2012 SERVER (64)
2016 windows (9)
AIX (13)
Amazon (40)
Ansibile (19)
Apache (135)
Asterisk (2)
cassandra (2)
Centos (230)
- ftp (5)
- IPTABLES (15)
- SFTP (1)
- swap (3)
Centos RHEL 7 (270)
centos8 (3)
chef (3)
cloud (2)
cluster (3)
Coherence (1)
DB2 (5)
DISK (25)
DNS (9)
Docker (31)
Eassy (11)
ELKS (1)
EXCHANGE (3)
Fedora (6)
GIT (3)
GOD (2)
Grub (1)
Hacking (10)
Hadoop (6)
health (2)
horoscope (23)
Hyper-V (10)
IIS (15)
JAVA (7)
JBOSS (32)
jenkins (1)
Kubernetes (9)
Ldap (5)
Linux (189)
Linux Commands (166)
Load balancer (5)
mariadb (14)
Mongodb (4)
MQ Server (24)
MYSQL (84)
Nagios (5)
NaturalOil (13)
Nginx (36)
Ngix (1)
openldap (1)
Openstack (6)
Oracle (35)
Perl (3)
Postfix (19)
Postgresql (1)
PowerShell (2)
Python (3)
qmail (36)
Redis (12)
RHCE (28)
SCALEIO (1)
Security on Centos (29)
Shell (64)
Solaris (58)
Sql Server 2012 (4)
squid (3)
SSH (10)
SSL (14)
Storage (1)
TIPS on Linux (28)
tomcat (62)
Ubuntu (1)
Uncategorized (30)
Veritas (2)
vfabric (1)
VMware (28)
Weblogic (38)
Websphere (71)
Windows (19)
Windows Software (2)
wordpress (1)
ZIMBRA (17)

sgid

SGID attribute

Setting the SGID attribute on a directory : chmod g+s

If the SGID (Set Group Identification) attribute is set on a directory, files created in that directory inherit its group ownership.

If the SGID is not set the file’s group ownership corresponds to the user’s default group.

In order to set the SGID on a directory or to remove it, use the following commands:

chmod g+s directoryname
chmod g-s directoryname

When set, the SGID attribute is represented by the letter “s” which replaces the “x” in the group permissions:

ls -l directoryname
drwxrwsr-x 10 rmohan administrators 4096 Jun 14 10:29 directory

Link commands

delete symbolic link

When using the rm or unlink command to remove a symbolic link to a directory, make sure you don’t end the target with a ‘/’ character because it will create an error. Example:

$ mkdir dirtest
$ ln -s dirtest lntest
$ rm lntest/
rm cannot remove directory ‘lntest/’ : Is a directory
$ unlink lntest/
unlink: cannot unlink ‘lntest/’: Not a directory
$ unlink lntest

File /Folder Permissions

File /Folder Permissions

These are the numeric values and its related permissions in a linux system.

4000 – Setuid on execution
2000 – setgid on execution
1000 – set sticky bit
0400 – read by owner
0200 – write by owner
0100 – execute by owner
0040 – read by group
0020 – wrrite by group
0010 – execute by group
0004 – read by others
0002 – write by others
0001 – execute by others

The chmod numeric value varies from 0000 to 7777

You can use these or combination of these numeric values with chmod command or you can specify it with strings. While specifying with strings use the following arguments..
u – user – to add/remove permissions of user or owner of file.
g – group – to add/remove permissions of group members of file.
o – other – to add/remove permissions of other group members or world wide permission of file.

Eg:
The following commands will enable the setuid on the file abc.pl
chmod 4755 abc.pl
chmod u+s abc.pl

Kill processes for user

Kill processes for user

To easily kill all processes running under a user

ps -u USER | awk ‘{print $1}’ | xargs kill -9

pkill -u USER

replacing USER with the username.

To kill all specific processes such as php running under a user run,

ps -u USER | grep PROCESS |awk ‘{print $1}’ | xargs kill -9

replacing USER with username and PROCESS with php or any other process.

Hide Commands in Shell

To hide the commands you are entering in shell, use “stty” command 🙂

#stty -echo

Now, all commands that you type are invisible.
To disable this mode, issue the following command at the shell prompt:

#stty echo

Nmap Command

Nmap Command

User can scan entire network or selected host or single server. Nmap is also useful to test your firewall rules. namp is metwork exploration tool and security / port scanner. According to nmap man page:
It is an open source tool for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. While Nmap is commonly used for security audits, many systems and network administrators find it useful for routine tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.
nmap port scanning

TCP Connect scanning for localhost and network 192.168.0.0/24
# nmap -v -sT localhost
# nmap -v -sT 192.168.0.0/24
nmap TCP SYN (half-open) scanning

# nmap -v -sS localhost
# nmap -v -sS 192.168.0.0/24
nmap TCP FIN scanning

# nmap -v -sF localhost
# nmap -v -sF 192.168.0.0/24
nmap TCP Xmas tree scanning

Useful to see if firewall protecting against this kind of attack or not:
# nmap -v -sX localhost
# nmap -v -sX 192.168.0.0/24
nmap TCP Null scanning

Useful to see if firewall protecting against this kind attack or not:
# nmap -v -sN localhost
# nmap -v -sN 192.168.0.0/24
nmap TCP Windows scanning

# nmap -v -sW localhost
# nmap -v -sW 192.168.0.0/24
nmap TCP RPC scanning

Useful to find out RPC (such as portmap) services
# nmap -v -sR localhost
# nmap -v -sR 192.168.0.0/24
nmap UDP scanning

Useful to find out UDP ports
# nmap -v -O localhost
# nmap -v -O 192.168.0.0/24
nmap remote software version scanning

You can also find out what software version opening the port.
# nmap -v -sV localhost
# nmap -v -sV 192.168.0.0/24
A note about Windows XP / 2003 / Vista version

Port scanning with netcat (nc) command

How do I find out which ports are opened on my own server? How do I run port scanning using nc command?

A. It may be useful to know which ports are open and running services on a target machine. You can use nmap command for port scanning.

If nmap is not installed try nc / netcat command. The -z flag can be used to tell nc to report open ports, rather than initiate a connection.

Run nc command with -z flag. You need to specify host name / ip along with the port range to limit and speedup operation.
$ nc -z test.rmohan.com 1-1023
Output:

Connection to localhost 25 port [tcp/smtp] succeeded!
Connection to test.rmohan.com 25 port [tcp/smtp] succeeded!
Connection to test.rmohan.com 80 port [tcp/http] succeeded!
Connection to test.rmohan.com 143 port [tcp/imap] succeeded!
Connection to test.rmohan.com 199 port [tcp/smux] succeeded!
Connection to test.rmohan.com 783 port [tcp/*] succeeded!
Connection to test.rmohan.com 904 port [tcp/vmware-authd] succeeded!
Connection to test.rmohan.com993 port [tcp/imaps] succeeded!

[root@localhost thermal_zone]# nc -z localhost 1-1023
Connection to localhost 22 port [tcp/ssh] succeeded!
Connection to localhost 111 port [tcp/sunrpc] succeeded!

Hard Disk Specs details on Linux

Open the terminal and type the command:
# hdparm -I /dev/sda
OR
$ sudo hdparm -I /dev/sda

[root@localhost thermal_zone]# hdparm -I /dev/sda

/dev/sda:

ATA device, with non-removable media
Model Number: VBOX HARDDISK
Serial Number: VB81a9afe9-f59293fa
Firmware Revision: 1.0
Standards:
Used: ATA/ATAPI-6 published, ANSI INCITS 361-2002
Supported: 6 5 4
Configuration:
Logical max current
cylinders 16383 16383
heads 16 16
sectors/track 63 63
—
CHS current addressable sectors: 16514064
LBA user addressable sectors: 213311488
Logical/Physical Sector size: 512 bytes
device size with M = 1024*1024: 104156 MBytes
device size with M = 1000*1000: 109215 MBytes (109 GB)
cache/buffer size = 256 KBytes (type=DualPortCache)
Capabilities:
LBA, IORDY(cannot be disabled)
Standby timer values: spec’d by Vendor, no device specific minimum
R/W multiple sector transfer: Max = 128 Current = 128
DMA: mdma0 mdma1 mdma2 udma0 udma1 *udma2 udma3 udma4 udma5 udma6
Cycle time: min=120ns recommended=120ns
PIO: pio0 pio1 pio2 pio3 pio4
Cycle time: no flow control=120ns IORDY flow control=120ns
Commands/features:
Enabled Supported:
* Power Management feature set
* Write cache
* Look-ahead
* Mandatory FLUSH_CACHE
HW reset results:
CBLID- above Vih
Device num = 0 determined by the jumper
Checksum: correct

Windows Shortcut commands

Windows Shortcut commands

Start Menu >> Run

Accessibility Controls – access.cpl
Add Hardware Wizard – hdwwiz.cpl
Add/Remove Programs – appwiz.cpl
Administrative Tools – control admintools
Automatic Updates – wuaucpl.cpl
Bluetooth Transfer Wizard – fsquirt
Calculator – calc
Certificate Manager – certmgr.msc
Character Map – charmap
Check Disk Utility – chkdsk
Clipboard Viewer – clipbrd
Command Prompt – cmd
Component Services – dcomcnfg
Computer Management – compmgmt.msc
Date and Time Properties – timedate.cpl
DDE Shares – ddeshare
Device Manager – devmgmt.msc
Direct X Control Panel (If Installed)* – directx.cpl
Direct X Troubleshooter – dxdiag
Disk Cleanup Utility – cleanmgr
Disk Defragment – dfrg.msc
Disk Management – diskmgmt.msc
Disk Partition Manager – diskpart
Display Properties – control desktop
Display Properties – desk.cpl
Display Properties (w/Appearance Tab Preselected) – control color
Dr. Watson System Troubleshooting Utility – drwtsn32
Driver Verifier Utility – verifier
Event Viewer – eventvwr.msc
File Signature Verification Tool – sigverif
Findfast – findfast.cpl
Folders Properties – control folders
Fonts – control fonts
Fonts Folder – fonts
Free Cell Card Game – freecell
Game Controllers – joy.cpl
Group Policy Editor (XP Prof) – gpedit.msc
Hearts Card Game – mshearts
Iexpress Wizard – iexpress
Indexing Service – ciadv.msc
Internet Properties – inetcpl.cpl
IP Configuration (Display Connection Configuration) – ipconfig /all
IP Configuration (Display DNS Cache Contents) – ipconfig /displaydns
IP Configuration (Delete DNS Cache Contents) – ipconfig /flushdns
IP Configuration (Release All Connections) – ipconfig /release
IP Configuration (Renew All Connections) – ipconfig /renew
IP Configuration (Refreshes DHCP & Re – Registers DNS) – ipconfig /registerdns
IP Configuration (Display DHCP Class ID) – ipconfig /showclassid
IP Configuration (Modifies DHCP Class ID) – ipconfig /setclassid
Java Control Panel (If Installed) – jpicpl32.cpl
Java Control Panel (If Installed) – javaws
Keyboard Properties – control keyboard
Local Security Settings – secpol.msc
Local Users and Groups – lusrmgr.msc
Logs You Out Of Windows – logoff
Microsoft Chat – winchat
Minesweeper Game – winmine
Mouse Properties – control mouse
Mouse Properties – main.cpl
Network Connections – control netconnections
Network Connections – ncpa.cpl
Network Setup Wizard – netsetup.cpl
Notepad – notepad
Nview Desktop Manager (If Installed) – nvtuicpl.cpl
Object Packager – packager
ODBC Data Source Administrator – odbccp32.cpl
On Screen Keyboard – osk
Opens AC3 Filter (If Installed) – ac3filter.cpl
Password Properties – password.cpl
Performance Monitor – perfmon.msc
Performance Monitor – perfmon
Phone and Modem Options – telephon.cpl
Power Configuration – powercfg.cpl
Printers and Faxes – control printers
Printers Folder – printers
Private Character Editor – eudcedit
Quicktime (If Installed) – QuickTime.cpl
Regional Settings – intl.cpl
Registry Editor – regedit
Registry Editor – regedit32
Remote Desktop – mstsc
Removable Storage – ntmsmgr.msc
Removable Storage Operator Requests – ntmsoprq.msc
Resultant Set of Policy (XP Prof) – rsop.msc
Scanners and Cameras – sticpl.cpl
Scheduled Tasks – control schedtasks
Security Center – wscui.cpl
Services – services.msc
Shared Folders – fsmgmt.msc
Shuts Down Windows – shutdown
Sounds and Audio – mmsys.cpl
Spider Solitare Card Game – spider
SQL Client Configuration – cliconfg
System Configuration Editor – sysedit
System Configuration Utility – msconfig
System File Checker Utility (Scan Immediately) – sfc /scannow
System File Checker Utility (Scan Once At Next Boot) – sfc /scanonce
System File Checker Utility (Scan On Every Boot) – sfc /scanboot
System File Checker Utility (Return to Default Setting) – sfc /revert
System File Checker Utility (Purge File Cache) – sfc /purgecache
System File Checker Utility (Set Cache Size to size x) – sfc /cachesize=x
System Properties – sysdm.cpl
Task Manager – taskmgr
Telnet Client – telnet
User Account Management – nusrmgr.cpl
Utility Manager – utilman
Windows Firewall – firewall.cpl
Windows Magnifier – magnify
Windows Management Infrastructure – wmimgmt.msc
Windows System Security Tool – syskey
Windows Update Launches – wupdmgr
Windows XP Tour Wizard – tourstart
Wordpad – write

Commands to Monitor Servers (CENTOS AND REDHAT)

These commands are mainly for rpm based linux servers like CentOS etc..

May be some commands works in ubuntu servers etc…

Command to find out total established connections, closing connection, TIME_WAIT and much more.

netstat -nat | awk ‘{print $6}’ | sort | uniq -c | sort -n

Sample Output:

1 established
1 Foreign
5 LISTEN
16 TIME_WAIT
19 ESTABLISHED

ig out more information about a specific ip address

netstat -nat |grep {IP-address} | awk ‘{print $6}’ | sort | uniq -c | sort -n

2 LISTEN
4 FIN_WAIT1
4 ESTABLISHED
7 TIME_WAIT

To print list of all unique IP address connected to server, enter:

netstat -nat | awk ‘{ print $5}’ | cut -d: -f1 | sed -e ‘/^$/d’ | uniq

To print total of all unique IP address, enter:

netstat -nat | awk ‘{ print $5}’ | cut -d: -f1 | sed -e ‘/^$/d’ | uniq | wc -l

If Box is Under DoS Attack or Not

If you think your Linux box is under attack, print out a list of open connections on your box and sorts them by according to IP address, enter:

netstat -atun | awk ‘{print $5}’ | cut -d: -f1 | sed -e ‘/^$/d’ |sort | uniq -c | sort -n

ommand to list the connections to port 80:

netstat -alntp | grep :80

To check the number of connections to port 80:

netstat -alntp | grep :80 | wc -l

Command To Find Out Top 10 CPU Consuming Process

ps -auxf | sort -nr -k 3 | head -10

Command To Find Out The Top 10 Memory Consuming Process

ps -auxf | sort -nr -k 4 | head -10

An useful command to list connections to a particular port with its proccess id.

For eg: Port 8080

lsof -w -n -i tcp:8080

Linux Screen Command

Steps

– Create a screen using the command

screen -S geopc

– Close the shell without logout

– Open a new shell and type

screen -ls

Sample Output:

There are screens on:
16921.joemon (Dead ???)
3981.name (Attached)
5002.geopc (Attached)
Remove dead screens with ‘screen -wipe’.
3 Sockets in /tmp/screens/S-root.

– You can login to that screen using the command screen -r ‘screen name’

screen -r 5002.geopc

To attach a scree that is already attached with the following command:

screen -x -R

Recent Posts

Pages

Categories

Archives

Recent Comments