Switching Name in WordPress Database

Dovecot master/master replication using dsync.

Configuration with SSL

doveadm replicator command :

Bye bye google docs, Welcome privacy !

Examples of cat <<EOF syntax usage in Bash

Here is an example to send a mail via telnet:

If your unable to start MySQL 8.

-Start MySQL

- First dump all databases:

- Stop MySQL:

- Remove all the database in the MySQL directory :

- Reinitialise :

- Start MySQL

- Change root password

- Import the databases

Logitech wireless vulnerabilities

Tools for exploit

Finally the patch

• Take a deep breath


• Write down the name of the ransomware and keep it somewhere


• Remove the hard drive from your computer and put it in a box


• Install a new hard drive


• Make offline backups of your computer and install an antivirus


• Finally, take a look from time to time at No More Ransom to see if a file decryptor is available for your ransomware

Linux Display Current Date and Time

You must login as root user to use date command.

Just type the date command:
$ date

Sample outputs:

Mon Jan 21 01:31:40 IST 2019

Linux Set Date Command Example

Use the following syntax to set new data and time:

date --set="STRING"

For example, set new data to 2 Oct 2006 18:00:00, type the following command as root user:

# date -s "2 OCT 2006 18:00:00"

OR

# date --set="2 OCT 2006 18:00:00"

You can also simplify format using following syntax:

# date +%Y%m%d -s "20081128"

Linux Set Time Examples

To set time use the following syntax:
# date +%T -s "10:13:13"

Where,

• 10: Hour (hh)


• 13: Minute (mm)


• 13: Second (ss)

Use %p locale’s equivalent of either AM or PM, enter:

# date +%T%p -s "6:10:30AM"

# date +%T%p -s "12:10:30PM"

Remove login trace :

Remove history :

Clear Bash history completely :
Type the following command to clear all your Bash history:
history -cw
-c Clear the history list
-w Write out the current history to the history file

Remove a certain line from Bash history :
Type the following command to remove a certain line (e.g. 352) from the Bash history file:
history -dw 352
-d Delete specified line from the history

Clear current session history :
Type the following command to clear the Bash history of the current session only:
history -r

Execute a command without saving it in the Bash history :
'space'command
Put a space in front of your command and it won’t be saved in the Bash history.

Don’t save commands in Bash history for current session :
unset HISTFILE
Unsetting HISTFILE will cause any commands that you have executed in the current shell session not to be written in your bash_history file upon logout

Change in the current session the path of the history file :
export HISTFILE=/dev/null

Three ways to Remove Only Current Session Bash History and Leave Older History Untouched :
kill -9 $$
unset HISTFILE && exit
history -r && exit

!!:n where n is the 0-based position of the argument you want.
The ! prefix is used to access previous commands.

• !$ - last argument from previous command


• !^ - first argument (after the program/built-in/script) from previous command


• $_ - recall the last argument of the previous command.


• !! - previous command (often pronounced "bang bang")


• !n - command number n from history


• !pattern - most recent command matching pattern


• !!:s/find/replace - last command, substitute find with replace

For example:

echo 'one' 'two'

# "one two"

echo !!:2

# "two"

var string = "foo",

    substring = "oo";

string.includes(substring)

var string = "foo",

    substring = "oo";

string.indexOf(substring) !== -1

if (!String.prototype.includes) {

  String.prototype.includes = function(search, start) {

    'use strict';

    if (typeof start !== 'number') {

      start = 0;

    }

    if (start + search.length > this.length) {

      return false;

    } else {

      return this.indexOf(search, start) !== -1;

    }

  };

}

Introduction

A SSH tunnel consists of an encrypted tunnel created through a SSH protocol connection. A SSH tunnel can be used to transfer unencrypted traffic over a network through an encrypted channel. For example we can use a ssh tunnel to securely transfer files between a FTP server and a client even though the FTP protocol itself is not encrypted. SSH tunnels also provide a means to bypass firewalls that prohibits or filter certain internet services. For example an organization will block certain sites using their proxy filter. But users may not wish to have their web traffic
monitored or blocked by the organization proxy filter. If users can connect toan external SSH server, they can create a SSH tunnel to forward a given port on their local machine to port 80 on remote web-server via the external SSH server. I will describe this scenario in detail in a little while.
To set up a SSH tunnel a given port of one machine needs to be forwarded (of which I am going to talk about in a little while) to a port in the other machine which will be the other end of the tunnel. Once the SSH tunnel has been established, the user can connect to earlier specified port at first machine to access the network service.

Port Forwarding

SSH tunnels can be created in several ways using different kinds of port forwardingmechanisms. Ports can be forwarded in three ways.

1. Local port forwarding


2. Remote port forwarding


3. Dynamic port forwarding

I didn’t explain what port forwarding is. I found Wikipedia’s definition more explanatory.

Port forwarding or port mapping is a name given to the combined technique of

1. translating the address and/or port number of a packet to a new destination


2. possibly accepting such packet(s) in a packet filter(firewall)


3. forwarding the packet according to the routing table.

Here the first technique will be used in creating an SSH tunnel. When a client application connects to the local port (local endpoint) of the SSH tunnel and transfer data these data will be forwarded to the remote end by translating the host and port values to that of the remote end of the channel.

So with that let’s see how SSH tunnels can be created using forwarded ports with an examples.

Tunnelling with Local port forwarding

Let’s say that yahoo.com is being blocked using a proxy filter in the University. (For the sake of this example. :). Cannot think any valid reason why yahoo would be blocked). A SSH tunnel can be used to bypass this restriction. Let’s name my machine at the university as ‘work’ and my home machine as ‘home’. ‘home’ needs to have a public IP for this to work. And I am running a SSH server on my home machine. Following diagram illustrates the scenario.

To create the SSH tunnel execute following from ‘work’ machine.

The ‘L’ switch indicates that a local port forward is need to be created. The switch syntax is as follows.

Now the SSH client at ‘work’ will connect to SSH server running at ‘home’ (usually running at port 22) binding port 9001 of ‘work’ to listen for local requests thus creating a SSH tunnel between ‘home’ and ‘work’. At the ‘home’ end it will create a connection to ‘yahoo.com’ at port 80. So ‘work’ doesn’t need to know how to connect to yahoo.com. Only ‘home’ needs to worry about that. The channel between ‘work’ and ‘home’ will be encrypted while the connection between ‘home’ and ‘yahoo.com’ will be unencrypted.

Now it is possible to browse yahoo.com by visiting http://localhost:9001 in the web browser at ‘work’ computer. The ‘home’ computer will act as a gateway which would accept requests from ‘work’ machine and fetch data and tunnelling it back. So the syntax of the full command would be as follows.

The image below describes the scenario.

Here the ‘host’ to ‘yahoo.com’ connection is only made when browser makes the request not at the tunnel setup time.

It is also possible to specify a port in the ‘home’ computer itself instead of connecting to an external host. This is useful if I were to set up a VNC session between ‘work’ and ‘home’. Then the command line would be as follows.

So here what does localhost refer to? Is it the ‘work’ since the command line is executed from ‘work’? Turns out that it is not. As explained earlier is relative to the gateway (‘home’ in this case) , not the machine from where the tunnel is initiated. So this will make a connection to port 5900 of the ‘home’ computer where the VNC client would be listening in.

The created tunnel can be used to transfer all kinds of data not limited to web browsing sessions. We can also tunnel SSH sessions from this as well. Let’s assume there is another computer (‘banned’) to which we need to SSH from within University but the SSH access is being blocked. It is possible to tunnel a SSH session to this host using a local port forward. The setup would look like this.

As can be seen now the transferred data between ‘work’ and ‘banned’ are encrypted end to end. For this we need to create a local port forward as follows.

Now we need to create a SSH session to local port 9001 from where the session will get tunneled to ‘banned’ via ‘home’ computer.

With that let’s move on to next type of SSH tunnelling method, reverse tunnelling.

Reverse Tunnelling with remote port forwarding

Let’s say it is required to connect to an internal university website from home. The university firewall is blocking all incoming traffic. How can we connect from ‘home’ to internal network so that we can browse the internal site? A VPN setup is a good candidate here. However for this example let’s assume we don’t have this facility. Enter SSH reverse tunnelling..

As in the earlier case we will initiate the tunnel from ‘work’ computer behind the firewall. This is possible since only incoming traffic is blocking and outgoing traffic is allowed. However instead of the earlier case the client will now be at the ‘home’ computer. Instead of -L option we now define -R which specifies

a reverse tunnel need to be created.

Once executed the SSH client at ‘work’ will connect to SSH server running at home creating a SSH channel. Then the server will bind port 9001 on ‘home’ machine to listen for incoming requests which would subsequently be routed through the created SSH channel between ‘home’ and ‘work’. Now it’s possible to browse the internal site

by visiting http://localhost:9001 in ‘home’ web browser. The ‘work’ will then create a connection to intra-site and relay back the response to ‘home’ via the created SSH channel.

As nice all of these would be still you need to create another tunnel if you need to connect to another site in both cases. Wouldn’t it be nice if it is possible to proxy traffic to any site using the SSH channel created? That’s what dynamic port forwarding is all about.

Dynamic Port Forwarding

Dynamic port forwarding allows to configure one local port for tunnelling data to all remote destinations. However to utilize this the client application connecting to local port should send their traffic using the SOCKS protocol. At the client side of the tunnel a SOCKS proxy would be created and the application (eg. browser) uses the SOCKS protocol to specify where the traffic should be sent when it leaves the other end of the ssh tunnel.

Here SSH will create a SOCKS proxy listening in for connections at local port 9001 and upon receiving a request would route the traffic via SSH channel created between ‘work’ and ‘home’. For this it is required to configure the browser to point to the SOCKS proxy at port 9001 at localhost.

This is a linux command line reference for common operations. Examples marked with • are valid/safe to paste without modification into a terminal, so you may want to keep a terminal window open while reading this so you can cut & paste.

• Remote terminal session management (detaching or sharing terminal sessions)
• unlimited windows (unlike the hardcoded number of Linux virtual consoles)
• scrollback buffer (not limited to video memory like Linux virtual consoles)
• copy/paste between windows
• notification of either activity or inactivity in a window
• split terminal (horizontally and vertically) into multiple regions
• locking other users out of terminal
See also the tmux alternative
See also the byobu screen config manager. See also the reptyr as another way to reattach programs to a terminal. Note for nested screen sessions, use "Ctrl+a a" to send commands to the inner screen, and the standard "Ctrl+a" to send commands to the outer screen.

Key	Action	Notes
Ctrl+a c	new window
Ctrl+a n	next window	I bind F12 to this
Ctrl+a p	previous window	I bind F11 to this
Ctrl+a "	select window from list	I have window list in the status line
Ctrl+a Ctrl+a	previous window viewed
Ctrl+a S	split terminal horizontally into regions	Ctrl+a c to create new window there
Ctrl+a |	split terminal vertically into regions	Requires screen >= 4.1
Ctrl+a :resize	resize region
Ctrl+a :fit	fit screen size to new terminal size	Ctrl+a F is the same. Do after resizing xterm
Ctrl+a :remove	remove region	Ctrl+a X is the same
Ctrl+a tab	Move to next region
Ctrl+a d	detach screen from terminal	Start screen with -r option to reattach
Ctrl+a A	set window title
Ctrl+a x	lock session	Enter user password to unlock
Ctrl+a [	enter scrollback/copy mode	Enter to start and end copy region. Ctrl+a ] to leave this mode
Ctrl+a ]	paste buffer	Supports pasting between windows
Ctrl+a >	write paste buffer to file	useful for copying between screens
Ctrl+a <	read paste buffer from file	useful for pasting between screens
Ctrl+a ?	show key bindings/command names	Note unbound commands only in man page
Ctrl+a :	goto screen command prompt	up shows last command entered

source ©

So, reluctantly, we come to the issue of sending email through code. It's easy! Let's send some email through oh, I don't know, let's say ... Ruby, courtesy of some sample code I found while browsing the Ruby tag on Stack Overflow.

require 'net/smtp'

def send_email(to, subject = "", body = "")

    from = "my@email.com"

    body= "From: #{from}\r\nTo: #{to}\r\nSubject: #{subject}\r\n\r\n#{body}\r\n"

    Net::SMTP.start('192.168.10.213', 25, '192.168.0.218') do |smtp|

        smtp.send_message body, from, to

    end

end

send_email "my@email.com", "test", "blah blah blah"

There's a bug in this code, though. Do you see it?

Just because you send an email doesn't mean it will arrive. Not by a long shot. Bear in mind this is email we're talking about. It was never designed to survive a bitter onslaught of criminals and spam, not to mention the explosive, exponential growth it has seen over the last twenty years. Email is a well that has been truly and thoroughly poisoned -- the digital equivalent of a superfund cleanup site. The ecosystem around email is a dank miasma of half-implemented, incompletely supported anti-spam hacks and workarounds.

Which means the odds of that random email your code just sent getting to its specific destination is .. spotty. At best.

If you want email your code sends to actually arrive in someone's AOL mailbox, to the dulcet tones of "You've Got Mail!", there are a few things you must do first. And most of them are only peripherally related to writing code.

1. Make sure the computer sending the email has a Reverse PTR record

What's a reverse PTR record? It's something your ISP has to configure for you -- a way of verifying that the email you send from a particular IP address actually belongs to the domain it is purportedly from.

Not every IP address has a corresponding PTR record. In fact, if you took a random sampling of addresses your firewall blocked because they were up to no good, you'd probably find most have no PTR record - a dig -x gets you no information. That's also apt to be true for mail spammers, or their PTR doesn't match up: if you do a dig -x on their IP you get a result, but if you look up that result you might not get the same IP you started with.

That's why PTR records have become important. Originally, PTR records were just intended as a convenience, and perhaps as a way to be neat and complete. There still are no requirements that you have a PTR record or that it be accurate, but because of the abuse of the internet by spammers, certain conventions have grown up. For example, you may not be able to send email to some sites if you don't have a valid PTR record, or if your pointer is "generic".

How do you get a PTR record? You might think that this is done by your domain registrar - after all, they point your domain to an IP address. Or you might think whoever handles your DNS would do this. But the PTR record isn't up to them, it's up to the ISP that "owns" the IP block it came from. They are the ones who need to create the PTR record.

A reverse PTR record is critical. How critical? Don't even bother reading any further until you've verified that your ISP has correctly configured the reverse PTR record for the server that will be sending email. It is absolutely the most common check done by mail servers these days. Fail the reverse PTR check, and I guarantee that a huge percentage of the emails you send will end up in the great bit bucket in the sky -- and not in the email inboxes you intended.

2. Configure DomainKeys Identified Mail in your DNS and code

What's DomainKeys Identified Mail? With DKIM, you "sign" every email you send with your private key, a key only you could possibly know. And this can be verified by attempting to decrypt the email using the public key stored in your public DNS records. It's really quite clever!

The first thing you need to do is generate some public-private key pairs (one for every domain you want to send email from) via OpenSSL. I used a win32 version I found. Issue these commands to produce the keys in the below files:

$ openssl genrsa -out rsa.private 1024

$ openssl rsa -in rsa.private -out rsa.public -pubout -outform PEM

These public and private keys are just big ol' Base64 encoded strings, so plop them in your code as configuration string resources that you can retrieve later.

Next, add some DNS records. You'll need two new TXT records.

1. _domainkey.example.com
   
   "o=~; r=contact@example.com"
   
2. selector._domainkey.example.com
   
   "k=rsa; p={public-key-base64-string-here}"

The first TXT DNS record is the global DomainKeys policy and contact email.

The second TXT DNS record is the public base64 key you generated earlier, as one giant unbroken string. Note that the "selector" part of this record can be anything you want; it's basically just a disambiguating string.

Almost done. One last thing -- we need to sign our emails before sending them. In any rational world this would be handled by an email library of some kind. We use Mailbee.NET which makes this fairly painless:

smtp.Message = dk.Sign(smtp.Message,

null, AppSettings.Email.DomainKeyPrivate, false, "selector");

3. Set up a SPF / SenderID record in your DNS

To be honest, SenderID is a bit of a "nice to have" compared to the above two. But if you've gone this far, you might as well go the distance. SenderID, while a little antiquated and kind of.. Microsoft/Hotmail centric.. doesn't take much additional effort.

SenderID isn't complicated. It's another TXT DNS record at the root of, say, example.com, which contains a specially formatted string documenting all the allowed IP addresses that mail can be expected to come from. Here's an example:

"v=spf1 a mx ip4:10.0.0.1 ip4:10.0.0.2 ~all"

You can use the Sender ID SPF Record Wizard to generate one of these for each domain you send email from.

That sucked. How do I know all this junk is working?

I agree, it sucked. Email sucks; what did you expect? I used two methods to verify that all the above was working:

1. Test emails sent to a GMail account.
   
   
   Use the "show original" menu on the arriving email to see the raw message content as seen by the email server. You want to verify that the headers definitely contain the following:
   

   Received-SPF: pass
   
   Authentication-Results: ... spf=pass ... dkim=pass

   
   

   If you see that, then the Reverse PTR and DKIM signing you set up is working. Google provides excellent diagnostic feedback in their email server headers, so if something isn't working, you can usually discover enough of a hint there to figure out why.
   
   

   
   
2. Test emails sent to the Port25 email verifier
   
   
   Port25 offers a really nifty public service -- you can send email to check-auth@verifier.port25.com and it will reply to the from: address with an extensive diagnostic! Here's an example summary result from a test email I just sent to it:
   

   SPF check:          pass
   
   DomainKeys check:   fail
   
   DKIM check:         pass
   
   Sender-ID check:    pass
   
   SpamAssassin check: ham

   
   

   You want to pass SPF, DKIM, and Sender-ID. Don't worry about the DomainKeys failure, as I believe it is spurious -- DKIM is the "newer" version of that same protocol.

   
   source

If you’re an email marketer, you’ve probably heard acronyms like “SPF,” “DKIM,” and “DMARC” being tossed around with little explanation. People might assume you automatically understand these terms, but the truth is that many marketers’ grasp of these concepts is vague, at best.

The good news is that SPF, DKIM, and DMARC can work together for you like a triple rainbow of email authentication, and that’s why we want you to have a thorough understanding of them. The explanations are technical, but these are three fundamental concepts to understand about email authentication. 

We’ll provide you with a brief and insightful look at each of these protocols, then you’ll be able to start tossing these acronyms around like the pros. First things first…

What is email authentication, and why is it so important?

Email authentication helps to improve the delivery and credibility of your marketing emails by implementing protocols that verify your domain as the sender of your messages.  

Using authentication won’t guarantee that your mail reaches the inbox but it preserves your brand reputation while making sure you have the best possible chance of having your messages reach their intended destination. 

Read on to find out how to ensure you’re achieving the gold standard of email authentication.

SPF, DKIM, and DMARC: 3 Technical, but Essential, Explanations

SPF: Sender Policy Framework

SPF, Sender Policy Framework, is a way for recipients to confirm the identity of the sender of an incoming email.

By creating an SPF record, you can designate which mail servers are authorized to send mail on your behalf. This is especially useful if you have a hosted email solution (Office365, Google Apps, etc.) or if you use an ESP like Higher Logic.

Here’s a brief synopsis of the process:

1. The sender adds a record to the DNS settings.
   
   
   
   1. The record is for the domain used in their FROM: address (e.g. if I send from contact@sysa.tech, add the record to sysa.tech). This record includes all IP addresses (mail servers) that are authorized to send mail on behalf of this domain. A typical SPF record will look something like this:
      v=spf1 ip4:64.34.187.182 ip4:66.70.82.40 ip4:64.27.72.0/24 include:magnetmail.net ~all


2.  The receiving server checks the DNS records.
   
   
   
   1. When the mail is sent, the receiving server checks the DNS records for the domain in the FROM: field. If the IP address is listed in that record (as seen above), the message passes SPF.


3. If SPF exists, but the IP address isn't in the record, it's a hard fail.
   
   
   
   1. If the SPF record exists, but the IP address of the sending mail server isn’t in the record, it’s considered a “hard-fail.” This can often cause mail to be rejected or routed to the spam folder.


4. If no SPF record exists, it's a soft fail.
   
   
   
   1. If no SPF record exists at all, this is considered a “soft-fail.” These are most likely to cause messages to be routed to spam but can lead to a message being rejected as well.

DKIM: DomainKeys Identified Mail

DKIM, short for DomainKeys Identified Mail, also allows for the identification of “spoofed” emails but using a slightly different process. Instead of a single DNS record that keys off the FROM: address, DKIM employs two encryption keys: one public and one private.

The private key is housed in a secure location that can only be accessed by the owner of the domain. This private key is used to create an encrypted signature that is added to every message sent from that domain. Using the signature, the receiver of the message can check against the public DKIM key, which is stored in a public-facing DNS record. If the records “match,” the mail could only have been sent by the person with access to the private key, aka the domain owner.  

DMARC: Domain-based Message Authentication, Reporting, & Conformance

While SPF and DKIM can be used as stand-alone methods, DMARC must rely on either SPF or DKIM to provide the authentication.

DMARC (Domain-based Message Authentication, Reporting, & Conformance) builds on those technologies by providing directions to the receiver on what to do if a message from your domain is not properly authenticated.

Like SPF and DKIM, DMARC also requires a specific DNS record to be entered for the domain you wish to use in your FROM: address. This record can include several values, but only two are required:

• (v) tells the receiving server to check DMARC


• (p) gives instructions on what to do if authentication fails.

The values for p can include:

• p=none, which tells the receiving server to take no specific action if authentication fails.


• p=quarantine, which tells the receiving server to treat unauthenticated mail suspiciously. This could mean routing the mail to spam/junk, or adding a flag indicating the mail is not trusted.


• p=reject, which tells the receiving server to reject any mail that does not pass SPF and/or DKIM authentication.

In addition to the required tags advising how to handle unauthenticated mail, DMARC also provides a reporting component that can be very useful for most organizations. By enabling the reporting features of DMARC, your organization can receive reports indicating all mail that is being sent with your domain in the FROM: address. This can help identify spoofed or falsified mail patterns as well as tracking down other business divisions or partners that may be legitimately sending mail on your behalf without authentication.

• Task: Make changes to your bash shell environment using set and shopt commands.


• The set and shopt command controls several values of variables controlling shell behavior.

Contents

• List currently configured shell options
  
  • 1.1 How do I set and unset shell variable options?
    
    • 1.1.1 Examples


• 2 shopt command
  
  • 2.1 How do I enable (set) and disable (unset) each option?
    
    • 2.1.1 Examples


• 3 Customizing Bash environment with shopt and set
  
  • 3.1 How do I setup environment variables?

List currently configured shell options

Type the following command:

set -o

Sample outputs:

allexport      	off

braceexpand    	on

emacs          	on

errexit        	off

errtrace       	off

functrace      	off

hashall        	on

histexpand     	on

history        	on

ignoreeof      	off

interactive-comments	on

keyword        	off

monitor        	on

noclobber      	off

noexec         	off

noglob         	off

nolog          	off

notify         	off

nounset        	off

onecmd         	off

physical       	off

pipefail       	off

posix          	off

privileged     	off

verbose        	off

vi             	off

xtrace         	off

• See set command for detailed explanation of each variable.

How do I set and unset shell variable options?

To set shell variable option use the following syntax:

set -o variableName

To unset shell variable option use the following syntax:

set +o variableName

Examples

Disable <CTRL-d> which is used to logout of a login shell (local or remote login session over ssh).

set -o ignoreeof

Now, try pressing [CTRL-d]
Sample outputs:

Use "exit" to leave the shell.

Turn it off, enter:

set +o ignoreeof

shopt command

You can turn on or off the values of variables controlling optional behavior using the shopt command. To view a list of some of the currently configured option via shopt, enter:

shopt

shopt -p

Sample outputs:

cdable_vars    	off

cdspell        	off

checkhash      	off

checkwinsize   	on

cmdhist        	on

compat31       	off

dotglob        	off

execfail       	off

expand_aliases 	on

extdebug       	off

extglob        	off

extquote       	on

failglob       	off

force_fignore  	on

gnu_errfmt     	off

histappend     	off

histreedit     	off

histverify     	off

hostcomplete   	on

huponexit      	off

interactive_comments	on

lithist        	off

login_shell    	off

mailwarn       	off

no_empty_cmd_completion	off

nocaseglob     	off

nocasematch    	off

nullglob       	off

progcomp       	on

promptvars     	on

restricted_shell	off

shift_verbose  	off

sourcepath     	on

xpg_echo       	off

How do I enable (set) and disable (unset) each option?

To enable (set) each option, enter:

shopt -s optionName

To disable (unset) each option, enter:

shopt -u optionName

Examples

If cdspell option set, minor errors in the spelling of a directory name in a cd command will be corrected. The errors checked for are transposed characters, a missing character, and one character too many. If a correction is found, the corrected file name is printed, and the command proceeds. For example, type the command (note /etc directory spelling):

cd /etcc

Sample outputs:

bash: cd: /etcc: No such file or directory

Now, turn on cdspell option and try again the same cd command, enter:

shopt -s cdspell

cd /etcc

Sample outputs:

/etc

[vivek@vivek-desktop /etc]$

Customizing Bash environment with shopt and set

Edit your ~/.bashrc, enter:

vi ~/.bashrc

Add the following commands:

# Correct dir spellings

shopt -q -s cdspell



# Make sure display get updated when terminal window get resized

shopt -q -s checkwinsize



# Turn on the extended pattern matching features 

shopt -q -s extglob



# Append rather than overwrite history on exit

shopt -s histappend



# Make multi-line commandsline in history

shopt -q -s cmdhist 



# Get immediate notification of background job termination

set -o notify 



# Disable [CTRL-D] which is used to exit the shell

set -o ignoreeof



# Disable core files

ulimit -S -c 0 > /dev/null 2>&1

How do I setup environment variables?

Simply add the settings to ~/.bashrc:

 # Store 5000 commands in history buffer

export HISTSIZE=5000



# Store 5000 commands in history FILE 

export HISTFILESIZE=5000      



# Avoid duplicates in hisotry 

export HISTIGNORE='&:[ ]*'



# Use less command as a pager

export PAGER=less



# Set vim as default text editor

export EDITOR=vim

export VISUAL=vim

export SVN_EDITOR="$VISUAL"



# Oracle database specific 

export ORACLE_HOME=/usr/lib/oracle/xe/app/oracle/product/10.2.0/server

export ORACLE_SID=XE

export NLS_LANG=$($ORACLE_HOME/bin/nls_lang.sh)



# Set JAVA_HOME 

export JAVA_HOME=/usr/lib/jvm/java-6-sun/jre



# Add ORACLE, JAVA and ~/bin bin to PATH

export PATH=$PATH:$ORACLE_HOME/bin:$HOME/bin:$JAVA_HOME/bin



# Secure SSH login stuff using keychain

# No need to input password again ever

/usr/bin/keychain $HOME/.ssh/id_dsa

source $HOME/.keychain/$HOSTNAME-sh



# Turn on Bash command completion

source /etc/bash_completion



# MS-DOS / XP cmd like stuff

alias edit=$VISUAL

alias copy='cp'

alias cls='clear'

alias del='rm'

alias dir='ls'

alias md='mkdir'

alias move='mv'

alias rd='rmdir'

alias ren='mv'

alias ipconfig='ifconfig'



# Other Linux stuff

alias bc='bc -l'

alias diff='diff -u'



# get updates from RHN

alias update='yum -y update'



# set eth1 as default

alias dnstop='dnstop -l 5  eth1'

alias vnstat='vnstat -i eth1'



# force colorful grep output

alias grep='grep --color'



# ls stuff

alias l.='ls -d .* --color=tty'

alias ll='ls -l --color=tty'

alias ls='ls --color=tty'

Introduction

• Introduction
  
• Les paramètres positionnels
  
  • Exemple 1
    
• Les paramètres spéciaux
  
  • Exemple 2
    
• Initialiser des paramètres
  
  • - La commande "set" -
    
  • Exemples
    
  • - La commande "shift" -
    
  • Exemple 3

Les paramètres positionnels

$1

$2

${10}

${11}

Exemple 1

#!/bin/bash

# affiche_param.sh



echo "Le 1er paramètre est : $1"

echo "Le 3ème paramètre est : $3"

echo "Le 10ème paramètre est : ${10}"

echo "Le 15ème paramètre est : ${15}"

./affiche_param.sh 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17

Le 1er paramètre est : 1
Le 3ème paramètre est : 3
Le 10ème paramètre est : 10
Le 15ème paramètre est : 15

./affiche_param.sh un 2 trois 4 5 6 7 8 9 dix 11 12 13 14 quinze 16 17
Le 1er paramètre est : un
Le 3ème paramètre est : trois
Le 10ème paramètre est : dix
Le 15ème paramètre est : quinze

./affiche_param.sh un 2 "le 3ème" 4 5 6 7 8 9 dix 11 12 13 14 "le 15ème" 16 17
Le 1er paramètre est : un
Le 3ème paramètre est : le 3ème
Le 10ème paramètre est : dix
Le 15ème paramètre est : le 15ème

Les paramètres spéciaux

$0

$*

$@

$#

$?

$$

$!

Exemple 2

#!/bin/bash

# affiche_param_2.sh



# Affichage du nom su script

echo "Le nom de mon script est : $0"

# Affichage du nombre de paramètres

echo "Vous avez passé $# paramètres"

# Liste des paramètres (un seul argument)

for param in "$*"

do

 echo "Voici la liste des paramètres (un seul argument) : $param"

done

# Liste des paramètres (un paramètre par argument)

echo "Voici la liste des paramètres (un paramètre par argument) :"

for param in "$@"

do

 echo -e "\tParamètre : $param"

done

# Affichage du processus

echo "Le PID du shell qui exécute le script est : $$"

# Exécution d'une commande qui s'exécute en arrière-plan

sleep 100 &

# Affichage du processus lancé en arrière-plan

echo "Le PID de la dernière commande exécutée en arrière-plan est : $!"

# Affichage du code retour de la dernière commande "echo"

echo "Le code retour de la commande précédente est : $?"

# Génération d'une erreur

echo "Génération d'une erreur..."

# Affichage de la mauvaise commande

echo "ls /etc/password 2>/dev/null"

ls /etc/password 2>/dev/null

# Affichage du code retour de la dernière commande

echo "Le code retour de la commande précédente est : $?"

exit

./affiche_param_2.sh 1 2 3 quatre 5 six

Le nom de mon script est : ./affiche_param_2.sh
Vous avez passé 6 paramètres
Voici la liste des paramètres (un seul argument) : 1 2 3 quatre 5 six
Voici la liste des paramètres (un paramètre par argument) :
        Paramètre : 1
        Paramètre : 2
        Paramètre : 3
        Paramètre : quatre
        Paramètre : 5
        Paramètre : six
Le PID du shell qui exécute le script est : 6165
Le PID de la dernière commande exécutée en arrière-plan est : 6166
Le code retour de la commande précédente est : 0
Génération d'une erreur...
ls /etc/password 2>/dev/null
Le code retour de la commande précédente est : 1

Initialiser des paramètres

- La commande "set" -

set

set param1 param2 param3

$1

$2

$3

param1

param2

param3

$#

$*

$@

Exemples

$ set param1 param2 param3
$ echo "Nombre de paramètres : $#"
  Nombre de paramètres : 3
$ echo "Le second paramètre est : $2"
  Le second paramètre est : param2
$ echo "Les paramètres sont : $@"
  Les paramètres sont : param1 param2 param3

$ set pêche pomme
$ echo "Nombre de paramètres : $#"
  Nombre de paramètres : 2
$ echo "Les paramètres sont : $@"
  Les paramètres sont : pêche pomme

$ IFS=":"; set $(grep $USER /etc/passwd)
$ echo -e "Login :\t$1\nNom :\t$5\nID :\t$3\nGroup :\t$4\nShell :\t$7"

Login : jp
Nom :   Jean-Philippe
ID :    500
Group : 500
Shell : /bin/bash

- La commande "shift" -

shift

$1

$2

$2

$3

shift [n]

Exemple 3

#!/bin/bash

# decale_param.sh



echo

echo "Nombre de paramètres : $#"

echo "Le 1er paramètre est : $1"

echo "Le 3ème paramètre est : $3"

echo "Le 6ème paramètre est : $6"

echo "Le 10ème paramètre est : ${10}"

echo "============================================="

echo "Décalage d'un pas avec la commande \"shift\""

shift

echo "Nombre de paramètres : $#"

echo "Le 1er paramètre est : $1"

echo "Le 3ème paramètre est : $3"

echo "Le 6ème paramètre est : $6"

echo "Le 10ème paramètre est : ${10}"

echo "============================================="

echo "Décalage de quatre pas avec la commande \"shift 4\""

shift 4

echo "Nombre de paramètres : $#"

echo "Le 1er paramètre est : $1"

echo "Le 3ème paramètre est : $3"

echo "Le 6ème paramètre est : $6"

echo "Le 10ème paramètre est : ${10}"

echo

./decale_param.sh 1 2 3 4 5 6 7 8 9 10

Nombre de paramètres : 10
Le 1er paramètre est : 1
Le 3ème paramètre est : 3
Le 6ème paramètre est : 6
Le 10ème paramètre est : 10
=============================================
Décalage d'un pas avec la commande "shift"
Nombre de paramètres : 9
Le 1er paramètre est : 2
Le 3ème paramètre est : 4
Le 6ème paramètre est : 7
Le 10ème paramètre est :
=============================================
Décalage de quatre pas avec la commande "shift 4"
Nombre de paramètres : 5
Le 1er paramètre est : 6
Le 3ème paramètre est : 8
Le 6ème paramètre est :
Le 10ème paramètre est :

Article original publié par Carlos Villagómez. Traduit par jipicy.
Dernière mise à jour le 1 juin 2017 à 17:02 par avenuepopulaire.

Ce document intitulé «  Bash - Les paramètres  » issu de CommentCaMarche (https://www.commentcamarche.net/) est mis à disposition sous les termes de la licence Creative Commons.
Vous pouvez copier, modifier des copies de cette page, dans les conditions fixées par la licence, tant que cette note apparaît clairement.

Quick and dirty OpenSSH configlet here. If you have a set of hosts or devices that require you to first jump through a bastion host, the following will allow you to run a single ssh command:

Change the Host * line to best match the hostnames that require a bastion host.

Sometimes things crash when they’re running inside a Docker container though, and then all of a sudden it can get much more difficult to work out why, or what the hell to do next.

If you’re stuck in that situation, here’s my goto debugging commands to help you get a bit more information on what’s up:

1. docker logs <container_id>
   
   Hopefully you’ve already tried this, but if not, start here. This’ll give you the full STDOUT and STDERR from the command that was run initially in your container.


2. docker stats <container_id>
   If you just need to keep an eye on the metrics of your container to work out what’s gone wrong, docker stats can help: it’ll give you a live stream of resource usage, so you can see just how much memory you’ve leaked so far.


3. docker cp <container_id>:/path/to/useful/file /local-path
   Often just getting hold of more log files is enough to sort you out. If you already know what you want, docker cp has your back: copy any file from any container back out onto your local machine, so you can examine it in depth (especially useful analysing heap dumps).


4. docker exec -it <container_id> /bin/bash
   Next up, if you can run the container (if it’s crashed, you can restart it with docker start <container_id>), shell in directly and start digging around for further details by hand.


5. docker commit <container_id> my-broken-container && docker run -it my-broken-container /bin/bash
   Can’t start your container at all? If you’ve got a initial command or entrypoint that immediately crashes, Docker will immediately shut it back down for you. This can make your container unstartable, so you can’t shell in any more, which really gets in the way.
   Fortunately, there’s a workaround: save the current state of the shut-down container as a new image, and start that with a different command to avoid your existing failures.
   Have a failing entrypoint instead? There’s an entrypoint override command-line flag too.

lsof stands for List Open Files. It is easy to remember lsof command if you think of it as “ls + of”, where ls stands for list, and of stands for open files.
It is a command line utility which is used to list the information about the files that are opened by various processes. In unix, everything is a file, ( pipes, sockets, directories, devices, etc.). So by using lsof, you can get the information about any opened files.

1. Introduction to lsof

Simply typing lsof will provide a list of all open files belonging to all active processes.

# lsof

COMMAND  PID       USER   FD      TYPE     DEVICE  SIZE/OFF       NODE NAME

init       1       root  cwd       DIR        8,1      4096          2 /

init       1       root  txt       REG        8,1    124704     917562 /sbin/init

init       1       root    0u      CHR        1,3       0t0       4369 /dev/null

init       1       root    1u      CHR        1,3       0t0       4369 /dev/null

init       1       root    2u      CHR        1,3       0t0       4369 /dev/null

init       1       root    3r     FIFO        0,8       0t0       6323 pipe

...

By default One file per line is displayed. Most of the columns are self explanatory. We will explain the details about couple of cryptic columns (FD and TYPE).

FD – Represents the file descriptor. Some of the values of FDs are,

• cwd – Current Working Directory


• txt – Text file


• mem – Memory mapped file


• mmap – Memory mapped device


• NUMBER – Represent the actual file descriptor. The character after the number i.e ‘1u’, represents the mode in which the file is opened. r for read, w for write, u for read and write.

TYPE – Specifies the type of the file. Some of the values of TYPEs are,

• REG – Regular File


• DIR – Directory


• FIFO – First In First Out


• CHR – Character special file

For a complete list of FD & TYPE, refer man lsof.

2. List processes which opened a specific file

You can list only the processes which opened a specific file, by providing the filename as arguments.

# lsof /var/log/syslog

COMMAND  PID   USER   FD   TYPE DEVICE SIZE/OFF   NODE NAME

rsyslogd 488 syslog    1w   REG    8,1     1151 268940 /var/log/syslog

3. List opened files under a directory

You can list the processes which opened files under a specified directory using ‘+D’ option. +D will recurse the sub directories also. If you don’t want lsof to recurse, then use ‘+d’ option.

# lsof +D /var/log/

COMMAND   PID   USER  FD   TYPE DEVICE SIZE/OFF   NODE NAME

rsyslogd  488 syslog   1w   REG    8,1     1151 268940 /var/log/syslog

rsyslogd  488 syslog   2w   REG    8,1     2405 269616 /var/log/auth.log

console-k 144   root   9w   REG    8,1    10871 269369 /var/log/ConsoleKit/history

4. List opened files based on process names starting with

You can list the files opened by process names starting with a string, using ‘-c’ option. -c followed by the process name will list the files opened by the process starting with that processes name. You can give multiple -c switch on a single command line.

# lsof -c ssh -c init

COMMAND    PID   USER   FD   TYPE DEVICE SIZE/OFF   NODE NAME

init         1       root  txt    REG        8,1   124704  917562 /sbin/init

init         1       root  mem    REG        8,1  1434180 1442625 /lib/i386-linux-gnu/libc-2.13.so

init         1       root  mem    REG        8,1    30684 1442694 /lib/i386-linux-gnu/librt-2.13.so

...

ssh-agent 1528 lakshmanan    1u   CHR        1,3      0t0    4369 /dev/null

ssh-agent 1528 lakshmanan    2u   CHR        1,3      0t0    4369 /dev/null

ssh-agent 1528 lakshmanan    3u  unix 0xdf70e240      0t0   10464 /tmp/ssh-sUymKXxw1495/agent.1495

5. List processes using a mount point

Sometime when we try to umount a directory, the system will say “Device or Resource Busy” error. So we need to find out what are all the processes using the mount point and kill those processes to umount the directory. By using lsof we can find those processes.

# lsof /home

The following will also work.

# lsof +D /home/

6. List files opened by a specific user

In order to find the list of files opened by a specific users, use ‘-u’ option.

# lsof -u lakshmanan

COMMAND    PID       USER   FD   TYPE     DEVICE SIZE/OFF       NODE NAME

update-no 1892 lakshmanan   20r  FIFO        0,8      0t0      14536 pipe

update-no 1892 lakshmanan   21w  FIFO        0,8      0t0      14536 pipe

bash      1995 lakshmanan  cwd    DIR        8,1     4096     393218 /home/lakshmanan

Sometimes you may want to list files opened by all users, expect some 1 or 2. In that case you can use the ‘^’ to exclude only the particular user as follows

# lsof -u ^lakshmanan

COMMAND    PID       USER   FD      TYPE     DEVICE  SIZE/OFF       NODE NAME

rtkit-dae 1380      rtkit    7u     0000        0,9         0       4360 anon_inode

udisks-da 1584       root  cwd       DIR        8,1      4096          2 /

The above command listed all the files opened by all users, expect user ‘lakshmanan’.

7. List all open files by a specific process

You can list all the files opened by a specific process using ‘-p’ option. It will be helpful sometimes to get more information about a specific process.

# lsof -p 1753

COMMAND  PID       USER   FD   TYPE DEVICE SIZE/OFF    NODE NAME

bash    1753 lakshmanan  cwd    DIR    8,1     4096  393571 /home/lakshmanan/test.txt

bash    1753 lakshmanan  rtd    DIR    8,1     4096       2 /

bash    1753 lakshmanan  255u   CHR  136,0      0t0       3 /dev/pts/0

...

8. Kill all process that belongs to a particular user

When you want to kill all the processes which has files opened by a specific user, you can use ‘-t’ option to list output only the process id of the process, and pass it to kill as follows

# kill -9 `lsof -t -u lakshmanan`

The above command will kill all process belonging to user ‘lakshmanan’, which has files opened.

Similarly you can also use ‘-t’ in many ways. For example, to list process id of a process which opened /var/log/syslog can be done by

# lsof -t /var/log/syslog

Talking about kill, did you know that there are 4 Ways to Kill a Process?

9. Combine more list options using OR/AND

By default when you use more than one list option in lsof, they will be ORed. For example,

# lsof -u lakshmanan -c init

COMMAND    PID       USER   FD   TYPE     DEVICE SIZE/OFF       NODE NAME

init         1       root  cwd    DIR        8,1     4096          2 /

init         1       root  txt    REG        8,1   124704     917562 /sbin/init

bash      1995 lakshmanan    2u   CHR      136,2      0t0          5 /dev/pts/2

bash      1995 lakshmanan  255u   CHR      136,2      0t0          5 /dev/pts/2

...

The above command uses two list options, ‘-u’ and ‘-c’. So the command will list process belongs to user ‘lakshmanan’ as well as process name starts with ‘init’.

But when you want to list a process belongs to user ‘lakshmanan’ and the process name starts with ‘init’, you can use ‘-a’ option.

# lsof -u lakshmanan -c init -a

The above command will not output anything, because there is no such process named ‘init’ belonging to user ‘lakshmanan’.

10. Execute lsof in repeat mode

lsof also support Repeat mode. It will first list files based on the given parameters, and delay for specified seconds and again list files based on the given parameters. It can be interrupted by a signal.

Repeat mode can be enabled by using ‘-r’ or ‘+r’. If ‘+r’ is used then, the repeat mode will end when no open files are found. ‘-r’ will continue to list,delay,list until a interrupt is given irrespective of files are opened or not.

Each cycle output will be separated by using ‘=======’. You also also specify the time delay as ‘-r’ | ‘+r’.

# lsof -u lakshmanan -c init -a -r5



=======

=======

COMMAND   PID       USER   FD   TYPE DEVICE SIZE/OFF    NODE NAME

inita.sh 2971 lakshmanan  cwd    DIR    8,1     4096  393218 /home/lakshmanan

inita.sh 2971 lakshmanan  rtd    DIR    8,1     4096       2 /

inita.sh 2971 lakshmanan  txt    REG    8,1    83848  524315 /bin/dash

inita.sh 2971 lakshmanan  mem    REG    8,1  1434180 1442625 /lib/i386-linux-gnu/libc-2.13.so

inita.sh 2971 lakshmanan  mem    REG    8,1   117960 1442612 /lib/i386-linux-gnu/ld-2.13.so

inita.sh 2971 lakshmanan    0u   CHR  136,4      0t0       7 /dev/pts/4

inita.sh 2971 lakshmanan    1u   CHR  136,4      0t0       7 /dev/pts/4

inita.sh 2971 lakshmanan    2u   CHR  136,4      0t0       7 /dev/pts/4

inita.sh 2971 lakshmanan   10r   REG    8,1       20  393578 /home/lakshmanan/inita.sh

=======

In the above output, for the first 5 seconds, there is no output. After that a script named “inita.sh” is started, and it list the output.

Finding Network Connection

Network connections are also files. So we can find information about them by using lsof.

11. List all network connections

You can list all the network connections opened by using ‘-i’ option.

# lsof -i

COMMAND    PID  USER   FD   TYPE DEVICE SIZE/OFF NODE NAME

avahi-dae  515 avahi   13u  IPv4   6848      0t0  UDP *:mdns

avahi-dae  515 avahi   16u  IPv6   6851      0t0  UDP *:52060

cupsd     1075  root    5u  IPv6  22512      0t0  TCP ip6-localhost:ipp (LISTEN)

You can also use ‘-i4’ or ‘-i6’ to list only ‘IPV4’ or ‘IPV6‘ respectively.

12. List all network files in use by a specific process

You can list all the network files which is being used by a process as follows

# lsof -i -a -p 234

You can also use the following

# lsof -i -a -c ssh

The above command will list the network files opened by the processes starting with ssh.

13. List processes which are listening on a particular port

You can list the processes which are listening on a particular port by using ‘-i’ with ‘:’ as follows

# lsof -i :25

COMMAND  PID        USER   FD   TYPE DEVICE SIZE NODE NAME

exim4   2541 Debian-exim    3u  IPv4   8677       TCP localhost:smtp (LISTEN)

14. List all TCP or UDP connections

You can list all the TCP or UDP connections by specifying the protocol using ‘-i’.

# lsof -i tcp; lsof -i udp;

15. List all Network File System ( NFS ) files

You can list all the NFS files by using ‘-N’ option. The following lsof command will list all NFS files used by user ‘lakshmanan’.

# lsof -N -u lakshmanan -a