Linux Commands

/home/israel/LinuxCommands

Task: How to halt/stop user called didi

Type the skill command as follows:
# skill -STOP -u didi

You muse be root to stop other users.
Task: How to resume already halted user called didi

Send CONT single to user didi, type the following command:
# skill -CONT -u didi
Task: How to kill and logout user called didi

You can send KILL single, type the following command:
# skill -KILL -u didi
Task: Kill and logout all users

The ultimate command to kill and logout all users, type the following command:
# skill -KILL -v /dev/pts/*  

Shell Stuff

ls -al /var/spool/mail | awk '{print "User: "$3 "Space: "$5 "Date: "$6}' | sort
ls -l | sort -n -k 5 | sort -n -k 6
awk '{ printf $NF;$NF = "" ;printf " "$0"\n" }' | sort

# Renaming within the name:
ls -1 *old* | awk '{print "mv "$1" "$1}' | sed s/old/new/2 | sh
(although in some cases it will fail, as in file_old_and_old)

# remove only files:
ls -l * | grep -v drwx | awk '{print "rm "$9}' | sh
or with awk alone:
ls -l|awk '$1!~/^drwx/{print $9}'|xargs rm
Be careful when trying this out in your home directory. We remove files!

# remove only directories
ls -l | grep '^d' | awk '{print "rm -r "$9}' | sh
or
ls -p | grep /$ | wk '{print "rm -r "$1}'
or with awk alone:
ls -l|awk '$1~/^d.*x/{print $9}'|xargs rm -r
Be careful when trying this out in your home directory. We remove things!

# killing processes by name (in this example we kill the process called netscape):
kill `ps auxww | grep netscape | egrep -v grep | awk '{print $2}'`
or with awk alone:
ps auxww | awk '$0~/netscape/&&$0!~/awk/{print $2}' |xargs kill
It has to be adjusted to fit the ps command on whatever unix system you are on. Basically it is: "If the process is called netscape and it is not called 'grep netscape' (or awk) then print the pid"

Using SSH is great for remote access, and using SCP or SFTP is better than using plain-old FTP. However, for the most part, if you grant SFTP and SCP access to your server, you're granting SSH access as well, which means that a person can log into and execute commands on your system. Even if you limit access to only SFTP, the user will have full access to the entire system.

This can be changed using a program called restricted SSH (RSSH), which can be downloaded from pizzashack.org or installed on your Linux system from your vendor's package repositories, if they provide it. Using RSSH, you can not only restrict the user to using SCP and SFTP (and programs that use SSH as a transport, such as rsync and cvs), but you can also chroot the user to a directory to prevent them from traversing your entire filesystem.

Creating chroots is often the tricky part, so the below bash script (mkchroot) can be used to create the initial chroot.

#!/bin/sh
chroot="${1}"

if [ "${chroot}" == "" ]; then
    echo "FATAL: I need a location to create the chroot!"
    exit 1
fi

if [ -e ${chroot} ]; then
    echo "FATAL: ${chroot} already exists!"
    exit 1
fi

mkdir -p ${chroot}/{usr/bin,lib,usr/lib/ssh,dev,etc}

for bin in /usr/bin/scp /usr/bin/rssh /usr/lib/rssh_chroot_helper
  /usr/lib/ssh/sftp-server;
do
    cp ${bin} ${chroot}${bin}
    for lib in `ldd ${bin} | awk '{print $3}'`;
    do
        if [ -f ${lib} ]; then
            cp ${lib} ${chroot}/${lib}
        fi
    done
done

cp /lib/ld-linux.so.2 ${chroot}/lib/
cp /lib/libcrypt.so.1 ${chroot}/lib/
cp /lib/libnss_compat.so.2 ${chroot}/lib/
mknod -m 0666 ${chroot}/dev/null c 1 3

The above script would be executed as:

# mkchroot /chroot/user

The next step is to do a few user-specific things like creating a passwd file for the user:

# getent passwd user >/chroot/user/etc/passwd

You will also need to change their login shell:

# usermod -s /usr/bin/rssh user

Finally, edit /etc/rssh.conf and add an entry for the user:

user = "user:022:00011:/chroot/user"

This will set the default umask for the user to 022, chroot them into /chroot/user, and provide SCP and SFTP access (the five bits indicate what capabilities are permitted: rsync, rdist, cvs, sftp, and scp; 0 indicates the capability is disabled; 1 indicates it is enabled).

Finally, make sure that the keywords are enabled in rssh.conf:

allowscp

allowsftp

With this, you can provide secure FTP and file copying to your system without exposing the entire filesystem or providing shell access.

CentOS 3.4 to 4.0 remote upgrades. Yum method.

# rpm --import RPM-GPG-KEY-centos4
# rpm -Uvh centos-release-4-0.1.i386.rpm
# yum install glibc glibc-common
# yum install {kernel|kernel-smp}
# rpm -e kernel-smp-2.4.21-27.0.2.EL (the release number may vary depending on your system)
# yum upgrade

Before rebooting generate a new initrd image and compare the size with the one generated by rpm postinstall scripts. If you obtain a larger image, then you are on the way.

# mv /boot/initrd-2.6.9-5.0.3.ELsmp.img /boot/initrd-2.6.9-5.0.3.ELsmp.img.orig
# mkinitrd /boot/initrd-2.6.9-5.0.3.ELsmp.img 2.6.9-5.0.3.ELsmp

You may get some dependency errors while going through the steps above (one machine I had XFree installed, so I simply forced removal of all XFree packages because CentOS 4 uses Xorg)

Also note on one server I couldnt get the new initrd image generated for some reason? So I simply copied it from one of the servers that did generate it (they are all identical machines and specs) and that worked perfectly.

actualizacion de centos 3 a centos 4
rpm --import http://mirror.centos.org/centos/4/os/i386/RPM-GPG-KEY-centos4
rpm -e centos-release-3-8-1 && rpm -ivh --nodeps http://mirror.centos.org/centos/4/os/i386/CentOS/RPMS/centos-release-4-4.2.i386.rpm
# yum install glibc glibc-common

Resolving dependencies ..conflict between udev and kernel

That's because your system has 2.4 kernel installed yet which makes conflict with udev which is going to be installed. Remove it with rpm --erase:
# rpm -qa|grep kernel
# rpm -e kernel-2.4-wathever
# yum install glibc glibc-common
# yum install {kernel|kernel-smp} *(if this give you errors installing lvm2 read the note at the end of the post)
# rpm -e kernel-smp-2.4.21-27.0.2.EL (the release number may vary depending on your system)

Also remember before rebooting to view the new kernel's initrd image size and generate a new one to compare.

# ls -l initrd-2.6.9-5.0.3.ELsmp.img
-rw-r--r-- 1 root root 195325 Mar 2 16:09 initrd-2.6.9-5.0.3.ELsmp.img

# mkinitrd initrd-2.6.9-5.0.3.ELsmp.img.new 2.6.9-5.0.3.ELsmp

# ls -l initrd-2.6.9-5.0.3.ELsmp.img.new
-rw-r--r-- 1 root root 474840 Mar 3 11:39 initrd-2.6.9-5.0.3.ELsmp.img.new

If this differs in size, like mines, move the old image to a different file name and cut off the '.new' extension in the new one's filename

# mv initrd-2.6.9-5.0.3.ELsmp.img initrd-2.6.9-5.0.3.ELsmp.img.dist
# mv initrd-2.6.9-5.0.3.ELsmp.img.new initrd-2.6.9-5.0.3.ELsmp.img

You need this in order to permit grub loading the new initrd (or change the grub.conf to point to the new generated initrd image, make your choice).

As you see the rpm generated initrd is smaller than the manually generated, which means there's something wrong in the rpm postinstall script. Make sure of this and take a lot of care before rebooting (otherwise be ready with a rescue CD to boot and follow the above procedure).

P.S.: you may have need of cutting the "smp" letters in the kernel name, depending on your hardware configuration.

   1. Make a full backup of all your data
   2. Import GPG Keys: rpm --import http://mirror.centos.org/centos/3.4/...G-KEY-CentOS-3
   3. Install/Upgrade yum: rpm -Uvh --nodeps http://mirror.centos.org/centos/3.4/...s.7.noarch.rpm http://mirror.centos.org/centos/3.4/...-11.noarch.rpm http://mirror.centos.org/centos/3.4/...5.3.noarch.rpm
   4. Update Release information: rpm -e redhat-release-9-3 && rpm -ivh http://mirror.centos.org/centos/3.4/...3-6.1.i386.rpm
   5. Upgrade Server: yum upgrade