How do I find out the current directory location and shell script directory location in Bash running on Linux or Unix like operating systems?

You can use any one of the following method to find out the portion of pathname:

basename command – Display filename portion of pathname.

dirname command – Display directory portion of pathname.

Bash parameter substitution.

$0 expands to the name of the shell or shell script.

Examples: Shell script find out which directory the script file resides

The following example display directory path or portion of /home/nixcraft/scripts/foo.sh:

dirname /home/nixcraft/scripts/foo.sh

Sample outputs:

/home/nixcraft/scripts

The following line sets the shell variable i to /home/nixcraft/scripts:

i=dirname /home/nixcraft/scripts/foo.sh

echo  $i

OR

i=$(dirname /home/nixcraft/scripts/foo.sh)

echo  $i

In bash script use $0 instead of /home/nixcraft/scripts/foo.sh:

#!/bin/bash

script= $0

basename= $(dirname $script)

echo  Script name $script resides in $basename directory.

Sample outputs:

Script name /tmp/test.sh resides in /tmp directory.

Using bash shell ${var%pattern} syntax

To Remove from shortest rear (end) pattern use the following syntax:

var=${path%/*}

For example:

x= /Users/nixcraft/scripts/bar.sh

echo  ${x%/*}

y= ${x%/*}

echo  $y

An updated version of the above script:

#!/bin/bash

# Purpose : Linux / Unix shell script find out which directory this script file resides

# Author : nixCraft <http://www.cyberciti.biz> under GPL v2.x+

# ————————————————————————————-

script= $0

basename= ${script%/*}

config1= ${basename}/.backup

config2= ${basename}/.ignore

config3= ${basename}/.target

echo  Script name $script resides in $basename directory.

echo  Reading config file $config1 $config2 $config3, please wait…

Run it as:

$ chmod +x /tmp/test.sh

$ /tmp/test.sh

Sample outputs:

Fig.01 Sample run from test.sh

A note about finding physical or real path

You may not get a real physical path and real path may be a symbolic link. To get physical path use realpath command. The realpath command uses the realpath() function to resolve all symbolic links, extra / characters and references to /./ and /../ in path. This is useful for shell scripting and security related applications.

Another recommended option is to use the readlink command to display value of a symbolic link or canonical file name:

#!/bin/bash

# Purpose : Linux / Unix shell script find out which directory this script file resides

# Author : nixCraft <http://www.cyberciti.biz> under GPL v2.x+

# ————————————————————————————-

Who am i? ##

Get real path ##

_script= $(readlink -f ${BASH_SOURCE[0]})

Delete last component from $_script ##

_mydir= $(dirname $_script)

Delete /path/to/dir/ component from $_script ##

_myfile= $(basename $_script)

echo  Script : $_script

echo  Directory portion of $_script : $_mydir

echo  Filename portion of $_script : $_myfile

Save and close the file. Run it as follows:

./demo.bash

cd /home/vivek/

../../tmp/demo.bash

/tmp/demo.bash

Sample outputs:

Fig.02: Finding real path

See also

See man pages for more info – basename(1), dirname(1), bash(1)

ow do I create and setup an OpenSSH config file to create shortcuts for servers I frequently access under Linux or Unix desktop operating systems?

A global or local configuration file for SSH client can create shortcuts for sshd server including advanced ssh client options. You can configure your OpenSSH ssh client using various files as follows to save time and typing frequently used ssh client command line options such as port, user, hostname, identity-file and much more:

System-wide SSH client configuration files

/etc/ssh/ssh_config : This files set the default configuration for all users of OpenSSH clients on that desktop/laptop and it must be readable by all users on the system.

User-specific SSH client configuration files

~/.ssh/config or $HOME/.ssh/config : This is user’s own configuration file which, overrides the settings in the global client configuration file, /etc/ssh/ssh_config.

~/.ssh/config file rules

The rules are as follows to create an ssh config file:

You need to edit ~/.ssh/config with a text editor such as vi.

One config parameter per line is allowed in the configuration file with the parameter name followed by its value or values. The syntax is:

config value

config1 value1 value2

You can use an equal sign (=) instead of whitespace between the parameter name and the values.

config=value

config1=value1 value2

All empty lines are ignored.

All lines starting with the hash (#) are ignored.

All values are case-sensitive, but parameter names are not.

Tip : If this is a brand new Linux, Apple OS X/Unix box, or if you have never used ssh before create the ~/.ssh/ directory first using the following syntax:

mkdir -p $HOME/.ssh

chmod 0700 $HOME/.ssh

Examples

For demonstration purpose my sample setup is as follows:

Local desktop client – Apple OS X or Ubuntu Linux.

Remote Unix server – OpenBSD server running latest OpenSSH server.

Remote OpenSSH server ip/host: 75.126.153.206 (server1.cyberciti.biz)

Remote OpenSSH server user: nixcraft

Remote OpenSSH port: 4242

Local ssh private key file path : /nfs/shared/users/nixcraft/keys/server1/id_rsa

Based upon the above information my ssh command is as follows:

$ ssh -i /nfs/shared/users/nixcraft/keys/server1/id_rsa -p 4242 nixcraft@server1.cyberciti.biz

OR

$ ssh -i /nfs/shared/users/nixcraft/keys/server1/id_rsa -p 4242 -l nixcraft server1.cyberciti.biz

You can avoid typing all of the ssh command parameters while logging into a remote machine and/or for executing commands on a remote machine. All you have to do is create an ssh config file. Open the Terminal application and create your config file by typing the following command:

edit file in $HOME dir

vi ~/.ssh/config

OR

edit file in $HOME dir

vi $HOME/.ssh/config

Add/Append the following config option for a shortcut to server1 as per our sample setup:

Host server1

HostName server1.cyberciti.biz

User nixcraft

Port 4242

IdentityFile /nfs/shared/users/nixcraft/keys/server1/id_rsa

Save and close the file. To open your new SSH session to server1.cyberciti.biz by typing the following command:

$ ssh server1

Adding another host

Append the following to your ~/.ssh/config file:

Host nas01

HostName 192.168.1.100

User root

IdentityFile ~/.ssh/nas01.key

You can simply type:

$ ssh nas01

Putting it all together

Here is my sample ~/.ssh/config file that explains and create, design, and evaluate different needs for remote access using ssh client:

default for all ##

Host *

ForwardAgent no

ForwardX11 no

ForwardX11Trusted yes

User nixcraft

Port 22

Protocol 2

ServerAliveInterval 60

ServerAliveCountMax 30

override as per host ##

Host server1

HostName server1.cyberciti.biz

User nixcraft

Port 4242

IdentityFile /nfs/shared/users/nixcraft/keys/server1/id_rsa

Home nas server ##

Host nas01

HostName 192.168.1.100

User root

IdentityFile ~/.ssh/nas01.key

Login AWS Cloud ##

Host aws.apache

HostName 1.2.3.4

User wwwdata

IdentityFile ~/.ssh/aws.apache.key

Login to internal lan server at 192.168.0.251 via our public uk office ssh based gateway using ##

$ ssh uk.gw.lan ##

Host uk.gw.lan uk.lan

HostName 192.168.0.251

User nixcraft

ProxyCommand  ssh nixcraft@gateway.uk.cyberciti.biz nc %h %p 2> /dev/null

Our Us Proxy Server ##

Forward all local port 3128 traffic to port 3128 on the remote vps1.cyberciti.biz server ##

$ ssh -f -N  proxyus ##

Host proxyus

HostName vps1.cyberciti.biz

User breakfree

IdentityFile ~/.ssh/vps1.cyberciti.biz.key

LocalForward 3128 127.0.0.1:3128

Understanding ~/.ssh/config entries

Host : Defines for which host or hosts the configuration section applies. The section ends with a new Host section or the end of the file. A single * as a pattern can be used to provide global defaults for all hosts.

HostName : Specifies the real host name to log into. Numeric IP addresses are also permitted.

User : Defines the username for the SSH connection.

IdentityFile : Specifies a file from which the user’s DSA, ECDSA or DSA authentication identity is read. The default is ~/.ssh/identity for protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa and ~/.ssh/id_rsa for protocol version 2.

ProxyCommand : Specifies the command to use to connect to the server. The command string extends to the end of the line, and is executed with the user’s shell. In the command string, any occurrence of %h will be substituted by the host name to connect, %p by the port, and %r by the remote user name. The command can be basically anything, and should read from its standard input and write to its standard output. This directive is useful in conjunction with nc(1) and its proxy support. For example, the following directive would connect via an HTTP proxy at 192.1.0.253:

ProxyCommand /usr/bin/nc -X connect -x 192.1.0.253:3128 %h %p

LocalForward : Specifies that a TCP port on the local machine be forwarded over the secure channel to the specified host and port from the remote machine. The first argument must be [bind_address:]port and the second argument must be host:hostport.

Port : Specifies the port number to connect on the remote host.

Protocol : Specifies the protocol versions ssh(1) should support in order of preference. The possible values are 1 and 2.

ServerAliveInterval : Sets a timeout interval in seconds after which if no data has been received from the server, ssh(1) will send a message through the encrypted channel to request a response from the server. See blogpost “Open SSH Server connection drops out after few or N minutes of inactivity” for more information.

ServerAliveCountMax : Sets the number of server alive messages which may be sent without ssh(1) receiving any messages back from the server. If this threshold is reached while server alive messages are being sent, ssh will disconnect from the server, terminating the session.

Speed up ssh session

Multiplexing is nothing but send more than one ssh connection over a single connection. OpenSSH can reuse an existing TCP connection for multiple concurrent SSH sessions. This results into reduction of the overhead of creating new TCP connections. Update your ~/.ssh/config:

Host server1

HostName server1.cyberciti.biz

ControlPath ~/.ssh/controlmasters/%r@%h:%p

ControlMaster auto

See “Linux / Unix: OpenSSH Multiplexer To Speed Up OpenSSH Connections” for more info. In this example, I go through one host to reach another server i.e. jump host using ProxyCommand:

~/.ssh/config ##

Host internal

HostName 192.168.1.100

User vivek

ProxyCommand ssh vivek@vpn.nixcraft.net.in -W %h:%p

ControlPath ~/.ssh/controlmasters/%r@%h:%p

ControlMaster auto

For more info see following tutorials:

How To Reuse SSH Connection To Speed Up Remote Login Process Using Multiplexing

How To Setup SSH Keys on a Linux / Unix System

A note about shell aliases (outdated method)

WARNING! This bash shell aliased based setup may work out for you. However, I recommend that you use ~/.ssh/config file for better results in a long run. SSH config file is more advanced and elegant solutions. The alias command only used here for demo purpose and it is here due to historical reasons.

An alias is nothing but shortcut to commands and you can create the alias use the following syntax in your ~/.bashrc file:

create a new bash shell alias as follow ##

alias server1= ssh -i /nfs/shared/users/nixcraft/keys/server1/id_rsa -p 4242 nixcraft@server1.cyberciti.biz

Then, to ssh into the server1, instead of typing full ssh -i /nfs/shared/users/nixcraft/keys/server1/id_rsa -p 4242 nixcraft@server1.cyberciti.biz command, you would only have to type the command ‘server1’ and press the [ENTER] key:

$ server1

References

See ssh_config(5) for more information on syntax and some of the other available options.

Top 20 OpenSSH Server Best Security Practices

A global or local configuration file for SSH client can create shortcuts for sshd server including advanced ssh client options. You can configure your OpenSSH ssh client using various files as follows to save time and typing frequently used ssh client command line options such as port, user, hostname, identity-file and much more:

System-wide SSH client configuration files

/etc/ssh/ssh_config : This files set the default configuration for all users of OpenSSH clients on that desktop/laptop and it must be readable by all users on the system.

User-specific SSH client configuration files

~/.ssh/config or $HOME/.ssh/config : This is user’s own configuration file which, overrides the settings in the global client configuration file, /etc/ssh/ssh_config.

~/.ssh/config file rules

The rules are as follows to create an ssh config file:

You need to edit ~/.ssh/config with a text editor such as vi.

One config parameter per line is allowed in the configuration file with the parameter name followed by its value or values. The syntax is:

config value

config1 value1 value2

You can use an equal sign (=) instead of whitespace between the parameter name and the values.

config=value

config1=value1 value2

Tip : If this is a brand new Linux, Apple OS X/Unix box, or if you have never used ssh before create the ~/.ssh/ directory first using the following syntax:

mkdir -p $HOME/.ssh

chmod 0700 $HOME/.ssh

Examples

For demonstration purpose my sample setup is as follows:

Local desktop client – Apple OS X or Ubuntu Linux.

Local ssh private key file path : /nfs/shared/users/nixcraft/keys/server1/id_rsa

Based upon the above information my ssh command is as follows:

$ ssh -i /nfs/shared/users/nixcraft/keys/server1/id_rsa -p 4242 nixcraft@server1.cyberciti.biz

OR

$ ssh -i /nfs/shared/users/nixcraft/keys/server1/id_rsa -p 4242 -l nixcraft server1.cyberciti.biz

You can avoid typing all of the ssh command parameters while logging into a remote machine and/or for executing commands on a remote machine. All you have to do is create an ssh config file. Open the Terminal application and create your config file by typing the following command:

edit file in $HOME dir

vi ~/.ssh/config

OR

edit file in $HOME dir

vi $HOME/.ssh/config

Add/Append the following config option for a shortcut to server1 as per our sample setup:

Host server1

HostName server1.cyberciti.biz

User nixcraft

Port 4242

IdentityFile /nfs/shared/users/nixcraft/keys/server1/id_rsa

Save and close the file. To open your new SSH session to server1.cyberciti.biz by typing the following command:

$ ssh server1

Adding another host

Append the following to your ~/.ssh/config file:

Host nas01

HostName 192.168.1.100

User root

IdentityFile ~/.ssh/nas01.key

You can simply type:

$ ssh nas01

Putting it all together

Here is my sample ~/.ssh/config file that explains and create, design, and evaluate different needs for remote access using ssh client:

default for all ##

Host *

ForwardAgent no

ForwardX11 no

ForwardX11Trusted yes

User nixcraft

Port 22

Protocol 2

ServerAliveInterval 60

ServerAliveCountMax 30

override as per host ##

Host server1

HostName server1.cyberciti.biz

User nixcraft

Port 4242

IdentityFile /nfs/shared/users/nixcraft/keys/server1/id_rsa

Home nas server ##

Host nas01

HostName 192.168.1.100

User root

IdentityFile ~/.ssh/nas01.key

Login AWS Cloud ##

Host aws.apache

HostName 1.2.3.4

User wwwdata

IdentityFile ~/.ssh/aws.apache.key

Login to internal lan server at 192.168.0.251 via our public uk office ssh based gateway using ##

$ ssh uk.gw.lan ##

Host uk.gw.lan uk.lan

HostName 192.168.0.251

User nixcraft

ProxyCommand  ssh nixcraft@gateway.uk.cyberciti.biz nc %h %p 2> /dev/null

Our Us Proxy Server ##

Forward all local port 3128 traffic to port 3128 on the remote vps1.cyberciti.biz server ##

$ ssh -f -N  proxyus ##

Host proxyus

HostName vps1.cyberciti.biz

User breakfree

IdentityFile ~/.ssh/vps1.cyberciti.biz.key

LocalForward 3128 127.0.0.1:3128

Understanding ~/.ssh/config entries

Host : Defines for which host or hosts the configuration section applies. The section ends with a new Host section or the end of the file. A single * as a pattern can be used to provide global defaults for all hosts.

HostName : Specifies the real host name to log into. Numeric IP addresses are also permitted.

User : Defines the username for the SSH connection.

IdentityFile : Specifies a file from which the user’s DSA, ECDSA or DSA authentication identity is read. The default is ~/.ssh/identity for protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa and ~/.ssh/id_rsa for protocol version 2.

ProxyCommand : Specifies the command to use to connect to the server. The command string extends to the end of the line, and is executed with the user’s shell. In the command string, any occurrence of %h will be substituted by the host name to connect, %p by the port, and %r by the remote user name. The command can be basically anything, and should read from its standard input and write to its standard output. This directive is useful in conjunction with nc(1) and its proxy support. For example, the following directive would connect via an HTTP proxy at 192.1.0.253:

ProxyCommand /usr/bin/nc -X connect -x 192.1.0.253:3128 %h %p

LocalForward : Specifies that a TCP port on the local machine be forwarded over the secure channel to the specified host and port from the remote machine. The first argument must be [bind_address:]port and the second argument must be host:hostport.

Port : Specifies the port number to connect on the remote host.

Protocol : Specifies the protocol versions ssh(1) should support in order of preference. The possible values are 1 and 2.

ServerAliveInterval : Sets a timeout interval in seconds after which if no data has been received from the server, ssh(1) will send a message through the encrypted channel to request a response from the server. See blogpost “Open SSH Server connection drops out after few or N minutes of inactivity” for more information.

ServerAliveCountMax : Sets the number of server alive messages which may be sent without ssh(1) receiving any messages back from the server. If this threshold is reached while server alive messages are being sent, ssh will disconnect from the server, terminating the session.

Speed up ssh session

Multiplexing is nothing but send more than one ssh connection over a single connection. OpenSSH can reuse an existing TCP connection for multiple concurrent SSH sessions. This results into reduction of the overhead of creating new TCP connections. Update your ~/.ssh/config:

Host server1

HostName server1.cyberciti.biz

ControlPath ~/.ssh/controlmasters/%r@%h:%p

ControlMaster auto

See “Linux / Unix: OpenSSH Multiplexer To Speed Up OpenSSH Connections” for more info. In this example, I go through one host to reach another server i.e. jump host using ProxyCommand:

~/.ssh/config ##

Host internal

HostName 192.168.1.100

User vivek

ProxyCommand ssh vivek@vpn.nixcraft.net.in -W %h:%p

ControlPath ~/.ssh/controlmasters/%r@%h:%p

ControlMaster auto

For more info see following tutorials:

How To Reuse SSH Connection To Speed Up Remote Login Process Using Multiplexing

How To Setup SSH Keys on a Linux / Unix System

A note about shell aliases (outdated method)

WARNING! This bash shell aliased based setup may work out for you.

However,

I recommend that you use ~/.ssh/config file for better results in a long run. SSH config file is more advanced and elegant solutions.

The alias command only used here for demo purpose and it is here due to historical reasons.

An alias is nothing but shortcut to commands and you can create the alias use the following syntax in your ~/.bashrc file:

create a new bash shell alias as follow ##

alias server1= ssh -i /nfs/shared/users/nixcraft/keys/server1/id_rsa -p 4242 nixcraft@server1.cyberciti.biz

Then, to ssh into the server1, instead of typing full ssh -i /nfs/shared/users/nixcraft/keys/server1/id_rsa -p 4242 nixcraft@server1.cyberciti.biz command, you would only have to type the command ‘server1’ and press the [ENTER] key:

$ server1

References

See ssh_config(5) for more information on syntax and some of the other available options.

Top 20 OpenSSH Server Best Security Practices

want to extract tar file to specific directory called /tmp/data. How can I extract a tar archive to a different directory using tar command on a Linux or Unix-like systems?

You do not need to change the directory using the cd command and extract files. This page explains how to extract a tar archive to different directory on a Linux/Unix system using the tar command.

Syntax

Untarring a file can be done using the following syntax. Typical Unix tar syntax:

tar -xf file.name.tar -C /path/to/directory

GNU/tar Linux syntax:

tar xf file.tar -C /path/to/directory

OR

tar xf file.tar –directory /path/to/directory

Extract .tar.gz archive:

tar -zxf file.tar –directory /path/to/directory

Extract .tar.bz2/.tar.zx archive:

tar -jxf file.tar –directory /path/to/directory

Where,

x : Extract files

f : Tar archive name

–directory : Set directory name to extract files

-C : Set dir name to extract files

-j : Work on .tar.gz file format

-z : Work on .tar.bz2 file format

-v : Verbose output i.e. show progress on screen

Example: Extract files to another directory

In this example, I’m extracting $HOME/etc.backup.tar file to a directory called /tmp/data. First, you have to create the directory manually, enter:

mkdir /tmp/data

To extract a tar archive $HOME/etc.backup.tar into a /tmp/data, enter:

tar -xf $HOME/etc.backup.tar -C /tmp/data

To see a progress pass the -v option:

tar -xvf $HOME/etc.backup.tar -C /tmp/data

Sample outputs:

Gif 01: tar Command Extract Archive To Different Directory Command

Extract only specific files from a tar archive

You can extract specific files too:

extract only file1, file2, file3

and dir1 to /tmp/data/

tar -xvf $HOME/etc.backup.tar file1 file2 file3 dir1 -C /tmp/data

Extract .tar.gz/.tgz archive to specific folder

To extract a foo.tar.gz (.tgz extension file) tarball to /tmp/bar, enter:

mkdir /tmp/foo

tar -zxvf foo.tar.gz -C /tmp/foo

Extract .tar.bz2/.tbz2/.tb2/.tar.xz archive to specific directory

To extract a foo.tar.bz2 (.tbz, .tbz2 & .tb2 extension file) tarball to /tmp/bar, enter:

mkdir /tmp/bar

tar -jxvf bar.tar.bz2  -C /tmp/bar

Sample outputs:

etc/adduser.conf

etc/apg.conf

etc/appstream.conf

etc/brltty.conf

etc/ca-certificates.conf

etc/debconf.conf

etc/deluser.conf

etc/fuse.conf

etc/fwupd.conf

etc/gai.conf

etc/hdparm.conf

etc/host.conf

etc/kernel-img.conf

etc/kerneloops.conf

etc/ld.so.conf

etc/libao.conf

etc/libaudit.conf

etc/logrotate.conf

etc/ltrace.conf

etc/mke2fs.conf

etc/mtools.conf

etc/nsswitch.conf

etc/pam.conf

etc/pnm2ppa.conf

etc/popularity-contest.conf

etc/resolv.conf

etc/rsyslog.conf

etc/sensors3.conf

etc/sysctl.conf

etc/ucf.conf

etc/updatedb.conf

etc/usb_modeswitch.conf

See tar(1) for more information.

he GHOST (CVE-2015-0235) is serious network function vulnerability in Glibc. How do I check and test if a my Linux based server is secure using command line options?

There are two methods to test and find out if your server or desktop powered by Linux is secure or not:

(a) A simple C test program for all Linux based servers (distro independent; generic method).

(b) A simple bash shell test program for RHEL or CentOS or Scientifc Linux server only.

Method #1: GHOST.C Glibc Vulnerability Test C Program

Type the following wget command to download GHOST.C on a Linux based system:

wget https://webshare.uchicago.edu/orgs/ITServices/itsec/Downloads/GHOST.c

OR

wget -O GHOST.c https://gist.githubusercontent.com/koelling/ef9b2b9d0be6d6dbab63/raw/de1730049198c64eaf8f8ab015a3c8b23b63fd34/gistfile1.c

Compile it:

gcc -o GHOST GHOST.c

Test i:

./GHOST

Sample outputs:

Fig. 01: GHOST.c bug: A simple way to test if Linux system is secure or not

Method #2: GHOST-test.sh Vulnerability Test Bash Script

Visit this url to download a script (or grab it here). You need to have an account with RHN. The script tells whether your system is vulnerable or not. Run script as follows:

wget -O GHOST-test.sh http://www.cyberciti.biz/files/scripts/GHOST-test.sh.txt

bash GHOST-test.sh

Sample outputs:

Fig.02: Fig.02: GHOST-test.sh output on a RHEL/CentOS based system

What to do if my server is not secure or Vulnerable to the Ghost attack?

See this tutorial page for securing your server by applying patches to glibc.

This entry is 1 of 2 in the Linux GHOST Glibc Critical Security Vulnerability series. Keep reading the rest of the series:

Check Ghost Vulnerability Test Programs

Secure and Patch Your Linux Server For Ghost Bug

‘m a new Ubuntu Linux user. In Linux, Apple OS X or Unix-like systems, how do I reissue or repeat a long command without retying it?

You need to use the history command to display or manipulate the history list on a Linux or Unix-like systems. This command displays the list of commands previously typed with line numbers, prefixing each modified entry with a *.

The bash shell supports a history expansion feature that is similar to the history expansion in csh.

Display list of previously typed commands

Simply type the following command:

history

history 10

history | less

history | grep  command-name-here

Sample outputs:

Fig.01: Bash history command output

How do I reissue a long command without retyping it?

To reissue a command in bash/csh/tcsh/zsh shell, type ! the exclamation point followed by the number of the command you would like to run or repeat. For example, if you would like to reissue command ‘ssh root@v.b2’ from the above output i.e. command # 80, type:

!80

Scrolling through the command line history

You can also scroll through the command line history simply by using the [up] and [down] arrow keys too.

Searching the command line history

Press [CTRL-r] from the shell prompt to search backwards through history buffer or file for a command. After pressing [CTRL-r] just type first few command letter such as ssh:

(reverse-i-search)`ssh  : ssh -X vivek@nas01

To search all ssh related commands press [CTRL-r] again:

Gif.01: Bash/tcsh/zsh: Command search demo

To repeat last command just type !! at a shell prompt

Say you type a long command:

ssh -X -o UserKnownHostsFile=/dev/null -o CheckHostIP=no -o StrictHostKeyChecking=no -i /Users/veryv/.ssh/google_compute_engine -A -p 22 veryv@173.255.113.19 —

To repeat the same last command again, just type !!:

!!

Or you can also refer to the previous command using:

!-1

To repeat to the most recent command starting with word ‘ssh’ type:

!ssh

For more info see man pages – bash(1),zsh(1),tcsh(1)

ow can I modify partition labels on a Linux operating systems? How to change disk name on the ext4 file system on a Ubuntu Linux using command line?

You need to use the e2label command to set a text label to your disk drive partitions and then refer to them in the /etc/fstab file. The e2label command must be run as root user. Normal users can not modify partition label for security reasons.

Syntax

Use the following syntax to display or change the filesystem label on the ext2, ext3, or ext4 filesystem located on device.

e2label /dev/device

e2label /dev/device new-label-name-here

Label limitations

Ext2 filesystem labels can be at most 16 characters long; if new-label-name-here is longer than 16 characters, e2label will truncate it and print a warning message on screen.

View the label of partition

To see the label of partition called /dev/sda5, type:

e2label /dev/sda5

Sample outputs:

Fig.01: View the label of partition

Modify partition labels / Change disk name

To add or change the label of partition /dev/sda1 to “Webserver”, enter:

$ sudo e2label /dev/sda1 Webserver

OR

# e2label /dev/sda1 Webserver

To verify new changes, type:

# e2label /dev/sda1

Webserver

Mount file system by label at Linux server boot time

The /dev/sda1 partition can be mounted by label at server boot time at /wwwdata location. Edit the /etc/fstab file, enter:

$ sudo vi /etc/fstab

Set or update it as follows:

LABEL=Webserver /wwwdata              ext4    defaults        1 2

Save and close the file. You can also use the mount command as follows:

mount -L label_name_here /path/to/mount/point

ow can I multiplex SSH sessions by setting up a master session and then having subsequent sessions go through the master to speed up my ssh connection on a Linux or Unix-like operating systems?

Multiplexing is nothing but send more than one ssh connection over a single connection. OpenSSH can reuse an existing TCP connection for multiple concurrent SSH sessions. This results into reduction of the overhead of creating new TCP connections. First, you need to set a ControlMaster to open a Unix domain socket locally. Rest of all your ssh commands connects to the ControlMaster via a Unix domain socket. The ControlMaster provides us the following benefits:

Use existing unix socket

No new TCP/IP connection

No need to key exchange

No need for authentication and more

How to setup up multiplexing

Edit $HOME/.ssh/config, enter:

vi ~/.ssh/config

Append the following configuration:

Host *

ControlMaster auto

ControlPath ~/.ssh/master-%r@%h:%p.socket

ControlPersist 30m

Here is another example:

Host server1

HostName server1.cyberciti.biz

Port 2222

ControlPath ~/.ssh/ssh-mux-%r@%h:%p

ControlMaster auto

ControlPersist yes

Save and close the file. Where,

Host * or Host server1 : Start ssh configuration.

HostName server1.cyberciti.biz : The real hostname

ControlPath ~/.ssh/ssh-mux-%r@%h:%p : Specify the path to the control unix socket used for connection sharing as described above. The variables ‘%r’, ‘%h’, ‘%p’ refer to remote ssh username, remote ssh host, and remote ssh port respectively. You need to set all of these three variables.

ControlMaster auto : Enables the sharing of multiple sessions over a single network connection. When set to yes, ssh will listen for connections on a control socket specified using the ControlPath argument. When set to auto, ssh will try to use a master connection but fall back to creating a new one if one does not already exist.

ControlPersist 10m : Specifies that the master connection should remain open in the background for 10 minutes. With no client connections, the backgrounded master connection will automatically terminate after it has remained idle for 10 minutes. If set to yes, then the master connection will remain in the background indefinitely (until killed or closed)

How do I use it?

Simply start running ssh commands:

$ ssh user@host

$ ssh root@v.server1

$ ssh nixcraft@192.168.1.219

How do I verify that Multiplexer is working?

Use any one of the following command to verify that Multiplexer is working properly:

$ lsof -U | grep master

OR

$ ssh -O check root@v.server1

Sample outputs:

Fig.01: SSH Multiplexing Check The Status of The Connection

Can I tell master connection not to accept further multiplexing requests?

Yes, use the following syntax:

$ ssh -O stop host

$ ssh -O stop root@v.server1

Pass the exit option instead of stop to cancel all existing connections, including the master connection:

$ ssh -O exit host

$ ssh -O exit root@v.server1

How do I the port forwarding?

The syntax is as follows to forward port 3128 on the local host to port 3128 on the remote host using -L:

ssh -O forward -L 3128:localhost:3128 v.server1

You can also specifies the location of a control socket for connection sharing:

ssh -O forward -L 3128:localhost:3128 -S $HOME/.ssh/master-root@v.server1:22 v.server1

The main advantage with SSH multiplexing is that the overhead of creating new TCP connections is removed. SSH client activities that repeatedly open new connections can be significantly speed up using multiplexing. See ssh_config man page for more information.

very serious security problem has been found in the virtual floppy drive QEMU’s code used by many computer virtualization platforms including Xen, KVM, VirtualBox, and the native QEMU client. It is called VENOM vulnerability. How can I fix VENOM vulnerability and protect my Linux server against the attack? How do I verify that my server has been fixed against the VENOM vulnerability?

This is tagged as high severity security bug and it was announced on 13th May 2015. The VENOM vulnerability has existed since 2004, when the virtual Floppy Disk Controller was first added to the QEMU codebase. Since the VENOM vulnerability exists in the hypervisorâ€s codebase, the vulnerability is agnostic of the host operating system (Linux, Windows, Mac OS, etc.).

What is the VENOM security bug (CVE-2015-3456)?

From the RHEL bugzilla:

An out-of-bounds memory access flaw was found in the way QEMU’s virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the hosting QEMU process.

Fig.01 Venom bug

This issue affects the versions of the kvm, xen, and QEMU packages while VMware, Hyper-V, and Bochs are unaffected. This issue affects all x86 and x86-64 based HVM Xen and QEMU/KVM guests, regardless of their machine type.

A list of affected Linux distros

RHEL (Red Hat Enterprise Linux) version 5.x, 6.x and 7.x

CentOS Linux version 5.x, 6.x and 7.x

OpenStack 5 for RHEL 6

OpenStack 4 for RHEL 6

OpenStack 5 for RHEL 7

OpenStack 6 for RHEL 7

Red Hat Enterprise Virtualization 3

Debian Linux code named stretch, sid, jessie, squeeze, and wheezy [and all other distro based on Debian]

SUSE Linux Enterprise Server 10 Service Pack 4 (SLES 10 SP3)

SUSE Linux Enterprise Server 10 Service Pack 4 (SLES 10 SP4)

SUSE Linux Enterprise Server 11 Service Pack 1 (SLES 11 SP1)

SUSE Linux Enterprise Server 11 Service Pack 2 (SLES 11 SP2)

SUSE Linux Enterprise Server 11 Service Pack 3 (SLES 11 SP3)

SUSE Linux Enterprise Server 12

SUSE Linux Enterprise Expanded Support 5, 6 and 7

Ubuntu 12.04

Ubuntu 14.04

Ubuntu 14.10

Ubuntu 15.04

Fix the VENOM vulnerability on a CentOS/RHEL/Fedora/Scientific Linux

Type the following yum command as the root user:

sudo yum clean all

sudo yum update

Reboot all your virtual machines on those hypervisors.

Fix the VENOM vulnerability on a Debian Linux

Type the following apt-get command as the root user:

sudo apt-get clean

sudo apt-get update

sudo apt-get upgrade

Reboot all your virtual machines on those hypervisors.

Fix the VENOM vulnerability on a Ubuntu Linux

Type the following apt-get command as the root user:

sudo apt-get clean

sudo apt-get update

sudo apt-get upgrade

Reboot all your virtual machines on those hypervisors.

Fix the VENOM vulnerability for Oracle VirtualBox on a Linux/OSX/MS-Windows/Solaris Unix

You need to download and update a VirtualBox 4.3 maintenance release by visiting this page.

Do I need to reboot my host server?

No need to reboot the host server. But, you need to reboot all your virtual machines on those hypervisors. This cannot be avoided. Sample commands to get list, stop, and start KVM,QEMU are as follows:

Following the update, the guests (virtual machines) ##

need to be powered off and started up again for the update to take effect. ##

Reboot a vm will not work ##

List all running vms ##

virsh list –all

Stop vm called db1 ##

virsh shutdown db1

Again start vm called db1 ##

virsh start db1

See “KVM: Starting / Stopping Guest Operating Systems With virsh Command” for more info.

General workaround (may not work at all so patch ASAP)

The emulated floppy seems to be loaded by default in qemu and kvm. You can disable the floopy support and start qemu without floppy emulation but vga enabled (or any other option as required):

qemu  -nodefaults -vga std …

Another workaround on CentOS/SUSE/Red hat Linux Enterprise Server is to manage the virtual machines by libvirt. See libvirt and qemu man pages for more info.

More info

See the following external links for more info on this bug:

Debian Linux security tracker

RHEL security tracker

Original CrowdStrike announcement

Xen security tracker

qemu/KVM/Xen: floppy driver allows VM escape (“VENOM” vulnerability, CVE-2015-3456)

‘m a new Unix system user. How do I use sudo command without a password on a Linux or Unix-like systems? I log in as tom@my-cloud-server-ip and disabled root login for ssh. After login, I need to run some commands as root user. I am the only sysadmin using my server. How do I run or execute sudo command without a password for a user named Tom under Debian/Ubuntu/CentOS Linux cloud server?

sudo (“superuser do”) is nothing but a tool for Linux or Unix-like systems to run commands/programs as another user. Typically as a root user or another user. You can delegate common tasks such as reboot the server or restart the Apache or make a backup using sudo for unprivileged users.

By default, sudo needs that a user authenticates using a password before running a command. Some times you may need to run a command with root privileges, but you do not want to type a password using sudo command. This is useful for scripting or any other purpose. This can be achieved by editing /etc/sudoers file and setting up correct entries. You need to consider any security consequence of allowing a sudo command execute without a password.

How to to run sudo command without a password:

Backup your /etc/sudoers file by typing the following command:

sudo cp /etc/sudoers /root/sudoers.bak

Edit the /etc/sudoers file by typing the visudo command:

sudo visudo

Append/edit the line as follows in the /etc/sudoers file for user named ‘vivek’ to run ‘/bin/kill’ and ‘systemctl’ commands:

vivek ALL = NOPASSWD: /bin/systemctl restart httpd.service, /bin/kill

Save and exit the file.

How do I execute ALL sudo commands without password?

Type the following command as root user:

# visudo

Or

$ sudo visudo

Append the following entry to run ALL command without a password for a user named tom:

tom ALL=(ALL) NOPASSWD:ALL

Here is my sample config file:

Fig.01: How to execute sudo without password for tom user

Save and close the file. Now you can run any command as root user:

$ sudo /etc/init.d/nginx restart

$ sudo /sbin/reboot

$ sudo apt-get install htop

get root shell ##

$ sudo -i

Please make sure only tom can login via ssh keys.

How do I test it?

Simply run /bin/kill to kill any process without a password:

[vivek@server ]$ sudo /bin/kill pid-here

OR

[vivek@server ]$ sudo /bin/systemctl restart httpd.service

For more info read man pages: sudoers(5),visudo(8)