Wednesday, 18 May 2016

My Collection of Useful Linux Admin Tricks

The purpose of Theja Cool Solutions is to disseminate information that contributors provide and share what they think is Cool. To continue with this purpose and tradition, I have compiled a list of what I think are Cool Tips and Shortcuts that have greatly improved the efficiency of my life with Linux.
I hope you think they are Cool Solutions too!
Distro Packages:
Ever see a package and wonder what it does or what it’s purpose is? Some package names are very cryptic and without looking them up on the Internet or YaST, you’re kind of left wondering. RPM can tell you on the fly. I’ll give several examples of what we can discover about a particular package.
For our example, we’ll use the package “fam” I know it is a File Alteration Monitor, because I looked it up.
We first need the entire package name. We’ll query the rpm database and grep it.
# rpm -qa | grep fam
fam-2.7.0-9.2
fam-server-2.7.0-9.2
#
We can see there is a server daemon too. We just care about the fam-2.7.0-9.2
To retrieve information about this package we’ll use the rpm –qi parms.
# rpm -qi fam-2.7.0-9.2

Name           :   fam                   Relocations: (not relocatable)
Version        :   2.7.0                 Vendor: SUSE LINUX Products GmbH, Nuernberg, Germany
Release      :    9.2                     Build Date: Fri Jun 16 06:33:35 2006
Install Date:    Tue Mar 17 00:58:38 2009      Build Host: leukozyt.suse.de
Group          :    System/Daemons                Source RPM: fam-2.7.0-9.2.src.rpm
Size              :    78539                            License: Other License(s), see package, LGPL
Signature    :    DSA/SHA1, Fri Jun 16 06:42:18 2006, Key ID a84edae89c800aca
Packager    :    http://bugs.opensuse.org
URL             :    http://oss.sgi.com/projects/fam/
Summary    :   File Alteration Monitoring Daemon
Description :
Fam is a file alteration monitoring service. With it, you can receive
signals when files are created or changed.

This package provides libfam, which is used by KDE and GNOME. It also
provides a tool for the console called fileschanged.

To use fam notifications (it can reduce the network load on NFS
servers, especially if they host user home directories) you need to run
the fam daemon, which can be found in the fam-server package.

Authors:
--------
    Bruce Karsh
    Bob Miller
    SGI corp.

    Author of fileschanged command line tool:
    Ben Asselstine <bda@panix.com>
Distribution: SUSE Linux Enterprise 10 (i586)
#

Discarding All Output

We’ve all seen the string of characters appended to a command, either in a script or in a crontab file.
“>/dev/null 2>&1”
Although a bit cryptic, it means, literally, redirect output to the file /dev/null and fold all errors to the same. Or send all output to a black hole called /dev/null
1 is the file descriptor for STDOUT or Standard Output
2 is the file descriptor for STDERR or Standard Error Output
You can also redirect to a file using the same, but changing the target file.
# ls /var/  >/tmp/listing 2>&1
# cat /tmp/listing 
X11R6
adm
cache
games
lib
lock
log
mail
novell
opt
run
spool
tmp
yp
#

Shutdown and Rebooting

Here are some examples of what you can do with the shutdown command. I don’t show actual examples, because of the nature of the command.
Shutdown the server at a specific time
 # shutdown 8:00
Shutdown the server in 15 mins.
# shutdown +15
Shutdown the server now and reboot it.
# shutdown -r now
Shutdown the server now and halt (power off)
# shutdown -h now
Cancel a shutdown
# shutdown -c
I rarely use shutdown as I have become fond of init 6 and init 0. We are simply changing the runlevel to either 0 (halt) or 6 (restart)
# init 6
This command is equivalent to “shutdown –r now”
# init 0
This one is equivalent to “shutdown –h now”

Adding Local Users

Creating a user through YaST involves a few steps that are a bit time consuming if you have several to add and several servers to add them.
Using useradd can add a single user to a system including password in a second.
 # /usr/sbin/useradd -u 12345 -g users -d /home/user01 -m -c "User Dude - UNIX Administrator -" -s /bin/bash -p '$1$01UBH4p3$sY7PTSrW1rdfQ68E1' user01
-u = uid – If you leave this off, one will be created. Although this is perfectly fine, if you use templates or NFS shares, it might be useful to assign a unique uid to each user. I prefer Employee Numbers. They are always unique and it creates a consistency within your servers. Find what suits your needs and go with it.
-g = default group
-d = Home Directory
-m = Create the Home directory
-c = Comment – Like the name and title of the user. Helpful in determining the user’s role later.
-s = Shell – Which shell will the user use.
-p = Password – Encrypted password hash in single quotes. You can generate one with crypt or if the user is on an existing server, you can copy and paste from the /etc/shadow file.
Finally, “user01” the user’s ID.
I copy these useradd strings and place them in a file that I can encrypt and store securely, so if I have to add them to another box later, I can just copy and paste them on the command line and be done.
Create a default password, like Chang3m3 and crypt it, then copy the hash to this same notepad file for use later.

Password Aging

The password will expire in 90 Days.
# chage -M 90 username
The password never expires
# chage -M 99999 -E 99999 username
Expire the current password. Useful for password resets and new accounts.
# passwd -e username

NIC Information and settings

If you have a physical server, you can use ethtool to view or set certain parameters for your NICs. Speed, Duplex and AutoNegotiate are the common settings.
To view the current settings, just specify the device name.
# ethtool eth0
Settings for eth0:
          Supported ports: [ MII ]
          Supported link modes:   10baseT/Half 10baseT/Full
                                               100baseT/Half 100baseT/Full
                                               1000baseT/Half 1000baseT/Full
          Supports auto-negotiation: Yes
          Advertised link modes:  10baseT/Half 10baseT/Full
                                               100baseT/Half 100baseT/Full
                                               1000baseT/Half 1000baseT/Full
          Advertised auto-negotiation: Yes
                 Speed: 100Mb/s
                 Duplex: Full
                 Port: Twisted Pair
                 PHYAD: 1
                 Transceiver: internal
                 Auto-negotiation: on
                 Supports Wake-on: g
                 Wake-on: d
                 Current message level: 0x000000ff (255)
                 Link detected: yes

#
Normally you do not want auto-negotiation unless it is done on both sides. Auto-negotiation is a protocol. It does NOT automatically determine the configuration of the port on the other side of the Ethernet cable and then match it.
#  ethtool -s eth1 speed 1000 duplex full autoneg off 
#
It should be noted that ethtool doesn’t work on Virtual Machines.

Disk Usage

Wonder which directory is utilizing the most space of a particular partition? Then it’s time to call in the “ducks”.
“df” with the “-h” option only tells us how much space is in use.
# df -h
Filesystem                      Size  Used Avail Use% Mounted on
/dev/mapper/root-root     20G  3.9G   15G  21% /
devtmpfs                       1.8G  112K  1.8G   1% /dev
tmpfs                 1.8G     0  1.8G   0% /dev/shm
/dev/sda1             479M   37M  418M   9% /boot
/dev/mapper/root-opt  9.9G  639M  8.8G   7% /opt
/dev/mapper/root-tmp  9.9G  1.3G  8.1G  14% /tmp
/dev/mapper/root-var   51G  752M   48G   2% /var
 
 #
“du” estimates disk usage. But using “du” by itself is a little hard to read. That’s where the “-cks” makes the output more readable.
-c = display a grand total
-k = block size 1K
-s = summarize
Using /home as an example, here’s the output for “du –cks”
# du -cks
746592  .
746592  total
#
Not too much meaning, One of the parameters for “du” is FILE or what you want to show size. We’ll run the command again with a “*” to show all home directories.
# du -cks *
72        user01
72        user02
14524    user03
72        user04
730472   user05
72        user06
72        user07
72        user08
72        user09
72        user10
72        user11
72        user12
72        user13
746588  total
#
Now we can see that the most space under /home/ belongs to user03 and especially, user05.
But what if you have a lot of subdirectories and all you care about is maybe the top 10?
We’ll add some pipes to show the Top 10.
“sort” can show us the order, since we want the highest to lowest in usage, we want to use the “-r” (reverse) option and we are using numbers, so we also want the “-n” (numeric) option.
Since we only care about the top 10, we’ll pipe all of this output through “head” and specify “-11” to show only the top 10.
Here is our command, “du -cks * |sort -rn |head -11” and the output.
# du -cks * |sort -rn |head -11
746588  total
730472  user05
14524   user03
72      user01
72      user02
72      user04
72      user06
72      user07
72      user08
72      user09
72      user10
#
Now we can quickly zero in on the offender.
A cool trick I learned a few years ago was to put this command string in my .profile file as an Alias and name it “ducks”
alias ducks='du -cks * |sort -rn |head -11'
Now all I have to type is “ducks” at the command prompt and get the same output.

Ports and process

There are times when I have a new server that needs to communicate to another system on a particular port and I’m not sure if the network guys have opened it for me yet. I can use a quick “netcat” command to see if it’s open or not.
We’ll use ports for eDirectory in this example.
# netcat –v –v –z edirserver1.mydomain.net 524
edirserver1.mydomain.net [10.100.100.2] 524 (ncp) open
 sent 0, rcvd 0
#
The parms for this is “-v” (verbose) add a second “-v” (more verbose), “-z” (zero-IO or don’t actually send any data)
If the port is not open, or of the target server is not listening then netcat will timeout with an error. IP addresses can be used also.
To determine what process is hold a port open, use netstat. We’ll use the options, “-l” (listening sockets), “-n” (show only numeric ports, don’t match them to services) and “-p” (what process is using it)
# netstat -lnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name 
tcp 0 0 0.0.0.0:5280 0.0.0.0:* LISTEN 698/perl 
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 217/httpd 
tcp 0 0 10.100.10.2:53 0.0.0.0:* LISTEN 220/named 
tcp 0 0 10.100.10.6:53 0.0.0.0:* LISTEN 220/named 
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 220/named 
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 200/sshd 
udp 0 0 0.0.0.0:32768 0.0.0.0:* 220/named 
udp 0 0 10.100.10.2:53 0.0.0.0:* 220/named 
#
We see the usual stuff, DNS, Web, SSH, but what’s perl using 5280 for? Let’s drill down a bit further and look at PID 698.
# ps auwex |grep -w 698
nocat 698 0.0 2.0 5164 3840 ? S Dec25 0:00 /usr/bin/perl -w ./bin/gateway 
PWD=/usr/local/nocat HOSTNAME=catlin.r
#
I’m using “ps” with the following parms:
a = all
x = non-interactive
u = user information
w = wide format
e = environment bits
We can see from the output that the nocat user is in the /usr/local/nocat/ running bin/gateway, a Perl process that is listening on port 5280.
Conclusion
There are literally thousands of tips and tricks you can use to make life much easier and using Linux more enjoyable, this is but a small collection of items I use on a daily basis.
If you have a cool tip or way of making your world more “cool” then please, comment to this article and share your own favorites. The Coolguys will be glad to add it. Sharing is the whole purpose of this site.
Enjoy!
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)