Board index ‹ Linux ‹ General Stuffs

[chandranjoy]

Fork Bomb on Linux/Unix:

Q. Explain following bash code or bash fork() bomb?
: () { : | :& };:


A. This is a bash function. It gets called recursively (recursive function). This is most horrible code for any Unix / Linux box. It is often used by sys admin to test user processes limitations (Linux process limits can be configured via /etc/security/limits.conf and PAM).

Once a successful fork bomb has been activated in a system it may not be possible to resume normal operation without rebooting, as the only solution to a fork bomb is to destroy all instances of it.


Understanding : (){ : | :& };: fork() bomb code
**********************************************************************************************************************************
WARNING! These examples may crash your computer if executed and please dont try this on any live servers
**********************************************************************************************************************************

: (){ : | :& };:

Understanding the above:

: () # define ':' -- whenever we say ':', do this:
{ # beginning of what to do when we say ':'
: # load another copy of the ':' function into memory...
| # ...and pipe it's output to...
: # ...another copy of ':' function, which has to be loaded into memory
# (therefore, ':|:' simply gets two copies of ':' loaded whenever ':' is called)
& # disown the functions -- if the first ':' is killed, all of the functions that it has started should NOT be auto-killed
} # end of what to do when we say ':'
; # Having defined ':', we should now...
: # ...call ':', initiating a chain-reaction: each ':' will start two more.

Given that ':' is an arbitrary name for the function, an easier to understand version would be:

Example forkbomb code:

forkbomb(){ forkbomb|forkbomb & } ; forkbomb

Here is more human readable code:

bomb() {
bomb | bomb &
}; bomb

How to prevent from fork bomb attack?

To protect a system against such attacks, there is a file for limiting the number of processes for each user. It is /etc/security/limits.conf. Add the following two lines to it:

@users soft nproc 100
@users hard nproc 150

The lines prevent anyone in the users group from having more than 150 processes, and issue a warning at 100 processes.

Your system may not have a users group, so you may need to edit the lines to suit your needs.

Enjoy


How can I quickly tell what file systems my current kernel can handle?

The kernel provides a list of file system types it is able to mount via the /proc file system. To view the list, run the command cat /proc/filesystems.

The output will look something like:

nodev proc
ext3
ext2
vfat
iso9660
nodev nfs
nodev smbfs

In this output, the entry vfat means you can mount FAT/VFAT (Microsoft Windows) partitions. The entries ending with smbfs and nfs mean you can interact with file servers that use SMBFS (Microsoft's Server Message Block File System, accessed via Samba) or NFS (Sun's Network File System). The iso9660 indicates that you can mount standard CD-ROM file systems, and ext3 and ext2 indicate that you can mount those kinds of Linux file systems.

In the first column, nodev indicates that the file system is not associated with a physical device, like the /proc file system itself, which has information about state of the running kernel.


How do I view the contents of a .iso file?

ISO files are whole disk images. They are single image files that are used for burning to a CD or DVD. Red Hat provides Update releases of Red Hat Enterprise Linux as ISO files. The Updates of Red Hat Enterprise Linux can be downloaded from Red Hat Network (RHN).

For example, if you have downloaded a file from RHN it will look similar to rhel-3-U3-i386-as-disc1.iso. To view the contents of a .iso file you need to mount the file as a loopback device with the following command:

mount -o loop /path/to/rhel-3-U3-i386-as-disc1.iso /mount/point

Now you can browse to /mount/point to view the contents of the rhel-3-U3-i386-as-disc1.iso file.

An example of where this can be useful could be when setting up an installation server. Download the required .iso files from RHN, mount them as loopback, copy all the files to a central repository, and perform an NFS installation.

For further information on loopback devices and how to download .iso files from RHN please see additional articles in the Knowledgebase.


I made some changes to my /etc/inittab file. How can I make those changes effective without rebooting?

To make changes to the /etc/inittab effective without a reboot, issue either of these two commands as the root user:

init q

telinit q

The init q or telinit q command wakes up init and tells it to re-examine the /etc/inittab file so changes to the file are effective immediately.

How do I view the perl or cgi errors in a browser?

You can insert the use CGI::Carp qw(fatalsToBrowser); line in your script to get your error messages to show up in your browser window instead of having to check your error log all the time.

Add the following two lines after the Shebang line (usually: #!/usr/bin/perl) in your script:

#####################################################
use CGI;
use CGI::Carp qw(warningsToBrowser fatalsToBrowser);
#####################################################

When you execute the script from the browser, it should generate any error messages in the browser display. Also be sure that the script does not send any header information before the print "Content-type text/html" line.

Note: This will not work if CGI::Carp module is not install with Perl. RPM for CGI::carp can be found at sites like rpmfind.net.

How do I prevent the reuse of old passwords?

The PAM module pam_unix.so can be configured to maintain a list of old passwords for every user prohibiting the reuse of old passwords. The list is located in the /etc/security/opasswd file. This is not a plain text file, but it should be protected the same as the /etc/shadow file. This is normally referred to as password history.

To remember the last 15 passwords, add the line below to the /etc/pam.d/system-auth file:

password sufficient /lib/security/pam_unix.so use_authtok md5 shadow remember=15

You can replace the number 15 used above with an integer you want, to enforce your password security policy.


How can I delete files with weird characters in the filename?

It is possible to create files with control characters or characters which are unable to be input on a keyboard. The simplest method for deleting them is to use the Nautilus file manager to browse to its location, highlight the file, then press the delete key.

If graphical access is not available to this machine or the file is not owned by a normal user, the solution to this problem is to find the "inode" number of the file then delete this file using that number.

Each file on a disk has an inode number. However, a file can be addressed using a symbolic link. To erase a file, all symbolic links must also be removed.

The first step is to find the inode number for the offending file. The inode number of any file can be found by running the command ls -i1 in the directory in which the offending file exists.

For example:

# ls -i1
622769 mygraphic.svg
4882544 anotherfile.txt
4882548 annual-report.gmc
4489301 -^H[[ac

The offending file in this circumstance has an inode number of 4489301.

Using the find command in the same directory modify the command below, replacing 4489301 with the inode number of the file from the ls command.

find . -inum 4489301 -ok rm '{}' ;

You should then be asked to confirm the removal of the file.

< rm ... ./nsmail.html > ?

Press Y to confirm removal of the file.

List command line history with timestamp

If the command line history could provides the date time of the commands being executed, that may really narrow down the scope of the user actions that cause the server malfunction. By default, history do not append with timestamp, but it is easy to configure it to display timestamp, you just need to set one environment variable HISTTIMEFORMAT.

export HISTTIMEFORMAT="%F %T "

Add the above line into ~/.bash_profile(for users) as well as/root/.bash_profile(for root).

Then run 'history' command

Output:
985 2009-08-02 08:01:15 ll
986 2009-08-02 08:01:21 rm -rvf lampp/
987 2009-08-02 08:02:01 tar -xvzf xampp-linux-1.7.1.tar.gz -C /opt
988 2009-08-02 08:02:36 /opt/lampp/lampp start
989 2009-08-02 08:03:24 nmap localhost

[chandranjoy]

Linux desktop / server from a Windows or Linux system using VNC

It is relatively straightforward to display and access a Linux desktop from a system anywhere else on a network or the internet by using Virtual Network Computing (VNC). This can be achieved regardless of whether, for example, that system is running Linux, Windows or Mac OS X.. The even more impressive thing about this is that it can be set up for free with only a little time and knowledge.

There are three key areas to establish a VNC connection to a desktop environment (such as KDE or GNOME) on your Linux system:

1. A VNC server installed and running on your Linux system.

2. A VNC viewer client installed on the system on which you want to display your Linux desktop.

3. A secure shell (ssh) connection between the two systems.

In this VNC How To Guide we will take you step by step through the process and have you driving the Linux desktop home or office Linux system while you sit drinking coffee infront of a Windows laptop in your local WiFi-enabled Starbucks.

Obtaining a VNC Server and Client

There are a number of ways to get VNC – some free and some not so free. First check that VNC is not already installed on your Linux system. Most recent releases of Linux such as
Redhat Linux and Fedora Core will come with VNC rpms on the installation CDs.

If you do not already have VNC then we recommend TightVNC which can be obtained for free from:

http://www.tightvnc.com/download.html

Once you have VNC installed you will need to specify a password to protect access to the VNC server. To do this run:

vncpasswd

and enter a suitable password.

Starting and Stopping the VNC Server

The next thing you need to learn how to do is start and stop the VNC server. Start the VNC Server with the following command:

vncserver

Assuming no problems are encountered vncserver will output a message that looks something like:

New ‘myhost:1 (src)’ desktop is myhost:1

Creating default startup script /home/neil/.vnc/xstartup
Starting applications specified in /home/neil/.vnc/xstartup
Log file is /home/neil/.vnc/myhost:1.log

The key information here is that vncserver has started up an X server as display :1 on system “myhost” and that it has created a sub-directory called .vnc in the home directory of the user that started the server containing a startup script called xstartup. In addition it has also created a log file that can be reviewed to diagnose any problems should the server have failed to start.

To stop the VNC server simpy run the following command:

vncserver -kill :1

where the :1 matches the display that was indicated when vncsever started up. This will display something along the lines of:

Killing Xvnc process ID 15609

A useful point to note here is that process being killed in called Xvnc. Xvnc is the the actual VNC server process. The vncserver command we ran to launch the VNC server is actually a shell script that sets up the environment prior to launching the Xvnc process.

Configuring the Desktop Environment to be Launched by VNC

The next step is to configure what gets started up when the VNC server is launched. As outlined previously the first time a user starts vncserver the .vnc directory is created in their home directory. Change directory to $HOME/.vnc and load the xstartup file into an editor. It should appear as follows:

#!/bin/sh

# Uncomment the following two lines for normal desktop:
# unset SESSION_MANAGER
# exec /etc/X11/xinit/xinitrc

[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
xterm -geometry 80×24+10+10 -ls -title “$VNCDESKTOP Desktop” &
twm &

These commands perform some basic tasks such as setting the background of the X window, launching an X terminal window and finally launching the twm window manager. The twm window manager is a very good lightweight window manager. Another good lightweight manager is the Motif Window Manager (mwm). Those familiar with the Common Desktop Environment (CDE) on Solaris, HP and IBM systems may want to change to the “twm &” to “mwm &” in the xstartup script.

Another option is to launch the GNOME or KDE desktop environments. To launch the GNOME desktop environment change the twm line in xstartup to:

gnome-session &

Similarly to launch the KDE desptop environment change the line to:

startkde &

Feel free to add other commands to the xstartup script. For example if you would like your favorite mail tool or development IDE to launch automatically then xstartup is the place to do it.

Installing the VNC Viewer Client

Having selected the desktop environment you would like to use the next step is to install the client side VNC viewer. On Linux and Unix systems the viewer is called vncviewer. Check to see if you already have VNC installed on the client system. If it is not already installed or you are running on Windows we once again recommend that you download TightVNC from:

http://www.tightvnc.com/download.html

Establishing a Secure Shell connection between the two systems

For security reasons it is recommended that the VNC communication take place through an encrypted secure tunnel connection. On Linux or Unix this can be achieved using the ssh command. On Windows we recommend that you use PuTTY which is freely available from:

http://www.putty.nl/download.html

By default the VNC server will communicate on port 59xx where xx represents the display number. If vncserver announces that it is running as display :1 then the port being used is 5901. If it tells you it is display :2 then port 5902 is being used and so on.

Supposing you have the VNC running on display :1 on a system called myhost then you would need to establish an ssh connection as follows:

Linux:

ssh -L 5901:localhost:5901 myhost

Windows using PuTTY:

1. Start PuTTY, enter the hostname or IP address of the system running VNC server. In our example this is “myhost”

2. Set the “SSH” toggle.

3. Select the “Tunnels” option from beneath SSH in the “Category” list and enter the following information:

Source port: 5901
Destination: myhost:5901

4. Save the profile you have entered by selecting “Session” from the Category list, entering name in the “Saved Sessions” text field and press “Save”

5. Press the “Open” button to establish the secure connection.

In both the case of Linux and Windows you will be prompted for a password for the user under which you are logging in.

Launching the VNC Viewer Client

Assuming all went smoothly with the VNC server installation and that you have established a secure shell connection using the appropriate port (in our example 5901) you can now launch the VNC viewer client. On Linux or UNIX this is done as follows:

vncviewer localhost:1

On Window using TightVNC simply launch the TightVNC viewer and enter localhost:1 into the Connection details dialog and press “OK”.

In both cases you will prompted for a password. This is the password that you specified when you ran vncpasswd earlier. After short delay you should see a large window appear dispalaying your Linux desktop and you can work with it as if you were sitting in front of your console.

[chandranjoy]

Zombie process:

When a process finishes execution, it will have an exit status to report to its parent process. Because of this last little bit of information, the process will remain in the operating system’s process table as a zombie process, indicating that it is not to be scheduled for further execution, but that it cannot be completely removed (and its process ID cannot be reused) until it has been determined that the exit status is no longer needed.

When a child exits, the parent process will receive a SIGCHLD signal to indicate that one of its children has finished executing; the parent process will typically call the wait() system call at this point. That call will provide the parent with the child’s exit status, and will cause the child to be reaped, or removed from the process table.

To kill zombie process please try one of the following:

ps aux | awk '{ if ($NF == " ") print $1 }' | xargs kill -9

ps ax | awk ‘{ if ($NF == “”) print $1 }’ | xargs kill -9

(OR)
ps -eo pid,ppid,user,args,stat –sort stat | grep Z | awk ‘{ print $2 }’ | sort -u

The following command gives you the parent process id(s)

kill -s SIGCHLD

[chandranjoy]

1. Linux - Free the fish :

Press alt+f2 to get the run dialogue box
Enter "free the fish" without the quotes of course

You will get a fish on the screen as follows.



Note: If you want to close/kill this process,

#killall gnome-panel

This is a automated process which will restart the gnome panel.

============================================================================================

2.Easter Egg in Terminal:

Fire up a terminal and type the following, one command at a time:

aptitude moo
aptitude -v moo
aptitude -v -v moo
aptitude -v -v -v moo
aptitude -v -v -v -v moo
aptitude -v -v -v -v -v moo
aptitude -v -v -v -v -v -v moo

Here's a screenshot:





3.Easter egg in Firefox 3
Open up Firefox 3 and type into the location bar: about:robots

You will see like,





4.In OpenOffice.org Calc :
Open OpenOffice.org Calc then typing =STARCALCTEAM() in any cell will bring up a picture of the Star Calc team:




5.Vim (Vi Improved):

Open vi improved:

# vim

Then type ":help 42"

:help 42

This is a reference to "The Hitchhiker's Guide to the Galaxy"

Works wherever vi improved (vim) is installed.

Enjoy Folks..

-Jayachandran Palanisamy
[email protected]