Today I faced some DNS issues with my new computer after installing Ubuntu in it. After some basic troubleshooting steps I assigned Open DNS address to my network adapter and the issue is resolved. Open DNS is a smart way to make our browsing fast and reliable. As the name suggests this DNS service is absolutely free and worth a try. Before go to open DNS we need to know a little bit about DNS. As we know DNS is used to convert the domain name of of website to its IP address. For any communication your computer should know the mac address and IP address of the destination (Here web server). MAC address can be obtained from ARP table and if the user type the IP address of the web server computer knows both. If the user type the domain name of the website your computer don’t know the IP address of the destination and the communication will not happen. Here the DNS server helps. DNS helps to resolve the domain name to IP convertion issue and send the destination IP address to the computer.

So it is understood that every computer which connects to the Internet should know the DNS server address. There are many DNS servers available including your ISP’s DNS server. Here I am presenting the steps to assign Open DNS in Ubuntu linux.

To know the stpes to assign DNS address in Windows computer click on the link below.

How to configure DNS address in Windows computer

Assign Open DNS in Ubuntu

The steps to set open DNS in Ubuntu are:

1. Right click on the network symbol

You can see the network icon on the right hand top of the screen.

2. Click on the Edit Connection

3. Now the active network connection window will be opened.

If your computer is connected with an ethernet cable you will get the standard name eth0.

4. Select the connection and click on Edit button

5. On the Edit window click on IPv4 Settings tab

Now on DNS Server enter the Open DNS addresses.

The Open DNS addresses are :

i. 208.67.222.222
ii. 208.67.220.220

Now click Apply and reboot your computer.

We have a server with dedicated IP address in my company’s headquarter. There’re a couple of branches at other locations. We need to setup servers in each branch and allow accessing to those servers through dedicated subdomain name. But we do not have static IP for those branches, so it’s not possible to bind any IP in our DNS server at headquarter.

If you have the same need as we are, here’s what we did to resolve the problem.

Basically we need to setup DNS Update service at branch site to perform remote DNS update to headquarter to update IP of subdomains used by branch site periodically, so headquarter’s DNS will always know the correct IP of each branch server.

For example, our main domain is infolexllc.com, and we need to setup a branch server at New York which will be called ny.infolexllc.com, here’s what we do at servers at both ends (both CentOS 5.X):

At branch site(where only dynamic IP is available):
1. Install NS Update:

yum install bind-utils

2. Create folder to hold related files and scripts:

mkdir /root/nsupdate
cd /root/nsupdate

3. create key files for NS update

dnssec-keygen -a HMAC-MD5 -b 512 -n USER ny.infolexllc.com
Kny.infolexllc.com.+157+47223

4. You should have two new files created under the current folder:

Kny.infolexllc.com.+157+47223.key  Kny.infolexllc.com.+157+47223.private
5. create a new shell file: donsupdate.sh:


#!/bin/sh

cd /root/nsupdate

HOST=ny.infolexllc.com.

#Get branch site's IP

IPADDR=`links -source http://whatismyipaddress.com/ |grep -o 'Your IP address is [0-9.]*'|cut -d : -f 2|awk '{print $5}'`
NSUFILE=./nsupdate
FLAGFILE=./nsupdate.flag

if [ "" = "$IPADDR" ]; then
 echo Error detecting current  I will exit.
 exit 0;
else
 echo Detected IP address is:$IPADDR
fi

FLAG=`date +%H`:$IPADDR

if [ -a $FLAGFILE ]; then
 FLAG_IN_FILE=`cat $FLAGFILE`
fi

if [ "$FLAG" == "$FLAG_IN_FILE" ]; then
 #Flag is same, skip it

 echo IP is not changed in the passwd hour, so I will skip
 exit 0;
else
 echo IP has been changed or one hour has been passed, save the flag and do update...
 echo $FLAG > $FLAGFILE
fi

#change infolexllc.com to your head quarter site's domain name

HQ_DOMAIN_NAME=infolexllc.com
echo "server $HQ_DOMAIN_NAME" > $NSUFILE
echo "zone infolexllc.com" >> $NSUFILE
echo "update delete $HOST A" >> $NSUFILE
echo "update add $HOST 84600 A $IPADDR" >> $NSUFILE
echo "show" >> $NSUFILE
echo "send" >> $NSUFILE
nsupdate -k ./Kny.infolexllc.com.+157+47223.private -d $NSUFILE


Make sure you change value of the script based-on your own environment.
6. Open the newly generated key file Kny.infolexllc.com.+157+47223.key
ny.infolexllc.com. IN KEY 0 3 157 QLwMCWdqUJ/ZOsOsdF4Dj/mYD2XwmqSrPL540JE3dwG7FXZwrJulOp16 Y0SySnfOo7+5s1mhZhUiAHxVOSoXnQ==
Remember the key string started from QlwMC.. all the way to the ending ==



On headquarter server:

7. Modify named comnfiguration to allow remote DNS update from ny.infolexllc.com
Open /etc/named.conf

Find zone "infolexllc.com" {

Insert the following section in the configuration file before the zone:

key ny.infolexllc.com.{

algorithm hmac-md5;

secret "QLwMCWdqUJ/ZOsOsdF4Dj/mYD2XwmqSrPL540JE3dwG7FXZwrJulOp16 Y0SySnfOo7+5s1mhZhUiAHxVOSoXnQ==";

};
Insert the following lines at end of the infolexllc.com zone:

allow-update {

key  ny.infolexllc.com. ;

};
Restart DNS server:
/etc/init.d/named restart
Now the headquarter DNS server should allow remote DNS update from ny.infolexllc.com
On branch server:

8. Test DNS update script:

run
donsupdate.sh
You should see messages like below:
Detected IP address is:123.123.123.123
IP has been changed or one hour has been passed, save the flag and do update...
Creating key...
before getaddrinfo()
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags: ; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
ny.infolexllc.com. 0 ANY A
ny.infolexllc.com. 84600 IN A 123.123.123.123

Reply from update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  25321
;; flags: qr ; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1
;; TSIG PSEUDOSECTION:
ny.infolexllc.com. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 123123123123 300 16 ABCabcABCabc123+12aBcde== 25321 NOERROR 0

The status: NOERROR indicates a succeful update.

If you see any other error in status, go check /var/log/messages on head quarter server to find clue.
9. Test the new domain:
ping ny.infolexllc.com
You should see the new domain can be resolved to the dynamic IP currently assigned to branch server.
10.

Once update script is working, you can create a cron job on branch

server to run the script every 10 minutes. The script itself will check

if IP has not been changed in the past hour, it will skip remote update.
I've

done this for our branch servers several times. It works very well so

far. I hope this set up can help resolving your problem. Feel free to

let me know f you have any feedback or question.
Cheers!

ny.infolexllc.com. IN KEY 0 3 157 QLwMCWdqUJ/ZOsOsdF4Dj/mYD2XwmqSrPL540JE3dwG7FXZwrJulOp16 Y0SySnfOo7+5s1mhZhUiAHxVOSoXnQ==

/etc/init.d/named restart

donsupdate.sh

Detected IP address is:123.123.123.123
IP has been changed or one hour has been passed, save the flag and do update...
Creating key...
before getaddrinfo()
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags: ; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
ny.infolexllc.com. 0 ANY A
ny.infolexllc.com. 84600 IN A 123.123.123.123

Reply from update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  25321
;; flags: qr ; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1
;; TSIG PSEUDOSECTION:
ny.infolexllc.com. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 123123123123 300 16 ABCabcABCabc123+12aBcde== 25321 NOERROR 0

ping ny.infolexllc.com

A common question is “why doesn’t the repository FFmpeg convert to mp3, aac, mpeg4, etc?”. Ubuntu doesn’t make it very clear to the general user as to why to repo FFmpeg is so limited or how to fix this issue. This is reflected in the number of forum questions relating to this topic.

Why is FFmpeg from the repository so limited?
Legal reasons. Some software is limited due to geographical differences in software patents, legal restrictions on free speech, and restrictions on certain technologies. Ubuntu sidesteps these legal restrictions by not including some restricted packages by default. Users must install these packages on their own. See Restricted Formats Ubuntu Community Documentation and FFmpeg License and Legal Considerations for more details.

How do I fix FFmpeg?
There are several options:

A. Compile FFmpeg yourself
B. Install the unstripped or extra libraries
C. Medibuntu

A. Compiling FFmpeg yourself (for all Ubuntu versions)
The official FFmpeg answer is to compile it yourself, giving you the power to get what you want with the bug-fixes, enhancements, and benefits of the most recent FFmpeg revision. This is an excellent solution and is explained here:

HOWTO: Install and use the latest FFmpeg and x264

This is the option that I personally use, and although it is not too hard, compiling may not be for everyone for a variety of reasons. Off to the other options…

B. Installing the unstripped or extra libraries
This is the quickest option for most users. FFmpeg from the repository does not include many restricted encoders, formats, and codecs which may include: H.263, aac (libfaac), mp3 (libmp3lame), H.264 (libx264), xvid (libxvid), and mpeg4. You can fix this by installing the unstripped or extra (Ubuntu Karmic renamed unstripped to extra) FFmpeg libraries that will enable these restricted encoders. Open up Terminal and enter:

Ubuntu Lucid Lynx 10.04 & Ubuntu Karmic Koala 9.10

sudo apt-get install ffmpeg libavcodec-extra-52

Note: The libavcodec-extra-52 package for Lucid and Karmic do not support AAC or AMR formats. I recommend using libavcodec-extra-52 from the Medibuntu repository. See option C. Medibuntu.

Ubuntu Jaunty Jackalope 9.04

sudo apt-get install ffmpeg libavcodec-unstripped-52

Ubuntu Intrepid Ibex 8.10

sudo apt-get install ffmpeg libavcodec-unstripped-51

Alternatively, you can search for these packages in the Synaptic Package Manager.

C. Medibuntu
This option is available for Ubuntu Lucid Lynx 10.04, Ubuntu Karmic Koala 9.10 and Ubuntu Hardy Heron 8.04. Medibuntu is a third-party repository that contains packages that are unable to be included in the official Ubuntu repositories. To install FFmpeg from Medibuntu open Terminal (Applications -> Accessories -> Terminal) and run the following:

sudo wget http://www.medibuntu.org/sources.list.d/`lsb_release -cs`.list --output-document=/etc/apt/sources.list.d/medibuntu.list && sudo apt-get -q update && sudo apt-get --yes -q --allow-unauthenticated install medibuntu-keyring && sudo apt-get -q update

This huge command (adapted from Medibuntu – Community Ubuntu Documentation) will install the repository information to your computer then update and authenticate the new repository. Now install FFmpeg:

Ubuntu Lucid Lynx 10.04 & Ubuntu Karmic Koala 9.10

sudo apt-get install ffmpeg libavcodec-extra-52

Ubuntu Hardy Heron 8.04

sudo apt-get install ffmpeg

That’s it. Now you have a non-crippled version of FFmpeg. See some usage examples at the FFmpeg x264 encoding guide.

Undoing Changes Made By This Guide
B. Uninstalling the unstripped or extra libraries

sudo apt-get remove ffmpeg libavcodec-*-5*

C. Uninstalling FFmpeg and the Medibuntu Repository

sudo apt-get autoremove ffmpeg medibuntu-keyring && sudo rm /etc/apt/sources.list.d/medibuntu.list

OpenBSD version 4.5 and above made changes in kernel which prevents booting OpenBSD using KVM technology. OpenBSD 4.4 runs with mbbios enabled. However, due to some sort of bug in KVM it does not boot and hangs while displaying a message which read as “Starting tty flags”. The workaround is to disable mpbios. This may or may not happen with your installation, but if it hanged, use the following procedure.

Step # 1: Boot OpenBSD With -c Option

At boot> prompt type the following command:

bsd -c
disable mpbios
quit

Sample session:

Fig.01: OpenBSD KVM Hangs at setting tty flags workaround

Now OpenBSD will boot without any problem. Login as root and type the following command to disable mpbios permanently:

# config -ef /bsd
disable mpbios
quit

Sample session:

Fig.02: Disabling mpbios for OpenBSD running under Linux KVM

Now you can use OpenBSD without any problem. Please note that this problem only occured under RHEL 5.5 64bit (KVM83) running OpenBSD 4.7 64bit guest. The config command can be used to build kernel compilation directories or modify a kernel. In this case you’ve modified the kernel to boot without mpbios support. The mpbios driver extracts configuration information from the BIOS on multiprocessor systems that conform to the Intel MultiProcessor Specification. See config and mpbios man page for further information.

How do I find out Wireless driver chipset information under Linux? How do I get wireless card chipeset information without opening my systems?

The simplest command to get this information is to use the lspci command:

lspci
lspci | less
lspci | grep -i intel
lspci | grep -i wireless

Sample outputs:

0c:00.0 Network controller: Intel Corporation PRO/Wireless 5300 AGN [Shiloh] Network Connection

Note down 0c:00.0 and enter the following command:
lspci -vv -s 0c:00.0
Sample outputs:

0c:00.0 Network controller: Intel Corporation PRO/Wireless 5300 AGN [Shiloh] Network Connection
	Subsystem: Intel Corporation Device 1121
	Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx-
	Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- SERR-
	Kernel driver in use: iwlagn
	Kernel modules: iwlagn

To get driver information type:
modinfo iwlagn
Sample outputs:

filename:       /lib/modules/2.6.32-23-generic-pae/kernel/drivers/net/wireless/iwlwifi/iwlagn.ko
alias:          iwl4965
license:        GPL
author:         Copyright(c) 2003-2009 Intel Corporation
version:        1.3.27k
description:    Intel(R) Wireless WiFi Link AGN driver for Linux
firmware:       iwlwifi-4965-2.ucode
firmware:       iwlwifi-5150-2.ucode
firmware:       iwlwifi-5000-2.ucode
firmware:       iwlwifi-6050-4.ucode
firmware:       iwlwifi-6000-4.ucode
srcversion:     BB501FCC68D0C8213107D3B
alias:          pci:v00008086d00000084sv*sd*bc*sc*i*
alias:          pci:v00008086d00000083sv*sd*bc*sc*i*
alias:          pci:v00008086d00000089sv*sd*bc*sc*i*
alias:          pci:v00008086d00000088sv*sd*bc*sc*i*
alias:          pci:v00008086d00000087sv*sd*bc*sc*i*
alias:          pci:v00008086d00000086sv*sd*bc*sc*i*
alias:          pci:v00008086d00004239sv*sd*bc*sc*i*
alias:          pci:v00008086d00004238sv*sd*bc*sc*i*
alias:          pci:v00008086d0000422Csv*sd*bc*sc*i*
alias:          pci:v00008086d0000422Bsv*sd*bc*sc*i*
alias:          pci:v00008086d0000008Esv*sd*bc*sc*i*
alias:          pci:v00008086d0000008Dsv*sd*bc*sc*i*
alias:          pci:v00008086d0000423Dsv*sd*bc*sc*i*
alias:          pci:v00008086d0000423Csv*sd*bc*sc*i*
alias:          pci:v00008086d0000423Bsv*sd00001011bc*sc*i*
alias:          pci:v00008086d0000423Asv*sd00001021bc*sc*i*
alias:          pci:v00008086d0000423Asv*sd00001001bc*sc*i*
alias:          pci:v00008086d00004237sv*sd*bc*sc*i*
alias:          pci:v00008086d00004236sv*sd*bc*sc*i*
alias:          pci:v00008086d00004235sv*sd*bc*sc*i*
alias:          pci:v00008086d00004232sv*sd*bc*sc*i*
alias:          pci:v00008086d00004237sv*sd00001216bc*sc*i*
alias:          pci:v00008086d00004232sv*sd00001326bc*sc*i*
alias:          pci:v00008086d00004232sv*sd00001306bc*sc*i*
alias:          pci:v00008086d00004232sv*sd00001206bc*sc*i*
alias:          pci:v00008086d00004232sv*sd00001305bc*sc*i*
alias:          pci:v00008086d00004232sv*sd00001205bc*sc*i*
alias:          pci:v00008086d00004230sv*sd*bc*sc*i*
alias:          pci:v00008086d00004229sv*sd*bc*sc*i*
depends:        iwlcore,mac80211,cfg80211
vermagic:       2.6.32-23-generic-pae SMP mod_unload modversions 586TSC
parm:           swcrypto50:using software crypto engine (default 0 [hardware])
 (bool)
parm:           queues_num50:number of hw queues in 50xx series (int)
parm:           11n_disable50:disable 50XX 11n functionality (int)
parm:           amsdu_size_8K50:enable 8K amsdu size in 50XX series (int)
parm:           fw_restart50:restart firmware in case of error (int)
parm:           antenna:select antenna (1=Main, 2=Aux, default 0 [both]) (int)
parm:           swcrypto:using crypto in software (default 0 [hardware]) (int)
parm:           disable_hw_scan:disable hardware scanning (default 0) (int)
parm:           queues_num:number of hw queues. (int)
parm:           11n_disable:disable 11n functionality (int)
parm:           amsdu_size_8K:enable 8K amsdu size (int)
parm:           fw_restart4965:restart firmware in case of error (int)

Finally, you can run the following to get info about vendor & product code:
lspci -n -s 0c:00.0
Sample outputs:

0c:00.0 0280: 8086:4235

Where,

• 0280 – Network controller:
• 8086:4235 – Intel Corporation Ultimate N WiFi Link 5300

Or the all in one following option:
$ lspci -nn -s 0c:00.0
Sample outputs:

0c:00.0 Network controller [0280]: Intel Corporation Ultimate N WiFi Link 5300 [8086:

have UNIX workstation and Linux server at work and Ubuntu desktop at home. It is recommended that I use ssh tunnel the VNC protocol for secure communication. How do I access my UNIX workstation desktop here at home over the Internet using ssh?

VNC can be accessed over the Internet using ssh protocol. This will improve security as traffic will be encrypted.

Sample Setup

                                       pc22.nixcraft.in
 +----------------+                   +-----------------+
 | Laptop @ Home  |---> Internet ---> | UNIX PC @ Work  |
 +----------------+                   +-----------------+
                                       vncserver port 5901
OR

 +----------------+                   +-----------------+
 | Laptop @ Home  |---> Internet ---> | Router/firewall |
 +----------------+                   | port forwarding |
                                      +-----------------+
                                            | fw.nixcraft.in ssh/tcp22
                                            |
                                          ///\\\
                                          //   \\
                                          /      \
                                       +-----------------+
                                       | UNIX/Linux /OS X|
                                       | at work         |
                                       +-----------------+
                                       pc22.nixcraft.in
                                       vncserver @ port 5901

Your work pc may be directly connected to the Internet. Otherwise most offices have a router and firewall installed. You need to make sure your firewall allows port forwarding for TCP port 22 to your UNIX / OS X / workstation or server called pc22.nixcraft.in. It works as follows:

 +------------+
 | SSH Client |-------> Internet ssh connection with encryption
 | with       |                         |
 | vncviewer  |                         |
 +------------+                         |
                                       \|/
                             +------------------------+
                             | SSH server at port 22  |
                             | Vncserver at port 5501 |
                             +------------------------+

You connect from your local ssh client (localhost) to your ssh server (pc22.nixcraft.in) installed at your work UNIX pc with port forwarding at router / firewall level. I’m assuming that port forwarding is correctly configured at your office. Now, open the terminal and type the following command:

ssh  -N -f -L 5000:localhost:5901 vivek@pc22.nixcraft.i

The above command will start an ssh connection to pc22.nixcraft.in and also listen on port 5000 on localhost and forward vnc connection to port 5901 on pc22.nixcraft.in. Usaully local and remote port numbers are same to avoid confusion:

ssh  -N -f -L 5901:localhost:5901 vivek@pc22.nixcraft.i

Now, you can use vncviewer at your home as follows:
vncviewer localhost:5901
You can also use GUI tool and set VNC server location to localhost:5901

Fig.01: Setup ssh to tunnel VNC traffic over the Internet

Once connected you will get desktop login windows or last session window as follows:

Fig.02: VNC in action and more secure using SSH

Q. How do I find out all large files in a directory?

A. There is no single command that can be used to list all large files. But, with the help of find command and shell pipes, you can easily list all large files.

Linux List All Large Files

To finds all files over 50,000KB (50MB+) in size and display their names, along with size, use following syntax:

Syntax for RedHat / CentOS / Fedora Linux

find {/path/to/directory/} -type f -size +{size-in-kb}k -exec ls -lh {} ; | awk '{ print $9 ": " $5 }'
Search or find big files Linux (50MB) in current directory, enter:
$ find . -type f -size +50000k -exec ls -lh {} ; | awk '{ print $9 ": " $5 }'
Search in my /var/log directory:
# find /var/log -type f -size +100000k -exec ls -lh {} ; | awk '{ print $9 ": " $5 }'

Syntax for Debian / Ubuntu Linux

find {/path/to/directory} -type f -size +{file-size-in-kb}k -exec ls -lh {} ; | awk '{ print $8 ": " $5 }'
Search in current directory:
$ find . -type f -size +10000k -exec ls -lh {} ; | awk '{ print $8 ": " $5 }'
Sample output:

./.kde/share/apps/akregator/Archive/http___blogs.msdn.com_MainFeed.aspx?Type=AllBlogs.mk4: 91M./out/out.tar.gz: 828M./.cache/tracker/file-meta.db: 101M./ubuntu-8.04-desktop-i386.iso: 700M./vivek/out/mp3/Eric: 230M

Above commands will lists files that are are greater than 10,000
kilobytes in size. To list all files in your home directory tree less
than 500 bytes in size, type:
$ find $HOME -size -500b
OR
$ find ~ -size -500b

To list all files on the system whose size is exactly 20 512-byte blocks, type:
# find / -size 20

Perl hack: To display large files

Jonathan has contributed following perl code print out stars and the
length of the stars show the usage of each folder / file from smallest
to largest on the box:

 du -k | sort -n | perl -ne 'if ( /^(d+)s+(.*$)/){$l=log($1+.1);$m=int($l/log(1024)); printf  ("%6.1ft%st%25s  %sn",($1/(2**(10*$m))),(("K","M","G","T","P")[$m]),"*"x (1.5*$l),$2);}'

ls command: finding the largest files in a directory

You can also use ls command:
$ ls -lS
$ ls -lS | less
$ ls -lS | head +10

ls command: finding the smallest files in a directory

Use ls command as follows:
$ ls -lSr
$ ls -lSr | less
$ ls -lSr | tail -10

When malicious intruders compromise a web server, there’s an
excellent chance a famous Russian PHP script, r57shell, will follow.
The r57shell PHP script gives the intruder a number of capabilities,
including, but not limited to: downloading files, uploading files,
creating backdoors, setting up a spam relay, forging email, bouncing a
connection to decrease the risk of being caught, and even taking
control of SQL databases. All these functions become readily available
through an easy to use web interface, but now you can fight back.

A Turkish member on a forum I participate in released this nifty little bash command, but first, make sure you execute updatedb so find has an up to date image to search:

find /var/www/  -name "*".php  -type f -print0  | xargs -0 grep r57 | uniq -c  | sort -u  | cut -d":" -f1  | awk '{print "rm -rf " $2}' | uniq

You can also search regular text (.txt) files:

find /var/www/  -name "*".txt  -type f -print0  | xargs -0 grep r57 | uniq -c  | sort -u  | cut -d":" -f1  | awk '{print "rm -rf " $2}' | uniq

Or even cleverly disguised GIF image files:

find /var/www/  -name "*".gif  -type f -print0  | xargs -0 grep r57 | uniq -c  | sort -u  | cut -d":" -f1  | awk '{print "rm -rf " $2}' | uniq

The command might appear scary, or even malicious to an inexperienced Linux admin, but here’s the break down.

find /var/www/

find is a must know command when dealing with Linux. Find is what’s used to perform command line file searches. The path /var/www is the directory find will search, in addition to all directories contained within www, but nothing above. For example, /var/mail is not searched. If your publicly accessible files are not contained in /var/www, then you’ll obviously need to replace /var/www with the correct path.

-name "*".php  -type f -print0

This portion of the command tells find to search file names (not directories) ending in .php. Anything else is ignored.

| xargs -0 grep r57

The pipe symbol ( | ) tells Linux to take the results of the first
command (the PHP files we searched for), and pass them along to the
second command, xargs. At this point, all located files are
searched for any mention of r57, not just the file names, but the
actual content within the files.

| uniq -c  | sort -u

uniq will prevent duplicate results from displaying. The
command is smart enough to know when multiple instances are found in a
single file, resulting in a single mention instead of potentially
hundreds, flooding your console with repeated messages. The -c parameter tells uniq to count the number of consecutive lines that were combined. sort will take the unordered results, and display them in some type of orderly fashion.

| cut -d":" -f1

cut will prevent the line of code that contains r57 from
showing up in the results. The output is just a simple mention of the
filename or names, and how many occurrences. There’s no need to display
the actual code if your intentions are to remove the malicious files.

| awk '{print "rm -rf " $2}'

awk, a programming language in itself, is a very powerful command with many beneficial uses. In this command, awk is instructed to print rm -rf with the file path and file name appended. Here’s an example output:

rm -rf /var/www/users/domain.com/images/uploads/r57shell.php

rm -rf is used to delete files without asking questions. The, “are you sure you want to delete …” is skipped, so be careful when using the -rf switch, it’s very destructive if used without care. Notice the print
portion – this means the command is only printed, not carried out. Once
you’ve confirmed all the found files are malicious, you can easily dumb
the results into a file, make the file executable, and delete the
plague in one shot instead of manually deleting individual files one by
one.

Another popular tool is the c99shell, which I also recommend searching for. Just change three characters:

find /var/www/  -name "*".php  -type f -print0  | xargs -0 grep c99 | uniq -c  | sort -u  | cut -d":" -f1  | awk '{print "rm -rf " $2}' | uniq

If you’re interested in seeing an example of the c99shell interface, here’s a rooted site:

http://www.iett.gov.tr/en/kitap/

Well, i want to schedules to run one of my file every 5 minutes. Then what would be the best choose. Yes, CRON.
I can schedule my cron to run that file every five minutes to execute
my desired results. Thats why i want to make a note on this regards.

To edit the crontab i use the following command:

$ crontab -e

To list my currnet crontab

$ crontab -l

The following is the format entries in a crontab must be. Note all lines starting with # are ignored, comments.

So in terminal print ‘Hello’ every 5 minutes..

# MIN   HOUR   MDAY  MON  DOW   COMMAND    */5     *      *     *    *    echo 'Hello' 

MIN	Minute 	 0-60HOUR	Hour [24-hour clock] 	0-23MDAY	Day of Month 	1-31MON	Month 	1-12 OR jan,feb,mar,apr ...DOW	Day of Week 	0-6 ORsun,mon,tue,wed,thu,fri,satCOMMAND	Command to be run 	Any valid command-line

Examples

Here are a few examples, to see what some entries look like.

#Run command at 7:00am each weekday [mon-fri]
00 07 * * 1-5 mail_pager.script ‘Wake Up’

#Run command on 1st of each month, at 5:30pm
30 17 1 * * pay_rent.script

#Run command at 8:00am,10:00am and 2:00pm every day
00 8,10,14 * * * do_something.script

#Run command every 5 minutes during market hours
*/5 6-13 * * mon-fri get_stock_quote.script

#Run command every 3-hours while awake
0 7-23/3 * * * drink_water.script

Special Characters in Crontab

You can use an

asterisk

in any category to mean for every item, such as every day or every month.

You can use commas in any category to specify multiple values. For example: mon,wed,fri

You can use dashes to specify ranges. For example: mon-fri, or 9-17

You can use forward slash to specify a repeating range. For example: */5 for every five minutes, hours, days
Special Entries

There are several special entries, some which are just shortcuts, that you can use instead of specifying the full cron entry.

The most useful of these is probably @reboot which allows you to run
a command each time the computer gets reboot. This could be useful if
you want to start up a server or daemon under a particular user, or if
you do not have access to the rc.d/init.d files.

Example Usage:

# restart freevo servers
@reboot freevo webserver start
@reboot freevo recordserver start

The complete list:

Miscelleanous Issues

Script Output
If there is any output from your script or command it will be sent to
that user’s e-mail account, on that box. Using the default mailer which
must be setup properly.

You can set the variable MAILTO in the crontab to specify a separate e-mail address to use. For example:
MAILTO=”admin@mydomain.com”

Redirect Output to /dev/null
You can redirect the output from a cron script to /dev/null which just
throws it away. By redirecting to /dev/null you will not receive
anything from the script, even if it is throwing errors.
* * * * * /script/every_minute.pl > /dev/null 2>&1

Missed Schedule Time
Cron does not run a command if it was missed. Your computer must be
running for cron to run the job at the time it is scheduled. For
example, if you have a 1:00am scheduled job and your computer was off
at that time, it will not run the missed job in the morning when you
turn it on.

Linux Crontab Guide
An experienced Linux sysadmin knows the importance of running the routine maintenance jobs in the background automatically.

Linux Cron utility is an effective way to schedule a routine background job at a specific time and/or day on an on-going basis.

This article is part of the on-going series. In this article, let us review 15 awesome examples of crontab job scheduling.

Linux Crontab Format

MIN HOUR DOM MON DOW CMD

Table: Crontab Fields and Allowed Ranges (Linux Crontab Syntax)
Field
Description
Allowed Value

1. Scheduling a Job For a Specific Time Every Day

The basic usage of cron is to execute a job in a specific time as
shown below. This will execute the Full backup shell script
(full-backup) on 10th June 08:30 AM.

Please note that the time field uses 24 hours format. So, for 8 AM use 8, and for 8 PM use 20.

30 08 10 06 * /home/ramesh/full-backup

• 30 – 30th Minute
• 08 – 08 AM
• 10 – 10th Day
• 06 – 6th Month (June)
• * – Every day of the week

2. Schedule a Job For More Than One Instance (e.g. Twice a Day)

The following script take a incremental backup twice a day every day.

This example executes the specified incremental backup shell script
(incremental-backup) at 11:00 and 16:00 on every day. The comma
separated value in a field specifies that the command needs to be
executed in all the mentioned time.

00 11,16 * * * /home/ramesh/bin/incremental-backup

• 00 – 0th Minute (Top of the hour)
• 11,16 – 11 AM and 4 PM
• * – Every day
• * – Every month
• * – Every day of the week

3. Schedule a Job for Specific Range of Time (e.g. Only on Weekdays)

If you wanted a job to be scheduled for every hour with in a specific range of time then use the following.

Cron Job everyday during working hours

This example checks the status of the database everyday (including weekends) during the working hours 9 a.m – 6 p.m

00 09-18 * * * /home/ramesh/bin/check-db-status

• 00 – 0th Minute (Top of the hour)
• 09-18 – 9 am, 10 am,11 am, 12 am, 1 pm, 2 pm, 3 pm, 4 pm, 5 pm, 6 pm
• * – Every day
• * – Every month
• * – Every day of the week

Cron Job every weekday during working hours

This example checks the status of the database every weekday (i.e excluding Sat and Sun) during the working hours 9 a.m – 6 p.m.

00 09-18 * * 1-5 /home/ramesh/bin/check-db-status

• 00 – 0th Minute (Top of the hour)
• 09-18 – 9 am, 10 am,11 am, 12 am, 1 pm, 2 pm, 3 pm, 4 pm, 5 pm, 6 pm
• * – Every day
• * – Every month
• 1-5 -Mon, Tue, Wed, Thu and Fri (Every Weekday)

4. How to View Crontab Entries?

View Current Logged-In User’s Crontab entries

To view your crontab entries type crontab -l from your unix account as shown below.

ramesh@dev-db$ crontab -l@yearly /home/ramesh/annual-maintenance*/10 * * * * /home/ramesh/check-disk-space

[Note: This displays crontab of the current logged in user]

View Root Crontab entries

Login as root user (su – root) and do crontab -l as shown below.

root@dev-db# crontab -lno crontab for root

Crontab HowTo: View Other Linux User’s Crontabs entries

To view crontab entries of other Linux users, login to root and use -u {username} -l as shown below.

root@dev-db# crontab -u sathiya -l@monthly /home/sathiya/monthly-backup00 09-18 * * * /home/sathiya/check-db-status

5. How to Edit Crontab Entries?

Edit Current Logged-In User’s Crontab entries

To edit a crontab entries, use crontab -e as shown below. By default this will edit the current logged-in users crontab.

ramesh@dev-db$ crontab -e@yearly /home/ramesh/centos/bin/annual-maintenance*/10 * * * * /home/ramesh/debian/bin/check-disk-space~"/tmp/crontab.XXXXyjWkHw" 2L, 83C

[Note: This will open the crontab file in Vim editor for editing.Please note cron created a temporary /tmp/crontab.XX... ]

When you save the above temporary file with :wq, it will save the
crontab and display the following message indicating the crontab is
successfully modified.

~"crontab.XXXXyjWkHw" 2L, 83C writtencrontab: installing new crontab

Edit Root Crontab entries

Login as root user (su – root) and do crontab -e as shown below.

root@dev-db# crontab -e

Edit Other Linux User’s Crontab File entries

To edit crontab entries of other Linux users, login to root and use -u {username} -e as shown below.

root@dev-db# crontab -u sathiya -e@monthly /home/sathiya/fedora/bin/monthly-backup00 09-18 * * * /home/sathiya/ubuntu/bin/check-db-status~~~"/tmp/crontab.XXXXyjWkHw" 2L, 83C

6. Schedule a Job for Every Minute Using Cron.

Ideally you may not have a requirement to schedule a job every
minute. But understanding this example will will help you understand
the other examples mentioned below in this article.

* * * * * CMD

The * means all the possible unit — i.e every minute of every hour
through out the year. More than using this * directly, you will find it
very useful in the following cases.

• When you specify */5 in minute field means every 5 minutes.
• When you specify 0-10/2 in minute field mean every 2 minutes in the first 10 minute.
• Thus the above convention can be used for all the other 4 fields.

7. Schedule a Background Cron Job For Every 10 Minutes.

Use the following, if you want to check the disk space every 10 minutes.

*/10 * * * * /home/ramesh/check-disk-space

It executes the specified command check-disk-space every 10 minutes
through out the year. But you may have a requirement of executing the
command only during office hours or vice versa. The above examples
shows how to do those things.

Instead of specifying values in the 5 fields, we can specify it using a single keyword as mentioned below.

There are special cases in which instead of the above 5 fields you can
use @ followed by a keyword — such as reboot, midnight, yearly, hourly.

Table: Cron special keywords and its meaning
Keyword
Equivalent

8. Schedule a Job For First Minute of Every Year using @yearly

If you want a job to be executed on the first minute of every year, then you can use the @yearly cron keyword as shown below.

This will execute the system annual maintenance using annual-maintenance shell script at 00:00 on Jan 1st for every year.

@yearly /home/ramesh/red-hat/bin/annual-maintenance

9. Schedule a Cron Job Beginning of Every Month using @monthly

It is as similar as the @yearly as above. But executes the command monthly once using @monthly cron keyword.

This will execute the shell script tape-backup at 00:00 on 1st of every month.

@monthly /home/ramesh/suse/bin/tape-backup

10. Schedule a Background Job Every Day using @daily

Using the @daily cron keyword, this will do a daily log file cleanup using cleanup-logs shell scriptat 00:00 on every day.

@daily /home/ramesh/arch-linux/bin/cleanup-logs "day started"

11. How to Execute a Linux Command After Every Reboot using @reboot?

Using the @reboot cron keyword, this will execute the specified command once after the machine got booted every time.

@reboot CMD

12. How to Disable/Redirect the Crontab Mail Output using MAIL keyword?

By default crontab sends the job output to the user who scheduled
the job. If you want to redirect the output to a specific user, add or
update the MAIL variable in the crontab as shown below.

ramesh@dev-db$ crontab -lMAIL="ramesh"

@yearly /home/ramesh/annual-maintenance*/10 * * * * /home/ramesh/check-disk-space

[Note: Crontab of the current logged in user with MAIL variable]

If you wanted the mail not to be sent to anywhere, i.e to stop the
crontab output to be emailed, add or update the MAIL variable in the
crontab as shown below.

MAIL=""

13. How to Execute a Linux Cron Jobs Every Second Using Crontab.

You cannot schedule a every-second cronjob. Because in cron the
minimum unit you can specify is minute. In a typical scenario, there is
no reason for most of us to run any job every second in the system.

14. Specify PATH Variable in the Crontab

All the above examples we specified absolute path of the Linux command or the shell-script that needs to be executed.

For example, instead of specifying /home/ramesh/tape-backup, if you
want to just specify tape-backup, then add the path /home/ramesh to the
PATH variable in the crontab as shown below.

ramesh@dev-db$ crontab -l

PATH=/bin:/sbin:/usr/bin:/usr/sbin:/home/ramesh

@yearly annual-maintenance*/10 * * * * check-disk-space

[Note: Crontab of the current logged in user with PATH variable]

15. Installing Crontab From a Cron File

Instead of directly editing the crontab file, you can also add all
the entries to a cron-file first. Once you have all thoese entries in
the file, you can upload or install them to the cron as shown below.

ramesh@dev-db$ crontab -lno crontab for ramesh

$ cat cron-file.txt@yearly /home/ramesh/annual-maintenance*/10 * * * * /home/ramesh/check-disk-space

ramesh@dev-db$ crontab cron-file.txt

ramesh@dev-db$ crontab -l@yearly /home/ramesh/annual-maintenance*/10 * * * * /home/ramesh/check-disk-space

Note: This will install the cron-file.txt to your crontab, which
will also remove your old cron entries. So, please be careful while
uploading cron entries from a cron-file.txt.