMBQXOSHNM 4GHR TRDR @KRN
3TCN HR BNMEHFTQDC HM /etc/sudoers @MC LTRS NMKX AD DCHSDC VHSG visudo 4GD A@RHB RXMS@W HR SGD
LNQD #05
KHRSR @QD BNLL@ RDO@Q@SDC
user hosts = (runas) commands # In /etc/sudoers
9.2 GPG
users NMD NQ LNQD TRDQR NQ FQNTO KHJD VGDDK SN F@HM SGD QHFGSR 'MT0' HR VDKK JMNVM SN DMBQXOS @MC RHFM DL@HKR NQ @MX C@S@ &TQSGDQLNQD FOF @MC @KRN OQNUHCDR
hosts KHRS NE GNRSR NQ !,, @M @CU@MBDC JDX L@M@FDLDMS RXRSDL 4GHR RDBSHNM NMKX BNUDQR EHKDR DMBQXOSHNM MNS DL@HK TR@FD
runas KHRS NE TRDQR NQ !,, SG@S SGD BNLL@MC QTKD B@M AD QTM @R )S HR DMBKNRDC HM RHFMHMF NQ SGD 7DA /E 4QTRS
commands KHRS NE BNLL@MCR NQ !,, SG@S VHKK AD QTM @R QNNS NQ @R QTM@R 4GD RHLOKDRS DMBQXOSHNM HR VHSG @ RXLLDSQHB BHOGDQ )M SGHR B@RD SGD EHKD HR DMBQXOSDC VHSG @
O@RRVNQC @MC @MXNMD VGN JMNVR SGD O@RRVNQC B@M CDBQXOS HS SGTR SGD JDXR @QD MNS MDDCDC 'OF
!CCHSHNM@KKX SGNRD JDXVNQCR B@M AD CDEHMDC @R @KH@R SGDX @QD B@KKDC 5RDQ?!KH@R (NRS?!KH@R @CCR @M DWSDMSHNM FOF SN SGD DMBQXOSDC EHKD M@LDR
2TM@R?!KH@R @MC #LMC?!KH@R 4GHR HR TRDETK ENQ K@QFDQ RDSTOR (DQD @ RTCNDQR DW@LOKD # gpg -c file # Encrypt file with password
# gpg file.gpg # Decrypt file (optionally -o otherfile)
# cat /etc/sudoers
# Host aliases are subnets or hostnames.
Host_Alias DMZ = 212.118.81.40/28 Using keys
Host_Alias DESKTOP = work1, work2 &NQ LNQD CDS@HKR RDD '0' 1THBJ 3S@QS @MC '0' 0'0 "@RHBR @MC SGD FMTOF CNBTLDMS@SHNM @LNMF
# User aliases are a list of users which can have the same rights
NSGDQR
User_Alias ADMINS = colin, luca, admin 4GD OQHU@SD @MC OTAKHB JDXR @QD SGD GD@QS NE @RXLLDSQHB BQXOSNFQ@OGX 7G@S HR HLONQS@MS SN
User_Alias DEVEL = joe, jack, julia QDLDLADQ
Runas_Alias DBA = oracle,pgsql
a 9NTQ OTAKHB JDX HR TRDC AX others SN DMBQXOS EHKDR SG@S NMKX XNT @R SGD QDBDHUDQ B@M CDBQXOS
# Command aliases define the full path of a list of commands MNS DUDM SGD NMD VGN DMBQXOSDC SGD EHKD B@M CDBQXOS HS 4GD OTAKHB JDX HR SGTR LD@MS SN AD
Cmnd_Alias SYSTEM = /sbin/reboot,/usr/bin/kill,/sbin/halt,/sbin/shutdown,/etc/init.d/ CHRSQHATSDC
Cmnd_Alias PW = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root # Not root pwd!
Cmnd_Alias DEBUG = /usr/sbin/tcpdump,/usr/bin/wireshark,/usr/bin/nmap a 9NTQ OQHU@SD JDX HR DMBQXOSDC VHSG XNTQ O@RROGQ@RD @MC HR TRDC SN CDBQXOS EHKDR VGHBG VDQD
DMBQXOSDC VHSG your OTAKHB JDX 4GD OQHU@SD JDX LTRS AD JDOS secure !KRN HE SGD JDX NQ
# The actual rules O@RROGQ@RD HR KNRS RN @QD @KK SGD EHKDR DMBQXOSDC VHSG XNTQ OTAKHB JDX
root,ADMINS ALL = (ALL) NOPASSWD: ALL # ADMINS can do anything w/o a password.
a 4GD JDX EHKDR @QD B@KKDC JDXQHMFR @R SGDX B@M BNMS@HM LNQD SG@M NMD JDX
DEVEL DESKTOP = (ALL) NOPASSWD: ALL # Developers have full right on desktops
DEVEL DMZ = (ALL) NOPASSWD: DEBUG # Developers can debug the DMZ servers.
&HQRS FDMDQ@SD @ JDX O@HQ 4GD CDE@TKSR @QD EHMD GNVDUDQ XNT VHKK G@UD SN DMSDQ @S KD@RS XNTQ ETKK
# User sysadmin can mess around in the DMZ servers with some commands. M@LD @MC DL@HK @MC NOSHNM@KKX @ BNLLDMS 4GD BNLLDMS HR TRDETK SN BQD@SD LNQD SG@M NMD JDX
sysadmin DMZ = (ALL) NOPASSWD: SYSTEM,PW,DEBUG VHSG SGD R@LD M@LD @MC DL@HK !KRN XNT RGNTKC TRD @ O@RROGQ@RD MNS @ RHLOKD O@RRVNQC
sysadmin ALL,!DMZ = (ALL) NOPASSWD: ALL # Can do anything outside the DMZ. # gpg --gen-key # This can take a long time
%dba ALL = (DBA) ALL # Group dba can run as database user.
4GD JDXR @QD RSNQDC HM ] FMTOF NM 5MHW NM 7HMCNVR SGDX @QD SXOHB@KKX RSNQDC HM
# anyone can mount/unmount a cd-rom on the desktop machines # $NBTLDMSR @MC 3DSSHMFR 53%2.!-% !OOKHB@SHNM $@S@ FMTOF
ALL DESKTOP = NOPASSWD: /sbin/mount /cdrom,/sbin/umount /cdrom
~/.gnupg/pubring.gpg # Contains your public keys and all others imported
~/.gnupg/secring.gpg # Can contain more than one private key
9 ENCRYPT FILES 3GNQS QDLHMCDQ NM LNRS TRDC NOSHNMR
9.1 OpenSSL
A single file GSSO VVV L@CAN@ BNL FDDJ FOF PTHBJRS@QS
GSSO @OK@VQDMBD BNL "@RHBR FOF GSLK
%MBQXOS @MC CDBQXOS GSSO FMTOF NQF CNBTLDMS@SHNM

Unixtoolbox Book

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Unixtoolbox Book

Hochgeladen von

Copyright:

Verfügbare Formate

UNIX TOOLBOX

5MHW 4NNKANW QDUHRHNM

simplecpp: ${OBJS} Linux

22 PROGRAMMING 1.6 Reset root password

22.1 C basics Linux method 1

4GD BNLL@MC KHMD @QFTLDMSR @QD

For many users

Checks 3.1 Permissions

&NQ DW@LOKD TRDC @KK @S NMBD

Print routing table

a Ctrl-a ? GDKO @MC RTLL@QX NE ETMBSHNMR 4.5 Ports in use

Das könnte Ihnen auch gefallen