Silviu Mocanu

Working with sed (a stream editor)   At some point I had to modify the configuration of multiple nginx configuration files, replacing on all of them a specific string with another one, commenting some strings, deleting some other strings, on one of my CentOS machines.   If I would go to edit manually file by file, it would take a few hours, at least.   So, I choose to use sed and to edit all files at the same time and in order to explain, I creates 100 files containing the same string, I'm using "tee" command: johnyc20@centos:~$ echo "fastcgi_pass 127.0.0.1:9501;"  | tee site-name-{1..100}.conf   Now I have 100 files containg the "fastcgi_pass 127.0.0.1:9501;": johnyc20@centos:~$ cat site-name-* fastcgi_pass          127.0.0.1:9501;   Now I will explain: How to replace content How to comment lines How to insert lines  How to delete lines Short summary of sed options How to replace content The first thing, I am replacing t

Linux: Files membership and modes Everything in Linux is a file, even your video card is a file, and you need a way to control the user access to those files. Files ownership A file is owned, by default, by a user and a group. Beside that, there is another concept, called "other", which means everyone else. When you are creating a file, the owner of the file is your user and your default group. Let's create a file called "myfile": $ touch myfile $ ls -l myfile -rw-r-xr--    1 smocanu  smocanu         0 Jul 14 05:50 myfile In my case, the user who owns this file is "smocanu" and the group is "smocanu". You can change any of this at any point, using chown/chgrp tools. For example, to change the user that owns this file you need run, as root or with sudo: $ sudo chown nginx myfile $ ls -l myfile -rw-rw-r-- 1 nginx smocanu 0 Jul 14 05:54 myfile You can also change both user and group with the same command: $ sudo chown smocanu:

Using SSH public keys to authenticate on a Cisco IOS device The preferred way to authenticate on a network device is using a SSH key. If you don't have a SSH key already, take a look at the steps to generate a new key here . After the key is available, you have to connected to your Cisco device and install it. But, first of all, you need to make sure that SSH is enabled on your device. 1st Step - Enable SSH To enable SSH on your device, you have to define the domain name and hostname of the device. Also you need to generate the host keys and finally to enable ssh: Router> ena Router# configure terminal Enter configuration commands, one per line.  End with CNTL/Z. Router(config)# ip domain-name johnyc20.blogspot.ro Router(config)# hostname bucharest bucharest(config)# crypto key generate rsa The name for the keys will be: bucharest.johnyc20.blogspot.ro Choose the size of the key modulus in the range of 360 to 4096 for your   General Purpose Keys. Choosing a key modulu

One of the preferred method of authentication on network devices is using SSH with a SSH public key. In order to be able to authenticate yourself, you have to generate a SSH key pair. A SSH key is composed of two parts, one private key (which should remain "private" and also should be password protected ) and one public key which should be installed on the SSH server in order to authenticate you. SSH client on Linux: In order to generate a SSH key pair on Linux, you will need to use "ssh-keygen" tool, which is a part of the "openssh-client" package on Debian-like operating systems: smocanu@debian7:~$ dpkg -S $(which ssh-keygen) openssh-client: /usr/bin/ssh-keygen or a part of "openssh" package on RedHat-like operating systems: smocanu@centos6 ~$ rpm -qf $(which ssh-keygen) openssh-5.3p1-94.el6.x86_64 The generating process is quite simple, just run the "ssh-keygen" command, and it will ask you the location of the new key

One of the most important things for an administrator is to keep track of the changes. The preferred  way to do that is to use a configuration management system , like ' cfengine ', ' puppet ', ' chef ', ' ansible ' or you named it. Even so, you should still be able to see what exactly was changed on you system and when. I'm using ' etckeeper '  to do that and I'm thinking that it is very useful. The most important Unix distributions are including this software and you can install it by using your favorite package manager. On CentOS6, you can run: [root@centos6 ~]# yum install etckeeper After installing, at least on CentOS, you have to initialize the repository, by running: [root@centos6 ~]# etckeeper init Initialized empty Git repository in /etc/.git/ The last thing is to commit these changes, that means that you will add the entire /etc directory to the repository: [root@centos6 ~]# etckeeper commit -m "initial com

If you have to enable secure connections to your service(s), you will need to buy a certificate or generate a self signed certificate for it. If you have to buy one, you have to generate a private certificate and a certificate request. If you will use a self signed certificate, you will need to generate a private, a request and a public certificate. You can do that by using the ' openssl ' tool. First at all, you have to generate a password, I'm usually using ' apg ': smocanu@debian7:~$ apg -n1 -m8 -x8 -t tiWiejTo (ti-Wiej-To) After that we are ready to generate the private certificate, this one should be kept safely, no one else should have it. I'm generating a 512bits RSA certificate: smocanu@debian7:~$ openssl genrsa -des3 -out ss.example.com.key 512 Generating RSA private key, 512 bit long modulus ........................++++++++++++ ...................++++++++++++ e is 65537 (0x10001) Enter pass phrase for ss.example.com.key: Verifying - Ent