Reestablish Volume Group

To tap into the volume group you wish to work with, make sure /etc/lvm/lvm.conf filters are able to see the /dev/md? devices, and execute the following:

[tempsrv] # vgscan

Reading all physical volumes. This may take a while…

Found volume group “rootvg” using metadata type lvm2

which should display the volume group (here it is “rootvg”)associated with an md device you enabled. Then, to make the logical volumes (LVs) available for mounting, execute the following:

[tempsrv] # vgchange -ay rootvg

Now Mount the Logical Volumes:

Now all you need do is mount the reestablished LVs. I find this an excellent time to make use of Bash:

[tempsrv] # for i in `ls /dev/rootvg`; do mount /dev/rootvg/$i /mnt/$i; done;

Of course, you need to create the destination mount point before running the script.

du -sk * | sort +0nr
du -sk * | sort -nr

To list the directory sizes in Mega bytes and largest at the top
du -sm * | sort +0nr
du -sm * | sort -nr

To list the directory sizes in kilo bytes and largest at the bottom.
du -sk * | sort +0n
du -sk * | sort -n

To list the directory sizes in Mega bytes and largest at the bottom.
du -sm * | sort +0n
du -sm * | sort -n

To list the directory sizes in human readable format (Mix of kilo, Mega and Giga bytes) and largest at the bottom
du -s *|sort -n|cut -f 2-|while read a;do du -hs $a;done

To list the size of hidden directories

du -sk .[a-z]* | sort +0nr

To list the size of all the files and directorires including hidden files and directories
du -sk .[a-z]* * | sort +0n

Windows explorer Folder size extension

http://foldersize.sourceforge.net/

Download the package from the abouve URL and install it.

• · After the installation Folder Size column is available to Explorer, but Explorer isn’t displaying it yet. Open an Explorer window in Details view.
• · Right click on the column headers to see a list of columns you can add. Choose Folder Size.
• · Now we can replace the existing Size column with the new Folder Size column. Right click on the column headers and uncheck the Size column. Drag the Folder Size column header to where Size used to be.
• · Make this the default view for all folders. Go to Folder Options from the Tools menu. In the View tab, click Apply to All Folders

RPM Packages installation and usage

RPM Packages installation and usage

Note:

• Normal querying doesnot require a root loogin but for installation and uninstalling a package you need to be logged in as root.
• We can also use regular expressions or wiild-characters with the rpm command.

RPM PACKAGE INSTALLATION/ UNINSTALLATION:

# installing a rpm package with hash printing and in verbose mode

rpm -ivh foobar-1.0-i386.rpm

# to install a package ignoring any dependencies

rpm -ivh –nodeps

# upgrading a package with hash printing and in verbose mode

rpm -Uvh foobar-1.1-i386.rpm

# Upgrade only those which are already installed from an RPM repository

rpm -Fvh *.rpm

# uninstall a package

rpm -e foobar

# uninstall ignoring the dependencies

rpm -e –nodeps foobar

# to force install /uninstall

rpm -ivh –force foobar-1.0-i386.rpm

RPM PACKAGE QUERY

# find all those packages which are installed on your system

rpm -qa | sort | less

rpm -qa | sort > rpmlist

# findout all the files which are installed by a rpm package

rpm -ql foobar

rpm -qpl foobar-1.0-i386.rpm

# search for an installed package

rpm -qa | grep foobar

# search for a specific file in a rpm repository

for i in *.rpm ; do rpm -qpl $i | grep filename && echo $i ; done

# findout to what package does the a directory/file (say) /etc/skel belong to

rpm -qf /etc/skel

rpm -q –whatprovides

# to see what config files are installed by a package

rpm -qc foobar

MISC

# To test walk-through a installtion of a package use

rpm -ivh –test foobar-1.1-i386.rpm

10. Similarly uninstalling a package without considering dependencies, use

# rpm -e –nodeps

11. To force install a package ( same as using “–replacefiles” and “–replacepkgs” together.

It like installing a package with no questions asked 🙂 use it with caution, this option can make some of your existing software unusable or unstable

# rpm -i –force

12. To exclude the documentation for a package while installing, useful incase of minimal stripped-down installation

# rpm -i –excludedocs

13. To include documentation while installing (by default this option is enabled), this option is useful only one has set to exclude documentation in “/etc/rpmrc” or in “~/.rpmrc” or in /usr/lib/rpm/rpmrc”

# rpm -ivh –includedocs

14. To display the debug info while installing, use

When using this option it not neccessary to specify the “-v” verbose option as the debug information provided by the rpm command is verbose by default.

# rpm -ih –test -vv

As already discussed “-ih” combined option tell rpm to do installation with hash printing, and using the “–test” tells the rpm command to only do walkthrough of installation and not to do the actual installation, “-vv” option asks the rpm package to also print the debug information.

15. To upgrade a package (i.e uninstall the previous version and install a newer version), use

# rpm -U -v -h

16. To permit upgrade to an old package version (i.e downgrade), use

# rpm -U -v -h –oldpackage

17. To list all the rpm(s) installed on your system, use

$ rpm -qa

One can pipe the output of the above command to another shell command, e.g.

$ rpm -qa | less

$ rpm -qa | grep “foobar”

$ rpm -qa > installed_rpm.lst

• Use you imagination for more combinations, you may even use wild characters.

n addition to the basic permissions discussed above, there are also three bits of information defined for files in Linux:

* SUID or setuid: change user ID on execution. If setuid bit is set, when the file will be executed by a user, the process will have the same rights as the owner of the file being executed.
* SGID or setgid: change group ID on execution. Same as above, but inherits rights of the group of the owner of the file on execution. For directories it also may mean that when a new file is created in the directory it will inherit the group of the directory (and not of the user who created the file).
* Sticky bit: It was used to trigger process to “stick” in memory after it is finished, now this usage is obsolete. Currently its use is system dependent and it is mostly used to suppress deletion of the files that belong to other users in the folder where you have “write” access to.

Numeric representation

Octal digit Binary value Meaning
0 000 setuid, setgid, sticky bits are cleared
1 001 sticky bit is set
2 010 setgid bit is set
3 011 setgid and sticky bits are set
4 100 setuid bit is set
5 101 setuid and sticky bits are set
6 110 setuid and setgid bits are set
7 111 setuid, setgid, sticky bits are set

Textual representation

SUID, If set, then replaces “x” in the owner permissions to “s”, if owner has execute permissions, or to “S” otherwise.

Examples:
-rws—— both owner execute and SUID are set
-r-S—— SUID is set, but owner execute is not set

SGID, If set, then replaces “x” in the group permissions to “s”, if group has execute permissions, or to “S” otherwise.

Examples:
-rwxrws— both group execute and SGID are set
-rwxr-S— SGID is set, but group execute is not set

Sticky, If set, then replaces “x” in the others permissions to “t”, if others have execute permissions, or to “T” otherwise.

Examples:
-rwxrwxrwt both others execute and sticky bit are set
-rwxrwxr-T sticky bit is set, but others execute is not set

Setting the sticky bit on a directory : chmod +t

If you have a look at the /tmp permissions, in most GNU/Linux distributions, you’ll see the following:

lokams@tempsrv# ls -l | grep tmp
drwxrwxrwt 10 root root 4096 2006-03-10 12:40 tmp

The “t” in the end of the permissions is called the “sticky bit”. It replaces the “x” and indicates that in this directory, files can only be deleted by their owners, the owner of the directory or the root superuser. This way, it is not enough for a user to have write permission on /tmp, he also needs to be the owner of the file to be able to delete it.

In order to set or to remove the sticky bit, use the following commands:

# chmod +t tmp
# chmod -t tmp

Setting the SGID attribute on a directory : chmod g+s

If the SGID (Set Group Identification) attribute is set on a directory, files created in that directory inherit its group ownership. If the SGID is not set the file’s group ownership corresponds to the user’s default group.

In order to set the SGID on a directory or to remove it, use the following commands:

# chmod g+s directory
# chmod g-s directory

When set, the SGID attribute is represented by the letter “s” which replaces the “x” in the group permissions:

# ls -l directory
drwxrwsr-x 10 george administrators 4096 2006-03-10 12:50 directory

Setting SUID and SGID attributes on executable files : chmod u+s, chmod g+s

By default, when a user executes a file, the process which results in this execution has the same permissions as those of the user. In fact, the process inherits his default group and user identification.

If you set the SUID attribute on an executable file, the process resulting in its execution doesn’t use the user’s identification but the user identification of the file owner.

For instance, consider the script myscript.sh which tries to write things into mylog.log :

# ls -l
-rwxrwxrwx 10 george administrators 4096 2006-03-10 12:50 myscript.sh
-rwxrwx— 10 george administrators 4096 2006-03-10 12:50 mylog.log

As you can see in this example, George gave full permissions to everybody on myscript.sh but he forgot to do so on mylog.log. When Robert executes myscript.sh, the process runs using Robert’s user identification and Robert’s default group (robert:senioradmin). As a consequence, myscript fails and reports that it can’t write in mylog.log.

In order to fix this problem George could simply give full permissions to everybody on mylog.log. But this would make it possible for anybody to write in mylog.log, and George only wants this file to be updated by his myscript.sh program. For this he sets the SUID bit on myscript.sh:

# chmod u+s myscript.sh

As a consequence, when a user executes the script the resulting process uses George’s user identification rather than the user’s. If set on an executable file, the SUID makes the process inherit the owner’s user identification rather than the one of the user who executed it. This fixes the problem, and even though nobody but George can write directly in mylog.log, anybody can execute myscript.sh which updates the file content.

Similarly, it is possible to set the SGID attribute on an executable file. This makes the process use the owner’s default group instead of the user’s one. This is done by:

# chmod g+s myscript.sh

By setting SUID and SGID attributes the owner makes it possible for other users to execute the file as if they were him or members of his default group.

The SUID and GUID are represented by a “s” which replaces the “x” character respectively in the user and group permissions:

# chmod u+s myscript.sh
# ls -l
-rwsrwxrwx 10 george administrators 4096 2006-03-10 12:50 myscript.sh
# chmod u-s myscript.sh
# chmod g+s myscript.sh
# ls -l
-rwxrwsrwx 10 george administrators 4096 2006-03-10 12:50 myscript.sh

Tcpdump is a really great tool for network security analyst; you can dump packets that flow within your networks into file for further analysis. With some filters you can capture only the interested packets, which it reduce the size of saved dump and further reduce loading and processing time of packets analysis.

Lets start with capturing packets based on network interface, ports and protocols. Let assume I wanna capture tcp packets that flow over eth1, port 6881. The dump file with be save as test.pcap.

tcpdump -w test.pcap -i eth1 tcp port 6881

Simple right? What if at the same time I am interested on getting packets on udp port 33210 and 33220?

tcpdump -w test.pcap -i eth1 tcp port 6881 or udp \( 33210 or 33220 \)

‘\’ is an escape symbol for ‘(’ and ‘)’. Logic OR implies PLUS (+). In plain text is I want to capture tcp packets flows over port 6881 plus udp ports 33210 and 33220. Careful with ‘and’ in tcpdump filter expression, it means intersection. Thats why I put ‘or’ instead of and within udp port 33210 and 33220. The usage of ‘and’ in tcpdump will be illustrate later.

Ok, how about reading pcap that I saved previously?

tcpdump -nnr test.pcap

The -nn is to tell tcpdump not to resolve DNS on IP and Ports, where r is read.

Adding -tttt to makes the timestamp appears more readable format.

tcpdump -ttttnnr test.pcap

How about capture based on IP ?You need to tell tcpdump which IP you are interested in? Destination IP? or Source IP ? Let say I wanna sniff on destination IP 10.168.28.22 tcp port 22,

how should i write?

tcpdump -w test.pcap dst 10.168.28.22 and tcp port 22

So the ‘and’ makes the intersection of destination IP and port.

By default the sniff size of packets is 96 bytes, you somehow can overload that size by specified with -s.

tcpdump -w test.pcap -s 1550 dst 10.168.28.22 and tcp port 22

Some version of tcpdump allows you to define port range. You can as bellow for capturing packets based on a range of tcp port.

tcpdump tcp portrange 20-24

Bare in mind, the line above I didn’t specified -w which it won’t write to a file but i will just print the captured packets on the screen.