Unix

• Good! http://www.tldp.org/LDP/abs/html/io-redirection.html

Command Syntax

# executing commands
A; B    Run A and then B, regardless of success of A
A && B  Run B if A succeeded
A || B  Run B if A failed
A &     Run A in background.

# multiline command (i.e., as used in docker RUN command)
RUN cd / && \
    git clone https://github.com/ && \
    cd /fileadmin/ && \
    bundle install && \
    rake db:migrate && \
    mkdir /live && \
    chmod 777 /live

Commands

# SYSTEM

# OS distribution name and version
uname -a

# List packages installed 

apt list

# Ubuntu version (lsb -> linux standard base)
lsb_release -a

# Memory usage (Ubuntu) See https://www.binarytides.com/linux-command-check-memory-usage/
free -h
cat /proc/meminfo  # more details than free
vmstat -s # good layout of stats

# CPU info (Ubuntu)
cat /proc/cpuinfo | grep processor | wc -l

# Environment variables 
printenv # all in current environment
printenv LOG_LEVEL # => debug
env # all environment variables in the shell
echo $MY_ENV_VAR

# NETWORK

ifconfig

# linux
ip addr show

# get public/external ip address
dig +short myip.opendns.com @resolver1.opendns.com (if dig on system)
curl ipecho.net/plain ; echo

# Listening ports and applications

# from https://www.cyberciti.biz/faq/unix-linux-check-if-port-is-in-use-command/
# use one of these...
sudo lsof -i -P -n | grep LISTEN
sudo netstat -tulpn | grep LISTEN
sudo nmap -sTU -O <the ip address>


# PROCESSES

# kill an app - prompts you to click on app to kill (be careful!)
xkill

# kill a process
kill <pid>

# force kill a procecss
kill -9 <pid>

# see status code of previously run process
echo $?

# FILE SYSTEM

# disk free (usage)
df -h

# Find process by app name, case insensitive
ps ax | grep -i <name>

# Download to file
curl <url> -o <file path>

# There are 3 kind of "timestamps":
# Access - the last time the file was read - atime
# Modify - the last time the file was modified (content has been modified) - mtime
# Change - the last time meta data of the file was changed (e.g. permissions) - time
#
# Show times of file.
stat <file>

# Line count
wc -l <filename>

# largest folders including the sub-directories
du -sh <path to folder>/*

# largest folders including the sub-directories recursively (linux only? not osx)
du -Sh <path to folder>

# largest folders including the sub-directories sorted by size
du -sh <path to folder>/* | sort -hr | head -n10 # or -10, no -h on osx
du -sh <path to folder>/* | sort -h # or this

# find a file with wildcarding
find <dir> -name \*maybe\* -print

# find files bigger than 1 M.
find <dir> -type f -size +1M -exec ls -lh {} \;

# find files modified in last 10 minutes - sort by time
find <dir> -fstype local -mmin -10

# read last x lines in file
tail -n 100 log/development.log

# tail a file -F follow -n number of lines to show
tail -F -n 100 log/development.log

# get first x lines of file
head -n 100 ./error.log

# read entire file to stdout
cat file.xyz

# view contents of a file one screen at a time w/ability to go forward/backward.
# hit 'h' for help while reading for commands (i.e., e - forward one line,
# y - back one line)
less file.xyz

# Copy folder to another location
cp -R <path to folder to copy>/ <path to copy to>/

# Permissions

# http://permissions-calculator.org/

# chmod {a,u,g,o} {+,-} {r,w,x} files  
# The plus ("+") sign indicates give permission.  The minus ("-") sign indicates remove permission.

chmod a+r # files are readable by all
chmod a-r # files cancels the ability for all to read the file
chmod a-rwx # cancels all access for all
chmod g+rw # files give the group read and write permission
chmod u+rwx # files give the owner all permissions
chmod og+rw # files give the world and the group read and write permission

# 0	No permission	---
# 1	Execute permission	--x
# 2	Write permission	-w-
# 3	Execute and write permission: 1 (execute) + 2 (write) = 3	-wx
# 4	Read permission	r--
# 5	Read and execute permission: 4 (read) + 1 (execute) = 5	r-x
# 6	Read and write permission: 4 (read) + 2 (write) = 6	rw-
# 7	All permissions: 4 (read) + 2 (write) + 1 (execute) = 7	rwx

chmod 755 testfile
chmod -R 0755 <directory> # recursively

# IO

# redirect stderr and stdout to logger (syslog)
echo "hi" 2>&1 | logger &

# redirect stderr and stdout to file
echo "hi" 2>&1 > foo.txt

# redirect stderr (2) and stdout (1) and append to file
echo "hi" 2>&1 >> foo.txt

# USERS

# list all users =>
# nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
cat /etc/passwd
compgen -u # xenial

# list users with uid => nobody:65534
cat /etc/passwd |cut -d\: -f1,3

# get user uid
id -u username

# reset a user's password
sudo passwd <username>

# GROUPS

# list groups
cat /etc/group
compgen -g # xenial

# add group
sudo addgroup --gid <id> <group name>

# add user to group
sudo usermod -G <group name> -a <user>

# SUDO

# run one command
sudo <command>

# interactive root shell with root environment ('exit' to leave).
sudo -i

# get root shell, enter root password.
su

# interactive root shell with your environment.
sudo -s

# DIFF

# OS X
opendiff file1 file2

# Ubuntu
diff file1 file2

SSH

• https://help.github.com/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent/
• https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys--2

Create new SSH key

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
# save the file to ~/.ssh/id_rsa_<descriptive name>
# enter a passphrase for more security (optional)

Copy public key to Service, i.e., Github, Gitlab...

Copy contents or file where service instructs... ~/.ssh/id_rsa_<descriptive_name>.pub

Add key to ssh-agent

# save to keychain on Mac - K means store passphrases in your keychain.
 ssh-add -K ~/.ssh/id_rsa_<descriptive_name>

# save to keychain on Ubuntu
eval "$(ssh-agent -s)" # start agent in the background
ssh-add ~/.ssh/id_rsa_<descriptive_name>

Modify .ssh config

# mac
Host *
 AddKeysToAgent yes
 UseKeychain yes
 IdentityFile ~/.ssh/id_rsa_<descriptive_name>

Debug Host

# Can you connect? Examples:
# Use -T (Disable pseudo-tty allocation). Some servers could abort
# the transaction entirely if a text-terminal (tty) is requested.
ssh -T -p 443 git@altssh.gitlab.com
ssh -T -p 443 git@ssh.github.com

Debugging

• Tips: https://sysdig.com/blog/sysdig-vs-dtrace-vs-strace-a-technical-discussion/
• Passenger Debugging

sysdig

Install with Ansible:

  - name: Install sysdig (automatic installation).
      become: yes
      shell: curl -s https://s3.amazonaws.com/download.draios.com/stable/install-sysdig | sudo bash
      tags:
        - sysdig

Commands:

• http://www.sysdig.org/wiki/sysdig-examples/#containers

strace (dtrace on OSX)

Prints a list of system calls made by the program. This is useful if the program continually crashes, or does not behave as expected; for example using strace may reveal that the program is attempting to access a file which does not exist or cannot be read.

If not installed in docker container, it can be installed on demand, i.e.,

# --privileged flag is required to run strace -p command
docker exec -it --privileged <container> /bin/bash
apt-get update && apt-get install -y strace

More info at https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities

<sudo> strace -p  <pid>

# for processes that fork
<sudo> strace -f <application name>

# NOTE: strace -p <nginx worker process id>
# strace -f passenger  ???  passenger processes don't dump much

lsof

"List open files" reports a list of all open files and the processes that opened them.

lsof /var

# include ip sockets, port
lsof -i -n -P | grep sendmail

# View network activity of an application or user in realtime
# -r is repeat
lsof -r 2 -p PID -i -a

kill

Kill a process.

ps ax (or ps aux or ps aux | grep -i <name>) # get process id
kill <id>
kill -9 <id>

wireshark

https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities

# privileged -> access to devices
# --network="host" gives container full access to local system services such as D-bus
docker run -it --net=host --privileged -v $HOME:/<user logged in as>:ro -e XAUTHORITY=/<user logged in as>/.Xauthority -e DISPLAY=$DISPLAY manell/wireshark

Ubuntu

# terminal preferences at...
~/.gconf/apps/gnome-terminal/profiles/Profile0

# Open file browser from terminal
nautilus --browser ./

# empty trash
 rm -rf ~/.local/share/Trash/*

Shell

There are three types of shells:

• login shell
• interactive shell
• non-interactive shell

Login Shell

A login shell is the shell that is run when you log in to a system, either via the terminal or via SSH. It executes a number of files on startup which can influence how your system behaves - put your environment variables in these files. The files run are:

• .profile
• .bash_profile
• .bash_login

Interactive Shell

An interactive shell is when you type in the name of the shell after you've logged in:

/bin/bash

It executes the file .bashrc so put environment variables/settings in this file.