I’m tired of always looking up CRON scheduling, so here it is including some examples.
CRON Scheduling table:
# ┌───────────── minute (0 - 59)
# │ ┌───────────── hour (0 - 23)
# │ │ ┌───────────── day of month (1 - 31)
# │ │ │ ┌───────────── month (1 - 12)
# │ │ │ │ ┌───────────── day of week (0 - 6)
# │ │ │ │ │
# │ │ │ │ │
# │ │ │ │ │
# * * * * * command to execute
Note that the day of week (0-6) typically starts with Sunday as the first index (0), so Monday = 1, Tuesday = 2 and so on. On some systems you might be able to also use 7 as Sunday.
Note that all the cron jobs output are redirected to /tmp/log.txt. If omitted, the default is to send an email to the sysadmin email address (if configured).
We all love to read log files, and for Linux I tend to simplify that search process if I know what I’m looking for. As you probably know many daemons and programs logs to /var/log , but usually I don’t care to specify the file (like syslog or mysql.err etc) so I just do cat on all the files in the log dir.
So here’s a quick gem to list automated ssh attacks to your server:
ip addr show => Display network interfaces and IP address ip address add 192.168.0.1 dev eth0 => Set IP address to 192.168.0.1 ethtool eth0 => Show ethernet status eth0 mii-tool eth0 => Show ethernet status for eth0 whois <domain> => Lookup whois info for domain dig <domain> => Lookup DNS info for domain host <domain> => Lookup DNS address for domain wget fileurl => Download fileurl netstat -tupl => List all active listening ports
dmesg => List detected hardware and boot messages cat /proc/cpuinfo => Get CPU info cat /proc/meminfo => Get memory info lshw => Display hardware configuration lsblk => Display block device info free -h => Display available memory in human readable format lspci -tv => Display PCI devices lsusb -tv => Display USB devices dmidecode => Display hardware info from BIOS hdparm -tT /dev/sda => Read speed test on disk "sda" powertop => Battery life info iotop => Disk IO info smartctl => Disk status tlp-stat => Power status and battery info
Print lines of code (amount) for all .php files in current directory
find . -name '*.php' | xargs wc -l
Log something to /var/log/syslog
Show all group memberships for current user
Get username for Apache service
ps aux | grep apache
(Relatively) secure permissions on public html folder for Apache/nginx
The goal is to set root as file owner and add the www-data as group (www-data is the group of the user running apache/nginx). Then, for every user which requires write-permission, simply add them to the www-data group.
Follow the commands below to setup a new user and open up for remote access to a specific database on your MySQL server.
$ mysql -u root -p Enter your MySQL root password. mysql> CREATE USER 'itdb_admin'; mysql> CREATE DATABASE itdb_db; mysql> GRANT ALL PRIVILEGES ON itdb_db.* to 'itdb_admin'@'%' IDENTIFIED BY 'my-password' WITH GRANT OPTION; mysql> FLUSH PRIVILEGES; mysql> EXIT; $ sudo nano /etc/mysql/my.cnf Comment the following line by setting a # in front (to disable it): bind-address = 127.0.0.1 $ sudo service mysql restart
1) Open the MySQL CLI 2) Create a new database 3) Create a new user 4) Give the user full access to the database. Notice the '%' which means we’re talking about remote access. The same user can have different access levels based on the connection (whether it’s remote or local) 5) Flush/refresh the privileges so they become active 6) Disable bind-address so the MySQL server will listen on any source address 7) Restart the MySQL service to reload the config file
Here’s a quick example for setting up reverse SSH tunnels on clients which can be controlled via the server from anywhere. This example presumes all the client computers has some sort of unique ID/hostname, like 9001, 9002, 9003, 9004 etc. Let’s say we have 10 clients stuck behind a firewall we’d like to access.
Start the SSH server on all clients like this:
ssh -R 1xxxx:localhost:22 firstname.lastname@example.org // replace xxxx with this client's unique id
Now we have all our clients setup with a reversed ssh tunnel.
If we’d like to ssh into id 9003 we run the following command from the server:
ssh user@localhost -p 19003
Lets ssh into 9005 instead:
ssh user@localhost -p 19005
Replace user with a local user on the client machine.
I want to ssh into my Raspberry Pi. Local username is pi.
Step 1 – setup reverse ssh tunnel on the raspberry: ssh -R 19999:localhost:22 email@example.com
Step 2 – from my “it-db.com” server I run the following command: ssh pi@localhost -p 19999