Wednesday, 4 September 2019

Linux system logging

  • Linux uses syslog standard for message logging.
  • Uses facilities and priorities to categorize the messages.

Facility code Keyword Description

0 kern          Kernel messages
1 user          User-level messages
2 mail          Mail system
3 daemon  System daemons
4 auth          Security/authentication messages
5 syslog  Messages generated internally by syslogd
6 lpr          Line printer subsystem
7 news  Network news subsystem
8 uucp  UUCP subsystem
9 cron          Clock daemon
10 authpriv  Security/authentication messages
11 ftp           FTP daemon
12 ntp           NTP subsystem
13 security   Log audit
14 console   Log alert
15 solaris-cron Scheduling daemon
16–23 local0 – local7 Locally used facilities

The priorities (in order of severity) are:

Code    Keyword
0            emerg (or panic)
1            alertdebug
2            crit
3            err (or error)
4            warning (or warn)
5            notice
6            info
7            debug

Syslog servers



include /etc/rsyslog.d/*.conf

Logging rules

Consist of two fields: selector field and action field

#Log anything 'warn' or higher. 
#Exclude authpriv, cron, mail, and news. These are logged elsewhere. 
#Don't log private authentication messages! 
*.warn;\ authpriv.none;cron.none;mail.none;news.none    -/var/log/syslog 

#The authpriv file has restricted 
access. authpriv.* /var/log/secure 

#Log all the mail messages in one place. Use caching mode to improve I/O performance
#- before /var/log/maillog means use caching mode. you may loose some messages if system crash
mail.* -/var/log/maillog     

#Log cron stuff 
cron.* /var/log/cron 

#Everybody gets emergency messages 
*.emerg * 

#Save news errors of level crit and higher in a special file. 
uucp,news.crit /var/log/spooler

Logger command

logger - a shell command interface to the syslog(3) system log module

logger [options] message

Where important options are:
-t   tag
Valid facility names are:
authpriv   for security information of a sensitive nature
kern       cannot be generated from userspace process, automatically converted to user
local0 to local7
security   deprecated synonym for auth

Valid priority names are:

panic     deprecated synonym for emerg
error     deprecated synonym for err
warn      deprecated synonym for warning

Logger examples

logger System rebooted
logger -p local0.notice -t HOSTIDM -f /dev/idmc
logger -n System rebooted
logger -p -t test-message "Test message here."

Tuesday, 3 September 2019

How To Use Systemctl to Manage Systemd Services and Units

Starting and Stopping Services

sudo systemctl start application.service                   or
sudo systemctl start application

Restarting and Reloading

sudo systemctl restart application.service

if application has ability to reload its configuration files:

sudo systemctl reload application.service

universal command (if you don't know is there in application ability to reload):

sudo systemctl reload-or-restart application.service

Enabling and Disabling Services

systemctl enable application.service

systemctl disable application.service

Change the “runlevels”/targets after booting

systemctl isolate

Change the boot “runlevels”/targets

Runlevels - Targets

0          -
1          -
2, 3, 4  -
5          - 
6          -  

Make “” the default “runlevel”

systemctl enable
systemctl set-default

Checking the Status of Services

systemctl status application.service

systemctl is-active application.service

systemctl is-enabled application.service

systemctl is-failed application.service

System State Overview

Listing Current Units
systemctl list-units


systemctl list-units --all

Use the --state= flag to indicate the LOAD, ACTIVE, or SUB states

systemctl list-units --all --state=inactive

systemctl list-units --type=service

Listing All Unit Files

systemctl list-unit-files

Displaying Dependencies

systemctl list-dependencies sshd.service

Checking Unit Properties

systemctl show sshd.service


systemctl rescue                      - put system into single-user mode

systemctl halt                          - will halt the system - meaning the system will       shutdown and at the end stop at a screen with the last message beeing something like "System halted".

systemctl poweroff                 -  will power off the system - meaning the system  will shutdown and at the end power off (sends an ACPI command to the board, then to the PSU, to cut the power)

systemctl reboot                      - reboot the system

Monday, 2 September 2019

Shell history in Linux

Shell history stored in memory and on disk. 

In files:

  • ~/.bash_history
  • ~/.histfile
  • ~/.history

history Command

history                              - displays the  shell history
history 5                            - print last 5 commands
history |grep sysctl       
history -d line_number     - delete line line_number from the history
history -c                            - clear all history
history -w                            - write to history file (Usually the history file is                                                         written to upon logout)
Ctrl-r                                    - reverse history search (Ctrl-r again - next search)
Enter                                    - execute command
Arrows                                - change the command
Gtrl-g                                  - cancel the search

echo "secret command";history -d $(history 1)     - execute single command                                                                                            without being logged to                                                                                             history file

Run all command without logging:
[user1@rifle ~]$ unset HISTFILE
[user1@rifle ~]$ echo $HISTFILE

[user1@rifle ~]$

History control

!To make changes permanent you have to put the export commands below to your ~/bash_rc file. See more here...

Controls how many commands store in memory

esport HISTSIZE=1000

Ignore duplicate commands in history

export HISTCONTROL=ignoredups

Filter some commands from history

export HISTIGNORE='ls -l:pwd:date:' 

List all commands with date and time


Using the history

Show last commands:

!N                             - repeat command line number N
!239                           - in above example execute command pwd 
!!                               - repeat previous command
!systemctl:p              - Show last command that begins from systemctl
!string  or !? string   - repeat the most recent command starting with "string"
!groupi                     - in example above run command yum groupinstall                                                  "Development Tools"
vi !239:1                  - edit file one.txt (open vi editor with first parameter of                                              history line 239)
!N^                             - first argument of the command number N. For the                                                  previous example will be            vi !239^
!$                                - last argument
ls  !239$                     - resulting command will be           ls examples/

Wednesday, 28 August 2019

Linux su and sudo commands - what is different?


   There are two Linux command to switch to other users account or execute command as another user: su and sudo.

    The key difference is that to use su commands you have to know another user password, but to use sudo your don't to need know the password of the other user (when using sudo you are prompted for your password).

    The sudo configuration controlled by the system administrators (file /etc/sudoers).


su username                      - run command as username
su - username                   - login to username account with username's                                                              environment
su - user1 -c ls                -  execute ls command as user1 in user1's home                                                           directory

sudo -l                                - list all available commands
sudo command                   - run command as root
sudo -u user command       - run command as user
sudo su                               - switch to superuser account
sudo su  -                            - switch to superuser account with root's environment

Sudo configuration

visudo command - starts vi to edit /etc/sudoers file (root privileges required)

sudoers format:
user (host)=(users)[NOPASSWD:]commands

admin ALL=(ALL)[NOPASSWD:]ALL  - allow user admin from all hosts to                                                                            execute all command as root without
operator webserver1=/usr/sbin/poweroff  - allow user operator to power off                                                                               server webserver1

Monday, 26 August 2019

Processes and job control in Linux

Listing process and information

ps command - display process status

- e                 - display all processes
-f                   - full format listing
-u username  - owned by user username
-p PID           - information for process with process ID

Some examples:
ps -A or ps -e                - display every active process
ps -ef or ps -eF              - display a full format listing
ps -x                              - display all processes owned by you
ps -fU user1                  - display all processes owned by user1
ps -fG apache                - list all processes owned by apache group
ps -eH                            - display a process tree
ps -e --forest                  - display a process tree

pstree - display processes in a tree format
top     - interactive process viewer
htop   - interactive process viewer (have to be installed from EPEL repository)

Background and foreground processes

Start background process
command &

Use jobs command to see list of background processes.
[root@rifle ~]# vi &
[1] 3669
[root@rifle ~]# vi &
[2] 3670
[1]+  Stopped                 vi
[root@rifle ~]# vi &
[3] 3671
[2]+  Stopped                 vi
[root@rifle ~]# jobs
[1]   Stopped                 vi
[2]-  Stopped                 vi
[3]+  Stopped                 vi

Plus indicates current job.
Current job also can be referred by  %% or %+
Previous job %-
[root@rifle ~]# jobs %%
[3]+  Stopped                 vi

Ctrl-z - suspend foreground process
Ctrl-c - kill the foreground process
bg [%number] - background a suspended process, without job number backgroung last stopped or suspended job.
fg [%number] - foreground a background process, without number foreground current job.
kill                  - kill process by job number or PID
kill [sig] pid   - send a signal to a process with PID
                         by default sig is TERM (15)
kill -9 pid       - if process does not terminated send a KILL signal to process
kill -l             - show all signals

Environment variables in Linux

Environment variables

Environment variable is a storage location where is name and value. They often affect the way programs behave.

 printenv command – Print all or part of environment.
env command – Print all exported environment or run a program in a modified environment.
set command – Print the name and value of each shell variable.
printenv without arguments print all variables.
printenv name_of_variable - print only this variable
 [root@rifle ~]# printenv HISTSIZE
  The same result you can get using the echo command. The variable name has to be used with $ .
[root@rifle ~]# echo $HISTSIZE
!Some information about used variables can be found in man pages of the command.
! Environment variables names are case sensitive.

Creating/change variables

export VAR='value'
export EDITOR='vi'

Removing variables

unset  var

Preserve variables from session to session

Save them to your personal ~/.bash_profile file

Customizing the prompt with PS1

Bash, ksh and sh use enviroment variable $PS1.
Control command for $PS1 are:
d - the date in "Weekday Month Date" format (e.g., "Tue May 26")
e - an ASCII escape character (033)
h - the hostname up to the first .
H - the full hostname j - the number of jobs currently run in background
l - the basename of the shells terminal device name
n - newline
r - carriage return
s - the name of the shell, the basename of $0 (the portion following the final slash)
t - the current time in 24-hour HH:MM:SS format
T - the current time in 12-hour HH:MM:SS format
@ - the current time in 12-hour am/pm format
A - the current time in 24-hour HH:MM format
u - the username of the current user
v - the version of bash (e.g., 4.00)
V - the release of bash, version + patch level (e.g., 4.00.0)
w - Complete path of current working directory
W - the basename of the current working directory
! - the history number of this command
# - the command number of this command
$ - if the effective UID is 0, a #, otherwise a $
nnn - the character corresponding to the octal number nnn
\ - a backslash
[ - begin a sequence of non-printing characters, which could be used to embed a terminal control sequence into the prompt
] - end a sequence of non-printing characters

Standard $PS1
[root@rifle ~]# echo $PS1

[\u@\h \W]\$

Adding date and time to the prompt:
[root@rifle ~]#PS1='[\d \t \u@\h\W\]\$'
[Mon Aug 26 10:30:01 root@rifle~#

Set color to red if use root account:
PS1='${debian_chroot:+($debian_chroot)}\[\033[01;31m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '

To make changes in $PS1 permanent you have to add the PS1 variable to apropriate ~/.bash_profile file. 

Add the following line to the end of /root/.bash_profile file:

export PS1="${debian_chroot:+($debian_chroot)}\[\033[01;31m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ "

To simplify $PS1 construction you can use the following link:

Saturday, 24 August 2019

Comparing the contents of files

diff file1 file2 - compare two files

sdiff file1 file2 - side by side comparison

vimdiff file1 file2 - highlight differences in vim

In vim use the following:
CTRL-w w go to next window
:q  - close current window
:qa - close both files
:q!  - quit vim 

Linux redirection

> - redirects standard output to file, overwrite a file

>> - appends standard output to file

< - redirects input from a file

Linux Input/Output

0 - stdin standard input

1 - stdout standard output

2 - stderr standard error

Combine standard error and standard output


Redirect standard output and standard output to file

$command &>file

Linux wildcards and patterns

Wildcards and patterns are used in any of the file manipulation commands (cp, mv and so on)


* - matches zero or more characters an file names
? - matches exactly one character in file names


[pattern] - Matches exactly one character in the pattern.


Any of those file names will match:

Any of those file names will match:


[g-f] - matches any files that starts with g,e,f
[2-5] - matches any files that starts with 2,3,4,5

Named classes

[[:alpha:]] - matches alphabetic letters in any case
[[:alphanum:]] - matches alphanumeric characters
[[:digit:]] - matches any digits from 0 to 9
[[:lower::]] - lowercase
[:upper:]] - uppercase
[[:space:]] - spaces, tabs and new line characters

Tuesday, 20 August 2019

How to get back to previous directory

Very often I need to "jump" back to previous directory. There is a form of cd command to allow this: 
#cd -

[root@rifle ~]# pwd
[root@rifle ~]# cd /etc/postfix/
[root@rifle postfix]# pwd
[root@rifle postfix]# cd -

Tuesday, 13 August 2019

Search help for the linux commands

Search help for the linux commands

Sometimes you need to search what certain linux command does or what arguments the command needs.

There are several ways:

1. Ask coomand itself for help

Usually by adding --h or --help to command.
[root@rifle ~]# ls --help
Usage: ls [OPTION]... [FILE]...
List information about the FILEs (the current directory by default).
Sort entries alphabetically if none of -cftuvSUX nor --sort is specified.

Mandatory arguments to long options are mandatory for short options too.
  -a, --all                  do not ignore entries starting with .

Some commands needs -help parameter.
[root@rifle ~]# zip -h
Copyright (c) 1990-2008 Info-ZIP - Type 'zip "-L"' for software license.
Zip 3.0 (July 5th 2008). Usage:
zip [-options] [-b path] [-t mmddyyyy] [-n suffixes] [zipfile list] [-xi list]

  -A, --show-all           equivalent to -vET
  -b, --number-nonblank    number nonempty output lines, overrides -n

2.Using man command

[root@rifle ~]# man ls

3.Using man command --k parameter

[root@rifle ~]# man -k sysctl
_sysctl (2)          - read/write system parameters
sysctl (2)           - read/write system parameters
sysctl (8)           - configure kernel parameters at runtime
sysctl.conf (5)      - sysctl preload/configuration file
sysctl.d (5)         - Configure kernel parameters at boot
systemd-sysctl (8)   - Configure kernel parameters at boot
systemd-sysctl.service (8) - Configure kernel parameters at boot

4. Using apropos or whatis commands

[root@rifle ~]# whatis ls
ls (1)               - list directory contents
ls (1p)              - list directory contents

5.Search the web

cat and tac commands

cat and tac commands

cat -  cat - concatenate files and print on the standard output
tac - concatenate and print files in reverse

[root@rifle ~]# cat one.txt
There are just some text lines.
And again...
And again...
[root@rifle ~]# tac one.txt
And again...
And again...
There are just some text lines.