Then use + ansd – or j and K to navigate back through your commands
w
uptime, users logged in etc
ls -l | grep ^- | sort –nr
List the files in current directory sorted by size
ls -a1 | grep "^\."
List the hidden files in current directory
grep -ir ssh /var/log/*
grep -ir breakin /var/log/*
grep -ir security /var/log/*
Examples of grep querying log files for security breakins
du - k * | sort -nr (or)
du -k . | sort -nr
Display the Disk Usage of file sizes under each directory in current directory
find . -depth -print
Display the all files recursively with path under current directory
ps -aef | grep username
Display all processes running under your username (where username = your username)
ls -.ltr | sort -nr -k 5
Display the files in the directory by file size
ps –p $$
Find out what sell you are running
Sh hot keys
Ctrl+l . Clears the Screen.
Ctrl+r . Does a search in previously given commands in shell.
Ctrl+u - Clears the typing before the hotkey.
Ctrl+a . Places cursor at the beginning of the command at shell.
Ctrl+e . Places cursor at the end of the command at shell.
Ctrl+d . Kills the shell.
Ctrl+z . Places the currently running process into background.
Use fuser to discover what processes are stopping a volume from unmounting
du -sk * | sort -nr | head
Display top ten largest files/directories
ptree
or
pstree
Display the parent/child tree of a process
pwdx
Show the working directory of a process
pfiles
Display the processes current open files
top (or) prstat
shows cpu utilization
vmstat (or) glance
for memory
date | awk ‘{print $2 ” ” $6}’
AWK example, to print only the second and sixth fields of the date command (the month and year) with a space separating them. You would get the output
Mar 2010
From a total output of
Thu Mar 4 13:14:43 GMT 2010
quota –v
show current disk usage and limits
chmod u-x,go+r myfile
chang myfile so owner loses execute privs, and group and other gain read access
ln file1 file2
create a second file name – eg file2 – that is a dynamically updated copy of file1
ln –s file3 target3
symbolic links are nothing more than shortcuts to a file – they point at a file
if you move or delete the source file then the link is useless
iostat –En
lists disks
format
lists disks
How can a parent and child process communicate?
A parent and child can communicate through any of the normal inter-process communication schemes (pipes, sockets, message queues, shared memory), but also have some special ways to communicate that take advantage of their relationship as a parent and child. One of the most obvious is that the parent can get the exit status of the child.
What is a zombie?
When a program forks and the child finishes before the parent, the kernel still keeps some of its information about the child in case the parent might need it - for example, the parent may need to check the child's exit status. To be able to get this information, the parent calls `wait()'; In the interval between the child terminating and the parent calling `wait()', the child is said to be a `zombie' (If you do `ps', the child will have a `Z' in its status field to indicate this.)
What are the process states in Unix?
As a process executes it changes state according to its circumstances. Unix processes have the following states:
Running : The process is either running or it is ready to run .
Waiting : The process is waiting for an event or for a resource.
Stopped : The process has been stopped, usually by receiving a signal.
Zombie : The process is dead but have not been removed from the process table.
What are various IDs associated with a process?
Unix identifies each process with a unique integer called ProcessID. The process that executes the request for creation of a process is called the 'parent process' whose PID is 'Parent Process ID'. Every process is associated with a particular user called the 'owner' who has privileges over the process. The identification for the user is 'UserID'. Owner is the user who executes the process. Process also has 'Effective User ID' which determines the access privileges for accessing resources like files.
• getpid() -process id
• getppid() -parent process id
• getuid() -user id
• geteuid() -effective user id
ps –el | grep ‘Z’
finding zombie processes
vxprint –Ath
vxdisk list
vxdiskadm
powermt display
powermt display ports
powermt display dev=all
syminq
netstat
Displays generic net statistics of the host you are currently connected to.
netstat -an
Shows all connections to the server including the source and destination ips and ports if you have proper permissions.
netstat -rn
Displays routing table for all ips bound to the server.
netstat -an |grep :80 |wc -l
Display the amount of active connections on port 80. Removing the pipe and wc command would display each connection.
netstat -natp
Display active Internet connections.
ifconfig eth0
View the network settings on the first Ethernet adapter installed in the computer.
ifconfig -a
Display info on all network interfaces on server, active or inactive.
ifconfig eth0 down
If eth0 exists would take it down causing it cannot send or receive any information.
ifconfig eth0 up
If eth0 exists and in the down state would return it back to the up state allowing to to send and receive information.
ifconfig eth0 192.168.1.102 netmask 255.255.255.0 broadcast 192.168.1.255
Assign eth0 with the above values for IP, netmask and broadcast address.
mount -t nfs eslat001:/opt/ims /app/ims
mount -t nfs eslat001:/opt/rims /app/rims
example of how to mount an nfs mount
and then add to the /etc/fstab with the following entries;
servername:/pathofdir /pathonserver nfs options 0 0
where;
The corresponds to hostname, IP address, or fully qualified domain name of the server exporting the file system.
The is the path to the exported directory.
The specifies where on the local file system to mount the exported directory. This mount point must exist before /etc/fstab is read or the mount will fail.
The nfs option specifies the type of file system being mounted.
The area specifies mount options for the file system. For example, if the options area states rw,suid, the exported file system will be mounted read-write and the user and groupid set by the server will be used. Note that parentheses are not to be used here