Useful Linux stuff

  1. Apply permissions to directories or files only
  2. How to check if NginxGzipStaticModule is working
  3. Detach Process
  4. Disable core dumps
  5. Disable iptables connection tracking
  6. Disable sshd authentication log
  7. Generate SSH key
  8. Increase number of maximum open files
  9. Installing mrtg for monitoring OpenTracker
  10. Installing OpenTracker
  11. Netbeans Macros
  12. Recursively move all files (including hidden) in a subfolder into a parent folder

Apply permissions to directories or files only

Directories only: find . -type d -exec chmod 0770 {} \;

Files only: find . -type f -exec chmod 0660 {} \;

The following is especially for Drupal installations and based on this OCDevel blog post.

cd /var/www
chown -R {username}:{groupname} .
chmod -R 750 .
find . -type d -wholename "*/sites/*/files" -exec chmod -R 770 {} \;
chmod g+s .
find . -type d -exec chmod g+s {} \;

The following is how I normally do it.

chown -R php:webdev /var/www
chmod -R 770 /var/www
chmod -R g+s /var/www
find /var/www -type f -exec chmod 660 {} \;

How to check if NginxGzipStaticModule is working

ps ax | grep "nginx: worker"strace -p {PID1} -p {PID2} -p {PIDn} 2>&1 | grep gz

Source: Stackoverflow

Detach Process

To detach a process completely append the following string to the command:

<&- 1<&- 2<&-

Source: Stackoverflow

Disable core dumps

To disable core dumps for all users, open /etc/security/limits.conf. Make sure the following config directive exists:

* hard core 0

Save and close the file. Once a hard limit is set in /etc/security/limits.conf, the user cannot increase that limit within his own session. Add fs.suid_dumpable = 0 to /etc/sysctl.conf file:

# echo 'fs.suid_dumpable = 0' >> /etc/sysctl.conf
# sysctl -p

This will make sure that core dumps can never be made by setuid programs. Finally, add the following to /etc/profile to set a soft limit to stop the creation of core dump files for all users (which is default and must be disabled):

# echo 'ulimit -S -c 0 > /dev/null 2>&1' >> /etc/profile

Source: nixCraft

Disable iptables connection tracking

Very useful if you have countless connections on your server to lower the RAM usage.

iptables -t raw -A PREROUTING -j NOTRACK

Disable sshd authentication log

# editor /etc/rsyslog.conf

- auth,authpriv.*          /var/log/auth.log
- *.*;auth,authpriv.none   -/var/log/syslog

+ auth,authpriv.*          /dev/null
+ *.*;auth,authpriv.none   -/dev/null

Generate SSH key

Don’t forget to add the user’s name to /etc/ssh/sshd_conf and reload or restart the OpenSSH server.

My GitHub repository for ssh with extended OpenSSH server configuration.

RSA

adduser username
chmod 770 /home/username
su username
cd
ssh-keygen -t rsa 4096
chmod 600 .ssh/id_dsa.pub

DSA

adduser username
chmod 770 /home/username
su username
cd
ssh-keygen -t dsa
chmod 600 .ssh/id_dsa.pub

Increase number of maximum open files

Sometimes a process tries to open more files then the operating system allows by default. To overcome these limitations we have to do the following.

# editor /etc/security/limits.conf

Add the following two lines before the comment # End of file.

* hard nofile 262144
* soft nofile 131072

Save and close the file and execute the following two commands.

ulimit -Hn 262144
ulimit -Sn 131072

We just raised the hard limit (-Hn) and soft limit (-Sn) for all users to a really high amount. Please bare in mind that this is a security risk and only perform this if you know what you are doing.

In order to make this from any use we also have to increase the maximum file descriptors within our Linux Kernel, do the following.

# editor /etc/sysctl.conf

Add the following line at the end of the file.

fs.file-max = 262144

Save the file and execute the following command to apply the new settings.

# sysctl -p

Installing mrtg for monitoring OpenTracker

Simple step-by-step instructions on how to install mrtg on your Linux server for monitoring your OpenTracker.

apt-get install mrtg
mkdir /var/www/tracker
mkdir /etc/mrtg
editor /etc/mrtg/opentracker.cfg

The following goes into the OpenTracker configuration file.

Next we have to create a cron job which updates the stats all five minutes.

crontab -e

The following is our cron job, it’s important to include the language because mrtg does not play nicely with unicode encoding. You could also create the cronjob with your webserver user if you want.

*/5 * * * * env LANG=C /usr/bin/mrtg /etc/mrtg/opentracker.cfg

Now we want to generate and index file for web access from the configuration file.

indexmaker /etc/mrtg/opentracker.cfg > /var/www/tracker/mrtg.html

We execute the command for an update once.

env LANG=C /usr/bin/mrtg /etc/mrtg/opentracker.cfg

Now we can visit our web page and have a look at the tracker statistics.

Installing OpenTracker

Simple step-by-step instructions on how to install OpenTracker on your Linux server.

aptitude install libz-dev cvs make gcc bzip2
mkdir /etc/opentracker
cd /etc/opentracker
wget http://dl.fefe.de/libowfat-0.28.tar.bz2
tar -jxvf libowfat-0.28.tar.bz2
rm -f libowfat-0.28.tar.bz2
mv libowfat-0.28 libowfat
cd libowfat
make
make install
cd ..
cvs -d:pserver:anoncvs@cvs.erdgeist.org:/home/cvsroot co opentracker
cd opentracker
make
make install
echo "listen.tcp_udp 0.0.0.0:6969" > opentracker.conf
echo "tracker.redirect_url http://tracker.bobdo.net" >> opentracker.conf
./opentracker -f opentracker.conf & disown
editor /etc/init.d

The following goes into our init script.

Now we only have to include the script when our server starts.

update-rc.d opentracker defaults

Netbeans Macros

Go to Tools → Options → Editor → Macros tab and click on the new button

Join line

caret-end-line selection-down selection-first-non-white remove-selection 

Delete line

caret-end-line selection-begin-line remove-selection 

Source Netbeans forum

Recursively move all files (including hidden) in a subfolder into a parent folder

mv bar/{,.}* .

Source: Serverfault

↑ back to top