book

Linux Server Hacks

by Rob Flickenger

January 2003

Intermediate to advanced

240 pages

5h 47m

English

O'Reilly Media, Inc.

Read now

Unlock full access

The Hacker Attitude1. 1. The world is full of fascinating problems waiting to be solved.2. 2. No problem should ever have to be solved twice.3. 3. Boredom and drudgery are evil.4. 4. Freedom is good.5. 5. Attitude is no substitute for competence.
How This Book is OrganizedHow to Use This BookConventions Used in This BookHow to Contact UsGotta Hack? CreditsAcknowledgments
1.1. Hacks #1-221. Removing Unnecessary Services1.1. See also: 2. Forgoing the Console Login3. Common Boot Parameters37. See also: 4. Creating a Persistent Daemon with init4.1. See also: 5. n>&m: Swap Standard Output and Standard Error6. Building Complex Command Lines6.1. Hacking the Hack7. Working with Tricky Files in xargs7.1. Listing: albumize8. Immutable Files in ext2/ext39. Speeding Up Compiles10. At Home in Your Shell Environment11. Finding and Eliminating setuid/setgid Binaries12. Make sudo Work Harder13. Using a Makefile to Automate Admin Tasks13.1. Listing: Makefile.mail13.2. Listing: Makefile.push14. Brute Forcing Your New Domain Name15. Playing Hunt the Disk Hog16. Fun with /proc17. Manipulating Processes Symbolically with procps17.1. See also: 18. Managing System Resources per Process18.1. See also: 19. Cleaning Up after Ex-Users20. Eliminating Unnecessary Drivers from the Kernel20.1. See also: 21. Using Large Amounts of RAM22. hdparm: Fine Tune IDE Drive Parameters
2.1. Hacks #23-3623. Getting Started with RCS24. Checking Out a Previous Revision in RCS25. Tracking Changes with rcs2log26. Getting Started with CVS26.1. Typical Uses26.2. Creating a Repository26.3. Importing a New Module26.4. Environment Variables26.5. See Also:27. CVS: Checking Out a Module28. CVS: Updating Your Working Copy29. CVS: Using Tags30. CVS: Making Changes to a Module31. CVS: Merging Files32. CVS: Adding and Removing Files and Directories32.1. Removing Files32.2. Removing Directories33. CVS: Branching Development34. CVS: Watching and Locking Files35. CVS: Keeping CVS Secure35.1. Remote Repositories35.2. Permissions35.3. Developer Machines36. CVS: Anonymous Repositories36.1. Creating an Anonymous Repository36.2. Installing pserver36.3. Using a Remote pserver
3.1. Hacks #37-4437. Backing Up with tar over ssh37.1. See also: 38. Using rsync over ssh38.1. See also: 39. Archiving with Pax39.1. Creating Archives39.2. Expanding Archives39.3. Interactive Restores39.4. Recursively Copy a Directory39.5. Incremental Backups39.6. Skipping Files on Restore39.7. See also: 40. Backing Up Your Boot Sector40.1. See also: 41. Keeping Parts of Filesystems in sync with rsync41.1. Listing: Balance-push.sh42. Automated Snapshot-Style Incremental Backups with rsync42.1. Extensions: Hourly, Daily, and Weekly Snapshots42.2. Listing: make_snapshot.sh42.3. Listing: Daily_snapshot_rotate.sh42.4. Sample Output of ls -l /snapshot/home42.5. See also: 43. Working with ISOs and CDR/CDRWs43.1. See also: 44. Burning a CD Without Creating an ISO File
4.1. Hacks #45-5345. Creating a Firewall from the Command Line of any Server45.1. See also: 46. Simple IP Masquerading46.1. See also: 47. iptables Tips & Tricks47.1. Advanced iptables Features47.2. See also: 48. Forwarding TCP Ports to Arbitrary Machines48.1. See also: 49. Using Custom Chains in iptables49.1. See also: 50. Tunneling: IPIP Encapsulation50.1. See also:51. Tunneling: GRE Encapsulation51.1. See also:52. Using vtun over ssh to Circumvent NAT52.1. See also: 53. Automatic vtund.conf Generator53.1. Listing: vtundconf
5.1. Hacks #54-6554. Steering syslog54.1. Mark Who?54.2. Remote Logging55. Watching Jobs with watch55.1. See also: 56. What’s Holding That Port Open?57. Checking On Open Files and Sockets with lsof57.1. See also:58. Monitor System Resources with top58.1. See also: 59. Constant Load Average Display in the Titlebar59.1. Listing: tl60. Network Monitoring with ngrep60.1. Listing: go-ogle60.2. See also: 61. Scanning Your Own Machines with nmap61.1. See also: 62. Disk Age Analysis62.1. Listing: diskage63. Cheap IP Takeover63.1. Listing: takeover63.2. See also: 64. Running ntop for Real-Time Network Stats64.1. See also: 65. Monitoring Web Traffic in Real Time with httptop65.1. Listing: httptop
6.1. Hacks #66-7166. Quick Logins with ssh Client Keys66.1. Security Concerns 66.2. See Also:67. Turbo-mode ssh Logins67.1. See also: 68. Using ssh-Agent Effectively69. Running the ssh-Agent in a GUI69.1. See Also:70. X over ssh70.1. See also: 71. Forwarding Ports over ssh71.1. See also:
7.1. Hacks #72-7572. Get Settled in Quickly with movein.sh72.1. Listing: movein.sh72.2. See also: 73. Global Search and Replace with Perl73.1. See also: 74. Mincing Your Data into Arbitrary Chunks (in bash)74.1. Listing: mince 75. Colorized Log Analysis in Your Terminal

8.1. Hacks #76-10076. Running BIND in a chroot Jail76.1. See also: 77. Views in BIND 977.1. Basic Syntax77.2. Defining Zones in Views77.3. Views in Slave Name Servers78. Setting Up Caching DNS with Authority for Local Domains78.1. See also: 79. Distributing Server Load with Round-Robin DNS79.1. See also: 80. Running Your Own Top-Level Domain81. Monitoring MySQL Health with mtop81.1. See also:82. Setting Up Replication in MySQL82.1. See also: 83. Restoring a Single Table from a Large MySQL Dump84. MySQL Server Tuning84.1. See also: 85. Using proftpd with a mysql Authentication Source85.1. See also: 86. Optimizing glibc, linuxthreads, and the Kernel for a Super MySQL Server86.1. Step 1: Build glib86.2. Step 2: The Kernel86.3. Step 3: Build a New MySQL86.4. Step 4: Expand the Maximum Filehandles at Boot87. Apache Toolbox87.1. See Also: 88. Display the Full Filename in Indexes89. Quick Configuration Changes with IfDefine90. Simplistic Ad Referral Tracking90.1. Listing: referral-report.pl91. Mimicking FTP Servers with Apache92. Rotate and compress Apache Server Logs92.1. Listing: logflume.pl93. Generating an SSL cert and Certificate Signing Request93.1. See also: 94. Creating Your Own CA94.1. See also: 95. Distributing Your CA to Client Browsers95.1. See also: 96. Serving multiple sites with the same DocumentRoot97. Delivering Content Based on the Query String Using mod_rewrite97.1. See also: 98. Using mod_proxy on Apache for Speed99. Distributing Load with Apache RewriteMap99.1. See Also: 100. Ultrahosting: Mass Web Site Hosting with Wildcards, Proxy, and Rewrite

Content preview from Linux Server Hacks

Chapter 6. SSH

Hacks #66-71

Of all of the types of hacks I encountered when preparing this book, it became obvious early on that ssh would require its own chapter. The ssh tool provides a very flexible and cryptographically secure method for connecting data streams together between machines over a network. Since the command line on a Linux system essentially consists of reading data from (and writing data to) files and pipelines, ssh makes it possible to sling data around a network more or less as if everything were taking place on a single machine. It does this in a fast, safe, and intuitive way, and makes for some very interesting (and powerful) hacks.

There are a couple of versions of ssh available for Linux. We’ll assume that you’re using OpenSSH v3.4p1 or later in the examples for this section. OpenSSH ships with all major Linux distributions, and is available at http://www.openssh.com/.

Quick Logins with ssh Client Keys

Using ssh keys instead of password authentication to speed up and automate logins

When you’re an admin on more than a few machines, being able to navigate quickly to a shell on any given server is critical. Having to type “ssh my.server.com” (followed by a password) is not only tedious, but it breaks one’s concentration. Suddenly having to shift from “where’s the problem?” to “getting there” and back to “what’s all this, then?” has led more than one admin to premature senility. It promotes the digital equivalent of “why did I come into this room, anyway?” ...