How to make a shell script executable Linux CLI

This is a quick reference guide on how to make a shell script executable on Linux Based Operating Systems.

1. chmod +x

root@FTP:~# ./shell.sh
-bash: ./shell.sh: Permission denied
root@FTP:~# chmod +x shell.sh
root@FTP:~# ./shell.sh

If you are new to the world of Linux, an avid Linux enthusiast or a student why not try our 0.99p per month Linux VPS.

Simply click on the screen shot below to find out more or navigate to https://piggybank.cloud

Thank you for reading and please feel free to leave any feedback.

How to add a user to a group Linux CLI

This is a quick reference guide on how to check your network interfaces on Linux Based Operating Systems.

1. ifconfig -a

root@FTP1:~# addgroup ftpgroup user1
addgroup: The user `ftpgroup' does not exist.
root@FTP1:~# adduser user1 ftpgroup
Adding user `user1' to group `ftpgroup' ...
Adding user user1 to group ftpgroup
Done.
root@FTP1:~# adduser user2 ftpgroup
Adding user `user2' to group `ftpgroup' ...
Adding user user2 to group ftpgroup
Done.

If you are new to the world of Linux, an avid Linux enthusiast or a student why not try our 0.99p per month Linux VPS.

Simply click on the screen shot below to find out more or navigate to https://piggybank.cloud

Thank you for reading and please feel free to leave any feedback.

How to view files and logs using the tail command Linux CLI

This is a quick reference on how to view files and logs using the tail command on Linux Based Operating Systems.

The tail command is a good way to check part of a file or the last logs recorded in a log file. It also gives you the ability to check logs as they are generated.

1. tail

Will print the last 10 lines of a file

root@VPS2:/var/log# tail syslog
Jun  6 15:26:53 VPS2 systemd[1]: Stopped Network Service.
Jun  6 15:26:53 VPS2 systemd-udevd[376]: Network interface NamePolicy= disabled on kernel command line, ignoring.
Jun  6 15:26:53 VPS2 systemd[1]: Starting Network Service...
Jun  6 15:26:53 VPS2 systemd-networkd[2958]: eth1: Gained IPv6LL
Jun  6 15:26:53 VPS2 systemd-networkd[2958]: eth0: Gained IPv6LL
Jun  6 15:26:53 VPS2 systemd-networkd[2958]: Enumeration completed
Jun  6 15:26:53 VPS2 systemd[1]: Started Network Service.
Jun  6 15:26:53 VPS2 systemd-networkd[2958]: eth1: Link is not managed by us
Jun  6 15:26:53 VPS2 systemd-networkd[2958]: lo: Link is not managed by us
Jun  6 15:26:53 VPS2 systemd-networkd[2958]: eth0: Configured
root@VPS2:/var/log#

2. tail -n

You can specify the number lines printed by using -n option.

root@VPS2:/var/log# tail -n 5 syslog
Jun  6 15:26:53 VPS2 systemd-networkd[2958]: Enumeration completed
Jun  6 15:26:53 VPS2 systemd[1]: Started Network Service.
Jun  6 15:26:53 VPS2 systemd-networkd[2958]: eth1: Link is not managed by us
Jun  6 15:26:53 VPS2 systemd-networkd[2958]: lo: Link is not managed by us
Jun  6 15:26:53 VPS2 systemd-networkd[2958]: eth0: Configured

3. tail -f

This will track the file and display any additions to the file or log file.

tail -f syslog

If you are new to the world of Linux, an avid Linux enthusiast or a student why not try our 0.99p per month Linux VPS.

Simply click on the screen shot below to find out more or navigate to https://piggybank.cloud

Thank you for reading and please feel free to leave any feedback.

How to check network interfaces Linux CLI

This is a quick reference guide on how to check your network interfaces on Linux Based Operating Systems.

1. ifconfig -a

[root@vps1 ~]# ifconfig 
ens3: flags=4163  mtu 1500
        inet 10.0.125.11  netmask 255.255.255.0  broadcast 10.0.125.255
        inet6 fe80::aff:fe00:7d0b  prefixlen 64  scopeid 0x20
        ether 02:00:0a:00:7d:0b  txqueuelen 1000  (Ethernet)
        RX packets 1186  bytes 116523 (113.7 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 925  bytes 117753 (114.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 6  bytes 416 (416.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 6  bytes 416 (416.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

2. ip link show

[root@vps1 ~]# ip link show
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens3:  mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 02:00:0a:00:7d:0b brd ff:ff:ff:ff:ff:ff

3. netstat -i

[root@vps1 ~]# netstat -i
Kernel Interface table
Iface      MTU    RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
ens3      1500     1336      0      0 0          1022      0      0      0 BMRU
lo       65536        6      0      0 0             6      0      0      0 LRU

If you are new to the world of Linux, an avid Linux enthusiast or a student why not try our 0.99p per month Linux VPS.

Simply click on the screen shot below to find out more or navigate to https://piggybank.cloud

Thank you for reading and please feel free to leave any feedback.

How to change ownership of a file Linux CLI

This is a quick reference guide on how to change ownership of a file on Linux Based Operating Systems.

1. Change ownership of a file using chown command

[root@vps1 ~]# chown root file1
[root@vps1 ~]# ls -l file1
-rw-r--r-- 1 root root 0 Jun  4 11:06 file1
[root@vps1 ~]# chown vpsuser file1
[root@vps1 ~]# ls -l file1
-rw-r--r-- 1 vpsuser root 0 Jun  4 11:06 file1

2. Check the file permission using ls -l

root@vps:~# ls -l file1
-rwxr-x--x 1 root root 0 Jun  3 08:17 file1

A dash (-) indicates that the file is a regular file.

The letter (d) indicates that the file is a directory as per below:

A letter (l) preceding indicates a special file type called a symlink. A symlink is a pointer to another location in the file system.

drwxr-xr-x 3 root root       4096 Oct 18  2018 ufw

The first three letters above refer to the permission of the user so in this case rwx, so read, write, and execute.

The next three letters is for group r-x, so read and execute, but not write as indicated by the dash.

The next three letters is for other r-x, so read and execute, but not write as indicated by the dash. (so the same as group in this example)

The number 3 in this example after the permissions indicates the number of files or sub-directories contained within this particular directory.

The first name after the number (directory and file number) in the example below is the user or file owner. “vpsuser”

The second name refers to the files group. “group1”

-rwxr-x--x 1 vpsuser group1 0 Jun  3 08:17 file1
root@vps:~#

The remainder of the file details are the size of the file, the date and time that the file was created or last modified, and the file name.

If you are new to the world of Linux, an avid Linux enthusiast or a student why not try our 0.99p per month Linux VPS.

Simply click on the screen shot below to find out more or navigate to https://piggybank.cloud

Thank you for reading and please feel free to leave any feedback.

How to debug an IPSEC VPN on a Fortigate CLI

This is a quick reference guide on how to debug an IPSEC VPN on a Fortigate.

1. Check IPSEC traffic

Run a packet sniffer to make sure that traffic is hitting the Fortigate. There are various combinations you can run depending on how many VPN’s you have configured.

diagnose sniffer packet any "port 500"
interfaces=[any]
filters=[port 500]

diagnose sniffer packet any "port 4500"
interfaces=[any]
filters=[port 4500]

diagnose sniffer packet any "port 4500 and host 92.203.x.x"
interfaces=[any]
filters=[port 4500 and host 92.203.x.x]

diagnose sniffer packet any "port 500 and host 92.203.x.x"
interfaces=[any]
filters=[port 500 and host 92.203.x.x]

diagnose sniffer packet any "host 92.203.x.x"
interfaces=[any]
filters=[host 92.203.x.x]

2. Debug the VPN using diagnose debug application ike -1

Replace <Remote_Peer_IP-Address> with the public IP address of the remote device.

diagnose debug reset
diagnose vpn ike log-filter dst-addr4 
diagnose debug application ike -1
diagnose debug enable 

Sample output

ike 0:VPN: connection expiring due to phase1 down
ike 0:VPN: deleting
ike 0:VPN: deleted
ike 0:: schedule auto-negotiate
ike 0:VPN:718429: initiator: main mode is sending 1st message...
ike 0:VPN:718429: cookie c7daf8252121d228/0000000000000000
ike 0:VPN:718429: out C7DAF8252121D22800000000000000000110020000000000000001200D00003800000001000000010000002C010100010000002401010000800B0001800C708080010007800E01008003000180020002800400050D0000144A131C81070358455C5728F20E95452F0D0000147D9419A65310CA6F2C179D9215529D560D000014CD60464335DF21F87CFDB2FC68B086381B5EC427B1F0D00001416F6CA16E4A4066D83821A0F0AEAA8620D0000144485152D18B6BBCD0BE8A8469579DDCC0D000014AFCAD71368A1F1C96B8696FC775701000D0000144048B7D56EBCE88525E7DE7F00D6C2D30D0000184048B7D500000148299031757A36082C6A621DE00000000
ike 0:VPN:718429: sent IKE msg (ident_i1send): 91.159.x.1x:500->193.x.x.x:500, len=288, id=c7daf8252121d228/0000000000000000

If you are new to the world of Linux, an avid Linux enthusiast or a student why not try our 0.99p per month Linux VPS.

Simply click on the screen shot below to find out more or navigate to https://piggybank.cloud

Thank you for reading and please feel free to leave any feedback.

How to generate a certifcate signing request (CSR) to be signed by a Certificate Authority on Linux CLI

This is a quick reference guide on how to generate a certifcate signing request (CSR) to be signed by a Certificate Authority on Linux Based Operating Systems.

1.Generate your certificate

1.1 Generate private RSA key

You can change the encryption by replacing -aes256 to say -aes128 for example. The private key is used to generate the certificate.

openssl genrsa -aes256 -out SSL.key

1.2 Generate Certificate Signing Request or CSR

You will need to ensure that the information below is accurate, especially if you are renewing a current certificate.

Common name (e.g., http://www.example.com), organization name and location (country, state/province, city/town)

root@server:~# openssl req -new -key SSL.key -out certificate.csr
Enter pass phrase for SSL.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

2. Send this to a certificate authority of your choosing.

You will need to send the file that you created (in this case certificate.csr) to a certificate authority.

The certificate authority will sign this CSR which will generate the final SSL certificate.

If you are new to the world of Linux, an avid Linux enthusiast or a student why not try our 0.99p per month Linux VPS.

Simply click on the screen shot below to find out more or navigate to https://piggybank.cloud

Thank you for reading and please feel free to leave any feedback.