SECURITY WARNING–EXTREMELY IMPORTANT PART OF LINUX CULTURE
As a general rule, we should not log into the terminal or console directly as “root.” The more secure way to do it is to log in as “thrasher” or “moleski” or some other username created the same way these two were.
To act as root (which is often necessary and very helpful), type su - and press enter. The computer will then ask you for the SuperUser (root) password:
$ su - Enter password:
After you enter the correct root password, the last character in the command prompt will change from $ (ordinary user) to # (superuser). It's a small reminder that the commands you give when logged in as root can totally destroy the entire system.
These commands are all meant to be used in the linux terminal (also known as the Console if you're using Slicehost).
Each line in this section is a single linux command.
linux commands are (sigh) case-sensitive. Or Case-SensiTive, if you prefer. :o(
| command | interpretaton |
|---|---|
| cat conf.d | more | display contents of a file |
| cat /etc/passwd | list all users on the system |
| cat /etc/passwd | cut -d: -f1 | another method to show all users |
| cat /etc/group |cut -d: -f1 | and show all groups |
| chmod 775 somefile | change the permissions on one file |
| chmod 774 somefolder | change permissions on a folder |
| chmod -R 644 somefolder | change permissions on everything in a folder |
| chown owner.group somefile | change ownership of a file |
| chown -R mysql.mysql /var/run/mysqld | change ownership of a folder |
| chown -R mysql.mysql /var/lib/mysql | |
| cp -a | copy all files and folders? |
| cp -rf * destination-dir | force copy of all files and directories to destination |
| cp -R dirtocopy/ newdir/ | copy full directory capital R is no different from “r” |
| cp -R dokuwiki/* test/ | seemed to do what I wanted it to do |
| df -h | view disk space |
| <html>find / -perm 0777<br>find / -type f -perm 0777</html> | find 777 files |
| find / -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print | find directories with sticky bit set |
| ifconfig | find out about IP address, etc. |
| grep |
grep “(g)ets (re)gular ex(p)ressions.<br> It searches a text file and only returns<br> lines that match the pattern given.<br> Regular expressions are ridiculously powerful.</html>|
| history | |
| history -c | |
<li>use up/down arrows to get back history lines</li> <li>edit a line with home, end, DEL, BS</li> <li>press enter when you think you've got it right</li> <li>find out how to mark, copy, and paste to and</li> from command lines. It saves a world of hurt!</li></ul></html>|
| httpd | The basic command that controls the Apache web (page) server. |
| ls -l | list files with ownership and permissions shown |
| lsmod | less | See what modules are loaded and active. |
| netstat | look at ports |
| netstat -ln | grep mysql | find the mysql socket |
| netstat -tap | |
| netstat -an | |
| netstat -an | grep LISTEN | |
| netstat -lutwn | will show all the listening internet ports. |
| nmap localhost | another way of looking at the open ports. |
| printenv | show environment variables |
| ps aux | find out what processes are active |
| ps -ef | same as ps aux |
| ps -ef | grep apache | find out what apache processes are running |
| rm -rf somedirectory | remove a directory and all its contents |
| rpm -qa | grep httpd | find out what version of apache is installed |
| rpm -qa | ask what packages are installed on the system; same as yum list installed |
| shutdown -r now | reboots the computer NOW! reboot also works. |
| SIGHUP | some kind of kill/restart signal … |
| su - | log in as root user with root's environment loaded |
| uname -a | show all system information–version of linux |
| uname -r | show just the kernel ID |
| updatedb | update database used by locate |
| yum | tool to install, remove, reconfigure programs |
| yum list installed | tells what yum has installed on the system |
| yum update | updates all yum-managed packages |
| yum install httpd | “Dear Yum, please install the Apache web server for us.” |
| “A rose by any other name …” | |
| hostname | |
| hostname –fqdn | give fully qualified domain name |
| hostname | show or set the system's host name |
| domainname | show or set the system's NIS/YP domain name |
| dnsdomainname | show the system's DNS domain name |
| nisdomainname | show or set system's NIS/YP domain name |
| ypdomainname | show or set the system's NIS/YP domain name |
useradd -D useradd -c "Firstname Lastname" -g apache username useradd -c "Firstname Lastname" passwd username # set password for username cat /dev/urandom| tr -dc 'a-zA-Z0-9' | fold -w 10| head -n 4
usermod -G username newgroup
Add tony to a secondary group, ftp.
usermod -a -G ftp tony
Change tony's primary group to www:
usermod -g www tony
userdel -r username
find /var/www/html -user username
cat /etc/passwd |cut -d: -f1 | sort cat /etc/group |cut -d: -f1 | sort
No login, no home directory.
groupadd mailman useradd -M -d /nohome -s /bin/false -g mailman -c 'GNU Mailman' mailman
useradd -M -d /nohome -s /bin/false -c 'Dovecot user' dovecot
find / -name 'mypage.htm' find / -name 'sess_*' find / -name 'phpqmLDf7' find /var/www/html -name '*bak' find / -name up2*
1. ps aux | grep processname result: pidof processname OR use "pidof processname" "pidof" means "process ID of ..." 2. "kill processID#" If the pidof is 2874, then: kill 2874 kill -9 2874 # a more effective kill?
chkconfig --list # find out what runs at various levels chkconfig httpd --add # put some new line in for httpd (Apache) chkconfig --level 2345 httpd on # run Apache at levels 2345
Start vi by giving it the name of a file that you intend to damage beyond repair.
vi /etc/system/most_important_system_file.conf
vi will then display the contents of the file.
Navigate with arrow keys. Then press i or a to insert or append at that spot.
i: insert at cursor
a: append at cursor
When you're done making a total hash out of the contents of the file, it's time to go back to command mode.
^[ means “press the escape key first, child”
^[ gets vi into command mode
^[ZZ # exit and write
^[:q! # exit and don't write
To edit a file: nano filename
Look at the bottom of the screen. Read carefully. Obey instructions. Fare well!
Text file formats
End-of-line markers differ from system to system:
Mac: $0D linux: $0A DOS: $0D $0A
tar -jxvf filename.tar.bz2 # BZ2 extract all folders and files tar xvfz filename.tar.gz tar xvfz filename.tgz tar xvf filename.tar
CTRL-S in other contexts means “save”. When working in the linux shell, it means “screw up the poor luser who forgot where he was and what he was doing.”
| Generic | Effect on files | Effect on directories | |
|---|---|---|---|
| 0 | setuid, setgid, sticky bits are cleared | ||
| 1 | sticky bit is set | protects against deletion of file | |
| 2 | setgid bit is set | inherits rights of group on execution | newly created files belong to group |
| 3 | setgid and sticky bits are set | inherits rights of group | newly created files belong to group |
| 4 | setuid bit is set | inherits rights of user | |
| 5 | setuid and sticky bits are set | ||
| 6 | setuid and setgid bits are set | inherits rights of user and group | newly created files belong to group |
| 7 | setuid, setgid, sticky bits are set | all effects | newly created files belong to group |
For example: chmod 7711 something-or-other
Create a password associated with somename for use with .htaccess:
htpasswd -c .htpasswd somename
Test whether the port is open:
nmap -p 5353 -sU -P0 tighar.org
Drop ALL udp services:
iptables -A OUTPUT -s 173.45.236.139 -p udp -j DROP
To remove zeroconf, I added this line to /etc/sysconfig/network:
NOZEROCONF=yes
No joy. I used “yum remove avahi” to get rid of zeroconf altogether. It seems to have worked with no ill side effects.
The first line alone did not do it. Ping still worked. When I added the second line, I got the desired effect (I guess).
iptables -A INPUT -p icmp -j DROP iptables -A OUTPUT -p icmp -j DROP
-A INPUT -p icmp -m state --state NEW -j DROP -A INPUT -p icmp -m state --state NEW -j REJECT --reject-with icmp-port-unreachable -A INPUT -p icmp -j DROP -A OUTPUT -p icmp -j DROP
.1 bak copy old tmp ~1~ ~
"Password Protect Folder / Directory ...":
"Authentication, Authorization and Access Control"
Step 1 - Create .htaccess file in folder you want to protect, copy the code and paste the code below, and then set server path to the file AuthUserFile /path/to/.htpasswd AuthName "Restricted Area" AuthType Basic Require valid-user Step 2 - Open Terminal, go to the directory you want to protect, and enter the following (changing the username to whatever you want). Enter the password upon prompting. htpasswd -c .htpasswd username
;Add APC cache extension=/opt/php5/include/php/ext/apc/apc.so apc.enabled=1 apc.shm_size = 48