Here are some iptables commands I have found useful. This list will be updated from time to time.

View all current iptables rules:

iptables -L -v

View all INPUT rules:

iptables -L INPUT -nv

How to block an IP address using iptables:

iptables -I INPUT -s "201.128.33.200" -j DROP

To block a range of IP addresses:

iptables -I INPUT -s "201.128.33.0/24" -j DROP

How to unblock an IP address:

iptables -D INPUT -s "201.128.33.200" -j DROP

How to block all connections to a port:
To block port 25:

iptables -A INPUT -p tcp --dport 25 -j DROP
iptables -A INPUT -p udp --dport 25 -j DROP

How to un-block:
To enable port 25:

iptables -A INPUT -p tcp --dport 25 -j ACCEPT
iptables -A INPUT -p udp --dport 25 -j ACCEPT 

To save all rules so that they are not lost in case of a server reboot:

/etc/init.d/iptables save

This command will show exim processes including the path to the script being utilized to send mail. Very useful in locating a spamming script:

ps -C exim -fH eww

 

This will show the route of the email address. It is useful when you try to diagnose email delivery problems:

exim -bt user@domain.com

 

To perform a SMTP testing session as if the mail comes from a particular host for testing filtering rules inside your server:

exim -bh ipaddresshere

 

This will show what exim is currently doing:

exiwhat

 

Mail server queue:

exim -bpc   // print the total number of emails currently in server queue.
exim -bp   // print mails in queue sorting by time, size,...
exim -bp | exiqsumm   // count, volume, oldest, newest, domain, and totals

 

To list exim’s configuration setting:

exim -bP

 

To start a queue run:

exim -q -v

 

To start a queue run for just local deliveries:

 exim -ql -v

 

To remove a message from the queue:

exim -Mrm <message-id>

 

To freeze a message:

exim -Mf <message-id>

 

To force delivery of a message:

exim -M <message-id>

 

To remove all frozen messages:

exiqgrep -z -i | xargs exim -Mrm

 

To remove all messages older than 1 day (the number is in seconds):

exiqgrep -o 86400 -i | xargs exim -Mrm

 

To freeze all queued mail from a given sender:

exiqgrep -i -f user@domain.com | xargs exim -Mf

 

Message viewing:

exim -Mvh <message-id>    // view message's headers
exim -Mvb <message-id>    // view message's body
exim -Mvl <message-id>    // view message's logs

Exiqgrep

At times, we will be required to search the mail queue for a particular message to help troubleshooting mail problems for our users. Here are some useful exiqgrep commands.

 
This will search the queue for messages coming from a specific sender:

exiqgrep -f user@domain.com

 

This will search the queue for messages from a specific recipient:

exiqgrep -r user@domain.com

 

This will display messages older than the specified number of seconds.

exiqgrep -o 86400    // more than a day old

 

This will display messages newer than the specified number of seconds.

exiqgrep -y 3600    // less than an hour old

Location, configuration file:

 
Apache configuration file:

/etc/apache2/apache2.conf

 
PHP php.ini file:

/etc/php5/apache2/php.ini

 
MySQL configuration file:

/etc/mysql/my.cnf

 
Default (initial) web location:

/var/www

 
Web browser address:

http://localhost/

Restarting:

 
How to restart apache:

sudo /etc/init.d/apache2 restart

 
How to restart MySQL:

sudo /etc/init.d/mysql restart

 

 
To search for files by name:

find dir -name keyword

dir: directory you want to search for files
keyword: the name of the file you want to search for
examples:
find /home/test -name “index.txt”
find /home -name “shell*”   // find files beginging with “shell”

 
To search for files by modified date:

by the minute:

find dir -mmin time

 
by the hour:

find dir -mtime time

 
examples:
find /home -mmin -30   // find all files modified in the past 30 minutes
find /home -mmin +30   // find all files modified more than 30 minutes ago
find /home -mmin +30 -mmin -60   // find all files modified between 30 and 60 minutes ago
find /home -mtime -1   // find all files modified within the past 1-day (24 hours)
find /home -mtime -7   // find all files modified within the past 1-week (7 days)

 

 
Install a package:

rpm -ivh package_name

 
Upgrade a package:

rpm -Uvh package_name

 
Uninstall a package:

rpm -ev package_name

 
Uninstall a package without checking for its dependencies:

rpm -ev --nodeps package_name

 
Display the version of the installed package:

rpm -q package_name

 
Display the name and version of all packages installed in the server:

rpm -qa

 
Display the packages got installed recently:

rpm -qa --last

 
To rebuild a corrupted RMP database:

rpm --rebuilddb

 
What is Screen?
Screen is a free Unix software. Under Screen, if your shell session gets disconnected, the screen session doesn’t go away. It will continue the compilations until completion. Sounds good

 
How to install screen under CentOS?

yum install screen

 
How to use Screen? Simply type:

screen

then you will be led into a new virtual shell terminal. After that, just work with your commands normally.

 
If my session got disconnected, how do I resume my Screen session?

screen -r

 
If I have multiple screen sessions, how do I see them?

screen -list

 
How to exit Screen?

exit

 
How do I exit Screen but still leaving my compilations to keep on compiling?

ctrl+a+d

You will then led back to your original shell session. Your screen session will keep on working. To resume, you can use “screen -r”. Pretty useful right?

How to login to MySQL:

mysql -u root -p

How to create a MySQL database via Shell:

After you logged in, execute this command (replace dbname with the name of the database you want to create):

mysql> create database dbname;

Output:
Query OK, 1 row affected (0.01 sec)

How to delete a MySQL database via Shell:

mysql> drop database dbname;

Output:
Query OK, 0 rows affected (0.05 sec)

How to create a MySQL User via Shell:

(replace dbusername with the username you want to create)

mysql> create user dbusername;

How to set a password for the MySQL User you just created:

(replace passhere with the password you would like to set)

mysql> set password for dbusername = password('passhere');

How to grant privileges for the username to the database:

mysql> grant all privileges on dbname.* to dbusername@localhost identified by 'passhere';

How to display database tables in a MySQL database?

 
First enter the database by executing:

mysql> use dbname;

 
Now show tables:

mysql> show tables; 

 
To search for a specific table without remembering its exact name:
(where keyword is the partial name you remember)

mysql> show tables in dbname like '%keyword'; 

How to exit MySQL via Shell:

mysql> exit

1. yum check-update
   This allows you to check to see if there is any update available for your installed packages.
    
2. yum update
   This will update all packages to the latest version.
    
3. yum update <package name>
   Use this to just update one package at a time.
    
4. yum search <keyword>
   You can use this command to search for any packages containing specific keyword. Pretty useful to locate the full name of a particular package.
    
5. yum install <package name>
   This allows you to install the latest version of a package. Yum will automatically install all dependencies.
    
6. yum remove <package name>
   Used to delete/remove a package, along with its dependencies if any.
    
7. yum localinstall <absolute path to package>
   With “yum install”, yum automatically downloads the package for you.  In case you already downloaded the package yourself, you  can use this command to install it. Make sure to state the full path to the package you downloaded.  i.e. yum localinstall /home/test.tar.gz
    
8. yum info <package name>
   Lists information about a package.
    

If you know more, please add to the list!

From: jarocki@dvorak.amd.com (John Jarocki)
Organization: Advanced Micro Devices, Inc.; Austin, Texas

- Never hand out directions on “how to” do some sysadmin task
until the directions have been tested thoroughly.
– Corollary: Just because it works one one flavor
on *nix says nothing about the others. ‘-}
– Corollary: This goes for changes to rc.local (and
other such “vital” scripties.

2

From: ericw@hobbes.amd.com (Eric Wedaa)
Organization: Advanced Micro Devices, Inc.

-NEVER use ‘rm ‘, use rm -i ‘ instead.
-Do backups more often than you go to church.
-Read the backup media at least as often as you go to church.
-Set up your prompt to do a `pwd` everytime you cd.
-Always do a `cd .` before doing anything.
-DOCUMENT all your changes to the system (We use a text file
called /Changes)
-Don’t nuke stuff you are not sure about.
-Do major changes to the system on Saturday morning so you will
have all weekend to fix it.
-Have a shadow watching you when you do anything major.
-Don’t do systems work on a Friday afternoon. (or any other time
when you are tired and not paying attention.)

3

From: rca@Ingres.COM (Bob Arnold)
Organization: Ask Computer Systems Inc., Ingres Division, Alameda CA 94501

1) The “man” pages don’t tell you everything you need to know.
2) Don’t do backups to floppies.
3) Test your backups to make sure they are readable.
4) Handle the format program (and anything else that writes directly
to disk devices) like nitroglycerine.
5) Strenuously avoid systems with inadequate backup and restore
programs wherever possible (thank goodness for “restore” with
an “e”!).
6) If you’ve never done sysadmin work before, take a formal
training class.
7) You get what you pay for.
There’s no substutite for experience.
9) It’s a lot less painful to learn from someone else’s experience
than your own (that’s what this thread is about, I guess )

4

From: jimh@pacdata.uucp (Jim Harkins)
Organization: Pacific Data Products

If you appoint someone to admin your machine you better be willing
to train them. If they’ve never had a hard disk crash on them you might want
to ensure they understand hardware does stuff like that.

5

From: dvsc-a@minster.york.ac.uk
Organization: Department of Computer Science, University of York, England

Beware anything recursive when logged in as root!

6

From: matthews@oberon.umd.edu (Mike Matthews)
Organization: /etc/organization

*NEVER* move something important. Copy, VERIFY, and THEN delete.

7

From: almquist@chopin.udel.edu (Squish)
Organization: Human Interface Technology Lab (on vacation)

When you are doing some BIG type the command and reread what you’ve typed
about 100 times to make sure its sunk in (:

8

From: Nick Sayer

If / is full, du /dev.

9

From: TRIEMER@EAGLE.WESLEYAN.EDU
Organization: Wesleyan College

Never ever assume that some prepackaged script that you are running does
anything right.

From: hirai@cc.swarthmore.edu (Eiji Hirai)
Organization: Information Services, Swarthmore College, Swarthmore, PA, USA

We were running a system software that had a serious bug where if anyone
had logged out ungracefully, the system wouldn’t let any more users onto the
system and users who were logged on couldn’t execute any new commands. (The
newest release of the software later on did fix this bug.) I had to reboot
the machine to restore the system to a sane state. I did a wall < need to shutdown blah blah... EOF and then shutdown. Well, I should've
waited since at the precise moment, one of our users was doing a once-a-year
massive conversion of our financial data (talk about bad luck). I had
shutdown in the middle of a very long disk write and thus, data was lost.
We did recover that data and life went on.

Moral: make damn sure that *no one* is doing anything on your system before you
reboot, even if other users are vociferously clamoring for you to reboot.

2

From: robjohn@ocdis01.UUCP (Contractor Bob Johnson)
Organization: Tinker Air Force Base, Oklahoma

Management told us to email a security notice to every user on the our
system (at that time, around 3000 users). A certain novice administrator
on our system wanted to do it, so I instructed them to extract a list of
users from /etc/passwd, write a simple shell loop to do the job, and
throw it in the background. Here’s what they wrote (bourne shell)…

for USER in `cat user.list`; do
mail $USER done

Have you ever seen a load average of over 300 ???

3

From: Iain.Lea%anl433.uucp@Germany.EU.net (Iain Lea)
Organization: ANL A433, Siemens AG., Germany.

I used to work at Siemens R&D in Erlangen (33000 people out of 115000
population work at Siemens – 12000 in the R&D area). We were working
on a project porting an ISO FTAM implementation in Ada to C.

About 2 months into the project we received a new project leader who
decided there were too few people working on the project (sigh!).
Anyway we were promised that a “Spitzen Klasse” (Outstanding) SW guy
was being sent over from the next lab.

The fateful day turned up (had to be a monday) and there was our very
own ‘Einstein’. We gave him a tour of the lab (ie. Coffee machine on
the left, laser on the right etc.) finally getting to out work area.
We had a couple of fast 386′s (this happened in ’89) running Xenix 386.
We told Einstein that I was the sysadmin for both machines and that if
*anything* was strange or not working to speak with me. OK so the first
morning went off without a hitch and we all went to get someting to eat
around midday. All except Einstein who said he wanted to check a few
things out (Code practices we thought etc. – turned out to be Page 3 of
that months playboy).

We came back from eating to find Einstein twiddling his thumbs and
saying that he could no longer log in on either machine. Ermmm…

I asked him if *anything* had happened while we were away. He thought
and thought and then said “Nothing really but the lights went out for
a few minutes”. OK I thought “fsck the disks, remount them and away
we go” but then I stopped and asked him again “Anything else?”. He
then really started looking around and found the palms of his hand
the most interesting thing he’d ever seen. He answered “Well I know
a little about Unix and fsck is the ‘ajax’ cleaning program of Unix
so when it started again after the lights came back on it started
fsck and asked me for a scratchpad file. I just took the one it
printed on the line above!” (ie. the name of the filesystem to clean).

Another comment he made was “Must be a fast machine as fsck ran quick”.

Bad you might say until he told me he had done the same thing to our
backup machine.

Needless to say Einstein & our project leader exited stage left…

And we eventually got a backup tape from our data safe stored at
another lab. The SW guy is kind of a living legend around here

4

From: rca@Ingres.COM (Bob Arnold)
Organization: Ask Computer Systems Inc., Ingres Division, Alameda CA 94501

Many moons ago, in my first sysadmin job, learning via “on-the-job
training”, I was in charge of a UNIX box who’s user disk developed a
bad block. (Maybe you can see it already …)

The “format” man page seemed to indicate that it could repair bad
blocks. (Can you see it now?) I read the man page very carefully.
Nowhere did it indicate any kind of destructive behavior.

I was brave and bold, not to mention boneheaded, and formatted the user disk.
Heh.

The good news:
1) The bad block was gone.
2) I was about to learn a lot real fast
The bad news:
1) The user data was gone too.
2) The users weren’t happy, to say the least.

Having recently made a full backup of the disk, I knew I was in for a
miserable all day restore. Why all day? It took 8 hours to dump
that disk to 40 floppies. And I had incrementals (levels 1, 2, 3, 4,
and 5, which were another sign of my novice state) to layer on top
of the full.

Only it got worse. The floppy drive had intermittent problems reading
some of the floppies. So I had to go back and retry to get the files
which were missed on the first attempt.

This was also a port of Version 7 UNIX (like I said, this was many
moons ago). It had a program called “restor”, primordial ancestor of
BSD’s “restore”. If you used the “x” option to extract selected files
(the ones missed on earlier attempts), “restor” would use the *inode
number* as the name of the extracted files. You had to move the
extracted files to their correct locations yourself (the man page said
to write a shellscript to do this ). I didn’t know much about shell
scripts at the time, but I learned a lot more that week.

Yes, it took me a full week, including the weekend, maybe 120 hours or
more, to get what I could (probably 95% of the data) off the backups.
And there were a few ownership and permissions problems to be cleaned up
after that.

Once burned twice shy. This is the only truly catastrophic mistake I’ve
ever made as a sysadmin, I’m glad to be able to say.

I kept a copy of my memo to the users after I had done what I could.
Reading it over now is sobering indeed! I also kept my extensive notes
on the restore process – thank goodness I’ve never had to use them since.

5

From: jimh@pacdata.uucp (Jim Harkins)
Organization: Pacific Data Products

A friend of mine admins an RS6000 for a state college. The weekend before
the fall semester started the Powers That Be decided to physically move the
system to a different room. She stayed late friday night, moved the machine,
and then it wouldn’t boot. I was in Sunday afternoon looking at it, wouldn’t
boot for nothing. Monday morning, first day of classes, an IBM rep comes in
and reformats the hard disk without telling her. Turns out this was the
machine all the professors were doing their class plans on. So not only
couldn’t they have them printed out, but when school started monday morning
the teachers discovered they had lost all the work they’d done in the week
before school started. Seems she never did backups because the teachers
always bitched about how slow the system was when she did, and she hadn’t
learned about cron yet (I told her about that one).

In her defense, she’d only been using the RS6000 for less than a month before
this happened. She didn’t know UNIX. She hadn’t had any training. She
still had her regular job to do.

To make things worse, when she called me monday night she was in tears as
she told me how she had to personally visit all the professors and tell them
their work was gone. I blurted out “Stupid of you not to make backups”. Here
she is looking for a shoulder to cry on and I go and tell her the same thing
everybody from the department chair on down to the janitor had been saying.
Oops.

The moral? If you appoint someone to admin your machine you better be willing
to train them. If they’ve never had a hard disk crash on them you might want
to ensure they understand hardware does stuff like that. I also found out
she was unplugging and plugging cables all over the place without powering
down the system. Her hardware knowledge was essentially “this thing goes into
the wall, then the lights blink”.

7

From: rick@sadtler.com (Rick Morris)
Organization: Sadtler Research Laboratories

Slightly off the subject, but not too far off, is the phenomenon of “Sysadmin
Wannabees.” I’ve been Sys Admin of UNIX at 3 sites now. The phenomenon has
occured at all three.

You are talking to a fellow programmer, or a programmer is within ear shot.
A new user (or even an old user) comes up to you and asks something like:
“How would I list only directory files within a directory?”

Now it has been my experience that the question is not complete. Is this a
recursive list? Is this a “one-time” thing, or are you going to do it many
times? Is it part of a program? (Sometimes questions like this end up as
an answer to a C question executed as a system(3) call rather than a preferred
library call.) Anyway, as you ponder the question, the many alternatives (in
unix there’s always another way), the questioner’s experience, whether or not
they want a techie answer or a DOSie answer, the programmer within ear shot
pipes in with an answer of how *THEY* do or would do it.

It is invariable. It happens every time. I don’t think I take all that
long to answer. But the Wannabee answer is rapid. Like the kid in class
who raises his hand going “oo” “oo” “oo”.

I have seen my predicessors get all bent out of shape when the Sysadmin
Wannabees jump on their toes. I usually let the answer proceed, indeed,
often these Wannabees give a complete answer, even doing it for the
questioner. After a bit I return to the questioner and ask if the question
was properly answered, if they understand the answer, or if they want any
more information. It also shows me how deeply the Wannabee understands
just what is going on inside that pizza box.

Have any other of you sys admins seen this phenomenon, or is it my slow
pondering of potential answers that drives the Wannabee to jump in?

8

From: rslade@cue.bc.ca (Rob Slade)
Organization: Computer Using Educators of B.C., Canada

I had a job one time teaching Pascal at a “visa school”. The machine was a
multi-user micro that ran UNIX. I have enough stories from that one course
to keep a group of computer educators in stitches for at least half an hour.

The finale of the course was on the last day of classes. When I showed up
and powered up the system, it refused to boot. Since all the students’ term
projects and papers were in the computer, it was fairly important. After
a few hours of work, and consultation with the other teacher, who did the
sysadmin and maintenance, we were finally informed that the new admin
assistant around the place had decided that the layout of the computer lab
was unsuitable. (I had noticed that all the desk were repositioned: I thought
the other teacher had done it, he thought I had.) The AA had, the night
before, moved all the furniture, including the terminals and the micro. She
did not know anything about parking hard disks.

We knew now, that we were in trouble, but we didn’t realize how much until
we started reading up on emergency procedures. For some unknown reason,
booting the micro from the original system disks would automatically reformat
the hard disk.

(The visa school refunded the tuition for all the students in that course.)

9

From: corwin@ensta.ensta.fr (Gilles Gravier)
Organization: ENSTA, Paris, France

I am sysadmin at my office… I won’t name it, because that’s not
the subject… Of course, UNIX is my cup of tea… But, at home, I have an
MS DOS machine… As old habits die hard, I have set up MKS toolkit on my home
PC… And, as I have a C:\TMP directory where Windows and other applications
put stuff, that remains, as I sometimes have to reboot fast… (ah, the fun
of developping at home!)… So, in my AUTOEXEC.BAT file, I have the following:
rm -rf /tmp
mkdir c:\tmp
the recursive rm comming from MKS, and mkdir from horrible MSDOS.

At the time, I didn’t have a tape streamer on my pc… I was working,
and the mains waint down… so did the PC. Windows was running, \TMP full
of stuff… So, when powers comes back on, rm -rf /tmp has things to do…
While it’s doing those things, power goes down again (there was a storm).
Power comes back up, and this time, it seems that the autoexec takes really
too much time… So, I control C it… And, to my horror, realize that I don’t
have anymore C:\DOS C:\BIN C:\USR and that my C:\WINDOWS was quite depleted…

After some investigation, unsuccesfull, I did the following: cd \tmp
and then DIR… And there, in C:\TMP, I find my C:\ files! The first power
down had resulted in the cluster number of C:\ being copied to that of C:\TMP,
actually resulting in a LINK! (Now, this isn’t suppose to happen under MSDOS!)
I had to patch in the DIRECTORY cluster to change TMP’s name replacing the
first T by the letter Sigma, so that DOS tought that TMP wasn’t there anymore,
then do an chkdsk /F, and then undelete the files that I could… And rebuild
the rest…

10

From: gert@greenie.gold.sub.org (Gert Doering)

I was on a 5 days vacation, the first day my machine crashed…

How? Well…

cron started a shell-skript to extract some files from a “.lzh”-Archive.
LHarc found that the target file already existed, asked

“file exists, overwrite (y/n)?”

… since it was started from cron, it just read “EOF”. Tried again. Read
“EOF”. And so on.

All output went to /tmp… what was full after the file reached 90 MB!
What happened next? I’m using a SCO machine, /tmp is in my root filesystem
and when trying to login, the machine said something about being not able
to write loggin informations – and threw me out again.

Switched machine off.

Power on, go to single user mode. Tried to login – immediately thrown out
again.

I finally managed to repair the mess by booting from Floppy disk, mounting
(and fsck-ing) the root filesystem and cleaning /tmp/*