Burn an ISO image to a CD right from the command line!

This is commonly used by system administrators who love simple, efficient and verbose method of writing an image into a Compact Disk. If you have an ISO file "image.iso", then you can use the "cdrecord" command:

cdrecord -v speed=8 dev=/dev/cdrom /path/to/image.iso

Attributes:

-v : Verbose mode, shows a lotta information while writing the disk.. geeky :-D
speed = : you can set the burning speed. 8 means 8x speed
-multi : multisession mode (ooooh, cool feature for a command line tool)

Listing files in Linux sorted according to size

Have you ever felt the need to list the 10 files that takes the largest space in a specific directory? You might know that its pretty easy do that via GUI but believe me its the same thing when it comes to the Console also.

Here is how its done:

du -a (directory) | sort -n -r | head -n 10

This will list all the files in the directory specified, sorts them and lists the 10 files that takes up maximum size.

Easy, right?

Make files in your webserver download instead of being displayed

Suppose, you have a text file in your web directory. When you access that file, it will be displayed in the web browser itself. If you want to make that file (or any other file type you want) to be asked to download instead of being displayed, here is what you can do:

Create a .htaccess file in that directory with the following content:

AddType unknown/nothing pdf
AddType unknown/nothing txt
AddType unknown/nothing jpg

Now when you access any file with an extension .jpg or .pdf, your browser will ask you to download the file instead of showing up.

Relaying email from Postfix via another SMTP Server

Have you ever been in a situation where you want to relay your emails from your Postfix server via another SMTP server? This is certainly possible and its way too simple:

First thing to do is configure Postfix in your machine. Once done, edit the configuration file for Postfix (usually under /etc/main.cf) and editing the below value:

#relayhost =

to

relayhost = smtp.emailprovider.com

Once done, all emails sent via your Postfix server will be relayed through the desired Outgoing server.

Other options that may interest you are as follows:

• myhostname = hostname.emailprovider.com
• mydomain = emailprovider.com
• masquerade_domains = emailprovider.com

The last option will correct the envelopes shows as "user@emailprovider.com".

Hope that helps someone :-)

Limiting Denial of Service (DoS) attacks

Denial of Service (DoS) attack is an attempt by a malicious (or unwitting) user, process, or system to prevent legitimate users from accessing a resource (usually a network service) by exploiting a weakness or design limitation in an information system. Examples of DoS attacks include flooding network connections, filling disk storage, disabling ports, or removing power. This can be limited by setting timeouts.

• # echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
• # echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_time
• # echo 1 > /proc/sys/net/ipv4/tcp_window_scaling
• # echo 0 > /proc/sys/net/ipv4/tcp_sack
• # echo 1280 > /proc/sys/net/ipv4/tcp_max_syn_backlog

Source: http://sourcelinux.wikidot.com/firewall-using-iptables

Usages of "wget" command in Linux

Wget, IMO, is the best download manager application I've ever seen for Linux operating system. Apart from the normal usages of wget, there are so many cool usages which can become real handy!

Resume Downloads:

# wget -c download_link

Download in background:

# wget -b download_link

Limit the bandwidth usage:

# wget --limit-rate=10k download_link

This will make wget download the file at a maximum speed of 10Kbps. This can be handy when downloading in background and there are other applications that needs Internet usage.

Download from websites having authentication:

# wget --username=username --password=password download_link

Download from an FTP server that requires authentication:

# wget --ftp-user=username --ftp-password=password download_link

Download a website completely (recursively):

# wget -r website_link

Download a website completely (recursively) up to a certain level:

# wget -r -l 5 website_link

Download up to 5 levels from the website directory. Please make sure you have enough disk space before attempting to download like this.

Download a website and convert the links relative to the local system to make it available for offline use:

# wget --convert-links -r website_link

Torn ON mirroring:

# wget --mirror download_link

Download an HTML page along with its page requisites:

This helps to download a web page (HTML) along with the requirements of that page such as images, sounds, style sheets etc.

# wget --page-requisites download_link

Download Securely from HTTPS sites:

wget --secure-protocol=protocol_name download_link

Valid options for Protocol names are "auto", "SSLv2", "SSLv3", and "TLSv1". The option "auto" can be used if you dont want to specify the protocol to be used.

And.. yes.. that's not all.. there are so many other options for the wget command. Refer its manual pages for more details.. If I find anything more interesting, I will make sure I post it here :-)

Find all files matching a specific pattern and move them to a specified sub-folder

To find all files matching a specific pattern and move them to a specified sub-folder, this command will be handy:

# find . -type f -exec grep -q 'search_string' {} \; -exec mv {} sub_folder_location/ \;

Nvidia driver fails to load after an upgrade from Ubuntu 8.04 (Hardy Heron) to Ubuntu 8.10 (Intrepid Ibex)

Well, I guess it was too early for me for an upgrade but I was waiting restlessly for an upgrade to the latest Ubuntu version, Intrepid Ibex. The upgrade went fine but guess what, my X server failed to load NVIDIA drivers once it booted up. I could get into Safe Graphics mode.. but it was certainly not what I should have.

I had to refer so many blogs and docs to get this working.. I am posting that here so that anyone else having the same issue might find this useful.

• Boot with Xorg server default configuration first.
• Open up Synaptic and remove every installed package having the name "nvidia"
• Reboot again (this is a must)
• Install these Nvidia packages except "nvidia-xconfig" package (which got the bug)

nvidia-glx-177
nvidia-*-modaliases
nvidia-kernel
nvidia-kernel-common
nvidia-177-kernel-source
nvidia-settings

• Reboot again
• Run sudo nvidia-xconfig
• Restart X server.

From many blogs and forums, many have said that this corrected their issue.. but unfortunately, not mine.. I checked the Xorg.log and could see the line that the file "libglx.so" was missing due to some reason. Then I got a suggestion from another blog to link the file libglx.so.169.12 to libglx.so.

# sudo -s
# cd /usr/lib/xorg/modules/extensions
# ln -s libglx.so.169.12 libglx.so
# init 6

That worked! And, I became another happy Intrepid Ibex user :-)

PS: This bug might have fixed with the latest updates so, I also recommend doing a complete update before trying these steps!

A cool usage of "sed" command

Suppose, you have a text file called "input.txt". You want to convert all instances of "thisword" to "anotherword" and produces and output file called "output.txt".

# cat input.txt | sed 's/thisword/anotherword/g' > output.txt

Cool, huh? ;-)

SSH Port forwarding in Linux using IPTables

Port forwarding can be done using IPTables using DNAT. I had a requirement in my enterprise, which is shown in the below chart:

Internet --> Connections made on port 22 on Gateway machine --> re-directed to port 22 of another machine present in the private network

Here the Gateway machine as two NIC cards with one of them having a public IP, say, 202.202.202.202. The machine to which the SSH connections are forwarded are on port 22 of 192.168.1.10 which is on a private network connected via the second NIC card.

So here is how the IPTable rule should be given:

iptables -t nat -A PREROUTING -p tcp -i external_interface -d external_ip --dport 22 -j DNAT --to-destination private_ip

So as per my above example network, here is how the rule should look like:

iptables -t nat -A PREROUTING -p tcp -i eth0 -d 202.202.202.202 --dport 22 -j DNAT --to-destination 192.168.1.10

Note: Please note that the private machine to be connected must be using the same Gateway we are trying to SSH. This should be taken into consideration while port forwarding in a network using more than one Gateway machines.

Reverse SSH Tunneling in Linux

This can be very handy if you want to access a Linux box present inside a NATed Network from a Linux machine outside the network. The hard way is via DNAT using IPTables using Port Forwarding, but this is very, very simple if SSH Tunneling is used.

For example, if you want to access a machine 192.168.1.10 (present under a NAT Network) from another Linux machine having the IP address 202.202.202.202, then here is what you have to do:

1) SSH from the private machine to the public machine using the below command;

ssh -R 18000:localhost:22 remoteuser@202.202.202.202

Here -R specifies that the given port on the remote (server) host is to be forwarded to the given host and port on the local side. 18000 can be any unused port on the machine.

2) Now from the remote machine, SSH into that machine itself to the port we mentioned earlier.

ssh localuser@localhost -p 18000

That should ask for a password and it needs to be the password of the localuser you have specified in the above command.

Upgrading from PHP 5.1 to 5.2 in Fedora

Its not that hard to upgrade PHP from v5.1 to v5.2. Here is how I do this (in detail):

1) Know your current PHP version:

# php -v

PHP 5.1.6 (cli) (built: Feb 23 2007 10:11:28)
Copyright (c) 1997-2006 The PHP Group
Zend Engine v2.1.0, Copyright (c) 1998-2006 Zend Technologies

So the current version is 5.1.6 and this needs to be upgraded.

2) Check out the PHP RPMs that you have installed in your machine:

# rpm -qa | grep php

php-pdo-5.1.6-1.4
php-json-1.2.1-2.fc5
php-mysql-5.1.6-1.4
php-gd-5.1.6-1.4
php-xml-5.1.6-1.4
php-5.1.6-1.4
php-pear-1.4.9-1.2

3) Download the RPM packages for the new PHP Version. I use the website RPM.PBONE.NET since it provides a good customized search interface for finding the right RPM packages. Use "Advanced RPM Search" link near the "Search" button and you will see what I mean. Download the ones required from the desired FTP servers and place them in a folder.

(Since I am doing this for a PHP Development machine, I might use a few extra packages that might not be in your menu ;-)

pcre-6.6-1.fc5.remi.i386.rpm
php-devel-5.2.5-1.fc5.remi.i386.rpm
php-pdo-5.2.5-1.fc5.remi.i386.rpm
php-5.2.5-1.fc5.remi.i386.rpm
php-gd-5.2.5-1.fc5.remi.i386.rpm
php-pear-1.7.1-1.fc5.remi.noarch.rpm
php-cli-5.2.5-1.fc5.remi.i386.rpm
sqlite2-2.8.17-1.fc5.i386.rpm
php-common-5.2.5-1.fc5.remi.i386.rpm
php-mysql-5.2.5-1.fc5.remi.i386.rpm
sqlite2-2.8.17-1.fc5.i386.rpm.html

4) Remove the existing PHP RPMs from the machine:

# rpm -e php php-pear php-pdo php-gd php-mysql php-gd

(If this is successful, you wont get any results. If you see a message like "php-gd not found" then just remove that package from the above remove list)

5) Install the new RPMs in the below order to avoid dependency errors:

# rpm -Uvh pcre-6.6-1.fc5.remi.i386.rpm
# rpm -ivh php-common-5.2.5-1.fc5.remi.i386.rpm
# rpm -ivh php-cli-5.2.5-1.fc5.remi.i386.rpm
# rpm -ivh php-5.2.5-1.fc5.remi.i386.rpm
# rpm -ivh sqlite2-2.8.17-1.fc5.i386.rpm
# rpm -ivh php-pdo-5.2.5-1.fc5.remi.i386.rpm
# rpm -ivh php-mysql-5.2.5-1.fc5.remi.i386.rpm
# rpm -ivh php-pear-1.7.1-1.fc5.remi.noarch.rpm
# rpm -ivh php-gd-5.2.5-1.fc5.remi.i386.rpm

6) This should be over pretty quickly and you wont get any errors. Then just restart your Apache Server (HTTPD) for the changes to take effect.

# /etc/init.d/httpd restart

Now check your PHP Version and see if the change got reflected:

# php -v

PHP 5.2.5 (cli) (built: Nov 10 2007 12:15:39)
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies

Voila, Done!