Articles taggués ‘commands’

Pipes and redirection

01/08/2021 Aucun commentaire

Many system administrators seem to have problems with the concepts of pipes and redirection in a shell. A coworker recently asked me how to deal with log files. How to find the information he was looking for. This article tries to shed some light on it.

Input / Output of shell commands

Many of the basic Linux/UNIX shell commands work in a similar way. Every command that you start from the shell gets three channels assigned:

  • STDIN (channel 0):
    Where your command draws the input from. If you don’t specify anything special this will be your keyboard input.
  • STDOUT (channel 1):
    Where your command’s output is sent to. If you don’t specify anything special the output is displayed in your shell.
  • STDERR (channel 2):
    If anything wrong happens the command will send error message here. By default the output is also displayed in your shell.

Try it yourself. The most basic command that just passes everything through from STDIN to STDOUT is the ‘cat’ command. Just open a shell and type ‘cat’ and press Enter. Nothing seems to happen. But actually ‘cat’ is waiting for input. Type something like “hello world”. Every time you press ‘Enter’ after a line ‘cat’ will output your input. So you will get an echo of everything you type. To let ‘cat’ know that you are done with the input send it an ‘end-of-file’ (EOF) signal by pressing Ctrl-D on an empty line.

The pipe(line)

A more interesting application of the STDIN/STDOUT is to chain commands together. The output of the first command becomes the input of the second command. Imagine the following chain:


The contents of the file /var/log/syslog are sent (as input) to the grep command. grep will filter the stream for lines containing the word ‘postfix’ and output that. Now the next grep picks up what was filtered and filter it further for the word ‘removed’. So now we have only lines containing both ‘postfix’ and ‘removed’. And finally these lines are sent to ‘wc -l’ which is a shell command counting the lines of some input. In my case it found 27 of such lines and printed that number to my shell. In shell syntax this reads:

cat /var/log/syslog | grep 'postfix' | grep 'removed' | wc -l

The ‘|’ character is called pipe. A sequence of such commands joined together with pipes are called pipeline.

Useless use of ‘cat’

Actually ‘cat’ is supposed to be used for concatenating files. Like “cat file1 file2”. But some administrators abuse the command to put something into a pipeline. That’s bad style and the reason why Randal L. Schwartz (a seasoned programmer) used to hand out virtual “Useless use of cat” awards. Shell commands usually can take a filename as the last argument as an input. So this would be right:

grep something /var/log/syslog | wc -l

While this works but is considered bad style:

cat /var/log/syslog | grep something | wc

Or if you knew that grep even has a “-c” option to count lines the whole task could be done with just grep:

grep -c something /var/log/syslog

Lire la suite…

Categories: Système Tags: , ,

An lsof Primer

18/07/2021 Comments off

Source: Daniel Miessler


lsof is the sysadmin/security über-tool. I use it most for getting network connection related information from a system, but that’s just the beginning for this powerful and too-little-known application. The tool is aptly called lsof because it “lists open files“. And remember, in UNIX just about everything (including a network socket) is a file.

Interestingly, lsof is also the Linux/Unix command with the most switches. It has so many it has to use both minuses and pluses.

usage: [-?abhlnNoOPRstUvV] [+|-c c] [+|-d s] [+D D] [+|-f[cgG]]
 [-F [f]] [-g [s]] [-i [i]] [+|-L [l]] [+|-M] [-o [o]]
 [-p s] [+|-r [t]] [-S [t]] [-T [t]] [-u s] [+|-w] [-x [fl]] [--] [names]

As you can see, lsof has a truly staggering number of options. You can use it to get information about devices on your system, what a given user is touching at any given point, or even what files or network connectivity a process is using.

Lire la suite…

Categories: Système Tags: ,

Using iptables and watch command

11/07/2021 Comments off

Using iptables to list filtering rules is OK. Running this command in a shell loop can help but it needs that you write a shell script.

Another convenient way is to use the watch command:

watch --interval 0 'iptables -nvL'


sudo watch --interval 0 'iptables -nvL'

depending on whether you’re logged as super-user or not.

This will show a permanent iptables -L with a refresh interval that can be specified:

watch --interval 0 'iptables -nvL'

will refresh every second.

Typical output will be:

Every 10,0s: iptables -nvL                                                                                         Tue Nov  3 16:35:19 2015

Chain INPUT (policy DROP 44001 packets, 2444K bytes)
 pkts bytes target     prot opt in     out     source               destination
    3   160 fail2ban-ssh  tcp  --  *      *              multiport dports 22
  11M 1770M ACCEPT     all  --  *      *              state RELATED,ESTABLISHED
 107K 6878K ACCEPT     tcp  --  *      *       78.193.xx.xx
    0     0 ACCEPT     tcp  --  *      *       195.154.xx.xx
 231K   14M ACCEPT     tcp  --  *      *       213.36.xx.xx
    0     0 ACCEPT     tcp  --  *      *       195.154.xx.xx
    2    92 ACCEPT     tcp  --  *      *              tcp dpt:548
    0     0 ACCEPT     icmp --  *      *              icmptype 0
 1475  139K ACCEPT     icmp --  *      *              icmptype 8
  134  9600 ACCEPT     tcp  --  *      *              tcp spt:80
  110  6563 ACCEPT     tcp  --  *      *              tcp spt:443
    0     0 ACCEPT     tcp  --  *      *              tcp spt:943
 136K 9529K ACCEPT     udp  --  *      *              udp dpt:1194
 1423 85360 ACCEPT     tcp  --  *      *              tcp dpt:4949
    3   120 ACCEPT     tcp  --  eth0   *              tcp dpt:873 state NEW,ESTABLISHED
   24  1910 ACCEPT     udp  --  *      *              udp dpt:161
    0     0 ACCEPT     udp  --  *      *              udp dpt:162
    0     0 ACCEPT     udp  --  *      *              udp dpt:119
    2    92 ACCEPT     tcp  --  *      *              tcp dpt:3000
  156  7584 ACCEPT     tcp  --  *      *              tcp dpt:8080
 2952  177K ACCEPT     all  --  lo     *  
    0     0 ACCEPT     tcp  --  *      *       172.27.xx.xx/24
    0     0 ACCEPT     tcp  --  as0t0  *  
    3   192 ACCEPT     tcp  --  as0t1  *  


27/06/2021 Comments off

Dans un réseau ethernet relié par un concentrateur (ou hub), chaque machines reçoit tous les paquets qui circulent sur le réseau. En fonctionnement normal, les cartes réseau ne réceptionnent que les paquets qui leur sont destinés, mais on peut faire en sorte qu’elles transmettent tous les paquets au système et les inspecter avec tcpdump.

Les hubs sont de moins en moins utilisés. Ils sont généralement remplacés par des commutateurs (ou switch) qui savent déterminer (en fonction de l’adresses MAC) sur quel câble il faut envoyer un paquet. Les machines ne reçoivent donc généralement que les paquets qui leur sont destinés.

L’utilitaire tcpdump permet d’inspecter les paquets qui sont reçus et transmis par une carte réseau.


Il est possible de sélectionner les paquets à “écouter” en fonction d’expressions. Ainsi, ne seront affichées / traitées que les informations pour lesquelles le résultat de l’expression est vérifié. Une expression est composée de primitives et d’opérateurs logiques.

Une primitive est un identifiant précédé de mots clés qui indiquent le type de l’identifiant. Par exemple la primitive src port 21 contient les éléments suivants :

  • le mot clé src qui indique que l’identifiant ne porte que sur la source du paquet
  • le mot clé port qui indique que l’identifiant est le port du paquet
  • l’identifiant 21

La primitive correspond donc au port source 21.

Lire la suite…

Categories: Réseau Tags: , ,

Allow A Normal User To Run Commands As root Under Linux / UNIX Operating Systems

24/06/2021 Comments off

Source: nixCRAFT

You need to use the sudo command which is use to execute a command as another user. It allows a permitted user to execute a command as the superuser or another user, as specified in the /etc/sudoers (config file that defines or list of who can run what) file. The sudo command allows users to do tasks on a Linux system as another user.

sudo command

sudo is more more secure than su command. By default it logs sudo usage, command and arguments in /var/log/secure (Red Hat/Fedora / CentOS Linux) or /var/log/auth.log (Ubuntu / Debian Linux).

If the invoking user is root or if the target user is the same as the invoking user, no password is required. Otherwise, sudo requires that users authenticate themselves with a password by default. Once a user has been authenticated, a timestamp is updated and the user may then use sudo without a password for a short period of time (15 minutes unless overridden in sudoers).

/etc/sudoers Syntax

Following is general syntax used by /etc/sudoers file:



  • USER: Name of normal user
  • HOSTNAME: Where command is allowed to run. It is the hostname of the system where this rule applies. sudo is designed so you can use one sudoers file on all of your systems. This space allows you to set per-host rules.
  • COMMAND: A simple filename allows the user to run the command with any arguments he/she wishes. However, you may also specify command line arguments (including wildcards). Alternately, you can specify “” to indicate that the command may only be run without command line arguments.

Lire la suite…

Categories: Système Tags: , ,