dom6791
join:2001-11-23
Bronx, NY | Little Known Tips and Tricks... I was just wondering if some of you more knowledgeable *nix users would share some of your lesser known tips and tricks with Linux? Not including the information listed in this forums FAQs. | |
|
 paul1238
join:2000-11-03
Brookline, MA
| Re: Little Known Tips and Tricks... Great idea for a thread. I'll start it off with one 
In unix, the way that an application programmer would normally query the kernel for kernel information is to use the ioctl() system call if there was not a C library call already available.
In linux, if you don't want to write a program or if you didn't have a utility already available (ie. uptime, ps, etc.) to query the kernel, there is a nice facility to access kernel information using a filesystem interface. This is the /proc interface. Most common modules in the kernel support this interface method.
For example, if you do a ls -al /proc, a lot of files are listed. Nearly all of them will have a zero byte count. But there is actually useful data in there .
cat /proc/meminfo will provide information on the kernel's view of memory.
cat /proc/cpuinfo will provide information on the kernel's view of the cpu.
Ever wonder about specific process information? In the /proc interface, a directory is created for each process id that the kernel is currently running.
ls -al /proc/1 will provide all the information that the kernel is tracking for process 1 which is always the init process. For example, if you are curious what environment variables was passed to the init process when it started, cat /proc/1/environ.
If you don't have the uname application and you want to find the kernel version, cat /proc/sys/kernel/osrelease.
The /proc interface can be a useful method to query the kernel. | |
|
AmateurAstro
join:2001-12-29
Glen Ridge, NJ
| If you add the "noatime" option to the fstab file for mounting options, Linux will not keep track of the access time every time a file is read. This can be of noticeable benefit on older, slower machines. I use it on my Fujitsu LifeBook 535T (133Mhz Pentium, 48MB RAM) to good effect. | |
|
fritzmp
Biker Tux
Premium
join:2001-08-29
Warrenton, VA
clubs:
| Security SSH PAM and USERS: Based on RH so file location may vary
edit /etc/ssh/sshd-config
change
#Protocol 2,1
to just 2
Protocol 2
#uncomment the line
This will keep ssh to fall to a protocol 1 session where you can have man in the middle issues.
change
#PermitRootLonin yes
to
PermitRootLonin no
#uncoment the line
Root does not need to login
save and exit
add your username to the wheel group
usermod -G wheel username
edit /etc/pam.d/su
# Uncomment the following line to require a user to be in the "wheel" group.
auth required /lib/security/pam_wheel.so use_uid
now you have only the users you want to su - and no external root logins and shell access you now have control some what. You do need to trust those you give access.
--
NTFS Killed My Parents. Get Freed A small band of FreeBSD users are working together in the shadows, observing, honing their skills, building their numbers, and plotting their future.
[text was edited by author 2003-03-04 15:31:22] | |
|
 | 
severely depressed
@covad.net
| Re: Little Known Tips and Tricks... Since you bring up the sshd_config script, I do have a question.
Can you prohibit the login of other users besides root this way? If so, how?
I ask because my leetle old mother compete with foo-foo dog (pomeranian) insists on simple login passwords. She claims to be feeble minded (-heh-). So I'd like to have remote access for me via 'ssh' and prohibit remote login of all other users on her machine.
TIA
| |
|
| |
fritzmp
Biker Tux
Premium
join:2001-08-29
Warrenton, VA
clubs:
| Re: Little Known Tips and Tricks... said by severely depressed:
Since you bring up the sshd_config script, I do have a question.
Can you prohibit the login of other users besides root this way? If so, how?
I ask because my leetle old mother compete with foo-foo dog (pomeranian) insists on simple login passwords. She claims to be feeble minded (-heh-). So I'd like to have remote access for me via 'ssh' and prohibit remote login of all other users on her machine.
TIA
You can
edit and add to /etc/pam.d/login
auth required /lib/security/pam_listfile.so onerr=succeed item=user sense=deny file=/etc/nologinusers
vi /etc/nologinusers
and users one per line you wish to deny access
easier and better
edit /etc/security/access.config add
-:ALL EXCEPT you_user_or_group
This is good to use with the previous post above.
PAM is pretty versatile and you can restrict allow by day time location as well as users and groups.
--
NTFS Killed My Parents. Get Freed A small band of FreeBSD users are working together in the shadows, observing, honing their skills, building their numbers, and plotting their future.
[text was edited by author 2003-03-05 22:58:03] | |
|
| | | 
cwnorris
join:2000-01-17
Longmont, CO
 ·Mesa Networks
| Re: Little Known Tips and Tricks... said by fritzmp  :
You can
edit and add to /etc/pam.d/login
easier and better
edit /etc/security/access.config
This is good to use with the previous post above.
If you don't use PAM or are running a distro that doesn't have /etc/security/access.conf (Slack has neither), you can use the sshd_config to set this:
AllowUsers
This keyword can be followed by a list of user name patterns,
separated by spaces. If specified, login is allowed only for
users names that match one of the patterns. `*' and `'? can be
used as wildcards in the patterns. Only user names are valid; a
numerical user ID is not recognized. By default, login is
allowed for all users. If the pattern takes the form USER@HOST
then USER and HOST are separately checked, restricting logins to
particular users from particular hosts. | |
|
| | | |
seriously depressed
@covad.net
| Re: Little Known Tips and Tricks... This was the clue I was looking for. And wonder of wonders, after I read your post, it occurred to me to look at:
# man sshd_config
And I found what you were quoting from.
For some reason, I assumed all the comments in sshd_config were all the documentation there was ...
Doh!
And thank you | |
|
| | | |
fritzmp
Biker Tux
Premium
join:2001-08-29
Warrenton, VA
clubs:
| said by cwnorris :
said by fritzmp :
You can
edit and add to /etc/pam.d/login
easier and better
edit /etc/security/access.config
This is good to use with the previous post above.
If you don't use PAM or are running a distro that doesn't have /etc/security/access.conf (Slack has neither), you can use the sshd_config to set this:
AllowUsers
This keyword can be followed by a list of user name patterns,
separated by spaces. If specified, login is allowed only for
users names that match one of the patterns. `*' and `'? can be
used as wildcards in the patterns. Only user names are valid; a
numerical user ID is not recognized. By default, login is
allowed for all users. If the pattern takes the form USER@HOST
then USER and HOST are separately checked, restricting logins to
particular users from particular hosts.
I was playing around and find that for ssh sessions cwnorris method is the easiest and safests for no0bs.
NEXT BIG TIP
When working on tightening up authentication and security have Two Terminals Open because if you lock your self out of your box you will then learn about single user login to recover.:)
PAM and Login will lock you out at the box, so take heed.
--
NTFS Killed My Parents. Get Freed A small band of FreeBSD users are working together in the shadows, observing, honing their skills, building their numbers, and plotting their future. | |
|
| | | | | 
Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA
| Re: Little Known Tips and Tricks... said by fritzmp :
NEXT BIG TIP
When working on tightening up authentication and security have Two Terminals Open because if you lock your self out of your box you will then learn about single user login to recover.:)
PAM and Login will lock you out at the box, so take heed.
Everybody learns this eventually, and the only question is "easy way" or "hard way" | |
|
| | 
KE7JFF
SKU CHECK
join:2001-12-01
Hillsboro, OR | Having Problems with the kernel or hardware? Use this command:
tail /var/log/messages
it shows what going on with the kernel, as well as some other system activities. | |
|
| | | 
bbrkdub
join:2001-10-03
Houston, TX
 ·Comcast
| Re: Little Known Tips and Tricks... quote:
Having Problems with the kernel or hardware? Use this command:
tail /var/log/messages
Don't forget you can watch for data as it's being appended.
# tail -f *logfile*
--
Hope this helps... | |
|
| | 
freerock
Premium
join:2001-05-04
New York, NY
| edit: man I need some sleep
[text was edited by author 2003-03-10 22:55:14] | |
|
| 
rocketspeed
No Tag
Premium
join:2000-01-24
Murrieta, CA | Great tip ---
Seems like Mandrake 9 enables root login by default. I have been asked during installation on other installs whether or not to allow root login.
Just don't forget to restart the sshd .
> service sshd restart | |
|
| | 
sporkme
drop the crantini and move it, sister
Premium,MVM
join:2000-07-01
Morristown, NJ
·Optimum Online
| Re: Little Known Tips and Tricks... said by rocketspeed :
Just don't forget to restart the sshd .
> service sshd restart
Not to dis the Linux distros or anything, but if you want to "grow beyond" the "service blah blah" scripts and restart daemons, there are other ways to do this. Perhaps one day you'll have to work on a system (linux or otherwise) that does not have a bunch of rc.d scripts.
Many daemons like to put files in "/var/run/". You'll probably find something like "/var/run/sshd.pid". Other daemons may have similarly named files there; ie: daemonname.pid.
Let's say you want to HUP sshd to have it re-read it's config (this will NOT kill your current connection). You can do something like this:
kill -HUP `cat /var/run/sshd.pid`
That results in sending the sshd process a HUP signal. The stuff between the backticks will be executed, so this is the equivalent of "cat'ing" the /var/run/sshd.pid file, reading the result (which is just the process id of the parent sshd process) and then typing "kill -HUP xxx".
To follow on to Steve's xargs madness, let's say you've got some daemon process that is just running away. It's spawning more and more processes and "service blah stop" is not doing anything for you. Here's a cute way to kill all of those processes with the "big hammer":
ps -auxwww | grep "daemonname" | awk '{print $2}' | xargs kill -9
That will seek out all processes running named "daemonname", awk is snatching the second column that has the pid number, and xargs passes that as an argument to the big hammer called "kill -9". Use that one wisely, or start with a "-1". You can match on anything in the ps output as well, such as a particular username. I use a lot of "w's" with ps in case the program is started with an insanely long path. | |
|
| | | 
Eatmeingreek
Gentard
join:2001-06-29
San Francisco, CA
| Re: Little Known Tips and Tricks... said by sporkme :
ps -auxwww | grep "daemonname" | awk '{print $2}' | xargs kill -9
Not to nitpick, but "-aux" are the correct ps switches for BSDish Unices ( sporkme is down with *BSD.) For AT&Tish Unices I suggest "-efa". I believe Linux won't choke on "-aux", but I'm pretty sure Solaris will.
--
We must destroy liberty to make the homeland safe for democracy | |
|
dom6791
join:2001-11-23
Bronx, NY | Wow! These are some tips I have never heard of. Nice ones fellas! | |
|
Viggen93
Premium,VIP
join:2002-04-16
Hamilton, ON
·Cogeco Cable
| Finding files in the filesystem, you could use the "find" command but that is often slow. Try using "locate filename" instead, as it is much quicker as it searches a database of the filesystem. There are limitations to locate, such as the database will only have a snapshot of the filesystem as of the last time "slocate.cron" was ran, something that is (well atleast on my system) run at midnight every day, therefore, if the file was created after the last cron job for "slocate.cron" (slocate.cron is just a script that is located in etc/cron.daily on my RH8 System) locate won't pick it up. I find it useful for finding obscure configuration files.
--
Isn't air travel wonderful? Breakfast in London, dinner in New York,luggage in Brazil. | |
|
rocketspeed
No Tag
Premium
join:2000-01-24
Murrieta, CA
| In Mandrake 9 an application menu is created. In KDE almost all applications are there by clicking on the kde button. I don't use KDE. I prefer Fluxbox (as I know many others do). When you install Fluxbox as an afterthought, the menu is incomplete. However Blackbox may have been installed when you installed Mandrake and it has a fairly complete automatically created menu called blackbox-menu in the user directory. To get all the apps in my Fluxbox menu without manually editing it (a tedious task ) I remove the old fluxbox menu:
mv ~/.fluxbox/menu ~/.fluxbox/menmu.bak
and replace it with:
ln -s ~/blackbox-menu ~/.fluxbox/menu
I can then easily edit all GUI menus by running menudrake.
Not sure how well known that is, but it sure saved me some time from menu editing. | |
|
shdesigns
Powered By Infinite Improbabilty Drive
Premium
join:2000-12-01
Stone Mountain, GA
 ·Atlantic Nexus
| SSH is not just an encrypted "telnet clone". It can compress data, and act as a tunnel to or from other machines (kind of like a VPN.) It can use this tunnel to pass X-windows gui between machines (X-Forward.)
Typical example:
remote pc -->public internet IP -->router-->workstation@10.1.1.1
Workstation has VNC running on port 5900.
Set up SSH connection to router and enable forwarding:
remote pc (localhost) port 5900 --> remote IP 10.1.1.1
Then 'vncviewer localhost' (on remote PC, not in ssh login) will connect to the VNC desktop on the workstation at 10.1.1.1. You now have a route to the local LAN through the firewall to a non-routable IP. This port forward only exists between your PC and the remoteworkstation and, only exists while you are logged in.
After I had used this, I disabled all ports for things like VNC on my firewall. Only thing open is ssh and web server. When I am working at a remote site, I ssh to my router and tunnel to internal PC's as needed.
As you can see, ssh is powerful, not just a remote login.
Read the man pages on ssh and sshd.
Also putty is a great windoze ssh client. I used it on my sisters PC running off a floppy to get to one of my PC's desktop without any installed software on their PC. I did the same using knoppix on my brothers PC.
--
Scott Henion
Embedded Systems Consultant, shenion on #ATUhttp://shdesigns.org | |
|
| dtanner
join:2004-04-10
Shreveport, LA
4 edits | More ssh goodness - Turbo mode logins - Good Stuff
Turbo mode logins using ssh keys.
1) On local-machine type this command...
$ ssh-keygen -t rsa
TIP: When it asks for a passphrase just hit enter.
ie: Do not give it a passphrase.
2) This will create a file ~/.ssh/id_rsa.pub
3) This will be used for your *PUBLIC* key.
4) On local-machine issue this command...
$ scp ~/.ssh/id_rsa.pub user@remote-machine:.ssh/authorized_keys2
Assuming you have the same username on both local-machine
and remote-machine you do not have to use the
user@remote-machine. Just remote-machine will do in the
'scp' line above in this case. For the purpose of being
"proper" this is the syntax I used above...
user@remote-machine
IMPORTANT NOTE: NEVER EVER copy the file ~/.ssh/id_rsa to another machine.
ONLY ~/.ssh/id_rsa.pub ok?
You do not need to do this for any reason.
Don't do it.
You have been warned.
5) On local-machine issue this command...
$ ssh remote-machine
6) Badabing. Sweet.
You want more automation ?
Check this out...
7) I personally have a ~/bin directory that is in my $PATH.
You will need a directory in your home that is in your
$PATH. We will assume from this point that you have such
directory already in your $PATH.
8) Create a file called ssh-to on local-machine and put it in your ~/bin directory.
In this file put this sweet little script ...
#-------------snip------------
#!/bin/sh
ssh `basename $0` $*
#-------------snip------------
9) Save the file to ~/bin/ssh-to on local-machine and make it executable.
ie: $ chmod 700 ~/bin/ssh-to
10) On local-machine type this command...
$ cd ~/bin
11) On local-machine type this command...
$ ln -s ssh-to remote-machine
Tip: If you have an alias in your /etc/hosts file for
the remote-machine use those it will make it even nicer.
12) On local-machine type this command...
$ remote-machine
Sweet. You should have logged right in to the remote-machine.
13) Now that you have this setup try this cool stuff....
On local-machine of course.
$ remote-machine uptime
$ remote-machine ls
$ remote-machine any-command-you-want-to-execute-on-remote-machine
14) Now just repeat these steps for each remote-machine
that you choose.
15) Another nice side affect of this is that "scp"
and "sftp" will not require a passwd either :)
I hope this helps someone.
»linuxtux.org/howtos/ssh-stuff.txt
| |
|
cpuffer
join:2002-01-17
Maynard, MA
| Cygwin is your friend if you are forced to use NT/2000... It gives you a bash shell, ssh, X windows and your faverate commands like grep and ls.
I like the fact that I can do bash and pearl scripts and run X with ssh logging into my home system.
So get Cygwin it installs easy and works.
It also has an updater like debian so you can keep all your code up to date.
Charles Puffer | |
|
|
limeygit
Everybody Wang-Chung Tonight
join:2001-02-17
Nearest Bar
| I am very much a newb, but here is something I found nice and easy. How to use your windows fonts in Open Office on RH8. This assumes you still have windows and there is a cd-burner on it. If you don't have windows you can do it this way - »corefonts.sourceforge.net/.
(1) Anyway, first burn a CD with all the fonts you want, or just do what I did and burn a copy of the windows Fonts directory.
(2) Pop the CD into the linux machine.
(3) Make a directory in red hat, it is probably best to make a hidden one in home. mkrdir ~/.fonts
(4) Open a terminal window and move to your cd drive probably just need to cd /mnt/cdrom/Fonts - assuming you burned the whole folder from windows.
(5) Copy the files from the cd to your new Red Hat fonts folder. cp *.ttf ~/.fonts will work if you made the hidden folder in your home. If not alter as needed.
(6) Apparently in RH8, many applications will see the new fonts without you needing to do anymore. What I care about though is Open Office, and with that you need to import the fonts. To do this open a terminal and type oopadmin. This will load a simple screen where you can select fonts, and then add, and then point it to your fonts folder, select all, and add. Viola, you can use Verdana or whatever in your OO documents.
If this is a 'well duh', I apologize, I know I found it a nice and easy way to do it, easier for a newb than the corefonts install method anyway.
Not sure if it works on other distros.
--
www.indiemonkey.com
Taking you to Funky Town since 1999! | |
|
computx
Is it Friday yet?
Premium
join:2000-09-02
Kirksville, MO
| when I add a task to the crontab its hard for me to remember what the order of the time fields are. So I always append these comments to the top of the crontab as a reminder.
code:
# 1 the first field denotes the minute,
# 2 the second the hour,
# 3 the third the day of month,
# 4 the fourth the month (by number or short name)
# 5 the fifth the day of the week (by number or short name)
I add this comment to my fstab as a reminder also
code:
# partition mountpoint type opts dump/pass
--
To err is human...to really foul up requires the root password. | |
|
|
| kj6loh2
join:2002-07-17
San Francisco, CA
| Re: Little Known Tips and Tricks... said by Skipdawg :
An Introduction to the Linux Command Line Interface, The Core 15 Commands
»www.wtlug.org/story.php/view/54/
Very good. This can be further broadened to most unixes if instead of less it referenced more. gzip is still not on every unix out there. Neither are killall, locate, dpkg, and rpm. gcc is usually cc, unless the administrator put gcc on the system, since development packages usually are extra, whereas gcc is free!
--
Systems administrator | |
|
phriday613
Your Avatar Is Nice... For Me To Poop On
Premium
join:2002-02-06
Eastchester, NY
clubs:
| neato tip i just found!
/sbin/iptables -xnvL will output a list of all your iptables rules AND a packet counter and byte counter as well!
neat if you want to create a script that could output bytes in/out, based on your iptables rule chains counting bytes in and out!
--
Help find a cure for Cancer - Join Team Discovery! | |
|
nobody65534
@rr.com
| Need to give root access to someone quickly but don't want to share your password or fuss with sudo et al?
add another user, say "newroot"
change the UID & GID to 0 for both and change its password
Like root, users can't log in remotely. IE, the user needs to log in first and then su newroot | |
|
SuperJudge
Magus
Premium
join:2002-11-14
Albany, GA
clubs: | Sweet. | |
|
elluzion
join:2002-10-15
Nashville, TN
| This may be old news to many, but it was certainly a shock to me...
You can get access to a Linux computer without logging in by typing "linux single" at the LILO "boot:" prompt. I think you can type "linux emergency" as well and get the same effect.
If you use graphical LILO, you'll have to hit ctrl-x to get to the prompt.
It boots the computer to runlevel 1, so the network isn't initiated or anything, but it's enough to access files and all that. This is so you can fix any screw ups you may have made which are prohibiting you from logging in.
There's a way to do it with GRUB also, but i don't know how.
I guess this is why important computers, even Linux computers, should be physically, not just virtually, locked up. | |
|
| 
davidsmind
The Eye's Mind
Premium
join:2001-07-04
Canada
| Re: Little Known Tips and Tricks... said by elluzion :
There's a way to do it with GRUB also, but i don't know how.
Append init=/bin/bash to the end of your grub item
--
Be Windows Free By 2003!!! | |
|
| kj6loh2
join:2002-07-17
San Francisco, CA
| said by elluzion :
This may be old news to many...
You can get access to a Linux computer without logging in by typing "linux single" at the LILO "boot:" prompt. I think you can type "linux emergency" as well and get the same effect.
Old news yes. Booting in single user mode has been historically that way. Sun and other vendors got around this by using prom passwords, which itself posed problems.
In order to boot the machine you would need a master password. So what's wrong with this you may ask?
Well, what happens when this particular machine hasn't been rebooted in a long time and the administrator leaves? and does not leave a forwarding number? And the new administrator did not ask for the prom password and the old administrator forgot to give it? This happens more often than you'd think. Since no one needs this until the machine is turned off or reboot. You do not realize the need for this prom password. So most administrators didn't use a prom password. This is a quick way for administrators to restore passwords, etc...
This is why many servers are put behind locked doors.
quote:
It boots the computer to runlevel 1
you can edit /etc/runtab or whatever config file it is and edit out run level 1 if you want.
--
Systems administrator | |
|
|
AITechSE
join:2002-12-12
USA
| Lose a file on your file system? Or want to find every file with foo in it? Try this as root in /:
find .. | grep foo
It takes a bit but it will find everything.
BTW, it will work as a regular user, it just won't be able to search directories you don't have access to (i.e. /root).
[text was edited by author 2003-03-05 20:52:36] | |
|
|
See 6 replies to this post |
|
Drunkula
Premium
join:2000-06-12
Denton, TX
 ·Verizon FIOS
| For an easy way to see if any users have a root account I run this simple script.#!/bin/bash
echo =====
echo The following accounts have root access:
echo =====
cut /etc/passwd -f1,3 -d: |grep :0 | cut -f1 -d:
Then I add a cron job to run it weekly and pipe the output of the script to "mail myusername@drunkula.net -s "Weekly root report". That way I get a weekly email and will easily see if anybody added themselves as a root account. It can be useful if your systems are used by lots of people.
Most likely there is a more elegant way to do it (I'm no shell programmer). Still it works well enough.
--
New owner of the "drunkula.net" domain.
[text was edited by author 2003-03-05 22:34:20] | |
|
| 
Clangeddin
Milkman Dan
join:2000-09-11
Kirkland, WA
clubs: | Re: Little Known Tips and Tricks... Ok, that is a cool little script. Thanks! | |
|
thorgod
I've modeled explosions, BIG explosions
join:2001-07-30
Las Vegas, NV
·Embarq
| So this is pretty well known but it's one of those *tricks* not many know or remember:
Ok, lets say you're logged into a system that doesn't have a text editor installed at all or that you like, what do you do? (don't laugh, this will happen to you) Anyway, what you do is use cat as a file editor. Pretty much you cat >> file and then input whatever text and end the file with a cntrl+d. Everything you have written then is in the file (actually, it should be appended to the file).
Get good with sed, awk, perl or whatever and you'll be able to edit any file anytime this way Or...well there's a billion ways to do things in Linux, I'm sure you all get the point by now heh
--
"Unix gives you enough rope to shoot yourself in the foot." | |
|
|
|
|
·