vim – edit, save and exit, it is too simple!

Do not blame admins (or in general users, too) of using nano (pico) it is away too simple for simple tasks, which are probably the most cases under console.

    • Save a file – press Esc key, then press and hold SHIFT and then press colons “:”, the bottom line of your screen will change and will start with colons “:”, then type the key “w” and then hit Enter key, so you’ve just saved the opened file.
        1. press Esc
        2. press and hold SHIFT
        3. press the key with colons “:
        4. type “w
        5. hit Enter key
    • Save a file and quit – press Esc key, then press and hold SHIFT and then press colons “:”, the bottom line of your screen will change and will start with colons “:”, then type the key “x” and then hit Enter key, so you’ve just saved the opened file.
        1. press Esc
        2. press and hold SHIFT
        3. press the key with colons “:
        4. type “x
        5. hit Enter key
    • Save all opened files – press Esc key, then press and hold SHIFT and then press colons “:”, the bottom line of your screen will change and will start with colons “:”, then type the key “wa” and then hit Enter key, so you’ve just saved the opened file.
        1. press Esc
        2. press and hold SHIFT
        3. press the key with colons “:
        4. type “wa
        5. hit Enter key
    • Quit without saving, just quit the vim – press Esc key, then press and hold SHIFT and then press colons “:”, the bottom line of your screen will change and will start with colons “:”, then type the key “q!” and then hit Enter key
        1. press Esc
        2. press and hold SHIFT
        3. press the key with colons “:
        4. type “q!
        5. hit Enter key
  • Enable auto save with two ESC keys – create or edit file

    ~/.vimrc

    Add the following line:

    map <Esc><Esc> :w<CR>
    

* The Esc can be avoided

The escape key can be replaced with pressing and holding CTRL and pressing “[” (left square bracket) = “CTRL+[” and if your “[” is hard typing, you can try CTRL plus “c” = “CTRL+c”, all this is needed to be sure you are not in vim’s insert mode. Avoiding Esc – escape button could be useful under not qwerty keyboards of the mobile devices – smartphones, tablets and so on.

su to user with no shell

Most users in our linux/unix system have no ability to login, because the shell is /sbin/nologin (or even /bin/false). But sometimes we need to execute a command or to get in the shell under those users and when we try to switch the user to let’s sat nginx or apache or nagios we get an error:

[root@srv ~]# su nginx
This account is currently not available.
[root@srv ~]# su apache
This account is currently not available.
[root@srv ~]# su nagios
This account is currently not available.
[root@srv ~]# su nrpe
This account is currently not available.

But still we need to run a command or commands from that user! So we can do it with instructing the su command which shell to execute for us not taking into account the one in /etc/passwd:

su nagios -s /bin/bash

And now we are user “nagios”:

[root@srv ~]# su nagios -s /bin/bash
bash-4.2$ whoami
nagios

Go and execute commands to see why something is not working under you nagios user…

Rename gnu screen session name

Ever wonder how you can rename your screen session name? You are in a hurry make a screen session execute some program and then you decide you want to leave the program executing there, but you named the session something not so informative like nothing (and get the default session name like “5026.pts-5.ubuntu” or similar…) or “test”. So there is an easy way of renaming the screen session name with a simple command of

screen -S <old_session_fullname> -X sessionname <new_session_name>

Here is the example for better clarity! Let’s say we have:

[root@srv ~]# screen -ls
There is a screen on:
        24624.test      (Detached)
1 Socket in /var/run/screen/S-root.

And here is the right renaming command. We want to rename the current gnu screen to “loganalyzing”:

screen -S 24624.test -X sessionname loganalyzing

As you can see you should use the fullname taken from the “screen -ls” command, in newer version you can use only the name like:

screen -S test -X sessionname loganalyzing

And here is the result:

[root@srv ~]# screen -ls
There is a screen on:
        24624.loganalyzing      (Detached)
1 Socket in /var/run/screen/S-root.

bash: find all files between a given time period

Here is the command to find all files between two given dates with find linux command:

find /home/ -newermt 20140901T0000 -not -newermt 20141001T0000 -type f

to use “find” with

-newermt

you must have find version above 4.3.3.
With older version of the find utility it can be used with the time of two files.

  1. create two temporary files
  2. “touch” them with the right time
  3. execute find command with “-newer”
  4. delete the two temporary files

Here is the bash code:

dt1=$(date -d '2014-09-01' +'%Y%m%d%H%M.%S'); dt2=$(date -d '2014-10-01' +'%Y%m%d%H%M.%S'); touch -t $dt1 "$dt1"; touch -t $dt2 "$dt2"; find . -type f -newer "$dt2" -not -newer "$dt1";rm "$dt1" "$dt2"

Bring up network interface with an IP address using “ip” command

Lately many linux distributions do not ship by default with

ifconfig

which is considered as old style of setting the network when we need to do it manually.
The command is simple and self-explanatory but there is a catch! Just adding the IP won’t help you to bring up the network interface of your server. In fact we need two commands to instruct the network interface to bring up with an IP and then a third command to add a default gateway.
So here are the steps and commands to bring up an interface, set IP and gateway:

STEP 1) Add the IP to the network interface with

ip addr add 192.168.0.100/24 dev eth0

Change the IP with your IP address.

STEP 2) Bring up the interface link

ip link set eth0 up

If you omit this step a network interface, which is down won’t start and the next command (in step 3) will output an error! If your interface has been up already and you just add an additional IP to it you can skip this step (and probably the one below with the default gateway, but we do not describe this case here).

STEP 3) Bring up the interface link

ip route add default via 192.168.0.1

* The all three in one place for the right way of bringing up a network interface under linux with “ip” command:

ip addr add 192.168.0.100/24 dev eth0
ip link set eth0 up
ip route add default via 192.168.0.1

* Troubleshooting

as it was said: just adding an IP to a network interface, which is in down state, would not help to set an IP, but you would not understand it and when you tried to add the default route your would see not so informative error:

srv@local ~# ip addr add 192.168.0.100/24 dev eth0
srv@local ~# ip route add default via 192.168.0.1
ip: RTNETLINK answers: Network is unreachable

Network unreachable, but why I just added an IP. It is not enough just to add the IP, the link must also be set up, it’s like the

ifconfig eth0 up

.

Check a certificate and a private key for a match

Ever wondered how to verify your private key with a certificate or CSR certificate?


All of the three server certificate, private key and CSR contain a specific value, which must be the same for the three to be sure that the private key is used for the CSR and this CSR is used to issue the server certificate. The value

public exponent

of private key and the

modulus

must have the same value.
If they differ by value you can be sure this private key cannot be used in pair with the server certificate you think! Because modulus value is really big number like:

Modulus=C8A1E76902325B4449BE964A7F1E4D16F263245A4487E24CF373631211AA719FB17A65091A8ADF4AFD174CE95A069EDAF0F2E0DA8DA7A8F2D525695BB1F1AE6C825085C60053726BD9966277FAF73179D5F0285F45271D6C728D1A8A36EA846CE20EF7188397A859FE3F2A4933EA13E3643BACA8FA9569FFAAE907CC3E416B08368E2D9297E16CC14E7B6B98A0AA0703D865152C37F089ABD2CB7FCC2C0319F8098CBBE02DAF09B4B262B5A6A7D9002A0D6275BF56B7F406FB03E169D00EADC6A20F0709B1240067AB82D5411A4535C21B0A6EB96B6D23ACC0103703F9816DF04370F4734CF75FBB206618A91245A1F975C411D3CFAE83B8AF1318E773BF9A15

We could pipe it to a md5 function to make it more human verifiable.

Here are the three simple commands to check if your private key matches the certificate or the CSR certificate:

STEP 1) check the private key

[root@srv@local ]# openssl rsa -noout -modulus -in server.key | openssl md5
(stdin)= f1fdd77a19d21999264a1267253c6acd

STEP 2) check modulus value of the certificate

[root@srv@local ]# openssl x509 -noout -modulus -in server.crt | openssl md5
(stdin)= f1fdd77a19d21999264a1267253c6acd

STEP 3) check modulus value of the CSR

[root@srv@local ]# openssl req -noout -modulus -in server.csr | openssl md5
(stdin)= f1fdd77a19d21999264a1267253c6acd

If the three values are the same, you can use this pair of private key and certificate in your web (or whatever) server. It also means you can use this CSR to issue a server certificate and then use the pair this private key and the new server certificate!

* nginx web server reports error using not matching pair of private key and certificate:

[root@srv@local ]# nginx -t
nginx: [emerg] SSL_CTX_use_PrivateKey_file("/etc/ssl/nginx/server.key") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)
nginx: configuration file /etc/nginx/nginx.conf test failed

And if you issue a restart command you’ll end up without working web server.

* Apache also reports an error in the error log (probably your ssl error log) and do not start:

[Tue Mar 06 03:37:39.378436 2014] [ssl:emerg] [pid 8182] AH02565: Certificate and private key localhost:443:0 from /etc/ssl/apache2/server.crt and /etc/ssl/apache2/server.key do not match

the default error log reports only configuration error:

AH00016: Configuration Failed

And strangely but apache2ctl reports no error!

 apache2ctl configtest
 * Checking apache2 configuration ...                                                                                          [ ok ]

SO always verify the private key and server certificate before issuing a restart of the service it depends on them!