Skip to main content

Linux command line tips and tricks

This post lists a number of useful tips and tricks from my daily Linux experience. Mostly I deal with RHEL but I believe these commands are quite independent on Linux distribution (or can be adapted).

Network commands
Here are network commands represented.

Basic net utils: 
# Who is listening to port:
netstat -lp | grep <port>

# Show all connections with numeric addresses and proc IDs:
netstat -anp

# Listen to port (to check connectivity from another side):
netcat -l -p <port>
# -or-
nc -l -p <port>
SSH tunnel: 
# Tunnel to remote_ip:remote_port via proxy_ip with known login/password
# The remote_ip:remote_port is being redirected to localhost:local_port
ssh -L local_port:remote_ip:remote_port login@proxy_ip

# Real-world example of tunnel to remote Sedna XML DB:
ssh -L 5050:134.27.100.67:5050 pxqa1@134.27.100.67
Download via HTTP proxy with wget: 
# Download resource from internet from behind a proxy:
http_proxy=http://host:port ; export http_proxy ; wget --proxy=on http://mirror.centos.org/centos/5/os/x86_64/CentOS/mc-4.6.1a-35.el5.x86_64.rpm

# The same for ftp resources:
ftp_proxy=http://host:port ; export ftp_proxy ; wget --proxy=on ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/mc-4.6.1a-35.el5.src.rpm
Telnet via HTTP proxy: 
# 1. Connect to the proxy:
pxqa1@server:/home/pxqa1>telnet myproxy.com 8080
Trying 134.27.0.0...
Connected to myproxy.com (134.27.0.0).
Escape character is '^]'.

## 2. Establish SFTP tunnel
CONNECT remote_sftp_server:22 HTTP/1.0
Proxy-Authorization: Basic bnhw...OQ==

HTTP/1.1 200 Connection established

SSH-2.0-OpenSSH_5.1p1 FreeBSD-20080901

## -or- 2. Establish HTTP tunnel
GET http://www.google.com HTTP/1.0

## -or- 2. Establish FTP tunnel
CONNECT remote_ftp_server:21 HTTP/1.0
Proxy-Authorization: Basic bnhw...OQ==

HTTP/1.1 200 Connection established

220 Test FTP server (version 6.1.1) ready.
USER username
331 Password required for username.
PASS password
230-Welcome to Test!
230 User username logged in.
Transfer data with rsync: 
# Copy/update data locally:
rsync -acv --delete source_path destination_path

# Copy/update data remotely via SSH, e.g. war build:
rsync -acv --delete --rsh=ssh .war jboss@134.27.0.0:/usr/local/jboss/server/deploy

# Upload files interruption-safe:
rsync -av --partial --rsh=ssh local_file_name username@remote_host:remote_path
IPTables: 
# Show all rules:
iptables -L
# Show all rules with numeric addresses:
iptables -L -n

# Manage service:
service iptables start/stop/status
# Save changes to config file:
service iptables save

# Redirect port, e.g. from 80 to 8080:
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080

# Block particular IP address:
iptables -I INPUT -s 25.55.55.55 -j DROP
# Unblock particular IP address:
iptables -D INPUT -s 25.55.55.55 -j DROP

# Delete chains/rules in table 'nat'
iptables -t nat -F
iptables -t nat -X

Local commands
Here are local commands represented.

Specific finds: 
# Find by name with wildcards, e.g. '*.txt'
find . -name "*.txt"

# Find files that contain specific substring, e.g. 'qqq'
find . -exec grep 'qqq' '{}' \; -print

# Find broken symlinks
find . -xdev -type l -print0 | xargs -0 -I '{}' sh -c "[ -e '{}' ] || (echo '{}' is broken)"
One-liners with bash logic: 
# Using for loop, e.g. removing all .svn directories recursively
for i in `find -name .svn`; do rm -fr $i ; done

# Using if condition
if [ $t -eq 10 ] ; then echo 'yes'; elif echo 'no'; fi
AWK and SED transformations: 
# Just a simple example - extracting time value from ping response
PINGRESPONSE="64 bytes from 172.28.65.253: icmp_seq=1 ttl=128 time=0.221 ms"
TIME=`echo $PINGRESPONSE | awk '{print $7}' | sed 's/time=//'`
Labels:

Comments

Post a Comment

Popular posts from this blog

Connection to Amazon Neptune endpoint from EKS during development

This small article will describe how to connect to Amazon Neptune database endpoint from your PC during development. Amazon Neptune is a fully managed graph database service from Amazon. Due to security reasons direct connections to Neptune are not allowed, so it's impossible to attach a public IP address or load balancer to that service. Instead access is restricted to the same VPC where Neptune is set up, so applications should be deployed in the same VPC to be able to access the database. That's a great idea for Production however it makes it very difficult to develop, debug and test applications locally. The instructions below will help you to create a tunnel towards Neptune endpoint considering you use Amazon EKS - a managed Kubernetes service from Amazon. As a side note, if you don't use EKS, the same idea of creating a tunnel can be implemented using a Bastion server . In Kubernetes we'll create a dedicated proxying pod. Prerequisites. Setting up a tunnel. ...
Post a Comment
Read more

Notes on upgrade to JSF 2.1, Servlet 3.0, Spring 4.0, RichFaces 4.3

This article is devoted to an upgrade of a common JSF Spring application. Time flies and there is already Java EE 7 platform out and widely used. It's sometimes said that Spring framework has become legacy with appearance of Java EE 6. But it's out of scope of this post. Here I'm going to provide notes about the minimal changes that I found required for the upgrade of the application from JSF 1.2 to 2.1, from JSTL 1.1.2 to 1.2, from Servlet 2.4 to 3.0, from Spring 3.1.3 to 4.0.5, from RichFaces 3.3.3 to 4.3.7. It must be mentioned that the latest final RichFaces release 4.3.7 depends on JSF 2.1, JSTL 1.2 and Servlet 3.0.1 that dictated those versions. This post should not be considered as comprehensive but rather showing how I did the upgrade. See the links for more details. Jetty & Tomcat. JSTL. JSF & Facelets. Servlet. Spring framework. RichFaces. Jetty & Tomcat First, I upgraded the application to run with the latest servlet container versio...
1 comment
Read more

Managing Content Security Policy (CSP) in IBM MAS Manage

This article explores a new system property introduced in IBM MAS 8.11.0 and Manage 8.7.0+ that enhances security but can inadvertently break Google Maps functionality within Manage. We'll delve into the root cause, provide a step-by-step solution, and offer best practices for managing Content Security Policy (CSP) effectively. Understanding the issue IBM MAS 8.11.0 and Manage 8.7.0 introduced the mxe.sec.header.Content_Security_Policy   property, implementing CSP to safeguard against injection attacks. While beneficial, its default configuration restricts external resources, causing Google Maps and fonts to malfunction. CSP dictates which domains can serve various content types (scripts, images, fonts) to a web page. The default value in this property blocks Google-related domains by default. Original value font-src 'self' data: https://1.www.s81c.com *.walkme.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ...
Post a Comment
Read more