Q. How do I find out screen resolution of my Linux desktop? A. $ xdpyinfo | grep 'dimensions:' or $ xrandr | grep '*' Q.

Server uptime command to find out how long the system has been running A. $ uptime Q. Linux locking an account A. passwd command is used to change user or group accounts password. A normal user may only change the password for his/her own account, the super user (root) may change the password for any account. You can use passwd command for locking or unlocking an account. Linux locking an account Syntax: passwd -l {username} Lock the account. This option disables an account by changing the password to a value which matches no possible encrypted value. Example: Lock user account named vivek. Login as a root user and type following command: # passwd -l vivek Linux unlocking an account Syntax : passwd -u {username} Unlock the account. This option re-enables an account by changing the password back to its previous value i.e. To value before using -l option. Example: Unlock user account named vivek. Login as a root user and type following command: # passwd -u vivek Q. How to Prevent root user from being able to log in via SSH service? A. Securing root account is one of the main tasks. Most systems have a password assigned to the root account. The first thing you do is assume that the password is always compromised. This does not mean that you should remove the password. The password is almost always necessary for console access to the machine. What it does mean is that you should not make it possible to use the password outside of the console. Direct root logins should only be allowed via the system console. 1) Login as a root user 2) Open /etc/ssh/sshd_config file # vi /etc/ssh/sshd_config 3) Make changes to ssh server configuration find the following line or edit the line from: PermitRootLogin yes Change it to: PermitRootLogin no 4) Save the changes 5) Restart sshd service # /etc/init.d/sshd restart The option PermitRootLogin specifies whether root can log in using ssh. Q. Why is it possible to create symbolic links across file system boundaries? A. Symbolic links link by pathname rather than inode number. As you know, each pathname is a unique file on a system. Because of this, it is possible to create symbolic links across file system boundaries. Try to create symbolic links using following command: $ touch /home/you/file1 # ln -s /home/you/file1 /tmp/file2 Q. Find out inode of both file1 and file2

# ls -i /home/you/file1 1567789 # ls -i /tmp/file2 1567795 As you can see inode number are unique to each file. So it is possible to create symbolic links across file system boundaries. Please note that in above example both /tmp and /home are two different file systems. Q. What is a rootkits? A. A rootkit is a set of software tools Used by a an intruder Installed by an intruder after gaining access to a computer system They hide: Logins Other processes Files and logs etc from user Rootkits exist for a variety of operating systems such as Linux, Solaris and versions of Microsoft Windows. A computer with a rootkit on it is called a rooted computer. Q. How do I find out the MAC address of my Linux or FreeBSD system? A. A mac address is acronym for media access control address, is a unique address assigned to almost all-networking hardware such as Ethernet cards, router etc. Most layer 2 network protocols use one of three numbering spaces managed by the IEEE: MAC-48, EUI-48, and EUI-64, which are designed to be globally unique. Following command work with Linux and other UNIX oses: $ /sbin/ifconfig | grep Hwaddr $ /sbin/ifconfig # grep eth0 /var/log/dmesg Q. Do I need antivirus software for linux? A. To be frank there is no serious viruses found so far for Linux. The main reason is Linux is quite secure as compare to Windows. Also, viruses cannot cause any serious damage if they are not activated by root user (that is why you need to use su or sudo command and always login as normal user). However if you are using any one of the following program then consider getting a good virus scanner: 1. Windows via Samba 2. Linux Email server 3. Linux as a router etc Most are windows virus that, may affects above program. Q. How To Use SSH in Unix or Linux shell script A.SSH client is a program for logging into a remote machine and for executing commands on a remote machine. ssh connects and logs into the specified hostname.The user must prove his/her identity to the remote machine using one of several methods depending on the protocol version used. If command is specified, command is executed on the remote host instead of a login shell. SSH general syntax ssh user@hostname command For example login into remote system called portal.nixcraft.com and find out who logged in, enter: $ ssh admin@portal.nixcraft.com who You can use same command in shell script. However, it will prompt for a password. To avoid password

prompt you need to ssh keys based login as specified in for password less login. Next, you can create a sample shell script as follows: $ vi sshscript.sh Type the following shell script lines: #!/bin/bash # Linux/UNIX box with ssh key based login enabled SERVER="192.168.1.1" # SSH User name USR="admin" OUT="out.txt" ssh $USR@$host w > $OUT Save and close the file. Type the following command to execute the script: $ chmod +x sshscript.sh $ ./sshscript.sh Q. Linux setup shared directory, Sharing a directory among users in same group is one of the essential tasks. You need to use chmod command and add user to appropriate group. To make idea clear here is an scenario: /home/myproj : is shared directory usr1, usr2, ... usrN : would like to work and share files in /home/myproj directory padmin : Main project administrator user A. Step # 1: Create a shared directory /home/myproj If this directory does not exist then create it: # mkdir /home/myproj Step # 2: Create the group shared group You need to create a new group. Let us assume group name is myproj # groupadd myproj Step # 3: Add user project administrator (padmin) and setup password: # useradd -d /home/myproj/ -g myproj -m padmin # passwd padmin Step #4: Add rest of users to group myproj # useradd -d /home/myproj/ -g myproj usr1 # passwd usr1 Add second user: # useradd -d /home/myproj/ -g myproj usr2 # passwd usr2 ... and so on... Step #5: Setup permission on /home/myproj directory as follows: (a) Setup group ownership to myproj group: # chown -R padmin.myproj /home/myproj/ (b) Setup full permission for group and owner on a directory: # chmod -R 775 /home/myproj/ (c) Setup sgid bit. So what is sgid bit? Normally whenever you creates file in a directory it belong to default group of user. When a file is created in a directory with the sgid bit set it belogns to the same group as the directory. The result is all users of myproj group can create/alter files in /home/myproj directory: # chmod -R 2775 /home/myproj/ OR # chmod -R g+s /home/myproj/

Q. How do I find out what network services are running or listing under Linux? A. For security reason it is necessary to find out what services are running. With the help of netstat command, you can print information about the Linux networking subsystem including running services. It can display program name and PID for each socket belongs to. Use netstat as follows: $ netstat -atup (OR) $ netstat -atup | grep LISTEN Where, -t : Select all TCP services -u : Select all UDP services -a : Display all listening and non-listening sockets. -p : Display the PID and name of the program to which each socket belongs Q. How do I find the url for my cgi-bin? A. The CGI is acronym for Common Gateway Interface. It is a standard for interfacing external applications with Apache Web servers. A CGI program is executed in real-time, so that it can output dynamic information. It can be written in Perl, Php, Bash, C/C++ or other programming languages. But how do I find the url for my cgi-bin? It's not in my /var/www/ directory. Apache web server use ScriptAlias directive defines cgi-bin directory that contain server scripts. You can use open Apache web server configuration file using text editor such as vi and look for ScriptAlias directive: httpd.conf file location: Debian Linux: $ vi /etc/apache-perl/httpd.conf Red Hat/ Fedora Core Linux: $ vi /etc/httpd/conf/httpd.conf FreeBSD: $ vi /usr/local/etc/httpd.conf You can also use grep command as follows to find out your cgi-bin directory: $ grep 'ScriptAlias' /etc/httpd/conf/httpd.conf ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ /usr/lib/cgi-bin/ is cgi-bin directory. If you have public_htm directory then cgi-bin directory should be inside this directory. Once you located cgi-bin directory you can use it. Default cgi-bin directory locations: Red Hat Linux: /var/www/cgi-bin/ Fedora Linux: /var/www/cgi-bin/ Debian Linux: /usr/lib/cgi-bin/ FreeBSD: /usr/local/www/cgi-bin/ Finally your url location depends upon directory location. You can use http://ip-address/cgi-bin or http://ipaddress/~yourname/cgi-bin (replace ip-address with your domain name) Q. How do I format Linux file system? Can you tell me command names to format and create a Linux file system? A. Formatting linux filesystem required for many reasons. If you want to expand file system or you just added new hard disk drive or create separate partitions for security and performance reasons. Whatever may be your reason(s) all file system creating involves creations of superblock, inode and other filesystem metadata structure. Fortunately, Linux comes with mkfs command to format filesystem. It is used to build a Linux file system on a device, usually a hard disk partition. General syntax of mkfs is as follows: mkfs -t filetype /dev/DEVICE OR mkfs.ext3 /dev/DEVICE Where,

-t filetype : File system type, it can be ext3, ext2, vfat etc /dev/DEVICE : Your device name i.e. partition /dev/hda1 or /dev/sda1 etc. An example Suppose you would like to format /dev/hda5 with ext3 file system. Step #1 Create the new filesystem with following command (first login in as a root user) # mkfs.ext3 /dev/sda5 Step # 2: Create mount point directory for the file system # mkdir /datadisk1 Step # 3: Mount the new file system Step #4: Create the new filesystem with following command (first login in as a root user) 2/3 # mount /dev/sda5 /datadisk1 Step # 5: Finally make sure file system /dev/hda5 automatically mounted at /datadisk1 mount point after system reboots. You need to add partition to /etc/fstab file. Use text editor such as vi to add following entry # vi /etc/fstab Add/append following entry to file: /dev/sda5 /datadisk1 ext3 defaults 0 2 Where, /dev/sda5 : File system or parition name /datadisk1 : Mount point ext3 : File system type defaults : Mount options 0 : Indicates whether you need to include or exclude this filesystem from dump command backup. Zero means this filesystem does not required dump. 2 : It is used by the fsck program to determine the order in which filesystem checks are done at reboot time. The root (/) filesystem should be specified with a #1, and otherfilesystems should have a # 2 value. Save file and exit to shell prompt. Q. Restrict ssh access using Iptable. How do I stop or restrict access to my OpenSSH (SSHD) server using Linux iptables based firewall? A. Linux iptables firewall can be use to block or restrict access to ssh server. Iptables command is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. However, you can also use tcpd, access control facility for internet services. Following is simple rule that block all incoming ssh access at port 22 iptables -A INPUT -p tcp -s 0/0 --sport 513:65535 -d 195.55.55.78 --dport 22 -m state -state NEW,ESTABLISHED -j DROP However in real life you need to use something as follows. Let us assume that your ssh server IP address is 195.55.55.78, remember ssh server use TCP port 22 for all incoming connection. With iptables you can block all incoming connection at port 22 with following two rules: iptables -A INPUT -p tcp -s 0/0 --sport 513:65535 -d 195.55.55.78 --dport 22 -m state -state NEW,ESTABLISHED -j DROP iptables -A OUTPUT -p tcp -s 195.55.55.78 --sport 22 -d 0/0 --dport 513:65535 -m state - -state ESTABLISHED -j DROP If you just want to deny access to group of IPS then you need to add following rules to your script: IPS="202.54.1.20 64.66.44.22 64.66.44.25" for i in $IPS do

iptables -A INPUT -p tcp -s 0/0 -s $i --sport 513:65535 -d 195.55.55.78 --dport 22 -m state --state NEW,ESTABLISHED -j DROP iptables -A OUTPUT -p tcp -s 195.55.55.78 --sport 22 -d $i --dport 513:65535 -m state --state ESTABLISHED -j DROP done Q.Linux how to determine the file system type A. $ df -T Q. How do I check and repair MS-DOS file systems under Linux? A. You can use Linux fsck (check and repair a Linux file system) program. However normal fsck looks for ext2 or ext3 file system. Use dosfsck program that check and repair MS-DOS file systems. It verifies the consistency of MS-DOS file systems and optionally tries to repair them. For example, run dosfsck on a MS-DOS formatted floppy disk: # dosfsck /dev/fd0 The following file system problems can be corrected using this program: FAT contains invalid cluster numbers. Directories with a large number of bad entries (probably corrupt). The directory can be dropped. Files . and .. are non-directories. Directories . and .. in root directory. They are dropped. Bad file names. They can be renamed. Duplicate directory entries. They can be dropped or renamed. Directory . does not point to parent directory. The start pointer is adjusted. File contains bad or free clusters. The file is truncated etc Q. How do I find file fragmentation for specific file under Linux? A. If you would like to find out file fragmentation [1] information for specific file, use filefrag command that report on file fragmentation.filefrag reports on how badly fragmented a particular file might be. It makes allowances for indirect blocks for ext2 and ext3 filesystems, but can be used on files for any filesystem. For example see file fragmentation for /var/log/message file: # filefrag -v /var/log/messages Q. How do I find out what ports are listening/open on my Linux / FreeBSD server? A. There are different commands on both Linux and UNIX server to find out what tcp/udp ports are listening or open on your own server. You can use netstat command, which print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships etc. Another (and suggested) option is to use lsof command, which list open files, and ports on Linux, FreeBSD, Solaris and other Unixish systems. netstat command to find open ports : # netstat listen Display open ports and established TCP connections: $ netstat -vatn For UDP port try following command: $ netstat -vaun If you want to see FQDN, remove -n flag: $ netstat -vat Display list of open ports # lsof -i To display all open files, use: # lsof To display all open IPv4 network files in use by the process whose PID is 9255, use: # lsof -i 4 -a -p 9255 Q. How do I find the current connections to a Samba server? A. Samba is a free software implementation of Microsoft's networking system. Samba provides file

and print services for various Microsoft Windows clients, it can integrate with a Windows Server domain, either as a Primary Domain Controller (PDC) or as a Domain Member. It can also be part of an Active Directory domain. You need to use smbstatus command, which report on current Samba connections. It is a very simple program o list the current Samba connections. In order to display current connection just type command: $ smbstatus Display more/detailed information: $ smbstatus -b Display verbose output: $ smbstatus -v Display only list of shares: $ smbstatus -s Q. How Do I Block an IP Address on My Linux server? A. In order to block an IP on your Linux server you need to use iptables tools (administration tool for IPv4 packet filtering and NAT) and netfilter firewall. First you need to log into shell as root user. To block IP address you need to type iptables command as follows: Syntax to block an IP address under Linux iptables -A INPUT -s IP-ADDRESS -j DROP Replace IP-ADDRESS with actual IP address. For example if you wish to block ip address 65.55.44.100 for whatever reason then type command as follows: # iptables -A INPUT -s 65.55.44.100 -j DROP If you have IP tables firewall script, add above rule to your script. If you just want to block access to one port from an ip 65.55.44.100 to port 25 then type command: # iptables -A INPUT -s 65.55.44.100 -p tcp --destination-port 25 -j DROP The above rule will drop all packets coming from IP 65.55.44.100 to port mail server port 25. Q. How do I find out the network path and/or router that is being used to reach a particular host on the internet? A. You need to use traceroute command, which display the route packets take to network host on the Internet. It traces a packet from your computer to an Internet host, showing how many hops the packet requires to reach the host and how long each hop takes. Very useful to troubleshot network problem. As you may be aware that the Internet is a large and complex aggregation of network hardware, connected together by gateways. Tracking the route one's packets follow (or finding the miscreant gateway that's discarding your packets) can be difficult. Tracing routes under Linux/UNIX Use traceroute command as follows: $ traceroute cyberciti.biz Tracing routes under MS-Windows NT/XP/2000/2003/Vista Use tracert command. Click on Start > Run and type following command: tracert cyberciti.biz Explain Virtual File System Virtual file system [2] (VFS) or Virtual filesystem switch is an abstraction layer on top of a more concrete file system. The purpose of a VFS is to allow for client applications to access different types of concrete file systems in a uniform way. A VFS can for example be used to access local and network storage devices transparently without the client application noticing the difference. Or it can be used to bridge the differences in Windows, Mac OS and Unix filesystems, so that applications could access files on local file systems of those types without having to know what type of file system they're accessing.

More info about VFS: You can learn more about Linux VFS here Vnodes: An Architecture for Multiple File System Types in Sun UNIX Book Understanding the Linux Kernel 2nd Ed Under Linux you can create a Virtual File System as follows Use dd command to create a VFS disk image (5 MB): $ dd if=/dev/zero of=/tmp/vfs-disk count=10240 Format your disk image with mkfs.ext3 command: $ mkfs.ext3 /tmp/vfs-disk When prompted for confirmation type 'y' to format VFS disk image. Mounting VFS with a loopback device: # mkdir -p /mnt/vfs0 # mount -o loop=/dev/loop0 /tmp/vfs-disk /mnt/vfs0 It will act as a normal file system. You can take this image to other computer and mount it. How do I upgrade the kernel in Linux without compiling from source code? You can use packaged kernel i.e. binary package to upgrade kernel. It will not just save your time but it modifies the boot-loader configuration file to include the new kernel. For example if you are using Debian Linux, use apt-get command to upgrade kernel. If you are on Red Hat Enterprise Linux then use up2date or rpm command. If you got rpm kernel package (Suse/Red Hat Linux): # rpm -ivh kernel-* If you are using Debian Linux, try command: # apt-get install linux-image-2.6.15-1-686 Tip you can find out list of available Linux kernel using following command: # apt-cache search kernel-image | less If you are using Red Hat enterprise linux (RHEL), use command: # up2date -f kernel kernel-smp kernel-source How do I test or check reverse DNS for given IP address under Linux or Windows XP/Server 2003? Reverse DNS lookup (also known as rDNS) is a process to determine the hostname associated with a given IP address. Typically, the DNS is used to determine what IP address is associated with a given hostname; so to reverse resolve a known IP address is to lookup what the associated hostname for it. A reverse lookup is often referred to simply as reverse resolving, or more specifically reverse DNS lookups. The most common uses of the reverse DNS are: => Anti-spam => Network troubleshooting

=> Avoid spammers and phishers using a forward confirmed reverse DNS etc You can use standard UNIX / Linux utilities such as nslookup, dig or hosts to find out reverse DNS of a given IP address. Task: Find Reverse DNS for IP 75.126.43.235 under Linux/UNIX $ host 75.126.43.235 Output: 235.43.126.75.in-addr.arpa domain name pointer cyberciti.org. IP 75.126.43.235 is reverse mapped to cyberciti.org. Task: Find Reverse DNS for IP 75.126.43.235 under Linux/UNIX/Windows nslookup works under Windows and UNIX like oses: nslookup 75.126.43.235 Output: Server: 208.67.222.222 Address: 208.67.222.222#53 Non-authoritative answer: 235.43.126.75.in-addr.arpa name = cyberciti.org. Authoritative answers can be found from: Q. How do I configure Linux as a router to perform Network Address Translation (NAT) using iptables? I am using Cent OS. A. NAT, also known as network masquerading, native address translation or IP-masquerading involves re-writing the source and/or destination addresses of IP packets as they pass through a router or firewall. Most systems using NAT do so in order to enable multiple hosts on a private network to access the Internet using a single public IP address. NAT is very popular because of IPv4 address shortage. There are a few ways to set up a Linux machine to route. Iptables uses MASQUERADE targets. This is a special,restricted form of SNAT for dynamic IP addresses, such as most Internet service providers provide for modems or DSL. Type following commands at shell prompt as root user: # echo "1" > /proc/sys/net/ipv4/ip_forward # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE # /etc/init.d/iptables save # iptables -L Q. I have noticed that spammers continually try to make a connection (email flooding attack). How do I enforce a number of limits on incoming mail so that I can protect hosted email domains? A. Postfix (smtpd daemon) can enforce a number of limits on incoming email. This will stop email flooding attacks.A bot connects to your Postfix email server and sends garbage commands or spam, attempting to crash your server. You can limit: => The length of lines in a message and so on => The size of messages => The number of recipients for a single delivery Try following directives in your postfix main.cf config file: smtpd_error_sleep_time - The SMTP server response delay after a client has made more than $smtpd_soft_error_limit errors, and fewer than smtpd_hard_error_limit errors, without delivering mail. smtpd_soft_error_limit : The number of errors a remote SMTP client is allowed to make without delivering mail before the Postfix SMTP server slows down all its responses.

smtpd_hard_error_limit : The maximal number of errors a remote SMTP client is allowed to make without delivering mail. The Postfix SMTP server disconnects when the limit is exceeded. Open config file # vi main.cf Append following directives: smtpd_error_sleep_time = 1s smtpd_soft_error_limit = 10 smtpd_hard_error_limit = 20 Save and restart/reload postfix configuration # /etc/init.d/postfix restart Postfix waits one second before each error such as HELO command not provided or FQDN hostname does not exists etc After 10 such errors postfix will start to increase delay. If error limits touches 20 Postfix will disconnect client. You can see this in action from /var/log/maillog file: Q. How do I configure Sendmail email server to use SSL encryption for sending/receiving email? I have already obtained or received the required valid SSL certificate. It is stored in /etc/mail/ssl directory as follows: SSL Keys and Certification files => /etc/mail/ssl/sendmail.pem => /etc/mail/ssl/ca-bundle.crt Now how do I configure sendmail for SSL under Fedora Core or RHEL or Cent OS? A. Sendmail is a mail transfer agent (MTA) and you need a valid SSL certificate on the server. Sendmail remains the most popular MTA on the Internet, although this is probably fading. Its popularity is due in part to its position as the standard MTA under most variants of the Unix operating system. Sendmail can be configured to encrypt email via the secure socket layer (SSL) when you want to send and receives emails. Open sendmail configuration file /etc/mail/sendmail.mc using text editor such as vi: # vi /etc/mail/sendmail.mc Now append/modify following directives: define(`confCACERT_PATH',`/etc/mail/ssl/certs') define(`confCACERT',`/etc/mail/ssl/ca-bundle.crt') define(`confSERVER_CERT',`/etc/mail/ssl/sendmail.pem') define(`confSERVER_KEY',`/etc/mail/ssl/sendmail.pem') And make sure port is set to smtps (secure smtp i.e. port 465): DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl Restart sendmail and secure pop3s/imaps Type the following commands to restart sendmail and related services: # /etc/init.d/sendmail restart # chkconfig pop3s on # chkconfig imaps on # /etc/init.d/xinetd restart

pop3s and imaps will start from xinetd How do I generate certificates locally for testing purpose only? If you don't have certificates you can generates certificates locally on Cent OS/RHEL/Fedora Core. Type the following commands: # cd /usr/share/ssl/certs # make sendmail.pem Now open sendmail /etc/mail/sendmail.mc config file and append/modify directives as follows: define(`confCACERT_PATH',`/usr/share/ssl/certs') define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt') define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem') define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem') DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl incentive