FAQ Updates: April/03/2012

Posted on in Categories Sys admin last updated April 3, 2012

Our FAQ section has been updated. Here are latest howtos:

Make the most of nixCraft FAQ Section

Get intimated about our new howtos / faqs as soon as it is released via RSS feed OR follow us on twitter OR join our 20k+ facebook fans for more tips and news about Linux.

How To Use vi as Default Editor and Viewer in Midnight Commander

Posted on in Categories File system, Howto, Linux, Shell scripting, Tips, UNIX last updated November 3, 2008

Midnight Commander (mc) is an user-friendly text-based file manager UI for Unix. Using mc, you can browse the filesystem easily and manipulate the files and directories quickly. You will not miss the standard command line prompt, which is also available within the mc itself. If you are new to mc, Midnight Commander (mc) Guide: Powerful Text based File Manager for Unix article will give you a quick jumpstart. In this article, let us review how to solve couple of common annoyance about viewing a file in mc.

Interesting stuff – Aug 8, 2008

Posted on in Categories Links, Linux, News last updated August 7, 2008

=> Cisco 7200 Simulator for Linux. If you decided to study for the Cisco certification, this tool may come handy. Howtoforge has detailed tutorial on setting up a Cisco lab on Linux system. Dynagen is a front-end for use with the Dynamips Cisco router emulator. It uses an INI-like configuration file to provision Dynamips emulator networks. It takes care of specifying the right port adapters, generating and matching up those pesky NIO descriptors, specifying bridges, frame-relay, ATM switches, etc. It also provides a management CLI for listing devices, suspending and reloading instances, determining and managing idle-pc values, performing packet captures, etc.

=> You can capture video of all of the amazing things happening on your desktop with one of Linux’s many screencasting applications. These programs are perfect for creating demonstrations for blogs and tutorials, and for illustrating projects with more than just still images.

=> Postfix Daily Quota reportA shell script hack to create daily quota report for a Posfix mail server including file system usage of each e-mail account.

=> The developers of Firefox have unveiled an experimental project, Snowl, designed to gather all your inbound communications, whether they’re in the form of email, RSS, Twitter, or social network updates.

=> IBM has marked its 10 years of participation in Linux and open source with an open source code contribution focused on supercomputing. The software is available immediately from a software repository run by the University of Illinois’s National Center for Supercomputing Applications (NCSA).

=> Regular nixcraft contributed Ramesh has published simple 6 steps to secure home wireless router / network

=> LinuxLeak is a new daily destination for all your Linux and Open Source news headlines, updated every 15 minutes.

Rotate FTP Backup Using a Shell Script

Posted on in Categories Backup, Howto, Linux, RedHat/Fedora Linux, Shell scripting, Tips, Ubuntu Linux, UNIX last updated January 20, 2008

I’ve already written about rotating sftp / ssh backup shell script to remove directories (old backup files). However, a few of our readers would like to know more about removing old backup directories using ftp. As usual, you need accurate date and time on local system and remote backup directory must be in dd-mm-yyyy or mm-dd-yyyy format. For example daily mysql backup should be stored in /mysql/dd-mm-yyyy format.

Sample Shell Script

Here is a simple and dirty shell script to remove old backups ( download link ):

#!/bin/bash
# call ./script.sh 03-2007 - to remove all March-2007 directories in 01-03-2007, 02-03-2007, 31-03-2007 format
# you must have ncftp ftp client installed on BSD / Linux box
BASE="/mysql" # base dir below that dd-mm-yyyy
[ $# -eq 0 ] && exit 1 || :
DELETE="$1"
echo "Getting old directories..."
ncftpls -u 'ftp-user-name' -p 'ftp-password' -x "-t" ftp://ftp.your-server.com${BASE} > /tmp/ftp.out
LIST="$(grep ${DELETE} /tmp/ftp.out)"
echo -n "Starting removal for ${DELETE}..."
for dir in $LIST
do
 rdir="${BASE}/${dir}"
# echo "Processing ${dir}..."
 ncftp -L -u 'ftp-user-name' -p 'ftp-password' ftp.your-server.com <<EOF
 cd $rdir
 rm *
 rmdir $rdir
 quit
EOF
done

Run the script as follows to remove all backup for Dec-2007, enter:
$ ./script.sh 12-2007

Related: Generate backup ftp script using php based wizard

How to: Check the bash shell script is being run by root or not

Posted on in Categories CentOS, Debian Linux, FreeBSD, Linux, RedHat/Fedora Linux, Shell scripting last updated November 12, 2007

Sometime it is necessary to find out if a shell script is being run as root user or not.

When user account created a user ID is assigned to each user. BASH shell stores the user ID in $UID variable. Your effective user ID is stored in $EUID variable. You can

Old way…

You can easily add a simple check at the start of a script:

Check the script is being run by root user

#!/bin/bash
# Init
FILE="/tmp/out.$$"
GREP="/bin/grep"
#....
# Make sure only root can run our script
if [ "$(id -u)" != "0" ]; then
   echo "This script must be run as root" 1>&2
   exit 1
fi
# ...

New way: Using EUID

#!/bin/bash
# Init
FILE="/tmp/out.$$"
GREP="/bin/grep"
#....
# Make sure only root can run our script
if [[ $EUID -ne 0 ]]; then
   echo "This script must be run as root" 1>&2
   exit 1
fi
# ...

Mount /dev/sdb1 only if you are a root

#!/bin/bash
if [[ $EUID -ne 0 ]]; then
  echo "You must be a root user" 2>&1
  exit 1
else
  mount /dev/sdb1 /mnt/disk2
fi

Updated for accuracy and more examples.

Protect Your Network from spamming, scanning, harvesting and dDoS attacks with DROP List

Posted on in Categories Debian Linux, Howto, Iptables, Linux, Networking, RedHat/Fedora Linux, Security, Shell scripting, Suse Linux, Sys admin, Tips, UNIX last updated October 24, 2007

DROP (Don’t Route Or Peer) is an advisory “drop all traffic” list, consisting of stolen ‘zombie’ netblocks and netblocks controlled entirely by professional spammers. DROP is a tiny sub-set of the SBL designed for use by firewalls and routing equipment.

DROP is currently available as a simple text list, but will also be available shortly as BGP with routes of listed IPs announced via an AS# allowing networks to then null those routes as being IPs that they do not wish to route traffic for.

The DROP list will NEVER include any IP space “owned” by any legitimate network and reassigned – even if reassigned to the “spammers from hell”. It will ONLY include IP space totally controlled by spammers or 100% spam hosting operations. These are “direct allocations” from ARIN, RIPE, APNIC, LACNIC, and others to known spammers, and the troubling run of “hijacked zombie” IP blocks that have been snatched away from their original owners (which in most cases are long dead corporations) and are now controlled by spammers or netblock thieves who resell the space to spammers.

When implemented at a network or ISP’s ‘core routers’, DROP will protect all the network’s users from spamming, scanning, harvesting and dDoS attacks originating on rogue netblocks.

Shell script to apply DROP

Here is a shell script, you need to run on Linux based firewall / router / dedicated Linux web / mail server:

#!/bin/bash
FILE="/tmp/drop.lasso"
URL="http://www.spamhaus.org/drop/drop.lasso"
echo ""
echo -n "Applying DROP list to existing firewall..."
[ -f $FILE ] && /bin/rm -f $FILE || :
cd /tmp
wget $URL
blocks=$(cat $FILE  | egrep -v '^;' | awk '{ print $1}')
iptables -N droplist
for ipblock in $blocks
do
 iptables -A droplist -s $ipblock -j LOG --log-prefix "DROP List Block"
 iptables -A droplist -s $ipblock -j DROP
done
iptables -I INPUT -j droplist
iptables -I OUTPUT -j droplist
iptables -I FORWARD -j droplist
echo "...Done"
/bin/rm -f $FILE

Call above script from existing firewall script every 24 hrs to update and block list. Every time it’s run by crontab it will download the list and reapply the changes. You may need to modify above script to delete droplist chain before applying list. Please note that if you are using Cicso routers, use this script for the same purpose. You can also use CISCO ‘null route’ command:

ip route <network> <mask> null0

If you don’t want to play with iptables, null route all bad ips using following route command under Linux syntax:
# route add <IP> gw 127.0.0.1 lo
# route add -net <IP/mask> gw 127.0.0.1 lo

Try this and you will surprise to see how much spam and other bad stuff can be blocked.

SSH: Rotate backup shell script to remove directories (old backup files)

Posted on in Categories Backup, Data recovery, Howto, RedHat/Fedora Linux, Security, Shell scripting, Sys admin, Tips, Ubuntu Linux, UNIX last updated October 9, 2007

Most time you have a limited space on the remote SFTP/ SSH backup server. Here is the script that periodically cleanup old backup files from the server i.e it will remove old directories.

Requirements

Script will automatically calculate date from today’s date. By default it will keep only last 7 days backup on server. You can easily increase / decrease this limit. In order to run script you must meet the following criteria:

  • Remote SSH server with rm command execution permission
  • SSH Keys for password less login (see how to setup RSA / DSA keys for password less login)
  • Accurate date and time on local system (see how to synchronize clock using ntpdate ntp client)
  • Remote backup directory must be in dd-mm-yyyy or mm-dd-yyyy format. For example daily mysql backup should be stored in /mysql/mm-dd-yyyy format.

Sample Script Usage

Run the script as follows:
./rot.backup.sh 7 /mysql "rm -rf"
Where,

  • 7 : Remove last 7 days files
  • /mysql : Base directory to clean up. If todays date is 9/Oct/2007, it will remove last 7 days directory /mysql/02-10-2007, /mysql/01-10-2007, …. /mysql/26-09-2007, /mysql/25-09-2007. It means script will only keep last 7 days backup on remote sftp / ssh server.
  • rm -rf : Command to run on directory structure

Sample Shell Script

Install following script:

#!/bin/bash
if [ "$#" == "0" ];then
  echo "$0 upper-limit path {command}"
  exit 1
fi
### SSH Server setup ###
SSH_USER="vivek"
SSH_SERVER="nas.nixcraft.in"
START=7
DIR_FORMAT="%d-%m-%Y" # DD-MM-YYYY format
#DIR_FORMAT="%m-%d-%Y" #MM-DD-YYYY format
## do not edit below ##
LIMIT=$( expr $START + $1 )

## default CMD ##
CMD="ls"
SSH_PATH="."

[ "$3" != "" ] && CMD="$3" || :
[ "$2" != "" ] && SSH_PATH="$2" || :

DAYS=$(for d in $(seq $START $LIMIT);do date --date="$d days ago" +"${DIR_FORMAT}"; done)
for d in $DAYS
do
  ssh ${SSH_USER}@${SSH_SERVER} ${CMD} ${SSH_PATH}/$d
done

Run above script via cron tab (cronjob):
@daily /path/to/rot.ssh.script 7 "/html" "rm -rf"
@daily /path/to/rot.ssh.script 7 "/mysql" "rm -rf"

Linux / UNIX: Find out if your configuration files / security settings changed or not

Posted on in Categories Howto, Linux, Security, Sys admin, Tips, UNIX last updated September 16, 2007

How do you find out that somebody has accessed your system and changed your configuration or security settings? How do you verify file content? There is no simple answer to these questions. Personally, I use specialized tool such as tripwire and combination of perl / shell script, UNIX command line utilities.

Examine methods of storing and later checking the validity of your configuration files is one of the key task. This article provides some guideline. You will develop a script that you can use to generate information that checks the validity of a file or directory full of files. The recorded information includes the file path, a checksum of the file so that you can compare the file contents, and unique information about the file (inode, permissions, ownership information) so that you can identify differences should they occur:

The typical UNIX administrator has a key range of utilities, tricks, and systems he or she uses regularly to aid in the process of administration. There are key utilities, command-line chains, and scripts that are used to simplify different processes. Some of these tools come with the operating system, but a majority of the tricks come through years of experience and a desire to ease the system administrator’s life. The focus of this series is on getting the most from the available tools across a range of different UNIX environments, including methods of simplifying administration in a heterogeneous environment.

=> Systems Administration Toolkit: Testing system validity