Example of running a PHP script in CLI with custom memory limit:
php -d memory_limit=64M my_script.php
Source: http://cristian-radulescu.ro/article/php-cli-increase-memory-limit.html
Tag Archives: command line
Atop – notes
atop -a | Display only active processes atop -g | Display general process info atop -m | Display memory usage info atop -n | Display network usage info atop -d | Display Dick usage info Alternatively you can just use atop and then key in the letters above to switch between. atop -r | read raw data. Use this to basically start looking at the processes from the start of the day 00:00 atop -r -b 09:00 | read raw data from 09:00 today atop -r y | read raw data from yesterday atop -r yy | read raw data from the day before yesterday atop -r y -b 09:00 | read raw data from 09:00 yesterday atop -r yy -b 09:00 | read raw data from 09:00 the day before yesterday atop -r <log> | read data from a log stored in /var/log/atop
ftp/sftp – vsftpd
# VSFTPD chroot configuration
>> Create a no-shell user
useradd -d $HOME_PATH -s /sbin/nologin $FTPUSER && passwd $FTPUSER
!!!MAKE SURE TO CHMOD 755 the parent directory!!!
yum -y install vsftpd
chkconfig vsftpd on
sed -i -e 's/IPTABLES_MODULES=""/IPTABLES_MODULES="ip_conntrack_ftp"/g' /etc/sysconfig/iptables-config
modprobe ip_conntrack_ftp
echo "rack" >> /etc/vsftpd/vsftpd.chroot_list
mv /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.ORIG
cat >/etc/vsftpd/vsftpd.conf <<EOF
# vsftpd.conf - PASSIVE
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
listen_port=21
connect_from_port_20=YES
xferlog_std_format=YES
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
pasv_min_port=60000
pasv_max_port=65000
# Add in /etc/vsftpd/vsftpd.chroot_list who you do *NOT* want to be chrooted
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/vsftpd.chroot_list
# RackConnect
# pasv_enable=YES
# pasv_min_port=60000
# pasv_max_port=60100
# pasv_address=<publicRCip> (might not be required)
# Logging
xferlog_enable=YES
log_ftp_protocol=NO
syslog_enable=NO
vsftpd_log_file=/var/log/vsftpd.log
EOF
>> Make sure to comment out "auth required pam_shells.so" in /etc/pam.d/vsftpd (errors in authenticate users with /bin/false shell):
sed -i 's/^\(auth.*required.*pam_shells\.so.*$\)/#\1/' /etc/pam.d/vsftpd
>> Enable firewall ports (in Rackconnect, open the same on the physical firewall):
iptables -I INPUT -p tcp --dport 21 -m comment --comment "FTP" -j ACCEPT
iptables -I INPUT -p tcp -m multiport --dports 60000:65000 -m comment --comment "FTP passive mode ports" -j ACCEPT
/etc/init.d/iptables save
>> Restart the service
service vsfptd restart
If -> vsftpd: refusing to run with writable root inside chroot ()
=> allow_writable_chroot=YES
=======================================================
SFTP Jailed:
!!!! remember that the users home directory must be owned by root
groupadd sftponly
>> 1 domain managed by 1 or more users:
useradd -d /var/www/vhosts -s /bin/false -G sftponly bob
>> 1 user managing multiple domains:
useradd -d /var/www/vhosts -s /bin/false -G sftponly bob
SFTPUSER=bob
SFTPUSERPASS=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w12 | head -n1)
echo "$SFTPUSERPASS" | passwd --stdin $SFTPUSER && echo -e "\nsfptuser: $SFTPUSER\npassword: $SFTPUSERPASS"
>> /etc/ssh/sshd_config
#Subsystem sftp /usr/libexec/openssh/sftp-server
Subsystem sftp internal-sftp
>> 1 domain managed by 1 or more users:
Match Group sftponly
ChrootDirectory %h
X11Forwarding no
AllowTCPForwarding no
ForceCommand internal-sftp
>> 1 user managing multiple domains:
Match Group sftponly
ChrootDirectory /var/www/vhosts/%u
X11Forwarding no
AllowTCPForwarding no
ForceCommand internal-sftp
sshd -t
service sshd restart
>> Set correct permissions!!!
chmod 755 /var/www/
chown root:root /var/www
chown -R root:sftponly /var/www/*
find /var/www/ -type d | xargs chmod 2775
find /var/www/ -type f | xargs chmod 644
One liners to automatic creation of username and passwords
Automatic creation of users/passwords (FTP)
Manually create list.txt with user:doc_root
e.g.:
mydomain.com:/var/www/vhost/mydomain.com example.com:/var/www/vhost/example.com
Get commands to create FTP users
cat list.txt | awk -F: '{print "useradd -d ",$2, "-s /bin/false -c TICKET_NUMBER ",$1 }'
Get commands to set FTP permissions (if doc_root exists already)
cat list.txt | awk -F: '{print "chown -R",$1, $2 }'
Generate and Assign random passwords to the users.
# for USER in $(awk -F: '{print $1}' list.txt) ; do PASS=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w12 | head -n1) ; echo $PASS | passwd --stdin $USER ; echo -e "username: $USER\npassword: $PASS\n" | tee -a pass.txt ; done ; echo -e "\n========================\nHere the credentials:" ; cat pass.txt
Create a list of vhosts’ paths: vhosts.txt
Example with only .com domains:
/var/www/domain1.com
/var/www/domain2.com
/var/www/domain3.com
Use a regex for sed to extract the vhost name, removing dots (example based on the example above)
This will return a list of PATH and VHOSTNAME. We will use VHOSTNAME as USER for that path
for i in `cat vhosts.txt` ; do echo "$i" | tr '\n' ' ' ; echo "$i" | sed 's/^.*www\/\(.*\)com.*$/\1/' | sed 's/\.//g' ; done >> list.txt
Print out the commands to run to add FTP users (no SSH)
Once checked the output, run these lines
cat list.txt | awk '{print "useradd -d ",$1, "-s /bin/false -c COMMENT_HERE ",$2 }'
(for sftp only):
cat list.txt | awk '{print "useradd -d ",$1, "-s /bin/false -G sftponly -cCOMMENT_HERE ",$2 }'
This will print out commands to run to assign user:apache_group to the vhosts’ paths
cat list.txt | awk '{print "chown -R ",$2 ":www-data ",$1 }'
(for sftp only):
cat list.txt | awk '{print "chown root:root",$1 }'
cat list.txt | awk '{print "chown -R ",$2":"$2 ,$1"/*"}'
Set g+s on vhosts to preserve directory owner
[TO CHECK]
for i in `cat list.txt` ; do echo "chmod g+s $i" ; done
[THIS EXECUTE]
for i in `cat list.txt` ; do chmod g+s "$i" ; done
Create list of random passwords using pwgen
for i in `cat list.txt` ; do p=$(pwgen -s -B 16 1) ; echo "$i:$p" ; done > list_u_p.txt
Create list of random passwords using openssl
for i in `cat list.txt` ; do p=$(openssl rand -base64 12) ; echo "$i:$p" ; done > list_u_p.txt
Apply these passwords automatically
for i in `cat list_u_p.txt` ; do USER=`echo "$i" | awk -F":" '{print $1}'` ; PASS=`echo "$i" | awk -F":" '{print $2}'` ; echo -e "$PASS\n$PASS" | passwd "$USER" ; done
Print output for reference
hostname ; cat list_u_p.txt | awk -F":" '{print "\nusername:", $1, "\npassword:", $2}'
cat: create/write file
Create file without replacing variables:
cat <<'EOF' > /path/file
============================
My name is ${0}
I was input via user data
============================
EOF
If you check /path/file you will see exactly the content above.
Create file REPLACING the variables while creating:
cat <<EOF > /path/file
============================
My name is ${0}
I was input via user data
============================
EOF
In this example, the variable ${0} will be replaced during the creation of the file, hence the content will display your username.
Verify that private key and SSL certificate are matching via command line
# openssl rsa -modulus -noout -in private_key.key | openssl md5 (stdin)= b650539so2020gwoge778b6981a38c # openssl x509 -modulus -noout -in mysite_certificate.crt | openssl md5 (stdin)= b650539so2020gwoge778b6981a38c
the outputs must match 🙂
Send attachment via command line in Linux
You can do that using mpack
mpack -s "This is the subject" -d body.txt attachment.zip [email protected]
GIT basic commands
Check branch
git branch <name new branch>
Show changes after your last commit
git diff
rollback to previous change (specific file) to the latest commit
git checkout -- testfile
Delete branch
git branch -D <branch name>
Push new branch to the origin (my ‘git space’)
git push -u origin <branch name>
Restore file from upstream
git checkout upstream/master -- <filename>
Commit changes in one single line
git commit -a -m "comment"
If you want to merge the recent changes committed on the master branch into your dev branch
git checkout dev # gets you "on branch dev" git fetch origin # gets you up to date with origin git merge origin/master
If you want to reset ALL from the version ‘on the web’
git fetch origin git reset --hard origin/<branch>
Docker basic commands
Check containers
# docker ps -a
Connect to a container
# docker start <ID> # docker attach <ID>
Exit from a container
-> type 'exit'
Remove all of Docker containers:
docker stop $(docker ps -a -q) docker rm $(docker ps -a -q)
SSL – Check if a certificate matches with its public key
# openssl rsa -modulus -noout -in private_key.key | openssl md5 (stdin)= jhg557dd83jdlki93de778b69ojg536 # openssl x509 -modulus -noout -in certificate.crt | openssl md5 (stdin)= jhg557dd83jdlki93de778b69ojg536