Some useful SSH commands.Directory
// Kill SSH session.
[user@server ~]# last | grep "logged in"
[user@server ~]# ps -aux | grep ssh | grep pts/1
[user@server ~]# kill -9 
// Count file lines from a specific folder
find web/themes/custom -name '*.js' | xargs wc -l
// Trace a specific IP and check if it is going to the right route or going to local Docker IP
tracepath -b
// See all routes
// Check all defined routes
sudo ip route
// Try a specific domain in a specific route interface
curl --interface enp4s0
curl --interface tun0
// Route everything to a specific interface
sudo ip route add default dev enp4s0
// List all routes
route -n
curl --request OPTIONS "" --insecure -v
// Getting your current Linux flavor details.
lsb_release -a
// Listing all net connections to investigate sockets
ss -r
// Showing all ports
cat /etc/services
// Review logs
// List all boots:
journalctl -b

// Get boot logs:
journalctl --since "1 hour ago" -b38d1ff38cc2e4e54ae1d90866372cb15
journalctl --since "3 days ago" -b38d1ff38cc2e4e54ae1d90866372cb15
// check all ports when ping is blocked (-Pn to skip ping checks and scan the ports, will take longer time)
nmap -p- -Pn IP_HERE
// find alive hosts in CIDR range
nmap -sn
// scan a list of hosts from a file
nmap -iL ./hosts.txt
// TCP SYN is a default scan (-sS) .... UDP (-sU)
// Specify the range of ports (-p) or use (-p-) for all ports not only the popular
nmap -p1-3005 IP_HERE
nmap -p22,80,443 IP_HERE
// Watching system logs
tail -f /var/log/syslog
// Analyse Apache access logs
awk '{print $4}' /var/log/apache2/access.log | cut -d: -f1 | uniq -c
// You may want to divide the total to the page requests to get a real pageviews count

// Count all IPs from access_log
awk '{ print $1 } ' /var/log/apache2/access.log |  sort | uniq | wc -l
head -n2 /var/log/apache2/access.log
// Check access logs for weird access
cat /var/log/apache2/access.log | grep '26/Jul/2022:00' | grep -v 'AppleWebKit'
cat /var/log/apache2/access.log | grep -v 'AppleWebKit' | grep Bot | grep -v SemrushBot | grep -v 403
cat /var/log/apache2/access.log | grep -v 'AppleWebKit' | grep bot | grep -v SemrushBot | grep -v DuckDuckBot | grep -v SeekportBot | grep -v 403
cat /var/log/apache2/access.log | grep ' 500 '
cat /var/log/apache2/access.log | grep '/cancel'
// check all network traffic and ports
lsof -i
lsof -i :{port}
lsof -p {process_id}
// watching network 
lsof -r 2 -i -a | grep -v 'chrome\|slack\|termius-a\|lando\|copilot-a\|postman\|DeskTime\|firefox\|notion-sn'
lsof -r 2 -i -a | grep -v 'chrome\|slack\|termius-a\|lando\|copilot-a\|postman\|DeskTime\|firefox\|notion-sn' | less --chop-long-lines +F
// Apache deny access by user agent in .htaccess

  RewriteEngine On
  RewriteCond %{HTTP_USER_AGENT} (bingbot|SemrushBot|Amazonbot|Facebot|Twitterbot|PetalBot|Googlebot|HeadlessChrome) [NC]
  RewriteRule (.*) - [F,L]

# Block critical pages

  RewriteEngine On
  RewriteCond %{HTTP_USER_AGENT} (bingbot|SemrushBot|Amazonbot|Facebot|Twitterbot|PetalBot|Googlebot|HeadlessChrome|YandexBot|AhrefsBot|DotBot|TelegramBot|DuckDuckBot|SeekportBot|mj12bot|org_bot) [NC]
  RewriteCond %{THE_REQUEST} ^(.*)\/node\s(.*)$ [OR] # /node
  RewriteCond %{THE_REQUEST} ^(.*)\/node\/(.*)$ [OR] # /node/*
  RewriteCond %{THE_REQUEST} ^(.*)\/sites(.*)$ [OR] # /sites*
  RewriteCond %{THE_REQUEST} ^(.*)\/user\/(.*)$
  RewriteRule .* - [F,L]

"TelegramBot (like TwitterBot)" ( ( 
"Mozilla/5.0 (compatible; SemrushBot/7~bl; +" ( ( ( ( ( ( ( ( ( ( ( ( ( ( 
"Mozilla/5.0 (compatible; YandexBot/3.0; +" ( ( 
"Mozilla/5.0 (compatible; AhrefsBot/7.0; +"  = ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( (
"Mozilla/5.0 (compatible; DuckDuckGo-Favicons-Bot/1.0; +" (
"'DuckDuckBot-Https/1.1; (+'" ( 
"Mozilla/5.0 (compatible; DotBot/1.2; +; [email protected])" (  ( 
"Mozilla/5.0 (compatible; YandexBot/3.0; +" = ( ( 
"Mozilla/5.0 (compatible; SeekportBot; +"  = (
"Mozilla/5.0 (Linux; Android 7.0;) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; PetalBot;+" ( ( ( ( ( ( 
"Mozilla/5.0 (compatible; Googlebot/2.1; +" ( ( ( ( (
"Googlebot-Image/1.0" ( ( ( (GET /favicon)

"Mozilla/5.0 (compatible; MJ12bot/v1.4.8;" ( (Majestic bot)
"Snap URL Preview Service; bot; snapchat;" HTTP/1.1 ( ( ( 
"Mozilla/5.0+(compatible; UptimeRobot/2.0;" (
"Twitterbot/1.0" (
"Mozilla/5.0 (compatible; archive.org_bot/3.3.0 +" (
"Mozilla/5.0 (compatible; Let's Encrypt validation server; +" ( ( ( ( ( GET /.well-known/acme-challenge/AAAAAAA
"Chrome Privacy Preserving Prefetch Proxy" ( GET /.well-known/traffic-advice

"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_1) AppleWebKit/601.2.4 (KHTML, like Gecko) Version/9.0.1 Safari/601.2.4 facebookexternalhit/1.1 Facebot Twitterbot/1.0"

USER_IP "WhatsApp/ A"
USER_IP "WhatsApp/ i"
// drush globally
ln -s /var/www/html/vendor/bin/drush /usr/bin/drush
// Log analysis
- count all access_log hits
- check 500 error details cat /var/log/apache2/access.log | grep '" 500 '
- check 403 error details cat /var/log/apache2/access.log | grep '" 500 '
- check bot hits cat /var/log/apache2/access.log | grep 'bot\|Bot'
- latest errors cat /var/log/apache2/error.log | grep grep 'error\|Error'
// Debugging SMTP connection
openssl s_client -connect
openssl s_client -connect | openssl x509 -text
// docker container connect ssh
// OCI runtime exec failed: exec failed: unable to start container process: exec: "/bin/bash": stat /bin/bash: no such file or directory: unknown
// The machine might not have bash installed
docker exec -ti cc55da85b915 /bin/sh
// List all iptables rules
sudo iptables --list INPUT
// Search for long text in files, trying to detect hashes, tokens, secrets .. grep long text
grep -rEiwo '[a-z0-9]{32,100}' ./*
grep -rEwo '[a-z0-9]{32,100}' ./*
// Create new SSH user
adduser --disabled-password --gecos "" NAME
mkdir /home/NAME/.ssh
echo "KEY_HERE" > /home/NAME/.ssh/authorized_keys
usermod -aG sudo NAME
sudo sh -c 'echo "NAME ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers'
// Show big database tables in GB for mysql
SELECT table_name AS `Table`, round(((data_length + index_length) / 1024 / 1024 / 1024), 2) `size_in_gb` FROM information_schema.TABLES WHERE table_schema = 'drupal' ORDER BY size_in_gb DESC LIMIT 10;
// Delete files that contains a specific word.
find ./config/sync -name "*.moderation_state.yml" | xargs rm
// Extract matched string between two words and print each matched string in a new line. and add string before and after 
grep -oP '(?s)(?<=btn).*?(?=outline)' file.txt | awk '{print "AA "$0"VV"}'
// Keep only lines with a specific string
sed '/msgid\|blah/!d' targeted.po >> new.po

// Delete a specific line that contains a string
sed -i '/STRING_HERE/d' config/sync/core.extension.yml
// SCP. copy from local machine to remote server using ssh
scp [email protected]:/home/user
// Check folder sizes of current folder
du -h -d1
// Getting first line of file
echo $(head -n1 .lando.yml) > .lando.local.yml
// Add string at the end of a specific line on a file
echo $(sed -e '1s/$/__update/' .lando.local.yml) > .lando.local.yml
// Flush DNS
sudo resolvectl flush-caches
// sudo systemd-resolve --flush-caches


// tool for enabling and disabling wireless devices
rfkill list
sudo rfkill unblock Bluetooth

# Make sure your Bluetooth device has enough battery. or plug it at least into the charger.

# bluetooth monitor
sudo btmon

# if PopOS can not turn on Bluetooth switch
sudo rmmod btusb
sudo modprobe btusb
// Review cron status
systemctl status cronie
systemctl enable --now cronie.service
// Check if line exists or add it
* * * * * /usr/bin/cat ~/Desktop/2.txt | /usr/bin/grep he3llo ; [ $? -eq 0 ] && /usr/bin/echo "yes" || /usr/bin/echo 'he3llo' >> ~/Desktop/2.txt
// List all hosts
getent hosts
// Metabase mysql connection error
// No matching clause: Could not connect to address=(host=x.x.x.x)(port=3306)(type=master) : Access denied for user 'USER'@'x.x.x.x' (using password: YES) Current charset is UTF-8. If password has been set using other charset, consider using option 'passwordCharacterEncoding'
mysql --default-character-set=utf8
// and then create the user
// Apache install multiple php versions
add-apt-repository -y ppa:ondrej/php
apt install software-properties-common
apt install php8.1 libapache2-mod-php8.1
a2enmod proxy_fcgi setenvif
apt install php8.1-fpm libapache2-mod-fcgid
a2enconf php8.1-fpm
systemctl restart apache2
systemctl status php8.1-fpm

// Add this inside VirtualHost tag in the apache .conf file of the targeted site

    # Enable http authorization headers
        SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1

        SetHandler "proxy:unix:/run/php/php8.2-fpm.sock|fcgi://php82.localhost"
   # Deny access to files without filename (e.g. '.php')
        Require all denied

// To check maximum RAM your motherboard can support
sudo apt install dmidecode
sudo dmidecode -t 16
// Show CPU info
cat /proc/cpuinfo
// Docker composer
docker-compose -p lab-mailhog up -d
// Enable Bluetooth automatically on login
sudo nano /etc/bluetooth/main.conf
// Scroll down to the bottom, where you will see this: #AutoEnable=false and enable it and change it to true
// Lando error running Traefik proxy, custom proxy domains not working issue (Network error when visiting a proxy domain)
--2022-09-20 11:28:46--
Resolving (, 2a04:4e42:54::645
Connecting to (||:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 857646 (838K) [application/octet-stream]
Saving to: ‘APKINDEX.tar.gz’
APKINDEX.tar.gz                                    0%[                                                                                                        ]       0  --.-KB/s    in 0s      
2022-09-20 11:28:47 (0.00 B/s) - Read error at byte 0/857646 (Connection reset by peer). Retrying.
The solution is to making sure the network is allowing these URLs:
// zsh p10k config
nano ~/.p10k.zsh

## Add these into the end of this file
## Options section
setopt correct                                                  # Auto correct mistakes
setopt extendedglob                                             # Extended globbing. Allows using regular expressions with *
setopt nocaseglob                                               # Case insensitive globbing
setopt rcexpandparam                                            # Array expension with parameters
setopt nocheckjobs                                              # Don't warn about running processes when exiting
setopt numericglobsort                                          # Sort filenames numerically when it makes sense
setopt nobeep                                                   # No beep
setopt appendhistory                                            # Immediately append history instead of overwriting
setopt histignorealldups                                        # If a new command is a duplicate, remove the older one
setopt autocd                                                   # if only directory path is entered, cd there.
setopt inc_append_history                                       # save commands are added to the history immediately, otherwise only when shell exits.
setopt histignorespace                                          # Don't save commands that start with space

// history is showing only a few lines .. last 20 lines
// to show all history lines:
history 1
history -50

alias history='history -50'
// zsh history is reset
// Remove text after the space on every line in the file.
cut -f1 -d' ' list.txt > list.txt
// Error
// mod_fcgid: HTTP request length 138570 (so far) exceeds MaxRequestLen
nano /home/project/conf/web/DOMAIN.httpd.ssl.conf
// Add this block

FcgidMaxRequestLen 2000000

// Before 
// then
service httpd reload
// Extract git changes in one line
git status -s

// Getting remote URL
git config --get remote.origin.url

// Showing git directory
echo $(git rev-parse --show-toplevel)
// ERROR 1273 (HY000) at line 25: Unknown collation: 'utf8mb4_0900_ai_ci'
sed -i 's/utf8mb4_0900_ai_ci/utf8mb4_general_ci/g' DB.sql
// Comment out all lines after a specific text `win` word from README file
awk '/^win/{f=1}f{$0 = "#" $0}{print}'

// Add string before a specific text (add `GG` as a new line before `ff` line)
awk '/ff/{print "GG"}1'

// Add PHP 8.2 template for VestaCP
awk '/\/VirtualHost/{print "\n\n    \n        SetEnvIfNoCase ^Authorization$ \"(.+)\" HTTP_AUTHORIZATION=$1\n    \n\n    \n        SetHandler \"proxy:unix:/run/php/php8.2-fpm.sock|fcgi://php82.localhost\"\n    \n    \n        Require all denied\n    \n\n"}1' /usr/local/vesta/data/templates/web/apache2/default.stpl >> /usr/local/vesta/data/templates/web/apache2/php82.stpl
awk '/\/VirtualHost/{print "\n\n    \n        SetEnvIfNoCase ^Authorization$ \"(.+)\" HTTP_AUTHORIZATION=$1\n    \n\n    \n        SetHandler \"proxy:unix:/run/php/php8.2-fpm.sock|fcgi://php82.localhost\"\n    \n    \n        Require all denied\n    \n\n"}1' /usr/local/vesta/data/templates/web/apache2/default.tpl >> /usr/local/vesta/data/templates/web/apache2/php82.tpl
// replace the whole line if has word command line
// use sed with pipe
awk '/ff/{print "GG"}1' | sed '/aa/c\AA'

README file content is:
aa this word
// install nodejs
curl -sL | sudo -E bash -
// Trust a self signed certificate
1. Copy your .crt file to dir /usr/local/share/ca-certificates/
1. Update the CA store: `sudo update-ca-certificates`
// Apache Block IP from htaccess or vhost file
<Directory /var/www/html/>
// Export query results into CSV file
INTO OUTFILE '/var/lib/mysql-files/data.csv'
// Gitlab runner CI CD error
// Reinitialized existing Git repository in ...
// remote: You are not allowed to download code from this project
// fatal: unable to access .....git The requested URL returned error: 403
changing the repo to internal and setting project privacy settings to only project members

Executing "step_script" stage of the job script
..... command not found
make sure this shell script is executable chmod +x
// Lando error when start
ERROR: could not find an available, non-overlapping IPv4 address pool among the defaults to assign to the network

// SOLUTION: remove all networks not used by at least one container
docker network prune
// Display all existing connections
netstat- a  

// TCP connections
netstat -at  

// UDP connections
netstat -au

// only Listening Connections
netstat -tnl

-p to show pid/program name
// Using LDAP credentials for WPA2 WiFi networks
Security: WPA & WPA2, Enterprise
Authentication : Tunneled TLS
Anonymous identity: ...... keep it empty
Domain: ...... keep it empty
CHECKED: No CA certificate is required
Inner authentication: MSCHAPv2 (no EAP)
// Apache rules to block specific internal path and allow specific ips
// This rule might not work if you put it at the end of file. make sure it is on the first lines of htaccess file

    RewriteEngine On
    #RewriteCond %{REMOTE_ADDR} !=
    # allow ip range
    RewriteCond %{REMOTE_ADDR} !^10\.10\..*$
    # allow specific ip using X-FORWARDED-FOR
    #RewriteCond %{HTTP:X-FORWARDED-FOR} !^10\.10\.10\.10$
    RewriteRule ^telescope - [F,L]

// List open ports
ss -l -p -n

// Allow port
sudo ufw allow in 32771/tcp
// Remove any line that contains a specific string or text
grep -rl 'rabbit' config/sync/* | xargs sed -i '/rabbit/d'

فضلاً إذا أعجبتك هذه الصفحة لاتنسى أن تقوم بمشاركتها