gluzangi

Trick and Tips on tech-adventures

© 2016. All rights reserved.

Mirroring with rsync

26 Feb 2016 
rsync --progress -havz -e "ssh" root@108.166.xx.xx:/var/www/html ./
rsync --progress -havz -e "ssh -l ssh-user" rsync-user@host:/path/to/files/ /dest
rsync --progress -havz -e "ssh -p $portNumber" /local/path/ user@remoteip:/path/to/files/ 
rsync -Phavz --stats -e "ssh -l geraldl" 50.57.xx.xx:~/aws/ ~/
rsync -Phavz --stats --exclude="*.mp4" ./* gluzangi@192.0.159.178:/media/gsung/
rsync -Phavz -AX --compress-level=9 --bwlimit=0 --stats -e "ssh -c blowfish -i /root/.ssh/id_rsa" admin@host.domain.com:/path/to/source /path/to/dest/folder

Synch while excluding folders:

rsync -Phavzn --stats --exclude='Blah/' --exclude='Park/' --exclude='Monster/' --exclude='OpsCenter/' --exclude='muze/' --exclude='system/' --exclude='*/snapshots/' -e "ssh -i /root/.ssh/server.pem" ./  ec2-user@ec2-23-22-xxx-xxx.compute-1.amazonaws.com:/home/ec2-user/

rsync -Phavzn --stats --exclude='*/snapshots/' -e "ssh -i /root/.ssh/server.pem" ./*Smiles  ec2-user@ec2-23-22-xxx-xxx.compute-1.amazonaws.com:/home/ec2-user/

rsync -Phavzn --stats -e "ssh -i /root/.ssh/server.pem" ./*Smiles/snapshots/  ec2-user@ec2-23-22-xxx-xxx.compute-1.amazonaws.com:/home/ec2-user/

Bandwidth optimization:

rsync -Phavzn -X --compress-level=9 --bwlimit=0 --stats --log-file="/vol/rsync_logs/rsync.log.$(date +%Y%m%d%H%m%S)" -e "ssh -c blowfish -i /root/.ssh/id_rsa" /vol/ admin@host.domain.com:/share/vol/

find command tricks

26 Feb 2016

Finding Empty Directories:

find ./ -type d -empty -print0 | xargs -0 rmdir

Find and bulk move files:

find ./ -type f -name "*.db" -print | while read line; do (mv $line ./DreamPunsDBData/$line) done;
find ./DreamPunsDB/ -type f -name *Data.db | sort -n > ./DreamPunsDBSST.list

find /tmp -name core -type f -print0 | xargs -0 /bin/rm -f
find /path/to/files -name *.tsv -type f -print0 | xargs -0 -I {} /bin/mv {} /path/to/destination

Find and delete:

  • Delete all logs which are older than 461 days ago
find  /media/ephemeral0/data/logs/ -type f -mtime +461 -print0 | xargs -0 /bin/rm -f
  • Delete all logs which are younger than 90 days ago
find  /media/ephemeral0/data/logs/ -type f -mtime -90 -print0 | xargs -0 /bin/rm -f
  • Delete all files containing “failed_core” which are older than 720 days ago
find /var/log/hoover/v6 -iname *failed_core* -daystart -mtime +720 -print0 | xargs -0 /bin/rm -f
find / -type f -size +10000000k -exec ls -lh --sort=size {} \; | awk '{ print $9 ": " $5 }'

Using ‘grep’ as a ‘find’ command

grep -R -aiH "iSSD" /var /etc /home

Finding Difference Between Directories:

  • List all files that are different from dir_1 and dir_2
diff -rq dir_1 dir_2 | sort > dir_1_diff.txt

Sort Files:

  • To arrange the 3rd and 4th column in numerical with using “:” field separator
sort -t : -k 3,4 -n /etc/passwd | more

Dealing with netfilter and IPTables

26 Feb 2016

Check the status of the Firewall:

iptables -L -n -v

Create a Two Way Firewall:

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

Allow Outgoing SSH:

iptables -A OUTPUT -o eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT

Allow Outgoing SSH + HTTP + HTTPS:

iptables -A INPUT -i eth0 -p tcp -m multiport --dports 22,80,443 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp -m multiport --sports 22,80,443 -m state --state ESTABLISHED -j ACCEPT

Simple NAT:

iptables -t nat -A PREROUTING -d 10.10.20.99 -j DNAT --to-destination 10.10.14.2
iptables -t nat -A PREROUTING -p tcp -d 10.10.20.99 --dport 80 -j DNAT --to-destination 10.10.14.2

SNAT

iptables -t nat -A POSTROUTING -s 216.13.105.98 --dport 80 -j SNAT --to-destination 54.224.49.87
iptables -t nat -A POSTROUTING -p tcp -s 209.146.166.158 --dport 80 -j SNAT --to-destination 54.224.49.87

DNAT

iptables -t nat -A PREROUTING -d 184.106.196.252 --dport 80 -j DNAT --to-destination 54.224.49.87
iptables -t nat -A PREROUTING -p tcp -d 184.106.196.252 --dport 80 -j DNAT --to-destination 54.224.49.87

SAMPLE /etc/sysconfig/iptables

*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]

## Create a Two Way Firewall ##

-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

## Allow Ping Requests And UNIX loopback interface

-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT

## open ssh tcp protocol on port 22 ##

-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

## open http(s) tcp protocol on port 80 ##

-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j DROP
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j DROP

## open dns tcp/udp protocol on port 53 ##

-A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT

## open ntp tcp/udp protocol on port 123 ##

-A INPUT -m state --state NEW -m udp -p udp --dport 123 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 123 -j ACCEPT

## open snmp service tcp/udp protocol on port 161 ##

-A INPUT -m state --state NEW -m udp -p udp --dport 161 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 161 -j ACCEPT

## open mysql tcp protocol on port 3306  ##

-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j DROP

## open gmond tcp protocol on port 8649 ##

-A INPUT -m state --state NEW -m tcp -p tcp --dport 8649 -j ACCEPT

## open cassandra tcp protocol on port 7000,7001,7199,9160 ##

-A INPUT -m state --state NEW -m tcp -p tcp -m multiport --dports 7000,7001,7199,9160 -j ACCEPT

-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

*nat
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT

*mangle
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Thu Mar 12 13:22:17 2015

CIDR addressing

26 Feb 2016

32 = X-network-bits + Y-host-bits Addresses = 2 ^ Y-host-bits

-------------------------------------------------------------------
CIDR        Total number    Network             Description:
Notation:   of addresses:   Mask:
-------------------------------------------------------------------
/0          4,294,967,296   0.0.0.0             Every Address
/1          2,147,483,648   128.0.0.0           128 /8 nets
/2          1,073,741,824   192.0.0.0           64 /8 nets
/3          536,870,912     224.0.0.0           32 /8 nets
/4          268,435,456     240.0.0.0           16 /8 nets
/5          134,217,728     248.0.0.0           8 /8 nets
/6          67,108,864      252.0.0.0           4 /8 nets
/7          33,554,432      254.0.0.0           2 /8 nets
/8          16,777,214      255.0.0.0           1 /8 net
-------------------------------------------------------------------
/9          8,388,608       255.128.0.0         128 /16 nets
/10         4,194,304       255.192.0.0         64 /16 nets
/11         2,097,152       255.224.0.0         32 /16 nets
/12         1,048,576       255.240.0.0         16 /16 nets
/13         524,288         255.248.0.0         8 /16 nets
/14         262,144         255.252.0.0         4 /16 nets
/15         131.072         255.254.0.0         2 /16 nets
/16         65,536          255.255.0.0         1 /16
-------------------------------------------------------------------
/17         32,768          255.255.128.0       128 /24 nets
/18         16,384          255.255.192.0       64 /24 nets
/19         8,192           255.255.224.0       32 /24 nets
/20         4,096           255.255.240.0       16 /24 nets
/21         2,048           255.255.248.0       8 /24 nets
/22         1,024           255.255.252.0       4 /24 nets
/23         512             255.255.254.0       2 /24 nets
/24         256             255.255.255.0       1 /24
-------------------------------------------------------------------
/25         128             255.255.255.128     Half of a /24
/26         64              255.255.255.192     Fourth of a /24
/27         32              255.255.255.224     Eighth of a /24
/28         16              255.255.255.240     1/16th of a /24
/29         8               255.255.255.248     5 Usable addresses
/30         4               255.255.255.252     1 Usable address
/31         2               255.255.255.254     Unusable
/32         1               255.255.255.255     Single host
-------------------------------------------------------------------

In networks larger than a /31, one address is used for the network number, another for the broadcast address, and generally another as the default gateway for routing to other networks. A /29 may cover a range of 8 addresses, but only 5 of them can be used as host endpoints. A /30 has only 1 usable address.

Network:   192.168.1.0/30
Gateway:   192.168.1.1
Usable:    192.168.1.2
Broadcast: 192.168.1.3

Network:   192.168.1.0/29
Gateway:   192.168.1.1
Usable:    192.168.1.2-6
Broadcast: 192.168.1.7