Linux Tips and Tricks

Linux Tips and Tricks

This post is to summarize some interesting but special usage which is out of normal linux commands. For basic Linux commands, you can find it from my previous post. 

Check Your Public IP Address from CLI

Following commands can show you what the public ip address is for your linux machine if it can connect to Internet.

• curl -s checkip.dyndns.org|sed -e 's/.*Current IP Address: //' -e 's/<.*$//'
• curl icanhazip.com
• telnet www.checkmyip.com 80 | grep confidence | grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}'
• wget -O - -q icanhazip.com
• wget http://ipinfo.io/ip -qO -
• curl ifconfig.me

Keep Terminal Running in background (Screen)

• Install screen (Depends on the Linux Distribution if it came pre installed or not) : yum install screen
• Initiate a Screen : screen or  screen -S <screen name> <command to execute>
• Detach from the screen : "CTRL+A,D" not "CTRL+A+D"
• List all the screen currently working : screen -ls
• Reattach to a screen : screen  -r  <session number> or screen -r <screen name>
• Kill specific screen: screen -X -S <screen name> quit
• Kill all screens : pkill screen

Build SSH Trust Relationship Between Linux Machines

Become root:

sudo su - 

Change to user nsm:
su nsm 

Go to the /home/nsm directory:
cd /home/nsm 

Create the keys: (Path should be /home/nsm/.ssh/id_rsa. Leave the passphrase blank.)
ssh-keygen -t rsa

Secure copy the public key to the other server as the admin user: (use admin password)
scp /home/nsm/.ssh/id_rsa.pub admin@<ipAddressOfOtherServer>:/home/admin/authorized_keys

• or Go to the remote server. The command below will add the key that is in temp1 file to the end of the authorized_keys file.

cat temp1 >> authorized_keys

• Repeat steps 2-6 on  deviceB.   On deviceB, become root: (from user nsm, exit to root). Move the authorized_keys file that was copied to admin into nsm/.ssh:

mv /home/admin/authorized_keys /home/nsm/.ssh/authorized_keys

• Change ownership of authorized_keys: 

chown nsm:nsm /home/nsm/.ssh/authorized_keys

• At this point, you will be able to SSH between both servers without it asking for a password.

ssh [email protected]

Find Big Files in Linux File System

• find . -type f -size +10000 -exec ls -lh {} \; 
• find . -type f -size +50000k -exec ls -lh {} \; | awk '{ print $9 ": " $5 }'
• Find large files (>10M) in current folder
• find . -type f -size +10000k 

a. Juniper Firewall  

Sample output:

root@FW% find . -type f -size +10000 -exec ls -lh {} \; 
-rw-r--r--  1 930  929   134M Jan  5 17:34 ./cf/packages/junos-11.4R6.6-domestic
-rw-r--r--  1 root  wheel   139M Sep  8  2011 ./cf/var/log/junos-srxsme-11.2R2.4-domestic.tgz
-rw-r-----  1 root  wheel   4.9M Feb 11 17:12 ./cf/var/db/idpd/db/secdb_02.db
-rw-r-----  1 root  wheel   6.7M Feb 11 17:13 ./cf/var/db/idpd/db/secdb_03.db
-rw-r-----  1 root  wheel    64M Feb 11 17:13 ./cf/var/db/idpd/db/secdb_06.db
-rwxr-xr-x  1 admin  20    24M May 23 08:38 ./cf/var/db/idpd/nsm-download/SignatureUpdate.xml
.....

b. Checkpoint Firewall gateway:

[Expert@CP]# find . -type f -size +50000k -exec ls -lh {} \; | awk '{ print $9 ": " $5 }'
./sysimg/CPwrapper/linux/CPEndpointSecurity/EndpointSecurityServer.bin: 145M
./sysimg/CPwrapper/linux/windows/SmartConsole.exe: 194M
./sysimg/CPwrapper/linux/CPrt/CPrt-R75.40-00.i386.rpm: 53M
./sysimg/CPwrapper/linux/CPportal/CPportal-R75.40-00.i386.rpm: 59M
./var/log/db: 336M
....

Clean all Linux History 

Following commands can clean most of your history trails in your linux system.  Please let me know if you found there is anything missing.  I will add the command in.

echo > /var/log/wtmp
echo > /var/log/btmp
echo >/var/log/lastlog
echo > /var/log/secure
echo > /var/log/messages
echo >/var/log/syslog
echo >/var/log/xferlog
echo >/var/log/auth.log
echo >/var/log/user.log
cat /dev/null > /var/adm/sylog
cat /dev/null > /var/log/maillog
cat /dev/null > /var/log/openwebmail.log
cat /dev/null > /var/log/mail.info
echo >/var/run/utmp
echo > ~/.bash_history
history -c
echo > .bash_history
history -cw

Use ssh key to encrypt / decrypt files

Create a file:
echo ‘This is a sekret’ >/tmp/msg.txt

Export public key:
openssl rsa -in ~/private.pem -out /tmp/public.pub -outform PEM -pubout

Encrypt file with public key (anyone can have this key):
openssl rsautl -encrypt -inkey /tmp/public.pub -pubin -in /tmp/msg.txt -out /tmp/file.enc

Decrypt the file with private key (only you should have the private key):
openssl rsautl -decrypt -inkey ~/private.pem -in /tmp/file.enc -out /tmp/decrypted.txt

Check decoded message:
cat /tmp/decrypted.txt

AWS Amazon Linux Instance Commands

sudo yum update -y
sudo yum install -y httpd24 php70 mysql56-server php70-mysqlnd
sudo service httpd star


sudo chkconfig httpd on
chkconfig --list httpd
curl http://localhost

sudo usermod -a -G apache ec2-user
groups
sudo chown -R ec2-user:apache /var/www
sudo chmod 2775 /var/www
find /var/www -type d -exec sudo chmod 2775 {} \;
find /var/www -type f -exec sudo chmod 0664 {} \;
echo "<?php phpinfo(); ?>" > /var/www/html/phpinfo.php
sudo yum list installed httpd24 php70 mysql56-server php70-mysqlnd
sudo service mysqld start
sudo chkconfig mysqld on
sudo service httpd restart

via Blogger https://ift.tt/3aFVIIp
February 07, 2021 at 10:28AM Linux