UnixSnips

From Custard
Jump to: navigation, search

Unix Snippets

Contents


SSH: Set up socks proxy using openssh

On your localhost..

ssh -D 10080 you@host-to-proxy-through

Then point your browsers socks config at localhost:10080

OSX: Lovely network parameters

sudo sysctl -w kern.ipc.somaxconn=2048
sudo sysctl -w net.inet.tcp.rfc1323=1
sudo sysctl -w net.inet.tcp.win_scale_factor=4
sudo sysctl -w net.inet.tcp.sendspace=1042560
sudo sysctl -w net.inet.tcp.recvspace=1042560
sudo sysctl -w net.inet.tcp.mssdflt=1448
sudo sysctl -w net.inet.tcp.v6mssdflt=1412
sudo sysctl -w net.inet.tcp.msl=15000
sudo sysctl -w net.inet.tcp.always_keepalive=0
sudo sysctl -w net.inet.tcp.delayed_ack=3
sudo sysctl -w net.inet.tcp.slowstart_flightsize=20
sudo sysctl -w net.inet.tcp.local_slowstart_flightsize=9
sudo sysctl -w net.inet.tcp.blackhole=2
sudo sysctl -w net.inet.udp.blackhole=1
sudo sysctl -w net.inet.icmp.icmplim=50

or in /etc/sysctl.conf

kern.ipc.maxsockbuf=4194304
kern.ipc.somaxconn=2048
kern.ipc.nmbclusters=2048
net.inet.tcp.rfc1323=1
net.inet.tcp.win_scale_factor=4
net.inet.tcp.sockthreshold=16
net.inet.tcp.sendspace=1042560
net.inet.tcp.recvspace=1042560
net.inet.tcp.mssdflt=1448
net.inet.tcp.v6mssdflt=1428
net.inet.tcp.msl=15000
net.inet.tcp.always_keepalive=0
net.inet.tcp.delayed_ack=3
net.inet.tcp.slowstart_flightsize=20
net.inet.tcp.local_slowstart_flightsize=20
net.inet.tcp.blackhole=2
net.inet.udp.blackhole=1
net.inet.icmp.icmplim=50

Centos: Yum install to different directory

  • sudo yum --installroot=/opt/linux/ install bash

Debian: Listing manually install packages

(zcat $( ls -tr /var/log/apt/history.log*.gz ) ; cat /var/log/apt/history.log ) | egrep '^(Start-Date:|Commandline:)' | grep -v aptdaemon | egrep '^Commandline:'


OSX: Update DNS with scutil

OSX >10.3 (check!) doesn't use resolv.conf etc for network config. It now uses configd and scutil to store the config. configd will generate resolv.conf from the internal config for applications that need it.

scutil --dns

octopus:projects jamesb$ scutil --dns
DNS configuration

resolver #1
  search domain[0] : pomegranate.ltd.uk
  nameserver[0] : 192.168.1.250
  nameserver[1] : 192.168.1.254

resolver #2
  domain   : local
  options  : mdns
  timeout  : 5
  order    : 300000

resolver #3
  domain   : 254.169.in-addr.arpa
  options  : mdns
  timeout  : 5
  order    : 300200

resolver #4
  domain   : 8.e.f.ip6.arpa
  options  : mdns
  timeout  : 5
  order    : 300400

resolver #5
  domain   : 9.e.f.ip6.arpa
  options  : mdns
  timeout  : 5
  order    : 300600

resolver #6
  domain   : a.e.f.ip6.arpa
  options  : mdns
  timeout  : 5
  order    : 300800

resolver #7
  domain   : b.e.f.ip6.arpa
  options  : mdns
  timeout  : 5
  order    : 301000

DNS configuration (for scoped queries)

resolver #1
  search domain[0] : pomegranate.ltd.uk
  nameserver[0] : 192.168.1.250
  nameserver[1] : 192.168.1.254
  if_index : 4 (en0)
  flags    : Scoped


scutil list

octopus:projects jamesb$ scutil
> help

Available commands:

 help                          : list available commands
 f.read file                   : process commands from file
 quit                          : quit

 d.init                        : initialize (empty) dictionary
 d.show                        : show dictionary contents
 d.add key [*#?] val [v2 ...]  : add information to dictionary
       (*=array, #=number, ?=boolean)
 d.remove key                  : remove key from dictionary
 notify key                    : notify key in data store

 n.list ["pattern"]            : list notification keys
 n.add key ["pattern"]         : add notification key
 n.remove key ["pattern"]      : remove notification key
 n.changes                     : list changed keys
 n.watch                       : watch for changes
 n.cancel                      : cancel notification requests

> list .*DNS
  subKey [0] = Setup:/Network/Service/36BB46C3-B300-4BD2-B04E-0E4C81E31D6A/DNS
  subKey [1] = State:/Network/Global/DNS
  subKey [2] = State:/Network/MulticastDNS
  subKey [3] = State:/Network/PrivateDNS
  subKey [4] = State:/Network/Service/36BB46C3-B300-4BD2-B04E-0E4C81E31D6A/DNS

> quit

scutil get/set

octopus:projects jamesb$ scutil
> get  Setup:/Network/Service/36BB46C3-B300-4BD2-B04E-0E4C81E31D6A/DNS
> d.show
<dictionary> {
  SearchDomains : <array> {
    0 : pomegranate.net
  }
  ServerAddresses : <array> {
    0 : 192.168.1.254
  }
}
> open
> d.init
> d.add ServerAddresses * 192.168.1.250 192.168.1.254
> d.add DomainName pomegranate.ltd.uk
> set Setup:/Network/Service/36BB46C3-B300-4BD2-B04E-0E4C81E31D6A/DNS
> d.show
<dictionary> {
  DomainName : pomegranate.ltd.uk
  ServerAddresses : <array> {
    0 : 192.168.1.250
    1 : 192.168.1.254
  }
}
> quit


Encrypt / Decrypt a file using openssl

  • openssl des3 -in poop > poop.des
  • openssl des3 -d -in poop.des

Debian: Adding init script at startup

  • update-rc.d <initscript> defaults
  • update-rc.d -f <initscript> remove

Debian & Ubuntu: Find version

  • lsb_release -a
root@eschaton:/# lsb_release -a
No LSB modules are available.
Distributor ID:	Debian
Description:	Debian GNU/Linux 6.0.5 (squeeze)
Release:	6.0.5
Codename:	squeeze

Debian: VLANs

  • lsmod | grep 8021q
  • modprobe 8021q
  • apt-get install vlan

/etc/network/interfaces

auto vlan42
iface vlan42 inet static
  address 192.168.1.1
  netmask 255.255.255.0
  vlan-raw-device eth0

Or..

auto eth0.42
iface eth0.42 inet static
  address 192.168.1.1
  netmask 255.255.255.0

Adding a bridge..

auto br42
iface br42 inet static
	address 192.168.1.2
	netmask 255.255.255.0
	gateway 192.168.1.1
	bridge_ports eth0.42
	bridge_maxwait 5
	bridge_fd 1
	bridge_stp on

Debian: Sudo

  • adduser <user> sudo # Add user to the sudoers group. (logout & back in to take effect)

Solaris: LDOMs

Logical Domains

  • /opt/SUNWldm/bin/ldm list # Name State Flags Cons VCPU Memory Util Uptime
  • ldm add-vds primary-vds0 primary # Add virtual disks
  • ldm add-vcc port-range=5000-5100 primary-vcc0 primary # Add Virtual Console Concentrator
  • ldm add-vsw net-dev=e1000g0 primary-vsw0 primary # Create virtual switch server
  • ldm list-services primary

Create Control Domain

  • ldm set-mau 0 primary
  • ldm set-vcpu 2 primary
  • ldm set-memory 1024M primary
  • ldm list-spconfig # Set Permanent
  • ldm list-spconfig

OSX: Setting up VLANs

Tagging an ethernet port with a vlan tag (802.1Q) on Mac OSX (Lion)

Octopus:~ jamesb$ sudo ifconfig vlan42 create
Octopus:~ jamesb$ sudo ifconfig vlan42 vlan 42 vlandev en0

Thanks to: http://tech.lazyllama.com/2006/04/07/setting-up-an-os-x-client-to-use-a-trunked-vlan/

Fetchmail with Gmail

Check certificates are installed

 
openssl s_client -connect pop.gmail.com:995 -showcerts

Create a Google Application Password

Use the generated password for fetchmail config below.

install & start sendmail

  • emerge sendmail
  • sudo sendmail -bd -q0m

install fetchmail

  • emerge fetchmail

configure fetchmail

~/.fetchmailrc

# set username
set postmaster "MyUser"
# set polling time (5 minutes)
set daemon 600

poll pop.gmail.com with proto POP3
   user 'your.email@gmail.com' there with password 'MyPassword' is MyUser here options ssl

Test fetchmail

  • fetchmail -d0 -vk pop.gmail.com


See also

dtrace

eg. Logging fileaccess

fileaccess.dtrace

syscall::open*:entry
{
   printf("%s %s", execname, copyinstr(arg0));
}
sudo dtrace -s fileaccess.dtrace

UFW

tcpdump

  • Dump Ascii packets from eth5 but not port SSH (Avoids ssh generating more traffic if running over ssh)
    • tcpdump -i eth5 -A 'not port 22'
  • Dump Ascii HTTP packets from port 80
    • tcpdump -A -i eth0 'tcp port 80 and not port 22'
  • All HTTP Data packets on port 80, not SYN, FIN & ACK only packets.
    • tcpdump 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
    • tcpdump -v -X -s512 -i eth0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'


ssh over http proxy using corkscrew

  • get corkscrew from macports
  • configure .ssh/config

~/.ssh/config

Host pomegranate.ltd.uk
	ProxyCommand /opt/local/bin/corkscrew www.proxy.co.uk 80 %h %p

ssh over Socks using connect

OSX: Download & compile connect.c

gcc connect.c -o connect -lresolv
mv connect ~/bin

Create/update ssh config

~/.ssh/config

octopus$ cat ~/.ssh/config 
Host external.host.co.uk
	ProxyCommand ~/bin/connect -d -a none -S myusername@mysocks.proxy.co.uk:1085 %h %p

OSX: NFS mount a linux server from Mac OSX (Leopard)

You need to use -P to tell mount_nfs to use ports under 1024.

octopus:~ jamesb$ sudo mount -o -P eschaton:/home/jamesb/tmp /private/mnt
Password:
octopus:~ jamesb$ ls -al /private/mnt/

Solaris: Display stack trace of process or core dump

/usr/bin/pstack [-F] [pid || core] -F Force control of target process.

See also: pflags, pcred, pldd, psig, pfiles, pwdx, pstop, prun, pwait, ptree, ptime

Solaris: Checking or setting Tcp/Ip settings

/usr/sbin/ndd /dev/tcp \?

eg. Turn off ip forwarding...

/usr/sbin/ndd -set /dev/ip ip_forwarding 0

Solaris: Trace system service calls in a process.

truss command || -p pid

Solaris (10): Configuring a Solaris10 Service in SMF.

Using Bind9 as an example:

Disable the service svcadm -v disable svc:/network/dns/server:bind9

Optionally edit the manifest file

vi /var/svc/manifest/network/dns/bind9-serve.xml

Import the manifest svccfg svc:> import /var/svc/manifest/network/dns/bind9-server.xml svc:> end

Check and Edit the service properties svccfg svc:> select svc:/network/dns/server:bind9 svc:/network/dns/server:bind9> listprop svc:/network/dns/server:bind9> setprop start/exec="/usr/local/sbin/named" svc:/network/dns/server:bind9> end

Enable the service svcadm -v enable svc:/network/dns/server:bind9

Check the service state svcs bind

Clearing maintenance flag if present svcadm -v clear svc:/network/dns/server:bind9 svcadm -v enable svc:/network/dns/server:bind9


Solaris: Configuring NFS

Edit /etc/dfs/dfstab

This file must have entries for NFS to be started by the command

/etc/init.d/nfs.server start

..which is also run at startup (See rc2.d dir.)

The command dfshares will display current file system shares, and is a good way of checking NFS is running as well.

Unix: Backspace key misbehaving?

stty erase ^?

The best way to get this right is to type the stty erase bit, and then press the backspace key to get it's symbol.

Unix X:Fed up with the system beeping in X

xset b off

Sets the bell off in the current xterm.

Solaris: (128)Network is unreachable: connect to listener

Apache 2, Solaris 8 and IPv6:

If you're getting the above message in your apache2 error logs, then it's because Apache was compiled with IPv6 support.

There are two ways to solve this: either disable ipv6 when compiling apache using the --disable-ipv6 directive.

Or: Add the following to /etc/hosts

# For IPv6 - Fixes the (128)Network is unreachable: connect to 
# listener 'bug' in Apache2
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

In Solaris 8 you might also have to enable ipv6. This is accomplished by:

touch /etc/hostname6.hme0 reboot

Substitute hme0 with your network adapter name.

The errors in the apache log are caused by apache trying to start a listener on a localhost port. Adding the loopback addresses to /etc/hosts should sort it out.

Unix: CPIO

Creating a cpio archive

find <DIRECTORY> -print || cpio -ocv > <ARCHIVE FILE>

<ARCHIVE FILE> can be a device node, eg. /dev/rdiskette

Extracting an archive

cpio -icdumv < <FILE>

will extract files using small blocks, and produce lots of output on the screen, and takes input from STDIN, or

cpio -iduBI <FILE>

will extract files using large blocks, extracting from filename supplied.

Tricks

Copying a directory structure with permissions intact

find srcdir -print || cpio -oc || ( cd destdir; cpio -icdum )

Solaris: Reconfiguring Solaris after network card change

This note was prompted after one of our IT people changed the network card from an SMC to a 3Com because he couldn't get the SMC to work with DOS (The machine has DOS & Solaris in a dual boot configuration).

Normally after changing the hardware you should either use the 'touch /reconfigure' method, which places an empty file in the root directory, or when asked after rebooting use the b -r options. This causes Solaris to check all the hardware configurations and remake the /devices and /dev directories with the new settings. However if the network card has been changed it is necessary to take a further step.

In the /etc directory there will be (for an SMC card for example) a file called hostname.smc0. This file 'ties' the hostname contained within the file to the network card specified by the extension.

If the card is changed, an extension corresponding to the new card must be used. In my case it was elx0 for the 3com. The name can be found by looking in the /devices directory for an entry for the card.

Solaris (5.6, x86?): Using Serial ports

To enable the second serial port. (Usually disabled) Edit /kernel/drv/asy.conf and uncomment the line referring to the serial port(s) to be enabled

To set up a terminal for BBS or other use. Run XTerm, set its terminal type (set TERM=vt100). Run tip, supplying the baud rate and port.

Xterm -tn vt100 -e tip /dev/cua/a -9600

Unix: TAR

tar -cv fred/* -f fred.tar

Where fred/* is the directory containing files to be tarred, and fred.tar is the resulting archive.

Extracting a tar archive

Change to the directory under which the files are to be extracted, and type -

tar -xvf fred.tar

Under Linux you can uncompress the file at the same time by using the z option as in -

tar -zxvf fred.tar.Z

Solaris: Creating index for 'whatis'

/usr/lib/makewhatis <man page directory>

Example.

/usr/lib/makewhatis /usr/share/man

Unix: Setting up a DNS Client

Edit or create /etc/resolv.conf, adding the following lines substituting your own details :-

search mydomain.co.uk co.uk

nameserver 192.168.1.250

Check DNS is working by running nslookup. It should find the server, and

nb. On Solaris, there is a file /etc/nsswitch.conf which you will need to edit and set the hosts lookups to include DNS.

allow you to lookup hostnames.


Solaris: NIS+ Client Setup

/usr/lib/nis/nisclient -i -h <NISSERVER> -a <IP ADDRESS> -d <DOMAIN NAME>

Example:

/usr/lib/nis/nisclient -i -h odyssey -a 192.168.1.252 -d dmv.co.uk

Personal tools