OS Tricks

Home / OS Tricks

This is some stuff

Some Useful Unix Commands and Information
This is some commentary on this section of the website.
###################################
# File Locations                  # 
###################################

LOGS
/var/log/
/var/log/httpd

WWW 
/var/www

HTTPD
/etc/httpd/conf/httpd.conf


# Reload the httpd.conf in fedora
/etc/init.d/httpd restart



#unix system stats 


#return system version 
uname -a 

#both display same thing
head -n1 /etc/issue
tail /etc/fedora-release


•	uname -a	Show kernel version and system architecture
•	head -n1 /etc/issue	Show name and version of distribution
•	cat /proc/partitions	Show all partitions registered on the system
•	grep MemTotal /proc/meminfo	Show RAM total seen by the system
•	grep "model name" /proc/cpuinfo	Show CPU(s) info
•	lspci -tv	Show PCI info
•	lsusb -tv	Show USB info
•	mount | column -t	List mounted filesystems on the system (and align output)
•	grep -F capacity: /proc/acpi/battery/BAT0/info	Show state of cells in laptop battery
#	dmidecode -q | less	Display SMBIOS/DMI information
#	smartctl -A /dev/sda | grep Power_On_Hours	How long has this disk (system) been powered on in total
#	hdparm -i /dev/sda	Show info about disk sda
#	hdparm -tT /dev/sda	Do a read speed test on disk sda
#	badblocks -s /dev/sda	Test for unreadable blocks on disk sda


IPTABLES

grep "Did not receive" secure

grep "Accepted" secure



Drop an IP
/sbin/iptables -I INPUT -s 61.253.249.157 -j DROP

List Rules 
/sbin/iptables -L INPUT

If you wanted to block the entire 221.0.0.0-221.255.255.255 range, then use either:

sbin/iptables -I INPUT -s 221.0.0.0/255.0.0.0 -j DROP
sbin/iptables -I INPUT -s 221.0.0.0/8 -j DROP
iptables -I INPUT -s 123.123.123.123 -j DROP


They do the same thing, you're just using CIDR notation instead of netmasks...

Note that using /24 will just block 221.0.0.0-221.0.0.255

https://ww/etc/initw.snort.org/downloads/1303
https://sourceforge.net/projects/pcre/files/latest/download


https://www.snort.org/downloads/1221/daq-0.6.2.tar.gz


#PHP Info
php -i | grep -i "curl"
php -v
php -h


#apache restart
apachectl -K graceful


#SSH Secure
listen on 6938

edit /etc/ssh/sshd_config

add the following lines
PermitRootLogin no
AllowUsers bob
Port 6938

restart SSH 
/etc/init.d/sshd restart

now root cannot log in, only bob
and only on port 6938

iptables -I

#See what running and which process owns it

netstat -an

or 

netstat -anltp

then look up the port with lsof
/usr/sbin/lsof -i :80

# Users 

userdel -rf username # remove user, delete their home directory and force removal of files in it
usermod -s /sbin/nologin mysql # change mysqls shell to nologin


history # show command history
history -c # clear history

chown -R bob:bob /home/bob # change owner to bob in group bob recursvly of /home/bob


Groups
groupadd webmins
grep webmins /etc/group
usermod -a -G webmins bob
chgrp webmins html
chmod 775 html
chgrp -R webmins html


Show the top 10 IPs with failed logins (first column is failed # of tries, then 2nd column is the IP)
lastb | awk '{print $3}' | sort | uniq -c | sort -rn | head -10

Show the top 10 usernames with failed logins
lastb | awk '{print $1}' | sort | uniq -c | sort -rn | head -10



# files modified in the last 5 minutes

find / -mmin -1 | grep -v "/proc/" | grep -v "/system/" | grep -v "/dev/" | grep -v "/devices" | grep -v "/tmp/"


SNORT

/usr/local/bin/snort -i venet0:0 -c /etc/snort/snort.conf -g snort -D

/usr/local/bin/snort --version

find / -name httpd.conf -print

###################################
# MYSQL Commands                  #
###################################

#configuration file 
/etc/my.cnf #set the bind port in here

#Log in from the command line with user root and prompt for password
mysql -u root -p

#Display the mysql.user table
select user, host, password from mysql.user;

#set password to chicken for all users named root
update mysql.user set password = PASSWORD('chicken') where user = 'root';
flush privileges;

#show all databases
show databases;

#select a db to work with
use phorum;

#show the tables
show tables;

#describe the table
describe phorum_users;

#show everything in the table
select * from phorum_users;

php show columns from phorum_users;

/etc/init.d/mysqld restart
/etc/init.d/mysqld stop
/etc/init.d/mysqld start

#copies all jps in directory and subs to some other folder
find -name "*.jpg" | xargs -I '{}' cp '{}' /home/somefolder




#installing phorum, an odessey

wget www.phorum.org/downloads/phorum-5.2.15a.tar.gz

#copying a file

cp phorum-5.2.15a.tar.gz ./www

rm phorum-5.2.15a.tar.gz

#remove a directory recursively 

rm -r -f forum

#untar it

tar xvzf phorum-5.2.15a.tar.gz

#copy that directory to another

cp -r phorum-5.2.15a/ /var/www/html/forum

Some Useful Windows Commands and Information
This is some commentary on this section of the website.
# Getting hashes from the command line with built-installing

certutil -hashfile