Technology Group for Knowledge and Research: September 2016

Friday, 30 September 2016

Deny and Allow Any User To Use Cron Job

Restrict users “tom”, “puppet” and “amit” to use cron jobs.

To restrict any user to use cron jobs, enter their name on /etc/cron.deny and save it.
# vim /etc/cron.deny

tom
puppet
amit

~
~
:wq

Now login as one of those users and try to use crontab.

[root@ittroubleshooter ~]# vim /etc/cron.deny
[root@ittroubleshooter ~]# su - amit
[amit@ittroubleshooter ~]$ crontab -l
You (amit) are not allowed to use this program (crontab)
See crontab(1) for more information
[amit@ittroubleshooter ~]$ crontab -e
You (amit) are not allowed to use this program (crontab)
See crontab(1) for more information
[amit@ittroubleshooter ~]$

If again you want to allow them to use cron job facilities just remove their names from
/etc/cron.deny file.

Allow only three users “nagios”, “gaurav” and “root” to use cron jobs.

To allow any user to use cron facility, enter their name on /etc/cron.allow and save it.
# vim /etc/cron.allow

nagios
gaurav
root

~
~
:wq

Now login as one of those users and try to use crontab.

[root@ittroubleshooter ~]# vim /etc/cron.allow
[root@ittroubleshooter ~]# rm -rf /etc/cron.deny
[root@ittroubleshooter ~]# su - nagios
Last login: Thu Sep 15 16:58:01 IST 2016 on pts/1
[nagios@ittroubleshooter ~]$ crontab -l
40      3       2,9,16,23,30    9   *   sh /home/nagios/backup.sh

[nagios@ittroubleshooter ~]$ exit
logout
[root@ittroubleshooter ~]# su - gaurav
Last login: Mon Sep 12 20:10:57 IST 2016 from 10.88.12.163 on pts/0
[gaurav@ittroubleshooter ~]$ crontab -l
no crontab for gaurav
[gaurav@ittroubleshooter ~]$ exit
logout
[root@ittroubleshooter ~]# su - amit
Last login: Thu Sep 15 21:42:26 IST 2016 on pts/0
[amit@ittroubleshooter ~]$ crontab -l
You (amit) are not allowed to use this program (crontab)
See crontab(1) for more information
[amit@ittroubleshooter ~]$

Tip: Suppose, We have 20 users in our server, putting all 17 names in /etc/cron.deny file it is time consuming process. Instead we can create one more file i.e /etc/cron.allow in which we can assign those users who are allowed to use cron jobs.
/etc/cron.deny file exits by default.

Access Control Lists (ACLs) in Linux

ACLs Allow file-grained permissions to be allocated to a files and directories. Often, You want to share files among certain groups and specific users. It is a good practice to designate a directory for that purpose. You want to allow those groups and users to read, write and execute files in that directory, as well as create new files into the directory. Such special permissions can be given using ACL.

In ACL the permission flags apply: “r” – read, “w” – write, “x” – execute on files or directories.

File system mount option

ACL can be applied on ACL enabled partition that means you need to enable ACL while mounting the partition. But XFS file systems have built-in ACL support. EXT4, EXT3, EXT2 file systems created on Centos7/RHEL7 have the acl option enabled by default, but EXT4, EXT3, EXT2 file systems created in earlier version of Centos or RHEL may need the acl option included with the mount request.

Note: If you are using a earlier version of Centos, RHEL or Fedora you may need add acl option while mounting the disk, using below syntax command.

#mount -o acl <Partition Name> <Mount Point>

In our case acl by default, To make sure that partition is mounted with acl option or not, check using below command.

[root@server1 /]# tune2fs -l /dev/aclvg/acllv | grep acl

Default mount options: user_xattr acl

[root@server1 /]#

Before starting with ACLs make sure that you have required packages installed.

[root@server1 ~]# yum install acl libacl [RPM based systems]

[gaurav@client2 ~]$ sudo apt-get install acl [Debian Based systems]

1.) Check how acl will work.

There are two types of ACLs; Default ACLs and Access ACLs. Let’s check the default permission (Default ACLs) and acl permission (Access ACLs) on files or directories. Use the getfacl command.

#getfacl <option> <dir/file name>

Options:

-d Displays the defaults ACL.
-R Recurses into subdirectories.

[root@server1 ~]# getfacl /storage/

getfacl: Removing leading '/' from absolute path names

# file: storage/

# owner: root

# group: root

user::rwx

group::r-x

other::r-x

As above shows the default permission of /storage directory. Now let’s assign full permission to the directory and then apply acl on it,so that we can analyze how acl will work.

[root@server1 ~]# chmod 777 /storage/

[root@server1 ~]# ls -ld /storage/

drwxrwxrwx. 3 root root 4096 Sep 28 22:27 /storage/

[root@server1 ~]#

Now we are ready to apply acl, but first lets understand the command and options in details. The syntax to apply acl is;

#setfacl <option> <file/directory name>

Options:

-m   Modifies an ACL.
-x     Removes an ACL.
-R    Recurses into subdirectories.

The possible arguments are

u:   user
g:   group
o:   others

Now, To assign read and execute permission to a particular user the syntax is;

#setfacl -m u:<username>:<permission> <file or dir name>

#setfacl -m u:anil:rx /storage

[root@server1 ~]# setfacl -m u:anil:rx /storage

[root@server1 ~]# getfacl /storage/

getfacl: Removing leading '/' from absolute path names

# file: storage/

# owner: root

# group: root

user::rwx

user:anil:r-x

group::rwx

mask::rwx

other::rwx

[root@server1 ~]#

As shows above, anil user have the permission read and execute the /storage directory.

Now login as “anil” user and try to create a file inside /storage directory, as we have not assigned write permission to “anil” user, though it is having full permission, still it will not allow “anil” to create file inside it.

[root@server1 ~]# su - anil

Last login: Wed Sep 28 22:10:56 EDT 2016 on pts/1

[anil@server1 ~]$ cd /storage/

[anil@server1 storage]$ touch sandetails.txt

touch: cannot touch ‘sandetails.txt’: Permission denied

[anil@server1 storage]$ ls -ld /storage/

drwxrwxrwx+ 3 root root 4096 Sep 28 22:27 /storage/

[anil@server1 storage]$

Observe that when you check for the permission it is showing a “+” sign after normal permission, that indicate that ACL is applied on this directory.

2.) To assign read,write and execute permission to anil user.

# setfacl -m u:anil:rwx /storage

[root@server1 /]# setfacl -m u:anil:rwx /storage

[root@server1 /]# su - anil

Last login: Wed Sep 28 22:56:49 EDT 2016 on pts/0

[anil@server1 ~]$ cd /storage/

[anil@server1 storage]$ touch sandetails.txt

[anil@server1 storage]$ ll

total 24

drwx------. 2 root root 16384 Sep 28 22:27 lost+found

-rw-rw-r--. 1 anil anil 0 Sep 28 23:13 sandetails.txt

[anil@server1 storage]$

After assign the permission of execution “anil” user can create the files.

3.) Assigning read and execute permission for a user and group.

#setfacl -m u:anil:rx,g:Network:rx /storage

[root@server1 /]# getent group | grep Network

Network:x:1005:sam,frank

[root@server1 /]# setfacl -m u:anil:rx,g:Network:rx /storage

[root@server1 /]# getfacl /storage/

getfacl: Removing leading '/' from absolute path names

# file: storage/

# owner: root

# group: root

user::rwx

user:anil:r-x

group::rwx

group:Network:r-x

mask::rwx

other::rwx

4.) Removing acl for a particular user and group.

#setfacl -x u:<username> <file name/Directory Name>

[root@server1 /]# setfacl -x u:anil /storage

[root@server1 /]# getfacl /storage/

getfacl: Removing leading '/' from absolute path names

# file: storage/

# owner: root

# group: root

user::rwx

group::rwx

group:Network:r-x

mask::rwx

other::rwx

#setfacl -x g:<group name> <file/Directory Name>

[root@server1 /]# setfacl -x g:Network /storage

[root@server1 /]# getfacl /storage/

getfacl: Removing leading '/' from absolute path names

# file: storage/

# owner: root

# group: root

user::rwx

group::rwx

mask::rwx

other::rwx

You can also use of “-b” option to remove all ACL permission from a file and directory, syntax as follow.

#setfacl -b <file/directory name>

For example, Lets apply back some acl to “storage” directory and remove it using above command.

[root@server1 /]# setfacl -m u:anil:rwx,g:Network:rwx /storage

[root@server1 /]# getfacl /storage/

getfacl: Removing leading '/' from absolute path names

# file: storage/

# owner: root

# group: root

user::rwx

user:anil:rwx

group::rwx

group:Network:rwx

mask::rwx

other::rwx

[root@server1 /]# setfacl -b /storage/

[root@server1 /]# getfacl /storage/

getfacl: Removing leading '/' from absolute path names

# file: storage/

# owner: root

# group: root

user::rwx

group::rwx

other::rwx

5.) Assign acl to the file.

ACL can also be applied to a file in exactly similar passion as we did for a directory.

#setfacl -m u:anil:rwx /storage/

[root@server1 /]# setfacl -m u:anil:rwx /storage/file1

setfacl: /storage/file1: No such file or directory

[root@server1 /]# touch /storage/file1

[root@server1 /]# setfacl -m u:anil:rwx /storage/file1

[root@server1 /]# su - anil

Last login: Wed Sep 28 23:13:50 EDT 2016 on pts/0

[anil@server1 ~]$ echo "ACL is assign on file1" > /storage/file1

[anil@server1 ~]$ cat /storage/file1

ACL is assign on file1

[anil@server1 ~]$

As you seen that “anil” user can read, write and execute the file1 after assign the acl.!!!

Linux Command-line Tricks

In this article, I am going to share with you the collection of several interesting, unique command-line tricks.
If you are a Linux administrator or Linux user, let’s start with some Linux command line tricks to enhance the creativeness at the terminal.

1) Only one user to allow to switch on root account as an administration user.

Sometimes, a sys admin have some kind of the requirements to allow only one user to switch on root account. Use the following steps,

a.) Add user on “wheel” group

#gpasswd -a <user name> <group name> (Where, “a” Add the user to the named group.)

[root@server1 ~]# gpasswd -a gaurav wheel

Adding user gaurav to group wheel

[root@server1 ~]# cat /etc/group | grep wheel

wheel:x:10:gaurav

[root@server1 ~]#

We added “gaurav” user on “wheel” group.

b.) Edit the /etc/pam.d/su file.

#vim /etc/pam.d/su Uncomment the following line(line no. 6).

#%PAM-1.0

auth sufficient pam_rootok.so

# Uncomment the following line to implicitly trust users in the "wheel" group.

#auth sufficient pam_wheel.so trust use_uid

# Uncomment the following line to require a user to be in the "wheel" group.

auth required pam_wheel.so use_uid

auth substack system-auth

auth include postlogin

account sufficient pam_succeed_if.so uid = 0 use_uid quiet

account include system-auth

password include system-auth

session include system-auth

session include postlogin

session optional pam_xauth.so

:wq

c.) Now try to check with user login.

[gaurav@server1 ~]$ su - root

Password:

Last login: Fri Sep 23 06:13:30 EDT 2016 from 192.168.1.5 on pts/1

[root@server1 ~]# exit

logout

[gaurav@server1 ~]$ su - anil

Password:

Last login: Mon Sep 19 11:32:05 EDT 2016 on pts/1

[anil@server1 ~]$ su - root

Password:

su: Permission denied

[anil@server1 ~]$

As shown, “gaurav” user can switch to root account but “anil” user not able to login on root account and showing Permission denied.

2) Run the last command as any user.

#!!

[root@server1 ~]# cat /etc/group | grep wheel

wheel:x:10:gaurav

[root@server1 ~]# !!

cat /etc/group | grep wheel

wheel:x:10:gaurav

[root@server1 ~]#

3) Find out the current shell name.

You can identify your current shell using following command, #echo $SHELL or echo $0

[root@server1 ~]# echo $SHELL

/bin/bash

[root@server1 ~]# echo $0

-bash

[root@server1 ~]#

Where, “$SHELL” is the environment variable that stores the name of current shell and “$0” shows the name of program.

4) Some Tip and Tricks for shutdown command.

# shutdown -r now or init 6

[root@server1 ~]# shutdown -r now

PolicyKit daemon disconnected from the bus.

We are no longer a registered authentication agent.

Connection to 192.168.1.10 closed by remote host.

It will reboot the system.

#shutdown -h now or init 0

[root@server1 ~]# shutdown -h now

It will shutdown the server now (i.e power off)

# shutdown 06:45

[root@server1 ~]# date

Fri Sep 23 06:39:54 EDT 2016

[root@server1 ~]# shutdown 06:45

Shutdown scheduled for Fri 2016-09-23 06:45:00 EDT, use 'shutdown -c' to cancel.

[root@server1 ~]#

System will shutdown at a specific time.

# shutdown -c

[root@server1 ~]# shutdown -c

Broadcast message from root@server1 (Fri 2016-09-23 06:41:44 EDT):

The system shutdown has been cancelled at Fri 2016-09-23 06:42:44 EDT!

[root@server1 ~]#

As shown, system shutdown has been cancelled.

5) Download rpm file in specific directory by using downloadonly plugin.

Make specific directory and install “yum-utils“. (If you want, how to configure the yum server, refer below link.)

configure-linux-yum-server-step-by-step

[root@server1 /]# mkdir /package

[root@server1 ]# yum install yum-utils

Loaded plugins: fastestmirror

Loading mirror speeds from cached hostfile

Resolving Dependencies

--> Running transaction check

. . . .

Transaction Summary

============================================

Install 1 Package (+2 Dependent packages)

Total download size: 607 k

Installed size: 2.8 M

Is this ok [y/d/N]: y

Now, Download the rpm file.

[root@server1 sambapackages]# yumdownloader --destdir=/package httpd

Loaded plugins: fastestmirror

Loading mirror speeds from cached hostfile

httpd-2.4.6-40.el7.centos.x86_64.rpm | 2.7 MB 00:00:00

[root@server1 sambapackages]# ls

httpd-2.4.6-40.el7.centos.x86_64.rpm

[root@server1 sambapackages]# yumdownloader --destdir=/package samba

Loaded plugins: fastestmirror

Loading mirror speeds from cached hostfile

samba-4.2.3-10.el7.x86_64.rpm | 601 kB 00:00:00

[root@server1 sambapackages]# ls

httpd-2.4.6-40.el7.centos.x86_64.rpm samba-4.2.3-10.el7.x86_64.rpm

[root@server1 sambapackages]#

6) Close a terminal without saving the history in Linux.

Your shell’s history is saved in the file indicated by the HISTFILE variable.

#unset HISTFILE and #history -c (Where, “c” is used to Clear current session history.)

[gaurav@server1 ~]$ unset HISTFILE

[gaurav@server1 ~]$ free -m

total used free shared buff/cache available

Mem: 993 96 688 6 207 747

Swap: 2047 0 2047

[gaurav@server1 ~]$ w -u

07:11:23 up 33 min, 1 user, load average: 0.00, 0.01, 0.05

USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT

root pts/0 192.168.1.5 06:39 3.00s 0.35s 0.03s w -u

[gaurav@server1 ~]$ exit

logout

[root@server1 ~]# su - gaurav

Last login: Fri Sep 23 07:10:57 EDT 2016 on pts/0

[gaurav@server1 ~]$ history

1 history

[gaurav@server1 ~]$

As show above, User “gaurav” not find any history for previous session.

7) Make a Multiple directories using one command.

Make some directories according to the following in one command.

[root@server1 ~]# mkdir -p linux/{Storage/{san,nas,das},Network/{security,firewall,switch},Database/{oracle,mysql},Application/{tomcat,apache}}

[root@server1 ~]# tree linux/

linux/

├── Application

│ ├── apache

│ └── tomcat

├── Database

│ ├── mysql

│ └── oracle

├── Network

│ ├── firewall

│ ├── security

│ └── switch

└── Storage

├── das

├── nas

└── san

14 directories, 0 files

[root@server1 ~]#

Note: “tee” or “ls -R” command is used to check the status.If “tree” package is not installed then install it, using ” yum install -y tree” command.

8) check the system’s reboot date and time.

#who -b

[root@server1 ~]# who -b

system boot 2016-09-23 06:38

[root@server1 ~]#

#last reboot

[root@server1 ~]# last reboot

reboot system boot 3.10.0-327.el7.x Fri Sep 23 06:38 - 07:16 (00:38)

reboot system boot 3.10.0-327.el7.x Fri Sep 23 05:59 - 07:16 (01:17)

reboot system boot 3.10.0-327.el7.x Fri Sep 23 05:56 - 07:16 (01:20)

9) Set Hostname permanenelty in centos7/rhel7/fedora22.

#hostnamectl set-hostname <hostname> (Where, hostnamectl is used to control the system hostname).

[root@localhost ~]# hostname

localhost

[root@localhost ~]# hostnamectl set-hostname server1

[root@localhost ~]# hostname

server1

[root@localhost ~]#

Note: Re-login on the session, it will display “server1” instead of “localhost”.

10) Delete the files within the ranges between 20 to 100 days.

# find <directory location> -mtime +20 -mtime -100 -iname “*.dbf” -delete

[root@server1 log]# date

Fri Sep 23 16:58:50 EDT 2016

[root@server1 log]# ll

total 0

-rw-r--r--. 1 root root 0 Aug 2 18:01 aug1.dbf

-rw-r--r--. 1 root root 0 Aug 2 18:01 aug2.dbf

-rw-r--r--. 1 root root 0 Aug 2 18:01 aug3.dbf

-rw-r--r--. 1 root root 0 Aug 2 18:01 aug4.dbf

-rw-r--r--. 1 root root 0 Jul 15 18:00 jul1.dbf

-rw-r--r--. 1 root root 0 Jul 15 18:00 jul2.dbf

-rw-r--r--. 1 root root 0 Jul 15 18:00 jul3.dbf

-rw-r--r--. 1 root root 0 Jul 15 18:00 jul4.dbf

-rw-r--r--. 1 root root 0 Sep 23 16:57 sep10.dbf

-rw-r--r--. 1 root root 0 Sep 23 16:57 sep1.dbf

-rw-r--r--. 1 root root 0 Sep 23 16:57 sep2.dbf

-rw-r--r--. 1 root root 0 Sep 23 16:57 sep3.dbf

-rw-r--r--. 1 root root 0 Sep 23 16:57 sep4.dbf

-rw-r--r--. 1 root root 0 Sep 23 16:57 sep5.dbf

-rw-r--r--. 1 root root 0 Sep 23 16:57 sep6.dbf

-rw-r--r--. 1 root root 0 Sep 23 16:57 sep7.dbf

-rw-r--r--. 1 root root 0 Sep 23 16:57 sep8.dbf

-rw-r--r--. 1 root root 0 Sep 23 16:57 sep9.dbf

[root@server1 log]# find /root/log/ -mtime +20 -mtime -100 -iname "*.dbf" -delete

[root@server1 log]# ll

total 0

-rw-r--r--. 1 root root 0 Sep 23 16:57 sep10.dbf

-rw-r--r--. 1 root root 0 Sep 23 16:57 sep1.dbf

-rw-r--r--. 1 root root 0 Sep 23 16:57 sep2.dbf

-rw-r--r--. 1 root root 0 Sep 23 16:57 sep3.dbf

-rw-r--r--. 1 root root 0 Sep 23 16:57 sep4.dbf

-rw-r--r--. 1 root root 0 Sep 23 16:57 sep5.dbf

-rw-r--r--. 1 root root 0 Sep 23 16:57 sep6.dbf

-rw-r--r--. 1 root root 0 Sep 23 16:57 sep7.dbf

-rw-r--r--. 1 root root 0 Sep 23 16:57 sep8.dbf

-rw-r--r--. 1 root root 0 Sep 23 16:57 sep9.dbf

[root@server1 log]#

As shown, all the files within the ranges between 20 to 100 days are deleted.

11) Display the top ten running processes – sorted by memory usage.

# ps aux –sort -rss | head or ps -auxf | sort -nr -k 4 | head (if you want to read more about how to manage the process, refer below link. )

[root@server1 ]# ps aux --sort -rss | head

USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND

orabip   11877  0.0 11.3 9291280 3677596 ?     Ss   Aug17   4:52 ora_dbw0_BIP

orabip   11881  0.0 11.1 9291280 3624720 ?     Ss   Aug17   9:33 ora_dbw1_BIP

orabip   11885  0.0 11.0 9289232 3601160 ?     Ss   Aug17   8:20 ora_dbw2_BIP

root     12266  1.1  8.6 2843564 2818020 ?     Ss    2015 7239:52 /usr/sap/hostctrl/exe/saposcol -l -w60 pf=/usr/sap/hostctrl/exe/host_profile

orabip   29913  0.0  8.3 9286900 2708388 ?     Ss   Aug23  26:51 oracleBIP (LOCAL=NO)

orabip   29883  0.0  7.9 9284840 2579220 ?     Ss   Aug23  22:14 oracleBIP (LOCAL=NO)

orabip   29887  0.0  7.9 9294964 2569704 ?     Ss   Aug23  16:45 oracleBIP (LOCAL=NO)

orabip   29921  0.0  7.6 9284856 2496932 ?     Ss   Aug23  23:27 oracleBIP (LOCAL=NO)

orabip   29879  0.0  7.5 9284836 2465056 ?     Ss   Aug23  17:10 oracleBIP (LOCAL=NO)

[root@server1 ]#

12) Add and remove Password Protection to a file using vim.

#vim -x <FILENAME>

[root@server1 ]# vim -x linux ↵

Once we enter the command, it will ask for the password.

Enter encryption key: ******

Enter same key again: ******

Now enter the content on this file.

Linux is the future.

future for linux.

future for linux.

Linux is the future.

:wq

Now next time you open the file it will ask the password.

[root@server1 ]# vim  linux ↵

Need encryption key for "linux"

Enter encryption key: ******

Now, how to remove the password of file.

For removing the password of file, first open the file and type :set key= then, save it.

13) Find Duplicate Files on system.

Using below command you can find out the duplicate files based on size and MD5 hash.Let’s take the copy of “linux” file on “log” directory,So we have duplicate copy of “linux” file.

[root@server1 ~]# ls

anaconda-ks.cfg  anaconda-screenshots  linux  linuxservers.doc  log

[root@server1 ~]# cp -v linux log/

‘linux’ -> ‘log/linux’

[root@server1 ~]# find  -not -empty -type f -printf "%s\n" | sort -rn | uniq -d | xargs -I{} -n1 find -type f -size {}c -print0 | xargs -0 md5sum | sort | uniq -w32 --all-repeated=separate

59fbf515b5d267678cd4f33c569b3543  ./linux

59fbf515b5d267678cd4f33c569b3543  ./log/linux

f36c8d9f581e332e7c643579974df9f4  ./anaconda-screenshots/screenshot-0000.png

f36c8d9f581e332e7c643579974df9f4  ./anaconda-screenshots/screenshot-0001.png

[root@server1 ~]#

14) Without sorting Remove duplicate entries in a file and save on different file.

#awk ‘!x[$0]++’ <file>

Suppose we have file on which some duplicate entries are there, as follow

[root@server1 ~]# cat linux

Linux is the future.

future for linux.

future for linux.

Linux is the future.

[root@server1 ~]# awk '!x[$0]++' linux > linuxnew

[root@server1 ~]# cat linuxnew

Linux is the future.

future for linux.

[root@server1 ~]#

15) Find out the linux version on fedora/centos/rhel.

#cat /etc/*-release

[root@server1 ~]# cat /etc/*-release

CentOS Linux release 7.2.1511 (Core)

NAME="CentOS Linux"

VERSION="7 (Core)"

ID="centos"

ID_LIKE="rhel fedora"

VERSION_ID="7"

PRETTY_NAME="CentOS Linux 7 (Core)"

ANSI_COLOR="0;31"

CPE_NAME="cpe:/o:centos:centos:7"

HOME_URL="https://www.centos.org/"

BUG_REPORT_URL="https://bugs.centos.org/"

CENTOS_MANTISBT_PROJECT="CentOS-7"

CENTOS_MANTISBT_PROJECT_VERSION="7"

REDHAT_SUPPORT_PRODUCT="centos"

REDHAT_SUPPORT_PRODUCT_VERSION="7"

CentOS Linux release 7.2.1511 (Core)

CentOS Linux release 7.2.1511 (Core)

[root@server1 ~]#

16) Execute the three command in simple command.

[root@server1 ~]# yum clean all && yum remove all && yum repolist all

Loaded plugins: fastestmirror

Cleaning repos: Centos7

Cleaning up everything

Cleaning up list of fastest mirrors

Loaded plugins: fastestmirror

No Match for argument: all

No Packages marked for removal

Loaded plugins: fastestmirror

Centos7                                                                                                                    | 3.6 kB  00:00:00

(1/2): Centos7/group_gz                                                                                                    | 155 kB  00:00:00

(2/2): Centos7/primary_db                                                                                                  | 5.3 MB  00:00:00

Determining fastest mirrors

repo id                                                     repo name                                                               status

Centos7                                                     Centos7 repository                                                      enabled: 9,007

repolist: 9,007

[root@server1 ~]#

17) 10 biggest files/folders for the current directory.

[root@server1 ~]# du -s * | sort -n | tail

18) Mount .iso file in UNIX/Linux.

[root@server1 ~]#ls

CentOS-7-x86_64-Minimal-1511(1).iso

[root@server1 ~]#mount -o loop /root/CentOS-7-x86_64-Minimal-1511\(1\).iso /mnt

mount: /dev/loop0 is write-protected, mounting read-only

[root@server1 ~]#ls

CentOS_BuildTag  EFI  EULA  GPL  images  isolinux  LiveOS  Packages  repodata  RPM-GPG-KEY-CentOS-7  RPM-GPG-KEY-CentOS-Testing-7  TRANS.TBL

[root@server1 ~]#

19) Bind the /mnt directory with ftp pub dir.

As above, We mounted .iso file on /mnt directory.Now bind /mnt dir with pub dir.

[root@server1 ~]# mount --bind /mnt /var/ftp/pub/

Let’s see files in pub directory.

[root@server1 ~]# ftp 192.168.1.10

Connected to 192.168.1.10 (192.168.1.10).

220 (vsFTPd 3.0.2)

Name (192.168.1.10:root): ftp

331 Please specify the password.

Password:

230 Login successful.

Remote system type is UNIX.

Using binary mode to transfer files.

ftp> ls

227 Entering Passive Mode (192,168,1,10,156,103).

150 Here comes the directory listing.

drwxr-xr-x    5 0        0              94 Sep 18 05:39 pub

226 Directory send OK.

ftp> cd pub

250 Directory successfully changed.

ftp> ls

227 Entering Passive Mode (192,168,1,10,220,192).

150 Here comes the directory listing.

-r--r--r--    1 0        0              14 Sep 17 10:15 CentOS_BuildTag

dr-xr-xr-x    3 0        0            4096 Sep 17 10:15 EFI

-r--r--r--    1 0        0             215 Sep 17 10:15 EULA

-r--r--r--    1 0        0           18009 Sep 17 10:15 GPL

dr-xr-xr-x    2 0        0            4096 Sep 17 10:16 LiveOS

dr-xr-xr-x    2 0        0          655360 Sep 17 10:23 Packages

-r--r--r--    1 0        0            1690 Sep 17 10:23 RPM-GPG-KEY-CentOS-7

-r--r--r--    1 0        0            1690 Sep 17 10:23 RPM-GPG-KEY-CentOS-Testing-7

-r--r--r--    1 0        0            2883 Sep 17 10:23 TRANS.TBL

drwxr-xr-x    2 0        0            4096 Sep 17 10:37 centos7

dr-xr-xr-x    3 0        0            4096 Sep 17 10:16 images

dr-xr-xr-x    2 0        0            4096 Sep 17 10:16 isolinux

dr-xr-xr-x    2 0        0            4096 Sep 17 10:23 repodata

226 Directory send OK.

ftp>

20) Record the session of terminal.

You can use “script” command to record your session.

# script -a session1 (Where, “a” is used append the file).

[root@server1 ~]# script -a session1

Script started, file is session1

[root@server1 ~]# free -m

              total        used        free      shared  buff/cache   available

Mem:            993         103         504           6         384         695

Swap:          2047           0        2047

[root@server1 ~]# ps aux | sort -nk +4 | tail

root      3254  0.0  0.4 140772  5060 ?        Ss   16:51   0:01 sshd: root@pts/0

root       502  0.0  0.4  46128  4824 ?        Ss   16:08   0:00 /usr/lib/systemd/systemd-udevd

root       658  0.0  0.4 222116  4148 ?        Ssl  16:09   0:00 /usr/sbin/rsyslogd -n

root       498  0.0  0.5 194664  5812 ?        Ss   16:08   0:00 /usr/sbin/lvmetad -f

root         1  0.0  0.6 125816  6508 ?        Ss   16:08   0:02 /usr/lib/systemd/systemd --switched-root --system --deserialize 21

root       725  0.0  0.7 434632  7908 ?        Ssl  16:09   0:01 /usr/sbin/NetworkManager --no-daemon

polkitd    894  0.0  1.2 523524 12812 ?        Ssl  16:09   0:00 /usr/lib/polkit-1/polkitd --no-debug

root      7939  0.0  1.5 110504 15756 ?        S    17:46   0:00 /sbin/dhclient -d -q -sf /usr/libexec/nm-dhcp-helper -pf /var/run/dhclient-enp0s8.pid -lf /var/lib/NetworkManager/dhclient-d280a381-6718-46db-b168-90856f0d9ecf-enp0s8.lease -cf /var/lib/NetworkManager/dhclient-enp0s8.conf enp0s8

root      1260  0.0  1.6 553060 16300 ?        Ssl  16:09   0:00 /usr/bin/python -Es /usr/sbin/tuned -l -P

root       664  0.0  2.2 323572 23276 ?        Ssl  16:09   0:02 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

[root@server1 ~]# who

root     pts/0        2016-09-23 07:20 (192.168.1.5)

root     pts/1        2016-09-23 17:46

[root@server1 ~]# exit

exit

Script done, file is session1

[root@server1 ~]# ls

anaconda-ks.cfg   linux  linuxnew    log  session1

[root@server1 ~]#

Note: Session record is recored on “session1” file. You can check using “cat session1” command.

[root@server1 ]# ps aux --sort -rss | head

USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND

orabip   11877  0.0 11.3 9291280 3677596 ?     Ss   Aug17   4:52 ora_dbw0_BIP

orabip   11881  0.0 11.1 9291280 3624720 ?     Ss   Aug17   9:33 ora_dbw1_BIP

orabip   11885  0.0 11.0 9289232 3601160 ?     Ss   Aug17   8:20 ora_dbw2_BIP

root     12266  1.1  8.6 2843564 2818020 ?     Ss    2015 7239:52 /usr/sap/hostctrl/exe/saposcol -l -w60 pf=/usr/sap/hostctrl/exe/host_profile

orabip   29913  0.0  8.3 9286900 2708388 ?     Ss   Aug23  26:51 oracleBIP (LOCAL=NO)

orabip   29883  0.0  7.9 9284840 2579220 ?     Ss   Aug23  22:14 oracleBIP (LOCAL=NO)

orabip   29887  0.0  7.9 9294964 2569704 ?     Ss   Aug23  16:45 oracleBIP (LOCAL=NO)

orabip   29921  0.0  7.6 9284856 2496932 ?     Ss   Aug23  23:27 oracleBIP (LOCAL=NO)

orabip   29879  0.0  7.5 9284836 2465056 ?     Ss   Aug23  17:10 oracleBIP (LOCAL=NO)

[root@server1 ]#

12) Add and remove Password Protection to a file using vim.

#vim -x <FILENAME>

[root@server1 ]# vim -x linux ↵

Once we enter the command, it will ask for the password.

Enter encryption key: ******

Enter same key again: ******

Now enter the content on this file.

Linux is the future.

future for linux.

future for linux.

Linux is the future.

:wq

Now next time you open the file it will ask the password.

[root@server1 ]# vim  linux ↵

Need encryption key for "linux"

Enter encryption key: ******

[root@server1 ~]# ls

anaconda-ks.cfg  anaconda-screenshots  linux  linuxservers.doc  log

[root@server1 ~]# cp -v linux log/

‘linux’ -> ‘log/linux’

[root@server1 ~]# find  -not -empty -type f -printf "%s\n" | sort -rn | uniq -d | xargs -I{} -n1 find -type f -size {}c -print0 | xargs -0 md5sum | sort | uniq -w32 --all-repeated=separate

59fbf515b5d267678cd4f33c569b3543  ./linux

59fbf515b5d267678cd4f33c569b3543  ./log/linux

f36c8d9f581e332e7c643579974df9f4  ./anaconda-screenshots/screenshot-0000.png

f36c8d9f581e332e7c643579974df9f4  ./anaconda-screenshots/screenshot-0001.png

[root@server1 ~]#

14) Without sorting Remove duplicate entries in a file and save on different file.

#awk ‘!x[$0]++’ <file>

Suppose we have file on which some duplicate entries are there, as follow

[root@server1 ~]# cat linux

Linux is the future.

future for linux.

future for linux.

Linux is the future.

[root@server1 ~]# awk '!x[$0]++' linux > linuxnew

[root@server1 ~]# cat linuxnew

Linux is the future.

future for linux.

[root@server1 ~]#

15) Find out the linux version on fedora/centos/rhel.

#cat /etc/*-release

[root@server1 ~]# cat /etc/*-release

CentOS Linux release 7.2.1511 (Core)

NAME="CentOS Linux"

VERSION="7 (Core)"

ID="centos"

ID_LIKE="rhel fedora"

VERSION_ID="7"

PRETTY_NAME="CentOS Linux 7 (Core)"

ANSI_COLOR="0;31"

CPE_NAME="cpe:/o:centos:centos:7"

HOME_URL="https://www.centos.org/"

BUG_REPORT_URL="https://bugs.centos.org/"

CENTOS_MANTISBT_PROJECT="CentOS-7"

CENTOS_MANTISBT_PROJECT_VERSION="7"

REDHAT_SUPPORT_PRODUCT="centos"

REDHAT_SUPPORT_PRODUCT_VERSION="7"

CentOS Linux release 7.2.1511 (Core)

CentOS Linux release 7.2.1511 (Core)

[root@server1 ~]#

16) Execute the three command in simple command.

[root@server1 ~]# yum clean all && yum remove all && yum repolist all

Loaded plugins: fastestmirror

Cleaning repos: Centos7

Cleaning up everything

Cleaning up list of fastest mirrors

Loaded plugins: fastestmirror

No Match for argument: all

No Packages marked for removal

Loaded plugins: fastestmirror

Centos7                                                                                                                    | 3.6 kB  00:00:00

(1/2): Centos7/group_gz                                                                                                    | 155 kB  00:00:00

(2/2): Centos7/primary_db                                                                                                  | 5.3 MB  00:00:00

Determining fastest mirrors

repo id                                                     repo name                                                               status

Centos7                                                     Centos7 repository                                                      enabled: 9,007

repolist: 9,007

[root@server1 ~]#

17) 10 biggest files/folders for the current directory.

[root@server1 ~]# du -s * | sort -n | tail

18) Mount .iso file in UNIX/Linux.

[root@server1 ~]#ls

CentOS-7-x86_64-Minimal-1511(1).iso

[root@server1 ~]#mount -o loop /root/CentOS-7-x86_64-Minimal-1511\(1\).iso /mnt

mount: /dev/loop0 is write-protected, mounting read-only

[root@server1 ~]#ls

CentOS_BuildTag  EFI  EULA  GPL  images  isolinux  LiveOS  Packages  repodata  RPM-GPG-KEY-CentOS-7  RPM-GPG-KEY-CentOS-Testing-7  TRANS.TBL

[root@server1 ~]#

19) Bind the /mnt directory with ftp pub dir.

As above, We mounted .iso file on /mnt directory.Now bind /mnt dir with pub dir.

[root@server1 ~]# mount --bind /mnt /var/ftp/pub/

Let’s see files in pub directory.

[root@server1 ~]# ftp 192.168.1.10

Connected to 192.168.1.10 (192.168.1.10).

220 (vsFTPd 3.0.2)

Name (192.168.1.10:root): ftp

331 Please specify the password.

Password:

230 Login successful.

Remote system type is UNIX.

Using binary mode to transfer files.

ftp> ls

227 Entering Passive Mode (192,168,1,10,156,103).

150 Here comes the directory listing.

drwxr-xr-x    5 0        0              94 Sep 18 05:39 pub

226 Directory send OK.

ftp> cd pub

250 Directory successfully changed.

ftp> ls

227 Entering Passive Mode (192,168,1,10,220,192).

150 Here comes the directory listing.

-r--r--r--    1 0        0              14 Sep 17 10:15 CentOS_BuildTag

dr-xr-xr-x    3 0        0            4096 Sep 17 10:15 EFI

-r--r--r--    1 0        0             215 Sep 17 10:15 EULA

-r--r--r--    1 0        0           18009 Sep 17 10:15 GPL

dr-xr-xr-x    2 0        0            4096 Sep 17 10:16 LiveOS

dr-xr-xr-x    2 0        0          655360 Sep 17 10:23 Packages

-r--r--r--    1 0        0            1690 Sep 17 10:23 RPM-GPG-KEY-CentOS-7

-r--r--r--    1 0        0            1690 Sep 17 10:23 RPM-GPG-KEY-CentOS-Testing-7

-r--r--r--    1 0        0            2883 Sep 17 10:23 TRANS.TBL

drwxr-xr-x    2 0        0            4096 Sep 17 10:37 centos7

dr-xr-xr-x    3 0        0            4096 Sep 17 10:16 images

dr-xr-xr-x    2 0        0            4096 Sep 17 10:16 isolinux

dr-xr-xr-x    2 0        0            4096 Sep 17 10:23 repodata

226 Directory send OK.

ftp>

20) Record the session of terminal.

You can use “script” command to record your session.

# script -a session1 (Where, “a” is used append the file).

[root@server1 ~]# script -a session1

Script started, file is session1

[root@server1 ~]# free -m

              total        used        free      shared  buff/cache   available

Mem:            993         103         504           6         384         695

Swap:          2047           0        2047

[root@server1 ~]# ps aux | sort -nk +4 | tail

root      3254  0.0  0.4 140772  5060 ?        Ss   16:51   0:01 sshd: root@pts/0

root       502  0.0  0.4  46128  4824 ?        Ss   16:08   0:00 /usr/lib/systemd/systemd-udevd

root       658  0.0  0.4 222116  4148 ?        Ssl  16:09   0:00 /usr/sbin/rsyslogd -n

root       498  0.0  0.5 194664  5812 ?        Ss   16:08   0:00 /usr/sbin/lvmetad -f

root         1  0.0  0.6 125816  6508 ?        Ss   16:08   0:02 /usr/lib/systemd/systemd --switched-root --system --deserialize 21

root       725  0.0  0.7 434632  7908 ?        Ssl  16:09   0:01 /usr/sbin/NetworkManager --no-daemon

polkitd    894  0.0  1.2 523524 12812 ?        Ssl  16:09   0:00 /usr/lib/polkit-1/polkitd --no-debug

root      7939  0.0  1.5 110504 15756 ?        S    17:46   0:00 /sbin/dhclient -d -q -sf /usr/libexec/nm-dhcp-helper -pf /var/run/dhclient-enp0s8.pid -lf /var/lib/NetworkManager/dhclient-d280a381-6718-46db-b168-90856f0d9ecf-enp0s8.lease -cf /var/lib/NetworkManager/dhclient-enp0s8.conf enp0s8

root      1260  0.0  1.6 553060 16300 ?        Ssl  16:09   0:00 /usr/bin/python -Es /usr/sbin/tuned -l -P

root       664  0.0  2.2 323572 23276 ?        Ssl  16:09   0:02 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

[root@server1 ~]# who

root     pts/0        2016-09-23 07:20 (192.168.1.5)

root     pts/1        2016-09-23 17:46

[root@server1 ~]# exit

exit

Script done, file is session1

[root@server1 ~]# ls

anaconda-ks.cfg   linux  linuxnew    log  session1

[root@server1 ~]#

Note: Session record is recored on “session1” file. You can check using “cat session1” command.

Technology Group for Knowledge and Research

Pages

Friday, 30 September 2016

Deny and Allow Any User To Use Cron Job

Allow only three users “nagios”, “gaurav” and “root” to use cron jobs.

Access Control Lists (ACLs) in Linux

Linux Command-line Tricks

Contact Form

Labels