Viewing incoming HTTP requests can be using for finding a high amount of requests going to a certain domain on your server.

To view all HTTP GET requests, run the following command as root:

tcpdump -s 0 -A \'tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x47455420\'

For HTTP POST requests run the following:

tcpdump -s 0 -A \'tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x504f5354\'

There's a few ways to restore a MySQL database. If you have the SQL dump file, it's relatively easy you can simply import it.

If you have a copy of the data directory (/var/lib/mysql) you can use the following technique.

In this example the data directory I want to get the database from is located at /tmp/mysql160407

mysqld_safe --skip-grant-tables --port=3307 --socket=/var/lib/mysql/mysql2.sock --pid-file=/var/run/mysqld/mysqld2.pid --datadir=/tmp/mysql160407 & mysqldump --protocol=TCP --port=3307 --all-databases > /tmp/mysql160407.sql

You will now have an SQL dump file located at /tmp/mysql160407.sql

If you have a directory with a large amount of file, you may want to delete all files before a certain date.

With the below example, we can delete all files before 2016-01-01 00:00.

touch -t 201601010000 /tmp/timestamp

find . -type f ! -newer /tmp/timestamp -delete

Format for cron jobs

mi h d m w command

Examples:

Run at ten minutes past the hour, every hour, day etc.

10 * * * * ls

Run every five minutes, on the 6th hour, every day etc.

*/5 6 * * * ls

Run on the 14th, 29th, 44th and 59th minute of every hour etc.

14,29,44,59 * * * * ls

Remove all emails in queue

postsuper -d ALL

Remove all emails relating to email address

postqueue -p | tail -n +2 | awk 'BEGIN { RS = "" } /email\[email protected]\.com/ { print $1 }' | tr -d '*!' | postsuper -d -

Append >/dev/null 2>&1 to a cron job to silence all output.

The following example sends STDOUT (1) and STDERR (2) to /dev/null, effectively silencing all output.

0          0   *  *  *    /bin/bash /opt/somescript.sh >/dev/null 2>&1

You can search and replace in vim using the :s (substitute) command.

s will substitute on the current line. For example, the following will only replace the word potatoe on the current line:

:s/potatoe/tomatoe

%s will substitute on all lines in the file. For example, the following will replace the first occurrence of potatoe on every line:

:%s/potatoe/tomatoe

Flags

• g - Global (All occurrences)
• c - Ask for confirmation
• i - Case insensitive
• I - Case sensitive

:%s/search_keyword/replace_with_this/g

Delimiters

When using the substitute command you can use other delimiters other than \'/\'. This is useful if you\'re replace something like a URL with a lot of slashes in it. E.g:

:%s_http://google.com/a/url_https://bing.com/b/url_g

To watch a file for changes, you can do this with auditctl with the following command:

auditctl -w /path/to/filename -p wa

All changes will then be shown in the audit log (/var/log/audit/audit.log)

tail -f /var/log/audit/audit.log

Once you have found what you\'re looking for, remove the watch with the following:

auditctl -W /path/to/filename -p wa