I.T. Security and Linux Administration


September 13, 2010  10:36 AM

SSH and the alias Features

Eric Hansen Eric Hansen Profile: Eric Hansen

When working with any *nix-based system, I’ve found that SSH becomes a part of your life…almost as if you’re married to it for the 9 (or 12…) hours you are at work.  But, I see many people just constantly type the same command over and over again.  While I’m not going to cover the ideals as to why this is bad for productivity, I will cover, however, a simple and easy trick to make using SSH faster and easier.

I discovered this while on my job (never messed with aliases before).  Our sysadmins were kind enough to make it easy for us to log into the abundance of servers that we house (both on-site and off).  Essentially we have two root accounts we have to log into before we can do anything.  One is a generic support account that basically only has sudo access, and then there’s root.  While I don’t agree root should be enabled, that’s not a topic for this post.  But, getting bored one day (weekends tend to be a slow day), I poked through the .bashrc file on “our” server (our SSH protocol is strange…), and found that the short commands we use to get to the generic support account is just a function aliased with simplicity.

This got me thinking, especially since I do work from home when I’m bored, and I have 2 servers of my own I manage.  How would I go about setting this up myself.  While I liked how it was done at my work, I like to keep things as close-knit as possible.  So, I developed this little gem (originally it had switches and was more advanced, but I have since reformatted, lost my .bashrc and decided to recode it for the 10th time anywho):

function ssh_call ()
{
case "$1" in
work)
ssh
;;
vps)
# ssh to vps
;;
home)
ssh
;;
esac
}

alias vps='ssh_call vps'
alias home='ssh_call home'
alias work='ssh_call work'

You can hard code the SSH commands and such in the alias, I just did it this way ’cause I was working on how to use functions properly in shell scripting, and so this was sort of a mini-project for me. Put that in your .bashrc script and either restart the terminal or run source ~/.bashrc and you should be set (shouldn’t give errors, it works for me). Now all you got to do is type in any of the alias names (whatever is between “alias ” and “=”), and it’ll connect you. This is highly helpful when you have long commands to type.

I’m sure this will be helpful to at least a few people out there. This obviously works for more than just SSH too (the starter aliases are for ls commands), so if you have any nifty alias tricks, or any .bashrc tricks to show off, feel free to post them here.

August 27, 2010  7:44 PM

Using grep…one hell of a tool

Eric Hansen Eric Hansen Profile: Eric Hansen

I’m far from an expert when it comes to grep, or any other CLI tool for that matter, but I did discover one trick with grep that saved me a lot of time.

This command is essentially find, but it builds on it a little bit more by not only displaying the file that the grep’ed text is found in, but also showing you the line of text as well.

grep -H -r  

This does the following:
-H: prints the filename that the text is found in
-r: recursive

This is similar to doing something like:

find . -iname  -exec echo {} \;

I am very horrible at writing advanced find commands, so it’s most likely not very efficient (or working, haha), but you get the idea here I hope.

You don’t have to pipe the data through grep either (i.e.: find … | grep -H -r…) as grep alone can also function as a file/folder locator command. For example, I run the command grep -H -r “H” `pwd` (search for “H” in any files recursively [-H -r] from the current directory [`pwd`]), the output will look something like (for me):

/../.bashrc:HISTCONTROL=$HISTCONTROL${HISTCONTROL+,}ignoredups
/../.bashrc:HISTCONTROL=ignoreboth
/../.bashrc:# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
/../.bashrc:[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"

I “..”‘ed the directories not important (ran it from /home). As you can see, it’s pretty helpful if you want a quick “find in files” creation. I’ve also wrote a bash script to automate this more:

#!/bin/bash

if [ -z "$1" or -z "$2" ]; then
  echo "No parameters passed."
  exit 1
fi

grep -H -r "$1" "$2"

exit 0

Not the most advanced script ever, but it is pretty useful instead of typing grep -H -r … … over and over again.

This is the end of this article, but I would like to say that I’m planning on updating this a lot more now since school is out for a few weeks (yes, I go to college full-time and work full-time…it does leave me with little time to enjoy the finer things in life, but I make do).


July 11, 2010  7:16 AM

Side note and beginner guide 101 (part 1)

Eric Hansen Eric Hansen Profile: Eric Hansen

First off, I’m just going to say I’m proud to announce the fact that people are starting to notice this blog (see http://www.linuxaffinity.com/?p=19692 ).

Now, for another Linux tip…don’t use Simple Script!!! Just playing (although, it does cause more issues than if you were to install any of the products manually).

This is kind of for aspiring Linux administrators out there, and I want to put it out that I am by far, without a doubt, not experienced as one, but I feel I can pass on advise that will help those who just learning the CLI tricks of the trade.

Tip #1: Learn shortcuts. This will make turning those folder-corners and nano’ing (or vi’ing) it up a lot faster if you know you can tab to auto-complete things and whatnot.

Tip #2: Learn how to script. To group everything into one (since you’ll be incorporating a lot into scripting), this will also include learning helpful aids like AWK and sed. You will be completely amazed at how easy your job will become once you can cut 10 minutes of typing into a simple ./fix-my-problems…believe me.

Tip #3: Never stop reading. Now, I’m currently going for my bachelors, and even my teachers who have been in the field for decades say this. There’s no way you’ll survive if you don’t keep reading and being up to date with what’s out there. Flavor of the weeks happen so much.

Tip #4: Remember, the answer is always 42 (hey, why not have some humor?).

Tip #5: When in doubt, don’t assume. You have Google and co-workers (hopefully at least) at your fingertips…don’t assume you know how to fix something if you aren’t sure, the only thing coming between the user getting you fired and you coming in tomorrow is your ability to know and learn…which kind of goes back to tip #3.

Tip #6: Set up a test server at home to become better at your job. Essentially this is what got me my job to begin with, is I gained all my knowledge by doing most of this stuff at home. I learned how to set up web servers, handle e-mail issues, troubleshoot and rebuild computers, etc… Again, going back to tip #3.

Tip #7: Analyze issues correctly, but don’t over-analyze. Big mistake I personally have made in the past. When faced with issues, don’t dive head-first…write it down to better understand what’s going on if you have to. What I do when facing certain issues is I open up notepad (yes, I do Linux admin stuff through Windows…but, hey, that’s what Putty and a personal laptop is for), and just break the problem down into parts. I find it’s a lot easier to handle situations that way, especially when it comes to e-mail because there’s so many variables involved. Basically, sit back, relax, breathe, and just look at it in parts.

I know these aren’t the most helpful tips for some, but really, I don’t want to see people going into this field to become exasperated due to the complexity that they can experience. Being a Linux administrator is both a rewarding and non-rewarding job. You don’t get much praise from your clients (usually), but you also get to feel like you accomplish something every time you fix an issue. Just remember, things happen, and you can’t fix ‘em all. Most importantly, keep up with tip #3.

More tips to come, I plan on this being a never-ending series.


July 4, 2010  2:17 PM

Restarting services made easy!

Eric Hansen Eric Hansen Profile: Eric Hansen

Figured while I’m posting scripts that make my job easier, I’d share another, since we have servers here that have services that need to be restarted (quite) frequently sometimes.

While this one is hard-coded for Apache/Lightpseed, it will work for any service that creates a PID file.

#!/bin/sh

# stop()
# Stops the web server service
function stop {
# Attempt to stop the service cleanly
service httpd stop

sleep 5

# pid files only exist when either the program is running
# or when it's a zombie process
if [ -f /var/run/httpd.pid ]
then
# If httpd.pid still exists, keep trying to stop the service cleanly
echo "---> httpd.pid still exists...attempting stop again."

# The pause is just used for gracefulness
sleep 5

# Recursiveness is awesome!
stop
else
# pid file doesn't exist, so why worry?
echo "----> httpd.pid no longer exists."
fi
}

# start()
# Starts the web server service
# Everything is basically the same as above, so not commenting this also
function start {
service httpd start

sleep 5

if [ -f /var/run/httpd.pid ]
then
echo "----> httpd.pid exists...server has been restarted."
else
echo "----> httpd.pid doesn't exist...server not restarted, attempting to start again."
sleep 5
start
fi
}

# Call the functions like a boss
stop

sleep 10

start

# Graceful exit...not needed but used in best practice
exit 0

All the sleep commands are in as I’ve found out service restart tends to be quite pushy/rushing with it finishing the restart process. Also, checking to see if the pid file still exists is a pretty good indicator if the service is still running (of course, you could also do an awk from a ps or some other process command).


July 4, 2010  2:09 PM

.bashrc, meet SSH…aka: recovery-godsend

Eric Hansen Eric Hansen Profile: Eric Hansen

I have SSH access for both my home network, and my work.  The idea to implement this came from the fact my work actually does this already.  Instead of typing ssh <commands> you just type na <hostname/ip> and it’ll do the dirty work for you.  At first, I thought the “na” command was either a script or custom program, but it turns out it’s just an alias set in .bashrc.  Below is my version (modified to my own liking):


function ssh_call() {
case "$1" in
home|h)
ssh noone@myhome
;;
work|w)
ssh work@domains
;;
*)
echo "Only home & work are possible arguments. One or the other must be passed."
;;
esac
}

alias sh=’ssh_call home’
alias sw=’ssh_call work’

I’m sure there’s better ways and stuff of doing this, but it works for me, hehe. All in all, bash scripting can be quite useful when used correctly.


June 19, 2010  7:22 PM

Magento and You

Eric Hansen Eric Hansen Profile: Eric Hansen

I’m not sure how many readers that will see this have experience in Magento, but at my job, it’s our biggest support.  I work as a Linux Support Tech now, and there’s one thing that’s gotten to me, and that’s Magento installs.

While for the most part it’s easy, especially when you run command scripts, there is one issue I ran into today that boggled my mind for a good hour.  When I was installing Magento 1.4.1 on a client’s server, I kept getting the error that the path must be writable.  So, I figured alright…chmod 755 all the directories and it’ll be set.  Did that, still no go.  Checked ownerships, they were wrong.  Changed ownership to the user’s ID, still no go again.  I Googled this issue like you wouldn’t believe.  Turns out, what I had to do was su the user ID (we log into servers as root), delete the entire magento directory, and re-do the entire process.  I don’t quite get why this happened, but it worked.  I was able to install Magento and the user was happy.

Another, granted shorter, issue is installing Magento on a LiteSpeed server.  Now, I’ve done this a few times on a LiteSpeed server before, but installing Magento on this one was…to say the least, interesting.  The install process went through fine, database set up and admin account configured.  The problem this time was when I went to the admin panel (or even just the store itself), it bounced back a 503 error.  The only clue as to what was going on is that the error log said it was trying to access .htaccess jsut before it hit the 503 return mark.  So, I did essentially every logical thing you can think of to fix this issue.  Restarted LiteSpeed, removed .htaccess (which made the site work, but redirects would be a problem), ran a diff between their .htaccess and the default one that comes with Magento.  Googling didn’t come up with much.  The error this time, after commenting out every line in .htaccess, then uncommenting one at a time, turns out that setting the memory limit for PHP in the .htaccess file was causing the error.  The only reason behind this I can think of is that LiteSpeed was allocating not enough or so memory to each php child.

In short, Magento is a fantastic e-Commerce set up…if you know how to install it, haha.


May 28, 2010  6:47 PM

Port Checker

Eric Hansen Eric Hansen Profile: Eric Hansen

A while ago, I got bored and decided to venture into the realm of scripting.  Managing server after server, typing “netstat -ntlup | grep…” got annoying after a while, so I decided to write this.

The script requires the runner/user to be root.  Which is flawed, I know, but this works for me…if you want/need it modified, then I’ll do my best to help.

#!/bin/bash

# Script is used to determine if a port is used.
# Usage: portcheck <port number>
# Executes netstat -ntlup | grep <port> to do checking.
# Returned text is stored in a variable.  If variable is empty, 
# port is not in used.  Otherwise, port is being used.

# Get the username of the person running script
USER=`id -un`

# Root is required to run netstat -ntlup
if [ "$USER" != "root" ]; then
	echo "Root privileges required."
else
	NET=`netstat -ntlup | grep $1`

	if [ -z "$NET" ]; then
		echo "Port is free"
	else
		echo $NET
	fi
fi

This can check against either a port or program name (which is why root privileges is demanded).


May 27, 2010  10:34 AM

What is this blog about?

Eric Hansen Eric Hansen Profile: Eric Hansen

First off, I would like to say thank you to the whole ITKE team for this opportunity.

What this blog about is, in short, how to improve management of Windows & Linux servers, desktop, software, hardware, etc…  While this might focus mostly on Linux, Windows will still be focused on.  The idea behind this isn’t to be different, unique, or anything like that…it’s just to offer my own tips, strategies, insights, and tools on how to perform a job or task more effectively.

I might venture off into different areas as well, such as talking about firewalls, proxies, social engineering even, as well as other IT topics.  I just figure why should I hide my own knowledge from those who might benefit from it?  While I have yet to really think of a first real blog (next to the sample one I had to submit to get this position, hehe), I have a couple ideas I might do.  Expect a new entry in the coming days while things settle down for me personally.

If you like what I have to offer, then I’ve done my job.  If you feel like I’m lacking somewhere, feel free to tell me.  I’m not a hard-head or anything of the sort, and I welcome constructive criticism.

Thank you,

Eric


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: