Linux tips

My cheat sheet of linux commands

 

I got myself a Ubuntu linux Server 12.10 with 4GB ram, 3.4TB disk Running  ext3 and  ext4

Find and show zombie process 

# top
OR
# ps aux | awk ‘{ print $8 » » $2 }’ | grep -w Z

 

kill process

pkill <process_app_name>
OR
kill -9 <process_id>

fdisk, df, vol_id and more

# fdisk -l

show disk usages

#df

#vol_id /dev/sda1

#/etc/fstab

 

jfs site:

http://jfs.sourceforge.net/

mkfs.jfs

#sudo adduser <username> group

Adding user <username> to group group…
Done.

#bash:~$ groups
show a list of all groups you ar member of.

.

Following is a iptable firewall and router

you need to edit /etc/sysctl.conf

# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

This is needed to enable ipv4 forwaring

can down load script here

#!/bin/bash
#######################################
# Firewall script using iptables to
# close, open and forward traffic (log)
#######################################

# External (Internet-facing) interface
EXTIF="eth1"

# External IP address (automatically detected)
EXTIP=$(/sbin/ip addr show dev "$EXTIF" | perl -lne 'if(/inet (\S+)/){print$1;last}');

# Internal interface
INTIF="eth0"

# Internal IP address (in CIDR notation)
INTIP="192.168.0.1/32"
#INTIP2=$(/sbin/ip addr show dev "$INTIF" | perl -lne 'if(/inet (\S+)/){print$1;last}');

# Internal network address (in CIDR notation)
INTNET="192.168.0.0/24"

# The address of anything/everything (in CIDR notation)
UNIVERSE="0.0.0.0/0"

# Logging pr seconds and max
LOGLIMIT="2/s"
LOGLIMITBURST="10"

echo "External: [Interface=$EXTIF] [IP=$EXTIP]"
echo "Internal: [Interface=$INTIF] [IP=$INTIP] [Network:$INTNET]"
#echo "Internal: [Interface=$INTIF] [IP=$INTIP2]"
echo
#echo -n "Loading rules..."

###################################################
# only edit blow this line if your
# sure what iptable command does
###################################################

/sbin/iptables-restore <<-EOF;

*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]

###################################################
# INPUT: Incoming traffic from various interfaces #
###################################################

# Loopback interface is valid
-A INPUT -i lo -s $UNIVERSE -d $UNIVERSE -j ACCEPT

# Internal interface is valid
-A INPUT -i $INTIF -j ACCEPT

# Local interface, local machines, going anywhere is valid
-A INPUT -i $INTIF -s $INTNET -d $UNIVERSE -j ACCEPT

# Remote interface, claiming to be local machines, IP spoofing, get lost
-A INPUT -i $EXTIF -s $INTNET -d $UNIVERSE -j REJECT

# External interface, from any source, for ICMP traffic is valid
#-A INPUT -i $EXTIF -p ICMP -s $UNIVERSE -d $EXTIP -j ACCEPT

# Allow any related traffic coming back to the MASQ server in.
-A INPUT -i $EXTIF -s $UNIVERSE -d $EXTIP -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

# Internal interface, DHCP traffic accepted
#-A INPUT -i $INTIF -p tcp --sport 68 --dport 67 -j ACCEPT
#-A INPUT -i $INTIF -p udp --sport 68 --dport 67 -j ACCEPT

# External interface, HTTP/HTTPS traffic allowed
#-A INPUT -i $EXTIF -m conntrack --ctstate NEW,ESTABLISHED,RELATED -p tcp -s $UNIVERSE -d $EXTIP --dport 80 -j ACCEPT
#-A INPUT -i $EXTIF -m conntrack --ctstate NEW,ESTABLISHED,RELATED -p tcp -s $UNIVERSE -d $EXTIP --dport 443 -j ACCEPT

# External interface LOG tcp traffic...
-A INPUT -i $EXTIF -p tcp -m limit --limit $LOGLIMIT --limit-burst $LOGLIMITBURST -j LOG --log-prefix "LOGDROP_TCP: "

# External interface, SSH traffic allowed
-A INPUT -i $EXTIF -m conntrack --ctstate NEW,ESTABLISHED,RELATED -p tcp -s $UNIVERSE -d $EXTIP --dport 2274 -j ACCEPT

# Accept port 1234 to be forwarded (this rule needs to correspond with PREROUTING rules in NAT table)
#-A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 1234 -m conntrack --ctstate NEW,ESTABLISHED,RELATED -j ACCEPT

# Catch-all rule, reject anything else
-A INPUT -s $UNIVERSE -d $UNIVERSE -j REJECT

###########################
# LOGGING - named LOGDROP
###########################
#-N LOGDROP
#-A LOGDROP -p icmp -m limit --limit $LOGLIMIT --limit-burst $LOGLIMITBURST -j LOG --log-prefix "LOGDROP_ICMP: "
#-A LOGDROP -p tcp -m limit --limit $LOGLIMIT --limit-burst $LOGLIMITBURST -j LOG --log-prefix "LOGDROP_TCP: "
#-A LOGDROP -p udp -m limit --limit $LOGLIMIT --limit-burst $LOGLIMITBURST -j LOG --log-prefix "LOGDROP_UDP: "
#-A LOGDROP -f -m limit --limit $LOGLIMIT --limit-burst $LOGLIMITBURST -j LOG --log-prefix "LOGDROP_FRAG: "
#-A LOGDROP -j DROP
# ENABLE LOG
#-A INPUT -p icmp -i $EXTIF -j LOGDROP
#-A INPUT -p tcp -i $EXTIF -j LOGDROP

####################################################
# OUTPUT: Outgoing traffic from various interfaces #
####################################################

# Workaround bug in netfilter
#-A OUTPUT -m conntrack -p icmp --ctstate INVALID -j DROP

# Loopback interface is valid.
-A OUTPUT -o lo -s $UNIVERSE -d $UNIVERSE -j ACCEPT

# Internal interface is valid
-A OUTPUT -o $INTIF -j ACCEPT

# Local interfaces, any source going to local net is valid
-A OUTPUT -o $INTIF -s $EXTIP -d $INTNET -j ACCEPT

# local interface, MASQ server source going to the local net is valid
-A OUTPUT -o $INTIF -s $INTIP -d $INTNET -j ACCEPT

# outgoing to local net on remote interface, stuffed routing, deny
-A OUTPUT -o $EXTIF -s $UNIVERSE -d $INTNET -j REJECT

# anything else outgoing on remote interface is valid
-A OUTPUT -o $EXTIF -s $EXTIP -d $UNIVERSE -j ACCEPT

# Internal interface, DHCP traffic accepted
#-A OUTPUT -o $INTIF -p tcp -s $INTIP --sport 67 -d 255.255.255.255 --dport 68 -j ACCEPT
#-A OUTPUT -o $INTIF -p udp -s $INTIP --sport 67 -d 255.255.255.255 --dport 68 -j ACCEPT

# Catch all rule, all other outgoing is denied and logged.
-A OUTPUT -s $UNIVERSE -d $UNIVERSE -j REJECT

# Accept solicited tcp packets
-A FORWARD -i $EXTIF -o $INTIF -m conntrack --ctstate ESTABLISHED,RELATED  -j ACCEPT

# Allow packets across the internal interface
-A FORWARD -i $INTIF -o $INTIF -j ACCEPT

# Forward packets from the internal network to the Internet
-A FORWARD -i $INTIF -o $EXTIF -j ACCEPT

# Catch-all REJECT rule
-A FORWARD -j REJECT

COMMIT

###########################
# Address translations (only; there is no actual forwarding done here)
###########################
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]

# ----- Begin OPTIONAL FORWARD Section -----

#Optionally forward incoming tcp connections on port 1234 to 192.168.0.100
#-A PREROUTING -p tcp -d $EXTIP --dport 1234 -m conntrack --ctstate NEW,ESTABLISHED,RELATED -j DNAT --to 192.168.0.100:1234

# ----- End OPTIONAL FORWARD Section -----

# IP-Masquerade
-A POSTROUTING -o $EXTIF -j MASQUERADE

COMMIT
EOF

echo " done."

Powered by Apache   Powered by PHP   Powered by MySQL   Valid XHTML 1.0!   Get Firefox now!