Create a directory and change into it.

This is just a command to create a directory of your choice and change into it at the same time.

mdcd () { mkdir -p "$@" && cd "$@"; }

Just call the function with any directory name and you will be inside the directory.

[root@kernelcraft scripts]# mdcd soj
[root@kernelcraft soj]# pwd

Parsing Secure logs

This is for my own reference; parsing security log and checking on IP’s that were trying to break-in our server.

cat /home/soj/log_imp/secure.1 | awk '$6 ~ /Failed/ {print $6,$1,$2,$3,$9$10,$11,$14$16,$13}' | sed -e 's/user//' | sed -e 's/invalid//' | sed -e 's/port//' | sed -ne 's/ssh2/Trying to Break-in via Shell access/p'

Find -exec grep usage

We use “find” command on a daily basis. But, most of the time, it’s just for simple search like
find / -name

There are more useful stuffs that you can do with “find” command if you combine with the regular Linux ‘grep’ command.
This lets you search for text strings and regular expressions in multiple directories in a single shot.

Grep command in it’s simple usage is as follows:

grep ‘apache’ * – will search for the pattern ‘apache’ in all the files in the current directory. But, if you combine the find with grep command, you can do lot more things, like searching for a pattern in multiple directories. For eg:

find . -type f -exec grep -il "^sample$" {} \;

Here “.” means in the current directory and all it’s subdirectories
“-type f” means to search in files
“-exec” lets you execute a command, in this case the “grep” command
“-i” means case insensitive search
“-l” lists the filenames containing the pattern “sample”
“^” Begins with the character following.
“$” Ends with the character preceding.
“{} \;” means that you’re about to feed the grep command a lot of files.

Another eg: find htdocs cgi-bin -name “*.cgi” -type f -exec chmod 755 {} \;

The above command searches through the “htdocs” and “cgi-bin” directories for files that end with the extension “.cgi”. When these files are found, their permission is changed to mode 755 (rwxr-xr-x).

find . -type f \( -name “*.c” -o -name “*.sh” \)

The above command searches for multiple files with extension .c or .sh. Keep adding -o for more specific searches.

find . -mtime -5 -type f

The above command finds all files that has been modified in the last 5 days. You can search for directories by using the flag “-type d”. Omitting “-type f/d” will search for both files and directories modified in last 5 days.

find . -size +100k -a -size -500k

The above command searches files with size between 100 kilobytes and 500 kilobytes

find /home/soj/ -mtime -2 -exec ls {} \;

The above command lists all the files under /home/soj/ that has been modified within last 2 days (note the option -2)

find /home/soj/ -mtime +200 -exec ls {} \;

The above command lists all the files under /home/soj/ that are older than 200 days (note the option +200)

find /media -name ‘*.mp3’ -size -5000k

The above command finds files with extension ‘mp3’ that are less than 5MB (5000 kilobytes) under the directory ‘media’. If you want to search for files greater than 5MB, use -size +5000k in the above command

find . -name “*.txt” -exec -ok cp {} test \;

The above ‘find’ command finds files with ‘txt’ extension by substituting a file name for the brackets, and then asked for confirmation before copying the file to the ‘test’ directory

find ~soj -perm -644

The above command will match all files that have, at a minimum, the rw permission set for user AND r permission for group AND r permission set for others.

find ~soj -perm 644

The above command will match all files that exactly have the rw permission set for user AND r permission for group AND r permission set for others.

find * -mtime +100 exec rm {} \; (Try this command on YOUR OWN RISK)

The above command is DANGEROUS. Here the find command will search for the files that are older than 100 days, as mentioned in the argument for ‘mtime’. This way you can set the time to any number of days and delete files older than the time frame. But, you don’t want to do this as you might NOT KNOW what all it might delete..

What if you want to search for a particular file, say config.cfg, under your current directory and sub directories and then replace a string ‘old’ with another one ‘new’ on all the files with file name config.cfg

find . -type f -name config.cfg -exec sed -i "s/old/new/ig" {} +;

Netstat to check on DOS attack

I use the following command to check on the number of connections from IP’s at port :80

netstat -ant | awk ‘$4 ~ /:80$/’ | awk ‘{print $5}’ | awk -F: ‘{print $1}’ | sort | uniq -c

Also, the following code is used to check the various state of tcp connections and the number of connections associated with each state:

netstat -ant | awk ‘{print $6}’| sort | uniq -c | sort -n

The following iptables rule prevents the DOS attack on your webserver by limiting maximum 30 connection per minute. This limit/minute will be enforced only after the total number of connection have reached the limit-burst level

iptables -A INPUT -p tcp –dport 80 -m limit –limit 30/minute –limit-burst 100 -j ACCEPT

Some examples on egrep and awk

In case you want to know the service listening to any port#, say port 139

egrep ‘\<139/tcp\>’ /etc/services

You get the same output as above using awk as follows:

awk ‘$2 ~ /^139\/tcp/ {print $1,$2}’ /etc/services

Though egrep is easier one, I somehow love using awk for text manupulations..

AWK – Extract single table from MySQL Backup

Just few notes for my own sake:

The usual way to backup MySQL DB and restore it is as follows:

Backup a Database ‘northwind’:
>>mysqldump -u root -p northwind > northwind.sql

Backup a Single Table customers from Database northwind:
>>mysqldump -u root -p northwind customers > northwind_customers.sql

Restore the table northwind_customers.sql to Database northwind:
>>mysql -u root -p northwind < northwind_customers.sql

In case you ONLY have just the full backup of datbase northwind.sql, and you have to restore a single table, then you can use awk to extract the single table from full backup and then restore the single extracted table to the database. This is how it’s done:

(Concept is: awk ‘/from_line/,/to_line/ {print}’ full_backup.sql > extracted_table.sql)

awk ‘/Table structure for table `emp_norway`/,/Table structure for table `emp_usa`/ {print}’ northwind.sql > northwind_customers.sql

This is how we extract a single table information from the full Database backup.

Now, you can restore the extracted table to the database
mysql -u root -p northwind < northwind_customers.sql

That’s it.

Notify-Send Command in Linux

I have been using this notify-send for my own shell scripts so it alerts me on GUI about the system resources. Also, it has been very useful when I added the same onto my URL monitoring script which alerts as POP up whenever any server is unreachable.

Notify-send might already be there on your Linux system. If not, you can install the package “libnotify1″ (or possibly just “libnotify”) from your repositories.

Once installed, you can simply type the following, at the command line, to display a pop-up message near your system tray:

notify-send “How are you”

By default, the message displays for 5 seconds. You can change this by using “-t” switch. This will change, in milliseconds, how long the message is displayed. Enter “-t 0″ to leave the message up until the user closes it.

notify-send “This message will be displayed for 10 seconds” -t 10000

You can use the following code to just display a pop up of “system uptime” every 5 minutes


while [ 1 ]; do
notify-send "Up Time" "`uptime`"
sleep 5m