In the servers world, software packages came in a variety of formats and could be installed in different ways. This cheat-sheet collects day by day operations with software performed by typical System Administrator on servers what runs Linux and BSD.
Install
RPM based
rpm -ivh package-name.rpm yum install package-name
DEB based
dpkg -i package-name.deb apt-get install package-name aptitude install package-name
Other (Gentoo)
emerge -av ebuild
Other (FreeBSD)
cd /usr/ports/package-name && make install clean pkg_add -r package-name
Remove
RPM based
rpm -e package-name.rpm yum remove package-name
DEB based
dpkg -r package-name.deb apt-get remove package-name aptitude remove package-name
Other (Gentoo)
emerge -Cav ebuild
Other (FreeBSD)
pkg_delete package-name-version
Update a package
RPM based
rpm -Uvh package-name
DEB based
apt-get install package-name
Other (Gentoo)
emerge -uDv package-name
Other (FreeBSD)
portmanager package-name -l -u -f
Search for a package
RPM based
yum search keyword dpkg -C
DEB based
apt-cache search keyword
Other (Gentoo)
emerge -s keyword emerge -S keyword
Other (FreeBSD)
whereis package-name cd /usr/ports; make search name=package-name find /usr/ports -name package-name pkg_info -W package-name
List contents of package
RPM based
rpm -qvl package-name.rpm
DEB based
dpkg -c package-name.deb
Other (Gentoo)
qlist package-name.deb
Other (FreeBSD)
pkg_info -L package_name
List all installed packages
RPM based
rpm -qvia yum list available
DEB based
dpkg -l
Other (Gentoo)
qpkg -I
Other (FreeBSD)
pkg_info pkg_info -a
Print information about a package
RPM based
rpm -qpi package-name.rpm
DEB based
dpkg -I package-name.deb dpkg -p package-name
Other (Gentoo)
emerge -pv ebuild
Other (FreeBSD)
pkg_info | grep package-name
Integrity check
RPM based
rpm -Va rpm -Vp package-name.rpm
DEB based
debsums -a
Other (Gentoo)
qcheck package_name
Determine to which package a file belongs
RPM based
rpm -qf /path/to/file
DEB based
dpkg -S /path/to/file
Other (Gentoo)
qpkg -f /path/to/file qfile /path/to/file
Other (FreeBSD)
pkg_info -W /path/to/file
Update packages tree
RPM based
yum check-update
DEB based
apt-get update aptitude update
Other (Gentoo)
emerge --sync
Other (FreeBSD)
cvsup ports-supfile portsnap fetch extract
Update all installed packages and userland
RPM based
yum update
DEB based
apt-get update && apt-get upgrade
Other (Gentoo)
emerge -eav world
Other (FreeBSD)
portmaster -ai portmanager -u portupgrade -a freebsd-update upgrade
List outdated packages
RPM based
yum list updates
DEB based
apt-get upgrade --just-print apt-get upgrade -u apt-show-versions -u
Other (Gentoo)
emerge -eapv world
Other (FreeBSD)
pkg_version -vIL=
Show package dependencies
RPM based
rpm -qpR package-name.rpm yum deplist package-name
DEB based
apt-cache depends package-name apt-rdepends -d package-name
Other (Gentoo)
emerge -tp ebuild equery depends ebuild
Other (FreeBSD)
pkg_info -L package_name
CSF was designed for Linux servers by Way to the Web Limited and is very powerful SPI (Stateful Packet Inspection) iptables firewall script with a Login/Intrusion Detection and Security capabilities like blocking traffic from well known spammers network using the DShield Block List and the Spamhaus DROP List. Below is a small cut of it's features:
- Excessive connection blocking
- Excessive user processes reporting
- SYN Flood protection
- Port Scan tracking and blocking
To help with the ease and flexibility of the suite, CSF has a front-end which could be easily integrated with control panels like cPanel, DirectAdmin and Webmin. This makes configuring and managing the firewall very simple task.
This post describes how to harden your server with CSF: installation, configuration and control panel integration.
The installation process is simple: just download the latest version of CSF from download page, untar it and launch the installation script:
cd /root/work wget http://www.configserver.com/free/csf.tgz tar -xzf csf.tgz sh csf/install.sh rm -Rf /root/work/csf*
When installation is completed, test whether you have the required iptables modules:
perl /etc/csf/csftest.pl
If everything works, you should get output like this:
Testing ip_tables/iptable_filter...OK Testing ipt_LOG...OK Testing ipt_multiport/xt_multiport...OK Testing ipt_REJECT...OK Testing ipt_state/xt_state...OK Testing ipt_limit/xt_limit...OK Testing ipt_recent...OK Testing ipt_owner...OK Testing iptable_nat/ipt_REDIRECT...OK RESULT: csf should function on this server
Next, backup the original config file /etc/csf/csf.conf, open it and make the following changes:
AUTO_UPDATES = "1" LF_DSHIELD = "86400" LF_SPAMHAUS = "86400" LF_BOGON = "86400"
The basic configuration could be done by modifying in config directives ETH_DEVICE, TCP_IN, TCP_OUT, UDP_IN and UDP_OUT.
Note: In case of bad config, CSF will flush iptables after 5 minutes, because testing mode is enabled by default.
Start CSF and check open TCP and UDP ports with nmap:
/etc/init.d/csf start nmap -sSU -F ip.address
If check shows that everything is OK, testing mode could be disabled. Edit config file /etc/csf/csf.conf and set:
TESTING = "0"
Now the firewall is fully configured and tested. Restart it:
/etc/init.d/csf restart
The Webmin integration is quite straightforward:
To perform server security test, navigate to System > ConfigServer Security & Firewall > Check Server Security
CSF was designed for Linux servers by Way to the Web Limited and is very powerful SPI (Stateful Packet Inspection) iptables firewall script with a Login/Intrusion Detection and Security capabilities like blocking traffic from well known spammers network using the DShield Block List and the Spamhaus DROP List. Below is a small cut of it's features: Excessive connection blocking Excessive user processes reporting SYN Flood protection Port Scan tracking and blocking To help with the ease and flexibility of the suite, CSF has a front-end which could be easily integrated with control panels like cPanel, DirectAdmin and Webmin. This makes configuring and managing the firewall very simple task. This post describes how to harden your server with CSF: installation, configuration and control panel integration. The installation process is simple: just download the latest version of CSF from download page, untar it and launch the installation script: cd /root/work wget http://www.configserver.com/free/csf.tgz tar -xzf csf.tgz sh csf/install.sh rm -Rf /root/work/csf* When installation is completed, test whether you have the required iptables modules: perl /etc/csf/csftest.pl If everything works, you should get output like this: Testing ip_tables/iptable_filter...OK Testing ipt_LOG...OK Testing ipt_multiport/xt_multiport...OK Testing ipt_REJECT...OK Testing ipt_state/xt_state...OK Testing ipt_limit/xt_limit...OK Testing ipt_recent...OK Testing ipt_owner...OK Testing iptable_nat/ipt_REDIRECT...OK RESULT: csf should function on this server Next, backup the original config file /etc/csf/csf.conf, open it and make the following changes: AUTO_UPDATES = "1" LF_DSHIELD = "86400" LF_SPAMHAUS = "86400" LF_BOGON = "86400" The basic configuration could be done by modifying in config directives ETH_DEVICE, TCP_IN, TCP_OUT, UDP_IN and UDP_OUT. Note: In case of bad config, CSF will flush iptables after 5 minutes, because testing mode is enabled by default. Start CSF and check open TCP and UDP ports with nmap: /etc/init.d/csf start nmap -sSU -F ip.address If check shows that everything is OK, testing mode could be disabled. Edit config file /etc/csf/csf.conf and set: TESTING = "0" Now the firewall is fully configured and tested. Restart it: /etc/init.d/csf restart The Webmin integration is quite straightforward: Login to Webmin Navigate to Webmin > Webmin Configuration > Webmin Modules to add a module from local file Check From local file. Module is located at /etc/csf/csfwebmin.tgz To perform server security test, navigate to System > ConfigServer Security & Firewall > Check Server Security