Saturday, April 24, 2010

How much memory is free?

Display amount of free and used memory in the system

user1@deby:~$ free -m
             total       used     free   shared  buffers   cached
Mem:           377         61      315        0       30       16
-/+ buffers/cache:         14*     362**
Swap:         1105          0     1105
14* - the amount of physical memory the system is using right now
362** - actually free.

File system disk space usage

user1@deby:~$ df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/sda1             327M   89M  222M  29% /
tmpfs                 189M     0  189M   0% /lib/init/rw
udev                   10M  604K  9.5M   6% /dev
tmpfs                 189M     0  189M   0% /dev/shm
/dev/sda9              11G  156M  9.9G   2% /home
/dev/sda8             373M   11M  343M   3% /tmp
/dev/sda5             4.6G  397M  4.0G   9% /usr
/dev/sda6             2.8G  145M  2.5G   6% /var

How to Find Files in Linux

The following command helps you find all files with names that start with test in /home folder:
find /home -name 'test*'
Find all files owned by user1 that are larger than 20MB:
find /home -user user1 -size +20M
Look for a text1 in all files in /etc:
find /etc -exec grep -l text1 {} \;
List txt files starting from current directory with phrase 'find me' inside:
find . -name '*.txt' | xargs grep 'find me'

Vim Settings

You can setup default vim settings for all users in /etc/vim/vimrc.local:
" Enable syntax highlighting
syntax on
filetype plugin indent on

" If using a dark background within the editing area and syntax 
" highlighting turn on this option as well
set background=dark

" Enable mouse usage (all modes) in terminals
set mouse=a 

set t_Co=256
"colorscheme desert256
colorscheme wombat256

set expandtab           " Convert tabs to spaces
set tabstop=4           " Tabs = 4 spaces
set shiftwidth=4        " Indent/outdent 4 spaces

set incsearch           " Do incremental searching
set showmatch           " Show matching brackets

set nobackup
set noswapfile
set number
set termencoding=utf-8
set encoding=utf-8
set fileencodings=utf-8,cp1251
Here is how you can install new color schemes for vim:
deby:~# wget -O /usr/share/vim/vimcurrent/colors/desert256.vim \
http://www.vim.org/scripts/download_script.php?src_id=4055

deby:~# wget -O /usr/share/vim/vimcurrent/colors/wombat256.vim \
http://www.vim.org/scripts/download_script.php?src_id=13397
Once downloaded, open vim and issue the following command to try:
:colorscheme wombat256
If you prefer black background in wombat256:
hi Normal       ctermfg=254     ctermbg=0       cterm=none      guifg=#f6f3e8  guibg=#CCCCCC  gui=none

Working with Vim

It is convenient to make vi alias for vim:
apt-get install vim less
update-alternatives --set vi /usr/bin/vim.basic
update-alternatives --set editor /usr/bin/vim.basic

Commands

i - opens insert mode for editing, inserts text after the current cursor position
esc - returns to command mode
a - opens insert mode for editing, inserts text at the current cursor position
:w - writes changes
:wa - writes all changes
:x or ZZ - writes and quits
:q! or ZQ - quits without saving changes
:xa - writes and quits all windows

Text Manipulation

u - undo
v - enters visual mode to mark a block on which you can use commands
d - deletes the current selection
y - yanks (copies) the current selection
p - paste
gq - reformat paragraph

Moving around

gg - top of the file
G - bottom of the file
/text - search forward
n - next match
N - previous match
?text - search backward
:%s/old/new/g - replace old with new globally

Multi-windowing

^ws - horizontal split
^wv - vertical split*
^wc - close current window
^w up arrow - move cursor up a window
^w_ - maximize current window
^w= - make all equal size

Folding

zo - open
zc - close
* - if some commands for any reason doesn't work for you, most likely you are using vi or somewhat cut version of vim. See vim cheat sheet.

File backups with tar

Creating an Archive File

tar -czf scripts.tgz scripts/ scripts-test/

List the Contents

tar -tzf scripts.tgz
find a file in archive:
tar -tzf scripts.tgz | grep file.txt

Extracting an Archive File

Now that you know how to create an archive file, it’s rather easy to extract it.
tar -xzf scripts.tgz
You might need extract just one file:
tar -xzf scripts.tgz scripts/readme.txt

How much space a directory occupies on your hard disk?

In order to find out exactly how much space is occupied by /var.
deby:~# du -hs /var
105M    /var
You might need to know spread space below /var.
deby:~# du -h --max-depth=1 /var
4.0K    /var/lock
...
4.0K    /var/opt
80K     /var/run
105M    /var

Switching Identity with su

When using su, it is a good idea to use the option - at all times. This option will give you a login shell instead of a subshell. This ensures that you work in the complete environment of the user you are switching to.
user1@deby:~$ su -
Password:
deby:~#
When done you can issue exit that brings you back to original environment.

How to shutdown and reboot without sudo password

First of all you need sudo package.
apt-get install sudo
Modify /etc/sudoers with visudo.
# Cmnd alias specification
Cmnd_Alias SHUTDOWN_CMDS = /sbin/shutdown, /sbin/reboot

# User privilege specification
user1  ALL= NOPASSWD: SHUTDOWN_CMDS
Now user1 is able to restart:
user1@deby:~$ sudo /sbin/reboot

Broadcast message from root@deby (pts/0) (Sat Apr 24 00:06:53 2010):

The system is going down for reboot NOW!
or shutdown the system without sudo password:
user1@deby:~$ sudo /sbin/shutdown -h now

Friday, April 23, 2010

Simple tar backup script

Here is a simple backup script (/usr/local/sbin/backup):
#!/bin/bash
#
# creates backups of essential files
#

BACKUPDIR=/var/backups
KEEPDAYS=7

DATA="/root /home /srv \
/boot/grub/menu.lst \
--exclude=$BACKUPDIR"

CONFIG="/etc /var /usr/local \
--exclude=/var/cache/apt/archives \
--exclude=/var/cache/man \
--exclude=/var/run \
--exclude=/var/tmp \
--exclude=/var/lock \
--exclude=$BACKUPDIR \
--exclude=*.gz"

#
# implementation details
#

DATE=`date +%Y-%m-%d-%H-%M`
COMPUTER=`hostname`

# Remove files older than KEEPDAYS days
find "$BACKUPDIR/" -name $COMPUTER-*.tgz \
-type f -mtime +$KEEPDAYS -delete

# Backup data

BACKUPFILE="$BACKUPDIR/$COMPUTER-data-$DATE.tgz"
tar cfz $BACKUPFILE $DATA \
--ignore-failed-read 2> /dev/null

chmod o-o $BACKUPFILE
chgrp adm $BACKUPFILE

# Backup configs

BACKUPFILE="$BACKUPDIR/$COMPUTER-config-$DATE.tgz"
tar cfz $BACKUPFILE $CONFIG \
--ignore-failed-read 2> /dev/null

chmod o-o $BACKUPFILE
chgrp adm $BACKUPFILE
Run it by cron per schedule (file /usr/local/sbin/cron-backup):
#
# Regular cron jobs for backup
#
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
HOME=/
LOG=/dev/null

# Every day at 21:15
15 21 * * * root test -x /usr/local/sbin/backup && backup >> $LOG
Let cron know about our scheduled backup:
ln -s /usr/local/sbin/cron-backup /etc/cron.d/cron-backup
The backup files are in $BACKUPDIR (/var/backups):
deby:~# ls -lh /var/backups/
total 38M
-rw-r----- 1 root adm   19M 2010-04-23 23:30 deby-config-2010-04-23-23-30.tgz
-rw-r----- 1 root adm  4.3K 2010-04-23 23:30 deby-data-2010-04-23-23-30.tgz
...

What to backup in Linux

Every system should have a backup strategy. It is often not clear what needs to be backed up, and what can be safely ignored. The hierarchies of /var, /etc, and /home are valuable and cannot be restored without a backup. Therefore, these are primary candidates for backups. I have never backed up more than:
/etc, /var, /usr/local, /home, /root and /srv 
This is quite enough to have always been able to restore a broken system or a deleted file when the need arose.

Debian alternatives system

Debian alternatives system allows the administrator to select a default out of a set of programmes that provide the same functionality. To stay with the example of the text editor, Debian systems provide /usr/bin/editor, and every package providing a text editor registers with the alternatives system as a provider of the functionality expected from /usr/bin/editor. Now, other software can rely on /usr/bin/editor to invoke a text editor, but the decision which editor is to be used is placed in the hands of the administrator.
deby01:~# update-alternatives --list editor
/bin/ed
/bin/nano
/usr/bin/vim.tiny
Add VIM to alternatives:
deby01:~# update-alternatives --install /usr/bin/editor editor /usr/bin/vim 20
deby01:~# update-alternatives --config editor

There are 4 alternatives which provide `editor'.

  Selection    Alternative
-----------------------------------------------
          1    /bin/ed
*+        2    /bin/nano
          3    /usr/bin/vim.tiny
          4    /usr/bin/vim

Press enter to keep the default[*], or type selection number: 4
Using '/usr/bin/vim' to provide 'editor'.

deby01:~# readlink /etc/alternatives/editor
/usr/bin/vim
Once these changes have been applied visudo will use vim as your editor.

The Debian package management system

Installing packages

apt-get install package1 package2

Updating database

apt-get update

Reinstalling packages

apt-get install --reinstall package1

Pinning packages

If you need to pin a specific version of the package from being upgraded you can put the following into the /etc/apt/preferences.d/ directory (file libsasl2):
Package: libsasl2-2
Pin: version 2.1.23.dfsg1-8
Pin-Priority: 1001

Searching database

The arguments to apt-cache search are regular expressions themselves, and if more than one argument is specified, all of them have to match for a package to be included in the output.
apt-cache search packge1
apt-cache show packge1

Inquiring about package dependencies

Depends:
apt-cache depends packge1
Reverse Depends:
apt-cache rdepends packge1

Deinstalling and purging packages

To remove a package’s configuration files as well, specify the --purge option.
apt-get remove package1
apt-get remove --purge package1

Upgrading a stable system

Executing this update/upgrade sequence on a regular basis will keep the system running smoothly and securely.
apt-get update
apt-get --show-ugraded upgrade

Upgrading to a new Debian release

When it is time to upgrade the entire system.
apt-get --show-upgraded dist-upgrade
With apt-get dist-upgrade, APT can pull in new packages and even remove packages that have been obsoleted.

Housekeeping

APT keeps its packages in a local cache (unless the file or cdrom acquisition method is used). Over time, the cache directory can fill up and consume vast amounts of space, especially on systems tracking testing or unstable. APT does not manage the contents of its cache directory /var/cache/apt/archives automatically. Instead, apt-get provides two methods to erase files in the cache. The first cleanup method checks each file in the cache and erases it only if it is not available on the mirrors anymore.
apt-get autoclean
The following removes all DEB files regardless of their availability on the mirror or not.
apt-get clean

Resolving problems

Let APT handle the inconsistency automatically:
apt-get --fix-broken install

cron-apt

The cron-apt tool is designed to be invoked by cron to perform routine APT operations. It uses several directories below /etc/cron-apt for its configuration.
# Every night at 4 o'clock.
0 4 * * * root test -x /usr/sbin/cron-apt && /usr/sbin/cron-apt
Out of the box, the tool comes to life at a random moment between 4 and 5 o’clock (you can adjust schedule in /etc/cron.d/cron-apt) to update its cache and download all upgraded packages without installing them (using the --download-only option to apt-get).
apt-get install cron-apt
I highly discourage the use of cron-apt to upgrade packages from the main Debian archive.

Thursday, April 22, 2010

Strong password generator

Here is a random password generator (put in your ~/.bashrc):
genpasswd() {
  local l=$1
  [ "$l" == "" ] && l=20
  tr -dc A-Za-z0-9_ < /dev/urandom | head -c ${l} | xargs
}
Run it:
genpasswd 8
Here is output:
Kh5FwyTi
See original article here (item #10).

Debian Packages

Debian provides makepasswd, apg and pwgen packages which provide programs (the name is the same as the package) that can be used for this purpose. Makepasswd will generate true random passwords with an emphasis on security over pronounceability while pwgen will try to make meaningless but pronounceable passwords.
deby01:~$ apg -m 14 -x 14 -M SNCl
dob4IpOfvosOp@
TrinVop
9twagNobryiph/
cewd4om\queOph

deby01:~$ makepasswd --chars 14
w7RWMqKxjMGgfV

deby01:~$ pwgen
Aezoo3ae doo1Phoe jac6eTai die4zeaG 
Tu1nee7P JioPh4wu the8Luub xeiNga3K 
...

Display log message to console with rsyslog

I like to have messages displayed on the console. All you have to do is edit you /etc/rsyslog.conf and add the following:
daemon,mail.*;\
        news.=crit;news.=err;news.=notice;\
        *.=debug;*.=info;\
        *.=notice;*.=warn       /dev/tty8
Restart rsyslogd to get your changes and activate tty8:
/etc/init.d/rsyslog restart
So now once you switch to console #8 (Alt+F8) you will see recent log messages.

How to renew / release DHCP client in Linux

Renew:
sudo dhclient
Release:
sudo dhclient -r

Wednesday, April 21, 2010

Clear console screen before logon prompt

The easiest way of clearing screen before logon (or after logout) is to put a "clear" escape sequence into /etc/issue. The following command add it to the end of the file.
clear >> /etc/issue
Now use your favorite editor (vim) and ensure that ^[[H^[[2J is at the beginning. Here is an example:
^[[H^[[2JDebian GNU/Linux 5.0 \n \l

Read more about this here.

Python 2.6 on Debian

Debian 5.0 comes with Python 2.5 since there is no newer version available in stable repository yet. So the question becomes how you can install a newer Python on your box. Usual way is to update from sid repository and install python version you need... but it doesn't work that way, unfortunately. You will see the following error:
pycentral rtinstall: installed runtime python2.6 not found
The only way to get rid of this error is by removing older version of python (please note that updating python 2.5 to latest version will not work).
  1. apt-get remove python2.5-minimal python2.5
  2. rm -Rf /usr/bin/python /usr/bin/python2.5 /usr/lib/python2.4 /usr/lib/python2.5 /etc/python2.5
  3. add sid repository, e.g. deb http://ftp.us.debian.org/debian/ sid main, to /etc/apt/sources.list
  4. apt-get -y update
  5. apt-get -y install python python-setuptools python-virtualenv
  6. comment out sid repository in /etc/apt/sources.list
  7. apt-get -y update
  8. ln -s /usr/bin/python2.6 /usr/bin/python
  9. python --version
That's it.

Tuesday, April 20, 2010

Make use of SSH

Secure Shell or SSH is a network protocol that allows data to be exchanged over a secure channel between two computers. SSH is typically used to log into a remote machine and execute commands, but it also supports tunneling, forwarding arbitrary TCP ports; file transfer can be accomplished using the associated SFTP or SCP protocols.

Install

Here is how to install it (Debian):
apt-get install ssh

Client

The ssh client configuration is in /etc/ssh/ssh_config. It recommended to change 'Protocol' line to (Only Protocol 2 will be used, since Protocol 1 is considered insecure):
Protocol 2
I would recommend you PuTTY Tray if you are connecting from Windows. You can also download sample registry sessions here.

Server

The SSH daemon configuration file can be found in /etc/ssh/sshd_config.
Disable SSH connections on ipv6:
#AddressFamily any # default
AddressFamily inet # IPv4 only
#AddressFamily inet6 # IPv6 only
To allow access only for some users add this line:
AllowUsers userA userB
However consider manage this at user group level:
AllowGroups sshusers
It is recommended prohibit root login:
PermitRootLogin no
Configure idle log out timeout interval (in seconds):
# Sets a timeout interval in seconds after which if no data has
# been received from the client, sshd will send a message through
# the encrypted channel to request a response from the client.  The
# default is 0, indicating that these messages will not be sent to
# the client.
ClientAliveInterval 300

# Sets the   number of client alive messages (see above) which may be sent
# without sshd receiving any messages back from the client.  If this
# threshold is reached while client alive messages are being sent, sshd
# will disconnect the client, terminating the session.
ClientAliveCountMax 0

Secure Server

To let other people ssh to your machine you need to adjust /etc/hosts.allow:
# let everyone connect to you
sshd: ALL
# OR you can restrict it to a certain ip
sshd: 192.168.0.1
# OR restrict for an IP range
sshd: 10.0.0.0/255.255.255.0
# OR restrict for an IP match
sshd: 192.168.1.
So with allowed rules we need prohibit everyone else /etc/hosts.deny:
ALL: ALL: DENY
Restart sshd deamon (Debian):
/etc/init.d/ssh restart
That's it. You can read more about ssh here. Best practices securing ssh are here.