Вы находитесь на странице: 1из 49

11/20/13

Unix Toolbox

UNIX T OOLBOX
ThisdocumentisacollectionofUnix/Linux/BSDcommandsandtaskswhichareusefulforITworkorfor advancedusers.Thisisapracticalguidewithconciseexplanations,howeverthereaderissupposedto knowwhats/heisdoing.

1. System 2. Processes 3. FileSystem 4. Network 5. SSHSCP 6. VPNwithSSH 7. RSYNC 8. SUDO 9. EncryptFiles 10. EncryptPartitions 11. SSLCertificates 12. CVS 13. SVN 14. UsefulCommands 15. InstallSoftware 16. ConvertMedia 17. Printing 18. Databases 19. DiskQuota 20. Shells 21. Scripting 22. Programming 23. OnlineHelp

cb.vu/unixtoolbox.xhtml#loadstats

1/49

11/20/13

Unix Toolbox

1 S YS T E M
Hardware|Statistics|Users|Limits|Runlevels|rootpassword|Compilekernel|Repairgrub|Misc Runningkernelandsysteminformation
#u n a m ea #l s b _ r e l e a s ea #c a t/ e t c / S u S E r e l e a s e #c a t/ e t c / d e b i a n _ v e r s i o n #G e tt h ek e r n e lv e r s i o n( a n dB S Dv e r s i o n ) #F u l lr e l e a s ei n f oo fa n yL S Bd i s t r i b u t i o n #G e tS u S Ev e r s i o n #G e tD e b i a nv e r s i o n

Use/etc/D I S T R releasewith D I S T R = lsb (Ubuntu), redhat, gentoo, mandrake, sun (Solaris), and so on. Seealso/ e t c / i s s u e .
#u p t i m e #h o s t n a m e #h o s t n a m ei #m a nh i e r #l a s tr e b o o t #S h o wh o wl o n gt h es y s t e mh a sb e e nr u n n i n g+l o a d #s y s t e m ' sh o s tn a m e #D i s p l a yt h eI Pa d d r e s so ft h eh o s t .( L i n u xo n l y ) #D e s c r i p t i o no ft h ef i l es y s t e mh i e r a r c h y #S h o ws y s t e mr e b o o th i s t o r y

1. 1 Har dwar e Infor mat ions


Kerneldetectedhardware
#d m e s g #D e t e c t e dh a r d w a r ea n db o o tm e s s a g e s #l s d e v #i n f o r m a t i o na b o u ti n s t a l l e dh a r d w a r e #d di f = / d e v / m e mb s = 1 ks k i p = 7 6 8c o u n t = 2 5 62 > / d e v / n u l l|s t r i n g sn8#R e a dB I O S

Linux
#c a t/ p r o c / c p u i n f o #c a t/ p r o c / m e m i n f o #g r e pM e m T o t a l/ p r o c / m e m i n f o #w a t c hn 1' c a t/ p r o c / i n t e r r u p t s ' #f r e em #c a t/ p r o c / d e v i c e s #l s p c it v #l s u s bt v #l s h a l #d m i d e c o d e #C P Um o d e l #H a r d w a r em e m o r y #D i s p l a yt h ep h y s i c a lm e m o r y #W a t c hc h a n g e a b l ei n t e r r u p t sc o n t i n u o u s l y #U s e da n df r e em e m o r y( mf o rM B ) #C o n f i g u r e dd e v i c e s #S h o wP C Id e v i c e s #S h o wU S Bd e v i c e s #S h o wal i s to fa l ld e v i c e sw i t ht h e i rp r o p e r t i e s #S h o wD M I / S M B I O S :h wi n f of r o mt h eB I O S

Fr e e BSD
#s y s c t lh w . m o d e l #s y s c t lh w #s y s c t lh w . n c p u #s y s c t lv m #s y s c t lh w . r e a l m e m #s y s c t la|g r e pm e m #s y s c t ld e v #p c i c o n flc v #u s b d e v sv #a t a c o n t r o ll i s t #c a m c o n t r o ld e v l i s tv #C P Um o d e l #G i v e sal o to fh a r d w a r ei n f o r m a t i o n #n u m b e ro fa c t i v eC P U si n s t a l l e d #M e m o r yu s a g e #H a r d w a r em e m o r y #K e r n e lm e m o r ys e t t i n g sa n di n f o #C o n f i g u r e dd e v i c e s #S h o wP C Id e v i c e s #S h o wU S Bd e v i c e s #S h o wA T Ad e v i c e s #S h o wS C S Id e v i c e s

1. 2 Load, st at ist ics and messages


Thefollowingcommandsareusefultofindoutwhatisgoingononthesystem.
#t o p #m p s t a t1 #v m s t a t2 #i o s t a t2 #s y s t a tv m s t a t1 #s y s t a tt c p1 #s y s t a tn e t s t a t1 #s y s t a ti f s t a t1 #s y s t a ti o s t a t1 #i p c sa #t a i ln5 0 0/ v a r / l o g / m e s s a g e s #t a i l/ v a r / l o g / w a r n #d i s p l a ya n du p d a t et h et o pc p up r o c e s s e s #d i s p l a yp r o c e s s o r sr e l a t e ds t a t i s t i c s #d i s p l a yv i r t u a lm e m o r ys t a t i s t i c s #d i s p l a yI / Os t a t i s t i c s( 2si n t e r v a l s ) #B S Ds u m m a r yo fs y s t e ms t a t i s t i c s( 1si n t e r v a l s ) #B S Dt c pc o n n e c t i o n s( t r ya l s oi p ) #B S Da c t i v en e t w o r kc o n n e c t i o n s #B S Dn e t w o r kt r a f f i ct h r o u g ha c t i v ei n t e r f a c e s #B S DC P Ua n da n dd i s kt h r o u g h p u t #i n f o r m a t i o no nS y s t e mVi n t e r p r o c e s s #L a s t5 0 0k e r n e l / s y s l o gm e s s a g e s #S y s t e mw a r n i n g sm e s s a g e ss e es y s l o g . c o n f

1. 3 User s
#i d #S h o wt h ea c t i v eu s e ri dw i t hl o g i na n dg r o u p #l a s t #S h o wl a s tl o g i n so nt h es y s t e m #w h o #S h o ww h oi sl o g g e do nt h es y s t e m #g r o u p a d da d m i n #A d dg r o u p" a d m i n "a n du s e rc o l i n( L i n u x / S o l a r i s ) #u s e r a d dc" C o l i nB a r s c h e l "ga d m i nmc o l i n #u s e r m o daG< g r o u p >< u s e r > #A d de x i s t i n gu s e rt og r o u p( D e b i a n ) #g r o u p m o dA< u s e r >< g r o u p > #A d de x i s t i n gu s e rt og r o u p( S u S E ) #u s e r d e lc o l i n #D e l e t eu s e rc o l i n( L i n u x / S o l a r i s )
cb.vu/unixtoolbox.xhtml#loadstats 2/49

11/20/13

Unix Toolbox

#a d d u s e rj o e #F r e e B S Da d du s e rj o e( i n t e r a c t i v e ) #r m u s e rj o e #F r e e B S Dd e l e t eu s e rj o e( i n t e r a c t i v e ) #p wg r o u p a d da d m i n #U s ep wo nF r e e B S D #p wg r o u p m o da d m i nmn e w m e m b e r #A d dan e wm e m b e rt oag r o u p #p wu s e r a d dc o l i nc" C o l i nB a r s c h e l "ga d m i nms/ b i n / t c s h #p wu s e r d e lc o l i n ;p wg r o u p d e la d m i n

Encrypted passwords are stored in /etc/shadow for Linux and Solaris and /etc/master.passwd on FreeBSD. If the master.passwd is modified manually (say to delete a password), run # p w d _ m k d bp m a s t e r . p a s s w d torebuildthedatabase. Totemporarilypreventloginssystemwide(forallusersbutroot)usenologin.Themessageinnologin willbedisplayed(mightnotworkwithsshpresharedkeys).
#e c h o" S o r r yn ol o g i nn o w ">/ e t c / n o l o g i n #e c h o" S o r r yn ol o g i nn o w ">/ v a r / r u n / n o l o g i n #( L i n u x ) #( F r e e B S D )

1. 4 Limit s
Some application require higher limits on open files and sockets (like a proxy web server, database). Thedefaultlimitsareusuallytoolow. Linux Pershell/script Theshelllimitsaregovernedby u l i m i t .Thestatusischeckedwith u l i m i ta .Forexampletochange theopenfileslimitfrom1024to10240do:
#u l i m i tn1 0 2 4 0 #T h i si so n l yv a l i dw i t h i nt h es h e l l

Theu l i m i t commandcanbeusedinascripttochangethelimitsforthescriptonly. Peruser/process Loginusersandapplicationscanbeconfiguredin/ e t c / s e c u r i t y / l i m i t s . c o n f .Forexample:


#c a t/ e t c / s e c u r i t y / l i m i t s . c o n f * h a r d n p r o c 2 5 0 a s t e r i s kh a r dn o f i l e4 0 9 6 0 0 #L i m i tu s e rp r o c e s s e s #L i m i ta p p l i c a t i o no p e nf i l e s

Systemwide Kernellimitsaresetwithsysctl.Permanentlimitsaresetin/ e t c / s y s c t l . c o n f .
#s y s c t la #V i e wa l ls y s t e ml i m i t s #s y s c t lf s . f i l e m a x #V i e wm a xo p e nf i l e sl i m i t #s y s c t lf s . f i l e m a x = 1 0 2 4 0 0 #C h a n g em a xo p e nf i l e sl i m i t #e c h o" 1 0 2 45 0 0 0 0 ">/ p r o c / s y s / n e t / i p v 4 / i p _ l o c a l _ p o r t _ r a n g e #p o r tr a n g e #c a t/ e t c / s y s c t l . c o n f f s . f i l e m a x = 1 0 2 4 0 0 #P e r m a n e n te n t r yi ns y s c t l . c o n f #c a t/ p r o c / s y s / f s / f i l e n r #H o wm a n yf i l ed e s c r i p t o r sa r ei nu s e

Fr e e BSD Pershell/script Usethecommandl i m i t s incshortcshorasinLinux,useu l i m i t inanshorbashshell. Peruser/process Thedefaultlimitsonloginaresetin / e t c / l o g i n . c o n f . An unlimited value is still limited by the system maximalvalue. Systemwide Kernel limits are also set with sysctl. Permanent limits are set in / e t c / s y s c t l . c o n f or / b o o t / l o a d e r . c o n f .ThesyntaxisthesameasLinuxbutthekeysaredifferent.
#s y s c t la #V i e wa l ls y s t e ml i m i t s #s y s c t lk e r n . m a x f i l e s = X X X X #m a x i m u mn u m b e ro ff i l ed e s c r i p t o r s k e r n . i p c . n m b c l u s t e r s = 3 2 7 6 8 #P e r m a n e n te n t r yi n/ e t c / s y s c t l . c o n f k e r n . m a x f i l e s = 6 5 5 3 6 #T y p i c a lv a l u e sf o rS q u i d k e r n . m a x f i l e s p e r p r o c = 3 2 7 6 8 k e r n . i p c . s o m a x c o n n = 8 1 9 2 #T C Pq u e u e .B e t t e rf o ra p a c h e / s e n d m a i l #s y s c t lk e r n . o p e n f i l e s #H o wm a n yf i l ed e s c r i p t o r sa r ei nu s e #s y s c t lk e r n . i p c . n u m o p e n s o c k e t s #H o wm a n yo p e ns o c k e t sa r ei nu s e #s y s c t ln e t . i n e t . i p . p o r t r a n g e . l a s t = 5 0 0 0 0#D e f a u l ti s1 0 2 4 5 0 0 0 #n e t s t a tm #n e t w o r km e m o r yb u f f e r ss t a t i s t i c s

cb.vu/unixtoolbox.xhtml#loadstats

3/49

11/20/13

Unix Toolbox

See The FreeBSD handbook Chapter 11http://www.f reebsd.org/handbook/conf igtuningkernellimits.html for details. And alsoFreeBSDperformancetuninghttp://serv erf ault.com/questions/64356/f reebsdperf ormancetuningsy sctlsloaderconf kernel Solar is Thefollowingvaluesin/ e t c / s y s t e m willincreasethemaximumfiledescriptorsperproc:
s e tr l i m _ f d _ m a x=4 0 9 6 s e tr l i m _ f d _ c u r=1 0 2 4 #H a r dl i m i to nf i l ed e s c r i p t o r sf o ras i n g l ep r o c #S o f tl i m i to nf i l ed e s c r i p t o r sf o ras i n g l ep r o c

1. 5 Runlevels
Linux Oncebooted,thekernelstartsi n i t whichthenstartsr c whichstartsallscriptsbelongingtoarunlevel. Thescriptsarestoredin/etc/init.dandarelinkedinto/etc/rc.d/rcN.dwithNtherunlevelnumber. Thedefaultrunlevelisconfiguredin/etc/inittab.Itisusually3or5:
#g r e pd e f a u l t :/ e t c / i n i t t a b i d : 3 : i n i t d e f a u l t :

Theactualrunlevelcanbechangedwithi n i t .Forexampletogofrom3to5:
#i n i t5 #E n t e r sr u n l e v e l5

0Shutdownandhalt 1SingleUsermode(alsoS) 2Multiuserwithoutnetwork 3Multiuserwithnetwork 5MultiuserwithX 6Reboot Usec h k c o n f i g toconfiguretheprogramsthatwillbestartedatbootinarunlevel.


#c h k c o n f i gl i s t #c h k c o n f i gl i s ts s h d #c h k c o n f i gs s h dl e v e l3 5o n #c h k c o n f i gs s h do f f #L i s ta l li n i ts c r i p t s #R e p o r tt h es t a t u so fs s h d #C o n f i g u r es s h df o rl e v e l s3a n d5 #D i s a b l es s h df o ra l lr u n l e v e l s

Debian and Debian based distributions like Ubuntu or Knoppix use the command u p d a t e r c . d to managetherunlevelsscripts.Defaultistostartin2,3,4and5andshutdownin0,1and6.
#u p d a t e r c . ds s h dd e f a u l t s #A c t i v a t es s h dw i t ht h ed e f a u l tr u n l e v e l s #u p d a t e r c . ds s h ds t a r t2 02345.s t o p2 0016. #W i t he x p l i c i ta r g u m e n t s #u p d a t e r c . dfs s h dr e m o v e #D i s a b l es s h df o ra l lr u n l e v e l s #s h u t d o w nhn o w( o r#p o w e r o f f ) #S h u t d o w na n dh a l tt h es y s t e m

Fr e e BSD TheBSDbootapproachisdifferentfromtheSysV,therearenorunlevels.Thefinalbootstate(single user, with or without X) is configured in / e t c / t t y s . All OS scripts are located in / e t c / r c . d / and in / u s r / l o c a l / e t c / r c . d / for thirdparty applications. The activation of the service is configured in / e t c / r c . c o n f and / e t c / r c . c o n f . l o c a l . The default behavior is configured in / e t c / d e f a u l t s / r c . c o n f . Thescriptsrespondsatleasttostart|stop|status.
#/ e t c / r c . d / s s h ds t a t u s s s h di sr u n n i n ga sp i d5 5 2 . #s h u t d o w nn o w #e x i t #s h u t d o w npn o w #s h u t d o w nrn o w #G oi n t os i n g l e u s e rm o d e #G ob a c kt om u l t i u s e rm o d e #S h u t d o w na n dh a l tt h es y s t e m #R e b o o t

Theprocessi n i t canalsobeusedtoreachoneofthefollowingstateslevel.Forexample# i n i t6 for reboot. 0Haltandturnthepoweroff(signalU S R 2 ) 1Gotosingleusermode(signalT E R M ) 6Rebootthemachine(signalI N T ) cBlockfurtherlogins(signalT S T P ) qRescanthettys(5)file(signalH U P ) Windows Startandstopaservicewitheitherthe s e r v i c en a m e or" s e r v i c ed e s c r i p t i o n " (shownintheServices ControlPanel)asfollows:
cb.vu/unixtoolbox.xhtml#loadstats 4/49

11/20/13

Unix Toolbox

n e ts t o pW S e a r c h n e ts t a r tW S e a r c h n e ts t o p" W i n d o w sS e a r c h " n e ts t a r t" W i n d o w sS e a r c h "

#s t a r ts e a r c hs e r v i c e #s a m ea sa b o v eu s i n gd e s c r .

1. 6 Reset r oot passwor d


Linuxme thod1 Atthebootloader(liloorgrub),enterthefollowingbootoption:
i n i t = / b i n / s h

The kernel will mount the root partition and i n i t will start the bourne shell instead of r c and then a runlevel.Usethecommand p a s s w d attheprompttochangethepasswordandthenreboot.Forgetthe singleusermodeasyouneedthepasswordforthat. If,afterbooting,therootpartitionismountedreadonly,remountitrw:
#m o u n tor e m o u n t , r w/ #p a s s w d #s y n c ;m o u n tor e m o u n t , r o/ #r e b o o t #o rd e l e t et h er o o tp a s s w o r d( / e t c / s h a d o w ) #s y n cb e f o r et or e m o u n tr e a do n l y

Fr e e BSDme thod1 OnFreeBSD,bootinsingleusermode,remount/rwandusepasswd.Youcanselectthesingleuser modeonthebootmenu(option4)whichisdisplayedfor10secondsatstartup.Thesingleusermode willgiveyouarootshellonthe/partition.


#m o u n tu/ ;m o u n ta #p a s s w d #r e b o o t #w i l lm o u n t/r w

Unixe sandFr e e BSDandLinuxme thod2 Other Unixes might not let you go away with the simple init trick. The solution is to mount the root partitionfromanotherOS(likearescueCD)andchangethepasswordonthedisk. BootaliveCDorinstallationCDintoarescuemodewhichwillgiveyouashell. Findtherootpartitionwithfdiske.g.fdisk/dev/sda Mountitandusechroot:
#m o u n tor w/ d e v / a d 4 s 3 a/ m n t #c h r o o t/ m n t #p a s s w d #r e b o o t #c h r o o ti n t o/ m n t

1. 7 Ker nel modules


Linux
#l s m o d #m o d p r o b ei s d n #L i s ta l lm o d u l e sl o a d e di nt h ek e r n e l #T ol o a dam o d u l e( h e r ei s d n )

Fr e e BSD
#k l d s t a t #k l d l o a dc r y p t o #L i s ta l lm o d u l e sl o a d e di nt h ek e r n e l #T ol o a dam o d u l e( h e r ec r y p t o )

1. 8 Compile Ker nel


Linux
#c d/ u s r / s r c / l i n u x #m a k em r p r o p e r #m a k eo l d c o n f i g #m a k em e n u c o n f i g #m a k e #m a k em o d u l e s #m a k em o d u l e s _ i n s t a l l #m a k ei n s t a l l #r e b o o t #C l e a ne v e r y t h i n g ,i n c l u d i n gc o n f i gf i l e s #R e u s et h eo l d. c o n f i gi fe x i s t e n t #o rx c o n f i g( Q t )o rg c o n f i g( G T K ) #C r e a t eac o m p r e s s e dk e r n e li m a g e #C o m p i l et h em o d u l e s #I n s t a l lt h em o d u l e s #I n s t a l lt h ek e r n e l

Fr e e BSD Optionallyupdatethesourcetree(in/ u s r / s r c )withcsup(asofFreeBSD6.2orlater):


#c s u p< s u p f i l e >
cb.vu/unixtoolbox.xhtml#loadstats 5/49

11/20/13

Unix Toolbox

Iusethefollowingsupfile:
* d e f a u l th o s t = c v s u p 5 . F r e e B S D . o r g #w w w . f r e e b s d . o r g / h a n d b o o k / c v s u p . h t m l # C V S U P M I R R O R S * d e f a u l tp r e f i x = / u s r * d e f a u l tb a s e = / v a r / d b * d e f a u l tr e l e a s e = c v sd e l e t et a g = R E L E N G _ 7 s r c a l l

To modify and rebuild the kernel, copy the generic configuration file to a new name and edit it as needed(youcanalsoeditthefile G E N E R I C directly).Torestartthebuildafteraninterruption,addthe optionN O _ C L E A N = Y E S tothemakecommandtoavoidcleaningtheobjectsalreadybuild.
#c d/ u s r / s r c / s y s / i 3 8 6 / c o n f / #c pG E N E R I CM Y K E R N E L #c d/ u s r / s r c #m a k eb u i l d k e r n e lK E R N C O N F = M Y K E R N E L #m a k ei n s t a l l k e r n e lK E R N C O N F = M Y K E R N E L

TorebuildthefullOS:
#m a k eb u i l d w o r l d #m a k eb u i l d k e r n e l #m a k ei n s t a l l k e r n e l #r e b o o t #m e r g e m a s t e rp #m a k ei n s t a l l w o r l d #m e r g e m a s t e riU #r e b o o t #B u i l dt h ef u l lO Sb u tn o tt h ek e r n e l #U s eK E R N C O N Fa sa b o v ei fa p p r o p r i a t e #C o m p a r e so n l yf i l e sk n o w nt ob ee s s e n t i a l #U p d a t ea l lc o n f i g u r a t i o n sa n do t h e rf i l e s

ForsmallchangesinthesourceyoucanuseNO_CLEAN=yestoavoidrebuildingthewholetree.
#m a k eb u i l d w o r l dN O _ C L E A N = y e s #D o n ' td e l e t et h eo l do b j e c t s #m a k eb u i l d k e r n e lK E R N C O N F = M Y K E R N E LN O _ C L E A N = y e s

1. 9 Repair gr ub
Soyoubrokegrub?Bootfromalivecd,[findyourlinuxpartitionunder / d e v anduse f d i s k tofindthe linux partion] mount the linux partition, add /proc and /dev and use g r u b i n s t a l l/ d e v / x y z . Suppose linuxlieson/ d e v / s d a 6 :
#m o u n t/ d e v / s d a 6/ m n t #m o u n tb i n d/ p r o c/ m n t / p r o c #m o u n tb i n d/ d e v/ m n t / d e v #c h r o o t/ m n t #g r u b i n s t a l l/ d e v / s d a #m o u n tt h el i n u xp a r t i t i o no n/ m n t #m o u n tt h ep r o cs u b s y s t e mi n t o/ m n t #m o u n tt h ed e v i c e si n t o/ m n t #c h a n g er o o tt ot h el i n u xp a r t i t i o n #r e i n s t a l lg r u bw i t hy o u ro l ds e t t i n g s

1. 10 Misc
DisableOSXvirtualmemory(repeatwithl o a d toreenable).Fastersystem,butalittlerisky.
#s u d ol a u n c h c t lu n l o a dw/ S y s t e m / L i b r a r y / L a u n c h D a e m o n s / c o m . a p p l e . d y n a m i c _ p a g e r . p l i s t #s l e e p3 6 0 0 ;p m s e ts l e e p n o w #g ot os t a n d b yi no n eh o u r( O S X ) #d e f a u l t sw r i t egc o m . a p p l e . m o u s e . s c a l i n gf l o a t8 #O S Xm o u s ea c c e l e r a t i o n( u s e1t or e v e r s e )

2PROCESSES
Listing|Priority|Background/Foreground|Top|Kill

2. 1 List ing and PIDs


Eachprocesshasauniquenumber,thePID.Alistofallrunningprocessisretrievedwithp s .
#p sa u x e f w #E x t e n s i v el i s to fa l lr u n n i n gp r o c e s s

Howevermoretypicalusageiswithapipeorwithp g r e p (forOSXinstallp r o c t o o l s fromMacPorts):


#p sa x w w|g r e pc r o n 5 8 6 ? ? I s 0 : 0 1 . 4 8/ u s r / s b i n / c r o ns #p sa x j f #A l lp r o c e s s e si nat r e ef o r m a t( L i n u x ) #p sa u x|g r e p' s s [ h ] ' #F i n da l ls s hp i d sw i t h o u tt h eg r e pp i d #p g r e pls s h d #F i n dt h eP I D so fp r o c e s s e sb y( p a r to f )n a m e #e c h o$ $ #T h eP I Do fy o u rs h e l l #f u s e rv a2 2 / t c p #L i s tp r o c e s s e su s i n gp o r t2 2( L i n u x ) #p m a pP I D #M e m o r ym a po fp r o c e s s( h u n tm e m o r yl e a k s )( L i n u x ) #f u s e rv a/ h o m e #L i s tp r o c e s s e sa c c e s s i n gt h e/ h o m ep a r t i t i o n #s t r a c ed f #T r a c es y s t e mc a l l sa n ds i g n a l s #t r u s sd f #s a m ea sa b o v eo nF r e e B S D / S o l a r i s / U n i x w a r e

2. 2 Pr ior it y

cb.vu/unixtoolbox.xhtml#loadstats

6/49

11/20/13

Unix Toolbox

Changethepriorityofarunningprocesswithr e n i c e .Negativenumbershaveahigherpriority,the lowestis20and"nice"haveapositivevalue.


#r e n i c e55 8 6 #S t r o n g e rp r i o r i t y 5 8 6 :o l dp r i o r i t y0 ,n e wp r i o r i t y5

Start the process with a defined priority with n i c e . Positive is "nice" or weak, negative is strong scheduling priority. Make sure you know if / u s r / b i n / n i c e or the shell builtin is used (check with # w h i c hn i c e ).
#n i c en5t o p #n i c en5t o p #n i c e+ 5t o p #S t r o n g e rp r i o r i t y( / u s r / b i n / n i c e ) #W e a k e rp r i o r i t y( / u s r / b i n / n i c e ) #t c s hb u i l t i nn i c e( s a m ea sa b o v e ! )

WhilenicechangestheCPUscheduler,anotherusefulcommandi o n i c e willschedulethediskIO.This isveryusefulforintensiveIOapplication(e.g.compiling).Youcanselectaclass(idlebesteffortreal time),themanpageisshortandwellexplained.


#i o n i c ec 3p 1 2 3 #i o n i c ec 2n 0f i r e f o x #i o n i c ec 3p $ $ #s e ti d l ec l a s sf o rp i d1 2 3( L i n u xo n l y ) #R u nf i r e f o xw i t hb e s te f f o r ta n dh i g hp r i o r i t y #S e tt h ea c t u a ls h e l lt oi d l ep r i o r i t y

Thelastcommandisveryusefultocompile(ordebug)alargeproject.Everycommandlaunchedfrom thisshellwillhavealoverpriority.$ $ isyourshellpid(tryecho$$). FreeBSDusesi d p r i o / r t p r i o (0=maxpriority,31=mostidle):


#i d p r i o3 1m a k e #i d p r i o3 11 2 3 4 #i d p r i ot1 2 3 4 #c o m p i l ei nt h el o w e s tp r i o r i t y #s e tP I D1 2 3 4w i t hl o w e s tp r i o r i t y #tr e m o v e sa n yr e a lt i m e / i d l ep r i o r i t y

2. 3 Backgr ound/ For egr ound


Whenstartedfromashell,processescanbebroughtinthebackgroundandbacktotheforeground with[Ctrl][Z](^Z),b g and f g .Listtheprocesseswith j o b s .Whenneededdetachfromtheterminalwith d i s o w n .
#p i n gc b . v u>p i n g . l o g ^ Z #b g #j o b sl [ 1 ] -3 6 2 3 2R u n n i n g [ 2 ] +3 6 2 3 3S u s p e n d e d( t t yo u t p u t ) #f g% 2 #m a k e ^ Z #b g #d i s o w nh% 1 #p i n gi ss u s p e n d e d( s t o p p e d )w i t h[ C t r l ] [ Z ] #p u ti nb a c k g r o u n da n dc o n t i n u e sr u n n i n g #L i s tp r o c e s s e si nb a c k g r o u n d p i n gc b . v u>p i n g . l o g t o p #B r i n gp r o c e s s2b a c ki nf o r e g r o u n d #s t a r tal o n gc o m p i l ej o bb u tn e e dt ol e a v et h et e r m i n a l #s u s p e n d e d( s t o p p e d )w i t h[ C t r l ] [ Z ] #p u ti nb a c k g r o u n da n dc o n t i n u e sr u n n i n g #d e t a t c hp r o c e s sf r o mt e r m i n a l ,w o n ' tb ek i l l e da tl o g o u t

Nostraightforwardwaytoreattachtheprocesstoanewterminal,tryreptyr(Linux). Usen o h u p tostartaprocesswhichhastokeeprunningwhentheshellisclosed(immunetohangups).


#n o h u pp i n gi6 0>p i n g . l o g&

2. 4 Top
The program t o p displays running information of processes. See also the program h t o p from htop.sourceforge.net (a more powerful version of top) which runs on Linux and FreeBSD (p o r t s / s y s u t i l s / h t o p / ).Whiletopisrunningpressthekeyhforahelpoverview.Usefulkeysare: u[username]Todisplayonlytheprocessesbelongingtotheuser.Use+orblanktoseeall users k[pid]Killtheprocesswithpid. 1Todisplayallprocessorsstatistics(Linuxonly) RTogglenormal/reversesort.

2. 5 Signals/ Kill
Terminateorsendasignalwithk i l l ork i l l a l l .
#p i n gi6 0c b . v u>p i n g . l o g& [ 1 ]4 7 1 2 #k i l lsT E R M4 7 1 2 #k i l l a l l1h t t p d #p k i l l9h t t p #p k i l lT E R Muw w w #f u s e rkT E R Mm/ h o m e #s a m ea sk i l l1 54 7 1 2 #K i l lH U Pp r o c e s s e sb ye x a c tn a m e #K i l lT E R Mp r o c e s s e sb y( p a r to f )n a m e #K i l lT E R Mp r o c e s s e so w n e db yw w w #K i l le v e r yp r o c e s sa c c e s s i n g/ h o m e( t ou m o u n t )

Importantsignalsare:
cb.vu/unixtoolbox.xhtml#loadstats 7/49

11/20/13

Unix Toolbox

1H U P (hangup) 2I N T (interrupt) 3Q U I T (quit) 9K I L L (noncatchable,nonignorablekill) 15T E R M (softwareterminationsignal)

3 F I L E S YS T E M
Diskinfo|Boot|Diskusage|Openedfiles | Mount/remount | MountSMB | Mountimage | Burn ISO | Createimage|Memorydisk|Diskperformance

3. 1 Per missions
Change permission and ownership with c h m o d and c h o w n . The default umask can be changed for all users in /etc/profile for Linux or /etc/login.conf for FreeBSD. The default umask is usually 022. The umaskissubtractedfrom777,thusumask022resultsinapermission0f755.
1xe x e c u t e 2w -w r i t e 4r -r e a d u g o = a #M o d e7 6 4=e x e c / r e a d / w r i t e|r e a d / w r i t e|r e a d #F o r : | - O w n e r | | -G r o u p | | O t h | u = u s e r ,g = g r o u p ,o = o t h e r s ,a = e v e r y o n e

#c h m o d[ O P T I O N ]M O D E [ , M O D E ]F I L E #M O D Ei so ft h ef o r m[ u g o a ] * ( [ + = ] ( [ r w x X s t ] ) ) #c h m o d6 4 0/ v a r / l o g / m a i l l o g #R e s t r i c tt h el o gr w r #c h m o du = r w , g = r , o =/ v a r / l o g / m a i l l o g#S a m ea sa b o v e #c h m o dRo r/ h o m e / * #R e c u r s i v er e m o v eo t h e rr e a d a b l ef o ra l lu s e r s #c h m o du + s/ p a t h / t o / p r o g #S e tS U I Db i to ne x e c u t a b l e( k n o ww h a ty o ud o ! ) #f i n d/p e r mu + sp r i n t #F i n da l lp r o g r a m sw i t ht h eS U I Db i t #c h o w nu s e r : g r o u p/ p a t h / t o / f i l e #C h a n g et h eu s e ra n dg r o u po w n e r s h i po faf i l e #c h g r pg r o u p/ p a t h / t o / f i l e #C h a n g et h eg r o u po w n e r s h i po faf i l e #c h m o d6 4 0` f i n d. /t y p efp r i n t `#C h a n g ep e r m i s s i o n st o6 4 0f o ra l lf i l e s #c h m o d7 5 1` f i n d. /t y p edp r i n t `#C h a n g ep e r m i s s i o n st o7 5 1f o ra l ld i r e c t o r i e s

3. 2 Disk infor mat ion


#d i s k i n f ov/ d e v / a d 2 #h d p a r mI/ d e v / s d a #f d i s k/ d e v / a d 2 #s m a r t c t la/ d e v / a d 2 #i n f o r m a t i o na b o u td i s k( s e c t o r / s i z e )F r e e B S D #i n f o r m a t i o na b o u tt h eI D E / A T Ad i s k( L i n u x ) #D i s p l a ya n dm a n i p u l a t et h ep a r t i t i o nt a b l e #D i s p l a yt h ed i s kS M A R Ti n f o

3. 3 Boot
Fr e e BSD Tobootanoldkernelifthenewkerneldoesn'tboot,stopthebootatduringthecountdown.
#u n l o a d #l o a dk e r n e l . o l d #b o o t

3. 4 Syst em mount point s/ Disk usage


#m o u n t|c o l u m nt #d f #c a t/ p r o c / p a r t i t i o n s #S h o wm o u n t e df i l e s y s t e m so nt h es y s t e m #d i s p l a yf r e ed i s ks p a c ea n dm o u n t e dd e v i c e s #S h o wa l lr e g i s t e r e dp a r t i t i o n s( L i n u x )

Diskusage
#d us h* #d uc s h #d uk s*|s o r tnr #l sl S r #D i r e c t o r ys i z e sa sl i s t i n g #T o t a ld i r e c t o r ys i z eo ft h ec u r r e n td i r e c t o r y #S o r te v e r y t h i n gb ys i z ei nk i l o b y t e s #S h o wf i l e s ,b i g g e s tl a s t

3. 5 W ho has which files opened


Thisisusefultofindoutwhichfileisblockingapartitionwhichhastobeunmountedandgivesatypical errorof:
#u m o u n t/ h o m e / u m o u n t :u n m o u n to f/ h o m e f a i l e d :D e v i c eb u s y #u m o u n ti m p o s s i b l eb e c a u s eaf i l ei sl o c k i n gh o m e

Fr e e BSDandmostUnixe s
#f s t a tf/ h o m e #f s t a tpP I D
cb.vu/unixtoolbox.xhtml#loadstats

#f o ram o u n tp o i n t #f o ra na p p l i c a t i o nw i t hP I D
8/49

11/20/13

Unix Toolbox

#f s t a tuu s e r

#f o rau s e rn a m e

Findopenedlogfile(orotheropenedfiles),sayforXorg:
#p sa x|g r e pX o r g|a w k' { p r i n t$ 1 } ' 1 2 5 2 #f s t a tp1 2 5 2 U S E R C M D P I D F DM O U N T I N U MM O D E S Z | D VR / W r o o t X o r g 1 2 5 2r o o t/ 2d r w x r x r x 5 1 2 r r o o t X o r g 1 2 5 2t e x t/ u s r 2 1 6 0 1 6r w s x x 1 6 7 9 8 4 8r r o o t X o r g 1 2 5 2 0/ v a r 2 1 2 0 4 2r w r r - 5 6 9 8 7 w

Thefilewithinum212042istheonlyfilein/var:
#f i n dx/ v a ri n u m2 1 2 0 4 2 / v a r / l o g / X o r g . 0 . l o g

Linux Findopenedfilesonamountpointwithf u s e r orl s o f :


#f u s e rm/ h o m e #l s o f/ h o m e C O M M A N D P I D U S E R F D t c s h 2 9 0 2 9e e d c o b a c w d l s o f 2 9 1 4 0e e d c o b a c w d #L i s tp r o c e s s e sa c c e s s i n g/ h o m e T Y P ED E V I C E D I R 0 , 1 8 D I R 0 , 1 8 S I Z E N O D EN A M E 1 2 2 8 8 1 0 4 8 5 8 7/ h o m e / e e d c o b a( g u a m : / h o m e ) 1 2 2 8 8 1 0 4 8 5 8 7/ h o m e / e e d c o b a( g u a m : / h o m e )

Aboutanapplication:
p sa x|g r e pX o r g|a w k' { p r i n t$ 1 } ' 3 3 2 4 #l s o fp3 3 2 4 C O M M A N D P I D U S E R F D T Y P ED E V I C E X o r g 3 3 2 4r o o t 0 w R E G 8 , 6

S I Z E 5 6 2 9 6

N O D EN A M E 1 2 4 9 2/ v a r / l o g / X o r g . 0 . l o g

Aboutasinglefile:
#l s o f/ v a r / l o g / X o r g . 0 . l o g C O M M A N D P I DU S E R F D T Y P ED E V I C E S I Z E N O D EN A M E X o r g 3 3 2 4r o o t 0 w R E G 8 , 65 6 2 9 61 2 4 9 2/ v a r / l o g / X o r g . 0 . l o g

3. 6 Mount / r emount a file syst em


Forexamplethecdrom.Iflistedin/etc/fstab:
#m o u n t/ c d r o m

Orfindthedevicein/dev/orwithdmesg Fr e e BSD
#m o u n tvtc d 9 6 6 0/ d e v / c d 0 c/ m n t #c d r o m #m o u n t _ c d 9 6 6 0/ d e v / w c d 0 c/ c d r o m #o t h e rm e t h o d #m o u n tvtm s d o s/ d e v / f d 0 c/ m n t #f l o p p y

Entryin/etc/fstab:
#D e v i c e / d e v / a c d 0 M o u n t p o i n t / c d r o m F S t y p e O p t i o n s c d 9 6 6 0 r o , n o a u t o D u m p 0 P a s s # 0

Toletusersdoit:
#s y s c t lv f s . u s e r m o u n t = 1 #O ri n s e r tt h el i n e" v f s . u s e r m o u n t = 1 "i n/ e t c / s y s c t l . c o n f

Linux
#m o u n tta u t o/ d e v / c d r o m/ m n t / c d r o m #m o u n t/ d e v / h d cti s o 9 6 6 0r/ c d r o m #m o u n t/ d e v / s c d 0ti s o 9 6 6 0r/ c d r o m #m o u n t/ d e v / s d c 0tn t f s 3 g/ w i n d o w s #t y p i c a lc d r o mm o u n tc o m m a n d #t y p i c a lI D E #t y p i c a lS C S Ic d r o m #t y p i c a lS C S I

Entryin/etc/fstab:
/ d e v / c d r o m / m e d i a / c d r o m s u b f sn o a u t o , f s = c d f s s , r o , p r o c u i d , n o s u i d , n o d e v , e x e c00

MountaFreeBSDpartitionwithLinux Findthepartitionnumbercontainingwithfdisk,thisisusuallytherootpartition,butitcouldbeanother BSDslicetoo.IftheFreeBSDhasmanyslices,theyaretheonenotlistedinthefdisktable,butvisible in/dev/sda*or/dev/hda*.


#f d i s k/ d e v / s d a #F i n dt h eF r e e B S Dp a r t i t i o n / d e v / s d a 3 * 5 3 5 7 7 9 0 5 2 0 4 7 4 8 4 2 + a 5 F r e e B S D #m o u n ttu f sou f s t y p e = u f s 2 , r o/ d e v / s d a 3/ m n t / d e v / s d a 1 0=/ t m p ;/ d e v / s d a 1 1/ u s r #T h eo t h e rs l i c e s

Re mount

cb.vu/unixtoolbox.xhtml#loadstats

9/49

11/20/13

Unix Toolbox

Remountadevicewithoutunmountingit.Necessaryforfsckforexample
#m o u n tor e m o u n t , r o/ #m o u n tor ou/ #L i n u x #F r e e B S D

Copytherawdatafromacdromintoanisoimage(default512blocksizemightcauseproblems):
#d di f = / d e v / c d 0 co f = f i l e . i s ob s = 2 0 4 8

Vir tualbox Allowashareonthehost:


#V B o x M a n a g es h a r e d f o l d e ra d d" G u e s t N a m e "n a m e" s h a r e "h o s t p a t h" C : \ h o s t s h a r e "

Mountshareonguest(linux,FreeBSD)
#s u d om o u n ttv b o x s fs h a r e/ h o m e / v b o x s h a r e#ou i d = 1 0 0 0 , g i d = 1 0 0 0( a sa p p r o p r i a t e ) s h a r e/ h o m e / c o l i n / s h a r ev b o x s fd e f a u l t s , u i d = c o l i n00#f s t a be n t r y

OSX
#d i s k u t i ll i s t #L i s tt h ep a r t i t i o n so fad i s k #d i s k u t i lu n m o u n t D i s k/ d e v / d i s k 1 #U n m o u n ta ne n t i r ed i s k( a l lv o l u m e s ) #c h f l a g sh i d d e n~ / D o c u m e n t s / f o l d e r #H i d ef o l d e r( r e v e r s ew i t hu n h i d d e n )

3. 7 Add swap on t he fly


Supposeyouneedmoreswap(rightnow),saya2GBfile/swap2gb(Linuxonly).
#d di f = / d e v / z e r oo f = / s w a p 2 g bb s = 1 0 2 4 kc o u n t = 2 0 0 0 #m k s w a p/ s w a p 2 g b #c r e a t et h es w a pa r e a #s w a p o n/ s w a p 2 g b #a c t i v a t et h es w a p .I tn o wi nu s e #s w a p o f f/ s w a p 2 g b #w h e nd o n ed e a c t i v a t et h es w a p #r m/ s w a p 2 g b

3. 8 Mount an SMB shar e


SupposewewanttoaccesstheSMBsharemyshareonthecomputersmbserver,theaddressastyped onaWindowsPCis\\smbserver\myshare\.Wemounton/mnt/smbshare.Warning>cifswantsanIPor DNSname,notaWindowsname. Linux/OSX
#s m b c l i e n tUu s e rI1 9 2 . 1 6 8 . 1 6 . 2 2 9L/ / s m b s h a r e / #L i s tt h es h a r e s #m o u n tts m b f sou s e r n a m e = w i n u s e r/ / s m b s e r v e r / m y s h a r e/ m n t / s m b s h a r e #m o u n ttc i f sou s e r n a m e = w i n u s e r , p a s s w o r d = w i n p w d/ / 1 9 2 . 1 6 8 . 1 6 . 2 2 9 / m y s h a r e/ m n t / s h a r e

MoundSambasharethroughsshtunnel
#s s hCfNp2 0 0 2 2L4 4 5 : 1 2 7 . 0 . 0 . 1 : 4 4 5m e @ s e r v e r #c o n n e c to n2 0 0 2 2 ,t u n n e l4 4 5 #m o u n tts m b f s/ / c o l i n @ l o c a l h o s t / c o l i n~ / m n t #m o u n t _ s m b f s/ / c o l i n : m y p a s s w o r d @ 1 2 7 . 0 . 0 . 1 / p r i v a t e/ V o l u m e s / p r i v a t e#Iu s et h i so nO S X+s s h

Additionally with the package mount.cifs it is possible to store the credentials in a file, for example / h o m e / u s e r / . s m b :
u s e r n a m e = w i n u s e r p a s s w o r d = w i n p w d

Andmountasfollow:
#m o u n ttc i f soc r e d e n t i a l s = / h o m e / u s e r / . s m b/ / 1 9 2 . 1 6 8 . 1 6 . 2 2 9 / m y s h a r e/ m n t / s m b s h a r e

Fr e e BSD UseItogivetheIP(orDNSname)smbserveristheWindowsname.
#s m b u t i lv i e wI1 9 2 . 1 6 8 . 1 6 . 2 2 9/ / w i n u s e r @ s m b s e r v e r #L i s tt h es h a r e s #m o u n t _ s m b f sI1 9 2 . 1 6 8 . 1 6 . 2 2 9/ / w i n u s e r @ s m b s e r v e r / m y s h a r e/ m n t / s m b s h a r e

3. 9 Mount an image
#h d i u t i lm o u n ti m a g e . i s o #O SX

Linuxloopback
#m o u n tti s o 9 6 6 0ol o o pf i l e . i s o/ m n t #m o u n tte x t 3ol o o pf i l e . i m g/ m n t #M o u n taC Di m a g e #M o u n ta ni m a g ew i t he x t 3f s

Fr e e BSD Withmemorydevice(do#kldloadmd.koifnecessary):
cb.vu/unixtoolbox.xhtml#loadstats 10/49

11/20/13

Unix Toolbox

#m d c o n f i gatv n o d eff i l e . i s ou0 #m o u n ttc d 9 6 6 0/ d e v / m d 0/ m n t #u m o u n t/ m n t ;m d c o n f i gdu0

#C l e a n u pt h em dd e v i c e

Orwithvirtualnode:
#v n c o n f i g/ d e v / v n 0 cf i l e . i s o ;m o u n ttc d 9 6 6 0/ d e v / v n 0 c/ m n t #u m o u n t/ m n t ;v n c o n f i gu/ d e v / v n 0 c #C l e a n u pt h ev nd e v i c e

Solar isandFr e e BSD withloopbackfileinterfaceorlofi:


#l o f i a d maf i l e . i s o #m o u n tFh s f sor o/ d e v / l o f i / 1/ m n t #u m o u n t/ m n t ;l o f i a d md/ d e v / l o f i / 1 #C l e a n u pt h el o f id e v i c e

3. 10 Cr eat e and bur n an ISO image


ThiswillcopythecdorDVDsectorforsector.Withoutc o n v = n o t r u n c ,theimagewillbesmallerifthereis lesscontentonthecd.Seebelowandtheddexamples.
#d di f = / d e v / h d co f = / t m p / m y c d . i s ob s = 2 0 4 8c o n v = n o t r u n c

Use mkisofs to create a CD/DVD image from files in a directory. To overcome the file names restrictions: r enables the Rock Ridge extensions common to UNIX systems, J enables Joliet extensionsusedbyMicrosoftsystems.LallowsISO9660filenamestobeginwithaperiod.
#m k i s o f sJLrVT I T L Eoi m a g e f i l e . i s o/ p a t h / t o / d i r #h d i u t i lm a k e h y b r i di s oj o l i e tod i r . i s od i r / #O SX

OnFreeBSD,mkisofsisfoundintheportsinsysutils/cdrtools. Bur naCD/DVDISOimage FreeBSD FreeBSDdoesnotenableDMAonATAPIdrivesbydefault.DMAisenabledwiththesysctlcommand andtheargumentsbelow,orwith/boot/loader.confwiththefollowingentries:


h w . a t a . a t a _ d m a = " 1 " h w . a t a . a t a p i _ d m a = " 1 "

Useb u r n c d withanATAPIdevice(b u r n c d ispartofthebasesystem)and c d r e c o r d (insysutils/cdrtools) withaSCSIdrive.


#b u r n c df/ d e v / a c d 0d a t ai m a g e f i l e . i s of i x a t e #F o rA T A P Id r i v e #c d r e c o r ds c a n b u s #T of i n dt h eb u r n e rd e v i c e( l i k e1 , 0 , 0 ) #c d r e c o r dd e v = 1 , 0 , 0i m a g e f i l e . i s o

Linux Also use c d r e c o r d with Linux as described above. Additionally it is possible to use the native ATAPI interfacewhichisfoundwith:
#c d r e c o r dd e v = A T A P Is c a n b u s

AndburntheCD/DVDasabove. dvd+rwtools Thedvd+rwtoolspackage(FreeBSD:ports/sysutils/dvd+rwtools)candoitallandincludes g r o w i s o f s toburnCDsorDVDs.Theexamplesrefertothedvddeviceas / d e v / d v d whichcouldbeasymlinkto / d e v / s c d 0 (typical scsi on Linux) or / d e v / c d 0 (typical FreeBSD) or / d e v / r c d 0 c (typical NetBSD/OpenBSDcharacterSCSI)or / d e v / r d s k / c 0 t 1 d 0 s 2 (SolarisexampleofacharacterSCSI/ATAPI CDROM device). There is a nice documentation with examples on the FreeBSD handbook chapter 18.7http://www.f reebsd.org/handbook/creatingdv ds.html.
#d v d c o m p a tc l o s e st h ed i s k #g r o w i s o f sd v d c o m p a tZ/ d e v / d v d = i m a g e f i l e . i s o #B u r ne x i s t i n gi s oi m a g e #g r o w i s o f sd v d c o m p a tZ/ d e v / d v dJR/ p / t o / d a t a #B u r nd i r e c t l y

Conv e r taNe r o.nr gfile to.iso Nerosimplyaddsa300Kbheadertoanormalisoimage.Thiscanbetrimmedwithdd.


#d db s = 1 ki f = i m a g e f i l e . n r go f = i m a g e f i l e . i s os k i p = 3 0 0

Conv e r tabin/cue image to.iso The little b c h u n k programhttp://f reshmeat.net/projects/bchunk/ can do this. It is in the FreeBSD ports in
cb.vu/unixtoolbox.xhtml#loadstats 11/49

11/20/13

Unix Toolbox

sysutils/bchunk.
#b c h u n ki m a g e f i l e . b i ni m a g e f i l e . c u ei m a g e f i l e . i s o

3. 11 Cr eat e a file based image


Forexampleapartitionof1GBusingthefile/usr/vdisk.img.Hereweusethevnode0,butitcouldalso be1. Fr e e BSD
#d di f = / d e v / r a n d o mo f = / u s r / v d i s k . i m gb s = 1 Kc o u n t = 1 M #m d c o n f i gatv n o d ef/ u s r / v d i s k . i m gu0 #C r e a t e sd e v i c e/ d e v / m d 1 #b s d l a b e lw/ d e v / m d 0 #n e w f s/ d e v / m d 0 c #m o u n t/ d e v / m d 0 c/ m n t #u m o u n t/ m n t ;m d c o n f i gdu0 ;r m/ u s r / v d i s k . i m g #C l e a n u pt h em dd e v i c e

The file based image can be automatically mounted during boot with an entry in /etc/rc.conf and /etc/fstab. Test your setup with # / e t c / r c . d / m d c o n f i g s t a r t (first delete the md0 device with # m d c o n f i gdu0 ). NotehoweverthatthisautomaticsetupwillonlyworkifthefileimageisNOTontherootpartition.The reasonisthatthe/etc/rc.d/mdconfigscriptisexecutedveryearlyduringbootandtherootpartitionis still readonly. Images located outside the root partition will be mounted later with the script /etc/rc.d/mdconfig2. /boot/loader.conf:
m d _ l o a d = " Y E S "

/etc/rc.conf:
#m d c o n f i g _ m d 0 = " tv n o d ef/ u s r / v d i s k . i m g " #/ u s ri sn o to nt h er o o tp a r t i t i o n

/etc/fstab:(The00attheendisimportant,ittellfscktoignorethisdevice,asisdoesnotexistyet)
/ d e v / m d 0 / u s r / v d i s k u f s r w 0 0

Itisalsopossibletoincreasethesizeoftheimageafterward,sayforexample300MBlarger.
#u m o u n t/ m n t ;m d c o n f i gdu0 #d di f = / d e v / z e r ob s = 1 mc o u n t = 3 0 0> >/ u s r / v d i s k . i m g #m d c o n f i gatv n o d ef/ u s r / v d i s k . i m gu0 #g r o w f s/ d e v / m d 0 #m o u n t/ d e v / m d 0 c/ m n t

#F i l ep a r t i t i o ni sn o w3 0 0M Bl a r g e r

Linux
#d di f = / d e v / z e r oo f = / u s r / v d i s k . i m gb s = 1 0 2 4 kc o u n t = 1 0 2 4 #m k f s . e x t 3/ u s r / v d i s k . i m g #m o u n tol o o p/ u s r / v d i s k . i m g/ m n t #u m o u n t/ m n t ;r m/ u s r / v d i s k . i m g #C l e a n u p

Linuxwithlose tup / d e v / z e r o ismuchfasterthanu r a n d o m ,butlesssecureforencryption.


#d di f = / d e v / u r a n d o mo f = / u s r / v d i s k . i m gb s = 1 0 2 4 kc o u n t = 1 0 2 4 #l o s e t u p/ d e v / l o o p 0/ u s r / v d i s k . i m g #C r e a t e sa n da s s o c i a t e s/ d e v / l o o p 0 #m k f s . e x t 3/ d e v / l o o p 0 #m o u n t/ d e v / l o o p 0/ m n t #l o s e t u pa #C h e c ku s e dl o o p s #u m o u n t/ m n t #l o s e t u pd/ d e v / l o o p 0 #D e t a c h #r m/ u s r / v d i s k . i m g

3. 12 Cr eat e a memor y file syst em


A memory based file system is very fast for heavy IO application. How to create a 64 MB partition mountedon/memdisk: Fr e e BSD
#m o u n t _ m f sor ws6 4 Mm d/ m e m d i s k #u m o u n t/ m e m d i s k ;m d c o n f i gdu0 m d / m e m d i s k m f s r w , s 6 4 M 0 0 #C l e a n u pt h em dd e v i c e #/ e t c / f s t a be n t r y

Linux
#m o u n ttt m p f so s i z e = 6 4 mt m p f s/ m e m d i s k

cb.vu/unixtoolbox.xhtml#loadstats

12/49

11/20/13

Unix Toolbox

3. 13 Disk per for mance


Readandwritea1GBfileonpartitionad4s3c(/home)
#t i m ed di f = / d e v / a d 4 s 3 co f = / d e v / n u l lb s = 1 0 2 4 kc o u n t = 1 0 0 0 #t i m ed di f = / d e v / z e r ob s = 1 0 2 4 kc o u n t = 1 0 0 0o f = / h o m e / 1 G b . f i l e #h d p a r mt T/ d e v / h d a #L i n u xo n l y

4 NE T W O R K
Routing|AdditionalIP|ChangeMAC|Ports|Firewall|IPForward|NAT|DNS|DHCP|Traffic|QoS| NIS|Netcat

4. 1 Debugging ( See also Tr affic analysis)


Linux
#e t h t o o le t h 0 #S h o wt h ee t h e r n e ts t a t u s( r e p l a c e sm i i d i a g ) #e t h t o o lse t h 0s p e e d1 0 0d u p l e xf u l l#F o r c e1 0 0 M b i tF u l ld u p l e x #e t h t o o lse t h 0a u t o n e go f f#D i s a b l ea u t on e g o t i a t i o n #e t h t o o lpe t h 1 #B l i n kt h ee t h e r n e tl e d-v e r yu s e f u lw h e ns u p p o r t e d #i pl i n ks h o w #D i s p l a ya l li n t e r f a c e so nL i n u x( s i m i l a rt oi f c o n f i g ) #i pl i n ks e te t h 0u p #B r i n gd e v i c eu p( o rd o w n ) .S a m ea s" i f c o n f i ge t h 0u p " #i pa d d rs h o w #D i s p l a ya l lI Pa d d r e s s e so nL i n u x( s i m i l a rt oi f c o n f i g ) #i pn e i g hs h o w #S i m i l a rt oa r pa

Othe r OSe s
#i f c o n f i gf x p 0 #C h e c kt h e" m e d i a "f i e l do nF r e e B S D #a r pa #C h e c kt h er o u t e r( o rh o s t )A R Pe n t r y( a l lO S ) #p i n gc b . v u #T h ef i r s tt h i n gt ot r y . . . #t r a c e r o u t ec b . v u #P r i n tt h er o u t ep a t ht od e s t i n a t i o n #i f c o n f i gf x p 0m e d i a1 0 0 b a s e T Xm e d i a o p tf u l l d u p l e x#1 0 0 M b i tf u l ld u p l e x( F r e e B S D ) #n e t s t a ts #S y s t e m w i d es t a t i s t i c sf o re a c hn e t w o r kp r o t o c o l

Additionalcommandswhicharenotalwaysinstalledperdefaultbuteasytofind:
#a r p i n g1 9 2 . 1 6 8 . 1 6 . 2 5 4 #P i n go ne t h e r n e tl a y e r #t c p t r a c e r o u t ef5c b . v u #u s e st c pi n s t e a do fi c m pt ot r a c et h r o u g hf i r e w a l l s

4. 2 Rout ing
Pr intr outingtable
#r o u t en #n e t s t a tr n #r o u t ep r i n t #L i n u xo ru s e" i pr o u t e " #L i n u x ,B S Da n dU N I X #W i n d o w s

Addandde le te ar oute FreeBSD


#r o u t ea d d2 1 2 . 1 1 7 . 0 . 0 / 1 61 9 2 . 1 6 8 . 1 . 1 #r o u t ed e l e t e2 1 2 . 1 1 7 . 0 . 0 / 1 6 #r o u t ea d dd e f a u l t1 9 2 . 1 6 8 . 1 . 1

Addtheroutepermanentlyin/etc/rc.conf
s t a t i c _ r o u t e s = " m y r o u t e " r o u t e _ m y r o u t e = " n e t2 1 2 . 1 1 7 . 0 . 0 / 1 61 9 2 . 1 6 8 . 1 . 1 "

Linux
#r o u t ea d dn e t1 9 2 . 1 6 8 . 2 0 . 0n e t m a s k2 5 5 . 2 5 5 . 2 5 5 . 0g w1 9 2 . 1 6 8 . 1 6 . 2 5 4 #i pr o u t ea d d1 9 2 . 1 6 8 . 2 0 . 0 / 2 4v i a1 9 2 . 1 6 8 . 1 6 . 2 5 4 #s a m ea sa b o v ew i t hi pr o u t e #r o u t ea d dn e t1 9 2 . 1 6 8 . 2 0 . 0n e t m a s k2 5 5 . 2 5 5 . 2 5 5 . 0d e ve t h 0 #r o u t ea d dd e f a u l tg w1 9 2 . 1 6 8 . 5 1 . 2 5 4 #i pr o u t ea d dd e f a u l tv i a1 9 2 . 1 6 8 . 5 1 . 2 5 4d e ve t h 0 #s a m ea sa b o v ew i t hi pr o u t e #r o u t ed e l e t en e t1 9 2 . 1 6 8 . 2 0 . 0n e t m a s k2 5 5 . 2 5 5 . 2 5 5 . 0

Solaris
#r o u t ea d dn e t1 9 2 . 1 6 8 . 2 0 . 0n e t m a s k2 5 5 . 2 5 5 . 2 5 5 . 01 9 2 . 1 6 8 . 1 6 . 2 5 4 #r o u t ea d dd e f a u l t1 9 2 . 1 6 8 . 5 1 . 2 5 41 #1=h o p st ot h en e x tg a t e w a y #r o u t ec h a n g ed e f a u l t1 9 2 . 1 6 8 . 5 0 . 2 5 41

Permanententriesaresetinentryin/ e t c / d e f a u l t r o u t e r . W indows
#R o u t ea d d1 9 2 . 1 6 8 . 5 0 . 0m a s k2 5 5 . 2 5 5 . 2 5 5 . 01 9 2 . 1 6 8 . 5 1 . 2 5 3

cb.vu/unixtoolbox.xhtml#loadstats

13/49

11/20/13

Unix Toolbox

#R o u t ea d d0 . 0 . 0 . 0m a s k0 . 0 . 0 . 01 9 2 . 1 6 8 . 5 1 . 2 5 4

Useaddptomaketheroutepersistent.

4. 3 Configur e addit ional IP addr esses


Linux
#i f c o n f i ge t h 01 9 2 . 1 6 8 . 5 0 . 2 5 4n e t m a s k2 5 5 . 2 5 5 . 2 5 5 . 0 #i f c o n f i ge t h 0 : 01 9 2 . 1 6 8 . 5 1 . 2 5 4n e t m a s k2 5 5 . 2 5 5 . 2 5 5 . 0 #i pa d d ra d d1 9 2 . 1 6 8 . 5 0 . 2 5 4 / 2 4d e ve t h 0 #i pa d d ra d d1 9 2 . 1 6 8 . 5 1 . 2 5 4 / 2 4d e ve t h 0l a b e le t h 0 : 1 #F i r s tI P #S e c o n dI P #E q u i v a l e n ti pc o m m a n d s

Fr e e BSD
#i f c o n f i gf x p 0i n e t1 9 2 . 1 6 8 . 5 0 . 2 5 4 / 2 4 #F i r s tI P #i f c o n f i gf x p 0a l i a s1 9 2 . 1 6 8 . 5 1 . 2 5 4n e t m a s k2 5 5 . 2 5 5 . 2 5 5 . 0#S e c o n dI P #i f c o n f i gf x p 0a l i a s1 9 2 . 1 6 8 . 5 1 . 2 5 4 #R e m o v es e c o n dI Pa l i a s

Permanententriesin/etc/rc.conf
i f c o n f i g _ f x p 0 = " i n e t1 9 2 . 1 6 8 . 5 0 . 2 5 4 n e t m a s k2 5 5 . 2 5 5 . 2 5 5 . 0 " i f c o n f i g _ f x p 0 _ a l i a s 0 = " 1 9 2 . 1 6 8 . 5 1 . 2 5 4n e t m a s k2 5 5 . 2 5 5 . 2 5 5 . 0 "

Solar is Checkthesettingswithi f c o n f i ga
#i f c o n f i gh m e 0p l u m b #E n a b l et h en e t w o r kc a r d #i f c o n f i gh m e 01 9 2 . 1 6 8 . 5 0 . 2 5 4n e t m a s k2 5 5 . 2 5 5 . 2 5 5 . 0u p #F i r s tI P #i f c o n f i gh m e 0 : 11 9 2 . 1 6 8 . 5 1 . 2 5 4n e t m a s k2 5 5 . 2 5 5 . 2 5 5 . 0u p #S e c o n dI P

4. 4 Change MAC addr ess


Normallyyouhavetobringtheinterfacedownbeforethechange.Don'ttellmewhyyouwanttochange theMACaddress...
#i f c o n f i ge t h 0d o w n #i f c o n f i ge t h 0h we t h e r0 0 : 0 1 : 0 2 : 0 3 : 0 4 : 0 5 #i f c o n f i gf x p 0l i n k0 0 : 0 1 : 0 2 : 0 3 : 0 4 : 0 5 #i f c o n f i gh m e 0e t h e r0 0 : 0 1 : 0 2 : 0 3 : 0 4 : 0 5 #s u d oi f c o n f i ge n 0e t h e r0 0 : 0 1 : 0 2 : 0 3 : 0 4 : 0 5 #s u d oi f c o n f i ge n 0l l a d d r0 0 : 0 1 : 0 2 : 0 3 : 0 4 : 0 5 #L i n u x #F r e e B S D #S o l a r i s #O SXT i g e r ,S n o wL e o p a r dL A N * #O SXL e o p a r d

*Typicalwirelessinterfaceise n 1 andneedsdodisassociatefromanynetworkfirst(osxdailyhowto).
#e c h o" a l i a sa i r p o r t = ' / S y s t e m / L i b r a r y / P r i v a t e F r a m e w o r k s / A p p l e 8 0 2 1 1 . f r a m e w o r k / V e r s i o n s / C u r r e n t / R e s o u r c e s / a i r p o r t ' " \ > >~ / . b a s h _ p r o f i l e #o rs y m l i n kt o/ u s r / s b i n #a i r p o r tz #D i s a s s o c i a t ef r o mw i r e l e s sn e t w o r k s #a i r p o r tI #G e ti n f of r o mw i r e l e s sn e t w o r k

Many tools exist for Windows. For example etherchangehttp://ntsecurity .nu/toolbox/etherchange. Or look for "Mac Makeup","smac".

4. 5 Por t s in use
Listeningopenports:
#n e t s t a ta n|g r e pL I S T E N #l s o fi #L i n u xl i s ta l lI n t e r n e tc o n n e c t i o n s #s o c k l i s t #L i n u xd i s p l a yl i s to fo p e ns o c k e t s #s o c k s t a t4 #F r e e B S Da p p l i c a t i o nl i s t i n g #n e t s t a ta n pu d pt c p|g r e pL I S T E N #L i n u x #n e t s t a tt u p #L i s ta c t i v ec o n n e c t i o n st o / f r o ms y s t e m( L i n u x ) #n e t s t a tt u p l #L i s tl i s t e n i n gp o r t sf r o ms y s t e m( L i n u x ) #n e t s t a ta n o #W i n d o w s

4. 6 Fir ewall
Checkifafirewallisrunning(typicalconfigurationonly): Linux
#i p t a b l e sLnv O p e nt h ei p t a b l e sf i r e w a l l #i p t a b l e sPI N P U T A C C E P T #i p t a b l e sPF O R W A R D A C C E P T #i p t a b l e sPO U T P U T A C C E P T #i p t a b l e sZ #i p t a b l e sF #i p t a b l e sX #F o rs t a t u s #O p e ne v e r y t h i n g #Z e r ot h ep a c k e ta n db y t ec o u n t e r si na l lc h a i n s #F l u s ha l lc h a i n s #D e l e t ea l lc h a i n s

cb.vu/unixtoolbox.xhtml#loadstats

14/49

11/20/13

Unix Toolbox

Fr e e BSD
#i p f ws h o w #F o rs t a t u s #i p f wl i s t6 5 5 3 5#i fa n s w e ri s" 6 5 5 3 5d e n yi pf r o ma n yt oa n y "t h ef wi sd i s a b l e d #s y s c t ln e t . i n e t . i p . f w . e n a b l e = 0 #D i s a b l e #s y s c t ln e t . i n e t . i p . f w . e n a b l e = 1 #E n a b l e

4. 7 IP For war d for r out ing


Linux CheckandthenenableIPforwardwith:
#c a t/ p r o c / s y s / n e t / i p v 4 / i p _ f o r w a r d #C h e c kI Pf o r w a r d0 = o f f ,1 = o n #e c h o1>/ p r o c / s y s / n e t / i p v 4 / i p _ f o r w a r d

oredit/etc/sysctl.confwith:
n e t . i p v 4 . i p _ f o r w a r d=1

Fr e e BSD Checkandenablewith:
#s y s c t ln e t . i n e t . i p . f o r w a r d i n g #C h e c kI Pf o r w a r d0 = o f f ,1 = o n #s y s c t ln e t . i n e t . i p . f o r w a r d i n g = 1 #s y s c t ln e t . i n e t . i p . f a s t f o r w a r d i n g = 1 #F o rd e d i c a t e dr o u t e ro rf i r e w a l l P e r m a n e n tw i t he n t r yi n/ e t c / r c . c o n f : g a t e w a y _ e n a b l e = " Y E S " #S e tt oY E Si ft h i sh o s tw i l lb eag a t e w a y .

Solar is
#n d ds e t/ d e v / i pi p _ f o r w a r d i n g1 #S e tI Pf o r w a r d0 = o f f ,1 = o n

4. 8 NAT Net wor k Addr ess Tr anslat ion


Linux
#i p t a b l e stn a tAP O S T R O U T I N Goe t h 0jM A S Q U E R A D E #t oa c t i v a t eN A T #i p t a b l e stn a tAP R E R O U T I N Gpt c pd7 8 . 3 1 . 7 0 . 2 3 8d p o r t2 0 0 2 2jD N A T\ t o1 9 2 . 1 6 8 . 1 6 . 4 4 : 2 2 #P o r tf o r w a r d2 0 0 2 2t oi n t e r n a lI Pp o r ts s h #i p t a b l e stn a tAP R E R O U T I N Gpt c pd7 8 . 3 1 . 7 0 . 2 3 8d p o r t9 9 3 : 9 9 5jD N A T\ t o1 9 2 . 1 6 8 . 1 6 . 2 5 4 : 9 9 3 9 9 5 #P o r tf o r w a r do fr a n g e9 9 3 9 9 5 #i pr o u t ef l u s hc a c h e #i p t a b l e sLtn a t #C h e c kN A Ts t a t u s

Delete the port forward with D instead of A. The program netstatnathttp://tweegy .nl/projects/netstatnat is very usefultotrackconnections(ituses/ p r o c / n e t / i p _ c o n n t r a c k or/ p r o c / n e t / n f _ c o n n t r a c k ).
#n e t s t a t n a tn #s h o wa l lc o n n e c t i o n sw i t hI P s

Fr e e BSD
#n a t dsmud y n a m i cf/ e t c / n a t d . c o n fnf x p 0 O re d i t/ e t c / r c . c o n fw i t h : f i r e w a l l _ e n a b l e = " Y E S " #S e tt oY E St oe n a b l ef i r e w a l lf u n c t i o n a l i t y f i r e w a l l _ t y p e = " o p e n " #F i r e w a l lt y p e( s e e/ e t c / r c . f i r e w a l l ) n a t d _ e n a b l e = " Y E S " #E n a b l en a t d( i ff i r e w a l l _ e n a b l e= =Y E S ) . n a t d _ i n t e r f a c e = " t u n 0 " #P u b l i ci n t e r f a c eo rI Pa d d r e s st ou s e . n a t d _ f l a g s = " smud y n a m i cf/ e t c / n a t d . c o n f "

Portforwardwith:
#c a t/ e t c / n a t d . c o n f s a m e _ p o r t sy e s u s e _ s o c k e t sy e s u n r e g i s t e r e d _ o n l y #r e d i r e c t _ p o r tt c pi n s i d e I P : 2 3 0 0 2 3 9 93 3 0 0 3 3 9 9 #p o r tr a n g e r e d i r e c t _ p o r tu d p1 9 2 . 1 6 8 . 5 1 . 1 0 3 : 7 7 7 77 7 7 7

4. 9 DNS
On Unix the DNS entries are valid for all interfaces and are stored in /etc/resolv.conf. The domain to whichthehostbelongsisalsostoredinthisfile.Aminimalconfigurationis:
n a m e s e r v e r7 8 . 3 1 . 7 0 . 2 3 8 s e a r c hs l e e p y o w l . n e ti n t e r n . l a b d o m a i ns l e e p y o w l . n e t

Checkthesystemdomainnamewith:
#h o s t n a m ed #S a m ea sd n s d o m a i n n a m e

cb.vu/unixtoolbox.xhtml#loadstats

15/49

11/20/13

Unix Toolbox

Windows OnWindowstheDNSareconfiguredperinterface.TodisplaytheconfiguredDNSandtoflushtheDNS cacheuse:


#i p c o n f i g/ ? #i p c o n f i g/ a l l #D i s p l a yh e l p #S e ea l li n f o r m a t i o ni n c l u d i n gD N S

FlushDNS FlushtheOSDNScache,someapplicationusingtheirowncache(e.g.Firefox)andwillbeunaffected.
#/ e t c / i n i t . d / n s c dr e s t a r t #l o o k u p df l u s h c a c h e #d s c a c h e u t i lf l u s h c a c h e #i p c o n f i g/ f l u s h d n s #R e s t a r tn s c di fu s e d-L i n u x / B S D / S o l a r i s #O SXT i g e r #O SXL e o p a r da n dn e w e r #W i n d o w s

For war dque r ie s Dig is you friend to test the DNS settings. For example the public DNS server 2 1 3 . 1 3 3 . 1 0 5 . 2 n s . s e c o n d n s . d e can be used for testing. See from which server the client receives the answer (simplifiedanswer).
#d i gs l e e p y o w l . n e t s l e e p y o w l . n e t . 6 0 0 I N A ; ;S E R V E R :1 9 2 . 1 6 8 . 5 1 . 2 5 4 # 5 3 ( 1 9 2 . 1 6 8 . 5 1 . 2 5 4 ) 7 8 . 3 1 . 7 0 . 2 3 8

Therouter192.168.51.254answeredandtheresponseistheAentry.Anyentrycanbequeriedand theDNSservercanbeselectedwith@:
#d i gM Xg o o g l e . c o m #d i g@ 1 2 7 . 0 . 0 . 1N Ss u n . c o m #T ot e s tt h el o c a ls e r v e r #d i g@ 2 0 4 . 9 7 . 2 1 2 . 1 0N SM Xh e i s e . d e #Q u e r ya ne x t e r n a ls e r v e r #d i gA X F R@ n s 1 . x n a m e . o r gc b . v u #G e tt h ef u l lz o n e( z o n et r a n s f e r )

Theprogramhostisalsopowerful.
#h o s ttM Xc b . v u #h o s ttN STs u n . c o m #h o s tas l e e p y o w l . n e t #G e tt h em a i lM Xe n t r y #G e tt h eN Sr e c o r do v e raT C Pc o n n e c t i o n #G e te v e r y t h i n g

Re v e r se que r ie s Find the name belonging to an IP address (inaddr.arpa.). This can be done with d i g , h o s t and n s l o o k u p :
#d i gx7 8 . 3 1 . 7 0 . 2 3 8 #h o s t7 8 . 3 1 . 7 0 . 2 3 8 #n s l o o k u p7 8 . 3 1 . 7 0 . 2 3 8

/e tc/hosts Single hosts can be configured in the file /etc/hosts instead of running n a m e d locally to resolve the hostnamequeries.Theformatissimple,forexample:
7 8 . 3 1 . 7 0 . 2 3 8 s l e e p y o w l . n e t s l e e p y o w l

The priority between hosts and a dns query, that is the name resolution order, can be configured in / e t c / n s s w i t c h . c o n f AND/etc/host.conf.ThefilealsoexistsonWindows,itisusuallyin:
C : \ W I N D O W S \ S Y S T E M 3 2 \ D R I V E R S \ E T C

4. 10 DHCP
Linux Somedistributions(SuSE)usedhcpcdasclient.Thedefaultinterfaceiseth0.
#d h c p c dne t h 0 #d h c p c dke t h 0 #T r i g g e rar e n e w( d o e sn o ta l w a y sw o r k ) #r e l e a s ea n ds h u t d o w n

Theleasewiththefullinformationisstoredin:
/ v a r / l i b / d h c p c d / d h c p c d e t h 0 . i n f o

Fr e e BSD FreeBSD(andDebian)usesdhclient.Toconfigureaninterface(forexamplebge0)run:
#d h c l i e n tb g e 0

Theleasewiththefullinformationisstoredin:
/ v a r / d b / d h c l i e n t . l e a s e s . b g e 0

Use
cb.vu/unixtoolbox.xhtml#loadstats 16/49

11/20/13

Unix Toolbox

/ e t c / d h c l i e n t . c o n f

toprependoptionsorforcedifferentoptions:
#c a t/ e t c / d h c l i e n t . c o n f i n t e r f a c e" r l 0 "{ p r e p e n dd o m a i n n a m e s e r v e r s1 2 7 . 0 . 0 . 1 ; d e f a u l td o m a i n n a m e" s l e e p y o w l . n e t " ; s u p e r s e d ed o m a i n n a m e" s l e e p y o w l . n e t " ; }

Windows Thedhcpleasecanberenewedwithi p c o n f i g :
#i p c o n f i g/ r e n e w #i p c o n f i g/ r e n e wL A N #i p c o n f i g/ r e l e a s eW L A N #r e n e wa l la d a p t e r s #r e n e wt h ea d a p t e rn a m e d" L A N " #r e l e a s et h ea d a p t e rn a m e d" W L A N "

Yesitisagoodideatorenameyouadapterwithsimplenames!

4. 11 Tr affic analysis
Bmonhttp://people.suug.ch/~tgr/bmon/ isasmallconsolebandwidthmonitorandcandisplaytheflowondifferent interfaces. Sniffwithtcpdump
#t c p d u m pn lib g e 0n o tp o r ts s ha n ds r c\ ( 1 9 2 . 1 6 8 . 1 6 . 1 2 1o r1 9 2 . 1 6 8 . 1 6 . 5 4 \ ) #t c p d u m pnie t h 1n e t1 9 2 . 1 6 8 . 1 6 . 1 2 1 #s e l e c tt o / f r o mas i n g l eI P #t c p d u m pnie t h 1n e t1 9 2 . 1 6 8 . 1 6 . 0 / 2 4 #s e l e c tt r a f f i ct o / f r o man e t w o r k #t c p d u m pl>d u m p& &t a i lfd u m p #B u f f e r e do u t p u t #t c p d u m pir l 0wt r a f f i c . r l 0 #W r i t et r a f f i ch e a d e r si nb i n a r yf i l e #t c p d u m pir l 0s0wt r a f f i c . r l 0 #W r i t et r a f f i c+p a y l o a di nb i n a r yf i l e #t c p d u m prt r a f f i c . r l 0 #R e a df r o mf i l e( a l s of o re t h e r e a l #t c p d u m pp o r t8 0 #T h et w oc l a s s i cc o m m a n d s #t c p d u m ph o s tg o o g l e . c o m #t c p d u m pie t h 0Xp o r t\ ( 1 1 0o r1 4 3 \ ) #C h e c ki fp o po ri m a pi ss e c u r e #t c p d u m pnie t h 0i c m p #O n l yc a t c hp i n g s #t c p d u m pie t h 0s0Ap o r t8 0|g r e pG E T #s0f o rf u l lp a c k e tAf o rA S C I I

Additionalimportantoptions:
A Printeachpacketsincleartext(withoutheader) X PrintpacketsinhexandASCII l Makestdoutlinebuffered D Printallinterfacesavailable

OnWindowsusewindumpfromwww.winpcap.org.UsewindumpDtolisttheinterfaces. Scanwithnmap Nmaphttp://insecure.org/nmap/ isaportscannerwithOSdetection,itisusuallyinstalledonmostdistributions andisalsoavailableforWindows.Ifyoudon'tscanyourservers,hackersdoitforyou...


#n m a pc b . v u #s c a n sa l lr e s e r v e dT C Pp o r t so nt h eh o s t #n m a ps P1 9 2 . 1 6 8 . 1 6 . 0 / 2 4#F i n do u tw h i c hI Pa r eu s e da n db yw h i c hh o s to n0 / 2 4 #n m a ps Ss VOc b . v u #D oas t e a l t hS Y Ns c a nw i t hv e r s i o na n dO Sd e t e c t i o n P O R T S T A T E S E R V I C E V E R S I O N 2 2 / t c p o p e n s s h O p e n S S H3 . 8 . 1 p 1F r e e B S D 2 0 0 6 0 9 3 0( p r o t o c o l2 . 0 ) 2 5 / t c p o p e n s m t p S e n d m a i ls m t p d8 . 1 3 . 6 / 8 . 1 3 . 6 8 0 / t c p o p e n h t t p A p a c h eh t t p d2 . 0 . 5 9( ( F r e e B S D )D A V / 2P H P / 4 . [ . . . ] R u n n i n g :F r e e B S D5 . X U p t i m e3 3 . 1 2 0d a y s( s i n c eF r iA u g3 11 1 : 4 1 : 0 42 0 0 7 )

Other non standard but useful tools are h p i n g (www.hping.org) an IP packet assembler/analyzer and f p i n g (fping.sourceforge.net).fpingcancheckmultiplehostsinaroundrobinfashion.

4. 12 Tr affic cont r ol ( QoS)


Trafficcontrolmanagesthequeuing,policing,scheduling,andothertrafficparametersforanetwork. ThefollowingexamplesaresimplepracticalusesoftheLinuxandFreeBSDcapabilitiestobetteruse theavailablebandwidth. Limitupload DSLorcablemodemshavealongqueuetoimprovetheuploadthroughput.Howeverfillingthequeue withafastdevice(e.g.ethernet)willdramaticallydecreasetheinteractivity.Itisthereforeusefultolimit
cb.vu/unixtoolbox.xhtml#loadstats 17/49

11/20/13

Unix Toolbox

the device upload rate to match the physical capacity of the modem, this should greatly improve the interactivity.Settoabout90%ofthemodemmaximal(cable)speed. Linux Fora512Kbituploadmodem.
#t cq d i s ca d dd e ve t h 0r o o tt b fr a t e4 8 0 k b i tl a t e n c y5 0 m sb u r s t1 5 4 0 #t csq d i s cl sd e ve t h 0 #S t a t u s #t cq d i s cd e ld e ve t h 0r o o t #D e l e t et h eq u e u e #t cq d i s cc h a n g ed e ve t h 0r o o tt b fr a t e2 2 0 k b i tl a t e n c y5 0 m sb u r s t1 5 4 0

FreeBSD FreeBSDusesthed u m m y n e t trafficshaperwhichisconfiguredwithipfw.Pipesareusedtosetlimitsthe bandwidthinunitsof[K|M]{bit/s|Byte/s},0meansunlimitedbandwidth.Usingthesamepipenumberwill reconfigureit.Forexamplelimittheuploadbandwidthto500Kbit.


#k l d l o a dd u m m y n e t #i p f wp i p e1c o n f i gb w5 0 0 K b i t / s #i p f wa d dp i p e1i pf r o mm et oa n y #l o a dt h em o d u l ei fn e c e s s a r y #c r e a t eap i p ew i t hl i m i t e db a n d w i d t h #d i v e r tt h ef u l lu p l o a di n t ot h ep i p e

Qualityofse r v ice Linux Priorityqueuingwitht c tooptimizeVoIP.Seethefullexampleonvoipinfo.orgorwww.howtoforge.com. Suppose VoIP uses udp on ports 10000:11024 and device eth0 (could also be ppp0 or so). The following commands define the QoS to three queues and force the VoIP traffic to queue 1 with QoS 0 x 1 e (allbitsset).Thedefaulttrafficflowsintoqueue3andQoSMinimizeDelayflowsintoqueue2.
#t cq d i s ca d dd e ve t h 0r o o th a n d l e1 :p r i op r i o m a p2222222211111110 #t cq d i s ca d dd e ve t h 0p a r e n t1 : 1h a n d l e1 0 :s f q #t cq d i s ca d dd e ve t h 0p a r e n t1 : 2h a n d l e2 0 :s f q #t cq d i s ca d dd e ve t h 0p a r e n t1 : 3h a n d l e3 0 :s f q #t cf i l t e ra d dd e ve t h 0p r o t o c o li pp a r e n t1 :p r i o1u 3 2\ m a t c hi pd p o r t1 0 0 0 00 x 3 C 0 0f l o w i d1 : 1 #u s es e r v e rp o r tr a n g e m a t c hi pd s t1 2 3 . 2 3 . 0 . 1f l o w i d1 : 1 #o r / a n du s es e r v e rI P

Statusandremovewith
#t csq d i s cl sd e ve t h 0 #t cq d i s cd e ld e ve t h 0r o o t #q u e u es t a t u s #d e l e t ea l lQ o S

Calculateportrangeandmask Thetcfilterdefinestheportrangewithportandmaskwhichyouhavetocalculate.Findthe2^Nending of the port range, deduce the range and convert to HEX. This is your mask. Example for 10000 > 11024,therangeis1024.
#2 ^ 1 3( 8 1 9 2 )<1 0 0 0 0<2 ^ 1 4( 1 6 3 8 4 ) #e c h o" o b a s e = 1 6 ; ( 2 ^ 1 4 ) 1 0 2 4 "|b c #e n d i n gi s2 ^ 1 4=1 6 3 8 4 #m a s ki s0 x 3 C 0 0

FreeBSD Themaxlinkbandwidthis500Kbit/sandwedefine3queueswithpriority100:10:1forVoIP:ssh:allthe rest.


#i p f wp i p e1c o n f i gb w5 0 0 K b i t / s #i p f wq u e u e1c o n f i gp i p e1w e i g h t1 0 0 #i p f wq u e u e2c o n f i gp i p e1w e i g h t1 0 #i p f wq u e u e3c o n f i gp i p e1w e i g h t1 #i p f wa d d1 0q u e u e1p r o t ou d pd s t p o r t1 0 0 0 0 1 1 0 2 4 #i p f wa d d1 1q u e u e1p r o t ou d pd s t i p1 2 3 . 2 3 . 0 . 1#o r / a n du s es e r v e rI P #i p f wa d d2 0q u e u e2d s p p o r ts s h #i p f wa d d3 0q u e u e3f r o mm et oa n y #a l lt h er e s t

Statusandremovewith
#i p f wl i s t #i p f wp i p el i s t #i p f wf l u s h #r u l e ss t a t u s #p i p es t a t u s #d e l e t e sa l lr u l e sb u td e f a u l t

4. 13 NIS Debugging
SomecommandswhichshouldworkonawellconfiguredNISclient:
#y p w h i c h #d o m a i n n a m e #y p c a tg r o u p #c d/ v a r / y p& &m a k e #g e tt h ec o n n e c t e dN I Ss e r v e rn a m e #T h eN I Sd o m a i nn a m ea sc o n f i g u r e d #s h o u l dd i s p l a yt h eg r o u pf r o mt h eN I Ss e r v e r #R e b u i l dt h ey pd a t a b a s e
18/49

cb.vu/unixtoolbox.xhtml#loadstats

11/20/13

Unix Toolbox

#r p c i n f ops e r v e r n a m e

#R e p o r tR P Cs e r v i c e so ft h es e r v e r

Isypbindrunning?
#p sa u x w w|g r e py p b i n d / u s r / s b i n / y p b i n dsmSs e r v e r n a m e 1 , s e r v e r n a m e 2 #F r e e B S D / u s r / s b i n / y p b i n d #L i n u x #y p p o l lp a s s w d . b y n a m e M a pp a s s w d . b y n a m eh a so r d e rn u m b e r1 1 9 0 6 3 5 0 4 1 .M o nS e p2 41 3 : 5 7 : 2 12 0 0 7 T h em a s t e rs e r v e ri ss e r v e r n a m e . d o m a i n . n e t .

Linux
#c a t/ e t c / y p . c o n f y p s e r v e rs e r v e r n a m e d o m a i nd o m a i n . n e tb r o a d c a s t

4. 14 Net cat
Netcathttp://netcat.sourcef orge.net (nc) is better known as the "network Swiss Army Knife", it can manipulate, createorread/writeTCP/IPconnections.Heresomeusefulexamples,therearemanymoreonthenet, for example gloaded.eu[...]http://www.gloaded.eu/2006/11/06/netcatacoupleof usef ulexamples and herehttp://www.terminally incoherent.com/blog/2007/08/07/f ewusef ulnetcattricks . Youmightneedtousethecommandn e t c a t insteadofn c .Alsoseethesimilarcommandsocat. File tr ansfe r Copyalargefolderoverarawtcpconnection.Thetransferisveryquick(noprotocoloverhead)and youdon'tneedtomessupwithNFSorSMBorFTPorso,simplymakethefileavailableontheserver, andgetitfromtheclient.Here192.168.1.1istheserverIPaddress.
s e r v e r #t a rc f-CV I D E O _ T S.|n clp4 4 4 4 c l i e n t #n c1 9 2 . 1 6 8 . 1 . 14 4 4 4|t a rx p f-CV I D E O _ T S s e r v e r #c a tl a r g e f i l e|n cl5 6 7 8 c l i e n t #n c1 9 2 . 1 6 8 . 1 . 15 6 7 8>l a r g e f i l e s e r v e r #d di f = / d e v / d a 0|n cl4 4 4 4 c l i e n t #n c1 9 2 . 1 6 8 . 1 . 14 4 4 4|d do f = / d e v / d a 0 c l i e n t #n c1 9 2 . 1 6 8 . 1 . 14 4 4 4|d do f = d a 0 . i m g #S e r v et a rf o l d e ro np o r t4 4 4 4 #P u l lt h ef i l eo np o r t4 4 4 4 #S e r v e ras i n g l ef i l e #P u l lt h es i n g l ef i l e #S e r v e rp a r t i t i o ni m a g e #P u l lp a r t i t i o nt oc l o n e #P u l lp a r t i t i o nt of i l e

Othe r hacks Speciallyhere,youmustknowwhatyouaredoing. Remoteshell OptioneonlyontheWindowsversion?Orusenc1.10.


#n cl p4 4 4 4e/ b i n / b a s h #n cl p4 4 4 4ec m d . e x e #P r o v i d ear e m o t es h e l l( s e r v e rb a c k d o o r ) #r e m o t es h e l lf o rW i n d o w s

Emergencywebserver Serveasinglefileonport80inaloop.
#w h i l et r u e ;d on clp8 0<u n i x t o o l b o x . x h t m l ;d o n e

Chat AliceandBobcanchatoverasimpleTCPsocket.Thetextistransferredwiththeenterkey.
a l i c e #n cl p4 4 4 4 b o b #n c1 9 2 . 1 6 8 . 1 . 14 4 4 4

5 S S H S C P
Publickey|Fingerprint|SCP|Tunneling Seeothertricks25sshcmdhttp://blog.urf ix.com/25sshcommandstricks/

5. 1 Public key aut hent icat ion


Connecttoahostwithoutpasswordusingpublickeyauthentication.Theideaistoappendyourpublic key to the authorized_keys2 file on the remote host. For this example let's connect hostclient to hostserver , the key is generated on the client. With cygwin you might have to create your home directoyandthe.sshdirectorywith# m k d i rp/ h o m e / U S E R / . s s h Usesshkeygentogenerateakeypair. ~ / . s s h / i d _ d s a istheprivatekey, ~ / . s s h / i d _ d s a . p u b is
cb.vu/unixtoolbox.xhtml#loadstats 19/49

11/20/13

Unix Toolbox

thepublickey. Copyonlythepublickeytotheserverandappendittothefile~ / . s s h / a u t h o r i z e d _ k e y s 2 onyour homeontheserver.


#s s h k e y g e ntd s aN' ' #c a t~ / . s s h / i d _ d s a . p u b|s s hy o u @ h o s t s e r v e r" c a t-> >~ / . s s h / a u t h o r i z e d _ k e y s 2 "

Usingthe Windowsclie ntfr omssh.com The non commercial version of the ssh.com client can be downloaded the main ftp site: ftp.ssh.com/pub/ssh/. Keys generated by the ssh.com client need to be converted for the OpenSSH server.Thiscanbedonewiththesshkeygencommand. Createakeypairwiththessh.comclient:SettingsUserAuthenticationGenerateNew.... IuseKeytypeDSAkeylength2048. Copythepublickeygeneratedbythessh.comclienttotheserverintothe~/.sshfolder. ThekeysareinC:\DocumentsandSettings\%USERNAME%\ApplicationData\SSH\UserKeys. Usethesshkeygencommandontheservertoconvertthekey:
#c d~ / . s s h #s s h k e y g e nifk e y f i l e n a m e . p u b> >a u t h o r i z e d _ k e y s 2

Notice:WeusedaDSAkey,RSAisalsopossible.Thekeyisnotprotectedbyapassword. Usingputtyfor Windows Puttyhttp://www.chiark.greenend.org.uk/~sgtatham/putty /download.htmlisasimpleandfreesshclientforWindows. CreateakeypairwiththepuTTYgenprogram. Save the public and private keys (for example Settings\%USERNAME%\.ssh). Copythepublickeytotheserverintothe~/.sshfolder:
#s c p. s s h / p u t t y k e y . p u br o o t @ 1 9 2 . 1 6 8 . 5 1 . 2 5 4 : . s s h /

into

C:\Documents

and

UsethesshkeygencommandontheservertoconvertthekeyforOpenSSH:
#c d~ / . s s h #s s h k e y g e nifp u t t y k e y . p u b> >a u t h o r i z e d _ k e y s 2

Pointtheprivatekeylocationintheputtysettings:ConnectionSSHAuth

5. 2 Check finger pr int


At the first login, ssh will ask if the unknown host with the fingerprint has to be stored in the known hosts. To avoid a maninthemiddle attack the administrator of the server can send you the server fingerprintwhichisthencomparedonthefirstlogin.Use s s h k e y g e nl to get the fingerprint (on the server):
#s s h k e y g e nlf/ e t c / s s h / s s h _ h o s t _ r s a _ k e y . p u b #F o rR S Ak e y 2 0 4 86 1 : 3 3 : b e : 9 b : a e : 6 c : 3 6 : 3 1 : f d : 8 3 : 9 8 : b 7 : 9 9 : 2 d : 9 f : c d/ e t c / s s h / s s h _ h o s t _ r s a _ k e y . p u b #s s h k e y g e nlf/ e t c / s s h / s s h _ h o s t _ d s a _ k e y . p u b #F o rD S Ak e y( d e f a u l t ) 2 0 4 81 4 : 4 a : a a : d 9 : 7 3 : 2 5 : 4 6 : 6 d : 0 a : 4 8 : 3 5 : c 7 : f 4 : 1 6 : d 4 : e e/ e t c / s s h / s s h _ h o s t _ d s a _ k e y . p u b

Nowtheclientconnectingtothisservercanverifythatheisconnectingtotherightserver:
#s s hl i n d a T h ea u t h e n t i c i t yo fh o s t' l i n d a( 1 9 2 . 1 6 8 . 1 6 . 5 4 ) 'c a n ' tb ee s t a b l i s h e d . D S Ak e yf i n g e r p r i n ti s1 4 : 4 a : a a : d 9 : 7 3 : 2 5 : 4 6 : 6 d : 0 a : 4 8 : 3 5 : c 7 : f 4 : 1 6 : d 4 : e e . A r ey o us u r ey o uw a n tt oc o n t i n u ec o n n e c t i n g( y e s / n o ) ?y e s

5. 3 Secur e file t r ansfer


Somesimplecommands:
#s c pf i l e . t x th o s t t w o : / t m p #s c pj o e @ h o s t t w o : / w w w / * . h t m l/ w w w / t m p #s c prj o e @ h o s t t w o : / w w w/ w w w / t m p

In Konqueror or Midnight Commander it is possible to access a remote file system with the address fish://user@gate .Howevertheimplementationisveryslow. Furthermoreitispossibletomountaremotefolderwith sshfsafilesystemclientbasedonSCP.See fusesshfshttp://f use.sourcef orge.net/sshf s.html.
s s h _ e x c h a n g e _ i d e n t i f i c a t i o n :C o n n e c t i o nc l o s e db yr e m o t eh o s t

cb.vu/unixtoolbox.xhtml#loadstats

20/49

11/20/13

Unix Toolbox

Withthiserrortrythefollowingontheserver:
e c h o' S S H D :A L L '> >/ e t c / h o s t s . a l l o w / e t c / i n i t . d / s s h dr e s t a r t

5. 4 Tunneling
SSHtunnelingallowstoforwardorreverseforwardaportovertheSSHconnection,thussecuringthe trafficandaccessingportswhichwouldotherwisebeblocked.ThisonlyworkswithTCP.Thegeneral nomenclatureforforwardandreverseis(seealsosshandNATexample):
#s s hLl o c a l p o r t : d e s t h o s t : d e s t p o r tu s e r @ g a t e #d e s t h o s ta ss e e nf r o mt h eg a t e #s s hRd e s t p o r t : d e s t h o s t : l o c a l p o r tu s e r @ g a t e #f o r w a r d sy o u rl o c a l p o r tt od e s t i n a t i o n #d e s t h o s t : l o c a l p o r ta ss e e nf r o mt h ec l i e n ti n i t i a t i n gt h et u n n e l #s s hXu s e r @ g a t e #T of o r c eXf o r w a r d i n g

Thiswillconnecttogateandforwardthelocalporttothehostdesthost:destport.Notedesthostisthe destination host as seen by the gate, so if the connection is to the gate, then desthost is localhost. Morethanoneportforwardispossible. Dir e ctfor war donthe gate LetsaywewanttoaccesstheCVS(port2401)andhttp(port80)whicharerunningonthegate.This isthesimplestexample,desthostisthuslocalhost,andweusetheport8080locallyinsteadof80sowe don'tneedtoberoot.Oncethesshsessionisopen,bothservicesareaccessibleonthelocalports.
#s s hL2 4 0 1 : l o c a l h o s t : 2 4 0 1L8 0 8 0 : l o c a l h o s t : 8 0u s e r @ g a t e

Ne tbiosandr e mote de sktopfor war dtoase condse r v e r LetsayaWindowssmbserverisbehindthegateandisnotrunningssh.Weneedaccesstothesmb shareandalsoremotedesktoptotheserver.


#s s hL1 3 9 : s m b s e r v e r : 1 3 9L3 3 8 8 : s m b s e r v e r : 3 3 8 9u s e r @ g a t e

Thesmbsharecannowbeaccessedwith\\127.0.0.1\,butonlyifthelocalshareisdisabled,because thelocalshareislisteningonport139. Itispossibletokeepthelocalshareenabled,forthisweneedtocreateanewvirtualdevicewithanew IP address for the tunnel, the smb share will be connected over this address. Furthermore the local RDPisalreadylisteningon3389,sowechoose3388.Forthisexamplelet'suseavirtualIPof10.1.1.1. With putty use Source port=10.1.1.1:139. It is possible to create multiple loop devices and tunnel.OnWindows2000,onlyputtyworkedforme.OnWindowsVistaalsoforwardtheport445 in addition to the port 139. Also on Vista the patch KB942624 prevents the port 445 to be forwarded,soIhadtouninstallthispathinVista. With the ssh.com client, disable "Allow local connections only". Since ssh.com will bind to all addresses,onlyasinglesharecanbeconnected. NowcreatetheloopbackinterfacewithIP10.1.1.1: # System>Control Panel>Add Hardware # Yes, Hardware is already connected # Add a new hardwaredevice(atbottom). #InstallthehardwarethatImanuallyselect#Networkadapters#Microsoft,MicrosoftLoopback Adapter. ConfiguretheIPaddressofthefakedeviceto10.1.1.1mask255.255.255.0,nogateway. advanced>WINS,EnableLMHostsLookupDisableNetBIOSoverTCP/IP. #EnableClientforMicrosoftNetworks.#DisableFileandPrinterSharingforMicrosoftNetworks. IHADtorebootforthistowork.Nowconnecttothesmbsharewith\\10.1.1.1andremotedesktopto 10.1.1.1:3388. Debug Ifitisnotworking: Aretheportsforwarded:netstatan?Lookat0.0.0.0:139or10.1.1.1:139 Doestelnet10.1.1.1139connect? Youneedthecheckbox"Localportsacceptconnectionsfromotherhosts". Is"FileandPrinterSharingforMicrosoftNetworks"disabledontheloopbackinterface?

cb.vu/unixtoolbox.xhtml#loadstats

21/49

11/20/13

Unix Toolbox

Conne cttwoclie ntsbe hindNAT SupposetwoclientsarebehindaNATgatewayandclientcliadminhastoconnecttoclientcliuser(the destination),bothcanlogintothegatewithsshandarerunningLinuxwithsshd.Youdon'tneedroot accessanywhereaslongastheportsongateareabove1024.Weuse2022ongate.Alsosincethe gateisusedlocally,theoptionGatewayPortsisnotnecessary. Onclientcliuser(fromdestinationtogate):


#s s hR2 0 2 2 : l o c a l h o s t : 2 2u s e r @ g a t e #f o r w a r d sc l i e n t2 2t og a t e : 2 0 2 2

Onclientcliadmin(fromhosttogate):
#s s hL3 0 2 2 : l o c a l h o s t : 2 0 2 2a d m i n @ g a t e #s s hp3 0 2 2a d m i n @ l o c a l h o s t #f o r w a r d sc l i e n t3 0 2 2t og a t e : 2 0 2 2 #l o c a l : 3 0 2 2>g a t e : 2 0 2 2>c l i e n t : 2 2

Nowtheadmincanconnectdirectlytotheclientcliuserwith: Conne cttoVNCbe hindNAT SupposeaWindowsclientwithVNClisteningonport5900hastobeaccessedfrombehindNAT.On clientcliwintogate:


#s s hR1 5 9 0 0 : l o c a l h o s t : 5 9 0 0u s e r @ g a t e

Onclientcliadmin(fromhosttogate):
#s s hL5 9 0 0 : l o c a l h o s t : 1 5 9 0 0a d m i n @ g a t e

NowtheadmincanconnectdirectlytotheclientVNCwith:
#v n c c o n n e c td i s p l a y: 0l o c a l h o s t

Digamultihopsshtunne l Suppose you can not reach a server directly with ssh, but only via multiple intermediate hosts (for example because of routing issues). Sometimes it is still necessary to get a direct client server connection,forexampletocopyfileswithscp,orforwardotherportslikesmborvnc.Onewaytodo thisistochaintunnelstogethertoforwardaporttotheserveralongthehops.This"carrier"portonly reachesitsfinaldestinationonthelastconnectiontotheserver. Supposewewanttoforwardthesshportfromaclienttoaserverovertwohops.Oncethetunnelis build,itispossibletoconnecttotheserverdirectlyfromtheclient(andalsoaddanotherportforward). Createtunnelinoneshell client>host1>host2>serveranddigtunnel5678
c l i e n t > #s s hL 5 6 7 8 : l o c a l h o s t : 5 6 7 8h o s t 1 h o s t _ 1 > #s s hL 5 6 7 8 : l o c a l h o s t : 5 6 7 8h o s t 2 h o s t _ 2 > #s s hL 5 6 7 8 : l o c a l h o s t : 2 2s e r v e r #5 6 7 8i sa na r b i t r a r yp o r tf o rt h et u n n e l #c h a i n5 6 7 8f r o mh o s t 1t oh o s t 2 #e n dt h et u n n e lo np o r t2 2o nt h es e r v e r

Usetunnelwithanothershell client>serverusingtunnel5678
#s s hp5 6 7 8l o c a l h o s t #c o n n e c td i r e c t l yf r o mc l i e n tt o s e r v e r #s c pP5 6 7 8m y f i l el o c a l h o s t : / t m p / #o rc o p yaf i l ed i r e c t l yu s i n gt h et u n n e l #r s y n ce' s s hp5 6 7 8 'm y f i l el o c a l h o s t : / t m p /#o rr s y n caf i l ed i r e c t l yt ot h es e r v e r

Autoconne ctandke e paliv e scr ipt I use variations of the following script to keep a machine reacheable over a reverse ssh tunnel. The connectionisautomaticallyrebuiltifclosed.YoucanaddmultipleL orR tunnelsononeline.
# ! / b i n / s h C O M M A N D = " s s hNfgR3 0 2 2 : l o c a l h o s t : 2 2c o l i n @ c b . v u " p g r e pfx" $ C O M M A N D ">/ d e v / n u l l2 > & 1| |$ C O M M A N D e x i t0 1****c o l i n/ h o m e / c o l i n / p o r t _ f o r w a r d . s h #c r o n t a be n t r y( h e r eh o u r l y )

6 VP N W I T H S S H
Asofversion4.3,OpenSSHcanusethetun/tapdevicetoencryptatunnel.Thisisverysimilartoother TLSbasedVPNsolutionslikeOpenVPN.OneadvantagewithSSHisthatthereisnoneedtoinstalland configureadditionalsoftware.AdditionallythetunnelusestheSSHauthenticationlikepresharedkeys. ThedrawbackisthattheencapsulationisdoneoverTCPwhichmightresultinpoorperformanceona slowlink.Alsothetunnelisrelyingonasingle(fragile)TCPconnection.Thistechniqueisveryuseful foraquickIPbasedVPNsetup.ThereisnolimitationaswiththesingleTCPportforward,alllayer3/4
cb.vu/unixtoolbox.xhtml#loadstats 22/49

11/20/13

Unix Toolbox

protocolslikeICMP,TCP/UDP,etc.areforwardedovertheVPN.Inanycase,thefollowingoptionsare neededinthesshd_conffile:
P e r m i t R o o t L o g i ny e s P e r m i t T u n n e ly e s

6. 1 Single P2P connect ion


Here we are connecting two hosts, hclient and hserver with a peer to peer tunnel. The connection is started from hclient to hserver and is done as root. The tunnel end points are 10.0.1.1 (server) and 10.0.1.2(client)andwecreateadevicetun5(thiscouldalsobeanothernumber).Theprocedureis verysimple: ConnectwithSSHusingthetunneloptionw ConfiguretheIPaddressesofthetunnel.Onceontheserverandonceontheclient. Conne cttothe se r v e r Connectionstartedontheclientandcommandsareexecutedontheserver. ServerisonLinux
c l i > #s s hw 5 : 5r o o t @ h s e r v e r s r v > #i f c o n f i gt u n 51 0 . 0 . 1 . 1n e t m a s k2 5 5 . 2 5 5 . 2 5 5 . 2 5 2 #E x e c u t e do nt h es e r v e rs h e l l

ServerisonFreeBSD
c l i > #s s hw 5 : 5r o o t @ h s e r v e r s r v > #i f c o n f i gt u n 51 0 . 0 . 1 . 11 0 . 0 . 1 . 2 #E x e c u t e do nt h es e r v e rs h e l l

Configur e the clie nt Commandsexecutedontheclient:


c l i > #i f c o n f i gt u n 51 0 . 0 . 1 . 2n e t m a s k2 5 5 . 2 5 5 . 2 5 5 . 2 5 2 c l i > #i f c o n f i gt u n 51 0 . 0 . 1 . 21 0 . 0 . 1 . 1 #C l i e n ti so nL i n u x #C l i e n ti so nF r e e B S D

Thetwohostsarenowconnectedandcantransparentlycommunicatewithanylayer3/4protocolusing thetunnelIPaddresses.

6. 2 Connect t wo net wor ks


Inadditiontothep2psetupabove,itismoreusefultoconnecttwoprivatenetworkswithanSSHVPN using two gates. Suppose for the example, netA is 192.168.51.0/24 and netB 192.168.16.0/24. The procedureissimilarasabove,weonlyneedtoaddtherouting.NATmustbeactivatedontheprivate interfaceonlyifthegatesarenotthesameasthedefaultgatewayoftheirnetwork. 192.168.51.0/24(netA)|gateA<>gateB|192.168.16.0/24(netB) ConnectwithSSHusingthetunneloptionw. ConfiguretheIPaddressesofthetunnel.Onceontheserverandonceontheclient. Addtheroutingforthetwonetworks. Ifnecessary,activateNATontheprivateinterfaceofthegate. ThesetupisstartedfromgateAinnetA. Conne ctfr omgate Atogate B ConnectionisstartedfromgateAandcommandsareexecutedongateB. gateBisonLinux
g a t e A > #s s hw 5 : 5r o o t @ g a t e B g a t e B > #i f c o n f i gt u n 51 0 . 0 . 1 . 1n e t m a s k2 5 5 . 2 5 5 . 2 5 5 . 2 5 2#E x e c u t e do nt h eg a t e Bs h e l l g a t e B > #r o u t ea d dn e t1 9 2 . 1 6 8 . 5 1 . 0n e t m a s k2 5 5 . 2 5 5 . 2 5 5 . 0d e vt u n 5 g a t e B > #e c h o1>/ p r o c / s y s / n e t / i p v 4 / i p _ f o r w a r d #O n l yn e e d e di fn o td e f a u l tg w g a t e B > #i p t a b l e stn a tAP O S T R O U T I N Goe t h 0jM A S Q U E R A D E

gateBisonFreeBSD
g a t e A > #s s hw 5 : 5r o o t @ g a t e B g a t e B > #i f c o n f i gt u n 51 0 . 0 . 1 . 11 0 . 0 . 1 . 2 g a t e B > #r o u t ea d d1 9 2 . 1 6 8 . 5 1 . 0 / 2 41 0 . 0 . 1 . 2 g a t e B > #s y s c t ln e t . i n e t . i p . f o r w a r d i n g = 1 g a t e B > #n a t dsmud y n a m i cnf x p 0 #C r e a t e st h et u n 5d e v i c e s #E x e c u t e do nt h eg a t e Bs h e l l #O n l yn e e d e di fn o td e f a u l tg w #s e eN A T

cb.vu/unixtoolbox.xhtml#loadstats

23/49

11/20/13

Unix Toolbox

g a t e A > #s y s c t ln e t . i n e t . i p . f w . e n a b l e = 1

Configur e gate A CommandsexecutedongateA: gateAisonLinux


g a t e A > #i f c o n f i gt u n 51 0 . 0 . 1 . 2n e t m a s k2 5 5 . 2 5 5 . 2 5 5 . 2 5 2 g a t e A > #r o u t ea d dn e t1 9 2 . 1 6 8 . 1 6 . 0n e t m a s k2 5 5 . 2 5 5 . 2 5 5 . 0d e vt u n 5 g a t e A > #e c h o1>/ p r o c / s y s / n e t / i p v 4 / i p _ f o r w a r d g a t e A > #i p t a b l e stn a tAP O S T R O U T I N Goe t h 0jM A S Q U E R A D E

gateAisonFreeBSD
g a t e A > #i f c o n f i gt u n 51 0 . 0 . 1 . 21 0 . 0 . 1 . 1 g a t e A > #r o u t ea d d1 9 2 . 1 6 8 . 1 6 . 0 / 2 41 0 . 0 . 1 . 2 g a t e A > #s y s c t ln e t . i n e t . i p . f o r w a r d i n g = 1 g a t e A > #n a t dsmud y n a m i cnf x p 0 g a t e A > #s y s c t ln e t . i n e t . i p . f w . e n a b l e = 1

#s e eN A T

ThetwoprivatenetworksarenowtransparentlyconnectedviatheSSHVPN.TheIPforwardandNAT settingsareonlynecessaryifthegatesarenotthedefaultgateways.Inthiscasetheclientswouldnot knowwheretoforwardtheresponse,andnatmustbeactivated.

7 R S YNC
Rsync can almost completely replace cp and scp, furthermore interrupted transfers are efficiently restarted.Atrailingslash(andtheabsencethereof)hasdifferentmeanings,themanpageisgood... Heresomeexamples: Copythedirectorieswithfullcontent:
#r s y n ca/ h o m e / c o l i n // b a c k u p / c o l i n / #" a r c h i v e "m o d e .e . gk e e pt h es a m e #r s y n ca/ v a r // v a r _ b a k / #r s y n ca Rd e l e t e d u r i n g/ h o m e / u s e r // b a c k u p / #u s er e l a t i v e( s e eb e l o w ) #/ o p t / l o c a l / b i n / r s y n ca z vi c o n v = U T F 8 M A C , U T F 8~ / M u s i c / f l a c /m e @ s e r v e r : / d s t / #c o n v e r tf i l e n a m e sO S XU T F 8t oW i n d o w sU T F 8

Same as before but over the network and with compression. Rsync uses SSH for the transport per defaultandwillusethesshkeyiftheyareset.Use":"aswithSCP.Atypicalremotecopy:
#r s y n ca x S R z v/ h o m e / u s e r /u s e r @ s e r v e r : / b a c k u p / u s e r /#C o p yt or e m o t e #r s y n ca' u s e r @ s e r v e r : M y \D o c u m e n t s 'M y \D o c u m e n t s #Q u o t eA N De s c a p es p a c e sf o rt h er e m o t es h e l l

Excludeanydirectorytmpwithin/home/user/andkeeptherelativefoldershierarchy,thatistheremote directorywillhavethestructure/backup/home/user/.Thisistypicallyusedforbackups.
#r s y n ca z Re x c l u d e = t m p // h o m e / u s e r /u s e r @ s e r v e r : / b a c k u p /

Useport20022forthesshconnection:
#r s y n ca ze' s s hp2 0 0 2 2 '/ h o m e / c o l i n /u s e r @ s e r v e r : / b a c k u p / c o l i n /

Using the rsync daemon (used with "::") is much faster, but not encrypted over ssh. The location of /backupisdefinedbytheconfigurationin/etc/rsyncd.conf.ThevariableRSYNC_PASSWORDcanbe settoavoidtheneedtoenterthepasswordmanually.
#r s y n ca x S R z/ h o m e /r u s e r @ h o s t n a m e : : r m o d u l e / b a c k u p / #r s y n ca x S R zr u s e r @ h o s t n a m e : : r m o d u l e / b a c k u p // h o m e / #T oc o p yb a c k

Someimportantoptions:
a ,a r c h i v e archivemodesameasrlptgoD(noH) r ,r e c u r s i v e recurseintodirectories R ,r e l a t i v e userelativepathnames H ,h a r d l i n k s preservehardlinks S ,s p a r s e handlesparsefilesefficiently x ,o n e f i l e s y s t e m don'tcrossfilesystemboundaries e x c l u d e = P A T T E R N excludefilesmatchingPATTERN d e l e t e d u r i n g receiverdeletesduringxfer,notbefore d e l e t e a f t e r receiverdeletesaftertransfer,notbefore

7. 1 Rsync on W indows
Rsync is available for Windows through cygwin or as standalone packaged in cwrsynchttp://sourcef orge.net/projects/sereds . This is very convenient for automated backups. Install one of them
cb.vu/unixtoolbox.xhtml#loadstats 24/49

11/20/13

Unix Toolbox

(not both) and add the path to the Windows system variables: # Control Panel > System > tab Advanced,buttonEnvironmentVariables.Editthe"Path"systemvariableandaddthefullpathtothe installedrsync,e.g.C:\ProgramFiles\cwRsync\binorC:\cygwin\bin.Thiswaythecommands r s y n c and s s h areavailableinaWindowscommandshell. Publicke yauthe ntication Rsync is automatically tunneled over SSH and thus uses the SSH authentication on the server. Automaticbackupshavetoavoidauserinteraction,forthistheSSHpublickeyauthenticationcanbe usedandthersynccommandwillrunwithoutapassword. AllthefollowingcommandsareexecutedwithinaWindowsconsole.Inaconsole(Start>Run>cmd) createanduploadthekeyasdescribedinSSH,change"user"and"server"asappropriate.Ifthefile authorized_keys2doesnotexistyet,simplycopyid_dsa.pubtoauthorized_keys2anduploadit.
#s s h k e y g e ntd s aN' ' #C r e a t e sap u b l i ca n dap r i v a t ek e y #r s y n cu s e r @ s e r v e r : . s s h / a u t h o r i z e d _ k e y s 2.#C o p yt h ef i l el o c a l l yf r o mt h es e r v e r #c a ti d _ d s a . p u b> >a u t h o r i z e d _ k e y s 2 #O ru s ea ne d i t o rt oa d dt h ek e y #r s y n ca u t h o r i z e d _ k e y s 2u s e r @ s e r v e r : . s s h / #C o p yt h ef i l eb a c kt ot h es e r v e r #d e la u t h o r i z e d _ k e y s 2 #R e m o v et h el o c a lc o p y

Nowtestitwith(inoneline):
r s y n cr v" / c y g d r i v e / c / D o c u m e n t sa n dS e t t i n g s / % U S E R N A M E % / M yD o c u m e n t s / "\ ' u s e r @ s e r v e r : M y \D o c u m e n t s / '

Automaticbackup Use a batch file to automate the backup and add the file in the scheduled tasks (Programs > Accessories>SystemTools>ScheduledTasks).Forexamplecreatethefilebackup.batandreplace user@server.
@ E C H OO F F R E Mr s y n ct h ed i r e c t o r yM yD o c u m e n t s S E T L O C A L S E TC W R S Y N C H O M E = C : \ P R O G R A MF I L E S \ C W R S Y N C S E TC Y G W I N = n o n t s e c S E TC W O L D P A T H = % P A T H % R E Mu n c o m m e n tt h en e x tl i n ew h e nu s i n gc y g w i n S E TP A T H = % C W R S Y N C H O M E % \ B I N ; % P A T H % e c h oP r e s sC o n t r o l Ct oa b o r t r s y n ca v" / c y g d r i v e / c / D o c u m e n t sa n dS e t t i n g s / % U S E R N A M E % / M yD o c u m e n t s / "\ ' u s e r @ s e r v e r : M y \D o c u m e n t s / ' p a u s e

8 S UD O
Sudoisastandardwaytogiveuserssomeadministrativerightswithoutgivingouttherootpassword. Sudo is very useful in a multi user environment with a mix of server and workstations. Simply call the commandwithsudo:
#s u d o/ e t c / i n i t . d / d h c p dr e s t a r t #s u d ous y s a d m i nw h o a m i #R u nt h er cs c r i p ta sr o o t #R u nc m da sa no t h e ru s e r

8. 1 Configur at ion
Sudoisconfiguredin / e t c / s u d o e r s andmustonlybeeditedwith v i s u d o .Thebasicsyntaxis(thelists arecommaseparated):
u s e rh o s t s=( r u n a s )c o m m a n d s #I n/ e t c / s u d o e r s

u s e r s oneormoreusersor%group(like%wheel)togaintherights h o s t s listofhosts(orALL) r u n a s listofusers(orALL)thatthecommandrulecanberunas.Itisenclosedin()! c o m m a n d s listofcommands(orALL)thatwillberunasrootoras(runas)

Additionally those keywords can be defined as alias, they are called User_Alias, Host_Alias, Runas_AliasandCmnd_Alias.Thisisusefulforlargersetups.Hereasudoersexample:
#c a t/ e t c / s u d o e r s #H o s ta l i a s e sa r es u b n e t so rh o s t n a m e s . H o s t _ A l i a s D M Z =2 1 2 . 1 1 8 . 8 1 . 4 0 / 2 8 H o s t _ A l i a s D E S K T O P=w o r k 1 ,w o r k 2 #U s e ra l i a s e sa r eal i s to fu s e r sw h i c hc a nh a v et h es a m er i g h t s U s e r _ A l i a s A D M I N S =c o l i n ,l u c a ,a d m i n

cb.vu/unixtoolbox.xhtml#loadstats

25/49

11/20/13

Unix Toolbox

U s e r _ A l i a s D E V E L R u n a s _ A l i a s D B A

=j o e ,j a c k ,j u l i a =o r a c l e , p g s q l

#C o m m a n da l i a s e sd e f i n et h ef u l lp a t ho fal i s to fc o m m a n d s C m n d _ A l i a s S Y S T E M =/ s b i n / r e b o o t , / u s r / b i n / k i l l , / s b i n / h a l t , / s b i n / s h u t d o w n , / e t c / i n i t . d / C m n d _ A l i a s P W =/ u s r / b i n / p a s s w d[ A z ] * ,! / u s r / b i n / p a s s w dr o o t#N o tr o o tp w d ! C m n d _ A l i a s D E B U G =/ u s r / s b i n / t c p d u m p , / u s r / b i n / w i r e s h a r k , / u s r / b i n / n m a p #T h ea c t u a lr u l e s r o o t , A D M I N S A L L =( A L L )N O P A S S W D :A L L #A D M I N Sc a nd oa n y t h i n gw / oap a s s w o r d . D E V E L D E S K T O P=( A L L )N O P A S S W D :A L L #D e v e l o p e r sh a v ef u l lr i g h to nd e s k t o p s D E V E L D M Z =( A L L )N O P A S S W D :D E B U G #D e v e l o p e r sc a nd e b u gt h eD M Zs e r v e r s . #U s e rs y s a d m i nc a nm e s sa r o u n di nt h eD M Zs e r v e r sw i t hs o m ec o m m a n d s . s y s a d m i n D M Z =( A L L )N O P A S S W D :S Y S T E M , P W , D E B U G s y s a d m i n A L L , ! D M Z=( A L L )N O P A S S W D :A L L #C a nd oa n y t h i n go u t s i d et h eD M Z . % d b a A L L =( D B A )A L L #G r o u pd b ac a nr u na sd a t a b a s eu s e r . #a n y o n ec a nm o u n t / u n m o u n tac d r o mo nt h ed e s k t o pm a c h i n e s A L L D E S K T O P=N O P A S S W D :/ s b i n / m o u n t/ c d r o m , / s b i n / u m o u n t/ c d r o m

9 E NC R YP T F I L E S
9. 1 OpenSSL
Asingle file Encryptanddecrypt:
#o p e n s s la e s 1 2 8 c b cs a l ti nf i l eo u tf i l e . a e s #o p e n s s la e s 1 2 8 c b cds a l ti nf i l e . a e so u tf i l e

Notethatthefilecanofcoursebeatararchive. tar ande ncr yptawhole dir e ctor y


#t a rc f-d i r e c t o r y|o p e n s s la e s 1 2 8 c b cs a l to u td i r e c t o r y . t a r . a e s #o p e n s s la e s 1 2 8 c b cds a l ti nd i r e c t o r y . t a r . a e s|t a rxf#E n c r y p t #D e c r y p t

tar zipande ncr yptawhole dir e ctor y


#t a rz c f-d i r e c t o r y|o p e n s s la e s 1 2 8 c b cs a l to u td i r e c t o r y . t a r . g z . a e s #E n c r y p t #o p e n s s la e s 1 2 8 c b cds a l ti nd i r e c t o r y . t a r . g z . a e s|t a rx zf#D e c r y p t

Usekmysecretpasswordafteraes128cbctoavoidtheinteractivepasswordrequest.However notethatthisishighlyinsecure. Useaes256cbcinsteadofaes128cbctogetevenstrongerencryption.Thisusesalsomore CPU.

9. 2 GPG
GnuPGiswellknowntoencryptandsignemailsoranydata.Furthermoregpgandalsoprovidesan advancedkeymanagementsystem.Thissectiononlycoversfilesencryption,notemailusage,signing ortheWebOfTrust. The simplest encryption is with a symmetric cipher. In this case the file is encrypted with a password and anyone who knows the password can decrypt it, thus the keys are not needed. Gpg adds an extention".gpg"totheencryptedfilenames.
#g p gcf i l e #g p gf i l e . g p g #E n c r y p tf i l ew i t hp a s s w o r d #D e c r y p tf i l e( o p t i o n a l l yoo t h e r f i l e )

Usingke ys For more details see GPG Quick Starthttp://www.madboa.com/geek/gpgquickstart and GPG/PGP Basicshttp://aplawrence.com/Basics/gpg.htmlandthegnupgdocumentationhttp://gnupg.org/documentationamongothers. Theprivateandpublickeysaretheheartofasymmetriccryptography.Whatisimportanttoremember: Yourpublickeyisusedby otherstoencryptfilesthatonlyyouasthereceivercandecrypt(not even the one who encrypted the file can decrypt it). The public key is thus meant to be distributed. Your private key is encrypted with your passphrase and is used to decrypt files which were encrypted with your public key. The private key must be kept secure . Also if the key or passphraseislost,soareallthefilesencryptedwithyourpublickey. Thekeyfilesarecalledkeyringsastheycancontainmorethanonekey.
cb.vu/unixtoolbox.xhtml#loadstats 26/49

11/20/13

Unix Toolbox

Firstgenerateakeypair.Thedefaultsarefine,howeveryouwillhavetoenteratleastyourfullname andemailandoptionallyacomment.Thecommentisusefultocreatemorethanonekeywiththesame nameandemail.Alsoyoushouldusea"passphrase",notasimplepassword.


#g p gg e n k e y #T h i sc a nt a k eal o n gt i m e

Thekeysarestoredin~/.gnupg/onUnix,onWindowstheyaretypicallystoredin C:/DocumentsandSettings/%USERNAME%/ApplicationData/gnupg/.
~ / . g n u p g / p u b r i n g . g p g ~ / . g n u p g / s e c r i n g . g p g #C o n t a i n sy o u rp u b l i ck e y sa n da l lo t h e r si m p o r t e d #C a nc o n t a i nm o r et h a no n ep r i v a t ek e y

Shortreminderonmostusedoptions: e encryptdata ddecryptdata r NAMEencryptforrecipientNAME(or'FullName'or'email@domain') acreateasciiarmoredoutputofakey ouseasoutputfile The examples use 'Your Name' and 'Alice' as the keys are referred to by the email or full name or partialname.ForexampleIcanuse'Colin'or'c@cb.vu'formykey[ColinBarschel(cb.vu)<c@cb.vu>]. Encr yptfor pe r sonaluse only Noneedtoexport/importanykeyforthis.Youhavebothalready.
#g p ger' Y o u rN a m e 'f i l e #g p gof i l edf i l e . g p g #E n c r y p tw i t hy o u rp u b l i ck e y #D e c r y p t .U s eoo ri tg o e st os t d o u t

Encr yptDe cr yptwithke ys Firstyouneedtoexportyourpublickeyforsomeoneelsetouseit.Andyouneedtoimportthepublic say from Alice to encrypt a file for her. You can either handle the keys in simple ascii files or use a publickeyserver. ForexampleAliceexportherpublickeyandyouimportit,youcanthenencryptafileforher.Thatis onlyAlicewillbeabletodecryptit.
#g p gaoa l i c e k e y . a s ce x p o r t' A l i c e ' #A l i c ee x p o r t e dh e rk e yi na s c i if i l e . #g p gs e n d k e y sk e y s e r v e rs u b k e y s . p g p . n e tK E Y I D #A l i c ep u th e rk e yo nas e r v e r . #g p gi m p o r ta l i c e k e y . a s c #Y o ui m p o r th e rk e yi n t oy o u rp u b r i n g . #g p gs e a r c h k e y sk e y s e r v e rs u b k e y s . p g p . n e t' A l i c e '#o rg e th e rk e yf r o mas e r v e r .

Oncethekeysareimporteditisveryeasytoencryptordecryptafile:
#g p ger' A l i c e 'f i l e #g p gdf i l e . g p gof i l e #E n c r y p tt h ef i l ef o rA l i c e . #D e c r y p taf i l ee n c r y p t e db yA l i c ef o ry o u .

Ke yadministr ation
#g p gl i s t k e y s T h eK E Y I Df o l l o w st h e' / 'e . g .f o r :p u b #g p gg e n r e v o k e' Y o u rN a m e ' #g p gl i s t s e c r e t k e y s #g p gd e l e t e k e y sN A M E #g p gd e l e t e s e c r e t k e yN A M E #g p gf i n g e r p r i n tK E Y I D #g p ge d i t k e yK E Y I D #l i s tp u b l i ck e y sa n ds e et h eK E Y I D S 1 0 2 4 D / D 1 2 B 7 7 C Et h eK E Y I Di sD 1 2 B 7 7 C E #g e n e r a t er e v o c a t i o nc e r t i f i c a t e #l i s tp r i v a t ek e y s #d e l e t eap u b l i ck e yf r o ml o c a lk e yr i n g #d e l e t eas e c r e tk e yf r o ml o c a lk e yr i n g #S h o wt h ef i n g e r p r i n to ft h ek e y #E d i tk e y( e . gs i g no ra d d / d e le m a i l )

1 0 E NC R YP T P A R T I T I O NS
LinuxwithLUKS|Linuxdmcryptonly|FreeBSDGELI|FBSDpwdonly|OSXimage Thereare(many)otheralternativemethodstoencryptdisks,IonlyshowherethemethodsIknowand use. Keep in mind that the security is only good as long the OS has not been tempered with. An intruder could easily record the password from the keyboard events. Furthermore the data is freely accessible when the partition is attached and will not prevent an intruder to have access to it in this state.

10. 1 Linux
ThoseinstructionsusetheLinux d m c r y p t (devicemapper) facility available on the 2.6 kernel. In this example,letsencryptthepartition / d e v / s d c 1 ,itcouldbehoweveranyotherpartitionordisk,orUSBor a file based partition created with l o s e t u p . In this case we would use / d e v / l o o p 0 . See file image
cb.vu/unixtoolbox.xhtml#loadstats 27/49

11/20/13

Unix Toolbox

partition.Thedevicemapperuseslabelstoidentifyapartition.Weuses d c 1 inthisexample,butitcould beanystring. dmcr yptwithLUKS LUKS with dmcrypt has better encryption and makes it possible to have multiple passphrase for the samepartitionortochangethepasswordeasily.TotestifLUKSisavailable,simplytype # c r y p t s e t u p h e l p , if nothing about LUKS shows up, use the instructions below Without LUKS. First create a partitionifnecessary:f d i s k/ d e v / s d c . Createencryptedpartition
#d di f = / d e v / u r a n d o mo f = / d e v / s d c 1 #c r y p t s e t u pyl u k s F o r m a t/ d e v / s d c 1 #c r y p t s e t u pl u k s O p e n/ d e v / s d c 1s d c 1 #m k f s . e x t 3/ d e v / m a p p e r / s d c 1 #m o u n tte x t 3/ d e v / m a p p e r / s d c 1/ m n t #u m o u n t/ m n t #c r y p t s e t u pl u k s C l o s es d c 1 #O p t i o n a l .F o rp a r a n o i d so n l y( t a k e sd a y s ) #T h i sd e s t r o y sa n yd a t ao ns d c 1 #c r e a t ee x t 3f i l es y s t e m #D e t a c ht h ee n c r y p t e dp a r t i t i o n

Attach
#c r y p t s e t u pl u k s O p e n/ d e v / s d c 1s d c 1 #m o u n tte x t 3/ d e v / m a p p e r / s d c 1/ m n t

Detach
#u m o u n t/ m n t #c r y p t s e t u pl u k s C l o s es d c 1

dmcr yptwithoutLUKS
#c r y p t s e t u pyc r e a t es d c 1/ d e v / s d c 1 #d m s e t u pl s #m k f s . e x t 3/ d e v / m a p p e r / s d c 1 #m o u n tte x t 3/ d e v / m a p p e r / s d c 1/ m n t #u m o u n t/ m n t / #c r y p t s e t u pr e m o v es d c 1 #o ra n yo t h e rp a r t i t i o nl i k e/ d e v / l o o p 0 #c h e c ki t ,w i l ld i s p l a y :s d c 1( 2 5 4 ,0 ) #T h i si sd o n eo n l yt h ef i r s tt i m e ! #D e t a c ht h ee n c r y p t e dp a r t i t i o n

Doexactlythesame(withoutthemkfspart!)toreattachthepartition.Ifthepasswordisnotcorrect,the mountcommandwillfail.Inthiscasesimplyremovethemapsdc1(c r y p t s e t u pr e m o v es d c 1 )andcreate itagain.

10. 2 Fr eeBSD
The two popular FreeBSD disk encryption modules are g b d e and g e l i . I now use geli because it is faster and also uses the crypto device for hardware acceleration. See The FreeBSD handbook Chapter18.6http://www.f reebsd.org/handbook/disksencry pting.htmlforallthedetails.Thegelimodulemustbeloadedor compiledintothekernel:
o p t i o n sG E O M _ E L I d e v i c ec r y p t o #e c h o' g e o m _ e l i _ l o a d = " Y E S " '> >/ b o o t / l o a d e r . c o n f #o ra sm o d u l e : #o rd o :k l d l o a dg e o m _ e l i

Use passwor dandke y Iusethosesettingsforatypicaldiskencryption,itusesapassphraseANDakeytoencryptthemaster key.Thatisyouneedboththepasswordandthegeneratedkey / r o o t / a d 1 . k e y toattachthepartition. Themasterkeyisstoredinsidethepartitionandisnotvisible.SeebelowfortypicalUSBorfilebased image. Createencryptedpartition


#d di f = / d e v / r a n d o mo f = / r o o t / a d 1 . k e yb s = 6 4c o u n t = 1 #g e l ii n i ts4 0 9 6K/ r o o t / a d 1 . k e y/ d e v / a d 1 #g e l ia t t a c hk/ r o o t / a d 1 . k e y/ d e v / a d 1 #d di f = / d e v / r a n d o mo f = / d e v / a d 1 . e l ib s = 1 m #n e w f s/ d e v / a d 1 . e l i #m o u n t/ d e v / a d 1 . e l i/ m n t #t h i sk e ye n c r y p t st h em a t e rk e y #s8 1 9 2i sa l s oO Kf o rd i s k s #D Om a k eab a c k u po f/ r o o t / a d 1 . k e y #O p t i o n a la n dt a k e sal o n gt i m e #C r e a t ef i l es y s t e m

Attach
#g e l ia t t a c hk/ r o o t / a d 1 . k e y/ d e v / a d 1 #f s c kn ytf f s/ d e v / a d 1 . e l i #m o u n t/ d e v / a d 1 . e l i/ m n t #I nd o u b tc h e c kt h ef i l es y s t e m

cb.vu/unixtoolbox.xhtml#loadstats

28/49

11/20/13

Unix Toolbox

Detach Thedetachprocedureisdoneautomaticallyonshutdown.
#u m o u n t/ m n t #g e l id e t a c h/ d e v / a d 1 . e l i

/etc/fstab The encrypted partition can be configured to be mounted with /etc/fstab. The password will be promptedwhenbooting.Thefollowingsettingsarerequiredforthisexample:
#g r e pg e l i/ e t c / r c . c o n f g e l i _ d e v i c e s = " a d 1 " g e l i _ a d 1 _ f l a g s = " k/ r o o t / a d 1 . k e y " #g r e pg e l i/ e t c / f s t a b / d e v / a d 1 . e l i / h o m e / p r i v a t e

u f s

r w

Use passwor donly ItismoreconvenienttoencryptaUSBstickorfilebasedimagewithapassphraseonlyandnokey.In this case it is not necessary to carry the additional key file around. The procedure is very much the sameasabove,simplywithoutthekeyfile.Let'sencryptafilebasedimage/ c r y p t e d f i l e of1GB.
#d di f = / d e v / z e r oo f = / c r y p t e d f i l eb s = 1 Mc o u n t = 1 0 0 0 #1G Bf i l e #m d c o n f i ga tv n o d ef/ c r y p t e d f i l e #g e l ii n i t/ d e v / m d 0 #e n c r y p t sw i t hp a s s w o r do n l y #g e l ia t t a c h/ d e v / m d 0 #n e w f sUm0/ d e v / m d 0 . e l i #m o u n t/ d e v / m d 0 . e l i/ m n t #u m o u n t/ d e v / m d 0 . e l i #g e l id e t a c hm d 0 . e l i

Itisnowpossibletomountthisimageonanothersystemwiththepasswordonly.
#m d c o n f i ga tv n o d ef/ c r y p t e d f i l e #g e l ia t t a c h/ d e v / m d 0 #m o u n t/ d e v / m d 0 . e l i/ m n t

10. 1 OS X Encr ypt ed Disk Image


Don'tknowbycommandlineonly.SeeOSXEncryptedDisk Imagehttps://wiki.thay er.dartmouth.edu/display /computing/Creating+a+Mac+OS+X+Encry pted+Disk+ImageandApple supporthttp://support.apple.com/kb/ht1578

1 1 S S L CE RT IF ICAT E S
SocalledSSL/TLScertificatesarecryptographicpublickeycertificatesandarecomposedofapublic andaprivatekey.Thecertificatesareusedtoauthenticatetheendpointsandencryptthedata.They areusedforexampleonawebserver(https)ormailserver(imaps).

11. 1 Pr ocedur e
Weneedacertificateauthoritytosignourcertificate.Thisstepisusuallyprovidedbyavendor likeThawte,Verisign,etc.,howeverwecanalsocreateourown. Createacertificatesigningrequest.Thisrequestislikeanunsignedcertificate(thepublicpart) and already contains all necessary information. The certificate request is normally sent to the authorityvendorforsigning.Thisstepalsocreatestheprivatekeyonthelocalmachine. Signthecertificatewiththecertificateauthority. If necessary join the certificate and the key in a single file to be used by the application (web server,mailserveretc.).

11. 2 Configur e OpenSSL


We use /usr/local/certs as directory for this example check or edit /etc/ssl/openssl.cnf accordingly to yoursettingssoyouknowwherethefileswillbecreated.Herearetherelevantpartofopenssl.cnf:
[C A _ d e f a u l t] d i r c e r t s c r l _ d i r d a t a b a s e =/ u s r / l o c a l / c e r t s / C A =$ d i r / c e r t s =$ d i r / c r l =$ d i r / i n d e x . t x t #W h e r ee v e r y t h i n gi sk e p t #W h e r et h ei s s u e dc e r t sa r ek e p t #W h e r et h ei s s u e dc r la r ek e p t #d a t a b a s ei n d e xf i l e .

Makesurethedirectoriesexistorcreatethem
cb.vu/unixtoolbox.xhtml#loadstats 29/49

11/20/13

Unix Toolbox

#m k d i rp/ u s r / l o c a l / c e r t s / C A #c d/ u s r / l o c a l / c e r t s / C A #m k d i rc e r t sc r ln e w c e r t sp r i v a t e #e c h o" 0 1 ">s e r i a l #t o u c hi n d e x . t x t

#O n l yi fs e r i a ld o e sn o te x i s t

If you intend to get a signed certificate from a vendor, you only need a certificate signing request (CSR).ThisCSRwillthenbesignedbythevendorforalimitedtime(e.g.1year).

11. 3 Cr eat e a cer t ificat e aut hor it y


Ifyoudonothaveacertificateauthorityfromavendor,you'llhavetocreateyourown.Thisstepisnot necessaryifoneintendtouseavendortosigntherequest.Tomakeacertificateauthority(CA):
#o p e n s s lr e qn e wx 5 0 9d a y s7 3 0c o n f i g/ e t c / s s l / o p e n s s l . c n f\ k e y o u tC A / p r i v a t e / c a k e y . p e mo u tC A / c a c e r t . p e m

11. 4 Cr eat e a cer t ificat e signing r equest


Tomakeanewcertificate(formailserverorwebserverforexample),firstcreatearequestcertificate withitsprivatekey.Ifyourapplicationdonotsupportencryptedprivatekey(forexampleUWIMAPdoes not),thendisableencryptionwithn o d e s .
#o p e n s s lr e qn e wk e y o u tn e w k e y . p e mo u tn e w r e q . p e m\ c o n f i g/ e t c / s s l / o p e n s s l . c n f #o p e n s s lr e qn o d e sn e wk e y o u tn e w k e y . p e mo u tn e w r e q . p e m\ c o n f i g/ e t c / s s l / o p e n s s l . c n f #N oe n c r y p t i o nf o rt h ek e y

KeepthiscreatedCSR(n e w r e q . p e m )asitcanbesignedagainatthenextrenewal,thesignatureonlt willlimitthevalidityofthecertificate.Thisprocessalsocreatedtheprivatekeyn e w k e y . p e m .

11. 5 Sign t he cer t ificat e


ThecertificaterequesthastobesignedbytheCAtobevalid,thisstepisusuallydonebythevendor. Note:replace"servername"withthenameofyourserverinthenextcommands.
#c a tn e w r e q . p e mn e w k e y . p e m>n e w . p e m #o p e n s s lc ap o l i c yp o l i c y _ a n y t h i n go u ts e r v e r n a m e c e r t . p e m\ c o n f i g/ e t c / s s l / o p e n s s l . c n fi n f i l e sn e w . p e m #m vn e w k e y . p e ms e r v e r n a m e k e y . p e m

Nowservernamekey.pemistheprivatekeyandservernamecert.pemistheservercertificate.

11. 6 Cr eat e unit ed cer t ificat e


TheIMAPserverwantstohavebothprivatekeyandservercertificateinthesamefile.Andingeneral, this is also easier to handle, but the file has to be kept securely!. Apache also can deal with it well. Createafileservername.pemcontainingboththecertificateandkey. Open the private key (servernamekey.pem) with a text editor and copy the private key into the "servername.pem"file. Dothesamewiththeservercertificate(servernamecert.pem). Thefinalservername.pemfileshouldlooklikethis:
B E G I NR S AP R I V A T EK E Y M I I C X Q I B A A K B g Q D u t W y + o / X Z / [ . . . ] q K 5 L q Q g T 3 c 9 d U 6 f c R + W u S s 6 a e j d E D D q B R Q E N DR S AP R I V A T EK E Y B E G I NC E R T I F I C A T E M I I E R z C C A 7 C g A w I B A g I B B D A N B [ . . . ] i G 9 w 0 B A Q Q F A D C B x T E L M A k G A 1 U E B h M C R E U x E N DC E R T I F I C A T E -

Whatwehavenowinthedirectory/usr/local/certs/: CA/private/cakey.pem(CAserverprivatekey) CA/cacert.pem(CAserverpublickey) certs/servernamekey.pem(serverprivatekey) certs/servernamecert.pem(serversignedcertificate) certs/servername.pem(servercertificatewithprivatekey) Keeptheprivatekeysecure!

cb.vu/unixtoolbox.xhtml#loadstats

30/49

11/20/13

Unix Toolbox

11. 7 View cer t ificat e infor mat ion


Toviewthecertificateinformationsimplydo:
#o p e n s s lx 5 0 9t e x ti ns e r v e r n a m e c e r t . p e m #o p e n s s lr e qn o o u tt e x ti ns e r v e r . c s r #o p e n s s ls _ c l i e n tc o n n e c tc b . v u : 4 4 3 #V i e wt h ec e r t i f i c a t ei n f o #V i e wt h er e q u e s ti n f o #C h e c kaw e bs e r v e rc e r t i f i c a t e

1 2 C VS
Serversetup|CVStest|SSHtunneling|CVSusage

12. 1 Ser ver set up


Initiate the CVS Decidewherethemainrepositorywillrestandcreatearootcvs.Forexample/usr/local/cvs(asroot):
#m k d i rp/ u s r / l o c a l / c v s #s e t e n vC V S R O O T/ u s r / l o c a l / c v s #c v si n i t #c d/ r o o t #c v sc h e c k o u tC V S R O O T #c dC V S R O O T e d i tc o n f i g(f i n ea si ti s ) #c v sc o m m i tc o n f i g c a t> >w r i t e r s c o l i n ^ D #c v sa d dw r i t e r s #c v se d i tc h e c k o u t l i s t #c a t> >c h e c k o u t l i s t w r i t e r s ^ D #c v sc o m m i t #S e tC V S R O O Tt ot h en e wl o c a t i o n( l o c a l ) #C r e a t e sa l li n t e r n a lC V Sc o n f i gf i l e s #C h e c k o u tt h ec o n f i gf i l e st om o d i f yt h e m

#C r e a t eaw r i t e r sf i l e( o p t i o n a l l ya l s or e a d e r s ) #U s e[ C o n t r o l ] [ D ]t oq u i tt h ee d i t #A d dt h ef i l ew r i t e r si n t ot h er e p o s i t o r y

#U s e[ C o n t r o l ] [ D ]t oq u i tt h ee d i t #C o m m i ta l lt h ec o n f i g u r a t i o nc h a n g e s

Adda readersfileifyouwanttodifferentiatereadandwritepermissions Note:Donot(ever)editfiles directlyintothemaincvs,butrathercheckoutthefile,modifyitandcheckitin.Wedidthiswiththefile writerstodefinethewriteaccess. There are three popular ways to access the CVS at this point. The first two don't need any further configuration.SeetheexamplesonCVSROOTbelowforhowtousethem: Direct local access to the file system. The user(s) need sufficient file permission to access the CSdirectlyandthereisnofurtherauthenticationinadditiontotheOSlogin.Howeverthisisonly usefuliftherepositoryislocal. Remoteaccesswithsshwiththeextprotocol.Anyusewithansshshellaccountandread/write permissions on the CVS server can access the CVS directly with ext over ssh without any additionaltunnel.ThereisnoserverprocessrunningontheCVSforthistowork.Thesshlogin doestheauthentication. Remote access with pserver (default port: 2401/tcp). This is the preferred use for larger user baseastheusersareauthenticatedbytheCVSpserverwithadedicatedpassworddatabase, thereisthereforenoneedforlocalusersaccounts.Thissetupisexplainedbelow. Ne twor kse tupwithine td TheCVScanberunlocallyonlyifanetworkaccessisnotneeded.Foraremoteaccess,thedaemon inetdcanstartthepserverwiththefollowinglinein/etc/inetd.conf(/etc/xinetd.d/cvsonSuSE):
c v s p s e r v e r s t r e a m t c p n o w a i t c v s / u s r / b i n / c v s a l l o w r o o t = / u s r / l o c a l / c v sp s e r v e r c v s\

ItisagoodideatoblockthecvsportfromtheInternetwiththefirewallanduseansshtunneltoaccess therepositoryremotely. Se par ate authe ntication ItispossibletohavecvsuserswhicharenotpartoftheOS(nolocalusers).Thisisactuallyprobably wanted too from the security point of view. Simply add a file named passwd (in the CVSROOT directory) containing the users login and password in the crypt format. This is can be done with the apachehtpasswdtool. Note:ThispasswdfileistheonlyfilewhichhastobeediteddirectlyintheCVSROOTdirectory.Alsoit won'tbecheckedout.Moreinfowithhtpasswdhelp
#h t p a s s w dc bp a s s w du s e r 1p a s s w o r d 1 #cc r e a t e st h ef i l e #h t p a s s w dbp a s s w du s e r 2p a s s w o r d 2
cb.vu/unixtoolbox.xhtml#loadstats 31/49

11/20/13

Unix Toolbox

Nowadd: c v s attheendofeachlinetotellthecvsservertochangetheusertocvs(orwhateveryour cvsserverisrunningunder).Itlookslikethis:


#c a tp a s s w d u s e r 1 : x s F j h U 2 2 u 8 F u o : c v s u s e r 2 : v n e f J O s n n v T o M : c v s

12. 2 Test it
Testtheloginasnormaluser(forexamplehereme)
#c v sd: p s e r v e r : c o l i n @ 1 9 2 . 1 6 8 . 5 0 . 2 5 4 : / u s r / l o c a l / c v sl o g i n L o g g i n gi nt o: p s e r v e r : c o l i n @ 1 9 2 . 1 6 8 . 5 0 . 2 5 4 : 2 4 0 1 / u s r / l o c a l / c v s C V Sp a s s w o r d :

CVSROOTv ar iable This is an environment variable used to specify the location of the repository we're doing operations on. For local use, it can be just set to the directory of the repository. For use over the network, the transportprotocolmustbespecified.SettheCVSROOTvariablewiths e t e n vC V S R O O Ts t r i n g onacsh, tcshshell,orwithe x p o r tC V S R O O T = s t r i n g onash,bashshell.
#s e t e n vC V S R O O T: p s e r v e r : < u s e r n a m e > @ < h o s t > : / c v s d i r e c t o r y F o re x a m p l e : #s e t e n vC V S R O O T/ u s r / l o c a l / c v s #s e t e n vC V S R O O T: l o c a l : / u s r / l o c a l / c v s #s e t e n vC V S R O O T: e x t : u s e r @ c v s s e r v e r : / u s r / l o c a l / c v s #s e t e n vC V S _ R S Hs s h #s e t e n vC V S R O O T: p s e r v e r : u s e r @ c v s s e r v e r . 2 5 4 : / u s r / l o c a l / c v s #U s e dl o c a l l yo n l y #S a m ea sa b o v e #D i r e c ta c c e s sw i t hS S H #f o rt h ee x ta c c e s s #n e t w o r kw i t hp s e r v e r

Whentheloginsucceededonecanimportanewprojectintotherepository: cdintoyourprojectroot directory


c v si m p o r t< m o d u l en a m e >< v e n d o rt a g >< i n i t i a lt a g > c v sd: p s e r v e r : c o l i n @ 1 9 2 . 1 6 8 . 5 0 . 2 5 4 : / u s r / l o c a l / c v si m p o r tM y P r o j e c tM y C o m p a n yS T A R T

Where MyProject is the name of the new project in the repository (used later to checkout). Cvs will importthecurrentdirectorycontentintothenewproject. Tocheckout:
#c v sd: p s e r v e r : c o l i n @ 1 9 2 . 1 6 8 . 5 0 . 2 5 4 : / u s r / l o c a l / c v sc h e c k o u tM y P r o j e c t o r #s e t e n vC V S R O O T: p s e r v e r : c o l i n @ 1 9 2 . 1 6 8 . 5 0 . 2 5 4 : / u s r / l o c a l / c v s #c v sc h e c k o u tM y P r o j e c t

12. 3 SSH t unneling for CVS


Weneed2shellsforthis.Onthefirstshellweconnecttothecvsserverwithsshandportforwardthe cvsconnection.Onthesecondshellweusethecvsnormallyasifitwhererunninglocally. onshell1:
#s s hL 2 4 0 1 : l o c a l h o s t : 2 4 0 1c o l i n @ c v s _ s e r v e r #s s hL 2 4 0 1 : c v s _ s e r v e r : 2 4 0 1c o l i n @ g a t e w a y #C o n n e c td i r e c t l yt ot h eC V Ss e r v e r .O r : #U s eag a t e w a yt or e a c ht h eC V S

onshell2:
#s e t e n vC V S R O O T: p s e r v e r : c o l i n @ l o c a l h o s t : / u s r / l o c a l / c v s #c v sl o g i n L o g g i n gi nt o: p s e r v e r : c o l i n @ l o c a l h o s t : 2 4 0 1 / u s r / l o c a l / c v s C V Sp a s s w o r d : #c v sc h e c k o u tM y P r o j e c t / s r c

12. 4 CVS commands and usage


Impor t The import command is used to add a whole directory, it must be run from within the directory to be imported. Say the directory /devel/ contains all files and subdirectories to be imported. The directory nameontheCVS(themodule)willbecalled"myapp".
#c v si m p o r t[ o p t i o n s ]d i r e c t o r y n a m ev e n d o r t a gr e l e a s e t a g #c d/ d e v e l #M u s tb ei n s i d et h ep r o j e c tt oi m p o r ti t #c v si m p o r tm y a p pC o m p a n yR 1 _ 0 #R e l e a s et a gc a nb ea n y t h i n gi no n ew o r d

Afterawhileanewdirectory"/devel/tools/"wasaddedandithastobeimportedtoo.
#c d/ d e v e l / t o o l s #c v si m p o r tm y a p p / t o o l sC o m p a n yR 1 _ 0

cb.vu/unixtoolbox.xhtml#loadstats

32/49

11/20/13

Unix Toolbox

Che ckoutupdate addcommit


#c v sc om y a p p / t o o l s #c v sc orR 1 _ 1m y a p p #c v sqdu p d a t eP #c v su p d a t eA #c v sa d dn e w f i l e #c v sa d dk bn e w f i l e #c v sc o m m i tf i l e 1f i l e 2 #c v sc o m m i tm" m e s s a g e " #W i l lo n l yc h e c k o u tt h ed i r e c t o r yt o o l s #C h e c k o u tm y a p pa tr e l e a s eR 1 _ 1( i ss t i c k y ) #At y p i c a lC V Su p d a t e #R e s e ta n ys t i c k yt a g( o rd a t e ,o p t i o n ) #A d dan e wf i l e #A d dan e wb i n a r yf i l e #C o m m i tt h et w of i l e so n l y #C o m m i ta l lc h a n g e sd o n ew i t ham e s s a g e

Cr e ate apatch Itisbesttocreateandapplyapatchfromtheworkingdevelopmentdirectoryrelatedtotheproject,or fromwithinthesourcedirectory.


#c d/ d e v e l / p r o j e c t #d i f fN a u ro l d d i rn e w d i r>p a t c h f i l e#C r e a t eap a t c hf r o mad i r e c t o r yo raf i l e #d i f fN a u ro l d f i l en e w f i l e>p a t c h f i l e

Applyapatch Sometimes it is necessary to strip a directory level from the patch, depending how it was created. In caseofdifficulties,simplylookatthefirstlinesofthepatchandtryp0,p1orp2.
#c d/ d e v e l / p r o j e c t #p a t c hd r y r u np 0<p a t c h f i l e #p a t c hp 0<p a t c h f i l e #p a t c hp 1<p a t c h f i l e #T e s tt h ep a t hw i t h o u ta p p l y i n gi t #s t r i po f ft h e1 s tl e v e lf r o mt h ep a t h

1 3 S VN
Serversetup|SVN+SSH|SVNoverhttp|SVNusage Subversion(SVN)http://subv ersion.tigris.org/ isaversioncontrolsystemdesignedtobethesuccessorofCVS (ConcurrentVersionsSystem).TheconceptissimilartoCVS,butmanyshortcomingswhereimproved. SeealsotheSVNbookhttp://sv nbook.redbean.com/en/1.4/ .

13. 1 Ser ver set up


Theinitiationoftherepositoryisfairlysimple(hereforexample/ h o m e / s v n / mustexist):
#s v n a d m i nc r e a t ef s t y p ef s f s/ h o m e / s v n / p r o j e c t 1

Nowtheaccesstotherepositoryismadepossiblewith:
f i l e : / / Directfilesystemaccesswiththesvnclientwith.Thisrequireslocalpermissionsonthe

filesystem. s v n : / / or s v n + s s h : / / Remote access with the svnserve server (also over SSH). This requires localpermissionsonthefilesystem(defaultport:2690/tcp). h t t p : / / Remote access with webdav using apache. No local users are necessary for this method. Using the local file system, it is now possible to import and then check out an existing project. Unlike withCVSitisnotnecessarytocdintotheprojectdirectory,simplygivethefullpath:
#s v ni m p o r t/ p r o j e c t 1 /f i l e : / / / h o m e / s v n / p r o j e c t 1 / t r u n km' I n i t i a li m p o r t ' #s v nc h e c k o u tf i l e : / / / h o m e / s v n / p r o j e c t 1

Thenewdirectory"trunk"isonlyaconvention,thisisnotrequired. Re mote acce sswithssh No special setup is required to access the repository via ssh, simply replace f i l e : / / with s v n + s s h / h o s t n a m e .Forexample:
#s v nc h e c k o u ts v n + s s h : / / h o s t n a m e / h o m e / s v n / p r o j e c t 1

Aswiththelocalfileaccess,everyuserneedsansshaccesstotheserver(withalocalaccount)and also read/write access. This method might be suitable for a small group. All users could belong to a subversiongroupwhichownstherepository,forexample:
#g r o u p a d ds u b v e r s i o n #g r o u p m o dAu s e r 1s u b v e r s i o n #c h o w nRr o o t : s u b v e r s i o n/ h o m e / s v n #c h m o dR7 7 0/ h o m e / s v n

cb.vu/unixtoolbox.xhtml#loadstats

33/49

11/20/13

Unix Toolbox

Re mote acce sswithhttp(apache ) Remoteaccessoverhttp(https)istheonlygoodsolutionforalargerusergroup.Thismethodusesthe apacheauthentication,notthelocalaccounts.Thisisatypicalbutsmallapacheconfiguration:


L o a d M o d u l ed a v _ m o d u l e L o a d M o d u l ed a v _ s v n _ m o d u l e L o a d M o d u l ea u t h z _ s v n _ m o d u l e m o d u l e s / m o d _ d a v . s o m o d u l e s / m o d _ d a v _ s v n . s o m o d u l e s / m o d _ a u t h z _ s v n . s o #O n l yf o ra c c e s sc o n t r o l

< L o c a t i o n/ s v n > D A Vs v n #a n y" / s v n / f o o "U R Lw i l lm a pt oar e p o s i t o r y/ h o m e / s v n / f o o S V N P a r e n t P a t h/ h o m e / s v n A u t h T y p eB a s i c A u t h N a m e" S u b v e r s i o nr e p o s i t o r y " A u t h z S V N A c c e s s F i l e/ e t c / a p a c h e 2 / s v n . a c l A u t h U s e r F i l e/ e t c / a p a c h e 2 / s v n p a s s w d R e q u i r ev a l i d u s e r < / L o c a t i o n >

Theapacheserverneedsfullaccesstotherepository:
#c h o w nRw w w : w w w/ h o m e / s v n

Createauserwithhtpasswd2:
#h t p a s s w dc/ e t c / s v n p a s s w du s e r 1 #cc r e a t e st h ef i l e

Accesscontrolsvn.aclexample
#D e f a u l ti tr e a da c c e s s ." *= "w o u l db ed e f a u l tn oa c c e s s [ / ] *=r [ g r o u p s ] p r o j e c t 1 d e v e l o p e r s=j o e ,j a c k ,j a n e #G i v ew r i t ea c c e s st ot h ed e v e l o p e r s [ p r o j e c t 1 : ] @ p r o j e c t 1 d e v e l o p e r s=r w

13. 2 SVN commands and usage


See also the Subversion Quick Reference Cardhttp://www.cs.put.poznan.pl/csobaniec/Papers/sv nref card.pdf . Tortoise SVNhttp://tortoisesv n.tigris.orgisaniceWindowsinterface. Impor t A new project, that is a directory with some files, is imported into the repository with the i m p o r t command.Importisalsousedtoaddadirectorywithitscontenttoanexistingproject.
#s v nh e l pi m p o r t #G e th e l pf o ra n yc o m m a n d #A d dan e wd i r e c t o r y( w i t hc o n t e n t )i n t ot h es r cd i ro np r o j e c t 1 #s v ni m p o r t/ p r o j e c t 1 / n e w d i rh t t p : / / h o s t . u r l / s v n / p r o j e c t 1 / t r u n k / s r cm' a d dn e w d i r '

TypicalSVNcommands
#s v nc oh t t p : / / h o s t . u r l / s v n / p r o j e c t 1 / t r u n k #C h e c k o u tt h em o s tr e c e n tv e r s i o n #T a g sa n db r a n c h e sa r ec r e a t e db yc o p y i n g #s v nm k d i rh t t p : / / h o s t . u r l / s v n / p r o j e c t 1 / t a g s / #C r e a t et h et a g sd i r e c t o r y #s v nc o p ym" T a gr c 1r e l . "h t t p : / / h o s t . u r l / s v n / p r o j e c t 1 / t r u n k\ h t t p : / / h o s t . u r l / s v n / p r o j e c t 1 / t a g s / 1 . 0 r c 1 #s v ns t a t u s[ v e r b o s e ] #C h e c kf i l e ss t a t u si n t ow o r k i n gd i r #s v na d ds r c / f i l e . hs r c / f i l e . c p p #A d dt w of i l e s #s v nc o m m i tm' A d d e dn e wc l a s sf i l e ' #C o m m i tt h ec h a n g e sw i t ham e s s a g e #s v nl sh t t p : / / h o s t . u r l / s v n / p r o j e c t 1 / t a g s / #L i s ta l lt a g s #s v nm o v ef o o . cb a r . c #M o v e( r e n a m e )f i l e s #s v nd e l e t es o m e _ o l d _ f i l e #D e l e t ef i l e s

1 4 US E F UL C O M M A ND S
less|vi|mail|tar|zip|dd|screen|find|Miscellaneous

14. 1 less
Thel e s s commanddisplaysatextdocumentontheconsole.Itispresentonmostinstallation.
#l e s su n i x t o o l b o x . x h t m l

Someimportantcommandsare(^Nstandsfor[control][N]): hHgoodhelpondisplay f^F^VSPACEForwardonewindow(orNlines). b^BESCv Backwardonewindow(orNlines).


cb.vu/unixtoolbox.xhtml#loadstats 34/49

11/20/13

Unix Toolbox

FForwardforeverlike"tailf". /patternSearchforwardfor(Nth)matchingline. ?patternSearchbackwardfor(Nth)matchingline. nRepeatprevioussearch(forNthoccurrence). NRepeatprevioussearchinreversedirection. qquit

14. 2 vi
ViispresentonANYLinux/Unixinstallation(notgentoo?)anditisthereforeusefultoknowsomebasic commands. There are two modes: command mode and insertion mode. The commands mode is accessedwith[ESC],theinsertionmodewithi.Use: h e l p ifyouarelost. Theeditorsn a n o andp i c o areusuallyavailabletooandareeasier(IMHO)touse. Quit :wnewfilenamesavethefiletonewfilename :wqor:xsaveandquit :q!quitwithoutsaving Se ar chandmov e /stringSearchforwardforstring ?stringSearchbackforstring nSearchfornextinstanceofstring NSearchforpreviousinstanceofstring {Moveaparagraphback }Moveaparagraphforward 1GMovetothefirstlineofthefile nGMovetothenthlineofthefile GMovetothelastlineofthefile :%s/OLD/NEW/gSearchandreplaceeveryoccurrence De le te copypaste te xt dd(dw)Cutcurrentline(word) DCuttotheendoftheline xDelete(cut)character yy(yw)Copyline(word)aftercursor PPasteaftercursor uUndolastmodification UUndoallchangestocurrentline

14. 3 mail
The m a i l command is a basic application to read and send email, it is usually installed. To send an email simply type "mail user@domain". The first line is the subject, then the mail content. Terminate andsendtheemailwithasingledot(.)inanewline.Example:
#m a i lc @ c b . v u S u b j e c t :Y o u rt e x ti sf u l lo ft y p o s " F o ram o m e n t ,n o t h i n gh a p p e n e d .T h e n ,a f t e ras e c o n do rs o , n o t h i n gc o n t i n u e dt oh a p p e n . " . E O T #

Thisisalsoworkingwithapipe:
#e c h o" T h i si st h em a i lb o d y "|m a i lc @ c b . v u

Thisisalsoasimplewaytotestthemailserver.

14. 4 t ar
Thecommand t a r (tapearchive)createsandextractsarchivesoffileanddirectories.Thearchive.tar is uncompressed, a compressed archive has the extension .tgz or .tar.gz (zip) or .tbz (bzip2). Do not
cb.vu/unixtoolbox.xhtml#loadstats 35/49

11/20/13

Unix Toolbox

use absolute path when creating an archive, you probably want to unpack it somewhere else. Some typicalcommandsare: Cr e ate
#c d/ #t a rc fh o m e . t a rh o m e / #t a rc z fh o m e . t g zh o m e / #t a rc j fh o m e . t b zh o m e / #a r c h i v et h ew h o l e/ h o m ed i r e c t o r y( cf o rc r e a t e ) #s a m ew i t hz i pc o m p r e s s i o n #s a m ew i t hb z i p 2c o m p r e s s i o n

Onlyincludeone(ortwo)directoriesfromatree,butkeeptherelativestructure.Forexamplearchive /usr/local/etcand/usr/local/wwwandthefirstdirectoryinthearchiveshouldbelocal/.
#t a rC/ u s rc z fl o c a l . t g zl o c a l / e t cl o c a l / w w w #t a rC/ u s rx z fl o c a l . t g z #T ou n t a rt h el o c a ld i ri n t o/ u s r #c d/ u s r ;t a rx z fl o c a l . t g z #I st h es a m ea sa b o v e

Extr act
#t a rt z fh o m e . t g z #t a rx fh o m e . t a r #t a rx z fh o m e . t g z #l o o ki n s i d et h ea r c h i v ew i t h o u te x t r a c t i n g( l i s t ) #e x t r a c tt h ea r c h i v eh e r e( xf o re x t r a c t ) #s a m ew i t hz i pc o m p r e s s i o n( x j ff o rb z i p 2c o m p r e s s i o n ) #r e m o v el e a d i n gp a t hg a l l e r y 2a n de x t r a c ti n t og a l l e r y #t a rs t r i p c o m p o n e n t s1z x v fg a l l e r y 2 . t g zCg a l l e r y / #t a rx j fh o m e . t b zh o m e / c o l i n / f i l e . t x t #R e s t o r eas i n g l ef i l e #t a rx O fh o m e . t b zh o m e / c o l i n / f i l e . t x t #P r i n tf i l et os t d o u t( n oe x t r a c t i o n )

M or e adv ance d
#t a rcd i r /|g z i p|s s hu s e r @ r e m o t e' d do f = d i r . t g z '#a r c hd i r /a n ds t o r er e m o t e l y . #t a rc v f-` f i n d.p r i n t `>b a c k u p . t a r #a r c ht h ec u r r e n td i r e c t o r y . #t a rc f-C/ e t c.|t a rx p f-C/ b a c k u p / e t c #C o p yd i r e c t o r i e s #t a rc f-C/ e t c.|s s hu s e r @ r e m o t et a rx p f-C/ b a c k u p / e t c #R e m o t ec o p y . #t a rc z fh o m e . t g ze x c l u d e' * . o 'e x c l u d e' t m p / 'h o m e /

14. 5 z ip/ unz ip


ZipfilescanbeeasiertosharewithWindows.
#z i prf i l e N a m e . z i p/ p a t h / t o / d i r #u n z i pf i l e N a m e . z i p #u n z i plf i l e N a m e . z i p #u n z i pcf i l e N a m e . z i pf i l e i n s i d e . t x t #u n z i pf i l e N a m e . z i pf i l e i n s i d e . t x t #z i pd i ri n t of i l ef i l e N a m e . z i p #u n c o m p r e s sz i pf i l e #l i s tf i l e si n s i d ea r c h i v e #p r i n to n ef i l et os t d o u t( n oe x t r a c t i o n ) #e x t r a c to n ef i l eo n l y

14. 6 dd
Theprogram d d (diskdumpordestroydiskorseethe meaning of dd) is used to copy partitions and disksandforothercopytricks.Typicalusage:
#d di f = < s o u r c e >o f = < t a r g e t >b s = < b y t es i z e >c o n v = < c o n v e r s i o n > #k i l lI N F OP I D #V i e wd dp r o g r e s s( F r e e B S D ,O S X )

Importantconvoptions:
n o t r u n c donottruncatetheoutputfile,allzeroswillbewrittenaszeros. n o e r r o r continueafterreaderrors(e.g.badblocks) s y n c padeveryinputblockwithNullstoibssize

Thedefaultbytesizeis512(oneblock).TheMBR,wherethepartitiontableislocated,isonthefirst block,thefirst63blocksofadiskareempty.Largerbytesizesarefastertocopybutrequirealsomore memory. Backupandr e stor e


#d di f = / d e v / h d ao f = / d e v / h d cb s = 1 6 0 6 5 b #C o p yd i s kt od i s k( s a m es i z e ) #d di f = / d e v / s d a 7o f = / h o m e / r o o t . i m gb s = 4 0 9 6c o n v = n o t r u n c , n o e r r o r#B a c k u p/ #d di f = / h o m e / r o o t . i m go f = / d e v / s d a 7b s = 4 0 9 6c o n v = n o t r u n c , n o e r r o r#R e s t o r e/ #d db s = 1 Mi f = / d e v / a d 4 s 3 e|g z i pc>a d 4 s 3 e . g z #Z i pt h eb a c k u p #g u n z i pd ca d 4 s 3 e . g z|d do f = / d e v / a d 0 s 3 eb s = 1 M #R e s t o r et h ez i p #d db s = 1 Mi f = / d e v / a d 4 s 3 e|g z i p|s s he e d c o b a @ f r y' d do f = a d 4 s 3 e . g z '#a l s or e m o t e #g u n z i pd ca d 4 s 3 e . g z|s s he e d c o b a @ h o s t' d do f = / d e v / a d 0 s 3 eb s = 1 M ' #d di f = / d e v / a d 0o f = / d e v / a d 2s k i p = 1s e e k = 1b s = 4 kc o n v = n o e r r o r #S k i pM B R #T h i si sn e c e s s a r yi ft h ed e s t i n a t i o n( a d 2 )i ss m a l l e r . #d di f = / v m / F r e e B S D 8 . 2 R E L E A S E a m d 6 4 m e m s t i c k . i m go f = / d e v / d i s k 1b s = 1 0 2 4 0c o n v = s y n c #C o p yF r e e B S Di m a g et oU S Bm e m o r ys t i c k

Re cov e r
cb.vu/unixtoolbox.xhtml#loadstats 36/49

11/20/13

Unix Toolbox

Thecommand d d willreadeverysingleblock ofthepartition.Incaseofproblemsitisbettertousethe optionc o n v = s y n c , n o e r r o r soddwillskipthebadblockandwritezerosatthedestination.Accordinglyit isimportanttosettheblocksizeequalorsmallerthanthediskblocksize.A1ksizeseemssafe,setit with b s = 1 k . If a disk has bad sectors and the data should be recovered from a partition, create an imagefilewithdd,mounttheimageandcopythecontenttoanewdisk.Withtheoptionn o e r r o r ,ddwill skip the bad sectors and write zeros instead, thus only the data contained in the bad sectors will be lost.
#d di f = / d e v / h d ao f = / d e v / n u l lb s = 1 m #C h e c kf o rb a db l o c k s #d db s = 1 ki f = / d e v / h d a 1c o n v = s y n c , n o e r r o r , n o t r u n c|g z i p|s s h\#S e n dt or e m o t e r o o t @ f r y' d do f = h d a 1 . g zb s = 1 k ' #d db s = 1 ki f = / d e v / h d a 1c o n v = s y n c , n o e r r o r , n o t r u n co f = h d a 1 . i m g #S t o r ei n t oa ni m a g e #m o u n tol o o p/ h d a 1 . i m g/ m n t #M o u n tt h ei m a g e #r s y n ca x/ m n t // n e w d i s k / #C o p yo nan e wd i s k #d di f = / d e v / h d ao f = / d e v / h d a #R e f r e s ht h em a g n e t i cs t a t e #T h ea b o v ei su s e f u lt or e f r e s had i s k .I ti sp e r f e c t l ys a f e ,b u tm u s tb eu n m o u n t e d .

De le te
#d di f = / d e v / z e r oo f = / d e v / h d c #d di f = / d e v / u r a n d o mo f = / d e v / h d c #k i l lU S R 1P I D #k i l lI N F OP I D #D e l e t ef u l ld i s k #D e l e t ef u l ld i s kb e t t e r #V i e wd dp r o g r e s s( L i n u x ) #V i e wd dp r o g r e s s( F r e e B S D )

M BRtr icks TheMBRcontainsthebootloaderandthepartitiontableandis512bytessmall.Thefirst446arefor thebootloader,thebytes446to512areforthepartitiontable.


#d di f = / d e v / s d ao f = / m b r _ s d a . b a kb s = 5 1 2c o u n t = 1 #B a c k u pt h ef u l lM B R #d di f = / d e v / z e r oo f = / d e v / s d ab s = 5 1 2c o u n t = 1 #D e l e t eM B Ra n dp a r t i t i o nt a b l e #d di f = / m b r _ s d a . b a ko f = / d e v / s d ab s = 5 1 2c o u n t = 1 #R e s t o r et h ef u l lM B R #d di f = / m b r _ s d a . b a ko f = / d e v / s d ab s = 4 4 6c o u n t = 1 #R e s t o r eo n l yt h eb o o tl o a d e r #d di f = / m b r _ s d a . b a ko f = / d e v / s d ab s = 1c o u n t = 6 4s k i p = 4 4 6s e e k = 4 4 6#R e s t o r ep a r t i t i o nt a b l e

14. 7 scr een


Screen(amusthave)hastwomainfunctionalities: Runmultipleterminalsessionwithinasingleterminal. Astartedprogramisdecoupledfromtherealterminalandcanthusruninthebackground.The realterminalcanbeclosedandreattachedlater. Shor tstar te xample startscreenwith:
#s c r e e n

Withinthescreensessionwecanstartalonglastingprogram(liketop).
#t o p

NowdetachwithCtrlaCtrld.Reattachtheterminalwith:
#s c r e e nRD

Indetailthismeans:Ifasessionisrunning,thenreattach.Ifnecessarydetachandlogoutremotelyfirst. Ifitwasnotrunningcreateitandnotifytheuser.Or:
#s c r e e nx

Attachtoarunningscreeninamultidisplaymode.Theconsoleisthussharedamongmultipleusers. Veryusefulforteamwork/debug! Scr e e ncommands(withinscr e e n) AllscreencommandsstartwithCtrla. Ctrla?helpandsummaryoffunctions Ctrlaccreateannewwindow(terminal) CtrlaCtrlnandCtrlaCtrlptoswitchtothenextorpreviouswindowinthelist,bynumber. CtrlaCtrlNwhereNisanumberfrom0to9,toswitchtothecorrespondingwindow. Ctrla"togetanavigablelistofrunningwindows CtrlaatoclearamissedCtrla CtrlaCtrldtodisconnectandleavethesessionrunninginthebackground Ctrlaxlockthescreenterminalwithapassword
cb.vu/unixtoolbox.xhtml#loadstats 37/49

11/20/13

Unix Toolbox

Ctrla[enterintoscrollbackmode,exitwithesc. Usee c h o" d e f s c r o l l b a c k5 0 0 0 ">~ / . s c r e e n r c toincreasebuffer(defaultis100) CuScrollsahalfpageup CbScrollafullpageup CdScrollahalfpagedown CfScrollafullpagedown /Searchforward ?Searchbackward The screen session is terminated when the program within the running terminal is closed and you logoutfromtheterminal.

14. 8 Find
Someimportantoptions:
x (onBSD)x d e v (onLinux)Stayonthesamefilesystem(devinfstab). e x e cc m d{ }\ ; Executethecommandandreplace{}withthefullpath i n a m e Likenamebutiscaseinsensitive l s Displayinformationaboutthefile(likelsla) s i z en nis+n(kMGTP) c m i nn File'sstatuswaslastchangednminutesago.
#f i n d.t y p ef!p e r m4 4 4 #F i n df i l e sn o tr e a d a b l eb ya l l #f i n d.t y p ed!p e r m1 1 1 #F i n dd i r sn o ta c c e s s i b l eb ya l l #f i n d/ h o m e / u s e r /c m i n1 0p r i n t #F i l e sc r e a t e do rm o d i f i e di nt h el a s t1 0m i n . #f i n d.n a m e' * . [ c h ] '|x a r g sg r e pE' e x p r '#S e a r c h' e x p r 'i nt h i sd i ra n db e l o w . #f i n d/n a m e" * . c o r e "|x a r g sr m #F i n dc o r ed u m p sa n dd e l e t et h e m( a l s ot r yc o r e . * ) #f i n d/n a m e" * . c o r e "p r i n te x e cr m{ }\ ; #O t h e rs y n t a x #F i n di m a g e sa n dc r e a t ea na r c h i v e ,i n a m ei sn o tc a s es e n s i t i v e .rf o ra p p e n d #f i n d.\ (i n a m e" * . p n g "oi n a m e" * . j p g "\ )p r i n te x e ct a rr fi m a g e s . t a r{ }\ ; #f i n d.t y p efn a m e" * . t x t "!n a m eR E A D M E . t x tp r i n t #E x c l u d eR E A D M E . t x tf i l e s #f i n d/ v a r /s i z e+ 1 0 Me x e cl sl h{ }\ ; #F i n dl a r g ef i l e s>1 0M B #f i n d/ v a r /s i z e+ 1 0 Ml s #T h i si ss i m p l e r #f i n d.s i z e+ 1 0 Ms i z e5 0 Mp r i n t #f i n d/ u s r / p o r t s /n a m ew o r kt y p edp r i n te x e cr mr f{ }\ ; #C l e a nt h ep o r t s #F i n df i l e sw i t hS U I D ;t h o s ef i l ea r ev u l n e r a b l ea n dm u s tb ek e p ts e c u r e #f i n d/t y p efu s e rr o o tp e r m4 0 0 0e x e cl sl{ }\ ; #f i n df l a c /i n a m e* . f l a cp r i n ts i z e+ 5 0 0 ke x e c/ A p p l i c a t i o n s / F l u k e . a p p / C o n t e n t s / M a c O S / F l u k e{ }\ ; #Iu s ea b o v et oa d df l a cf i l e st oi T u n e so nO S X

Becarefulwithxargorexecasitmightormightnothonorquotingsandcanreturnwrongresultswhen files or directories contain spaces. In doubt use "print0 | xargs 0" instead of "| xargs". The option print0 must be the last in the find command. See this nice mini tutorial for findhttp://www.hccf l.edu/pollock/Unix/FindCmd.htm .
#f i n d.t y p ef|x a r g sl sl #W i l ln o tw o r kw i t hs p a c e si nn a m e s #f i n d.t y p efp r i n t 0|x a r g s0l sl #W i l lw o r kw i t hs p a c e si nn a m e s #f i n d.t y p efe x e cl sl' { } '\ ;#O ru s eq u o t e s' { } 'w i t he x e c

Duplicatedirectorytree:
#f i n d.t y p ede x e cm k d i rp/ t m p / n e w _ d e s t / { }\ ;

14. 9 Miscellaneous
#w h i c hc o m m a n d #S h o wf u l lp a t hn a m eo fc o m m a n d #t i m ec o m m a n d #S e eh o wl o n gac o m m a n dt a k e st oe x e c u t e #t i m ec a t #U s et i m ea ss t o p w a t c h .C t r l ct os t o p #s e t|g r e p$ U S E R #L i s tt h ec u r r e n te n v i r o n m e n t #c a l3 #D i s p l a yat h r e em o n t hc a l e n d a r #d a t e[ u | u t c | u n i v e r s a l ][ M M D D h h m m [ [ C C ] Y Y ] [ . s s ] ] #d a t e1 0 0 2 2 1 5 5 #S e td a t ea n dt i m e #w h a t i sg r e p #D i s p l a yas h o r ti n f oo nt h ec o m m a n do rw o r d #w h e r e i sj a v a #S e a r c hp a t ha n ds t a n d a r dd i r e c t o r i e sf o rw o r d #s e t e n vv a r n a m ev a l u e #S e te n v .v a r i a b l ev a r n a m et ov a l u e( c s h / t c s h ) #e x p o r tv a r n a m e = " v a l u e " #s e te n v .v a r i a b l ev a r n a m et ov a l u e( s h / k s h / b a s h ) #p w d #P r i n tw o r k i n gd i r e c t o r y #m k d i rp/ p a t h / t o / d i r #n oe r r o ri fe x i s t i n g ,m a k ep a r e n td i r sa sn e e d e d #m k d i rpp r o j e c t / { b i n , s r c , o b j , d o c / { h t m l , m a n , p d f } , d e b u g / s o m e / m o r e / d i r s } #r m d i r/ p a t h / t o / d i r #R e m o v ed i r e c t o r y #r mr f/ p a t h / t o / d i r #R e m o v ed i r e c t o r ya n di t sc o n t e n t( f o r c e ) #r m-b a d c h a r . t x t #R e m o v ef i l ew h i t c hs t a r t sw i t had a s h( ) #c pl a/ d i r 1/ d i r 2 #A r c h i v ea n dh a r dl i n kf i l e si n s t e a do fc o p y #c pl p R/ d i r 1/ d i r 2 #S a m ef o rF r e e B S D #c pu n i x t o o l b o x . x h t m l { , . b a k } #S h o r tw a yt oc o p yt h ef i l ew i t han e we x t e n s i o n
cb.vu/unixtoolbox.xhtml#loadstats 38/49

11/20/13

Unix Toolbox

#m v/ d i r 1/ d i r 2 #R e n a m ead i r e c t o r y #l s1 #l i s to n ef i l ep e rl i n e #h i s t o r y|t a i l5 0 #D i s p l a yt h el a s t5 0u s e dc o m m a n d s #c d#c dt op r e v i o u s( $ O L D P W D )d i r e c t o r y #/ b i n / l s |g r e pv. p y|x a r g sr mr#p i p ef i l en a m e st or mw i t hx a r g s

Checkfilehasheswithopenssl.Thisisanicealternativetothecommandsm d 5 s u m ors h a 1 s u m (FreeBSD usesm d 5 ands h a 1 )whicharenotalwaysinstalled.


#o p e n s s lm d 5f i l e . t a r . g z #o p e n s s ls h a 1f i l e . t a r . g z #o p e n s s lr m d 1 6 0f i l e . t a r . g z #G e n e r a t ea nm d 5c h e c k s u mf r o mf i l e #G e n e r a t ea ns h a 1c h e c k s u mf r o mf i l e #G e n e r a t eaR I P E M D 1 6 0c h e c k s u mf r o mf i l e

1 5 I NS T A L L S O F T W A R E
Usuallythepackagemanagerusestheproxyvariableforhttp/ftprequests.In.bashrc:
e x p o r th t t p _ p r o x y = h t t p : / / p r o x y _ s e r v e r : 3 1 2 8 e x p o r tf t p _ p r o x y = h t t p : / / p r o x y _ s e r v e r : 3 1 2 8

15. 1 List inst alled packages


#r p mq a #d p k gl #p k g _ i n f o #p k g _ i n f oWs m b d #p k g i n f o #L i s ti n s t a l l e dp a c k a g e s( R H ,S u S E ,R P Mb a s e d ) #D e b i a n ,U b u n t u #F r e e B S Dl i s ta l li n s t a l l e dp a c k a g e s #F r e e B S Ds h o ww h i c hp a c k a g es m b db e l o n g st o #S o l a r i s

15. 2 Add/ r emove soft war e


Frontends:yast2/yastforSuSE,redhatconfigpackagesforRedHat.
#r p mip k g n a m e . r p m #r p mep k g n a m e #i n s t a l lt h ep a c k a g e( R H ,S u S E ,R P Mb a s e d ) #R e m o v ep a c k a g e

SuSEzyppe r (se e docandche e tshe e t) http://en.opensuse.org/SDB:Zy pper_usage


#z y p p e rr e f r e s h #z y p p e ri n s t a l lv i m #z y p p e rr e m o v ev i m #z y p p e rs e a r c hv i m #z y p p e ru p d a t ev i m #R e f r e s hr e p o s i t o r i e #I n s t a l lt h ep a c k a g ev i m #R e m o v et h ep a c k a g ev i m #S e a r c hp a c k a g e sw i t hv i m #S e a r c hp a c k a g e sw i t hv i m

De bian
#a p t g e tu p d a t e #a p t g e ti n s t a l le m a c s #d p k gr e m o v ee m a c s #d p k gSf i l e #F i r s tu p d a t et h ep a c k a g el i s t s #I n s t a l lt h ep a c k a g ee m a c s #R e m o v et h ep a c k a g ee m a c s #f i n dw h a tp a c k a g eaf i l eb e l o n g st o

Ge ntoo Gentoousesemergeastheheartofits"Portage"packagemanagementsystem.
#e m e r g es y n c #e m e r g eup a c k a g e n a m e #e m e r g eCp a c k a g e n a m e #r e v d e p r e b u i l d #F i r s ts y n ct h el o c a lp o r t a g et r e e #I n s t a l lo ru p g r a d eap a c k a g e #R e m o v et h ep a c k a g e #R e p a i rd e p e n d e n c i e s

Solar is The<cdrom>pathisusually/ c d r o m / c d r o m 0 .
#p k g a d dd< c d r o m > / S o l a r i s _ 9 / P r o d u c tS U N W g t a r #p k g a d ddS U N W g t a r #A d dd o w n l o a d e dp a c k a g e( b u n z i p 2f i r s t ) #p k g r mS U N W g t a r #R e m o v et h ep a c k a g e

Fr e e BSD
#p k g _ a d drr s y n c #p k g _ d e l e t e/ v a r / d b / p k g / r s y n c x x #F e t c ha n di n s t a l lr s y n c . #D e l e t et h er s y n cp a c k a g e

SetwherethepackagesarefetchedfromwiththeP A C K A G E S I T E variable.Forexample:
#e x p o r tP A C K A G E S I T E = f t p : / / f t p . f r e e b s d . o r g / p u b / F r e e B S D / p o r t s / i 3 8 6 / p a c k a g e s / L a t e s t / #o rf t p : / / f t p . f r e e b s d . o r g / p u b / F r e e B S D / p o r t s / i 3 8 6 / p a c k a g e s 6 s t a b l e / L a t e s t /

Fr e e BSDpor ts http://www.f reebsd.org/handbook/ports.html Theporttree/ u s r / p o r t s / isacollectionofsoftwarereadytocompileandinstall(seemanports).The portsareupdatedwiththeprogramp o r t s n a p .


cb.vu/unixtoolbox.xhtml#loadstats 39/49

11/20/13

Unix Toolbox

#p o r t s n a pf e t c he x t r a c t #p o r t s n a pf e t c hu p d a t e #c d/ u s r / p o r t s / n e t / r s y n c / #m a k ei n s t a l ld i s t c l e a n #m a k ep a c k a g e #p k g d bF #p o r t s c l e a nCD D

#C r e a t et h et r e ew h e nr u n n i n gt h ef i r s tt i m e #U p d a t et h ep o r tt r e e #S e l e c tt h ep a c k a g et oi n s t a l l #I n s t a l la n dc l e a n u p( a l s os e em a np o r t s ) #M a k eab i n a r yp a c k a g eo ft h i sp o r t #F i xt h ep a c k a g er e g i s t r yd a t a b a s e #C l e a nw o r k d i ra n dd i s t d i r( p a r to fp o r t u p g r a d e )

OSXM acPor ts http://guide.macports.org/ (use sudofor allcommands)


#p o r ts e l f u p d a t e #U p d a t et h ep o r tt r e e( s a f e ) #p o r ti n s t a l l e d #L i s ti n s t a l l e dp o r t s #p o r td e p sa p a c h e 2 #L i s td e p e n d e n c i e sf o rt h i sp o r t #p o r ts e a r c hp g r e p #S e a r c hf o rs t r i n g #p o r ti n s t a l lp r o c t o o l s #I n s t a l lt h i sp a c k a g e #p o r tv a r i a n t sg h o s t s c r i p t #L i s tv a r i a n t so ft h i sp o r t #p o r tvi n s t a l lg h o s t s c r i p t+ n o _ x 1 1 #n o _ x 1 1f o rn e g a t i v ev a l u e #p o r tc l e a na l lg h o s t s c r i p t #C l e a nw o r k d i ro fp o r t #p o r tu p g r a d eg h o s t s c r i p t #U p g r a d et h i sp o r t #p o r tu n i n s t a l lg h o s t s c r i p t #U n i n s t a l lt h i sp o r t #p o r tfu n i n s t a l li n s t a l l e d #U n i n s t a l le v e r y t h i n g

15. 3 Libr ar y pat h


Duetocomplexdependenciesandruntimelinking,programsaredifficulttocopytoanothersystemor distribution. However for small programs with little dependencies, the missing libraries can be copied over.Theruntimelibraries(andthemissingone)arecheckedwithl d d andmanagedwithl d c o n f i g .
#l d d/ u s r / b i n / r s y n c #o t o o lL/ u s r / b i n / r s y n c #l d c o n f i gn/ p a t h / t o / l i b s / #l d c o n f i gm/ p a t h / t o / l i b s / #L D _ L I B R A R Y _ P A T H #L i s ta l ln e e d e dr u n t i m el i b r a r i e s #O SXe q u i v a l e n tt ol d d #A d dap a t ht ot h es h a r e dl i b r a r i e sd i r e c t o r i e s #F r e e B S D #T h ev a r i a b l es e tt h el i n kl i b r a r yp a t h

1 6 C O NVE R T M E D I A
Sometimesonesimplyneedtoconvertavideo,audiofileordocumenttoanotherformat.

16. 1 Text encoding


Textencodingcangettotallywrong,speciallywhenthelanguagerequiresspecialcharacterslike. Thecommandi c o n v canconvertfromoneencodingtoanother.
#i c o n vf< f r o m _ e n c o d i n g >t< t o _ e n c o d i n g >< i n p u t _ f i l e > #i c o n vfI S O 8 8 5 9 1tU T F 8of i l e . i n p u t>f i l e _ u t f 8 #i c o n vl #L i s tk n o w nc o d e dc h a r a c t e rs e t s

Withoutthefoption,iconvwillusethelocalcharset,whichisusuallyfineifthedocumentdisplayswell. Convert filenames from one encoding to another (not file content). Works also if only some files are alreadyutf8
#c o n v m vrfu t f 8n f dtu t f 8n f c/ d i r / *n o t e s t

16. 2 Unix DOS newlines


Convert DOS (CR/LF) to Unix (LF) newlines and back within a Unix shell. See also d o s 2 u n i x and u n i x 2 d o s ifyouhavethem.
#s e d' s / . $ / / 'd o s f i l e . t x t>u n i x f i l e . t x t #a w k' { s u b ( / \ r $ / , " " ) ; p r i n t } 'd o s f i l e . t x t>u n i x f i l e . t x t #a w k' { s u b ( / $ / , " \ r " ) ; p r i n t } 'u n i x f i l e . t x t>d o s f i l e . t x t #D O St oU N I X #D O St oU N I X #U N I Xt oD O S

Convert Unix to DOS newlines within a Windows environment. Use sed or awk from mingw or cygwin.
#s e dnpu n i x f i l e . t x t>d o s f i l e . t x t #a w k1u n i x f i l e . t x t>d o s f i l e . t x t #U N I Xt oD O S( w i t hac y g w i ns h e l l )

Remove^ M macnewlineandreplacewithunixnewline.Togeta^ M useCTLVthenCTLM


#t r' ^ M '' \ n '<m a c f i l e . t x t

16. 3 PDF t o Jpeg and concat enat e PDF files


Convert a PDF document with g s (GhostScript) to jpeg (or png) images for each page. Also much shorterwithc o n v e r t andm o g r i f y (fromImageMagickorGraphicsMagick).
#g sd B A T C Hd N O P A U S Es D E V I C E = j p e gr 1 5 0d T e x t A l p h a B i t s = 4d G r a p h i c s A l p h a B i t s = 4\

cb.vu/unixtoolbox.xhtml#loadstats

40/49

11/20/13

Unix Toolbox

d M a x S t r i p S i z e = 8 1 9 2s O u t p u t F i l e = u n i x t o o l b o x _ % d . j p gu n i x t o o l b o x . p d f #c o n v e r tu n i x t o o l b o x . p d fu n i x t o o l b o x % 0 3 d . p n g #c o n v e r t* . j p e gi m a g e s . p d f #C r e a t eas i m p l eP D Fw i t ha l lp i c t u r e s #c o n v e r ti m a g e 0 0 0 *r e s a m p l e1 2 0 x 1 2 0c o m p r e s sJ P E Gq u a l i t y8 0i m a g e s . p d f #m o g r i f yf o r m a tp n g* . p p m #c o n v e r ta l lp p mi m a g e st op n gf o r m a t

Ghostscript can also concatenate multiple pdf files into a single one. This only works well if the PDF filesare"wellbehaved".
#g sqs P A P E R S I Z E = a 4d N O P A U S Ed B A T C Hs D E V I C E = p d f w r i t es O u t p u t F i l e = a l l . p d f\ f i l e 1 . p d ff i l e 2 . p d f. . . #O nW i n d o w su s e' # 'i n s t e a do f' = '
http://f oolabs.com/xpdf /download.html Extractimagesfrompdfdocumentusingp d f i m a g e s frompopplerorx p d f

#p d f i m a g e sd o c u m e n t . p d fd s t / #y u mi n s t a l lp o p p l e r u t i l s #a p t g e ti n s t a l lp o p p l e r u t i l s

#e x t r a c ta l li m a g e sa n dp u ti nd s t #i n s t a l lp o p p l e r u t i l si fn e e d e d .o r :

16. 4 Conver t video


CompresstheCanondigicamvideowithanmpeg4codecandrepairthecrappysound.
#m e n c o d e rov i d e o o u t . a v io a cm p 3 l a m eo v cl a v cs r a t e1 1 0 2 5\ c h a n n e l s1a f a d vf o r c e = 1l a m e o p t sp r e s e t = m e d i u ml a v c o p t s\ v c o d e c = m s m p e g 4 v 2 : v b i t r a t e = 6 0 0m c0v i d o e i n . A V I

Seesoxforsoundprocessing.

16. 5 Copy an audio cd


http://xiph.org/paranoia/ The program c d p a r a n o i a can save the audio tracks (FreeBSD port in audio/cdparanoia/),o g g e n c canencodeinOggVorbisformat,l a m e convertstomp3.

#c d p a r a n o i aB #C o p yt h et r a c k st ow a vf i l e si nc u r r e n td i r #l a m eb2 5 6i n . w a vo u t . m p 3 #E n c o d ei nm p 32 5 6k b / s #f o rii n* . w a v ;d ol a m eb2 5 6$ i` b a s e n a m e$ i. w a v ` . m p 3 ;d o n e #o g g e n ci n . w a vb2 5 6o u t . o g g #E n c o d ei nO g gV o r b i s2 5 6k b / s

1 7 P R I NT I NG
17. 1 Pr int wit h lpr
#l p ru n i x t o o l b o x . p s #P r i n to nd e f a u l tp r i n t e r #e x p o r tP R I N T E R = h p 4 6 0 0 #C h a n g et h ed e f a u l tp r i n t e r #l p rP h p 4 5 0 0# 2u n i x t o o l b o x . p s #U s ep r i n t e rh p 4 5 0 0a n dp r i n t2c o p i e s #l p roD u p l e x = D u p l e x N o T u m b l e. . . #P r i n td u p l e xa l o n gt h el o n gs i d e #l p roP a g e S i z e = A 4 , D u p l e x = D u p l e x N o T u m b l e. . . #l p q #l p qlP h p 4 5 0 0 #l p r m#l p r mP h p 4 5 0 03 1 8 6 #l p cs t a t u s #l p cs t a t u sh p 4 5 0 0 #C h e c kt h eq u e u eo nd e f a u l tp r i n t e r #Q u e u eo np r i n t e rh p 4 5 0 0w i t hv e r b o s e #R e m o v ea l lu s e r sj o b so nd e f a u l tp r i n t e r #R e m o v ej o b3 1 8 6 .F i n dj o bn b rw i t hl p q #L i s ta l la v a i l a b l ep r i n t e r s #C h e c ki fp r i n t e ri so n l i n ea n dq u e u el e n g t h

Some devices are not postscript and will print garbage when fed with a pdf file. This might be solved with:
#g sd S A F E Rd N O P A U S Es D E V I C E = d e s k j e ts O u t p u t F i l e = \ | l p rf i l e . p d f

PrinttoaPDFfileeveniftheapplicationdoesnotsupportit.Use g s ontheprintcommandinsteadof l p r .
#g sqs P A P E R S I Z E = a 4d N O P A U S Ed B A T C Hs D E V I C E = p d f w r i t es O u t p u t F i l e = / p a t h / f i l e . p d f

18DATABASES
18. 1 Post gr eSQL
Change r ootor ause r name passwor d
#p s q ldt e m p l a t e 1Up g s q l >a l t e ru s e rp g s q lw i t hp a s s w o r d' p g s q l _ p a s s w o r d ' ; #U s eu s e r n a m ei n s t e a do f" p g s q l "

Cr e ate use r anddatabase Thecommands c r e a t e u s e r ,d r o p u s e r ,c r e a t e d b and d r o p d b areconvenientshortcutsequivalenttothe SQLcommands.Thenewuserisbobwithdatabasebobdbuseasrootwithpgsqlthedatabasesuper user:


cb.vu/unixtoolbox.xhtml#loadstats 41/49

11/20/13

Unix Toolbox

#c r e a t e u s e rUp g s q lPb o b #c r e a t e d bUp g s q lOb o bb o b d b #d r o p d bb o b d b #d r o p u s e rb o b

#Pw i l la s kf o rp a s s w o r d #n e wb o b d bi so w n e db yb o b #D e l e t ed a t a b a s eb o b d b #D e l e t eu s e rb o b

Thegeneraldatabaseauthenticationmechanismisconfiguredinpg_hba.conf Gr antr e mote acce ss Thefile$ P G S Q L _ D A T A _ D / p o s t g r e s q l . c o n f specifiestheaddresstobindto.Typicallyl i s t e n _ a d d r e s s e s= ' * ' forPostgres8.x. Thefile$ P G S Q L _ D A T A _ D / p g _ h b a . c o n f definestheaccesscontrol.Examples:
#T Y P E D A T A B A S E h o s t b o b d b h o s t a l l U S E R b o b a l l I P A D D R E S S 2 1 2 . 1 1 7 . 8 1 . 4 2 0 . 0 . 0 . 0 / 0 I P M A S K 2 5 5 . 2 5 5 . 2 5 5 . 2 5 5 M E T H O D p a s s w o r d p a s s w o r d

Backupandr e stor e The backups and restore are done with the user pgsql or postgres. Backup and restore a single database:
#p g _ d u m pc l e a nd b n a m e>d b n a m e _ s q l . d u m p #p s q ld b n a m e<d b n a m e _ s q l . d u m p

Backupandrestorealldatabases(includingusers):
#p g _ d u m p a l lc l e a n>f u l l . d u m p #p s q lff u l l . d u m pp o s t g r e s

Inthiscasetherestoreisstartedwiththedatabasepostgreswhichisbetterwhenreloadinganempty cluster.

18. 2 MySQL
Change mysqlr ootor use r name passwor d Method1
#/ e t c / i n i t . d / m y s q ls t o p o r #k i l l a l lm y s q l d #m y s q l ds k i p g r a n t t a b l e s #m y s q l a d m i nur o o tp a s s w o r d' n e w p a s s w d ' #/ e t c / i n i t . d / m y s q ls t a r t

Method2
#m y s q lur o o tm y s q l m y s q l >U P D A T EU S E RS E TP A S S W O R D = P A S S W O R D ( " n e w p a s s w o r d " )w h e r eu s e r = ' r o o t ' ; m y s q l >F L U S HP R I V I L E G E S ; #U s eu s e r n a m ei n s t e a do f" r o o t " m y s q l >q u i t

Cr e ate use r anddatabase (se e M ySQLdoc http://dev .my sql.com/doc/ref man/5.1/en/addingusers.html)


#m y s q lur o o tm y s q l m y s q l >C R E A T EU S E R' b o b ' @ ' l o c a l h o s t 'I D E N T I F I E DB Y' p w d ' ;#c r e a t eo n l yau s e r m y s q l >C R E A T ED A T A B A S Eb o b d b ; m y s q l >G R A N TA L LO N* . *T O' b o b ' @ ' % 'I D E N T I F I E DB Y' p w d ' ;#U s el o c a l h o s ti n s t e a do f% #t or e s t r i c tt h en e t w o r ka c c e s s m y s q l >D R O PD A T A B A S Eb o b d b ; #D e l e t ed a t a b a s e m y s q l >D R O PU S E Rb o b ; #D e l e t eu s e r m y s q l >D E L E T EF R O Mm y s q l . u s e rW H E R Eu s e r = ' b o ba n dh o s t = ' h o s t n a m e ' ;#A l t .c o m m a n d m y s q l >F L U S HP R I V I L E G E S ;

Gr antr e mote acce ss Remote access is typically permitted for a database, and not all databases. The file / e t c / m y . c n f contains the IP address to bind to. (On FreeBSD m y . c n f not created per fedault, copy one . c n f file from / u s r / l o c a l / s h a r e / m y s q l to / u s r / l o c a l / e t c / m y . c n f ) Typically comment the line b i n d a d d r e s s = out.
#m y s q lur o o tm y s q l m y s q l >G R A N TA L LO Nb o b d b . *T Ob o b @ ' x x x . x x x . x x x . x x x 'I D E N T I F I E DB Y' P A S S W O R D ' ; m y s q l >R E V O K EG R A N TO P T I O NO Nf o o . *F R O Mb a r @ ' x x x . x x x . x x x . x x x ' ; m y s q l >F L U S HP R I V I L E G E S ; #U s e' h o s t n a m e 'o ra l s o' % 'f o rf u l la c c e s s

Backupandr e stor e Backupandrestoreasingledatabase:


#m y s q l d u m pur o o tp s e c r e ta d d d r o p d a t a b a s ed b n a m e>d b n a m e _ s q l . d u m p
cb.vu/unixtoolbox.xhtml#loadstats 42/49

11/20/13

Unix Toolbox

#m y s q lur o o tp s e c r e tDd b n a m e<d b n a m e _ s q l . d u m p

Backupandrestorealldatabases:
#m y s q l d u m pur o o tp s e c r e ta d d d r o p d a t a b a s ea l l d a t a b a s e s>f u l l . d u m p #m y s q lur o o tp s e c r e t<f u l l . d u m p

Hereis"secret"themysqlrootpassword,thereisnospaceafterp.Whenthepoptionisusedalone (w/opassword),thepasswordisaskedatthecommandprompt.

18. 3 SQLit e
SQLitehttp://www.sqlite.orgisasmallpowerfulselfcontained,serverless,zeroconfigurationSQLdatabase. Dumpandr e stor e ItcanbeusefultodumpandrestoreanSQLitedatabase.Forexampleyoucaneditthedumpfileto changeacolumnattributeortypeandthenrestorethedatabase.ThisiseasierthanmessingwithSQL commands.Usethecommands q l i t e 3 fora3.xdatabase.
#s q l i t ed a t a b a s e . d b. d u m p>d u m p . s q l #s q l i t ed a t a b a s e . d b<d u m p . s q l #d u m p #r e s t o r e

Conv e r t2.xto3.xdatabase
s q l i t ed a t a b a s e _ v 2 . d b. d u m p|s q l i t e 3d a t a b a s e _ v 3 . d b

1 9 D I S K Q UO T A
Adiskquotaallowstolimittheamountofdiskspaceand/orthenumberoffilesauseror(ormemberof group)canuse.Thequotasareallocatedonaperfilesystembasisandareenforcedbythekernel.

19. 1 Linux set up


Thequotatoolspackageusuallyneedstobeinstalled,itcontainsthecommandlinetools. Activatetheuserquotainthefstabandremountthepartition.Ifthepartitionisbusy,eitheralllocked files must be closed, or the system must be rebooted. Add u s r q u o t a to the fstab mount options, for example:
/ d e v / s d a 2 / h o m e r e i s e r f s #m o u n tor e m o u n t/ h o m e #m o u n t #q u o t a c h e c kv u m/ h o m e #c h m o d6 4 4/ h o m e / a q u o t a . u s e r q u o t a o nv u/ h o m e r w , a c l , u s e r _ x a t t r , u s r q u o t a11 #C h e c ki fu s r q u o t ai sa c t i v e ,o t h e r w i s er e b o o t

Initializethequota.userfilewithq u o t a c h e c k .
#T ol e tt h eu s e r sc h e c kt h e i ro w nq u o t a

Activatethequotaeitherwiththeprovidedscript(e.g./etc/init.d/quotadonSuSE)orwithq u o t a o n : Checkthatthequotaisactivewith:
q u o t av

19. 2 Fr eeBSD set up


The quota tools are part of the base system, however the kernel needs the option quota. If it is not there,additandrecompilethekernel.
o p t i o n sQ U O T A

AswithLinux,addthequotatothefstaboptions(userquota,notusrquota):
/ d e v / a d 0 s 1 d / h o m e #m o u n t/ h o m e u f s r w , n o a t i m e , u s e r q u o t a 2 2 #T or e m o u n tt h ep a r t i t i o n

Enablediskquotasin/etc/rc.confandstartthequota.
#g r e pq u o t a s/ e t c / r c . c o n f e n a b l e _ q u o t a s = " Y E S " c h e c k _ q u o t a s = " Y E S " #/ e t c / r c . d / q u o t as t a r t #t u r no nq u o t a so ns t a r t u p( o rN O ) . #C h e c kq u o t a so ns t a r t u p( o rN O ) .

19. 3 Assign quot a limit s


The quotas are not limited per default (set to 0). The limits are set with e d q u o t a for single users. A quota can be also duplicated to many users. The file structure is different between the quota
cb.vu/unixtoolbox.xhtml#loadstats 43/49

11/20/13

Unix Toolbox

implementations, but the principle is the same: the values of blocks and inodes can be limited. Only change the values of soft and hard. If not specified, the blocks are 1k. The grace period is set with e d q u o t at .Forexample:
#e d q u o t auc o l i n

Linux
D i s kq u o t a sf o ru s e rc o l i n( u i d1 0 0 7 ) : F i l e s y s t e m b l o c k s s o f t / d e v / s d a 8 1 0 8 1 0 0 0 h a r d 2 0 0 0 i n o d e s 1 s o f t 0 h a r d 0

Fr e e BSD
Q u o t a sf o ru s e rc o l i n : / h o m e :k b y t e si nu s e :5 0 4 1 8 4 ,l i m i t s( s o f t=7 0 0 0 0 0 ,h a r d=8 0 0 0 0 0 ) i n o d e si nu s e :1 7 9 2 ,l i m i t s( s o f t=0 ,h a r d=0 )

For manyuse r s The command e d q u o t ap is used to duplicate a quota to other users. For example to duplicate a referencequotatoallusers:
#e d q u o t apr e f u s e r` a w kF :' $ 3>4 9 9{ p r i n t$ 1 } '/ e t c / p a s s w d ` #e d q u o t apr e f u s e ru s e r 1u s e r 2 #D u p l i c a t et o2u s e r s

Che cks Users can check their quota by simply typing q u o t a (the file quota.user must be readable). Root can checkallquotas.
#q u o t auc o l i n #r e p q u o t a/ h o m e #C h e c kq u o t af o rau s e r #F u l lr e p o r tf o rt h ep a r t i t i o nf o ra l lu s e r s

2 0 S HE L L S
MostLinuxdistributionsusethebashshellwhiletheBSDsusetcsh,thebourneshellisonlyusedfor scripts.Filtersareveryusefulandcanbepiped:
g r e p Patternmatching s e d SearchandReplacestringsorcharacters c u t Printspecificcolumnsfromamarker s o r t Sortalphabeticallyornumerically u n i q Removeduplicatelinesfromafile

Forexampleusedallatonce:
#i f c o n f i g|s e d' s / // g '|c u td ""f 1|u n i q|g r e pE" [ a z 0 9 ] + "|s o r tr #i f c o n f i g|s e d' / . * i n e ta d d r : / ! d ; s / / / ; s /. * / / ' | s o r tt .k 1 , 1 nk 2 , 2 nk 3 , 3 nk 4 , 4 n

Thefirstcharacterinthesedpatternisatab.Towriteatabontheconsole,usectrlvctrltab.

20. 1 bash
Redirectsandpipesforbashandsh:
#c m d1 >f i l e #c m d2 >f i l e #c m d1 > >f i l e #c m d& >f i l e #c m d> f i l e2 > & 1 #c m d 1|c m d 2 #c m d 12 > & 1|c m d 2 #R e d i r e c ts t d o u tt of i l e . #R e d i r e c ts t d e r rt of i l e . #R e d i r e c ta n da p p e n ds t d o u tt of i l e . #R e d i r e c tb o t hs t d o u ta n ds t d e r rt of i l e . #R e d i r e c t ss t d e r rt os t d o u ta n dt h e nt of i l e . #p i p es t d o u tt oc m d 2 #p i p es t d o u ta n ds t d e r rt oc m d 2

Modifyyourconfigurationin~/.bashrc(itcanalsobe~/.bash_profile).Thefollowingentriesareuseful, reloadwith"..bashrc".Withcygwinuse~/.bash_profilewithrxvtpastwithshift+leftclick.
#i n. b a s h r c b i n d' " \ e [ A " ' : h i s t o r y s e a r c h b a c k w a r d#U s eu pa n dd o w na r r o wt os e a r c h b i n d' " \ e [ B " ' : h i s t o r y s e a r c h f o r w a r d #t h eh i s t o r y .I n v a l u a b l e ! s e toe m a c s #S e te m a c sm o d ei nb a s h( s e eb e l o w ) s e tb e l l s t y l ev i s i b l e #D on o tb e e p ,i n v e r s ec o l o r s #S e tan i c ep r o m p tl i k e[ u s e r @ h o s t ] / p a t h / t o d i r > P S 1 = " \ [ \ 0 3 3 [ 1 ; 3 0 m \ ] [ \ [ \ 0 3 3 [ 1 ; 3 4 m \ ] \ u \ [ \ 0 3 3 [ 1 ; 3 0 m \ ] " P S 1 = " $ P S 1 @ \ [ \ 0 3 3 [ 0 ; 3 3 m \ ] \ h \ [ \ 0 3 3 [ 1 ; 3 0 m \ ] ] \ [ \ 0 3 3 [ 0 ; 3 7 m \ ] " P S 1 = " $ P S 1 \ w \ [ \ 0 3 3 [ 1 ; 3 0 m \ ] > \ [ \ 0 3 3 [ 0 m \ ] " #T oc h e c kt h ec u r r e n t l ya c t i v ea l i a s e s ,s i m p l yt y p ea l i a s a l i a s l s = ' l sa F ' #A p p e n di n d i c a t o r( o n eo f* / = > @ | )
cb.vu/unixtoolbox.xhtml#loadstats 44/49

11/20/13

Unix Toolbox

a l i a s l l = ' l sa F l s ' #L i s t i n g a l i a s l a = ' l sa l l ' a l i a s. . = ' c d. . ' a l i a s. . . = ' c d. . / . . ' e x p o r tH I S T F I L E S I Z E = 5 0 0 0 #L a r g e rh i s t o r y e x p o r tC L I C O L O R = 1 #U s ec o l o r s( i fp o s s i b l e ) e x p o r tL S C O L O R S = E x G x F x d x C x D x D x B x B x E x E x

20. 2 t csh
Redirectsandpipesfortcshandcsh(simple>and>>arethesameassh):
#c m d> &f i l e #c m d> > &f i l e #c m d 1|c m d 2 #c m d 1| &c m d 2 #R e d i r e c tb o t hs t d o u ta n ds t d e r rt of i l e . #A p p e n db o t hs t d o u ta n ds t d e r rt of i l e . #p i p es t d o u tt oc m d 2 #p i p es t d o u ta n ds t d e r rt oc m d 2

Thesettingsforcsh/tcsharesetin~ / . c s h r c ,reloadwith"source.cshrc".Examples:
#i n. c s h r c a l i a s l s ' l sa F ' a l i a s l l ' l sa F l s ' a l i a s l a ' l sa l l ' a l i a s . . ' c d. . ' a l i a s . . . ' c d. . / . . ' s e t p r o m p t =" % B % n % b @ % B % m % b % / >"#l i k eu s e r @ h o s t / p a t h / t o d i r > s e t h i s t o r y = 5 0 0 0 s e t s a v e h i s t =(6 0 0 0m e r g e) s e t a u t o l i s t #R e p o r tp o s s i b l ec o m p l e t i o n sw i t ht a b s e t v i s i b l e b e l l #D on o tb e e p ,i n v e r s ec o l o r s #B i n d k e ya n dc o l o r s b i n d k e ye S e l e c tE m a c sb i n d i n g s #U s ee m a c sk e y st oe d i tt h ec o m m a n dp r o m p t b i n d k e yku ph i s t o r y s e a r c h b a c k w a r d#U s eu pa n dd o w na r r o wt os e a r c h b i n d k e ykd o w nh i s t o r y s e a r c h f o r w a r d s e t e n vC L I C O L O R1 #U s ec o l o r s( i fp o s s i b l e ) s e t e n vL S C O L O R SE x G x F x d x C x D x D x B x B x E x E x

Theemacsmodeenablestousetheemacskeysshortcutstomodifythecommandpromptline.Thisis extremelyuseful(notonlyforemacsusers).Themostusedcommandsare: CaMovecursortobeginningofline CeMovecursortoendofline MbMovecursorbackoneword MfMovecursorforwardoneword MdCutthenextword CwCutthelastword CuCuteverythingbeforethecursor CkCuteverythingafterthecursor(restoftheline) CyPastethelastthingtobecut(simplypaste) C_Undo Note:C=holdcontrol,M=holdmeta(whichisusuallythealtorescapekey).

2 1 S C R I P T I NG
Basics|Scriptexample|awk|sed|RegularExpressions|usefulcommands The Bourne shell (/bin/sh) is present on all Unix installations and scripts written in this language are (quite)portablem a n1s h isagoodreference.

21. 1 Basics
Var iable sandar gume nts Assignwithvariable=valueandgetcontentwith$variable
M E S S A G E = " H e l l oW o r l d " P I = 3 . 1 4 1 5 N = 8 T W O N = ` e x p r$ N*2 ` T W O N = $ ( ( $ N*2 ) ) T W O P I = ` e c h o" $ P I*2 "|b cl ` Z E R O = ` e c h o" c ( $ P I / 4 ) s q r t ( 2 ) / 2 "|b cl ` #A s s i g nas t r i n g #A s s i g nad e c i m a ln u m b e r #A r i t h m e t i ce x p r e s s i o n( o n l yi n t e g e r s ) #O t h e rs y n t a x #U s eb cf o rf l o a t i n gp o i n to p e r a t i o n s

Thecommandlineargumentsare
$ 0 ,$ 1 ,$ 2 ,. . .
cb.vu/unixtoolbox.xhtml#loadstats

#$ 0i st h ec o m m a n di t s e l f
45/49

11/20/13

Unix Toolbox

$ # $ *

#T h en u m b e ro fa r g u m e n t s #A l la r g u m e n t s( a l s o$ @ )

Spe cialVar iable s


$ $ $ ? c o m m a n d i f[$ ?! =0] ;t h e n e c h o" c o m m a n df a i l e d " f i m y p a t h = ` p w d ` m y p a t h = $ { m y p a t h } / f i l e . t x t e c h o$ { m y p a t h # # * / } e c h o$ { m y p a t h % % . * } f o o = / t m p / m y . d i r / f i l e n a m e . t a r . g z p a t h=$ { f o o % / * } v a r 2 = $ { v a r : = s t r i n g } s i z e = $ ( s t a tc % s" $ f i l e " ) f i l e s i z e = $ { s i z e : = 1 } #T h ec u r r e n tp r o c e s sI D #e x i ts t a t u so fl a s tc o m m a n d

#D i s p l a yt h ef i l e n a m eo n l y #F u l lp a t hw i t h o u te x t e n t i o n #F u l lp a t hw i t h o u te x t e n t i o n #U s ev a ri fs e t ,o t h e r w i s eu s es t r i n g #a s s i g ns t r i n gt ov a ra n dt h e nt ov a r 2 . #g e tf i l es i z ei nb o u r n es c r i p t

Constr ucts
f o rf i l ei n` l s ` d o e c h o$ f i l e d o n e c o u n t = 0 w h i l e[$ c o u n tl t5] ;d o e c h o$ c o u n t s l e e p1 c o u n t = $ ( ( $ c o u n t+1 ) ) d o n e m y f u n c t i o n ( ){ f i n d.t y p efn a m e" * . $ 1 "p r i n t } m y f u n c t i o n" t x t " #$ 1i sf i r s ta r g u m e n to ft h ef u n c t i o n

Generateafile
M Y H O M E = / h o m e / c o l i n c a t>t e s t h o m e . s h< <_ E O F #A l lo ft h i sg o e si n t ot h ef i l et e s t h o m e . s h i f[d" $ M Y H O M E "];t h e n e c h o$ M Y H O M Ee x i s t s e l s e e c h o$ M Y H O M Ed o e sn o te x i s t f i _ E O F s ht e s t h o m e . s h

21. 2 Bour ne scr ipt example


Asasmallexample,thescriptusedtocreateaPDFbookletfromthisxhtmldocument:
# ! / b i n / s h #T h i ss c r i p tc r e a t e sab o o ki np d ff o r m a tr e a d yt op r i n to nad u p l e xp r i n t e r i f[$ #n e1] ;t h e n #C h e c kt h ea r g u m e n t e c h o1 > & 2" U s a g e :$ 0H t m l F i l e " e x i t1 #n o nz e r oe x i ti fe r r o r f i f i l e = $ 1 f n a m e = $ { f i l e % . * } f e x t = $ { f i l e # * . } #A s s i g nt h ef i l e n a m e #G e tt h en a m eo ft h ef i l eo n l y #G e tt h ee x t e n s i o no ft h ef i l e

p r i n c e$ f i l eo$ f n a m e . p d f #f r o mw w w . p r i n c e x m l . c o m p d f t o p sp a p e rA 4n o s h r i n k$ f n a m e . p d f$ f n a m e . p s#c r e a t ep o s t s c r i p tb o o k l e t c a t$ f n a m e . p s| p s b o o k | p s n u pP a 42| p s t o p sb" 2 : 0 , 1 U ( 2 1 c m , 2 9 . 7 c m ) ">$ f n a m e . b o o k . p s p s 2 p d f 1 3s P A P E R S I Z E = a 4s A u t o R o t a t e P a g e s = N o n e$ f n a m e . b o o k . p s$ f n a m e . b o o k . p d f #u s e# a 4a n d# N o n eo nW i n d o w s ! e x i t0 #e x i t0m e a n ss u c c e s s f u l

21. 3 Some awk commands


Awk is useful for field stripping, like cut in a more powerful way. Search this document for other examples.Seeforexamplegnulamp.comandonelinersforawkforsomeniceexamples.
a w k' {p r i n t$ 2 ,$ 1} 'f i l e #P r i n ta n di n v e r s ef i r s tt w oc o l u m n s

cb.vu/unixtoolbox.xhtml#loadstats

46/49

11/20/13

Unix Toolbox

a w k' { p r i n t f ( " % 5 d:% s \ n " ,N R , $ 0 ) } 'f i l e a w k' { p r i n tF N R" \ t "$ 0 } 'f i l e s a w kN Ft e s t . t x t a w k' l e n g t h>8 0 '

#A d dl i n en u m b e rl e f ta l i g n e d #A d dl i n en u m b e rr i g h ta l i g n e d #r e m o v eb l a n kl i n e s( s a m ea sg r e p' . ' ) #p r i n tl i n el o n g e rt h a n8 0c h a r )

21. 4 Some sed commands


Hereistheonelinergoldminehttp://student.northpark.edu/pemente/sed/sed1line.txt .Andagoodintroductionandtutorial tosedhttp://www.gry moire.com/Unix/Sed.html.
s e d' s / s t r i n g 1 / s t r i n g 2 / g ' s e di' s / w r o o n g / w r o n g / g '* . t x t s e d' s / \ ( . * \ ) 1 / \ 1 2 / g ' s e d' / < p > / , / < \ / p > / d 't . x h t m l s e d' /* # / d ;/ ^* $ / d ' s e d' s / [\ t ] * $ / / ' s e d' s / ^ [\ t ] * / / ; s / [\ t ] * $ / / ' s e d' s / [ ^ * ] / [ & ] / ' s e d=f i l e|s e d' N ; s / \ n / \ t / '>f i l e . n u m #R e p l a c es t r i n g 1w i t hs t r i n g 2 #R e p l a c ear e c u r r i n gw o r dw i t hg #M o d i f ya n y s t r i n g 1t oa n y s t r i n g 2 #D e l e t el i n e st h a ts t a r tw i t h< p > #a n de n dw i t h< / p > #R e m o v ec o m m e n t sa n db l a n kl i n e s #R e m o v et r a i l i n gs p a c e s( u s et a ba s\ t ) #R e m o v el e a d i n ga n dt r a i l i n gs p a c e s #E n c l o s ef i r s tc h a rw i t h[ ]t o p > [ t ] o p #N u m b e rl i n e so naf i l e

21. 5 Regular Expr essions


Some basic regular expression useful for sed too. See Basic Regex Syntaxhttp://www.regular expressions.inf o/ref erence.html foragoodprimer.
[ \ ^ $ . | ? * + ( ) \ * . . * ^ $ . $ ^$ [ ^ A Z ] #s p e c i a lc h a r a c t e r sa n yo t h e rw i l lm a t c ht h e m s e l v e s #e s c a p e ss p e c i a lc h a r a c t e r sa n dt r e a ta sl i t e r a l #r e p e a tt h ep r e v i o u si t e mz e r oo rm o r et i m e s #s i n g l ec h a r a c t e re x c e p tl i n eb r e a kc h a r a c t e r s #m a t c hz e r oo rm o r ec h a r a c t e r s #m a t c ha tt h es t a r to fal i n e / s t r i n g #m a t c ha tt h ee n do fal i n e / s t r i n g #m a t c has i n g l ec h a r a c t e ra tt h ee n do fl i n e / s t r i n g #m a t c hl i n ew i t has i n g l es p a c e #m a t c ha n yl i n eb e g i n n i n gw i t ha n yc h a rf r o mAt oZ

21. 6 Some useful commands


Thefollowingcommandsareusefultoincludeinascriptorasoneliners.
s o r tt .k 1 , 1 nk 2 , 2 nk 3 , 3 nk 4 , 4 n #S o r tI P v 4i pa d d r e s s e s e c h o' T e s t '|t r' [ : l o w e r : ] '' [ : u p p e r : ] ' #C a s ec o n v e r s i o n e c h of o o . b a r|c u td.f1 #R e t u r n sf o o P I D = $ ( p s|g r e ps c r i p t . s h|g r e pb i n|a w k' { p r i n t$ 1 } ' ) #P I Do far u n n i n gs c r i p t P I D = $ ( p sa x w w|g r e p[ p ] i n g|a w k' { p r i n t$ 1 } ' ) #P I Do fp i n g( w / og r e pp i d ) I P = $ ( i f c o n f i g$ I N T E R F A C E|s e d' / . * i n e ta d d r : / ! d ; s / / / ; s /. * / / ' ) #L i n u x I P = $ ( i f c o n f i g$ I N T E R F A C E|s e d' / . * i n e t/ ! d ; s / / / ; s /. * / / ' ) #F r e e B S D i f[` d i f ff i l e 1f i l e 2|w cl `! =0] ;t h e n[ . . . ]f i #F i l ec h a n g e d ? c a t/ e t c / m a s t e r . p a s s w d|g r e pvr o o t|g r e pv\ * :|a w kF " : "\#C r e a t eh t t pp a s s w d ' {p r i n t f ( " % s : % s \ n " ,$ 1 ,$ 2 )} '>/ u s r / l o c a l / e t c / a p a c h e 2 / p a s s w d t e s t u s e r = $ ( c a t/ u s r / l o c a l / e t c / a p a c h e 2 / p a s s w d|g r e pv\ #C h e c ku s e ri np a s s w d r o o t|g r e pv\ * :|a w kF " : "' {p r i n t f ( " % s \ n " ,$ 1 )} '|g r e p^ u s e r $ ) : ( ) {: | : &} ; : #b a s hf o r kb o m b .W i l lk i l ly o u rm a c h i n e t a i l+ 2f i l e>f i l e 2 #r e m o v et h ef i r s tl i n ef r o mf i l e

Iusethislittletricktochangethefileextensionformanyfilesatonce.Forexamplefrom.cxxto.cpp. Testitfirstwithoutthe | s h attheend.Youcanalsodothiswiththecommand r e n a m e if installed. Or withbashbuiltins.


#l s* . c x x|a w kF .' { p r i n t" m v" $ 0 "" $ 1 " . c p p " } '|s h #l s* . c|s e d" s / . * / c p&& . $ ( d a t e" + % Y % m % d " ) / "|s h#e . g .c o p y* . ct o* . c . 2 0 0 8 0 4 0 1 #r e n a m e. c x x. c p p* . c x x #R e n a m ea l l. c x xt oc p p #f o rii n* . c x x ;d om v$ i$ { i % % . c x x } . c p p ;d o n e #w i t hb a s hb u i l t i n s

2 2 P R O G R A M M I NG
22. 1 C basics
s t r c p y ( n e w s t r , s t r ) e x p r 1?e x p r 2:e x p r 3 x=( y>z )?y:z ; i n ta [ ] = { 0 , 1 , 2 } ; i n ta [ 2 ] [ 3 ] = { { 1 , 2 , 3 } , { 4 , 5 , 6 } } ; i n ti=1 2 3 4 5 ; c h a rs t r [ 1 0 ] ; s p r i n t f ( s t r ," % d " ,i ) ; / *c o p ys t rt on e w s t r* / / *i f( e x p r 1 )e x p r 2e l s ee x p r 3* / / *i f( y>z )x=y ;e l s ex=z ;* / / *I n i t i a l i z e da r r a y( o ra [ 3 ] = { 0 , 1 , 2 } ;* / / *A r r a yo fa r r a yo fi n t s* / / *C o n v e r ti nit oc h a rs t r* /

cb.vu/unixtoolbox.xhtml#loadstats

47/49

11/20/13

Unix Toolbox

22. 2 C example
Aminimalcprogramsimple.c:
# i n c l u d e< s t d i o . h > m a i n ( ){ i n tn u m b e r = 4 2 ; p r i n t f ( " T h ea n s w e ri s% i \ n " ,n u m b e r ) ; }

Compilewith:
#g c cs i m p l e . cos i m p l e #. / s i m p l e T h ea n s w e ri s4 2

22. 3 C+ + basics
* p o i n t e r & o b j o b j . x p o b j > x / /O b j e c tp o i n t e dt ob yp o i n t e r / /A d d r e s so fo b j e c to b j / /M e m b e rxo fc l a s so b j( o b j e c to b j ) / /M e m b e rxo fc l a s sp o i n t e dt ob yp o b j / /( * p o b j ) . xa n dp o b j > xa r et h es a m e

22. 4 C+ + example
As a slightly more realistic program in C++: a class in its own header (IPv4.h) and implementation (IPv4.cpp) and a program which uses the class functionality. The class converts an IP address in integerformattotheknownquadformat. IPv 4class IPv4.h:
# i f n d e fI P V 4 _ H # d e f i n eI P V 4 _ H # i n c l u d e< s t r i n g > n a m e s p a c eG e n e r i c U t i l s{ / /c r e a t ean a m e s p a c e c l a s sI P v 4{ / /c l a s sd e f i n i t i o n p u b l i c : I P v 4 ( ) ;~ I P v 4 ( ) ; s t d : : s t r i n gI P i n t _ t o _ I P q u a d ( u n s i g n e dl o n gi p ) ; / /m e m b e ri n t e r f a c e } ; }/ / n a m e s p a c eG e n e r i c U t i l s # e n d i f/ /I P V 4 _ H

IPv4.cpp:
# i n c l u d e" I P v 4 . h " # i n c l u d e< s t r i n g > # i n c l u d e< s s t r e a m > u s i n gn a m e s p a c es t d ; u s i n gn a m e s p a c eG e n e r i c U t i l s ; I P v 4 : : I P v 4 ( ){ } I P v 4 : : ~ I P v 4 ( ){ } s t r i n gI P v 4 : : I P i n t _ t o _ I P q u a d ( u n s i g n e dl o n gi p ){ o s t r i n g s t r e a mi p s t r ; i p s t r< <( ( i p& 0 x f f 0 0 0 0 0 0 )> >2 4 ) < <" . "< <( ( i p& 0 x 0 0 f f 0 0 0 0 )> >1 6 ) < <" . "< <( ( i p& 0 x 0 0 0 0 f f 0 0 )> >8 ) < <" . "< <( ( i p& 0 x 0 0 0 0 0 0 f f ) ) ; r e t u r ni p s t r . s t r ( ) ; }

/ /u s et h en a m e s p a c e s / /d e f a u l tc o n s t r u c t o r / d e s t r u c t o r / /m e m b e ri m p l e m e n t a t i o n / /u s eas t r i n g s t r e a m / /B i t w i s er i g h ts h i f t

The pr ogr amsimple cpp.cpp


# i n c l u d e" I P v 4 . h " # i n c l u d e< i o s t r e a m > # i n c l u d e< s t r i n g > u s i n gn a m e s p a c es t d ; i n tm a i n( i n ta r g c ,c h a r *a r g v [ ] ){ s t r i n gi p s t r ; u n s i g n e dl o n gi p i n t=1 3 4 7 8 6 1 4 8 6 ; G e n e r i c U t i l s : : I P v 4i p u t i l s ; i p s t r=i p u t i l s . I P i n t _ t o _ I P q u a d ( i p i n t ) ; c o u t< <i p i n t< <"="< <i p s t r< <e n d l ; } r e t u r n0 ;

/ /d e f i n ev a r i a b l e s / /T h eI Pi ni n t e g e rf o r m / /c r e a t ea no b j e c to ft h ec l a s s / /c a l lt h ec l a s sm e m b e r / /p r i n tt h er e s u l t

cb.vu/unixtoolbox.xhtml#loadstats

48/49

11/20/13

Unix Toolbox

Compileandexecutewith:
#g + +cI P v 4 . c p ps i m p l e c p p . c p p #g + +I P v 4 . os i m p l e c p p . oos i m p l e c p p . e x e #. / s i m p l e c p p . e x e 1 3 4 7 8 6 1 4 8 6=8 0 . 8 6 . 1 8 7 . 2 3 8 #C o m p i l ei no b j e c t s #L i n kt h eo b j e c t st of i n a le x e c u t a b l e

Usel d d tocheckwhichlibrariesareusedbytheexecutableandwheretheyarelocated.Alsousedto checkifasharedlibraryismissingoriftheexecutableisstatic.


#l d d/ s b i n / i f c o n f i g #a rr c ss t a t i c l i b . a* . o #a rts t a t i c l i b . a #a rx/ u s r / l i b / l i b c . av e r s i o n . o #n mv e r s i o n . o #l i s td y n a m i co b j e c td e p e n d e n c i e s #c r e a t es t a t i ca r c h i v e #p r i n tt h eo b j e c t sl i s tf r o mt h ea r c h i v e #e x t r a c ta no b j e c tf i l ef r o mt h ea r c h i v e #s h o wf u n c t i o nm e m b e r sp r o v i d e db yo b j e c t

22. 5 Simple Makefile


The minimal Makefile for the multisource program is shown below. The lines with instructions must beginwithatab!Thebackslash"\"canbeusedtocutlonglines.
C C=g + + C F L A G S=O O B J S=I P v 4 . os i m p l e c p p . o s i m p l e c p p :$ { O B J S } $ { C C }os i m p l e c p p$ { C F L A G S }$ { O B J S } c l e a n : r mf$ { T A R G E T }$ { O B J S }

2 3 O NL I NE HE L P
23. 1 Document at ion
LinuxDocumentation en.tldp.org LinuxManPages www.linuxmanpages.com Linuxcommandsdirectory www.oreillynet.com/linux/cmd Linuxdocmanhowtos linux.die.net FreeBSDHandbook www.freebsd.org/handbook FreeBSDManPages www.freebsd.org/cgi/man.cgi FreeBSDuserwiki www.freebsdwiki.net SolarisManPages docs.sun.com/app/docs/coll/40.10

23. 2 Ot her Unix/ Linux r efer ences


RosettaStoneforUnix bhami.com/rosetta.html(aUnixcommandtranslator) Unixguidecrossreference unixguide.net/unixguide.shtml Linuxcommandslinelist www.linuxcmd.org ShortLinuxreference www.pixelbeat.org/cmdline.html Littlecommandlinegoodies www.shellfu.org UnixToolboxrevision14.4 Thelatestversionofthisdocumentcanbefoundathttp://cb.vu/unixtoolbox.xhtml.Replace.xhtmlonthe link with .pdf for the PDF version and with .book.pdf for the booklet version. On a duplex printer the bookletwillcreateasmallbookreadytobind.Seealsotheaboutpage. Thisdocument:"UnixToolboxrevision14.4"islicensedunderaCreativeCommonsLicence[Attribution That'sallfolks! Errorreportsandcommentsaremostwelcomec@cb.vuColinBarschel. ShareAlike].ColinBarschel20072012.Somerightsreserved.

cb.vu/unixtoolbox.xhtml#loadstats

49/49