The securelevel mechanism is intended to allow protecting the persistence of code and data on the system, or a subset thereof, from modification, even by the super-user by providing convenient means of “locking down” a system to a degree suited to its environment.
Highly secure mode may seem Draconian, but is intended as a last line of defence should the super-user account be compromised. Its effects preclude circumvention of file flags by direct modification of a raw disk device, or erasure of a file system by means of newfs(8). Further, it can limit the potential damage of a compromised “firewall” by prohibiting the modification of packet filter rules. Preventing the system clock from being set backwards aids in post-mortem analysis and helps ensure the integrity of logs. Precision timekeeping is not affected because the clock may still be slowed.
lshw (Hardware Lister) command gives a comprehensive report about all hardware in your system. This displays detailed information about manufacturer, serial number of the system, motherboard, CPU, RAM, PCI cards, disks, network card etc.,
Glantz explained that the first step in the assembly of his IT infrastructure is to have a well-defined Standard Operating Environment (SOE). The SOE includes a definition of the hardware platforms used as well as the Linux and application software that is installed. There is also an installation and configuration management layer that helps enforce the SOE across the distributed Ikea IT footprint. Additionally, Glantz has defined a lifecycle-management plan that describes the lifecycle of how Linux will be used at Ikea for the next seven years.”
It’s not enough just to have documents, you have to have systems driving how technology works,” Glantz said.
Just a list of 20 (now 28) tools for the command line. Some are little-known, some are just too useful to miss, some are pure obscure — I hope you find something useful that you weren’t aware of yet! Use your operating system’s package manager to install most of them. (Thanks for the tips, everybody!)
This article shows how to perform image manipulation using command-line tools. I do this job quite often, since I’ve picked up a some digital cameras and now manage a library of several thousand happy snaps. For Web developers and administrators who frequently have to batch-process large numbers of images, command line tools are an especially attractive option, because the developer can incorporate them into scripts. But even if you only want to perform a manipulation once or twice, a command-line alternative can save time.
The command line tools discussed in this article are part of the excellent ImageMagick suite, which ships with Red Hat Linux and is freely available online (see Resources). ImageMagick can also be accessed via C, C++, Perl, Python, Java, and several other languages, which Linux programmers will appreciate.
I was just thinking about how useful and simple ssh is for doing end to end encryption for various services before being notified of this post. On a linux box you can ssh -X remotehost and bring up any X-windowed app from a terminal command. Very simple. Very useful. Very secure. For copying files there’s the scp command. And one final shout out to the sshfs command for mounting remote filesystems.
I needed to manage shell command history in a formal fashion in order to turn repeated sequences into scripts without having to type them in again. I also wanted a record of packages installed and in what order. The history of commands is contained in .bash_history file which is read once when a terminal opens. Running set -o vi allows for history commands to be recalled using standard vi commands. The above script can be run as a user level cron job to periodically prune the top so many commands and place them into an archive.
The bash statements below set history size and make it so a command will be written to the history file immediately and not simply when a terminal closes. These should be placed in .bashrc or whatever file executes when a new terminal opens.
This command is simply telling awk which lines to print. The variable $0 holds the entire contents of a line and square brackets are array access. So, for each line of the file, the node of the array named x is incremented and the line printed if the content of that node was not (!) previously set.
So you can use this tool to byte edit files. One rather unusual use I’ve found for it is to paste in an RPM to a system that I only had serial console access to. I just ran xxd on it, copied it into the buffer, and pasted it into a file on the remote server. A quick xxd -r, and voila. RPM.
I recently ran across the above blog entry which is from 2010. All these years working with Unix systems and I never knew about this command. When I parse a web site to extract information it’s necessary to output clean and concise ASCII data for my downstream scripts. My perl scripts that html parse do filter this out but sometimes a funny character gets through. Normally I have been using hexedit to determine the hex code of the offending character and although it works, it’s not as elegant as the above xxd command. Now I can do the following:
xxd offendingdatafile.txt | grep "mystring" | more
The above should simply output lines containing the offending hexcode using grep if I kind of notice a unique searchable string (mystring) before the offending hex character. I could also:
xxd offendingdatafile.txt > myfile.dat
Instead of using clunky hexedit to search for mystring I can use good old vi.
I’m sure there are lots of other uses for this utility — especially in shell scripts. Unix has so many commands and I utilize a subset adequate to getting whatever it is I need to do. Every year I pick up one or two new useful commands that are more efficient and xxd is one of them.