Linux

From DigitalOps.Org Wiki

Contents 1 Links 2 Linux Tips & Tricks 2.1 Finding everything in a particular directory, except... 2.2 What is my DHCP lease time? 2.3 What disks does this machine have? 2.4 Changing what runs in each run level 2.5 Using wget behind a HTTP proxy 2.6 Using sftp/ssh behind a HTTP proxy 2.7 SSH without a password 2.8 Create a random or zero'ed file 2.9 Performance tip on Linux VMs 2.10 Disk Management on Linux VMs 2.11 Keep an SSH session alive 2.12 Change a process to run with lowest priority 2.13 Set the DISPLAY variable automatically when logging in via PuTTY 2.14 Determine SCSI ids for disks 2.15 What is LVM all about? 2.16 How to create a read-only LVM snapshot? 2.17 Useful NFS tuning tips 2.18 Split a large file into smaller chunks 2.19 Setting the TimeZone (RHEL + CentOS)

Links

• Some great security hardening tips for Linux (RHEL5) can be found on the NSA website.

Linux Tips & Tricks

Finding everything in a particular directory, except...

Use find like this example, find everything in path /some/path except anything in directories with the .vws suffix:

$ find /some/path -wholename '*.vws' -prune -o -print

What is my DHCP lease time?

Take a look in /var/lib/dhclient for files called dhclient-<interface>.leases. For example: dhclient-eth0.leases.

What disks does this machine have?

Use fdisk -l to list them:

# fdisk -l

Disk /dev/sda: 80.0 GB, 80026361856 bytes
255 heads, 63 sectors/track, 9729 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *           1          13      104391   83  Linux
/dev/sda2              14        9729    78043770   8e  Linux LVM

Changing what runs in each run level

Use chkconfig to list and update the services.

# chkconfig --list httpd
httpd           0:off   1:off   2:off   3:off   4:off   5:off   6:off
# chkconfig --level 35 httpd on
# chkconfig --list httpd
httpd           0:off   1:off   2:off   3:on    4:off   5:on    6:off

Using wget behind a HTTP proxy

Create a file called .wgetrc in $HOME. The contents should look something like:

http_proxy=http://proxy.hostname.com:8080
proxy-user=DOMAIN/username
proxy-passwd=password

Using sftp/ssh behind a HTTP proxy

Use corkscrew as per these instructions.

SSH without a password

First log in on A as user a and generate a pair of authentication keys. Do not enter a passphrase:

a@A:~> ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/a/.ssh/id_rsa): 
Created directory '/home/a/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/a/.ssh/id_rsa.
Your public key has been saved in /home/a/.ssh/id_rsa.pub.
The key fingerprint is:
3e:4f:05:79:3a:9f:96:7c:3b:ad:e9:58:37:bc:37:e4 a@A

Now use ssh to create a directory ~/.ssh as user b on B. (The directory may already exist, which is fine):

a@A:~> ssh b@B mkdir -p .ssh
b@B's password: 

Finally append a's new public key to b@B:.ssh/authorized_keys and enter b's password one last time:

a@A:~> cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys'
b@B's password: 

From now on you can log into B as b from A as a without password:

a@A:~> ssh b@B hostname
B

NOTE: Depending on your version of SSH you might also have to do the following changes:

• Put the public key in .ssh/authorized_keys2
• Change the permissions of .ssh to 700
• Change the permissions of .ssh/authorized_keys2 to 640

Create a random or zero'ed file

Use dd:

$ dd if=/dev/urandom of=random.blob bs=1M count=2
$ dd if=/dev/zero of=zeroed.blob bs=1M count=2

Performance tip on Linux VMs

Add elevator=noop to the kernel boot parameters to stop the Linux kernel fighting with the hypervisor when scheduling disk I/O. Something like this should do it (in /boot/grub/menu.lst for example):

title Red Hat Enterprise Linux Server (2.6.18-164.11.1.el5)
        root (hd0,0)
        kernel /vmlinuz-2.6.18-164.11.1.el5 ro root=LABEL=/ rhgb quiet crashkernel=128M@16M elevator=noop
        initrd /initrd-2.6.18-164.11.1.el5.img

Some more info can be found here and here.

Disk Management on Linux VMs

Find some excellent info on adding and resizing disks on Linux VMs here

Keep an SSH session alive

I found adding ServerAliveInterval can help here, add this to ~/.ssh/config:

Host *
ServerAliveInterval 30

Change a process to run with lowest priority

Use renice and ionice like this:

# renice 20 <pid>
# ionice -c3 -p<pid>

Set the DISPLAY variable automatically when logging in via PuTTY

• Ensure the Enable X11 forwarding option is ticked in PuTTY under Connection->SSH->X11
• Make sure the xorg-x11-xauth.x86_64 package or equivalent is installed on your Linux machine

Determine SCSI ids for disks

Try dmesg and grep for Attached, for example:

# dmesg | grep Attached
sd 0:0:0:0: Attached scsi disk sda
sd 0:0:1:0: Attached scsi disk sdb
sd 0:0:2:0: Attached scsi disk sdc
sd 0:0:0:0: Attached scsi generic sg0 type 0
sd 0:0:1:0: Attached scsi generic sg1 type 0
sd 0:0:2:0: Attached scsi generic sg2 type 0

What is LVM all about?

See http://www.ibm.com/developerworks/linux/library/l-lvm2

How to create a read-only LVM snapshot?

Use lvcreate with the --snapshot option. The amount of space you allocate (--extents) will be the amount of change the snapshot can accommodate, this should be enough for the filesystem to grow while the snapshot exists. For example:

# lvcreate --extents 100%FREE --snapshot --permission r --name Snap /dev/VolGroup00/LogVol00

Using --extents 100%FREE allocates all the spare capacity in the Volume Group to the snapshot.

Useful NFS tuning tips

See http://vmwareesxinfs.blogspot.com

Split a large file into smaller chunks

Use split like this:

$ split --bytes=1024m bigfile.iso smallfile_

Join it back together with cat:

$ cat smallfile_* > bigfile.iso

OR on Windows use copy:

> copy /b smallfile_* bigfile.iso

Setting the TimeZone (RHEL + CentOS)

In order to change the timezone of your system you will need to access the file /etc/sysconfig/clock directly:

ZONE="GMT"
UTC=false

Note: If your system's BIOS has UTC set to true, then set UTC to true. If it has it set to false, set it to false. UTC in the configuration file must always reflect your BIOS settings.

In order to get the particular zone you wish to use you must associate ZONE with a file located in /usr/share/zoneinfo. It is wise to note the directory structure because if you need to set the timezone to that of Shanghai which is located in the Asia directory you will then have to set your ZONE variable to the following :

ZONE="Asia/Shanghai" Or perhaps you need to set the timezone to that of East Brazil : ZONE="Brazil/East" Finally save the file /etc/sysconfig/clock and on next reboot the system will be set to the defined timezone.

For the time on the machine to reflect the changed timezone we need to link the zoneinfo file to /etc/localtime. This can be done as follows :

If you are setting your timezone to "Brazil/East" link the following file to /etc/localtime :

# ln -sf /usr/share/zoneinfo/Brazil/East /etc/localtime

Now by typing the date command to display the time you should see if reflect the newly linked timezone :

# date
Thu Sep 30 10:06:23 BRT 2004