From Cygnus Alpha
Jump to: navigation, search

Unix Snippets


SSH: Set up socks proxy using openssh

On your localhost..

ssh -D 10080 you@host-to-proxy-through

Then point your browsers socks config at localhost:10080

OSX: Lovely network parameters

sudo sysctl -w kern.ipc.somaxconn=2048
sudo sysctl -w net.inet.tcp.rfc1323=1
sudo sysctl -w net.inet.tcp.win_scale_factor=4
sudo sysctl -w net.inet.tcp.sendspace=1042560
sudo sysctl -w net.inet.tcp.recvspace=1042560
sudo sysctl -w net.inet.tcp.mssdflt=1448
sudo sysctl -w net.inet.tcp.v6mssdflt=1412
sudo sysctl -w net.inet.tcp.msl=15000
sudo sysctl -w net.inet.tcp.always_keepalive=0
sudo sysctl -w net.inet.tcp.delayed_ack=3
sudo sysctl -w net.inet.tcp.slowstart_flightsize=20
sudo sysctl -w net.inet.tcp.local_slowstart_flightsize=9
sudo sysctl -w net.inet.tcp.blackhole=2
sudo sysctl -w net.inet.udp.blackhole=1
sudo sysctl -w net.inet.icmp.icmplim=50

or in /etc/sysctl.conf


Centos: Yum install to different directory

  • sudo yum --installroot=/opt/linux/ install bash

Debian: Listing manually install packages

(zcat $( ls -tr /var/log/apt/history.log*.gz ) ; cat /var/log/apt/history.log ) | egrep '^(Start-Date:|Commandline:)' | grep -v aptdaemon | egrep '^Commandline:'

OSX: Update DNS with scutil

OSX >10.3 (check!) doesn't use resolv.conf etc for network config. It now uses configd and scutil to store the config. configd will generate resolv.conf from the internal config for applications that need it.

scutil --dns

octopus:projects jamesb$ scutil --dns
DNS configuration

resolver #1
  search domain[0] : pomegranate.ltd.uk
  nameserver[0] :
  nameserver[1] :

resolver #2
  domain   : local
  options  : mdns
  timeout  : 5
  order    : 300000

resolver #3
  domain   : 254.169.in-addr.arpa
  options  : mdns
  timeout  : 5
  order    : 300200

resolver #4
  domain   : 8.e.f.ip6.arpa
  options  : mdns
  timeout  : 5
  order    : 300400

resolver #5
  domain   : 9.e.f.ip6.arpa
  options  : mdns
  timeout  : 5
  order    : 300600

resolver #6
  domain   : a.e.f.ip6.arpa
  options  : mdns
  timeout  : 5
  order    : 300800

resolver #7
  domain   : b.e.f.ip6.arpa
  options  : mdns
  timeout  : 5
  order    : 301000

DNS configuration (for scoped queries)

resolver #1
  search domain[0] : pomegranate.ltd.uk
  nameserver[0] :
  nameserver[1] :
  if_index : 4 (en0)
  flags    : Scoped

scutil list

octopus:projects jamesb$ scutil
> help

Available commands:

 help                          : list available commands
 f.read file                   : process commands from file
 quit                          : quit

 d.init                        : initialize (empty) dictionary
 d.show                        : show dictionary contents
 d.add key [*#?] val [v2 ...]  : add information to dictionary
       (*=array, #=number, ?=boolean)
 d.remove key                  : remove key from dictionary
 notify key                    : notify key in data store

 n.list ["pattern"]            : list notification keys
 n.add key ["pattern"]         : add notification key
 n.remove key ["pattern"]      : remove notification key
 n.changes                     : list changed keys
 n.watch                       : watch for changes
 n.cancel                      : cancel notification requests

> list .*DNS
  subKey [0] = Setup:/Network/Service/36BB46C3-B300-4BD2-B04E-0E4C81E31D6A/DNS
  subKey [1] = State:/Network/Global/DNS
  subKey [2] = State:/Network/MulticastDNS
  subKey [3] = State:/Network/PrivateDNS
  subKey [4] = State:/Network/Service/36BB46C3-B300-4BD2-B04E-0E4C81E31D6A/DNS

> quit

scutil get/set

octopus:projects jamesb$ scutil
> get  Setup:/Network/Service/36BB46C3-B300-4BD2-B04E-0E4C81E31D6A/DNS
> d.show
<dictionary> {
  SearchDomains : <array> {
    0 : pomegranate.net
  ServerAddresses : <array> {
    0 :
> open
> d.init
> d.add ServerAddresses *
> d.add DomainName pomegranate.ltd.uk
> set Setup:/Network/Service/36BB46C3-B300-4BD2-B04E-0E4C81E31D6A/DNS
> d.show
<dictionary> {
  DomainName : pomegranate.ltd.uk
  ServerAddresses : <array> {
    0 :
    1 :
> quit

Encrypt / Decrypt a file using openssl

  • openssl des3 -in poop > poop.des
  • openssl des3 -d -in poop.des

Debian: Adding init script at startup

  • update-rc.d <initscript> defaults
  • update-rc.d -f <initscript> remove

Debian & Ubuntu: Find version

  • lsb_release -a
root@eschaton:/# lsb_release -a
No LSB modules are available.
Distributor ID:	Debian
Description:	Debian GNU/Linux 6.0.5 (squeeze)
Release:	6.0.5
Codename:	squeeze

Debian: VLANs

  • lsmod | grep 8021q
  • modprobe 8021q
  • apt-get install vlan


auto vlan42
iface vlan42 inet static
  vlan-raw-device eth0


auto eth0.42
iface eth0.42 inet static

Adding a bridge..

auto br42
iface br42 inet static
	bridge_ports eth0.42
	bridge_maxwait 5
	bridge_fd 1
	bridge_stp on

Debian: Sudo

  • adduser <user> sudo # Add user to the sudoers group. (logout & back in to take effect)

Solaris: LDOMs

Logical Domains

  • /opt/SUNWldm/bin/ldm list # Name State Flags Cons VCPU Memory Util Uptime
  • ldm add-vds primary-vds0 primary # Add virtual disks
  • ldm add-vcc port-range=5000-5100 primary-vcc0 primary # Add Virtual Console Concentrator
  • ldm add-vsw net-dev=e1000g0 primary-vsw0 primary # Create virtual switch server
  • ldm list-services primary

Create Control Domain

  • ldm set-mau 0 primary
  • ldm set-vcpu 2 primary
  • ldm set-memory 1024M primary
  • ldm list-spconfig # Set Permanent
  • ldm list-spconfig

OSX: Setting up VLANs

Tagging an ethernet port with a vlan tag (802.1Q) on Mac OSX (Lion)

Octopus:~ jamesb$ sudo ifconfig vlan42 create
Octopus:~ jamesb$ sudo ifconfig vlan42 vlan 42 vlandev en0

Thanks to: http://tech.lazyllama.com/2006/04/07/setting-up-an-os-x-client-to-use-a-trunked-vlan/

Fetchmail with Gmail

Check certificates are installed

openssl s_client -connect pop.gmail.com:995 -showcerts

Create a Google Application Password

Use the generated password for fetchmail config below.

install & start sendmail

  • emerge sendmail
  • sudo sendmail -bd -q0m

install fetchmail

  • emerge fetchmail

configure fetchmail


# set username
set postmaster "MyUser"
# set polling time (5 minutes)
set daemon 600

poll pop.gmail.com with proto POP3
   user 'your.email@gmail.com' there with password 'MyPassword' is MyUser here options ssl

Test fetchmail

  • fetchmail -d0 -vk pop.gmail.com

See also


eg. Logging fileaccess


   printf("%s %s", execname, copyinstr(arg0));
sudo dtrace -s fileaccess.dtrace



  • Dump Ascii packets from eth5 but not port SSH (Avoids ssh generating more traffic if running over ssh)
    • tcpdump -i eth5 -A 'not port 22'
  • Dump Ascii HTTP packets from port 80
    • tcpdump -A -i eth0 'tcp port 80 and not port 22'
  • All HTTP Data packets on port 80, not SYN, FIN & ACK only packets.
    • tcpdump 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
    • tcpdump -v -X -s512 -i eth0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'

ssh over http proxy using corkscrew

  • get corkscrew from macports
  • configure .ssh/config


Host pomegranate.ltd.uk
	ProxyCommand /opt/local/bin/corkscrew www.proxy.co.uk 80 %h %p

ssh over Socks using connect

OSX: Download & compile connect.c

gcc connect.c -o connect -lresolv
mv connect ~/bin

Create/update ssh config


octopus$ cat ~/.ssh/config 
Host external.host.co.uk
	ProxyCommand ~/bin/connect -d -a none -S myusername@mysocks.proxy.co.uk:1085 %h %p

OSX: NFS mount a linux server from Mac OSX (Leopard)

You need to use -P to tell mount_nfs to use ports under 1024.

octopus:~ jamesb$ sudo mount -o -P eschaton:/home/jamesb/tmp /private/mnt
octopus:~ jamesb$ ls -al /private/mnt/

Solaris: Display stack trace of process or core dump

/usr/bin/pstack [-F] [pid || core] -F Force control of target process.

See also: pflags, pcred, pldd, psig, pfiles, pwdx, pstop, prun, pwait, ptree, ptime

Solaris: Checking or setting Tcp/Ip settings

/usr/sbin/ndd /dev/tcp \?

eg. Turn off ip forwarding...

/usr/sbin/ndd -set /dev/ip ip_forwarding 0

Solaris: Trace system service calls in a process.

truss command || -p pid

Solaris (10): Configuring a Solaris10 Service in SMF.

Using Bind9 as an example:

Disable the service svcadm -v disable svc:/network/dns/server:bind9

Optionally edit the manifest file

vi /var/svc/manifest/network/dns/bind9-serve.xml

Import the manifest svccfg svc:> import /var/svc/manifest/network/dns/bind9-server.xml svc:> end

Check and Edit the service properties svccfg svc:> select svc:/network/dns/server:bind9 svc:/network/dns/server:bind9> listprop svc:/network/dns/server:bind9> setprop start/exec="/usr/local/sbin/named" svc:/network/dns/server:bind9> end

Enable the service svcadm -v enable svc:/network/dns/server:bind9

Check the service state svcs bind

Clearing maintenance flag if present svcadm -v clear svc:/network/dns/server:bind9 svcadm -v enable svc:/network/dns/server:bind9

Solaris: Configuring NFS

Edit /etc/dfs/dfstab

This file must have entries for NFS to be started by the command

/etc/init.d/nfs.server start

..which is also run at startup (See rc2.d dir.)

The command dfshares will display current file system shares, and is a good way of checking NFS is running as well.

Unix: Backspace key misbehaving?

stty erase ^?

The best way to get this right is to type the stty erase bit, and then press the backspace key to get it's symbol.

Unix X:Fed up with the system beeping in X

xset b off

Sets the bell off in the current xterm.

Solaris: (128)Network is unreachable: connect to listener

Apache 2, Solaris 8 and IPv6:

If you're getting the above message in your apache2 error logs, then it's because Apache was compiled with IPv6 support.

There are two ways to solve this: either disable ipv6 when compiling apache using the --disable-ipv6 directive.

Or: Add the following to /etc/hosts

# For IPv6 - Fixes the (128)Network is unreachable: connect to 
# listener 'bug' in Apache2
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

In Solaris 8 you might also have to enable ipv6. This is accomplished by:

touch /etc/hostname6.hme0 reboot

Substitute hme0 with your network adapter name.

The errors in the apache log are caused by apache trying to start a listener on a localhost port. Adding the loopback addresses to /etc/hosts should sort it out.

Unix: CPIO

Creating a cpio archive

find <DIRECTORY> -print || cpio -ocv > <ARCHIVE FILE>

<ARCHIVE FILE> can be a device node, eg. /dev/rdiskette

Extracting an archive

cpio -icdumv < <FILE>

will extract files using small blocks, and produce lots of output on the screen, and takes input from STDIN, or

cpio -iduBI <FILE>

will extract files using large blocks, extracting from filename supplied.


Copying a directory structure with permissions intact

find srcdir -print || cpio -oc || ( cd destdir; cpio -icdum )

Solaris: Reconfiguring Solaris after network card change

This note was prompted after one of our IT people changed the network card from an SMC to a 3Com because he couldn't get the SMC to work with DOS (The machine has DOS & Solaris in a dual boot configuration).

Normally after changing the hardware you should either use the 'touch /reconfigure' method, which places an empty file in the root directory, or when asked after rebooting use the b -r options. This causes Solaris to check all the hardware configurations and remake the /devices and /dev directories with the new settings. However if the network card has been changed it is necessary to take a further step.

In the /etc directory there will be (for an SMC card for example) a file called hostname.smc0. This file 'ties' the hostname contained within the file to the network card specified by the extension.

If the card is changed, an extension corresponding to the new card must be used. In my case it was elx0 for the 3com. The name can be found by looking in the /devices directory for an entry for the card.

Solaris (5.6, x86?): Using Serial ports

To enable the second serial port. (Usually disabled) Edit /kernel/drv/asy.conf and uncomment the line referring to the serial port(s) to be enabled

To set up a terminal for BBS or other use. Run XTerm, set its terminal type (set TERM=vt100). Run tip, supplying the baud rate and port.

Xterm -tn vt100 -e tip /dev/cua/a -9600

Unix: TAR

tar -cv fred/* -f fred.tar

Where fred/* is the directory containing files to be tarred, and fred.tar is the resulting archive.

Extracting a tar archive

Change to the directory under which the files are to be extracted, and type -

tar -xvf fred.tar

Under Linux you can uncompress the file at the same time by using the z option as in -

tar -zxvf fred.tar.Z

Solaris: Creating index for 'whatis'

/usr/lib/makewhatis <man page directory>


/usr/lib/makewhatis /usr/share/man

Unix: Setting up a DNS Client

Edit or create /etc/resolv.conf, adding the following lines substituting your own details :-

search mydomain.co.uk co.uk


Check DNS is working by running nslookup. It should find the server, and

nb. On Solaris, there is a file /etc/nsswitch.conf which you will need to edit and set the hosts lookups to include DNS.

allow you to lookup hostnames.

Solaris: NIS+ Client Setup

/usr/lib/nis/nisclient -i -h <NISSERVER> -a <IP ADDRESS> -d <DOMAIN NAME>


/usr/lib/nis/nisclient -i -h odyssey -a -d dmv.co.uk