This is an old revision of the document!
#!/bin/bash case "$1" in start) ;; stop) PID=`ps -ax | grep '[D]AEMON' | awk '{print $1}'` ;; *) echo "Usage: $0 {start|stop}" exit 1 ;; esac exit 0
where DAEMON
is the name of the daemon the script is supposed to manage.
#!/bin/sh LOCAL_IF="eth1" NET_IF="eth0" iptables -F iptables -t nat -F iptables -X iptables -P INPUT DROP # Accept local network iptables -A INPUT -i $LOCAL_IF -j ACCEPT # and loopback. iptables -A INPUT -i lo -j ACCEPT # accept established, related iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # masquerade iptables -t nat -A POSTROUTING -o $NET_IF -j MASQUERADE # ip-forwarding echo "1" >/proc/sys/net/ipv4/ip_forward
On Debian-like Linux systems, including Ubuntu, Udev by default keeps track of the MAC address of network interfaces. If you happen to replace a network card, the operating system increments the interface number instead of reporting just the cards that it finds in the computer at that time. To stop this behavior, the following Udev ruleset can be eliminated:
echo "" > /etc/udev/rules.d/70-persistent-net.rules
After a reboot, Udev will stop renaming the interfaces (as it should have done from the start).
A different way to stop Linux from changing the interface names is to append:
net.ifnames=0
to the kernel command line (for grub, by editing /etc/default/grub
and adding it to GRUB_CMDLINE_LINUX_DEFAULT
).
* * * * * command to execute | | | | | | | | | +-- day of week (0-7) (Sunday=0 or 7) | | | +----- month (1-12) | | +-------- day of month (1-31) | +----------- hour (0-23) +-------------- minute (0-59)
The following command will return the IP address of the interface eth0
:
/sbin/ifconfig eth0 | grep "inet addr" | awk -F: '{print $2}' | awk '{print $1}'
A common problem on linux is that packets coming in from an interface do not necessarily get a reply from a server out of the same interface that they came in from. In order to fix this, we have to set-up a few routing tables by editing /etc/iproute2/rt_tables
and adding, for example, two tables:
100 table_a 101 table_b
then, we can route the packets out of the same interface that they came in from using:
ip route add default via $GATEWAY_A dev $INTERFACE_A src $IP_A table table_a ip rule add from $IP_A table table_b
where:
$GATEWAY_A
is the gateway IP for an interface.$INTERFACE_A
is the interface that the packets come in from.$IP_A
is the IP address assigned to the interface.
To prelink binaries, using the prelink
tool:
prelink -amR
To restore:
prelink -au
tune2fs -O dir_index /dev/sda2
Where /dev/sda2
contains an Ext3 filesystem.
ps -eo pcpu,pid,user,args | sort -k 1 -r | head -10
Made by Blagovest ILIEV and adapted to GIF animation.
After downloading the source, applying the necessary patches, issue:
make menuconfig
and configure the kernel. After that issue:
make-kpkg --initrd kernel_image
to make a .deb
package which will be placed one level up from the kernel source directory.
Note that building an initrd
image is essential because it contains the necessary drivers to bootstrap the boot system. If you recompile manually, the old way, Debian will not boot.
After modifying the database configuration at /etc/tripwire/twpol.txt
, the following script can be used to regenerate the database:
#!/bin/sh -e twadmin -m P -S site.key twpol.txt twadmin -m F -S site.key twcfg.txt tripwire -m i
For example to link any /dev/grsec
device to /dev/grsec2
, add a file at /etc/udev/rules.d/60-grsec-compatiblity.rules
with the following contents:
KERNEL=="grsec*", SYMLINK+="grsec2"
Suppose you have a parent directory upper
, and that the directory upper
is group-owned by a group called maintain
.
You want that all new directories and files under that parent directory upper
, regardless by whom they are created (ie: root
) to be group-owned by maintain
.
This can be accomplished by setting the set-guid flag on the parent directory upper
:
chmod g+s upper
localmodconfig
can be used to auto-detect the necessary modules for the kernel.
make localmodconfig
For a disk with the following partition layout:
first install syslinux
and then issue:
mkdosfs -F32 /dev/sdc1
to format /dev/sdc1
to MS-DOS.
Now copy the MBR
file to the drive:
dd if=/usr/share/syslinux/mbr.bin of=/dev/sdc
Finally, install syslinux
:
syslinux /dev/sdc1
Next step is to make the disk bootable with fdisk
(run fdisk /dev/sdc and press a
to toggle the bootable flag).
getconf PAGE_SIZE
This can be accomplished with:
dstat -t -c 5 500
where t
indicates time-based output and c
stands for CPU
.
The output is:
----system---- ----total-cpu-usage---- time |usr sys idl wai hiq siq 11-02 18:33:24| 3 1 95 0 0 0 11-02 18:33:29| 14 3 83 0 0 0
Other options are also available:
Flag | Meaning |
---|---|
c | CPU |
d | disk (read, write) |
g | page stats (in, out) |
i | interrupts |
l | load (1min, 5min, 15min) |
m | memory (used, buffers, cache, free) |
n | network (receive, send) |
p | process stats (runnable, uninterruptible, new) |
r | I/O request stats (read, write) |
s | swap stats (used, free) |
y | system stats (interrupts, context switches) |
aio | asynchronous I/O |
fs | filesystem (open files, inodes) |
ipc | IPC stats (queues, semaphores, shared memory) |
lock | file locks (posix, flock, read, write) |
raw | raw sockets |
socket | sockets (total, tcp, udp, raw, ip-fragments) |
tcp | tcp stats (listen, established, syn, time_wait, close) |
udp | udp stats (listen, active) |
unix | unix stats (datagram, stream, listen, active) |
vm | vm stats (hard pagefaults, soft pagefaults, allocated, free) |
To renumber partitions we first dump the table using sfdisk
:
sfdisk -d /dev/sda > sda.table
then, we edit sda.table
to edit the partitions:
# partition table of /dev/sda unit: sectors /dev/sda1 : start= 2048, size= 4194304, Id=82 /dev/sda2 : start= 0, size= 0, Id= 0 /dev/sda3 : start= 4196352, size= 47747546, Id=83, bootable
In this case, we will delete the line starting with /dev/sda2
and rename /dev/sda3
to /dev/sda2
:
# partition table of /dev/sda unit: sectors /dev/sda1 : start= 2048, size= 4194304, Id=82 /dev/sda2 : start= 4196352, size= 47747546, Id=83, bootable
Next, we restore the modified table:
sfdisk /dev/sda < sda.table
netstat -an | awk '/^tcp/ {A[$(NF)]++} END {for (I in A) {printf "%5d %s\n", A[I], I}}'
To scroll the virtual terminal up and down use the keys Shift+Page↑ and Shift+Page↓. In case you are using a Mac keyboard without Page↑ or Page↓, then the keys Shift+Fn+↑ and Shift+Fn+↓ should achieve the scrolling.
date
can be used to set the system clock, however hwclock
has to also be used to set the hardware clock. First we set a date using date
:
date -s "1 MAY 2013 10:15:00"
or in two commands using formatting characters; first the date:
date +%Y%m%d -s "20130501"
then the time:
date +%T -s "10:15:00"
After that, the hardware clock has to be set (the hardware clock runs independent of the Linux time and of other hardware, powered by a battery). To set the hardware clock to the system clock (since we have already done that above), issue:
hwclock --systohc
Or, as an independent command, to set the hardware clock to local time:
hwclock --set --date="2013-05-01 10:15:00" --localtime
of for UTC
:
hwclock --set --date="2013-05-01 10:15:00" --utc
The load-average is included in the uptime
command:
09:48:35 up 8 days, 7:03, 5 users, load average: 0.24, 0.28, 0.25
The load average numbers are scaled up to the number of CPU
s. For example, on a quad-core CPU, the maximal load-average (when all 4 cores are busy) would be 4
. The numbers thus represent only a fraction of the total CPU power that is currently being utilised.
dhclient
is responsible in most Linux distributions for acquiring the DHCP
parameters from upstream DHCP
servers. The configuration can be altered to not pull name-servers and instead prepend some static name-servers. The configuration has to changed such that the domains a prepended:
prepend domain-name-servers 1.1.1.1, 2.2.2.2;
where 1.1.1.1
and 2.2.2.2
represent name-servers IP
addresses.
Next, the domain-name-servers
and domain-search
directives should be removed from the request
clause, the result looking like:
request subnet-mask, broadcast-address, time-offset, routers, domain-name, host-name, dhcp6.name-servers, dhcp6.domain-search, netbios-name-servers, netbios-scope, interface-mtu, rfc3442-classless-static-routes, ntp-servers;
After a restart dhclient
will prepend the specified name-servers and place them in /etc/resolv.conf
as well as ignoring the DHCP
's settings for the domain-name-servers
and domain-search
directives.
The temporary memory filesystem (tmpfs
) can be used when you want to temporary store files that will be deleted on the next reboot. This is helpful, for example, when you want to store log-files that are not important over reboots and want to reduce the pressure on the hard-drive.
Adding this entry to /etc/fstab
will, for example, mount polipo
's cache directory in RAM
:
tmpfs /var/cache/polipo tmpfs nodev,noexec,nodiratime,noatime,nosuid,size=5G,async 0 0
using a slab of 5G
.
This function works together with iptables
and the IDLETIMER
module in order to limit the CPU
consumption of a process (commonly a daemon) when the process does not generate incoming traffic.
#!/bin/bash ########################################################################### ## Copyright (C) Wizardry and Steamworks 2014 - License: GNU GPLv3 ## ## Please see: http://www.gnu.org/licenses/gpl.html for legal details, ## ## rights of fair usage, the disclaimer and warranty conditions. ## ########################################################################### # The function suspends or resumes the named process passed as parameter to # the fuction, provided that iptables has been set-up to create an idle # timer for the named process passed as the parameter to this function. # # For this function to work properly, you should issue: # iptables -A INPUT -p tcp --dport 8085 -j IDLETIMER \ # --timeout 60 --label $process_name # where $process_name is the parameter passed to this function # # This script is best called via crontab to periodically check whether a # proccess's network traffic is stale and to suspend the process if it is. function idlecpulimit { # path to the cpulimit daemon local cpulimit=/usr/bin/cpulimit # percent to throttle to accounting for multiple CPUs # effective throttle = (CPUs available) x throttle local throttle=1 # get the car and cdr of the daemon local car=`echo $1 | cut -c 1` local cdr=`echo $1 | cut -c 2-` # get the daemon if it is running local daemon=`ps ax | grep "[$car]$cdr" | awk '{ print $1 }'` if [ -z $daemon ]; then # just bail if it is not running return; fi # get the PID of the cpulimit daemon for the process local cpulimit_PID=`ps ax | grep '[c]pulimit' | grep $daemon | awk '{ print $1 }'` case `cat /sys/class/xt_idletimer/timers/$1` in 0) # suspend if [ -z $cpulimit_PID ]; then $cpulimit -l $throttle -p $daemon -b >/dev/null 2>&1 fi ;; *) # resume if [ ! -z $cpulimit_PID ]; then kill -s TERM $cpulimit_PID >/dev/null 2>&1 fi ;; esac }
As an example, suppose you had a daemon named mangosd
and, as a daemon, it is active when it has inbound connections on port 8085
. In that case, you would first add a firewall rule:
iptables -A INPUT -p tcp --dport 8085 -j IDLETIMER --timeout 60 --label mangosd
which will start a countdown timer in /sys/class/xt_idletimer/timers/mangosd
when the connection is idle.
After that, you would create a script containing the function above and call it in your script:
function idlecpulimit { ... } idlecpulimit mangosd
The script will then be placed in /etc/cron.d/cron.minutely
and will limit or release the CPU
limitation when the daemon receives traffic.
Suppose that you have made a configuration error and you need to boot from a LiveCD
and chroot
to the filesystem in order to repair the damage. In that case, you will find that you will need the proc
, dev
and sys
filesystems. These can be mounted by using the bind
option of mount
:
mount -o bind /dev /mnt/chroot/dev mount -o bind /sys /mnt/chroot/sys mount -o bind /proc /mnt/chroot/proc
Considering that the damaged filesystem is mounted on /mnt/chroot
. After the filesystems are mounted, you can chroot
to the filesystem and run commands such as update-grub
:
chroot /mnt/chroot
tcpdump -i eth0 -s 30 -e | cut -f1 -d','
where eth0
is the interface.
For hung processes, the stack traceback can show where the processes are waiting. The CONFIG_MAGIC_SYSRQ
must be enabled in the kernel to enable stack tracebacks. If kernel.sysrq
is not set to 1
with sysctl
, then run:
echo 1 > /proc/sys/kernel/sysrq
Next, trigger the stack traceback by issuing:
echo t > /proc/sysrq-trigger
The results can be found on the console or in /var/log/messages
.
netstat -tunlp |grep p6
First edit /etc/hosts
to comment out any IPv6 addresses:
# The following lines are desirable for IPv6 capable hosts #::1 ip6-localhost ip6-loopback #fe00::0 ip6-localnet #ff00::0 ip6-mcastprefix #ff02::1 ip6-allnodes #ff02::2 ip6-allrouters
After that, if you are using grub, edit /etc/default/grub
and add:
ipv6.disable=1
to the list following GRUB_CMDLINE_LINUX_DEFAULT
.
In case you use lilo, edit /etc/lilo.conf
instead and modify the append
line to include ipv6.disable=1
.
Issue update-grub
or lilo
to make those changes.
You can also add a sysctl setting:
net.ipv6.conf.all.disable_ipv6 = 1
to /etc/sysctl.d/local.conf
.
Additionally, in case you are running a system with a bundled MTA such as exim, you should probably keep it from binding to IPv6 addresses.
For exim, edit /etc/exim4/update-exim4.conf.conf
and change the dc_local_interfaces
to listen only on IPv4:
dc_local_interfaces='127.0.0.1'
and then add:
# Disable IPv6 disable_ipv6 = true
in both /etc/exim4/exim4.conf.template
and /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
and run update-exim4.conf
followed by a restart of the service.
Otherwise you might receive the error: ALERT: exim paniclog /var/log/exim4/paniclog has non-zero size, mail system possibly broken failed!
.
ipcs
can be used to display all semaphores:
ipcs -s
to remove a semaphore by id, issue:
ipcrm sem 2123561
To clear all semaphores for a user, for example, for apache (as user www-data
on Debian):
ipcs -s | grep www-data | awk '{ print $2 }' | while read i; do ipcrm sem $i; done
Before the watchdog restarts the system, it fires off an email indicating the problem, for example:
Message from watchdog: The system will be rebooted because of error -3!
The error codes can be found in the man page, here is a list of reasons:
-1
The system will reboot. Does not indicate an error.-2
The system will reboot. Does not indicate an error.-3
The load average has reached its maximum specified value.-4
Temperature too high.-5
/proc/loadavg
contains no data or not enough data.-6
The given file was not changed in the given interval.-7
/proc/meminfo
content.-8
Child process was killed by a signal.-9
Child process did not return in time.-10
User specified.
On recent Linux distributions, Codel can be enabled which is better than wondershaper. This can be done by editing the sysctl configuration file (/etc/sysctl.d/local.conf
) and adding the line:
net.core.default_qdisc = fq_codel
for general-purpose routers including virtual machine hosts and:
net.core.default_qdisc = fq
for fat servers.
Using POSIX ACLs, it is possible to modify permissions to files (even recursively) such that it is no longer necessary to fiddle with the limited Linux user and group permissions. For example, suppose you wanted to allow a user access to a directory without adding them to a group and then separately modifying all the file permissions to allow that group access.
In that case, you would write:
setfacl -R -m u:bob:rwX Share
where:
-R
means to recursively change the permissions-m
means modify (and -x
means to remove)u:
stands for user (and g:
for group)bob
is the user that we want to grant access torwX
means read (r
), write (w
) and X
(note the capital case) means to only grant execute permissions in case the file already had execute permissionsShare
is the directory (or file) to set the permissions on
The command will thus recursively grant permissions on the file or folder named Share
to the user bob
allowing bob
to read, write and execute the files but only if the file was executable in the first place.
The following command will let you pick the default editor:
update-alternatives --config editor
find /proc/*/fd -xtype f -printf "%l\n" | grep -P '^/(?!dev|proc|sys)' | sort | uniq -c | sort -n
In case the machine is hanging and Magic SysRq is enabled in the kernel (enabled by default), then issuing the following combination will reboot the machine more or less gracefully:
Alt+PrtScrn+R+S+E+I+U+B
which will perform, in order:
init
the TERM
signalinit
the KILL
signalfsck
at bootTo check whether an attached SSD currently has TRIM enabled, first mount the drive and change directory to the drive:
cd /mnt/ssd
Now create a file:
dd if=/dev/urandom of=tempfile count=100 bs=512k oflag=direct
and check the fib-map:
hdparm --fibmap tempfile
which will output something like:
tempfile: filesystem blocksize 4096, begins at LBA 2048; assuming 512 byte sectors. byte_offset begin_LBA end_LBA sectors 0 383099904 383202303 102400
Now, note the number under begin_LBA
(383099904
in this example) and run:
hdparm --read-sector 383099904 /dev/sdc
where:
383099904
is the number obtained previously/dev/sdc
is the device for the SSD driveThe last command should output a long string of characters for those sectors.
Now, issue:
rm tempfile sync
and repeat the previous hdparm
command:
hdparm --read-sector 383099904 /dev/sdc
if now the output consists of only zeroes then automatic TRIM is in place otherwise, wait for a while and run the last hdparm
again.
On distributions based on systemd
, filesystems can be mounted on demand instead of using /etc/fstab
in order to let the main system boot while all the requests to the systemd
managed filesystems can buffer-up.
Suppose you have a /home
partition that you want mounted on demand with systemd
. In that case, you can modify the /etc/fstab
options to read:
noauto,x-systemd.automount
where noauto
prevents Linux from mounting the partition on boot and x-systemd.automount
will use systemd
to auto-mount the partition on demand.
Additionally, the parameter x-systemd.device-timeout=1min
can be added to the mount options which will allow for 1 minute before giving up trying to mount the resource which can be useful for network-mounted devices.
In order to have Linux automatically reboot after a kernel panic, add a setting to sysctl - on Debian systems, you will have to edit the file /etc/sysctl.d/local.conf
:
kernel.panic = 30 kernel.panic_on_oops = 30
which will make the machine restart in 30
seconds.
ps -eo pmem,pcpu,rss,vsize,args | sort -k 1 -r | less
The following snippet pipes the second field from the history
command and counts the number of time it appears:
history | awk '{ a[$2]++ } END { for(i in a) { print a[i] " " i } }' | sort -urn | head -n 20
which then gets sorted and the top most 20
results are displayed.
You can add: fsck.mode=force
and fsck.repair=preen
to the grub parameter line on reboot in order to trigger a filesystem recheck. Alternatively, if you feel bold, you can add fsck.repair=yes
instead of fsck.repair=preen
in order to have Linux automatically fix the errors. This is especially useful to recover from a damaged root filesystem.
Edit /etc/default/grub
and add:
scsi_mod.use_blk_mq=1
to the kernel command line parameters.
This helper script can be useful in case you wish to export a bunch of "real" users by scanning the home directory and extracting only users that have a folder inside that directory.
########################################################################### ## Copyright (C) Wizardry and Steamworks 2016 - License: GNU GPLv3 ## ########################################################################### HOMES="/home" FILES="/etc/passwd /etc/passwd- /etc/shadow /etc/shadow-" ls -l $HOMES | awk '{ print $3 }' | sort -u | while read u; do for file in $FILES; do cat $file | while read p; do ENTRY=`echo $p | awk -F':' '{ print $1 }'` if [ "$ENTRY" == "$u" ]; then echo $p >> `basename $file` fi done done done
When the script runs, it will scan all folders under the /home
directory, grab the users that the folders belong to and scan the Linux password files (/etc/passwd
, /etc/passwd-
, /etc/shadow
and /etc/shadow-
) for entries for that user. It will then generate Linux password files from the matching home directories that can be later inserted into the Linux password files of a different machine.
dd
dumps an entire device but has no options that are aware of the number of zeroes on the device. The following command:
dd if=/dev/sda | cp --sparse=always /dev/stdin image.img
will create an image named image.img
of the device /dev/sda
such that the image file will not contain any zeroes.
To check that the image was created successfully, you can then issue:
md5sum image.img
and
md5sum /dev/sda
and check that the hashes are identical.
Binding to reserved ports (ports under 1024
) can be done under Linux by issuing:
setcap 'cap_net_bind_service=+ep' /path/to/binary
DMG files are usually compressed; in fact, if you issue in a terminal:
file someimage.dmg
you may get output such as:
someimage.dmg: bzip2 compressed data, block size = 100k
indicating a bzip2 compressed file, or:
someimage.dmg: zlib compressed data
You can then uncompress the DMG image under Linux by issing:
bzip -dc someimage.dmg > someimage.dmg.uncompressed
Now, if you inspect the uncompressed image (in this example someimage.dmg.uncompressed
):
file someimage.dmg.uncompressed
you will get some interesting info such as:
someimage.dmg.uncompressed: Apple Driver Map, blocksize 512, blockcount 821112, devtype 0, devid 0, descriptors 0, contains[@0x200]: Apple Partition Map, map block count 3, start block 1, block count 63, name Apple, type Apple_partition_map, contains[@0x400]: Apple Partition Map, map block count 3, start block 64, block count 861104, name disk image, type Apple_HFS, contains[@0x600]: Apple Partition Map, map block count 3, start block 811148, block count 4, type Apple_Free
indicating an uncompressed image.
To convert the DMG into an image that can be mounted, you can use the tooldmg2img
:
dmg2img someimage.dmg someimage.dmg.uncompressed
You can now mount the image using the HFS+ filesystem:
mount -t hfsplus -o ro someimage.dmg.uncompressed /mnt/media
To purge all inbox e-mails on Linux from the command line, you can use the mail
command with the following sequence of instructions:
d * q
where:
mail
is the mail reader program, d *
instructs mail
to delete all messages,q
tells mail
to quit
There are cases where a Linux system boots with the root /
mounted as read-only. This can occur for various reasons but the standard way of recovering is to issue:
mount -o remount,rw /
which should mount the root filesystem in read-write mode.
However, assuming that you have bad options in /etc/fstab
, that will not work and you will get errors in dmesg
along the lines of:
Unrecognized mount option ... or missing value
this is due to mount
reading /etc/fstab
when you do not specify the source and the target. To work around the problem, you can mount the root manually by specifying both:
mount -t ext4 /dev/vda1 / -o remount,rw
which should give you enough leverage to adjust the entries in your /etc/fstab
file.
Metadata checksumming provides better data safety protection - you will need e2fsprogs version 1.43
or beyond. On Debian you can check your current e2fsprogs with apt-cache policy e2fsprogs
and upgrade to unstable
or testing
if needed.
On new systems, to enable metadata checksumming at format time, you would issue:
mkfs.ext4 -O metadata_csum /dev/sda1
where:
/dev/sda1
is the path to the device to be formatted as EXT4
On existing systems, the filesystem must be unmounted first (using a LiveCD, for instance). With the filesystem unmounted and assuming that /dev/sda1
contains the EXT4 filesystem for which metadata checksumming is to be enabled, issue:
e2fsck -Df /dev/sda1
in order to optimise the filesystem; followed by:
resize2fs -b /dev/sda1
to convert the filesystem to 64bit and finally:
tune2fs -O metadata_csum /dev/sda1
to enable metadata checksumming.
If you want, you can see the result by issuing:
dumpe2fs -h /dev/sda1
Now that metadata checksumming is enabled, you may have some performance gain by adding the a module to initrd called crypto-crc32c
that will enable hardware acceleration for the CRC routines. On Debian, adding the crypto-crc32c
module to initrd is a matter of editing a file and rebuilding the initramfs.
The following command will read in /var/log/mail.log
and compile a list of unique IMAP users.
cat /var/log/mail.log | \ grep imap-login:\ Login | \ sed -e 's/.*Login: user=<\(.*\)>, method=.*/\1/g' | sort | uniq
To disable the linux console blanking (turning off), the following methods can be mentioned:
consoleblank=0
to the linux kernel parameters (ie: edit /etc/default/grub
on Debian),setterm -blank 0 -powerdown 0
on the console to turn off blanking on,echo -ne "\033[9;0]" >/dev/ttyX
; where X
is the console number to turn off blanking for,echo -ne "\033[9;0]" >/etc/issue
to turn off blanking (/etc/issue
is loaded on console boot).
Note that setterm -blank 0
and echo -ne "\033[9;0]"
are equivalent such that you can redirect both their output to a tty
device.
Most console-oriented commands that are meant to work on virtual terminals expect a proper terminal to be set up and to be executed on a virtual terminal. The openvt
command can be used to execute a program on the Linux virtual terminal. For instance, to force the screen to blank whilst being logged-in via an SSH session (/dev/pts
), issue:
TERM=linux openvt -c 1 -f -- setterm -blank force
where:
TERM=linux
sets the terminal type to linux
otherwise the terminal type of the terminal used for the SSH session is going to be assumed,openvt
makes the command run on a virtual terminal,1
refers to /dev/tty1
,-f
forces the command to run even if the virtual terminal is occupied (this is by default the case for login terminals),–
is the separator between openvt
parameters and the command to be executed,setterm
is the command to execute and,-blank force
instructs the terminal to blank.Wireless USB, by consequence, has brought to Linux the capability of simulating an USB disconnect and reconnect - this is particularly useful if the device is connected on the inside of the machine such that the device cannot be removed (even logically) because it cannot be replugged.
The first step is to identify the device you want to reset by issuing:
lsusb
and checking the column with the device ID. For instance, you would want to reset the device:
Bus 001 Device 007: ID 05b7:11aa Canon, Inc.
such that the relevant bit to retain is the vendor ID 05b7
and the product id 11aa
.
Next, locate the device on the USB HUB by issuing:
find -L /sys/bus/usb/devices/ -maxdepth 2 -name id* -print -exec cat '{}' \; | xargs -L 4
and then locate the /sys
path to the device you would like to reset. In this case, the line matching the vendor and product ID would be:
/sys/bus/usb/devices/1-8/idProduct 11aa /sys/bus/usb/devices/1-8/idVendor 05b7
Finally deauthorize the device by issuing:
echo 0 >/sys/bus/usb/devices/1-8/authorized
and re-authorize the device by issuing:
echo 1 >/sys/bus/usb/devices/1-8/authorized
The above is sufficient to trigger and udev hotplug event - in case you are debugging udev scripts.
The following command will set the CPU governor to powersave
for all CPUs installed in the system:
for i in `find /sys/devices/system/cpu/cpu[0-9]* -type d | awk -F'/' '{ print $6 }' | sort -g -k1.4,1 -u | cut -c 4-`; do cpufreq-set -c $i -g powersave; done
From man (8) systemd-journald
:
mkdir -p /var/log/journal systemd-tmpfiles --create --prefix /var/log/journal
711
if you dont want to add groups as well or751
so that public can't read your home directory
In the event that Linux decides to answer with an IPv6 address when pinging localhost
, for example:
PING localhost(localhost (::1)) 56 data bytes 64 bytes from localhost (::1): icmp_seq=1 ttl=64 time=0.226 ms 64 bytes from localhost (::1): icmp_seq=2 ttl=64 time=0.291 ms 64 bytes from localhost (::1): icmp_seq=3 ttl=64 time=0.355 ms 64 bytes from localhost (::1): icmp_seq=4 ttl=64 time=0.353 ms
then the issue is an incorrect setup of /etc/hosts
- notably, the IPv6 addresses are not setup correctly and Linux answers with the IPv6 equivalent address of localhost
.
Open /etc/hosts
and modify the IPv6 section to contain the following:
# The following lines are desirable for IPv6 capable hosts ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters ff02::3 ip6-allhosts
and all services should start working properly again.
On newer Linux systems, the command:
dd if=/dev/xxx of=/dev/yyy bs=8M status=progress
will display progress status whilst copying. Unfortunately, that does not include a convenient progress bar to check for completion.
Alternatively, the corresponding command:
pv -tpreb /dev/xxx | dd of=/dev/yyy bs=8M
will use pv
and display a progress bar.
Add to the command line in /etc/default/grub
, the kernel parameters:
nopti noibrs noibpb nospectre_v2
and execute:
update-grub
After a reboot, the patches should be disabled and the performance will be back!
setcap 'cap_net_bind_service=+ep' /path/to/program
where:
program
is an _executable_ - not a script.
dmidecode
can be used to retrieve BIOS information and, amongst which, can also tell what the last power on method has been:
dmidecode -t system | grep 'Wake-Up Type'
will print the last wake-up type.
It may happen that logs fill up with messages indicating that some power management policy cannot be enforced on a given CPU core:
cpufreqd: cpufreqd_loop : Cannot set policy, Rule unchanged ("none"). cpufreqd: cpufreqd_set_profile : Couldn't set profile "Performance High" set for cpu4 (100-100-performance)
It may be that the CPU core is simply stuck and may need replugging. The following two commands will take the CPU offline and the next one will start the CPU back up:
echo "0" > /sys/devices/system/cpu/cpu4/cpufreq/online echo "1" > /sys/devices/system/cpu/cpu4/cpufreq/online
In doing so, the power management issue seems to be resolved.
Edit or create the file at /etc/udev/rules.d/70-persistent-net.rules
with the following contents:
SUBSYSTEM=="net", ACTION=="add", ATTRS{idProduct}=="a4a2", ATTRS{idVendor}=="0525", RUN+="/bin/sh -c '/sbin/ip link set dev %k up && /sbin/brctl addif br0 %k'"
where:
br0
is the interface name of the bridge that the RNDIS devices will be added to.followed by the command:
udevadm control --reload
to reload all udev rules.
The reason this works is due to a4a2
and 0525
respectively being the identifiers for the RNDIS driver and not for the device itself. For instance, by issuing:
udevadm info -a /sys/class/net/usb0
will show at the top the RNDIS device without any identifiers whereas the parent RNDIS/Ethernet Gadget
matches the identifiers.
One usage case for this rule is to connect a bunch of RNDIS devices to an USB hub and have them join the network automatically as they are hotplugged; for instance, Raspberry Pis can be configured as USB gadgets and then connected to an USB hub.
FTP sites can be scraped elegantly by using systemd and tmux on Linux. By starting a tmux
detached terminal, wget
can run in the background and download a website entirely whilst also allowing the user to check up on the progress by manually attaching and detaching from tmux
.
The following script contains a few parameters underneath the Configuration
comment and up to Internals
in order to set:
DOWNLOAD_DIRECTORY
),wget
download URL (all protocols supported by wget
such as FTP or HTTP) (DOWNLOAD_URL
),tmux
session (TMUX_SESSION_NAME
)[Unit] Description=Scrape FTP Site Requires=network.target local-fs.target remote-fs.target After=network.target local-fs.target remote-fs.target [Install] WantedBy=multi-user.target [Service] # Configuration Environment=DOWNLOAD_DIRECTORY="/path/to/directory" Environment=DOWNLOAD_URL="ftp://somesite.tld/somedirectory" Environment=TMUX_SESSION_NAME="somesite.tld-download" # Internals Type=oneshot KillMode=none User=root ExecStartPre = -/bin/mkdir -p \""$DOWNLOAD_DIRECTORY"\" ExecStart=/usr/bin/tmux new-session -d -c "\"$DOWNLOAD_DIRECTORY\"" -s "$TMUX_SESSION_NAME" -n "$TMUX_SESSION_NAME" "/usr/bin/wget -c -r \"$DOWNLOAD_URL\" -P \"$DOWNLOAD_DIRECTORY\"" ExecStop=/usr/bin/tmux send-keys -t "$TMUX_SESSION_NAME" C-c RemainAfterExit=yes
The file should be placed under /etc/systemd/system
, then systemd has to be reloaded by issuing systemctl daemon-reload
, the service should then be loaded with systemctl enable SERVICE_FILE_NAME
where SERVICE_FILE_NAME
is the name of the file copied into /etc/systemd/system
and finally started by issuing systemctl start SERVICE_FILE_NAME
.
Upon every reboot, the service file will create a detached tmux terminal and start scraping files from the URL.