Viewing incoming HTTP requests can be using for finding a high amount of requests going to a certain domain on your server.
To view all HTTP GET requests, run the following command as root:
tcpdump -s 0 -A \'tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x47455420\'
For HTTP POST requests run the following:
tcpdump -s 0 -A \'tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x504f5354\'
There's a few ways to restore a MySQL database. If you have the SQL dump file, it's relatively easy you can simply import it.
If you have a copy of the data directory (/var/lib/mysql) you can use the following technique.
In this example the data directory I want to get the database from is located at /tmp/mysql160407
mysqld_safe --skip-grant-tables --port=3307 --socket=/var/lib/mysql/mysql2.sock --pid-file=/var/run/mysqld/mysqld2.pid --datadir=/tmp/mysql160407 & mysqldump --protocol=TCP --port=3307 --all-databases > /tmp/mysql160407.sql
You will now have an SQL dump file located at /tmp/mysql160407.sql
If you have a directory with a large amount of file, you may want to delete all files before a certain date.
With the below example, we can delete all files before 2016-01-01 00:00.
touch -t 201601010000 /tmp/timestamp
find . -type f ! -newer /tmp/timestamp -delete
Format for cron jobs
mi h d m w command
Examples:
Run at ten minutes past the hour, every hour, day etc.
10 * * * * ls
Run every five minutes, on the 6th hour, every day etc.
*/5 6 * * * ls
Run on the 14th, 29th, 44th and 59th minute of every hour etc.
14,29,44,59 * * * * ls
Remove all emails in queue
postsuper -d ALL
Remove all emails relating to email address
postqueue -p | tail -n +2 | awk 'BEGIN { RS = "" } /email\[email protected]\.com/ { print $1 }' | tr -d '*!' | postsuper -d -
Append >/dev/null 2>&1
to a cron job to silence all output.
The following example sends STDOUT (1) and STDERR (2) to /dev/null, effectively silencing all output.
0 0 * * * /bin/bash /opt/somescript.sh >/dev/null 2>&1
You can search and replace in vim using the :s (substitute) command.
:s/potatoe/tomatoe
:%s/potatoe/tomatoe
:%s/search_keyword/replace_with_this/g
When using the substitute command you can use other delimiters other than \'/\'. This is useful if you\'re replace something like a URL with a lot of slashes in it. E.g:
:%s_http://google.com/a/url_https://bing.com/b/url_g
To watch a file for changes, you can do this with auditctl with the following command:
auditctl -w /path/to/filename -p wa
All changes will then be shown in the audit log (/var/log/audit/audit.log)
tail -f /var/log/audit/audit.log
Once you have found what you\'re looking for, remove the watch with the following:
auditctl -W /path/to/filename -p wa