|
HERE ARE SOME USEFUL / VITAL SSH COMMANDS THAT ALLOW BEGINNERS TO MONITOR THE BASICS OF APACHE SERVER (HERE CENTOS 4), TO INQUIRE SERVER LOAD PROBLEMS, HANDLE CHMOD COMMANDS, DELETE HACKED / CORRUPT FILES AND FOLDERS, INQUIRE ABOUT SERVER ACTIVITY AND DISK USAGE... INSTEAD OF WAITING FOR SUPPORT IN AN ENDLESS COMMUNICATION WHIRLPOOL FOR SOMETIMES SIMPLE THINGS, HERE ARE SOME BASIC SSH COMMANDS TO KEEP A HAND ON YOUR SERVER OR VIPS AND USE SUPPORT THE MOST EFFICIENTLY POSSIBLE: ---- VERY USEFUL FOR JOOMLA USERS, MOST COMMANDS YOU NEED ARE HERE ----
LINUX CENTOS USEFUL COMMANDS FOR DUMMIES
GENERAL SERVER HANDLING:
Getting General Command Help From Within SSH
With you are connected in with SSH, in most cases you can find help on a command by typing:
--help
eg. cd --help
If that doesn't work, you can also try:
man
eg. man iptables
Man stands for manual, like a help manual.
Common SSH Commands or Linux Shell Commands
cd : change directory · · cd /usr/local/apache : go to /usr/local/apache/ directory
cd ~ : go to your home directory
cd - : go to the last directory you were in
cd .. : go up a directory cat : print file contents to the screen
cat filename.txt : cat the contents of filename.txt to your screen
tail : like cat, but only reads the end of the file
tail /var/log/messages : see the last 20 (by default) lines of /var/log/messages
tail -f /var/log/messages : watch the file continuously, while it's being updated
tail -200 /var/log/messages : print the last 200 lines of the file to the screen
more : like cat, but opens the file one screen at a time rather than all at once
more /etc/userdomains : browse through the userdomains file. hit Spaceto go to the next page, q to quit
pico : friendly, easy to use file editor
pico /home/burst/public_html/index.html : edit the index page for the user's website.
File Editing with VI ssh commands
vi : another editor, tons of features, harder to use at first than pico
vi /home/burst/public_html/index.html : edit the index page for the user's website.
Whie in the vi program you can use the following useful commands, you will need to hit SHIFT + : to go into command mode
:q! : This force quits the file without saving and exits vi
:w : This writes the file to disk, saves it
:wq : This saves the file to disk and exists vi
:LINENUMBER : EG :25 : Takes you to line 25 within the file
:$ : Takes you to the last line of the file
:0 : Takes you to the first line of the file
grep : looks for patterns in files
grep root /etc/passwd : shows all matches of root in /etc/passwd
grep -v root /etc/passwd : shows all lines that do not match root
ln : create's "links" between files and directories
ln -s /usr/local/apache/conf/httpd.conf /etc/httpd.conf : Now you can edit /etc/httpd.conf rather than the original.
changes will affect the orginal, however you can delete the link and it will not delete the original.
Shell Text Editor (nano)
The best Linux text editor for SSH is nano (also known as pico but was renamed). You can create, edit and manipulate files of
all types as long as they are text based in this program. It is small and easy to use and install.
nano
eg. nano httpd.conf
Installing Nano (Text Editor) In SSH
wget download.fedora.redhat.com/pub/fedora/
linux/core/3/i386/os/Fedora/RPMS/compat-openldap-2.1.30-2.i386.rpm
rpm --install compat-openldap-2.1.30-2.i386.rpm
wget ftp://rpmfind.net/linux/redhat/9/en/os/i386
/RedHat/RPMS/pine-4.44-18.i386.rpm
rpm -Uhv ftp://mirror.switch.ch/mirror/scientificlinux
/40rolling/i386/SL/RPMS/compat-libcom_err-1.0-5.i386.rpm
rpm --install pine-4.44-18.i386.rpm
If you're still use to using the pico command, you can add use the following to create a link.
This means so when you type pico it will link to the new command nano without you noticing.
cd /usr/bin
ln nano pico
accessing files: If you would like to look into any of those, just type:
less /home/beatbang/public_html/cache/com_jevents/NAME-OF-THE-FILE-FROM-/root/beatbang.list.files.txt-HERE
Making Files and Directories
There are lots of ways to create a file on the fly.
Best way is to use a text editor like nano:
nano filename.conf
OR to put something quickly in a file use:
echo "my content" > test.txt
This will create an empty file.
Touch updates when a file was
last updated but in this case will also create it if it doesn't exist:
touch test.txt
Make a directory, you can use:
mkdir
chmod: changes file access permissions
The set of 3 go in this order from left to right:
USER - GROUP - EVERONE
Article provided by WebHostGear.com
0 = --- No permission
1 = --X Execute only
2 = -W- Write only
3 = -WX Write and execute
4 = R-- Read only
5 = R-X Read and execute
6 = RW- Read and write
7 = RWX Read, write and execute
Article provided by WebHostGear.com
Usage:
chmod numberpermissions filename
chmod 000 : No one can access
chmod 644: Usually for HTML pages
chmod 755: Usually for CGI scripts
chown: changes file ownership permissions
The set of 2 go in this order from left to right:
USER - GROUP
chown root myfile.txt : Changes the owner of the file to root
chown root.root myfile.txt : Changes the owner and group of the file to root
OPERATIONS:
CHMOD:
chmod -R 755 /home/hotelboo/public_html/*
chmod -R 777 *.*
chown -R user?.?grp location/*
chown -R user.group *
File System Permissions
Permissions in the file system are broken down into:
* File permissions
* Group permissions
Permissions can be assigned to files and directories.
File permissions can be adjusted with the CHMOD tool
(stands for change mode). Permissions are broken up to Read, Write, Execute.
These permissions can then be assigned to root (master user),
the group, and everyone (general public like web guests).
Permissions are represented by a number (CHMOD Numbers).
Digit rwx Result
0 --- no access
1 --x execute
2 -w- write
3 -wx write and execute
4 r-- read
5 r-x read and execute
6 rw- read and write
7 rwx read write execute
Remembering that permissions are assigned to three groups
(root, group and everyone) each group is assigned a number.
For example, 777 refers to full access for everyone.
Numbers 775 or 755 are the general permissions assigned to web directories and pages.
To change the CHMOD permissions:
chmod
eg. chmod 755 index.html
or for a directory:
eg. chmod 755 public_html
To mass change permissions, which you must be VERY careful of, you can use the -r parameter because it changes everything.
eg. chmod -r 755 public_html
Everything under public_html will now have the permission of 755
(root full access, group read and execute, public read and execute).
There is an excellent tutorial showing more in depth information
on mode and group permissions located at http://www.library.yale.edu/~lso/workstation/docs/permissions/
command --help
tab or tabtab
root@server [/]# chmod -R 755 /home/hotelboo/public_html/*
root@server [/]# chmod -R 644 /home/hotelboo/public_html/*.*
Here are commands to chmod all files and folders in users directory to 755 and files to 644.
#Chmod Directorys for 755
find /home/changrea/public_html -type d -exec chmod 755 {} \;
# Chmod Files for 644
find /home/changrea/public_html -type f -exec chmod 644 {} \;
Tutorial: List of shell / SSH commands to monitor server and other basic functions
Support Tutorials - HOSTING ISSUES
Here is a list of the most common and most used SSH commands on a Linux-Centos server
Here are commands to chmod all files and folders in users directory to 755 and files to 644.
#Chmod Directorys for 755
find /home/changrea/public_html -type d -exec chmod 755 {} \;
# Chmod Files for 644
find /home/changrea/public_html -type f -exec chmod 644 {} \;
Create FTP Account For New Location
adduser
passwd
On request enter the password and re-enter the password on request.
chmod -R 755 /home/
As required, change ownership to:
chown -R . /home/
Create FTP Account For Duplicate Location (eg. second user same path)
Scenario: site1 already exists and user33 needs access to site1 files.
adduser user33
passwd user33
On request enter the password and re-enter the password on request.
nano /etc/passwd
Change user33 path from /home/user33 to /home/site1
nano /etc/group
Change user33 to site1 group (eg. site1:x:501:user33)
Delete Users
One of these commands will delete a specified user:
userdel
OR
deluser
OR
rmuser
Ping
The popular ping command is used to check if a connection can be established with a server. It also measures the response times amongst a few other details. To run a ping use:
ping
Tracing
You can run a trace on any host providing you can connect to it. A trace, pings each hop of the connection and displays the information until it reaches the last node in the connection,
generally your server. Traces are generally used to test for network issues.
traceroute
WHOIS
The internet is built on IP addresses. However to make it easier to access a server, the domain name implemented. To record who owns what domain name all information is stored in a
large database generally referred to as the WHOIS database. You can run your own search by typing whois.
whois google.com
WHOIS look ups can also be done on IP addresses to see who they are registered to for things like reporting spam or abuse.
Simply use the same command but replace it with the IP address to query instead.
Some providers offer are more refined database of their own that they store customer information in. For example:
rwhois://rwhois.layeredtech.com:4321
This is one example of a referral server and you can query it and find our more information generally even reseller names and details.
eg. whois -h rwhois.layeredtech.com -p 4321
RDNS lookup (host)
To check what an IP resolves to (reverse DNS entry) use the host command.
host 72.14.207.99
Send Message In SSH
You can send messages or broadcast notices to other SSH users by using the wall command.
eg. wall
Find Service
You can you the where is command if you are unsure of paths:
eh. whereis mysql
What is fsck?
Stands for "File system check" - It checks the disk for corrupt sectors and attempts to repair. Can be used when errors like "seg fault" appear and other situations.
SERVER INFO, FILE LOCATION PATH
Common Paths and File Locations
MYSQL Config - /etc/my.cnf
MYSQL - /usr/local/mysql/
SSH Config - /etc/ssh/ (generally the conf file with sshd in it)
Apache (or httpd) - /usr/local/apache/ OR /etc/httpd
Apache Conf file - /usr/local/apache/conf/httpd.conf
Apache Daemon - /usr/local/apache/bin/apachectl
Logs - /var/log/
User Data - /home/
Restarting Services (Apache, Mysql, etc)
If setup, you can generally use the "service" command. eg:
service httpd restart
It's a shortcut method to accessing daemons.
HTTPD - service httpd restart OR service apache restart
MYSQL - service mysql restart
Running Scripts/Programs
You can do so in two ways:
Change directory to the correct path then execute:
cd /scripts
./scriptname
OR
/scripts/scriptname
For sh scripts, you need to put sh in front of it:
cd /scripts
sh scriptname
OR
sh /scripts/scriptname
Repairing Databases
pathtomysql/bin/mysqlcheck -B --repair
Generally the path to mysql is /usr/local/mysql/ but not always.
If you get an access denied error, you need to login first. If you have root access you can just add a -p on the end.
pathtomysql/bin/mysqlcheck -B -p --repair
Do not enter your password in the command. It will prompt you to login after you press enter. If you need to login with a user account (not root) add an -u for user.
pathtomysql/bin/mysqlcheck -B -u -p --repair
The -B parameter means select a single database or two or three. If you want to repair all of them, use -A instead (root required):
pathtomysql/bin/mysqlcheck -A -p --repair
Remember the different ways of accessing the program:
a) cd pathtomysql/bin/
./mysqlcheck -A -p --repair
b) /pathtomysql/bin/mysqlcheck -A -p --repair
c) mysqlcheck -A -p --repair
Sometimes servers are setup (sbin) so you don't have to type all the full paths or change to them.
Red IP Addresses/Sites Do Not Work Off Primary Shared IP (cPanel/WHM)
If you go to "Show or Delete Current IP Addresses" in WHM and you see red IP addresses, the ipaliases service has failed or been forced to stop.
This happens sometimes and their isn't a feature in WHM to restart it. You need to restart it via SSH:
service ipaliases restart
OR
/etc/init.d/ipaliases restart
Easy way to find php.ini path
The easiest way to find the php.ini file (the file where all the general php settings are stored), short of not knowing it off
the top of your head; you can use a combination of commands.
Do note execute these commands yet! You can use the command:
php -i
This prints out all the php information as seen via a web browser when the phpinfo(); command is used. Within all this information is the path to
the php.ini file. So we're simply going to grep the information. You can use this command to find the path to the php.ini file:
php -i | grep php.ini
It will return something like this:
Configuration File (php.ini) Path => /usr/local/lib/php.ini
That's your file!
SECURITY AND LOGS:
view your servers current load and what processes and activity your server is currently running
You can log into your vps using ssh and use the commands
uptime
top -c
service httpd fullstatus
For monitoring the VPS status try:
free -m (memory usage)
top (overall processor/memory usage)
ps auxf
mysqladmin processlist
I see that you want to optimize your vps, by finding what makes load on your vps. For that top is not good enough,
because it shows current load (last 1, 5 and 15 minutes), and resources state distribution per live processes,
either running or sleeping. If some cron task is making spikes, you probably will never catch it with top,
but you need to arrange some more sophisticated monitoring system.
Handy thing for top is changing sort column with
< or >
(default sort column is %CPU),
but press
shift+< twice a
nd you will get processes sorted by cumulative time.
That's excellent for runing processes, but as I said above,
if process is strated from cron, you need other solution. I hope this answers your questions
You can check all active Apache processes using this command:
service httpd fullstatus
That way you can see if some domain is getting too much traffic and using resources.
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
That one lists IP's by connection number.
iptables -I INPUT -s IP -j DROP
That one blocks a IP.
You can check all active Apache processes using this command:
service httpd fullstatus
BLOCK IP:
What it means, is that an IP tried to get access, but failed.
The CPHulk feature did it's job, and blocked the IP.
Also, I blocked this IP via SSH:
iptables -I INPUT -s 202.113.244.42 -j DROP
PREVENT BRUTE FORCE OF SERVER:
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
That one lists IP's by connection number.
iptables -I INPUT -s IP -j DROP
That one blocks a IP.
tail -f /var/log/secure
tail -f /var/log/secure
This can be used to see if someone is trying to brute force into your server.
last : shows who logged in and when
last -20 : shows only the last 20 logins
last -20 -a : shows last 20 logins, with the hostname in the last field
w : shows who is currently logged in and where they are logged in from.
who : This also shows who is on the server in an shell.
netstat : shows all current network connections.
netstat -an : shows all connections to the server, the source and destination ips and ports.
netstat -rn : shows routing table for all ips bound to the server.
top : shows live system processes in a nice table, memory information, uptime and other useful info. This is excellent
for managing your system processes, resources and ensure everything is working fine and your server isn't bogged down.
top then type Shift + M to sort by memory usage or Shift + P to sort by CPU usage
ps: ps is short for process status, which is similar to the top command. It's used to show currently running processes
and their PID.
A process ID is a unique number that identifies a process, with that you can kill or terminate a running program on
your server (see kill command).
ps U username : shows processes for a certain user
ps aux : shows all system processes
ps aux --forest : shows all system processes like the above but organizes in a hierarchy that's very useful!
touch : create an empty file
touch /home/burst/public_html/404.html : create an empty file called 404.html in the directory /home/burst/public_html/
file : attempts to guess what type of file a file is by looking at it's content.
file * : prints out a list of all files/directories in a directory
Firewall - iptables commands
iptables -I INPUT -s IPADDRESSHERE -j DROP : This command stops any connections from the IP address
iptables -L : List all rules in iptables
iptables -F : Flushes all iptables rules (clears the firewall)
iptables --save : Saves the currenty ruleset in memory to disk
service iptables restart : Restarts iptables
Apache Shell Commands
httpd -v : Outputs the build date and version of the Apache server.
httpd -l : Lists compiled in Apache modules
httpd status : Only works if mod_status is enabled and shows a page of active connections
service httpd restart : Restarted Apache web server
MySQL Shell Commands
mysqladmin processlist : Shows active mysql connections and queries
mysqladmin drop databasenamehere : Drops/deletes the selected database
mysqladmin create databasenamehere : Creates a mysql database
Restore MySQL Database Shell Command
mysql -u username -p password databasename < databasefile.sql : Restores a MySQL database from databasefile.sql
Backup MySQL Database Shell Command
mysqldump -u username -p password databasename > databasefile.sql : Backup MySQL database to databasefile.sql
kill: terminate a system process
kill -9 PID EG: kill -9 431
kill PID EG: kill 10550
Use top or ps ux to get system PIDs (Process IDs)
EG:
PID TTY TIME COMMAND
10550 pts/3 0:01 /bin/csh
10574 pts/4 0:02 /bin/csh
10590 pts/4 0:09 APP
Each line represents one process, with a process being loosely defined as a running instance of a program. The column
headed PID (process ID) shows the assigned process numbers of the processes. The heading COMMAND shows the location
of the executed process.
Putting commands together
Often you will find you need to use different commands on the same line. Here are some examples.
Note that the | character is called a pipe, it takes date from one program and pipes it to another.
> means create a new file, overwriting any content already there.
>> means tp append data to a file, creating a newone if it doesn not already exist.
< send input from a file back into a command.
grep User /usr/local/apache/conf/httpd.conf |more
This will dump all lines that match User from the httpd.conf, then print the results to your screen one page at a time.
last -a > /root/lastlogins.tmp
This will print all the current login history to a file called lastlogins.tmp in /root/
tail -10000 /var/log/exim_mainlog |grep domain.com |more
This will grab the last 10,000 lines from /var/log/exim_mainlog, find all occurances of domain.com (the period represents 'anything',
-- comment it out with a so it will be interpretted literally), then send it to your screen page by page.
netstat -an |grep :80 |wc -l
Show how many active connections there are to apache (httpd runs on port 80)
mysqladmin processlist |wc -l
Check ports for processes
If you want to check what process is running on the server on a certain port you can use the lsof command. You can check everything by typing:
lsof
You can also check just a single port and protocol, using port 80 as an example:
lsof -i tcp:80
This will check port 80 on TCP protocol. Here's an example output:
root@server [/]# lsof -i tcp:80
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
httpd 3313 root 19u IPv4 8033 TCP *:http (LISTEN)
httpd 25553 nobody 19u IPv4 8033 TCP *:http (LISTEN)
httpd 25554 nobody 19u IPv4 8033 TCP *:http (LISTEN)
httpd 25555 nobody 19u IPv4 8033 TCP *:http (LISTEN)
httpd 25556 nobody 19u IPv4 8033 TCP *:http (LISTEN)
httpd 25557 nobody 19u IPv4 8033 TCP *:http (LISTEN)
httpd 25789 nobody 19u IPv4 8033 TCP *:http (LISTEN)
httpd 26410 nobody 19u IPv4 8033 TCP *:http (LISTEN)
httpd 27622 nobody 19u IPv4 8033 TCP *:http (LISTEN)
httpd 27625 nobody 19u IPv4 8033 TCP *:http (LISTEN)
httpd 28113 nobody 19u IPv4 8033 TCP *:http (LISTEN)
Flush Exim Queue
If you've got 2000 emails queued to be sent which you know are all spam, you can quickly clear the queue by typing:
exim -qff
You can also use it in debugging mode:
exim -qff -d9
Access Denied Error from phpMyAdmin via WHM (cPanel)
When you try and load phpMyAdmin from cPanel's Web Host Manage (WHM) a message saying access denied appears. There is a very simple solution to this.
From web host manager, under SQL Services click MySQL Root Password. Enter in a password and save it.
Try loading up phpMyAdmin again from web host manager and it should be fine. No SSH commands, no configuration files - type and click.
Locate files owned by nobody and delete
This is extremely useful for locating files that have been uploaded using an exploit and are still owned by the nobody user. Note this isn't
the solution to cleaning up an exploit, just a tool to assist in the clean up.
The below command will search all user document root for files owned by nobody and display them on the screen. This is one of the most
likely location of uploaded nobody files but its possible for files to be outside this directory. You'll need to adjust the scope of the command where necessary.
find /home/*/public_html -user nobody -print
The below command will search and delete all files in the users document root that are owned by the nobody user. It's recommended
you just do a find first, then if it's clear run the below command:
find /home/*/public_html -user nobody -print | xargs rm
To delete folders owned by nobody user too, use:
find /home/user/public_html -user nobody -print | xargs rm -Rf
Check Binded IP addresses
ifconfig
Under eth0 you'll see something like:
inet addr:xx.79.162.45 Bcast:xx.79.162.45 Mask:255.255.255.248
Gives you the IP details. The "lo" one is the loopback adapter, allows it to talk to itself. Insane hey?
INQUIRING, DEBUGGING FILE AND FILE MANAGER
du : shows disk usage.
du -sh : shows a summary, in human-readble form, of total disk space used in the current directory, including subdirectories.
du -sh * : same thing, but for each file and directory. helpful when finding large files taking up space.
If you would like to do run a disk space usage breakdown,you can always try by positioning yourself into directory you want to count space on and run:
du --max-depth=1 -h
There are some variants on du (disk usage) command, if interested type: man du into a command line or browse on teh Internet for linux manual pages.
Anyhow, I created a file with list of all files under:
/root/beatbang.list.files.txt
for your inspection. If you would like to look into any of those, just type:
less /home/beatbang/public_html/cache/com_jevents/NAME-OF-THE-FILE-FROM-/root/beatbang.list.files.txt-HERE
Listing Directory Content
BEST I FOUND IS:
ls -Xl
To list the files and folders inside a directory you can use the ls command.
eg. ls
For better display, you can use:
eg. ls -l
On some servers, if its setup you can simply type two L's and it will work like ls -l
eg. ll
For more advanced directory listing options type:
eg: ls --help
If you would like to run a filter over the results you can add a pipe, followed by the grep command and then your criteria..
eg. ll | grep index
OR
eg. ll | grep .php
Don't forget if ll doesn't work, use the ls or ls -al commands. Wildcards are not needed. The grep command searches for pattens in things.
This is merly one example of its uses.
ls : list files/directories in a directory, comparable to dir in windows/dos.
ls -al : shows all files (including ones that start with a period), directories, and details attributes for each file.
file information command:
wc : word count
wc -l filename.txt : tells how many lines are in filename.txt
cp : copy a file
cp filename filename.backup : copies filename to filename.backup
cp -a /home/burst/new_design/* /home/burst/public_html/ : copies all files, retaining permissions form one directory to another.
cp -av * ../newdir : Copies all files and directories recurrsively in the current directory INTO newdir
mv : Move a file command
mv oldfilename newfilename : Move a file or directory from oldfilename to newfilename
Delete / remove files:
rm : delete a file
rm filename.txt : deletes filename.txt, will more than likely ask if you really want to delete it
rm -f filename.txt : deletes filename.txt, will not ask for confirmation before deleting.
rm -rf tmp/ : recursively deletes the directory tmp, and all files in it, including subdirectories. BE VERY CAREFULL WITH THIS COMMAND!!!
Delete the folder and everything under it:
rm -r
To delete everything without prompting for delete add a -f in there too:
rm -rf
Delete a file:
rm
Delete file without prompt:
rm -f
rm -rf sess* when inside a directory, delete (remove) all files starting with "sess"
So to delete everything under the "downloads" directory you could:
Example 1:
cd /home/user1/public_html/
rm -rf download
This would delete the download directory, without prompt and everything under it.
Example 2:
cd /home/user1/public_html/download
rm -rf ./*
for emergency delete files of folder can't access:
find -name \*.cache -exec rm -rf {} \.
Most efficient to force delete::
find |grep '.cache'|xargs rm -rf
which works like this
the find string lists all files in this directory and below.
the grep string searches the output for all files that contain the character ".cache" then prints only those to output
the xargs runs the command rm -rf on the output output
This is a slightly longer way to run the command, however is more reliable.
useful functions:
TAR: Creating and Extracting .tar.gz and .tar files
tar -zxvf file.tar.gz : Extracts the file
tar -xvf file.tar : Extracts the file
tar -cf archive.tar contents/ : Takes everything from contents/ and puts it into archive.tar
gzip -d filename.gz : Decompress the file, extract it
ZIP Files: Extracting .zip files shell command
unzip file.zip
Useful symbols including wildcards
One powerful feature is the use of the symbols. They allow you to write information to and from a file.
eg. echo "my data" > test.conf
The above command will replace all the file content with "my data". If you want add to the bottom of the file:
eg. echo "my data" >> test.conf
It also works the other way too. For example if you have an sql back up in backup.sql, you can import it:
eg. mysqldump -B [database name] -u [username] -p < backup.sql
The * symbol refers to everything. For example to delete everything in the current folder use:
rm -rf ./*
|
ROOTS HOSTING & WEB DESIGN
