Restrict SSH access by IP
The best way to restrict SSH access by IP is by using the server’s hosts.allow and hosts.deny file. First open the /etc/hosts.allow file and add the IP’s you would like to allow:
Format – one IP per line:
SSHD: $IP #Reason
Example:
SSHD: 1.1.1.1 #Client 1
The hosts.allow file will have to be updated in this format every time you decide to add a new IP.
Once you have whitelisted all of the allowed IP’s for SSH you must then edit the hosts.deny file. Open the file /etc/hosts.deny and add the following line:
sshd: ALL
Linux set hostname
First login to the server via SSH. Then run:
hostname $servername
Update the hosts file – Look for the primary IP of the server. Follow the same format and replace the old hostname with the new hostname on the same line as the primary IP.
vi /etc/hosts
Update your network file with the new hostname:
vi /etc/sysconfig/network
Argument list too long
In Linux there is a maximum number of files that can be removed from a folder using:
rm -rf /home/$foldername/*
Instead, you can use the find command which will find each file in a specific folder and then remove it. This is extremely helpful when you have to remove thousands of files from a mail queue after a spam bomb.
BE CAREFUL – To remove all of the files in a folder use the following:
find /$fullpathtofolder -type f -exec rm -rf {} ;
i.e.
find /var/spool/mqueue -type f -exec rm -rf {} ;
By placing setting the -type to f you will ensure you only remove files and not folders within that folder.
Get CPU speed in Linux
cat /proc/cpuinfo
This will show you the number of processors/cores and the speed/memory capabilities of them.
Make a file read only
To make a file on a Linux system read only use the following:
#add protection
chattr +i filename
This will ensure nothing can change the file unless it removes the chattr bit prior to writing to the file. If you need to update the file run:
#remove protection
chattr -i filename
This will enable editing so you can make changes. However, be sure to reset the file as read only once you’re finished to ensure the file doesn’t change. This is extremely useful with cpanel and other systems that change system files and reset them to defaults each time the service is restarted. It will allow you to implement customizations without them being overwritten every time a service restarts.
disable selinux
selinux often breaks applications or scripts and it’s necessary to disable selinux. To disable selinux:
echo 0 > /selinux/enforce
sed string replacement
Here’s how you can replace a string in a file with sed:
perl -pi -e ‘s/replaceme/reoplacewith/g’ filename.txt
This is a VERY basic replacement without and special characters. Be VERY careful if you have special characters that you’re trying to replace. If you have characters like:
/ you will have to proceed them with a to ensure you don’t wipe out the file.
Create a cron job
The format of the cron job is as follows:
1 = The minute after the hour that you want it done
2 = The hour you want it done (Military Time)
3 = Day of the Month
4 = Month of the Year
5 = Day of the week
6 = ‘command’ that you want it to run
Example:
5 0 * * * /usr/local/bin/email
means -
5 – 5th minute after the hour
0 – In the 0 hour
* – Everyday of the month
* – Every month of the year
* – Everyday of the week
minute This controls what minute of the hour the command will run on,
and is between ’0′ and ’59′
hour This controls what hour the command will run on, and is specified in
the 24 hour clock, values must be between 0 and 23 (0 is midnight)
dom This is the Day of Month, that you want the command run on, e.g. to
run a command on the 19th of each month, the dom would be 19.
month This is the month a specified command will run on, it may be specified
numerically (0-12), or as the name of the month (e.g. May)
dow This is the Day of Week that you want a command to be run on, it can
also be numeric (0-7) or as the name of the day (e.g. sun).
user This is the user who runs the command.
cmd This is the command that you want run. This field may contain
multiple words or spaces.
Check for Bad Blocks
check for bad blocks on a hard drive:
badblocks -vv /dev/sda3 > badblocks.log &
The command above will check for badblocks on the partition /dev/sda3 and save the results to the log file badblocks.log
checks for badblocks and it writes the results to: badblocks.log
If you want to check a specific drive or partition you should run:
fdisk -l|awk ‘{print $1}’|grep “/”
This command will provide you with a list of partitions on your system that you can check.