Tuesday, November 27, 2012

Users, Shutdowns and Reboots

The “last” command. Not many people I know use it but there are a quite a few things one could do with it often. Let’s look at users, shutdowns and reboots.
The “last or lastb” command is typically used to show a listing of the last logged in/out users. To view when a particular user last logged in run “last [username]“. See output below.
[root@nosebleed ~]# last danny
danny    pts/1        ftmtj1s.crib     Wed Oct 24 16:51   still logged in
danny    pts/0        python.crib      Wed Oct 24 16:10   still logged in
danny    pts/0        ftmtj1s.crib     Wed Oct 24 14:44 - crash  (01:07)
danny    pts/0        python.crib      Tue Oct 23 16:59 - 17:22  (00:22)
danny    pts/2        python.crib      Tue Oct 23 16:25 - down   (00:32)
danny    pts/1        python.crib      Tue Oct 23 16:09 - down   (00:47)
danny    pts/1        python.crib      Tue Oct 23 16:09 - 16:09  (00:00)
danny    pts/0        ftmtj1s.crib     Tue Oct 23 13:22 - down   (03:34)
danny    pts/0        ftmtj1s.crib     Mon Oct 22 01:18 - 01:43  (00:25)
danny    pts/0        ftmtj1s.crib     Sun Oct 21 01:34 - 21:06  (19:31)
danny    pts/0        ftmtj1s.crib     Sat Oct 20 13:58 - 14:01  (00:03)
danny    pts/0        ftmtj1s.crib     Fri Oct 19 16:52 - 00:23  (07:31)
danny    pts/0        python.crib      Fri Oct 19 11:49 - 14:15  (02:25)
danny    pts/0        python.crib      Thu Oct 18 15:27 - 15:37  (00:09)
danny    pts/0        python.crib      Thu Oct 18 15:22 - 15:23  (00:01)
danny    pts/1        192.168.0.65     Thu Oct 18 15:13 - 15:18  (00:05)
danny    pts/1        192.168.0.65     Thu Oct 18 14:38 - 15:13  (00:35)
Each time time the “reboot” command is executed the “reboot” user logs in. Running the “last reboot” command would then show the last reboot events. See out put below.
[root@nosebleed ~]# last reboot
reboot   system boot  2.6.18-8.1.14.el Wed Oct 24 15:51          (01:28)
reboot   system boot  2.6.18-8.1.14.el Tue Oct 23 16:59         (1+00:20)
reboot   system boot  2.6.18-8.1.10.el Thu Oct 18 14:30         (5+02:27)
reboot   system boot  2.6.18-8.1.10.el Wed Oct 17 02:05         (1+11:36)
reboot   system boot  2.6.18-8.1.10.el Tue Oct 16 23:00         (1+14:41)
reboot   system boot  2.6.18-8.1.10.el Tue Oct 16 21:05          (01:52)
reboot   system boot  2.6.18-8.1.10.el Fri Oct 12 22:27         (3+16:41)
If you only need halt and shutdown information. Running “last -x | grep down” will do that. See output below.
[root@nosebleed ~]# last -x | grep down
shutdown system down  2.6.18-8.1.10.el Tue Oct 23 16:58 - 17:22 (1+00:24)
danny    pts/2        python.crib      Tue Oct 23 16:25 - down   (00:32)
danny    pts/1        python.crib      Tue Oct 23 16:09 - down   (00:47)
danny    pts/0        ftmtj1s.crib     Tue Oct 23 13:22 - down   (03:34)
shutdown system down  2.6.18-8.1.10.el Thu Oct 18 13:42 - 16:57 (5+03:15)
danny    pts/3        ftmtj1s.crib     Thu Oct 18 13:28 - down   (00:12)
danny    pts/2        ftmtj1s.crib     Thu Oct 18 13:11 - down   (00:30)
danny    pts/1        192.168.0.65     Thu Oct 18 00:51 - down   (12:49)
danny    pts/0        192.168.0.65     Wed Oct 17 22:08 - down   (15:32)
shutdown system down  2.6.18-8.1.10.el Tue Oct 16 22:58 - 13:41 (1+14:42)
root     tty1                          Tue Oct 16 21:06 - down   (01:51)
shutdown system down  2.6.18-8.1.10.el Tue Oct 16 15:09 - 22:58  (07:48)
danny    pts/0        192.168.0.65     Tue Oct 16 15:04 - down   (00:04)
shutdown system down  2.6.18-8.1.10.el Fri Oct 12 22:25 - 15:08 (3+16:43)
Hope this helped, drop me a comment if you need info.
at
Labels:

Alias command in Linux

The alias command is used to create shortcuts to commands. Let’s see how it works.
I use the alias command to create shortcuts for commands I use frequently. For example the cp(copy) and mv(move) commands, my alias simply adds -i to cp and mv commands causing them to be interactive thus preventing any accidental deletes or file overwrites.
Running the alias command will show you all the current aliases available.
[dummy@macho ~]$ alias
alias l.=’ls -d .* –color=tty’
alias ll=’ls -l –color=tty’
alias ls=’ls –color=tty’
alias vi=’vim’
alias cp=’cp -i’. This command will ad -i to the cp(copy) command. Now, every time the cp command is executed it will be interactive. No more accidental deletes :)
alias mv=’mv -i’. This command will ad -i to the mv(move) command. Now, every time the mv command is executed it will be interactive. No more accidental overwrites :)
[dummy@macho ~]$ alias cp=’cp -i’
[dummy@macho ~]$ alias mv=’mv-i’
[dummy@macho ~]$ alias
alias cp=’cp -i’
alias l.=’ls -d .* –color=tty’
alias ll=’ls -l –color=tty’
alias ls=’ls –color=tty’
alias mv=’mv-i’
alias vi=’vim’
at
Labels:

Password protect single user mode

You forget your root password and get locked out of your own box. What do you do? Typically, you would reboot into single user mode and change the password there.
When booting into single user mode you will not be prompted for the root password. This is something every attacker knows and prays on once he has gained physical access to you box. So what do you do?
Firstly, a good sys admin knows not to forget the root password. Login in as root is never a good idea so using sudo is always advised. This still leaves the single user mode vulnerable, to secure it you will have to append the following line “su:S:wait:/sbin/sulogin” to your “/etc/inittab” file. Now, every time you boot into single user mode you will be prompted for the root password.
See sample below,
# password protect single user mode
su:S:wait:/sbin/sulogin
PS: Always remember you password, if you can’t then write in down in a safe place.
at
Labels:

Server time slow

Another issue that popped up tonight. The time on a payroll server seem to be slower then usual. Futher troubleshooting on the box revealed that it took 4 seconds to move 1 second on the server. This caused the payroll servers to stop communicating between each other as time sync was part of a security measure built into the payroll software we run here.
Some googling later it seem to be a BUG with the kernel. The fix, suggested to either update the kernel, recompile the kernel or add some kernel parameters in GRUB to fix the issue. I decided to go with the kernel parameters because this was a production server and the downtime window was very slim.
The fix,
  1. vi /etc/boot/grub.conf
  2. Add to the end of the kernel line. “clock=pit noapic nolapic”
  3. reboot and check time. “watch date”


# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE:  You have a /boot partition.  This means that
#          all kernel and initrd paths are relative to /boot/, eg.
#          root (hd0,0)
#          kernel /vmlinuz-version ro root=/dev/md7
#          initrd /initrd-version.img
#boot=/dev/sda
default=0
timeout=10
splashimage=(hd0,0)/grub/splash.xpm.gz
title Red Hat Linux (2.4.9-e.3smp)
root (hd0,0)
kernel /vmlinuz-2.4.9-e.3smp ro root=/dev/md7 clock=pit noapic nolapic
initrd /initrd-2.4.9-e.3smp.img
title Red Hat Linux Advanced Server (2.4.9-e.3)
root (hd0,0)
kernel /vmlinuz-2.4.9-e.3 ro root=/dev/md7 clock=pit noapic nolapic
initrd /initrd-2.4.9-e.3.img
Source: Rexiology::Work
Source: Linux Kernel Parameters
at
Labels:

Select all files but one on linux

My friend wanted to know how to select all files but one on the CLI or in a bash script. This is how I normally do it, do you know a better way?

From the command line
ls * | grep -v [pattern to ignore]
or
ls [!pattern to ignore]  *
in a bash script it may look like this,

for i in `ls * | grep -v [pattern to ignore]`
do
   do something here
done

at
Labels:

How to find files in linux

Need to find files older than certain time frame? This will help, “find [dir] -type f -mtime +[24hours*n] ”
Examples,
Show files older than 7 days
find /tmp/ -type f -mtime +7
Show files older than 7 days and rm them.
find /tmp/ -type f -mtime +7 -exec rm {} ;
or if you have a large number of files
find /tmp/ -type f -mtime +7 | xargs rm
at
Labels:

How to remove ^M character with VI

This is how you remove those annoying ^M characters that show up in files previously edited on a Windows/DOS platform.
In VI,
:%s/[ctrlkey+v and ctrl-key+M]//g
actual command,
:%s/^V^M//g
Here’s a walk through video I made. My first actually :)
at
Labels:
Subscribe to: Posts (Atom)