Vilas Computer Services

Linux Mac (bsd)

#iptables commands
/sbin/iptables-save --help
/sbin/iptables-save >/tmp/iptables.out

#show contents of files
cat /boot/config-2.4.30 | grep -i "CONFIG_IP_NF"

#count lines in a file
wc -l ~user/bigfile.txt

#query and update runlevel startup services
chkconfig --level 5 avahi-daemon off
chkconfig --level 5 pcscd off
chkconfig --list
chkconfig --list --level 5
chkconfig --list avahi-daemon

#modify file rights
chmod 755 data
chmod 777 data

#modify owner
chown user1:staff data
chown user2:staff *

# clear screen
clear

#find out how much disk space is used in current/sub directories
du -c -h *

#view or change network adapter settings
ethtool eth0

#list of names exported to shell
export -p

#stop man pages clearing when you exit (put in your .bashrc)
export LESS="-X"

#list nfs exports
exportfs -a

#bring job to foreground
fg

#find files
find .
find . -ls

#find snd change permissions on files and directories
find . -type f -exec chmod 644 {} \;
find . -type d -exec chmod 755 {} \;

#find files by modified time (older than 7 days)
find find /home/* -type f -mtime -7 -ls

#check file system
fsck

#mouse cut-n-paste for virt consoles
gpm -m /dev/input/mice -t exps2

#find text in files
grep / -R text * (recursive from root)

#gnu compression utility
gunzip *gz

#halt will shutdown system
halt

#bash command line history
history
history |more
!

#network interface display
ifconfig
ifconfig -a

#kernel filtering (firewall) ** - See sample below
iptables -F (flush)
iptables -L (list)
iptables -save
iptables start

#list active jobs
jobs
jobs -xl

#kill a process
kill -HUP (hangup)
kill -9 (terminate)

#display files
ls
ls -l
ls -laF

#show open file information
lsof
lsof |grep rpc
lsos -i |grep

#read mail
mailx

#display man pages
man 5 exportfs
man hosts

#make direcories
mkdir /mnt/cdrom

#mount disk
mount
mount -o remount,rw /
mount cdrom

#unmount file system
umount /dev/sr0
umount cdrom

#show nfs mounts
showmount
showmount -a

#mount nfs file system
mount remote.host:/path/export /existing/mountpoint

#if nfs share is entered in /etc/fstab
mount /existing/mountpoint

#move file
mv K20nfs S20nfs

#display network ports, etc
netsat -an
netstat -untap (with forein addr0
netstat -tulpn (no forein addr)

#display nfs info
nfsstat -a
nfsstat -o all
nfsstat -r
nfsstat -sn

#check conectivity
ping myhost
ping -f myhost

#check memory usage
pmap

#view processes
ps -ef
ps -ef |grep

#view your current working directory
pwd

#remote desktop for windows terminal server
rdesktop
rdesktop -g 1024x768 myhost

#reboot system
reboot

#show routing table
route -n

#show portmapper (rpc) info
rpcinfo
rpcinfo -a
rpcinfo -o all
rpcinfo -p
rpcinfo -t myhost nfs
rpcinfo -u myhost nfs

#redhat package manager
rpm -q -l

#see your current runlevel
runlevel

#start, stop and list services
service --status-all
service --status-all |grep mount
service --status-all |grep running
service --status-all |grep stopped
service iptables save
service iptables stop
service mdmonitor stop
service mountd restart

#show your environment
env
set

#run a script
sh /usr/local/etc/iptables.sh

#connect to another host
ssh user@myhost

show human readable strings in a binary file
strings nfs

#archive/unarchive files
tar -zxfv *gz

#show tcp header traffic on interface
tcpdump
tcpdump |grep '192.168.10.1'

#reinvoke inittab file
telinit q

#show running processes
top

*Abbreviations

us: user cpu time (or)
% CPU time spent in user space

sy: system cpu time (or)
% CPU time spent in kernel space

ni: user nice cpu time (or)
% CPU time spent on low priority processes

id: idle cpu time (or)
% CPU time spent idle

wa: io wait cpu time (or)
% CPU time spent in wait (on disk)

hi: hardware irq (or)
% CPU time spent servicing/handling hardware interrupts

si: software irq (or)
% CPU time spent servicing/handling software interrupts

st: steal time % CPU time in involuntary wait by virtual cpu while hypervisor is servicing another processor (or)
% CPU time stolen from a virtual machine

#add user to system
useradd

#example

useradd --gid=root -G backupoperator --comment="backup user" --password=PaSsWoRd backupuser

#edit file
vi .bashrc

#who's on the system
w
who

#find the path to a file
which dfshare

#rpm package manager for red hat
yum help
yum list
yum search xen
yum erase xen-libs.x86_64
yum install rdesktop
yum clean all
yum check-update
yum update

#cron info
/etc/crontab
run-parts
01 * * * * root run-parts /etc/cron.hourly
02 4 * * * root run-parts /etc/cron.daily
22 4 * * 0 root run-parts /etc/cron.weekly
42 4 1 * * root run-parts /etc/cron.monthly

crontab(5) time and date fields are:

field allowed values
----- --------------
minute 0-59
hour 0-23
day of month 1-31
month 1-12 (or names)
day of week 0-7 (0 or 7 is Sun, or use names)

#example (archive web folder every morning @ 2:15am using tar)

15 2 * * * tar -zcvf /home/web/www_archive`date '+%m-%d-%Y'`.tar.gz /www/html

### iptables sample rules for host 192.168.1.10

iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT

#SSH:
#iptables -A INPUT -d 192.168.1.10 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -s 192.168.1.16 -d 192.168.1.10 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -s 192.168.1.11 -d 192.168.1.10 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -s 192.168.1.20 -d 192.168.1.10 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -s 192.168.1.30 -d 192.168.1.10 -p tcp --dport 22 -j ACCEPT

#SQLnet (Allow Oracle Access To Particular IP):
iptables -A INPUT -s 192.168.1.22 -d 192.168.1.10 -p tcp --dport 1521 -j ACCEPT
iptables -A INPUT -s 192.168.2.23 -d 192.168.1.10 -p tcp --dport 1521 -j ACCEPT

#VNC (non-secure)
#iptables -A INPUT -s 192.168.1.16 -d 192.168.1.10 -p tcp --dport 5900 -j ACCEPT
iptables -A INPUT -s 192.168.1.17 -d 192.168.1.10 -p tcp --dport 5900 -j ACCEPT
iptables -A INPUT -s 144.92.192.57 -d 192.168.1.10 -p tcp --dport 5900 -j ACCEPT

#X11
iptables -A INPUT -s 192.168.1.11 -d 192.168.1.10 -p tcp --dport 6000 -j ACCEPT

#BackupExec
iptables -A INPUT -s 192.168.1.12 -d 192.168.1.10 -p tcp --dport 10000 -j ACCEPT
iptables -A INPUT -s 192.168.1.12 -d 192.168.1.10 -p tcp --dport 1026:49175 -j ACCEPT

#Any Traffic From Localhost:
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

#ICMP/Ping:
iptables -A INPUT -d 192.168.1.10 -p icmp -j ACCEPT

#PortMapper/NFS
iptables -A INPUT -s 192.168.1.11 -d 192.168.1.10 -p tcp -m tcp --dport 111 -j ACCEPT
iptables -A INPUT -s 192.168.1.11 -d 192.168.1.10 -p udp -m udp --dport 111 -j ACCEPT
iptables -A INPUT -s 192.168.1.11 -d 192.168.1.10 -p tcp -m tcp --dport 2049 -j ACCEPT
iptables -A INPUT -s 192.168.1.11 -d 192.168.1.10 -p udp -m udp --dport 2049 -j ACCEPT
iptables -A INPUT -s 192.168.1.11 -d 192.168.1.10 -p tcp -m tcp --dport 10001 -j ACCEPT
iptables -A INPUT -s 192.168.1.11 -d 192.168.1.10 -p udp -m udp --dport 10002 -j ACCEPT
iptables -A INPUT -s 192.168.1.11 -d 192.168.1.10 -p tcp -m tcp --dport 10003:10005 -j ACCEPT
iptables -A INPUT -s 192.168.1.11 -d 192.168.1.10 -p udp -m udp --dport 10003:10005 -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -j REJECT --reject-with icmp-port-unreachable
iptables -A OUTPUT -d 192.168.1.11 -s 192.168.1.10 -p tcp -m tcp --dport 111 -j ACCEPT
iptables -A OUTPUT -d 192.168.1.11 -s 192.168.1.10 -p udp -m udp --dport 111 -j ACCEPT
iptables -A OUTPUT -d 192.168.1.11 -s 192.168.1.10 -p tcp -m tcp --dport 2049 -j ACCEPT
iptables -A OUTPUT -d 192.168.1.11 -s 192.168.1.10 -p udp -m udp --dport 2049 -j ACCEPT
iptables -A OUTPUT -d 192.168.1.11 -s 192.168.1.10 -p tcp -m tcp --dport 10001 -j ACCEPT
iptables -A OUTPUT -d 192.168.1.11 -s 192.168.1.10 -p udp -m udp --dport 10002 -j ACCEPT
iptables -A OUTPUT -d 192.168.1.11 -s 192.168.1.10 -p tcp -m tcp --dport 10003:10005 -j ACCEPT
iptables -A OUTPUT -d 192.168.1.11 -s 192.168.1.10 -p udp -m udp --dport 10003:10005 -j ACCEPT

#Drop the rest
iptables -A INPUT -j DROP
iptables -A OUTPUT -j REJECT --reject-with icmp-port-unreachable
iptables -A FORWARD -j DROP

#end of IPTABLES list

#Mac SMB setting changes

/etc/smb.conf

spnego = no
stream support = no
ea support = no
darwin_streams:brlm = no

Restart your Mac.