unix Toolbox - Cb.vucb.vu/unixtoolbox.book.pdf · UNIX TOOLBOX 4GHRCNBTLDMSHR@BNKKDBSHNMNE5MHW ,HMTW "3$BNLL@MCR@MCS@R ... # System warnings messages see syslog.conf ... Solaris 4GDENKKNVHMFU@KTDRHM

UN

IX

T

OO

LB

OX

4GHRCNBTLDMSHR@BNKKDBSHNMNE5MHW�,HMTW�"3$BNLL@MCR@MCS@RJRVGHBG@QDTRDETKENQ)4VNQJ

NQENQ@CU@MBDCTRDQR�4GHRHR@OQ@BSHB@KFTHCDVHSGBNMBHRDDWOK@M@SHNMR�GNVDUDQSGDQD@CDQHR

RTOONRDC�SN�JMNV�VG@S�R�GD�HR�CNHMF�

��3XRSDL��

��0QNBDRRDR��

��&HKD�3XRSDL��

��.DSVNQJ��

��33(�3#0��

��60.�VHSG�33(��

��239.#��

��35$/��

��%MBQXOS�&HKDR��

��%MBQXOS�0@QSHSHNMR��

��33,�#DQSHEHB@SDR��

��#63��

��36.��

��5RDETK�#NLL@MCR��

��)MRS@KK�3NESV@QD��

��#NMUDQS�-DCH@��

��0QHMSHMF��

��$@S@A@RDR��

��$HRJ�1TNS@��

��3GDKKR��

��3BQHOSHMF��

��0QNFQ@LLHMF��

��/MKHMD�(DKO��

5MHW�4NNKANW�QDUHRHNM��

4GDK@SDRSUDQRHNMNESGHRCNBTLDMSB@MADENTMC@SGSSO��BA�UT�TMHWSNNKANW�WGSLK�2DOK@BD�WGSLK

NMSGDKHMJVHSG�OCEENQSGD0$&UDQRHNM@MCVHSG�ANNJ�OCEENQSGDANNJKDSUDQRHNM�/M@CTOKDW

OQHMSDQ�SGD�ANNJKDS�VHKK�BQD@SD�@�RL@KK�ANNJ�QD@CX�SN�AHMC��3DD�@KRN�SGD@ANTS�O@FD�

%QQNQ�QDONQSR�@MC�BNLLDMSR�@QD�LNRS�VDKBNLD� B BA�UT#NKHM�"@QRBGDK�

1S

YS

TE

M(@QCV@QD�O�[3S@SHRSHBR�O�[5RDQR�O�[,HLHSR�O�[2TMKDUDKR�O�[QNNSO@RRVNQC�O�[

#NLOHKD�JDQMDK�O�[2DO@HQ�FQTA�O�[-HRB�O�

2TMMHMF�JDQMDK�@MC�RXRSDL�HMENQL@SHNM

# uname -a

# Get the kernel version (and BSD version)

# lsb_release -a

# Full release info of any LSB distribution

# cat /etc/SuSE-release

# Get SuSE version

# cat /etc/debian_version

# Get Debian version

5RD�DSB�DISTR QDKD@RDVHSG

DISTR=KRA�5ATMST�QDCG@S�FDMSNN�L@MCQ@JD�RTM�3NK@QHR�@MCRN

NM��3DD�@KRN/etc/issue�

# uptime

# Show how long the system has been running + load

# hostname

# system's host name

# hostname -i

# Display the IP address of the host. (Linux only)

# man hier

# Description of the file system hierarchy

# last reboot

# Show system reboot history

1.1

Ha

rd

wa

re

In

fo

rm

atio

ns

+DQMDK�CDSDBSDC�G@QCV@QD

# dmesg

# Detected hardware and boot messages

# lsdev

# information about installed hardware

# dd if=/dev/mem bs=1k skip=768 count=256 2>/dev/null | strings -n 8# Read BIOS

Lin

ux

# cat /proc/cpuinfo

# CPU model

# cat /proc/meminfo

# Hardware memory

# grep MemTotal /proc/meminfo

# Display the physical memory

# watch -n1 'cat /proc/interrupts'

# Watch changeable interrupts continuously

# free -m

# Used and free memory (-m for MB)

# cat /proc/devices

# Configured devices

# lspci -tv

# Show PCI devices

# lsusb -tv

# Show USB devices

# lshal

# Show a list of all devices with their properties

# dmidecode

# Show DMI/SMBIOS: hw info from the BIOS

Fre

eB

SD

# sysctl hw.model

# CPU model

# sysctl hw

# Gives a lot of hardware information

# sysctl hw.ncpu

# number of active CPUs installed

# sysctl vm

# Memory usage

# sysctl hw.realmem

# Hardware memory

# sysctl -a | grep mem

# Kernel memory settings and info

# sysctl dev

# Configured devices

# pciconf -l -cv

# Show PCI devices

# usbdevs -v

# Show USB devices

# atacontrol list

# Show ATA devices

# camcontrol devlist -v

# Show SCSI devices

1.2

Lo

ad

, sta

tis

tic

s a

nd

me

ss

ag

es

4GD�ENKKNVHMF�BNLL@MCR�@QD�TRDETK�SN�EHMC�NTS�VG@S�HR�FNHMF�NM�NM�SGD�RXRSDL�

# top

# display and update the top cpu processes

# mpstat 1

# display processors related statistics

# vmstat 2

# display virtual memory statistics

# iostat 2

# display I/O statistics (2 s intervals)

# systat -vmstat 1

# BSD summary of system statistics (1 s intervals)

# systat -tcp 1

# BSD tcp connections (try also -ip)

# systat -netstat 1

# BSD active network connections

# systat -ifstat 1

# BSD network traffic through active interfaces

c�3XRSDL�c

�

3GNQS�,HMTW�QDEDQDMBD

VVV�OHWDKAD@S�NQF�BLCKHMD�GSLK

,HSSKD�BNLL@MC�KHMD�FNNCHDRVVV�RGDKK ET�NQF

4G@S�R�@KK�ENKJR�

4GHRCNBTLDMS��5MHW4NNKANWQDUHRHNM��HRKHBDMRDCTMCDQ@#QD@SHUD#NLLNMR,HBDMBD

;!SSQHA

TSHNM� �3G@QD�!KHJD=��b

#NKHM�"@QRBGDK�� 3NLD�QHFGSR�QDRDQUDC�

c�/MKHMD�(DKO�c

��

Th

e p

ro

gra

m s

imp

lecp

p.c

pp

#include"IPv4.h"

#include<iostream>

#include<string>

usingnamespacestd;

intmain (intargc,char* argv[]) {

string ipstr;

// define variables

unsignedlongipint = 1347861486;

// The IP in integer form

GenericUtils::IPv4 iputils;

// create an object of the class

ipstr = iputils.IPint_to_IPquad(ipint);

// call the class member

cout << ipint << " = " << ipstr << endl;

// print the result

return0;

} #NLOHKD�@MC�DWDBTSD�VHSG�

# g++ -c IPv4.cpp simplecpp.cpp

# Compile in objects

# g++ IPv4.o simplecpp.o -o simplecpp.exe

# Link the objects to final executable

# ./simplecpp.exe

1347861486 = 80.86.187.238

5RDlddSNBGDBJVGHBGKHAQ@QHDR@QDTRDCAXSGDDWDBTS@AKD@MCVGDQDSGDX@QDKNB@SDC�!KRNTRDC

SN�BGDBJ�HE�@�RG@QDC�KHAQ@QX�HR�LHRRHMF�NQ�HE�SGD�DWDBTS@AKD�HR�RS@SHB�

# ldd /sbin/ifconfig

# list dynamic object dependencies

# ar rcs staticlib.a *.o

# create static archive

# ar t staticlib.a

# print the objects list from the archive

# ar x /usr/lib/libc.a version.o

# extract an object file from the archive

# nm version.o

# show function members provided by object

22

.5S

imp

le M

ak

efil

e

4GDLHMHL@K-@JDEHKDENQSGDLTKSH RNTQBDOQNFQ@LHRRGNVMADKNV�4GDKHMDRVHSGHMRSQTBSHNMR

must

begin

with a

tab��4GD�A@BJ�RK@RG��<��B@M�AD�TRDC�SN�BTS�KNMF�KHMDR�

CC= g++

CFLAGS= -O

OBJS= IPv4.o simplecpp.o

simplecpp: ${OBJS}

${CC} -o simplecpp ${CFLAGS} ${OBJS}

clean:

rm -f ${TARGET} ${OBJS}

23

ON

LI

NE

H

EL

P

23

.1D

oc

um

en

ta

tio

n

,HMTW�$NBTLDMS@SHNM

DM�SKCO�NQF

,HMTW�-@M�0@FDR

VVV�KHMTWL@MO@FDR�BNL

,HMTW�BNLL@MCR�CHQDBSNQXVVV�NQDHKKXMDS�BNL�KHMTW�BLC

,HMTW�CNB�L@M�GNVSNR

KHMTW�CHD�MDS

&QDD"3$�(@MCANNJ

VVV�EQDDARC�NQF�G@MCANNJ

&QDD"3$�-@M�0@FDR

VVV�EQDDARC�NQF�BFH�L@M�BFH

&QDD"3$�TRDQ�VHJH

VVV�EQDDARCVHJH�MDS

3NK@QHR�-@M�0@FDR

CNBR�RTM�BNL�@OO�CNBR�BNKK��

23

.2O

th

er U

nix

/L

inu

x r

efe

re

nc

es

2NRDSS@�3SNMD�ENQ�5MHW

AG@LH�BNL�QNRDSS@�GSLK��@�5MHW�BNLL@MC�SQ@MRK@SNQ

5MHW�FTHCD�BQNRR�QDEDQDMBDTMHWFTHCD�MDS�TMHWFTHCD�RGSLK

,HMTW�BNLL@MCR�KHMD�KHRS

VVV�KHMTWBLC�NQF

c�/MKHMD�(DKO�c

��

# systat -iostat 1

# BSD CPU and and disk throughput

# ipcs -a

# information on System V interprocess

# tail -n 500 /var/log/messages

# Last 500 kernel/syslog messages

# tail /var/log/warn

# System warnings messages see syslog.conf

1.3

Us

ers

# id

# Show the active user id with login and group

# last

# Show last logins on the system

# who

# Show who is logged on the system

# groupadd admin

# Add group "admin" and user colin (Linux/Solaris)

# useradd -c "Colin Barschel" -g admin -m colin

# usermod -a -G <group> <user>

# Add existing user to group (Debian)

# groupmod -A <user> <group>

# Add existing user to group (SuSE)

# userdel colin

# Delete user colin (Linux/Solaris)

# adduser joe

# FreeBSD add user joe (interactive)

# rmuser joe

# FreeBSD delete user joe (interactive)

# pw groupadd admin

# Use pw on FreeBSD

# pw groupmod admin -m newmember

# Add a new member to a group

# pw useradd colin -c "Colin Barschel" -g admin -m -s /bin/tcsh

# pw userdel colin; pw groupdel admin

%MBQXOSDCO@RRVNQCR@QDRSNQDCHM�DSB�RG@CNVENQ,HMTW@MC3NK@QHR@MC�DSB�L@RSDQ�O@RRVCNM

&QDD"3$�)ESGDL@RSDQ�O@RRVCHRLNCHEHDCL@MT@KKX�R@XSNCDKDSD@O@RRVNQC�QTM#

pwd_mkdb

-p master.passwdSN�QDATHKC�SGD�C@S@A@RD�

4NSDLONQ@QHKXOQDUDMSKNFHMRRXRSDLVHCD�ENQ@KKTRDQRATSQNNSTRDMNKNFHM�4GDLDRR@FDHM

MNKNFHM�VHKK�AD�CHROK@XDC��LHFGS�MNS�VNQJ�VHSG�RRG�OQD RG@QDC�JDXR�

# echo "Sorry no login now" > /etc/nologin

# (Linux)

# echo "Sorry no login now" > /var/run/nologin

# (FreeBSD)

1.4

Lim

its

3NLD@OOKHB@SHNMQDPTHQDGHFGDQKHLHSRNMNODMEHKDR@MCRNBJDSR�KHJD@OQNWXVDARDQUDQ�

C@S@A@RD��4GD�CDE@TKS�KHLHSR�@QD�TRT@KKX�SNN�KNV�

Lin

ux

Per s

hell/scrip

t

4GDRGDKKKHLHSR@QDFNUDQMDCAXulimit�4GDRS@STRHRBGDBJDCVHSGulimit

-a�&NQDW@LOKDSN

BG@MFD�SGD�NODM�EHKDR�KHLHS�EQNL��SN��CN�

# ulimit -n 10240

# This is only valid within the shell

4GDulimitBNLL@MC�B@M�AD�TRDC�HM�@�RBQHOS�SN�BG@MFD�SGD�KHLHSR�ENQ�SGD�RBQHOS�NMKX�

Per u

ser/process

,NFHM�TRDQR�@MC�@OOKHB@SHNMR�B@M�AD�BNMEHFTQDC�HM/etc/security/limits.conf��&NQ�DW@LOKD�

# cat /etc/security/limits.conf

* hard nproc 250

# Limit user processes

asterisk hard nofile 409600

# Limit application open files

Syste

m w

ide

+DQMDK�KHLHSR�@QD�RDS�VHSG�RXRBSK��0DQL@MDMS�KHLHSR�@QD�RDS�HM

/etc/sysctl.conf�

# sysctl -a

# View all system limits

# sysctl fs.file-max

# View max open files limit

# sysctl fs.file-max=102400

# Change max open files limit

# echo "1024 50000" > /proc/sys/net/ipv4/ip_local_port_range

# port range

# cat /etc/sysctl.conf

fs.file-max=102400

# Permanent entry in sysctl.conf

# cat /proc/sys/fs/file-nr

# How many file descriptors are in use

c�3XRSDL�c

�

Fre

eB

SD

Per s

hell/

scrip

t

5RD�SGD�BNLL@MClimitsHM�BRG�NQ�SBRG�NQ�@R�HM�,HMTW��TRDulimitHM�@M�RG�NQ�A@RG�RGDKK�

Per u

ser/process

4GDCDE@TKSKHLHSRNMKNFHM@QDRDSHM

/etc/login.conf�!MTMKHLHSDCU@KTDHRRSHKKKHLHSDCAXSGD

RXRSDL�L@WHL@K�U@KTD�

Syste

m w

ide

+DQMDKKHLHSR@QD@KRNRDSVHSGRXRBSK�0DQL@MDMSKHLHSR@QDRDSHM

/etc/sysctl.confNQ/boot/

loader.conf��4GD�RXMS@W�HR�SGD�R@LD�@R�,HMTW�ATS�SGD�JDXR�@QD�CHEEDQDMS�

# sysctl -a

# View all system limits

# sysctl kern.maxfiles=XXXX

# maximum number of file descriptors

kern.ipc.nmbclusters=32768

# Permanent entry in /etc/sysctl.conf

kern.maxfiles=65536

# Typical values for Squid

kern.maxfilesperproc=32768

kern.ipc.somaxconn=8192

# TCP queue. Better for apache/sendmail

# sysctl kern.openfiles

# How many file descriptors are in use

# sysctl kern.ipc.numopensockets

# How many open sockets are in use

# sysctl net.inet.ip.portrange.last=50000# Default is 1024-5000

# netstat -m

# network memory buffers statistics

3DD�4GD&QDD"3$�G@MCANNJ�#G@OSDQ��ENQ�CDS@HKR��!MC�@KRN&QDD"3$�ODQENQL@MBD�STMHMF�

So

laris

4GD�ENKKNVHMF�U@KTDR�HM

/etc/systemVHKK�HM

BQD@RD�SGD�L@WHLTL�EHKD�CDRBQHOSNQR�ODQ�OQNB�

set rlim_fd_max = 4096

# Hard limit on file descriptors for a single proc

set rlim_fd_cur = 1024

# Soft limit on file descriptors for a single proc

1.5

Ru

nle

ve

ls

Lin

ux

/MBDANNSDC�SGDJDQMDKRS@QSR

initVGHBGSGDMRS@QSR

rcVGHBGRS@QSR@KKRBQHOSRADKNMFHMFSN@

QTMKDUDK�4GDRBQHOSR@QDRSNQDCHM�DSB�HMHS�C

@MC@QDKHMJDCHMSN�DSB�QB�C�QB.�CVHSG.SGDQTMKDUDK

MTLADQ�

4GD�CDE@TKS�QT

MKDUDK�HR�BNMEHFTQDC�HM��DSB�HMHSS@A��)S�HR

�TRT@KKX��NQ��

# grep default: /etc/inittab

id:3:initdefault:

4GD�@BST@K�QTMKDUDK�B@M�AD�BG@MFDC�VHSG

init��&NQ�DW@LOKD�SN�FN�EQNL��SN��

# init 5

# Enters runlevel 5

�3GTSCNVM�@MC�G@KS

�3HMFKD 5RDQ�LNCD��@KRN�3

�-TKSH T

RDQ�VHSGNTS�MDSVNQJ

�-TKSH T

RDQ�VHSG�MDSVNQJ

�-TKSH T

RDQ�VHSG�8

�2DANNS

5RDchkconfigSN�BNMEHFTQD�SGD�OQNFQ@LR�SG@S�VHKK�AD�RS@QSDC�@S�ANNS�HM�@�QTMKDUDK�

# chkconfig --list

# List all init scripts

# chkconfig --list sshd

# Report the status of sshd

# chkconfig sshd --level 35 on

# Configure sshd for levels 3 and 5

# chkconfig sshd off

# Disable sshd for all runlevels

$DAH@M@MC$DAH@MA@[email protected]

L@M@FD�SGD�QTMKDUDKR�RBQHOSR��$DE@TKS�HR�SN�RS@QS�HM

��@MC��@MC�RGTSCNVM�HM��@MC��

��GSSO��V

VV�EQDDARC�NQF�G@MCANNJ�BNMEHFSTMHMF JDQMDK KHL

HSR�GSLK

��GSSO��RDQUDQE@TKS�BNL�PTDRSHNMR��EQDDARC ODQENQL@MBD STMHMF RXRBSKR KN@CDQ BNME JDQMDK

c�3XRSDL�c

�

# gcc simple.c -o simple

# ./simple

The answer is 42

22

.3C

++

ba

sic

s

*pointer

// Object pointed to by pointer

&obj

// Address of object obj

obj.x

// Member x of class obj (object obj)

pobj->x

// Member x of class pointed to by pobj

// (*pobj).x and pobj->x are the same

22

.4C

++

ex

am

ple

!R@RKHFGSKXLNQDQD@KHRSHBOQNFQ@LHM#��@BK@RRHMHSRNVMGD@CDQ�)0U��G@MCHLOKDLDMS@SHNM

�)0U��BOO@MC@OQNFQ@LVGHBGTRDRSGDBK@RRETMBSHNM@KHSX�4GDBK@RRBNMUDQSR@M)0@CCQDRRHM

HMSDFDQ�ENQL@S�SN�SGD�JMNVM�PT@C�ENQL@S�

IP

v4

cla

ss

IPv4

.h:

#ifndefIPV4_H

#defineIPV4_H

#include<string>

namespaceGenericUtils {

// create a namespace

classIPv4 {

// class definition

public:

IPv4(); ~IPv4();

std::string IPint_to_IPquad(unsignedlongip);// member interface

};}//namespace GenericUtils

#endif// IPV4_H

IPv4

.cpp:

#include"IPv4.h"

#include<string>

#include<sstream>

usingnamespacestd;

// use the namespaces

usingnamespaceGenericUtils;

IPv4::IPv4() {}

// default constructor/destructor

IPv4::~IPv4() {}

string IPv4::IPint_to_IPquad(unsignedlongip) {

// member implementation

ostringstream ipstr;

// use a stringstream

ipstr << ((ip &0xff000000) >> 24)

// Bitwise right shift

<< "." << ((ip &0x00ff0000) >> 16)

<< "." << ((ip &0x0000ff00) >> 8)

<< "." << ((ip &0x000000ff));

returnipstr.str();

}

c�0QNFQ@LLHMF�c

��

[\^$.|?*+()

# special characters any other will match themselves

\# escapes special characters and treat as literal

*# repeat the previous item zero or more times

.# single character except line break characters

.*

# match zero or more characters

^# match at the start of a line/string

$# match at the end of a line/string

.$

# match a single character at the end of line/string

^ $

# match line with a single space

^[A-Z]

# match any line beginning with any char from A to Z

21

.6S

om

e u

se

fu

l c

om

ma

nd

s

4GD�ENKKNVHMF�BNLL@MCR�@QD�TRDETK�SN�HMBKTCD�HM�@�RBQHOS�NQ�@R�NMD�KHMDQR�

sort -t. -k1,1n -k2,2n -k3,3n -k4,4n

# Sort IPv4 ip addresses

echo 'Test' | tr '[:lower:]' '[:upper:]'

# Case conversion

echo foo.bar | cut -d . -f 1

# Returns foo

PID=$(ps | grep script.sh | grep bin | awk '{print $1}')

# PID of a running script

PID=$(ps axww | grep [p]ing | awk '{print $1}')

# PID of ping (w/o grep pid)

IP=$(ifconfig $INTERFACE | sed '/.*inet addr:/!d;s///;s/ .*//')

# Linux

IP=$(ifconfig $INTERFACE | sed '/.*inet /!d;s///;s/ .*//')

# FreeBSD

if [ `diff file1 file2 | wc -l` != 0 ]; then [...] fi

# File changed?

cat /etc/master.passwd | grep -v root | grep -v \*: | awk -F":" \# Create http passwd

'{ printf("%s:%s\n", $1, $2) }' > /usr/local/etc/apache2/passwd

testuser=$(cat /usr/local/etc/apache2/passwd | grep -v \

# Check user in passwd

root | grep -v \*: | awk -F":" '{ printf("%s\n", $1) }' | grep ûser$)

:(){ :|:& };:

# bash fork bomb. Will kill your machine

tail +2 file > file2

# remove the first line from file

)TRDSGHRKHSSKDSQHBJSNBG@MFDSGDEHKDDWSDMRHNMENQL@MXEHKDR@SNMBD�&NQDW@LOKDEQNL�BWWSN

�BOO�4DRSHSEHQRSVHSGNTSSGD|

sh@SSGDDMC�9NTB@M@KRNCNSGHRVHSGSGDBNLL@MCrenameHE

HMRS@KKDC��/Q�VHSG�A@RG�ATHKSHMR�

# ls *.cxx | awk -F. '{print "mv "$0" "$1".cpp"}' | sh

# ls *.c | sed "s/.*/cp & &.$(date "+%Y%m%d")/" | sh# e.g. copy *.c to *.c.20080401

# rename .cxx .cpp *.cxx

# Rename all .cxx to cpp

# for i in *.cxx; do mv $i ${i%%.cxx}.cpp; done

# with bash builtins

22

PR

OG

RA

MM

IN

G

22

.1C

ba

sic

s

strcpy(newstr,str)

/* copy str to newstr */

expr1 ? expr2 : expr3

/* if (expr1) expr2 else expr3 */

x = (y > z) ? y : z;

/* if (y > z) x = y; else x = z; */

int a[]={0,1,2};

/* Initialized array (or a[3]={0,1,2}; */

int a[2][3]={{1,2,3},{4,5,6}};

/* Array of array of ints */

int i = 12345;

/* Convert in i to char str */

char str[10];

sprintf(str, "%d", i);

22

.2C

ex

am

ple

!�LHMHL@K�B�OQNFQ@L�RHLOKD�B�

#include<stdio.h>

main() {

intnumber=42;

printf("The answer is %i\n", number);

} #NLOHKD�VHSG�

c�0QNFQ@LLHMF�c

��

# update-rc.d sshd defaults

# Activate sshd with the default runlevels

# update-rc.d sshd start 20 2 3 4 5 . stop 20 0 1 6 .

# With explicit arguments

# update-rc.d -f sshd remove

# Disable sshd for all runlevels

# shutdown -h now (or # poweroff)

# Shutdown and halt the system

Fre

eB

SD

4GD"3$ANNS@OOQN@BGHRCHEEDQDMSEQNLSGD3XR6�SGDQD@QDMNQTMKDUDKR�4GDEHM@KANNSRS@SD

�RHMFKDTRDQ�VHSGNQVHSGNTS8HRBNMEHFTQDCHM

/etc/ttys�!KK/3RBQHOSR@QDKNB@SDCHM

/etc/

rc.d/@MCHM

/usr/local/etc/rc.d/ENQSGHQC O@QSX@OOKHB@SHNMR�4GD@BSHU@SHNMNESGDRDQUHBDHR

BNMEHFTQDCHM

/etc/rc.conf@MC/etc/rc.conf.local�4GDCDE@TKSADG@UHNQHRBNMEHFTQDCHM

/etc/

defaults/rc.conf��4GD�RBQHOSR�QDRONMCR�@S�KD@RS�SN�RS@QS[RSNO[RS@STR�

# /etc/rc.d/sshd status

sshd is running as pid 552.

# shutdown now

# Go into single-user mode

# exit

# Go back to multi-user mode

# shutdown -p now

# Shutdown and halt the system

# shutdown -r now

# Reboot

4GDOQNBDRRinitB@M@KRNADTRDCSNQD@BGNMDNESGDENKKNVHMFRS@SDRKDUDK�&NQDW@LOKD

#init

6ENQ�QDANNS�

�(@KS�@MC�STQM�SGD�ONVDQ�NEE��RHFM@KUSR2

�'N�SN�RHMFKD TRDQ�LNCD��RHFM@KTERM

�2DANNS�SGD�L@BGHMD��RHFM@KINT

B"KNBJ�ETQSGDQ�KNFHMR��RHFM@KTSTP

P2DRB@M�SGD�SSXR��EHKD��RHFM@KHUP

Win

do

ws

3S@QS@MCRSNO@RDQUHBDVHSGDHSGDQSGDservice

nameNQ"service

description"�RGNVMHMSGD

3DQUHBDR�#NMSQNK�0@MDK�@R�ENKKNVR�

net stop WSearch

net start WSearch

# start search service

net stop "Windows Search"

net start "Windows Search"

# same as above using descr.

1.6

Re

se

t r

oo

t p

as

sw

ord

Lin

ux

me

th

od

1

!S�SGD�ANNS�KN@CDQ��KHKN�NQ�FQTA��DMSDQ�SGD�ENKKNVHMF�ANNS�NOSHNM�

init=/bin/sh

4GDJDQMDKVHKKLNTMSSGDQNNSO@QSHSHNM@MCinitVHKKRS@QSSGDANTQMDRGDKKHMRSD@CNErc@MCSGDM@

QTMKDUDK�5RDSGDBNLL@MCpasswd@SSGDOQNLOSSNBG@MFDSGDO@RRVNQC@MCSGDMQDANNS�&NQFDS

SGD�RHMFKD�TRDQ�LNCD�@R�XNT�MDDC�SGD�O@RRVNQC�ENQ�SG@S�

)E��@ESDQ�ANNSHMF��SGD�QNNS�O@QSHSHNM�HR�LNTMSDC�QD@C�NMKX��QDLNTMS�HS�QV�

# mount -o remount,rw /

# passwd

# or delete the root password (/etc/shadow)

# sync; mount -o remount,ro /

# sync before to remount read only

# reboot

Fre

eB

SD

me

th

od

1

/M&QDD"3$�ANNSHMRHMFKDTRDQLNCD�QDLNTMS�QV@MCTRDO@RRVC�9NTB@MRDKDBSSGDRHMFKD

TRDQLNCDNMSGDANNSLDMT�NOSHNM�VGHBGHRCHROK@XDCENQ��RDBNMCR@SRS@QSTO�4GDRHMFKD

TRDQ�LNCD�VHKK�FHUD�XNT�@�QNNS�RGDKK�NM�SGD��O@QSHSHNM�

# mount -u /; mount -a

# will mount / rw

# passwd

# reboot

c�3XRSDL�c

�

Un

ixe

s a

nd

Fre

eB

SD

an

d L

inu

x m

eth

od

2

/SGDQ5MHWDRLHFGSMNSKDSXNTFN@V@XVHSGSGDRHLOKDHMHSSQHBJ�4GDRNKTSHNMHRSNLNTMSSGDQNNS

O@QSHSHN

M�EQNL�@M�NSGDQ�/3��KHJD�@�QDRBTD�#$�@MC�BG@MFD�SGD�O@RRVNQC�NM�SGD�CHRJ�

a"NNS�@�KHUD�#$�NQ�HMRS@KK@SHNM�#$�HMSN�@�QDRBTD�LNCD�VGHBG�VHKK�FHUD�XNT�@�RGDKK�

a&HMC�SGD�QNNS�O@QSHSHN

M�VHSG�ECHRJ�D�F��ECHRJ��CDU�RC@

a-NTMS�HS�@

MC�TRD�BGQNNS�

# mount -o rw /dev/ad4s3a /mnt

# chroot /mnt

# chroot into /mnt

# passwd

# reboot

1.7

Ke

rn

el m

od

ule

s

Lin

ux

# lsmod

# List all modules loaded in the kernel

# modprobe isdn

# To load a module (here isdn)

Fre

eB

SD

# kldstat

# List all modules loaded in the kernel

# kldload crypto

# To load a module (here crypto)

1.8

Co

mp

ile K

ern

el

Lin

ux

# cd /usr/src/linux

# make mrproper

# Clean everything, including config files

# make oldconfig

# Reuse the old .config if existent

# make menuconfig

# or xconfig (Qt) or gconfig (GTK)

# make

# Create a compressed kernel image

# make modules

# Compile the modules

# make modules_install

# Install the modules

# make install

# Install the kernel

# reboot

Fre

eB

SD

/OSHNM@KKX�TOC@SD�SGD�RNTQBD�SQDD��HM

/usr/src�VHSG�BRTO��@R�NE�&QDD"3$��NQ�K@SDQ�

# csup <supfile>

)�TRD�SGD�ENKKNVHMF�RTOEHKD�

*default host=cvsup5.FreeBSD.org # www.freebsd.org/handbook/cvsup.html#CVSUP-MIRRORS

*default prefix=/usr

*default base=/var/db

*default release=cvs delete tag=RELENG_7

src-all

4NLNCHEX@MCQDATHKCSGDJDQMDK�BNOXSGDFDMDQHBBNMEHFTQ@SHNMEHKDSN@MDVM@LD@MCDCHSHS@R

MDDCDC�XNTB@M@KRNDCHSSGDEHKD

GENERICCHQDBSKX�4NQDRS@QSSGDATHKC@ESDQ@MHMSDQQTOSHNM�@CC

SGD�NOSHNMNO_CLEAN=YESSN�SGD�L@JD�BNLL@MC�SN�@UNHC�BKD@MHMF�SGD�NAIDBSR�@KQD@CX�ATHKC�

# cd /usr/src/sys/i386/conf/

# cp GENERIC MYKERNEL

# cd /usr/src

# make buildkernel KERNCONF=MYKERNEL

# make installkernel KERNCONF=MYKERNEL

4N�QDATHKC�SGD�ETKK�/3�

# make buildworld

# Build the full OS but not the kernel

# make buildkernel

# Use KERNCONF as above if appropriate

# make installkernel

c�3XRSDL�c

�

Generate

a file

MYHOME=/home/colin

cat > testhome.sh << _EOF

# All of this goes into the file testhome.sh

if[ -d "$MYHOME" ] ;then

echo $MYHOMEexists

elseecho $MYHOMEdoes not exist

fi_EOF

sh testhome.sh

21

.2B

ou

rn

e s

crip

t e

xa

mp

le

!R�@�RL@KK�DW@LOKD��SGD�RBQHOS�TRDC�SN�BQD@SD�@�0$&�ANNJKDS�EQN

L�SGHR�WGSLK�CNBTLDMS�

#!/bin/sh

# This script creates a book in pdf format ready to print on a duplex printer

if[ $#-ne1 ];then

# Check the argument

echo 1>&2 "Usage: $0 HtmlFile"

exit1

# non zero exit if error

fi

file=$1

# Assign the filename

fname=${file%.*}

# Get the name of the file only

fext=${file#*.}

# Get the extension of the file

prince $file-o $fname.pdf

# from www.princexml.com

pdftops -paper A4 -noshrink $fname.pdf $fname.ps# create postscript booklet

cat $fname.ps |psbook|psnup -Pa4 -2 |pstops -b "2:0,1U(21cm,29.7cm)" > $fname.book.ps

ps2pdf13 -sPAPERSIZE=a4 -sAutoRotatePages=None $fname.book.ps $fname.book.pdf

# use #a4 and #None on Windows!

exit0

# exit 0 means successful

21

.3S

om

e a

wk

co

mm

an

ds

!VJHRTRDETKENQEHDKCRSQHOOHMF�KHJDBTSHM@LNQDONVDQETKV@X�3D@QBGSGHRCNBTLDMSENQNSGDQ

DW@LOKDR��3DD�ENQ�DW@LOKDFMTK@LO�BNL@MCNMD KHMDQR�ENQ�@VJENQ�RNLD�MHBD�DW@LOKDR�

awk '{ print $2, $1 }' file

# Print and inverse first two columns

awk '{printf("%5d : %s\n", NR,$0)}' file

# Add line number left aligned

awk '{print FNR "\t" $0}' files

# Add line number right aligned

awk NF test.txt

# remove blank lines (same as grep '.')

awk 'length > 80'

# print line longer than 80 char)

21

.4S

om

e s

ed

co

mm

an

ds

(DQD�HRSGD�NMD�KHMDQ�FNKC�LHMD��!MC�@�FNNCHMSQNCTBSHNM�@MC�STSNQH@K�SN�RDC��

sed 's/string1/string2/g'

# Replace string1 with string2

sed -i 's/wroong/wrong/g' *.txt

# Replace a recurring word with g

sed 's/$.*$1/\12/g'

# Modify anystring1 to anystring2

sed '/<p>/,/<\/p>/d' t.xhtml

# Delete lines that start with <p>

# and end with </p>

sed '/ *#/d; /^ *$/d'

# Remove comments and blank lines

sed 's/[ \t]*$//'

# Remove trailing spaces (use tab as \t)

sed 's/^[ \t]*//;s/[ \t]*$//'

# Remove leading and trailing spaces

sed 's/[^*]/[&]/'

# Enclose first char with [] top->[t]op

sed = file | sed 'N;s/\n/\t/' > file.num

# Number lines on a file

21

.5R

eg

ula

r E

xp

re

ss

ion

s

3NLD�A@RHB�QDFTK@Q�DWOQDRRHNM�TRDETK�ENQ�RDC�SNN��3DD"@RHB�2DFDW�3XMS@W��ENQ�@�FNNC�OQHLDQ�

��GSSO��RSTCDMS�MNQSGO@QJ�DCT�ODLDMSD�RDC�RDC�KHMD�SWS

��GSSO��V

VV�FQXLNHQD�BNL�5MHW�3DC�GSLK

��GSSO��V

VV�QDFTK@Q DWOQDRRHNMR�HMEN�QDEDQDMBD�GSLK

c�3BQHOSHMF�c

��

21

SC

RI

PT

IN

G"@RHBR�O��[3BQHOSDW@LOKD�O��[@VJ�O��[RDC�O��[2DFTK@Q%WOQDRRHNMR�O��[TRDETK

BNLL@MCR�O��

4GD"NTQMDRGDKK��AHM�RGHROQDRDMSNM@KK5MHWHMRS@KK@SHNMR@MCRBQHOSRVQHSSDMHMSGHRK@MFT@FD

@QD��PTHSD�ONQS@AKD�man 1 shHR�@�FNNC�QDEDQDMBD�

21

.1B

as

ics

Va

ria

ble

s a

nd

arg

um

en

ts

!RRHFM�VHSG�U@QH@AKD�U@KTD�@MC�FDS�BNMSDMS�VHSG��U@QH@AKD

MESSAGE="Hello World"

# Assign a string

PI=3.1415

# Assign a decimal number

N=8

TWON=èxpr $N * 2`

# Arithmetic expression (only integers)

TWON=$(($N * 2))

# Other syntax

TWOPI=ècho "$PI * 2" | bc -l`

# Use bc for floating point operations

ZERO=ècho "c($PI/4)-sqrt(2)/2" | bc -l`

4GD�BNLL@MC�KHMD�@QFTLDMSR�@QD

$0, $1, $2, ...

# $0 is the command itself

$#

# The number of arguments

$*

# All arguments (also $@)

Sp

ecia

l V

aria

ble

s

$$

# The current process ID

$?

# exit status of last command

command

if[ $?!= 0 ];then

echo "command failed"

fi

mypath=`pwd`

mypath=${mypath}/file.txt

echo ${mypath##*/}

# Display the filename only

echo ${mypath%%.*}

# Full path without extention

foo=/tmp/my.dir/filename.tar.gz

path = ${foo%/*}

# Full path without extention

var2=${var:=string}

# Use var if set, otherwise use string

# assign string to var and then to var2.

size=$(stat -c%s "$file")

# get file size in bourne script

filesize=${size:=-1}

Co

nstru

cts

forfilein `ls`

do

echo $file

done

count=0

while[ $count-lt 5 ];do

echo $count

sleep 1

count=$(($count+ 1))

done

myfunction() {

find . -type f -name "*.$1" -print

# $1 is first argument of the function

} myfunction "txt"

c�3BQHOSHMF�c

��

# reboot

# mergemaster -p

# Compares only files known to be essential

# make installworld

# mergemaster -i -U

# Update all configurations and other files

# reboot

&NQ�RL@KK�BG@MFDR�HM�SGD�RNTQBD�XNT�B@M�TRD�./?#,%!.�XDR�SN�@UNHC�QDATHKCHMF�SGD�VGNKD�SQDD�

# make buildworld NO_CLEAN=yes

# Don't delete the old objects

# make buildkernel KERNCONF=MYKERNEL NO_CLEAN=yes

1.9

Re

pa

ir g

ru

b

3NXNTAQNJDFQTA�"NNSEQNL@KHUDBC�;EHMCXNTQKHMTWO@QSHSHNMTMCDQ/dev@MCTRDfdiskSNEHMC

SGDKHMTWO@QSHNM=LNTMSSGDKHMTWO@QSHSHNM�@CC�OQNB@MC�CDU@MCTRDgrub-install

/dev/xyz�

3TOONRD�KHMTW�KHDR�NM/dev/sda6�

# mount /dev/sda6 /mnt

# mount the linux partition on /mnt

# mount --bind /proc /mnt/proc

# mount the proc subsystem into /mnt

# mount --bind /dev /mnt/dev

# mount the devices into /mnt

# chroot /mnt

# change root to the linux partition

# grub-install /dev/sda

# reinstall grub with your old settings

1.1

0M

isc

$HR@AKD�/38�UHQST@K�LDLNQX��QDOD@S�VHSGloadSN�QD DM@AKD��&@RSDQ�RXRSDL��ATS�@�KHSSKD�QHRJX�

# sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.dynamic_pager.plist

# sleep 3600; pmset sleepnow

# go to standby in one hour (OSX)

# defaults write -g com.apple.mouse.scaling -float 8

# OSX mouse acceleration (use -1 to reverse)

2P

RO

CE

SS

ES

,HRSHMF�O�[0QHNQHSX�O�["@BJFQNTMC�&NQDFQNTMC�O�[4NO�O�[+HKK�O�

2.1

Lis

tin

g a

nd

PID

s

%@BG�OQNBDRR�G@R�@�TMHPTD�MTLADQ��SGD�0)$��!�KHRS�NE�@KK�QTMMHMF�OQNBDRR�HR�QDSQHDUDC�VHSGps�

# ps -auxefw

# Extensive list of all running process

(NVDUDQLNQDSXOHB@KTR@FDHRVHSG@OHODNQVHSGpgrep�ENQ/38HMRS@KKproctoolsEQNL-@B0NQSR

�O@FD��

# ps axww | grep cron

586 ?? Is 0:01.48 /usr/sbin/cron -s

# ps axjf

# All processes in a tree format (Linux)

# ps aux | grep 'ss[h]'

# Find all ssh pids without the grep pid

# pgrep -l sshd

# Find the PIDs of processes by (part of) name

# echo $$

# The PID of your shell

# fuser -va 22/tcp

# List processes using port 22 (Linux)

# pmap PID

# Memory map of process (hunt memory leaks) (Linux)

# fuser -va /home

# List processes accessing the /home partition

# strace df

# Trace system calls and signals

# truss df

# same as above on FreeBSD/Solaris/Unixware

2.2

Prio

rit

y

#G@MFDSGDOQHNQHSXNE@QTMMHMFOQNBDRRVHSGrenice�N

eg

ati

ve

nu

mb

ers

have

ah

igh

er

prio

rit

y�

SGD�KNVDRS�HR� ��@MC��MHBD��G@UD�@�ONRHSHUD�U@KTD�

# renice -5 586

# Stronger priority

586: old priority 0, new priority -5

c�0QNBDRRDR�c

�

3S@QSSGDOQNBDRRVHSG@CDEHMDCOQHNQHSX

VHSG

nice�0NRHSHUDHR�MHBD�NQVD@J�MDF@SHUDHRRSQNMF

RBGDCTKHMFOQHNQHSX�-@JDRTQDXNTJMNVHE/usr/bin/niceNQSGDRGDKKATHKS HM

HRTRDC�BGDBJVHSG

# which nice�

# nice -n -5 top

# Stronger priority (/usr/bin/nice)

# nice -n 5 top

# Weaker priority (/usr/bin/nice)

# nice +5 top

# tcsh builtin nice (same as above!)

7GHKDMHBDBG@MFDRSGD#05RBGDCTKDQ�@MNSGDQTRDETKBNLL@MCioniceVHKKRBGDCTKDSGDCHRJ)/�

4GHRHRUDQXTRDETKENQHMSDMRHUD)/@OOKHB@SHNM�D�F�BNLOHKHMF�9NTB@MRDKDBS@BK@RR�HCKD ADRS

DEENQS� �QD

@K�SHL

D��SG

D�L@M�O@FD�HR�RGNQS�@MC�VDKK�DWOK@HMDC�

# ionice c3 -p123

# set idle class for pid 123 (Linux only)

# ionice -c2 -n0 firefox

# Run firefox with best effort and high priority

# ionice -c3 -p$$

# Set the actual shell to idle priority

4GDK@RSBNLL@MCHRUDQXTRDETKSNBNLOHKD�NQCDATF@K@QFDOQNIDBS�%UDQXBNLL@MCK@TMBGDC

EQNL�SGHR�RGDKK�VHKK�G@UD�@�KNUDQ�OQHNQHSX�$$HR�XNTQ�RGDKK�OHC��SQX

�DBGN��

&QDD"3$�TRDRidprio/rtprio��L@W�OQHNQHSX��LNRS�HCKD�

# idprio 31 make

# compile in the lowest priority

# idprio 31 -1234

# set PID 1234 with lowest priority

# idprio -t -1234

# -t removes any real time/idle priority

2.3

Ba

ck

gro

un

d/

Fo

re

gro

un

d

7GDMRS@QSDCEQNL@RGDKK�OQNBDRRDRB@MADAQNTFGSHMSGDA@BJFQNTMC@MCA@BJSNSGDENQDFQNTMC

VHSG;#SQK= ;:

=�>:�

bg@MCfg�,HRSSGDOQNBDRRDRVHSG

jobs�7GDMMDDCDCCDS@BGEQNLSGD

SDQLHM@K�VHSG

disown�

# ping cb.vu > ping.log

^Z

# ping is suspended (stopped) with [Ctrl]-[Z]

# bg

# put in background and continues running

# jobs -l

# List processes in background

[1] - 36232 Running ping cb.vu > ping.log

[2] + 36233 Suspended (tty output) top

# fg %2

# Bring process 2 back in foreground

# make

# start a long compile job but need to leave the terminal

^Z

# suspended (stopped) with [Ctrl]-[Z]

# bg

# put in background and continues running

# disown -h %1

# detatch process from terminal, won't be killed at logout

.N�RSQ@HFGS�ENQV@QC�V@X�SN�QD @SS@BG�SGD�OQNBDRR�SN�@�MDV�SDQLHM@K��SQX

QDOSXQ�,HMTW�

5RDnohupSNRS@QS@OQNBDRRVGHBGG@RSNJDDOQTMMHMFVGDMSGDRGDKKHRBKNRDC�HLLTMDSN

G@MFTOR�

# nohup ping -i 60 > ping.log &

2.4

To

p

4GDOQNFQ@L

topCHROK@XRQTMMHMFHMENQL@SHNMNEOQNBDRRDR�3DD@KRNSGDOQNFQ@L

htopEQNL

GSNO�RNTQBDENQFD�MDS�@LNQDONVDQETKUDQRHNMNESNOVGHBGQTMRNM,HMTW@MC&QDD"3$�ports/

sysutils/htop/��7

GHKD�SNO�HR�QTMMHMF�OQDRR�SGD�JDX�G�ENQ�@�GDKO�NUDQUHDV��5RDETK�JDXR�@QD�

au

[u

ser

nam

e]4NCHROK@XNMKXSGDOQNBDRRDRADKNMFHMFSNSGDTRDQ�5RD�NQAK@MJSNRDD

@KK�TRDQR

ak [

pid

]+HKK�SG

D�OQNBDRR�VHSG�OHC�

a14N�CHROK@X�@KK�OQNBDRRNQR�RS@SHRSHBR��,HMTW�NMKX

aR4NFFKD�MNQL@K�QDUDQRD�RNQS�

2.5

Sig

na

ls/

Kill

4DQLHM@SD�NQ�RDMC�@�RHFM@K�VHSG

killNQkillall�

c�0QNBDRRDR�c

�

# in .bashrc

bind '"\e[A"':history-search-backward# Use up and down arrow to search

bind '"\e[B"':history-search-forward

# the history. Invaluable!

set -o emacs

# Set emacs mode in bash (see below)

set bell-style visible

# Do not beep, inverse colors

# Set a nice prompt like [user@host]/path/todir>

PS1="\[\033[1;30m\][\[\033[1;34m\]\u\[\033[1;30m\]"

PS1="$PS1@\[\033[0;33m\]\h\[\033[1;30m\]]\[\033[0;37m\]"

PS1="$PS1\w\[\033[1;30m\]>\[\033[0m\]"

# To check the currently active aliases, simply type alias

alias ls='ls -aF'

# Append indicator (one of */=>@|)

alias ll='ls -aFls'

# Listing

alias la='ls -all'

alias ..='cd ..'

alias ...='cd ../..'

export HISTFILESIZE=5000

# Larger history

export CLICOLOR=1

# Use colors (if possible)

export LSCOLORS=ExGxFxdxCxDxDxBxBxExEx

20

.2tc

sh

2DCHQDBSR�@MC�OHODR�ENQ�SBRG�@MC�BRG��RHLOKD��@MC��@QD�SGD�R@LD�@R�RG�

# cmd >& file

# Redirect both stdout and stderr to file.

# cmd >>& file

# Append both stdout and stderr to file.

# cmd1 | cmd2

# pipe stdout to cmd2

# cmd1 |& cmd2

# pipe stdout and stderr to cmd2

4GD�RDSSHMFR�ENQ�BRG�SBRG�@QD�RDS�HM

~/.cshrc��QDKN@C�VHSG��RNTQBD��BRGQB��%W@LOKDR�

# in .cshrc

alias ls 'ls -aF'

alias ll 'ls -aFls'

alias la 'ls -all'

alias .. 'cd ..'

alias ... 'cd ../..'

set prompt = "%B%n%b@%B%m%b%/> "# like user@host/path/todir>

set history = 5000

set savehist = ( 6000 merge )

set autolist

# Report possible completions with tab

set visiblebell

# Do not beep, inverse colors

# Bindkey and colors

bindkey -e Select Emacs bindings

# Use emacs keys to edit the command prompt

bindkey -k up history-search-backward# Use up and down arrow to search

bindkey -k down history-search-forward

setenv CLICOLOR 1

# Use colors (if possible)

setenv LSCOLORS ExGxFxdxCxDxDxBxBxExEx

4GDDL@BRLNCDDM@AKDRSNTRDSGDDL@BRJDXRRGNQSBTSRSNLNCHEXSGDBNLL@MCOQNLOSKHMD�

4GHR�HR�DWSQDLDKX�TRDETK��MNS�NMKX�ENQ�DL@BR�TRDQR��4GD�LNRS�TRDC�BNLL@MCR�@QD�

# @

-NUD�BTQRNQ�SN�ADFHMMHMF�NE�KHMD

# D

-NUD�BTQRNQ�SN�DMC�NE�KHMD

- A

-NUD�BTQRNQ�A@BJ�NMD�VNQC

- E

-NUD�BTQRNQ�ENQV@QC�NMD�VNQC

- C

#TS�SGD�MDWS�VNQC

# V

#TS�SGD�K@RS�VNQC

# T

#TS�DUDQXSGHMF�ADENQD�SGD�BTQRNQ

# J

#TS�DUDQXSGHMF�@ESDQ�SGD�BTQRNQ��QD

RS�NE�SGD�KHMD

# X

0@RSD�SGD�K@RS�SGHMF�SN�AD�BTS��RHLOKX�O@RSD

# ?

5MCN

Note

:# ��GNKC�BNMSQNK��- ��GNKC�LDS@��VGHBG�HR�TRT@KKX�SGD�@KS�NQ�DRB@OD�JDX�

c�3GDKKR�c

��

change

the

valu

es

of

soft

and

hard�)EMNSRODBHEHDC�SGDAKNBJR@QD�J�4GDFQ@BDODQHNCHRRDSVHSG

edquota -t��&NQ�DW@LOKD�

# edquota -u colin

Lin

ux

Disk quotas for user colin (uid 1007):

Filesystem blocks soft hard inodes soft hard

/dev/sda8 108 1000 2000 1 0 0

Fre

eB

SD

Quotas for user colin:

/home: kbytes in use: 504184, limits (soft = 700000, hard = 800000)

inodes in use: 1792, limits (soft = 0, hard = 0)

Fo

r m

an

y u

se

rs

4GDBNLL@MCedquota

-pHRTRDCSNCTOKHB@SD@PTNS@SNNSGDQTRDQR�&NQDW@LOKDSNCTOKHB@SD@

QDEDQDMBD�PTNS@�SN�@KK�TRDQR�

# edquota -p refuser àwk -F: '$3 > 499 {print $1}' /etc/passwd`

# edquota -p refuser user1 user2

# Duplicate to 2 users

Ch

eck

s

5RDQRB@MBGDBJSGDHQPTNS@AXRHLOKXSXOHMFquota�SGDEHKDPTNS@�TRDQLTRSADQD@C@AKD�2NNS

B@M�BGDBJ�@KK�PTNS@R�

# quota -u colin

# Check quota for a user

# repquota /home

# Full report for the partition for all users

20

SH

EL

LS

-NRS,HMTWCHRSQHATSHNMRTRDSGDA@RGRGDKKVGHKDSGD"3$RTRDSBRG�SGDANTQMDRGDKKHRNMKXTRDC

ENQ�RBQHOSR��&HKSDQR�@QD�UDQX�TRDETK�@MC�B@M�AD�OHODC�

grep0@SSDQM�L@SBGHMF

sed3D@QBG�@MC�2DOK@BD�RSQHMFR�NQ�BG@Q@BSDQR

cut0QHMS�RODBHEHB�BNKTLMR�EQNL�@�L@QJDQ

sort3NQS�@KOG@ADSHB@KKX�NQ�MTLDQHB@KKX

uniq2DLNUD�CTOKHB@SD�KHMDR�EQNL�@�EHKD

&NQ�DW@LOKD�TRDC�@KK�@S�NMBD�

# ifconfig | sed 's/ / /g' | cut -d" " -f1 | uniq | grep -E "[a-z0-9]+" | sort -r

# ifconfig | sed '/.*inet addr:/!d;s///;s/ .*//'|sort -t. -k1,1n -k2,2n -k3,3n -k4,4n

4GD�EHQRS�BG@Q@BSDQ�HM�SGD�RDC�O@SSDQM�HR�@�S@A��4N�VQHSD�@�S@A�NM�SGD�BNMRNKD��TRD�BSQK U�BSQK S@A�

20

.1b

as

h

2DCHQDBSR�@MC�OHODR�ENQ�A@RG�@MC�RG�

# cmd 1> file

# Redirect stdout to file.

# cmd 2> file

# Redirect stderr to file.

# cmd 1>> file

# Redirect and append stdout to file.

# cmd &> file

# Redirect both stdout and stderr to file.

# cmd >file 2>&1

# Redirects stderr to stdout and then to file.

# cmd1 | cmd2

# pipe stdout to cmd2

# cmd1 2>&1 | cmd2

# pipe stdout and stderr to cmd2

-NCHEXXNTQBNMEHFTQ@SHNMHM]��A@RGQB�HSB@M@KRNAD]��A@RG?OQNEHKD�4GDENKKNVHMFDMSQHDR@QD

TRDETK�QDKN@CVHSG��A@RGQB��7HSGBXFVHMTRD]��A@RG?OQNEHKD�VHSGQWUSO@RSVHSGRGHES�KDES

BKHBJ�

c�3GDKKR�c

��

# ping -i 60 cb.vu > ping.log &

[1] 4712

# kill -s TERM 4712

# same as kill -15 4712

# killall -1 httpd

# Kill HUP processes by exact name

# pkill -9 http

# Kill TERM processes by (part of) name

# pkill -TERM -u www

# Kill TERM processes owned by www

# fuser -k -TERM -m /home

# Kill every process accessing /home (to umount)

)LONQS@MS�RHFM@KR�@QD�

�HUP�G@MF�TO

�INT�HMSDQQTOS

�QUIT�PTHS

�KILL�MNM B@SBG@AKD��MNM HFMNQ@AKD�JHKK

��

TERM�RNESV@QD�SDQLHM@SHNM�RHFM@K

3F

IL

E S

YS

TE

M$HRJHMEN�O�["NNS�O�[$HRJTR@FD�O��[/ODMDCEHKDR�O��[-NTMS�QDLNTMS�O��[-NTMS

3-"�O��[-NTMSHL@FD�O��["TQM)3/�O��[#QD@SDHL@FD�O��[-DLNQXCHRJ�O��[$HRJ

ODQENQL@MBD�O��

3.1

Pe

rm

iss

ion

s

#G@MFDODQLHRRHNM@MCNVMDQRGHOVHSGchmod@MCchown�4GDCDE@TKSTL@RJB@MADBG@MFDCENQ@KK

TRDQRHM�DSB�OQNEHKDENQ,HMTWNQ�DSB�KNFHM�BNMEENQ&QDD"3$�4GDCDE@TKSTL@RJHRTRT@KKX��4GD

TL@RJ�HR�RTASQ@BSDC�EQNL��SGTR�TL@RJ��QDRTKSR�HM�@�ODQLHRRHNM��E��

1 --x execute

# Mode 764 = exec/read/write | read/write | read

2 -w- write

# For: |-- Owner --| |- Group-| |Oth|

4 r-- read

ugo=a

u=user, g=group, o=others, a=everyone

# chmod [OPTION] MODE[,MODE] FILE

# MODE is of the form [ugoa]*([-+=]([rwxXst]))

# chmod 640 /var/log/maillog

# Restrict the log -rw-r-----

# chmod u=rw,g=r,o= /var/log/maillog# Same as above

# chmod -R o-r /home/*

# Recursive remove other readable for all users

# chmod u+s /path/to/prog

# Set SUID bit on executable (know what you do!)

# find / -perm -u+s -print

# Find all programs with the SUID bit

# chown user:group /path/to/file

# Change the user and group ownership of a file

# chgrp group /path/to/file

# Change the group ownership of a file

# chmod 640 `find ./ -type f -print`# Change permissions to 640 for all files

# chmod 751 `find ./ -type d -print`# Change permissions to 751 for all directories

3.2

Dis

k i

nfo

rm

atio

n

# diskinfo -v /dev/ad2

# information about disk (sector/size) FreeBSD

# hdparm -I /dev/sda

# information about the IDE/ATA disk (Linux)

# fdisk /dev/ad2

# Display and manipulate the partition table

# smartctl -a /dev/ad2

# Display the disk SMART info

3.3

Bo

ot

Fre

eB

SD

4N�ANNS�@M�NKC�JDQMDK�HE�SGD�MDV�JDQMDK�CNDRM�S�ANNS��RSNO�SGD�ANNS�@S�CTQHMF�SGD�BNTMS�CNVM�

# unload

# load kernel.old

# boot

c�&HKD�3XRSDL�c

�

3.4

Sy

ste

m m

ou

nt p

oin

ts

/D

isk

us

ag

e

# mount | column -t

# Show mounted file-systems on the system

# df

# display free disk space and mounted devices

# cat /proc/partitions

# Show all registered partitions (Linux)

Dis

k u

sa

ge

# du -sh *

# Directory sizes as listing

# du -csh

# Total directory size of the current directory

# du -ks * | sort -n -r

# Sort everything by size in kilobytes

# ls -lSr

# Show files, biggest last

3.5

Wh

o h

as

wh

ich

file

s o

pe

ne

d

4GHRHRTRDETKSNEHMCNTSVGHBGEHKDHRAKNBJHMF@O@QSHSHN

MVGHBGG@RSNADTMLNTMSDC@MCFHUDR@

SXOHB@K�DQQNQ�NE�

# umount /home/

umount: unmount of /home

# umount impossible because a file is locking home

failed: Device busy

Fre

eB

SD

an

d m

ost U

nix

es

# fstat -f /home

# for a mount point

# fstat -p PID

# for an application with PID

# fstat -u user

# for a user name

&HMC�NODMDC�KNF�EHKD��NQ�NSGDQ�NODMDC�EHKDR��R@X�ENQ�8NQF�

# ps ax | grep Xorg | awk '{print $1}'

1252

# fstat -p 1252

USER CMD PID FD MOUNT INUM MODE SZ|DV R/W

root Xorg 1252 root / 2 drwxr-xr-x 512 r

root Xorg 1252 text /usr 216016 -rws--x--x 1679848 r

root Xorg 1252 0 /var 212042 -rw-r--r-- 56987 w

4GD�EHKD�VHSG�HMTL��HR�SGD�NMKX�EHKD�HM��U@Q�

# find -x /var -inum 212042

/var/log/Xorg.0.log

Lin

ux

&HMC�NODMDC�EHKDR�NM�@�LNTMS�ONHMS�VHSG

fuserNQlsof�

# fuser -m /home

# List processes accessing /home

# lsof /home

COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME

tcsh 29029 eedcoba cwd DIR 0,18 12288 1048587 /home/eedcoba (guam:/home)

lsof 29140 eedcoba cwd DIR 0,18 12288 1048587 /home/eedcoba (guam:/home)

!ANTS�@M�@OOKHB@SHNM�

ps ax | grep Xorg | awk '{print $1}'

3324

# lsof -p 3324


Xorg 3324 root 0w REG 8,6 56296 12492 /var/log/Xorg.0.log

!ANTS�@�RHMFKD�EHKD�

# lsof /var/log/Xorg.0.log


Xorg 3324 root 0w REG 8,6 56296 12492 /var/log/Xorg.0.log

3.6

Mo

un

t/

re

mo

un

t a

file

sy

ste

m

&NQ�DW@LOKD�SGD�BCQNL��)E�KHR

SDC�HM��DSB�ERS@A�

# mount /cdrom


��

Du

mp

an

d r

esto

re

)SB@MADTRDETKSNCTLO@MCQDRSNQD@M31,HSDC@S@A@RD�&NQDW@LOKDXNTB@MDCHSSGDCTLOEHKD

SNBG@MFD@BNKTLM@SSQHA

TSDNQSXOD@MCSGDMQDRSNQDSGDC@S@A@RD�4GHRHRD@RHDQSG@MLDRRHMF

VHSG�31,�BNLL@MCR��5RD�SGD�BNLL@MCsqlite3ENQ�@��W�C@S@A@RD�

# sqlite database.db .dump > dump.sql

# dump

# sqlite database.db < dump.sql

# restore

Co

nv

ert 2

.x t

o 3

.x d

ata

ba

se

sqlite database_v2.db .dump | sqlite3 database_v3.db

19

DI

SK

Q

UO

TA

!CHRJPTNS@@KKNVRSNKHLHSSGD@LNTMSNECHRJRO@BD@MC�NQSGDMTLADQNEEHKDR@TRDQNQ�NQ

LDLADQNEFQNTOB@MTRD�4GDPTNS@R@QD@KKNB@SDCNM@ODQ EHKD

RXRSDLA@RHR@MC@QDDMENQBDCAX

SGD�JDQMDK�

19

.1L

inu

x s

etu

p

4GD�PTNS@�SNNKR�O@BJ@FD�TRT@KKX�MDDCR�SN�AD�HMRS@KKDC��HS�B

NMS@HMR�SGD�BNLL@MC�KHMD�SNNKR�

!BSHU@SDSGDTRDQPTNS@HMSGDERS@A@MCQDLNTMSSGDO@QSHSHN

M�)ESGDO@QSHSHN

MHRATRX�DHSGDQ@KK

KNBJDCEHKDRLTRSADBKNRDC�NQSGDRXRSDLLTRSADQDANNSDC�!CCusrquotaSNSGDERS@ALNTMS

NOSHNMR��ENQ�DW@LOKD�

/dev/sda2 /home reiserfs rw,acl,user_xattr,usrquota 1 1

# mount -o remount /home

# mount

# Check if usrquota is active, otherwise reboot

)MHSH@KHYD�SGD�PTNS@�TRDQ�EHKD

�VHSG

quotacheck�

# quotacheck -vum /home

# chmod 644 /home/aquota.user

# To let the users check their own quota

!BSHU@SDSGDPTNS@DHSGDQVHSGSGDOQNUHCDCRBQHOS�D�F��DSB�HMHS�C�PTNS@CNM3T3%NQVHSG

quotaon�

quotaon -vu /home

#GDBJ�SG@S�SGD�PTNS@�HR�@BSHUD�VHSG�

quota -v

19

.2F

re

eB

SD

se

tu

p

4GDPTNS@SNNKR@QDO@QSNESGDA@RDRXRSDL�GNVDUDQSGDJDQMDKMDDCRSGDNOSHNMPTNS@�)EHSHRMNS

SGDQD��@CC�HS�@MCQDBNLOHKDSGD�JDQMDK�

options QUOTA

!R�VHSG�,HMTW��@CC�SGD�PTNS@�SN�SGD�ERS@A�NOSHNMR��TRDQPTNS@��MNS�TRQPTNS@�

/dev/ad0s1d /home ufs rw,noatime,userquota 2 2

# mount /home

# To remount the partition

%M@AKD�CHRJ�PTNS@R�HM��DSB�QB�BNME�@MC�RS@QS�SG

D�PTNS@�

# grep quotas /etc/rc.conf

enable_quotas="YES"

# turn on quotas on startup (or NO).

check_quotas="YES"

# Check quotas on startup (or NO).

# /etc/rc.d/quota start

19

.3A

ss

ign

qu

ota

limit

s

4GDPTNS@R@QDMNSKHLHSDCODQCDE@TKS�RDSSN��4GDKHLHSR@QDRDSVHSG

edquotaENQRHMFKDTRDQR�

!PTNS@B@MAD@KRNCTOKHB@SDCSNL@MXTRDQR�4GDEHKDRSQTBSTQDHRCHEEDQDMSADSVDDMSGDPTNS@

HLOKDLDMS@SHNMR�ATSSGDOQHMBHOKDHRSGDR@LD�SGDU@KTDRNEAKNBJR@MCHMNCDRB@MADKHLHSDC�O

nly

��GSSO��V

VV�RPKHSD�NQF

c�$HRJ�1TNS@�c

��

# pg_dumpall --clean > full.dump

# psql -f full.dump postgres

)MSGHRB@RDSGDQDRSNQDHRRS@QSDCVHSGSGDC@S@A@RDONRSFQDRVGHBGHRADSSDQVGDMQDKN@CHMF@M

DLOSX�BKTRSDQ�

18

.2M

yS

QL

Ch

an

ge

my

sq

l ro

ot o

r u

se

rn

am

e p

assw

ord

Meth

od 1

# /etc/init.d/mysql stop

or

# killall mysqld

# mysqld --skip-grant-tables

# mysqladmin -u root password 'newpasswd'

# /etc/init.d/mysql start

Meth

od 2

# mysql -u root mysql

mysql>UPDATE USER SET PASSWORD=PASSWORD("newpassword") where user='root';

mysql>FLUSH PRIVILEGES;

# Use username instead of "root"

mysql>quit

Cre

ate

use

r a

nd

da

ta

ba

se

(se

eM

yS

QL

do

c��)


mysql>CREATE USER 'bob'@'localhost' IDENTIFIED BY 'pwd';# create only a user

mysql>CREATE DATABASE bobdb;

mysql>GRANT ALL ON *.* TO 'bob'@'%' IDENTIFIED BY 'pwd';# Use localhost instead of %

# to restrict the network access

mysql>DROP DATABASE bobdb;

# Delete database

mysql>DROP USER bob;

# Delete user

mysql>DELETE FROM mysql.user WHERE user='bob and host='hostname';# Alt. command


Gra

nt r

em

ote

acce

ss

2DLNSD@BBDRRHRSXOHB@KKXODQLHSSDCENQ@C@S@A@RD�@MCMNS@KKC@S@A@RDR�4GDEHKD

/etc/my.cnf

BNMS@HMRSGD)0@CCQDRRSNAHMCSN��/M&QDD"3$

my.cnfMNSBQD@SDCODQEDC@TKS�BNOXNMD.cnf

EHKDEQNL

/usr/local/share/mysqlSN

/usr/local/etc/my.cnf4XOHB@KKXBNLLDMSSGDKHMDbind-

address =NTS�


mysql>GRANT ALL ON bobdb.* TO bob@'xxx.xxx.xxx.xxx' IDENTIFIED BY 'PASSWORD';

mysql>REVOKE GRANT OPTION ON foo.* FROM bar@'xxx.xxx.xxx.xxx';


# Use 'hostname' or also '%' for full access

Ba

ck

up

an

d r

esto

re

"@BJTO�@MC�QDRSNQD�@�RHMFKD�C@S@A@RD�

# mysqldump -u root -psecret --add-drop-database dbname > dbname_sql.dump

# mysql -u root -psecret -D dbname < dbname_sql.dump

"@BJTO�@MC�QDRSNQD�@KK�C@S@A@RDR�

# mysqldump -u root -psecret --add-drop-database --all-databases > full.dump

# mysql -u root -psecret < full.dump

(DQDHR�RDBQDS�SGDLXRPKQNNSO@RRVNQC�SGDQDHRMNRO@BD@ESDQ O�7GDMSGD ONOSHNMHRTRDC

@KNMD��V�N�O@RRVNQC��SGD�O@RRVNQC�HR�@RJDC�@S�SGD�BNLL@MC�OQNLOS�

18

.3S

QL

ite

31,HSD��HR�@�RL@KK�ONVDQETK�RDKE BNMS@HMDC��RDQUDQKDRR��YDQN BNMEHFTQ@SHNM�31,�C@S@A@RD�

��GSSO��CDU�LXRPK�BNL�CNB�QDEL@M��DM�@CCHMF TRDQR�GSLK

c�$@S@A@RDR�c

��

/Q�EHMC�SGD�CDUHBD�HM��CDU��NQ�VHSG�CLDRF

Fre

eB

SD

# mount -v -t cd9660 /dev/cd0c /mnt

# cdrom

# mount_cd9660 /dev/wcd0c /cdrom

# other method

# mount -v -t msdos /dev/fd0c /mnt

# floppy

%MSQX�HM��DSB�ERS@A�

# Device Mountpoint FStype Options Dump Pass#

/dev/acd0 /cdrom cd9660 ro,noauto 0 0

4N�KDS�TRDQR�CN�HS�

# sysctl vfs.usermount=1

# Or insert the line "vfs.usermount=1" in /etc/sysctl.conf

Lin

ux

# mount -t auto /dev/cdrom /mnt/cdrom

# typical cdrom mount command

# mount /dev/hdc -t iso9660 -r /cdrom

# typical IDE

# mount /dev/scd0 -t iso9660 -r /cdrom

# typical SCSI cdrom

# mount /dev/sdc0 -t ntfs-3g /windows

# typical SCSI

%MSQX�HM��DSB�ERS@A�

/dev/cdrom /media/cdrom subfs noauto,fs=cdfss,ro,procuid,nosuid,nodev,exec 0 0

Mount

a F

reeB

SD

parti

tion w

ith L

inux

&HMCSGDO@QSHSHNMMTLADQBNMS@HMHMFVHSGECHRJ�SGHRHRTRT@KKXSGDQNNSO@QSHSHNM�ATSHSBNTKCAD@M

NSGDQ"3$RKHBDSNN�)ESGD&QDD"3$G@RL@MXRKHBDR�SGDX@QDSGDNMDMNSKHRSDCHMSGDECHRJS@AKD�

ATS�UHRHAKD�HM��CDU�RC@�NQ��CDU�GC@�

# fdisk /dev/sda

# Find the FreeBSD partition

/dev/sda3 * 5357 7905 20474842+ a5 FreeBSD

# mount -t ufs -o ufstype=ufs2,ro /dev/sda3 /mnt

/dev/sda10 = /tmp; /dev/sda11 /usr

# The other slices

Re

mo

un

t

2DLNTMS�@�CDUHBD�VHSGNTS�TMLNTMSHMF�HS��.DBDRR@QX�ENQ�ERBJ�ENQ�DW@LOKD

# mount -o remount,ro /

# Linux

# mount -o ro -u /

# FreeBSD

#NOX�SGD�Q@V�C@S@�EQNL�@�BCQNL�HMSN�@M�HRN�HL@FD��CDE@TKS��AKNBJRHYD�LHFGS�B@TRD�OQNAKDLR�

# dd if=/dev/cd0c of=file.iso bs=2048

Vir

tu

alb

ox

!KKNV�@�RG@QD�NM�SGD�GNRS�

# VBoxManage sharedfolder add "GuestName" --name "share" --hostpath "C:\hostshare"

-NTMS�RG@QD�NM�FTDRS��KHMTW��&QDD"3$

# sudo mount -t vboxsf share /home/vboxshare# -o uid=1000,gid=1000 (as appropriate)

share /home/colin/share vboxsf defaults,uid=colin 0 0# fstab entry

OS

X

# diskutil list

# List the partitions of a disk

# diskutil unmountDisk /dev/disk1

# Unmount an entire disk (all volumes)

# chflags hidden ~/Documents/folder

# Hide folder (reverse with unhidden)

3.7

Ad

d s

wa

p o

n-th

e-fly

3TOONRD�XNT�MDDC�LNQD�RV@O��QHFGS�MNV��R@X�@��'"�EHKD��RV@O�FA��,HMTW�NMKX�

# dd if=/dev/zero of=/swap2gb bs=1024k count=2000

# mkswap /swap2gb

# create the swap area

# swapon /swap2gb

# activate the swap. It now in use


��

# swapoff /swap2gb

# when done deactivate the swap

# rm /swap2gb

3.8

Mo

un

t a

n S

MB

sh

are

3TOONRDVDV@MSSN@BBDRRSGD3-"RG@QDLXRG@QDNMSGDBNLOTSDQRLARDQUDQ�SGD@CCQDRR@R

SXODCNM@7HMCNVR0#HR<<RLARDQUDQ<LXRG@QD<�7DLNTMSNM�LMS�RLARG@QD�7@QMHMF�BHER

V@MSR�@M�)0�NQ�$.3�M@LD��MNS�@�7HMCNVR�M@LD�

Lin

ux

/O

SX

# smbclient -U user -I 192.168.16.229 -L //smbshare/

# List the shares

# mount -t smbfs -o username=winuser //smbserver/myshare /mnt/smbshare

# mount -t cifs -o username=winuser,password=winpwd //192.168.16.229/myshare /mnt/share

-NTMS�3@LA@�RG@QD�SGQNTFG�RRG�STMMDK

# ssh -C -f -N -p 20022 -L 445:127.0.0.1:445 me@server

# connect on 20022, tunnel 445

# mount -t smbfs //colin@localhost/colin ~/mnt

# mount_smbfs //colin:[email protected]/private /Volumes/private# I use this on OSX + ssh

!CCHSHNM@KKXVHSGSGDO@BJ@FDLNTMS�BHERHSHRONRRHAKDSNRSNQDSGDBQDCDMSH@KRHM@EHKD�ENQDW@LOKD

/home/user/.smb�

username=winuser

password=winpwd

!MC�LNTMS�@R�ENKKNV�

# mount -t cifs -o credentials=/home/user/.smb //192.168.16.229/myshare /mnt/smbshare

Fre

eB

SD

5RD� )�SN

�FHUD�SGD�)0��NQ�$.3�M@LD��RLARDQUDQ�HR�SGD�7HMCNVR�M@LD�

# smbutil view -I 192.168.16.229 //winuser@smbserver

# List the shares

# mount_smbfs -I 192.168.16.229 //winuser@smbserver/myshare /mnt/smbshare

3.9

Mo

un

t a

n im

ag

e

# hdiutil mount image.iso

# OS X

Lin

ux

loo

p-b

ack

# mount -t iso9660 -o loop file.iso /mnt

# Mount a CD image

# mount -t ext3 -o loop file.img /mnt

# Mount an image with ext3 fs

Fre

eB

SD

7HSG�LDLNQX�CDUHBD��CN��JKCKN@C�LC�JN�HE�MDBDRR@QX�

# mdconfig -a -t vnode -f file.iso -u 0

# mount -t cd9660 /dev/md0 /mnt

# umount /mnt; mdconfig -d -u 0

# Cleanup the md device

/Q�VHSG�UHQST@K�MNCD�

# vnconfig /dev/vn0c file.iso; mount -t cd9660 /dev/vn0c /mnt

# umount /mnt; vnconfig -u /dev/vn0c

# Cleanup the vn device

So

laris

an

d F

re

eB

SD

VHSG�KNNO A@BJ�EHKD�HMSDQE@BD�NQ�KNEH�

# lofiadm -a file.iso

# mount -F hsfs -o ro /dev/lofi/1 /mnt

# umount /mnt; lofiadm -d /dev/lofi/1

# Cleanup the lofi device


��

17

PR

IN

TI

NG

17

.1P

rin

t w

ith

lpr

# lpr unixtoolbox.ps

# Print on default printer

# export PRINTER=hp4600

# Change the default printer

# lpr -Php4500 #2 unixtoolbox.ps

# Use printer hp4500 and print 2 copies

# lpr -o Duplex=DuplexNoTumble ...

# Print duplex along the long side

# lpr -o PageSize=A4,Duplex=DuplexNoTumble ...

# lpq

# Check the queue on default printer

# lpq -l -Php4500

# Queue on printer hp4500 with verbose

# lprm -

# Remove all users jobs on default printer

# lprm -Php4500 3186

# Remove job 3186. Find job nbr with lpq

# lpc status

# List all available printers

# lpc status hp4500

# Check if printer is online and queue length

3NLDCDUHBDR@QDMNSONRSRBQHOS@MCVHKKOQHMSF@QA@FDVGDMEDCVHSG@OCEEHKD�4GHRLHFGSADRNKUDC

VHSG�

# gs -dSAFER -dNOPAUSE -sDEVICE=deskjet -sOutputFile=\|lpr file.pdf

0QHMSSN@0$&EHKDDUDMHESGD@OOKHB@SHNMCNDRMNSRTOONQSHS�5RDgsNMSGDOQHMSBNLL@MCHMRSD@C

NElpr�

# gs -q -sPAPERSIZE=a4 -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -sOutputFile=/path/file.pdf

18

DA

TA

BA

SE

S

18

.1P

os

tg

re

SQ

L

Ch

an

ge

ro

ot o

r a

use

rn

am

e p

assw

ord

# psql -d template1 -U pgsql

> alter user pgsql with password 'pgsql_password';

# Use username instead of "pgsql"

Cre

ate

use

r a

nd

da

ta

ba

se

4GDBNLL@MCRcreateuser�dropuser�createdb@MCdropdb@QDBNMUDMHDMSRGNQSBTSRDPTHU@KDMS

SNSGD31,BNLL@MCR�4GDMDVTRDQHRANAVHSGC@S@A@RDANACA�TRD@RQNNSVHSGOFRPKSGD

C@S@A@RD�RTODQ�TRDQ�

# createuser -U pgsql -P bob

# -P will ask for password

# createdb -U pgsql -O bob bobdb

# new bobdb is owned by bob

# dropdb bobdb

# Delete database bobdb

# dropuser bob

# Delete user bob

4GD�FDMDQ@K�C@S@A@RD�@TSGDMSHB@SHNM�LDBG@MHRL�HR�BNMEHFTQDC�HM�OF?GA@�BNME

Gra

nt r

em

ote

acce

ss

4GDEHKD

$PGSQL_DATA_D/postgresql.confRODBHEHDRSGD@CCQDRRSN

AHMCSN�4XOHB@KKX

listen_addresses = '*'ENQ�0NRSFQDR��W�

4GD�EHKD

$PGSQL_DATA_D/pg_hba.confCDEHMDR�SGD�@BBDRR�BNMSQNK��%W@LOKDR�

# TYPE DATABASE USER IP-ADDRESS IP-MASK METHOD

host bobdb bob 212.117.81.42 255.255.255.255 password

host all all 0.0.0.0/0 password

Ba

ck

up

an

d r

esto

re

4GDA@BJTOR@MCQDRSNQD@QDCNMDVHSGSGDTRDQOFRPKNQONRSFQDR�"@BJTO@MCQDRSNQD@RHMFKD

C@S@A@RD�

# pg_dump --clean dbname > dbname_sql.dump

# psql dbname < dbname_sql.dump

"@BJTO�@MC�QDRSNQD�@KK�C@S@A@RDR��HMBKTCHMF�TRDQR�

c�0QHMSHMF�c

��

16

.2U

nix

- D

OS

ne

wli

ne

s

#NMUDQS$/3�#2�,&SN5MHW�,&MDVKHMDR@MCA@BJ

wit

hin

aU

nix

sh

ell�3DD@KRNdos2unix@MC

unix2dosHE�XNT�G@UD�SGDL�

# sed 's/.$//' dosfile.txt > unixfile.txt

# DOS to UNIX

# awk '{sub(/\r$/,"");print}' dosfile.txt > unixfile.txt

# DOS to UNIX

# awk '{sub(/$/,"\r");print}' unixfile.txt > dosfile.txt

# UNIX to DOS

#NMUDQS5MHWSN$/3MDVKHMDR

wit

hin

aW

ind

ow

sen

vir

on

men

t�5RDRDCNQ@VJEQNLLHMFVNQ

BXFVHM�

# sed -n p unixfile.txt > dosfile.txt

# awk 1 unixfile.txt > dosfile.txt

# UNIX to DOS (with a cygwin shell)

2DLNUD^ML@B�MDVKHMD�@MC�QDOK@BD�VHSG�TMHW�MDV�KHMD��4N�FDS�@^MTRD�#4, 6�SGDM�#4, -

# tr '^M' '\n' < macfile.txt

16

.3P

DF

im

ag

es

an

d c

on

ca

te

na

te

PD

F f

ile

s

#NMUDQS@0$&CNBTLDMSVHSGgs�'GNRS3BQHOSSNIODF�NQOMFHL@FDRENQD@BGO@FD�!KRNLTBG

RGNQSDQ�VHSGconvert@MCmogrify�EQNL�)L@FD-@FHBJ�NQ�'Q@OGHBR-@FHBJ�

# gs -dBATCH -dNOPAUSE -sDEVICE=jpeg -r150 -dTextAlphaBits=4 -dGraphicsAlphaBits=4 \

-dMaxStripSize=8192 -sOutputFile=unixtoolbox_%d.jpg unixtoolbox.pdf

# convert unixtoolbox.pdf unixtoolbox-%03d.png

# convert *.jpeg images.pdf

# Create a simple PDF with all pictures

# convert image000* -resample 120x120 -compress JPEG -quality 80 images.pdf

# mogrify -format png *.ppm

# convert all ppm images to png format

'GNRSRBQHOSB@M@KRNBNMB@SDM@SDLTKSHOKDOCEEHKDRHMSN@RHMFKDNMD�4GHRNMKXVNQJRVDKKHESGD0$&

EHKDR�@QD��VDKK�ADG@UDC��

# gs -q -sPAPERSIZE=a4 -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -sOutputFile=all.pdf \

file1.pdf file2.pdf ...

# On Windows use '#' instead of '='

#QD@SD�0$&�EHKD�EQNL�HL@FDR

# convert 20140416-DSCF1915.jpg 20140416-DSCF1920.jpg all.pdf

convert 20140416-DSCF1915.jpg 20140416-DSCF1920.jpg -resize 1240x1753 -units PixelsPerInch \

-density 150x150 all.pdf

# force A4

%WSQ@BS�HL@FDR�EQNL�OCE�CNBTLDMS�TRHMFpdfimagesEQNL�ONOOKDQ�NQxpdf��

# pdfimages document.pdf dst/

# extract all images and put in dst

# yum install poppler-utils

# install poppler-utils if needed. or:

# apt-get install poppler-utils

16

.4C

on

ve

rt v

ide

o

#NLOQDRR�SGD�#@MNM�CHFHB@L�UHCDN�VHSG�@M�LODF��BNCDB�@MC�QDO@HQ�SGD�BQ@OOX�RNTMC�

# mencoder -o videoout.avi -oac mp3lame -ovc lavc -srate 11025 \

-channels 1 -af-adv force=1 -lameopts preset=medium -lavcopts \

vcodec=msmpeg4v2:vbitrate=600 -mc 0 vidoein.AVI

3DDRNWENQ�RNTMC�OQNBDRRHMF�

16

.5C

op

y a

n a

ud

io c

d

4GDOQNFQ@L

cdparanoia��B@MR@UDSGD@TCHNSQ@BJR�&QDD"3$ONQSHM@TCHN�BCO@Q@MNH@��oggenc

B@M�DMBNCD�HM�/FF�6NQAHR�ENQL@S�lameBNMUDQSR�SN�LO��

# cdparanoia -B

# Copy the tracks to wav files in current dir

# lame -b 256 in.wav out.mp3

# Encode in mp3 256 kb/s

# for i in *.wav; do lame -b 256 $i `basename $i .wav`.mp3; done

# oggenc in.wav -b 256 out.ogg

# Encode in Ogg Vorbis 256 kb/s

��GSSO��ENNK@AR�BNL�WOCE�CNVMKN@C�GSLK

��GSSO��WHOG�NQF�O@Q@MNH@�

c�#NMUDQS�-DCH@�c

��

3.1

0C

re

ate

an

d b

urn

an

IS

O i

ma

ge

4GHRVHKKBNOXSGDBCNQ$6$RDBSNQENQRDBSNQ�7HSGNTSconv=notrunc�SGDHL@FDVHKKADRL@KKDQHE

SGDQD�HR�KDRR�BNMSDMS�NM�SGD�BC��3DD�ADKNV�@MC�SGDCC�DW@LOKDR�O@FD��

# dd if=/dev/hdc of=/tmp/mycd.iso bs=2048 conv=notrunc

5RDLJHRNERSNBQD@SD@#$�$6$HL@FDEQNLEHKDRHM@CHQDBSNQX�4NNUDQBNLDSGDEHKDM@LDR

QDRSQHBSHNMR� QDM@AKDRSGD2NBJ2HCFDDWSDMRHNMRBNLLNMSN5.)8RXRSDLR� *DM@AKDR*NKHDS

DWSDMRHNMR�TRDC�AX�-HBQNRNES�RXRSDLR�� ,�@KKNVR�)3/��EHKDM@LDR�SN�ADFHM�VHSG�@�ODQHNC�

# mkisofs -J -L -r -V TITLE -o imagefile.iso /path/to/dir

# hdiutil makehybrid -iso -joliet -o dir.iso dir/

# OS X

/M�&QDD"3$��LJHRNER�HR�ENTMC�HM�SGD�ONQSR�HM�RXRTSHKR�BCQSNNKR�

Bu

rn

a C

D/

DV

D I

SO

im

ag

e

FreeB

SD

&QDD"3$CNDRMNSDM@AKD$-!NM!4!0)CQHUDRAXCDE@TKS�$-!HRDM@AKDCVHSGSGDRXRBSKBNLL@MC

@MC�SGD�@QFTLDMSR�ADKNV��NQ�VHSG��ANNS�KN@CDQ�BNME�VHSG�SGD�ENKKNVHMF�DMSQHDR�

hw.ata.ata_dma="1"

hw.ata.atapi_dma="1"

5RDburncdVHSG@M!4!0)CDUHBD�burncdHRO@QSNESGDA@RDRXRSDL@MCcdrecord�HMRXRTSHKR�

BCQSNNKR�VHSG�@�3#3)�CQHUD�

# burncd -f /dev/acd0 data imagefile.iso fixate

# For ATAPI drive

# cdrecord -scanbus

# To find the burner device (like 1,0,0)

# cdrecord dev=1,0,0 imagefile.iso

Lin

ux

!KRNTRDcdrecordVHSG,HMTW@RCDRBQHADC@ANUD�!CCHSHNM@KKXHSHRONRRHAKDSNTRDSGDM@SHUD!4!0)

HMSDQE@BD�VGHBG�HR�ENTMC�VHSG�

# cdrecord dev=ATAPI -scanbus

!MC�ATQM�SGD�#$�$6$�@R�@ANUD�

dvd+

rw

-to

ols

4GDCUC�QV SNNKRO@BJ@FD�&QDD"3$�ONQSR�RXRTSHKR�CUC�QV SNNKRB@MCNHS@KK@MCHMBKTCDR

growisofsSNATQM#$RNQ$6$R�4GDDW@LOKDRQDEDQSNSGDCUCCDUHBD@R/dev/dvdVGHBGBNTKC

AD@RXLKHMJSN

/dev/scd0�SXOHB@KRBRHNM,HMTWNQ/dev/cd0�SXOHB@K&QDD"3$NQ/dev/rcd0c

�[email protected]"3$�/ODM"3$BG@Q@BSDQ3#3)NQ/dev/rdsk/c0t1d0s2�3NK@QHRDW@LOKDNE@BG@Q@BSDQ

3#3)�!4!0)#$ 2/-CDUHBD�4GDQDHR@MHBDCNBTLDMS@SHNMVHSGDW@LOKDRNMSGD&QDD"3$

G@MCANNJ�BG@OSDQ�� # -dvd-compat closes the disk

# growisofs -dvd-compat -Z /dev/dvd=imagefile.iso

# Burn existing iso image

# growisofs -dvd-compat -Z /dev/dvd -J -R /p/to/data

# Burn directly

Co

nv

ert a

Ne

ro

.n

rg

fil

e t

o .

iso

.DQN�RHLOKX�@CCR�@��+A�GD@CDQ�SN�@�MNQL@K�HRN�HL@FD��4GHR�B@M�AD�SQHLLDC�VHSG�CC�

# dd bs=1k if=imagefile.nrg of=imagefile.iso skip=300

Co

nv

ert a

bin

/cu

e i

ma

ge

to

.is

o

4GD�KHSSKDbchunkOQNFQ@L�B@M�CN�SGHR��)S�HR�HM�SGD�&QDD"3$�ONQSR�HM�RXRTSHKR�ABGTMJ�

# bchunk imagefile.bin imagefile.cue imagefile.iso

��GSSO��VVV�EQDDARC�NQF�G@MCANNJ�BQD@SHMF CUCR�GSLK

��GSSO��EQDRGLD@S�MDS�OQNIDBSR�ABGTMJ�


��

3.1

1C

re

ate

a f

ile b

as

ed

ima

ge

&NQDW@LOKD@O@QSHSHN

MNE�'"TRHMFSGDEHKD�TRQ�UCHRJ�HLF�(DQDVDTRDSGDUMNCD��ATSHSBNTKC

@KRN�AD��

Fre

eB

SD

# dd if=/dev/random of=/usr/vdisk.img bs=1K count=1M

# mdconfig -a -t vnode -f /usr/vdisk.img -u 0

# Creates device /dev/md1

# bsdlabel -w /dev/md0

# newfs /dev/md0c

# mount /dev/md0c /mnt

# umount /mnt; mdconfig -d -u 0; rm /usr/vdisk.img


4GDEHKDA@RDCHL@FDB@MAD@TSNL@SHB@KKXLNTMSDCCTQHMFANNSVHSG@MDMSQXHM�DSB�QB�BNME@MC

�DSB�ERS@A�4DRSXNTQRDSTOVHSG

#/etc/rc.d/mdconfig

start�EHQR

SCDKDSDSGDLC�CDUHBDVHSG

#

mdconfig -d -u 0�

.NSDGNVDUDQSG@SSGHR@TSNL@SHBRDSTOVHKKNMKXVNQJHESGDEHKDHL@FDHR./4NMSGDQNNSO@QSHSHN

M�

4GDQD@RNMHRSG@SSGD�DSB�QB�C�LCBNMEHFRBQHOSHRDWDBTSDCUDQXD@QKXCTQHMFANNS@MCSGDQNNS

O@QSHSHN

MHRRSHKKQD@C NMKX�)L@FDRKNB@SDCNTSRHCDSGDQNNSO@QSHSHN

MVHKKADLNTMSDCK@SDQVHSGSGD

RBQHOS��DSB�QB�C�LCBNMEHF��

�ANNS�KN@CDQ�BNME�

md_load="YES"

�DSB�QB�BNME�

# mdconfig_md0="-t vnode -f /usr/vdisk.img"

# /usr is not on the root partition

�DSB�ERS@A��4GD��@SSGDDMCHRHLONQS@MS�HSSDKKERBJSNHFMNQDSGHRCDUHBD�@RHRCNDRMNSDWHRS

XDS

/dev/md0 /usr/vdisk ufs rw 0 0

)S�HR�@KRN�ONRRHAKD�SN�HMBQD@RD�SGD�RHYD�NE�SGD�HL@FD�@ESDQV@QC��R@X�ENQ�DW@LOKD��-"�K@QFDQ�

# umount /mnt; mdconfig -d -u 0

# dd if=/dev/zero bs=1m count=300 >> /usr/vdisk.img

# mdconfig -a -t vnode -f /usr/vdisk.img -u 0

# growfs /dev/md0

# mount /dev/md0c /mnt

# File partition is now 300 MB larger

Lin

ux

# dd if=/dev/zero of=/usr/vdisk.img bs=1024k count=1024

# mkfs.ext3 /usr/vdisk.img

# mount -o loop /usr/vdisk.img /mnt

# umount /mnt; rm /usr/vdisk.img

# Cleanup

Lin

ux

wit

h lo

se

tu

p

/dev/zeroHR�LTBG�E@RSDQ�SG@Murandom��ATS�KDRR�RDBTQD�ENQ�DMBQXOSHNM�

# dd if=/dev/urandom of=/usr/vdisk.img bs=1024k count=1024

# losetup /dev/loop0 /usr/vdisk.img

# Creates and associates /dev/loop0

# mkfs.ext3 /dev/loop0

# mount /dev/loop0 /mnt

# losetup -a

# Check used loops

# umount /mnt

# losetup -d /dev/loop0

# Detach

# rm /usr/vdisk.img

3.1

2C

re

ate

a m

em

ory

file

sy

ste

m

!LDLNQXA@RDCEHKDRXRSDLHRUDQXE@RSENQGD@UX)/@OOKHB@SHNM�(NVSNBQD@SD@��-"O@QSHSHN

MLNTMSDC�NM��LDLCHRJ�


��

Fre

eB

SD

po

rts��

4GDONQSSQDD/usr/ports/HR@BNKKDBSHNMNERNESV@QDQD@CXSNBNLOHKD@MCHMRS@KK�RDDL@MONQSR�

4GD�ONQSR�@QD�TOC@SDC�VHSG�SGD�OQNFQ@L

portsnap�

# portsnap fetch extract

# Create the tree when running the first time

# portsnap fetch update

# Update the port tree

# cd /usr/ports/net/rsync/

# Select the package to install

# make install distclean

# Install and cleanup (also see man ports)

# make package

# Make a binary package of this port

# pkgdb -F

# Fix the package registry database

# portsclean -C -DD

# Clean workdir and distdir (part of portupgrade)

OS

XM

acP

orts��

(u

se

su

do

fo

r a

ll co

mm

an

ds)

# port selfupdate

# Update the port tree (safe)

# port installed

# List installed ports

# port deps apache2

# List dependencies for this port

# port search pgrep

# Search for string

# port install proctools

# Install this package

# port variants ghostscript

# List variants of this port

# port -v install ghostscript +no_x11# -no_x11 for negative value

# port clean --all ghostscript

# Clean workdir of port

# port upgrade ghostscript

# Upgrade this port

# port uninstall ghostscript

# Uninstall this port

# port -f uninstall installed

# Uninstall everything

15

.3L

ibra

ry

pa

th

$TDSNBNLOKDWCDODMCDMBHDR@MCQTMSHLDKHMJHMF�OQNFQ@LR@QDCHEEHBTKSSNBNOXSN@MNSGDQRXRSDL

NQCHRSQHATSHNM�(NVDUDQENQRL@KKOQNFQ@LRVHSGKHSSKD

CDODMCDMBHDR�SGDLHRRHMFKHAQ@QHDRB@MAD

BNOHDCNUDQ�4GDQTMSHLDKHAQ@QHDR�@MCSGDLHRRHMFNMD@QDBGDBJDCVHSG

ldd@MCL@M@FDCVHSG

ldconfig�

# ldd /usr/bin/rsync

# List all needed runtime libraries

# otool -L /usr/bin/rsync

# OS X equivalent to ldd

# ldconfig -n /path/to/libs/

# Add a path to the shared libraries directories

# ldconfig -m /path/to/libs/

# FreeBSD

# LD_LIBRARY_PATH

# The variable set the link library path

16

CO

NV

ER

T M

ED

IA

3NLDSHLDR�NMD�RHLOKX�MDDC�SN�BNMUDQS�@�UHCDN��@TCHN�EHKD�NQ�CNBTLDMS�SN�@MNSGDQ�ENQL@S�

16

.1T

ex

t e

nc

od

ing

4DWSDMBNCHMFB@MFDSSNS@KKXVQNMF�RODBH@KKXVGDMSGDK@MFT@FDQDPTHQDRRODBH@KBG@Q@BSDQRKHJD

^_`��4GD�BNLL@MCiconvB@M�BNMUDQS�EQN

L�NMD�DMBNCHMF�SN�@M�NSGDQ�

# iconv -f <from_encoding> -t <to_encoding> <input_file>

# iconv -f ISO8859-1 -t UTF-8 -o file.input > file_utf8

# iconv -l

# List known coded character sets

7HSGNTSSGD ENOSHNM�HBNMUVHKKTRDSGDKNB@KBG@Q RDS�VGHBGHRTRT@KKXEHMDHESGDCNBTLDMSCHROK@XR

VDKK�

#NMUDQSEHKDM@LDREQNLNMDDMBNCHMFSN@MNSGDQ�MNSEHKDBNMSDMS�7NQJR@KRNHENMKXRNLDEHKDR@QD

@KQD@CX�TSE�

# convmv -r -f utf8 --nfd -t utf8 --nfc /dir/* --notest

��GSSO��V

VV�EQDDARC�NQF�G@MCANNJ�ONQSR�GSLK

��GSSO��FTHCD�L@BONQSR�NQF�

c�#NMUDQS�-

DCH@�c

��

export http_proxy=http://proxy_server:3128

export ftp_proxy=http://proxy_server:3128

15

.1L

ist i

ns

ta

lle

d p

ac

ka

ge

s

# rpm -qa

# List installed packages (RH, SuSE, RPM based)

# dpkg -l

# Debian, Ubuntu

# pkg_info

# FreeBSD list all installed packages

# pkg_info -W smbd

# FreeBSD show which package smbd belongs to

# pkginfo

# Solaris

-NQD�NM�20-�

# rpm -ql package-name

# list the files for INSTALLED package

# rpm -qlp package.rpm

# list the files inside package

15

.2A

dd

/re

mo

ve

so

ftw

are

&QNMS�DMCR��X@RS��X@RS�ENQ�3T3%��QDCG@S BNMEHF O@BJ@FDR�ENQ�2DC�(@S�

# rpm -i pkgname.rpm

# install the package (RH, SuSE, RPM based)

# rpm -e pkgname

# Remove package

Su

SE

zy

pp

er

(se

e d

oc a

nd

ch

ee

t s

he

et)��

# zypper refresh

# Refresh repositorie

# zypper install vim

# Install the package vim

# zypper remove vim

# Remove the package vim

# zypper search vim

# Search packages with vim

# zypper update vim

# Search packages with vim

De

bia

n

# apt-get update

# First update the package lists

# apt-get install emacs

# Install the package emacs

# dpkg --remove emacs

# Remove the package emacs

# dpkg -S file

# find what package a file belongs to

Ge

nto

o

'DMSNN�TRDR�DLDQFD�@R�SGD�GD@QS�NE�HSR��0NQS@FD��O@BJ@FD�L@M@FDLDMS�RXRSDL�

# emerge --sync

# First sync the local portage tree

# emerge -u packagename

# Install or upgrade a package

# emerge -C packagename

# Remove the package

# revdep-rebuild

# Repair dependencies

So

laris

4GD��BCQNL��O@SG�HR�TRT@KKX/cdrom/cdrom0�

# pkgadd -d <cdrom>/Solaris_9/Product SUNWgtar

# pkgadd -d SUNWgtar

# Add downloaded package (bunzip2 first)

# pkgrm SUNWgtar

# Remove the package

Fre

eB

SD

# pkg_add -r rsync

# Fetch and install rsync.

# pkg_delete /var/db/pkg/rsync-xx

# Delete the rsync package

3DS�VGDQD�SGD�O@BJ@FDR�@QD�EDSBGDC�EQNL�VHSG�SGDPACKAGESITEU@QH@AKD��&NQ�DW@LOKD�

# export PACKAGESITE=ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages/Latest/

# or ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6-stable/Latest/

��GSSO��DM�NODMRTRD�NQF�3$"�:XOODQ?TR@FD

c�)MRS@KK�3NESV@QD�c

��

Fre

eB

SD

# mount_mfs -o rw -s 64M md /memdisk

# umount /memdisk; mdconfig -d -u 0


md /memdisk mfs rw,-s64M 0 0

# /etc/fstab entry

Lin

ux

# mount -t tmpfs -osize=64m tmpfs /memdisk

3.1

3D

isk

pe

rfo

rm

an

ce

2D@C�@MC�VQHSD�@��'"�EHKD�NM�O@QSHSHNM�@C�R�B��GNLD

# time dd if=/dev/ad4s3c of=/dev/null bs=1024k count=1000

# time dd if=/dev/zero bs=1024k count=1000 of=/home/1Gb.file

# hdparm -tT /dev/hda

# Linux only

4N

ET

WO

RK

2NTSHMF�O��[!CCHSHNM@K)0�O��[#G@MFD-!#�O��[0NQSR�O��[&HQDV@KK�O��[)0&NQV@QC

�O��[.!4�O��[$.3�O��[$(#0�O��[4Q@EEHB�O��[1N3�O��[.)3�O��[.DSB@S�O��

4.1

De

bu

gg

ing

(S

ee

als

oT

ra

ffic

an

aly

sis

)(p

ag

e 2

0)

Lin

ux

# ethtool eth0

# Show the ethernet status (replaces mii-diag)

# ethtool -s eth0 speed 100 duplex full# Force 100Mbit Full duplex

# ethtool -s eth0 autoneg off# Disable auto negotiation

# ethtool -p eth1

# Blink the ethernet led - very useful when supported

# ip link show

# Display all interfaces on Linux (similar to ifconfig)

# ip link set eth0 up

# Bring device up (or down). Same as "ifconfig eth0 up"

# ip addr show

# Display all IP addresses on Linux (similar to ifconfig)

# ip neigh show

# Similar to arp -a

Oth

er O

Se

s

# ifconfig fxp0

# Check the "media" field on FreeBSD

# arp -a

# Check the router (or host) ARP entry (all OS)

# ping cb.vu

# The first thing to try...

# traceroute cb.vu

# Print the route path to destination

# ifconfig fxp0 media 100baseTX mediaopt full-duplex# 100Mbit full duplex (FreeBSD)

# netstat -s

# System-wide statistics for each network protocol

!CCHSHNM@K�BNLL@MCR�VGHBG�@QD�MNS�@KV@XR�HMRS@KKDC�ODQ�CDE@TKS�ATS�D@RX�SN�EHMC�

# arping 192.168.16.254

# Ping on ethernet layer

# tcptraceroute -f 5 cb.vu

# uses tcp instead of icmp to trace through firewalls

4.2

Ro

utin

g

Prin

t r

ou

tin

g t

ab

le

# route -n

# Linux or use "ip route"

# netstat -rn

# Linux, BSD and UNIX

# route print

# Windows

Ad

d a

nd

de

lete

a r

ou

te

FreeB

SD

# route add 212.117.0.0/16 192.168.1.1

# route delete 212.117.0.0/16

# route add default 192.168.1.1

!CC�SGD�QNTSD�ODQL@MDMSKX�HM��DSB�QB�BNMEc�.DSVNQJ�c

��

static_routes="myroute"

route_myroute="-net 212.117.0.0/16 192.168.1.1"

OS

X

# sudo route -n add 192.168.0.0/27 192.168.0.62

# add a route

# netstat -nr

# routing table

Lin

ux

# route add -net 192.168.20.0 netmask 255.255.255.0 gw 192.168.16.254

# ip route add 192.168.20.0/24 via 192.168.16.254

# same as above with ip route

# route add -net 192.168.20.0 netmask 255.255.255.0 dev eth0

# route add default gw 192.168.51.254

# ip route add default via 192.168.51.254 dev eth0

# same as above with ip route

# route delete -net 192.168.20.0 netmask 255.255.255.0

Sola

ris

# route add -net 192.168.20.0 -netmask 255.255.255.0 192.168.16.254

# route add default 192.168.51.254 1

# 1 = hops to the next gateway

# route change default 192.168.50.254 1

0DQL@MDMS�DMSQHDR�@QD�RDS�HM�DMSQX�HM

/etc/defaultrouter�

Win

dow

s

# Route add 192.168.50.0 mask 255.255.255.0 192.168.51.253

# Route add 0.0.0.0 mask 0.0.0.0 192.168.51.254

5RD�@CC� O�SN�L@JD�SGD�QNTSD�ODQRHRSDMS�

4.3

Co

nfig

ure

ad

dit

ion

al I

P a

dd

re

ss

es

Lin

ux

# ifconfig eth0 192.168.50.254 netmask 255.255.255.0

# First IP

# ifconfig eth0:0 192.168.51.254 netmask 255.255.255.0

# Second IP

# ip addr add 192.168.50.254/24 dev eth0

# Equivalent ip commands

# ip link set dev eth0 up

# Activate eth0 network interface

# ip addr add 192.168.51.254/24 dev eth0 label eth0:1

# ip link ls dev eth0

# Get info on eth0

# ip addr del 1.2.3.4/32 dev eth0

# Remove an IP

# ip addr flush dev eth0

# Remove all addresses

Fre

eB

SD

# ifconfig fxp0 inet 192.168.50.254/24

# First IP

# ifconfig fxp0 alias 192.168.51.254 netmask 255.255.255.0# Second IP

# ifconfig fxp0 -alias 192.168.51.254

# Remove second IP alias

0DQL@MDMS�DMSQHDR�HM��DSB�QB�BNME

ifconfig_fxp0="inet 192.168.50.254 netmask 255.255.255.0"

ifconfig_fxp0_alias0="192.168.51.254 netmask 255.255.255.0"

OS

X

# sudo ifconfig en3 10.10.10.201/24

# First IP

# ifconfig en3 delete 10.10.10.201

# Delete IP

# sudo ifconfig en1 down ; sudo ifconfig en1 up

# ipconfig getifaddr en1

# current IP address

So

laris

#GDBJ�SGD�RDSSHMFR�VHSG

ifconfig -a

# ifconfig hme0 plumb

# Enable the network card

# ifconfig hme0 192.168.50.254 netmask 255.255.255.0 up

# First IP

# ifconfig hme0:1 192.168.51.254 netmask 255.255.255.0 up

# Second IP

c�.DSVNQJ�c

��

# find / -name "*.core" | xargs rm

# Find core dumps and delete them (also try core.*)

# find / -name "*.core" -print -exec rm {} \;

# Other syntax

# Find images and create an archive, iname is not case sensitive. -r for append

# find . $ -iname "*.png" -o -iname "*.jpg" $ -print -exec tar -rf images.tar {} \;

# find . -type f -name "*.txt" ! -name README.txt -print

# Exclude README.txt files

# find /var/ -size +10M -exec ls -lh {} \;

# Find large files > 10 MB

# find /var/ -size +10M -ls

# This is simpler

# find . -size +10M -size -50M -print

# find /usr/ports/ -name work -type d -print -exec rm -rf {} \;

# Clean the ports

# Find files with SUID; those file are vulnerable and must be kept secure

# find / -type f -user root -perm -4000 -exec ls -l {} \;

# find flac/ -iname *.flac -print -size +500k -exec /Applications/Fluke.app/Contents/MacOS/Fluke {} \;

# I use above to add flac files to iTunes on OSX

"DB@QDETKVHSGW@QFNQDWDB@RHSLHFGSNQLHFGSMNSGNMNQPTNSHMFR@MCB@MQDSTQMVQNMFQDRTKSR

VGDMEHKDRNQCHQDBSNQHDRBNMS@HMRO@BDR�)MCNTASTRD� OQHMS�[W@QFR ��HMRSD@CNE�[W@QFR��4GD

NOSHNM� OQHMS��LTRS�AD�SGD�K@RS�HM�SGD�EHMC�BNLL@MC��3DD�SGHR�MHBDLHMH�STSNQH@K�ENQ�EHM

C��

# find . -type f | xargs ls -l

# Will not work with spaces in names

# find . -type f -print0 | xargs -0 ls -l

# Will work with spaces in names

# find . -type f -exec ls -l '{}' \;# Or use quotes '{}' with -exec

$TOKHB@SD�CHQDBSNQX�SQDD�

# find . -type d -exec mkdir -p /tmp/new_dest/{} \;

14

.9M

isc

ella

ne

ou

s

# which command

# Show full path name of command

# time command

# See how long a command takes to execute

# time cat

# Use time as stopwatch. Ctrl-c to stop

# set | grep $USER

# List the current environment

# cal -3

# Display a three month calendar

# date [-u|--utc|--universal] [MMDDhhmm[[CC]YY][.ss]]

# date 10022155

# Set date and time

# whatis grep

# Display a short info on the command or word

# whereis java

# Search path and standard directories for word

# setenv varname value

# Set env. variable varname to value (csh/tcsh)

# export varname="value"

# set env. variable varname to value (sh/ksh/bash)

# pwd

# Print working directory

# mkdir -p /path/to/dir

# no error if existing, make parent dirs as needed

# mkdir -p project/{bin,src,obj,doc/{html,man,pdf},debug/some/more/dirs}

# rmdir /path/to/dir

# Remove directory

# rm -rf /path/to/dir

# Remove directory and its content (force)

# rm -- -badchar.txt

# Remove file whitch starts with a dash (-)

# cp -la /dir1 /dir2

# Archive and hard link files instead of copy

# cp -lpR /dir1 /dir2

# Same for FreeBSD

# cp unixtoolbox.xhtml{,.bak}

# Short way to copy the file with a new extension

# mv /dir1 /dir2

# Rename a directory

# ls -1

# list one file per line

# history | tail -50

# Display the last 50 used commands

# cd -

# cd to previous ($OLDPWD) directory

# /bin/ls| grep -v .py | xargs rm -r# pipe file names to rm with xargs

#GDBJEHKD

G@RGDRVHSGNODMRRK�4GHRHR@MHBD@KSDQM@SHUDSNSGDBNLL@MCRmd5sumNQsha1sum

�&QDD"3$�TRDRmd5@MCsha1�VGHBG�@QD�MNS�@KV@XR�HMRS@KKDC�

# openssl md5 file.tar.gz

# Generate an md5 checksum from file

# openssl sha1 file.tar.gz

# Generate an sha1 checksum from file

# openssl rmd160 file.tar.gz

# Generate a RIPEMD-160 checksum from file

15

IN

ST

AL

L S

OF

TW

AR

E

5RT@KKX�SGD�O@BJ@FD�L@M@FDQ�TRDR�SGD�OQNWX�U@QH@AKD�ENQ�GSSO�ESO�QDPTDRSR��)M��A@RGQB�

��GSSO��V

VV�GBBEK�DCT�ONKKNBJ�5MHW�&HMC#LC�GSL

c�)MRS@KK�3NESV@QD�c

��

Sh

ort s

ta

rt e

xa

mp

le

RS@QS�RBQDDM�VHSG�

# screen

7HSGHM�SGD�RBQDDM�RDRRHNM�VD�B@M�RS@QS�@�KNMF�K@RSHMF�OQNFQ@L��KHJD�SNO�

# top

.NV�CDS@BG�VHSG

Ctr

l-a C

trl-

d��2D@SS@BG�SGD�SDQLHM@K�VHSG�

# screen -R -D

)MCDS@HKSGHRLD@MR�)E@RDRRHNMHRQTMMHMF�SGDMQD@SS@BG�)EMDBDRR@QXCDS@BG@MCKNFNTSQDLNSDKX

EHQRS��)E�HS�V@R�MNS�QTMMHMF�BQD@SD�HS�@MC�MNSHEX�SGD�TRDQ��/Q�

# screen -x

!SS@BGSN@QTMMHMFRBQDDMHM@LTKSHCHROK@XLNCD�4GDBNMRNKDHRSGTRRG@QDC@LNMFLTKSHOKD

TRDQR��6DQX�TRDETK�ENQ�SD@L�VNQJ�CDATF�

Scre

en

co

mm

an

ds (

wit

hin

scre

en

)

!KK�RBQDDM�BNLL@MCR�RS@QS�VHSG

Ctr

l-a�

aC

trl-

a ?GDKO�@MC�RTLL@QX�NE�ETMBSHNMR

aC

trl-

a cBQD@SD�@M�MDV�VHMCNV��SDQLHM@K

aC

trl-

aC

trl-

nan

dC

trl-

aC

trl-

pSNRVHSBGSNSGDMDWSNQOQDUHNTRVHMCNVHMSGDKHRS�AX

MTLADQ�

aC

trl-

a C

trl-

NVGDQD�.�HR�@�MTLADQ�EQNL��SN��SN�RVHSBG�SN�SGD�BNQQDRONMCHMF�VHMCNV�

aC

trl-

a "SN�FDS�@�M@UHF@AKD�KHRS�NE�QTMMHMF�VHMCNVR

aC

trl-

a aSN�BKD@Q�@�LHRRDC�#SQK @

aC

trl-

a C

trl-

dSN�CHRBNMMDBS�@MC�KD@UD�SGD�RDRRHNM�QTMMHMF�HM�SGD�A@BJFQNTMC

aC

trl-

a xKNBJ�SGD�RBQDDM�SDQLHM@K�VHSG�@�O@RRVNQC

aC

trl-

a [DMSDQ�HMSN

scro

llb

ackLNCD��DWHS�VHSG

esc�

5RDecho "defscrollback 5000" > ~/.screenrcSN�HMBQD@RD�ATEEDQ��CDE@TKS�HR��

dC

-u3BQNKKR�@�G@KE�O@FD�TO

dC

-b3BQNKK�@�ETKK�O@FD�TO

dC

-d3BQNKK�@�G@KE�O@FD�CNVM

dC

-f3BQNKK�@�ETKK�O@FD�CNVM

d/3D@QBG�ENQV@QC

d?3D@QBG�A@BJV@QC

#NMEHFTQ@SHNM�HM�]��RBQDDMQB�

defscrollback 100000

# increase scrollback buffer (default is 100)

termcapinfo xterm* ti@:te@

# avoid alternate text buffer to allow scrolling

4GDRBQDDMRDRRHNMHRSDQLHM@SDCVGDMSGDOQNFQ@LVHSGHMSGDQTMMHMFSDQLHM@KHRBKNRDC@MCXNT

KNFNTS�EQNL�SGD�SDQLHM@K�

14

.8F

ind

3NLD�HLONQS@MS�NOSHNMR�

-x�NM�"3$-xdev�NM�,HMTW

3S@X�NM�SGD�R@LD�EHKD�RXRSDL��CDU�HM�ERS@A�

-exec cmd {} \;

%WDBTSD�SGD�BNLL@MC�@MC�QDOK@BD�Z\�VHSG�SGD�ETKK�O@SG

-iname

,HJD� M@LD�ATS�HR�B@RD�HMRDMRHSHUD

-ls

$HROK@X�HMENQL@SHNM�@ANTS�SGD�EHKD��KHJD�KR� K@

-size n

M�HR�� M��J�-�'�4�0

-cmin n

&HKD�R�RS@STR�V@R�K@RS�BG@MFDC�M�LHMTSDR�@FN�

# find . -type f ! -perm -444

# Find files not readable by all

# find . -type d ! -perm -111

# Find dirs not accessible by all

# find /home/user/ -cmin 10 -print

# Files created or modified in the last 10 min.

# find . -name '*.[ch]' | xargs grep -E 'expr'# Search 'expr' in this dir and below.

c�5RDETK�#NLL@MCR�c

��

4.4

Ch

an

ge

MA

C a

dd

re

ss

.NQL@KKXXNTG@UDSNAQHMFSGDHMSDQE@BDCNVMADENQDSGDBG@MFD�$NM�SSDKKLDVGXXNTV@MSSN

BG@MFD�SGD�-!#�@CCQDRR��

# ifconfig eth0 down

# ifconfig eth0 hw ether 00:01:02:03:04:05

# Linux

# ifconfig fxp0 link 00:01:02:03:04:05

# FreeBSD

# ifconfig hme0 ether 00:01:02:03:04:05

# Solaris

# sudo ifconfig en0 ether 00:01:02:03:04:05

# OS X Tiger, Snow Leopard LAN*

# sudo ifconfig en0 lladdr 00:01:02:03:04:05

# OS X Leopard

4XOHB@KVHQDKDRRHMSDQE@BDHR

en1@MCMDDCRCNCHR@RRNBH@SDEQNL@MXMDSVNQJEHQRS�NRWC@HKX

GNVSN�

# echo "alias airport='/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport'"\

>> ~/.bash_profile

# or symlink to /usr/sbin

# airport -z

# Disassociate from wireless networks

# airport -I

# Get info from wireless network

-@MX�SNNKR�DWHRS�ENQ�7HMCNVR��&NQ�DW@LOKDDSGDQBG@MFD��/Q�KNNJ�ENQ��-@B�-@JDTO��RL@B��

4.5

Po

rts

in

us

e

,HRSDMHMF�NODM�ONQSR�

# netstat -an | grep LISTEN

# lsof -i

# Linux list all Internet connections

# socklist

# Linux display list of open sockets

# sockstat -4

# FreeBSD application listing

# netstat -anp --udp --tcp | grep LISTEN

# Linux

# netstat -tup

# List active connections to/from system (Linux)

# netstat -tupl

# List listening ports from system (Linux)

# netstat -ano

# Windows

4.6

Fir

ew

all

#GDBJ�HE�@�EHQDV@KK�HR�QTMMHMF��SXOHB@K�BNMEHFTQ@SHNM�NMKX�

Lin

ux

# iptables -L -n -v

# For status

Open the iptables firewall

# iptables -P INPUT ACCEPT

# Open everything

# iptables -P FORWARD ACCEPT

# iptables -P OUTPUT ACCEPT

# iptables -Z

# Zero the packet and byte counters in all chains

# iptables -F

# Flush all chains

# iptables -X

# Delete all chains

Fre

eB

SD

# ipfw show

# For status

# ipfw list 65535# if answer is "65535 deny ip from any to any" the fw is disabled

# sysctl net.inet.ip.fw.enable=0

# Disable

# sysctl net.inet.ip.fw.enable=1

# Enable

4.7

IP

Fo

rw

ard

fo

r r

ou

tin

g

Lin

ux

#GDBJ�@MC�SGDM�DM@AKD�)0�ENQV@QC�VHSG�

# cat /proc/sys/net/ipv4/ip_forward

# Check IP forward 0=off, 1=on

# echo 1 > /proc/sys/net/ipv4/ip_forward

NQ�DCHS��DSB�RXRBSK�BNME�VHSG�

net.ipv4.ip_forward = 1

��GSSO��MSRDBTQHSX�MT�SNNKANW�DSGDQBG@MFD

c�.DSVNQJ�c

��

Fre

eB

SD

#GDBJ�@MC�DM@AKD�VHSG�

# sysctl net.inet.ip.forwarding

# Check IP forward 0=off, 1=on

# sysctl net.inet.ip.forwarding=1

# sysctl net.inet.ip.fastforwarding=1

# For dedicated router or firewall

Permanent with entry in /etc/rc.conf:

gateway_enable="YES"

# Set to YES if this host will be a gateway.

So

laris

# ndd -set /dev/ip ip_forwarding 1

# Set IP forward 0=off, 1=on

4.8

NA

T N

etw

ork

Ad

dre

ss

Tra

ns

latio

n

Lin

ux

# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

# to activate NAT

# iptables -t nat -A PREROUTING -p tcp -d 78.31.70.238 --dport 20022 -j DNAT \

--to 192.168.16.44:22

# Port forward 20022 to internal IP port ssh

# iptables -t nat -A PREROUTING -p tcp -d 78.31.70.238 --dport 993:995 -j DNAT \

--to 192.168.16.254:993-995

# Port forward of range 993-995

# ip route flush cache

# iptables -L -t nat

# Check NAT status

$DKDSDSGDONQSENQV@QCVHSG $HMRSD@CNE !�4GDOQNFQ@LMDSRS@S M@S�HRUDQXTRDETKSNSQ@BJ

BNMMDBSHNMR��HS�T

RDR/proc/net/ip_conntrackNQ/proc/net/nf_conntrack�

# netstat-nat -n

# show all connections with IPs

Fre

eB

SD

# natd -s -m -u -dynamic -f /etc/natd.conf -n fxp0

Or edit /etc/rc.conf with:

firewall_enable="YES"

# Set to YES to enable firewall functionality

firewall_type="open"

# Firewall type (see /etc/rc.firewall)

natd_enable="YES"

# Enable natd (if firewall_enable == YES).

natd_interface="tun0"

# Public interface or IP address to use.

natd_flags="-s -m -u -dynamic -f /etc/natd.conf"

0NQS�EN

QV@QC�VHSG�

# cat /etc/natd.conf

same_ports yes

use_sockets yes

unregistered_only

# redirect_port tcp insideIP:2300-2399 3300-3399

# port range

redirect_port udp 192.168.51.103:7777 7777

4.9

DN

S

/M5MHWSGD$.3DMSQHDR@QDU@KHCENQ@KKHMSDQE@BDR@MC@QDRSNQDCHM�DSB�QDRNKU�BNME�4GDCNL@HM

SN�VGHBG�SGD�GNRS�ADKNMFR�HR�@KRN�RSNQDC�HM�SGHR�EHKD��!�LHMHL@K�BNMEHFTQ@SHNM�HR�

nameserver 78.31.70.238

search sleepyowl.net intern.lab

domain sleepyowl.net

#GDBJ�SGD�RXRSDL�CNL@HM�M@LD�VHSG�

# hostname -d

# Same as dnsdomainname

Win

do

ws

/M7HMCNVRSGD$.3@QDBNMEHFTQDCODQHMSDQE@BD�4NCHROK@XSGDBNMEHFTQDC$.3@MCSNEKTRGSGD

$.3�B@BGD�TRD�

# ipconfig /?

# Display help

# ipconfig /all

# See all information including DNS

��GSSO��SV

DDFX�MK�OQNIDBSR�MDSRS@S M@S

c�.DSVNQJ�c

��

noerror

BNMSHMTD�@ESDQ�QD@C�DQQNQR��D�F��A@C�AKNBJR

sync

O@C�DUDQX�HMOTS�AKNBJ�VHSG�.TKKR�SN�HAR RHYD

4GDCDE@TKSAXSDRHYDHR��NMDAKNBJ�4GD-"2�VGDQDSGDO@QSHSHN

MS@AKDHRKNB@SDC�HRNMSGD

EHQRSAKNBJ�SGDEHQRS��AKNBJRNE@CHRJ@QDDLOSX�,@QFDQAXSDRHYDR@QDE@RSDQSNBNOXATSQDPTHQD

@KRN�LNQD�LDLNQX�

Ba

ck

up

an

d r

esto

re

# dd if=/dev/hda of=/dev/hdc bs=16065b

# Copy disk to disk (same size)

# dd if=/dev/sda7 of=/home/root.img bs=4096 conv=notrunc,noerror# Backup /

# dd if=/home/root.img of=/dev/sda7 bs=4096 conv=notrunc,noerror# Restore /

# dd bs=1M if=/dev/ad4s3e | gzip -c > ad4s3e.gz

# Zip the backup

# gunzip -dc ad4s3e.gz | dd of=/dev/ad0s3e bs=1M

# Restore the zip

# dd bs=1M if=/dev/ad4s3e | gzip | ssh eedcoba@fry 'dd of=ad4s3e.gz'# also remote

# gunzip -dc ad4s3e.gz | ssh eedcoba@host 'dd of=/dev/ad0s3e bs=1M'

# dd if=/dev/ad0 of=/dev/ad2 skip=1 seek=1 bs=4k conv=noerror

# Skip MBR

# This is necessary if the destination (ad2) is smaller.

# dd if=/vm/FreeBSD-8.2-RELEASE-amd64-memstick.img of=/dev/disk1 bs=10240 conv=sync

# Copy FreeBSD image to USB memory stick

Re

co

ve

r

4GDBNLL@MCddVHKKQD@C

every

sin

gle

blo

ckNESGDO@QSHSHN

M�)MB@RDNEOQNAKDLRHSHRADSSDQSN

TRDSGDNOSHNMconv=sync,noerrorRNCCVHKKRJHOSGDA@CAKNBJ@MCVQHSD

YDQNR@SSGDCDRSHM@SHNM�

!BBNQCHMFKXHSHRHLONQS@MSSNRDSSGDAKNBJRHYDDPT@KNQRL@KKDQSG@MSGDCHRJAKNBJRHYD�!�JRHYD

RDDLRR@ED�RDSHSVHSG

bs=1k�)E@CHRJG@RA@CRDBSNQR@MCSGDC@S@RGNTKCADQDBNUDQDCEQNL

@O@QSHSHN

M�BQD@SD@MHL@FDEHKDVHSGCC�LNTMSSGDHL@FD@MCBNOXSGDBNMSDMSSN@MDVCHRJ�

7HSGSGDNOSHNMnoerror�CCVHKKRJHOSGDA@CRDBSNQR@MCVQHSD

YDQNRHMRSD@C�SGTRNMKXSGDC@S@

BNMS@HMDC�HM�SGD�A@C�RDBSNQR�VHKK�AD�KNRS�

# dd if=/dev/hda of=/dev/null bs=1m

# Check for bad blocks

# dd bs=1k if=/dev/hda1 conv=sync,noerror,notrunc | gzip | ssh \# Send to remote

root@fry 'dd of=hda1.gz bs=1k'

# dd bs=1k if=/dev/hda1 conv=sync,noerror,notrunc of=hda1.img

# Store into an image

# mount -o loop /hda1.img /mnt

#Mount the image(page 14)

# rsync -ax /mnt/ /newdisk/

# Copy on a new disk

# dd if=/dev/hda of=/dev/hda

# Refresh the magnetic state

# The above is useful to refresh a disk. It is perfectly safe, but must be unmounted.

De

lete

# dd if=/dev/zero of=/dev/hdc

# Delete full disk

# dd if=/dev/urandom of=/dev/hdc

# Delete full disk better

# kill -USR1 PID

# View dd progress (Linux)

# kill -INFO PID

# View dd progress (FreeBSD)

MB

R t

ric

ks

4GD-"2BNMS@HMRSGDANNSKN@CDQ@MCSGDO@QSHSHN

MS@AKD@MCHR��AXSDRRL@KK�4GDEHQRS��@QD

ENQ�SGD�ANNS�KN@CDQ��SG

D�AXSDR��SN��@QD�ENQ�SGD�O@QSHSHN

M�S@AKD�

# dd if=/dev/sda of=/mbr_sda.bak bs=512 count=1

# Backup the full MBR

# dd if=/dev/zero of=/dev/sda bs=512 count=1

# Delete MBR and partition table

# dd if=/mbr_sda.bak of=/dev/sda bs=512 count=1

# Restore the full MBR

# dd if=/mbr_sda.bak of=/dev/sda bs=446 count=1

# Restore only the boot loader

# dd if=/mbr_sda.bak of=/dev/sda bs=1 count=64 skip=446 seek=446# Restore partition table

14

.7s

cre

en

3BQDDM��@�LTRS�G@UD�G@R�SVN�L@HM�ETMBSHNM@KHSHDR�

a2TM�LTKSHOKD�SDQLHM@K�RDRRHNM�VHSGHM�@�RHMFKD�SDQLHM@K�

a!RS@QSDCOQNFQ@LHRCDBNTOKDCEQNLSGDQD@KSDQLHM@K@MCB@MSGTRQTMHMSGDA@BJFQNTMC�

4GD�QD@K�SDQLHM@K�B@M�AD�BKNRDC�@MC�QD@SS@BGDC�K@SDQ�


��

EOT

# 4GHR�HR�@KRN�VNQJHMF�VHSG�@�OHOD�

# echo "This is the mail body" | mail [email protected]

4GHR�HR�@KRN�@�RHLOKD�V@X�SN�SDRS�SGD�L@HK�RDQUDQ�

14

.4ta

r

4GDBNLL@MCtar�S@OD@QBGHUDBQD@SDR@MCDWSQ@BSR@QBGHUDRNEEHKD@MCCHQDBSNQHDR�4GD@QBGHUD

�S@QHRTMBNLOQDRRDC�@BNLOQDRRDC@QBGHUDG@RSGDDWSDMRHNM�SFYNQ�S@Q�FY�YHONQ�SAY�AYHO��

$NMNSTRD@ARNKTSDO@SGVGDMBQD@SHMF@M@QBGHUD�XNTOQNA@AKXV@MSSNTMO@BJHSRNLDVGDQD

DKRD��3NLD�SXOHB@K�BNLL@MCR�@QD�

Cre

ate

# cd /

# tar -cf home.tar home/

# archive the whole /home directory (c for create)

# tar -czf home.tgz home/

# same with zip compression

# tar -cjf home.tbz home/

# same with bzip2 compression

/MKXHMBKTCDNMD�NQSVNCHQDBSNQHDREQNL@SQDD�ATSJDDOSGDQDK@SHUDRSQTBSTQD�&NQDW@LOKD

@QBGHUD��TRQ�KNB@K�DSB�@MC��TRQ�KNB@K�VVV�@MC�SGD�EHQRS�CHQDBSNQX�HM�SGD�@QBGHUD�RGNTKC�AD�KNB@K��

# tar -C /usr -czf local.tgz local/etc local/www

# tar -C /usr -xzf local.tgz

# To untar the local dir into /usr

# cd /usr; tar -xzf local.tgz

# Is the same as above

Ex

tra

ct

# tar -tzf home.tgz

# look inside the archive without extracting (list)

# tar -xf home.tar

# extract the archive here (x for extract)

# tar -xzf home.tgz

# same with zip compression (-xjf for bzip2 compression)

# remove leading path gallery2 and extract into gallery

# tar --strip-components 1 -zxvf gallery2.tgz -C gallery/

# tar -xjf home.tbz home/colin/file.txt

# Restore a single file

# tar -xOf home.tbz home/colin/file.txt

# Print file to stdout (no extraction)

Mo

re

ad

va

nce

d

# tar c dir/ | gzip | ssh user@remote 'dd of=dir.tgz'# arch dir/ and store remotely.

# tar cvf - `find . -print` > backup.tar

# arch the current directory.

# tar -cf - -C /etc . | tar xpf - -C /backup/etc

# Copy directories

# tar -cf - -C /etc . | ssh user@remote tar xpf - -C /backup/etc

# Remote copy.

# tar -czf home.tgz --exclude '*.o' --exclude 'tmp/' home/

14

.5z

ip/

un

zip

:HO�EHKDR�B@M�AD�D@RHDQ�SN�RG@QD�VHSG�7HMCNVR�

# zip -r fileName.zip /path/to/dir

# zip dir into file fileName.zip

# unzip fileName.zip

# uncompress zip file

# unzip -l fileName.zip

# list files inside archive

# unzip -c fileName.zip fileinside.txt

# print one file to stdout (no extraction)

# unzip fileName.zip fileinside.txt

# extract one file only

14

.6d

d

4GDOQNFQ@L

dd�CHRJCTLONQCDRSQNXCHRJNQRDDSGDLD@MHMFNECCHRTRDCSNBNOXO@QSHSHNMR

@MC�CHRJR�@MC�ENQ�NSGDQ�BNOX�SQHBJR��4XOHB@K�TR@FD�

# dd if=<source> of=<target> bs=<byte size> conv=<conversion>

# kill -INFO PID

# View dd progress (FreeBSD, OSX)

)LONQS@MS�BNMU�NOSHNMR�

notrunc

CN�MNS�SQTMB@SD�SGD�NTSOTS�EHKD��@KK�YDQNR�VHKK�AD�VQHSSDM�@R�YDQNR�


��

Flu

sh

DN

S

&KTRGSGD/3$.3B@BGD�RNLD@OOKHB@SHNMTRHMFSGDHQNVMB@BGD�D�F�&HQDENW@MCVHKKAD

TM@EEDBSDC�

# /etc/init.d/nscd restart

# Restart nscd if used - Linux/BSD/Solaris

# lookupd -flushcache

# OS X Tiger

# dscacheutil -flushcache

# OS X Leopard and newer

# ipconfig /flushdns

# Windows

Fo

rw

ard

qu

erie

s

$HFHRXNTEQHDMCSNSDRSSGD$.3RDSSHMFR�&NQDW@LOKDSGDOTAKHB$.3RDQUDQ213.133.105.2

ns.second-ns.deB@MADTRDCENQSDRSHMF�3DDEQNLVGHBGRDQUDQSGDBKHDMSQDBDHUDRSGD@MRVDQ

�RHLOKHEHDC�@MRVDQ�

# dig sleepyowl.net

sleepyowl.net. 600 IN A 78.31.70.238

;; SERVER: 192.168.51.254#53(192.168.51.254)

4GDQNTSDQ��@MRVDQDC@MCSGDQDRONMRDHRSGD!DMSQX�!MXDMSQXB@MADPTDQHDC

@MC�SGD�$.3�RDQUDQ�B@M�AD�RDKDBSDC�VHSG� �

# dig MX google.com

# dig @127.0.0.1 NS sun.com

# To test the local server

# dig @204.97.212.10 NS MX heise.de

# Query an external server

# dig AXFR @ns1.xname.org cb.vu

# Get the full zone (zone transfer)

4GD�OQNFQ@L�GNRS�HR�@KRN�ONVDQETK�

# host -t MX cb.vu

# Get the mail MX entry

# host -t NS -T sun.com

# Get the NS record over a TCP connection

# host -a sleepyowl.net

# Get everything

Re

ve

rse

qu

erie

s

&HMCSGDM@LDADKNMFHMFSN@M)0@CCQDRR�HM @CCQ�@QO@��4GHRB@MADCNMDVHSGdig�host@MC

nslookup�

# dig -x 78.31.70.238

# host 78.31.70.238

# nslookup 78.31.70.238

/e

tc/

ho

sts

3HMFKDGNRSRB@MADBNMEHFTQDCHMSGDEHKD�DSB�GNRSRHMRSD@CNEQTMMHMFnamedKNB@KKXSNQDRNKUDSGD

GNRSM@LD�PTDQHDR��4GD�ENQL@S�HR�RHLOKD��ENQ�DW@LOKD�

78.31.70.238 sleepyowl.net sleepyowl

4GDOQHNQHSXADSVDDMGNRSR@MC@CMRPTDQX�SG@SHRSGDM@LDQDRNKTSHNMNQCDQ�B@MADBNMEHFTQDCHM

/etc/nsswitch.conf!.$��DSB�GNRS�BNME��4GD�EHKD�@KRN�DWHRSR�NM�7HMCNVR��HS�HR�TRT@KKX�HM�

C:\WINDOWS\SYSTEM32\DRIVERS\ETC

4.1

0D

HC

P

Lin

ux

3NLD�CHRSQHATSHNMR��3T3%�TRD�CGBOBC�@R�BKHDMS��4GD�CDE@TKS�HMSDQE@BD�HR�DSG��

# dhcpcd -n eth0

# Trigger a renew (does not always work)

# dhcpcd -k eth0

# release and shutdown

4GD�KD@RD�VHSG�SGD�ETKK�HMENQL@SHNM�HR�RSNQDC�HM�

/var/lib/dhcpcd/dhcpcd-eth0.info

Fre

eB

SD

&QDD"3$��@MC�$DAH@M�TRDR�CGBKHDMS��4N�BNMEHFTQD�@M�HMSDQE@BD��ENQ�DW@LOKD�AFD��QTM�

# dhclient bge0

c�.DSVNQJ�c

��

4GD�KD@RD�VHSG�SGD�ETKK�HMENQL@SHNM�HR�RSNQDC�HM�

/var/db/dhclient.leases.bge0

5RD

/etc/dhclient.conf

SN�OQDODMC�NOSHNMR�NQ�ENQBD�CHEEDQDMS�NOSHNMR�

# cat /etc/dhclient.conf

interface "rl0" {

prepend domain-name-servers 127.0.0.1;

default domain-name "sleepyowl.net";

supersede domain-name "sleepyowl.net";

}Win

do

ws

4GD�CGBO�KD@RD�B@M�AD�QDMDVDC�VHSG

ipconfig�

# ipconfig /renew

# renew all adapters

# ipconfig /renew LAN

# renew the adapter named "LAN"

# ipconfig /release WLAN

# release the adapter named "WLAN"

9DR�HS�HR

�@�FNNC�HCD@�SN�QDM@LD�XNT�@C@OSDQ�VHSG�RHLOKD�M@LDR�

4.1

1T

ra

ffic

an

aly

sis

"LNM�HR�@�RL@KK�BNMRNKD�A@MCVHCSG�LNMHSNQ�@MC�B@M�CHROK@X�SGD�EKNV�NM�CHEEDQDMS�HMSDQE@BDR�

Sn

iff w

ith

tcp

du

mp

# tcpdump -nl -i bge0 not port ssh and src $192.168.16.121 or 192.168.16.54$

# tcpdump -n -i eth1 net 192.168.16.121

# select to/from a single IP

# tcpdump -n -i eth1 net 192.168.16.0/24

# select traffic to/from a network

# tcpdump -l > dump && tail -f dump

# Buffered output

# tcpdump -i rl0 -w traffic.rl0

# Write traffic headers in binary file

# tcpdump -i rl0 -s 0 -w traffic.rl0

# Write traffic + payload in binary file

# tcpdump -r traffic.rl0

# Read from file (also for ethereal

# tcpdump port 80

# The two classic commands

# tcpdump host google.com

# tcpdump -i eth0 -X port $110 or 143$

# Check if pop or imap is secure

# tcpdump -n -i eth0 icmp

# Only catch pings

# tcpdump -i eth0 -s 0 -A port 80 | grep GET

# -s 0 for full packet -A for ASCII

!CCHSHNM@K�HLONQS@MS�NOSHNMR�

-A

0QHMS�D@BG�O@BJDSR�HM�BKD@Q�SDWS��V

HSGNTS�GD@CDQ

-X

0QHMS�O@BJDSR�HM�GDW�@MC�!3#))

-l

-@JD�RSCNTS�KHMD�ATEEDQDC

-D

0QHMS�@KK�HMSDQE@BDR�@U@HK@AKD

/M�7HMCNVR�TRD�VHMCTLO�EQNLVVV�VHMOB@O�NQF��5RD�VHMCTLO� $�SN�KHRS�SGD�HMSDQE@BDR�

Sca

n w

ith

nm

ap

.L@O�HR@ONQSRB@MMDQVHSG/3CDSDBSHNM�HSHRTRT@KKXHMRS@KKDCNMLNRSCHRSQHATSHNMR@MCHR@KRN

@U@HK@AKD�ENQ�7HMCNVR��)E�X

NT�CNM�S�RB@M�XNTQ�RDQUDQR��G@BJDQR�CN�HS�EN

Q�XNT��

# nmap cb.vu

# scans all reserved TCP ports on the host

# nmap -sP 192.168.16.0/24# Find out which IP are used and by which host on 0/24

# nmap -sS -sV -O cb.vu

# Do a stealth SYN scan with version and OS detection

PORT STATE SERVICE VERSION

22/tcp open ssh OpenSSH 3.8.1p1 FreeBSD-20060930 (protocol 2.0)

25/tcp open smtp Sendmail smtpd 8.13.6/8.13.6

80/tcp open http Apache httpd 2.0.59 ((FreeBSD) DAV/2 PHP/4.

[...]

��GSSO��ODNOKD�RTTF�BG�]SFQ�ALNM�

��GSSO��HM

RDBTQD�NQF�ML@O�

c�.DSVNQJ�c

��

3NLD�HLONQS@MS�BNLL@MCR�@QD��>.�RS@MCR�ENQ�;BNMSQNK= ;.

=�

h H

FNNC�GDKO�NM�CHROK@X

f ^F ^

V S

PA

CE

&NQV@QC�NMD�VHMCNV��NQ�.�KHMDR�

b ^

B E

SC

-v"@BJV@QC�NMD�VHMCNV��NQ�.�KHMDR�

F&NQV@QC�ENQDUDQ��KHJ

D��S@HK� E��

/p

atte

rn

3D@QBG�ENQV@QC�ENQ��. SG�L@SBGHMF�KHMD�

?p

atte

rn

3D@QBG�A@BJV@QC�ENQ��. SG�L@SBGHMF�KHMD�

n2DOD@S�OQDUHNTR�RD@QBG��ENQ�. SG�NBBTQQDMBD�

N2DOD@S�OQDUHNTR�RD@QBG�HM�QDUDQRD�CHQDBSHNM�

qPTHS

14

.2v

i

6HHROQDRDMSNM!.9,HMTW�5MHWHMRS@KK@SHNM�MNSFDMSNN�@MCHSHRSGDQDENQDTRDETKSNJMNVRNLD

A@RHBBNLL@MCR�4GDQD@QDSVNLNCDR�BNLL@MCLNCD@MCHMRDQSHNMLNCD�4GDBNLL@MCRLNCD

HR�@BBDRRDC�VHSG

[ES

C]��SGD�HMRDQSHNM�LNCD�VHSG

i��5RD: helpHE�XNT�@QD�KNRS�

4GD�DCHSNQR

nano@MCpico@QD�TRT@KKX�@U@HK@AKD�SNN�@MC�@QD�D@RHDQ��)-

(/�SN�TRD�

Qu

it

:wMDVEHKDM@LD

R@UD�SGD�EHKD�SN�MDVEHKDM@LD

:wq

or :x

R@UD�@MC�PTHS

:q!

PTHS�VHSGNTS�R@UHMF

Se

arch

an

d m

ov

e

/str

ing

3D@QBG�ENQV@QC�ENQ�RSQHMF

?str

ing

3D@QBG�A@BJ�ENQ�RSQHMF

n3D@QBG�ENQ�MDWS�HMRS@MBD�NE�RSQHMF

N3D@QBG�ENQ�OQDUHNTR�HMRS@MBD�NE�RSQHMF

{-NUD�@�O@Q@FQ@OG�A@BJ

}-NUD�@�O@Q@FQ@OG�ENQV@QC

1G

-NUD�SN�SGD�EHQRS�KHMD�NE�SGD�EHKD

nG

-NUD�SN�SGD�M�SG�KHMD�NE�SGD�EHKD

G-NUD�SN�SGD�K@RS�KHMD�NE�SGD�EHKD

:%s/

OLD

/N

EW

/g

3D@QBG�@MC�QDOK@BD�DUDQX�NBBTQQDMBD

De

lete

co

py

pa

ste

te

xt

dd

(d

w)

#TS�BTQQDMS�KHMD��VNQC

D#TS�SN�SGD�DMC�NE�SGD�KHMD

x$DKDSD��BTS�BG@Q@BSDQ

yy (

yw

)#NOX�KHMD��VNQC�@ESDQ�BTQRNQ

P0@RSD�@ESDQ�BTQRNQ

u5MCN�K@RS�LNCHEHB@SHNM

U5MCN�@KK�BG@MFDR�SN�BTQQDMS�KHMD

14

.3m

ail

4GDmailBNLL@MCHR@A@RHB@OOKHB@SHNMSNQD@C@MCRDMCDL@HK�HSHRTRT@KKXHMRS@KKDC�4NRDMC

@MDL@HKRHLOKXSXOD�L@HKTRDQ CNL@HM��4GDEHQRSKHMDHRSGDRTAIDBS�SGDMSGDL@HKBNMSDMS�

4DQLHM@SD�@MC�RDMC�SGD�DL@HK�VHSG�@�RHMFKD�CNS��HM

�@�MDV�KHMD��%W@LOKD�

# mail [email protected]

Subject: Your text is full of typos

"For a moment, nothing happened. Then, after a second or so,

nothing continued to happen."

.


��

<Location /svn>

DAV svn

# any "/svn/foo" URL will map to a repository /home/svn/foo

SVNParentPath /home/svn

AuthType Basic

AuthName "Subversion repository"

AuthzSVNAccessFile /etc/apache2/svn.acl

AuthUserFile /etc/apache2/svn-passwd

Require valid-user

</Location>

4GD�@O@BGD�RDQUDQ�MDDCR�ETKK�@BBDRR�SN�SGD�QDONRHSNQX�

# chown -R www:www /home/svn

#QD@SD�@�TRDQ�VHSG�GSO@RRVC��

# htpasswd -c /etc/svn-passwd user1

# -c creates the file

Access c

ontr

ol

svn.a

cl

exam

ple

# Default it read access. "* =" would be default no access

[/]

* = r

[groups]

project1-developers = joe, jack, jane

# Give write access to the developers

[project1:]

@project1-developers = rw

13

.2S

VN

co

mm

an

ds

an

d u

sa

ge

3DD�@KRN�SGD3TAUDQRHNM�1THBJ�2DEDQDMBD�#@QC

��4NQSNHRD�36.��HR�@�MHBD�7HMCNVR�HMSDQE@BD�

Im

po

rt

!MDVOQNIDBS�SG@SHR@CHQDBSNQXVHSGRNLDEHKDR�HRHLONQSDCHMSNSGDQDONRHSNQXVHSGSGDimport

BNLL@MC��)LONQS�HR�@KRN�TRDC�SN�@CC�@�CHQDBSNQX�VHSG�HSR�BNMSDMS�SN�@M�DWHRSHMF�OQNIDBS�

# svn help import

# Get help for any command

# Add a new directory (with content) into the src dir on project1

# svn import /project1/newdir http://host.url/svn/project1/trunk/src -m 'add newdir'

Ty

pic

al

SV

N c

om

ma

nd

s

# svn co http://host.url/svn/project1/trunk

# Checkout the most recent version

# Tags and branches are created by copying

# svn mkdir http://host.url/svn/project1/tags/

# Create the tags directory

# svn copy -m "Tag rc1 rel." http://host.url/svn/project1/trunk \

http://host.url/svn/project1/tags/1.0rc1

# svn status [--verbose]

# Check files status into working dir

# svn add src/file.h src/file.cpp

# Add two files

# svn commit -m 'Added new class file'

# Commit the changes with a message

# svn ls http://host.url/svn/project1/tags/

# List all tags

# svn move foo.c bar.c

# Move (rename) files

# svn delete some_old_file

# Delete files

14

US

EF

UL

C

OM

MA

ND

SKDRR�O��[UH�O��[L@HK�O��[S@Q�O��[YHO�O��[CC�O��[RBQDDM�O��[EHMC�O��[

-HRBDKK@MDNTR�O��

14

.1le

ss

4GDlessBNLL@MC�CHROK@XR�@�SDWS�CNBTLDMS�NM�SGD�BNMRNKD��)S�HR�OQDRDMS�NM�LNRS�HMRS@KK@SHNM�

# less unixtoolbox.xhtml

��GSSO��VVV�BR�OTS�ONYM@M�OK�BRNA@MHDB�0@ODQR�RUM QDEB@QC�OCE

��GSSO��SNQSNHRDRUM�SHFQHR�NQF


��

Running: FreeBSD 5.X

Uptime 33.120 days (since Fri Aug 31 11:41:04 2007)

/SGDQMNMRS@MC@QCATSTRDETKSNNKR@QD

hping�VVV�GOHMF�NQF@M)0O@BJDS@RRDLAKDQ�@M@KXYDQ

@MCfping�EOHMF�RNTQBDENQFD�MDS��EOHMF�B@M�BGDBJ�LTKSHOKD�GNRSR�HM�@�QNTMC QNAHM�E@RGHNM�

4.1

2T

ra

ffic

co

ntro

l (Q

oS

)

4Q@EEHBBNMSQNKL@M@FDRSGDPTDTHMF�ONKHBHMF�RBGDCTKHMF�@MCNSGDQSQ@EEHBO@Q@LDSDQRENQ@

MDSVNQJ�4GDENKKNVHMFDW@LOKDR@QDRHLOKDOQ@BSHB@KTRDRNESGD,HMTW@MC&QDD"3$B@O@AHKHSHDRSN

ADSSDQ�TRD�SGD�@U@HK@AKD�A@MCVHCSG�

Lim

it u

plo

ad

$3,NQB@AKDLNCDLRG@UD@KNMFPTDTDSNHLOQNUDSGDTOKN@CSGQNTFGOTS�(NVDUDQEHKKHMFSGD

PTDTDVHSG@E@RSCDUHBD�D�F�DSGDQMDSVHKKCQ@L@SHB@KKXCDBQD@RDSGDHMSDQ@BSHUHSX�)SHRSGDQDENQD

TRDETKSNKHLHSSGDCDUHBDTOKN@CQ@SDSNL@SBGSGDOGXRHB@KB@O@BHSXNESGDLNCDL�SGHRRGNTKC

FQD@SKX�HLOQNUD�SGD�HMSDQ@BSHUHSX��3DS�SN�@ANTS��NE�SGD�LNCDL�L@WHL@K��B@AKD�RODDC�

Lin

ux

&NQ�@��+AHS�TOKN@C�LNCDL�

# tc qdisc add dev eth0 root tbf rate 480kbit latency 50ms burst 1540

# tc -s qdisc ls dev eth0

# Status

# tc qdisc del dev eth0 root

# Delete the queue

# tc qdisc change dev eth0 root tbf rate 220kbit latency 50ms burst 1540

FreeB

SD

&QDD"3$TRDRSGDdummynetSQ@EEHBRG@ODQVGHBGHRBNMEHFTQDCVHSGHOEV�0HODR@QDTRDCSNRDSKHLHSR

SGDA@MCVHCSGHMTMHSRNE;+[-=ZAHS�R["XSD�R\��LD@MRTMKHLHSDCA@MCVHCSG�5RHMFSGDR@LDOHOD

MTLADQ�VHKK�QDBNMEHFTQD�HS��&NQ�DW@LOKD�KHLHS�SGD�TOKN@C�A@MCVHCSG�SN��+AHS�

# kldload dummynet

# load the module if necessary

# ipfw pipe 1 config bw 500Kbit/s

# create a pipe with limited bandwidth

# ipfw add pipe 1 ip from me to any

# divert the full upload into the pipe

Qu

ali

ty

of s

erv

ice

Lin

ux

0QHNQHSXPTDTHMFVHSG

tcSN

NOSHLHYD6N)0�3DDSGDETKKDW@LOKDNMUNHO HMEN�NQF

NQ

VVV�GNVSNENQFD�BNL�3TOONRD6N)0TRDRTCONMONQSR��@MCCDUHBDDSG��BNTKC@KRN

ADOOO�NQRN�4GDENKKNVHMFBNLL@MCRCDEHMDSGD1N3SNSGQDDPTDTDR@MCENQBDSGD6N)0SQ@EEHB

SNPTDTD�VHSG1N30x1e�@KKAHSRRDS�4GDCDE@TKSSQ@EEHBEKNVRHMSNPTDTD�@MC1N3

Min

imiz

e-

Dela

yEKNVR�HMSN�PTDTD��

# tc qdisc add dev eth0 root handle 1: prio priomap 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 0

# tc qdisc add dev eth0 parent 1:1 handle 10: sfq



# tc filter add dev eth0 protocol ip parent 1: prio 1 u32 \

match ip dport 10000 0x3C00 flowid 1:1

# use server port range

match ip dst 123.23.0.1 flowid 1:1

# or/and use server IP

3S@STR�@MC�QDLNUD�VHSG

# tc -s qdisc ls dev eth0

# queue status

# tc qdisc del dev eth0 root

# delete all QoS

Calc

ula

te p

ort

range a

nd m

ask

4GDSBEHKSDQCDEHMDRSGDONQSQ@MFDVHSGONQS@MCL@RJVGHBGXNTG@UDSNB@KBTK@SD�&HMCSGD�>.

endin

gNESGDONQSQ@MFD�CDCTBDSGDQ@MFD@MCBNMUDQSSN(%8�4GHRHRXNTQL@RJ�%W@LOKDENQ

�� SGD�Q@MFD�HR��

# 2^13 (8192) < 10000 < 2^14 (16384)

# ending is 2^14 = 16384

# echo "obase=16;(2^14)-1024" | bc

# mask is 0x3C00

c�.DSVNQJ�c

��

FreeB

SD

4GDL@WKHMJA@MCVHCSGHR��+AHS�R@MCVDCDEHMD�PTDTDRVHSGOQHNQHSX

��ENQ6N)0�RRG�@KK

SGD�QDRS�

# ipfw pipe 1 config bw 500Kbit/s

# ipfw queue 1 config pipe 1 weight 100



# ipfw add 10 queue 1 proto udp dst-port 10000-11024

# ipfw add 11 queue 1 proto udp dst-ip 123.23.0.1# or/and use server IP

# ipfw add 20 queue 2 dsp-port ssh

# ipfw add 30 queue 3 from me to any

# all the rest

3S@STR�@MC�QDLNUD�VHSG

# ipfw list

# rules status

# ipfw pipe list

# pipe status

# ipfw flush

# deletes all rules but default

4.1

3N

IS

De

bu

gg

ing

3NLD�BNLL@MCR�VGHBG�RGNTKC�VNQJ�NM�@�VDKK�BNMEHFTQDC�.)3�BKHDMS�

# ypwhich

# get the connected NIS server name

# domainname

# The NIS domain name as configured

# ypcat group

# should display the group from the NIS server

# cd /var/yp && make

# Rebuild the yp database

# rpcinfo -p servername

# Report RPC services of the server

)R�XOAHMC�QTMMHMF�

# ps auxww | grep ypbind

/usr/sbin/ypbind -s -m -S servername1,servername2

# FreeBSD

/usr/sbin/ypbind

# Linux

# yppoll passwd.byname

Map passwd.byname has order number 1190635041. Mon Sep 24 13:57:21 2007

The master server is servername.domain.net.

Lin

ux

# cat /etc/yp.conf

ypserver servername

domain domain.net broadcast

4.1

4N

etc

at

.DSB@S��MBHRADSSDQJMNVM@RSGD�MDSVNQJ3VHRR!QLX+MHED��HSB@ML@MHOTK@SD�BQD@SDNQ

QD@C�VQHSD

4#0�)0BNMMDBSHNMR�(DQDRNLDTRDETKDW@LOKDR�SGDQD@QDL@MXLNQDNMSGDMDS�ENQ

DW@LOKDF KN@CDC�DT;��=

��@MCGDQD��

9NT�LHFGS�MDDC�SN�TRD�SGD�BNLL@MCnetcatHMRSD@C�NEnc��!KRN�RDD�SGD�RHLHK@Q�BNLL@MCRNB@S�

File

tra

nsfe

r

#NOX@K@QFDENKCDQNUDQ@Q@VSBOBNMMDBSHNM�4GDSQ@MREDQHRUDQXPTHBJ�MNOQNSNBNKNUDQGD@C

@MCXNTCNM�SMDDCSNLDRRTOVHSG.&3NQ3-"NQ&40NQRN�RHLOKXL@JDSGDEHKD@U@HK@AKDNMSGD

RDQUDQ��@MC�FDS�HS�EQN

L�SGD�BKHDMS��(DQD��HR�SGD�RDQUDQ�)0�@CCQDRR�

server#tar -cf - -C VIDEO_TS . | nc -l -p 4444

# Serve tar folder on port 4444

client#nc 192.168.1.1 4444 | tar xpf - -C VIDEO_TS

# Pull the file on port 4444

server#cat largefile | nc -l 5678

# Server a single file

client#nc 192.168.1.1 5678 > largefile

# Pull the single file

server#dd if=/dev/da0 | nc -l 4444

# Server partition image

client#nc 192.168.1.1 4444 | dd of=/dev/da0

# Pull partition to clone

client#nc 192.168.1.1 4444 | dd of=da0.img

# Pull partition to file

��GSSO��MDSB@S�RNTQBDENQFD�MDS

��GSSO��V

VV�F KN@CDC�DT��MDSB@S @ BNTOKD NE TRDETK DW@LOKDR

��GSSO��V

VV�SDQLHM@KKX HMBNGDQDMS�BNL�AKNF��EDV TRDETK MDSB@S SQHB

JR

c�.DSVNQJ�c

��

Ap

ply

a p

atch

3NLDSHLDRHSHRMDBDRR@QXSNRSQHO

@CHQDBSNQXKDUDKEQNLSGDO@SBG�CDODMCHMFGNVHSV@RBQD@SDC�

)M�B@RD�NE�CHEEHBTKSHDR��RHLOKX�KNNJ�@S�SGD�EHQRS�KHMDR�NE�SGD�O@SBG�@MC�SQX� O�� O��NQ� O��

# cd /devel/project

# patch --dry-run -p0 < patchfile

# Test the path without applying it

# patch -p0 < patchfile

# patch -p1 < patchfile

# strip off the 1st level from the path

13

SV

N3DQUDQ�RDSTO�O��[36.�33(�O��[36.�NUDQ�GSSO�O��[36.�TR@FD�O��

3TAUDQRHNM�36.��HR@UDQRHNMBNMSQNKRXRSDLCDRHFMDCSNADSGDRTBBDRRNQNE#63�#NMBTQQDMS

6DQRHNMR3XRSDL�4GDBNMBDOSHRRHLHK@QSN#63�ATSL@MXRGNQSBNLHMFRVGDQDHLOQNUDC�3DD@KRN

SGD36.�ANNJ��

13

.1S

erv

er s

etu

p

4GD�HMHSH@SHNM�NE�SGD�QDONRHSNQX�HR�E@HQKX�RHLOKD��GDQD�ENQ�DW@LOKD

/home/svn/LTRS�DWHRS�

# svnadmin create --fs-type fsfs /home/svn/project1

.NV�SGD�@BBDRR�SN�SGD�QDONRHSNQX�HR�L@CD�ONRRHAKD�VHSG�

afile://$HQDBSEHKDRXRSDL@BBDRRVHSGSGDRUMBKHDMSVHSG�4GHRQDPTHQDRKNB@KODQLHRRHNMR

NM�SGD�EHKD�RXRSDL�

asvn://NQsvn+ssh://2DLNSD@BBDRRVHSGSGDRUMRDQUDRDQUDQ�@KRNNUDQ33(�4GHR

QDPTHQDR�KNB@K�ODQLHRRHNMR�NM�SGD�EHKD�RXRSDL��CDE@TKS�ONQS��

��SBO�

ahttp://2DLNSD@BBDRRVHSGVDAC@UTRHMF@O@BGD�.NKNB@KTRDQR@QDMDBDRR@QXENQSGHR

LDSGNC�

5RHMFSGDKNB@KEHKDRXRSDL�HSHRMNVONRRHAKDSNHLONQS@MCSGDMBGDBJNTS@MDWHRSHMFOQNIDBS�

5MKHJD�VHSG�#63�HS�HR

�MNS�MDBDRR@QX�SN�BC�HMSN�SGD�OQNIDBS�CHQDBSNQX��RHLOKX�FHUD�SGD�ETKK�O@SG�

# svn import /project1/ file:///home/svn/project1/trunk -m 'Initial import'

# svn checkout file:///home/svn/project1

4GD�MDV�CHQDBSNQX��SQT

MJ��HR�NMKX�@�BNMUDMSHNM��SGHR�HR�MNS�QDPTHQDC�

Re

mo

te

acce

ss w

ith

ssh

.NRODBH@KRDSTOHRQDPTHQDCSN@BBDRRSGDQDONRHSNQXUH@RRG�RHLOKXQDOK@BDfile://VHSG

svn+ssh/

hostname��&NQ�DW@LOKD�

# svn checkout svn+ssh://hostname/home/svn/project1

!RVHSGSGDKNB@KEHKD@BBDRR�DUDQXTRDQMDDCR@MRRG@BBDRRSNSGDRDQUDQ�VHSG@KNB@K@BBNTMS

@MC@KRNQD@C�VQHSD

@BBDRR�4GHRLDSGNCLHFGSADRTHS@AKDENQ@RL@KKFQNTO�!KKTRDQRBNTKCADKNMF

SN�@�RTAUDQRHNM�FQNTO�VGHBG�NVMR�SGD�QDONRHSNQX��ENQ�DW@LOKD�

# groupadd subversion

# groupmod -A user1 subversion

# chown -R root:subversion /home/svn

# chmod -R 770 /home/svn

Re

mo

te

acce

ss w

ith

http

(a

pa

ch

e)

2DLNSD@BBDRRNUDQGSSO�GSSORHRSGDNMKXFNNCRNKTSHNMENQ@K@QFDQTRDQFQNTO�4GHRLDSGNCTRDR

SGD�@O@BGD�@TSGDMSHB@SHNM��MNS�SGD�KNB@K�@BBNTMSR��4GHR�HR�@�SXOHB@K�ATS�RL@KK�@O@BGD�BNMEHFTQ@SHNM�

LoadModule dav_module modules/mod_dav.so

LoadModule dav_svn_module modules/mod_dav_svn.so

LoadModule authz_svn_module modules/mod_authz_svn.so

# Only for access control

��GSSO��RTAUDQRHNM�SHFQHR�NQF�

��GSSO��RUMANNJ�QDC AD@M�BNL�DM��

c�36.�c

��

7GDMSGDKNFHMRTBBDDCDCNMDB@MHLONQS@MDVOQNIDBSHMSNSGDQDONRHSNQX�

cd

intoXNTQOQNIDBS

QNNS�CHQDBSNQX

cvs import <module name> <vendor tag> <initial tag>

cvs -d :pserver:[email protected]:/usr/local/cvs import MyProject MyCompany START

7GDQD-X0QNIDBSHRSGDM@LDNESGDMDVOQNIDBSHMSGDQDONRHSNQX�TRDCK@SDQSNBGDBJNTS�#URVHKK

HLONQS�SGD�BTQQDMS�CHQDBSNQX�BNMSDMS�HMSN�SGD�MDV�OQNIDBS�

4N�BGDBJNTS�

# cvs -d :pserver:[email protected]:/usr/local/cvs checkout MyProject

or

# setenv CVSROOT :pserver:[email protected]:/usr/local/cvs

# cvs checkout MyProject

12

.3S

SH

tu

nn

eli

ng

fo

r C

VS

7DMDDC�RGDKKRENQSGHR�/MSGDEHQRSRGDKKVDBNMMDBSSNSGDBURRDQUDQVHSGRRG@MCONQS ENQV@QC

SGD�BUR�BNMMDBSHNM��/M�SGD�RDBNMC�RGDKK�VD�TRD�SGD�BUR�MNQL@KKX�@R�HE�HS�VGDQD�QTMMHMF�KNB@KKX�

NM�RGDKK��

# ssh -L2401:localhost:2401 colin@cvs_server

# Connect directly to the CVS server. Or:

# ssh -L2401:cvs_server:2401 colin@gateway

# Use a gateway to reach the CVS

NM�RGDKK��

# setenv CVSROOT :pserver:colin@localhost:/usr/local/cvs

# cvs login

Logging in to :pserver:colin@localhost:2401/usr/local/cvs

CVS password:

# cvs checkout MyProject/src

12

.4C

VS

co

mm

an

ds

an

d u

sa

ge

Im

po

rt

4GDHLONQSBNLL@MCHRTRDCSN@CC@VGNKDCHQDBSNQX�HSLTRSADQTMEQNLVHSGHMSGDCHQDBSNQX

SNADHLONQSDC�3@XSGDCHQDBSNQX�CDUDK�BNMS@HMR@KKEHKDR@MCRTACHQDBSNQHDRSNADHLONQSDC�4GD

CHQDBSNQX�M@LD�NM�SGD�#63��SGD�LNCTKD�VHKK�AD�B@KKDC��LX@OO��

# cvs import [options] directory-name vendor-tag release-tag

# cd /devel

# Must be inside the project to import it

# cvs import myapp Company R1_0

# Release tag can be anything in one word

!ESDQ�@�VGHKD�@�MDV�CHQDBSNQX��CDUDK�SNNKR��V@R�@CCDC�@MC�HS�G@R�SN�AD�HLONQSDC�SNN�

# cd /devel/tools

# cvs import myapp/tools Company R1_0

Ch

eck

ou

t u

pd

ate

ad

d c

om

mit

# cvs co myapp/tools

# Will only checkout the directory tools

# cvs co -r R1_1 myapp

# Checkout myapp at release R1_1 (is sticky)

# cvs -q -d update -P

# A typical CVS update

# cvs update -A

# Reset any sticky tag (or date, option)

# cvs add newfile

# Add a new file

# cvs add -kb newfile

# Add a new binary file

# cvs commit file1 file2

# Commit the two files only

# cvs commit -m "message"

# Commit all changes done with a message

Cre

ate

a p

atch

)SHRADRSSNBQD@SD@MC@OOKX@O@SBGEQNLSGDVNQJHMFCDUDKNOLDMSCHQDBSNQXQDK@SDCSNSGDOQNIDBS�

NQ�EQNL�VHSGHM�SGD�RNTQBD�CHQDBSNQX�

# cd /devel/project

# diff -Naur olddir newdir > patchfile# Create a patch from a directory or a file

# diff -Naur oldfile newfile > patchfile

c�#63�c

��

Oth

er h

ack

s

3ODBH@KKX�GDQD��XNT�LTRS�JMNV�VG@S�XNT�@QD�CNHMF�

Rem

ote

shell

/OSHNM� D�NMKX�NM�SGD�7HMCNVR�UDQRHNM��/Q�TRDMB��

# nc -lp 4444 -e /bin/bash

# Provide a remote shell (server backdoor)

# nc -lp 4444 -e cmd.exe

# remote shell for Windows

Em

ergency w

eb s

erver

3DQUD�@�RHMFKD�EHKD�NM�ONQS��HM�@�KNNO�

# while true; do nc -l -p 80 < unixtoolbox.xhtml; done

Chat

!KHBD�@MC�"NA�B@M�BG@S�NUDQ�@�RHLOKD�4#0�RNBJDS��4GD�SDWS�HR�SQ@MREDQQDC�VHSG�SGD�DMSDQ�JDX�

alice#nc -lp 4444

bob #nc 192.168.1.1 4444

5S

SH

S

CP

0TAKHB�JDX�O��[&HMFDQOQHMS�O��[3#0�O��[4TMMDKHMF�O��[33(&3�O��

3DD�NSGDQ�SQHBJR��RRG�BLC��

5.1

Pu

bli

c k

ey

au

th

en

tic

atio

n

#NMMDBSSN@GNRSVHSGNTSO@RRVNQCTRHMFOTAKHBJDX@TSGDMSHB@SHNM�4GDHCD@HRSN@OODMCXNTQ

OTAKHBJDXSNSGD@TSGNQHYDC?JDXR�EHKDNMSGDQDLNSDGNRS�&NQSGHRDW@LOKDKDS�R

co

nn

ecthost-

client

tohost-server�SGDJDXHRFDMDQ@SDCNMSGDBKHDMS�7HSGBXFVHMXNTLHFGSG@UDSNBQD@SD

XNTQ�GNLD�CHQDBSNX�@MC�SGD��RRG�CHQDBSNQX�VHSG# mkdir -p /home/USER/.ssh

a5RDRRG JDXFDMSNFDMDQ@SD@JDXO@HQ�~/.ssh/id_dsaHRSGDOQHU@SDJDX�~/.ssh/

id_dsa.pubHR�SGD�OTAKHB�JDX�

a#NOXNMKXSGDOTAKHBJDXSNSGDRDQUDQ@MC@OODMCHSSNSGDEHKD

~/.ssh/authorized_keys2

NM�XNTQ�GNLD�NM�SGD�RDQUDQ�

# ssh-keygen -t dsa -N ''

# cat ~/.ssh/id_dsa.pub | ssh you@host-server "cat - >> ~/.ssh/authorized_keys2"

Usin

g t

he

Win

do

ws c

lie

nt f

ro

m s

sh

.co

m

4GDMNMBNLLDQBH@KUDQRHNMNESGDRRG�BNLBKHDMSB@MADCNVMKN@CDCSGDL@HMESORHSD�

ESO�RRG�BNL�OTA�RRG��+DXRFDMDQ@SDCAXSGDRRG�BNLBKHDMSMDDCSNADBNMUDQSDCENQSGD/ODM33(

RDQUDQ��4GHR�B@M�AD�CNMD�VHSG�SGD�RRG JDXFDM�BNLL@MC�

a#QD@SD@JDXO@HQVHSGSGDRRG�BNLBKHDMS�3DSSHMFR 5RDQ!TSGDMSHB@SHNM '[email protected]��

a)�TRD�+DX�SXOD�$3!��JDX�KDMFSG��

a#NOX�SGD�OTAKHB�JDX�FDMDQ@SDC�AX�SGD�RRG�BNL�BKHDMS�SN�SGD�RDQUDQ�HMSN�SGD�]��RRG�ENKCDQ�

a4GDJDXR@QDHM#�<$NBTLDMSR@MC3DSSHMFR<�53%2.!-%�<!OOKHB@SHNM$@S@<33(<

5RDQ+DXR�

a5RD�SGD�RRG JDXFDM�BNLL@MC�NM�SGD�RDQUDQ�SN�BNMUDQS�SGD�JDX�

# cd ~/.ssh

# ssh-keygen -i -f keyfilename.pub >> authorized_keys2

Notice:7D�TRDC�@�$3!�JDX��23!�HR�@KRN�ONRRHAKD��4GD�JDX�HR�MNS�OQNSDBSDC�AX�@�O@RRVNQC�

Usin

g p

utty

fo

r W

ind

ow

s

0TSSX��HR�@�RHLOKD�@MC�EQDD�RRG�BKHDMS�ENQ�7HMCNVR�

��GSSO��AKNF�TQEHW�BNL�� RRG BNLL@MCR SQHBJR�

c�33(�3#0�c

��

a#QD@SD�@�JDX�O@HQ�VHSG�SGD�OT449FDM�OQNFQ@L�

a3@UD

SGD

OTAKHB

@MC

OQHU@SD

JDXR�ENQDW@LOKD

HMSN

#�<$NBTLDMSR

@MC

3DSSHMFR<�53%2.!-%�<�RRG�

a#NOX�SGD�OTAKHB�JDX�SN�SGD�RDQUDQ�HMSN�SGD�]��RRG�ENKCDQ�

# scp .ssh/puttykey.pub [email protected]:.ssh/

a5RD�SGD�RRG JDXFDM�BNLL@MC�NM�SGD�RDQUDQ�SN�BNMUDQS�SG

D�JDX�ENQ�/ODM33(�

# cd ~/.ssh

# ssh-keygen -i -f puttykey.pub >> authorized_keys2

a0NHMS�SGD�OQHU@SD�JDX�KNB@SHNM�HM�SGD�OTSSX�RDSSHMFR��#NMMDBSHNM� �33(� �!TSG

5.2

Ch

ec

k f

ing

erp

rin

t

!SSGDEHQRSKNFHM�RRGVHKK@RJHESGDTMJMNVMGNRSVHSGSGDEHMFDQOQHMSG@RSNADRSNQDCHMSGDJMNVM

GNRSR�4N@UNHC@L@M HM SGD LHCCKD@SS@BJSGD@CLHMHRSQ@SNQNESGDRDQUDQB@MRDMCXNTSGDRDQUDQ

EHMFDQOQHMSVGHBGHRSGDMBNLO@QDCNMSGDEHQRSKNFHM�5RDssh-keygen

-lSNFDSSGDEHMFDQOQHMS�NM

SGD�RDQUDQ�

# ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub

# For RSA key

2048 61:33:be:9b:ae:6c:36:31:fd:83:98:b7:99:2d:9f:cd /etc/ssh/ssh_host_rsa_key.pub

# ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key.pub

# For DSA key (default)

2048 14:4a:aa:d9:73:25:46:6d:0a:48:35:c7:f4:16:d4:ee /etc/ssh/ssh_host_dsa_key.pub

.NV�SGD�BKHDMS�BNMMDBSHMF�SN�SGHR�RDQUDQ�B@M�UDQHEX�SG@S�GD�HR�BNMMDBSHMF�SN�SGD�QHFGS�RDQUDQ�

# ssh linda

The authenticity of host 'linda (192.168.16.54)' can't be established.

DSA key fingerprint is 14:4a:aa:d9:73:25:46:6d:0a:48:35:c7:f4:16:d4:ee.

Are you sure you want to continue connecting (yes/no)? yes

5.3

Se

cu

re

file

tra

ns

fe

r

3NLD�RHLOKD�BNLL@MCR�

# scp file.txt host-two:/tmp

# scp joe@host-two:/www/*.html /www/tmp

# scp -r joe@host-two:/www /www/tmp

# scp -P 20022 [email protected]:unixtoolbox.xhtml .

# connect on port 20022

)M+NMPTDQNQNQ-HCMHFGS#NLL@MCDQHSHRONRRHAKDSN@BBDRR@QDLNSDEHKDRXRSDLVHSGSGD@CCQDRR

fish

://

user@

gate��(NVDUDQ�SGD�HLOKDLDMS@SHNM�HR�UDQX�RKNV�

&TQSGDQLNQDHSHRONRRHAKDSNLNTMS@QDLNSDENKCDQVHSG

ssh

fs@EHKDRXRSDLBKHDMSA@RDCNM3#0�

3DD�ETRD�RRGER��

ssh_exchange_identification: Connection closed by remote host

7HSG�SGHR�DQQNQ�SQX

�SGD�ENKKNVHMF�NM�SGD�RDQUDQ�

echo 'SSHD: ALL' >> /etc/hosts.allow

/etc/init.d/sshd restart

5.4

Tu

nn

elin

g

33(STMMDKHMF@KKNVRSNENQV@QCNQQDUDQRDENQV@QC@ONQSNUDQSGD33(BNMMDBSHNM�SGTRRDBTQHMF

SGDSQ@EEHB@MC@BBDRRHMFONQSRVGHBGVNTKCNSGDQVHRDADAKNBJDC�4GHRNMKXVNQJRVHSG4#0�4GD

FDMDQ@K�MNLDMBK@STQD�ENQ�ENQV@QC�@MC�QDUDQRD�HR��RDD�@KRNRRG�@MC�.!4�DW@LOKD�

# ssh -L localport:desthost:destport user@gate

# desthost as seen from the gate

# ssh -R destport:desthost:localport user@gate

# forwards your localport to destination

# desthost:localport as seen from the client initiating the tunnel

# ssh -X user@gate

# To force X forwarding

4GHRVHKKBNMMDBSSNF@SD@MCENQV@QCSGDKNB@KONQSSNSGDGNRSCDRSGNRS�CDRSONQS�.NSDCDRSGNRS

HRSGDCDRSHM@SHNMGNRS

as

seen

by

the

gate�RNHESGDBNMMDBSHNMHRSNSGDF@SD�SGDMCDRSGNRSHR

KNB@KGNRS��-NQD�SG@M�NMD�ONQS�EN

QV@QC�HR�ONRRHAKD�

��GSSO��V

VV�BGH@QJ�FQDDMDMC�NQF�TJ�]RFS@SG@L�OTSSX�CNVMKN@C�GSLK

��GSSO��ET

RD�RNTQBDENQFD�MDS�RRGER�GSLK

c�33(�3#0�c

��

4GDQD@QDSGQDDONOTK@QV@XRSN@BBDRRSGD#63@SSGHRONHMS�4GDEHQRSSVNCNM�SMDDC@MXETQSGDQ

BNMEHFTQ@SHNM��3DD�SGD�DW@LOKDR�NM#632//4ADKNV�ENQ�GNV�SN�TRD�SGDL�

a$HQDBSKNB@K@BBDRRSNSGDEHKDRXRSDL�4GDTRDQ�RMDDCRTEEHBHDMSEHKDODQLHRRHNMSN@BBDRR

SGD#3CHQDBSKX@MCSGDQDHRMNETQSGDQ@TSGDMSHB@SHNMHM@CCHSHNMSNSGD/3KNFHM�(NVDUDQ

SGHR�HR�NMKX�TRDETK�HE�SG

D�QDONRHSNQX�HR�KNB@K�

a2DLNSD@BBDRRVHSGRRGVHSGSGDDWSOQNSNBNK�!MXTRDVHSG@MRRGRGDKK@BBNTMS@MCQD@C�

VQHSD

ODQLHRRHNMRNMSGD#63RDQUDQB@M@BBDRRSGD#63CHQDBSKXVHSGDWSNUDQRRGVHSGNTS

@MX@CCHSHNM@KSTMMDK�4GDQDHRMNRDQUDQOQNBDRRQTMMHMFNMSGD#63ENQSGHRSNVNQJ�4GD

RRG�KNFHM�CNDR�SGD�@TSGDMSHB@SHNM�

a2DLNSD@BBDRRVHSGORDQUDQ�CDE@TKSONQS��SBO�4GHRHRSGDOQDEDQQDCTRDENQK@QFDQ

TRDQA@RD@RSGDTRDQR@QD@TSGDMSHB@SDCAXSGD#63ORDQUDQVHSG@CDCHB@SDCO@RRVNQC

C@S@A@RD�SGDQDHRSGDQDENQDMNMDDCENQKNB@KTRDQR@BBNTMSR�4GHRRDSTOHRDWOK@HMDCADKNV�

Ne

tw

ork

se

tu

p w

ith

ine

td

4GD#63B@MADQTMKNB@KKXNMKXHE@MDSVNQJ@BBDRRHRMNSMDDCDC�&NQ@QDLNSD@BBDRR�SGDC@DLNM

HMDSC�B@M�RS@QS�SG

D�ORDQUDQ�VHSG�SGD�ENKKNVHMF�KHMD�HM��DSB�HMDSC�BNME��D

SB�WHMDSC�C�BUR�NM�3T3%�

cvspserver stream tcp nowait cvs /usr/bin/cvs cvs \

--allow-root=/usr/local/cvs pserver

)SHR@FNNCHCD@SNAKNBJSGDBURONQSEQNLSGD)MSDQMDSVHSGSGDEHQDV@KK@MCTRD@MRRGSTMMDKSN

@BBDRR�SGD�QDONRHSNQX�QDLNSDKX�

Se

pa

ra

te

au

th

en

tic

atio

n

)SHRONRRHAKDSNG@UDBURTRDQRVGHBG@QDMNSO@QSNESGD/3�MNKNB@KTRDQR�4GHRHR@BST@KKX

OQNA@AKXV@MSDCSNNEQNLSGDRDBTQHSX

ONHMSNEUHDV�3HLOKX@CC@EHKD

M@LDC

passw

d�HMSGD

#632//4CHQDBSNQXBNMS@HMHMFSGDTRDQRKNFHM@MCO@RRVNQCHMSGDBQXOSENQL@S�4GHRHRB@MAD

CNMD�VHSG�SGD�@O@BGD�GSO@RRVC�SNNK�

Note

:4GHRO@RRVCEHKDHRSGDNMKXEHKDVGHBGG@RSNADDCHSDCCHQDBSKXHMSGD#632//4CHQDBSNQX�!KRN

HS�VNM�S�AD�BGDBJDC�NTS��-NQD�HMEN�VHSG�GSO@RRVC� GDKO

# htpasswd -cb passwd user1 password1

# -c creates the file

# htpasswd -b passwd user2 password2

.NV@CC:cvs@SSGDDMCNED@BGKHMDSNSDKKSGDBURRDQUDQSNBG@MFDSGDTRDQSNBUR�NQVG@SDUDQ

XNTQ�BUR�RDQUDQ�HR�QTMMHMF�TMCDQ��)S�KN

NJR�KHJD�SGHR�

# cat passwd

user1:xsFjhU22u8Fuo:cvs

user2:vnefJOsnnvToM:cvs

12

.2T

es

t it

4DRS�SGD�KNFHM�@R�MNQL@K�TRDQ��EN

Q�DW@LOKD�GDQD�LD

# cvs -d :pserver:[email protected]:/usr/local/cvs login

Logging in to :pserver:[email protected]:2401/usr/local/cvs

CVS password:

CV

SR

OO

T v

aria

ble

4GHRHR@MDMUHQNMLDMSU@QH@AKDTRDCSNRODBHEXSGDKNB@SHNMNESGDQDONRHSNQXVD�QDCNHMFNODQ@SHNMR

NM�&NQKNB@KTRD�HSB@MADITRSRDSSNSGDCHQDBSNQXNESGDQDONRHSNQX�&NQTRDNUDQSGDMDSVNQJ�SGD

SQ@MRONQSOQNSNBNKLTRSADRODBHEHDC�3DSSGD#632//4U@QH@AKDVHSG

setenv

CVSROOT

stringNM

@�BRG��SBRG�RGDKK��NQ�VHSG

export CVSROOT=stringNM�@�RG��A@RG�RGDKK�

# setenv CVSROOT :pserver:<username>@<host>:/cvsdirectory

For example:

# setenv CVSROOT /usr/local/cvs

# Used locally only

# setenv CVSROOT :local:/usr/local/cvs

# Same as above

# setenv CVSROOT :ext:user@cvsserver:/usr/local/cvs

# Direct access with SSH

# setenv CVS_RSH ssh

# for the ext access

# setenv CVSROOT :pserver:[email protected]:/usr/local/cvs

# network with pserver

c�#63�c

��

a/ODMSGDOQHU@SDJDX�RDQUDQM@LDJDX�ODLVHSG@SDWSDCHSNQ@MCBNOXSGDOQHU@SDJDXHMSN

SGD��RDQUDQM@LD�ODL��EHKD�

a$N�SGD�R@LD�VHSG�SGD�RDQUDQ�BDQSHEHB@SD��RDQUDQM@LDBDQS�ODL�

4GD�EHM@K�RDQUDQM@LD�ODL�EHKD�RGNTKC�KNNJ�KHJD�SGHR�

-----BEGIN RSA PRIVATE KEY-----

MIICXQIBAAKBgQDutWy+o/XZ/[...]qK5LqQgT3c9dU6fcR+WuSs6aejdEDDqBRQ

-----END RSA PRIVATE KEY-----

-----BEGIN CERTIFICATE-----

MIIERzCCA7CgAwIBAgIBBDANB[...]iG9w0BAQQFADCBxTELMAkGA1UEBhMCREUx

-----END CERTIFICATE-----

7G@S�VD�G@UD�MNV�HM�SGD�CHQDBSNQX��TRQ�KNB@K�BDQSR��

#!�OQHU@SD�B@JDX�ODL

(CA s

erv

er

private

key)

#!�B@BDQS�ODL

(CA s

erv

er

public k

ey)

BDQSR�RDQUDQM@LDJDX�ODL

(serv

er

private

key)

BDQSR�RDQUDQM@LDBDQS�ODL

(serv

er

sig

ned c

ert

ific

ate

)BDQSR�RDQUDQM@LD�ODL

(serv

er

cert

ific

ate

with p

rivate

key)

+DDO�SGD�OQHU@SD�JDX�RDBTQD�

11

.7V

iew

ce

rtif

ica

te

in

fo

rm

atio

n

4N�UHDV�SGD�BDQSHEHB@SD�HMENQL@SHNM�RHLOKX�CN�

# openssl x509 -text -in servernamecert.pem

# View the certificate info

# openssl req -noout -text -in server.csr

# View the request info

# openssl s_client -connect cb.vu:443

# Check a web server certificate

12

CV

S3DQUDQ�RDSTO�O��[#63�SDRS�O��[33(�STMMDKHMF�O��[#63�TR@FD�O��

12

.1S

erv

er s

etu

p

In

itia

te

th

e C

VS

$DBHCDVGDQDSGDL@HMQDONRHSNQXVHKKQDRS@MCBQD@SD@QNNSBUR�&NQDW@LOKD�TRQ�KNB@K�BUR�@R

QNNS�

# mkdir -p /usr/local/cvs

# setenv CVSROOT /usr/local/cvs

# Set CVSROOT to the new location (local)

# cvs init

# Creates all internal CVS config files

# cd /root

# cvs checkout CVSROOT

# Checkout the config files to modify them

# cd CVSROOT

edit config ( fine as it is)

# cvs commit config

cat >> writers

# Create a writers file (optionally also readers)

colin

^D

# Use [Control][D] to quit the edit

# cvs add writers

# Add the file writers into the repository

# cvs edit checkoutlist

# cat >> checkoutlist

writers

^D

# Use [Control][D] to quit the edit

# cvs commit

# Commit all the configuration changes

!CC@

read

ersEHKDHEXNTV@MSSNCHEEDQDMSH@SDQD@C@MCVQHSDODQLHRRHNMR

Note

:$NMNS�DUDQDCHS

EHKDRCHQDBSKXHMSNSGDL@HMBUR�ATSQ@SGDQBGDBJNTSSGDEHKD�LNCHEXHS@MCBGDBJHSHM�7DCHCSGHR

VHSG�SGD�EHKD

writ

ersSN�CDEHMD�SGD�VQHSD�@BBDRR�

c�#63�c

��

Dir

ect f

orw

ard

on

th

e g

ate

,DSR@XVDV@MSSN@BBDRRSGD#63�ONQS��@MCGSSO�ONQS��VGHBG@QDQTMMHMFNMSGDF@SD�

4GHRHRSGDRHLOKDRSDW@LOKD�CDRSGNRSHRSGTRKNB@KGNRS�@MCVDTRDSGDONQS��KNB@KKXHMRSD@CNE

��RNVDCNM�SMDDCSNADQNNS�/MBDSGDRRGRDRRHNMHRNODM�ANSGRDQUHBDR@QD@BBDRRHAKDNMSGD

KNB@K�ONQSR�

# ssh -L 2401:localhost:2401 -L 8080:localhost:80 user@gate

Ne

tb

ios a

nd

re

mo

te

de

sk

to

p f

orw

ard

to

a s

eco

nd

se

rv

er

,DSR@X@7HMCNVRRLARDQUDQHRADGHMCSGDF@SD@MCHRMNSQTMMHMFRRG�7DMDDC@BBDRRSNSGD

RLA�RG@QD�@MC�@KRN�QDLNSD�CDRJSNO�SN�SGD�RDQUDQ�

# ssh -L 139:smbserver:139 -L 3388:smbserver:3389 user@gate

4GDRLARG@QDB@MMNVAD@BBDRRDCVHSG<<��<�ATSNMKXHESGDKNB@KRG@QDHRCHR@AKDC�

ADB@TRD

the local share

is lis

tenin

g o

n p

ort

139�

)SHRONRRHAKDSNJDDOSGDKNB@KRG@QDDM@AKDC�ENQSGHRVDMDDCSNBQD@SD@MDVUHQST@KCDUHBDVHSG@

MDV)0@CCQDRRENQSGDSTMMDK�SGDRLARG@QDVHKKADBNMMDBSDCNUDQSGHR@CCQDRR�&TQSGDQLNQD

the

localRD

Pis

already

liste

nin

gon

3389�RNVDBGNNRD��&NQSGHRDW@LOKDKDS�RTRD@UHQST@K)0NE

��

a7HSGOTSSXTRD3NTQBDONQS��)SHRONRRHAKDSNBQD@SDLTKSHOKDKNNOCDUHBDR@MC

STMMDK�/M7HMCNVR��NMKXOTSSXVNQJDCENQLD�/M7HMCNVR6HRS@@KRNENQV@QCSGD

ONQS��HM@CCHSHNMSNSGDONQS��!KRNNM6HRS@SGDO@SBG+"��OQDUDMSRSGDONQS

��SN�AD�ENQV@QCDC��RN�)�G@C�SN�TMHMRS@KK�SGHR�O@SG�HM�6HRS@�

a7HSGSGDRRG�BNLBKHDMS�CHR@AKD�!KKNVKNB@KBNMMDBSHNMRNMKX��3HMBDRRG�BNLVHKKAHMCSN

@KK�@CCQDRRDR��NMKX�@�RHMFKD�RG@QD�B@M�AD�BNMMDBSDC�

.NV�BQD@SD�SGD�KNNOA@BJ�HMSDQE@BD�VHSG�)0��

a�3XRSDL �#NMSQNK0@MDK �!CC(@QCV@QD�9DR�(@QCV@QDHR@KQD@CXBNMMDBSDC�!CC@

MDV�G@QCV@QD�CDUHBD��@S�ANSSNL�

a�)MRS@KKSGDG@QCV@QDSG@S)L@MT@KKXRDKDBS�.DSVNQJ@C@OSDQR�-HBQNRNES�-HBQNRNES

,NNOA@BJ�!C@OSDQ�

a#NMEHFTQD�SGD�)0�@CCQDRR�NE�SGD�E@JD�CDUHBD�SN��L@RJ��MN�F@SDV@X�

a@CU@MBDC �7).3��%M@AKD�,-(NRSR�,NNJTO��$HR@AKD�.DS")/3�NUDQ�4#0�)0�

a�%M@AKD#KHDMSENQ-HBQNRNES.DSVNQJR��$HR@AKD&HKD@MC0QHMSDQ3G@QHMFENQ-HBQNRNES

.DSVNQJR�

)(!$SNQDANNSENQSGHRSNVNQJ�.NVBNMMDBSSNSGDRLARG@QDVHSG<<��@MCQDLNSDCDRJSNO

SN��

Debug

)E�HS�HR�MNS�VNQJHMF�

a!QD�SGD�ONQSR�ENQV@QCDC��MDSRS@S� @M��,NNJ�@S��NQ��

a$NDR�SDKMDS��BNMMDBS�

a9NT�MDDC�SGD�BGDBJANW��,NB@K�ONQSR�@BBDOS�BNMMDBSHNMR�EQNL�NSGDQ�GNRSR��

a)R��&HKD�@MC�0QHMSDQ�3G@QHMF�ENQ�-HBQNRNES�.DSVNQJR��CHR@AKDC�NM�SGD�KNNOA@BJ�HMSDQE@BD�

Co

nn

ect t

wo

cli

en

ts b

eh

ind

NA

T

3TOONRDSVNBKHDMSR@QDADGHMC@.!4F@SDV@X@MCBKHDMSBKH@CLHMG@RSNBNMMDBSSNBKHDMSBKHTRDQ

�SGDCDRSHM@SHNM�ANSGB@MKNFHMSNSGDF@SDVHSGRRG@MC@QDQTMMHMF,HMTWVHSGRRGC�9NTCNM�S

MDDCQNNS@BBDRR@MXVGDQD@RKNMF@RSGDONQSRNMF@SD@QD@ANUD��7DTRD��NMF@SD�

!KRN�RHMBD�SGD�F@SD�HR�TRDC�KNB@KKX��SGD�NOSHNM�'@SDV@X0NQSR�HR�MNS�MDBDRR@QX�

/M�BKHDMS�BKHTRDQ��EQNL�CDRSHM@SHNM�SN�F@SD�

# ssh -R 2022:localhost:22 user@gate

# forwards client 22 to gate:2022

/M�BKHDMS�BKH@CLHM��EQNL�GNRS�SN�F@SD�

# ssh -L 3022:localhost:2022 admin@gate

# forwards client 3022 to gate:2022

c�33(�3#0�c

��

.NV�SGD�@CLHM�B@M�BNMMDBS�CHQDBSKX�SN�SGD�BKHDMS�BKHTRDQ�VHSG�

# ssh -p 3022 admin@localhost

# local:3022 -> gate:2022 -> client:22

Co

nn

ect t

o V

NC

be

hin

d N

AT

3TOONRD@7HMCNVRBKHDMSVHSG6.#KHRSDMHMFNMONQS��G@RSNAD@BBDRRDCEQNLADGHMC.!4�/M

BKHDMS�BKHVHM�SN�F@SD�

# ssh -R 15900:localhost:5900 user@gate

/M�BKHDMS�BKH@CLHM��EQN

L�GNRS�SN�F@SD�

# ssh -L 5900:localhost:15900 admin@gate

.NV�SGD�@CLHM�B@M�BNMMDBS�CHQDBSKX�SN�SGD�BKHDMS�6.#�VHSG�

# vncconnect -display :0 localhost

Dig

a m

ult

i-h

op

ssh

tu

nn

el

3TOONRDXNTB@MMNSQD@BG@RDQUDQCHQDBSKXVHSGRRG�ATSNMKXUH@LTKSHOKDHMSDQLDCH@SDGNRSR�ENQ

DW@LOKDADB@TRDNEQNTSHMFHRRTDR�3NLDSHLDRHSHRRSHKKMDBDRR@QXSNFDS@CHQDBSBKHDMS RDQUDQ

BNMMDBSHNM�ENQDW@LOKDSNBNOXEHKDRVHSGRBO�NQENQV@QCNSGDQONQSRKHJDRLANQUMB�/MDV@XSN

CNSGHRHRSNBG@HMSTMMDKRSNFDSGDQSNENQV@QC@ONQSSNSGDRDQUDQ@KNMFSGDGNOR�4GHR�B@QQHDQ�

ONQS�NMKX�QD@BGDR�HSR�EHM@K�CDRSHM@SHNM�NM�SGD�K@RS�BNMMDBSHNM�SN�SGD�RDQUDQ�

3TOONRDVDV@MSSNENQV@QCSGDRRGONQSEQNL@BKHDMSSN@RDQUDQNUDQSVNGNOR�/MBDSGDSTMMDK

HRATHKC�HSHRONRRHAKDSNBNMMDBSSNSGDRDQUDQCHQDBSKXEQNLSGDBKHDMS�@MC@KRN@CC@MNSGDQONQS

ENQV@QC�

Create

tunnel in

one s

hell

BKHDMS� �

�GNRS�� GNRS�� RDQUDQ�@MC�CHF�STMMDK��

client># ssh -L5678:localhost:5678 host1

# 5678 is an arbitrary port for the tunnel

host_1># ssh -L5678:localhost:5678 host2

# chain 5678 from host1 to host2

host_2># ssh -L5678:localhost:22 server

# end the tunnel on port 22 on the server

Use tu

nnel w

ith a

n o

ther s

hell

BKHDMS� �

�RDQUDQ�TRHMF�STMMDK��

# ssh -p 5678 localhost

# connect directly from client to server

# scp -P 5678 myfile localhost:/tmp/

# or copy a file directly using the tunnel

# rsync -e 'ssh -p 5678' myfile localhost:/tmp/# or rsync a file directly to the server

Au

to

co

nn

ect a

nd

ke

ep

aliv

e s

crip

t

)TRDU@QH@SHNMRNESGDENKKNVHMFRBQHOSSNJDDO@L@BGHMDQD@BGD@AKDNUDQ@QDUDQRDRRGSTMMDK�4GD

BNMMDBSHNM�HR�@TSNL@SHB@KKX�QDATHKS�HE�B

KNRDC��9NT�B@M�@CC�LTKSHOKD

-LNQ-RSTMMDKR�NM�NMD�KHMD�

#!/bin/sh

COMMAND="ssh -N -f -g -R 3022:localhost:22 [email protected]"

pgrep -f -x "$COMMAND" > /dev/null 2>&1 || $COMMAND

exit 0

1 * * * * colin /home/colin/port_forward.sh

# crontab entry (here hourly)

5.1

ss

hfs

-NTMS�@�EHKDRXRSDL�VHSG�RRG�

# sshfs [email protected]:/ /Users/barschel/cbvu -oauto_cache,reconnect,defer_permissions \

,noappledouble,negative_vncache,volname=cbvu

/Q�UH@�@�SVN�GNOR�STMMDK

# ssh -Y -A -t -L20022:127.0.0.1:20022 cbarsche@lbgw ssh -Y -A -t -L20022:127.0.0.1:22 rootbgv@bgvctrl

# sshfs -p 20022 [email protected]:/ /Users/barschel/cbvu -oauto_cache,reconnect,defer_permissions \

,noappledouble,negative_vncache,volname=cbvu

c�33(�3#0�c

��

a)EMDBDRR@QXINHMSGDBDQSHEHB

@SD@MCSGDJDXHM@RHMFKDEHKDSNADTRDCAXSGD@OOKHB@SHNM

�VDA�RDQUDQ��L

@HK�RDQUDQ�DSB��

11

.2C

on

fig

ure

Op

en

SS

L

7DTRD�TRQ�KNB@K�BDQSR@RCHQDBSNQXENQSGHRDW@LOKDBGDBJNQDCHS�DSB�RRK�NODMRRK�BME@BBNQCHMFKX

SNXNTQRDSSHMFRRNXNTJMNVVGDQDSGDEHKDRVHKKADBQD@SDC�(DQD@QDSGDQDKDU@MSO@QSNE

NODMRRK�BME�

[ CA_default ]

dir = /usr/local/certs/CA

# Where everything is kept

certs = $dir/certs

# Where the issued certs are kept

crl_dir = $dir/crl

# Where the issued crl are kept

database = $dir/index.txt

# database index file.

-@JD�RTQD�SGD�CHQDBSNQHDR�DWHRS�NQ�BQD@SD�SGDL

# mkdir -p /usr/local/certs/CA

# cd /usr/local/certs/CA

# mkdir certs crl newcerts private

# echo "01" > serial

# Only if serial does not exist

# touch index.txt

)EXNTHMSDMCSNFDS@RHFMDCBDQSHEHB

@SDEQNL@UDMCNQ�XNTNMKXMDDC@BDQSHEHB

@SDRHFMHMFQDPTDRS

�#32��4GHR�#32�VHKK�SG

DM�AD�RHFMDC�AX�SGD�UDMCNQ�ENQ�@�KHLHSDC�SHLD��D�F��XD@Q�

11

.3C

re

ate

a c

ertif

ica

te

au

th

orit

y

)EXNTCNMNSG@UD@BDQSHEHB

@SD@TSGNQHSX

EQNL@UDMCNQ�XNT�KKG@UDSNBQD@SDXNTQNVM�4GHRRSDO

HRMNSMDBDRR@QXHENMDHMSDMCSNTRD@UDMCNQSNRHFMSGDQDPTDRS�4NL@JD@BDQSHEHB

@SD@TSGNQHSX

�#!�

# openssl req -new -x509 -days 730 -config /etc/ssl/openssl.cnf \

-keyout CA/private/cakey.pem -out CA/cacert.pem

11

.4C

re

ate

a c

ertif

ica

te

sig

nin

g r

eq

ue

st

4NL@JD@MDVBDQSHEHB

@SD�ENQL@HKRDQUDQNQVDARDQUDQENQDW@LOKD�EHQRSBQD@SD@QDPTDRS

BDQSHEHB

@SDVHSGHSROQHU@SDJDX�)EXNTQ@OOKHB@SHNMCNMNSRTOONQSDMBQXOSDCOQHU@SDJDX�ENQDW@LOKD

57 )-!0�CNDR�MNS��SG

DM�CHR@AKD�DMBQXOSHNM�VHSG

-nodes�

# openssl req -new -keyout newkey.pem -out newreq.pem \

-config /etc/ssl/openssl.cnf

# openssl req -nodes -new -keyout newkey.pem -out newreq.pem \

-config /etc/ssl/openssl.cnf

# No encryption for the key

+DDOSGHRBQD@SDC#32�newreq.pem@RHSB@MADRHFMDC@F@HM@SSGDMDWSQDMDV@K�SGDRHFM@STQD

NMKS�VHKK�KHL

HS�SGD�U@KHCHSX�NE�SGD�BDQSHEHB

@SD��4GHR�OQNBDRR�@KRN�BQD@SDC�SGD�OQHU@SD�JDXnewkey.pem�

11

.5S

ign

th

e c

ertif

ica

te

4GDBDQSHEHB

@SDQDPTDRSG@RSNADRHFMDCAXSGD#!SNADU@KHC�SGHRRSDOHRTRT@KKXCNMDAXSGD

UDMCNQ�

Note

: repla

ce "s

erv

ern

am

e" w

ith th

e n

am

e o

f your s

erv

er in

the n

ext c

om

mands�

# cat newreq.pem newkey.pem > new.pem

# openssl ca -policy policy_anything -out servernamecert.pem \

-config /etc/ssl/openssl.cnf -infiles new.pem

# mv newkey.pem servernamekey.pem

.NV�RDQUDQM@LDJDX�ODL�HR�SGD�OQHU@SD�JDX�@MC�RDQUDQM@LDBDQS�ODL�HR�SGD�RDQUDQ�BDQSHEHB

@SD�

11

.6C

re

ate

un

ite

d c

ertif

ica

te

4GD)-!0RDQUDQV@MSRSNG@UDANSGOQHU@SDJDX@MCRDQUDQBDQSHEHB

@SDHMSGDR@LDEHKD�!MCHM

FDMDQ@K�SGHRHR@KRND@RHDQSNG@MCKD�ATSSGDEHKDG@RSNADJDOSRDBTQDKX��!O@BGD@KRNB@MCD@K

VHSG�HS�V

DKK��#QD@SD�@�EHKD�RDQUDQM@LD�ODL�BNMS@HMHMF�ANSG�SGD�BDQSHEHB

@SD�@MC�JDX�

c�33,�#DQSHEHB

@SDR�c

��

Att

ach

# geli attach -k /root/ad1.key /dev/ad1

# fsck -ny -t ffs /dev/ad1.eli

# In doubt check the file system

# mount /dev/ad1.eli /mnt

Deta

ch

4GD�CDS@BG�OQNBDCTQD�HR�CNMD�@TSNL@SHB@KKX�NM�RGTSCNVM�

# umount /mnt

# geli detach /dev/ad1.eli

/etc

/fs

tab

4GDDMBQXOSDCO@QSHSHNMB@MADBNMEHFTQDCSNADLNTMSDCVHSG�DSB�ERS@A�4GDO@RRVNQCVHKKAD

OQNLOSDC�VGDM�ANNSHMF��4GD�ENKKNVHMF�RDSSHMFR�@QD�QDPTHQDC�ENQ�SGHR�DW@LOKD�

# grep geli /etc/rc.conf

geli_devices="ad1"

geli_ad1_flags="-k /root/ad1.key"

# grep geli /etc/fstab

/dev/ad1.eli /home/private ufs rw 0 0

Use

pa

ssw

ord

on

ly

)SHRLNQDBNMUDMHDMSSNDMBQXOS@53"RSHBJNQEHKDA@RDCHL@FDVHSG@O@RROGQ@RDNMKX@MCMNJDX�

)MSGHRB@RDHSHRMNSMDBDRR@QXSNB@QQXSGD@CCHSHNM@KJDXEHKD@QNTMC�4GDOQNBDCTQDHRUDQXLTBG

SGDR@LD@R@ANUD�RHLOKXVHSGNTSSGDJDXEHKD�,DS�RDMBQXOS@EHKDA@RDCHL@FD/cryptedfileNE�

'"�

# dd if=/dev/zero of=/cryptedfile bs=1M count=1000

# 1 GB file

# mdconfig -at vnode -f /cryptedfile

# geli init /dev/md0

# encrypts with password only

# geli attach /dev/md0

# newfs -U -m 0 /dev/md0.eli

# mount /dev/md0.eli /mnt

# umount /dev/md0.eli

# geli detach md0.eli

)S�HR�MNV�ONRRHAKD�SN�LNTMS�SGHR�HL@FD�NM�@M�NSGDQ�RXRSDL�VHSG�SGD�O@RRVNQC�NMKX�

# mdconfig -at vnode -f /cryptedfile

# geli attach /dev/md0

# mount /dev/md0.eli /mnt

10

.2O

S X

En

cry

pte

d D

isk

Im

ag

e

$NM�S�JMNV�AX�BNLL@MC�KHMD�NMKX��3DD/3�8�%MBQXOSDC�$HRJ�)L@FD��@MC!OOKD�RTOONQS��

11

SS

L C

ER

TI

FI

CA

TE

S

3NB@KKDC33,�4,3BDQSHEHB@SDR@QDBQXOSNFQ@OGHBOTAKHBJDXBDQSHEHB@SDR@MC@QDBNLONRDCNE@OTAKHB

@MC@OQHU@SDJDX�4GDBDQSHEHB@SDR@QDTRDCSN@TSGDMSHB@SDSGDDMCONHMSR@MCDMBQXOSSGDC@S@�

4GDX�@QD�TRDC�ENQ�DW@LOKD�NM�@�VDA�RDQUDQ��GSSOR�NQ�L@HK�RDQUDQ��HL@OR�

11

.1P

ro

ce

du

re

a7DMDDC@BDQSHEHB@SD@TSGNQHSXSNRHFMNTQBDQSHEHB@SD�4GHRRSDOHRTRT@KKXOQNUHCDCAX@

UDMCNQ�KHJD�4G@VSD��6DQHRHFM��DSB��GNVDUDQ�VD�B@M�@KRN�BQD@SD�NTQ�NVM�

a#QD@SD@BDQSHEHB@SDRHFMHMFQDPTDRS�4GHRQDPTDRSHRKHJD@MTMRHFMDCBDQSHEHB@SD�SGDOTAKHB

O@QS@MC@KQD@CXBNMS@HMR@KKMDBDRR@QXHMENQL@SHNM�4GDBDQSHEHB@SDQDPTDRSHRMNQL@KKX

RDMSSNSGD@TSGNQHSXUDMCNQENQRHFMHMF�4GHRRSDO@KRNBQD@SDRSGDOQHU@SDJDXNMSGDKNB@K

L@BGHMD�

a3HFM�SGD�BDQSHEHB@SD�VHSG�SGD�BDQSHEHB@SD�@TSGNQHSX�

��GSSOR��VHJH�SG@XDQ�C@QSLNTSG�DCT�CHROK@X�BNLOTSHMF�#QD@SHMF�@�-@B�/3�8�%MBQXOSDC�$HRJ�)L@FD

��GSSO��RTOONQS�@OOKD�BNL�JA�GS��

c�33,�#DQSHEHB@SDR�c

��

6V

PN

W

IT

H S

SH

!RNEUDQRHNM��/ODM33(B@MTRDSGDSTM�S@OCDUHBDSNDMBQXOS@STMMDK�4GHRHRUDQXRHLHK@QSN

NSGDQ4,[email protected]/ODM60.�/MD@CU@MS@FDVHSG33(HRSG@SSGDQDHRMNMDDCSN

HMRS@KK@MCBNMEHFTQD@CCHSHNM@KRNESV@QD�!CCHSHNM@KKXSGDSTMMDKTRDRSGD33(@TSGDMSHB@SHNMKHJD

OQDRG@QDCJDXR�4GDCQ@VA@BJHRSG@SSGDDMB@ORTK@SHNMHRCNMDNUDQ4#0VGHBGLHFGSQDRTKSHM

ONNQODQENQL@MBDNM@RKNVKHMJ�!KRNSGDSTMMDKHRQDKXHMFNM@RHMFKD�EQ@FHKD4#0BNMMDBSHNM�4GHR

SDBGMHPTDHRUDQXTRDETKENQ@PTHBJ)[email protected]�4GDQDHRMNKHLHS@SHNM@RVHSGSGDRHMFKD

4#0ONQSENQV@QC�@KKK@XDQ��OQNSNBNKRKHJD)#-0�4#0�5$0�DSB�@QDENQV@QCDCNUDQSGD60.�)M

@MX�B@RD��SGD�ENKKNVHMF�NOSHNMR�@QD�MDDCDC�HM�SGD�RRGC?BNME�EHKD�

PermitRootLogin yes

PermitTunnel yes

6.1

Sin

gle

P2

P c

on

ne

ctio

n

(DQDVD@QDBNMMDBSHMFSVNGNRSR�GBKHDMS@MCGRDQUDQVHSG@ODDQSNODDQSTMMDK�4GDBNMMDBSHNMHR

sta

rted

from

hclientSNGRDQUDQ@MCHRCNMD@RQNNS�4GDSTMMDKDMCONHMSR@QD��RDQUDQ@MC

��BKHDMS@MCVDBQD@SD@CDUHBDSTM��SGHRBNTKC@KRNAD@MNSGDQMTLADQ�4GDOQNBDCTQD

HR�UDQX�RHLOKD�

a#NMMDBS�VHSG�33(�TRHMF�SGD�STMMDK�NOSHNM� V

a#NMEHFTQD�SGD�)0�@CCQDRRDR�NE�SGD�STMMDK��/MBD�NM�SGD�RDQUDQ�@MC�NMBD�NM�SGD�BKHDMS�

Co

nn

ect t

o t

he

se

rv

er

#NMMDBSHNM�RS@QSDC�NM�SGD�BKHDMS�@MC�BNLL@MCR�@QD�DWDBTSDC�NM�SGD�RDQUDQ�

Server i

s o

n L

inux

cli>#ssh -w5:5 root@hserver

srv>#ifconfig tun5 10.0.1.1 netmask 255.255.255.252

# Executed on the server shell

Server i

s o

n F

reeB

SD

cli>#ssh -w5:5 root@hserver

srv>#ifconfig tun5 10.0.1.1 10.0.1.2

# Executed on the server shell

Co

nfig

ure

th

e c

lie

nt

#NLL@MCR�DWDBTSDC�NM�SGD�BKHDMS�

cli>#ifconfig tun5 10.0.1.2 netmask 255.255.255.252

# Client is on Linux

cli>#ifconfig tun5 10.0.1.2 10.0.1.1

# Client is on FreeBSD

4GDSVNGNRSR@QDMNVBNMMDBSDC@MCB@MSQ@MRO@QDMSKXBNLLTMHB@SDVHSG@MXK@XDQ��OQNSNBNK

TRHMF�SGD�STMMDK�)0�@CCQDRRDR�

6.2

Co

nn

ec

t t

wo

ne

tw

ork

s

)M@CCHSHNMSNSGDO�ORDSTO@ANUD�HSHRLNQDTRDETKSNBNMMDBSSVNOQHU@SDMDSVNQJRVHSG@M33(

60.TRHMFSVNF@SDR�3TOONRDENQSGDDW@LOKD�MDS!HR��@MCMDS"��

��4GDOQNBDCTQDHRRHLHK@Q@R@ANUD�VDNMKXMDDCSN@CCSGDQNTSHMF�.!4LTRSAD@BSHU@SDCNM

SGD�OQHU@SD�HMSDQE@BD�NMKX�HE�SGD�F@SDR�@QD�MNS�SGD�R@LD�@R�SGD�CDE@TKS�F@SDV@X�NE�SGDHQ�MDSVNQJ�

��MDS![F@SD!�� F@SD"[��MDS"

a#NMMDBS�VHSG�33(�TRHMF�SGD�STMMDK�NOSHNM� V�

a#NMEHFTQD�SGD�)0�@CCQDRRDR�NE�SGD�STMMDK��/MBD�NM�SGD�RDQUDQ�@MC�NMBD�NM�SGD�BKHDMS�

a!CC�SGD�QNTSHMF�ENQ�SGD�SVN�MDSVNQJR�

a)E�MDBDRR@QX��@BSHU@SD�.!4�NM�SGD�OQHU@SD�HMSDQE@BD�NE�SGD�F@SD�

4GD�RDSTO�HR

sta

rted fro

m g

ate

A in n

etA�c�60.�VHSG�33(�c

��

Co

nn

ect f

ro

m g

ate

A t

o g

ate

B

#NMMDBSHNM�HR�RS@QSDC�EQNL�F@SD!�@MC�BNLL@MCR�@QD�DWDBTSDC�NM�F@SD"�

gate

B is

on L

inux

gateA>#ssh -w5:5 root@gateB

gateB>#ifconfig tun5 10.0.1.1 netmask 255.255.255.252# Executed on the gateB shell

gateB>#route add -net 192.168.51.0 netmask 255.255.255.0 dev tun5

gateB>#echo 1 > /proc/sys/net/ipv4/ip_forward

# Only needed if not default gw

gateB>#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

gate

B is

on F

reeB

SD

gateA>#ssh -w5:5 root@gateB

# Creates the tun5 devices

gateB>#ifconfig tun5 10.0.1.1 10.0.1.2

# Executed on the gateB shell

gateB>#route add 192.168.51.0/24 10.0.1.2

gateB>#sysctl net.inet.ip.forwarding=1

# Only needed if not default gw

gateB>#natd -s -m -u -dynamic -n fxp0

# seeNAT(page 18)

gateA>#sysctl net.inet.ip.fw.enable=1

Co

nfig

ure

ga

te

A

#NLL@MCR�DWDBTSDC�NM�F@SD!�

gate

A is

on L

inux

gateA>#ifconfig tun5 10.0.1.2 netmask 255.255.255.252

gateA>#route add -net 192.168.16.0 netmask 255.255.255.0 dev tun5

gateA>#echo 1 > /proc/sys/net/ipv4/ip_forward

gateA>#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

gate

A is

on F

reeB

SD

gateA>#ifconfig tun5 10.0.1.2 10.0.1.1

gateA>#route add 192.168.16.0/24 10.0.1.2

gateA>#sysctl net.inet.ip.forwarding=1

gateA>#natd -s -m -u -dynamic -n fxp0

# seeNAT(page 18)

gateA>#sysctl net.inet.ip.fw.enable=1

4GDSVNOQHU@SDMDSVNQJR@QDMNVSQ@MRO@QDMSKXBNMMDBSDCUH@SGD33(60.�4GD)0ENQV@QC@MC

.!4RDSSHMFR@QDNMKXMDBDRR@QXHESGDF@SDR@QDMNSSGDCDE@TKSF@SDV@XR�)MSGHRB@RDSGDBKHDMSR

VNTKC�MNS�JMNV�VGDQD�SN�ENQV@QC�SGD�QDRONMRD��@MC�M@S�LTRS�AD�@BSHU@SDC�

7R

SY

NC

2RXMBB@M@KLNRSBNLOKDSDKXQDOK@BDBO@MCRBO�ETQSGDQLNQDHMSDQQTOSDCSQ@MREDQR@QDDEEHBHDMSKX

QDRS@QSDC�!SQ@HKHMFRK@RG�@MCSGD@ARDMBDSGDQDNEG@RCHEEDQDMSLD@MHMFR�SGDL@MO@FDHR

FNNC��(

DQD�RNLD�DW@LOKDR�

#NOX�SGD�CHQDBSNQHDR�VHSG�ETKK�BNMSDMS�

# rsync -a /home/colin/ /backup/colin/

# "archive" mode. e.g keep the same

# rsync -a /var/ /var_bak/

# rsync -aR --delete-during /home/user/ /backup/

# use relative (see below)

# /opt/local/bin/rsync -azv --iconv=UTF-8-MAC,UTF-8 ~/Music/flac/ me@server:/dst/

# convert filenames OSX UTF8 to Windows UTF8

3@LD@RADENQDATSNUDQSGDMDSVNQJ@MCVHSGBNLOQDRRHNM�2RXMBTRDR33(ENQSGDSQ@MRONQSODQ

CDE@TKS�@MC�VHKK�TRD�SGD�RRG�JDX�HE�SG

DX�@QD�RDS��5RD��@

R�VHSG�3#0��!�SXOHB@K�QDLNSD�BNOX�

# rsync -axSRzv /home/user/ user@server:/backup/user/# Copy to remote

# rsync -a 'user@server:My\ Documents' My\ Documents

# Quote AND escape spaces for the remote shell

%WBKTCD@MXCHQDBSNQXSLOVHSGHM�GNLD�TRDQ�@MCJDDOSGDQDK@SHUDENKCDQRGHDQ@QBGX�SG@SHRSGD

QDLNSD�CHQDBSNQX�VHKK�G@UD�SGD�RSQTBSTQD��A@BJTO�GNLD�TRDQ��4

GHR�HR�SXOHB@KKX�TRDC�ENQ�A@BJTOR�

# rsync -azR --exclude=tmp/ /home/user/ user@server:/backup/

5RD�ONQS��ENQ�SGD�RRG�BNMMDBSHNM�

# rsync -az -e 'ssh -p 20022' /home/colin/ user@server:/backup/colin/

c�239.#�c

��

dm

-cry

pt w

ith

LU

KS

,5+3VHSGCL BQXOSG@RADSSDQDMBQXOSHNM@MCL@JDRHSONRRHAKDSNG@UDLTKSHOKDO@RROGQ@RDENQ

SGDR@LDO@QSHSHN

MNQSNBG@MFDSGDO@RRVNQCD@RHKX�4NSDRSHE,5+3HR@U@HK@AKD�RHLOKXSXOD#

cryptsetup

--help�HEMNSGHMF@ANTS,5+3RGNVRTO�TRDSGDHMRSQTBSHNMRADKNV7HSGNTS,5+3�

&HQRS�BQD@SD�@�O@QSHSHN

M�HE�MDBDRR@QX�fdisk /dev/sdc�

Create

encrypte

d p

artitio

n

# dd if=/dev/urandom of=/dev/sdc1

# Optional. For paranoids only (takes days)

# cryptsetup -y luksFormat /dev/sdc1

# This destroys any data on sdc1

# cryptsetup luksOpen /dev/sdc1 sdc1

# mkfs.ext3 /dev/mapper/sdc1

# create ext3 file system

# mount -t ext3 /dev/mapper/sdc1 /mnt

# umount /mnt

# cryptsetup luksClose sdc1

# Detach the encrypted partition

Atta

ch

# cryptsetup luksOpen /dev/sdc1 sdc1


Deta

ch

# umount /mnt

# cryptsetup luksClose sdc1

dm

-cry

pt w

ith

ou

t L

UK

S

# cryptsetup -y create sdc1 /dev/sdc1

# or any other partition like /dev/loop0

# dmsetup ls

# check it, will display: sdc1 (254, 0)

# mkfs.ext3 /dev/mapper/sdc1

# This is done only the first time!


# umount /mnt/

# cryptsetup remove sdc1

# Detach the encrypted partition

$NDW@BSKXSGDR@LD�VHSGNTSSGDLJERO@QS�

SNQD @SS@BGSGDO@QSHSHN

M�)ESGDO@RRVNQCHRMNS

BNQQDBS�SGDLNTMSBNLL@MCVHKKE@HK�)MSGHRB@RDRHLOKXQDLNUDSGDL@ORCB��cryptsetup

remove sdc1�@MC�BQD@SD�HS�@F@HM�

10

.2F

re

eB

SD

4GDSVNONOTK@Q&QDD"3$CHRJDMBQXOSHNMLNCTKDR@QD

gbde@MCgeli�)MNVTRDFDKHADB@TRDHS

HRE@RSDQ@MC@KRNTRDRSGDBQXOSNCDUHBDENQG@QCV@QD@BBDKDQ@SHNM�3DD4GD&QDD"3$G@MCANNJ

#G@OSDQ��ENQ�@KK�SGD�CDS@HKR��4GD�FDKH�LNCTKD�LTRS�AD�KN@CDC�NQ�BNLOHKDC�HMSN�SGD�JDQMDK�

options GEOM_ELI

device crypto

# or as module:

# echo 'geom_eli_load="YES"' >> /boot/loader.conf

# or do: kldload geom_eli

Use

pa

ssw

ord

an

d k

ey

)TRDSGNRDRDSSHMFRENQ@SXOHB@KCHRJDMBQXOSHNM�HSTRDR@O@RROGQ@RD!.$@JDXSNDMBQXOSSGD

L@RSDQJDX�4G@SHRXNTMDDCANSGSGDO@RRVNQC@MCSGDFDMDQ@SDCJDX/root/ad1.keySN@SS@BG

SGDO@QSHSHN

M�4GDL@RSDQJDXHRRSNQDCHMRHCDSGDO@QSHSHN

M@MCHRMNSUHRHAKD�3DDADKNVENQSXOHB@K

53"�NQ�EHKD

�A@RDC�HL@FD�

Create

encrypte

d p

artitio

n

# dd if=/dev/random of=/root/ad1.key bs=64 count=1

# this key encrypts the mater key

# geli init -s 4096 -K /root/ad1.key /dev/ad1

# -s 8192 is also OK for disks

# geli attach -k /root/ad1.key /dev/ad1

# DO make a backup of /root/ad1.key

# dd if=/dev/random of=/dev/ad1.eli bs=1m

# Optional and takes a long time

# newfs /dev/ad1.eli

# Create file system

# mount /dev/ad1.eli /mnt

��GSSO��V

VV�EQDDARC�NQF�G@MCANNJ�CHRJR DMBQXOSHMF�GSLK

c�%MBQXOS�0@QSHSHN

MR�c

��

-eDMBQXOS�C@S@

-dCDBQXOS�C@S@

-r.!-%�DMBQXOS�ENQ�QDBHOHDMS�.!-%��NQ��&TKK�.@LD��NQ��DL@HK CNL@HM�

-aBQD@SD�@RBHH�@QLNQDC�NTSOTS�NE�@�JDX

-oTRD�@R�NTSOTS�EHKD

4GDDW@LOKDRTRD�9NTQ.@LD�@MC�!KHBD�@RSGDJDXR@QDQDEDQQDCSNAXSGDDL@HKNQETKKM@LD

NQO@QSH@KM@LD�&NQDW@LOKD)B@MTRD�#NKHM�NQ�B BA�UT�ENQLXJDX;#NKHM"@QRBGDK�BA�UT

�B BA�UT�=�

En

cry

pt f

or p

erso

na

l u

se

on

ly

.N�MDDC�SN�DWONQS�HLONQS�@MX�JDX�ENQ�SGHR��9NT�G@UD�ANSG�@KQD@CX�

# gpg -e -r 'Your Name' file

# Encrypt with your public key

# gpg -o file -d file.gpg

# Decrypt. Use -o or it goes to stdout

En

cry

pt -

De

cry

pt w

ith

ke

ys

&HQRSXNTMDDCSNDWONQSXNTQOTAKHBJDXENQRNLDNMDDKRDSNTRDHS�!MCXNTMDDCSNHLONQSSGD

OTAKHBR@XEQNL!KHBDSNDMBQXOS@EHKDENQGDQ�9NTB@MDHSGDQG@MCKDSGDJDXRHMRHLOKD@RBHHEHKDRNQ

TRD�@�OTAKHB�JDX�RDQUDQ�

&NQDW@LOKD!KHBDDWONQSGDQOTAKHBJDX@MCXNTHLONQSHS�XNTB@MSGDMDMBQXOS@EHKDENQGDQ�4G@S

HR�NMKX�!KHBD�VHKK�AD�@AKD�SN�CDBQXOS�HS�

# gpg -a -o alicekey.asc --export 'Alice'

# Alice exported her key in ascii file.

# gpg --send-keys --keyserver subkeys.pgp.net KEYID

# Alice put her key on a server.

# gpg --import alicekey.asc

# You import her key into your pubring.

# gpg --search-keys --keyserver subkeys.pgp.net 'Alice'# or get her key from a server.

/MBD�SGD�JDXR�@QD�HLONQSDC�HS�HR�UDQX�D@RX�SN�DMBQXOS�NQ�CDBQXOS�@�EHKD�

# gpg -e -r 'Alice' file

# Encrypt the file for Alice.

# gpg -d file.gpg -o file

# Decrypt a file encrypted by Alice for you.

Ke

y a

dm

inis

tra

tio

n

# gpg --list-keys

# list public keys and see the KEYIDS

The KEYID follows the '/' e.g. for: pub 1024D/D12B77CE the KEYID is D12B77CE

# gpg --gen-revoke 'Your Name'

# generate revocation certificate

# gpg --list-secret-keys

# list private keys

# gpg --delete-keys NAME

# delete a public key from local key ring

# gpg --delete-secret-key NAME

# delete a secret key from local key ring

# gpg --fingerprint KEYID

# Show the fingerprint of the key

# gpg --edit-key KEYID

# Edit key (e.g sign or add/del email)

10

EN

CR

YP

T P

AR

TI

TI

ON

S,HMTWVHSG,5+3�O��[,HMTWCL BQXOSNMKX�O��[&QDD"3$'%,)�O��[&"3$OVCNMKX�O��[

/3�8�HL@FD�O��

4GDQD@QD�L@MXNSGDQ@KSDQM@SHUDLDSGNCRSNDMBQXOSCHRJR�)NMKXRGNVGDQDSGDLDSGNCR)JMNV

@MCTRD�+DDOHMLHMCSG@SSGDRDBTQHSXHRNMKXFNNC@RKNMFSGD/3G@RMNSADDMSDLODQDCVHSG�

!MHMSQTCDQBNTKCD@RHKXQDBNQCSGDO@RRVNQCEQNLSGDJDXAN@QCDUDMSR�&TQSGDQLNQDSGDC@S@HR

EQDDKX@BBDRRHAKDVGDMSGDO@QSHSHNMHR

att

ached@MCVHKKMNSOQDUDMS@MHMSQTCDQSNG@UD@BBDRRSNHS

HM�SGHR�RS@SD�

10

.1L

inu

x

4GNRDHMRSQTBSHNMRTRDSGD,HMTWdm-crypt�CDUHBD L@OODQE@BHKHSX@U@HK@AKDNMSGD��JDQMDK�

)MSGHRDW@LOKD�KDSRDMBQXOSSGDO@QSHSHNM/dev/sdc1�HSBNTKCADGNVDUDQ@MXNSGDQO@QSHSHNMNQ

CHRJ�NQ53"NQ@EHKDA@RDCO@QSHSHNMBQD@SDCVHSGlosetup�)MSGHRB@RDVDVNTKCTRD/dev/loop0�

3DDEHKDHL@FDO@QSHSHNM�4GDCDUHBDL@OODQTRDRK@ADKRSNHCDMSHEX@O@QSHSHNM�7DTRDsdc1HMSGHR

DW@LOKD��ATS�HS�BNTKC�AD�@MX�RSQHMF�

c�%MBQXOS�0@QSHSHNMR�c

��

5RHMFSGDQRXMBC@DLNM�TRDCVHSG��HRLTBGE@RSDQ�ATSMNSDMBQXOSDCNUDQRRG�4GDKNB@SHNM

NE�A@BJTOHRCDEHMDCAXSGDBNMEHFTQ@SHNMHM�DSB�QRXMBC�BNME�4GDU@QH@AKD239.#?0!337/2$B@M

AD�RDS�SN�@UNHC�SGD�MDDC�SN�DMSDQ�SGD�O@RRVNQC�L@MT@KKX�

# rsync -axSRz /home/ ruser@hostname::rmodule/backup/

# rsync -axSRz ruser@hostname::rmodule/backup/ /home/

# To copy back

3NLD�HLONQS@MS�NOSHNMR�

-a, --archive

@QBGHUD�LNCD��R@LD�@R� QKOSFN$��MN� (

-r, --recursive

QDBTQRD�HMSN�CHQDBSNQHDR

-R, --relative

TRD�QDK@SHUD�O@SG�M@LDR

-H, --hard-links

OQDRDQUD�G@QC�KHMJR

-S, --sparse

G@MCKD�RO@QRD�EHKDR�DEEHBHDMSKX

-x, --one-file-system

CNM�S�BQNRR�EHKD�RXRSDL�ANTMC@QHDR

--exclude=PATTERN

DWBKTCD�EHKDR�L@SBGHMF�0!44%2.

--delete-during

QDBDHUDQ�CDKDSDR�CTQHMF�WEDQ��MNS�ADENQD

--delete-after

QDBDHUDQ�CDKDSDR�@ESDQ�SQ@MREDQ��MNS�ADENQD

7.1

Rs

yn

c o

n W

ind

ow

s

2RXMBHR@U@HK@AKDENQ7HMCNVRSGQNTFGBXFVHMNQ@RRS@MC @KNMDO@BJ@FDCHMBVQRXMB��4GHRHRUDQX

BNMUDMHDMSENQ@TSNL@SDCA@BJTOR�)MRS@KKNMDNESGDL�n

ot

both@MC@CCSGDO@SGSNSGD7HMCNVR

RXRSDLU@QH@AKDR��#NMSQNK0@MDK �3XRSDL �S@A!CU@MBDC�ATSSNM%MUHQNMLDMS6@QH@AKDR�

%CHSSGD�0@SG�RXRSDLU@QH@AKD@MC@CCSGDETKKO@SGSNSGDHMRS@KKDCQRXMB�D�F�#�<0QNFQ@L&HKDR<

BV2RXMB<AHMNQ#�<BXFVHM<AHM�4GHRV@XSGDBNLL@MCRrsync@MCssh@QD@U@HK@AKDHM@7HMCNVR

BNLL@MC�RGDKK�

Pu

bli

c k

ey

au

th

en

tic

atio

n

2RXMBHR@TSNL@SHB@KKXSTMMDKDCNUDQ33(@MCSGTRTRDRSGD33(@TSGDMSHB@SHNMNMSGDRDQUDQ�

!TSNL@SHBA@BJTORG@UDSN@UNHC@TRDQHMSDQ@BSHNM�ENQSGHRSGD33(OTAKHBJDX@TSGDMSHB@SHNMB@M

AD�TRDC�@MC�SGD�QRXMB�BNLL@MC�VHKK�QTM�VHSGNTS�@�O@RRVNQC�

!KKSGDENKKNVHMFBNLL@MCR@QDDWDBTSDCVHSGHM@7HMCNVRBNMRNKD�)M@BNMRNKD�3S@QS �2TM �

BLCBQD@SD@MCTOKN@CSGDJDX@RCDRBQHADCHM33(�BG@MFD�TRDQ�@MC�RDQUDQ�@R@OOQNOQH@SD�

)ESGDEHKD@TSGNQHYDC?JDXR�CNDRMNSDWHRSXDS�RHLOKXBNOXHC?CR@�OTASN@TSGNQHYDC?JDXR�@MC

TOKN@C�HS�

# ssh-keygen -t dsa -N ''

# Creates a public and a private key

# rsync user@server:.ssh/authorized_keys2 .# Copy the file locally from the server

# cat id_dsa.pub >> authorized_keys2

# Or use an editor to add the key

# rsync authorized_keys2 user@server:.ssh/

# Copy the file back to the server

# del authorized_keys2

# Remove the local copy

.NV�SDRS�HS�VHSG��HM�NMD�KHMD�

rsync -rv "/cygdrive/c/Documents and Settings/%USERNAME%/My Documents/" \

'user@server:My\ Documents/'

Au

to

ma

tic

ba

ck

up

5RD@A@SBGEHKDSN@TSNL@SDSGDA@BJTO@MC@CCSGDEHKDHMSGDRBGDCTKDCS@RJR�0QNFQ@LR �

!BBDRRNQHDR �3XRSDL4NNKR �3BGDCTKDC4@RJR�&NQDW@LOKDBQD@SDSGDEHKDA@BJTO�A@S@MC

QDOK@BD�TRDQ RDQUDQ�

@ECHO OFF

REM rsync the directory My Documents

SETLOCAL

SET CWRSYNCHOME=C:\PROGRAM FILES\CWRSYNC

SET CYGWIN=nontsec

SET CWOLDPATH=%PATH%

REM uncomment the next line when using cygwin

SET PATH=%CWRSYNCHOME%\BIN;%PATH%

echo Press Control-C to abort

��GSSO��RNTQBDENQFD�MDS�OQNIDBSR�RDQDCR

c�239.#�c

��

rsync -av "/cygdrive/c/Documents and Settings/%USERNAME%/My Documents/" \

'user@server:My\ Documents/'

pause

8S

UD

O

3TCNHR@RS@MC@QCV@XSNFHUDTRDQRRNLD@CLHMHRSQ@SHUDQHFGSRVHSGNTSFHUHMFNTSSGDQNNS

O@RRVNQC�3TCNHRUDQXTRDETKHM@LTKSHTRDQDMUHQNMLDMSVHSG@LHWNERDQUDQ@MCVNQJRS@SHNMR�

3HLOKX�B@KK�SGD�BNLL@MC�VHSG�RTCN�

# sudo /etc/init.d/dhcpd restart

# Run the rc script as root

# sudo -u sysadmin whoami

# Run cmd as an other user

8.1

Co

nfig

ura

tio

n

3TCNHRBNMEHFTQDCHM

/etc/sudoers@MCLTRSNMKXADDCHSDCVHSG

visudo�4GDA@RHBRXMS@WHR�SGD

KHRSR�@QD�BNLL@�RDO@Q@SDC�

user hosts = (runas) commands

# In /etc/sudoers

usersNMD�NQ�LNQD�TRDQR�NQ��FQNTO��KHJD��VGDDK�SN

�F@HM�SGD�QHFGSR

hostsKHRS�NE�GNRSR��NQ�!,,

runasKHRS�NE�TRDQR��NQ�!,,�SG@S�SGD�BNLL@MC�QTKD�B@M�AD�QTM�@R��)S�HR

�DMBKNRDC�HM��

commandsKHRS�NE�BNLL@MCR��NQ�!,,�SG@S�VHKK�AD�QTM�@R�QNNS�NQ�@R��QTM@R

!CCHSHNM@KKXSGNRDJDXVNQCRB@MADCDEHMDC@R@KH@R�SGDX@QDB@KKDC5RDQ?!KH@R�(NRS?!KH@R�

2TM@R?!KH@R�@MC�#LMC?!KH@R��4GHR�HR�TRDETK�ENQ�K@QFDQ�RDSTOR��(DQD�@�RTCNDQR�DW@LOKD�

# cat /etc/sudoers

# Host aliases are subnets or hostnames.

Host_Alias DMZ = 212.118.81.40/28

Host_Alias DESKTOP = work1, work2

# User aliases are a list of users which can have the same rights

User_Alias ADMINS = colin, luca, admin

User_Alias DEVEL = joe, jack, julia

Runas_Alias DBA = oracle,pgsql

# Command aliases define the full path of a list of commands

Cmnd_Alias SYSTEM = /sbin/reboot,/usr/bin/kill,/sbin/halt,/sbin/shutdown,/etc/init.d/

Cmnd_Alias PW = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root# Not root pwd!

Cmnd_Alias DEBUG = /usr/sbin/tcpdump,/usr/bin/wireshark,/usr/bin/nmap

# The actual rules

root,ADMINS ALL = (ALL) NOPASSWD: ALL

# ADMINS can do anything w/o a password.

DEVEL DESKTOP = (ALL) NOPASSWD: ALL

# Developers have full right on desktops

DEVEL DMZ = (ALL) NOPASSWD: DEBUG

# Developers can debug the DMZ servers.

# User sysadmin can mess around in the DMZ servers with some commands.

sysadmin DMZ = (ALL) NOPASSWD: SYSTEM,PW,DEBUG

sysadmin ALL,!DMZ = (ALL) NOPASSWD: ALL

# Can do anything outside the DMZ.

%dba ALL = (DBA) ALL

# Group dba can run as database user.

# anyone can mount/unmount a cd-rom on the desktop machines

ALL DESKTOP = NOPASSWD: /sbin/mount /cdrom,/sbin/umount /cdrom

9E

NC

RY

PT

F

IL

ES

9.1

Op

en

SS

L

A s

ing

le f

ile

%MBQXOS�@MC�CDBQXOS�

c�35$/�c

��

# openssl aes-128-cbc -salt -in file -out file.aes

# openssl aes-128-cbc -d -salt -in file.aes -out file

.NSD�SG@S�SGD�EHKD�B@M�NE�BNTQRD�AD�@�S@Q�@QBGHUD�

ta

r a

nd

en

cry

pt a

wh

ole

dir

ecto

ry

# tar -cf - directory | openssl aes-128-cbc -salt -out directory.tar.aes

# Encrypt

# openssl aes-128-cbc -d -salt -in directory.tar.aes | tar -x -f -

# Decrypt

ta

r z

ip a

nd

en

cry

pt a

wh

ole

dir

ecto

ry

# tar -zcf - directory | openssl aes-128-cbc -salt -out directory.tar.gz.aes

# Encrypt

# openssl aes-128-cbc -d -salt -in directory.tar.gz.aes | tar -xz -f -

# Decrypt

a5RD JLXRDBQDSO@RRVNQC@ESDQ@DR �� BABSN@UNHCSGDHMSDQ@BSHUDO@RRVNQCQDPTDRS�

(NVDUDQ�MNSD�SG@S�SGHR�HR�GHFGKX�HMRDBTQD�

a5RD

aes-2

56

-cb

cHMRSD@CNE

aes-1

28

-cb

cSNFDSDUDMRSQNMFDQDMBQXOSHNM�4GHRTRDR@KRN

LNQD�#05�

9.2

GP

G

'MT0'HRVDKKJMNVMSNDMBQXOS@MCRHFMDL@HKRNQ@MXC@S@�&TQSGDQLNQDFOF@MC@KRNOQNUHCDR

@M@CU@MBDCJDXL@M@FDLDMSRXRSDL�4GHRRDBSHNMNMKXBNUDQREHKDRDMBQXOSHNM�MNSDL@HKTR@FD�

RHFMHMF�NQ�SGD�7DA /E 4QTRS�

4GDRHLOKDRSDMBQXOSHNMHRVHSG@RXLLDSQHB

BHOGDQ�)MSGHRB@RDSGDEHKD

HRDMBQXOSDCVHSG@

O@RRVNQC@MC@MXNMDVGNJMNVRSGDO@RRVNQCB@MCDBQXOSHS�SGTRSGDJDXR@QDMNSMDDCDC�'OF

@CCR�@M�DWSDMSHNM��FOF��SN�SGD�DMBQXOSDC�EHKD�M@LDR�

# gpg -c file

# Encrypt file with password

# gpg file.gpg

# Decrypt file (optionally -o otherfile)

Usin

g k

ey

s

&NQLNQDCDS@HKRRDD'0'1THBJ3S@QS��@MC'0'�0'0"@RHBR��@MCSGDFMTOFCNBTLDMS@SHNM��@LNMF

NSGDQR�

4GDOQHU@SD@MCOTAKHBJDXR@QDSGDGD@QSNE@RXLLDSQHB

BQXOSNFQ@OGX�7G@SHRHLONQS@MSSN

QDLDLADQ�

a9NTQOTAKHBJDXHRTRDCAX

oth

ersSNDMBQXOSEHKDRSG@SNMKXXNT@RSGDQDBDHUDQB@MCDBQXOS

�MNSDUDMSGDNMDVGNDMBQXOSDCSGDEHKDB@MCDBQXOSHS�4GDOTAKHBJDXHRSGTRLD@MSSNAD

CHRSQHATSDC�

a9NTQOQHU@SDJDXHRDMBQXOSDCVHSGXNTQO@RROGQ@RD@MCHRTRDCSNCDBQXOSEHKDRVGHBGVDQD

DMBQXOSDCVHSG

yourOTAKHBJDX�4GDOQHU@SDJDXLTRSADJDOS

secu

re�!KRNHESGDJDXNQ

O@RROGQ@RD�HR�KNRS��RN�@QD�@KK�SGD�EHKDR�DMBQXOSDC�VHSG�XNTQ�OTAKHB�JDX�

a4GD�JDX�EHKDR�@QD�B@KKDC�JDXQHMFR�@R�SGDX�B@M�BNMS@HM�LNQD�SG@M�NMD�JDX�

&HQRSFDMDQ@SD@JDXO@HQ�4GDCDE@TKSR@QDEHMD�GNVDUDQXNTVHKKG@UDSNDMSDQ@SKD@RSXNTQETKK

M@LD@MCDL@HK@MCNOSHNM@KKX@BNLLDMS�4GDBNLLDMSHRTRDETKSNBQD@SDLNQDSG@MNMDJDX

VHSG�SGD�R@LD�M@LD�@MC�DL@HK��!KRN�XNT�RGNTKC�TRD�@��O@RROGQ@RD��MNS�@�RHLOKD�O@RRVNQC�

# gpg --gen-key

# This can take a long time

4GD�JDXR�@QD�RSNQDC�HM�]��FMTOF��NM�5MHW��NM�7HMCNVR�SGDX�@QD�SXOHB@KKX�RSNQDC�HM

#��$NBTLDMSR�@MC�3DSSHMFR��53%2.!-%��!OOKHB@SHNM�$@S@�FMTOF��

~/.gnupg/pubring.gpg

# Contains your public keys and all others imported

~/.gnupg/secring.gpg

# Can contain more than one private key

3GNQS�QD

LHMCDQ�NM�LNRS�TRDC�NOSHNMR�

��GSSO��V

VV�L@CAN@�BNL�FDDJ�FOF PTHBJRS@QS

��GSSO��@OK@VQDMBD�BNL�"@RHBR�FOF�GSLK

��GSSO��FMTOF�NQF�CNBTLDMS@SHNM

c�%MBQXOS�&HKDR�c

��