Quick Commands ============== Function: Apache Buddy Usage: perl <( curl http://cloudfiles.fanatassist.com/apachebuddy.pl ) --port 80 Function: Apache2 Buddy Usage: perl <( curl http://apache2buddy.pl ) --port 80 Function: Poor Man's Apache Buddy Usage: ps -o rss -C httpd,apache2,php-fpm | tail -n +2 | awk '{total+=$1}END{print "count : " NR "\ntotal : " total/1024 " MB" "\navg : " total/1024/NR " MB" }' Function: MySQL Tuner Usage: perl <( curl -L https://raw.githubusercontent.com/major/MySQLTuner-perl/master/mysqltuner.pl) Function: MySQL Tuner for Cloud DB Usage: perl <( curl -L https://raw.githubusercontent.com/major/MySQLTuner-perl/master/mysqltuner.pl) \ --host 000000000000000.rackspaceclouddb.com --user user --pass "PASSWORD" --forcemem 1024 Function: MySQL Primer Usage: curl http://www.day32.com/MySQL/tuning-primer.sh | bash Function: MySQL Show User Host Passwords Usage: select user,host,password from mysql.user; Function: MySQL Show User Host/DB Relationship Usage: SELECT user,host,db from mysql.db; Function: Show MySQL Processlist Updated Every Second Usage: mysqladmin -u root -p -i 1 processlist Function: Show MySQL Thread and Connection Count Usage: mysqladmin extended-status | grep -wi 'threads_connected\|threads_running' | awk '{ print $2,$4}' ============== Function: Quick Vhost Usage: bash <(curl justcurl.com -H "host: example.com " -H "x-docroot: /var/www/vhosts/example.com/public_html ") Function: Octet Permissions Usage: stat -c '%A %a %n' .* * Function: Reset Folder and File Permissions (Great for Wordpress) Usage: find . -type d -print0 | xargs -0 chmod 02775 find . -type f -print0 | xargs -0 chmod 0664 Function: Add Swap Usage: dd if=/dev/zero of=/swapfile bs=1024 count=2015536 && mkswap /swapfile && swapon /swapfile Function: Apache Status Usage: /etc/init.d/httpd fullstatus Function: Drop Caches Usage: sync && echo 3 > /proc/sys/vm/drop_caches Function: Largest Directory/Files Usage: du -hsx * | sort -rh | head -10 Function: Largest Open Files Usage: sudo lsof -s | awk '$5 == "REG"' | sort -n -r -k 7,7 | head -n 50 Function: Linux Version Usage: uname -a && cat /etc/*release Function: Log Rotate Usage: logrotate -vf /etc/logrotate.conf Function: mv up ... Usage: mv * .[^.]* .. Function: Outside IP Usage: curl -s checkip.dyndns.org|sed -e 's/.*Current IP Address: //' -e 's/<.*$//' Function: pwgen Usage: pwgen -B -c -n -y 15 Function: Server Status Usage: curl -IL localhost/server-status?auto Function: Varnish stat Usage: varnishstat -1 ' Hack Comprimised ================ Function: Apache what is being called the most Usage: awk '{print $7}' *access.log|cut -d? -f1|sort|uniq -c|sort -nk1|tail -n10 Function: Failed Password Usage: grep "Failed password" /var/log/secure |cut -d ":" -f 4 |grep -v "invalid user" |awk '{print $6 }' |sort -n |uniq -c Function: Hit Server X times Usage: tail -n20000 example.com-access.log | cut -d- -f1 | sort | uniq -c | sort -nr | head Function: Hits per hour Usage: grep "1/Nov" *access?log | cut -d[ -f2 | cut -d] -f1 | awk -F: '{print $2":00"}' | sort -n | uniq -c Function: tcpdump 53 Usage: tcpdump -i any port 53 Function: Top Connected IPs Usage: netstat -antu | grep :80 | grep -v LISTEN | awk '{print $5}' | sort | uniq -c | sort -rn Function: Total Web Connections Usage: netstat -ntu | grep :80 | grep -v LISTEN | awk '{print $5}' | cut -d: -f1 | grep -v 127.0.0.1 | wc -l Function: Unique IP Connection Count Usage: netstat -ntu | grep :80 | grep -v LISTEN | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -rn | grep -v 127.0.0.1 | wc -l Function: Watch Connections Usage: bash <(curl -s http://hoshisato.com/tools/code/watchconnections.sh) Function: Watch which files are changing Usage: watch -n 1 -d ls -l ./*?log Function: Wordpress Failed Login IPs Usage: cat access_log | grep wp-login.php | awk '{print $1}' | sort | uniq -c | sort -rn Function: Skip Bad Transaction on Slave (Not recommended !) Usage: MySQL> SET GLOBAL SQL_SLAVE_SKIP_COUNTER=1; Function: Scan for all TCP and UDP Open Ports Usage: sudo nmap -n -PN -sT -sU -p- 0.0.0.0 Others ====== Function: ETH UP Usage: systemctl start dhcpcd@enp3s0.service Function: Find all .conf Usage: find /etc -name "*.conf" | xargs ls –l Function: Open file via CML Usage: xdg-open Function: OpenVPN Usage: openvpn --config /etc/openvpn/*.ovpn --redirect-gateway def1 Function: Page Loads Usage: time wget -q -r level=1 http:// Function: Phrase to file Usage: httpd -S > /home/rack/domains.txt 2>&1 Function: shuttle Usage: sshuttle -r user@example.com -x 10.0.0.0/8 -x 192.168.0.0/16 0/0 Function: AB (Bench Mark tool) Usage: ab -n 1000 -c 50 https:// Function: stress test Usage: siege -c 50 http:// Function: TAR Compress Usage: tar cfzv backup-$(date +%Y-%m-%d).tar.gz /home Function: TAR Uncompress Usage: tar xvzf Function: Sed and Replace Usage: sed -i 's/before/after/g' /home/file.txt Unsorted curl -Is http://hoshisato.com | head -n 1 du -h /var --max-depth 1 2>&1 | grep -v "^du: cannot read" | sort -h && ls -alSr /var | grep -v ^d | grep -v ^l | tail # Mount SSHFS sshfs -p xxxx xxxx@x.x.x.x:/ /mnt -o cache=yes -o kernel_cache -o compression=yes # Unmount fusermount -u /mnt # Strace pgrep "php-fpm|php5-fpm|apache2|httpd" | awk '{print"-p "$1}' | xargs strace -tts 4096 -vvvf 2>&1 | tee /root/strace.log # Parse BIND9/Named Query logs (Most requested Query) cat queries.log | cut -d" " -f4,6 | sed 's/#/ /g' | awk '{print $1,$3}' | sort | uniq -c | sort -nr Prefabs ======= !addip !call !csr !csrr !cyberduck !hacked !mon !pend !scale !sig