what is crontab and how to use it?

If you want to know more about your Linux system. Where can you get detailed information?

The best way to obtain information about your Linux system is by running the ‘uname’ command with various options. Here are the details of the available options…

Execute ‘uname’ without any options to display the kernel name:

# uname -s
Linux

Execute ‘uname’ with the -r option to display the kernel release…

# uname -r
3.8.0-23-generic

Execute ‘uname’ with the -v option to display the kernel version:

# uname -v
#34-Ubuntu SMP Wed May 29 20:22:58 UTC 2013

Execute ‘uname’ with the -m option to display the machine hardware:

# uname -m
x86_64

Execute ‘uname’ with the -o option to display the operating system:

# uname -o
GNU/Linux

What if you want to read only the first or last few lines of a file?

You can use ‘head’ and ‘tail’ commands for this.

# tail -5 output
/etc/brltty/en-nabcc.ttb
/etc/brltty/brl-al-abt_small.ktb
/etc/brltty/brl-al-abt_basic.kti
/etc/acpi/mediabtn.sh
/etc/fstab.d

The ‘tail’ command above displays the last five lines from the file ‘output’.

Through this command, you can also display the last ‘n’ bytes using the -c option:

#tail -c10 output
c/fstab.d

So, you can see that last 10 bytes were displayed in the output.

Similarly, there is a ‘head’ command to display content from the beginning of a file. Here are some examples:

#head -10 output
/boot/abi-3.8.0-19-generic
/boot/abi-3.8.0-23-generic
/boot/grub/i386-pc/search_label.mod
/sbin/acpi_available
/sbin/ip6tables
/sbin/e2label
/sbin/ntfslabel
/sbin/swaplabel
/sbin/iptables-save
/sbin/ip6tables-restore

#head -c10 output
/boot/abi-

Running a command from your history:

Sometimes you know that you ran a command a while ago and you want to run it again. You know a bit of the command, but you don’t exactly know all options, or when you executed the command.

                               Of course, you could just keep pressing the Up Arrow until you encounter the command again, but there is a better way.

You can search the bash history in an interactive mode by pressing Ctrl + r. This will put bash in history mode, allowing you to type a part of the command you’re looking for. In the meanwhile, it will show the most recent occasion where the string you’re typing was used. If it is showing you a too recent command, you can go further back in history by pressing Ctrl + r again and again. Once you found the command you were looking for, press enter to run it. If you can’t find what you’re looking for and you want to try it again or if you want to get out of history mode for an other reason, just press Ctrl + c. By the way, Ctrl + c can be used in many other cases to cancel the current operation and/or start with a fresh new line.

Friday, December 19, 2014

what is crontab and how to use it?

What is crontab?

The crontab is a list of commands that you want to run on a regular schedule, and also the name of the command used to manage that list. In other word, Crontab (CRON TABle) is a table where we can schedule such kind of repeated tasks. Dealing a frequent job manually is a daunting task for system administrator.

you can automate process like backup, schedule updates and synchronization of files and many more. Cron is a daemon to run schedule tasks. Cron wakes up every minute and checks schedule tasks in crontable.

The command to edit the crontab file for the current user is crontab -e . By default, this will bring up the crontab file in the vim editor.

Crontab file consists of command per line and have six fields actually and separated either of space or tab. These are following:

#
# Field         1            2                   3                   4                           5
                  Min        Hour       Day of month    Month of Year    Day of Week
                  0-59       0-23           1-31                   1-12                      0-6                     /path/command
#
# Days of the week: 0=Sun 1=Mon 2=Tues 3=Wed 4=Thu 5=Fri 6=Sat

A field may be an asterisk (*), which always stands for "first through last".

Hyphen (-) between integers specifies a range of integers. For example, 1-3 means the integers 1, 2, and 3.

Special Strings for Common Schedule

Strings	Meanings
@reboot	Command will run when the system reboot.
@daily	Once per day or may use  @midnight.
@weekly	Once per week.
@yearly	Once per year. we can use @annually keyword also.
@daily	Once per day.

Need to replace five fields of cron command with keyword if you want to use the same.

For More Help Read the following file:

             #vim /etc/crontab

The /etc/cron.allow and /etc/cron.deny files control who may use crontab on your system.

Crontab Command:

For edit your crontab.

        #crontab –e

For Display ("list") the contents of your crontab.

       #crontab –l

For Remove your crontab, effectively un-scheduling all crontab jobs.

                        #sudo crontab –u anshuman(user) –e

Edit the crontab of the user named anshuman. The -u option requires administrator privileges, so the command is executed using sudo.

                        #sudo crontab –u anshuman(user) –l

View the crontab of user anshuman:

                        #sudo crontab –u anshuman –l

Remove the crontab of user anshuman:

                        #sudo crontab –u anshuman –r

Some useful examples of crontab:

To run a Linux crontab command every minute, use this syntax:

* * * * * /var/www/example.com/bin/check-apache.sh

 

To run a Linux crontab command every hour, use this syntax:

5 * * * * /var/www/example.com/bin/create-all-backups.sh

To run a Linux crontab command every day, use this syntax:

30 4 * * * /var/www/devdaily.com/bin/create-all-backups.sh

To run a Linux crontab command every day, use this syntax:

*/5 * * * * /var/www/example.com/bin/do-update.sh

Thursday, December 18, 2014

'chkrootkit' tool for scan your system vital files in linux

‘chkrootkit’  Tool:

Attackers install rootkits on a machine to gain root access, while its presence is hidden from the real administrator of the server. A tool that can help you to detect rootkits on your machine is chkrootkit.

Chkrootkit is a tool to scan your systems vital files to determine if any of them show signs of known malware. It’s a group of scripts that use existing system tools and commands to validate your system files and /proc information.

How to download and use `chkrootkit` tool:

Follow these steps for installing the ‘chkrootkit’ tool:

   1.    Go to the /usr/local/src/

                           #cd /usr/local/src/

    2.     Download the chkrootkit.
                # wget http://www.spenneberg.org/chkrootkit-mirror/files/chkrootkit.tar.gz
             

    3.     Unpack the chkrootkit you just downloaded.
              # tar -xvzf chkrootkit.tar.gz

   4.     Change to new directory
              # cd chkrootkit-*            (select the version )

   5.     Compile chkrootkit
               # make sense

   6.       After successfully compiling, the tool is ready to be used. To check for rootkits, simply run chkrootkit as the root user:

              # ./chkrootkit

scalepel - A recovery tool for linux

Scalepel:

This is a filesystem-independent recovery tool for Linux and Mac OS, which you can also run on Windows by compiling it with MinGW. Scalpel based on Foremost an open source application developed to recover deleted information, Scalpel is significantly more Fast and efficient by reading database of header and footer definitions and extracts matching files or data fragments from a set of image files or raw device files. Scalpel is file-system-independent and can recover files from FATx, NTFS, ext2/3/4, HFS+, or raw partitions. It is useful for both digital forensics investigation and file recovery.

How to install scalpel recovery tool on LINUX

To install scalpel recovery tool on linux, you need to first enable epel repository and type following command:

                                                 #yum install scalpel* -y

How to use scalpel recovery tool

Before we can use Scalpel, we must define some file types that Scalpel should search for in/etc/scalpel/scalpel.conf. By default, all file types are commented out. In this example, I want to search for deleted jpg files, so uncomment the following lines:

 Go to terminal and type following syntax. The ‘/dev/vda3‘ is a location of a device from where the file is already deleted.

         #scalpel /dev/vda3 –o /home/anshuman/Desktop/output

Wednesday, December 17, 2014

record whatever you do in terminal in linux

Record whatever you do in the terminal.

Have you ever felt that you should record everything you do in the terminal in a file?
Then try out the following tip. In this tip we will see how to record all commands executed in the terminal along with returned outputs to a text file automatically. This may help you better troubleshoot your problems.

How to start the recording session:

Open the terminal and run this command to start a session that will record or store every commands we will type on the Terminal.

                                 #script recordterminal.txt

‘recordterminal’ is the file where All commands entered and returned outputs will now be recorded into the text file automatically. You can create a file with name to whatewere you want. This file will be saved in the current working directory.

How to stop the recording session:

To stop recording, press CTRL+d.

How to view the recording session:

 To view the recording session read the file by using ‘cat’ command.

                          #cat recordterminal.txt

How to start the recording session in the same file:

if you want to continue the session in that same text file. It’s easy go to terminal and type:

                            #script –a recordterminal.txt

Tuesday, December 16, 2014

basic but amazing Linux tips

Best Linux Tips, Tricks And Command Lines

1.            Find out the elapsed time of a running process

There are a lot of processes running on your Linux system. Here is a command that will let you know how long the process has been running:

#ps -eo "%p %c %t"|grep "sshd"
In the above command %p is pid, %c is command and %t is elapsed time.
In response to the above command, you will get the following output:
2850 sshd 172-01:37:22
29532 sshd 125-09:07:10

2.            Changing file names from upper case to lower

To manually change the case (upper to lower or vice versa) of a large number of files can be tedious. So, here is a script that can make life easy:

#to change uppercase filenames to lowercase 
#!/bin/sh
if [ $# -eq 0 ] ; then
echo Usage: $0 Files
exit 0
fi
for f in $* ; do
g=`echo $f | tr "[A-Z]" "[a-z]"`
echo mv -i $f $g
mv -i $f $g
done

If you want to change the case from lower to upper, replace 

g=`echo $f | tr "[A-Z]" "[a-z]"`

with

g=`echo $f | tr "[a-z]" "[A-Z]"`               in the script.

3.            Counting the number of files in a directory.
Here is a simple command that can count the number of files in a directory (not the hidden Counting the number of files in a directory
ones):

#echo * | wc –w

4.            How to check the date and time the system was rebooted and booted. 
Here is a simple command to check the system's reboot date and time:

#last reboot
reboot system boot 2.6.18-53.el5 Sat Aug 6 18:02 (8+04:45)
wtmp begins Sat Aug 6 18:02:07 2011

The command below will give you the date and time the system was booted:

#who -b
system boot 2011-08-24 09:43

5.            For Securing files.
Here is a simple tip to password protect your files:

#vi -x test
This command will ask for an encryption key. You have to type the key twice. Then save and quit the opened file.
Now, whenever you open this file, it will ask for that password first.

6.            Finding the full path of the shell command.
There is a command named which that takes one or more arguments as input. It prints to standard output the full path of the shell command. It does this by searching for an executable or script in the directories listed in the environment variable PATH:

#which poweroff
/usr/bin/poweroff

If the command is not found, it gives the output shown below:

#which moodule
/usr/bin/which: no moodule in (/usr/lib/qt-3.3/bin:/usr/kerberos/sbin:/usr/kerberos/bin:/usr/lib/ccache:/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin:/home/aarsh/bin)

7.            Power yourself with Netstat 
Here are a few uses of the netstat command that can help you.

          To display the kernel interface table:
          #netstat -i

          To display the kernel routing table:
          #netstat -rn

          To display all open network sockets:
          #netstat -uta

          To display network statistics:
          #netstat -s

8. Print a file with line numbers 
If you want a file with line numbers (say for printing), you can use the 'nl' command in Linux:
#nl file.c 

This prints the file with line numbers to standard output or this can be even redirected to afile as shown below:

#nl file.c > output.txt
Here, output.txt will have the codes of file.c with each line having a line number.

9.    Search and delete files from a folder.
If you want to delete all the .lock files from a folder, use the following command:
#find -name *.lock | xargs rm -rf

This will find all the files with the .lock extension and delete them. This can be done for any files that you need to delete.

10. Scan open ports
The command given below will scan all the open TCP ports on the loopback interface:
#nmap -sS -O 127.0.0.1

In general, you can use the following:
#nmap -sS -O 

To scan open UDP ports in the system, use the command given below:
#nmap -sU -O