1.Create new account
2.List all groups and the user names that were in each group
1 2 3
3.How to set up ssh so you aren’t asked for a password
You can create a RSA authentication key to be able to log into a remote site from your account, without having to type your password.
Note that once you’ve set this up, if an intruder breaks into your account/site, they are given access to the site you are allowed in without a password, too! For this reason, this should never be done from root.
- Run ssh-keygen(1) on your machine, and just hit enter when asked for a password. This will generate both a private and a public key. With older SSH versions, they will be stored in ~/.ssh/identity and ~/.ssh/identity.pub; with newer ones, they will be stored in ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub.
- Next, add the contents of the public key file into ~/.ssh/authorized_keys on the remote site (the file should be mode 600). If you are a developer and you want to access debian.org systems with such a key, it’s possible to have the developer database propagate your key to all of the debian.org machines. See the LDAP gateway documentation. You should then be able to use ssh to log in to the remote server without being asked for a password.
4.Finding all files containing a text string on Linux
1 2 3
5.Show bash script commands without executing them
There are two useful debug outputs for that task (both are written to stderr):
set -v mode (set -o verbose) prints commands to be executed to stderr just like they are read from input (script file or keyboard) prints everything before anything ( substitutions and expansions, …) big is applied set -x mode (set -o xtrace) prints everything like it really is executed, after substitutions and expansions applied indicates the depth-level of the subshell (by default by preceeding a + (plus) sign to the shown command) indicates the recognized words after word splitting by marking them like ‘x y’ in a 4.1 version of the shell, this debug output can be printed to a configurable file descriptor (by setting the BASH_XTRACEFD variable) rather than stdout
Hint: These modes can be entered when calling Bash:
from commandline: bash -vx ./myscript eventually (OS dependant) from shebang: #!/bin/bash -vx
6.Toggle Web Sharing on or off in OSX 10.10
1 2 3 4 5 6 7 8 9 10 11 12 13
7.List open ports on your machine (Mac OS X)
8.What do the numbers in a man page mean?
1 2 3 4 5 6 7 8 9 10 11 12 13 14
1 2 3 4 5 6 7 8
10.Mac 上 Openssl 的配置文件路径
12.Enable Debian server pptpd’s log and debug
To diagnose faults, enable the options debug dump in /etc/ppp/pptpd-options. The change is effective on the next connection. The debug output goes to /var/log/debug, and the dump output and usual output to /var/log/messages.
13.iptables remove specific rules
Execute the same commands but replace the “-A” with “-D”. For example:
1 2 3 4
14.How to use tcpdump?
tcpdump can be used to capture the packets exchanged between the PPTP Client and the PPTP Server. By comparing the packets with what should be happening, you may determine what the cause of a problem might be. Give to tcpdump the name of the network interface that connects to the PPTP Server, which for dial-up users would be ppp0, and for ADSL users eth0. Then, in another window or console, start the tunnel.
Start tcpdump in one window: Then run pppd in the other window:
The tcpdump command should show you the packets as they are received or transmitted. Press Control/C when you do not need to capture any more packets.
You should see a connection to port 1723, followed by GRE packets in both directions. If you can see this, then you have full network connectivity. If you can’t, you must find the problem.
Note: if you get an error:
tcpdump: pcap_loop: read: Network is down then you may be using tcpdump on the wrong interface. Use ifconfig to list the available interfaces and choose the one through which your client must contact the server. See our diagrams if you’re still confused.
The above technique is useful for quick checking, but for detailed analysis a binary tcpdump is required.
Security Warning Internet addresses of your client and server, usernames and passwords are included in a binary tcpdump. This information may allow someone to gain equivalent access to protected networks. If you do not want to give away this information, convert it to text and remove it before sending the log to someone else. If you have been asked to capture a complete tcpdump packet trace, for analysis by someone else, you should:
add -w file to tell it to save the packets to the file file, add -s 0 to capture all of each packet, and add tcp port 1723 or proto 47 to keep only the PPTP packets, if the client is performing other network traffic at the time. For example:
Again, once the packets have been collected, use Control/C to stop the tcpdump process. The file containing the packets can then be e-mailed or analysed.
You may analyse it using ethereal.
Note: when using ethereal, clicking on a byte in the hex dump will highlight the field name of the data in the packet, and vice versa. You may also analyse it using tcpdump:
This converts it to text, saving the output into a file my.tcpdump.txt. This often hides the username and password. You may wish to globally substitute the IP addresses. Check your results to ensure your security.
15.Viewing all iptables rules
You just need to specify the appropriate table:
If you don’t specify a table, the filter table is used as the default. You can get even more information by including the -v or –verbose option.