How To Reuse SSH Connection To Speed Up Remote Login Process

Q. How do I reuse same ssh connection to speed up remote login procedure with OpenSSH client?

A. You can restricts or reuse connection for remote server using controlmaster directive. To enables the sharing of multiple sessions over a single network connection add controlmaster after host directive. When set to yes ssh client will listen for connections on a control socket specified using the ControlPath argument. These sessions will try to reuse the master instance’s network connection rather than initiating new ones, but will fall back to connecting normally if the control socket does not exist, or is not listening.

WARNING! These examples requires OpenSSH version 4.0 or higher.

Open ~/.ssh/config file (ssh client configuration file). If you need system wide settings add to /etc/ssh/ssh_config file:
$ vi ~/.ssh/config
Append following code to reuse ssh connection for all hosts:

host *
    controlmaster auto
    controlpath /tmp/ssh-%r@%h:%p

Where,

1. controlmaster auto: Set controlmaster to auto
2. controlpath /tmp/ssh-%r@%h:%p: Specify the path to the control socket used for connection sharing. In the path, ‘%h will be substituted by the target host name, %p the port, and %r by the remote login username. It is recommended that any ControlPath used for opportunistic connection sharing include at least %h, %p, and %r. This ensures that shared connections are uniquely identified.

You can also match any host in the 192.168.0.[0-9] network range with following pattern:

Host 192.168.0.?
    controlmaster auto
    controlpath /tmp/ssh-%r@%h:%p

For any host in the ".co.in" set of domains, reuse the connection:

Host *.co.in
    controlmaster auto
    controlpath /tmp/ssh-%r@%h:%p

Save and close the file. Now connect as usual,
$ ssh vivek@vpn.nixcraft.co.in
Next, time you connect again it will use connection socket /tmp/ssh-vivek@vpn.nixcraft.in:22 to speed up things. You don't have to input password or anything else. You need one connection to be active for the second to be accelerated. This also works with scp / sftp etc:
$ scp /path/to/file.txt vivek@vpn.nixcraft.co.in:/tmp

A note about X11, ssh-agent and port forwarding

Please note that X11 and ssh-agent forwarding is supported over these multiplexed connections, however the display and agent forwarded will be the one belonging to the master connection i.e. it is not possible to forward multiple displays or agents. However, you can create new session as follows for port forwarding:
$ ssh -M -S /tmp/3001.port.forwording -L 3001:localhost:3001 -N -f vivek@vpn.nixcraft.co.in

Red Hat Enterprise Linux / CentOS Linux Enable EPEL (Extra Packages for Enterprise Linux) Repository

How do I enable EPEL (Extra Packages for Enterprise Linux) repo and install the packages under RHEL / CentOS Linux server systems?

EPEL (Extra Packages for Enterprise Linux) is a volunteer-based community effort from the Fedora project to create a repository of high-quality add-on packages that complement the Fedora-based Red Hat Enterprise Linux (RHEL) and its compatible spinoffs, such as CentOS and Scientific Linux.
EPEL provide lots of packages for CentOS / RHEL, It is not part of RedHat or CentOS but is designed to work with these major distributions. Please note that EPEL only provides free and open source software unencumbered by patents or any legal issues. In short you will not find mp3, dvd and music / media player under EPEL. However, you will find many programs related to networking, monitoring, sys admin, programming and so on.
Packages are supplied in RPM format and in most cases are ready to use. Beware that some packages may break something and you should not blindly install those packages.

How Do I Enable EPEL Repo under CentOS or RHEL Servers?

You need to type the following command as per your distro version / release.

RHEL 5.x / CentOS 5.x Users

Type the following command as root user to install repo:
# rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-5.noarch.rpm

RHEL 6.x / CentOS 6.x Users

Type the following command as root user to install repo:
# rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-5.noarch.rpm

Protect Base Packages

You need to to protect base and core packages from EPEL and other repositories. Type the following command under RHEL 6/CentOS 6:
# yum install yum-plugin-protectbase.noarch
Sample outputs:

Loaded plugins: product-id, rhnplugin, subscription-manager
Updating certificate-based repositories.
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package yum-plugin-protectbase.noarch 0:1.1.30-10.el6 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
====================================================================================================
 Package                    Arch       Version              Repository                         Size
====================================================================================================
Installing:
 yum-plugin-protectbase     noarch     1.1.30-10.el6        rhel-x86_64-server-optional-6      20 k
Transaction Summary
====================================================================================================
Install       1 Package(s)
Total download size: 20 k
Installed size: 0
Is this ok [y/N]: y
Downloading Packages:
yum-plugin-protectbase-1.1.30-10.el6.noarch.rpm                              |  20 kB     00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : yum-plugin-protectbase-1.1.30-10.el6.noarch                                      1/1
Installed products updated.
Installed:
  yum-plugin-protectbase.noarch 0:1.1.30-10.el6
Complete!

RHEL 5/ CentOS 5 user type the following command to protect packages:
# yum install yum-protectbase.noarch
This plugin allows certain repositories to be protected. Packages in the protected repositories can't be overridden by packages in non-protected repositories even if the non-protected repo has a later version.

How Do I Use EPEL Repo?

To list newly installed repo, enter:
# yum repolist
Sample output:

Loading "skip-broken" plugin
Loading "fastestmirror" plugin
repo id              repo name                                 status
addons               CentOS-5 - Addons                         enabled
base                 CentOS-5 - Base                           enabled
epel                 Extra Packages for Enterprise Linux 5 -   enabled
extras               CentOS-5 - Extras                         enabled
updates              CentOS-5 - Updates                        enabled

Now, use the yum command to list, view and install the packages:
# yum search package-name
# yum install package-name
See how to use yum command for installing and searching packages using various repos.

BASH: Prepend A Text / Lines To a File

Q. I can append text to a file using >> operator but how do I prepend a text to a file? I want the opposit of >> operation?

A. There is no prepend operator, however there are many ways to do the same. You can use ed, sed, perl, awk and so on.

Prepend a text using a temporary file

Here is simple solution using a temporary file to prepend text:

echo 'line 1' > /tmp/newfile
echo 'line 2' >> /tmp/newfile
cat yourfile >> /tmp/newfile
cp /tmp/newfile yourfile

Here is one line solution:

echo "text"|cat - yourfile > /tmp/out && mv /tmp/out yourfile

Configure BIND DNS Server to Listen Only On Certain IP Address or Network Interface

Q. I want to to configure named ( BIND DNS Sever ) to listens only on eth1 interface which has IP address 202.54.1.2. How do I configure my named BIND DNS name server to listen only on certain network interface or IP address?

A. The listen-on option specifies IPv4 address to listen on. There is no interface specific option but IP is assigned to specific interface, so by specific IP you can force BIND to listen on certain IP or network interface.

listen-on syntax

IPv4 specific syntax is as follows to listen on 202.54.1.2; IP address:

listen-on { 202.54.1.2; };

To listen on all interfaces and IP (default)

listen-on { any; };

IPv6 option is as follows:

 listen-on-v6 { any; };
 listen-on-v6 { ipv-6-address; };

Here is sample configuration snapshot from named.conf file:

options
{
        //listen-on-v6 { any; };
        listen-on { 202.54.1.2; };
        directory "/var/named"; // the default
        dump-file               "data/cache_dump.db";
        statistics-file         "data/named_stats.txt";
        memstatistics-file      "data/named_mem_stats.txt";
        dnssec-enable yes;
        recursion no;
        allow-notify { 202.54.1.3; 202.54.1.4; };
        version "go away";
};

PHP Redirect To Another URL – Page Script Redirect – Redirect Web Page

How do I redirect with PHP script?

Under PHP you need to use header() to send a raw HTTP header.
Using headers() method, you can easily transferred to the new page without having to click a link to continue. This is also useful for search engines. Remember that header() must be called before any actual output is sent, either by normal HTML tags, blank lines in a file, or from PHP. It is a very common error to read code with include(), or require(), functions, or another file access function, and have spaces or empty lines that are output before header() is called. The same problem exists when using a single PHP/HTML file.

PHP Redirect Script

You can easily redirect using following code:

 
<?php
/* Redirect browser */
header("Location: http://theos.in/");
/* Make sure that code below does not get executed when we redirect. */
exit;
?>
 

The header() is used to send a raw HTTP/1.1 specification specific header. header() must be called before any actual output is sent, the following example will not work:

 
<?php
$var="something";
echo "Hello world";
echo $var;
/****************************************************
* Remember that header() must be called before any actual output is sent,
* either by normal HTML tags, blank lines in a file, or from PHP.
*****************************************************/
header("Location: http://theos.in/");
exit;
?>
 

PHP Redirect Code

Create a sample function called movePage() in sitefunctions.php (note I'm not the author of the following I found it somewhere else on the Internet):

function movePage($num,$url){
   static $http = array (
       100 => "HTTP/1.1 100 Continue",
       101 => "HTTP/1.1 101 Switching Protocols",
       200 => "HTTP/1.1 200 OK",
       201 => "HTTP/1.1 201 Created",
       202 => "HTTP/1.1 202 Accepted",
       203 => "HTTP/1.1 203 Non-Authoritative Information",
       204 => "HTTP/1.1 204 No Content",
       205 => "HTTP/1.1 205 Reset Content",
       206 => "HTTP/1.1 206 Partial Content",
       300 => "HTTP/1.1 300 Multiple Choices",
       301 => "HTTP/1.1 301 Moved Permanently",
       302 => "HTTP/1.1 302 Found",
       303 => "HTTP/1.1 303 See Other",
       304 => "HTTP/1.1 304 Not Modified",
       305 => "HTTP/1.1 305 Use Proxy",
       307 => "HTTP/1.1 307 Temporary Redirect",
       400 => "HTTP/1.1 400 Bad Request",
       401 => "HTTP/1.1 401 Unauthorized",
       402 => "HTTP/1.1 402 Payment Required",
       403 => "HTTP/1.1 403 Forbidden",
       404 => "HTTP/1.1 404 Not Found",
       405 => "HTTP/1.1 405 Method Not Allowed",
       406 => "HTTP/1.1 406 Not Acceptable",
       407 => "HTTP/1.1 407 Proxy Authentication Required",
       408 => "HTTP/1.1 408 Request Time-out",
       409 => "HTTP/1.1 409 Conflict",
       410 => "HTTP/1.1 410 Gone",
       411 => "HTTP/1.1 411 Length Required",
       412 => "HTTP/1.1 412 Precondition Failed",
       413 => "HTTP/1.1 413 Request Entity Too Large",
       414 => "HTTP/1.1 414 Request-URI Too Large",
       415 => "HTTP/1.1 415 Unsupported Media Type",
       416 => "HTTP/1.1 416 Requested range not satisfiable",
       417 => "HTTP/1.1 417 Expectation Failed",
       500 => "HTTP/1.1 500 Internal Server Error",
       501 => "HTTP/1.1 501 Not Implemented",
       502 => "HTTP/1.1 502 Bad Gateway",
       503 => "HTTP/1.1 503 Service Unavailable",
       504 => "HTTP/1.1 504 Gateway Time-out"
   );
   header($http[$num]);
   header ("Location: $url");
}

First include sitefunctions.php and than call movePage() as follows:

<?php
@include("/path/to/sitefunctions.php");
movePage(403,"http://www.cyberciti.biz/");
?>

Linux: Check Ram Speed and Type

How do I check RAM speed and type (line DDR or DDR2) without opening my computer? I need to purchase RAM and I need to know the exact speed and type installed. How do I find out ram information from a shell prompt?

You need to use biosdecode command line utility. Dmidecode is a tool or dumping a computer's DMI (some say SMBIOS) table contents in a human-readable format. The output contains a description of the system's hardware components, as well as other useful pieces of information such as serial numbers and BIOS revision. This command works under Linux, UNIX and BSD computers.
Open a shell prompt and type the following command:
$ sudo dmidecode --type 17
OR
$ sudo dmidecode --type 17 | more
Sample output:

# dmidecode 2.9
SMBIOS 2.4 present.
Handle 0x0018, DMI type 17, 27 bytes
Memory Device
        Array Handle: 0x0017
        Error Information Handle: Not Provided
        Total Width: 64 bits
        Data Width: 64 bits
        Size: 2048 MB
        Form Factor: DIMM
        Set: None
        Locator: J6H1
        Bank Locator: CHAN A DIMM 0
        Type: DDR2
        Type Detail: Synchronous
        Speed: 800 MHz (1.2 ns)
        Manufacturer: 0x2CFFFFFFFFFFFFFF
        Serial Number: 0x00000000
        Asset Tag: Unknown
        Part Number: 0x5A494F4E203830302D3247422D413131382D
Handle 0x001A, DMI type 17, 27 bytes
Memory Device
        Array Handle: 0x0017
        Error Information Handle: Not Provided
        Total Width: Unknown
        Data Width: Unknown
        Size: No Module Installed
        Form Factor: DIMM
        Set: None
        Locator: J6H2
        Bank Locator: CHAN A DIMM 1
        Type: DDR2
        Type Detail: None
        Speed: Unknown
        Manufacturer: NO DIMM
        Serial Number: NO DIMM
        Asset Tag: NO DIMM
        Part Number: NO DIMM

You can just grep speed and skip all the details:

 
dmidecode --type 17  | grep -i speed
 

Sample outputs:

 Speed: 1333 MHz (0.8 ns)
 Speed: 1333 MHz (0.8 ns)

BIND: Stop Recursion DNS Under Linux / UNIX

Q. How do I stop recursion (recursive query) under BIND 9 DNS server?

A. A DNS query may be either a recursive query or a non-recursive query. If recursion is set to 'yes' (the default) the server will always provide recursive query behaviour if requested by the client (resolver). If set to 'no' the server will only provide iterative query behaviour. If the answer to the query already exists in the cache it will be returned irrespective of the value of this statement. This statement essentially controls caching behaviour in the server.
Open named.conf file and make sure following settings exists under Options { ... } settings:
recursion no;
Save and close the file. Reload named:
# service named restart

MySQL: Change Default Port Under Linux / UNIX

Q.I'm using MySQL 5 under Red Hat Enterprise Linux 5. How do I change default mysql server port (tcp port 3306) under Linux or UNIX operating systems?

A. MySQL server and client uses a file called my.cnf. You need to open /etc/my.cnf (Global mysqld configuration file) to specify new port.

MySQL Change Default Port

Open /etc/my.cnf file:
# vi /etc/my.cnf
Set new port 5123:
port=5123
Here is is my sample /etc/my.cnf file:

[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
port=5123
old_passwords=1
bind = 10.10.29.66
key_buffer = 500M
table_cache = 4000
sort_buffer_size = 3M
read_buffer_size = 2M
read_rnd_buffer_size = 8M
myisam_sort_buffer_size = 64M
max_connections = 400
query_cache_type = 1
query_cache_limit = 1M
query_cache_size = 100M
max_allowed_packet = 1M
thread_cache_size = 8
# Try number of CPU's*2 for thread_concurrency
thread_concurrency = 4
local-infile=0
[mysql.server]
user=mysql
basedir=/var/lib
[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
[mysqldump]
quick
max_allowed_packet = 16M

Save and close the file. Restart mysqld:
# service mysqld restart
Please note that once port changed, you need to update all your php, perl, python scripts including iptables scripts.

Vbulltin PHP Xcache Displaying Same Forum Data For Both Boards Error and Solution

Q. I've followed your Xcache php 5.x opcode cacher installation under RHEL 5 for my vbulltin board. I see good boosting in performance. Now I've installed 2nd VB forum on the same server and I see all sub-forums hosted from 1st forum. So I had to disable Xcache. I want Xcache for both board on same host. How do I fix this mess?

A. Xcache caches both php files and variable. Since vbulltin is the same product, it will cache and use same variable within cache. This is performance boosting feature. However, you can force xcache , so that VB do not try to use the same variable within the cache by specific to use a prefix. Make sure following two line exists in your VB config.php file (located in /path/to/forum/includes/config.php):
# vi config.php
Append or modify settings as follows:
$config['Datastore']['class'] = 'vB_Datastore_XCache';
$config['Datastore']['prefix'] = 'yourforumname';
Save and close the file. Make sure you restart Apache:
# service httpd restart
OR
# service lighttpd restart
This works in a similar manner to the database table prefix. This is also applicable to other PHP caching systems such as APC and eAccelerator with more than one set of boards installed on same UNIX / Linux / Windows host.

FreeBSD: How To Add A Second Hard Disk

Q. How do I add a second hard disk to my FreeBSD server? How do I partition, label and mount a new hard disk under FreeBSD for backup or additional data?

A. There are two ways to install a new hard disk under FreeBSD system. You can use all command line utilities such as fdisk,bsdlabel and newfs to create partitions, label and format it. This method requires complete understanding of BSD partitions and other stuff.

Using sysinstall - Easy way to add a new hard disk

The sysinstall utility is used for installing and configuring FreeBSD systems including hard disks. sysinstall offers options to partition and label a new disk using its easy to use menus. Login as root user. Run sysinstall and enter the Configure menu. Within the FreeBSD Configuration Menu, scroll down and select the Fdisk option:
# sysinstall
Alternatively, use sudo (if configured) to run sysinstall:
$ sudo sysinstall

WARNING! These examples may result into data loss or crash your computer if executed without proper care. This FAQ assumes that you have added a hard disk to the system. Also, replace ad to da (if using SCSI hard disk). Please note that any existing data on 2nd hard disk will get wiped out. Make sure you have backup of all import data and config files.

Fig.01: Scroll down to Configure and press [enter]

Fig.02: Select Fdisk and press [enter]

Fig.03: Select the appropriate drive and press [enter]

The new drive will probably be the second in the list with a name like ad1 or ad2 and so on. In above example it is ad6.

Using fdisk

Once inside fdisk, pressing A will use the entire disk for FreeBSD. When asked if you want to "remain cooperative with any future possible operating systems", answer YES. Write the changes to the disk using W. Now exit the FDISK editor by pressing Q. Next you will be asked about the "Master Boot Record". Since you are adding a disk to an already running system, choose None. The next dialog will say that the operation was successful. Press [enter]. Type Q to quit FDISK.

Using disklable

Next, you need to exit sysinstall and start it again. Restart sysinstall by typing sysinstall:
# sysinstall
Select Configure and press [enter]. Select Label and press [enter]. A dialog asking you to select the drive will appear. Select the appropriate drive and press [enter].
This is where you will create the traditional BSD partitions:

1. A disk can have up to eight partitions, labeled a-h.
2. The a partition is used for the root partition (/). Thus only your system disk (e.g, the disk you boot from) should have an a partition.
3. The b partition is used for swap partitions, and you may have many disks with swap partitions.
4. The c partition addresses the entire disk in dedicated mode, or the entire FreeBSD slice in slice mode.
5. The other partitions are for general use.

Now press C to create a partition.

• Set partition size, to use the whole drive, press [enter].
• Next, choose fs and press [enter].
• Type /disk2 as mount point and press [enter] (don't use the name of a directory that already exists because sysinstall will mount the new partition on top of it)
• To finalize the changes, press W, select yes and press [enter].

Update /etc/fstab

The last step is to edit /etc/fstab to add an entry for your new disk, enter:
# vi /etc/fstab
Append entry like as follows (make sure you replace parition name with actual values):

/dev/ad6s1d     /disk2       ufs     rw           2       2

Here is my sample /etc/fstab file:

/dev/ad4s1a    520M    393M     85M    82%    /
devfs          1.0k    1.0k      0B   100%    /dev
/dev/ad6s1d    243G     75G    148G    34%    /disk2
/dev/ad4s1d    520M     22M    456M     5%    /tmp
/dev/ad4s1f    230G    4.6G    207G     2%    /usr
/dev/ad4s1e     10G    130M    9.4G     1%    /var
devfs          1.0k    1.0k      0B   100%    /var/named/dev
devfs          1.0k    1.0k      0B   100%    /usr/home/jail/www.example.com/dev

Save and close the file. The new drive should mount automatically at /disk2 after reboot. To mount it immediately, enter:
# mount -a
# df -H

pdfimages: Extract and Save Images From A Portable Document Format ( PDF ) File

Q. How do I extract images from a PDF file under Linux / UNIX shell account?

A. pdfimages works as Portable Document Format (PDF) image extractor under Linux / UNIX operating systems. It saves images from a PDF file as Portable Pixmap (PPM), Portable Bitmap (PBM), or JPEG files. Pdfimages reads the PDF file PDF-file, scans one or more pages, and writes one PPM, PBM, or JPEG file for each image, image-root-nnn.xxx, where nnn is the image number and xxx is the image type (.ppm, .pbm, .jpg).
pdfimages is installed using poppler-utils package under various Linux distributions:
# yum install poppler-utils
OR
# apt-get install poppler-utils

pdfimages syntax

pdfimages /path/to/file.pdf /path/to/output/dir
Extract the PDF file called bar.pdf and save every image as image-00{1,2,3..N}.ppm, enter:
$ pdfimages bar.pdf /tmp/image
$ ls /tmp/image*
Sample output:

image-000.ppm   image-1025.ppm  image-1140.ppm  image-1256.ppm  image-247.ppm  image-374.ppm  image-501.ppm  image-628.ppm  image-755.ppm  image-882.ppm
image-001.ppm   image-1026.ppm  image-1141.ppm  image-1257.ppm  image-248.ppm  image-375.ppm  image-502.ppm  image-629.ppm  image-756.ppm  image-883.ppm
image-002.ppm   image-1027.ppm  image-1142.ppm  image-1258.ppm  image-249.ppm  image-376.ppm  image-503.ppm  image-630.ppm  image-757.ppm  image-884.ppm

Normally, all images are written as PBM (for monochrome images) or PPM (for non-monochrome images) files. With the -j option, images in DCT format are saved as JPEG files. All non-DCT images are saved in PBM/PPM format as usual:
$ pdfimages -j bar.pdf /tmp/image
The -f option Specifies the first page to scan. To scan first 5 pages, enter:
$ pdfimages -j -f 5 bar.pdf /tmp/image
The -l option specifies the last page to scan. To scan last 5 pages, enter:
$ pdfimages -j -l 5 bar.pdf /tmp/image

Linux: Run Quicken Personal Finance Management Software

Q. How do I run Quicken personal finance management software or propitiatory Windows tax software under GNU/Linux?

A. Quicken is a personal finance management tool. There are several versions of Quicken such as Quicken New User, Quicken Basic, Quicken Deluxe, Quicken Premier and Quicken Home & Business. Quicken is Microsoft specific software. However, you can run quicken under Linux using any one of the following methods:

Use CrossOver Office / Wine To run Quicken

CrossOver Office - CodeWeavers' goal is to make Unix (including Linux and Mac OS X) a fully Windows-compatible operating system. All Windows applications should be able to be run on Unix: cleanly, harmoniously, within the native environment, and without using an emulator. You can also use Wine Software. Please note that applications such as Tax and finance software are updated every year, so make sure your version is supported under CrossOver office.

Use Web based software

Many vendor provides web-based tax / finance software.

Use Vmware or Virtualbox

You can install Virtual machine software such as Virtualbox or Vmware to run Windows based tax / finance management software.

Use OpenSouce software

GnuCash is an accounting software which implements a double-entry bookkeeping system. It was initially aimed at developing capabilities similar to Intuit, Inc.'s Quicken application, but also has features for small business accounting. Recent development has been focused on adapting to modern desktop support-library requirements.
The first time you run GNUCash, you'll be prompted either to import files in Quicken QIF format or to create a new set of accounts.

Bash Shell: Ignore Aliases / Functions When Running A Command

Q. How do I ignore shell aliases or function when running a command without removing alias / function from memory or current shell session?

A. aliases are mainly used for abbreviating a system command, or for adding default arguments to a regularly used command.

To view defined aliases the following commands can be used:

$ alias
Sample output:

alias cp='cp -i'
alias l='ls $LS_OPTIONS -lA'
alias ll='ls $LS_OPTIONS -l'
alias ls='ls $LS_OPTIONS'
alias mv='mv -i'
alias rm='rm -i'
alias apt-get='apt-get update && apt-get upgrade'

How to ignore aliases or functions when running a command?

Simply use command called command as follows to ignore aliases or functions. For example, on my system I've following alias set:
alias apt-get='apt-get update && apt-get upgrade'
To ignore apt-get alias, enter:
command apt-get -y install
You can also use any one of the following syntax:
\apt-get -y install
"apt-get" -y install
Both \ and " symbols allows you to run real apt-get command and ignore apt-get alias.

More about 'command' command

Runs COMMAND with ARGS ignoring shell functions. If you have a shell function called ls, and you wish to call the command /bin/ls command, you can type:
command ls
If the -p option is given, a default value is used for PATH that is guaranteed to find all of the standard utilities under UNIX / Linux:
command -p ls
The -V or -v option is given, a string is printed describing COMMAND. The -V option produces a more verbose description:
command -v ls
Sample output:

ls is aliased to `ls $LS_OPTIONS'

type command

Type command will print information about alias, function and real command:
type -a apt-get
Sample output:

apt-get is aliased to `apt-get update && apt-get upgrade'
apt-get is /usr/bin/apt-get

Debian / Ubuntu Linux Install NTPD To Synchronism Clock With Internet Standard Time Servers

Q. How do I install and configure NTP ( Network Time Protocol ) daemon to keep my dedicated servers clock in sync?

A. ntpd is an operating system daemon which sets and maintains the system time-of-day in synchronism with Internet standard time servers. Ntpd is a complete implementation of the Network Time Protocol (NTP) version 4 but also retains compatibility with version 3.

Install ntp server

Type the following command:
# apt-get install ntp
Sample output:

Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
  libcap1
Suggested packages:
  ntp-doc
The following NEW packages will be installed:
  libcap1 ntp
0 upgraded, 2 newly installed, 0 to remove and 1 not upgraded.
Need to get 443kB of archives.
After this operation, 1126kB of additional disk space will be used.
Do you want to continue [Y/n]? y
Get:1 http://ftp.us.debian.org lenny/main libcap1 1:1.10-14 [9082B]
Get:2 http://ftp.us.debian.org lenny/main ntp 1:4.2.4p4+dfsg-7 [434kB]
Fetched 443kB in 0s (480kB/s)
Selecting previously deselected package libcap1.
(Reading database ... 20411 files and directories currently installed.)
Unpacking libcap1 (from .../libcap1_1%3a1.10-14_i386.deb) ...
Selecting previously deselected package ntp.
Unpacking ntp (from .../ntp_1%3a4.2.4p4+dfsg-7_i386.deb) ...
Processing triggers for man-db ...
Setting up libcap1 (1:1.10-14) ...
Setting up ntp (1:4.2.4p4+dfsg-7) ...
Starting NTP server: ntpd.

Configure NTP server

/etc/ntp.conf is default configuration file. NTP uses UDP port 123 as its transport layer. It is designed particularly to resist the effects of variable latency by using a jitter buffer.
# vi /etc/ntp.conf
The default configuration will sync to various low-stratum NTP servers. You can set server as follows:

server 0.debian.pool.ntp.org iburst dynamic
server 1.debian.pool.ntp.org iburst dynamic
server 2.debian.pool.ntp.org iburst dynamic
server 3.debian.pool.ntp.org iburst dynamic

Once file updaed, restart ntp:
# /etc/init.d/ntp restart

ntpq - NTP query program

You can use ntpq to list the servers that you are currently polling:
$ ntpq
Sample output:

ntpq> peer
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*time.nist.gov   .ACTS.           1 u  128   64  376   64.616   -8.079   0.863
+iguana.igtc.com 198.60.22.240    2 u   19   64  377    9.105   -9.229   0.543
+hydrogen.cert.u 216.218.254.202  2 u   12   64  377   35.950   -7.184   0.438
-snag.rack911.co 66.90.104.142    3 u   50   64  377   33.782   -0.376   0.464

Alternatively, you can type the following to find out if ntp is working or not:
$ ntpq -p
Sample output:

     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*time.nist.gov   .ACTS.           1 u    3   64  373   64.616   -8.079   0.716
+iguana.igtc.com 198.60.22.240    2 u   28   64  377    9.065   -9.429   0.628
+hydrogen.cert.u 216.218.254.202  2 u   19   64  377   35.950   -7.184   0.357
-snag.rack911.co 66.90.104.142    3 u   57   64  377   33.695   -0.893   0.645

Find command: Exclude / Ignore Files ( Ignore Hidden .dot Files )

Q. How do I ignore hidden .dot files while searching for files? How do I ignore or exclude certain files while running Linux / UNIX find command?

A. Find command support standard UNIX regex to match or exclude files. You can write complex queries easily with regex.

Find command and logical operators

Find any file whose name ends with either 'c' or 'asm', enter:
$ find . -type f \( -iname "*.c" -or -iname "*.asm" \)
The parentheses must be escaped with a backslash, "\(" and "\)", to prevent them from being interpreted as special shell characters. The -type f option force to only search files and not directories. The or operator either find .c or .asm file.

Understanding find command operators

Operators build a complex expression from tests and actions. The operators are, in order of decreasing precedence:

( expr )	Force precedence. True if expr is true
expr -not expr	True if expr is false. In some shells, it is necessary to protect the ‘!’ from shell interpretation by quoting it.
expr1 -and expr2	And; expr2 is not evaluated if expr1 is false.
expr1 -or expr2	Or; expr2 is not evaluated if expr1 is true.

WARNING! The '-or', '-and', and '-not' operator are not available on all versions of find. Usually GNU find supports all options. Refer your local find command man page for more information.

How do I ignore hidden .dot files while searching for files?

Find *.txt file but ignore hidden .txt file such as .vimrc or .data.txt file:
$ find . -type f \( -iname "*.txt" ! -iname ".*" \)
Find all .dot files but ignore .htaccess file:
$ find . -type f \( -iname ".*" ! -iname ".htaccess" \)

TCPDump: Capture and Record Specific Protocols / Port

Q. How do I capture specific protocol or port such as 80 ( http ) using TCPDump tool under Linux / UNIX? How do I recording Traffic with TCPDump and find problems later on?

A. TCPDump is a tool for network monitoring and data acquisition. It can save lots of time and can be used for debugging network or server related problems. Tcpdump prints out a description of the contents of packets on a network interface that match the boolean expression.

Monitor all packets on eth1 interface

tcpdump -i eth1

Monitor all traffic on port 80 ( HTTP )

tcpdump -i eth1 'port 80'

Monitor all traffic on port 25 ( SMTP )

tcpdump -vv -x -X -s 1500 -i eth1 'port 25'
Where,

• -vv : More verbose output
• -x : When parsing and printing, in addition to printing the headers of each packet, print the data of each packet.
• -X : hen parsing and printing, in addition to printing the headers of each packet, print the data of each packet (minus its link level header) in hex and ASCII. This is very handy for analysing new protocols.
• -s 1500: Snarf snaplen bytes of data from each packet rather than the default of 68. This is useful to see lots of information.
• -i eth1 : Monitor eth1 interface

Capturing traffic information using cronjobs

tcpdump can be used to find out about attacks and other problems. Let us say your webserver facing problem everday at midnight. Enter following command into cron. It will schedule capturing of 30,000 packets and writing raw data to a file called port.80.debug.txt:
@midnight /usr/sbin/tcpdump -n -c 30000 -w /root/port.80.debug.txt
Next day you can log into your box and read the /root/port.80.debug.txt file:
tcpdump -X -vv -r /root/port.80.debug.txt
This simple technique can be used record and debug problems.

FreeBSD csh / tcsh: Export Shell Variable

Q. I'm using FreeBSD 7 with csh (tcsh) shell. How do I export shell variable under FreeBSD operating systems?

A. tcsh is an enhanced but completely compatible version of the Berkeley UNIX C shell, csh. It is a command language interpreter usable both as an interactive login shell and a shell script command processor. It includes a command-line editor and many other features.

FreeBSD display current environment variables

Type the following command to print current names and values of environment variables:
setenv
Sample output:

SHELL=/usr/local/bin/bash
TERM=xterm
SSH_CLIENT=10.10.29.66 37484 22
SSH_TTY=/dev/ttyp2
USER=root
PAGER=more
FTP_PASSIVE_MODE=YES
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:/root/bin
MAIL=/var/mail/root
BLOCKSIZE=K
PWD=/root
SHLVL=2
HOME=/root
LOGNAME=root
SSH_CONNECTION=10.10.29.66 37484 10.24.116.2 22
_=/bin/csh
HOSTTYPE=FreeBSD
VENDOR=unknown
OSTYPE=FreeBSD
MACHTYPE=unknown
GROUP=wheel
HOST=vps.nixcraft.in
REMOTEHOST=10.10.29.66
EDITOR=vim

Export shell variable

To export and set new environment variables, enter:
setenv name value
setenv EDITOR /usr/bin/vim

You need to add all your enviorment variables to ~/.cshrc file - csh resource script, read at beginning of execution by each shell. Here is my sample .cshrc file:

alias h         history 25
alias j         jobs -l
alias la        ls -a
alias lf        ls -FA
alias ll        ls -lA
# A righteous umask
umask 22
set path = (/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin /usr/local/bin $HOME/bin)
setenv  EDITOR  vim
setenv  PAGER   less
setenv  BLOCKSIZE       M
if ($?prompt) then
        # An interactive shell -- set some stuff up
        set prompt = "`/bin/hostname -s`# "
        set filec
        set history = 100
        set savehist = 100
        set mail = (/var/mail/$USER)
        if ( $?tcsh ) then
                bindkey "^W" backward-delete-word
                bindkey -k up history-search-backward
                bindkey -k down history-search-forward
        endif
endif

A list of commonly used environment variables

An array of strings called the environment is made available by execve() call when a process begins. By convention these strings have the form name=value. The following names are used by various commands

• BLOCKSIZE : The size of the block units used by several commands, most notably df, du and ls. BLOCKSIZE may be specified in units of a byte by specifying a number, in units of a kilobyte by specifying a number followed by K or k, its of a megabyte by specifying a number followed by M or m etc.
• COLUMNS : The user's preferred width in column positions for the terminal. Utilities such as ls and who use this to format output into columns.
• EDITOR : Default editor name.
• EXINIT : A startup list of commands read by ex and vi.
• HOME : A user's login directory, set by login from the password file /etc/passwd.
• LANG : This variable configures all programs which use setlocale to use the specified locale unless the LC_* variables are set.
• MAIL : The location of the user's mailbox instead of the default in /var/mail, used by mail, sh, and many other mail clients.
• PAGER : Default paginator program. The program specified by this variable is used by mail, man, ftp, etc, to display information which is longer than the current display.
• PATH : The sequence of directories, separated by colons, searched by csh, sh, system, execvp, etc, when looking for an executable file. PATH is set to /usr/bin:/bin initially by login.
• PRINTER : The name of the default printer to be used by lpr, lpq, and lprm.
• PWD : The current directory pathname.
• SHELL : The full pathname of the user's login shell.
• TERM : The kind of terminal for which output is to be prepared. This information is used by commands, such as nroff or plot which may exploit special terminal capabilities.
• TMPDIR : The directory in which to store temporary files. Most applications use either /tmp or var/tmp. Setting this variable will make them use another directory.
• TZ : The timezone to use when displaying dates.
• USER : The login name of the user.

Red Hat / CentOS Linux: Enable and Install Media, CD / DVD, Moive MP3 Players

Q. How do I enable and install Media player under CentOS or Fedora or Red Hat Enterprise Linux systems? How do I play mp3s under RHEL / CentOS Linux 5.x? How do I play CD / DVD movies under RHEL / CentOS Linux version 5.x?

A. EPEL (Extra Packages for Enterprise Linux) is a volunteer-based community effort from the Fedora project to create a repository of high-quality add-on packages but you will not find mp3, dvd and music / media player under EPEL.

RPMforge Repo

RPMforge is a collaboration of Dag, Dries, and other packagers. They provide over 4000 packages for CentOS, including mplayer, xmms-mp3, dvd, cd and other popular media players tools. It is not part of RedHat or CentOS / Fedora but is designed to work with these major distributions.

How do I enable RPMforge repo?

Login as root user and type the following command at a shell prompt:
# rpm -ivh http://apt.sw.be/redhat/el5/en/x86_64/RPMS.dag/rpmforge-release-0.3.6-1.el5.rf.$(uname -i).rpm
Sample output:

Retrieving http://apt.sw.be/redhat/el5/en/x86_64/RPMS.dag/rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm
warning: /var/tmp/rpm-xfer.jWb790: Header V3 DSA signature: NOKEY, key ID 6b8d79e6
Preparing...                ########################################### [100%]
   1:rpmforge-release       ########################################### [100%]

Import GPG keys, enter:
# rpm --import http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt

A note about CentOS v5.x / 4.x

You also need to install yum-priorities, which is available in the CentOS v5 / 4 repositories:
# yum -y install yum-priorities
Sample output:

Loading "skip-broken" plugin
Loading "fastestmirror" plugin
Loading mirror speeds from cached hostfile
 * epel: mirrors.xmission.com
 * base: mirrors.gigenet.com
 * updates: pubmirrors.reflected.net
 * addons: centos.mirrors.tds.net
 * extras: centos.mirrors.tds.net
Setting up Install Process
Parsing package install arguments
Resolving Dependencies
--> Running transaction check
---> Package yum-priorities.noarch 0:1.1.10-9.el5.centos set to be updated
--> Finished Dependency Resolution
Dependencies Resolved
=============================================================================
 Package                 Arch       Version          Repository        Size
=============================================================================
Installing:
 yum-priorities          noarch     1.1.10-9.el5.centos  base               11 k
Transaction Summary
=============================================================================
Install      1 Package(s)
Update       0 Package(s)
Remove       0 Package(s)
Total download size: 11 k
Downloading Packages:
(1/1): yum-priorities-1.1 100% |=========================|  11 kB    00:00
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing: yum-priorities               ######################### [1/1]
Installed: yum-priorities.noarch 0:1.1.10-9.el5.centos
Complete!

Test your setup

Finally, type the following command to test new repo:
# yum check-update
Sample output:

Loading "skip-broken" plugin
Loading "fastestmirror" plugin
Loading "priorities" plugin
Loading mirror speeds from cached hostfile
 * epel: mirrors.xmission.com
 * rpmforge: fr2.rpmfind.net
 * base: mirrors.gigenet.com
 * updates: pubmirrors.reflected.net
 * addons: centos.mirrors.tds.net
 * extras: centos.mirrors.tds.net
rpmforge                  100% |=========================| 1.1 kB    00:00
primary.xml.gz            100% |=========================| 2.5 MB    00:06
rpmforge  : ################################################## 7247/7247
0 packages excluded due to repository priority protections
cadaver.x86_64                           0.22.5-1.el5.rf        rpmforge
lftp.x86_64                              3.7.3-1.el5.rf         rpmforge
mtr.x86_64                               2:0.72-1.el5.rf        rpmforge
rsync.x86_64                             3.0.3-1.el5.rf         rpmforge
syslinux.x86_64                          3.71-1.el5.rf          rpmforge
udftools.x86_64                          1.0.0b3-3.el5.rf       rpmforge
[root@centos tmp]# yum check-update
Loading "skip-broken" plugin
Loading "fastestmirror" plugin
Loading "priorities" plugin
Loading mirror speeds from cached hostfile
 * epel: mirrors.xmission.com
 * rpmforge: fr2.rpmfind.net
 * base: mirrors.gigenet.com
 * updates: pubmirrors.reflected.net
 * addons: centos.mirrors.tds.net
 * extras: centos.mirrors.tds.net
0 packages excluded due to repository priority protections
cadaver.x86_64                           0.22.5-1.el5.rf        rpmforge
lftp.x86_64                              3.7.3-1.el5.rf         rpmforge
mtr.x86_64                               2:0.72-1.el5.rf        rpmforge
rsync.x86_64                             3.0.3-1.el5.rf         rpmforge
syslinux.x86_64                          3.71-1.el5.rf          rpmforge
udftools.x86_64                          1.0.0b3-3.el5.rf       rpmforge 

How do I install media players?

Type the following command to install media players:
# yum -y install mplayer vlc xmms-mp3 xmms-flac xmms-wma xmms-skins

To play mp3 enter

$ mplayer *.mp3
OR
$ xmms &

To play CD / DVD or media file enter

$ vlc moive.avi
$ vlc &
$ mplayer file.avi

How To: Make Sure /etc/resolv.conf Never Get Updated By DHCP Client

Q. I'm using GNU/Linux with the Internet Systems Consortium DHCP Client. dhclient, provides a means for configuring one or more network interfaces using the Dynamic Host Configuration Protocol. It also updates my /etc/resolv.conf each time my laptop connects to different network. I would like to keep my existing nameservers. How do I skip /etc/resolv.conf update?

A. The DHCP protocol allows a host to contact a central server which maintains a list of IP addresses which may be assigned on one or more subnets. This protocol reduces system administration workload, allowing devices to be added to the network with little or no manual configuration. There are two ways you can get rid of this problem. Use any one of the following method.

WARNING! Many firewalls only allow access to certain nameservers only. So make sure your nameservers are supported. Also, many corporates block snooping name server such as OpenDNS due to privacy issues.

Option # 1: Write protecting /etc/resolv.conf file

Write protect your /etc/resolv.conf file with chattr command under Linux ext3 file system:
# chattr +i /etc/resolv.conf
+i attribute write protect etc/resolv.conf file under Linux so that no one can modify it. You can use chflags command under FreeBSD.

Option #2: dhclient-script hooks

The DHCP client network configuration script is invoked from time to time by dhclient. This script is used by the dhcp client to set each interface's initial configuration prior to requesting an address, to test the address once it has been offered, and to set the interface's final configuration once a lease has been acquired.
This script is not meant to be customized by the end user. If local customizations are needed, they should be possible using the enter and exit hooks provided. These hooks will allow the user to override the default behavior of the client in creating a /etc/resolv.conf file.
When it starts, the client script first defines a shell function, make_resolv_conf, which is later used to create the /etc/resolv.conf file. To override the default behavior, redefine this function in the enter hook script.

Create hook to avoid /etc/resolv.conf file update

You need to create /etc/dhcp3/dhclient-enter-hooks.d/nodnsupdate file under Debian / Ubuntu Linux:
# vi /etc/dhcp3/dhclient-enter-hooks.d/nodnsupdate
Append following code:

#!/bin/sh
make_resolv_conf(){
 :
}

Save and close the file. Set permissions:
# chmod +x /etc/dhcp3/dhclient-enter-hooks.d/nodnsupdate
Above script will replace make_resolv_conf() with our own function. This functions does nothing.

A note about RHEL / CentOS / Fedora Linux

Place following code in /etc/dhclient-enter-hooks file:
# vi /etc/dhclient-enter-hooks
Append code:

make_resolv_conf(){
 :
}

Save and close the file.

Option # 3: Configure dhclient.conf

/etc/dhclient.conf or /etc/dhcp/dhclient.conf file contains configuration information for dhclient. You can turn on or off DNS update and other options for specific interface or all interface using this file. The man pages for DHCLIENT.CONF and DHCP-OPTIONS point out that in dhclient.conf, you should add this:

option domain-name-servers 202.54.1.2, 199.2.3.4, 124.1.5.22

Linux / UNIX: Create Username or Groups in UPPER Case

Q. How do I create username or user groups in upper case under Linux / *BSD / UNIX operating systems?

You can create username and groups in upper case but I don't recommend it for following problems:
(a) Confusion - Some user may get confused with username VIVEK and vivek.
(b) Compatibility issues - Many protocols and certain libraries may produced compatibility issues.
The use of upper case letters for usernames or group names should be avoided under Linux / UNIX like operating systems.

Explain: Five Nines ( 99.999% ) Computer / Network Uptime Concept

Q. Some service provider guarantees 99.999% uptime for their service. Can you explain meaning of five nines?

A. The uptime and reliability of computer and communications facilities is sometimes measured in nines. Having a computer system's availability of 99.999% means the system is highly available, delivering its service to the user 99.999% of the time it is needed. In other words you get a total downtime of approximately five minutes and fifteen seconds per year with 99.999% uptime.

Availability	per day	per month	per year
99.999%	00:00:00.4	00:00:26	00:05:15
99.99%	00:00:08	00:04:22	00:52:35
99.9%	00:01:26	00:43:49	08:45:56
99%	00:14:23	07:18:17	87:39:29

A service level agreement (SLA) is a part of a service contract where the level of service is formally defined including uptime. Uptime agreements are very common metric, often used for data and network services such as hosting, servers and dedicated servers, leased lines. Common agreements include percentage of network uptime, power uptime, amount of scheduled maintenance windows etc.
To achieve true 99.999% uptime you need multiple tier 4 data center and including capacity planning. 99.999% uptime is recommended for mission-critical stuff and e-commerce.
You can run the following command on UNIX / Linux to see uptime:
$ uptime
Under Windows server 2003 / 2008 / XP or Vista, type the following command at command prompt to see uptime:
systeminfo | find "Up Time"

BSD PF Firewall: Displays Active Packetfilter States And Rules

Q. How do I view active connections with PF firewall under FreeBSD / OpenBSD UNIX operating system?

A. You need to use pftop command which displays the active packetfilter states and rules, and periodically updates this information. It provides a "top" like view of the PF state table.

Install pftop

pftop can be installed from the FreeBSD / OpenBSD ports collection, or downloaded from the pftop website. Under FreeBSD type the following command to update ports and install the latest version:
# portsnap fetch update
# cd /usr/ports/sysutils/pftop
# make install clean

Start pftop

pftop displays source and destination IP addresses, TCP and UDP port numbers, packets and bytes transmitted, the age of a connection, and the time left until a connection will be removed from the state table:
# pftop
Sample output:

Fig.01: pftop in action (click to enlarge)

To exit press q. Following commands are currently recognized:

c	Enable disable state caching (enabled by default).
f	Set the state filter expression.
h,?	Display a summary of the commands (help screen).
n	Set number of lines to display.
o	Select next sorting Order.
p	Pause/resume display updates.
q	Quit pftop.
r	Reverse current sorting order.
s	Set display update interval in Seconds.
v	Select next View.
0-7	Select one of the views directly.
Cursor	Scroll display (up/down), and switch views (left/right). Most of the emacs/mg motion keys work as well.
SPACE	Update display immediately.
CTRL-L	Refresh display.
CTRL-G	Clear command entry line.

Can I Run Pidgin on Mac OS X?

Q. Can I install and run Pidgin instant messaging client under Mac OS X operating system?

A. Short answer - yes, if you can compile and install X server / GTK+ on Mac OS X.
Long answer - Pidgin (Gaim) is a multi-platform instant messaging client. The software has limited support for many commonly used instant messaging protocols. You need to compile and install an X server, GTK+ and its dependencies yourself. You will not get native aqua interface including installer. I strongly suggest Adium, which is a free instant messaging application for Mac OS X that can connect to AIM, MSN, Jabber, Yahoo, and more.

Fig.01: adiumx in action under Mac OS X (click to enlarge)

Linux / UNIX: Find Volume Information From CDs and ISO Images

Q. I can use dd command to create ISO images from a CD but how do I get volume information from CDs and ISO images from a shell prompt?

A. You can use the following commands:
[a] file - To determine file type.
[b] dd - Ultimate convert and copy command.
[c] cdrecord - To record audio or data Compact Disks or Digital Versatile Disks from a master.
[d] isoinfo - A utility to perform directory like listings of iso9660 images.
[e] cd-discid - To read CD and get CDDB discid information.

Task: Read the volume data from an unmounted CD

Use the following command:
file -s /dev/scd0
Sample output:

/dev/scd0: ISO 9660 CD-ROM filesystem data UDF filesystem data (unknown version, id 'NSR01') 'Ubuntu 7.04 i386               ' (bootable)

Task: Read the table of contents of an unmounted CD

Use cdrecord:
cdrecord -v dev=/dev/scd0 -toc
Sample output:

TOC Type: 1 = CD-ROM
scsidev: '/dev/scd0'
devname: '/dev/scd0'
scsibus: -2 target: -2 lun: -2
Linux sg driver version: 3.5.27
Wodim version: 1.1.6
SCSI buffer size: 64512
Device type    : Removable CD-ROM
Version        : 5
Response Format: 2
Capabilities   :
Vendor_info    : 'TSSTcorp'
Identification : 'CD/DVDW SH-S182D'
Revision       : 'SB04'
Device seems to be: Generic mmc2 DVD-R/DVD-RW.
Current: 0x001A (DVD+RW)
Profile: 0x0015 (DVD-R/DL sequential recording)
Profile: 0x0016 (DVD-R/DL layer jump recording)
Profile: 0x002B (DVD+R/DL)
Profile: 0x001B (DVD+R)
Profile: 0x001A (DVD+RW) (current)
Profile: 0x0014 (DVD-RW sequential recording)
Profile: 0x0013 (DVD-RW restricted overwrite)
Profile: 0x0012 (DVD-RAM)
Profile: 0x0011 (DVD-R sequential recording)
Profile: 0x0010 (DVD-ROM)
Profile: 0x000A (CD-RW)
Profile: 0x0009 (CD-R)
Profile: 0x0008 (CD-ROM)
Profile: 0x0002 (Removable disk)
Using generic SCSI-3/mmc DVD-R(W) driver (mmc_mdvd).
Driver flags   : SWABAUDIO BURNFREE
Supported modes: PACKET SAO
Drive buf size : 917504 = 896 KB
Beginning DMA speed test. Set CDR_NODMATEST environment variable if device
communication breaks or freezes immediately after that.
Current Secsize: 2048
HINT: use dvd+rw-mediainfo from dvd+rw-tools for information extraction.
first: 1 last 1
track:   1 lba:         0 (        0) 00:02:00 adr: 1 control: 4 mode: -1
track:lout lba:   2295104 (  9180416) -1:59:74 adr: 1 control: 7 mode: -1

Task: Read the volume data from an ISO image

Type the following command:
isoinfo -d -i /path/to/file.iso
isoinfo -d -i ubuntu-8.04-desktop-i386.iso
Sample output:

CD-ROM is in ISO 9660 format
System id: LINUX
Volume id: Ubuntu 8.04 i386
Volume set id:
Publisher id:
Data preparer id:
Application id: MKISOFS ISO 9660/HFS FILESYSTEM BUILDER & CDRECORD CD-R/DVD CREATOR (C) 1993 E.YOUNGDALE (C) 1997 J.PEARSON/J.SCHILLING
Copyright File id:
Abstract File id:
Bibliographic File id:
Volume set size is: 1
Volume set sequence number is: 1
Logical block size is: 2048
Volume size is: 357949
El Torito VD version 1 found, boot catalog is in sector 162
Joliet with UCS level 3 found
Rock Ridge signatures version 1 found
Eltorito validation header:
    Hid 1
    Arch 0 (x86)
    ID ''
    Key 55 AA
    Eltorito defaultboot header:
        Bootid 88 (bootable)
        Boot media 0 (No Emulation Boot)
        Load segment 0
        Sys type 0
        Nsect 4
        Bootoff 9B 155

Task: Find the unique disk number from an unmounted CD

Type the command as follows:
cd-discid /dev/scd0
Sample output:

023bfd01 1 150 15359

How To Upgrade FreeBSD Jail ( OS Level Virtualization )

Q. I've FreeBSD jail configured as explained in man pages using make world options. Now I've upgrade my base FreeBSD 7.0 system to FreeBSD 7 patch level 4. How do I upgrade my Jail (FreeBSD VPS) so that everything get updated inside jail?

A. The FreeBSD jail mechanism is an implementation of operating system-level virtualization that allows administrators to partition a FreeBSD-based computer system into several independent mini-systems called jails. FreeBSD jails offer security, ease of delegation and os level virtualization. To upgrade your jail using make world use the following commands.

Step # 1: Build world

Follow this guide to upgrade your running system. Once done type the following command to build world for jail:

WARNING! There are various ways of creating and upgrading jails. This method uses make world upgrade method as original jail was created using make build itself.

# JAIL=/path/to/jail
OR
# JAIL=/usr/home/jail/192.168.1.10
# cd /usr/src
# make buildworld DESTDIR=$JAIL
Please note that If you have just done make buildworld previously you can do make installworld and save the time.

Step # 2: Stop jail service

Type the following command to stop all jails:
# /etc/rc.d/jail stop

Step # 3: Upgrade jail

Type the following command to stop all jails:
# cd /usr/src
# make installworld DESTDIR=$JAIL
# mergemaster -i -C -D $JAIL
If you have multiple jail repeat above steps. You can also try something as follows:
# JPATHS="/jail/path1 /jail/path2 /jail/path3"
# for j in $JPATHS; make installworld DESTDIR=$j; done

Step # 4: Start all jails

Type the following command:
# /etc/rc.d/jail start
Make sure everything is running:
# jls
Try to connect to jail called www.example.com with 20 as jail id from host itself:
# jexec 20 sh
# hostname
# sockstat
Try to upgrade FreeBSD ports inside jail:
# portsnap fetch update
# portversion -l '<'
# portupgrade -a
Exit from jail and go back to host:
# exit

Linux: Force Users To Change Their Passwords Upon First Login

Q. How can I force my Linux users to change their passwords upon the first login under CentOS / Debian Linux?

A. You can use any one of the following command to change user passwords upon the first login:
[a] usermod command - Modify various user account properties including user password expiry information.
Where,
[b] chage command - Change user password expiry information

Task: Use chage command to force users to chage their password upon first login

Use the following syntax:
chage -d 0 {user-name}
# chage -d 0 tom

• -d 0 : Set the number of days since January 1st, 1970 when the password was last changed. The date may also be expressed in the format YYYY-MM-DD. By setting it to zero, you are going to force user to change password upon first login.

sshpass: Login To SSH Server / Provide SSH Password Using A Shell Script

How do I login over ssh without using password less RSA / DSA public keys? How do I use ssh in a shell script? How do I login non-interactivly performing password authentication with SSH and shell scripts?

You can use sshpass command to provide password for ssh based login. From the man page:

sshpass is a utility designed for running ssh using the mode referred to as "keyboard-interactive" password authentication, but in non-interactive mode.

ssh uses direct TTY access to make sure that the password is indeed issued by an interactive keyboard user. Sshpass runs ssh in a dedicated tty, fooling it into thinking it is getting the password from an interactive user.
The command to run is specified after sshpass' own options. Typically it will be "ssh" with arguments, but it can just as well be any other command. The password prompt used by ssh is, however, currently hardcoded into sshpass.

WARNING! These examples considered the least secure as simple ps command can expose password to all users on the same host. I highly recommend using ssh's public key authentication or keychain software to set up secure passwordless SSH access

Install sshpass under Debian / Ubuntu Linux

Type the following command:
$ sudo apt-get install sshpass

How do I use sshpass?

Login to ssh server called server.example.com with password called t@uyM59bQ:
$ sshpass -p 't@uyM59bQ' ssh username@server.example.com
Under shell script you may need to disable host key checking:
$ sshpass -p 't@uyM59bQ' ssh -o StrictHostKeyChecking=no username@server.example.com

How do I backup /var/www/html using rsync?

Run rsync over SSH using password authentication, passing the password on the command line:
$ rsync --rsh="sshpass -p myPassword ssh -l username" server.example.com:/var/www/html/ /backup/

ip6tables: IPv6 Firewall For Linux

Q. IPv4 by default protect internal host using RFC 1918 private IP address. But IPv6 offers direct global address which result into exposing all internal hosts as well. How do I create default IPv6 firewall to drop all incoming (except ping6 request) connection and only allow outgoing requests from Linux workstation?

A. You need to use Ip6tables command to create IPv6 firewall scripts. Ip6tables is used to set up, maintain, and inspect the tables of IPv6 packet filter rules in the Linux kernel.

A note about IPv6 private ips

IPv6 does not include private network features such as NAT. Because of the very large number of IPv6 addresses. However, FC00::/7 prefix used to identify Local IPv6 unicast addresses. All IPv6 users should be able to obtain IPv6 address space for use at their discretion and without artificial barriers between their network and the Internet.

Redhat / CentOS / Fedora Linux Specific Configuration

The /etc/sysconfig/ip6tables can be used to configure and open ports, the default config is as follows:

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -i eth0 -j ACCEPT
-A RH-Firewall-1-INPUT -i br0 -j ACCEPT
-A RH-Firewall-1-INPUT -p icmpv6 -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d ff02::fb -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 32768:61000 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 32768:61000 ! --syn -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp6-adm-prohibited
COMMIT

To open port tcp and udp port 53 add the following line before final --reject-with icmp6-adm-prohibited line:

# open port 22
-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 22 -j ACCEPT

At the end it should look as follows to which will open IPv6 port numbers, 53, 22, 25, 80, 110, and 443:

 
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -i eth0 -j ACCEPT
-A RH-Firewall-1-INPUT -i br0 -j ACCEPT
-A RH-Firewall-1-INPUT -p icmpv6 -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d ff02::fb -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 32768:61000 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 32768:61000 ! --syn -j ACCEPT
 
# open port 53
-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -m udp -p udp --dport 53 -j ACCEPT
 
# open port 22
-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 22 -j ACCEPT
 
# open mail server ports smtp, pop3, and imap
-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 110 -j ACCEPT
-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 143 -j ACCEPT
 
# open port 80 & 443
-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp6-adm-prohibited
COMMIT
 

Save and close the file. Now, you can restart firewall as follows:
# service ip6tables restart
# ip6tables -L -v -n

Sample Restricted IPv6 Linux Firewall Script

#!/bin/bash
IPT6="/sbin/ip6tables"
PUBIF="eth1"
echo "Starting IPv6 firewall..."
$IPT6 -F
$IPT6 -X
$IPT6 -t mangle -F
$IPT6 -t mangle -X
 
#unlimited access to loopback
$IPT6 -A INPUT -i lo -j ACCEPT
$IPT6 -A OUTPUT -o lo -j ACCEPT
 
# DROP all incomming traffic
$IPT6 -P INPUT DROP
$IPT6 -P OUTPUT DROP
$IPT6 -P FORWARD DROP
 
# Allow full outgoing connection but no incomming stuff
$IPT6 -A INPUT -i $PUBIF -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT6 -A OUTPUT -o $PUBIF -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
 
# allow incoming ICMP ping pong stuff
$IPT6 -A INPUT -i $PUBIF -p ipv6-icmp -j ACCEPT
$IPT6 -A OUTPUT -o $PUBIF -p ipv6-icmp -j ACCEPT
 
############# add your custom rules below ############
### open IPv6  port 80
#$IPT6 -A INPUT -i $PUBIF -p tcp --destination-port 80 -j ACCEPT
### open IPv6  port 22
#$IPT6 -A INPUT -i $PUBIF -p tcp --destination-port 22 -j ACCEPT
### open IPv6  port 25
#$IPT6 -A INPUT -i $PUBIF -p tcp --destination-port 25 -j ACCEPT
############ End custom rules ################
 
#### no need to edit below ###
# log everything else
$IPT6 -A INPUT -i $PUBIF -j LOG
$IPT6 -A INPUT -i $PUBIF -j DROP

Thunderbird Move Mail / Settings From Desktop Computer To Laptop

Q. How do I move my Thunderbird email client settings from Debian Linux desktop to a new Ubuntu Linux laptop? I've installed Thunderbird on Ubuntu Linux but not able to find any import or export option. How do I move settings?

A. Make sure Mozilla Thunderbird is not running. You need find out your profile directory / folder. Open terminal and change directory to ~.thunderbird:
$ cd ~.thunderbird
Type ls command to see the profile directory:
$ ls
Sample output:

appreg  iz80591g.default  profiles.ini

The path is usually ~/.thunderbird/xxxxxxxx.default/ (xxx is random character; in above example it is iz80591g.default directory). You can copy iz80591g.default using network (scp command) or USB pen. Insert USB pen and copy iz80591g.default to pen drive:
$ cp -avr iz80591g.default /media/disk/
You can also use GUI tools. Open file manager by clicking on Places > Home Folder > Hit CTRL+H to display hidden file. Go to .thunderbird > highlight all files and folders in it. Copy the files to the desired backup location.

A note about Windows XP / Vista profile location

The path is usually %AppData%\Thunderbird\Profiles\xxxxxxxx.default\ . Open command prompt and type command to find out your path:
cd %AppData%\Thunderbird\Profiles\
dir

Windows GUI method

Alternatively, click on Start > Run > Type the command:
%appdata%
Press [Enter] key > Open the Thunderbird folder.

A note about Mac OS X

The path is usually ~/Library/Thunderbird/Profiles/xxxxxxxx.default/. Open a terminal and type the command to find out your path:
cd ~/Library/Thunderbird/Profiles
ls

OS X GUI method

Open your home folder > Select Library folder > select the Thunderbird folder.

How do I restore the profile?

To restore the profile on laptop, open a terminal and type the following command (make sure Thunderbird is not running):
$ thunderbird -profilemanager

Click on Create profile > Click Next > Type "Restore" under new profile name > (note down the folder location) Finish:

Finally Click on Exit.

Copy the files from USB pen

Open a terminal and type the command:
$ cd ~/.thunderbird/
Run ls command to see the folder noted when you created your restoration profile. Run cd command on the folder:
$ cd xxxxxxxx.restore
$ cp -avr /media/disk/iz80591g.default/* .
Alternatively, you can highlight and copy all files using Places > Home Folder method.
Start the thunderbird and you should see all your old emails including settings.

Red Hat / CentOS Linux Install Suhosin PHP 5 Protection Security Patch

Q. WordPress and many other open source application developers asks users to protect PHP apps using Suhosin patch to get protection from the full exploit. Suhosin is an advanced protection system for PHP installations. It was designed to protect your servers from various attacks. How do I install Suhosin under RHEL / CentOS / Fedora Linux?

A. Suhosin was designed to protect your servers against a number of well known problems in PHP applications and on the other hand against potential unknown vulnerabilities within these applications or the PHP core itself including wordpress and many other open source php based apps.

Install Suhosin as extension

Download latest version of Suhosin, enter:
# cd /opt
# wget http://download.suhosin.org/suhosin-0.9.27.tgz
Make sure you have php-devel installed:
# yum install php-devel

Compile Suhosin under PHP 5 and RHEL / CentOS Linux

Type the following commands:
# cd suhosin-0.9.27
# phpize
#./configure
# make
# make install

Configure Suhosin

Type the following command to create Suhosin configuration file:
# echo 'extension=suhosin.so' > /etc/php.d/suhosin.ini

Restart web server

Type the following command to restart httpd:
# service httpd restart
If you are using lighttpd, enter:
# service lighttpd restart

Verify Suhosin installation

Type the following command:
$ php -v
Sample output:

PHP 5.1.6 (cli) (built: Jun 12 2008 05:02:36)
Copyright (c) 1997-2006 The PHP Group
Zend Engine v2.1.0, Copyright (c) 1998-2006 Zend Technologies
    with XCache v1.2.2, Copyright (c) 2005-2007, by mOo
    with Suhosin v0.9.27, Copyright (c) 2007, by SektionEins GmbH

You can find more information by running phpinfo():

<?php
phpinfo();
?>

Sample output:

Fig.01: Suhosin information and settings displayed by phpinfo().

CentOS / Red Hat Linux Install PHP 5.x PECL Filter Extension

Q. How do I install filter extension for safely dealing with input parameters supplied via a web form using filter_var()?

A. This extension is part of PHP Core version 5.20 and above. Unfortunately, RHEL / CentOS comes with PHP version 5.1.6. So you need to install this extension by typing the following commands.

Install php-devel

You need to install php-devel to compile php extensions:
# yum install php-devel

Download php source code

php_pcre.h header file is not includes with php source code 5.1.6, so you need php source code as well. Visit php.net to grab latest version and store to /opt directory. Use lynx and elinks:
# cd /opt
# elinks http://www.php.net/get/php-5.2.6.tar.bz2/from/a/mirror
Save php source to code to disk. Next, extract source code:
# tar -jxvf php-5.2.6.tar.bz2

Download filter extension

Visit pecl extension to grab latest source code for filter:
# cd /opt
# wget http://pecl.php.net/get/filter-0.11.0.tgz

Install filter extension

Unrar file:
# tar -jxvf filter-0.11.0.tgz
# cd filter-0.11.0
Open logical_filters.c file:
# vi logical_filters.c
Find line that read as follows:

#include "ext/pcre/php_pcre.h"

Change to (the absolute path of php_pcre.h is required):

#include "/opt/php-5.2.6/ext/pcre/php_pcre.h"

Save and close the file. Finally, type the following commands to compile extension:
# phpize
# ./configure
# make install

Configure Filter Extension

Type the following command:
# echo 'extension=filter.so' > /etc/php.d/filter.ini
Restart httpd:
# service httpd restart