Linux Related Information and Links
| * | * * * * * * * Notice * * * * * * * Notice * * * * * * * Notice * * * * * * * Notice: * * * * * * * * | * |
| * | This information is posted on this Web site solely for use by employees of CeTro. | * |
| * | Any use by persons not employed by CeTro is entirely at such person's own risk. | * |
| * | CeTro will not and can not be held responsible for any data loss, computer problems, or | * |
| * | business productivity losses caused by use or misuse of any information | * |
| * | posted herein when used by persons not directly employed by CeTro. | * |
| * | * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * | * |
Table of Contents:
Show "What Process is Running on What Port":
- netstat -alpen
- Limit to:
- Tcp --> netstat -tanp
- UDP --> netstat -uanp
Discover Process Running on a Particular Port:
lsof -i :[port]
Force Filesystem Check on Next Boot:
In many Linux distributions this is most easily done by creating a file called [/forcefsck] and rebooting.
Update Tripwire Database:
tripwire -m c -I
This runs a check and opens the results of the check in the default editor (vi); you have the opportunity to edit for changes you wish to make to the database; on save and quit, you are asked for the site key and the database is updated (if the key is correct).
Delete Files When There Are Too Many For [rm] To Handle:
find -name 'xxx' -print0 | xargs -0 rm
or
find -size 99c -print0 | xargs -0 rm
Rebuild RPM Database:
- cd /var/lib/rpm
- rm -f __db*
- rpm --rebuilddb
Permanently Set a Default Runlevel:
- As root, edit [/etc/inittab]
gedit /etc/inittab
- Find the line:
id:number:initdefault:
where number is your current default runlevel (probably 5).
- Change the number in the middle of the line to the new runlevel that you want your computer to run in by default. For example, if you want to start in text-only mode by default, change it to:
id:3:initdefault:
Crontab Mail
By default, cron jobs cause an email to get sent to the user executing the command in crontab. If this is not necessary and you wish to disable the email generation, add the following to the end of the cron job line:
> /dev/null 2>&1
[> /dev/null 2>&1] means to send any standard output to /dev/null (the linux trash can) and to redirect standard error (2) to the same place as the standard output (1). Incidentally, instead of dumping the output to /dev/null, it can also be appended to log files for example
> /var/log/crontab_output 2>&1
You can also disable email notification for all of a particular user's cronjobs by adding MAILTO="" to their crontab.
Locate World-Writable Files:
(None should exist (most likely) xcept [/tmp] [/var/tmp] & [/usr/tmp];
Remove world-writable on other files but beware when doing so...)
find / ! -fstype proc -perm -2 ! -type l -ls > find.log
Locate Files That Have Set-UID and/or Set-GID Bits Enabled
If executables that have these are not used/needed; disable/remove same as these can be exploited:
find / ! -fstype proc -perm -4000 ! -type l -ls > find_uid.log
find / ! -fstype proc -perm -2000 ! -type l -ls > find_gid.log
From the article:
"Then, disable those that are not needed. They probably will include [/usr/bin/rcp], [/usr/bin/rsh], [/usr/bin/rlogin], and [/usr/bin/sperl5.6.1]. The problem with simply removing them or even just doing a chmod on them is that you may want to undo your work later, even if you absolutely never will need them.
I discovered this the hard way with sperl, a version of perl designed to support set-UID perl scripts. I was trying to install a security patch on the regular perl program. Unfortunately, Red Hat's up2date program is not very smart and refused to install the new version of perl unless sperl also was present.
Fortunately, I could undo my work -- just long enough to install the patch and to re-disable sperl.
My technique is to create a directory called 'off' in each directory that has a set-UID or set-GID program that I wish to disable. I create the 'off' directory to be owned by root mode 700. Then, I just move the affected programs into their respective 'off' directories.
A notable exception is the list of programs that you will need but which should not be set-UID. The mount and umount programs constitute this list.
They only need to be set-UID if you want to allow ordinary users to mount and unmount file systems."
Run Command as Different User
su -fm <user> -c '<command>'
Date/Time Commands Syntax:
date MMDDhhmmYY
sets date and time. Note: use [hwclock --systohc] to write system time to hardware clock
Set system date-time:
date -s YYYYMMDD
date -s hh:mm:ss
rdate -s <ntp server>
sets time/date
valid servers:
- time-a.timefreq.bldrdoc.gov
- time-b.timefreq.bldrdoc.gov
- time-c.timefreq.bldrdoc.gov
- time-d.timefreq.bldrdoc.gov
- time.nist.gov
- current server list: see http://www.ntp.org
Netstat Syntax:
Lists all server daemons listening on this machine:
netstat -tap | grep LISTEN
lists protocols, ports, and connection state:
netstat -atup
List All *Not* Disabled Services Running Via [xinetd]:
grep disable /etc/xinetd.d/* | grep no
Requeue All Mail to Postfix:
postsuper -r ALL
Linux Distributions and Links:
