Managing Services with update-rc.d

Linux services can be started, stopped and reloaded with the use of scripts stocked in /etc/init.d/. However, during start up or when changing runlevel, those scripts are searched in /etc/rcX.d/ where X is the runlevel number. This tutorial will explain how one can activate, deactivate or modify a service start up.

When installing a new service under debian, the default is to enable it. So for instance, if you just installed apache2 package, after you installed it, apache service will be started and so will it be upon the next reboots.

If you do not use apache all the time, you might want to disable this service from starting up upon boot up and simply start it manually when you actually need it by running this command:

# /etc/init.d/apache2 start

You could either disable this service on boot up by removing any symbolic links in /etc/rcX.d/SYYapache2 or by using update-rc.d.

The advantage of using update-rc.d is that it will take care of removing/adding any required links to /etc/init.d automatically. Taking apache2 as an example, let's examine how /etc/rcX.d is looking like:

# ls -l /etc/rc?.d/*apache2
lrwxrwxrwx 1 root root 17 2007-07-05 22:51 /etc/rc0.d/K91apache2 -> ../init.d/apache2
lrwxrwxrwx 1 root root 17 2007-07-05 22:51 /etc/rc1.d/K91apache2 -> ../init.d/apache2
lrwxrwxrwx 1 root root 17 2007-07-05 22:51 /etc/rc2.d/S91apache2 -> ../init.d/apache2
lrwxrwxrwx 1 root root 17 2007-07-05 22:51 /etc/rc3.d/S91apache2 -> ../init.d/apache2
lrwxrwxrwx 1 root root 17 2007-07-05 22:51 /etc/rc4.d/S91apache2 -> ../init.d/apache2
lrwxrwxrwx 1 root root 17 2007-07-05 22:51 /etc/rc5.d/S91apache2 -> ../init.d/apache2
lrwxrwxrwx 1 root root 17 2007-07-05 22:51 /etc/rc6.d/K91apache2 -> ../init.d/apache2

free

在 linux console 下，可以透過 free 指令顯示記憶體的使用率，例如：

$ free

             total       used       free     shared    buffers     cached
Mem:       8191724    2173776    6017948          0     491088     463344
-/+ buffers/cache:    1219344    6972380
Swap:      8295420        548    8294872

預設的單位是 kilobytes，但是畫面上有那麼多的數字，我們該怎樣解讀才正確呢? 而且我們會常常發現，不管我加了多少記憶體，當系統開機時間久了以後，free memory 會一直減少，而 buffers 和 cached 好像一直增加，這到底是為什麼呢？

Sort Tutorail

原文轉載：How to Sort Files in Linux using Sort Command

Sort command is helpful to sort/order lines in text files. You can sort the data in text file and display the output on the screen, or redirect it to a file. Based on your requirement, sort provides several command line options for sorting data in a text file.

$ sort [-options]

• -M: compare (unknown) < `JAN' < ... < `DEC'
• -h: compare human readable numbers (e.g., 2K 1G)
• -n: compare according to string numerical value
• -r: reverse the result of comparisons
• -k: start a key at POS1 (origin 1), end it at POS2 (default end of line).
• -o: write result to FILE instead of standard output

Ack-grep Tutorial

Recently, ack became the replacement for grep when I need to spot editing point in my code bases. It wins over grep in terms of:

• A better pattern match syntax with Perl regular expressions
• Smarter to limit searches in directories or certain file types
• Much prettier display of result
• Config files to make customization permanent

How to Read Tcpdump Output

學習過 tcpdump 用法以後，發現 tcpdump 輸出了很多文字訊息，讓我們花點時間仔細分析一下這些訊息的內容，魔鬼可是藏在細節中喔。下面是一個很常見的封包，裡面有許多的單字，好像在哪裡看過。如果對於 IP datagram 和 TCP packet 格式熟悉的話，應該可以從這裡產生一些印象與連結。

root@ip-10-0-20-60:~# tcpdump -nnvvXSs 0 host 10.0.30.21
12:32:38.887309 IP (tos 0x0, ttl 64, id 4945, offset 0, flags [DF], proto TCP (6), length 60)
    10.0.30.21.55390 > 10.0.20.60.80: Flags [S], cksum 0x0dff (correct), seq 711110784, win 26883, options [mss 8961,sackOK,TS val 368813009 ecr 0,nop,wscale 9], length 0
        0x0000:  4500 003c 1351 4000 4006 e11a 0a00 1e15  E..<.Q@.@.......
        0x0010:  0a00 143c d85e 0050 2a62 b080 0000 0000  ...<.^.P*b......
        0x0020:  a002 6903 0dff 0000 0204 2301 0402 080a  ..i.......#.....
        0x0030:  15fb a3d1 0000 0000 0103 0309            ............

Tcpdump Tutorial

原文轉載：A tcpdump Primer

tcpdump能夠分析網路行為，效能和應用產生或接收網路流量。它支援針對網路層、協定、主機、網路或埠的過濾，並提供and、or、not等邏輯語句來幫助你去掉無用的資訊，從而使用戶能夠進一步找出問題的根源。

也可以使用 tcpdump 的實現特定目的，例如在路由器和閘道器之間攔截並顯示其他用戶或電腦通訊。透過 tcpdump 分析非加密的流量，如Telnet或HTTP的封包，檢視登入的使用者名稱、密碼、網址、正在瀏覽的網站內容，或任何其他資訊。因此系統中存在網路分析工具主要不是對本機安全的威脅，而是對網路上的其他電腦的安全存在威脅。