pc-freak · #nlohkd@mcdwdbtsdvhsgˆ # g++ -c ipv4.cpp simplecpp.cpp # compile in objects # g++...
TRANSCRIPT
#NLOHKD�@MC�DWDBTSD�VHSG�
# g++ -c IPv4.cpp simplecpp.cpp
# Compile in objects
# g++ IPv4.o simplecpp.o -o simplecpp.exe
# Link the objects to final executable
# ./simplecpp.exe
1347861486 = 80.86.187.238
5RDlddSNBGDBJVGHBGKHAQ@QHDR@QDTRDCAXSGDDWDBTS@AKD@MCVGDQDSGDX@QDKNB@SDC�!KRNTRDC
SN�BGDBJ�HE�@�RG@QDC�KHAQ@QX�HR�LHRRHMF�NQ�HE�SGD�DWDBTS@AKD�HR�RS@SHB�
# ldd /sbin/ifconfig
# list dynamic object dependencies
# ar rcs staticlib.a *.o
# create static archive
# ar t staticlib.a
# print the objects list from the archive
# ar x /usr/lib/libc.a version.o
# extract an object file from the archive
# nm version.o
# show function members provided by object
22
.5S
imp
le M
ak
efil
e
4GDLHMHL@K-@JDEHKDENQSGDLTKSH RNTQBDOQNFQ@LHRRGNVMADKNV�4GDKHMDRVHSGHMRSQTBSHNMR
must
begin
with a
tab��4GD�A@BJ�RK@RG��<��B@M�AD�TRDC�SN�BTS�KNMF�KHMDR�
CC= g++
CFLAGS= -O
OBJS= IPv4.o simplecpp.o
simplecpp: ${OBJS}
${CC} -o simplecpp ${CFLAGS} ${OBJS}
clean:
rm -f ${TARGET} ${OBJS}
23
ON
LI
NE
H
EL
P
23
.1D
oc
um
en
ta
tio
n
,HMTW�$NBTLDMS@SHNM
DM�SKCO�NQF
,HMTW�-@M�0@FDR
VVV�KHMTWL@MO@FDR�BNL
,HMTW�BNLL@MCR�CHQDBSNQXVVV�NQDHKKXMDS�BNL�KHMTW�BLC
,HMTW�CNB�L@M�GNVSNR
KHMTW�CHD�MDS
&QDD"3$�(@MCANNJ
VVV�EQDDARC�NQF�G@MCANNJ
&QDD"3$�-@M�0@FDR
VVV�EQDDARC�NQF�BFH�L@M�BFH
&QDD"3$�TRDQ�VHJH
VVV�EQDDARCVHJH�MDS
3NK@QHR�-@M�0@FDR
CNBR�RTM�BNL�@OO�CNBR�BNKK������
23
.2O
th
er U
nix
/L
inu
x r
efe
re
nc
es
2NRDSS@�3SNMD�ENQ�5MHW
AG@LH�BNL�QNRDSS@�GSLK��@�5MHW�BNLL@MC�SQ@MRK@SNQ
5MHW�FTHCD�BQNRR�QDEDQDMBDTMHWFTHCD�MDS�TMHWFTHCD�RGSLK
,HMTW�BNLL@MCR�KHMD�KHRS
VVV�KHMTWBLC�NQF
3GNQS�,HMTW�QDEDQDMBD
VVV�OHWDKAD@S�NQF�BLCKHMD�GSLK
,HSSKD�BNLL@MC�KHMD�FNNCHDRVVV�RGDKK ET�NQF
4G@S�R�@KK�ENKJR�
4GHRCNBTLDMS��5MHW4NNKANWQDUHRHNM�����HRKHBDMRDCTMCDQ@#QD@SHUD#NLLNMR,HBDMBD
;!SSQHATSHNM� �3G@QD�!KHJD=��b#NKHM�"@QRBGDK���� ������3NLD�QHFGSR�QDRDQUDC�
c�/MKHMD�(DKO�c
��
UN
IX
T
OO
LB
OX
4GHRCNBTLDMSHR@BNKKDBSHNMNE5MHW�,HMTW�"3$BNLL@MCR@MCS@RJRVGHBG@QDTRDETKENQ)4VNQJ
NQENQ@CU@MBDCTRDQR�4GHRHR@OQ@BSHB@KFTHCDVHSGBNMBHRDDWOK@M@SHNMR�GNVDUDQSGDQD@CDQHR
RTOONRDC�SN�JMNV�VG@S�R�GD�HR�CNHMF�
��3XRSDL�������������������������������������������������������������������������������������������������������������������������
��0QNBDRRDR����������������������������������������������������������������������������������������������������������������������
��&HKD�3XRSDL�������������������������������������������������������������������������������������������������������������������
��.DSVNQJ�����������������������������������������������������������������������������������������������������������������������
��33(�3#0��������������������������������������������������������������������������������������������������������������������
��60.�VHSG�33(��������������������������������������������������������������������������������������������������������������
��239.#�����������������������������������������������������������������������������������������������������������������������
��35$/��������������������������������������������������������������������������������������������������������������������������
��%MBQXOS�&HKDR��������������������������������������������������������������������������������������������������������������
���%MBQXOS�0@QSHSHNMR��������������������������������������������������������������������������������������������������������
���33,�#DQSHEHB@SDR�����������������������������������������������������������������������������������������������������������
���#63�����������������������������������������������������������������������������������������������������������������������������
���36.��������������������������������������������������������������������������������������������������������������������������
���5RDETK�#NLL@MCR��������������������������������������������������������������������������������������������������������
���)MRS@KK�3NESV@QD�����������������������������������������������������������������������������������������������������������
���#NMUDQS�-DCH@��������������������������������������������������������������������������������������������������������������
���0QHMSHMF�����������������������������������������������������������������������������������������������������������������������
���$@S@A@RDR��������������������������������������������������������������������������������������������������������������������
���$HRJ�1TNS@�����������������������������������������������������������������������������������������������������������������
���3GDKKR��������������������������������������������������������������������������������������������������������������������������
���3BQHOSHMF��������������������������������������������������������������������������������������������������������������������
���0QNFQ@LLHMF��������������������������������������������������������������������������������������������������������������
���/MKHMD�(DKO�����������������������������������������������������������������������������������������������������������������
5MHW�4NNKANW�QDUHRHNM�����
4GDK@SDRSUDQRHNMNESGHRCNBTLDMSB@MADENTMC@SGSSO���BA�UT�TMHWSNNKANW�WGSLK�2DOK@BD�WGSLK
NMSGDKHMJVHSG�OCEENQSGD0$&UDQRHNM@MCVHSG�ANNJ�OCEENQSGDANNJKDSUDQRHNM�/M@CTOKDW
OQHMSDQ�SGD�ANNJKDS�VHKK�BQD@SD�@�RL@KK�ANNJ�QD@CX�SN�AHMC��3DD�@KRN�SGD@ANTS�O@FD�
%QQNQ�QDONQSR�@MC�BNLLDMSR�@QD�LNRS�VDKBNLD� B BA�UT#NKHM�"@QRBGDK�
1S
YS
TE
M(@QCV@QD�O�[3S@SHRSHBR�O�[5RDQR�O�[,HLHSR�O�[2TMKDUDKR�O�[QNNSO@RRVNQC�O�[
#NLOHKD�JDQMDK�O�[2DO@HQ�FQTA�O�
2TMMHMF�JDQMDK�@MC�RXRSDL�HMENQL@SHNM
# uname -a
# Get the kernel version (and BSD version)
# lsb_release -a
# Full release info of any LSB distribution
# cat /etc/SuSE-release
# Get SuSE version
# cat /etc/debian_version
# Get Debian version
5RD�DSB�DISTR QDKD@RDVHSG
DISTR=KRA�5ATMST�QDCG@S�FDMSNN�L@MCQ@JD�RTM�3NK@QHR�@MCRN
NM��3DD�@KRN/etc/issue�
# uptime
# Show how long the system has been running + load
# hostname
# system's host name
# hostname -i
# Display the IP address of the host. (Linux only)
# man hier
# Description of the file system hierarchy
# last reboot
# Show system reboot history
1.1
Ha
rd
wa
re
In
fo
rm
atio
ns
+DQMDK�CDSDBSDC�G@QCV@QD
# dmesg
# Detected hardware and boot messages
# lsdev
# information about installed hardware
# dd if=/dev/mem bs=1k skip=768 count=256 2>/dev/null | strings -n 8# Read BIOS
Lin
ux
# cat /proc/cpuinfo
# CPU model
# cat /proc/meminfo
# Hardware memory
# grep MemTotal /proc/meminfo
# Display the physical memory
# watch -n1 'cat /proc/interrupts'
# Watch changeable interrupts continuously
# free -m
# Used and free memory (-m for MB)
# cat /proc/devices
# Configured devices
# lspci -tv
# Show PCI devices
# lsusb -tv
# Show USB devices
# lshal
# Show a list of all devices with their properties
# dmidecode
# Show DMI/SMBIOS: hw info from the BIOS
Fre
eB
SD
# sysctl hw.model
# CPU model
# sysctl hw
# Gives a lot of hardware information
# sysctl hw.ncpu
# number of active CPUs installed
# sysctl vm
# Memory usage
# sysctl hw.realmem
# Hardware memory
# sysctl -a | grep mem
# Kernel memory settings and info
# sysctl dev
# Configured devices
# pciconf -l -cv
# Show PCI devices
# usbdevs -v
# Show USB devices
# atacontrol list
# Show ATA devices
# camcontrol devlist -v
# Show SCSI devices
1.2
Lo
ad
, sta
tis
tic
s a
nd
me
ss
ag
es
4GD�ENKKNVHMF�BNLL@MCR�@QD�TRDETK�SN�EHMC�NTS�VG@S�HR�FNHMF�NM�NM�SGD�RXRSDL�
# top
# display and update the top cpu processes
# mpstat 1
# display processors related statistics
# vmstat 2
# display virtual memory statistics
# iostat 2
# display I/O statistics (2 s intervals)
# systat -vmstat 1
# BSD summary of system statistics (1 s intervals)
# systat -tcp 1
# BSD tcp connections (try also -ip)
# systat -netstat 1
# BSD active network connections
# systat -ifstat 1
# BSD network traffic through active interfaces
c�3XRSDL�c
�
22
.3C
++
ba
sic
s
*pointer
// Object pointed to by pointer
&obj
// Address of object obj
obj.x
// Member x of class obj (object obj)
pobj->x
// Member x of class pointed to by pobj
// (*pobj).x and pobj->x are the same
22
.4C
++
ex
am
ple
!R@RKHFGSKXLNQDQD@KHRSHBOQNFQ@LHM#���@BK@RRHMHSRNVMGD@CDQ�)0U��G@MCHLOKDLDMS@SHNM
�)0U��BOO@MC@OQNFQ@LVGHBGTRDRSGDBK@RRETMBSHNM@KHSX�4GDBK@RRBNMUDQSR@M)0@CCQDRRHM
HMSDFDQ�ENQL@S�SN�SGD�JMNVM�PT@C�ENQL@S�
IP
v4
cla
ss
IPv4
.h:
#ifndefIPV4_H
#defineIPV4_H
#include<string>
namespaceGenericUtils {
// create a namespace
classIPv4 {
// class definition
public:
IPv4(); ~IPv4();
std::string IPint_to_IPquad(unsignedlongip);// member interface
};}//namespace GenericUtils
#endif// IPV4_H
IPv4
.cpp:
#include"IPv4.h"
#include<string>
#include<sstream>
usingnamespacestd;
// use the namespaces
usingnamespaceGenericUtils;
IPv4::IPv4() {}
// default constructor/destructor
IPv4::~IPv4() {}
string IPv4::IPint_to_IPquad(unsignedlongip) {
// member implementation
ostringstream ipstr;
// use a stringstream
ipstr << ((ip &0xff000000) >> 24)
// Bitwise right shift
<< "." << ((ip &0x00ff0000) >> 16)
<< "." << ((ip &0x0000ff00) >> 8)
<< "." << ((ip &0x000000ff));
returnipstr.str();
}Th
e p
ro
gra
m s
imp
lecp
p.c
pp
#include"IPv4.h"
#include<iostream>
#include<string>
usingnamespacestd;
intmain (intargc,char* argv[]) {
string ipstr;
// define variables
unsignedlongipint = 1347861486;
// The IP in integer form
GenericUtils::IPv4 iputils;
// create an object of the class
ipstr = iputils.IPint_to_IPquad(ipint);
// call the class member
cout << ipint << " = " << ipstr << endl;
// print the result
return0;
}
c�0QNFQ@LLHMF�c
��
.*
# match zero or more characters
^# match at the start of a line/string
$# match at the end of a line/string
.$
# match a single character at the end of line/string
^ $
# match line with a single space
[^A-Z]
# match any line beginning with any char from A to Z
21
.6S
om
e u
se
fu
l c
om
ma
nd
s
4GD�ENKKNVHMF�BNLL@MCR�@QD�TRDETK�SN�HMBKTCD�HM�@�RBQHOS�NQ�@R�NMD�KHMDQR�
sort -t. -k1,1n -k2,2n -k3,3n -k4,4n
# Sort IPv4 ip addresses
echo 'Test' | tr '[:lower:]' '[:upper:]'
# Case conversion
echo foo.bar | cut -d . -f 1
# Returns foo
PID=$(ps | grep script.sh | grep bin | awk '{print $1}')
# PID of a running script
PID=$(ps axww | grep [p]ing | awk '{print $1}')
# PID of ping (w/o grep pid)
IP=$(ifconfig $INTERFACE | sed '/.*inet addr:/!d;s///;s/ .*//')
# Linux
IP=$(ifconfig $INTERFACE | sed '/.*inet /!d;s///;s/ .*//')
# FreeBSD
if [ `diff file1 file2 | wc -l` != 0 ]; then [...] fi
# File changed?
cat /etc/master.passwd | grep -v root | grep -v \*: | awk -F":" \# Create http passwd
'{ printf("%s:%s\n", $1, $2) }' > /usr/local/etc/apache2/passwd
testuser=$(cat /usr/local/etc/apache2/passwd | grep -v \
# Check user in passwd
root | grep -v \*: | awk -F":" '{ printf("%s\n", $1) }' | grep ^user$)
:(){ :|:& };:
# bash fork bomb. Will kill your machine
tail +2 file > file2
# remove the first line from file
)TRDSGHRKHSSKDSQHBJSNBG@MFDSGDEHKDDWSDMRHNMENQL@MXEHKDR@SNMBD�&NQDW@LOKDEQNL�BWWSN
�BOO�4DRSHSEHQRSVHSGNTSSGD|
sh@SSGDDMC�9NTB@M@KRNCNSGHRVHSGSGDBNLL@MCrenameHE
HMRS@KKDC��/Q�VHSG�A@RG�ATHKSHMR�
# ls *.cxx | awk -F. '{print "mv "$0" "$1".cpp"}' | sh
# ls *.c | sed "s/.*/cp & &.$(date "+%Y%m%d")/" | sh# e.g. copy *.c to *.c.20080401
# rename .cxx .cpp *.cxx
# Rename all .cxx to cpp
# for i in *.cxx; do mv $i ${i%%.cxx}.cpp; done
# with bash builtins
22
PR
OG
RA
MM
IN
G
22
.1C
ba
sic
s
strcpy(newstr,str)
/* copy str to newstr */
expr1 ? expr2 : expr3
/* if (expr1) expr2 else expr3 */
x = (y > z) ? y : z;
/* if (y > z) x = y; else x = z; */
int a[]={0,1,2};
/* Initialized array (or a[3]={0,1,2}; */
int a[2][3]={{1,2,3},{4,5,6}};
/* Array of array of ints */
int i = 12345;
/* Convert in i to char str */
char str[10];
sprintf(str, "%d", i);
22
.2C
ex
am
ple
!�LHMHL@K�B�OQNFQ@L�RHLOKD�B�
#include<stdio.h>
main() {
intnumber=42;
printf("The answer is %i\n", number);
} #NLOHKD�VHSG�
# gcc simple.c -o simple
# ./simple
The answer is 42
c�0QNFQ@LLHMF�c
��
# systat -iostat 1
# BSD CPU and and disk throughput
# tail -n 500 /var/log/messages
# Last 500 kernel/syslog messages
# tail /var/log/warn
# System warnings messages see syslog.conf
1.3
Us
ers
# id
# Show the active user id with login and group
# last
# Show last logins on the system
# who
# Show who is logged on the system
# groupadd admin
# Add group "admin" and user colin (Linux/Solaris)
# useradd -c "Colin Barschel" -g admin -m colin
# usermod -a -G <group> <user>
# Add existing user to group (Debian)
# groupmod -A <user> <group>
# Add existing user to group (SuSE)
# userdel colin
# Delete user colin (Linux/Solaris)
# adduser joe
# FreeBSD add user joe (interactive)
# rmuser joe
# FreeBSD delete user joe (interactive)
# pw groupadd admin
# Use pw on FreeBSD
# pw groupmod admin -m newmember
# Add a new member to a group
# pw useradd colin -c "Colin Barschel" -g admin -m -s /bin/tcsh
# pw userdel colin; pw groupdel admin
%MBQXOSDCO@RRVNQCR@QDRSNQDCHM�DSB�RG@CNVENQ,HMTW@MC3NK@QHR@MC�DSB�L@RSDQ�O@RRVCNM
&QDD"3$�)ESGDL@RSDQ�O@RRVCHRLNCHEHDCL@MT@KKX�R@XSNCDKDSD@O@RRVNQC�QTM#
pwd_mkdb
-p master.passwdSN�QDATHKC�SGD�C@S@A@RD�
4NSDLONQ@QHKXOQDUDMSKNFHMRRXRSDLVHCD�ENQ@KKTRDQRATSQNNSTRDMNKNFHM�4GDLDRR@FDHM
MNKNFHM�VHKK�AD�CHROK@XDC��LHFGS�MNS�VNQJ�VHSG�RRG�OQD RG@QDC�JDXR�
# echo "Sorry no login now" > /etc/nologin
# (Linux)
# echo "Sorry no login now" > /var/run/nologin
# (FreeBSD)
1.4
Lim
its
3NLD@OOKHB@SHNMQDPTHQDGHFGDQKHLHSRNMNODMEHKDR@MCRNBJDSR�KHJD@OQNWXVDARDQUDQ�
C@S@A@RD��4GD�CDE@TKS�KHLHSR�@QD�TRT@KKX�SNN�KNV�
Lin
ux
Per s
hell/scrip
t
4GDRGDKKKHLHSR@QDFNUDQMDCAXulimit�4GDRS@STRHRBGDBJDCVHSGulimit
-a�&NQDW@LOKDSN
BG@MFD�SGD�NODM�EHKDR�KHLHS�EQNL������SN�������CN�
# ulimit -n 10240
# This is only valid within the shell
4GDulimitBNLL@MC�B@M�AD�TRDC�HM�@�RBQHOS�SN�BG@MFD�SGD�KHLHSR�ENQ�SGD�RBQHOS�NMKX�
Per u
ser/process
,NFHM�TRDQR�@MC�@OOKHB@SHNMR�B@M�AD�BNMEHFTQDC�HM/etc/security/limits.conf��&NQ�DW@LOKD�
# cat /etc/security/limits.conf
* hard nproc 250
# Limit user processes
asterisk hard nofile 409600
# Limit application open files
Syste
m w
ide
+DQMDK�KHLHSR�@QD�RDS�VHSG�RXRBSK��0DQL@MDMS�KHLHSR�@QD�RDS�HM
/etc/sysctl.conf�
# sysctl -a
# View all system limits
# sysctl fs.file-max
# View max open files limit
# sysctl fs.file-max=102400
# Change max open files limit
# echo "1024 50000" > /proc/sys/net/ipv4/ip_local_port_range
# port range
# cat /etc/sysctl.conf
fs.file-max=102400
# Permanent entry in sysctl.conf
# cat /proc/sys/fs/file-nr
# How many file descriptors are in use
c�3XRSDL�c
�
Fre
eB
SD
Per s
hell/
scrip
t
5RD�SGD�BNLL@MClimitsHM�BRG�NQ�SBRG�NQ�@R�HM�,HMTW��TRDulimitHM�@M�RG�NQ�A@RG�RGDKK�
Per u
ser/process
4GDCDE@TKSKHLHSRNMKNFHM@QDRDSHM
/etc/login.conf�!MTMKHLHSDCU@KTDHRRSHKKKHLHSDCAXSGD
RXRSDL�L@WHL@K�U@KTD�
Syste
m w
ide
+DQMDKKHLHSR@QD@KRNRDSVHSGRXRBSK�0DQL@MDMSKHLHSR@QDRDSHM
/etc/sysctl.confNQ/boot/
loader.conf��4GD�RXMS@W�HR�SGD�R@LD�@R�,HMTW�ATS�SGD�JDXR�@QD�CHEEDQDMS�
# sysctl -a
# View all system limits
# sysctl kern.maxfiles=XXXX
# maximum number of file descriptors
kern.ipc.nmbclusters=32768
# Permanent entry in /etc/sysctl.conf
kern.maxfiles=65536
# Typical values for Squid
kern.maxfilesperproc=32768
kern.ipc.somaxconn=8192
# TCP queue. Better for apache/sendmail
# sysctl kern.openfiles
# How many file descriptors are in use
# sysctl kern.ipc.numopensockets
# How many open sockets are in use
# sysctl net.inet.ip.portrange.last=50000# Default is 1024-5000
# netstat -m
# network memory buffers statistics
3DD�4GD&QDD"3$�G@MCANNJ�#G@OSDQ����ENQ�CDS@HKR�
So
laris
4GD�ENKKNVHMF�U@KTDR�HM
/etc/systemVHKK�HM
BQD@RD�SGD�L@WHLTL�EHKD�CDRBQHOSNQR�ODQ�OQNB�
set rlim_fd_max = 4096
# Hard limit on file descriptors for a single proc
set rlim_fd_cur = 1024
# Soft limit on file descriptors for a single proc
1.5
Ru
nle
ve
ls
Lin
ux
/MBDANNSDC�SGDJDQMDKRS@QSR
initVGHBGSGDMRS@QSR
rcVGHBGRS@QSR@KKRBQHOSRADKNMFHMFSN@
QTMKDUDK�4GDRBQHOSR@QDRSNQDCHM�DSB�HMHS�C
@MC@QDKHMJDCHMSN�DSB�QB�C�QB.�CVHSG.SGDQTMKDUDK
MTLADQ�
4GD�CDE@TKS�QT
MKDUDK�HR�BNMEHFTQDC�HM��DSB�HMHSS@A��)S�HR
�TRT@KKX���NQ���
# grep default: /etc/inittab
id:3:initdefault:
4GD�@BST@K�QTMKDUDK�B@M�AD�BG@MFDC�VHSG
init��&NQ�DW@LOKD�SN�FN�EQNL���SN���
# init 5
# Enters runlevel 5
�3GTSCNVM�@MC�G@KS
�3HMFKD 5RDQ�LNCD��@KRN�3
�-TKSH T
RDQ�VHSGNTS�MDSVNQJ
�-TKSH T
RDQ�VHSG�MDSVNQJ
�-TKSH T
RDQ�VHSG�8
�2DANNS
5RDchkconfigSN�BNMEHFTQD�SGD�OQNFQ@LR�SG@S�VHKK�AD�RS@QSDC�@S�ANNS�HM�@�QTMKDUDK�
# chkconfig --list
# List all init scripts
# chkconfig --list sshd
# Report the status of sshd
# chkconfig sshd --level 35 on
# Configure sshd for levels 3 and 5
# chkconfig sshd off
# Disable sshd for all runlevels
$DAH@M@MC$DAH@MA@[email protected]
L@M@FD�SGD�QTMKDUDKR�RBQHOSR��$DE@TKS�HR�SN�RS@QS�HM
�������@MC���@MC�RGTSCNVM�HM�����@MC���
# update-rc.d sshd defaults
# Activate sshd with the default runlevels
# update-rc.d sshd start 20 2 3 4 5 . stop 20 0 1 6 .
# With explicit arguments
��GSSO���V
VV�EQDDARC�NQF�G@MCANNJ�BNMEHFSTMHMF JDQMDK KHL
HSR�GSLK
c�3XRSDL�c
�
echo $MYHOMEexists
elseecho $MYHOMEdoes not exist
fi_EOF
sh testhome.sh
21
.2B
ou
rn
e s
crip
t e
xa
mp
le
!R�@�RL@KK�DW@LOKD��SGD�RBQHOS�TRDC�SN�BQD@SD�@�0$&�ANNJKDS�EQN
L�SGHR�WGSLK�CNBTLDMS�
#!/bin/sh
# This script creates a book in pdf format ready to print on a duplex printer
if[ $#-ne1 ];then
# Check the argument
echo 1>&2 "Usage: $0 HtmlFile"
exit1
# non zero exit if error
fi
file=$1
# Assign the filename
fname=${file%.*}
# Get the name of the file only
fext=${file#*.}
# Get the extension of the file
prince $file-o $fname.pdf
# from www.princexml.com
pdftops -paper A4 -noshrink $fname.pdf $fname.ps# create postscript booklet
cat $fname.ps |psbook|psnup -Pa4 -2 |pstops -b "2:0,1U(21cm,29.7cm)" > $fname.book.ps
ps2pdf13 -sPAPERSIZE=a4 -sAutoRotatePages=None $fname.book.ps $fname.book.pdf
# use #a4 and #None on Windows!
exit0
# exit 0 means successful
21
.3S
om
e a
wk
co
mm
an
ds
!VJHRTRDETKENQEHDKCRSQHOOHMF�KHJDBTSHM@LNQDONVDQETKV@X�3D@QBGSGHRCNBTLDMSENQNSGDQ
DW@LOKDR��3DD�ENQ�DW@LOKDFMTK@LO�BNL@MCNMD KHMDQR�ENQ�@VJENQ�RNLD�MHBD�DW@LOKDR�
awk '{ print $2, $1 }' file
# Print and inverse first two columns
awk '{printf("%5d : %s\n", NR,$0)}' file
# Add line number left aligned
awk '{print FNR "\t" $0}' files
# Add line number right aligned
awk NF test.txt
# remove blank lines (same as grep '.')
awk 'length > 80'
# print line longer than 80 char)
21
.4S
om
e s
ed
co
mm
an
ds
(DQD�HRSGD�NMD�KHMDQ�FNKC�LHMD����!MC�@�FNNCHMSQNCTBSHNM�@MC�STSNQH@K�SN�RDC���
sed 's/string1/string2/g'
# Replace string1 with string2
sed -i 's/wroong/wrong/g' *.txt
# Replace a recurring word with g
sed 's/\(.*\)1/\12/g'
# Modify anystring1 to anystring2
sed '/<p>/,/<\/p>/d' t.xhtml
# Delete lines that start with <p>
# and end with </p>
sed '/ *#/d; /^ *$/d'
# Remove comments and blank lines
sed 's/[ \t]*$//'
# Remove trailing spaces (use tab as \t)
sed 's/^[ \t]*//;s/[ \t]*$//'
# Remove leading and trailing spaces
sed 's/[^*]/[&]/'
# Enclose first char with [] top->[t]op
sed = file | sed 'N;s/\n/\t/' > file.num
# Number lines on a file
21
.5R
eg
ula
r E
xp
re
ss
ion
s
3NLD�A@RHB�QDFTK@Q�DWOQDRRHNM�TRDETK�ENQ�RDC�SNN��3DD"@RHB�2DFDW�3XMS@W��ENQ�@�FNNC�OQHLDQ�
[\^$.|?*+()
# special characters any other will match themselves
\# escapes special characters and treat as literal
*# repeat the previous item zero or more times
.# single character except line break characters
���GSSO���RSTCDMS�MNQSGO@QJ�DCT�ODLDMSD�RDC�RDC�KHMD�SWS
���GSSO���V
VV�FQXLNHQD�BNL�5MHW�3DC�GSLK
���GSSO���V
VV�QDFTK@Q DWOQDRRHNMR�HMEN�QDEDQDMBD�GSLK
c�3BQHOSHMF�c
��
21
SC
RI
PT
IN
G"@RHBR�O��[3BQHOSDW@LOKD�O��[@VJ�O��[RDC�O��[2DFTK@Q%WOQDRRHNMR�O��[TRDETK
BNLL@MCR�O��
4GD"NTQMDRGDKK��AHM�RGHROQDRDMSNM@KK5MHWHMRS@KK@SHNMR@MCRBQHOSRVQHSSDMHMSGHRK@MFT@FD
@QD��PTHSD�ONQS@AKD�man 1 shHR�@�FNNC�QDEDQDMBD�
21
.1B
as
ics
Va
ria
ble
s a
nd
arg
um
en
ts
!RRHFM�VHSG�U@QH@AKD�U@KTD�@MC�FDS�BNMSDMS�VHSG��U@QH@AKD
MESSAGE="Hello World"
# Assign a string
PI=3.1415
# Assign a decimal number
N=8
TWON=`expr $N * 2`
# Arithmetic expression (only integers)
TWON=$(($N * 2))
# Other syntax
TWOPI=`echo "$PI * 2" | bc -l`
# Use bc for floating point operations
ZERO=`echo "c($PI/4)-sqrt(2)/2" | bc -l`
4GD�BNLL@MC�KHMD�@QFTLDMSR�@QD
$0, $1, $2, ...
# $0 is the command itself
$#
# The number of arguments
$*
# All arguments (also $@)
Sp
ecia
l V
aria
ble
s
$$
# The current process ID
$?
# exit status of last command
command
if[ $?!= 0 ];then
echo "command failed"
fi
mypath=`pwd`
mypath=${mypath}/file.txt
echo ${mypath##*/}
# Display the filename only
echo ${mypath%%.*}
# Full path without extention
var2=${var:=string}
# Use var if set, otherwise use string
# assign string to var and then to var2.
Co
nstru
cts
forfilein `ls`
do
echo $file
done
count=0
while[ $count-lt 5 ];do
echo $count
sleep 1
count=$(($count+ 1))
done
myfunction() {
find . -type f -name "*.$1" -print
# $1 is first argument of the function
} myfunction "txt"
Generate
a f
ile
MYHOME=/home/colin
cat > testhome.sh << _EOF
# All of this goes into the file testhome.sh
if[ -d "$MYHOME" ] ;then
c�3BQHOSHMF�c
��
# update-rc.d -f sshd remove
# Disable sshd for all runlevels
# shutdown -h now (or # poweroff)
# Shutdown and halt the system
Fre
eB
SD
4GD"3$ANNS@OOQN@BGHRCHEEDQDMSEQNLSGD3XR6�SGDQD@QDMNQTMKDUDKR�4GDEHM@KANNSRS@SD
�RHMFKDTRDQ�VHSGNQVHSGNTS8HRBNMEHFTQDCHM
/etc/ttys�!KK/3RBQHOSR@QDKNB@SDCHM
/etc/
rc.d/@MCHM
/usr/local/etc/rc.d/ENQSGHQC O@QSX@OOKHB@SHNMR�4GD@BSHU@SHNMNESGDRDQUHBDHR
BNMEHFTQDCHM
/etc/rc.conf@MC/etc/rc.conf.local�4GDCDE@TKSADG@UHNQHRBNMEHFTQDCHM
/etc/
defaults/rc.conf��4GD�RBQHOSR�QDRONMCR�@S�KD@RS�SN�RS@QS[RSNO[RS@STR�
# /etc/rc.d/sshd status
sshd is running as pid 552.
# shutdown now
# Go into single-user mode
# exit
# Go back to multi-user mode
# shutdown -p now
# Shutdown and halt the system
# shutdown -r now
# Reboot
4GDOQNBDRRinitB@M@KRNADTRDCSNQD@BGNMDNESGDENKKNVHMFRS@SDRKDUDK�&NQDW@LOKD
#init
6ENQ�QDANNS�
�(@KS�@MC�STQM�SGD�ONVDQ�NEE��RHFM@KUSR2
�'N�SN�RHMFKD TRDQ�LNCD��RHFM@KTERM
�2DANNS�SGD�L@BGHMD��RHFM@KINT
B"KNBJ�ETQSGDQ�KNFHMR��RHFM@KTSTP
P2DRB@M�SGD�SSXR���EHKD��RHFM@KHUP
Win
do
ws
3S@QS@MCRSNO@RDQUHBDVHSGDHSGDQSGDservice
nameNQ"service
description"�RGNVMHMSGD
3DQUHBDR�#NMSQNK�0@MDK�@R�ENKKNVR�
net stop WSearch
net start WSearch
# start search service
net stop "Windows Search"
net start "Windows Search"
# same as above using descr.
1.6
Re
se
t r
oo
t p
as
sw
ord
Lin
ux
me
th
od
1
!S�SGD�ANNS�KN@CDQ��KHKN�NQ�FQTA��DMSDQ�SGD�ENKKNVHMF�ANNS�NOSHNM�
init=/bin/sh
4GDJDQMDKVHKKLNTMSSGDQNNSO@QSHSHNM@MCinitVHKKRS@QSSGDANTQMDRGDKKHMRSD@CNErc@MCSGDM@
QTMKDUDK�5RDSGDBNLL@MCpasswd@SSGDOQNLOSSNBG@MFDSGDO@RRVNQC@MCSGDMQDANNS�&NQFDS
SGD�RHMFKD�TRDQ�LNCD�@R�XNT�MDDC�SGD�O@RRVNQC�ENQ�SG@S�
)E��@ESDQ�ANNSHMF��SGD�QNNS�O@QSHSHNM�HR�LNTMSDC�QD@C�NMKX��QDLNTMS�HS�QV�
# mount -o remount,rw /
# passwd
# or delete the root password (/etc/shadow)
# sync; mount -o remount,ro /
# sync before to remount read only
# reboot
Fre
eB
SD
me
th
od
1
/M&QDD"3$�ANNSHMRHMFKDTRDQLNCD�QDLNTMS�QV@MCTRDO@RRVC�9NTB@MRDKDBSSGDRHMFKD
TRDQLNCDNMSGDANNSLDMT�NOSHNM�VGHBGHRCHROK@XDCENQ��RDBNMCR@SRS@QSTO�4GDRHMFKD
TRDQ�LNCD�VHKK�FHUD�XNT�@�QNNS�RGDKK�NM�SGD���O@QSHSHNM�
# mount -u /; mount -a
# will mount / rw
# passwd
# reboot
c�3XRSDL�c
�
Un
ixe
s a
nd
Fre
eB
SD
an
d L
inu
x m
eth
od
2
/SGDQ5MHWDRLHFGSMNSKDSXNTFN@V@XVHSGSGDRHLOKDHMHSSQHBJ�4GDRNKTSHNMHRSNLNTMSSGDQNNS
O@QSHSHN
M�EQNL�@M�NSGDQ�/3��KHJD�@�QDRBTD�#$�@MC�BG@MFD�SGD�O@RRVNQC�NM�SGD�CHRJ�
a"NNS�@�KHUD�#$�NQ�HMRS@KK@SHNM�#$�HMSN�@�QDRBTD�LNCD�VGHBG�VHKK�FHUD�XNT�@�RGDKK�
a&HMC�SGD�QNNS�O@QSHSHN
M�VHSG�ECHRJ�D�F��ECHRJ��CDU�RC@
a-NTMS�HS�@
MC�TRD�BGQNNS�
# mount -o rw /dev/ad4s3a /mnt
# chroot /mnt
# chroot into /mnt
# passwd
# reboot
1.7
Ke
rn
el m
od
ule
s
Lin
ux
# lsmod
# List all modules loaded in the kernel
# modprobe isdn
# To load a module (here isdn)
Fre
eB
SD
# kldstat
# List all modules loaded in the kernel
# kldload crypto
# To load a module (here crypto)
1.8
Co
mp
ile K
ern
el
Lin
ux
# cd /usr/src/linux
# make mrproper
# Clean everything, including config files
# make oldconfig
# Reuse the old .config if existent
# make menuconfig
# or xconfig (Qt) or gconfig (GTK)
# make
# Create a compressed kernel image
# make modules
# Compile the modules
# make modules_install
# Install the modules
# make install
# Install the kernel
# reboot
Fre
eB
SD
/OSHNM@KKX�TOC@SD�SGD�RNTQBD�SQDD��HM
/usr/src�VHSG�BRTO��@R�NE�&QDD"3$�����NQ�K@SDQ�
# csup <supfile>
)�TRD�SGD�ENKKNVHMF�RTOEHKD�
*default host=cvsup5.FreeBSD.org # www.freebsd.org/handbook/cvsup.html#CVSUP-MIRRORS
*default prefix=/usr
*default base=/var/db
*default release=cvs delete tag=RELENG_7
src-all
4NLNCHEX@MCQDATHKCSGDJDQMDK�BNOXSGDFDMDQHBBNMEHFTQ@SHNMEHKDSN@MDVM@LD@MCDCHSHS@R
MDDCDC�XNTB@M@KRNDCHSSGDEHKD
GENERICCHQDBSKX�4NQDRS@QSSGDATHKC@ESDQ@MHMSDQQTOSHNM�@CC
SGD�NOSHNMNO_CLEAN=YESSN�SGD�L@JD�BNLL@MC�SN�@UNHC�BKD@MHMF�SGD�NAIDBSR�@KQD@CX�ATHKC�
# cd /usr/src/sys/i386/conf/
# cp GENERIC MYKERNEL
# cd /usr/src
# make buildkernel KERNCONF=MYKERNEL
# make installkernel KERNCONF=MYKERNEL
4N�QDATHKC�SGD�ETKK�/3�
# make buildworld
# Build the full OS but not the kernel
# make buildkernel
# Use KERNCONF as above if appropriate
# make installkernel
# reboot
# mergemaster -p
# Compares only files known to be essential
c�3XRSDL�c
�
# in .bashrc
bind '"\e[A"':history-search-backward# Use up and down arrow to search
bind '"\e[B"':history-search-forward
# the history. Invaluable!
set -o emacs
# Set emacs mode in bash (see below)
set bell-style visible
# Do not beep, inverse colors
# Set a nice prompt like [user@host]/path/todir>
PS1="\[\033[1;30m\][\[\033[1;34m\]\u\[\033[1;30m\]"
PS1="$PS1@\[\033[0;33m\]\h\[\033[1;30m\]]\[\033[0;37m\]"
PS1="$PS1\w\[\033[1;30m\]>\[\033[0m\]"
# To check the currently active aliases, simply type alias
alias ls='ls -aF'
# Append indicator (one of */=>@|)
alias ll='ls -aFls'
# Listing
alias la='ls -all'
alias ..='cd ..'
alias ...='cd ../..'
export HISTFILESIZE=5000
# Larger history
export CLICOLOR=1
# Use colors (if possible)
export LSCOLORS=ExGxFxdxCxDxDxBxBxExEx
20
.2tc
sh
2DCHQDBSR�@MC�OHODR�ENQ�SBRG�@MC�BRG��RHLOKD���@MC����@QD�SGD�R@LD�@R�RG�
# cmd >& file
# Redirect both stdout and stderr to file.
# cmd >>& file
# Append both stdout and stderr to file.
# cmd1 | cmd2
# pipe stdout to cmd2
# cmd1 |& cmd2
# pipe stdout and stderr to cmd2
4GD�RDSSHMFR�ENQ�BRG�SBRG�@QD�RDS�HM
~/.cshrc��QDKN@C�VHSG��RNTQBD��BRGQB���%W@LOKDR�
# in .cshrc
alias ls 'ls -aF'
alias ll 'ls -aFls'
alias la 'ls -all'
alias .. 'cd ..'
alias ... 'cd ../..'
set prompt = "%B%n%b@%B%m%b%/> "# like user@host/path/todir>
set history = 5000
set savehist = ( 6000 merge )
set autolist
# Report possible completions with tab
set visiblebell
# Do not beep, inverse colors
# Bindkey and colors
bindkey -e Select Emacs bindings
# Use emacs keys to edit the command prompt
bindkey -k up history-search-backward# Use up and down arrow to search
bindkey -k down history-search-forward
setenv CLICOLOR 1
# Use colors (if possible)
setenv LSCOLORS ExGxFxdxCxDxDxBxBxExEx
4GDDL@BRLNCDDM@AKDRSNTRDSGDDL@BRJDXRRGNQSBTSRSNLNCHEXSGDBNLL@MCOQNLOSKHMD�
4GHR�HR�DWSQDLDKX�TRDETK��MNS�NMKX�ENQ�DL@BR�TRDQR��4GD�LNRS�TRDC�BNLL@MCR�@QD�
# @
-NUD�BTQRNQ�SN�ADFHMMHMF�NE�KHMD
# D
-NUD�BTQRNQ�SN�DMC�NE�KHMD
- A
-NUD�BTQRNQ�A@BJ�NMD�VNQC
- E
-NUD�BTQRNQ�ENQV@QC�NMD�VNQC
- C
#TS�SGD�MDWS�VNQC
# V
#TS�SGD�K@RS�VNQC
# T
#TS�DUDQXSGHMF�ADENQD�SGD�BTQRNQ
# J
#TS�DUDQXSGHMF�@ESDQ�SGD�BTQRNQ��QD
RS�NE�SGD�KHMD
# X
0@RSD�SGD�K@RS�SGHMF�SN�AD�BTS��RHLOKX�O@RSD
# ?
5MCN
Note
:# ���GNKC�BNMSQNK��- ���GNKC�LDS@��VGHBG�HR�TRT@KKX�SGD�@KS�NQ�DRB@OD�JDX�
c�3GDKKR�c
��
change
the
valu
es
of
soft
and
hard�)EMNSRODBHEHDC�SGDAKNBJR@QD�J�4GDFQ@BDODQHNCHRRDSVHSG
edquota -t��&NQ�DW@LOKD�
# edquota -u colin
Lin
ux
Disk quotas for user colin (uid 1007):
Filesystem blocks soft hard inodes soft hard
/dev/sda8 108 1000 2000 1 0 0
Fre
eB
SD
Quotas for user colin:
/home: kbytes in use: 504184, limits (soft = 700000, hard = 800000)
inodes in use: 1792, limits (soft = 0, hard = 0)
Fo
r m
an
y u
se
rs
4GDBNLL@MCedquota
-pHRTRDCSNCTOKHB@SD@PTNS@SNNSGDQTRDQR�&NQDW@LOKDSNCTOKHB@SD@
QDEDQDMBD�PTNS@�SN�@KK�TRDQR�
# edquota -p refuser `awk -F: '$3 > 499 {print $1}' /etc/passwd`
# edquota -p refuser user1 user2
# Duplicate to 2 users
Ch
eck
s
5RDQRB@MBGDBJSGDHQPTNS@AXRHLOKXSXOHMFquota�SGDEHKDPTNS@�TRDQLTRSADQD@C@AKD�2NNS
B@M�BGDBJ�@KK�PTNS@R�
# quota -u colin
# Check quota for a user
# repquota /home
# Full report for the partition for all users
20
SH
EL
LS
-NRS,HMTWCHRSQHATSHNMRTRDSGDA@RGRGDKKVGHKDSGD"3$RTRDSBRG�SGDANTQMDRGDKKHRNMKXTRDC
ENQ�RBQHOSR��&HKSDQR�@QD�UDQX�TRDETK�@MC�B@M�AD�OHODC�
grep0@SSDQM�L@SBGHMF
sed3D@QBG�@MC�2DOK@BD�RSQHMFR�NQ�BG@Q@BSDQR
cut0QHMS�RODBHEHB�BNKTLMR�EQNL�@�L@QJDQ
sort3NQS�@KOG@ADSHB@KKX�NQ�MTLDQHB@KKX
uniq2DLNUD�CTOKHB@SD�KHMDR�EQNL�@�EHKD
&NQ�DW@LOKD�TRDC�@KK�@S�NMBD�
# ifconfig | sed 's/ / /g' | cut -d" " -f1 | uniq | grep -E "[a-z0-9]+" | sort -r
# ifconfig | sed '/.*inet addr:/!d;s///;s/ .*//'|sort -t. -k1,1n -k2,2n -k3,3n -k4,4n
4GD�EHQRS�BG@Q@BSDQ�HM�SGD�RDC�O@SSDQM�HR�@�S@A��4N�VQHSD�@�S@A�NM�SGD�BNMRNKD��TRD�BSQK U�BSQK S@A�
20
.1b
as
h
2DCHQDBSR�@MC�OHODR�ENQ�A@RG�@MC�RG�
# cmd 1> file
# Redirect stdout to file.
# cmd 2> file
# Redirect stderr to file.
# cmd 1>> file
# Redirect and append stdout to file.
# cmd &> file
# Redirect both stdout and stderr to file.
# cmd >file 2>&1
# Redirects stderr to stdout and then to file.
# cmd1 | cmd2
# pipe stdout to cmd2
# cmd1 2>&1 | cmd2
# pipe stdout and stderr to cmd2
-NCHEXXNTQBNMEHFTQ@SHNMHM]��A@RGQB�HSB@M@KRNAD]��A@RG?OQNEHKD�4GDENKKNVHMFDMSQHDR@QD
TRDETK�QDKN@CVHSG���A@RGQB��7HSGBXFVHMTRD]��A@RG?OQNEHKD�VHSGQWUSO@RSVHSGRGHES�KDES
BKHBJ�
c�3GDKKR�c
��
# make installworld
# mergemaster -i -U
# Update all configurations and other files
# reboot
&NQ�RL@KK�BG@MFDR�HM�SGD�RNTQBD�XNT�B@M�TRD�./?#,%!.�XDR�SN�@UNHC�QDATHKCHMF�SGD�VGNKD�SQDD�
# make buildworld NO_CLEAN=yes
# Don't delete the old objects
# make buildkernel KERNCONF=MYKERNEL NO_CLEAN=yes
1.9
Re
pa
ir g
ru
b
3NXNTAQNJDFQTA�"NNSEQNL@KHUDBC�;EHMCXNTQKHMTWO@QSHSHNMTMCDQ/dev@MCTRDfdiskSNEHMC
SGDKHMTWO@QSHNM=LNTMSSGDKHMTWO@QSHSHNM�@CC�OQNB@MC�CDU@MCTRDgrub-install
/dev/xyz�
3TOONRD�KHMTW�KHDR�NM/dev/sda6�
# mount /dev/sda6 /mnt
# mount the linux partition on /mnt
# mount --bind /proc /mnt/proc
# mount the proc subsystem into /mnt
# mount --bind /dev /mnt/dev
# mount the devices into /mnt
# chroot /mnt
# change root to the linux partition
# grub-install /dev/sda
# reinstall grub with your old settings
2P
RO
CE
SS
ES
,HRSHMF�O�[0QHNQHSX�O�["@BJFQNTMC�&NQDFQNTMC�O�[4NO�O�[+HKK�O�
2.1
Lis
tin
g a
nd
PID
s
%@BG�OQNBDRR�G@R�@�TMHPTD�MTLADQ��SGD�0)$��!�KHRS�NE�@KK�QTMMHMF�OQNBDRR�HR�QDSQHDUDC�VHSGps�
# ps -auxefw
# Extensive list of all running process
(NVDUDQLNQDSXOHB@KTR@FDHRVHSG@OHODNQVHSGpgrep�ENQ/38HMRS@KKproctoolsEQNL-@B0NQSR
�O@FD��� �
# ps axww | grep cron
586 ?? Is 0:01.48 /usr/sbin/cron -s
# ps axjf
# All processes in a tree format (Linux)
# ps aux | grep 'ss[h]'
# Find all ssh pids without the grep pid
# pgrep -l sshd
# Find the PIDs of processes by (part of) name
# echo $$
# The PID of your shell
# fuser -va 22/tcp
# List processes using port 22 (Linux)
# pmap PID
# Memory map of process (hunt memory leaks) (Linux)
# fuser -va /home
# List processes accessing the /home partition
# strace df
# Trace system calls and signals
# truss df
# same as above on FreeBSD/Solaris/Unixware
2.2
Prio
rit
y
#G@MFDSGDOQHNQHSXNE@QTMMHMFOQNBDRRVHSGrenice�N
eg
ati
ve
nu
mb
ers
have
ah
igh
er
prio
rit
y�
SGD�KNVDRS�HR� ���@MC��MHBD��G@UD�@�ONRHSHUD�U@KTD�
# renice -5 586
# Stronger priority
586: old priority 0, new priority -5
3S@QSSGDOQNBDRRVHSG@CDEHMDCOQHNQHSXVHSGnice�0NRHSHUDHR�MHBD�NQVD@J�MDF@SHUDHRRSQNMF
RBGDCTKHMFOQHNQHSX�-@JDRTQDXNTJMNVHE/usr/bin/niceNQSGDRGDKKATHKS HMHRTRDC�BGDBJVHSG
# which nice�
# nice -n -5 top
# Stronger priority (/usr/bin/nice)
# nice -n 5 top
# Weaker priority (/usr/bin/nice)
# nice +5 top
# tcsh builtin nice (same as above!)
7GHKDMHBDBG@MFDRSGD#05RBGDCTKDQ�@MNSGDQTRDETKBNLL@MCioniceVHKKRBGDCTKDSGDCHRJ)/�
4GHRHRUDQXTRDETKENQHMSDMRHUD)/@OOKHB@SHNM�D�F�BNLOHKHMF�9NTB@MRDKDBS@BK@RR�HCKD ADRS
DEENQS� �QD@K�SHLD��SGD�L@M�O@FD�HR�RGNQS�@MC�VDKK�DWOK@HMDC�
c�0QNBDRRDR�c
�
# ionice c3 -p123
# set idle class for pid 123 (Linux only)
# ionice -c2 -n0 firefox
# Run firefox with best effort and high priority
# ionice -c3 -p$$
# Set the actual shell to idle priority
4GDK@RSBNLL@MCHRUDQXTRDETKSNBNLOHKD�NQCDATF@K@QFDOQNIDBS�%UDQXBNLL@MCK@TMBGDC
EQNL�SGHR�RGDKK�VHKK�G@UD�@�KNUDQ�OQHNQHSX�$$HR�XNTQ�RGDKK�OHC��SQX
�DBGN����
&QDD"3$�TRDRidprio/rtprio�����L@W�OQHNQHSX�������LNRS�HCKD�
# idprio 31 make
# compile in the lowest priority
# idprio 31 -1234
# set PID 1234 with lowest priority
# idprio -t -1234
# -t removes any real time/idle priority
2.3
Ba
ck
gro
un
d/
Fo
re
gro
un
d
7GDMRS@QSDCEQNL@RGDKK�OQNBDRRDRB@MADAQNTFGSHMSGDA@BJFQNTMC@MCA@BJSNSGDENQDFQNTMC
VHSG�;#SQK= ;:
=��>:�bg@MCfg��,HRS�SGD�OQNBDRRDR�VHSG
jobs�
# ping cb.vu > ping.log
^Z
# ping is suspended (stopped) with [Ctrl]-[Z]
# bg
# put in background and continues running
# jobs -l
# List processes in background
[1] - 36232 Running ping cb.vu > ping.log
[2] + 36233 Suspended (tty output) top
# fg %2
# Bring process 2 back in foreground
5RDnohupSNRS@QS@OQNBDRRVGHBGG@RSNJDDOQTMMHMFVGDMSGDRGDKKHRBKNRDC�HLLTMDSN
G@MFTOR�
# nohup ping -i 60 > ping.log &
2.4
To
p
4GDOQNFQ@L
topCHROK@XRQTMMHMFHMENQL@SHNMNEOQNBDRRDR�3DD@KRNSGDOQNFQ@L
htopEQNL
GSNO�RNTQBDENQFD�MDS�@LNQDONVDQETKUDQRHNMNESNOVGHBGQTMRNM,HMTW@MC&QDD"3$�ports/
sysutils/htop/��7
GHKD�SNO�HR�QTMMHMF�OQDRR�SGD�JDX�G�ENQ�@�GDKO�NUDQUHDV��5RDETK�JDXR�@QD�
au
[u
ser
nam
e]4NCHROK@XNMKXSGDOQNBDRRDRADKNMFHMFSNSGDTRDQ�5RD�NQAK@MJSNRDD
@KK�TRDQR
ak [
pid
]+HKK�SG
D�OQNBDRR�VHSG�OHC�
a14N�CHROK@X�@KK�OQNBDRRNQR�RS@SHRSHBR��,HMTW�NMKX
aR4NFFKD�MNQL@K�QDUDQRD�RNQS�
2.5
Sig
na
ls/
Kill
4DQLHM@SD�NQ�RDMC�@�RHFM@K�VHSG
killNQkillall�
# ping -i 60 cb.vu > ping.log &
[1] 4712
# kill -s TERM 4712
# same as kill -15 4712
# killall -1 httpd
# Kill HUP processes by exact name
# pkill -9 http
# Kill TERM processes by (part of) name
# pkill -TERM -u www
# Kill TERM processes owned by www
# fuser -k -TERM -m /home
# Kill every process accessing /home (to umount)
)LONQS@MS�RHFM@KR�@QD�
�HUP�G@MF�TO
�INT�HMSDQQTOS
�QUIT�PTHS
�KILL�MNM B@SBG@AKD��MNM HFMNQ@AKD�JHKK
��
TERM�RNESV@QD�SDQLHM@SHNM�RHFM@K
c�0QNBDRRDR�c
�
Du
mp
an
d r
esto
re
)SB@MADTRDETKSNCTLO@MCQDRSNQD@M31,HSDC@S@A@RD�&NQDW@LOKDXNTB@MDCHSSGDCTLOEHKD
SNBG@MFD@BNKTLM@SSQHA
TSDNQSXOD@MCSGDMQDRSNQDSGDC@S@A@RD�4GHRHRD@RHDQSG@MLDRRHMF
VHSG�31,�BNLL@MCR��5RD�SGD�BNLL@MCsqlite3ENQ�@���W�C@S@A@RD�
# sqlite database.db .dump > dump.sql
# dump
# sqlite database.db < dump.sql
# restore
Co
nv
ert 2
.x t
o 3
.x d
ata
ba
se
sqlite database_v2.db .dump | sqlite3 database_v3.db
19
DI
SK
Q
UO
TA
!CHRJPTNS@@KKNVRSNKHLHSSGD@LNTMSNECHRJRO@BD@MC�NQSGDMTLADQNEEHKDR@TRDQNQ�NQ
LDLADQNEFQNTOB@MTRD�4GDPTNS@R@QD@KKNB@SDCNM@ODQ EHKD
RXRSDLA@RHR@MC@QDDMENQBDCAX
SGD�JDQMDK�
19
.1L
inu
x s
etu
p
4GD�PTNS@�SNNKR�O@BJ@FD�TRT@KKX�MDDCR�SN�AD�HMRS@KKDC��HS�B
NMS@HMR�SGD�BNLL@MC�KHMD�SNNKR�
!BSHU@SDSGDTRDQPTNS@HMSGDERS@A@MCQDLNTMSSGDO@QSHSHN
M�)ESGDO@QSHSHN
MHRATRX�DHSGDQ@KK
KNBJDCEHKDRLTRSADBKNRDC�NQSGDRXRSDLLTRSADQDANNSDC�!CCusrquotaSNSGDERS@ALNTMS
NOSHNMR��ENQ�DW@LOKD�
/dev/sda2 /home reiserfs rw,acl,user_xattr,usrquota 1 1
# mount -o remount /home
# mount
# Check if usrquota is active, otherwise reboot
)MHSH@KHYD�SGD�PTNS@�TRDQ�EHKD
�VHSG
quotacheck�
# quotacheck -vum /home
# chmod 644 /home/aquota.user
# To let the users check their own quota
!BSHU@SDSGDPTNS@DHSGDQVHSGSGDOQNUHCDCRBQHOS�D�F��DSB�HMHS�C�PTNS@CNM3T3%NQVHSG
quotaon�
quotaon -vu /home
#GDBJ�SG@S�SGD�PTNS@�HR�@BSHUD�VHSG�
quota -v
19
.2F
re
eB
SD
se
tu
p
4GDPTNS@SNNKR@QDO@QSNESGDA@RDRXRSDL�GNVDUDQSGDJDQMDKMDDCRSGDNOSHNMPTNS@�)EHSHRMNS
SGDQD��@CC�HS�@MCQDBNLOHKDSGD�JDQMDK�
options QUOTA
!R�VHSG�,HMTW��@CC�SGD�PTNS@�SN�SGD�ERS@A�NOSHNMR��TRDQPTNS@��MNS�TRQPTNS@�
/dev/ad0s1d /home ufs rw,noatime,userquota 2 2
# mount /home
# To remount the partition
%M@AKD�CHRJ�PTNS@R�HM��DSB�QB�BNME�@MC�RS@QS�SG
D�PTNS@�
# grep quotas /etc/rc.conf
enable_quotas="YES"
# turn on quotas on startup (or NO).
check_quotas="YES"
# Check quotas on startup (or NO).
# /etc/rc.d/quota start
19
.3A
ss
ign
qu
ota
limit
s
4GDPTNS@R@QDMNSKHLHSDCODQCDE@TKS�RDSSN��4GDKHLHSR@QDRDSVHSG
edquotaENQRHMFKDTRDQR�
!PTNS@B@MAD@KRNCTOKHB@SDCSNL@MXTRDQR�4GDEHKDRSQTBSTQDHRCHEEDQDMSADSVDDMSGDPTNS@
HLOKDLDMS@SHNMR�ATSSGDOQHMBHOKDHRSGDR@LD�SGDU@KTDRNEAKNBJR@MCHMNCDRB@MADKHLHSDC�O
nly
���GSSO���V
VV�RPKHSD�NQF
c�$HRJ�1TNS@�c
��
# pg_dumpall --clean > full.dump
# psql -f full.dump postgres
)MSGHRB@RDSGDQDRSNQDHRRS@QSDCVHSGSGDC@S@A@RDONRSFQDRVGHBGHRADSSDQVGDMQDKN@CHMF@M
DLOSX�BKTRSDQ�
18
.2M
yS
QL
Ch
an
ge
my
sq
l ro
ot o
r u
se
rn
am
e p
assw
ord
Meth
od 1
# /etc/init.d/mysql stop
or
# killall mysqld
# mysqld --skip-grant-tables
# mysqladmin -u root password 'newpasswd'
# /etc/init.d/mysql start
Meth
od 2
# mysql -u root mysql
mysql>UPDATE USER SET PASSWORD=PASSWORD("newpassword") where user='root';
mysql>FLUSH PRIVILEGES;
# Use username instead of "root"
mysql>quit
Cre
ate
use
r a
nd
da
ta
ba
se
(se
eM
yS
QL
do
c��)
# mysql -u root mysql
mysql>CREATE USER 'bob'@'localhost' IDENTIFIED BY 'pwd';# create only a user
mysql>CREATE DATABASE bobdb;
mysql>GRANT ALL ON *.* TO 'bob'@'%' IDENTIFIED BY 'pwd';# Use localhost instead of %
# to restrict the network access
mysql>DROP DATABASE bobdb;
# Delete database
mysql>DROP USER bob;
# Delete user
mysql>DELETE FROM mysql.user WHERE user='bob and host='hostname';# Alt. command
mysql>FLUSH PRIVILEGES;
Gra
nt r
em
ote
acce
ss
2DLNSD@BBDRRHRSXOHB@KKXODQLHSSDCENQ@C@S@A@RD�@MCMNS@KKC@S@A@RDR�4GDEHKD
/etc/my.cnf
BNMS@HMRSGD)0@CCQDRRSNAHMCSN��/M&QDD"3$
my.cnfMNSBQD@SDCODQEDC@TKS�BNOXNMD.cnf
EHKDEQNL
/usr/local/share/mysqlSN
/usr/local/etc/my.cnf4XOHB@KKXBNLLDMSSGDKHMDbind-
address =NTS�
# mysql -u root mysql
mysql>GRANT ALL ON bobdb.* TO bob@'xxx.xxx.xxx.xxx' IDENTIFIED BY 'PASSWORD';
mysql>REVOKE GRANT OPTION ON foo.* FROM bar@'xxx.xxx.xxx.xxx';
mysql>FLUSH PRIVILEGES;
# Use 'hostname' or also '%' for full access
Ba
ck
up
an
d r
esto
re
"@BJTO�@MC�QDRSNQD�@�RHMFKD�C@S@A@RD�
# mysqldump -u root -psecret --add-drop-database dbname > dbname_sql.dump
# mysql -u root -psecret -D dbname < dbname_sql.dump
"@BJTO�@MC�QDRSNQD�@KK�C@S@A@RDR�
# mysqldump -u root -psecret --add-drop-database --all-databases > full.dump
# mysql -u root -psecret < full.dump
(DQDHR�RDBQDS�SGDLXRPKQNNSO@RRVNQC�SGDQDHRMNRO@BD@ESDQ O�7GDMSGD ONOSHNMHRTRDC
@KNMD��V�N�O@RRVNQC��SGD�O@RRVNQC�HR�@RJDC�@S�SGD�BNLL@MC�OQNLOS�
18
.3S
QL
ite
31,HSD��HR�@�RL@KK�ONVDQETK�RDKE BNMS@HMDC��RDQUDQKDRR��YDQN BNMEHFTQ@SHNM�31,�C@S@A@RD�
���GSSO���CDU�LXRPK�BNL�CNB�QDEL@M�����DM�@CCHMF TRDQR�GSLK
c�$@S@A@RDR�c
��
3F
IL
E S
YS
TE
M$HRJHMEN�O�["NNS�O�[$HRJTR@FD�O�[/ODMDCEHKDR�O�[-NTMS�QDLNTMS�O��[-NTMS
3-"�O��[-NTMSHL@FD�O��["TQM)3/�O��[#QD@SDHL@FD�O��[-DLNQXCHRJ�O��[$HRJ
ODQENQL@MBD�O��
3.1
Pe
rm
iss
ion
s
#G@MFDODQLHRRHNM@MCNVMDQRGHOVHSGchmod@MCchown�4GDCDE@TKSTL@RJB@MADBG@MFDCENQ@KK
TRDQRHM�DSB�OQNEHKDENQ,HMTWNQ�DSB�KNFHM�BNMEENQ&QDD"3$�4GDCDE@TKSTL@RJHRTRT@KKX����4GD
TL@RJ�HR�RTASQ@BSDC�EQNL������SGTR�TL@RJ�����QDRTKSR�HM�@�ODQLHRRHNM��E�����
1 --x execute
# Mode 764 = exec/read/write | read/write | read
2 -w- write
# For: |-- Owner --| |- Group-| |Oth|
4 r-- read
ugo=a
u=user, g=group, o=others, a=everyone
# chmod [OPTION] MODE[,MODE] FILE
# MODE is of the form [ugoa]*([-+=]([rwxXst]))
# chmod 640 /var/log/maillog
# Restrict the log -rw-r-----
# chmod u=rw,g=r,o= /var/log/maillog# Same as above
# chmod -R o-r /home/*
# Recursive remove other readable for all users
# chmod u+s /path/to/prog
# Set SUID bit on executable (know what you do!)
# find / -perm -u+s -print
# Find all programs with the SUID bit
# chown user:group /path/to/file
# Change the user and group ownership of a file
# chgrp group /path/to/file
# Change the group ownership of a file
# chmod 640 `find ./ -type f -print`# Change permissions to 640 for all files
# chmod 751 `find ./ -type d -print`# Change permissions to 751 for all directories
3.2
Dis
k i
nfo
rm
atio
n
# diskinfo -v /dev/ad2
# information about disk (sector/size) FreeBSD
# hdparm -I /dev/sda
# information about the IDE/ATA disk (Linux)
# fdisk /dev/ad2
# Display and manipulate the partition table
# smartctl -a /dev/ad2
# Display the disk SMART info
3.3
Bo
ot
Fre
eB
SD
4N�ANNS�@M�NKC�JDQMDK�HE�SGD�MDV�JDQMDK�CNDRM�S�ANNS��RSNO�SGD�ANNS�@S�CTQHMF�SGD�BNTMS�CNVM�
# unload
# load kernel.old
# boot
3.4
Sy
ste
m m
ou
nt p
oin
ts
/D
isk
us
ag
e
# mount | column -t
# Show mounted file-systems on the system
# df
# display free disk space and mounted devices
# cat /proc/partitions
# Show all registered partitions (Linux)
Dis
k u
sa
ge
# du -sh *
# Directory sizes as listing
# du -csh
# Total directory size of the current directory
# du -ks * | sort -n -r
# Sort everything by size in kilobytes
# ls -lSr
# Show files, biggest last
3.5
Wh
o h
as
wh
ich
fil
es
op
en
ed
4GHRHRTRDETKSNEHMCNTSVGHBGEHKDHRAKNBJHMF@O@QSHSHNMVGHBGG@RSNADTMLNTMSDC@MCFHUDR@
SXOHB@K�DQQNQ�NE�
c�&HKD�3XRSDL�c
�
# umount /home/
umount: unmount of /home
# umount impossible because a file is locking home
failed: Device busy
Fre
eB
SD
an
d m
ost U
nix
es
# fstat -f /home
# for a mount point
# fstat -p PID
# for an application with PID
# fstat -u user
# for a user name
&HMC�NODMDC�KNF�EHKD��NQ�NSGDQ�NODMDC�EHKDR��R@X�ENQ�8NQF�
# ps ax | grep Xorg | awk '{print $1}'
1252
# fstat -p 1252
USER CMD PID FD MOUNT INUM MODE SZ|DV R/W
root Xorg 1252 root / 2 drwxr-xr-x 512 r
root Xorg 1252 text /usr 216016 -rws--x--x 1679848 r
root Xorg 1252 0 /var 212042 -rw-r--r-- 56987 w
4GD�EHKD�VHSG�HMTL��������HR�SGD�NMKX�EHKD�HM��U@Q�
# find -x /var -inum 212042
/var/log/Xorg.0.log
Lin
ux
&HMC�NODMDC�EHKDR�NM�@�LNTMS�ONHMS�VHSG
fuserNQlsof�
# fuser -m /home
# List processes accessing /home
# lsof /home
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
tcsh 29029 eedcoba cwd DIR 0,18 12288 1048587 /home/eedcoba (guam:/home)
lsof 29140 eedcoba cwd DIR 0,18 12288 1048587 /home/eedcoba (guam:/home)
!ANTS�@M�@OOKHB@SHNM�
ps ax | grep Xorg | awk '{print $1}'
3324
# lsof -p 3324
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
Xorg 3324 root 0w REG 8,6 56296 12492 /var/log/Xorg.0.log
!ANTS�@�RHMFKD�EHKD�
# lsof /var/log/Xorg.0.log
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
Xorg 3324 root 0w REG 8,6 56296 12492 /var/log/Xorg.0.log
3.6
Mo
un
t/
re
mo
un
t a
file
sy
ste
m
&NQ�DW@LOKD�SGD�BCQNL��)E�KHR
SDC�HM��DSB�ERS@A�
# mount /cdrom
/Q�EHM
C�SGD�CDUHBD�HM��CDU��NQ�VHSG�CLDRF
Fre
eB
SD
# mount -v -t cd9660 /dev/cd0c /mnt
# cdrom
# mount_cd9660 /dev/wcd0c /cdrom
# other method
# mount -v -t msdos /dev/fd0c /mnt
# floppy
%MSQX�HM��DSB�ERS@A�
# Device Mountpoint FStype Options Dump Pass#
/dev/acd0 /cdrom cd9660 ro,noauto 0 0
4N�KDS�TRDQR�CN�HS�
# sysctl vfs.usermount=1
# Or insert the line "vfs.usermount=1" in /etc/sysctl.conf
c�&HKD�3XRSDL�c
��
17
PR
IN
TI
NG
17
.1P
rin
t w
ith
lpr
# lpr unixtoolbox.ps
# Print on default printer
# export PRINTER=hp4600
# Change the default printer
# lpr -Php4500 #2 unixtoolbox.ps
# Use printer hp4500 and print 2 copies
# lpr -o Duplex=DuplexNoTumble ...
# Print duplex along the long side
# lpr -o PageSize=A4,Duplex=DuplexNoTumble ...
# lpq
# Check the queue on default printer
# lpq -l -Php4500
# Queue on printer hp4500 with verbose
# lprm -
# Remove all users jobs on default printer
# lprm -Php4500 3186
# Remove job 3186. Find job nbr with lpq
# lpc status
# List all available printers
# lpc status hp4500
# Check if printer is online and queue length
3NLDCDUHBDR@QDMNSONRSRBQHOS@MCVHKKOQHMSF@QA@FDVGDMEDCVHSG@OCEEHKD�4GHRLHFGSADRNKUDC
VHSG�
# gs -dSAFER -dNOPAUSE -sDEVICE=deskjet -sOutputFile=\|lpr file.pdf
0QHMSSN@0$&EHKDDUDMHESGD@OOKHB@SHNMCNDRMNSRTOONQSHS�5RDgsNMSGDOQHMSBNLL@MCHMRSD@C
NElpr�
# gs -q -sPAPERSIZE=a4 -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -sOutputFile=/path/file.pdf
18
DA
TA
BA
SE
S
18
.1P
os
tg
re
SQ
L
Ch
an
ge
ro
ot o
r a
use
rn
am
e p
assw
ord
# psql -d template1 -U pgsql
> alter user pgsql with password 'pgsql_password';
# Use username instead of "pgsql"
Cre
ate
use
r a
nd
da
ta
ba
se
4GDBNLL@MCRcreateuser�dropuser�createdb@MCdropdb@QDBNMUDMHDMSRGNQSBTSRDPTHU@KDMS
SNSGD31,BNLL@MCR�4GDMDVTRDQHRANAVHSGC@S@A@RDANACA�TRD@RQNNSVHSGOFRPKSGD
C@S@A@RD�RTODQ�TRDQ�
# createuser -U pgsql -P bob
# -P will ask for password
# createdb -U pgsql -O bob bobdb
# new bobdb is owned by bob
# dropdb bobdb
# Delete database bobdb
# dropuser bob
# Delete user bob
4GD�FDMDQ@K�C@S@A@RD�@TSGDMSHB@SHNM�LDBG@MHRL�HR�BNMEHFTQDC�HM�OF?GA@�BNME
Gra
nt r
em
ote
acce
ss
4GDEHKD
$PGSQL_DATA_D/postgresql.confRODBHEHDRSGD@CCQDRRSN
AHMCSN�4XOHB@KKX
listen_addresses = '*'ENQ�0NRSFQDR���W�
4GD�EHKD
$PGSQL_DATA_D/pg_hba.confCDEHMDR�SGD�@BBDRR�BNMSQNK��%W@LOKDR�
# TYPE DATABASE USER IP-ADDRESS IP-MASK METHOD
host bobdb bob 212.117.81.42 255.255.255.255 password
host all all 0.0.0.0/0 password
Ba
ck
up
an
d r
esto
re
4GDA@BJTOR@MCQDRSNQD@QDCNMDVHSGSGDTRDQOFRPKNQONRSFQDR�"@BJTO@MCQDRSNQD@RHMFKD
C@S@A@RD�
# pg_dump --clean dbname > dbname_sql.dump
# psql dbname < dbname_sql.dump
"@BJTO�@MC�QDRSNQD�@KK�C@S@A@RDR��HMBKTCHMF�TRDQR�
c�0QHMSHMF�c
��
# iconv -f <from_encoding> -t <to_encoding> <input_file>
# iconv -f ISO8859-1 -t UTF-8 -o file.input > file_utf8
# iconv -l
# List known coded character sets
7HSGNTSSGD ENOSHNM�HBNMUVHKKTRDSGDKNB@KBG@Q RDS�VGHBGHRTRT@KKXEHMDHESGDCNBTLDMSCHROK@XR
VDKK�
16
.2U
nix
- D
OS
ne
wli
ne
s
#NMUDQS$/3�#2�,&SN5MHW�,&MDVKHMDR@MCA@BJ
wit
hin
aU
nix
sh
ell�3DD@KRNdos2unix@MC
unix2dosHE�XNT�G@UD�SGDL�
# sed 's/.$//' dosfile.txt > unixfile.txt
# DOS to UNIX
# awk '{sub(/\r$/,"");print}' dosfile.txt > unixfile.txt
# DOS to UNIX
# awk '{sub(/$/,"\r");print}' unixfile.txt > dosfile.txt
# UNIX to DOS
#NMUDQS5MHWSN$/3MDVKHMDR
wit
hin
aW
ind
ow
sen
vir
on
men
t�5RDRDCNQ@VJEQNLLHMFVNQ
BXFVHM�
# sed -n p unixfile.txt > dosfile.txt
# awk 1 unixfile.txt > dosfile.txt
# UNIX to DOS (with a cygwin shell)
16
.3P
DF
to
Jp
eg
an
d c
on
ca
te
na
te
PD
F f
ile
s
#NMUDQS@0$&CNBTLDMSVHSGgs�'GNRS3BQHOSSNIODF�NQOMFHL@FDRENQD@BGO@FD�!KRNLTBG
RGNQSDQ�VHSGconvert@MCmogrify�EQNL�)L@FD-@FHBJ�NQ�'Q@OGHBR-@FHBJ�
# gs -dBATCH -dNOPAUSE -sDEVICE=jpeg -r150 -dTextAlphaBits=4 -dGraphicsAlphaBits=4 \
-dMaxStripSize=8192 -sOutputFile=unixtoolbox_%d.jpg unixtoolbox.pdf
# convert unixtoolbox.pdf unixtoolbox-%03d.png
# convert *.jpeg images.pdf
# Create a simple PDF with all pictures
# convert image000* -resample 120x120 -compress JPEG -quality 80 images.pdf
# mogrify -format png *.ppm
# convert all ppm images to png format
'GNRSRBQHOSB@M@KRNBNMB@SDM@SDLTKSHOKDOCEEHKDRHMSN@RHMFKDNMD�4GHRNMKXVNQJRVDKKHESGD0$&
EHKDR�@QD��VDKK�ADG@UDC��
# gs -q -sPAPERSIZE=a4 -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -sOutputFile=all.pdf \
file1.pdf file2.pdf ...
# On Windows use '#' instead of '='
16
.4C
on
ve
rt v
ide
o
#NLOQDRR�SGD�#@MNM�CHFHB@L�UHCDN�VHSG�@M�LODF��BNCDB�@MC�QDO@HQ�SGD�BQ@OOX�RNTMC�
# mencoder -o videoout.avi -oac mp3lame -ovc lavc -srate 11025 \
-channels 1 -af-adv force=1 -lameopts preset=medium -lavcopts \
vcodec=msmpeg4v2:vbitrate=600 -mc 0 vidoein.AVI
3DDRNWENQ�RNTMC�OQNBDRRHMF�
16
.5C
op
y a
n a
ud
io c
d
4GDOQNFQ@L
cdparanoia��B@MR@UDSGD@TCHNSQ@BJR�&QDD"3$ONQSHM@TCHN�BCO@Q@MNH@��oggenc
B@M�DMBNCD�HM�/FF�6NQAHR�ENQL@S�lameBNMUDQSR�SN�LO��
# cdparanoia -B
# Copy the tracks to wav files in current dir
# lame -b 256 in.wav out.mp3
# Encode in mp3 256 kb/s
# for i in *.wav; do lame -b 256 $i `basename $i .wav`.mp3; done
# oggenc in.wav -b 256 out.ogg
# Encode in Ogg Vorbis 256 kb/s
���GSSO���WHOG�NQF�O@Q@MNH@�
c�#NMUDQS�-DCH@�c
��
Lin
ux
# mount -t auto /dev/cdrom /mnt/cdrom
# typical cdrom mount command
# mount /dev/hdc -t iso9660 -r /cdrom
# typical IDE
# mount /dev/scd0 -t iso9660 -r /cdrom
# typical SCSI cdrom
# mount /dev/sdc0 -t ntfs-3g /windows
# typical SCSI
%MSQX�HM��DSB�ERS@A�
/dev/cdrom /media/cdrom subfs noauto,fs=cdfss,ro,procuid,nosuid,nodev,exec 0 0
Mount
a F
reeB
SD
parti
tion w
ith L
inux
&HMCSGDO@QSHSHNMMTLADQBNMS@HMHMFVHSGECHRJ�SGHRHRTRT@KKXSGDQNNSO@QSHSHNM�ATSHSBNTKCAD@M
NSGDQ"3$RKHBDSNN�)ESGD&QDD"3$G@RL@MXRKHBDR�SGDX@QDSGDNMDMNSKHRSDCHMSGDECHRJS@AKD�
ATS�UHRHAKD�HM��CDU�RC@�NQ��CDU�GC@�
# fdisk /dev/sda
# Find the FreeBSD partition
/dev/sda3 * 5357 7905 20474842+ a5 FreeBSD
# mount -t ufs -o ufstype=ufs2,ro /dev/sda3 /mnt
/dev/sda10 = /tmp; /dev/sda11 /usr
# The other slices
Re
mo
un
t
2DLNTMS�@�CDUHBD�VHSGNTS�TMLNTMSHMF�HS��.DBDRR@QX�ENQ�ERBJ�ENQ�DW@LOKD
# mount -o remount,ro /
# Linux
# mount -o ro /
# FreeBSD
#NOX�SGD�Q@V�C@S@�EQNL�@�BCQNL�HMSN�@M�HRN�HL@FD�
# dd if=/dev/cd0c of=file.iso
3.7
Ad
d s
wa
p o
n-th
e-fly
3TOONRD�XNT�MDDC�LNQD�RV@O��QHFGS�MNV��R@X�@��'"�EHKD��RV@O�FA��,HMTW�NMKX�
# dd if=/dev/zero of=/swap2gb bs=1024k count=2000
# mkswap /swap2gb
# create the swap area
# swapon /swap2gb
# activate the swap. It now in use
# swapoff /swap2gb
# when done deactivate the swap
# rm /swap2gb
3.8
Mo
un
t a
n S
MB
sh
are
3TOONRDVDV@MSSN@BBDRRSGD3-"RG@QDLXRG@QDNMSGDBNLOTSDQRLARDQUDQ�SGD@CCQDRR@R
SXODCNM@7HMCNVR0#HR<<RLARDQUDQ<LXRG@QD<�7DLNTMSNM�LMS�RLARG@QD�7@QMHMF�BHER
V@MSR�@M�)0�NQ�$.3�M@LD��MNS�@�7HMCNVR�M@LD�
Lin
ux
# smbclient -U user -I 192.168.16.229 -L //smbshare/
# List the shares
# mount -t smbfs -o username=winuser //smbserver/myshare /mnt/smbshare
# mount -t cifs -o username=winuser,password=winpwd //192.168.16.229/myshare /mnt/share
!CCHSHNM@KKXVHSGSGDO@BJ@FDLNTMS�BHERHSHRONRRHAKDSNRSNQDSGDBQDCDMSH@KRHM@EHKD�ENQDW@LOKD
/home/user/.smb�
username=winuser
password=winpwd
!MC�LNTMS�@R�ENKKNV�
# mount -t cifs -o credentials=/home/user/.smb //192.168.16.229/myshare /mnt/smbshare
Fre
eB
SD
5RD� )�SN�FHUD�SGD�)0��NQ�$.3�M@LD��RLARDQUDQ�HR�SGD�7HMCNVR�M@LD�
# smbutil view -I 192.168.16.229 //winuser@smbserver
# List the shares
# mount_smbfs -I 192.168.16.229 //winuser@smbserver/myshare /mnt/smbshare
c�&HKD�3XRSDL�c
��
3.9
Mo
un
t a
n im
ag
e
# hdiutil mount image.iso
# OS X
Lin
ux
loo
p-b
ack
# mount -t iso9660 -o loop file.iso /mnt
# Mount a CD image
# mount -t ext3 -o loop file.img /mnt
# Mount an image with ext3 fs
Fre
eB
SD
7HSG�LDLNQX�CDUHBD��CN���JKCKN@C�LC�JN�HE�MDBDRR@QX�
# mdconfig -a -t vnode -f file.iso -u 0
# mount -t cd9660 /dev/md0 /mnt
# umount /mnt; mdconfig -d -u 0
# Cleanup the md device
/Q�VHSG�UHQST@K�MNCD�
# vnconfig /dev/vn0c file.iso; mount -t cd9660 /dev/vn0c /mnt
# umount /mnt; vnconfig -u /dev/vn0c
# Cleanup the vn device
So
laris
an
d F
re
eB
SD
VHSG�KNNO A@BJ�EHKD�HMSDQE@BD�NQ�KNEH�
# lofiadm -a file.iso
# mount -F hsfs -o ro /dev/lofi/1 /mnt
# umount /mnt; lofiadm -d /dev/lofi/1
# Cleanup the lofi device
3.1
0C
re
ate
an
d b
urn
an
IS
O im
ag
e
4GHRVHKKBNOXSGDBCNQ$6$RDBSNQENQRDBSNQ�7HSGNTSconv=notrunc�SGDHL@FDVHKKADRL@KKDQHE
SGDQD�HR�KDRR�BNMSDMS�NM�SGD�BC��3DD�ADKNV�@MC�SGDCC�DW@LOKDR�O@FD����
# dd if=/dev/hdc of=/tmp/mycd.iso bs=2048 conv=notrunc
5RDLJHRNERSNBQD@SD@#$�$6$HL@FDEQNLEHKDRHM@CHQDBSNQX�4NNUDQBNLDSGDEHKD
M@LDR
QDRSQHBSHNMR� QDM@AKDRSGD2NBJ2HCFDDWSDMRHNMRBNLLNMSN5.)8RXRSDLR� *DM@AKDR*NKHDS
DWSDMRHNMR�TRDC�AX�-HBQNRNES�RXRSDLR�� ,�@KKNVR�)3/�����EHKDM@LDR�SN�ADFHM�VHSG�@�ODQHNC�
# mkisofs -J -L -r -V TITLE -o imagefile.iso /path/to/dir
# hdiutil makehybrid -iso -joliet -o dir.iso dir/
# OS X
/M�&QDD"3$��LJHRNER�HR�ENTMC�HM�SGD�ONQSR�HM�RXRTSHKR�BCQSNNKR�
Bu
rn
a C
D/
DV
D I
SO
ima
ge
FreeB
SD
&QDD"3$CNDRMNSDM@AKD$-!NM!4!0)CQHUDRAXCDE@TKS�$-!HRDM@AKDCVHSGSGDRXRBSKBNLL@MC
@MC�SGD�@QFTLDMSR�ADKNV��NQ�VHSG��ANNS�KN@CDQ�BNME�VHSG�SGD�ENKKNVHMF�DMSQHDR�
hw.ata.ata_dma="1"
hw.ata.atapi_dma="1"
5RDburncdVHSG@M!4!0)CDUHBD�burncdHRO@QSNESGDA@RDRXRSDL@MCcdrecord�HMRXRTSHKR�
BCQSNNKR�VHSG�@�3#3)�CQHUD�
# burncd -f /dev/acd0 data imagefile.iso fixate
# For ATAPI drive
# cdrecord -scanbus
# To find the burner device (like 1,0,0)
# cdrecord dev=1,0,0 imagefile.iso
Lin
ux
!KRNTRDcdrecordVHSG,HMTW@RCDRBQHADC@ANUD�!CCHSHNM@KKXHSHRONRRHAKDSNTRDSGDM@SHUD!4!0)
HMSDQE@BD�VGHBG�HR�ENTMC�VHSG�
# cdrecord dev=ATAPI -scanbus
!MC�ATQM�SGD�#$�$6$�@R�@ANUD�
c�&HKD�3XRSDL�c
��
# pkgadd -d <cdrom>/Solaris_9/Product SUNWgtar
# pkgadd -d SUNWgtar
# Add downloaded package (bunzip2 first)
# pkgrm SUNWgtar
# Remove the package
Fre
eB
SD
# pkg_add -r rsync
# Fetch and install rsync.
# pkg_delete /var/db/pkg/rsync-xx
# Delete the rsync package
3DS�VGDQD�SGD�O@BJ@FDR�@QD�EDSBGDC�EQNL�VHSG�SGDPACKAGESITEU@QH@AKD��&NQ�DW@LOKD�
# export PACKAGESITE=ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages/Latest/
# or ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6-stable/Latest/
Fre
eB
SD
po
rts��
4GDONQSSQDD/usr/ports/HR@BNKKDBSHNMNERNESV@QDQD@CXSNBNLOHKD@MCHMRS@KK�RDDL@MONQSR�
4GD�ONQSR�@QD�TOC@SDC�VHSG�SGD�OQNFQ@L
portsnap�
# portsnap fetch extract
# Create the tree when running the first time
# portsnap fetch update
# Update the port tree
# cd /usr/ports/net/rsync/
# Select the package to install
# make install distclean
# Install and cleanup (also see man ports)
# make package
# Make a binary package of this port
# pkgdb -F
# Fix the package registry database
# portsclean -C -DD
# Clean workdir and distdir (part of portupgrade)
OS
XM
acP
orts��
(u
se
su
do
fo
r a
ll co
mm
an
ds)
# port selfupdate
# Update the port tree (safe)
# port installed
# List installed ports
# port deps apache2
# List dependencies for this port
# port search pgrep
# Search for string
# port install proctools
# Install this package
# port variants ghostscript
# List variants of this port
# port -v install ghostscript +no_x11# -no_x11 for negative value
# port clean --all ghostscript
# Clean workdir of port
# port upgrade ghostscript
# Upgrade this port
# port uninstall ghostscript
# Uninstall this port
# port -f uninstall installed
# Uninstall everything
15
.3L
ibra
ry
pa
th
$TDSNBNLOKDWCDODMCDMBHDR@MCQTMSHLDKHMJHMF�OQNFQ@LR@QDCHEEHBTKSSNBNOXSN@MNSGDQRXRSDL
NQCHRSQHATSHNM�(NVDUDQENQRL@KKOQNFQ@LRVHSGKHSSKD
CDODMCDMBHDR�SGDLHRRHMFKHAQ@QHDRB@MAD
BNOHDCNUDQ�4GDQTMSHLDKHAQ@QHDR�@MCSGDLHRRHMFNMD@QDBGDBJDCVHSG
ldd@MCL@M@FDCVHSG
ldconfig�
# ldd /usr/bin/rsync
# List all needed runtime libraries
# otool -L /usr/bin/rsync
# OS X equivalent to ldd
# ldconfig -n /path/to/libs/
# Add a path to the shared libraries directories
# ldconfig -m /path/to/libs/
# FreeBSD
# LD_LIBRARY_PATH
# The variable set the link library path
16
CO
NV
ER
T M
ED
IA
3NLDSHLDR�NMD�RHLOKX�MDDC�SN�BNMUDQS�@�UHCDN��@TCHN�EHKD�NQ�CNBTLDMS�SN�@MNSGDQ�ENQL@S�
16
.1T
ex
t e
nc
od
ing
4DWSDMBNCHMFB@MFDSSNS@KKXVQNMF�RODBH@KKXVGDMSGDK@MFT@FDQDPTHQDRRODBH@KBG@Q@BSDQRKHJD
^_`��4GD�BNLL@MCiconvB@M�BNMUDQS�EQN
L�NMD�DMBNCHMF�SN�@M�NSGDQ�
���GSSO���V
VV�EQDDARC�NQF�G@MCANNJ�ONQSR�GSLK
���GSSO���FTHCD�L@BONQSR�NQF�
c�#NMUDQS�-
DCH@�c
��
# rm -- -badchar.txt
# Remove file whitch starts with a dash (-)
# cp -la /dir1 /dir2
# Archive and hard link files instead of copy
# cp -lpR /dir1 /dir2
# Same for FreeBSD
# cp unixtoolbox.xhtml{,.bak}
# Short way to copy the file with a new extension
# mv /dir1 /dir2
# Rename a directory
# ls -1
# list one file per line
# history | tail -50
# Display the last 50 used commands
# cd -
# cd to previous ($OLDPWD) directory
#GDBJEHKDG@RGDRVHSGNODMRRK�4GHRHR@MHBD@KSDQM@SHUDSNSGDBNLL@MCRmd5sumNQsha1sum
�&QDD"3$�TRDRmd5@MCsha1�VGHBG�@QD�MNS�@KV@XR�HMRS@KKDC�
# openssl md5 file.tar.gz
# Generate an md5 checksum from file
# openssl sha1 file.tar.gz
# Generate an sha1 checksum from file
# openssl rmd160 file.tar.gz
# Generate a RIPEMD-160 checksum from file
15
IN
ST
AL
L S
OF
TW
AR
E
5RT@KKX�SGD�O@BJ@FD�L@M@FDQ�TRDR�SGD�OQNWX�U@QH@AKD�ENQ�GSSO�ESO�QDPTDRSR��)M��A@RGQB�
export http_proxy=http://proxy_server:3128
export ftp_proxy=http://proxy_server:3128
15
.1L
ist i
ns
ta
lle
d p
ac
ka
ge
s
# rpm -qa
# List installed packages (RH, SuSE, RPM based)
# dpkg -l
# Debian, Ubuntu
# pkg_info
# FreeBSD list all installed packages
# pkg_info -W smbd
# FreeBSD show which package smbd belongs to
# pkginfo
# Solaris
15
.2A
dd
/re
mo
ve
so
ftw
are
&QNMS�DMCR��X@RS��X@RS�ENQ�3T3%��QDCG@S BNMEHF O@BJ@FDR�ENQ�2DC�(@S�
# rpm -i pkgname.rpm
# install the package (RH, SuSE, RPM based)
# rpm -e pkgname
# Remove package
Su
SE
zy
pp
er
(se
e d
oc a
nd
ch
ee
t s
he
et)��
# zypper refresh
# Refresh repositorie
# zypper install vim
# Install the package vim
# zypper remove vim
# Remove the package vim
# zypper search vim
# Search packages with vim
# zypper update vim
# Search packages with vim
De
bia
n
# apt-get update
# First update the package lists
# apt-get install emacs
# Install the package emacs
# dpkg --remove emacs
# Remove the package emacs
# dpkg -S file
# find what package a file belongs to
Ge
nto
o
'DMSNN�TRDR�DLDQFD�@R�SGD�GD@QS�NE�HSR��0NQS@FD��O@BJ@FD�L@M@FDLDMS�RXRSDL�
# emerge --sync
# First sync the local portage tree
# emerge -u packagename
# Install or upgrade a package
# emerge -C packagename
# Remove the package
# revdep-rebuild
# Repair dependencies
So
laris
4GD��BCQNL��O@SG�HR�TRT@KKX/cdrom/cdrom0�
���GSSO���DM�NODMRTRD�NQF�:XOODQ�5R@FD
c�)MRS@KK�3NESV@QD�c
��
dvd+
rw
-to
ols
4GDCUC�QV SNNKRO@BJ@FD�&QDD"3$�ONQSR�RXRTSHKR�CUC�QV SNNKRB@MCNHS@KK@MCHMBKTCDR
growisofsSNATQM#$RNQ$6$R�4GDDW@LOKDRQDEDQSNSGDCUCCDUHBD@R/dev/dvdVGHBGBNTKC
AD@RXLKHMJSN
/dev/scd0�SXOHB@KRBRHNM,HMTWNQ/dev/cd0�SXOHB@K&QDD"3$NQ/dev/rcd0c
�[email protected]"3$�/ODM"3$BG@Q@BSDQ3#3)NQ/dev/rdsk/c0t1d0s2�3NK@QHRDW@LOKDNE@BG@Q@BSDQ
3#3)�!4!0)#$ 2/-CDUHBD�4GDQDHR@MHBDCNBTLDMS@SHNMVHSGDW@LOKDRNMSGD&QDD"3$
G@MCANNJ�BG@OSDQ������� # -dvd-compat closes the disk
# growisofs -dvd-compat -Z /dev/dvd=imagefile.iso
# Burn existing iso image
# growisofs -dvd-compat -Z /dev/dvd -J -R /p/to/data
# Burn directly
Co
nv
ert a
Ne
ro
.n
rg
fil
e t
o .
iso
.DQN�RHLOKX�@CCR�@����+A�GD@CDQ�SN�@�MNQL@K�HRN�HL@FD��4GHR�B@M�AD�SQHLLDC�VHSG�CC�
# dd bs=1k if=imagefile.nrg of=imagefile.iso skip=300
Co
nv
ert a
bin
/cu
e i
ma
ge
to
.is
o
4GD�KHSSKDbchunkOQNFQ@L�B@M�CN�SGHR��)S�HR�HM�SGD�&QDD"3$�ONQSR�HM�RXRTSHKR�ABGTMJ�
# bchunk imagefile.bin imagefile.cue imagefile.iso
3.1
1C
re
ate
a f
ile
ba
se
d i
ma
ge
&NQDW@LOKD@O@QSHSHNMNE�'"TRHMFSGDEHKD�TRQ�UCHRJ�HLF�(DQDVDTRDSGDUMNCD��ATSHSBNTKC
@KRN�AD���
Fre
eB
SD
# dd if=/dev/random of=/usr/vdisk.img bs=1K count=1M
# mdconfig -a -t vnode -f /usr/vdisk.img -u 0
# Creates device /dev/md1
# bsdlabel -w /dev/md0
# newfs /dev/md0c
# mount /dev/md0c /mnt
# umount /mnt; mdconfig -d -u 0; rm /usr/vdisk.img
# Cleanup the md device
4GDEHKDA@RDCHL@FDB@MAD@TSNL@SHB@KKXLNTMSDCCTQHMFANNSVHSG@MDMSQXHM�DSB�QB�BNME@MC
�DSB�ERS@A�4DRSXNTQRDSTOVHSG#
/etc/rc.d/mdconfig
start�EHQRSCDKDSDSGDLC�CDUHBDVHSG#
mdconfig -d -u 0�
.NSDGNVDUDQSG@SSGHR@TSNL@SHBRDSTOVHKKNMKXVNQJHESGDEHKDHL@FDHR./4NMSGDQNNSO@QSHSHNM�
4GDQD@RNMHRSG@SSGD�DSB�QB�C�LCBNMEHFRBQHOSHRDWDBTSDCUDQXD@QKXCTQHMFANNS@MCSGDQNNS
O@QSHSHNMHRRSHKKQD@C NMKX�)L@FDRKNB@SDCNTSRHCDSGDQNNSO@QSHSHNMVHKKADLNTMSDCK@SDQVHSGSGD
RBQHOS��DSB�QB�C�LCBNMEHF��
�ANNS�KN@CDQ�BNME�
md_load="YES"
�DSB�QB�BNME�
# mdconfig_md0="-t vnode -f /usr/vdisk.img"
# /usr is not on the root partition
�DSB�ERS@A��4GD��@SSGDDMCHRHLONQS@MS�HSSDKKERBJSNHFMNQDSGHRCDUHBD�@RHRCNDRMNSDWHRS
XDS
/dev/md0 /usr/vdisk ufs rw 0 0
)S�HR�@KRN�ONRRHAKD�SN�HMBQD@RD�SGD�RHYD�NE�SGD�HL@FD�@ESDQV@QC��R@X�ENQ�DW@LOKD�����-"�K@QFDQ�
# umount /mnt; mdconfig -d -u 0
# dd if=/dev/zero bs=1m count=300 >> /usr/vdisk.img
# mdconfig -a -t vnode -f /usr/vdisk.img -u 0
# growfs /dev/md0
# mount /dev/md0c /mnt
# File partition is now 300 MB larger
��GSSO���VVV�EQDDARC�NQF�G@MCANNJ�BQD@SHMF CUCR�GSLK
��GSSO���EQDRGLD@S�MDS�OQNIDBSR�ABGTMJ�
c�&HKD�3XRSDL�c
��
Lin
ux
# dd if=/dev/zero of=/usr/vdisk.img bs=1024k count=1024
# mkfs.ext3 /usr/vdisk.img
# mount -o loop /usr/vdisk.img /mnt
# umount /mnt; rm /usr/vdisk.img
# Cleanup
Lin
ux
wit
h lo
se
tu
p
/dev/zeroHR�LTBG�E@RSDQ�SG@Murandom��ATS�KDRR�RDBTQD�ENQ�DMBQXOSHNM�
# dd if=/dev/urandom of=/usr/vdisk.img bs=1024k count=1024
# losetup /dev/loop0 /usr/vdisk.img
# Creates and associates /dev/loop0
# mkfs.ext3 /dev/loop0
# mount /dev/loop0 /mnt
# losetup -a
# Check used loops
# umount /mnt
# losetup -d /dev/loop0
# Detach
# rm /usr/vdisk.img
3.1
2C
re
ate
a m
em
ory
file
sy
ste
m
!LDLNQXA@RDCEHKDRXRSDLHRUDQXE@RSENQGD@UX)/@OOKHB@SHNM�(NVSNBQD@SD@��-"O@QSHSHN
MLNTMSDC�NM��LDLCHRJ�
Fre
eB
SD
# mount_mfs -o rw -s 64M md /memdisk
# umount /memdisk; mdconfig -d -u 0
# Cleanup the md device
md /memdisk mfs rw,-s64M 0 0
# /etc/fstab entry
Lin
ux
# mount -t tmpfs -osize=64m tmpfs /memdisk
3.1
3D
isk
pe
rfo
rm
an
ce
2D@C�@MC�VQHSD�@���'"�EHKD�NM�O@QSHSHN
M�@C�R�B���GNLD
# time dd if=/dev/ad4s3c of=/dev/null bs=1024k count=1000
# time dd if=/dev/zero bs=1024k count=1000 of=/home/1Gb.file
# hdparm -tT /dev/hda
# Linux only
4N
ET
WO
RK
2NTSHMF�O��[!CCHSHNM@K)0�O��[#G@MFD-!#�O��[0NQSR�O��[&HQDV@KK�O��[)0&NQV@QC
�O��[.!4�O��[$.3�O��[$(#0�O��[4Q@EEHB�O��[1N3�O��[.)3�O��[.DSB@S�O��
4.1
De
bu
gg
ing
(S
ee
als
oT
ra
ffic
an
aly
sis
)(p
ag
e 1
9)
Lin
ux
# ethtool eth0
# Show the ethernet status (replaces mii-diag)
# ethtool -s eth0 speed 100 duplex full# Force 100Mbit Full duplex
# ethtool -s eth0 autoneg off# Disable auto negotiation
# ethtool -p eth1
# Blink the ethernet led - very useful when supported
# ip link show
# Display all interfaces on Linux (similar to ifconfig)
# ip link set eth0 up
# Bring device up (or down). Same as "ifconfig eth0 up"
# ip addr show
# Display all IP addresses on Linux (similar to ifconfig)
# ip neigh show
# Similar to arp -a
Oth
er O
Se
s
# ifconfig fxp0
# Check the "media" field on FreeBSD
# arp -a
# Check the router (or host) ARP entry (all OS)
# ping cb.vu
# The first thing to try...
# traceroute cb.vu
# Print the route path to destination
c�.DSVNQJ�c
��
aC
trl-a
[DMSDQ�HMSN
scro
llbackLNCD��DWHS�VHSG
esc�
5RDecho "defscrollback 5000" > ~/.screenrcSN�HMBQD@RD�ATEEDQ��CDE@TKS�HR����
dC
-u3BQNKKR�@�G@KE�O@FD�TO
dC
-b3BQNKK�@�ETKK�O@FD�TO
dC
-d3BQNKK�@�G@KE�O@FD�CNVM
dC
-f3BQNKK�@�ETKK�O@FD�CNVM
d/3D@QBG�ENQV@QC
d?3D@QBG�A@BJV@QC
4GDRBQDDMRDRRHNMHRSDQLHM@SDCVGDMSGDOQNFQ@LVHSGHMSGDQTMMHMFSDQLHM@KHRBKNRDC@MCXNT
KNFNTS�EQN
L�SGD�SDQLHM@K�
14
.7F
ind
3NLD�HLONQS@MS�NOSHNMR�
-x�NM�"3$-xdev�NM�,HMTW
3S@X�NM�SGD�R@LD�EHKD�RXRSDL��CDU�HM�ERS@A�
-exec cmd {} \;
%WDBTSD�SGD�BNLL@MC�@MC�QDOK@BD�Z\�VHSG�SGD�ETKK�O@SG
-iname
,HJD� M@LD�ATS�HR�B@RD�HMRDMRHSHUD
-ls
$HROK@X�HMENQL@SHNM�@ANTS�SGD�EHKD��KHJD�KR� K@
-size n
M�HR�� M��J�-�'�4�0
-cmin n
&HKD�R�RS@STR�V@R�K@RS�BG@MFDC�M�LHMTSDR�@FN�
# find . -type f ! -perm -444
# Find files not readable by all
# find . -type d ! -perm -111
# Find dirs not accessible by all
# find /home/user/ -cmin 10 -print
# Files created or modified in the last 10 min.
# find . -name '*.[ch]' | xargs grep -E 'expr'# Search 'expr' in this dir and below.
# find / -name "*.core" | xargs rm
# Find core dumps and delete them (also try core.*)
# find / -name "*.core" -print -exec rm {} \;
# Other syntax
# Find images and create an archive, iname is not case sensitive. -r for append
# find . \( -iname "*.png" -o -iname "*.jpg" \) -print -exec tar -rf images.tar {} \;
# find . -type f -name "*.txt" ! -name README.txt -print
# Exclude README.txt files
# find /var/ -size +10M -exec ls -lh {} \;
# Find large files > 10 MB
# find /var/ -size +10M -ls
# This is simpler
# find . -size +10M -size -50M -print
# find /usr/ports/ -name work -type d -print -exec rm -rf {} \;
# Clean the ports
# Find files with SUID; those file are vulnerable and must be kept secure
# find / -type f -user root -perm -4000 -exec ls -l {} \;
"DB@QDETKVHSGW@QFNQDWDB@RHSLHFGSNQLHFGSMNSGNMNQPTNSHMFR@MCB@MQDSTQMVQNMFQDRTKSR
VGDMEHKDRNQCHQDBSNQHDRBNMS@HMRO@BDR�)MCNTASTRD� OQHMS�[W@QFR ��HMRSD@CNE�[W@QFR��4GD
NOSHNM� OQHMS��LTRS�AD�SGD�K@RS�HM�SGD�EHMC�BNLL@MC��3DD�SGHR�MHBDLHMH�STSNQH@K�ENQ�EHM
C���
# find . -type f | xargs ls -l
# Will not work with spaces in names
# find . -type f -print0 | xargs -0 ls -l
# Will work with spaces in names
# find . -type f -exec ls -l '{}' \;# Or use quotes '{}' with -exec
14
.8M
isc
ella
ne
ou
s
# which command
# Show full path name of command
# time command
# See how long a command takes to execute
# time cat
# Use time as stopwatch. Ctrl-c to stop
# set | grep $USER
# List the current environment
# cal -3
# Display a three month calendar
# date [-u|--utc|--universal] [MMDDhhmm[[CC]YY][.ss]]
# date 10022155
# Set date and time
# whatis grep
# Display a short info on the command or word
# whereis java
# Search path and standard directories for word
# setenv varname value
# Set env. variable varname to value (csh/tcsh)
# export varname="value"
# set env. variable varname to value (sh/ksh/bash)
# pwd
# Print working directory
# mkdir -p /path/to/dir
# no error if existing, make parent dirs as needed
# mkdir -p project/{bin,src,obj,doc/{html,man,pdf},debug/some/more/dirs}
# rmdir /path/to/dir
# Remove directory
# rm -rf /path/to/dir
# Remove directory and its content (force)
���GSSO���V
VV�GBBEK�DCT�ONKKNBJ�5MHW�&HMC#LC�GSL
c�5RDETK�#NLL@MCR�c
��
# dd if=/dev/hda of=/dev/null bs=1m
# Check for bad blocks
# dd bs=1k if=/dev/hda1 conv=sync,noerror,notrunc | gzip | ssh \# Send to remote
root@fry 'dd of=hda1.gz bs=1k'
# dd bs=1k if=/dev/hda1 conv=sync,noerror,notrunc of=hda1.img
# Store into an image
# mount -o loop /hda1.img /mnt
#Mount the image(page 13)
# rsync -ax /mnt/ /newdisk/
# Copy on a new disk
# dd if=/dev/hda of=/dev/hda
# Refresh the magnetic state
# The above is useful to refresh a disk. It is perfectly safe, but must be unmounted.
De
lete
# dd if=/dev/zero of=/dev/hdc
# Delete full disk
# dd if=/dev/urandom of=/dev/hdc
# Delete full disk better
# kill -USR1 PID
# View dd progress (Linux)
# kill -INFO PID
# View dd progress (FreeBSD)
MB
R t
ric
ks
4GD-"2BNMS@HMRSGDANNSKN@CDQ@MCSGDO@QSHSHNMS@AKD@MCHR���AXSDRRL@KK�4GDEHQRS���@QD
ENQ�SGD�ANNS�KN@CDQ��SGD�AXSDR�����SN�����@QD�ENQ�SGD�O@QSHSHNM�S@AKD�
# dd if=/dev/sda of=/mbr_sda.bak bs=512 count=1
# Backup the full MBR
# dd if=/dev/zero of=/dev/sda bs=512 count=1
# Delete MBR and partition table
# dd if=/mbr_sda.bak of=/dev/sda bs=512 count=1
# Restore the full MBR
# dd if=/mbr_sda.bak of=/dev/sda bs=446 count=1
# Restore only the boot loader
# dd if=/mbr_sda.bak of=/dev/sda bs=1 count=64 skip=446 seek=446# Restore partition table
14
.6s
cre
en
3BQDDM��@�LTRS�G@UD�G@R�SVN�L@HM�ETMBSHNM@KHSHDR�
a2TM�LTKSHOKD�SDQLHM@K�RDRRHNM�VHSGHM�@�RHMFKD�SDQLHM@K�
a!RS@QSDCOQNFQ@LHRCDBNTOKDCEQNLSGDQD@KSDQLHM@K@MCB@MSGTRQTMHMSGDA@BJFQNTMC�
4GD�QD@K�SDQLHM@K�B@M�AD�BKNRDC�@MC�QD@SS@BGDC�K@SDQ�
Sh
ort s
ta
rt e
xa
mp
le
RS@QS�RBQDDM�VHSG�
# screen
7HSGHM�SGD�RBQDDM�RDRRHNM�VD�B@M�RS@QS�@�KNMF�K@RSHMF�OQNFQ@L��KHJD�SNO�
# top
.NV�CDS@BG�VHSG
Ctr
l-a C
trl-
d��2D@SS@BG�SGD�SDQLHM@K�VHSG�
# screen -R -D
)MCDS@HKSGHRLD@MR�)E@RDRRHNMHRQTMMHMF�SGDMQD@SS@BG�)EMDBDRR@QXCDS@BG@MCKNFNTSQDLNSDKX
EHQRS��)E�HS�V@R�MNS�QTMMHMF�BQD@SD�HS�@MC�MNSHEX�SGD�TRDQ��/Q�
# screen -x
!SS@BGSN@QTMMHMFRBQDDMHM@LTKSHCHROK@XLNCD�4GDBNMRNKDHRSGTRRG@QDC@LNMFLTKSHOKD
TRDQR��6DQX�TRDETK�ENQ�SD@L�VNQJ�CDATF�
Scre
en
co
mm
an
ds (
wit
hin
scre
en
)
!KK�RBQDDM�BNLL@MCR�RS@QS�VHSG
Ctr
l-a�
aC
trl-
a ?GDKO�@MC�RTLL@QX�NE�ETMBSHNMR
aC
trl-
a cBQD@SD�@M�MDV�VHMCNV��SDQLHM@K
aC
trl-
aC
trl-
nan
dC
trl-
aC
trl-
pSNRVHSBGSNSGDMDWSNQOQDUHNTRVHMCNVHMSGDKHRS�AX
MTLADQ�
aC
trl-
a C
trl-
NVGDQD�.�HR�@�MTLADQ�EQNL���SN����SN�RVHSBG�SN�SGD�BNQQDRONMCHMF�VHMCNV�
aC
trl-
a "SN�FDS�@�M@UHF@AKD�KHRS�NE�QTMMHMF�VHMCNVR
aC
trl-
a aSN�BKD@Q�@�LHRRDC�#SQK @
aC
trl-
a C
trl-
dSN�CHRBNMMDBS�@MC�KD@UD�SGD�RDRRHNM�QTMMHMF�HM�SGD�A@BJFQNTMC
aC
trl-
a xKNBJ�SGD�RBQDDM�SDQLHM@K�VHSG�@�O@RRVNQC
c�5RDETK�#NLL@MCR�c
��
# ifconfig fxp0 media 100baseTX mediaopt full-duplex# 100Mbit full duplex (FreeBSD)
# netstat -s
# System-wide statistics for each network protocol
!CCHSHNM@K�BNLL@MCR�VGHBG�@QD�MNS�@KV@XR�HMRS@KKDC�ODQ�CDE@TKS�ATS�D@RX�SN�EHMC�
# arping 192.168.16.254
# Ping on ethernet layer
# tcptraceroute -f 5 cb.vu
# uses tcp instead of icmp to trace through firewalls
4.2
Ro
utin
g
Prin
t r
ou
tin
g t
ab
le
# route -n
# Linux or use "ip route"
# netstat -rn
# Linux, BSD and UNIX
# route print
# Windows
Ad
d a
nd
de
lete
a r
ou
te
FreeB
SD
# route add 212.117.0.0/16 192.168.1.1
# route delete 212.117.0.0/16
# route add default 192.168.1.1
!CC�SGD�QNTSD�ODQL@MDMSKX�HM��DSB�QB�BNME
static_routes="myroute"
route_myroute="-net 212.117.0.0/16 192.168.1.1"
Lin
ux
# route add -net 192.168.20.0 netmask 255.255.255.0 gw 192.168.16.254
# ip route add 192.168.20.0/24 via 192.168.16.254
# same as above with ip route
# route add -net 192.168.20.0 netmask 255.255.255.0 dev eth0
# route add default gw 192.168.51.254
# ip route add default via 192.168.51.254 dev eth0
# same as above with ip route
# route delete -net 192.168.20.0 netmask 255.255.255.0
Sola
ris
# route add -net 192.168.20.0 -netmask 255.255.255.0 192.168.16.254
# route add default 192.168.51.254 1
# 1 = hops to the next gateway
# route change default 192.168.50.254 1
0DQL@MDMS�DMSQHDR�@QD�RDS�HM�DMSQX�HM/etc/defaultrouter�
Win
dow
s
# Route add 192.168.50.0 mask 255.255.255.0 192.168.51.253
# Route add 0.0.0.0 mask 0.0.0.0 192.168.51.254
5RD�@CC� O�SN�L@JD�SGD�QNTSD�ODQRHRSDMS�
4.3
Co
nfig
ure
ad
dit
ion
al
IP
ad
dre
ss
es
Lin
ux
# ifconfig eth0 192.168.50.254 netmask 255.255.255.0
# First IP
# ifconfig eth0:0 192.168.51.254 netmask 255.255.255.0
# Second IP
# ip addr add 192.168.50.254/24 dev eth0
# Equivalent ip commands
# ip addr add 192.168.51.254/24 dev eth0 label eth0:1
Fre
eB
SD
# ifconfig fxp0 inet 192.168.50.254/24
# First IP
# ifconfig fxp0 alias 192.168.51.254 netmask 255.255.255.0# Second IP
# ifconfig fxp0 -alias 192.168.51.254
# Remove second IP alias
0DQL@MDMS�DMSQHDR�HM��DSB�QB�BNME
ifconfig_fxp0="inet 192.168.50.254 netmask 255.255.255.0"
ifconfig_fxp0_alias0="192.168.51.254 netmask 255.255.255.0"
c�.DSVNQJ�c
��
So
laris
#GDBJ�SGD�RDSSHMFR�VHSG
ifconfig -a
# ifconfig hme0 plumb
# Enable the network card
# ifconfig hme0 192.168.50.254 netmask 255.255.255.0 up
# First IP
# ifconfig hme0:1 192.168.51.254 netmask 255.255.255.0 up
# Second IP
4.4
Ch
an
ge
MA
C a
dd
re
ss
.NQL@KKXXNTG@UDSNAQHMFSGDHMSDQE@BDCNVMADENQDSGDBG@MFD�$NM�SSDKKLDVGXXNTV@MSSN
BG@MFD�SGD�-!#�@CCQDRR���
# ifconfig eth0 down
# ifconfig eth0 hw ether 00:01:02:03:04:05
# Linux
# ifconfig fxp0 link 00:01:02:03:04:05
# FreeBSD
# ifconfig hme0 ether 00:01:02:03:04:05
# Solaris
# sudo ifconfig en0 ether 00:01:02:03:04:05
# OS X Tiger, Snow Leopard LAN*
# sudo ifconfig en0 lladdr 00:01:02:03:04:05
# OS X Leopard
4XOHB@KVHQDKDRRHMSDQE@BDHR
en1@MCMDDCRCNCHR@RRNBH@SDEQNL@MXMDSVNQJEHQRS�NRWC@HKX
GNVSN�
# echo "alias airport='/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport'"\
>> ~/.bash_profile
# or symlink to /usr/sbin
# airport -z
# Disassociate from wireless networks
# airport -I
# Get info from wireless network
-@MX�SNNKR�DWHRS�ENQ�7HMCNVR��&NQ�DW@LOKDDSGDQBG@MFD���/Q�KNNJ�ENQ��-
@B�-@JDTO����R
L@B��
4.5
Po
rts
in u
se
,HRSDMHMF�NODM�ONQSR�
# netstat -an | grep LISTEN
# lsof -i
# Linux list all Internet connections
# socklist
# Linux display list of open sockets
# sockstat -4
# FreeBSD application listing
# netstat -anp --udp --tcp | grep LISTEN
# Linux
# netstat -tup
# List active connections to/from system (Linux)
# netstat -tupl
# List listening ports from system (Linux)
# netstat -ano
# Windows
4.6
Fir
ew
all
#GDBJ�HE�@�EHQDV@KK�HR�QTMMHMF��SXOHB@K�BNMEHFTQ@SHNM�NMKX�
Lin
ux
# iptables -L -n -v
# For status
Open the iptables firewall
# iptables -P INPUT ACCEPT
# Open everything
# iptables -P FORWARD ACCEPT
# iptables -P OUTPUT ACCEPT
# iptables -Z
# Zero the packet and byte counters in all chains
# iptables -F
# Flush all chains
# iptables -X
# Delete all chains
Fre
eB
SD
# ipfw show
# For status
# ipfw list 65535# if answer is "65535 deny ip from any to any" the fw is disabled
# sysctl net.inet.ip.fw.enable=0
# Disable
# sysctl net.inet.ip.fw.enable=1
# Enable
��GSSO���MSRDBTQHSX�MT�SNNKANW�DSGDQBG@MFD
c�.DSVNQJ�c
��
Cre
ate
# cd /
# tar -cf home.tar home/
# archive the whole /home directory (c for create)
# tar -czf home.tgz home/
# same with zip compression
# tar -cjf home.tbz home/
# same with bzip2 compression
/MKXHMBKTCDNMD�NQSVNCHQDBSNQHDREQNL@SQDD�ATSJDDOSGDQDK@SHUDRSQTBSTQD�&NQDW@LOKD
@QBGHUD��TRQ�KNB@K�DSB�@MC��TRQ�KNB@K�VVV�@MC�SGD�EHQRS�CHQDBSNQX�HM�SGD�@QBGHUD�RGNTKC�AD�KNB@K��
# tar -C /usr -czf local.tgz local/etc local/www
# tar -C /usr -xzf local.tgz
# To untar the local dir into /usr
# cd /usr; tar -xzf local.tgz
# Is the same as above
Ex
tra
ct
# tar -tzf home.tgz
# look inside the archive without extracting (list)
# tar -xf home.tar
# extract the archive here (x for extract)
# tar -xzf home.tgz
# same with zip compression (-xjf for bzip2 compression)
# remove leading path gallery2 and extract into gallery
# tar --strip-components 1 -zxvf gallery2.tgz -C gallery/
# tar -xjf home.tbz home/colin/file.txt
# Restore a single file
Mo
re
ad
va
nce
d
# tar c dir/ | gzip | ssh user@remote 'dd of=dir.tgz'# arch dir/ and store remotely.
# tar cvf - `find . -print` > backup.tar
# arch the current directory.
# tar -cf - -C /etc . | tar xpf - -C /backup/etc
# Copy directories
# tar -cf - -C /etc . | ssh user@remote tar xpf - -C /backup/etc
# Remote copy.
# tar -czf home.tgz --exclude '*.o' --exclude 'tmp/' home/
14
.5d
d
4GDOQNFQ@L
dd�CHRJCTLONQCDRSQNXCHRJNQRDDSGDLD@MHMFNECCHRTRDCSNBNOXO@QSHSHN
MR
@MC�CHRJR�@MC�ENQ�NSGDQ�BNOX�SQHBJR��4XOHB@K�TR@FD�
# dd if=<source> of=<target> bs=<byte size> conv=<conversion>
)LONQS@MS�BNMU�NOSHNMR�
notrunc
CN�MNS�SQT
MB@SD�SGD�NTSOTS�EHKD
��@KK�YDQNR�VHKK�AD�VQHSSD
M�@R�YDQNR�
noerror
BNMSHMTD�@ESDQ�QD@C�DQQNQR��D�F��A@C�AKNBJR
sync
O@C�DUDQX�HMOTS�AKNBJ�VHSG�.TKKR�SN�HAR RHYD
4GDCDE@TKSAXSDRHYDHR����NMDAKNBJ�4GD-"2�VGDQDSGDO@QSHSHN
MS@AKDHRKNB@SDC�HRNMSGD
EHQRSAKNBJ�SGDEHQRS��AKNBJRNE@CHRJ@QDDLOSX�,@QFDQAXSDRHYDR@QDE@RSDQSNBNOXATSQDPTHQD
@KRN�LNQD�LDLNQX�
Ba
ck
up
an
d r
esto
re
# dd if=/dev/hda of=/dev/hdc bs=16065b
# Copy disk to disk (same size)
# dd if=/dev/sda7 of=/home/root.img bs=4096 conv=notrunc,noerror# Backup /
# dd if=/home/root.img of=/dev/sda7 bs=4096 conv=notrunc,noerror# Restore /
# dd bs=1M if=/dev/ad4s3e | gzip -c > ad4s3e.gz
# Zip the backup
# gunzip -dc ad4s3e.gz | dd of=/dev/ad0s3e bs=1M
# Restore the zip
# dd bs=1M if=/dev/ad4s3e | gzip | ssh eedcoba@fry 'dd of=ad4s3e.gz'# also remote
# gunzip -dc ad4s3e.gz | ssh eedcoba@host 'dd of=/dev/ad0s3e bs=1M'
# dd if=/dev/ad0 of=/dev/ad2 skip=1 seek=1 bs=4k conv=noerror
# Skip MBR
# This is necessary if the destination (ad2) is smaller.
Re
co
ve
r
4GDBNLL@MCddVHKKQD@C
every
sin
gle
blo
ckNESGDO@QSHSHN
M�)MB@RDNEOQNAKDLRHSHRADSSDQSN
TRDSGDNOSHNMconv=sync,noerrorRNCCVHKKRJHOSGDA@CAKNBJ@MCVQHSD
YDQNR@SSGDCDRSHM@SHNM�
!BBNQCHMFKXHSHRHLONQS@MSSNRDSSGDAKNBJRHYDDPT@KNQRL@KKDQSG@MSGDCHRJAKNBJRHYD�!�JRHYD
RDDLRR@ED�RDSHSVHSG
bs=1k�)E@CHRJG@RA@CRDBSNQR@MCSGDC@S@RGNTKCADQDBNUDQDCEQNL
@O@QSHSHN
M�BQD@SD@MHL@FDEHKDVHSGCC�LNTMSSGDHL@FD@MCBNOXSGDBNMSDMSSN@MDVCHRJ�
7HSGSGDNOSHNMnoerror�CCVHKKRJHOSGDA@CRDBSNQR@MCVQHSD
YDQNRHMRSD@C�SGTRNMKXSGDC@S@
BNMS@HMDC�HM�SGD�A@C�RDBSNQR�VHKK�AD�KNRS�
c�5RDETK�#NLL@MCR�c
��
14
.2v
i
6HHROQDRDMSNM!.9,HMTW�5MHWHMRS@KK@SHNM�MNSFDMSNN�@MCHSHRSGDQDENQDTRDETKSNJMNVRNLD
A@RHBBNLL@MCR�4GDQD@QDSVNLNCDR�BNLL@MCLNCD@MCHMRDQSHNMLNCD�4GDBNLL@MCRLNCD
HR�@BBDRRDC�VHSG
[ES
C]��SGD�HMRDQSHNM�LNCD�VHSG
i��5RD: helpHE�XNT�@QD�KNRS�
4GD�DCHSNQR
nano@MCpico@QD�TRT@KKX�@U@HK@AKD�SNN�@MC�@QD�D@RHDQ��)-(/�SN�TRD�
Qu
it
:wMDVEHKDM@LD
R@UD�SGD�EHKD�SN�MDVEHKDM@LD
:wq
or :
xR@UD�@MC�PTHS
:q!
PTHS�VHSGNTS�R@UHMF
Se
arch
an
d m
ov
e
/str
ing
3D@QBG�ENQV@QC�ENQ�RSQHMF
?str
ing
3D@QBG�A@BJ�ENQ�RSQHMF
n3D@QBG�ENQ�MDWS�HMRS@MBD�NE�RSQHMF
N3D@QBG�ENQ�OQDUHNTR�HMRS@MBD�NE�RSQHMF
{-NUD�@�O@Q@FQ@OG�A@BJ
}-NUD�@�O@Q@FQ@OG�ENQV@QC
1G
-NUD�SN�SGD�EHQRS�KHMD�NE�SGD�EHKD
nG
-NUD�SN�SGD�M�SG�KHMD�NE�SGD�EHKD
G-NUD�SN�SGD�K@RS�KHMD�NE�SGD�EHKD
:%s/
OLD
/N
EW
/g
3D@QBG�@MC�QDOK@BD�DUDQX�NBBTQQDMBD
De
lete
co
py
pa
ste
te
xt
dd
(d
w)
#TS�BTQQDMS�KHMD��VNQC
D#TS�SN�SGD�DMC�NE�SGD�KHMD
x$DKDSD��BTS�BG@Q@BSDQ
yy (
yw
)#NOX�KHMD��VNQC�@ESDQ�BTQRNQ
P0@RSD�@ESDQ�BTQRNQ
u5MCN�K@RS�LNCHEHB@SHNM
U5MCN�@KK�BG@MFDR�SN�BTQQDMS�KHMD
14
.3m
ail
4GDmailBNLL@MCHR@A@RHB@OOKHB@SHNMSNQD@C@MCRDMCDL@HK�HSHRTRT@KKXHMRS@KKDC�4NRDMC
@MDL@HKRHLOKXSXOD�L@HKTRDQ CNL@HM��4GDEHQRSKHMDHRSGDRTAIDBS�SGDMSGDL@HKBNMSDMS�
4DQLHM@SD�@MC�RDMC�SGD�DL@HK�VHSG�@�RHMFKD�CNS����HM�@�MDV�KHMD��%W@LOKD�
# mail [email protected]
Subject: Your text is full of typos
"For a moment, nothing happened. Then, after a second or so,
nothing continued to happen."
. EOT
# 4GHR�HR�@KRN�VNQJHMF�VHSG�@�OHOD�
# echo "This is the mail body" | mail [email protected]
4GHR�HR�@KRN�@�RHLOKD�V@X�SN�SDRS�SGD�L@HK�RDQUDQ�
14
.4ta
r
4GDBNLL@MCtar�S@OD@QBGHUDBQD@SDR@MCDWSQ@BSR@QBGHUDRNEEHKD@MCCHQDBSNQHDR�4GD@QBGHUD
�S@QHRTMBNLOQDRRDC�@BNLOQDRRDC@QBGHUDG@RSGDDWSDMRHNM�SFYNQ�S@Q�FY�YHONQ�SAY�AYHO��
$NMNSTRD@ARNKTSDO@SGVGDMBQD@SHMF@M@QBGHUD�XNTOQNA@AKXV@MSSNTMO@BJHSRNLDVGDQD
DKRD��3NLD�SXOHB@K�BNLL@MCR�@QD�
c�5RDETK�#NLL@MCR�c
��
4.7
IP
Fo
rw
ard
fo
r r
ou
tin
g
Lin
ux
#GDBJ�@MC�SGDM�DM@AKD�)0�ENQV@QC�VHSG�
# cat /proc/sys/net/ipv4/ip_forward
# Check IP forward 0=off, 1=on
# echo 1 > /proc/sys/net/ipv4/ip_forward
NQ�DCHS��DSB�RXRBSK�BNME�VHSG�
net.ipv4.ip_forward = 1
Fre
eB
SD
#GDBJ�@MC�DM@AKD�VHSG�
# sysctl net.inet.ip.forwarding
# Check IP forward 0=off, 1=on
# sysctl net.inet.ip.forwarding=1
# sysctl net.inet.ip.fastforwarding=1
# For dedicated router or firewall
Permanent with entry in /etc/rc.conf:
gateway_enable="YES"
# Set to YES if this host will be a gateway.
So
laris
# ndd -set /dev/ip ip_forwarding 1
# Set IP forward 0=off, 1=on
4.8
NA
T N
etw
ork
Ad
dre
ss
Tra
ns
latio
n
Lin
ux
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# to activate NAT
# iptables -t nat -A PREROUTING -p tcp -d 78.31.70.238 --dport 20022 -j DNAT \
--to 192.168.16.44:22
# Port forward 20022 to internal IP port ssh
# iptables -t nat -A PREROUTING -p tcp -d 78.31.70.238 --dport 993:995 -j DNAT \
--to 192.168.16.254:993-995
# Port forward of range 993-995
# ip route flush cache
# iptables -L -t nat
# Check NAT status
$DKDSDSGDONQSENQV@QCVHSG $HMRSD@CNE !�4GDOQNFQ@LMDSRS@S M@S�HRUDQXTRDETKSNSQ@BJ
BNMMDBSHNMR��HS�TRDR/proc/net/ip_conntrackNQ/proc/net/nf_conntrack�
# netstat-nat -n
# show all connections with IPs
Fre
eB
SD
# natd -s -m -u -dynamic -f /etc/natd.conf -n fxp0
Or edit /etc/rc.conf with:
firewall_enable="YES"
# Set to YES to enable firewall functionality
firewall_type="open"
# Firewall type (see /etc/rc.firewall)
natd_enable="YES"
# Enable natd (if firewall_enable == YES).
natd_interface="tun0"
# Public interface or IP address to use.
natd_flags="-s -m -u -dynamic -f /etc/natd.conf"
0NQS�ENQV@QC�VHSG�
# cat /etc/natd.conf
same_ports yes
use_sockets yes
unregistered_only
# redirect_port tcp insideIP:2300-2399 3300-3399
# port range
redirect_port udp 192.168.51.103:7777 7777
4.9
DN
S
/M5MHWSGD$.3DMSQHDR@QDU@KHCENQ@KKHMSDQE@BDR@MC@QDRSNQDCHM�DSB�QDRNKU�BNME�4GDCNL@HM
SN�VGHBG�SGD�GNRS�ADKNMFR�HR�@KRN�RSNQDC�HM�SGHR�EHKD��!�LHMHL@K�BNMEHFTQ@SHNM�HR�
��GSSO���SVDDFX�MK�OQNIDBSR�MDSRS@S M@S
c�.DSVNQJ�c
��
nameserver 78.31.70.238
search sleepyowl.net intern.lab
domain sleepyowl.net
#GDBJ�SGD�RXRSDL�CNL@HM�M@LD�VHSG�
# hostname -d
# Same as dnsdomainname
Win
do
ws
/M7HMCNVRSGD$.3@QDBNMEHFTQDCODQHMSDQE@BD�4NCHROK@XSGDBNMEHFTQDC$.3@MCSNEKTRGSGD
$.3�B@BGD�TRD�
# ipconfig /?
# Display help
# ipconfig /all
# See all information including DNS
Flu
sh
DN
S
&KTRGSGD/3$.3B@BGD�RNLD@OOKHB@SHNMTRHMFSGDHQNVMB@BGD�D�F�&HQDENW@MCVHKKAD
TM@EEDBSDC�
# /etc/init.d/nscd restart
# Restart nscd if used - Linux/BSD/Solaris
# lookupd -flushcache
# OS X Tiger
# dscacheutil -flushcache
# OS X Leopard and newer
# ipconfig /flushdns
# Windows
Fo
rw
ard
qu
erie
s
$HFHRXNTEQHDMCSNSDRSSGD$.3RDSSHMFR�&NQDW@LOKDSGDOTAKHB$.3RDQUDQ213.133.105.2
ns.second-ns.deB@MADTRDCENQSDRSHMF�3DDEQNLVGHBGRDQUDQSGDBKHDMSQDBDHUDRSGD@MRVDQ
�RHLOKHEHDC�@MRVDQ�
# dig sleepyowl.net
sleepyowl.net. 600 IN A 78.31.70.238
;; SERVER: 192.168.51.254#53(192.168.51.254)
4GDQNTSDQ��������������@MRVDQDC@MCSGDQDRONMRDHRSGD!DMSQX�!MXDMSQXB@MADPTDQHDC
@MC�SGD�$.3�RDQUDQ�B@M�AD�RDKDBSDC�VHSG� �
# dig MX google.com
# dig @127.0.0.1 NS sun.com
# To test the local server
# dig @204.97.212.10 NS MX heise.de
# Query an external server
# dig AXFR @ns1.xname.org cb.vu
# Get the full zone (zone transfer)
4GD�OQNFQ@L�GNRS�HR�@KRN�ONVDQETK�
# host -t MX cb.vu
# Get the mail MX entry
# host -t NS -T sun.com
# Get the NS record over a TCP connection
# host -a sleepyowl.net
# Get everything
Re
ve
rse
qu
erie
s
&HMCSGDM@LDADKNMFHMFSN@M)0@CCQDRR�HM @CCQ�@QO@��4GHRB@MADCNMDVHSG
dig�host@MC
nslookup�
# dig -x 78.31.70.238
# host 78.31.70.238
# nslookup 78.31.70.238
/e
tc/
ho
sts
3HMFKDGNRSRB@MADBNMEHFTQDCHMSGDEHKD�DSB�GNRSRHMRSD@CNEQTMMHMFnamedKNB@KKXSNQDRNKUDSGD
GNRSM@LD�PTDQHDR��4GD�ENQL@S�HR�RHLOKD��ENQ�DW@LOKD�
78.31.70.238 sleepyowl.net sleepyowl
4GDOQHNQHSX
ADSVDDMGNRSR@MC@CMRPTDQX�SG@SHRSGDM@LDQDRNKTSHNMNQCDQ�B@MADBNMEHFTQDCHM
/etc/nsswitch.conf!.$��DSB�GNRS�BNME��4GD�EHKD�@KRN�DWHRSR�NM�7HMCNVR��HS�HR
�TRT@KKX�HM�
C:\WINDOWS\SYSTEM32\DRIVERS\ETC
c�.DSVNQJ�c
��
# chown -R www:www /home/svn
#QD@SD�@�TRDQ�VHSG�GSO@RRVC��
# htpasswd -c /etc/svn-passwd user1
# -c creates the file
Access c
ontr
ol s
vn.a
cl e
xam
ple
# Default it read access. "* =" would be default no access
[/]
* = r
[groups]
project1-developers = joe, jack, jane
# Give write access to the developers
[project1:]
@project1-developers = rw
13
.2S
VN
co
mm
an
ds
an
d u
sa
ge
3DD�@KRN�SGD3TAUDQRHNM�1THBJ�2DEDQDMBD�#@QC
���4NQSNHRD�36.��HR�@�MHBD�7HMCNVR�HMSDQE@BD�
Im
po
rt
!MDVOQNIDBS�SG@SHR@CHQDBSNQXVHSGRNLDEHKDR�HRHLONQSDCHMSNSGDQDONRHSNQXVHSGSGDimport
BNLL@MC��)L
ONQS�HR�@KRN�TRDC�SN�@CC�@�CHQDBSNQX�VHSG�HSR�BNMSDMS�SN�@M�DWHRSHMF�OQNIDBS�
# svn help import
# Get help for any command
# Add a new directory (with content) into the src dir on project1
# svn import /project1/newdir http://host.url/svn/project1/trunk/src -m 'add newdir'
Ty
pic
al S
VN
co
mm
an
ds
# svn co http://host.url/svn/project1/trunk
# Checkout the most recent version
# Tags and branches are created by copying
# svn mkdir http://host.url/svn/project1/tags/
# Create the tags directory
# svn copy -m "Tag rc1 rel." http://host.url/svn/project1/trunk \
http://host.url/svn/project1/tags/1.0rc1
# svn status [--verbose]
# Check files status into working dir
# svn add src/file.h src/file.cpp
# Add two files
# svn commit -m 'Added new class file'
# Commit the changes with a message
# svn ls http://host.url/svn/project1/tags/
# List all tags
# svn move foo.c bar.c
# Move (rename) files
# svn delete some_old_file
# Delete files
14
US
EF
UL
C
OM
MA
ND
SKDRR�O��[UH�O��[L@HK�O��[S@Q�O��[CC�O��[RBQDDM�O��[EHMC�O��[-HRBDKK@MDNTR
�O��
14
.1le
ss
4GDlessBNLL@MC�CHROK@XR�@�SDWS�CNBTLDMS�NM�SGD�BNMRNKD��)S�HR
�OQDRDMS�NM�LNRS�HMRS@KK@SHNM�
# less unixtoolbox.xhtml
3NLD�HLONQS@MS�BNLL@MCR�@QD��>.�RS@MCR�ENQ�;BNMSQNK= ;.
=�h
HFNNC�GDKO�NM�CHROK@X
f ^F ^
V S
PA
CE
&NQV@QC�NMD�VHMCNV��NQ�.�KHMDR�
b ^
B E
SC
-v"@BJV@QC�NMD�VHMCNV��NQ�.�KHMDR�
F&NQV@QC�ENQDUDQ��KHJ
D��S@HK� E��
/p
atte
rn
3D@QBG�ENQV@QC�ENQ��. SG�L@SBGHMF�KHMD�
?p
atte
rn
3D@QBG�A@BJV@QC�ENQ��. SG�L@SBGHMF�KHMD�
n2DOD@S�OQDUHNTR�RD@QBG��ENQ�. SG�NBBTQQDMBD�
N2DOD@S�OQDUHNTR�RD@QBG�HM�QDUDQRD�CHQDBSHNM�
qPTHS
���GSSO���V
VV�BR�OTS�ONYM@M�OK�BRNA@MHDB�0@ODQR�RUM QDEB@QC�OCE
���GSSO���SN
QSNHRDRUM�SHFQHR�NQF
c�5RDETK�#NLL@MCR�c
��
13
SV
N3DQUDQ�RDSTO�O��[36.�33(�O��[36.�NUDQ�GSSO�O��[36.�TR@FD�O��
3TAUDQRHNM�36.��HR@UDQRHNMBNMSQNKRXRSDLCDRHFMDCSNADSGDRTBBDRRNQNE#63�#NMBTQQDMS
6DQRHNMR3XRSDL�4GDBNMBDOSHRRHLHK@QSN#63�ATSL@MXRGNQSBNLHMFRVGDQDHLOQNUDC�3DD@KRN
SGD36.�ANNJ���
13
.1S
erv
er s
etu
p
4GD�HMHSH@SHNM�NE�SGD�QDONRHSNQX�HR�E@HQKX�RHLOKD��GDQD�ENQ�DW@LOKD
/home/svn/LTRS�DWHRS�
# svnadmin create --fs-type fsfs /home/svn/project1
.NV�SGD�@BBDRR�SN�SGD�QDONRHSNQX�HR�L@CD�ONRRHAKD�VHSG�
afile://$HQDBSEHKDRXRSDL@BBDRRVHSGSGDRUMBKHDMSVHSG�4GHRQDPTHQDRKNB@KODQLHRRHNMR
NM�SGD�EHKD�RXRSDL�
asvn://NQsvn+ssh://2DLNSD@BBDRRVHSGSGDRUMRDQUDRDQUDQ�@KRNNUDQ33(�4GHR
QDPTHQDR�KNB@K�ODQLHRRHNMR�NM�SGD�EHKD�RXRSDL��CDE@TKS�ONQS�������SBO�
ahttp://2DLNSD@BBDRRVHSGVDAC@UTRHMF@O@BGD�.NKNB@KTRDQR@QDMDBDRR@QXENQSGHR
LDSGNC�
5RHMFSGDKNB@KEHKDRXRSDL�HSHRMNVONRRHAKDSNHLONQS@MCSGDMBGDBJNTS@MDWHRSHMFOQNIDBS�
5MKHJD�VHSG�#63�HS�HR�MNS�MDBDRR@QX�SN�BC�HMSN�SGD�OQNIDBS�CHQDBSNQX��RHLOKX�FHUD�SGD�ETKK�O@SG�
# svn import /project1/ file:///home/svn/project1/trunk -m 'Initial import'
# svn checkout file:///home/svn/project1
4GD�MDV�CHQDBSNQX��SQTMJ��HR�NMKX�@�BNMUDMSHNM��SGHR�HR�MNS�QDPTHQDC�
Re
mo
te
acce
ss w
ith
ssh
.NRODBH@KRDSTOHRQDPTHQDCSN@BBDRRSGDQDONRHSNQXUH@RRG�RHLOKXQDOK@BDfile://VHSGsvn+ssh/
hostname��&NQ�DW@LOKD�
# svn checkout svn+ssh://hostname/home/svn/project1
!RVHSGSGDKNB@KEHKD@BBDRR�DUDQXTRDQMDDCR@MRRG@BBDRRSNSGDRDQUDQ�VHSG@KNB@K@BBNTMS
@MC@KRNQD@C�VQHSD@BBDRR�4GHRLDSGNCLHFGSADRTHS@AKDENQ@RL@KKFQNTO�!KKTRDQRBNTKCADKNMF
SN�@�RTAUDQRHNM�FQNTO�VGHBG�NVMR�SGD�QDONRHSNQX��ENQ�DW@LOKD�
# groupadd subversion
# groupmod -A user1 subversion
# chown -R root:subversion /home/svn
# chmod -R 770 /home/svn
Re
mo
te
acce
ss w
ith
http
(a
pa
ch
e)
2DLNSD@BBDRRNUDQGSSO�GSSORHRSGDNMKXFNNCRNKTSHNMENQ@K@QFDQTRDQFQNTO�4GHRLDSGNCTRDR
SGD�@O@BGD�@TSGDMSHB@SHNM��MNS�SGD�KNB@K�@BBNTMSR��4GHR�HR�@�SXOHB@K�ATS�RL@KK�@O@BGD�BNMEHFTQ@SHNM�
LoadModule dav_module modules/mod_dav.so
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so
# Only for access control
<Location /svn>
DAV svn
# any "/svn/foo" URL will map to a repository /home/svn/foo
SVNParentPath /home/svn
AuthType Basic
AuthName "Subversion repository"
AuthzSVNAccessFile /etc/apache2/svn.acl
AuthUserFile /etc/apache2/svn-passwd
Require valid-user
</Location>
4GD�@O@BGD�RDQUDQ�MDDCR�ETKK�@BBDRR�SN�SGD�QDONRHSNQX�
���GSSO���RTAUDQRHNM�SHFQHR�NQF�
���GSSO���RUMANNJ�QDC AD@M�BNL�DM�����
c�36.�c
��
4.1
0D
HC
P
Lin
ux
3NLD�CHRSQHATSHNMR��3T3%�TRD�CGBOBC�@R�BKHDMS��4GD�CDE@TKS�HMSDQE@BD�HR�DSG��
# dhcpcd -n eth0
# Trigger a renew (does not always work)
# dhcpcd -k eth0
# release and shutdown
4GD�KD@RD�VHSG�SGD�ETKK�HMENQL@SHNM�HR�RSNQDC�HM�
/var/lib/dhcpcd/dhcpcd-eth0.info
Fre
eB
SD
&QDD"3$��@MC�$DAH@M�TRDR�CGBKHDMS��4N�BNMEHFTQD�@M�HMSDQE@BD��ENQ�DW@LOKD�AFD��QTM�
# dhclient bge0
4GD�KD@RD�VHSG�SGD�ETKK�HMENQL@SHNM�HR�RSNQDC�HM�
/var/db/dhclient.leases.bge0
5RD
/etc/dhclient.conf
SN�OQDODMC�NOSHNMR�NQ�ENQBD�CHEEDQDMS�NOSHNMR�
# cat /etc/dhclient.conf
interface "rl0" {
prepend domain-name-servers 127.0.0.1;
default domain-name "sleepyowl.net";
supersede domain-name "sleepyowl.net";
} Win
do
ws
4GD�CGBO�KD@RD�B@M�AD�QDMDVDC�VHSGipconfig�
# ipconfig /renew
# renew all adapters
# ipconfig /renew LAN
# renew the adapter named "LAN"
# ipconfig /release WLAN
# release the adapter named "WLAN"
9DR�HS�HR�@�FNNC�HCD@�SN�QDM@LD�XNT�@C@OSDQ�VHSG�RHLOKD�M@LDR�
4.1
1T
ra
ffic
an
aly
sis
"LNM�HR�@�RL@KK�BNMRNKD�A@MCVHCSG�LNMHSNQ�@MC�B@M�CHROK@X�SGD�EKNV�NM�CHEEDQDMS�HMSDQE@BDR�
Sn
iff w
ith
tcp
du
mp
# tcpdump -nl -i bge0 not port ssh and src \(192.168.16.121 or 192.168.16.54\)
# tcpdump -n -i eth1 net 192.168.16.121
# select to/from a single IP
# tcpdump -n -i eth1 net 192.168.16.0/24
# select traffic to/from a network
# tcpdump -l > dump && tail -f dump
# Buffered output
# tcpdump -i rl0 -w traffic.rl0
# Write traffic headers in binary file
# tcpdump -i rl0 -s 0 -w traffic.rl0
# Write traffic + payload in binary file
# tcpdump -r traffic.rl0
# Read from file (also for ethereal
# tcpdump port 80
# The two classic commands
# tcpdump host google.com
# tcpdump -i eth0 -X port \(110 or 143\)
# Check if pop or imap is secure
# tcpdump -n -i eth0 icmp
# Only catch pings
# tcpdump -i eth0 -s 0 -A port 80 | grep GET
# -s 0 for full packet -A for ASCII
!CCHSHNM@K�HLONQS@MS�NOSHNMR�
-A
0QHMS�D@BG�O@BJDSR�HM�BKD@Q�SDWS��VHSGNTS�GD@CDQ
-X
0QHMS�O@BJDSR�HM�GDW�@MC�!3#))
-l
-@JD�RSCNTS�KHMD�ATEEDQDC
-D
0QHMS�@KK�HMSDQE@BDR�@U@HK@AKD
/M�7HMCNVR�TRD�VHMCTLO�EQNLVVV�VHMOB@O�NQF��5RD�VHMCTLO� $�SN�KHRS�SGD�HMSDQE@BDR�
��GSSO���ODNOKD�RTTF�BG�]SFQ�ALNM�
c�.DSVNQJ�c
��
Sca
n w
ith
nm
ap
.L@O�HR@ONQSRB@MMDQVHSG/3CDSDBSHNM�HSHRTRT@KKXHMRS@KKDCNMLNRSCHRSQHATSHNMR@MCHR@KRN
@U@HK@AKD�ENQ�7HMCNVR��)E�X
NT�CNM�S�RB@M�XNTQ�RDQUDQR��G@BJDQR�CN�HS�EN
Q�XNT���
# nmap cb.vu
# scans all reserved TCP ports on the host
# nmap -sP 192.168.16.0/24# Find out which IP are used and by which host on 0/24
# nmap -sS -sV -O cb.vu
# Do a stealth SYN scan with version and OS detection
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 3.8.1p1 FreeBSD-20060930 (protocol 2.0)
25/tcp open smtp Sendmail smtpd 8.13.6/8.13.6
80/tcp open http Apache httpd 2.0.59 ((FreeBSD) DAV/2 PHP/4.
[...]
Running: FreeBSD 5.X
Uptime 33.120 days (since Fri Aug 31 11:41:04 2007)
/SGDQMNMRS@MC@QCATSTRDETKSNNKR@QD
hping�VVV�GOHMF�NQF@M)0O@BJDS@RRDLAKDQ�@M@KXYDQ
@MCfping�EOHMF�RNTQBDENQFD�MDS��EO
HMF�B@M�BGDBJ�LTKSHOKD�GNRSR�HM�@�QNTMC QNAHM�E@RGHNM�
4.1
2T
ra
ffic
co
ntro
l (Q
oS
)
4Q@EEHB
BNMSQNKL@M@FDRSGDPTDTHMF�ONKHBHMF�RBGDCTKHMF�@MCNSGDQSQ@EEHB
O@Q@LDSDQRENQ@
MDSVNQJ�4GDENKKNVHMFDW@LOKDR@QDRHLOKDOQ@BSHB@KTRDRNESGD,HMTW@MC&QDD"3$B@O@AHKHSHD
RSN
ADSSDQ�TRD�SGD�@U@HK@AKD�A@MCVHCSG�
Lim
it u
plo
ad
$3,NQB@AKDLNCDLRG@UD@KNMFPTDTDSNHLOQNUDSGDTOKN@CSGQNTFGOTS�(NVDUDQEHKKHM
FSGD
PTDTDVHSG@E@RSCDUHBD�D�F�DSGDQMDSVHKKCQ@L@SHB@KKXCDBQD@RDSGDHMSDQ@BSHUHSX�)SHRSGDQDENQD
TRDETKSNKHLHSSGDCDUHBDTOKN@CQ@SDSNL@SBGSGDOGXRHB@KB@O@BHSXNESGDLNCDL�SGHRRGNTKC
FQD@SKX�HLOQNUD�SGD�HMSDQ@BSHUHSX��3DS�SN�@ANTS�����NE�SGD�LNCDL�L@WHL@K��B@AKD�RODDC�
Lin
ux
&NQ�@�����+AHS�TOKN@C�LNCDL�
# tc qdisc add dev eth0 root tbf rate 480kbit latency 50ms burst 1540
# tc -s qdisc ls dev eth0
# Status
# tc qdisc del dev eth0 root
# Delete the queue
# tc qdisc change dev eth0 root tbf rate 220kbit latency 50ms burst 1540
FreeB
SD
&QDD"3$TRDRSGDdummynetSQ@EEHBRG@ODQVGHBGHRBNMEHFTQDCVHSGHOEV�0HODR@QDTRDCSNRDSKHLHSR
SGDA@MCVHCSGHMTMHSRNE;+[-=ZAHS�R["XSD�R\��LD@MRTMKHLHSDCA@MCVHCSG�5RHMFSGDR@LDOHOD
MTLADQ�VHKK�QD
BNMEHFTQD�HS��&
NQ�DW@LOKD�KHLHS�SG
D�TOKN@C�A@MCVHCSG�SN�����+AHS�
# kldload dummynet
# load the module if necessary
# ipfw pipe 1 config bw 500Kbit/s
# create a pipe with limited bandwidth
# ipfw add pipe 1 ip from me to any
# divert the full upload into the pipe
Qu
alit
y o
f s
erv
ice
Lin
ux
0QHNQHSX
PTDTHMFVHSG
tcSN
NOSHLHYD6N)0�3DDSGDETKKDW@LOKDNMUNHO HMEN�NQF
NQ
VVV�GNVSNENQFD�BNL�3TOONRD6N)0TRDRTCONMONQSR�����������@MCCDUHBDDSG��BNTKC@KRN
ADOOO�NQRN�4GDENKKNVHMFBNLL@MCRCDEHMDSGD1N3SNSGQDDPTDTDR@MCENQBDSGD6N)0SQ@EEHB
SNPTDTD�VHSG1N30x1e�@KKAHSRRDS�4GDCDE@TKSSQ@EEHBEKNVRHMSNPTDTD�@MC1N3
Min
imiz
e-
Dela
yEKNVR�HMSN�PTDTD���
# tc qdisc add dev eth0 root handle 1: prio priomap 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 0
# tc qdisc add dev eth0 parent 1:1 handle 10: sfq
# tc qdisc add dev eth0 parent 1:2 handle 20: sfq
# tc qdisc add dev eth0 parent 1:3 handle 30: sfq
# tc filter add dev eth0 protocol ip parent 1: prio 1 u32 \
match ip dport 10000 0x3C00 flowid 1:1
# use server port range
match ip dst 123.23.0.1 flowid 1:1
# or/and use server IP
��GSSO���HM
RDBTQD�NQF�ML@O�
c�.DSVNQJ�c
��
12
.3S
SH
tu
nn
elin
g f
or C
VS
7DMDDC�RGDKKRENQSGHR�/MSGDEHQRSRGDKKVDBNMMDBSSNSGDBURRDQUDQVHSGRRG@MCONQS EN
QV@QC
SGD�BUR�BNMMDBSHNM��/M�SGD�RDBNMC�RGDKK�VD�TRD�SGD�BUR�MNQL@KKX�@R�HE�HS�V
GDQD�QTMMHMF�KNB@KKX�
NM�RGDKK���
# ssh -L2401:localhost:2401 colin@cvs_server
# Connect directly to the CVS server. Or:
# ssh -L2401:cvs_server:2401 colin@gateway
# Use a gateway to reach the CVS
NM�RGDKK���
# setenv CVSROOT :pserver:colin@localhost:/usr/local/cvs
# cvs login
Logging in to :pserver:colin@localhost:2401/usr/local/cvs
CVS password:
# cvs checkout MyProject/src
12
.4C
VS
co
mm
an
ds
an
d u
sa
ge
Im
po
rt
4GDHLONQSBNLL@MCHRTRDCSN@CC@VGNKDCHQDBSNQX�HSLTRSADQTMEQNLVHSGHMSGDCHQDBSNQX
SNADHLONQSDC�3@XSGDCHQDBSNQX�CDUDK�BNMS@HMR@KKEHKDR@MCRTACHQDBSNQHDRSNADHLONQSDC�4GD
CHQDBSNQX�M@LD�NM�SGD�#63��SGD�LNCTKD�VHKK�AD�B@KKDC��LX@OO��
# cvs import [options] directory-name vendor-tag release-tag
# cd /devel
# Must be inside the project to import it
# cvs import myapp Company R1_0
# Release tag can be anything in one word
!ESDQ�@�VGHKD�@�MDV�CHQDBSNQX���CDUDK�SNNKR���V
@R�@CCDC�@MC�HS�G
@R�SN�AD�HLONQSDC�SNN�
# cd /devel/tools
# cvs import myapp/tools Company R1_0
Ch
eck
ou
t u
pd
ate
ad
d c
om
mit
# cvs co myapp/tools
# Will only checkout the directory tools
# cvs co -r R1_1 myapp
# Checkout myapp at release R1_1 (is sticky)
# cvs -q -d update -P
# A typical CVS update
# cvs update -A
# Reset any sticky tag (or date, option)
# cvs add newfile
# Add a new file
# cvs add -kb newfile
# Add a new binary file
# cvs commit file1 file2
# Commit the two files only
# cvs commit -m "message"
# Commit all changes done with a message
Cre
ate
a p
atch
)SHRADRSSNBQD@SD@MC@OOKX@O@SBGEQNLSGDVNQJHMFCDUDKNOLDMSCHQDBSNQXQDK@SDCSNSGDOQNIDBS�
NQ�EQN
L�VHSGHM�SGD�RNTQBD�CHQDBSNQX�
# cd /devel/project
# diff -Naur olddir newdir > patchfile# Create a patch from a directory or a file
# diff -Naur oldfile newfile > patchfile
Ap
ply
a p
atch
3NLDSHLDRHSHRMDBDRR@QXSNRSQHO
@CHQDBSNQXKDUDKEQNLSGDO@SBG�CDODMCHMFGNVHSV@RBQD@SDC�
)M�B@RD�NE�CHEEHBTKSHDR��RHLOKX�KNNJ�@S�SGD�EHQRS�KHMDR�NE�SGD�O@SBG�@MC�SQX� O��� O��NQ� O��
# cd /devel/project
# patch --dry-run -p0 < patchfile
# Test the path without applying it
# patch -p0 < patchfile
# patch -p1 < patchfile
# strip off the 1st level from the path
c�#63�c
��
Ne
tw
ork
se
tu
p w
ith
in
etd
4GD#63B@MADQTMKNB@KKXNMKXHE@MDSVNQJ@BBDRRHRMNSMDDCDC�&NQ@QDLNSD@BBDRR�SGDC@DLNM
HMDSC�B@M�RS@QS�SGD�ORDQUDQ�VHSG�SGD�ENKKNVHMF�KHMD�HM��DSB�HMDSC�BNME���DSB�WHMDSC�C�BUR�NM�3T3%�
cvspserver stream tcp nowait cvs /usr/bin/cvs cvs \
--allow-root=/usr/local/cvs pserver
)SHR@FNNCHCD@SNAKNBJSGDBURONQSEQNLSGD)MSDQMDSVHSGSGDEHQDV@KK@MCTRD@MRRGSTMMDKSN
@BBDRR�SGD�QDONRHSNQX�QDLNSDKX�
Se
pa
ra
te
au
th
en
tic
atio
n
)SHRONRRHAKDSNG@UDBURTRDQRVGHBG@QDMNSO@QSNESGD/3�MNKNB@KTRDQR�4GHRHR@BST@KKX
OQNA@AKXV@MSDCSNNEQNLSGDRDBTQHSXONHMSNEUHDV�3HLOKX@CC@EHKDM@LDC
passw
d�HMSGD
#632//4CHQDBSNQXBNMS@HMHMFSGDTRDQRKNFHM@MCO@RRVNQCHMSGDBQXOSENQL@S�4GHRHRB@MAD
CNMD�VHSG�SGD�@O@BGD�GSO@RRVC�SNNK�
Note
:4GHRO@RRVCEHKDHRSGDNMKXEHKDVGHBGG@RSNADDCHSDCCHQDBSKXHMSGD#632//4CHQDBSNQX�!KRN
HS�VNM�S�AD�BGDBJDC�NTS��-NQD�HMEN�VHSG�GSO@RRVC� GDKO
# htpasswd -cb passwd user1 password1
# -c creates the file
# htpasswd -b passwd user2 password2
.NV@CC:cvs@SSGDDMCNED@BGKHMDSNSDKKSGDBURRDQUDQSNBG@MFDSGDTRDQSNBUR�NQVG@SDUDQ
XNTQ�BUR�RDQUDQ�HR�QTMMHMF�TMCDQ��)S�KNNJR�KHJD�SGHR�
# cat passwd
user1:xsFjhU22u8Fuo:cvs
user2:vnefJOsnnvToM:cvs
12
.2T
es
t i
t
4DRS�SGD�KNFHM�@R�MNQL@K�TRDQ��ENQ�DW@LOKD�GDQD�LD
# cvs -d :pserver:[email protected]:/usr/local/cvs login
Logging in to :pserver:[email protected]:2401/usr/local/cvs
CVS password:
CV
SR
OO
T v
aria
ble
4GHRHR@MDMUHQNMLDMSU@QH@AKDTRDCSNRODBHEXSGDKNB@SHNMNESGDQDONRHSNQXVD�QDCNHMFNODQ@SHNMR
NM�&NQKNB@KTRD�HSB@MADITRSRDSSNSGDCHQDBSNQXNESGDQDONRHSNQX�&NQTRDNUDQSGDMDSVNQJ�SGD
SQ@MRONQSOQNSNBNKLTRSADRODBHEHDC�3DSSGD#632//4U@QH@AKDVHSGsetenv
CVSROOT
stringNM
@�BRG��SBRG�RGDKK��NQ�VHSGexport CVSROOT=stringNM�@�RG��A@RG�RGDKK�
# setenv CVSROOT :pserver:<username>@<host>:/cvsdirectory
For example:
# setenv CVSROOT /usr/local/cvs
# Used locally only
# setenv CVSROOT :local:/usr/local/cvs
# Same as above
# setenv CVSROOT :ext:user@cvsserver:/usr/local/cvs
# Direct access with SSH
# setenv CVS_RSH ssh
# for the ext access
# setenv CVSROOT :pserver:[email protected]:/usr/local/cvs
# network with pserver
7GDMSGDKNFHMRTBBDDCDCNMDB@MHLONQS@MDVOQNIDBSHMSNSGDQDONRHSNQX�
cd
intoXNTQOQNIDBS
QNNS�CHQDBSNQX
cvs import <module name> <vendor tag> <initial tag>
cvs -d :pserver:[email protected]:/usr/local/cvs import MyProject MyCompany START
7GDQD-X0QNIDBSHRSGDM@LDNESGDMDVOQNIDBSHMSGDQDONRHSNQX�TRDCK@SDQSNBGDBJNTS�#URVHKK
HLONQS�SGD�BTQQDMS�CHQDBSNQX�BNMSDMS�HMSN�SGD�MDV�OQNIDBS�
4N�BGDBJNTS�
# cvs -d :pserver:[email protected]:/usr/local/cvs checkout MyProject
or
# setenv CVSROOT :pserver:[email protected]:/usr/local/cvs
# cvs checkout MyProject
c�#63�c
��
3S@STR�@MC�QDLNUD�VHSG
# tc -s qdisc ls dev eth0
# queue status
# tc qdisc del dev eth0 root
# delete all QoS
Calc
ula
te p
ort
range a
nd m
ask
4GDSBEHKSDQCDEHMDRSGDONQSQ@MFDVHSGONQS@MCL@RJVGHBGXNTG@UDSNB@KBTK@SD�&HMCSGD�>.
endin
gNESGDONQSQ@MFD�CDCTBDSGDQ@MFD@MCBNMUDQSSN(%8�4GHRHRXNTQL@RJ�%W@LOKDENQ
������ ���������SGD�Q@MFD�HR������
# 2^13 (8192) < 10000 < 2^14 (16384)
# ending is 2^14 = 16384
# echo "obase=16;(2^14)-1024" | bc
# mask is 0x3C00
FreeB
SD
4GDL@WKHMJA@MCVHCSGHR���+AHS�R@MCVDCDEHMD�PTDTDRVHSGOQHNQHSX��������ENQ6N)0�RRG�@KK
SGD�QDRS�
# ipfw pipe 1 config bw 500Kbit/s
# ipfw queue 1 config pipe 1 weight 100
# ipfw queue 2 config pipe 1 weight 10
# ipfw queue 3 config pipe 1 weight 1
# ipfw add 10 queue 1 proto udp dst-port 10000-11024
# ipfw add 11 queue 1 proto udp dst-ip 123.23.0.1# or/and use server IP
# ipfw add 20 queue 2 dsp-port ssh
# ipfw add 30 queue 3 from me to any
# all the rest
3S@STR�@MC�QDLNUD�VHSG
# ipfw list
# rules status
# ipfw pipe list
# pipe status
# ipfw flush
# deletes all rules but default
4.1
3N
IS
De
bu
gg
ing
3NLD�BNLL@MCR�VGHBG�RGNTKC�VNQJ�NM�@�VDKK�BNMEHFTQDC�.)3�BKHDMS�
# ypwhich
# get the connected NIS server name
# domainname
# The NIS domain name as configured
# ypcat group
# should display the group from the NIS server
# cd /var/yp && make
# Rebuild the yp database
# rpcinfo -p servername
# Report RPC services of the server
)R�XOAHMC�QTMMHMF�
# ps auxww | grep ypbind
/usr/sbin/ypbind -s -m -S servername1,servername2
# FreeBSD
/usr/sbin/ypbind
# Linux
# yppoll passwd.byname
Map passwd.byname has order number 1190635041. Mon Sep 24 13:57:21 2007
The master server is servername.domain.net.
Lin
ux
# cat /etc/yp.conf
ypserver servername
domain domain.net broadcast
4.1
4N
etc
at
.DSB@S��MBHRADSSDQJMNVM@RSGD�MDSVNQJ3VHRR!QLX+MHED��HSB@ML@MHOTK@SD�BQD@SDNQ
QD@C�VQHSD4#0�)0BNMMDBSHNMR�(DQDRNLDTRDETKDW@LOKDR�SGDQD@QDL@MXLNQDNMSGDMDS�ENQ
DW@LOKDF KN@CDC�DT;���=�@MCGDQD���
9NT�LHFGS�MDDC�SN�TRD�SGD�BNLL@MCnetcatHMRSD@C�NEnc��!KRN�RDD�SGD�RHLHK@Q�BNLL@MCRNB@S�
��GSSO���MDSB@S�RNTQBDENQFD�MDS
��GSSO���VVV�F KN@CDC�DT������������MDSB@S @ BNTOKD NE TRDETK DW@LOKDR
���GSSO���VVV�SDQLHM@KKX HMBNGDQDMS�BNL�AKNF������������EDV TRDETK MDSB@S SQHBJR
c�.DSVNQJ�c
��
File
tra
nsfe
r
#NOX@K@QFDENKCDQNUDQ@Q@VSBOBNMMDBSHNM�4GDSQ@MREDQHRUDQXPTHBJ�MNOQNSNBNKNUDQGD@C
@MCXNTCNM�SMDDCSNLDRRTOVHSG.&3NQ3-"NQ&40NQRN�RHLOKXL@JDSGDEHKD@U@HK@AKDNMSGD
RDQUDQ��@MC�FDS�HS�EQN
L�SGD�BKHDMS��(DQD�������������HR�SGD�RDQUDQ�)0�@CCQDRR�
server#tar -cf - -C VIDEO_TS . | nc -l -p 4444
# Serve tar folder on port 4444
client#nc 192.168.1.1 4444 | tar xpf - -C VIDEO_TS
# Pull the file on port 4444
server#cat largefile | nc -l 5678
# Server a single file
client#nc 192.168.1.1 5678 > largefile
# Pull the single file
server#dd if=/dev/da0 | nc -l 4444
# Server partition image
client#nc 192.168.1.1 4444 | dd of=/dev/da0
# Pull partition to clone
client#nc 192.168.1.1 4444 | dd of=da0.img
# Pull partition to file
Oth
er h
ack
s
3ODBH@KKX�GDQD��XNT�LTRS�JMNV�VG@S�XNT�@QD�CNHMF�
Rem
ote
shell
/OSHNM� D�NMKX�NM�SGD�7HMCNVR�UDQRHNM��/Q�TRDMB������
# nc -lp 4444 -e /bin/bash
# Provide a remote shell (server backdoor)
# nc -lp 4444 -e cmd.exe
# remote shell for Windows
Em
ergency w
eb s
erver
3DQUD�@�RHMFKD�EHKD�NM�ONQS����HM�@�KNNO�
# while true; do nc -l -p 80 < unixtoolbox.xhtml; done
Chat
!KHBD�@MC�"NA�B@M�BG@S�NUDQ�@�RHLOKD�4#0�RNBJDS��4GD�SDWS�HR�SQ@MREDQQDC�VHSG�SGD�DMSDQ�JDX�
alice#nc -lp 4444
bob #nc 192.168.1.1 4444
5S
SH
S
CP
0TAKHB�JDX�O��[&HMFDQOQHMS�O��[3#0�O��[4TMMDKHMF�O��
3DD�NSGDQ�SQHB
JR���RRG�BLC��
5.1
Pu
blic
ke
y a
uth
en
tic
atio
n
#NMMDBSSN@GNRSVHSGNTSO@RRVNQCTRHMFOTAKHBJDX@TSGDMSHB@SHNM�4GDHCD@HRSN@OODMCXNTQ
OTAKHBJDXSNSGD@TSGNQHYDC?JDXR�EHKDNMSGDQDLNSDGNRS�&NQSGHRDW@LOKDKDS�R
co
nn
ecthost-
client
tohost-server�SGDJDXHRFDMDQ@SDCNMSGDBKHDMS�7HSGBXFVHMXNTLHFGSG@UDSNBQD@SD
XNTQ�GNLD�CHQDBSNX�@MC�SGD��RRG�CHQDBSNQX�VHSG
# mkdir -p /home/USER/.ssh
a5RDRRG JDXFDMSNFDMDQ@SD@JDXO@HQ�
~/.ssh/id_dsaHRSGDOQHU@SDJDX�~/.ssh/
id_dsa.pubHR�SGD�OTAKHB�JDX�
a#NOXNMKXSGDOTAKHBJDXSNSGDRDQUDQ@MC@OODMCHSSNSGDEHKD
~/.ssh/authorized_keys2
NM�XNTQ�GNLD�NM�SGD�RDQUDQ�
# ssh-keygen -t dsa -N ''
# cat ~/.ssh/id_dsa.pub | ssh you@host-server "cat - >> ~/.ssh/authorized_keys2"
Usin
g t
he
Win
do
ws c
lien
t f
ro
m s
sh
.co
m
4GDMNMBNLLDQBH@KUDQRHNMNESGDRRG�BNLBKHDMSB@MADCNVMKN@CDCSGDL@HMESO
RHSD�
ESO�RRG�BNL�OTA�RRG��+DXRFDMDQ@SDCAXSGDRRG�BNLBKHDMSMDDCSNADBNMUDQSDCENQSGD/ODM33(
RDQUDQ��4GHR�B@M�AD�CNMD�VHSG�SGD�RRG JDXFDM�BNLL@MC�
a#QD@SD@JDXO@HQVHSGSGDRRG�BNLBKHDMS�3DSSHMFR 5RDQ!TSGDMSHB@SHNM '[email protected]����
a)�TRD�+DX�SXOD�$3!��JDX�KDMFSG������
a#NOX�SGD�OTAKHB�JDX�FDMDQ@SDC�AX�SGD�RRG�BNL�BKHDMS�SN�SGD�RDQUDQ�HMSN�SGD�]��RRG�ENKCDQ�
���GSSO���AKNF�TQEHW�BNL��� RRG BNLL@MCR SQHB
JR�
c�33(�3#0�c
��
7G@S�VD�G@UD�MNV�HM�SGD�CHQDBSNQX��TRQ�KNB@K�BDQSR��
#!�OQHU@SD�B@JDX�ODL
(CA s
erv
er p
rivate
key)
#!�B@BDQS�ODL
(CA s
erv
er p
ublic
key)
BDQSR�RDQUDQM@LDJDX�ODL
(serv
er p
rivate
key)
BDQSR�RDQUDQM@LDBDQS�ODL
(serv
er s
igned c
ertific
ate
)BDQSR�RDQUDQM@LD�ODL
(serv
er c
ertific
ate
with
priv
ate
key)
+DDO�SGD�OQHU@SD�JDX�RDBTQD�
11
.7V
iew
ce
rtif
ica
te
info
rm
atio
n
4N�UHDV�SGD�BDQSHEHB
@SD�HMENQL@SHNM�RHLOKX�CN�
# openssl x509 -text -in servernamecert.pem
# View the certificate info
# openssl req -noout -text -in server.csr
# View the request info
# openssl s_client -connect cb.vu:443
# Check a web server certificate
12
CV
S3DQUDQ�RDSTO�O��[#63�SDRS�O��[33(�STMMDKHMF�O��[#63�TR@FD�O��
12
.1S
erv
er s
etu
p
In
itia
te
th
e C
VS
$DBHCDVGDQDSGDL@HMQDONRHSNQXVHKKQDRS@MCBQD@SD@QNNSBUR�&NQDW@LOKD�TRQ�KNB@K�BUR�@R
QNNS�
# mkdir -p /usr/local/cvs
# setenv CVSROOT /usr/local/cvs
# Set CVSROOT to the new location (local)
# cvs init
# Creates all internal CVS config files
# cd /root
# cvs checkout CVSROOT
# Checkout the config files to modify them
# cd CVSROOT
edit config ( fine as it is)
# cvs commit config
cat >> writers
# Create a writers file (optionally also readers)
colin
^D
# Use [Control][D] to quit the edit
# cvs add writers
# Add the file writers into the repository
# cvs edit checkoutlist
# cat >> checkoutlist
writers
^D
# Use [Control][D] to quit the edit
# cvs commit
# Commit all the configuration changes
!CC@
read
ersEHKDHEXNTV@MSSNCHEEDQDMSH@SDQD@C@MCVQHSD
ODQLHRRHNMR
Note
:$NMNS�DUDQDCHS
EHKDRCHQDBSKXHMSNSGDL@HMBUR�ATSQ@SGDQBGDBJNTSSGDEHKD�LNCHEXHS@MCBGDBJHSHM�7DCHCSGHR
VHSG�SGD�EHKD
write
rsSN�CDEHMD�SGD�VQHSD�@BBDRR�
4GDQD@QDSGQDDONOTK@QV@XRSN@BBDRRSGD#63@SSGHRONHMS�4GDEHQRSSVNCNM�SMDDC@MXETQSGDQ
BNMEHFTQ@SHNM��3DD�SGD�DW@LOKDR�NM#632//4ADKNV�ENQ�GNV�SN�TRD�SGDL�
a$HQDBSKNB@K@BBDRRSNSGDEHKDRXRSDL�4GDTRDQ�RMDDCRTEEHBHDMSEHKDODQLHRRHNMSN@BBDRR
SGD#3CHQDBSKX@MCSGDQDHRMNETQSGDQ@TSGDMSHB@SHNMHM@CCHSHNMSNSGD/3KNFHM�(NVDUDQ
SGHR�HR�NMKX�TRDETK�HE�SG
D�QDONRHSNQX�HR�KNB@K�
a2DLNSD@BBDRRVHSGRRGVHSGSGDDWSOQNSNBNK�!MXTRDVHSG@MRRGRGDKK@BBNTMS@MCQD@C�
VQHSD
ODQLHRRHNMRNMSGD#63RDQUDQB@M@BBDRRSGD#63CHQDBSKXVHSGDWSNUDQRRGVHSGNTS
@MX@CCHSHNM@KSTMMDK�4GDQDHRMNRDQUDQOQNBDRRQTMMHMFNMSGD#63ENQSGHRSNVNQJ�4GD
RRG�KNFHM�CNDR�SGD�@TSGDMSHB@SHNM�
a2DLNSD@BBDRRVHSGORDQUDQ�CDE@TKSONQS������SBO�4GHRHRSGDOQDEDQQDCTRDENQK@QFDQ
TRDQA@RD@RSGDTRDQR@QD@TSGDMSHB@SDCAXSGD#63ORDQUDQVHSG@CDCHB@SDCO@RRVNQC
C@S@A@RD�SGDQDHRSGDQDENQDMNMDDCENQKNB@KTRDQR@BBNTMSR�4GHRRDSTOHRDWOK@HMDCADKNV�
c�#63�c
��
certs = $dir/certs
# Where the issued certs are kept
crl_dir = $dir/crl
# Where the issued crl are kept
database = $dir/index.txt
# database index file.
-@JD�RTQD�SGD�CHQDBSNQHDR�DWHRS�NQ�BQD@SD�SGDL
# mkdir -p /usr/local/certs/CA
# cd /usr/local/certs/CA
# mkdir certs crl newcerts private
# echo "01" > serial
# Only if serial does not exist
# touch index.txt
)EXNTHMSDMCSNFDS@RHFMDCBDQSHEHB@SDEQNL@UDMCNQ�XNTNMKXMDDC@BDQSHEHB@SDRHFMHMFQDPTDRS
�#32��4GHR�#32�VHKK�SGDM�AD�RHFMDC�AX�SGD�UDMCNQ�ENQ�@�KHLHSDC�SHLD��D�F����XD@Q�
11
.3C
re
ate
a c
ertif
ica
te
au
th
orit
y
)EXNTCNMNSG@UD@BDQSHEHB@SD@TSGNQHSXEQNL@UDMCNQ�XNT�KKG@UDSNBQD@SDXNTQNVM�4GHRRSDO
HRMNSMDBDRR@QXHENMDHMSDMCSNTRD@UDMCNQSNRHFMSGDQDPTDRS�4NL@JD@BDQSHEHB@SD@TSGNQHSX
�#!�
# openssl req -new -x509 -days 730 -config /etc/ssl/openssl.cnf \
-keyout CA/private/cakey.pem -out CA/cacert.pem
11
.4C
re
ate
a c
ertif
ica
te
sig
nin
g r
eq
ue
st
4NL@JD@MDVBDQSHEHB@SD�ENQL@HKRDQUDQNQVDARDQUDQENQDW@LOKD�EHQRSBQD@SD@QDPTDRS
BDQSHEHB@SDVHSGHSROQHU@SDJDX�)EXNTQ@OOKHB@SHNMCNMNSRTOONQSDMBQXOSDCOQHU@SDJDX�ENQDW@LOKD
57 )-!0�CNDR�MNS��SGDM�CHR@AKD�DMBQXOSHNM�VHSG-nodes�
# openssl req -new -keyout newkey.pem -out newreq.pem \
-config /etc/ssl/openssl.cnf
# openssl req -nodes -new -keyout newkey.pem -out newreq.pem \
-config /etc/ssl/openssl.cnf
# No encryption for the key
+DDOSGHRBQD@SDC#32�newreq.pem@RHSB@MADRHFMDC@F@HM@SSGDMDWSQDMDV@K�SGDRHFM@STQD
NMKS�VHKK�KHLHS�SGD�U@KHCHSX�NE�SGD�BDQSHEHB@SD��4GHR�OQNBDRR�@KRN�BQD@SDC�SGD�OQHU@SD�JDXnewkey.pem�
11
.5S
ign
th
e c
ertif
ica
te
4GDBDQSHEHB@SDQDPTDRSG@RSNADRHFMDCAXSGD#!SNADU@KHC�SGHRRSDOHRTRT@KKXCNMDAXSGD
UDMCNQ�
Note
: re
pla
ce "
serv
ern
am
e"
with t
he n
am
e o
f your
serv
er
in t
he n
ext
com
mands�
# cat newreq.pem newkey.pem > new.pem
# openssl ca -policy policy_anything -out servernamecert.pem \
-config /etc/ssl/openssl.cnf -infiles new.pem
# mv newkey.pem servernamekey.pem
.NV�RDQUDQM@LDJDX�ODL�HR�SGD�OQHU@SD�JDX�@MC�RDQUDQM@LDBDQS�ODL�HR�SGD�RDQUDQ�BDQSHEHB@SD�
11
.6C
re
ate
un
ite
d c
ertif
ica
te
4GD)-!0RDQUDQV@MSRSNG@UDANSGOQHU@SDJDX@MCRDQUDQBDQSHEHB@SDHMSGDR@LDEHKD�!MCHM
FDMDQ@K�SGHRHR@KRND@RHDQSNG@MCKD�ATSSGDEHKDG@RSNADJDOSRDBTQDKX��!O@BGD@KRNB@MCD@K
VHSG�HS�VDKK��#QD@SD�@�EHKD�RDQUDQM@LD�ODL�BNMS@HMHMF�ANSG�SGD�BDQSHEHB@SD�@MC�JDX�
a/ODMSGDOQHU@SDJDX�RDQUDQM@LDJDX�ODLVHSG@SDWSDCHSNQ@MCBNOXSGDOQHU@SDJDXHMSN
SGD��RDQUDQM@LD�ODL��EHKD�
a$N�SGD�R@LD�VHSG�SGD�RDQUDQ�BDQSHEHB@SD��RDQUDQM@LDBDQS�ODL�
4GD�EHM@K�RDQUDQM@LD�ODL�EHKD�RGNTKC�KNNJ�KHJD�SGHR�
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDutWy+o/XZ/[...]qK5LqQgT3c9dU6fcR+WuSs6aejdEDDqBRQ
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIERzCCA7CgAwIBAgIBBDANB[...]iG9w0BAQQFADCBxTELMAkGA1UEBhMCREUx
-----END CERTIFICATE-----
c�33,�#DQSHEHB@SDR�c
��
a4GD
JDXR
@QD
HM#�<$NBTLDMSR
@MC
3DSSHMFR<�53%2.!-%�<!OOKHB@SHNM
$@S@<33(<5RDQ+DXR�
a5RD�SGD�RRG JDXFDM�BNLL@MC�NM�SGD�RDQUDQ�SN�BNMUDQS�SGD�JDX�
# cd ~/.ssh
# ssh-keygen -i -f keyfilename.pub >> authorized_keys2
Notice:7D�TRDC�@�$3!�JDX��23!�HR�@KRN�ONRRHAKD��4GD�JDX�HR�MNS�OQNSDBSDC�AX�@�O@RRVNQC�
Usin
g p
utty
fo
r W
ind
ow
s
0TSSX��HR�@�RHLOKD�@MC�EQDD�RRG�BKHDMS�ENQ�7HMCNVR�
a#QD@SD�@�JDX�O@HQ�VHSG�SGD�OT449FDM�OQNFQ@L�
a3@UD
SGD
OTAKHB@MC
OQHU@SD
JDXR�ENQDW@LOKD
HMSN
#�<$NBTLDMSR
@MC
3DSSHMFR<�53%2.!-%�<�RRG�
a#NOX�SGD�OTAKHB�JDX�SN�SGD�RDQUDQ�HMSN�SGD�]��RRG�ENKCDQ�
# scp .ssh/puttykey.pub [email protected]:.ssh/
a5RD�SGD�RRG JDXFDM�BNLL@MC�NM�SGD�RDQUDQ�SN�BNMUDQS�SGD�JDX�ENQ�/ODM33(�
# cd ~/.ssh
# ssh-keygen -i -f puttykey.pub >> authorized_keys2
a0NHMS�SGD�OQHU@SD�JDX�KNB@SHNM�HM�SGD�OTSSX�RDSSHMFR��#NMMDBSHNM� �33(� �!TSG
5.2
Ch
ec
k f
ing
erp
rin
t
!SSGDEHQRSKNFHM�RRGVHKK@RJHESGDTMJMNVMGNRSVHSGSGDEHMFDQOQHMSG@RSNADRSNQDCHMSGDJMNVM
GNRSR�4N@UNHC@L@M HM SGD LHCCKD@SS@BJSGD@CLHMHRSQ@SNQNESGDRDQUDQB@MRDMCXNTSGDRDQUDQ
EHMFDQOQHMSVGHBGHRSGDMBNLO@QDCNMSGDEHQRSKNFHM�5RDssh-keygen
-lSNFDSSGDEHMFDQOQHMS�NM
SGD�RDQUDQ�
# ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub
# For RSA key
2048 61:33:be:9b:ae:6c:36:31:fd:83:98:b7:99:2d:9f:cd /etc/ssh/ssh_host_rsa_key.pub
# ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key.pub
# For DSA key (default)
2048 14:4a:aa:d9:73:25:46:6d:0a:48:35:c7:f4:16:d4:ee /etc/ssh/ssh_host_dsa_key.pub
.NV�SGD�BKHDMS�BNMMDBSHMF�SN�SGHR�RDQUDQ�B@M�UDQHEX�SG@S�GD�HR�BNMMDBSHMF�SN�SGD�QHFGS�RDQUDQ�
# ssh linda
The authenticity of host 'linda (192.168.16.54)' can't be established.
DSA key fingerprint is 14:4a:aa:d9:73:25:46:6d:0a:48:35:c7:f4:16:d4:ee.
Are you sure you want to continue connecting (yes/no)? yes
5.3
Se
cu
re
fil
e t
ra
ns
fe
r
3NLD�RHLOKD�BNLL@MCR�
# scp file.txt host-two:/tmp
# scp joe@host-two:/www/*.html /www/tmp
# scp -r joe@host-two:/www /www/tmp
)M+NMPTDQNQNQ-HCMHFGS#NLL@MCDQHSHRONRRHAKDSN@BBDRR@QDLNSDEHKDRXRSDLVHSGSGD@CCQDRR
fish
://
user@
gate��(NVDUDQ�SGD�HLOKDLDMS@SHNM�HR�UDQX�RKNV�
&TQSGDQLNQDHSHRONRRHAKDSNLNTMS@QDLNSDENKCDQVHSG
ssh
fs@EHKDRXRSDLBKHDMSA@RDCNM3#0�
3DD�ETRD�RRGER���
ssh_exchange_identification: Connection closed by remote host
7HSG�SGHR�DQQNQ�SQX�SGD�ENKKNVHMF�NM�SGD�RDQUDQ�
echo 'SSHD: ALL' >> /etc/hosts.allow
/etc/init.d/sshd restart
���GSSO���VVV�BGH@QJ�FQDDMDMC�NQF�TJ�]RFS@SG@L�OTSSX�CNVMKN@C�GSLK
���GSSO���ETRD�RNTQBDENQFD�MDS�RRGER�GSLK
c�33(�3#0�c
��
5.4
Tu
nn
elin
g
33(STMMDKHMF@KKNVRSNENQV@QCNQQDUDQRDENQV@QC@ONQSNUDQSGD33(BNMMDBSHNM�SGTRRDBTQHMF
SGDSQ@EEHB@MC@BBDRRHMFONQSRVGHBGVNTKCNSGDQVHRDADAKNBJDC�4GHRNMKXVNQJRVHSG4#0�4GD
FDMDQ@K�MNLDMBK@STQD�ENQ�ENQV@QC�@MC�QDUDQRD�HR��RDD�@KRNRRG�@MC�.!4�DW@LOKD�
# ssh -L localport:desthost:destport user@gate
# desthost as seen from the gate
# ssh -R destport:desthost:localport user@gate
# forwards your localport to destination
# desthost:localport as seen from the client initiating the tunnel
# ssh -X user@gate
# To force X forwarding
4GHRVHKKBNMMDBSSNF@SD@MCENQV@QCSGDKNB@KONQSSNSGDGNRSCDRSGNRS�CDRSONQS�.NSDCDRSGNRS
HRSGDCDRSHM@SHNMGNRS
as
seen
by
the
gate�RNHESGDBNMMDBSHNMHRSNSGDF@SD�SGDMCDRSGNRSHR
KNB@KGNRS��-NQD�SG@M�NMD�ONQS�EN
QV@QC�HR�ONRRHAKD�
Dir
ect f
orw
ard
on
th
e g
ate
,DSR@XVDV@MSSN@BBDRRSGD#63�ONQS����@MCGSSO�ONQS��VGHBG@QDQTMMHMFNMSGDF@SD�
4GHRHRSGDRHLOKDRSDW@LOKD�CDRSGNRSHRSGTRKNB@KGNRS�@MCVDTRDSGDONQS����KNB@KKXHMRSD@CNE
��RNVDCNM�SMDDCSNADQNNS�/MBDSGDRRGRDRRHNMHRNODM�ANSGRDQUHBDR@QD@BBDRRHAKDNMSGD
KNB@K�ONQSR�
# ssh -L 2401:localhost:2401 -L 8080:localhost:80 user@gate
Ne
tb
ios a
nd
re
mo
te
de
sk
to
p f
orw
ard
to
a s
eco
nd
se
rv
er
,DSR@X@7HMCNVRRLARDQUDQHRADGHMCSGDF@SD@MCHRMNSQTMMHMFRRG�7DMDDC@BBDRRSNSGD
RLA�RG@QD�@MC�@KRN�QDLNSD�CDRJSNO�SN�SGD�RDQUDQ�
# ssh -L 139:smbserver:139 -L 3388:smbserver:3389 user@gate
4GDRLARG@QDB@MMNVAD@BBDRRDCVHSG<<���������<�ATSNMKXHESGDKNB@KRG@QDHRCHR@AKDC�
ADB@TRD
the lo
cal s
hare
is lis
tenin
g o
n p
ort 1
39�
)SHRONRRHAKDSNJDDOSGDKNB@KRG@QDDM@AKDC�ENQSGHRVDMDDCSNBQD@SD@MDVUHQST@KCDUHBDVHSG@
MDV)0@CCQDRRENQSGDSTMMDK�SGDRLARG@QDVHKKADBNMMDBSDCNUDQSGHR@CCQDRR�&TQSGDQLNQD
the
localRD
Pis
alre
ady
liste
nin
gon
3389�RNVDBGNNRD�����&NQSGHRDW@LOKDKDS�RTRD@UHQST@K)0NE
���������
a7HSGOTSSXTRD3NTQBDONQS��������������)SHRONRRHAKDSNBQD@SDLTKSHOKDKNNOCDUHBDR@MC
STMMDK�/M7HMCNVR�����NMKXOTSSXVNQJDCENQLD�/M7HMCNVR6HRS@@KRNENQV@QCSGD
ONQS���HM@CCHSHNMSNSGDONQS����!KRNNM6HRS@SGDO@SBG+"������OQDUDMSRSGDONQS
����SN�AD�ENQV@QCDC��RN�)�G@C�SN�TMHMRS@KK�SGHR�O@SG�HM�6HRS@�
a7HSGSGDRRG�BNLBKHDMS�CHR@AKD�!KKNVKNB@KBNMMDBSHNMRNMKX��3HMBDRRG�BNLVHKKAHMCSN
@KK�@CCQDRRDR��NMKX�@�RHMFKD�RG@QD�B@M�AD�BNMMDBSDC�
.NV�BQD@SD�SGD�KNNOA@BJ�HMSDQE@BD�VHSG�)0����������
a�3XRSDL �#NMSQNK0@MDK �!CC(@QCV@QD�9DR�(@QCV@QDHR@KQD@CXBNMMDBSDC�!CC@
MDV�G@QCV@QD�CDUHBD��@S�ANSSNL�
a�)MRS@KKSGDG@QCV@QDSG@S)L@MT@KKXRDKDBS�.DSVNQJ@C@OSDQR�-HBQNRNES�-HBQNRNES
,NNOA@BJ�!C@OSDQ�
a#NMEHFTQD�SGD�)0�@CCQDRR�NE�SGD�E@JD�CDUHBD�SN����������L@RJ����������������MN�F@SDV@X�
a@CU@MBDC �7).3��%M@AKD�,-(NRSR�,NNJTO��$HR@AKD�.DS")/3�NUDQ�4#0�)0�
a�%M@AKD#KHDMSENQ-HBQNRNES.DSVNQJR��$HR@AKD&HKD@MC0QHMSDQ3G@QHMFENQ-HBQNRNES
.DSVNQJR�
)(!$SNQDANNSENQSGHRSNVNQJ�.NVBNMMDBSSNSGDRLARG@QDVHSG<<��������@MCQDLNSDCDRJSNO
SN���������������
Debug
)E�HS�HR�MNS�VNQJHMF�
a!QD�SGD�ONQSR�ENQV@QCDC��MDSRS@S� @M��,NNJ�@S�������������NQ�������������
a$NDR�SDKMDS��������������BNMMDBS�
a9NT�MDDC�SGD�BGDBJANW��,NB@K�ONQSR�@BBDOS�BNMMDBSHNMR�EQNL�NSGDQ�GNRSR��
a)R��&HKD�@MC�0QHMSDQ�3G@QHMF�ENQ�-HBQNRNES�.DSVNQJR��CHR@AKDC�NM�SGD�KNNOA@BJ�HMSDQE@BD�
c�33(�3#0�c
��
/etc
/fs
tab
4GDDMBQXOSDCO@QSHSHN
MB@MADBNMEHFTQDCSNADLNTMSDCVHSG�DSB�ERS@A�4GDO@RRVNQCVHKKAD
OQNLOSDC�VGDM�ANNSHMF��4GD�ENKKNVHMF�RDSSHMFR�@QD�QDPTHQDC�ENQ�SGHR�DW@LOKD�
# grep geli /etc/rc.conf
geli_devices="ad1"
geli_ad1_flags="-k /root/ad1.key"
# grep geli /etc/fstab
/dev/ad1.eli /home/private ufs rw 0 0
Use
pa
ssw
ord
on
ly
)SHRLNQDBNMUDMHDMSSNDMBQXOS@53"RSHBJNQEHKDA@RDCHL@FDVHSG@O@RROGQ@RDNMKX@MCMNJDX�
)MSGHRB@RDHSHRMNSMDBDRR@QXSNB@QQXSGD@CCHSHNM@KJDXEHKD@QNTMC�4GDOQNBDCTQDHRUDQXLTBG
SGDR@LD@R@ANUD�RHLOKXVHSGNTSSGDJDXEHKD�,DS�RDMBQXOS@EHKDA@RDCHL@FD/cryptedfileNE�
'"�
# dd if=/dev/zero of=/cryptedfile bs=1M count=1000
# 1 GB file
# mdconfig -at vnode -f /cryptedfile
# geli init /dev/md0
# encrypts with password only
# geli attach /dev/md0
# newfs -U -m 0 /dev/md0.eli
# mount /dev/md0.eli /mnt
# umount /dev/md0.eli
# geli detach md0.eli
)S�HR�MNV�ONRRHAKD�SN�LNTMS�SGHR�HL@FD�NM�@M�NSGDQ�RXRSDL�VHSG�SGD�O@RRVNQC�NMKX�
# mdconfig -at vnode -f /cryptedfile
# geli attach /dev/md0
# mount /dev/md0.eli /mnt
10
.1O
S X
En
cry
pte
d D
isk
Im
ag
e
$NM�S�JMNV�AX�BNLL@MC�KHMD�NMKX��3DD/3�8�%MBQXOSDC�$HRJ�)L@FD��@MC!OOKD�RTOONQS��
11
SS
L C
ER
TI
FI
CA
TE
S
3NB@KKDC33,�4,3BDQSHEHB
@SDR@QDBQXOSNFQ@OGHBOTAKHBJDXBDQSHEHB
@SDR@MC@QDBNLONRDCNE@OTAKHB
@MC@OQHU@SDJDX�4GDBDQSHEHB
@SDR@QDTRDCSN@TSGDMSHB@SDSGDDMCONHMSR@MCDMBQXOSSGDC@S@�
4GDX�@QD�TRDC�ENQ�DW@LOKD�NM�@�VDA�RDQUDQ��GSSOR�NQ�L@HK�RDQUDQ��HL
@OR�
11
.1P
ro
ce
du
re
a7DMDDC@BDQSHEHB
@SD@TSGNQHSX
SNRHFMNTQBDQSHEHB
@SD�4GHRRSDOHRTRT@KKXOQNUHCDCAX@
UDMCNQ�KHJD�4G@VSD��6DQHRHFM��DSB���GNVDUDQ�VD�B@M�@KRN�BQD@SD�NTQ�NVM�
a#QD@SD@BDQSHEHB
@SDRHFMHMFQDPTDRS�4GHRQDPTDRSHRKHJD@MTMRHFMDCBDQSHEHB
@SD�SGDOTAKHB
O@QS@MC@KQD@CXBNMS@HMR@KKMDBDRR@QXHMENQL@SHNM�4GDBDQSHEHB
@SDQDPTDRSHRMNQL@KKX
RDMSSNSGD@TSGNQHSX
UDMCNQENQRHFMHMF�4GHRRSDO@KRNBQD@SDRSGDOQHU@SDJDXNMSGDKNB@K
L@BGHMD�
a3HFM�SGD�BDQSHEHB
@SD�VHSG�SGD�BDQSHEHB
@SD�@TSGNQHSX�
a)EMDBDRR@QXINHMSGDBDQSHEHB
@SD@MCSGDJDXHM@RHMFKDEHKDSNADTRDCAXSGD@OOKHB@SHNM
�VDA�RDQUDQ��L
@HK�RDQUDQ�DSB��
11
.2C
on
fig
ure
Op
en
SS
L
7DTRD�TRQ�KNB@K�BDQSR@RCHQDBSNQXENQSGHRDW@LOKDBGDBJNQDCHS�DSB�RRK�NODMRRK�BME@BBNQCHMFKX
SNXNTQRDSSHMFRRNXNTJMNVVGDQDSGDEHKDRVHKKADBQD@SDC�(DQD@QDSGDQDKDU@MSO@QSNE
NODMRRK�BME�
[ CA_default ]
dir = /usr/local/certs/CA
# Where everything is kept
���GSSOR���V
HJH�SG@XDQ�C@QSLNTSG�DCT�CHROK@X�BNLOTSHMF�#QD@SHMF�@�-@B�/3�8�%MBQXOSDC�$HRJ�)L@FD
���GSSO���RTOONQS�@OOKD�BNL�JA�GS����
c�33,�#DQSHEHB
@SDR�c
��
# cryptsetup luksOpen /dev/sdc1 sdc1
# mkfs.ext3 /dev/mapper/sdc1
# create ext3 file system
# mount -t ext3 /dev/mapper/sdc1 /mnt
# umount /mnt
# cryptsetup luksClose sdc1
# Detach the encrypted partition
Att
ach
# cryptsetup luksOpen /dev/sdc1 sdc1
# mount -t ext3 /dev/mapper/sdc1 /mnt
Deta
ch
# umount /mnt
# cryptsetup luksClose sdc1
dm
-cry
pt w
ith
ou
t L
UK
S
# cryptsetup -y create sdc1 /dev/sdc1
# or any other partition like /dev/loop0
# dmsetup ls
# check it, will display: sdc1 (254, 0)
# mkfs.ext3 /dev/mapper/sdc1
# This is done only the first time!
# mount -t ext3 /dev/mapper/sdc1 /mnt
# umount /mnt/
# cryptsetup remove sdc1
# Detach the encrypted partition
$NDW@BSKXSGDR@LD�VHSGNTSSGDLJERO@QS�SNQD @SS@BGSGDO@QSHSHNM�)ESGDO@RRVNQCHRMNS
BNQQDBS�SGDLNTMSBNLL@MCVHKKE@HK�)MSGHRB@RDRHLOKXQDLNUDSGDL@ORCB��cryptsetup
remove sdc1�@MC�BQD@SD�HS�@F@HM�
10
.2F
re
eB
SD
4GDSVNONOTK@Q&QDD"3$CHRJDMBQXOSHNMLNCTKDR@QD
gbde@MCgeli�)MNVTRDFDKHADB@TRDHS
HRE@RSDQ@MC@KRNTRDRSGDBQXOSNCDUHBDENQG@QCV@QD@BBDKDQ@SHNM�3DD4GD&QDD"3$G@MCANNJ
#G@OSDQ�������ENQ�@KK�SGD�CDS@HKR��4GD�FDKH�LNCTKD�LTRS�AD�KN@CDC�NQ�BNLOHKDC�HMSN�SGD�JDQMDK�
options GEOM_ELI
device crypto
# or as module:
# echo 'geom_eli_load="YES"' >> /boot/loader.conf
# or do: kldload geom_eli
Use
pa
ssw
ord
an
d k
ey
)TRDSGNRDRDSSHMFRENQ@SXOHB@KCHRJDMBQXOSHNM�HSTRDR@O@RROGQ@RD!.$@JDXSNDMBQXOSSGD
L@RSDQJDX�4G@SHRXNTMDDCANSGSGDO@RRVNQC@MCSGDFDMDQ@SDCJDX/root/ad1.keySN@SS@BG
SGDO@QSHSHNM�4GDL@RSDQJDXHRRSNQDCHMRHCDSGDO@QSHSHNM@MCHRMNSUHRHAKD�3DDADKNVENQSXOHB@K
53"�NQ�EHKD�A@RDC�HL@FD�
Create
encrypte
d p
arti
tion
# dd if=/dev/random of=/root/ad1.key bs=64 count=1
# this key encrypts the mater key
# geli init -s 4096 -K /root/ad1.key /dev/ad1
# -s 8192 is also OK for disks
# geli attach -k /root/ad1.key /dev/ad1
# DO make a backup of /root/ad1.key
# dd if=/dev/random of=/dev/ad1.eli bs=1m
# Optional and takes a long time
# newfs /dev/ad1.eli
# Create file system
# mount /dev/ad1.eli /mnt
Att
ach
# geli attach -k /root/ad1.key /dev/ad1
# fsck -ny -t ffs /dev/ad1.eli
# In doubt check the file system
# mount /dev/ad1.eli /mnt
Deta
ch
4GD�CDS@BG�OQNBDCTQD�HR�CNMD�@TSNL@SHB@KKX�NM�RGTSCNVM�
# umount /mnt
# geli detach /dev/ad1.eli
���GSSO���VVV�EQDDARC�NQF�G@MCANNJ�CHRJR DMBQXOSHMF�GSLK
c�%MBQXOS�0@QSHSHNMR�c
��
Co
nn
ect t
wo
cli
en
ts b
eh
ind
NA
T
3TOONRDSVNBKHDMSR@QDADGHMC@.!4F@SDV@X@MCBKHDMSBKH@CLHMG@RSNBNMMDBSSNBKHDMSBKHTRDQ
�SGDCDRSHM@SHNM�ANSGB@MKNFHMSNSGDF@SDVHSGRRG@MC@QDQTMMHMF,HMTWVHSGRRGC�9NTCNM�S
MDDCQNNS@BBDRR@MXVGDQD@RKNMF@RSGDONQSRNMF@SD@QD@ANUD�����7DTRD����NMF@SD�
!KRN�RHMBD�SGD�F@SD�HR�TRDC�KNB@KKX��SGD�NOSHNM�'@SDV@X0NQSR�HR�MNS�MDBDRR@QX�
/M�BKHDMS�BKHTRDQ��EQNL�CDRSHM@SHNM�SN�F@SD�
# ssh -R 2022:localhost:22 user@gate
# forwards client 22 to gate:2022
/M�BKHDMS�BKH@CLHM��EQNL�GNRS�SN�F@SD�
# ssh -L 3022:localhost:2022 admin@gate
# forwards client 3022 to gate:2022
.NV�SGD�@CLHM�B@M�BNMMDBS�CHQDBSKX�SN�SGD�BKHDMS�BKHTRDQ�VHSG�
# ssh -p 3022 admin@localhost
# local:3022 -> gate:2022 -> client:22
Co
nn
ect t
o V
NC
be
hin
d N
AT
3TOONRD@7HMCNVRBKHDMSVHSG6.#KHRSDMHMFNMONQS����G@RSNAD@BBDRRDCEQNLADGHMC.!4�/M
BKHDMS�BKHVHM�SN�F@SD�
# ssh -R 15900:localhost:5900 user@gate
/M�BKHDMS�BKH@CLHM��EQNL�GNRS�SN�F@SD�
# ssh -L 5900:localhost:15900 admin@gate
.NV�SGD�@CLHM�B@M�BNMMDBS�CHQDBSKX�SN�SGD�BKHDMS�6.#�VHSG�
# vncconnect -display :0 localhost
Dig
a m
ult
i-h
op
ssh
tu
nn
el
3TOONRDXNTB@MMNSQD@BG@RDQUDQCHQDBSKXVHSGRRG�ATSNMKXUH@LTKSHOKDHMSDQLDCH@SDGNRSR�ENQ
DW@LOKDADB@TRDNEQNTSHMFHRRTDR�3NLDSHLDRHSHRRSHKKMDBDRR@QXSNFDS@CHQDBSBKHDMS RDQUDQ
BNMMDBSHNM�ENQDW@LOKDSNBNOXEHKDRVHSGRBO�NQENQV@QCNSGDQONQSRKHJDRLANQUMB�/MDV@XSN
CNSGHRHRSNBG@HMSTMMDKRSNFDSGDQSNENQV@QC@ONQSSNSGDRDQUDQ@KNMFSGDGNOR�4GHR�B@QQHDQ�
ONQS�NMKX�QD@BGDR�HSR�EHM@K�CDRSHM@SHNM�NM�SGD�K@RS�BNMMDBSHNM�SN�SGD�RDQUDQ�
3TOONRDVDV@MSSNENQV@QCSGDRRGONQSEQNL@BKHDMSSN@RDQUDQNUDQSVNGNOR�/MBDSGDSTMMDK
HRATHKC�HSHRONRRHAKDSNBNMMDBSSNSGDRDQUDQCHQDBSKXEQNLSGDBKHDMS�@MC@KRN@CC@MNSGDQONQS
ENQV@QC�
Create
tunnel
in o
ne s
hell
BKHDMS� ��GNRS�� ��GNRS�� ��RDQUDQ�@MC�CHF�STMMDK�����
client># ssh -L5678:localhost:5678 host1
# 5678 is an arbitrary port for the tunnel
host_1># ssh -L5678:localhost:5678 host2
# chain 5678 from host1 to host2
host_2># ssh -L5678:localhost:22 server
# end the tunnel on port 22 on the server
Use t
unnel
wit
h a
n o
ther s
hell
BKHDMS� ��RDQUDQ�TRHMF�STMMDK�����
# ssh -p 5678 localhost
# connect directly from client to server
# scp -P 5678 myfile localhost:/tmp/
# or copy a file directly using the tunnel
# rsync -e 'ssh -p 5678' myfile localhost:/tmp/# or rsync a file directly to the server
Au
to
co
nn
ect a
nd
ke
ep
ali
ve
scrip
t
)TRDU@QH@SHNMRNESGDENKKNVHMFRBQHOSSNJDDO@L@BGHMDQD@BGD@AKDNUDQ@QDUDQRDRRGSTMMDK�4GD
BNMMDBSHNM�HR�@TSNL@SHB@KKX�QDATHKS�HE�BKNRDC��9NT�B@M�@CC�LTKSHOKD
-LNQ-RSTMMDKR�NM�NMD�KHMD�
#!/bin/sh
COMMAND="ssh -N -f -g -R 3022:localhost:22 [email protected]"
pgrep -f -x "$COMMAND" > /dev/null 2>&1 || $COMMAND
exit 0
1 * * * * colin /home/colin/port_forward.sh
# crontab entry (here hourly)
c�33(�3#0�c
��
6V
PN
W
IT
H S
SH
!RNEUDQRHNM����/ODM33(B@MTRDSGDSTM�S@OCDUHBDSNDMBQXOS@STMMDK�4GHRHRUDQXRHLHK@QSN
NSGDQ4,[email protected]/ODM60.�/MD@CU@MS@FDVHSG33(HRSG@SSGDQDHRMNMDDCSN
HMRS@KK@MCBNMEHFTQD@CCHSHNM@KRNESV@QD�!CCHSHNM@KKXSGDSTMMDKTRDRSGD33(@TSGDMSHB@SHNMKHJD
OQDRG@QDCJDXR�4GDCQ@VA@BJHRSG@SSGDDMB@ORTK@SHNMHRCNMDNUDQ4#0VGHBGLHFGSQDRTKSHM
ONNQODQENQL@MBDNM@RKNVKHMJ�!KRNSGDSTMMDKHRQDKXHMFNM@RHMFKD�EQ@FHKD4#0BNMMDBSHNM�4GHR
SDBGMHPTDHRUDQXTRDETKENQ@PTHBJ)[email protected]�4GDQDHRMNKHLHS@SHNM@RVHSGSGDRHMFKD
4#0ONQSENQV@QC�@KKK@XDQ���OQNSNBNKRKHJD)#-0�4#0�5$0�DSB�@QDENQV@QCDCNUDQSGD60.�)M
@MX�B@RD��SGD�ENKKNVHMF�NOSHNMR�@QD�MDDCDC�HM�SGD�RRGC?BNME�EHKD
�
PermitRootLogin yes
PermitTunnel yes
6.1
Sin
gle
P2
P c
on
ne
ctio
n
(DQDVD@QDBNMMDBSHMFSVNGNRSR�GBKHDMS@MCGRDQUDQVHSG@ODDQSNODDQSTMMDK�4GDBNMMDBSHNMHR
sta
rted
from
hclie
ntSNGRDQUDQ@MCHRCNMD@RQNNS�4GDSTMMDKDMCONHMSR@QD���������RDQUDQ@MC
���������BKHDMS@MCVDBQD@SD@CDUHBDSTM��SGHRBNTKC@KRNAD@MNSGDQMTLADQ�4GDOQNBDCTQD
HR�UDQX�RHLOKD�
a#NMMDBS�VHSG�33(�TRHMF�SGD�STMMDK�NOSHNM� V
a#NMEHFTQD�SGD�)0�@CCQDRRDR�NE�SGD�STMMDK��/MBD�NM�SGD�RDQUDQ�@MC�NMBD�NM�SGD�BKHDMS�
Co
nn
ect t
o t
he
se
rv
er
#NMMDBSHNM�RS@QSDC�NM�SGD�BKHDMS�@MC�BNLL@MCR�@QD�DWDBTSDC�NM�SGD�RDQUDQ�
Server is
on L
inux
cli>#ssh -w5:5 root@hserver
srv>#ifconfig tun5 10.0.1.1 netmask 255.255.255.252
# Executed on the server shell
Server is
on F
reeB
SD
cli>#ssh -w5:5 root@hserver
srv>#ifconfig tun5 10.0.1.1 10.0.1.2
# Executed on the server shell
Co
nfig
ure
th
e c
lien
t
#NLL@MCR�DWDBTSDC�NM�SGD�BKHDMS�
cli>#ifconfig tun5 10.0.1.2 netmask 255.255.255.252
# Client is on Linux
cli>#ifconfig tun5 10.0.1.2 10.0.1.1
# Client is on FreeBSD
4GDSVNGNRSR@QDMNVBNMMDBSDC@MCB@MSQ@MRO@QDMSKXBNLLTMHB@SDVHSG@MXK@XDQ���OQNSNBNK
TRHMF�SGD�STMMDK�)0�@CCQDRRDR�
6.2
Co
nn
ec
t t
wo
ne
tw
ork
s
)M@CCHSHNMSNSGDO�ORDSTO@ANUD�HSHRLNQDTRDETKSNBNMMDBSSVNOQHU@SDMDSVNQJRVHSG@M33(
60.TRHMFSVNF@SDR�3TOONRDENQSGDDW@LOKD�MDS!HR���������������@MCMDS"�������������
���4GDOQNBDCTQDHRRHLHK@Q@R@ANUD�VDNMKXMDDCSN@CCSGDQNTSHMF�.!4LTRSAD@BSHU@SDCNM
SGD�OQHU@SD�HMSDQE@BD�NMKX�HE�SG
D�F@SDR�@QD�MNS�SGD�R@LD�@R�SGD�CDE@TKS�F@SDV@X�NE�SGDHQ�MDSVNQJ�
�����������������MDS![F@SD!�� ��F@SD"[�����������������MDS"
a#NMMDBS�VHSG�33(�TRHMF�SGD�STMMDK�NOSHNM� V�
a#NMEHFTQD�SGD�)0�@CCQDRRDR�NE�SGD�STMMDK��/MBD�NM�SGD�RDQUDQ�@MC�NMBD�NM�SGD�BKHDMS�
a!CC�SGD�QNTSHMF�ENQ�SGD�SVN�MDSVNQJR�
a)E�MDBDRR@QX��@BSHU@SD�.!4�NM�SGD�OQHU@SD�HMSDQE@BD�NE�SGD�F@SD�
4GD�RDSTO�HR
sta
rted fro
m g
ate
A in
netA�
Co
nn
ect f
ro
m g
ate
A t
o g
ate
B
#NMMDBSHNM�HR�RS@QSDC�EQNL�F@SD!�@MC�BNLL@MCR�@QD�DWDBTSDC�NM�F@SD"�
c�60.�VHSG�33(�c
��
En
cry
pt f
or p
erso
na
l use
on
ly
.N�MDDC�SN�DWONQS�HL
ONQS�@MX�JDX�ENQ�SGHR��9NT�G@UD�ANSG�@KQD@CX�
# gpg -e -r 'Your Name' file
# Encrypt with your public key
# gpg -o file -d file.gpg
# Decrypt. Use -o or it goes to stdout
En
cry
pt -
De
cry
pt w
ith
ke
ys
&HQRSXNTMDDCSNDWONQSXNTQOTAKHBJDXENQRNLDNMDDKRDSNTRDHS�!MCXNTMDDCSNHLONQSSGD
OTAKHBR@XEQNL!KHBDSNDMBQXOS@EHKDENQGDQ�9NTB@MDHSGDQG@MCKDSGDJDXRHMRHLOKD@RBHHEHKDRNQ
TRD�@�OTAKHB�JDX�RDQUDQ�
&NQDW@LOKD!KHBDDWONQSGDQOTAKHBJDX@MCXNTHLONQSHS�XNTB@MSGDMDMBQXOS@EHKDENQGDQ�4G@S
HR�NMKX�!KHBD�VHKK�AD�@AKD�SN�CDBQXOS�HS�
# gpg -a -o alicekey.asc --export 'Alice'
# Alice exported her key in ascii file.
# gpg --send-keys --keyserver subkeys.pgp.net KEYID
# Alice put her key on a server.
# gpg --import alicekey.asc
# You import her key into your pubring.
# gpg --search-keys --keyserver subkeys.pgp.net 'Alice'# or get her key from a server.
/MBD�SGD�JDXR�@QD�HLONQSDC�HS�HR
�UDQX�D@RX�SN�DMBQXOS�NQ�CDBQXOS�@�EHKD�
# gpg -e -r 'Alice' file
# Encrypt the file for Alice.
# gpg -d file.gpg -o file
# Decrypt a file encrypted by Alice for you.
Ke
y a
dm
inis
tra
tio
n
# gpg --list-keys
# list public keys and see the KEYIDS
The KEYID follows the '/' e.g. for: pub 1024D/D12B77CE the KEYID is D12B77CE
# gpg --gen-revoke 'Your Name'
# generate revocation certificate
# gpg --list-secret-keys
# list private keys
# gpg --delete-keys NAME
# delete a public key from local key ring
# gpg --delete-secret-key NAME
# delete a secret key from local key ring
# gpg --fingerprint KEYID
# Show the fingerprint of the key
# gpg --edit-key KEYID
# Edit key (e.g sign or add/del email)
10
EN
CR
YP
T P
AR
TI
TI
ON
S,HMTWVHSG,5+3�O��[,HMTWCL BQXOSNMKX�O��[&QDD"3$'%,)�O��[&"3$OVCNMKX�O��[
/3�8�HL@FD�O��
4GDQD@QD�L@MXNSGDQ@KSDQM@SHUDLDSGNCRSNDMBQXOSCHRJR�)NMKXRGNVGDQDSGDLDSGNCR)JMNV
@MCTRD�+DDOHMLHMCSG@SSGDRDBTQHSX
HRNMKXFNNC@RKNMFSGD/3G@RMNSADDMSDLODQDCVHSG�
!MHMSQTCDQBNTKCD@RHKXQDBNQCSGDO@RRVNQCEQNLSGDJDXAN@QCDUDMSR�&TQSGDQLNQDSGDC@S@HR
EQDDKX@BBDRRHAKDVGDMSGDO@QSHSHN
MHR
atta
ched@MCVHKKMNSOQDUDMS@MHMSQTCDQSNG@UD@BBDRRSNHS
HM�SGHR�RS@SD�
10
.1L
inu
x
4GNRDHMRSQTBSHNMRTRDSGD,HMTWdm-crypt�CDUHBD L@OODQE@BHKHSX
@U@HK@AKDNMSGD���JDQMDK�
)MSGHRDW@LOKD�KDSRDMBQXOSSGDO@QSHSHN
M/dev/sdc1�HSBNTKCADGNVDUDQ@MXNSGDQO@QSHSHN
MNQ
CHRJ�NQ53"NQ@EHKDA@RDCO@QSHSHN
MBQD@SDCVHSG
losetup�)MSGHRB@RDVDVNTKCTRD/dev/loop0�
3DDEHKDHL@FDO@QSHSHN
M�4GDCDUHBDL@OODQTRDRK@ADKRSNHCDMSHEX@O@QSHSHN
M�7DTRDsdc1HMSGHR
DW@LOKD��ATS�HS�B
NTKC�AD�@MX�RSQHMF�
dm
-cry
pt w
ith
LU
KS
,5+3VHSGCL BQXOSG@RADSSDQDMBQXOSHNM@MCL@JDRHSONRRHAKDSNG@UDLTKSHOKDO@RROGQ@RDENQ
SGDR@LDO@QSHSHN
MNQSNBG@MFDSGDO@RRVNQCD@RHKX�4NSDRSHE,5+3HR@U@HK@AKD�RHLOKXSXOD#
cryptsetup
--help�HEMNSGHMF@ANTS,5+3RGNVRTO�TRDSGDHMRSQTBSHNMRADKNV7HSGNTS,5+3�
&HQRS�BQD@SD�@�O@QSHSHN
M�HE�MDBDRR@QX�fdisk /dev/sdc�
Create
encrypte
d p
artitio
n
# dd if=/dev/urandom of=/dev/sdc1
# Optional. For paranoids only (takes days)
# cryptsetup -y luksFormat /dev/sdc1
# This destroys any data on sdc1
c�%MBQXOS�0@QSHSHN
MR�c
��
ta
r a
nd
en
cry
pt a
wh
ole
dir
ecto
ry
# tar -cf - directory | openssl aes-128-cbc -salt -out directory.tar.aes
# Encrypt
# openssl aes-128-cbc -d -salt -in directory.tar.aes | tar -x -f -
# Decrypt
ta
r z
ip a
nd
en
cry
pt a
wh
ole
dir
ecto
ry
# tar -zcf - directory | openssl aes-128-cbc -salt -out directory.tar.gz.aes
# Encrypt
# openssl aes-128-cbc -d -salt -in directory.tar.gz.aes | tar -xz -f -
# Decrypt
a5RD JLXRDBQDSO@RRVNQC@ESDQ@DR ��� BABSN@UNHCSGDHMSDQ@BSHUDO@RRVNQCQDPTDRS�
(NVDUDQ�MNSD�SG@S�SGHR�HR�GHFGKX�HMRDBTQD�
a5RD
aes-2
56
-cb
cHMRSD@CNE
aes-1
28
-cb
cSNFDSDUDMRSQNMFDQDMBQXOSHNM�4GHRTRDR@KRN
LNQD�#05�
9.2
GP
G
'MT0'HRVDKKJMNVMSNDMBQXOS@MCRHFMDL@HKRNQ@MXC@S@�&TQSGDQLNQDFOF@MC@KRNOQNUHCDR
@M@CU@MBDCJDXL@M@FDLDMSRXRSDL�4GHRRDBSHNMNMKXBNUDQREHKDRDMBQXOSHNM�MNSDL@HKTR@FD�
RHFMHMF�NQ�SGD�7DA /E 4QTRS�
4GDRHLOKDRSDMBQXOSHNMHRVHSG@RXLLDSQHBBHOGDQ�)MSGHRB@RDSGDEHKDHRDMBQXOSDCVHSG@
O@RRVNQC@MC@MXNMDVGNJMNVRSGDO@RRVNQCB@MCDBQXOSHS�SGTRSGDJDXR@QDMNSMDDCDC�'OF
@CCR�@M�DWSDMSHNM���FOF��SN�SGD�DMBQXOSDC�EHKD�M@LDR�
# gpg -c file
# Encrypt file with password
# gpg file.gpg
# Decrypt file (optionally -o otherfile)
Usin
g k
ey
s
&NQLNQDCDS@HKRRDD'0'1THBJ3S@QS��@MC'0'�0'0"@RHBR��@MCSGDFMTOFCNBTLDMS@SHNM��@LNMF
NSGDQR�
4GDOQHU@SD@MCOTAKHBJDXR@QDSGDGD@QSNE@RXLLDSQHBBQXOSNFQ@OGX�7G@SHRHLONQS@MSSN
QDLDLADQ�
a9NTQOTAKHBJDXHRTRDCAX
oth
ersSNDMBQXOSEHKDRSG@SNMKXXNT@RSGDQDBDHUDQB@MCDBQXOS
�MNSDUDMSGDNMDVGNDMBQXOSDCSGDEHKDB@MCDBQXOSHS�4GDOTAKHBJDXHRSGTRLD@MSSNAD
CHRSQHATSDC�
a9NTQOQHU@SDJDXHRDMBQXOSDCVHSGXNTQO@RROGQ@RD@MCHRTRDCSNCDBQXOSEHKDRVGHBGVDQD
DMBQXOSDCVHSG
yourOTAKHBJDX�4GDOQHU@SDJDXLTRSADJDOS
secu
re�!KRNHESGDJDXNQ
O@RROGQ@RD�HR�KNRS��RN�@QD�@KK�SGD�EHKDR�DMBQXOSDC�VHSG�XNTQ�OTAKHB�JDX�
a4GD�JDX�EHKDR�@QD�B@KKDC�JDXQHMFR�@R�SGDX�B@M�BNMS@HM�LNQD�SG@M�NMD�JDX�
&HQRSFDMDQ@SD@JDXO@HQ�4GDCDE@TKSR@QDEHMD�GNVDUDQXNTVHKKG@UDSNDMSDQ@SKD@RSXNTQETKK
M@LD@MCDL@HK@MCNOSHNM@KKX@BNLLDMS�4GDBNLLDMSHRTRDETKSNBQD@SDLNQDSG@MNMDJDX
VHSG�SGD�R@LD�M@LD�@MC�DL@HK��!KRN�XNT�RGNTKC�TRD�@��O@RROGQ@RD���MNS�@�RHLOKD�O@RRVNQC�
# gpg --gen-key
# This can take a long time
4GD�JDXR�@QD�RSNQDC�HM�]��FMTOF��NM�5MHW��NM�7HMCNVR�SGDX�@QD�SXOHB@KKX�RSNQDC�HM
#��$NBTLDMSR�@MC�3DSSHMFR��53%2.!-%��!OOKHB@SHNM�$@S@�FMTOF��
~/.gnupg/pubring.gpg
# Contains your public keys and all others imported
~/.gnupg/secring.gpg
# Can contain more than one private key
3GNQS�QDLHMCDQ�NM�LNRS�TRDC�NOSHNMR�
-eDMBQXOS�C@S@
-dCDBQXOS�C@S@
-r.!-%�DMBQXOS�ENQ�QDBHOHDMS�.!-%��NQ��&TKK�.@LD��NQ��DL@HK CNL@HM�
-aBQD@SD�@RBHH�@QLNQDC�NTSOTS�NE�@�JDX
-oTRD�@R�NTSOTS�EHKD
4GDDW@LOKDRTRD�9NTQ.@LD�@MC�!KHBD�@RSGDJDXR@QDQDEDQQDCSNAXSGDDL@HKNQETKKM@LD
NQO@QSH@KM@LD�&NQDW@LOKD)B@MTRD�#NKHM�NQ�B BA�UT�ENQLXJDX;#NKHM"@QRBGDK�BA�UT
�B BA�UT�=�
���GSSO���VVV�L@CAN@�BNL�FDDJ�FOF PTHBJRS@QS
���GSSO���@OK@VQDMBD�BNL�"@RHBR�FOF�GSLK
���GSSO���FMTOF�NQF�CNBTLDMS@SHNM
c�%MBQXOS�&HKDR�c
��
gate
B i
s o
n L
inux
gateA>#ssh -w5:5 root@gateB
gateB>#ifconfig tun5 10.0.1.1 netmask 255.255.255.252# Executed on the gateB shell
gateB>#route add -net 192.168.51.0 netmask 255.255.255.0 dev tun5
gateB>#echo 1 > /proc/sys/net/ipv4/ip_forward
# Only needed if not default gw
gateB>#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
gate
B i
s o
n F
reeB
SD
gateA>#ssh -w5:5 root@gateB
# Creates the tun5 devices
gateB>#ifconfig tun5 10.0.1.1 10.0.1.2
# Executed on the gateB shell
gateB>#route add 192.168.51.0/24 10.0.1.2
gateB>#sysctl net.inet.ip.forwarding=1
# Only needed if not default gw
gateB>#natd -s -m -u -dynamic -n fxp0
# seeNAT(page 17)
gateA>#sysctl net.inet.ip.fw.enable=1
Co
nfig
ure
ga
te
A
#NLL@MCR�DWDBTSDC�NM�F@SD!�
gate
A i
s o
n L
inux
gateA>#ifconfig tun5 10.0.1.2 netmask 255.255.255.252
gateA>#route add -net 192.168.16.0 netmask 255.255.255.0 dev tun5
gateA>#echo 1 > /proc/sys/net/ipv4/ip_forward
gateA>#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
gate
A i
s o
n F
reeB
SD
gateA>#ifconfig tun5 10.0.1.2 10.0.1.1
gateA>#route add 192.168.16.0/24 10.0.1.2
gateA>#sysctl net.inet.ip.forwarding=1
gateA>#natd -s -m -u -dynamic -n fxp0
# seeNAT(page 17)
gateA>#sysctl net.inet.ip.fw.enable=1
4GDSVNOQHU@SDMDSVNQJR@QDMNVSQ@MRO@QDMSKXBNMMDBSDCUH@SGD33(60.�4GD)0ENQV@QC@MC
.!4RDSSHMFR@QDNMKXMDBDRR@QXHESGDF@SDR@QDMNSSGDCDE@TKSF@SDV@XR�)MSGHRB@RDSGDBKHDMSR
VNTKC�MNS�JMNV�VGDQD�SN�ENQV@QC�SGD�QDRONMRD��@MC�M@S�LTRS�AD�@BSHU@SDC�
7R
SY
NC
2RXMBB@M@KLNRSBNLOKDSDKXQDOK@BDBO@MCRBO�ETQSGDQLNQDHMSDQQTOSDCSQ@MREDQR@QDDEEHBHDMSKX
QDRS@QSDC�!SQ@HKHMFRK@RG�@MCSGD@ARDMBDSGDQDNEG@RCHEEDQDMSLD@MHMFR�SGDL@MO@FDHR
FNNC����(DQD�RNLD�DW@LOKDR�
#NOX�SGD�CHQDBSNQHDR�VHSG�ETKK�BNMSDMS�
# rsync -a /home/colin/ /backup/colin/
# "archive" mode. e.g keep the same
# rsync -a /var/ /var_bak/
# rsync -aR --delete-during /home/user/ /backup/
# use relative (see below)
3@LD@RADENQDATSNUDQSGDMDSVNQJ@MCVHSGBNLOQDRRHNM�2RXMBTRDR33(ENQSGDSQ@MRONQSODQ
CDE@TKS�@MC�VHKK�TRD�SGD�RRG�JDX�HE�SGDX�@QD�RDS��5RD�����@R�VHSG�3#0��!�SXOHB@K�QDLNSD�BNOX�
# rsync -axSRzv /home/user/ user@server:/backup/user/# Copy to remote
# rsync -a 'user@server:My\ Documents' My\ Documents
# Quote AND escape spaces for the remote shell
%WBKTCD@MXCHQDBSNQXSLOVHSGHM�GNLD�TRDQ�@MCJDDOSGDQDK@SHUDENKCDQRGHDQ@QBGX�SG@SHRSGD
QDLNSD�CHQDBSNQX�VHKK�G@UD�SGD�RSQTBSTQD��A@BJTO�GNLD�TRDQ���4GHR�HR�SXOHB@KKX�TRDC�ENQ�A@BJTOR�
# rsync -azR --exclude=tmp/ /home/user/ user@server:/backup/
5RD�ONQS�������ENQ�SGD�RRG�BNMMDBSHNM�
# rsync -az -e 'ssh -p 20022' /home/colin/ user@server:/backup/colin/
5RHMFSGDQRXMBC@DLNM�TRDCVHSG����HRLTBGE@RSDQ�ATSMNSDMBQXOSDCNUDQRRG�4GDKNB@SHNM
NE�A@BJTOHRCDEHMDCAXSGDBNMEHFTQ@SHNMHM�DSB�QRXMBC�BNME�4GDU@QH@AKD239.#?0!337/2$B@M
AD�RDS�SN�@UNHC�SGD�MDDC�SN�DMSDQ�SGD�O@RRVNQC�L@MT@KKX�
c�239.#�c
��
# rsync -axSRz /home/ ruser@hostname::rmodule/backup/
# rsync -axSRz ruser@hostname::rmodule/backup/ /home/
# To copy back
3NLD�HLONQS@MS�NOSHNMR�
-a, --archive
@QBGHUD�LNCD��R@LD�@R� QKO
SFN$��MN� (
-r, --recursive
QDBTQRD�HMSN�CHQDBSNQHDR
-R, --relative
TRD�QDK@SHUD�O@SG�M@LDR
-H, --hard-links
OQDRDQUD�G@QC�KHMJR
-S, --sparse
G@MCKD�RO@QRD�EHKDR�DEEHBHDMSKX
-x, --one-file-system
CNM�S�BQNRR�EHKD�RXRSDL�ANTMC@QHDR
--exclude=PATTERN
DWBKTCD�EHKDR�L@SBGHMF�0!44%2.
--delete-during
QDBDHUDQ�CDKDSDR�CTQHMF�WEDQ��MNS�ADENQD
--delete-after
QDBDHUDQ�CDKDSDR�@ESDQ�SQ@
MREDQ��MNS�ADENQD
7.1
Rs
yn
c o
n W
ind
ow
s
2RXMBHR@U@HK@AKDENQ7HMCNVRSGQNTFGBXFVHMNQ@RRS@MC @KNMDO@BJ@FDCHMBVQRXMB���4GHRHRUDQX
BNMUDMHDMSENQ@TSNL@SDCA@BJTOR�)MRS@KKNMDNESGDL�n
ot
both@MC@CCSGDO@SGSNSGD7HMCNVR
RXRSDLU@QH@AKDR��#NMSQNK0@MDK �3XRSDL �S@A!CU@MBDC�ATSSNM%MUHQNMLDMS6@QH@AKDR�
%CHSSGD�0@SG�RXRSDLU@QH@AKD@MC@CCSGDETKKO@SGSNSGDHMRS@KKDCQRXMB�D�F�#�<0QNFQ@L
&HKDR<BV2RXMB<AHMNQ#�<BXFVHM<AHM�4GHRV@XSGDBNLL@MCRrsync@MCssh@QD@U@HK@AKDHM@
7HMCNVR�BNLL@MC�RGDKK�
Pu
blic
ke
y a
uth
en
tic
atio
n
2RXMBHR@TSNL@SHB@KKXSTMMDKDCNUDQ33(@MCSGTRTRDRSGD33(@TSGDMSHB@SHNMNMSGDRDQUDQ�
!TSNL@SHBA@BJTORG@UDSN@UNHC@TRDQHMSDQ@BSHNM�ENQSGHRSGD33(OTAKHBJDX@TSGDMSHB@SHNMB@M
AD�TRDC�@MC�SGD�QRXMB�BNLL@MC�VHKK�QT
M�VHSGNTS�@�O@RRVNQC�
!KKSGDENKKNVHMFBNLL@MCR@QDDWDBTSDCVHSGHM@7HMCNVRBNMRNKD�)M@BNMRNKD�3S@QS �2TM �
BLCBQD@SD@MCTOKN@CSGDJDX@RCDRBQHADCHM33(�BG@MFD�TRDQ�@MC�RDQUDQ�@R@OOQNOQH@SD�
)ESGDEHKD@TSGNQHYDC?JDXR�CNDRMNSDWHRSXDS�RHLOKXBNOXHC?CR@�OTASN@TSGNQHYDC?JDXR�@MC
TOKN@C�HS�
# ssh-keygen -t dsa -N ''
# Creates a public and a private key
# rsync user@server:.ssh/authorized_keys2 .# Copy the file locally from the server
# cat id_dsa.pub >> authorized_keys2
# Or use an editor to add the key
# rsync authorized_keys2 user@server:.ssh/
# Copy the file back to the server
# del authorized_keys2
# Remove the local copy
.NV�SDRS�HS�V
HSG��HM�NMD�KHMD�
rsync -rv "/cygdrive/c/Documents and Settings/%USERNAME%/My Documents/" \
'user@server:My\ Documents/'
Au
to
ma
tic
ba
ck
up
5RD@A@SBGEHKD
SN@TSNL@SDSGDA@BJTO@MC@CCSGDEHKD
HMSGDRBGDCTKDCS@RJR�0QNFQ@LR �
!BBDRRNQHDR �3XRSDL4NNKR �3BGDCTKDC4@RJR�&NQDW@LOKDBQD@SDSGDEHKD
A@BJTO�A@S@MC
QDOK@BD�TRDQ RDQUDQ�
@ECHO OFF
REM rsync the directory My Documents
SETLOCAL
SET CWRSYNCHOME=C:\PROGRAM FILES\CWRSYNC
SET CYGWIN=nontsec
SET CWOLDPATH=%PATH%
REM uncomment the next line when using cygwin
SET PATH=%CWRSYNCHOME%\BIN;%PATH%
echo Press Control-C to abort
rsync -av "/cygdrive/c/Documents and Settings/%USERNAME%/My Documents/" \
'user@server:My\ Documents/'
pause
���GSSO���RNTQBDENQFD�MDS�OQNIDBSR�RDQDCR
c�239.#�c
��
8S
UD
O
3TCNHR@RS@MC@QCV@XSNFHUDTRDQRRNLD@CLHMHRSQ@SHUDQHFGSRVHSGNTSFHUHMFNTSSGDQNNS
O@RRVNQC�3TCNHRUDQXTRDETKHM@LTKSHTRDQDMUHQNMLDMSVHSG@LHWNERDQUDQ@MCVNQJRS@SHNMR�
3HLOKX�B@KK�SGD�BNLL@MC�VHSG�RTCN�
# sudo /etc/init.d/dhcpd restart
# Run the rc script as root
# sudo -u sysadmin whoami
# Run cmd as an other user
8.1
Co
nfig
ura
tio
n
3TCNHRBNMEHFTQDCHM
/etc/sudoers@MCLTRSNMKXADDCHSDCVHSG
visudo�4GDA@RHBRXMS@WHR�SGD
KHRSR�@QD�BNLL@�RDO@Q@SDC�
user hosts = (runas) commands
# In /etc/sudoers
usersNMD�NQ�LNQD�TRDQR�NQ��FQNTO��KHJD��VGDDK�SN
�F@HM�SGD�QHFGSR
hostsKHRS�NE�GNRSR��NQ�!,,
runasKHRS�NE�TRDQR��NQ�!,,�SG@S�SGD�BNLL@MC�QTKD�B@M�AD�QTM�@R��)S�HR
�DMBKNRDC�HM����
commandsKHRS�NE�BNLL@MCR��NQ�!,,�SG@S�VHKK�AD�QTM�@R�QNNS�NQ�@R��QTM@R
!CCHSHNM@KKXSGNRDJDXVNQCRB@MADCDEHMDC@R@KH@R�SGDX@QDB@KKDC5RDQ?!KH@R�(NRS?!KH@R�
2TM@R?!KH@R�@MC�#LMC?!KH@R��4GHR�HR�TRDETK�ENQ�K@QFDQ�RDSTOR��(DQD�@�RTCNDQR�DW@LOKD�
# cat /etc/sudoers
# Host aliases are subnets or hostnames.
Host_Alias DMZ = 212.118.81.40/28
Host_Alias DESKTOP = work1, work2
# User aliases are a list of users which can have the same rights
User_Alias ADMINS = colin, luca, admin
User_Alias DEVEL = joe, jack, julia
Runas_Alias DBA = oracle,pgsql
# Command aliases define the full path of a list of commands
Cmnd_Alias SYSTEM = /sbin/reboot,/usr/bin/kill,/sbin/halt,/sbin/shutdown,/etc/init.d/
Cmnd_Alias PW = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root# Not root pwd!
Cmnd_Alias DEBUG = /usr/sbin/tcpdump,/usr/bin/wireshark,/usr/bin/nmap
# The actual rules
root,ADMINS ALL = (ALL) NOPASSWD: ALL
# ADMINS can do anything w/o a password.
DEVEL DESKTOP = (ALL) NOPASSWD: ALL
# Developers have full right on desktops
DEVEL DMZ = (ALL) NOPASSWD: DEBUG
# Developers can debug the DMZ servers.
# User sysadmin can mess around in the DMZ servers with some commands.
sysadmin DMZ = (ALL) NOPASSWD: SYSTEM,PW,DEBUG
sysadmin ALL,!DMZ = (ALL) NOPASSWD: ALL
# Can do anything outside the DMZ.
%dba ALL = (DBA) ALL
# Group dba can run as database user.
# anyone can mount/unmount a cd-rom on the desktop machines
ALL DESKTOP = NOPASSWD: /sbin/mount /cdrom,/sbin/umount /cdrom
9E
NC
RY
PT
F
IL
ES
9.1
Op
en
SS
L
A s
ing
le f
ile
%MBQXOS�@MC�CDBQXOS�
# openssl aes-128-cbc -salt -in file -out file.aes
# openssl aes-128-cbc -d -salt -in file.aes -out file
.NSD�SG@S�SGD�EHKD�B@M�NE�BNTQRD�AD�@�S@Q�@QBGHUD�
c�35$/�c
��