Linux Cheat Sheet

Table of Contents

Ubuntu/Mint

Enabling bluetooth in virtualbox Ubuntu

enabling bluetooth in virtualbox
  1. nuke usb phone from device manager
  2. disable in virtualbox (e.g. intel)
  3. enable in virtualbox (e.g. intel)
  4. enable usb in device manager
  5. ubuntu/mint SystemSettings/hardware/bluetooth
  6. ubuntu/mint cli - hciconfig -a
  7. bluetoothctl
    1. list
    2. show <bluetooth mac>
    3. devices
    4. connect <bluetooth mac>
  8. nuke usb phone from device manager
  9. disable in virtualbox (e.g. intel)
  10. enable in virtualbox (e.g. intel)
  11. enable usb in device manager
  12. transfer file via ubuntu/mint SystemSettings/hardware/bluetooth

stat command

ls on steroids

Apt Sources

Manually loading a deb package

...not sure if all these steps are necessary...using nginx as an example
grabed nginx_0.6.31-2_i386.deb from http://packages.debian.org/sid/i386/nginx/download (latest stable build)
nginx_*.deb in /var/cache/apt/archives/
installed apt-move
configured in /etc/apt-move.conf...make sure the path matches the path you're adding in the /etc/apt/sources.list
added file:// to /etc/apt/sources.list (get this detail from file)
ran 'apt-move update'
you may need to move to a directory where the .deb file is
ran 'dpkg -i nginx_0.6.31-2_i386.deb'.

Cleaning up old packages

apt-get autoremove

Updating releases (command line)

sudo apt-get install update-manager-core
sudo do-release-upgrade
(optional) sudo update-grub
sudo restart
lsb_release -a
cat /etc/centos-release

Modifying default boot image in grub

cp /boot/grub/menu.lst /boot/grub/menu.lst.bkup
vi /boot/grub/menu.lst
default <num>
(where <num> matches with 0 based kernel line further down in the file)

Removing old kernels

dpkg -l | grep linux

taken from a response by Leonard Chatagnier and Jimmy Wu on the ubuntu-users@lists.ubuntu.com mailing list
simply remove the kernel-images you don't want
using apt-get, aptitude or whatever front end you
choose:
"aptitude remove (purge, I like) linux-image-2.6.20-15-386-generic" 
or whatever the name is.
Once you removed what you want, I think just running
"sudo grub-update" will take care of menu.list located
in /boot/grub/ and you shouldn't have to edit the
file.
If you use lilo(prob not)you may have to edit lilo but
it's been a while since I've used lilo.
Hey, I'm no expert but I've done this before and it
worked so I wouldn't be afraid to try.  If I'm all wet
on this then let the experts chime in. If grub update
leaves some residue of removed kernels, I'd just
remove the residue. As far as what to keep, don't
really have any idea but the oldest kernel-image I
have is a 2.6.20-15. The one I use is
2.6.20-16-lowlatency #2 SMP PREEMPT on a 2000 era Dell
Dimensions desktop. I keep one or two extra kernels
just in case one fails.

apt-get runs update-grub automatically, but consider running /usr/sbin/update-grub as opposed to /sbin/update-grub...

List of packages for Ubuntu (hardy heron)

http://packages.ubuntu.com/hardy-updates/allpackages

Preventing a package from being updated in Ubuntu

Got this from http://www.ubuntugeek.com/how-to-prevent-a-package-from-being-updated-in-ubuntu.html.

Using dpkg
  1. Put a package on hold
    sudo echo .package hold. | dpkg --set-selections
    Example
    sudo echo .apache2 hold. | dpkg --set-selections
  2. Remove the hold
    sudo echo .package install. | dpkg --set-selections
    Example
    sudo echo .apache2 install. | dpkg --set-selections
  3. Knowing the status of your packages
    sudo dpkg --set-selections

Using aptitude
  1. With aptitude, you can hold a package using
    sudo aptitude hold package_name
    Example
    sudo aptitude hold apache2
  2. and remove the hold with
    sudo aptitude unhold package_name
    Example
    sudo aptitude unhold apache2

Using dselect
With dselect, you just have to enter the [S]elect screen, find the package you wish to hold in its present state, and press the `=. key (or `H.). The changes will go live immediately after you exit the [S]elect screen.

Checking versions of Ubuntu and kernels

uname -a
cat /etc/issue
lsb_release -a
cat /etc/lsb-release

Network Config - (Ubuntu) CLI

Screen scraped from ubuntugeek.com

The basics for any network based on *nix hosts is the Transport Control Protocol/ Internet Protocol (TCP/IP) combination of three protocols. This combination consists of the Internet Protocol (IP),Transport Control Protocol (TCP), and Universal Datagram Protocol (UDP).

By default, most of the users configure their network card during the installation of Ubuntu. You can however, use the ifconfig command at the shell prompt or Ubuntu's graphical network configuration tools, such as network-admin, to edit your system's network device information or to add or remove network devices on your system.

You can configure a network interface from the command line using the networking utilities. You configure your network client hosts with the command line by using commands to change your current settings or by editing a number of system files.

Configuring DHCP addr for net card

If you want to configure DHCP address you need to edit the /etc/network/interfaces and you need to enter the following lines replace eth0 with your network interface card

sudo vi /etc/network/interfaces

# The primary network interface - use DHCP to find our address
auto eth0
iface eth0 inet dhcp

Release/Renew DHCP
sudo dhclient -v -r eth0
sudo dhclient -v eth0
  OR
sudo dhclient -v -r
sudo dhclient -v
Configuring Static IP addr for net card

If you want to configure Static IP address you need to edit the /etc/network/interfaces and you need to enter the following lines replace eth0 with your network interface card

sudo vi /etc/network/interfaces

# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.3.90
gateway 192.168.3.1
netmask 255.255.255.0
network 192.168.3.0
broadcast 192.168.3.255

IF THIS DOESN'T WORK, TAKE A LOOK AT (e.g. you're using Ubunbu/Mint network applet), check out /etc/NetworkManager/system-connections/ for your configured connection

[802-3-ethernet]
duplex=full
mac-address=00:11:22:33:44:55

[connection]
id=Wired connection 2
uuid=12345678-1234-abcd-efgh-1234567890ab
type=802-3-ethernet
timestamp=1379955267

[ipv6]
method=auto

[ipv4]
method=manual
address1=169.1.2.3/32,0.0.0.0

After entering all the details you need to restart networking services using the following command

sudo /etc/init.d/networking restart

OR

sudo ifdown eth0:1 && sudo ifup eth0:1

If you were DHCP, and restart doesn't work (e.g. you get a 'RTNETLINK answers: File exists' or some other weird error), try rebooting the box.

Setting up 2nd IP addr or Virtual IP addr (Ubuntu)

If you are a server system administrator or normal user some time you need to assign a second ipaddress to your Ubuntu machine.For this you need to edit the /etc/network/interfaces file and you need to add the following syntax.Below one is the only example you need to chnage according to your ip address settings

sudo vi /etc/network/interfaces

auto eth0:1
iface eth0:1 inet static
address 192.168.1.60
netmask 255.255.255.0
network x.x.x.x
broadcast x.x.x.x
gateway x.x.x.x

You need to enter all the details like address,netmask,network,broadcast and gateways values after entering all the values save this file and you need to restart networking services in debian using the following command to take effect of our new ipaddress.

After entering all the details you need to restart networking services using the following command

sudo /etc/init.d/networking restart

OR

sudo ifdown eth0:1 && sudo ifup eth0:1

Adding permanent static routes
Got this from http://www.ubuntugeek.com/howto-add-permanent-static-routes-in-ubuntu.html.

route add [-net|-host] <IP/Net> netmask <Mask> gw <Gateway IP> dev <Int>X

Example
route add -net 10.10.10.0 netmask 255.255.255.0 gw 192.168.1.1 dev eth0

To print routes
route
netstat -rn

To keep them persistant
Add to /etc/network/interfaces
up route add [-net|-host] <host/net>/<mask> gw <host/IP> dev <Interface>
Example
up route add -net 172.20.11.0/16 gw 172.20.10.254 dev eth1
Setting system hostname (Ubuntu)

Setting up your hostname upon a ubuntu installation is very straightforward. You can directly query, or set, the hostname with the hostname command.

As an user you can see your current hostname with

sudo /bin/hostname

Example

To set the hostname directly you can become root and run

sudo /bin/hostname newname

When your system boots it will automatically read the hostname from the file /etc/hostname

If you want to know more about how to setup host name check here

Setting up DNS

When it comes to DNS setup Ubuntu doesn't differ from other distributions. You can add hostname and IP addresses to the file /etc/hosts for static lookups.

To cause your machine to consult with a particular server for name lookups you simply add their addresses to /etc/resolv.conf.

For example a machine which should perform lookups from the DNS server at IP address 192.168.3.2 would have a resolv.conf file looking like this

sudo vi /etc/resolv.conf

enter the following details

search test.com
nameserver 192.168.3.2

Adding IPv6 Teredo tunnel
linux - miredo - http://www.remlab.net/miredo
rfc3280 - Teredo tunnels
encapsulating IPv6 payload in v4 UDP datagrams
apt-get install miredo

BE CAREFUL - ipv4 NAT no longer provides protection...either use ip6tables or bind relevant services to localhost (::1)
connect to internet with analog modem
wvdial
wvdialconf & /etc/wvdial.conf for configuration
UCI commands

Adding Gnome to server

sudo aptitude install x-window-system-core gnome-core (or gnome if you want all the bells and whistles of a full desktop environment). If you also want a gui login, then also install gdm.

If necessary from the command line - /etc/init.d/gdm start

Starting GDM/Gnome from the command line

sudo invoke-rc.d gdm start

Adding Beryl

http://ubuntu.beryl-project.org/

Installing Cinnamon as alternate Desktop Interface

Got this from http://www.webupd8.org/2012/02/alternative-cinnamon-ppa-for-ubuntu.html
.
sudo add-apt-repository ppa:gwendal-lebihan-dev/cinnamon-stable
sudo apt-get update
sudo apt-get install cinnamon

Installing Adobe PDF reader with Plug-in for Mozilla Firefox in Feisty Fawn

Got this entry from from Ubuntu Geek

Using medibuntu Repository

Medibuntu (Multimedia, Entertainment & Distractions In Ubuntu) is a repository of packages that cannot be included into the Ubuntu distribution for legal reasons (copyright, license, patent, etc).

Add gpg key using the following command

wget -q http://packages.medibuntu.org/medibuntu-key.gpg -O- | sudo apt-key add -

Edit sources.list with new repo data

sudo wget http://medibuntu.sos-sts.com/sources.list.d/feisty.list -O /etc/apt/sources.list.d/medibuntu.list

Update the source list using the following command

sudo apt-get update

Install acrobat reader with firefox plugin in Ubuntu

sudo apt-get install acroread mozilla-acroread acroread-plugins

This will complete the installation

If you want top open acrobat reader go to Applications -> Office -> Adobe Reader

Setting up to print to pdf

taken Ubuntu mailing list
Using cups-pdf, here's how I did this:

$ sudo apt-get install cups-pdf

(May already be there.)

Add a new printer (system -> administration -> printing), select the 
"Print into PDF File" and click Forward.  Select "Generic" under Makes, 
and click Forward.  For Models I used "PDF File Generator." Give you new 
PDF printer a name, description (optional) and location (optional).  
Click Apply.

The output gets stored in $HOME/PDF, and unfortunately you don't get to 
pick the file name on creation.

Ubuntu/Debian Startup

rc*.d contains links to /etc/init.d for what starts up at each level
if things (like shorewall) are set to run in rcS.d, they may not run in levels 1-5.
use bum and/or sysv-rc-conf to more easily manipulate the rc*.d links

update-rc.d is used to (manually) update the start level links
before removing a link you must delete it from init.d

telinit used to change the runlevel of the system
runlevel checks previous and current runlevel

Run-levelsDescription
0halt/poweroff
1single-user
2multi-user
3user defined
4user defined
5user defined
6reboot
Ssingle user

Adding user startup scripts to bootup

Add startup script to appropriate rc*.d directory. For example:
#/etc/rc2.d/S99rc.local
#! /bin/sh

PATH=/sbin:/bin:/usr/sbin:/usr/bin
[ -f /etc/default/rcS ] && . /etc/default/rcS
. /lib/lsb/init-functions

do_start() {
if [ -x /etc/rc.local ]; then
	log_begin_msg "Running local boot scripts (/etc/rc.local)"
	/etc/rc.local
	log_end_msg $?
fi
}

case "$1" in
	start)
		do_start
		;;
	restart|reload|force-reload)
		echo "Error: argument '$1' not supported" >&2
		exit 3
		;;
	stop)
		;;
	*)
		echo "Usage: $0 start|stop" >&2
		exit 3
		;;
esac

even better - add a script to be run to /etc/rc.local

Console Settings (screen timeouts, fonts, ...)

vi /etc/console-tools/config
vi ~/.gconf/apps/gnome-screensaver/%gconf.xml
possibly
vi /etc/X1l/xorg.conf
  Section "ServerFlags"
           Option "BlankTime"  "0"
  EndSection

Changing Network Card MAC Addr

taken from http://www.ubuntugeek.com/change-your-network-card-mac-address-on-ubuntu.html#more-61

sudo apt-get install macchanger use apt-get to install the program
ifconfig check the interface configuration
/etc/init.d/networking stop stop the networking services
macchanger [options] device
-h, -helpShow summary of options.
-V, -versionShow version of program.
-e, -enddingDon't change the vendor bytes.
-a, -anotherSet random vendor MAC of the same kind.
-ASet random vendor MAC of any kind.
-r, -randomSet fully random MAC.
-l, -list[=keyword]Print known vendors (with keyword in the vendor's description string)
-m, --mac XX:XX:XX:XX:XX:XXSet the MAC XX:XX:XX:XX:XX:XX

How-To Recover password under Ubuntu

Taken from http://www.ubuntugeek.com/how-to-recover-password-under-ubuntu.html.

If you forgot you password for your ubuntu system you 
can recover using the following steps

Turn your computer on.

Press ESC at the grub prompt.

Press e for edit.

Highlight the line that begins kernel....... press e

Go to the very end of the line, add rw init=/bin/bash

press enter, then press b to boot your system.

Your system will boot up to a passwordless root shell.

Type in passwd username

Set your password.

Type in reboot 

How to view CHM (Microsoft Compiled HTML Help) files in Ubuntu

Taken from http://www.ubuntugeek.com/how-to-view-chm-microsoft-compiled-html-help-files-in-ubuntu.html.

Microsoft Compiled HTML Help is a proprietary format for online help files, developed by Microsoft and first released in 1997 as a successor to the Microsoft WinHelp format.

You can use either kchmviewer or gnochm or xchm.

kchmviewer from KDE

kchmviewer is a CHM (Winhelp) files viewer written in Qt/ KDE. It can be build as a stand-alone Qt-based application or a KDE application. The main point is compatibility with non-English CHM files, including most international character sets. It has the features set of standard viewer: search (including non-English CHMs), bookmarking, font size changing, index/content browsing, codepage support, and more.

Install kchmviewer Using the following command

sudo aptitude install kchmviewer

gnochm from Gnome

GnoCHM is a CHM file viewer for GNOME. It is implemented in Python, using the PyCHM bindings for chmlib.

Install gnochm Using the following command

sudo aptitude install gnochm

xchm

xCHM is a cross-platform GUI front-end to chmlib, with borrowed bits from Pabs' chmdeco project. Originally written for UNIX systems (Linux, *BSD, Solaris), xCHM has been since ported to Mac OS X and Windows.

xCHM can show the content tree if one is available, print pages, change font face and size, remember bookmarks, display a searchable index, and search for words in the current page and the whole book.

Install gnochm Using the following command

sudo aptitude install xchm

Working with ssh or anything that uses it

keys are stored in .ssh
private key is stored in something like id_dsa
public key is stored in something like id_dsa.pub
put public key in destination's authorized_key file, if you don't want to have to login on the other system.
known_hosts stores the fingerprints (?) for the hosts you go to and choose to store.
To regenerate keys, try something like ssh-keygen -t dsa. Search for 'HOWTO: set up ssh keys' on the web for more info.

How To Determine a systems ssl certificate

openssl s_client -connect :636 -showcerts

Determine if you have a DER or PEM formatted cert

got this from https://stackoverflow.com/questions/5215771/how-can-i-check-if-the-certificate-file-i-have-is-in-pem-format
View PEM encoded certificate ---------------------------- openssl x509 -in cert.pem -text -noout openssl x509 -in cert.cer -text -noout openssl x509 -in cert.crt -text -noout If you get the folowing error it means that you are trying to view a DER encoded certifciate and need to use the commands in the “View DER encoded certificate below” unable to load certificate 12626:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:647:Expecting: TRUSTED CERTIFICATE View DER encoded Certificate View DER encoded Certificate ---------------------------- openssl x509 -in certificate.der -inform der -text -noout If you get the following error it means that you are trying to view a PEM encoded certificate with a command meant for DER encoded certs. Use a command in the “View PEM encoded certificate above unable to load certificate 13978:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN: wrong tag:tasn_dec.c:1306:13978:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:380:Type=X509

Generating Cert

https://help.ubuntu.com/lts/serverguide/certificates-and-security.html
Generate a Certificate Signing Request
openssl genrsa -des3 -out server.key 2048

openssl rsa -in server.key -out server.key.insecure
mv server.key server.key.secure
mv server.key.insecure server.key

openssl req -new -key server.key -out server.csr
Creating a Self-Signed Cert
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Installing the Cert
sudo cp server.crt /etc/ssl/certs
sudo cp server.key /etc/ssl/private

Locking down ssh

Some of this was copied from http://www.faqs.org/docs/securing/chap15sec122.html
Some of this was copied from http://www.cyberciti.biz/tips/linux-unix-bsd-openssh-server-best-practices.html
vi /etc/ssh/sshd_config
Port 1984
PermitRootLogin no
#only allow ssh v2
protocol 2
PermitEmptyPasswords no
#Allow only following users to login using ssh
AllowUsers joe
#user has to login in 30 seconds
LoginGraceTime 30
#Disconnect ssh with 5 minutes no activity
ClientAliveInterval 600
ClientAliveCountMax 0
#  Turn on privilege separation
UsePrivilegeSeparation yes
# Prevent the use of insecure home directory and key file permissions
StrictModes yes
# Turn on  reverse name checking
# VerifyReverseMapping yes
# Do you need port forwarding?
AllowTcpForwarding no
X11Forwarding no
# Specifies whether password authentication is allowed.  The default is yes.
# PasswordAuthentication no
#The option ServerKeyBits specifies how many bits to use in the server key. These bits are used when the daemon starts to generate its RSA key. 
ServerKeyBits 1024
HostbasedAuthentication no
IgnoreRhosts yes
#The option IgnoreRhosts specifies whether rhosts or shosts files should not be used in authentication. For security reasons it is recommended to no use rhosts or shosts files for authentication. 
IgnoreUserKnownHosts yes
#The option IgnoreUserKnownHosts specifies whether the ssh daemon should ignore the user's $HOME/.ssh/known_hosts during RhostsRSAAuthentication. 
StrictModes yes
#The option StrictModes specifies whether ssh should check user's permissions in their home directory and rhosts files before accepting login. This option must always be set to yes because sometimes users may accidentally leave their directory or files world-writable. 
X11Forwarding no
#The option X11Forwarding specifies whether X11 forwarding should be enabled or not on this server. Since we setup a server without GUI installed on it, we can safely turn this option off. 
PrintMotd yes
#The option PrintMotd specifies whether the ssh daemon should print the contents of the /etc/motd file when a user logs in interactively. The /etc/motd file is also known as the message of the day. 
SyslogFacility AUTH
#The option SyslogFacility specifies the facility code used when logging messages from sshd. The facility specifies the subsystem that produced the message--in our case, AUTH. 
LogLevel INFO
#The option LogLevel specifies the level that is used when logging messages from sshd. INFO is a good choice. See the man page for sshd for more information on other possibilities. 
RhostsAuthentication no
#The option RhostsAuthentication specifies whether sshd can try to use rhosts based authentication. Because rhosts authentication is insecure you shouldn't use this option. 
RhostsRSAAuthentication no
#The option RhostsRSAAuthentication specifies whether to try rhosts authentication in concert with RSA host authentication. 
RSAAuthentication yes
#The option RSAAuthentication specifies whether to try RSA authentication. This option must be set to yes for better security in your sessions. RSA use public and private key pairs created with the ssh-keygen1utility for authentication purposes. 

#the following copied from https://calomel.org/openssh.html.
Banner /etc/banner
#ChallengeResponseAuthentication no
Ciphers aes256-ctr,aes192-ctr,aes128-ctr
ClientAliveInterval 60
ClientAliveCountMax 3
Compression no
GatewayPorts no
#LogLevel VERBOSE
#LoginGraceTime 50s
MACs hmac-sha2-512-96,hmac-sha2-512,hmac-sha2-256-96,hmac-sha2-256,hmac-sha1-96,hmac-sha1
MaxAuthTries 6
#10 bad logins before 30% drop linearly, all at 30
MaxStartups 10:30:30
PasswordAuthentication yes
PermitEmptyPasswords no
#PermitOpen localhost:80
PermitRootLogin no
PermitUserEnvironment no
PidFile /var/run/sshd.pid
PrintLastLog yes
PrintMotd no
PubkeyAuthentication yes
StrictModes yes
Subsystem sftp /usr/libexec/sftp-server
SyslogFacility AUTH
#spoofable tcp ack?
TCPKeepAlive no
#only useful for old rsh configs
UseDNS no
UseLogin no
UsePrivilegeSeparation yes
X11DisplayOffset 10
X11Forwarding no
X11UseLocalhost yes

#Match User anoncvs
#       X11Forwarding no
#       AllowTcpForwarding no

#install DenyHosts
#install OpenSSHGateKeeper with Google Authenticator
# Verify your sshd_config file before restarting / reloading changes:
/usr/sbin/sshd -t
sudo service ssh restart
sudo restart ssh
tail -f /var/log/auth.log
ssh -v username@host (shows verbose logging locally)

Changing it so root can't ssh in

vi /etc/ssh/sshd_config
PermitRootLogin no

adduser <anewusername>
mkdir /home/<anewusername>
chown <anewusername> /home/<anewusername>
passwd <anewusername>
usermod -aG sudo <anewusername>

/etc/init.d/ssh restart

Changing Login Msgs

in /etc/ssh/sshd_config
uncomment the banner line (i.e. Banner /etc/issue.net)
/etc/issue.net will hold msg that shows up before the login prompt.
/etc/motd will hold msg that shows up after the login prompt.

Monitoring boot up log msgs

Need to install customized bootlogd - https://bugs.launchpad.net/upstart/+bug/98955.

Doesn't work
sudo gedit /etc/default/bootlogd

# Run bootlogd at startup ?
BOOTLOGD_ENABLE=No  (change to yes)

/var/log/boot will be created
This also doesn't work
update-rc.d -f bootlogd remove
update-rc.d bootlogd defaults
/var/log/boot should populate

Unity

Putting Icons on desktop
in ~/Desktop

(sample shortcut file to run /usr/bin/nautilus)
#!/usr/bin/env xdg-open

[Desktop Entry]
Version=1.0
Type=Application
Terminal=false
Icon[en_US]=nautilus
Name[en_US]=/usr/bin/nautilus
Exec=/usr/bin/nautilus
Name=/usr/bin/nautilus
Icon=nautilus

Installing Tomcat java web server

https://help.ubuntu.com/13.04/serverguide/tomcat.html
sudo apt-get install tomcat7
vi /etc/tomcat7/server.xml (change ports?)
vi /etc/tomcat7/tomcat-users.xml (add admin user if you need to custom configure)
  
   
sudo apt-get install tomcat7-docs
  http://yourserver:8080/docs
sudo apt-get install tomcat7-admin
  http://yourserver:8080/manager/html (server status / restart webapps)
  http://yourserver:8080/host-manager/html (create virtual hosts)
sudo apt-get install tomcat7-examples
  http://yourserver:8080/examples

enable admin application deployment, virtual host creation
----------------------------------------------------------
sudo chgrp -R tomcat7 /etc/tomcat7
sudo chmod -R g+w /etc/tomcat7 

restarting tomcat
sudo service tomcat7 restart

This is the default Tomcat home page. It can be found on the local filesystem at: /var/lib/tomcat7/webapps/ROOT/index.html

Tomcat7 veterans might be pleased to learn that this system instance of Tomcat is installed with CATALINA_HOME in /usr/share/tomcat7 and CATALINA_BASE in /var/lib/tomcat7, following the rules from /usr/share/doc/tomcat7-common/RUNNING.txt.gz.

You might consider installing the following packages, if you haven't already done so:

tomcat7-docs: This package installs a web application that allows to browse the Tomcat 7 documentation locally. Once installed, you can access it by clicking here.

tomcat7-examples: This package installs a web application that allows to access the Tomcat 7 Servlet and JSP examples. Once installed, you can access it by clicking here.

tomcat7-admin: This package installs two web applications that can help managing this Tomcat instance. Once installed, you can access the manager webapp and the host-manager webapp.

NOTE: For security reasons, using the manager webapp is restricted to users with role "manager-gui". The host-manager webapp is restricted to users with role "admin-gui". Users are defined in /etc/tomcat7/tomcat-users.xml.

installing app into tomcat

Raspberry Pi

Installing via NOOB

Taken from https://www.raspberrypi.org/learning/software-guide/quickstart/ .
  1. Format a mini-SD card (8GB+) using SD Formatter 4.0 .
  2. Download NOOBS zip file from the Raspberry Pi Downloads page .
  3. Extract the contents of the zip file.
  4. Copy the contents to the SD card.
  5. Put the SD card in the Raspberry Pi. Attach a mouse, keyboard, and monitor. Attach power to mini-USB port.
  6. Boot.
  7. Select an OS to install.
  8. Reboot.

Enabling ssh vi CLI

Taken from https://www.raspberrypi.org/documentation/remote-access/ssh/
  1. Enter sudo raspi-config in a terminal window
  2. Select 'Interfacing Options'
  3. Navigate to and select 'SSH'
  4. Choose 'Yes'
  5. Select 'Ok'
  6. Choose 'Finish'
Enable SSH on a headless Raspberry Pi
Taken from https://www.raspberrypi.org/documentation/remote-access/ssh/

For headless setup, SSH can be enabled by placing a file named ssh, without any extension, onto the boot partition of the SD card. When the Pi boots, it looks for the ssh file. If it is found, SSH is enabled, and the file is deleted. The content of the file does not matter: it could contain text, or nothing at all.

Setting up Wifi with CLI

From https://learn.adafruit.com/adafruits-raspberry-pi-lesson-3-network-setup/setting-up-wifi-with-occidentalis .
Also, reference http://www.dafinga.net/2013/01/how-to-setup-raspberry-pi-with-hidden.html .
Also, https://www.raspberrypi.org/documentation/configuration/wireless/wireless-cli.md .
Also, http://www.makeuseof.com/tag/setting-wireless-networking-raspberry-pi/ .
  1. Boot the Raspberry Pi without the WiFi adapter plugged in.
  2. sudo nano /etc/network/interfaces
  3. For broadcast SSID:
    auto lo
    
    iface lo inet loopback
    iface eth0 inet dhcp
    
    allow-hotplug wlan0
    auto wlan0
    
    
    iface wlan0 inet dhcp
            wpa-ssid "ssid"
            wpa-psk "password"
  4. for non-broadcast SSID:
    auto lo
    
    iface lo inet loopback
    iface eth0 inet dhcp
    
    auto wlan0
    allow-hotplug wlan0
    iface wlan0 inet dhcp
       wpa-scan-ssid 1
       wpa-ap-scan 1
       wpa-key-mgmt WPA-PSK
       wpa-proto RSN WPA
       wpa-pairwise CCMP TKIP
       wpa-group CCMP TKIP
       wpa-ssid "My Secret SSID"
       wpa-psk "My SSID PSK"
    
    iface default inet dhcp
  5. Shut down your Raspberry Pi, plug the WiFi adapter in and start it up again. You should find that the Raspberry Pi connects using the WiFi adapter as it boots up.

Supplementary list

Mandriva

Redhat/CentOS

What to do after min install
got a lot of this from 30 things to do after min RHEL/FentOS 7 install
register and enable redhat subscription in rhel7 (if you are using rhel7)
Configure network w static IP (CentOS7)
yum install net-tools

ip addr show
(should see loopback and dhcp should have provided ip addr)
modify network config to static (rhel/centos7)
cd /etc/sysconfig/network-scripts
dir
 or
ls -aF

vi <ifcfg-(interface)>
(You should be able to get interface anme from ip addr show above.)

TYPE=Ethernet BOOTPROTO=none (dhcp ... if dhcp) IPADDR = "[Enter your static IP here]" PREFIX="number of bits in subnet mask" GATEWAY = "[Enter your Default Gateway]" DNS1 = "[Your Domain Name System 1]" DNS2 = "[Your Domain Name System 2]" ONBOOT=yes
service network restart ip addr show ping mit.edu set hostname vi /etc/hostname (set hostname if nec) echo $hostname ---fix dns /etc/resolv.conf and nmtui , nmcli yum update && yum upgrade (say y) yum install lync (or links) ###rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm ---mod ssh--- ---put in whatever port you need to allow thru fw firewall-cmd --zone=public --add-port=8080/tcp --permanent firewall-cmd --zone=public --remove-port=8080/tcp --permanent # firewall-cmd --reload
Integrating mouse - vboxguest additions - CentOS 6
got this from http://www.if-not-true-then-false.com/2010/install-virtualbox-guest-additions-on-fedora-centos-red-hat-rhel/
su - 
  OR
sudo -i
(Devices/Install Guest Additions menu to mount ISO for install)
cd /media/VirtualBoxGuestAdditions
yum update kernel
reboot
su -
rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
yum install gcc kernel-devel kernel-headers dkms make bzip2 perl
KERN_DIR=/usr/src/kernels/`uname -r` (command line and .bashrc)
export KERN_DIR (command line and .bashrc)
cd /media/VirtualBoxGuestAdditions
./VBoxLinuxAdditions.run
reboot

yum/installing

yum install <program>
yum localinstall ...        (installs downloaded rpm)
yum upgrade
yum check-update            (check what is available before upgrading)
yum localupdate
yum remove
yum search <string>
yum list installed|available|updates|extras|recent
yum info <program/package>
yum groupinstall            (install package groups)
yum groupupdate
yum groupremove
yum groupinfo <group package>

yum/updating

yum -y clean
yum -y check-update
yum -y check-update | grep kernel (looking for kernel updates)
yum -y update kernel
yum -y update

Setting static ip addr in systemd

  1. cp /etc/resolv.conf /etc/resolv.conf.backup
  2. # cd /etc/sysconfig/network-scripts/
    # dir ifcfg*
    ifcfg-eno16777736  ifcfg-lo
    # vi ifcfg-eno16777736
    TYPE="Ethernet"
    BOOTPROTO="static"
    DEFROUTE="yes"
    PEERDNS="yes"
    PEERROUTES="yes"
    IPV4_FAILURE_FATAL="no"
    IPADDR=192.168.160.39
    NETMASK=255.255.255.0
    IPV6INIT="yes"
    IPV6_AUTOCONF="yes"
    IPV6_DEFROUTE="yes"
    IPV6_PEERDNS="yes"
    IPV6_PEERROUTES="yes"
    IPV6_FAILURE_FATAL="no"
    NAME="eno16777736"
    DNS1=192.168.160.2
    UUID="c6ce7134-1d2d-4265-81c6-ee31d52a60be"
    DEVICE="eno16777736"
    ONBOOT="yes"
    
  3. #vi /etc/sysconfig/network
    #(add)
    NETWORKING=yes
    HOSTNAME=dahostname
    GATEWAY=192.168.160.2
    
  4. Restart net or reboot
    systemctl status network.service
    systemctl restart network.service
  5. restore resolv.conf from backup file
    cp /etc/resolv.conf.backup /etc/resolv.conf

Setting MTU size for a network inteface

ip link set dev eth0 mtu 1350
vi /etc/sysconfig/network-scripts/ifcfg-eth0
	(add MTU=1350)
service network restart eth0
ip link list
ifconfig eth0

Gnome

Running GDM/Gnome from the command line

sudo invoke-rc.d gdm start

Resetting desktop config files

cd ~

mv .gconf .gconf.old    (???gnome should reset???)

---SIMILAR FOR XFCE---
mv .config/xfce4 config_xfce4.old       (xfce should recreate default version)

Configuring Gnome

gconf-editor

Path for panels - /apps/panel/toplevels/

Getting Gnome to work from vncserver

vi ~/.vnc/xstartup
xrdb $HOME/.Xresources
#probably don't need this for gnome
xsetroot -solid grey
x-terminal-emulator -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &

#this was in the original
#x-window-manager & 

#taken from http://blog.yclian.com/2007/12/3-solutions-to-gnomevnc-keyboard.html
#run the following in xstartup manually...things are still ugly
#gnome-wm &
#gnome-panel &
#gnome-cups-icon &
#gnome-volume-manager &

#taken from http://blog.yclian.com/2007/12/3-solutions-to-gnomevnc-keyboard.html
#run gconf-editor
#navigate to desktop > gnome > peripherals > keyboard > kbd
#replace [] or [us] with anything - say [foo]
#close app - problem fixed
#---alternate---
#gconftool --set /desktop/gnome/peripherals/keyboard/kbd/layouts --type List --list-type String [foo]
gnome-session &
vncserver :1 (e.g. from command line)
vncclient <ipaddr>:1

Switching to and from text console

Ctrl-Alt-F1 (to text console)
Ctrl-Alt-F7 (back to gui)

Create custom hotkey to launch any application

Taken from Captain's Universe.
  1. Open "gconf-editor" as the user as you're logged in in GNOME
  2. Go to "apps" -> "metacity" -> "keybinding_commands"
  3. Double click on e.g. "command_1"
  4. Type in the name of the application you want to launch, e.g. "gcalctool", the GNOME calculator
  5. Go to "apps" -> "metacity" -> "global_keybindings"
  6. Double click on e.g. "run_command_1"
  7. Type in e.g. <Control><Alt>c
  8. Note the < and > for the special function keys
  9. DONE! Close the gconf-editor and press CTRL-ALT-c and the calculator should come up

Restarting Gnome

Ctrl-Alt-Backspace
or
sudo /etc/init.d/gdm restartsudo /etc/init.d/gdm restart

Empty root trash

got this from Ubuntu Geek

You need to run the following command

gksudo nautilus ./root/.Trash/.

you might not see anything, or, if you.re like me, you.ll see about 2 000 files. you.ll probably want to delete them or simply .empty. the trash.

Setting colors for GTerm

courier 10 pitch - 10 bold or monospace 10 bold

Add/remove apps from Open With menu

taken from http://www.ubuntugeek.com/how-to-addremove-applications-from-open-with-window.html

Easter Eggs

not sure if this is gnome or ubuntu
alt-f2 - free the fish OR gegls from outer space

Compiz

Stopping Compiz

metacity --replace &

Starting Compiz

compiz --replace gconf &

Resetting Compiz from command line

gconftool-2 --recursive-unset /apps/compiz (restart system)

Config files

taken from a response from the ubuntu-users mailing list

look in ~/.gconf
if you run gconf-editor, you can wipe the stuff out.
gconf-editor - apps - compiz

If settings saved to flat text files (you turned of desktop integration in ccsm advanced panel), check ~/.config/compiz. If you wipe this out, startup will revert to gnome settings in .gconf.

Plugs and other stuff are under ~/.compiz .

KDE

Configing Default Clients

locate defaults.list

vi the files here to modify defaults at various levels

FTP clients for Linux

Got from http://www.ubuntugeek.com/list-of-ftp-clients-available-in-ubuntu-linux.html.
GUI FTP Clients

Gftp
Filezilla
Kasablanca
Fireftp
KFTPgrabber
WinSCP on WINE
GNOME Commander
Sitecopy
FileRunner
konqueror

Command line FTP Clients

Ftp
Cftp
Lftp
Ftpcopy
Ncftp
Tnftp
GNU Midnight Commander
Yafc
Ftp-ssl

Search Bash Command line

<ctrl-r>
type the search phrase
keep typing <ctrl-r> until you find what you are looking for

Copy everything in a directory

cp -a dir1 dir2

Copys everything from dir1 to dir2 recursively including attributes

du or df - human readable

> df -h
Filesystem           Size  Used Avail Use% Mounted on
/dev/mapper/VG0-LV0   27G  3.2G   22G  13% /
tmpfs                939M     0  939M   0% /dev/shm
/dev/sda1            380M   99M  261M  28% /boot

> du -h
140K    ./bkup
36K     ./5508old
8.0K    ./.vim
56K     ./.ssh
344K    ./bin_redhat
32K     ./ucxn
8.1M    .

Execute command repetitively - watch command

Got the following content from Debian Package of the Day.
watch -n1 -d ls -l -nN runs every N seconds (2 is default)
-d highlights changes
watch -n1 -d=cumulative ls -l -d=cumulative will maintain changes highlighted on the screen
watch -d=cumulative -n1 ls -lt /var/log watch log dir for changes
watch -n60 from watch for new email
watch -n10 free -m monitor free memory
watch -n1 -d 'netstat -an | grep ESTABLISHED' monitor established connections

Print boot up messages

dmesg - debian?

adding account to sudo access list

visudo (as root) will get you access to the /etc/sudoers file. It is recommended to use this to lock the file angainst simultaneous edits, provide basic sanity checks, and check for parse errors.
tom ALL=ALL		# gives tom access to do everything after a pw entry
tom ALL=NOPASSWD:ALL	# gives tom access to do everything with no pw

Determining CPU info

cat /proc/cpuinfo

Determining memory usage

cat /proc/meminfo

Monitoring swap

free
cat /proc/swaps
vmstat     (watch si (swap in) and so (swap out))
vmstat 1   (watch it every second)
vmstat 1 5 (watch it every second for 5 iterations)

Determining Linux kernel info

cat /proc/version

Stuff about the init process

taken from Making Ubuntu Usable article on ExtremeTech. Some of it may not be perfectly right based on experiment - take a look at http://www.debian.org/doc/debian-policy/#contents

The init process is the parent of all processes. It manages different run levels and kicks off processes to start and stop at different run levels. For example, run-level 1 is a single-user mode. It contains a minimal number of running processes and is usually used to fix a broken system. Usually Ubuntu operates at run-level 2, supporting multiple users and graphics. To view the current and previous run level, use the runlevel command. (If there was no previous run-level, then N is displayed.)

If you want to tell init to change run levels, use the telinit command. For example, to switch from the current run level to single-user mode, change to a text window (Ctrl+Alt+F1) and use sudo telinit 1 or sudo telinit s. Running the shutdown command is similar to running sudo telinit 0. Run-level 0 is the shutdown mode.

The file /etc/inittab tells init what to do at each run level, what processes to spawn, and how to handle hardware signals such as Ctrl+Alt+Delete, Alt+UpArrow, and power modes such as low battery. After modifying the inittab, you will need to tell init to re-examine (query) the file. This is done using telinit q.

Power management - Hibernation

sudo pmi action hibernate
Also look at settings in /etc/default/acpi-support .

acpid - adv config and pwr mgmt

key control

Got this from Linux Pro Magazine article from Dec 2009
ps -ef | grep acpid    (note exact cmdline exec'ed)
kill <pid>
/usr/sbin/acpid <exact cmdline args> -d
                       (turn on debug)
                       (once lines settled - press key of interest)
...
12 acpid: completed event "ibm/hotkey HKEY 0000080 00001007"
...

xrandr - Screen control

primitive command line interface to RandR extension
xrandr -q       (list screen chars)

XRDP - Getting Remote Desktop to work

http://forums.linuxmint.com/viewtopic.php?f=47&t=61971
  1. apt-get install xrdp
  2. Make sure TCP port 3389 is coming through for RDP access
  3. Get rid of 'd' character misconfig
    1. gconf-editor
    2. apps : metacity : global_keybindings / show_desktop
    3. change key entry to be <Super>d

Search for text in files

search every file from here down for 'DaText'
find . -exec grep 'DaText' {} \; -print

multi item grep

grep -E 'Tech|Sales' employee.txt

wget - cli retrieval of http/html et. al.

do a man page

wget <url>
wget -r <url> (get the url and all things recursive on the site)
-i can specify recursive depth

URL format http://host[:port]/directory/file
ftp://host[:port]/directory/file
ftp://user:password@host/path
http://user:password@host/path

cURL examples

Got this from http://curl.haxx.se/docs/httpscripting.html
Basic
curl http://machine.domain.com
Get Form
curl "http://machine.domain.com/forms/blah.cgi?var1=44&var2=33"
POST
curl -d "var1=44&var2=33" http://machine.domain.com/forms/blah2.cgi
POST File Upload
curl -F upload=@dafilename [URL]

syslog

Sending test msg to remote syslog

From linux
nc -w 0 -u <ipaddr> 514 <<< "servername testing from servername"

logstash

Logstash provides an integrated framework for log collection, centralization, parsing, storage and search.

from the logstash book - '...four components:

cron

cron directories and /etc/crontab

Got this from http://www.cyberciti.biz/faq/how-do-i-add-jobs-to-cron-under-linux-or-unix-oses/.

/etc/crontab is the system level crontab file...
other crontabs are usually under /etc/cron.d

often these are run from a run-parts script...

Directory Description
/etc/cron.d/ Put all scripts here and call them from /etc/crontab file.
/etc/cron.daily/ Run all scripts once a day
/etc/cron.hourly/ Run all scripts once an hour
/etc/cron.monthly/ Run all scripts once a month
/etc/cron.weekly/ Run all scripts once a week

Using crontab to mail reboot log at reboot

took this from ubuntu-users mailing list

Put a line like this in your crontab:

@reboot dmesg | mail -s 'Reboot!' bart@example.com

This takes advantage of the Debian extensions to the crontab format.

cron - debian time extension examples

@hourly ntpdate -s ntpserver.domain.com
@reboot dmesg | mail -s 'Reboot!' bart@example.com

Other special strings for cron

Got this from http://www.cyberciti.biz/faq/how-do-i-add-jobs-to-cron-under-linux-or-unix-oses/.

Special string Meaning
@reboot Run once, at startup.
@yearly Run once a year, "0 0 1 1 *".
@annually (same as @yearly)
@monthly Run once a month, "0 0 1 * *".
@weekly Run once a week, "0 0 * * 0".
@daily Run once a day, "0 0 * * *".
@midnight (same as @daily)
@hourly Run once an hour, "0 * * * *".

Mailing cron output to email address (via cron)

By default all cron output get's sent to the account/email address that it runs under.
if you want to force where the mail goes to, set the MAILTO var
e.g. in the crontab
MAILTO="JoeUser@domain.com"
0 3 * * * /usr/local/backup.sh 
0 4 * * * /usr/local/donothing.sh >/dev/null 2>&1
The 2nd run line puts all the output to /dev/null so you don't see it.

rsynch

needs rsynch and ssh installed (and sshd on the receiving machine).
rsynch -avz <source dir> <ssh login>:<dir>

for example...
rsynch -avz /home/user1 user1@damachine.test.com:.
will copy the /home/user1 directory to the home directory of user1 on damachine.test.com
rsynch -avz /home/user1 user1@damachine.test.com:/tmp
will copy the /home/user1 directory to the /tmp directory damachine.test.com (assuming that user1 has access to that directory).

mii-tool, mii-diag - net interface tools

Do diags, watch network interfaces (i.e. ethernet interface).
In net-tools package in Ubuntu.

Wireshark - running as regular user - Debian/Ubuntu/Mint

[1] http://wiki.wireshark.org/Development/PrivilegeSeparation
[2] http://wiki.wireshark.org/CaptureSetup/CapturePrivileges
[3] https://blog.wireshark.org/2010/02/running-wireshark-as-you
[4] http://wiki.wireshark.org/SNMP
[5] http://wiki.debian.org/NonFreeIETFDocuments
[6] http://www.debian.org/doc/debian-policy/ch-archive.html#s-non-free
[7] http://www.debian.org/doc/debian-policy/ch-archive.html#s-main

-----------------------------------------------------
copy of /usr/share/doc/wireshark-common/README.Debian

I. Capturing packets with Wireshark/Tshark

   There are two ways of installing Wireshark/Tshark on Debian:

   I./a. Installing dumpcap without allowing non-root users to capture packets

      Only root user will be able to capture packets. It is advised to capture
      packets with the bundled dumpcap program as root and then run
      Wireshark/Tshark as an ordinary user to analyze the captured logs. [2]

      This is the default on Debian systems.

   I./b. Installing dumpcap and allowing non-root users to capture packets

      Members of the wireshark group will be able to capture packets on network
      interfaces. This is the preferred way of installation if Wireshark/Tshark
      will be used for capturing and displaying packets at the same time, since
      that way only the dumpcap process has to be run with elevated privileges
      thanks to the privilege separation[1].

      Note that no user will be added to group wireshark automatically, the
      system administrator has to add them manually.

      The additional privileges are provided using the Linux Capabilities
      system where it is available and resort to setting the set-user-id bit
      of the dumpcap binary as a fall-back, where the Linux Capabilities system
      is not present (Debian GNU/kFreeBSD, Debian GNU/Hurd).

      Linux kernels provided by Debian support Linux Capabilities, but custom
      built kernels may lack this support. If the support for Linux
      Capabilities is not present at the time of installing wireshark-common
      package, the installer will fall back to set the set-user-id bit to
      allow non-root users to capture packets.

      If installation succeeds with using Linux Capabilities, non-root users
      will not be able to capture packets while running kernels not supporting
      Linux Capabilities.

      Note that capturing USB packets is not enabled for non-root users by using
      Linux Capabilities. You have to capture the packets using the method
      described in I./a., setting the set-user-id permanently using
      dpkg-statoverride or running Wireshark as root.

   The installation method can be changed any time by running:
   dpkg-reconfigure wireshark-common


II. Installing SNMP MIBs

    SNMP [4] OIDs can be decoded using MIBs provided by other packages.
    wireshark-common suggests snmp-mibs-downloader which package can be used to
    download a set of common MIBs Wireshark/Tshark tries to load at startup.

    At the time of writing, MIBs are distributed under DFSG incompatible terms
    [5] thus snmp-mibs-downloader has to be in the non-free archive area.
    To keep wireshark in the main area [7], wireshark-common does not depend on
    or recommend snmp-mibs-downloader and as a result snmp-mibs-downloader is
    not installed automatically with wireshark.

    To make Wireshark/Tshark able to decode OIDs, please install
    snmp-mibs-downloader manually.

    To help Wireshark/Tshark to decode OIDs without having to install packages
    manually, please support the initiative of requesting additional rights
    from RFC authors [5].


   [1] http://wiki.wireshark.org/Development/PrivilegeSeparation
   [2] http://wiki.wireshark.org/CaptureSetup/CapturePrivileges
   [3] https://blog.wireshark.org/2010/02/running-wireshark-as-you
   [4] http://wiki.wireshark.org/SNMP
   [5] http://wiki.debian.org/NonFreeIETFDocuments
   [6] http://www.debian.org/doc/debian-policy/ch-archive.html#s-non-free
   [7] http://www.debian.org/doc/debian-policy/ch-archive.html#s-main

TShark

TShark is a CLI/Console interface to Wireshark.
Examples of syntax:
tshark -f '(tcp port 23)'(capture filter)

tshark -R ip.addr==192.168.1.10(read/display filter)
tshark -R http.response.code == 404(any dissector will work)
tshark -R http.cookie contains "sessionid"
tshark -R ip and ip.geoip.country == "China"(Use GeoIP to query MaxMind Geo IP database for country filter data)

tshark -w outfile.bin -S(save raw output to outfile.bin)
(Decode/display packets simultaneously)
tshark -r outfile.bin -V(read input from outfile.bin)
(Display packet details (not summary))

tshark -i eth0 -b filesize:10240 -b files:1000 -w if-eth0(store a ring buffer with 1000 files 10MB each with timestamped filenames)
(files can be merged with mergecap)

tcpdump

CLIs to use
tcpdump -i eth0 -n | grep SIP | grep <ipaddr>
tcpdump -w filename.pcap -s0 -vvv -e -n -i eth0 host <ipaddr>
tcpdump -w filename2.pcap -s0 -vvv -e -n -i eth0 port 5060

Postfix

 If you need to make 
 changes, edit
 /etc/postfix/main.cf (and others) as needed.  To view Postfix configuration
 values, see postconf(1).

 After modifying main.cf, be sure to run '/etc/init.d/postfix reload'.

fstab notes

/dev//media/floppy0autorw,user,noauto00
/dev/sdb1/media/usbdriveautorw,nosuid,dev,exec,auto,nouser,async02
/dev/sdb1/media/usbfat32drivevfatrw,nosuid,dev,exec,auto,nouser,async,nobootwait,umask=007,uid=100002 (nobootwait doesn't wait for disk to mount in event of failure - allows Ubuntu to boot up without intervention, umask is inverse permission bits, uid is owner)
block devicemount pointfilesystem typemount options. defaults is rw, suid, dev, exec, auto, nouser, async.does fs have to be dumped, 0 or blank is noorder of filesystem should fsck check. root should be 1. other should be 2 or greater. 0 or blank is don't check

list open files

lsof

Creating a FAT32 disk

dmesg    (to see where usb drive is)
fdisk /dev/sdb   (assuming the usb drive is at /dev/sdb)
p  (print the partition table)
d  (delete the partition table)
n  (create a new partition - follow prompts)
t  (change partition's system ID - b is FAT32)
w  (write and exit)
mkdosfs -F 32 -v /dev/sdb1   (assuming dostools are loaded, -F makes it FAT32, -v verbose)

(if necessary...)
dosfsck -a -w -v /dev/sdb1   (-a automatically fix, -w auto write changes, -v verbose)

(re-label)
sudo mlabel -i /dev/sdb1 -s ::newlable      (make the label)
blkid       (check the label)

Working with Partitions

fdisk
  n (to make a new partition . will prompt for cylinders)
  p (to print partitions (including those to be written)
  w (to write to the partition table)
fdisk -l (lists partitions)
sfdisk -l (lists partitions)
parted
gnu - using parted

Installing a new hard drive

https://help.ubuntu.com/community/InstallingANewHardDrive

sudo lshw -C disk
[sudo] password for user:
  ...  
  *-disk:1
       description: SCSI Disk
       physical id: 0.1.0
       bus info: scsi@2:0.1.0
       logical name: /dev/sdb
       size: 450GiB (483GB)
       capabilities: partitioned partitioned:dos
       configuration: sectorsize=512 signature=abcdefgh
  ...

sudo fdisk /dev/sdb
...
Command (m for help): n
Partition type:
   p   primary (0 primary, 0 extended, 4 free)
   e   extended
Select (default p): p
Partition number (1-4, default 1): 
Using default value 1
First sector (2048-943718399, default 2048): 
Using default value 2048
Last sector, +sectors or +size{K,M,G} (2048-943718399, default 943718399): 
Using default value 943718399

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.
Syncing disks.
...
sudo mkfs -t ext4 /dev/sdb1
mke2fs 1.42.9 (4-Feb-2014)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
29491200 inodes, 117964544 blocks
5898227 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=4294967296
3600 block groups
32768 blocks per group, 32768 fragments per group
8192 inodes per group
Superblock backups stored on blocks: 
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208, 
4096000, 7962624, 11239424, 20480000, 23887872, 71663616, 78675968, 
102400000

Allocating group tables:    0/3600         done                            
Writing inode tables:    0/3600         done                            
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information:    0/3600         done

cat /etc/fstab
...
/dev/sdb1       /drv           ext4    rw,nosuid,dev,exec,auto,nouser,async,nobootwait 0       2
sudo mkdir /drv
sudo mount -a
chown -R daowner /drv
sudo chmod -R 755 /drv

Mounting harddrive manually

took this from ubuntu-users mailing list

go to a terminal, type dmesg (look for the usb info)
i.e. - /dev/sdb , /dev/sdb1
create a directory (mount point) to mount to, such as /mnt/usb - then mount it...

mount -o rw,nosuid /dev/sdb1 /mnt/usb the options allow the disk to be mounted read/write, and do not allow suid to escalate privileges.

Mounting share from within VirtualBox

sudo mount -t vboxsf dashare /mnt/dashare

/etc/fstab entry
dashare            /mnt/dashare       vboxsf  rw,nosuid,dev,noexec,auto,nouser,async,uid=1000,gid=1000  0   0

1000 is first user ID...
consider uid=0,gid=0 (root) if you want everyone on system to access.

Mounting and RAID notes

mdadm or mhddfs

Recovering a RAID array after a disk fails

mdadm --remove /dev/md0 /dev/sda1
halt
(replace disk and start the machine)
mdadm --add /dev/md0 /dev/sda1

Replacing A Failed Hard Drive In A Software RAID1 Array

http://www.howtoforge.com/replacing_hard_disks_in_a_raid1_array
cat /proc/mdstat  (drive shows up as (U_) or (_U) )
mdadm --manage /dev/md0 --fail /dev/sdb1 (or whtevr drive is)
cat /proc/mdstat
mdadm --manage /dev/md0 --remove /dev/sdb1
cat /proc/mdstat
(power down and replace hd)
#create identical partitioning
sfdisk -d /dev/sda | sfdisk /dev/sdb
fdisk -l (is partitioning the same)
mdadm --manage /dev/md0 --add /dev/sdb1
cat /proc/mdstat (you should see the drives synchronizing)

Recovering Harddrive

Making an ISO with large filenames and deep paths

genisoimage -joliet-long -iso-level 4 -o dvd.iso -R -J dvdsourcdir 

-joliet-long	allows up to 103 Unicode chars
-iso-level 4	dirs not limited to 8 levels
		no need for file to contain a dot
		dots have no special meanings
		filenames do not have version numbers
		filenames can be up to 207 chars long, or 197 chars
		if Rock Ridge is used
-o dvd.iso	outputs to dvd.iso
-R		Rock Ridge extensions (linux/unix)
-J		Joliet extensions (windows)
dvdsourcdir	input directory

Update Kernel - Mandriva/RedHat

  1. Make sure you have current sources for RPM (urpmi or drake in mandriva)
  2. Look for 'kernel' and 'source'. Match up with names in /boot. Source needed if you're going to compile anything from source that interacts with the kernel header files (like vmware).
  3. Configure lilo (/etc/lilo.conf, lilo -v) and/or grub.

Serial/Terminal Programs

cu -l /dev/ttyS0

Convert CRLFs to LFs (for Unix/Linux)

tr -d '\r' < inputfile > outputfile
CR0x0d^M
LF0x0a^J

Feeding result lists from one command to another

xargs

sample syntax
find . -name "*.foo" | xargs grep bar
find . -name "*.foo" -print0 | xargs -0 -i mv {} /tmp/trash
last one says replace {} with the argument list

stop/start a service

/sbin/service <svc name> stop
for example:

/sbin/service cups stop

Force a fsck after reboot

shutdown -rF now

VMWare

Getting VMWare workstation 5.5.8 to work with Ubuntu 8.04

Do this all as root, or using sudo before every command.
  1. make sure you have the dependencies installed
    apt-get install linux-headers-'uname -r'
    apt-get install build-essential xinetd gcc
  2. gunzip and untar VMware-workstation-5.5.8-108000.tar and change into the direcotry where it extracted to (vmware-distrib).
  3. Run ./vmware-install.pl
  4. gunzip and untar vmware-any-any-update116 and change into the directory where it extracted to. NOTE: vmware-any-any-update117 did not work correctly.
  5. Run ./runme.pl .
  6. Run vmware.
  7. If you get errors such as:
    /usr/lib/vmware/bin/vmware: /usr/lib/vmware/lib/libgcc_s.so.1/libgcc_s.so.1: version `GCC_3.4' not found (required by /usr/lib/libcairo.so.2)
    /usr/lib/vmware/bin/vmware: /usr/lib/vmware/lib/libgcc_s.so.1/libgcc_s.so.1: version `GCC_4.2.0' not found (required by /usr/lib/libstdc++.so.6)
    /usr/lib/vmware/bin/vmware: /usr/lib/vmware/lib/libgcc_s.so.1/libgcc_s.so.1: version `GCC_3.4' not found (required by /usr/lib/libcairo.so.2)
    /usr/lib/vmware/bin/vmware: /usr/lib/vmware/lib/libgcc_s.so.1/libgcc_s.so.1: version `GCC_4.2.0' not found (required by /usr/lib/libstdc++.so.6)
    /usr/lib/vmware/bin/vmware: /usr/lib/vmware/lib/libgcc_s.so.1/libgcc_s.so.1: version `GCC_3.4' not found (required by /usr/lib/libcairo.so.2)
    /usr/lib/vmware/bin/vmware: /usr/lib/vmware/lib/libgcc_s.so.1/libgcc_s.so.1: version `GCC_4.2.0' not found (required by /usr/lib/libstdc++.so.6)
    either type
    LD_PRELOAD=/lib/libgcc_s.so.1 vmware
    OR
    cp /usr/lib/libpnt12.so.0 /usr/lib/vmware/lib/libpng12.so.0/
    cp /lib/libgcc_s.so.1 /usr/lib/vmware/lib/libgcc_s.so.1/
  8. If you run vmware as root (and are logged in (with a display manager running) as another user), you may get errors along the lines of:
    Gtk-WARNING **: cannot open display:
    From a command line prompt (non-root), type xhost +localhost or maybe xhost root@localhost. From the root login you may want to type export DISPLAY=:0.0 (bash syntax). Rerun vmware.

References

VMWare workstation install problems

If you get random install messages, try using the vmware-any-any-tool available from http://ftp.cvut.cz/vmware/, or http://groups.google.com/group/vmkernelnewbies/files.

Other problems
Got the following from http://communities.vmware.com/docs/DOC-3850;jsessionid=995C748DA5FB0DF076B8599CC69D2CEC. You may need to do similar fixes for other errors that come up.

Additional References

include/asm/bitops_32.h:9:2: error: #error only  can be included directly
  1. untar /usr/lib/vmware/modules/source/vmmon.tar in somewhere like /tmp
  2. edit vmmon-only/include/vcpuset.h
  3. change line 74 from asm/bitops.h to linux/bitops.h
  4. tar cvf vmmon.tar vmmon-only
  5. mv /usr/lib/vmware/modules/source/vmmon.tar /usr/lib/vmware/modules/source/vmmon.tar.orig
  6. cp vmmon.tar /usr/lib/vmware/modules/source
  7. try vmware-config.pl again

Getting VMware to be able to use parallel port

  1. Stop cups (# /sbin/service cups stop)
  2. Remove driver using the parallel port (# /sbin/modprobe -r lp in my case)
  3. Give user permission for parport0 (# chmod 666 /dev/parport0)

Installing vmware tools in Ubuntu/Mint

kernel header path not valid
http://cmanios.wordpress.com/2013/06/12/fix-vmware-tools-kernel-header-path-is-not-valid-error/
sudo apt-get install build-essential linux-headers-$(uname -r)
(looking for [kernelsource path]/include/linux/version.h, it.s not there.)
sudo ln -s /usr/src/linux-headers-$(uname -r)/include/generated/uapi/linux/version.h /usr/src/linux-headers-$(uname -r)/include/linux/version.h
(re-install vmware-tools)
sudo ./vmware-install.pl
Notes at end of vmware tools install
You must restart your X session before any mouse or graphics changes take
effect.

You can now run VMware Tools by invoking "/usr/bin/vmware-toolbox-cmd" from the
command line or by invoking "/usr/bin/vmware-toolbox" from the command line
during an X server session.

To enable advanced X features (e.g., guest resolution fit, drag and drop, and
file and text copy/paste), you will need to do one (or more) of the following:
1. Manually start /usr/bin/vmware-user
2. Log out and log back into your desktop session; and,
3. Restart your X session.

Devices auto-starting (udev)

udevd listens to uevents and passes the incomging events to udev. It ensures the right event order and takes car that events for child devices are delayed until the parent has finished the device handling.
Other commands
udevcontrol
udevmonitor
udevd

Good overview - http://reactivated.net/writing_udev_rules.html

PAM

config files in /etc/pam.d
if application can't find config file, it defaults to other config file. Typically this files denies all access.
Example line:
account    required     pam_stack.so service=system-auth

ProFTPD

ftpasswd --passwd --file=/usr/local/etc/ftpd/passwd --name=bob --uid=1001 --home=/home/bob --shell=/bin/false

/etc/proftpd.conf
put AuthUserFile into /etc/proftpd.conf to enable logging in via ftpasswd file also
(in addition to PAM)

ProFTPD home page including docs et. al.
ProFTPD Configuration Directives By Functionality
ftpasswd docs

Shorewall

config files in /etc/shorewall
macros in /usr/share/shorewall
example configs/macros in /usr/share/shorewall
example configs in /usr/share/doc/shorewall/default-config
start on bootup based on /etc/default/shorewall

if you want it to start at bootup check /etc/default/shorewall and set the startup to 1
shorewall start executes things in the following files in the following order:
Shorewall home page
Shorewall Logging

Samba

/etc/samba/smb.conf
[global]
        server string = %h server (Samba, Ubuntu)
        map to guest = Bad User
        obey pam restrictions = Yes
        pam password change = Yes
        passwd program = /usr/bin/passwd %u
        passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
        unix password sync = Yes
        syslog = 0
        log file = /var/log/samba/log.%m
        max log size = 10000
        dns proxy = No
        panic action = /usr/share/samba/panic-action %d
        idmap config * : backend = tdb
[files]
        path = /srv/dafiles
        valid users = username1, username2
        write list = username1, username2
        force group = sambashare
        read only = No
        create mask = 0755
        force create mode = 0775
        force directory mode = 0775
        browseable = No 
Remember to chmod 775 /srv/share
Remember to chown nobody.sambashare /srv/share (or whatever group has users you want to be able to edit the files
Remember to have users login on linux box, before they attempt to access samba share
Read https://calomel.org/samba.html for some more settings...

adding a user
/var/log/samba
/etc/init.d/samba restart
OR
restart smbd and nmbd

testparm - to test config

smbclient -L <sharename> - lists shares available
smbclient //<hostname>/<share> - mounts a share

SVN - SubVersion

Got a lot of this from Subversion in 15 minutes.
trunkcutting-edge version that is being actively developed
branchesalternative copies of the project. could be for reorg of sw files, or different set of functionality, or massive re-write with lots of bugs to be ironed out. Eventually, you may want to merge changes into the trunk
tagsmilstone release. allows you to go back to old version of the code

GIT

Puppet

Using Putty Cert to ssh to nix server

https://www.howtoforge.com/ssh_key_based_logins_putty
  1. You need putty, puttygen, pageant
  2. puttygen a private/public key. Recommended use SSH-2 RSA, 2048+ bits. Click 'Generate'.
  3. Move mouse pointer over blank area to generate random data.
  4. Enter comment (e.g. email addr).
  5. Enter passphrase (and confirm it).
  6. Save public key locally.
  7. Save private key locally (in place only you can access. extension must be .ppk .
  8. Copy public key from PuTTYgen window
  9. Log into SSH svr. Paste public key into ~.ssh/authorized_keys2.
  10. chmod 600 ~/.ssh/authorized_keys2

nmap

http://www.cyberciti.biz/networking/nmap-command-examples-tutorials/
nmap -p [port] hostName
## Scan port 80
nmap -p 80 192.168.1.1
 
## Scan TCP port 80
nmap -p T:80 192.168.1.1
 
## Scan UDP port 53
nmap -p U:53 192.168.1.1
 
## Scan two ports ##
nmap -p 80,443 192.168.1.1
 
## Scan port ranges ##
nmap -p 80-200 192.168.1.1
 
## Combine all options ##
nmap -p U:53,111,137,T:21-25,80,139,8080 192.168.1.1
nmap -p U:53,111,137,T:21-25,80,139,8080 server1.cyberciti.biz
nmap -v -sU -sT -p U:53,111,137,T:21-25,80,139,8080 192.168.1.254
 
## Scan all ports with * wildcard ##
nmap -p "*" 192.168.1.1
 
## Scan top ports i.e. scan $number most common ports ##
nmap --top-ports 5 192.168.1.1
nmap --top-ports 10 192.168.1.1

nfsen/nfdump