Passing command line arguments to shell scripts allow you to re-use a lot of scripts. In shell scripts the command you execute is always the reserved variable of $0 each additional command is seperated by spaces. So for example if you typed:
./max_it special cheese now
$0 = max_it
$1 = special
$2 = cheese
$3 = now
$n is the number of arguments passed on the command line starting with 0
When providing command line arguments it is best to providing some sanity checking:
if [ $n -nq 1 ]
then
echo "Usage : $0 IP_address
exit
fi
I love nagios it’s the perfect way to monitor linux. Monitoring command can be written in almost any language: nagios expects a exit code and a exit string and it works. I write most of my plugins in bash shell. Here is a generic plugin template:
#!/bin/bash
# Sanity check
if [ $# -ne 2 ]; then
echo "Usage: $0 commandline1 commandline2"
exit
fi
COMMAND=`command_here`
E_SUCCESS="0"
E_WARNING="1"
E_CRITICAL="2"
E_UNKNOWN="3"
if grep -q "succeeded!" <<< $COMMAND; then
echo "OK - $1 $2 working"
exit ${E_SUCCESS}
else
echo "CRITICAL - $1 $2 not working"
exit ${E_CRITICAL}
fi
About once a year I have to delete a history of old recorded shows on my Myth box so I can record the show again. You can do this via the frontend but I prefer to hack it out of the database. All this information is stored in the oldrecorded table inside your myth database. Before you start deleting make sure you have the correct information by using select statements (for example Stargate Atlantis)
SELECT * FROM oldrecorded WHERE title = ‘Stargate Atlantis’
You can also use wildcards to help locate the title:
SELECT * FROM oldrecorded WHERE title LIKE ‘Stargate%’
Once you are sure your select statement has narrowed down to an exact need then you can delete it
DELETE FROM oldrecorded WHERE title = ‘Stargate Atlantis’
I am constantly having to check firewall rules for sevices I have not yet setup. In this post I will reference the client (Source address) and server (Destination address).
Checking TCP
Server:
Open a tcp port with netcat so for example to open port 80 tcp I would use:
nc -l 80
Client:
Check the tcp port with telnet so to connect to port 80:
telnet destination_ip 80
Checking UDP
To open a udp (destination)listener on port 80 you would use the following command:
nc -lu 80
To Connect to your destination udp on port 80 use the following command from your source:
nc -zu destination_ip 80
Netcat fun
Netcat (nc) can also be used for a lot of other purposes. It can also be used as a very fast basic port scanner:
To scan a range of UDP ports 80-4000
nc -zu destination_ip80-4000
In order to get more information, you can add v, for more verbose, add another v
I created this script to go through all *.wma files in a directory and convert them to mp3 files and then delete the wma files. I works great for my mp3 play that does not support wma. It takes the wma files and converts them to wav then converts them to mp3. It uses mplayer and lame to do the work.
#!/bin/bash
#Rip with Mplayer / encode with LAME
for i in *.wma ; do mplayer -ao pcm -vc dummy "$i" && lame --preset 128 audiodump.wav -o \
"`basename "$i" .wma`.mp3"; done; rm -f audiodump.wav
#Delete audiodump.wav
rm audiodump.wav
It’s a pain to enforce password length it always causes you to reset passwords over and and over again but it does provide better security. So here is how you enforce it in Linux. Inside the /etc/pam.d/system-auth file you modify the pam_cracklib.so line:
So these settings are: (retry=3) allow 3 login trys, (minlen=10) minimum password length 10, (lcredit=-1) Minimum number of lower case letters is 1, (ucredot=-1) Minimum upper case is 1, (dcredit=-1) Minimum number of digits is 1, (ocredit=-1) Minimum number of other characters is 1.
To remember old passwords then add a line to pam_unix.so (this will remember 10 past passwords and they cannot be used sooner than minimum password change length times passwords to remember.)
pam_unix.so remember=10
If you want to enforce that the new password has different characters than previous remembered ones then add the following to pam_cracklib.so. At least 2 characters
In order to lock a linux account a change of the password is the best option. Linux provides an automated method for locking accounts. To Lock an account (change password to something that is not typeable puts a ‘!!’ in front of the password)
passwd -l username
To unlock the account (change the password back to original value)
passwd -u username
To display password information on user (root only) This will display seven fields (username, status, date of creation, minimum password age, maximum password age, Number of days before password expires, minimum password length) in addition RHEL adds a translation for status after the seventh field.
We all know changing your password every so often is a good idea. Along with the idea of changing your password come the idea of forcing users to change their password, because unless you force it they will never change it. In linux (redhat) this is handled by the chage command.
To set the minimum life of a password in days:
chage -m days username
To set the maximum life of a password to days:
chage -M days username
To set the number of days an account can be inactive (after password expire) before it’s locked:
chage -I days username
To set the date after which an account is inaccessable:
chage -E date username
To set an advanced warning, in days, of an upcomming password change:
chage -W days username
To display current expiration information (can be done by users)
chage -l username
All of this information is also stored inside /etc/login.defs for example a default file looks like:
# Password aging controls:
#
# PASS_MAX_DAYS Maximum number of days a password may be used.
# PASS_MIN_DAYS Minimum number of days allowed between password changes.
# PASS_MIN_LEN Minimum acceptable password length.
# PASS_WARN_AGE Number of days warning given before a password expires.
#
PASS_MAX_DAYS 99999
PASS_MIN_DAYS 0
PASS_MIN_LEN 5
PASS_WARN_AGE 7
Enterprise Linux the very term usually refers to some type of storage area network normally fiber channel. In all my experience I have not yet met a storage administrator who went to formal storage training. So it’s no doubt that there are some weaknesses when it comes to storage with linux. Here are some of the storage basics. This article assumes you already have a working knowledge of WWID’s, WWN’s and fiber channel storage.
There are multiple WWID’s involved in the process here are a few:
As you can see we need a lot of WWID’s to make fiber channel storage work. This article will focus on getting the Storage LUN WWID from the server. This will allow us to identify our mount points to storage LUN’s.
First thing to identify is the SCSI WWID this is used by Linux Native Multipathing (MPIO) this is found by using the following command (for device sda):
This will return the SCSI device WWID not to be confused with any other WWID’s. If you want to know more information about the device you can get a manufactures label by using:
scsi_id -g -u /dev/sda
A lot of this information is stored in /dev/disk in various directories:
[table id=3 /]
The information we want is inside /dev/disk/by-path which looks like this:
What is the use of blocking out going traffic? Imagine if you have a web server and you want to allow customers to access your webserver but you do not want to allow rogue software to send message from yoru web server to other people. This rule is for you.
iptables -A OUTPUT -m state –state ESTABLISHED -j ACCEPT