Linux Basic commands

Information about binary

whereis sendmail
which sendmail    

Take program to background

ctrl+z

Bring to background

fg

superuser and exit

sudo su; exit;

login as another user without password

sudo -u user_name -s
sudo -u www-data -s

Copy Files, with symbolic links

• Dont traverse symbolic link (copy symlink, not target) cp -P src dest

• will traverse symbolic link cp src dest

• will copy all symbolic link and dirs cp -RP

• Make exact copy of source with -a cp -a src dest

File Write/Append

append

program >> file_name.ext strings "Coach.xlsx" >> "Coach.xlsx.strings.txt" echo "apple" >> apple.txt

write without append

program > file_name.ext strings "Coach.xlsx" > "Coach.xlsx.strings.txt"

sed

Find and Replace

 # sed 's/<FIND_PATTERN>/<REPLACE_PATTERN>/'
 # replace / by \/

# Replace "GET " and " HTTP/1.1 "
cat GET_SORT.txt | sed 's/GET //' | sed 's/ HTTP\/1.1//' > get_sort_sed.txt

File Information

$ file [option] [filename]
$ file -b -brief filename
$file directoryname/*
  all files info in dir
-i Mimetype
$ file -N *
  dont pad output i.e. no line break maybe

Readelf

*** We can see loadable segments in the output of the readelf program.
readelf -l vmlinux

Elf file type is EXEC (Executable file)
Entry point 0x1000000
There are 5 program headers, starting at offset 64

Program Headers:
  Type           Offset             VirtAddr           PhysAddr
                 FileSiz            MemSiz              Flags  Align
  LOAD           0x0000000000200000 0xffffffff81000000 0x0000000001000000 EP
                 0x0000000000893000 0x0000000000893000  R E    200000
  LOAD           0x0000000000a93000 0xffffffff81893000 0x0000000001893000
                 0x000000000016d000 0x000000000016d000  RW     200000
  LOAD           0x0000000000c00000 0x0000000000000000 0x0000000001a00000
                 0x00000000000152d8 0x00000000000152d8  RW     200000
  LOAD           0x0000000000c16000 0xffffffff81a16000 0x0000000001a16000
                 0x0000000000138000 0x000000000029b000  RWE    200000
=======
### Read Elf

// Read headers of elf file $readelf -h /usr/bin/sudo

##  File View 

$ls | less | more | most less: scroll up and down, quit using q, vi key binding;
-r to display raw sequence
-R only ANSI escape char
-X (long form: --no-init [ wont clear screen ] (capital x) behave like more command / to find, n search forward, N search back !shell_command, execute something on shell $ ls | less $ !file someoutputline.txt

more: scroll forward only

• wont clear screen

most: scroll up,dn, left right
-view multiple files
-pass raw escape sequence by default

### head

read 1KB head -c1K

### Opened files by process

List of opened file by a process is available via proc filesystem: $ sudo ls /proc/1/fd/ 0 10 12 14 16

### tail

## grep 

grep pattern

Binary file (standard input) matches for non text file

Process a binary file as if it were text

grep -a 'pattern'

Grep with lines begin with GET and sort

cat getb.txt | grep -a "^GET" | sort > GET_SORT.txt

## Firewall

sudo ufw allow 21 sudo ufw allow ftp sudo service ufw restart

# Files
## Hex view of file

Hexdump -c

# proftpd  FTP server

get the latest update

sudo apt-get update

sudo apt-get upgrade will update installed packages

$ sudo apt-get install proftpd

$ sudo vi /etc/proftpd/proftpd.conf

DefaultRoot : Uncomment this line to restrict users with their home folders. RequireValidShell: Uncomment this line and make it “On” to enable logging in for users, even for those who doesn’t have a valid shell in /etc/shells to log in.

Since 1.3.0rc1 it's also possible to use the following:

DefaultAddress 192.168.10.30 my.domain.tld

Ec2 hosting

# If your host was NATted, this option is useful in order to
# allow passive tranfers to work. You have to use your public
# address and opening the passive ports used on your firewall as well.
# MasqueradeAddress             1.2.3.4
MasqueradeAddress ftp.somedomain.com

# In some cases you have to specify passive ports range to by-pass
# firewall limitations. Ephemeral ports can be used for that, but
# feel free to use a more narrow range.
PassivePorts                  49152 65534

Open port on ec2 network setting

80 0.0.0.0/0 is one example of opened for port 80
Similarly opening port 20-21 20-21 with dash
20-21 : maybe opening from port 20 to 21
49152-65534:

$ sudo service proftpd restart

Creating ProFTPD Users

sudo useradd myproftpduser
sudo passwd myproftpduser
sudo usermod -m -d /var/www/myproftpduser

Troubleshoot

/var/log/proftpd/proftpd.log

User and Groups

User List

$less /etc/passwd

Add new user

$sudo useradd ftp.user_name

• https://linuxize.com/post/how-to-list-users-in-linux/

Delete User

userdel userName

// maybe delete user homa and mail
userdel -r userName

// Force delete
userdel -r -f tom

// Remove any SELinux user mapping 
userdel -Z -r -f jerry

• https://www.cyberciti.biz/faq/linux-remove-user-command/

change password of user

$sudo passwd ftp.user_name

set user home directory

$ sudo usermod -m -d /var/www/user_name.com.sg ftp.user_name
    info message can be displayed if dir exists already, not error
        usermod: directory /var/www/user_name.com.sg exists

Add user to new group

$ sudo usermod -a -G www-data ftp.user_name
    www-data: is group name
    ftp.user_name is username

Add new group

sudo groupadd mynewgroup

View all groups

getent group
less /etc/group

View user groups of user

$groups ftp.user_name

Change user group

//Add an Existing User Account to a Group
usermod -a -G examplegroup username
usermod -a -G group1,group2,group3 username

// Change User's Primary group (-g)
usermod -g groupname username
usermod -g www-data ms

// Change User's Secondary group (-G)
usermod -G groupname username

Delete Groups

sudo groupdel groupname sudo delgroup {group}

Remove user from group

sudo deluser {user} {group}

• https://www.cyberciti.biz/faq/how-to-delete-group-in-linux-using-groupdel-command/
• https://www.howtogeek.com/50787/add-a-user-to-a-group-or-second-group-on-linux/

Shells

cat /etc/shells
which git-shell

sudo -e 

// edit shell for user
sudo chsh <username> -s <shell name>
sudo chsh <username> -s $(which git-shell)

• https://git-scm.com/book/en/v2/Git-on-the-Server-Setting-Up-the-Server

ssh

ssh -i file.pem user@host

scp

copy local files to remote
$ scp cc.zip root@host_ip:/tmp
root@host_ips's password:

scp file.txt [email protected]:/remote/directory

https://linuxize.com/post/how-to-use-scp-command-to-securely-transfer-files/

create symbolic link

ln -s source_file destination_with_name ln -s /var/www/html/uploads /home/web_uploads

Download files with curl

    download with progress displayed
        curl http://example.com --output my.file
    silent download
        curl http://example.com --output my.file --silent
    similar to above
        curl http://example.com -o my.file -s
    save filename as server
        curl -O
    follow 301 redirect
        curl -L 

• https://www.cyberciti.biz/faq/download-a-file-with-curl-on-linux-unix-command-line/

Postfix mail server

install at ubuntu

Run these as sudo
    $sudo apt-get update && apt-get install postfix 

    * Sending Test email
        $sudo apt-get install mailutils

Files

Setting up MTA to relay outgoing email

            /etc/postfix/main.cf
                relayhost = [smtp.gmail.com]:587
                smtp_use_tls = yes
                smtp_sasl_auth_enable = yes
                smtp_sasl_security_options =
                # @@@-DIR
                smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
                #smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

            /etc/postfix/sasl_passwd
                [smtp.gmail.com]:587    [email protected]:password

postmap to compile and hash the contents of sasl_passwd.

Then sasl_passwd.db file will be stored in Postfix configuration directory. # @@@-DIR
$postmap /etc/postfix/sasl_passwd

Troubleshoot

$less /var/log/mail.log

Reload postfix

/etc/init.d/postfix reload
systemctl restart postfix.service

Send mail from command

// (ctrl+D) to send after enter
mail -s "Test subject" "[email protected]"

Permissions chmod

$sudo chmod 775 -R ./
    775: 7_(r1_w1_e1)_owner 7_(111)_group 5_(r1_w0_e0)_others
$sudo chmod 775 -R /var/www/somefolder

-- make script executable
$chmod u+x file.py 

Permissions chown

// Make git directory owner
chown -R git:git /var/git

//created all files here to take git group
chown -R g+rws /var/git

Process

kernel statistic from userspace

~$ cat /proc/stat

Process loaded memory map

Heap, dlls/so , code linked libraries

$cat    /proc/self/maps

$cat /proc/1384/maps  
sudo cat /proc/1/maps | grep vdso
7fff39f73000-7fff39f75000 r-xp 00000000 00:00 0       [vdso]
    linux-vdso.so.1;
    libc.so.6;
    ld-linux-x86-64.so.2.

Loaded modules

 ldd /bin/uname
    linux-vdso.so.1 (0x00007ffe014b7000)
    libc.so.6 => /lib64/libc.so.6 (0x00007fbfee2fe000)
    /lib64/ld-linux-x86-64.so.2 (0x00005559aab7c000)

Tracing syscalls of process

https://www.tecmint.com/strace-commands-for-troubleshooting-and-debugging-linux/

linux trace

$ strace ls
execve("/bin/ls", ["ls"], [/* 62 vars */]) = 0

$ strace echo
execve("/bin/echo", ["echo"], [/* 62 vars */]) = 0

$ strace uname
execve("/bin/uname", ["uname"], [/* 62 vars */]) = 0

Disk and Files

view space usage of current folder

-h readable size
[root@localhost uploads]# du -h
620K    ./proof
0       ./trainees/1f
1.3M    ./trainees/2f
1.3G    ./trainees/EV
0       ./trainees/2019/12/
0       ./trainees/2019/12/

Nmap

Services running on ip nmap -T4 -A -v IP

Users

https://linuxize.com/post/how-to-list-users-in-linux/#get-a-list-of-all-users-using-the-etcpasswd-file
https://www.2daygeek.com/how-to-check-user-login-history-in-linux-using-last-lastb-lastlog-command/

View list of users

$cat /etc/passwd

View all logins

last | less
last -15

Login history of user

last | less