Sunday, July 31, 2011

Converting a file from uppercase to lowercase and vice-versa

Syntax to convert Upper to lowercase:
# dd if=[file with uppercase] of=[output filename] conv=lcase
# cat [file with uppercase] | tr '[:upper:]' '[:lower:]'  > output_file

Syntax to convert Lower to uppercase:
# dd if=[file with lowercase] of=[output filename] conv=ucase
# cat [file with lowercase] | tr '[:lower:]' '[:upper:]'  > output_file

Friday, July 29, 2011

How to check sudo access available for a Normal user ?

Lets say you logged into a Linux server as a Normal user and you want to know what sudo-access privileges your user-account has.

Run the command “sudo -l” to get the details about sudo-access (like shown below):

[ashok@hostxyz~]$ sudo -l
User ashok may run the following commands on this host:
(ALL) NOPASSWD: /bin/su - jboss
(ALL) NOPASSWD: /bin/su - nagios
(ALL) NOPASSWD: /bin/su – mysql
(ALL) /etc/init.d/postfix restart
(ALL) /etc/init.d/postfix start
(ALL) /etc/init.d/postfix stop
(ALL) /etc/init.d/httpd start
(ALL) /etc/init.d/httpd stop

Examining an unknown binary file in Linux

Lets say you have come across an unknown Binary file in a Linux server and you want to know more details about it. 

Steps to follow:
i)    First run 'file' command to get its file-type and other details.
ii)   Check if the file is installed from any RPM by executing "rpm -qf  [filename]"
iii)  Check if the binary file uses any shared Library modules by running "ldd".
iv)  Check when was the file last modified and accessed, by using "stat" command.
v)   Finally check the printable characters in that file by using "strings" command and see if you could figure out anything from the output. "strings" output usually show the System calls made by that file and it will give you a clue about it. If you are familiar with "C" functions such as fopen, stdin, malloc etc, it would be relatively easier for you to figure out.  


[root@hostxyz tmp]# ls
hsperfdata_root  lost+found  strange_file
[root@hostxyz tmp]# file strange_file
strange_file: ELF 64-bit LSB executable, AMD x86-64, version 1 (SYSV), for GNU/Linux 2.6.9, dynamically linked (uses shared libs), for GNU/Linux 2.6.9, stripped
[root@hostxyz tmp]# rpm -qf strange_file
file /tmp/strange_file is not owned by any package
[root@hostxyz tmp]# ldd strange_file => /lib64/ (0x0000003ea3000000) => /lib64/ (0x0000003ea2c00000)
        /lib64/ (0x0000003ea2800000)
[root@hostxyz tmp]# stat strange_file
  File: `strange_file'
  Size: 7816            Blocks: 16         IO Block: 4096   regular file
Device: 803h/2051d      Inode: 98306       Links: 1
Access: (0755/-rwxr-xr-x)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2011-07-28 16:52:03.000000000 -0500
Modify:  2011-07-28 15:48:20.000000000 -0500
Change: 2011-07-28 15:49:57.000000000 -0500
[root@hostxyz tmp]# strings strange_file
l$ L
usage: uptime [-V]
    -V    display version
[root@hostxyz tmp]#

Final note: Never open (vi) any binary file as it might corrupt it. Couple of times I had messed up some certification key file, which are in encrypted format.

Monday, July 25, 2011

How to find active TCP in Linux server ?

Situation:  You want to find all the Active TCP connections to a Linux machine for a given Port No. or a Port range. This you might want to do, to find any unauthorized access, to find the server utilization or for trouble-shooting purpose.

Solution:  Use 'lsof' or 'netstat' with appropriate switches. Here I illustrated about using 'lsof' as it will give more legible output when compare to 'netstat' command.

# lsof -i @[Server IP]:[Port no or Port-no range] -R | grep TCP | sort -k7 -u

For demonstration purpose, I logged-in to a Linux FTP server and connected it from 3 remote servers via FTP protocol (port: 21).

Command to find how many FTP connections the server has now:
[root@ftpserver~]# lsof -i @ -R | grep TCP | sort -k7 -u
vsftpd  12355 12353 adevaraju    0u  IPv4 58945888       TCP ftpserver:ftp-> (ESTABLISHED)
vsftpd  12605 12602 adevaraju    0u  IPv4 58946864       TCP ftpserver:ftp-> (ESTABLISHED)
vsftpd  13191 13189 adevaraju    0u  IPv4 58947254       TCP ftpserver:ftp-> (ESTABLISHED)
[root@ftpserver ~]#

Command to find how many connections the server has in port range 20 - 80:
# lsof -i @ -R | grep TCP | sort -k7 -u
[Output not shown]

PS: I have already written a post on using 'lsof' and 'netstat'. Please refer it as well:

Thursday, July 21, 2011

Granting sudo access to reset local user-accounts password

In a RHEL server, I want to grant sudo access for a Group to reset any local User-accounts' password. At the same time, I don't want them to reset the password of ROOT user.

Solution:   Use ! (exclude) option in /etc/sudoers file.

Syntax:  %groupname ALL=(ALL) NOPASSWD: /usr/bin/passwd [A-Za-z]*, !/usr/bin/passwd root