Tuesday, December 10, 2013

Some useful SED command syntaxes

To delete trailing whitespaces at the end of each lines:
# sed 's/[ \t]*$//' filename > filename_notrailingspace

To remove all blank lines in a given file:
# sed '/^$/d' filename > filename_noblankspace

To remove all leading and trailing whitespaces of each lines in a given file:
$ cat filename | sed 's/^[ \t]*//;s/[ \t]*$//' > filename_nospace

Wednesday, December 4, 2013

Deleting files with special characters

In Linux, at times certain files are created with some special characters like hypen(-), single-quotes, blank character etc. It can happen either by accident or by some applications. Deleting those files would be difficult using regular 'rm' command options. Hereby am describing certain methods to get rid of those files. For illustration purpose, I have taken 3 files with above mentioned special characters as example:

$ ls -ltr | tail -3
-rw-r--r--  1 root     root           0 Dec  4 05:30 file a
-rw-r--r--  1 root     root           0 Dec  4 05:31 '-fileb'
-rw-r--r--  1 root     root        1070 Dec  4 05:32 -filec
$ rm file a
rm: cannot lstat `file': No such file or directory
rm: cannot lstat `a': No such file or directory
$ rm '-filec'
rm: invalid option -- l
Try `rm ./-filec' to remove the file `-filec'.
Try `rm --help' for more information.
$ rm -filec
rm: invalid option -- l
Try `rm ./-filec' to remove the file `-filec'.
Try `rm --help' for more information.

Method 1 : Delete using inodes
$ ls -litr | tail -3
1511929 -rw-r--r--  1 root     root           0 Dec  4 05:30 file a
1511931 -rw-r--r--  1 root     root           0 Dec  4 05:31 '-fileb'
1511932 -rw-r--r--  1 root     root        1070 Dec  4 05:32 -filec
$ pwd
$ find /opt -inum 1511929 -exec rm -i {} \;
$ find /opt -inum 1511931 -exec rm -i {} \;
$ find /opt -inum 1511932 -exec rm -i {} \;

Others Methods: Using double-hypen "--" & double-quotes (depends on filenames)

$ rm -- -filec
rm: remove regular file `-filec'? y
$ rm -- file\ a
rm: remove regular empty file `file a'? y
$ file ./'-fileb'
./-fileb: ERROR: cannot open `./-fileb' (No such file or directory)
$ rm "'-fileb'"
rm: remove regular empty file `\'-fileb\''? y

Sunday, December 1, 2013

Rotating tcpdump logs

tcpdump -i <InterfaceName> -C 100 -s0 -W <No of files to rotate> -w  /<tcpdump folderpath>

Option explanation:
-i :  used to specify the Interface or Source IP Address
-C :  specifies in size in MB
-c :  number of count packets
-s :  specifies the packet length to capture
-W :  specifies the number of files to rotate through once the file size specified in -C is reached.
-w :  Path to capture the tcpdump file with the extension .pcap.

Some examples using these options:

# tcpdump -i eth0 -C 100 -s0 -W 4 -w /tcpdumpfolder/filexyz.pcap
# tcpdump -i eth0 -c 1000 -s0 -W 4 -w /tcpdumpfolder/filexyz.pcap
# tcpdump -i eth0 -C 10 -s0 -W 3 -w /dump/server_$(date +%m-%d-%Y-%H:%M).pcap
# tcpdump -i any host or host -C 100 -s0 -W 5 -w /tcpdump/fileabc.pcap

Using RegEx in SUDO Access

We can use 'Regular expression' in Sudoers file !

Let's say we have a Command Alias in '/etc/sudoers' as follows:

Cmnd_Alias      DBTASKS=/sbin/service mysqld start, /sbin/service mysqld stop, /sbin/service mysqld restart, /sbin/service mysqld status, /etc/init.d/mysqld start, /etc/init.d/mysqld stop, /etc/init.d/mysqld status, /etc/init.d/mysqld restart

This can be shrunken using RegEx as follows:
Cmnd_Alias      DBTASKS =/sbin/service mysqld [a-z]*,  /etc/init.d/mysqld [a-z]*
Cmnd_Alias      DBTASKS =/sbin/service mysqld ?*,  /etc/init.d/mysqld ?* 

Finding last reboot, shutdown time and failed login attempts

Finding last reboot time:
# last reboot
# last -F
# who -b

Finding last shutdown time:
# last -x | grep '^shutdown'

Listing out failed login attempts:
# lastb

The other straight forward way to find the failed login attempts is to analyze the /var/log/secure file. I have written a Perl script exclusively to report the failed login attempts by parsing the /var/log/secure file.

Wednesday, November 27, 2013

Configuring RelayHost in Sendmail

Let's assume the Mail RelayHost name is "mailserver.domain.com".

Edit the following file /etc/mail/sendmail.mc

define(`SMART_HOST', `mailserver.domain.com')

# m4  /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

# Restart the Sendmail service
   /etc/init.d/sendmail restart

Converting Time from PST to IST

I have some monitoring scripts that captures the system statistics at a regular interval and writes it into a Logfile with system time, which is in PST.  When any incident happens during the IST hours, the concern Team in India reports us the problem with IST timing.  As a subsequent action, when I try to analyze the Logfile captured by the system, the timestamp in it was confusing me, as I need to match with IST time-interval that was reported.  So in order to easy my job, I came out with this solution of gathering the system statistics in IST but without changing the Timezone setting on the server.

TIME_IN_IST=`TZ='GMT-5:30' date +"%H:%M:%S %D IST"`

Sample Execution:
[root@linuxhost]# date
Tue Nov 26 20:00:37 PST 2013
[root@linuxhost]# date +"%H:%M:%S %D IST"
20:00:42 11/26/13 IST
[root@linuxhost]# TIME_IN_IST=`TZ='GMT-5:30' date +"%H:%M:%S %D IST"`
[root@linuxhost]# echo $TIME_IN_IST
09:30:46 11/27/13 IST
[root@linuxhost]# date
Tue Nov 26 20:00:54 PST 2013

How it works:
I have used GMT offset to match with IST, which is 13.5 hours ahead.  GMT for California is 8 hours behind "GMT-8.00"  and GMT for India is "GMT+5.30".  To match with India Timing, it has to be 13.5 (8+5.30) hours behind.

Tuesday, February 12, 2013

How to check if a file is being accessed by any process ?

Use 'lsof' command with the following syntax:
# lsof -f -- <path of file name>

linuxmach# lsof -f -- /var/log/secure
syslogd 3065 root    3w   REG  253,0 40558 169083 /var/log/secure
The file '/var/log/secure' is being accessed by "syslogd" dameon with the PID 3065 and it is being written now.

Monday, January 7, 2013

Using RegEx in find command

Below shown are the examples for using Regular Expression in 'find' command:

[ashok@linuxhost workdir]$ find . -type f -regex ".*[0-9]+.txt" -print 2> /dev/null

[ashok@linuxhost workdir]$ find . -type f -regex ".*/[0-9]+.txt" -print 2> /dev/null
[ashok@linuxhost workdir]$