##########################################################################
# Linux Notes                                                            #
# Anuradha Weeraman, 25 November 2003                                    #
# $Id: linux-notes.txt,v 1.1 2004/06/02 21:17:53 anuradha Exp $          #
##########################################################################

--- Loopback
dd if=/dev/zero of=minifs bs=1k count=1024
losetup /dev/loop0 minifs
mke2fs /dev/loop0
mount /dev/loop0 /mnt
umount /mnt
losetup -d /dev/loop0
----------

--- Dot files
vi .inputrc
horizontal-scroll-mode On
----------

--- System integrity checking
find /bin -type f | xargs md5sum > binfiles.md5
md5sum -c binfiles.md5
----------

--- DHCP and BOOTP protocols
/sbin/pump
----------

--- Partitions
/sbin/sfdisk -l /dev/hda
/sbin/sfdisk -V
----------

--- Bandwidth
/sbin/shapecfg
----------

--- Named pipes
mkfifo testpipe
echo "whoa" > testpipe &
cat testpipe
rm testpipe
----------

--- Ghostscript
gs -sDEVICE=epson -r100x100 -sPAPERSIZE=a4 ipchains-quickref.ps

in the gs prompt, type
(epson) selectdevice
(ipchains-quickref.ps) run
----------

--- Device files
When device files aren't being used, they are owned by root, but when
they are, they are owned by the user using them. Perfect example is the
/dev/ttyx device files. Log in and check the ownership of the device
file, then logout and repeat the above.
----------

--- cron
Format:
	minute hour dayofmonth monthofyear dayofweek commandstring
Example:
	to carry out a task every minute,
	1 * * * * /bin/sync
----------

--- Shell
In shell programming $1, $2, $3 .... represent the arguments passed into
the script. $0 embodies the command itself and $# has the number of
arguments, thus
	./repeat arg1 arg2 arg3

	$1 = arg1
	$2 = arg2
	$3 = arg3
	$0 = ./repeat
	$# = 3
----------

--- Hidden directories
You can make directories which will be difficult for others to enter by
including a literal space at the end of the directory name at the time
of making, such as
	mkdir bin\ 
	# theres a space after the backslash
it would then appear like a normal directory but to go into it, other
than using graphical utilities would mean typing
	cd bin\ 
----------

--- last
To quickly query wtmp for previous reboots,
	last reboot

Or when particular users have logged in
	last user
	last anuradha
	last anuradha chathra
----------

--- gcc
To compile a program and link it to an external library :
	gcc -o mathprog mathprog.c -lm
-lx specifies which library to use. -l<libname> will link
the program to /usr/lib/lib<libname>.a, so -lm will link
it to /usr/lib/libm.a.

To colorify gcc output, use :
	colorgcc
	export CC="colorgcc"
----------

--- Patching the kernel
If the kernel sources reside in /usr/src/linux then just do a
	patch -p0 < patchfile
else
	patch -p1 < patchfile # while in the parent dir of the kernel sources
			      # that are in a directory called 'linux'

Be on the lookout for *.rej files as they indicate whether something has gone
wrong. To unapply a patch :
	patch -R < patchfile
----------

--- nasm/gas
nasm :
	save file as phile.asm
	nasm -f elf phile.asm
	ld -s -o phile phile.o

gas :
	save file as phile.S
	as -o hello.o hello.S
	ld -s -o hello hello.o
----------

--- sysrq
The sysrq key differs from platform to platform. on ibms its printscreen.
also check out /usr/src/linux/Documentation/sysrq.txt do these when your
computer is really stuck.

alt-sysreq-e	:	term all processes
alt-sysrq-s	:	sync disks
alt-sysrq-u	:	unmount disks
alt-sysrq-b	:	reboot
----------

--- gcc
To make sure that your C code is portable, and conforms to ANSI standard, use
-Wall and -pedantic switches when compiling.
----------

--- OpenBSD
To mount an openbsd partition, first u must have support compiled in to the
kernel. assume that the openbsd partition is /dev/hda4

	mount -t ufs -o ufstype=44bsd -o ro /dev/hda4 /mnt

To mount a linux partition from openbsd, first do a :

	disklabel wd0

find out the linux partition letter, assume its j in this case,
and then :

	/sbin/mount_ext2 /dev/wd0j /mnt
----------

--- Solaris
Mounting a solaris formatted disk with a ufs filesystem is as follows :
(UFS support has to be compiled into the kernel in order to do this)

	mount -t ufs -o ro,ufstype=sunx86 /dev/fd0 /floppy

UFS is currently supported only in read-only mode.
----------

--- RAMFS
Compile ramfs support into the kernel and...
	mount -t ramfs ramfs /ramfs
put anything in the directory and it will exist only in RAM.
----------

--- NMAP
To see whether ssh is running on a host and who is its owner
	nmap -I -sT -p22 host
To be a bit more secure when nmapping
	nmap -P0 -sS -Ddecoyhost1,decoyhost2,decoyhost3 targethost
decoyhosts should be resolvable

To nmap all the hosts in a company zone file :
	host -l company.com | cut '-d' -f 4 | nmap -v -
----------

--- netcat
You can use netcat to initiate a miniature server on a machine that
can be used to serve files to another on logging into a specified
port. This is easily scripted.

	rhost:~$ nc -l -p 1234 < file &

on the remote machine, you could just

	lhost:~$ nc rhost 1234 > file

and the file will be saved after being redirected from STDIN.
i believe you could also specify the host that can get the data in
the -l argument such as

	rhost:~$ nc -l lhost -p 1234 < file &

so only specific hosts can get the data. This is a very important
security measure because the data can be revealed on a port scan
to anyone.

This can be reversed :
	lhost~$: nc -l -p 1234 > file &
	rhost~$: nc lhost 1234 < file

To get a hex dump of the session :
	lhost~$: nc -l -p 1234 -o hexdump

The detach-from-console option (-d) can be used to hide netcat.

For encrypted netcat, get cryptcat from farm9.com which uses schneier's
twofish algorithm
----------

--- Portscanning
You can also use netcat to portscan. just do a

	nc -v -w 2 -z sucker.host.com 20-30

and it will scan all ports between 20 and 30 and tell you which ones
are open. Almost as fast as nmap on localhost but I wonder how it
is on a network or a dialup. A -r will make the portnumbers random
within the specified range :

	nc -v -w 2 -z -r sucker.host.com 20-30
----------

--- Stress testing
You can use netcat to stress test kernels, network interfaces etc.
	rhost:~$ yes aaaaaaaaaaa | nc -v -v -l -p 2000 > /dev/null
	lhost:~$ yes bbbbbbbbbbb | nc rhost 2000 > /dev/null
----------

--- Terminal colors
You can see what colors 'ls' uses by 'dircolors'. to display something
in, say blue, you have to type
	echo -n " Anuradha Rules"; echo "[00;"

The  is got by typing CTRL-v and ESC. The color code is got from
the di=01;34 where I presumed that di is probably the color code for
directories.
----------

--- console-tools
'dumpkeys' shows the active keymap. 'loadkeys' allows to load an
alternative keymap. 'kbd_mode' shows the current keyboard mode.
'unicode_start' puts console in unicode mode. 'unicode_stop' does the
opposite.

Do a 'dpkg -L console-tools' for other tools in this package.
----------

--- Partition ids
To see the partition ids run 'fdisk' and type 'l'
----------

--- Booting
after POST, int 19 is called which seeks the floppy drive for a boot
sector, and if present copies its contents 0000:7c00 and runs it. else
it will search for bootable partitions in the MBR and if found, its
boot record is copied to the same memory location and executed. if this
fails, ROM BASIC is entered via int 18. all other errors cause a system
hang. boot sector is read by int 13.
----------

--- Partition caveats
OpenBSD requires a primary partition to install, in BSD terminology, a
primary partition is known as a slice. The 'disklabel' program then
creates upto 8 logical partitions within this and are referred to as
'partitions' in BSD terminology. BSDs cannot be installed on extended
partitions.
                         Linux           FreeBSD
First IDE drive         /dev/hda        /dev/wd0
Second IDE drive        /dev/hdb        /dev/wd1
First SCSI drive        /dev/sda        /dev/sd0
Second SCSI drive       /dev/sdb        /dev/sd1

To use BSD partitions successfully, you must compile your kernel with
UFS filesystem support and BSD disklabel support.
----------

--- lilo
When booting from a hard disk other than your first, you need to specify
the chain loader in lilo.conf like :
	loader=/boot/chain.b
----------

--- Apache
To enable embperl on a machine with apache and mod_perl installed,
first install libhtml-embperl-perl and then add the following code
snippet to your access.conf (or httpd.conf):

	PerlModule HTML::Embperl
	<Directory /var/www/embperl>
		SetHandler perl-script
		Options ExecCGI
		PerlHandler HTML::Embperl::handler
	</Directory>
----------

--- Fonts
Adding new fonts to the system :
	mkfontdir directory
	xset fp+ directory
	xset fp rehash


To check them out :
	xfontsel
	xlsfonts -fn fontpattern
	xfd -fn font

See the unicode howto for more info on fonts in general.
----------

--- Unicode
Converting files to utf-8 :
	iconv --from-code=ISO-8859-1 --to-code=UTF-8 < oldfile > newfile
----------

--- Shell
By typing ctrl-. you can recall the arguments of the previous commands.

!! executes the last command

The history file is written to when logged out, to prevent writing the
history file,

	kill -9 $$

Type 'cd -' to go to the directory you were before

To print a particular column of a command :
	ps aux | cut -d" " -f 1
----------

--- processes
To stop and continue and process :

	kill -STOP <PID>
	kill -CONT <PID>

To change priority levels :
	nice -n 10 top

To change priority levels of a running program :
	renice
----------

--- netstat & Syn attacks
To see the sockets current in SYN_RECV state :

	netstat -na | grep SYN_RECV

Useful to check whether you are under a syn attack

If you are under such an attack, you need to see whether your kernel has
syncookie protection. If the file /proc/sys/net/ipv4/tcp_syncookies exists
then your kernel supports it. To turn it on :

	echo 1 > /proc/sys/net/ipv4/tcp_syncookies

The number of half open connections should drop. Once the cracker has left
you can turn it off by echoing a 0 to the proc file.
----------

--- strace
To see what command any process is doing right now :

	strace -p <pid>

This is a very important tool especially during tuning.
----------

--- Disk tuning
To remove the filesystem recording the accessed-time field in files :

	chattr +A filename
	chattr -R +A /var/spool

or if you wish to do so for the entire partition :

	/dev/sdb1 /var/spool/news ext2 defaults,noatime 1 2
----------

--- disassembling
objdump -d /bin/ls
----------

--- Sniffing and Forensics
tcpdump -s 2000 -w tcp.dump
snort -vder tcp.dump
----------

--- Hi Tex
To use a tex document :

	latex doc.tex

This converts the tex document into a dvi file (device independent format), it
can then be converted into a format you like.

To view the dvi file
	xdvi doc.dvi

To convert to pdf :
	dvipdf doc.dvi

To convert to ps :
	dvips doc.dvi
----------

--- Slackware
Slackware follows the BSD style when it comes to booting so it executes the
following files in that order :

	/etc/rc.d/rc.inet1 (network interfaces)
	/etc/rc.d/rc.inet2 (network services)
----------

--- Terminal
'tput' is a nice utility that allows u to do stuff with the terminal.
to position cursor at 10,4

	tput cup 10, 4
----------

--- Shell
When coding backticks commands, make sure you have an extra backslash for every
backslash. so
	'... sed 's/\/\\\//g'
becomes 
	'... sed 's/\\/\\\\\\//g'
for the first level of backticks. and an additional backslash for every
subsequent level. Don't ask me why.

To perform arithmetic operations in shell :
	echo $((1+1))
or
	echo $[1+1]
or
	echo 1+1 | bc
or
	echo 3/4 | bc -l
----------

--- info
If you can't stand the hyperlinked info format, you could always resort
to this :

	info --subnodes --output - | less
	info --subnodes --output - gcc | less
----------

--- Acct
	ac	:	usage summary in number of hours
	ac -d	:	hours used on a day-to-day basis
	ac -p	:	summary of usage by users (people)

accton on is used to turn accounting on and off.

lastcomm is part of the accounting package and it can be used
to see the previously executed commands on a unix system.

	lastcomm tty1
	lastcomm elvis

lastcomm flags :
	S - command executed by super-user
	F - command executed after a fork but without a following exec
	C - command run in PDP-11 compatibility mode (VAX only)
	D - command terminated with the generation of a core file
	X - command was terminated with the signal SIGTERM
----------

--- Background
bash is a sh-compatible command language interpreter and is intended to be a
conformant implementation of IEEE POSIX shell.
----------

--- Options
-c string	:	commands are read from string
-r		:	restricted shell
-i		:	interactive shell
-s		:	commands are read from stdin
-v		:	print shell input lines as they are read
-x		:	print commands are args as they are executed
-D		:	a list of all double quoted strings preceded by a $ is
			printed. -n is implied; no commands will be executed.
[-+]O [shopt_option]
		:	see man page
--		:	signals the end of options and disables further option
			processing
----------

--- Exim
Exim seems pretty versatile, being able to mimic quite a number of MTAs
like sendmail, qmail etc. here are some quick options to remember.

	exim -bp	:	list the contents of the mail queue
	exim -bP	:	show all configuration options
		exim -bP director_list
		exim -bP router_list
		exim -bP transport_list
			exim -bP director DIRECTOR
			exim -bP router ROUTER
			exim -bP transport TRANSPORT
	exim -bt	:	interactive address testing mode
				(use -f when using this to test
				anything other than the default domain)
	exim -bV	:	version information
	exim -bv	:	also for address verifying but skips
				directors and routers which have been
				configured to not verify
	exim -F <string> <email_address>
			:	set the senders full name using gecos
				field for locally generated mail.
				type a (.) on a line by itself to end
				the mail.
	exim -f <string> <email_address>
			:	set the address of the sender in a
				locally generated mail. type a (.) to
				end the mail.
	exim -M <message-id>
			:	the arguments are interpreted as message
				ids and are attempted to be sent even if
				the normal retry time has not yet been
				reached if the mail had been frozen. the
				user has to be an admin user
	exim -Mar <message-id> <address> <address> ...
			:	exim add the addresses to the list of
				recipients of the message
	exim -Meb <message-id>
			:	opens the message in editor
	exim -Mes <message-id> <address>
			:	changes the recipient address while in
				the queue
	exim -Mf <message-ids>
			:	freezes messages until thawed
	exim -Mg <message-ids>
			:	cancels delivery of message and notifies
				sender, only admin can do this
	exim -Mmad <message-id>
			:	marks the recipients of the message
				as having already received the mail
	exim -Mmd <message-id> <address> <address> ...
			:	marks the given addresses as having
				received the mail
	exim -Mrm <message-id>
			:	message is completely removed from queue
	exim -Mt <message-id>
			:	thaws frozen messages and resumes sending
	exim -Mvb <message-id>
			:	message body is sent to standard output
	exim -Mvh <message-id>
			:	displays message header
	exim -Mvl <message-id>
			:	contents of log spool file is displayed

Read the 'exim' man page for more info on the -oxx -pxx -qxx -Rxx -t -v -x
options. Also read stuff in /usr/doc/exim and 'apt-get install exim-doc'.
----------

--- Less Shortcuts
Small cheatsheet on 'less' keyboard shortcuts.

down						-	j
up						-	k
page down					-	f
page up						-	b
forward half-window				-	d
backward half-window				-	u
repaint screen					-	r

search forward					-	/pattern
search backward					-	?pattern
repeat last search				-	n
repeat last search in reverse direction		-	N
repeat previous search spanning files		-	ESC-n
repeat previous search, reverse dir &
spanning files					-	ESC-N
undo toggle, search highlighting		-	ESC-u
goto first line					-	g, <
goto last line					-	G, >
go down the file by a certain percentage	-	n %

mark a position					-	m<letter>
goto a previously marked position		-	'<letter>
goto the previous position			-	''

examine a new file				-	:e [file]
examine the next file				-	:n
examine the previous file			-	:p
examine the first file				-	:x
delete current file from list			-	:d
print current file name				-	=, ^G, :f
execute shell command				-	!command
pipe text between current pos and mark X to cmd	-	|Xcommand
----------