End telnet session

^]  ( ctrl + ] )
close

keytool commands

Import intermediate and root certs into an existing .p12 file 

keytool -import -trustcacerts -alias intermediate -file ./intermediate.cer -keystore myfile.p12 -storetype pkcs12 -storepass  ****

keytool -import -trustcacerts -alias root -file ./root.cer -keystore myfile.p12 -storetype pkcs12 -storepass ****

List the certificate in a keystore file

keytool -list -keystore myfile.p12  -storepass  ****-storetype pkcs12 -v

Linux check file size in GB

Prints out size of current directory
du -h .

Prints out size of specified file
du -h /filename

Linux - Find largest files

Prints out 10 largest directories/files
du -a /var | sort -n -r | head -n 10

tcpdump

In Linux
To get wireshark compatible tcpdump
tcpdump -i eth0 'port 9080' -w filename.pcap

Check access on Linux

grep -v "^#" /etc/security/access.conf

curl commands

 curl --header "Authorization: Basic YXN1c2VyOm1vbmRheTI=" --data @soap.xml http://{endpoint-url}

ldd

Diagnose ELFCLASS32 errors using ldd

ldd -v path-to-.so file

rsync

rsync -avl user@server:/dir1/subdir1 .

Find class from a list of jars

Example: find . -name \*.jar -exec grep -l com/ibm/msg/client/commonservices/trace/Trace {} \;

AIX version

oslevel -r

AIX commands

32 or 64 bit
ls -al /unix

CPU and memory usage per process
ps aux | more

prtconf
topas

To find the memory

 lsattr -El sys0 | grep realmem


 tprof -skex sleep 60
ps -mp 606266

mkdir

To create a directory structure without prompting the message directory does not exist
mkdir -p /a/b/c/d

hostname

Change hostname in Redhat
# echo mynewhostname > /proc/sys/kernel/hostname
# /etc/init.d/network restart
# hostname

Get short name
# hostname -s

ports

TCP Ports - 1024 to 65534

AIX - Hardware and system information

prtconf|pg - Shows one page at a time

iptables

List iptables rulesiptables -t nat --line-numbers -n -L

Delete iptables rule
iptables -t nat -D PREROUTING 1

Ports redirection
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
Traffic to port 80 will get redirected to port 8080

du

List total size of current directory (in KB)
df -s

List total size of current directory (in MB+)
df -sh

List size of all directories in current directory
du -sh *

Who is using the port?

Find which process is using tcp port

Linux
netstat -anp | grep LISTEN

AIX
lsof -i:portnumber
The above command will list the processes and pids.
grep using the pid to know the config
ex: ps -ef | grep httpd | grep pid

Windows
netstat -an |find /i "listening"
netstat -an |find /i "9443"

netstat -no
netstat -ao
netstat -a

SSH

Problem
Address 1xx.xx.xx.xx maps to hostname, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!

Solution
check /etc/hosts file and make sure ip address is in the first

tar

tar commands:
Create a tar file
tar -cvf out.tar dirname/*

Extract a tar file
tar -xvf dirname/*

Extract a tar file inside .tgz
gunzip file.tgz
tar -xvf file.tar
  or
gzip -dc file.tgz | tar xf -

Create a tar excluding a sub-directory
tar -cvf output.tar --exclude sub-dir-name *

Problem
tar: directory checksum error

Solution
Native tar is located at /usr/bin/tar.
Try using GNU tar located at /usr/local/bin/tar

Troubleshooting commands

dmesg
strace -p pid
/var/log/messages

kill commands

kill -3 process-id (Will not kill the process. Will create a threaddump useful for java troubleshooting)
kill -9 process-id  (Kill the process)
kill -11 process-id (Grace kill the process)
kill -15 process-id

Mail commands

To view the mailq in linux
#mailq

Check file /var/spool/mail/username

Unix services restart

Restart network services
services network restart

grep search

To recursively search for a string in Linux
grep -ir searchstring *

To match exact search string
grep -w searchstring *

Ex:
line1: 192.168.80.14
line2: 192.168.80.141

grep 192.168.80.14 * will return both lines
grep -w 192.168.80.14 * will return only first line

To limit no. of grep results
grep searchstring * -m 1

Ex:
line1: 192.168.80.14
line2: 192.168.80.141

grep 192.168.80.14 * will return both lines
grep 192.168.80.14 * -m1 will return only one line

libXtst errors

Problem:
Exception in thread "main" java.lang.UnsatisfiedLinkError: /opt/jdk1.6.0_22/jre/lib/amd64/xawt/libmawt.so: libXtst.so.6: cannot open shared object file: No such file or directory

Solution:
yum install libXtst

Solaris 32 or 64 bit?

Run the command isainfo -v

Login tracking in Linux

Check the file /var/log/security to identify who logged in.

Memory information in Linux

cat /proc/meminfo

Check file existence

You check file existence using test command.

if test ! -s "dirname/filename"
then
 echo "File does not exist"
else
 echo "File exists"
fi

Here is the alternative way to check file existence. You can also check for multiple files

if [ -f dirname/filename1 ] && [ -f dirname/filename2 ]
then
 echo "File exists"
else
 echo "File does not exist"
fi

String manipulation using UNIX commands

Extract substring based on index.

e.g.
first_name=Jayanthi
short_name=${first_name:0:3}
echo $short_name

Output: Jay


Replace all occurrences of a text
:%s/search_string/replacement_string/g

cut example

We usually assign some value to a variable and reuse the variable. There could also be situations where we need the variable name when value is passed.

Create a file named server with the following content.
server_qa_apache=1.1.1.1
server_production_jboss=2.2.2.2

I would like to pass IP as input and obtain the variable name.
 grep 1.1.1.1 servers| cut -d'_' -f2
Output: qa

 grep 2.2.2.2 servers| cut -d'_' -f2
Output: production

In case, you have more than one place in a file where 1.1.1.1 is used, you can limit the grep results matching the first one.
grep 1.1.1.1 servers -m 1| cut -d'_' -f2

Limit results with grep

Create a file named servers with the following
server_apache1=1.1.1.1
server_apache2=1.1.1.2
server_apache3=1.1.1.3

grep apache servers
will return output
server_apache1=1.1.1.1
server_apache2=1.1.1.2
server_apache2=1.1.1.3

To limit the grep results, try
grep apache servers-m 1
Output: server_apache1=1.1.1.1

grep apache servers-m 2
Output:
server_apache1=1.1.1.1
server_apache2=1.1.1.2

Nested UNIX variables with eval

eval is a nice function and particularly useful to resolve the value of nested unix variables properly. Here is a scenario.

You have 3 apache servers that belong to different environments.
server_qa_apache=1.1.1.1
server_test_apache=2.2.2.2
server_production_apache=3.3.3.3

Assume you pass the environment as an input variable and want to obtain the server IP.
Environment can be qa, test or production.

ENV=$1
SERVER_IP=${server_$ENV_apache}

-bash: ${server_$ENV_apache}SERVER_IP=${server_$ENV_apache}: bad substitution
The above line will report the error because of nested unix variable.

Use a backslash for nested unix variables.
echo \${server_${ENV}_apache}

The above line will output the variable name similar to
${server_production_apache}

To resolve the value of the variable correctly, you can use eval
eval SERVER_IP=\${server_${ENV}_apache}
echo $SERVER_IP

NTP Synchronization

NTP Setup in RHEL

1) cat /etc/ntp.conf
Add servername

2) Check config
su -
chkconfig --list ntpd

3) NTP operations commands
service ntpd start
service ntpd stop
service ntpd restart

4) Synchronize instantly
ntpdate -u {ntp_server_name}

OpenSSL commands

Convert .p12 to .pem using Openssl
openssl pkcs12 -in filename.p12 -out filename.pem

Convert .key to .pem
openssl rsa -in server.key -text > my-key.pem

Convert .crt to .pem
openssl x509 -inform PEM -in server.crt > my-cert.pem

Create .p12 from .crt and .key
1) openssl rsa -in server.key -text > my-key.pem
2) openssl x509 -inform PEM -in server.crt > my-cert.pem
3) openssl pkcs12 -inkey my-key.pem -in my-cert.pem -export -name mycertname -out myp12file.p12
Enter Export Password:
Verifying - Enter Export Password:

Export private key from password protected .p12 file 

openssl pkcs12 -in filename.p12 -password stdin -out key.pem -nocerts

Export cert from password protected .p12 file 

openssl pkcs12 -in filename.p12 -password stdin -out key.pem -nokeys -clcerts

option -clcerts extract only client certificate without ca certs

Create request (CSR) for submission to Certificate Authority

openssl req -out /opt/apacheconf/ssl/mywebsite.csr -new -newkey rsa:2048 -nodes -keyout /opt/apacheconf/ssl/mywebsite-privkey.key

View CSR file content
openssl req -in myfile.csr -noout -text

Error

C:\OpenSSL-Win64\bin>openssl
WARNING: can't open config file: /usr/local/ssl/openssl.cnf

Solution
set OPENSSL_CONF=C:\OpenSSL-Win64\bin\openssl.cfg
Set openssl conf path in command line and rerun openssl

SSH authorization between hosts with no password

This script will allow to login to remote servers with no password after first time execution.

ssh_script.sh
----------------------------------------------------------
#!/bin/sh
source ~/.bash_profile

# Uncomment and execute this line only one for generation of keys on local server running the script
#ssh-keygen -t rsa

user=myuser
servers="server1-ip server2-ip"

for server in $servers
do
  #Make sure .ssh directory has permissions 700 (Higher privileges cause authorization issues)
  ssh $user@$server 'mkdir ~/.ssh; chmod -R 700 ~/.ssh'
  echo "Copying to server $server"

  # the line copies the authorized keys to the remote server
  #scp ~/.ssh/id_rsa.pub $user@$server:~/.ssh/authorized_keys

  #-------- Append local server id_rsa.pub content into remote server authorized_keys file
  cat ~/.ssh/id_rsa.pub | ssh $user@$server "cat >> ~/.ssh/authorized_keys"
done
exit 0
----------------------------------------------------------

Unix commands

Tune tcp parameters in Solaris
--------------------------------------
e.g.
Set command:  /usr/sbin/ndd -set /dev/tcp tcp_local_dack_interval 20
Get command: /usr/sbin/ndd /dev/tcp tcp_deferred_acks_max

Replace text in a file
------------------------
sed 's/old-string/new-string/g' filename

Find files with multiple file extensions
------------------------
ls -ltr `find directory_path -type f \( -name "*.bak" -o -name "*.old" -o -name "*.2" -o -name "*.copy" -o -name "*.tmp" -o -name "*.swp" -o -name "*.~" \) -print`

Get IP
------------------------
grep IPADDR /etc/sysconfig/network-scripts/ifcfg-eth0  |awk -F= '{print $2}'

Get hostname
------------------------
cat /proc/sys/kernel/hostname

Get last two characters in a word
-----------------------------------
string=test
echo ${string:(-2)}
The result will be 'st'

Monitor system stats
----------------------
vmstat 1 2

iostat -xn 1
mpstat 1

Free memory on Linux
-------------------
free -m

Print no. of CPUs
--------------------
psrinfo -p

NFS mount command
-----------------------
Solaris: mount -F nfs {nas_name}:{source_volume_directory} {target_directory}
Ex: mount -F nfs mynas:/vol/data_environment/env /opt/nascontent

Linux: Solaris: mount -t nfs {nas_name}:{source_volume_directory} {target_directory}

Find out if Redhat is 32 or 64 bit
---------------------------------
Run command: uname -a

Output from 32 bit host:
Linux hostname 2.6.18-92.el5 #1 SMP Tue Apr 29 13:16:12 EDT 2008 i686 i686 i386 GNU/Linux

Output from 64 bit host:
Linux hostname 2.6.18-92.el5 #1 SMP Tue Apr 29 13:16:15 EDT 2008 x86_64 x86_64 x86_64 GNU/Linux

64 bit systems will have x86_64 in their output and 32 bit systems will not have this flag.


================
Useful commands:

fdisk -l | more

grep -ir string
/sbin/iptables -L

service iptables stop

chkconfig iptables off

Check TCP parameters values:
/usr/sbin/ndd /dev/tcp tcp_local_dack_interval

SMTP test

telnet servername portnumber

EHLO or HELO

MAIL FROM:fromaddress@domain.com

RCPT TO:toaddress@domain.com

DATA

Subject: test message

Enter two times (these are needed to conform to RFC 882)

Email body content goes here

. (Type period and enter)

QUIT

Disable SELinux

Edit /etc/selinux/config to read SELinux=disabled
Reboot the entire system

Remove with prefix dash in Linux

Ex: Dir: -abc

Command: rm -Rf ./-abc

Plumb / Unplumb IP addresses on Linux/Solaris

ifconfig eth0:1 {ip-address} netmask 255.255.255.0
ifconfig eth0:1 down

Try these commands too..
ifconfig eth0 10.0.0.1 broadcast 172.x.x.x netmask 255.255.255.0 up
ifdown eth0
ifup eth0

To have the interfaces to come up on reboot automatically,
/etc/sysconfig/network

create files ifcfg-eth0 or fcfg-eth0:1
A sample file

DEVICE=eth0
BOOTPROTO=static
BROADCAST=
HWADDR=
IPADDR=
NETMASK=
NETWORK=
ONBOOT=yes
TYPE=Ethernet

Solaris
/sbin/ifconfig {interface (e.g bge0:30}down unplumb

/sbin/ifconfig {interface} plumb
/sbin/ifconfig {interface} {ip_addr} netmask {netmask_addr} broadcast {broadcast_addr} up

/etc/hostname.{interface}

VMWare Tools for Linux

Installing VMware Tools

1) Login to VMware infrastructure client
2) Choose the guest
3) Right click and select Install/Upgrade VMware Tools. This step will actually mount the media to upgrade the tools
4) Login to the guest system as root
5) Install the rpm found in the media (eg: rpm -ivh vmware-rpm-name)
6) Check the status using /etc/init.d/vmware-tools status
7) If the vmware is not running, execute /etc/init.d/vmware-tools start
8) If you get the message vmware-guestd is not running, reboot the o/s
9) If you get the message to execute perl script, please execute /usr/bin/vmware-config-tools.pl
10) If you get Network is unreachable, check using ifconfig -a. If you don't see the interfaces properly, execute /etc/init.d/network start
11) End the VMware tools from VMware infrastructure client
12) ToolsOk should be seen as status

LDAP ports

Default port: 389

For Active Directory, to search global catalog use port 3268

Unix - Recursively list symbolic links

find / -type l -exec ls -al {} \;

File system mounts - Linux and Solaris

File system mounts can be found:

Linux: /etc/fstab
Solaris: /etc/vfstab

Set ulimit in Linux

Add these two lines to /etc/security/limits.conf file
username hard nofile 10240
username soft nofile 10240

Substitute your username
nofile indicates no. of open files parameter
10240 is the ulimit size
Set both hard and soft limits

Flush DNS in Solaris

1. Get PID using ps -ef | grep nscd
2. kill {PID}
3. Restart using /usr/sbin/nscd

xterm on RHEL

Problem:
Xlib: connection to ":0.0" refused by server
Xlib: No protocol specified

The installer is unable to run in graphical mode. Try running the installer with the -console or -silent flag.

Solution:
Execute this command
xhost +
xterm

Unix File Permissions

Letter Permission

r Read

w Write

x Execute, Go through (for directories)

- No permission

 

Letter Type of users

u User (owner of the file)

g Group (group to which belong the file)

o Other (users who are neither a member of the Group nor the owner of the file)

a All (everybody)

Permission Value

-                   0

x                  1

w                 2

r                  4

Permission Value

---              0

--x             1

-w-            2

-wx           3

r--             4

r-x            5 

rw-           6

rwx           7

Modify timestamp in Unix

touch -t 200711031206 filename
yyyymmddhhmm format

HTTP Status Code

http://en.wikipedia.org/wiki/List_of_HTTP_status_codes

Code Abbreviation
400 Bad Request
401 Unauthorized
402 Payment Required
403 Forbidden
404 Page Not Found
405 Method Not Allowed
406 Not Acceptable
407 Proxy Authentication Required
408 Request Timed Out
409 Conflict
410 Gone
411 Length Required
412 Precondition Failed
413 Request Entity Too Large
414 Request-URL Too Long
415 Unsupported Media Type
416 Requested Range Not Satisfiable
417 Expectation Failed
500 Server Error
501 Not Implemented
502 Bad Gateway
503 Out of Resources
504 Gateway Timeout
505 HTTP Version Not Supported
10001 Server Request Missing Status
10052 Network Reset
10053 Socket Connection Aborted
10054 Socket Connection Reset
10060 Socket Connection Timeout
10061 Connection Refused
11005 Connection Time Out
12000 Socket Receive Timeout
12004 Invalid URL
12013 DNS Lookup Failure
14001 Byte Limit Exceeded
15001 User Script Failure
19999 Unknown Connection
30002 Excessive Number of Redirects
30005 Unsupported SSL Version
30500 Content Match Test Failed
31000 Time Out Exceeded
31000 Timeout Exceeded
39999 Unknown Error

Unix Command - NFS mount

Solaris: mount -F nfs {nas_name}:{source_volume_directory} {target_directory}
Ex: mount -F nfs mynas:/vol/data_environment/env /opt/nascontent

Linux: Solaris: mount -t nfs {nas_name}:{source_volume_directory} {target_directory}

Unix Command - Print no.of CPUs & Memory

Print no. of CPUs
psrinfo -p

Print Memory
prtconf -v |grep Mem

RedHat - 32 or 64 bit?

Run command: uname -a

Output from 32 bit host:
Linux hostname 2.6.18-92.el5 #1 SMP Tue Apr 29 13:16:12 EDT 2008 i686 i686 i386 GNU/Linux

Output from 64 bit host:
Linux hostname 2.6.18-92.el5 #1 SMP Tue Apr 29 13:16:15 EDT 2008 x86_64 x86_64 x86_64 GNU/Linux

64 bit systems will have x86_64 in their output and 32 bit systems will not have this flag.

Cron

List crontab
crontab -l

Edit crontab
crontab -e

Syntax

*     *     *   *    *        command to be executed
-     -     -   -    -
|     |     |   |    |
|     |     |   |    +----- day of week (0 - 6) (Sunday=0)
|     |     |   +------- month (1 - 12)
|     |     +--------- day of        month (1 - 31)
|     +----------- hour (0 - 23)
+------------- min (0 - 59)

Enable cron in linux
Check the files cron.allow and cron.deny. Add users to cron.allow to allow to execute cron.