backdocuments
txt

Learning to Administrate Linux by Example

Examples for RedHat-based systems

Creation: 2006/01/04

Simple note:
  • Commands prepended with $ can be done as a regular user. Those with # need to be done as root, or via sudo.
  • While this document was written for RedHat-based systems, a great many portions of it will carry-over to other distributions, as well as carrying over to BSD-based systems.

    Key

  • RED areas are those that are incomplete or have not been double-checked yet. Use with caution or send updates/information to david.p@hostdime.com.
  • GREEN areas are recommended responses to explain the previously-addressed error to a client.

Configuring

/etc/fstab - Disk Mounting

    The fstab file should be accessible by all users; however only editable by root. This file is how your system determines: Although it is a file, and not a device or tool, fstab does have it's own man-page
    • Where to mount a partition
    • What filesystem a partition uses
    • How many partitions/disks you're using
    • Who may mount different partitions
    • Who owns the information on a partition when it is mounted
Back to document index

Network

    Login to the machine via the console. Make sure you are connected from the machine to the hub/router, from the console do:

  • DHCP:

    # network-config
    Select DHCP. You should be good to go.

  • Static:

    # network-config
    De-Select DHCP. Enter your IP, gateway, nameserver, & !!EDIT!!
    •

  • Check that this did the trick:

    $ ping -c 5 google.com
    (or any other generic site that allows ping requests/replies). If you get a response, something like:
    PING google.com (64.233.167.99): 56 data bytes
64 bytes from 64.233.167.99: icmp_seq=0 ttl=242 time=42.258ms
64 bytes from 64.233.167.99: icmp_seq=0 ttl=242 time=42.258ms
64 bytes from 64.233.167.99: icmp_seq=0 ttl=242 time=42.258ms
64 bytes from 64.233.167.99: icmp_seq=0 ttl=242 time=42.258ms
64 bytes from 64.233.167.99: icmp_seq=0 ttl=242 time=42.258ms
--- google.com ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
rount-trip min/avg/max/stddev = 42.258/42.258/42.258/0 ms
    Then you're good to go! If not, then something else isn't right.
Back to document index

BIOS

  • Settings

    I have noticed after some time that we have a lot of different BIOS on the motherboards here; however, almost all of them are rather simple to figure out if you are willing to take the time to cycle through each menu/screen once or twice. The following are some common settings that should be on pretty much all of our servers, little things that we do/don't need:
    • Power-On Resume: ON Somewhere in power-options, there should be an option of Power-On Resume or Power-Interrupt Choice or something similar. This is what the computer will do after power has been stopped. You have the options of "off" "prior/previous" or "on" - meaning that after the machine has lost power, should it come back on, go to the prior/previous state, or stay off. In the case that we ever did have power fail (bad power-strip, fuse, or otherwise), we do want all machines to power themselves back on so that we don't have to run around click a bunch of on-buttons.
    • USB: DISABLED We use PS/2 keyboards when we do have to console a machine, and have no need for these machines having the USB ports running/enabled. Disable them.
    • SERIAL: DISABLED We also do not use serial connections here, disable these.
    • Shared Video Memory Allocation (Size): 4MB/8MB We most often use integrated (on-motherboard) video cards. Since these share off of the RAM, having them set higher, means more RAM is allocated (set aside) for use by the video-card. As none of our servers have monitors attached 99.9% of the time, setting aside RAM for graphical purposes is rather silly. Some of these come set anywhere from 64MB to 128MB, which is just an additional 64/128MB that could be getting used by the system and isn't. Please set these to the smallest value it will allow.
    • Floppy Disk: DISABLED Most of the computers here do not have a floppy drive installed or attached. Most bios still seem to set this default to a 3-1/4" disk-drive. You can disable this as it is unnecessary.
    • Quick-Boot: ENABLED/ON Quick-boot allows the machine to boot without a full memory scan and other checks at each boot. We want our machines down as little as possible, so enabling a slightly-faster boot never hurts.
    • AC'97 On-Board Sound: DISABLED/OFF This is the integrated sound-card. As we have no speakers or headphones hooked up to any of our systems there's no need to have this enabled.
    • ONBOARD LAN 10/100 ETHERNET: ENABLED/ON Any combination of the prior string should be on, as 99%+ of the time we use the onboard 10/100 card for all networking purposes.
    • Back to document index

  • Boot-Sequence/Order

    All of the machines here should have the same boot-sequence set in their BIOS:
    1. DISABLED
    2. Hard-Disk 1
    3. DISABLED
    We do not need CDROM/Floppy/USB-FDD or any other option ever enabled. The reason why Hard-Disk 1 is our second option and the first is DISABLED is so that when/if we ever need to boot to PXE (LAN-ROM), we can simply change the first option to LAN/ROM and leave the rest intact.
Back to document index

Maintenance

Installing a New Kernel

    On machines currently using a 2.4 series kernel, only update with a 2.4!
    On machines currently using a 2.6 series kernel, only update with a 2.6!
    1. Grab the latest kernel RPM: Do a search (^f in most modern browsers) for "kernel-smp" and in almost all instances use the most recent that says the right architecture.
    2. Save kernel RPM to server:
      # wget http://isodirect.centos.org/centos/#/updates/i386/RPMS/kernel-smp-####.rpm
    3. Extract and install rpm:
      # rpm -ivh /path/to/kernel-smp-####.rpm
    4. Edit /boot/grub/grub.conf to reflect the new kernel. Actually, you are just checking to make sure that the .rpm installed it correctly, as the entry should be there)Add a new boot block (leaving the old still-intact) with the new KERNEL-ID:
      title CentOS (KERNEL-ID)
	root (hd0,2)
	kernel /boot/vmlinuz-KERNEL-ID ro root=/dev/hda5 rhgb quiet
	initrd /boot/vmlinuz-KERNEL-ID.img
      Add this as the top entry. Otherwise, you will need to also change the line "default=0" to reflect which entry it is (top is 0, from there on down add numerically).
    5. Run kudzu, the Red Hat hardware-detector/configuration-tool:
      # kudzu
    6. Reboot into new kernel (system should automatically go into new kernel since we made it default via /boot/grub/grub.conf):
      # reboot
    7. Now that machine is back up, make sure we're in the new kernel environment:
      $ uname -a
Back to document index

Going into Single-User Mode

    You may find other references in this document as to going into single-user mode. Single-user mode is the lowest runlevel of Linux where you can still be logged in. Most services are not running, and the only user (who is logged in by default) is root. It is a great tool for debugging and checking out a system, resetting passwords, and doing basic work - as it does not require the same boot-time as other runlevels will.
    1. Power-on the machine.
    2. After the BIOS screens have run, you will be prompted by the GRUB boot interface. There may be multiple lines; however, the default (one that will boot), will be highlighted. Press the escape esc key to stop the boot-countdown.
    3. Now that the boot-countdown is halted, select the kernel you wish to boot into (or, more often, leave the default one highlighted), and press "e" to edit the boot command.
    4. You will be greeted by a new edit screen. Choose (using your up/down arrow keys), the line that ends with something similar to:
      root=LABEL=/
      or perhaps
      root=/dev/hda5
    5. To this line (at the end of it), add the text:
      single
      and press enter, this will boot you into single-user mode.
Back to document index

Resetting root Password

    As single-user mode automatically logs you in as root, to reset the root password of any machine, all you need to do is go into single-user mode, and then use the passwd utility and follow the prompts to enter the new root password:
    # passwd
Changing password for user root.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
Back to document index

Changing root Password Temporarily

    Sometimes you will need to work on a machine that you do not know the root password to (whether it be a client's or otherwise); but you do not wish to remove or change their root password. To do this:
    1. Boot into single-user
    2. Making a backup-copy of the shadow file:
      # cp /etc/shadow /etc/shadow.back
    3. Create your own password:
      # passwd
Changing password for user root.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
    4. Boot into runlevel 3 or do whatever else you needed to do:
      telinit 3
    5. Move the backup copy of /etc/shadow back in place (thus restoring their root password):
      # mv /etc/shadow.back /etc/shadow
mv: overwrite `/etc/shadow'? y
    6. Exit/quit/whatever else

Performing a File-System Check

    Information about fsck
  1. First, make sure that the filesystem you are going to fsck is not mounted. Perhaps you need to fsck /dev/hdb1, you would do:
    $ mount | grep /dev/hdb1
    If you get a response line, perhaps something like:
    /dev/hdb1 on /backup type ext3 (rw,usrquota,noatime)
    Then you need to unmount this partition before you proceed. If get no response, skip to step 3.
  2. Unmount the partition:
    # umount /dev/hdb1
  3. Do the fsck:
    # fsck -y /dev/hdb1
  4. The prior command may run for... seconds, minutes, hours, days... you name it. This all depends on how much work has to be done to the filesystem. Sometimes it will exist happily; othertimes, it may tell you to run fsck again. If it does, run it again. Otherwise, reboot (or remount) and enjoy.
  5. Remount the partition:
    # mount /dev/hdb1
Back to document index

Going into low-level /bin/bash

    Similar to going into single-user mode, going into an init where you have only loaded /bin/bash can be rather useful also. You will notice the steps are similar to single-user mode:
    1. Power-on the machine.
    2. After the BIOS screens have run, you will be prompted by the GRUB boot interface. There may be multiple lines; however, the default (one that will boot), will be highlighted. Press the escape esc key to stop the boot-countdown.
    3. Now that the boot-countdown is halted, select the kernel you wish to boot into (or, more often, leave the default one highlighted), and press "e" to edit the boot command.
    4. You will be greeted by a new edit screen. Choose (using your up/down arrow keys), the line that ends with something similar to:
      root=LABEL=/
      or perhaps
      root=/dev/hda5
    5. To this line (at the end of it), add the text:
      init=/bin/bash
      and press enter, this will boot you into /bin/bash
Back to document index

/bin/bash fsck'ing

    You can find more information on fsck here. If you need to do an fsck on the main partition of a drive, or perhaps the machine is booting to a prompt saying something similar to:
    Filesystem Error:
Press ctrl+D for maintenance or enter to continue
    Here, you may not have the root password, as the customer's password on file may not be correct/current, or they may not have one on file. In this instance, you could move the machine, boot it through PXE onto another machine and do an fsck, or you can boot it into /bin/bash and do the same.
    1. Boot into /bin/bash
    2. Do an fsck
Back to document index

Services

httpd - Apache, Web-Server

    The httpd process runs Apache, the most popular web-server. This serves and interacts with end-users on the http (hyper-text-transfer-protocol). This commands what is sent to an end-user based on what they send to the server.

  • The httpd service/process can be called upon to be started, stopped, or restarted by:
    # service httpd ___
    Where ___ is start/stop/restart.
  • You can easily check the configuration file of httpd for errors by doing:
    # service httpd configtest
    If you get any response other than:
    Syntax OK
    then start fixing!
Back to document index

exim - eMail

    The exim service/process can be called upon to be started, stopped, or restarted by:
    # service exim ___
    Where ___ is start/stop/restart.
Back to document index

named - Bind/DNS

    The named service/process can be called upon to be started, stopped, or restarted by:
    # service named ___
    Where ___ is start/stop/restart.
Back to document index

mysql - Database

    The mysql service/process can be called upon to be started, stopped, or restarted by:
    # service mysql ___
    Where ___ is start/stop/restart.
Back to document index

chkservd - Check Service Daemon

    The chkservd service/process can be called upon to be started, stopped, or restarted by:
    # service chkservd ___
    Where ___ is start/stop/restart.
Back to document index

Network

Network Connection/Finding IP:

  1. Check to make sure the ethernet cable is plugged in.
  2. If ethernet cable is plugged in, login to console and type:
    # mii-tool
    Correct Response should contain "link ok" such as:
    eth0: negotiated 100baseTx-FD, link ok
    or
    eth0: no autonegotiation, 10baseT-HD, link ok
    Bad Response:
    eth0: no link
    If you got the Correct Response, continue; if you got the Bad Response, check your cables/router/hub.
  3. Bring up the local loopback connection by typing
    # ifup lo
  4. Now bring the ethernet connection up, by typing
    # ifup eth0
    • If the connection was not up, you should see: (on a DHCP network)
      Determining IP information for eth0... done.
      This means you are now connected and have an IP.
    • If eth0 is already up, you may either get no response, or something similar to:
      Determining IP information for eth0...dhclient(####) is already running - exiting.
	failed.
      Depending on whether you are on a DHCP or Static IP.
    Either of these responses means you have an IP address that you can find by typing:
    $ ifconfig eth0 | grep "inet "
    This should give you a response of:
    inet addr:##.#.#.### Bcast:##.#.#.### Mask:###.###.###.#
    Where the #'s directly after inet addr is your IP address.
Back to document index

Block an IP with iptables

    Blocking an IP address with iptables is very simple:
    # iptables -I INPUT -j DROP -s THE-IP-HERE
    Here we are using iptables and Inserting a rule into our table named INPUT to jump any connections with a source IP of THE-IP-HERE to be DROPped. This means that any time that IP address attempts to connect to the machine, no response or information will be given or sent, it will just be dropped dead in its tracks. You can always double-check that your addition was made properly also:
    # iptables -nL | grep THE-IP-HERE
    should show the added block-line.

    At this point, it would be very wise to make sure that the block is going to be saved after iptables is stopped or restarted. This is not done by default, so that in case someone blocks themself out of their machine somehow, a simple reboot will clear the rules and allow them access again. Since we're just not going to make any mistakes ;) we're going to make them be saved. To do this, we'll edit the following file:
    # vi /etc/sysconfig/iptables-config
    This file, by default, should have contents similar to:
    # Additional iptables modules (nat helper)
# Default: -empty-
#IPTABLES_MODULES="ip_nat_ftp"

# Save current firewall rules on stop.
# Value: yes|no,  default: no
#IPTABLES_SAVE_ON_STOP="no"

# Save current firewall rules on restart.
# Value: yes|no,  default: no
#IPTABLES_SAVE_ON_RESTART="no"

# Save (and restore) rule counter.
# Value: yes|no,  default: no
#IPTABLES_SAVE_COUNTER="no"

# Numeric status output
# Value: yes|no,  default: no
#IPTABLES_STATUS_NUMERIC="no"
    We will change this to reflect our choices of saving the rules on stop or restart, so that we do not "lose" these blocks: (see vi about how to change these all in one step)
    # Additional iptables modules (nat helper)
# Default: -empty-
#IPTABLES_MODULES="ip_nat_ftp"

# Save current firewall rules on stop.
# Value: yes|no,  default: no
IPTABLES_SAVE_ON_STOP="yes"

# Save current firewall rules on restart.
# Value: yes|no,  default: no
IPTABLES_SAVE_ON_RESTART="yes"

# Save (and restore) rule counter.
# Value: yes|no,  default: no
IPTABLES_SAVE_COUNTER="yes"

# Numeric status output
# Value: yes|no,  default: no
#IPTABLES_STATUS_NUMERIC="no"
    Notice that outside of changing the save-rules to "yes" rather than "no" that we also removed the common-delimiter "#"'s to uncomment those lines.
Back to document index

Unblocking an IP with iptables

    In order to unblock an IP with iptables you must first find the line-number of that contains the block for it. This can be done by:
    iptables -nL --line-numbers | grep THE-IP-HERE
    This command will List all the iptables rules in number format (rather than DNS-name), with line-numbers prepended, and then limit that output to only show lines with THE-IP-HERE in them. Your output may be similar to:
    ### DROP	all	--	##.##.###.###	0.0.0.0/0
    Where ### is the line-number, and ##.##.###.### is the IP in question. To remove this, type:
    # iptables -D INPUT ###
    This will Delete from the table INPUT the rule on line-number ###. You may need to change INPUT based on the name of your tables. You can always double-check that your deletion was done properly also:
    # iptables -nL | grep THE-IP-HERE
    should return nothing.
Back to document index

Blocking Abusive IPs

(Redirects from "Load Issues from DOS/DDOS")
    If you have found that your machines load is extremely high (> 3*# of CPUs), then it is likely you have someone attacking your machine, whether it be a DOS (denial of service) attack, or otherwise.
  1. A quick way to see if anyone is hitting your server is the following command-line/script:
    $ netstat -an | awk '{ print $5 }' | cut -d ":" -f 1 | sort | uniq -c | sort -n | grep -v [a-zA-Z]
      Before you type this, let's dissect it and understand it:
      $ netstat -an
      This lists all connections, numerically (IP instead of DNS-name).
      awk '{ print $5}'
      prints the 5th column (in this case, IP address) of the prior output.
      cut -d ":" -f 1
      Using a delimiter of :, cuts field 1 (everything in front of the first :) - In this instance, removing the ports that are being connected to/from and giving us just the IPs. 
      sort
      This sorts the IP addresses.
      uniq -c
      Makes it so that there are only unique IPs, removing duplicates, however, counting how many times each occurred.
      sort -n
      Sorts the prior output, this time by number, giving us the IPs with the most connections near the bottom of our prompt.
      grep -v [a-zA-Z]
      Since you would also have output like "STREAM", "DGRAM", and other things you need not worry about right now, we use grep to only show output that does not have any alphabetic characters in it, lowercase or capital.
  2. Now that you have the output from this, are any of the numbers in the first column greater than 30? 50? 100? Unless your server is used specifically by one or two main IPs (inner-office, etc), then most often any IP address with more than 50 (sometimes less) connections is causing your server to build a higher load or even locking out true users. So, assuming that there is a connection with more than 30 connections, it is probably in your best interest to block them.
  3. If there are many connections in excess of 50 or so, rather than manually blocking each, check out my DDOS script. This will add blocks for anyone with 50-399 connections to the server (and automatically check for who has that many).
Back to document index

Load Issues

If your machine is not as responsive as usual, best thing to do is check to see what the CPU Load looks like. This can be done in a multitude of ways, but perhaps the simplest is to type:
$ w
This will give you an unformatted look at your machine's load averages. For every CPU that you have, normal may bring 2-3 load per CPU. Thus, if you have a dual-core machine with a 2 load, this is discussed as if it were a single-core machine with a 1 load. Machines can handle loadtimes into the thousands without crashing; however, sluggishness is normally very noticable when you begin to hit 5 or more per CPU. Here we discuss a few reasons why load gets high, and a few simple ways to deal with it.
Back to document index

Load Issues from DOS/DDOS

Back to document index

Load Issues from Specific Processes

    You may need to find the process that is overloading your machine by using top. If you are using top you may kill the process by pressing "k" and the entering the PID. If you are using the console, you may use 
    kill PID
    or if that does not stop the process still: 
    kill -9 PID
    Perhaps you know the name or part of the name of a process but do not see it in top or do not wish to use it. You may use "ps" to find such processes. For example:
    ps aux | grep X
    This will return information about all processes that have "X" in them. If you are looking to kill a perl script for example, you may use:
    ps aux | grep perl
    Now, presume that you see a program, httpd for example, constantly in top with a high load. Well, httpd is not run by the single-user-account of each user. But, since you still see a PID, let's find out which website/user is causing the load issues. This happens most often it seems with forums and users with intensive mysql usage
    With PID recorded, do:
    # ls -l /proc/PID/cwd
    This will show you what command-line is being called to perform this process. In the case of httpd, you may see something like:
    lrwxrwxrwx  1  httpd httpd 0 Jan 1  12:00  PID/cwd -> /home/USERNAME/public_html/forum
    In this case, we now know that user USERNAME is the one who's script/program/process is overloading the machine.Similarly, for a perl process you may notice it is commonly run by nobody, and httpd is generally run as nobody, www, apache, or perhaps httpd.
Back to document index

Load Issues from Specific Users

    To find that a user has a great many processes running, you can use this line:
    ps aux | awk '{ print $1 }' | sort | uniq -c | sort -n
    This will show all processes from all users, takes just the user-name column, sort it, and count how many times each unique entry appears. This does not show whether the user has a bunch of "light" processes running - or a bunch of "heavier" processes (you may have 20 processes that barely use any CPU/memory, or you may have 2 processes that are slamming it). However, if you often find a user is doing a great many processes, you may wish to get rid of some of them.
    As mentioned above in Load Issues from Specific Processes you can use top in the exact same manner to kill a user's processes as well. That said, you may also use "ps":
    ps aux | grep fred
    This will give back all the processes that "fred" is running, and that anyone else is running that happens to have "fred" in it (such as bob editing "fred-paycheck.txt"). We can go one step further and kill all of a user's processes in case they have something that is starting new processes and slowing the machine. This can be done by:
    ps aux | grep USER | awk '{ print $2 }' | xargs kill
    This takes the processes, takes out ones with that USER in them, prints the second column of this information (the PID), and then takes that argument list and kills all the PIDs. Likewise, we could write that as:
    for pid in `ps aux | grep USER | awk '{ print $2 }'`; do kill $pid; done
    It is up to you which style you prefer.
    While the above-mentioned is handy for stopping a user's processes once they are already going, on RedHat-based systems there is also a local configuration file named limits.conf which resides in /etc/security/. To edit this file, we're going to call it:
    # vi /etc/security/limits.conf
    (see more on vi)
    This file is based on four columns:
    username/groupname   type-of-limit   what-to-limit   limit-value
    • Thus, if we have user USERNAME who is running too many processes, we may add the following:
      USERNAME   hard   nproc   20
      This will limit the user USERNAME to a hard value of his number of processes to 20 or less. You may also use soft in place of hard to allow occasionally bursts above this number.
    • The other type of limit we will frequently use is for accounts that do not run too many processes, but run one or two processes that put a high load on the machine, for them we will use:
      USERNAME   hard   cpu   1
      Again, we can exchange hard for soft, and this limits their max cpu time in minutes to 1. The limits.conf is a powerful file, but that is all we'll touch on it for now.
Back to document index

Load Issues from exim

    The mail program exim is... well... "not perfect". It often may have a large queue of undelivered (or undeliverable) mail in its system. To see how much mail is in queue, type:
    exim -bpc
    The number output of this is how much mail is on the system that is not yet delivered. Values under 1,000 or so are normal, when you start seeing 10,000-200,000 it's time to take action.
    Mail is considered "frozen" if it can not be delivered. If I send an e-mail to bob@bob, since there is no .com/.net/&c, it can not be delivered. Likewise, if for any reason a piece of mail can not be delivered, my system may try to resend it (usually only up to two or three times) before stopping it. You will most often on systems find frozen mail. The way to find frozen mail with exim is:
    exiqgrep -iz | wc -l
    This will give you a count of how many messages on the system are frozen. You are almost always okay to clear any frozen messages, as the chances of them being good/deliverable is slim to none. To clear frozen messages:
    exiqgrep -iz | xargs exim -Mrm
    You will see one of two outputs here:
    1. Message MESSAGE-ID has been removed
        All has gone well.
    2. Line Mismatch MESSAGE-ID
        do:
        rm -fv /var/spool/exim/input/*/MESSAGE-ID*
        (see more on rm)
Back to document index

Load Issues from httpd/Apache

    Load issues resulting from httpd/Apache can most likely be resolved by looking for and blocking abusive IPs if it is a load resulting from the fault of end-user's abusing httpd. That said, if you do check for abusive IPs and do not find any, then more often than not httpd is just building a load because there are so many processes of it running.
    1. Check how many httpd processes are running:
      $ ps aux | grep http | wc -l
      If this results in something less than 100, no worries, and httpd is probably not overloading your machine. If it's more than 100, continue...
    2. Check out the MaxClients from the httpd.conf:
      $ grep MaxClient /usr/local/apache/conf/httpd.conf
      Sometimes a customer/client will get overly hopefully and believe that their machine can handle 500+ clients... Generally, it can't. Setting this to a more reasonable 100-200 (or a nice median of 150) is better.
    3. # vi /usr/local/apache/conf/httpd.conf
      Then, use "/" to search:
      /MaxClient
      then "i" to edit, and change the value.
    4. Now reload apache:
      # service httpd restart
Back to document index

Crashing Machines

Out of Memory

    When a machine crashes due to being out of memory, this is because it was attempting to write something to short-term memory (RAM or swap) and no longer had any place to put this information (because both RAM and SWAP are fully used). Most likely this is due to having a machine running a poorly written script (or abusive script/program) or perhaps just being configured such that programs such as Apache can try to handle too many connections, etc. Solving this is a matter of configuring the machine with more RAM/SWAP, or checking your programs for resource usage and your users for any odd/new scripts that may've taken a ton of memory.
Back to document index

Kernel Panic

Back to document index

Frozen Console

Back to document index

Disk Crashes

Back to document index

Tools

man

    Tools, programs, scripts, whatever you may call them, these are what you'll need to use to get simple basic tasks accomplished. From a command-line prompt, you can access all the following information (and more), by typing "man X" where X is a utility/program name:
    man man
    If the information you need is not described in-depth enough below, then check out the manual page first.
Back to document index

fsck

    fsck is a tool to do a filesystem check. Occasionally when a machine is writing/reading from a disk when it freezes or is rebooted some incongruencies will occur on the filesystem; regardless of why these are there, they need to be corrected, and fsck provides a rather good tool for fixing them.

    Your machine should be configured to perform them when necessary; however, occasionally you may need to perform an fsck manually. For this, see this. 
    • fsck -y /dev/partition
      Using "y" will answer "yes" automatically to any questions asked while fsck is running.
    See also: Performing a File-System Check
Back to document index

rm

    rm is a tool to remove files from the system. It does not put them in a trash or recycle bin, it permanently removes them. Again, permanently like, dead, no Frankenstein's monster back-to-life: gone, forever. Any of the following triggers may be used in conjuction with the others: 
    • rm -f
      Using "f" forces removal of a file, without prompting you with a choice to remove it or not.
    • rm -i
      Using "i" will have rm inquire interactively for each file whether you wish to remove it or not.
    • rm -r
      Using "r" will remove files recursively.
    • rm -v
      Using "v" will make the output verbose, showing each file removal to output.
        • You may note that using "f" and "i" together make create a system conundrum. Whichever is the last called will take precedence. Consider this:
        $ rm -if file
$
$ rm -fi file
rm: remove regular file `file'?
Back to document index

top

    top is a tool to see what processes are running and to sort them very neatly into order according to memory or CPU usage. If your machine's load is getting high (or you just wish to see what is running, actively), use the command:
    top
    The information you see here is somewhat self-explainable (hopefully). Any of the following triggers may be used in conjuction with the others:
    • Use "q" to exit top at any time.
    • Pressing "z" on more modern versions of top will colorize the output making it a little easier to decipher. "z" is not a start-up call though, and it will not work by 
      top -z
    • top -i
      Using "i" toggles whether or not idle-processes are shown. "i" can be called from inside top after it has been started.
    • top -d #
      Using "d" toggles the interval in seconds (#) of how often top should update the display. "d" can be called from inside top after it has been started. A time of "0" is instant, realtime, and may require ^c to cancel/quit. Some systems also use "s" for this call.
    • top -u USER
      Using "u" toggles which user is displayed. By default, all users are displayed. "u" can be called from inside top after it has been started.
    • Pressing "k" will prompt you for a PID to kill. On some systems you will then be prompted for a signal code to send to the program to stop it. The most popular are [15] & [9].
Back to document index

vi

    vi is a text-editor that is inclusive on almost all Linux and BSD-based systems. Some insult it for its initial learning curve, while others exalt it for its versatility. Still even, more users use it because: "It's always there." 
    vi
    This will start vi. On some systems you will get a welcome screen here. If you invoke vi with: 
    vi /path/filename
    you should not see a welcome screen. Go to someplace safe and do this: 
      vi temp.file
      Now, to exit the file, hit "esc" then ":" followed by "q!" You just quit without saving any changes to the file. Why is this important? Try the same thing again, but try typing to the file. You can't. You have to press i to enter input mode.
    Some basic commands to know about in vi; access these by pressing [esc] then ":" then the command: 
      q!
      Exits vi without saving changes to any file. 
      wq
      Writes file changes and quits 
      /TEXT
      Finds and highlights occurences of text "TEXT" pressing "/" cycles through all occurences 
      ##
      Goes to line ##. Useful for debugging errors given based on line-numbers. 
      d
      Deletes line. To delete multiple lines, use "d#" where d is the number of lines you want deleted (not the line-numbers you want deleted). 
      s/ORIGINAL/NEW/g
      Finds all occurences of ORIGINAL on that-line and replaces it with NEW. Be careful as for special-characters and spacs you may need to use escape-characters. 
      %s/ORIGINAL/NEW/g
      Finds all occurences of ORIGINAL in a file and replaces it with NEW. See above note about special-characters.
Back to document index

ssh

    SSH is the secure-shell that is used to remotely (and securely) access a system's command line. There are only a few things that you may really need to know to use SSH: 
    -v
    Makes ssh verbose when invoked at the command-line. You can use it up to -vvv for more verbose output. 
    -p #
    Allows you to access SSH run on a port that is non-standard. Standard SSH port is 22 and using "ssh -p 22" would be redundant unless your /etc/ssh/ssh_config is configured to use a different standard outgoing port.
Back to document index

iptables

    iptables is the default firewall/filtering tool we'll be using. Since the details of simple-use of iptables have already been outlined elsewhere, this area will just have the links to those specific areas, as follows:
  • Block an IP with iptables
  • Unblocking an IP with iptables
Back to document index
Friday, 01-Apr-2011 23:30:45 EDT