
Lazy Linux: essential tricks for admins - jaspertheghost
http://www.ibm.com/developerworks/linux/library/l-10sysadtips/?S_TACT=105AGX54&S_CMP=C0115&ca=dnw-1002&open&cm_mmc=4633-_-n-_-vrm_newsletter-_-10731_101108&cmibm_em=dm:0:6992641
======
iigs
Trick 5 (opening a remote port on a "public" machine to connect back to your
local machine) is great. Combine it:

office$ ssh -R 9999:localhost:22 user@home ## do this in a screen for good
measure

and another lesser known ssh feature:

home$ ssh -D 8888 -p 9999 user@localhost

and now you have a SOCKS proxy on home:8888 that will access everything
visible to the computer named "office".

For extra credit add PingTunnel and a hotspot that happens to allow ICMP and
enjoy free internet wherever you go.

~~~
gommm
Thanks for the tip on ping tunnel, I hadn't heard of it.... Going to have fun
checking it out

------
LogicHoleFlaw
When I was doing AIX administration, I liked that one command to kill
processes with open files keeping a mountpoint mounted was:

    
    
      fuser -fuck /dev/whatever
    

[http://moka.ccr.jussieu.fr/doc_link/C/a_doc_lib/cmds/aixcmds...](http://moka.ccr.jussieu.fr/doc_link/C/a_doc_lib/cmds/aixcmds2/fuser.htm#a30794a1)

Oh, admin humor.

------
mlLK
While how-to lists hardly see the light of day (the front page) on HN, I had
hate to see one like this go unrecognized.

~~~
mark_h
Agreed; way better than the usual lists.

------
raamdev
Very nice collection. A tech at the datacenter that hosts one my servers
showed me trick #3 and I remember being thrilled sitting there watching him do
stuff on my server and sharing the keyboard to type messages back and forth in
vi.

My company uses trick #5 as a primary feature for accessing the remote Linux
machines that our product is built upon. We have it set up so that every
single machine automatically creates a reverse SSH tunnel to the server on
boot, so that the tunnel is always accessible in case we need it. Very cool
stuff.

------
m0nty
To get back a hosed screen, also try:

stty sane ^j

(That's Ctrl-j there.)

You might be flying blind, but just do it and you might get your screen back.

You probably know this, but to rescue a hosed system with Knoppix or similar
live-cd:

\- Boot from CD.

\- Open root console.

\- Mount your usual root partition: mount -t somefs /dev/hda1 /mnt/oldsys

\- chroot /mnt/odlsys /bin/bash

Showed that to another admin who'd lost a production box, and his chin kind of
hit the floor :) I gifted him the Knoppix disk... You can also use that to
reset passwords (as per the article), by editing /etc/shadow or /etc/passwd in
the /mnt/oldssys directory.

~~~
easyrider2
A detailed article on rescuing a hosed system with Knoppix:

How Knoppix saved the day

<http://www.dancingbison.com/writings/knopresc.txt>

------
sunkencity
great list! I especially liked the tip about sharing a screen session, been
wanting a solution like that many times!

another great tip is how to list all subdomains on registered (not all dns
servers allow this, many times you need to be on the same network, or it isn's
allowed at all, but for solving you own dns issues it's a boon)

dig mydomain.com. axfr

------
davidw
What are your favorite, but lesser known Linux commands?

fuser, strace, ltrace, nc come to mind offhand.

~~~
xelfer
lsof, ngrep, history (only found out this one a month ago after 6 years of
being a sysadmin)

~~~
palish
What terrible names. Sorry, but from a non-Unix perspective, symbols such as
'lsof' and 'ngrep' seem arbitrary and nonsensical.

~~~
tome
What, LiSt Open Files and Net grep (Global Regular Expression Print)?

They sound like fairly sensible abbreviations to me.

~~~
palish
How about "listopenfiles" and "netfind"? And "list" instead of "ls", and
"delete" instead of "rm", and... et cetera.

"Global Regular Expression Print" is a terrible name on its own, too.

~~~
grouchyOldGuy
If that really bothers you, just alias those commands.

alias listopenfiles=ls

alias netfind=ngrep

...and so forth. I've done that to add the DOS "cls" command to clear my
terminal screen. Also, I'm a Cisco admin, so I have aliased "en" to "su", and
the reverse on Cisco switches and routers. Yes, Cisco also has the alias
command in IOS.

~~~
davidw
If unix were being designed from the ground up, _today_ , user friendly
commands, with aliases to power user abbreviations might make sense. It was,
however, created some 30+ years ago.

------
lallysingh
Quick question, is it just me or is gig ethernet 1000 Mbps, not 1024?

Man "mebibits" sounds terrible.

------
bonaldi
_# while [ 1 ]; do echo "All your drives are belong to us!"; sleep 30; done_

Hee, things I didn't think I'd ever see on ibm.com, #12234 in a series.

People with company songbooks and nice ties must be spinning in their graves

------
Goladus
If you thought #8 was really cool and useful, you should go learn bash, sed,
and awk. Stuff like #8 is what makes unix fun.

------
delano
A better title: 9 interesting Linux commands and 1 reason to absolutely avoid
CentOS.

~~~
jrp
You mean booting to singleuser? If you don't want it just use a grub password;
nothing to do with CentOS.

~~~
delano
Is the procedure for changing the root password with grub the same regardless
of the flavour of Linux?

~~~
khafra
The primary bootloaders for Linux distributions are
<http://en.wikipedia.org/wiki/GNU_GRUB> and
<http://en.wikipedia.org/wiki/LILO_(boot_loader)> with a large edge in
popularity to GRUB these days. Unless it's a fork or modification, GRUB works
like this: <http://www.gnu.org/software/grub/manual>

Single User Mode isn't unique to CentOS/Redhat, or even Linux. In fact, the
concept behind it isn't even unique to Unix: One of Microsoft's 10 security
rules is "if the bad guy has unrestricted physical access to your box, it
isn't your box anymore."

 _edit for clarity, due to reply_

GRUB doesn't change the Unix root password. GRUB--like any other bootloader--
lets you boot to single user mode, which doesn't require a password. Single
user mode lets you change the Unix root password.

~~~
delano
I'm aware of GRUB and LILO. But as bootloaders, I didn't realize they were
able to modify the Linux root password so easily. The question still stands:
is it possible in any flavour of Linux to change the root password by
modifying the kernel parameters at boot-time?

~~~
decode
On any flavor of linux that uses GRUB or LILO it's possible to modify the
kernel parameters at boot time to enter single-user mode. Once you're in
single-user mode you have full root privileges and environment and can change
any passwords or files you like.

~~~
delano
Ah, okay. Thanks for explaining that. I didn't realize it was possible to get
into single user mode without the password for any Linux.

Is the same true for BSDs, Solaris, et al?

~~~
decode
I've never tried it on anything but linux, but it looks like it's common:

FreeBSD: [http://www.cyberciti.biz/tips/howto-freebsd-reset-recover-
ro...](http://www.cyberciti.biz/tips/howto-freebsd-reset-recover-root-
password.html)

OpenBSD: <http://www.openbsd101.com/tipstricks.html#tt1>

Solaris: [http://www.cyberciti.biz/tips/solaris-boot-system-into-
singl...](http://www.cyberciti.biz/tips/solaris-boot-system-into-single-user-
mode.html)

------
babo
A pretty unique collection, worth a look!

------
mlLK
Any admins care to share some pornographic passwords?

    
    
         p4ss1ng g4s 1n h3r 4ss w/ my sp34r
         d4n4 d03s d1ld0s @t d4 d1ld0 st0re
         d1ck r4p3d j4n3 w/ h1s d1ng d4ng

~~~
ionfish
My general attitude to passwords is "Never choose something you'd be ashamed
to recite to your mother over the phone", since you never know when you'll be
in a position where you may have to do exactly that.

~~~
khafra
As an information assurance guy, I'd encourage users to use the most
embarassing possible passwords, since you should never share them. If you need
to make resources available to more entities, do it by sharing access, not
authentication.

~~~
Xichekolas
This is what I love about Hacker News... even a semi-trollish post generates
two great replies that I am glad to have read.

